From 5796d2f5b7310fa8841f76bbc7bbcf2385d960c3 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 2 Jun 2000 17:30:33 +0000 Subject: [PATCH 001/923] =?UTF-8?q?Alphabetized=20the=20list,=20added=20Lu?= =?UTF-8?q?bom=EF=BF=BDr=20Bulej,=20removed=20Sander=20Smeenk=20and=20Tijs?= =?UTF-8?q?=20van=20Bakel,=20put=20merits=20after=20all=20names.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- THANKS | 16 +++++------ configure.in | 81 ---------------------------------------------------- 2 files changed, 7 insertions(+), 90 deletions(-) delete mode 100644 configure.in diff --git a/THANKS b/THANKS index 63d9221d..2084100f 100644 --- a/THANKS +++ b/THANKS @@ -2,19 +2,17 @@ I would like to thank * Hans Bayle (for making some useful coding suggestions and fixing a bug or two) + * Lubomír Bulej (for the Redhat system init script) + * Wessel Dankers (for the name `tinc' and various suggestions) * Mads Kiilerich (for finding some bugs and some errors in the documentation, and for making several suggestions to make it all - more userfriendly) - * James B. MacLean (for fixing several mission critical bugs, and for + more userfriendly, and the Redhat package) + * James MacLean (for fixing several mission critical bugs, and for giving me a few good ideas, and, most of all, for the wonderful testing and debugging) - * Cris van Pelt - * Robert van der Meulen - * Sander Smeenk - * Tijs van Bakel - * Wessel Dankers (for the name `tinc' and being a royal pain in the - ass (je hebt erom gevraagd)) + * Robert van der Meulen (early configuration code) + * Cris van Pelt (small fixes) -for their help, support and ideas. Thank you guys! +for their help, support and ideas. Thank you guys! And especially Guus Sliepen, for starting this whole project... diff --git a/configure.in b/configure.in deleted file mode 100644 index ea288242..00000000 --- a/configure.in +++ /dev/null @@ -1,81 +0,0 @@ -dnl Process this file with autoconf to produce a configure script. - -dnl $Id: configure.in,v 1.12 2000/05/29 21:40:20 zarq Exp $ - -AC_INIT(src/tincd.c) -AM_INIT_AUTOMAKE(tinc, 1.0pre2) -AM_CONFIG_HEADER(config.h) - -dnl Include the macros from the m4/ directory -AM_ACLOCAL_INCLUDE(m4) - -# Enable GNU extensions. -# Define this here, not in acconfig's @TOP@ section, since definitions -# in the latter don't make it into the configure-time tests. -AC_DEFINE([_GNU_SOURCE], [__USE_BSD]) - -ALL_LINGUAS="nl" - -dnl Checks for programs. -AC_PROG_CC -AC_PROG_CPP -AC_PROG_GCC_TRADITIONAL -AC_PROG_AWK -AC_PROG_INSTALL -AC_PROG_LN_S -AC_PROG_MAKE_SET -jm_PERL -AM_PROG_LIBTOOL - -AC_ISC_POSIX - -dnl Checks for libraries. - -dnl Checks for header files. -AC_HEADER_STDC -AC_CHECK_HEADERS(fcntl.h limits.h sys/ioctl.h syslog.h unistd.h gmp.h gmp2/gmp.h \ -sys/time.h) - -dnl Checks for typedefs, structures, and compiler characteristics. -AC_C_CONST -AC_TYPE_PID_T -AC_TYPE_SIZE_T -AC_HEADER_TIME -AC_STRUCT_TM - -dnl Checks for library functions. -AC_FUNC_MEMCMP -AC_FUNC_ALLOCA -AC_TYPE_SIGNAL -AC_CHECK_FUNCS(ftime socket select strtol strerror) -jm_FUNC_MALLOC -jm_FUNC_REALLOC - -AM_GNU_GETTEXT - -# Check for the GNU Multi Precision Library -libgmp=none -AC_CHECK_LIB(gmp2, mpz_powm, [ - libgmp=gmp2 -]) -AC_CHECK_LIB(gmp3, mpz_powm, [ - libgmp=gmp3 -]) -AC_CHECK_LIB(gmp, mpz_powm, [ - libgmp=gmp -]) - -if test $libgmp = none; then - AC_MSG_ERROR(libgmp is not installed. Please grab it from your - nearest GNU mirror and install it (see README)) -else - LIBS="$LIBS -l$libgmp" -fi - -AC_CHECK_LIB(dl, dlopen, [ - LIBS="$LIBS -ldl" -]) - -AC_OUTPUT([Makefile src/Makefile cipher/Makefile -cipher/blowfish/Makefile doc/Makefile intl/Makefile lib/Makefile -m4/Makefile po/Makefile.in redhat/Makefile debian/Makefile]) From 377c4df245ceb8c19cabfe6d7a7c76841c07ba52 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 3 Jun 2000 23:32:03 +0000 Subject: [PATCH 002/923] Don't touch VPNMASK if it's defined, otherwise use $MSK. --- debian/init.d | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/debian/init.d b/debian/init.d index 9067c546..d61becb1 100644 --- a/debian/init.d +++ b/debian/init.d @@ -1,7 +1,7 @@ #! /usr/bin/perl -w # # System startup script for tinc -# $Id: init.d,v 1.14 2000/06/01 20:21:27 guus Exp $ +# $Id: init.d,v 1.14.2.1 2000/06/03 23:32:03 zarq Exp $ # # Based on Lubomir Bulej's Redhat init script. # @@ -108,10 +108,8 @@ sub vpn_load { if(!defined($VPNMASK)) { $VPNMASK = $MSK; + $VPNMASK = join(".", unpack('C4', $VPNMASK)); } - - $VPNMASK = pack('C4', split(/\./, $VPNMASK)); - $VPNMASK = join(".", unpack('C4', $VPNMASK)); $ADR = join(".", unpack('C4', $ADR)); $MSK = join(".", unpack('C4', $MSK)); From 66e98068051bc52fa064650710260f89c09f8cfd Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 4 Jun 2000 12:14:31 +0000 Subject: [PATCH 003/923] These files are created by gettextize (run by autogen.sh) (should have known that). --- intl/ChangeLog | 1086 -------------------------------------------- intl/Makefile.in | 214 --------- intl/VERSION | 1 - intl/bindtextdom.c | 203 --------- intl/cat-compat.c | 262 ----------- intl/dcgettext.c | 655 -------------------------- intl/dgettext.c | 59 --- intl/explodename.c | 197 -------- intl/finddomain.c | 216 --------- intl/gettext.c | 70 --- intl/gettext.h | 105 ----- intl/gettextP.h | 89 ---- intl/hash-string.h | 59 --- intl/intl-compat.c | 76 ---- intl/l10nflist.c | 411 ----------------- intl/libgettext.h | 182 -------- intl/linux-msg.sed | 100 ---- intl/loadinfo.h | 78 ---- intl/loadmsgcat.c | 220 --------- intl/localealias.c | 438 ------------------ intl/po2tbl.sed.in | 102 ----- intl/textdomain.c | 108 ----- intl/xopen-msg.sed | 104 ----- po/Makefile.in.in | 248 ---------- 24 files changed, 5283 deletions(-) delete mode 100644 intl/ChangeLog delete mode 100644 intl/Makefile.in delete mode 100644 intl/VERSION delete mode 100644 intl/bindtextdom.c delete mode 100644 intl/cat-compat.c delete mode 100644 intl/dcgettext.c delete mode 100644 intl/dgettext.c delete mode 100644 intl/explodename.c delete mode 100644 intl/finddomain.c delete mode 100644 intl/gettext.c delete mode 100644 intl/gettext.h delete mode 100644 intl/gettextP.h delete mode 100644 intl/hash-string.h delete mode 100644 intl/intl-compat.c delete mode 100644 intl/l10nflist.c delete mode 100644 intl/libgettext.h delete mode 100644 intl/linux-msg.sed delete mode 100644 intl/loadinfo.h delete mode 100644 intl/loadmsgcat.c delete mode 100644 intl/localealias.c delete mode 100644 intl/po2tbl.sed.in delete mode 100644 intl/textdomain.c delete mode 100644 intl/xopen-msg.sed delete mode 100644 po/Makefile.in.in diff --git a/intl/ChangeLog b/intl/ChangeLog deleted file mode 100644 index 19895015..00000000 --- a/intl/ChangeLog +++ /dev/null @@ -1,1086 +0,0 @@ -1998-04-29 Ulrich Drepper - - * intl/localealias.c (read_alias_file): Use unsigned char for - local variables. Remove unused variable tp. - * intl/l10nflist.c (_nl_normalize_codeset): Use unsigned char * - for type of codeset. For loosing Solaris systems. - * intl/loadinfo.h: Adapt prototype of _nl_normalize_codeset. - * intl/bindtextdom.c (BINDTEXTDOMAIN): Don't define local variable - len if not needed. - Patches by Jim Meyering. - -1998-04-28 Ulrich Drepper - - * loadmsgcat.c (_nl_load_domain): Don't assign the element use_mmap if - mmap is not supported. - - * hash-string.h: Don't include . - -1998-04-27 Ulrich Drepper - - * textdomain.c: Use strdup is available. - - * localealias.c: Define HAVE_MEMPCPY so that we can use this - function. Define and use semapahores to protect modfication of - global objects when compiling for glibc. Add code to allow - freeing alias table. - - * l10nflist.c: Don't assume stpcpy not being a macro. - - * gettextP.h: Define internal_function macri if not already done. - Use glibc byte-swap macros instead of defining SWAP when compiled - for glibc. - (struct loaded_domain): Add elements to allow unloading. - - * Makefile.in (distclean): Don't remove libintl.h here. - - * bindtextdomain.c: Carry over changes from glibc. Use strdup if - available. - - * dcgettext.c: Don't assume stpcpy not being a macro. Mark internal - functions. Add memory freeing code for glibc. - - * dgettext.c: Update copyright. - - * explodename.c: Include stdlib.h and string.h only if they exist. - Use strings.h eventually. - - * finddomain.c: Mark internal functions. Use strdup if available. - Add memory freeing code for glibc. - -1997-10-10 20:00 Ulrich Drepper - - * libgettext.h: Fix dummy textdomain and bindtextdomain macros. - They should return reasonable values. - Reported by Tom Tromey . - -1997-09-16 03:33 Ulrich Drepper - - * libgettext.h: Define PARAMS also to `args' if __cplusplus is defined. - * intlh.inst.in: Likewise. - Reported by Jean-Marc Lasgouttes . - - * libintl.glibc: Update from current glibc version. - -1997-09-06 02:10 Ulrich Drepper - - * intlh.inst.in: Reformat copyright. - -1997-08-19 15:22 Ulrich Drepper - - * dcgettext.c (DCGETTEXT): Remove wrong comment. - -1997-08-16 00:13 Ulrich Drepper - - * Makefile.in (install-data): Don't change directory to install. - -1997-08-01 14:30 Ulrich Drepper - - * cat-compat.c: Fix copyright. - - * localealias.c: Don't define strchr unless !HAVE_STRCHR. - - * loadmsgcat.c: Update copyright. Fix typos. - - * l10nflist.c: Don't define strchr unless !HAVE_STRCHR. - (_nl_make_l10nflist): Handle sponsor and revision correctly. - - * gettext.c: Update copyright. - * gettext.h: Likewise. - * hash-string.h: Likewise. - - * finddomain.c: Remoave dead code. Define strchr only if - !HAVE_STRCHR. - - * explodename.c: Include . - - * explodename.c: Reformat copyright text. - (_nl_explode_name): Fix typo. - - * dcgettext.c: Define and use __set_errno. - (guess_category_value): Don't use setlocale if HAVE_LC_MESSAGES is - not defined. - - * bindtextdom.c: Pretty printing. - -1997-05-01 02:25 Ulrich Drepper - - * dcgettext.c (guess_category_value): Don't depend on - HAVE_LC_MESSAGES. We don't need the macro here. - Patch by Bruno Haible . - - * cat-compat.c (textdomain): DoN't refer to HAVE_SETLOCALE_NULL - macro. Instead use HAVE_LOCALE_NULL and define it when using - glibc, as in dcgettext.c. - Patch by Bruno Haible . - - * Makefile.in (CPPFLAGS): New variable. Reported by Franc,ois - Pinard. - -Mon Mar 10 06:51:17 1997 Ulrich Drepper - - * Makefile.in: Implement handling of libtool. - - * gettextP.h: Change data structures for use of generic lowlevel - i18n file handling. - -Wed Dec 4 20:21:18 1996 Ulrich Drepper - - * textdomain.c: Put parentheses around arguments of memcpy macro - definition. - * localealias.c: Likewise. - * l10nflist.c: Likewise. - * finddomain.c: Likewise. - * bindtextdom.c: Likewise. - Reported by Thomas Esken. - -Mon Nov 25 22:57:51 1996 Ulrich Drepper - - * textdomain.c: Move definition of `memcpy` macro to right - position. - -Fri Nov 22 04:01:58 1996 Ulrich Drepper - - * finddomain.c [!HAVE_STRING_H && !_LIBC]: Define memcpy using - bcopy if not already defined. Reported by Thomas Esken. - * bindtextdom.c: Likewise. - * l10nflist.c: Likewise. - * localealias.c: Likewise. - * textdomain.c: Likewise. - -Tue Oct 29 11:10:27 1996 Ulrich Drepper - - * Makefile.in (libdir): Change to use exec_prefix instead of - prefix. Reported by Knut-HåvardAksnes . - -Sat Aug 31 03:07:09 1996 Ulrich Drepper - - * l10nflist.c (_nl_normalize_codeset): We convert to lower case, - so don't prepend uppercase `ISO' for only numeric arg. - -Fri Jul 19 00:15:46 1996 Ulrich Drepper - - * l10nflist.c: Move inclusion of argz.h, ctype.h, stdlib.h after - definition of _GNU_SOURCE. Patch by Roland McGrath. - - * Makefile.in (uninstall): Fix another bug with `for' loop and - empty arguments. Patch by Jim Meyering. Correct name os - uninstalled files: no intl- prefix anymore. - - * Makefile.in (install-data): Again work around shells which - cannot handle mpty for list. Reported by Jim Meyering. - -Sat Jul 13 18:11:35 1996 Ulrich Drepper - - * Makefile.in (install): Split goal. Now depend on install-exec - and install-data. - (install-exec, install-data): New goals. Created from former - install goal. - Reported by Karl Berry. - -Sat Jun 22 04:58:14 1996 Ulrich Drepper - - * Makefile.in (MKINSTALLDIRS): New variable. Path to - mkinstalldirs script. - (install): use MKINSTALLDIRS variable or if the script is not present - try to find it in the $top_scrdir). - -Wed Jun 19 02:56:56 1996 Ulrich Drepper - - * l10nflist.c: Linux libc *partly* includes the argz_* functions. - Grr. Work around by renaming the static version and use macros - for renaming. - -Tue Jun 18 20:11:17 1996 Ulrich Drepper - - * l10nflist.c: Correct presence test macros of __argz_* functions. - - * l10nflist.c: Include based on test of it instead when - __argz_* functions are available. - Reported by Andreas Schwab. - -Thu Jun 13 15:17:44 1996 Ulrich Drepper - - * explodename.c, l10nflist.c: Define NULL for dumb systems. - -Tue Jun 11 17:05:13 1996 Ulrich Drepper - - * intlh.inst.in, libgettext.h (dcgettext): Rename local variable - result to __result to prevent name clash. - - * l10nflist.c, localealias.c, dcgettext.c: Define _GNU_SOURCE to - get prototype for stpcpy and strcasecmp. - - * intlh.inst.in, libgettext.h: Move declaration of - `_nl_msg_cat_cntr' outside __extension__ block to prevent warning - from gcc's -Wnested-extern option. - -Fri Jun 7 01:58:00 1996 Ulrich Drepper - - * Makefile.in (install): Remove comment. - -Thu Jun 6 17:28:17 1996 Ulrich Drepper - - * Makefile.in (install): Work around for another Buglix stupidity. - Always use an `else' close for `if's. Reported by Nelson Beebe. - - * Makefile.in (intlh.inst): Correct typo in phony rule. - Reported by Nelson Beebe. - -Thu Jun 6 01:49:52 1996 Ulrich Drepper - - * dcgettext.c (read_alias_file): Rename variable alloca_list to - block_list as the macro calls assume. - Patch by Eric Backus. - - * localealias.c [!HAVE_ALLOCA]: Define alloca as macro using - malloc. - (read_alias_file): Rename varriabe alloca_list to block_list as the - macro calls assume. - Patch by Eric Backus. - - * l10nflist.c: Correct conditional for inclusion. - Reported by Roland McGrath. - - * Makefile.in (all): Depend on all-@USE_INCLUDED_LIBINTL@, not - all-@USE_NLS@. - - * Makefile.in (install): intlh.inst comes from local dir, not - $(srcdir). - - * Makefile.in (intlh.inst): Special handling of this goal. If - used in gettext, this is really a rul to construct this file. If - used in any other package it is defined as a .PHONY rule with - empty body. - - * finddomain.c: Extract locale file information handling into - l10nfile.c. Rename local stpcpy__ function to stpcpy. - - * dcgettext.c (stpcpy): Add local definition. - - * l10nflist.c: Solve some portability problems. Patches partly by - Thomas Esken. Add local definition of stpcpy. - -Tue Jun 4 02:47:49 1996 Ulrich Drepper - - * intlh.inst.in: Don't depend including on - HAVE_LOCALE_H. Instead configure must rewrite this fiile - depending on the result of the configure run. - - * Makefile.in (install): libintl.inst is now called intlh.inst. - Add rules for updating intlh.inst from intlh.inst.in. - - * libintl.inst: Renamed to intlh.inst.in. - - * localealias.c, dcgettext.c [__GNUC__]: Define HAVE_ALLOCA to 1 - because gcc has __buitlin_alloca. - Reported by Roland McGrath. - -Mon Jun 3 00:32:16 1996 Ulrich Drepper - - * Makefile.in (installcheck): New goal to fulfill needs of - automake's distcheck. - - * Makefile.in (install): Reorder commands so that VERSION is - found. - - * Makefile.in (gettextsrcdir): Now use subdirectory intl/ in - @datadir@/gettext. - (COMSRCS): Add l10nfile.c. - (OBJECTS): Add l10nfile.o. - (DISTFILES): Rename to DISTFILE.normal. Remove $(DISTFILES.common). - (DISTFILE.gettext): Remove $(DISTFILES.common). - (all-gettext): Remove goal. - (install): If $(PACKAGE) = gettext install, otherwose do nothing. No - package but gettext itself should install libintl.h + headers. - (dist): Extend goal to work for gettext, too. - (dist-gettext): Remove goal. - - * dcgettext.c [!HAVE_ALLOCA]: Define macro alloca by using malloc. - -Sun Jun 2 17:33:06 1996 Ulrich Drepper - - * loadmsgcat.c (_nl_load_domain): Parameter is now comes from - find_l10nfile. - -Sat Jun 1 02:23:03 1996 Ulrich Drepper - - * l10nflist.c (__argz_next): Add definition. - - * dcgettext.c [!HAVE_ALLOCA]: Add code for handling missing alloca - code. Use new l10nfile handling. - - * localealias.c [!HAVE_ALLOCA]: Add code for handling missing - alloca code. - - * l10nflist.c: Initial revision. - -Tue Apr 2 18:51:18 1996 Ulrich Drepper - - * Makefile.in (all-gettext): New goal. Same as all-yes. - -Thu Mar 28 23:01:22 1996 Karl Eichwalder - - * Makefile.in (gettextsrcdir): Define using @datadir@. - -Tue Mar 26 12:39:14 1996 Ulrich Drepper - - * finddomain.c: Include . Reported by Roland McGrath. - -Sat Mar 23 02:00:35 1996 Ulrich Drepper - - * finddomain.c (stpcpy): Rename to stpcpy__ to prevent clashing - with external declaration. - -Sat Mar 2 00:47:09 1996 Ulrich Drepper - - * Makefile.in (all-no): Rename from all_no. - -Sat Feb 17 00:25:59 1996 Ulrich Drepper - - * gettextP.h [loaded_domain]: Array `successor' must now contain up - to 63 elements (because of codeset name normalization). - - * finddomain.c: Implement codeset name normalization. - -Thu Feb 15 04:39:09 1996 Ulrich Drepper - - * Makefile.in (all): Define to `all-@USE_NLS@'. - (all-yes, all_no): New goals. `all-no' is noop, `all-yes' - is former all. - -Mon Jan 15 21:46:01 1996 Howard Gayle - - * localealias.c (alias_compare): Increment string pointers in loop - of strcasecmp replacement. - -Fri Dec 29 21:16:34 1995 Ulrich Drepper - - * Makefile.in (install-src): Who commented this goal out ? :-) - -Fri Dec 29 15:08:16 1995 Ulrich Drepper - - * dcgettext.c (DCGETTEXT): Save `errno'. Failing system calls - should not effect it because a missing catalog is no error. - Reported by Harald Knig . - -Tue Dec 19 22:09:13 1995 Ulrich Drepper - - * Makefile.in (Makefile): Explicitly use $(SHELL) for running - shell scripts. - -Fri Dec 15 17:34:59 1995 Andreas Schwab - - * Makefile.in (install-src): Only install library and header when - we use the own implementation. Don't do it when using the - system's gettext or catgets functions. - - * dcgettext.c (find_msg): Must not swap domain->hash_size here. - -Sat Dec 9 16:24:37 1995 Ulrich Drepper - - * localealias.c, libintl.inst, libgettext.h, hash-string.h, - gettextP.h, finddomain.c, dcgettext.c, cat-compat.c: - Use PARAMS instead of __P. Suggested by Roland McGrath. - -Tue Dec 5 11:39:14 1995 Larry Schwimmer - - * libgettext.h: Use `#if !defined (_LIBINTL_H)' instead of `#if - !_LIBINTL_H' because Solaris defines _LIBINTL_H as empty. - -Mon Dec 4 15:42:07 1995 Ulrich Drepper - - * Makefile.in (install-src): - Install libintl.inst instead of libintl.h.install. - -Sat Dec 2 22:51:38 1995 Marcus Daniels - - * cat-compat.c (textdomain): - Reverse order in which files are tried you load. First - try local file, when this failed absolute path. - -Wed Nov 29 02:03:53 1995 Nelson H. F. Beebe - - * cat-compat.c (bindtextdomain): Add missing { }. - -Sun Nov 26 18:21:41 1995 Ulrich Drepper - - * libintl.inst: Add missing __P definition. Reported by Nelson Beebe. - - * Makefile.in: - Add dummy `all' and `dvi' goals. Reported by Tom Tromey. - -Sat Nov 25 16:12:01 1995 Franc,ois Pinard - - * hash-string.h: Capitalize arguments of macros. - -Sat Nov 25 12:01:36 1995 Ulrich Drepper - - * Makefile.in (DISTFILES): Prevent files names longer than 13 - characters. libintl.h.glibc->libintl.glibc, - libintl.h.install->libintl.inst. Reported by Joshua R. Poulson. - -Sat Nov 25 11:31:12 1995 Eric Backus - - * dcgettext.c: Fix bug in preprocessor conditionals. - -Sat Nov 25 02:35:27 1995 Nelson H. F. Beebe - - * libgettext.h: Solaris cc does not understand - #if !SYMBOL1 && !SYMBOL2. Sad but true. - -Thu Nov 23 16:22:14 1995 Ulrich Drepper - - * hash-string.h (hash_string): - Fix for machine with >32 bit `unsigned long's. - - * dcgettext.c (DCGETTEXT): - Fix horrible bug in loop for alternative translation. - -Thu Nov 23 01:45:29 1995 Ulrich Drepper - - * po2tbl.sed.in, linux-msg.sed, xopen-msg.sed: - Some further simplifications in message number generation. - -Mon Nov 20 21:08:43 1995 Ulrich Drepper - - * libintl.h.glibc: Use __const instead of const in prototypes. - - * Makefile.in (install-src): - Install libintl.h.install instead of libintl.h. This - is a stripped-down version. Suggested by Peter Miller. - - * libintl.h.install, libintl.h.glibc: Initial revision. - - * localealias.c (_nl_expand_alias, read_alias_file): - Protect prototypes in type casts by __P. - -Tue Nov 14 16:43:58 1995 Ulrich Drepper - - * hash-string.h: Correct prototype for hash_string. - -Sun Nov 12 12:42:30 1995 Ulrich Drepper - - * hash-string.h (hash_string): Add prototype. - - * gettextP.h: Fix copyright. - (SWAP): Add prototype. - -Wed Nov 8 22:56:33 1995 Ulrich Drepper - - * localealias.c (read_alias_file): Forgot sizeof. - Avoid calling *printf function. This introduces a big overhead. - Patch by Roland McGrath. - -Tue Nov 7 14:21:08 1995 Ulrich Drepper - - * finddomain.c, cat-compat.c: Wrong indentation in #if for stpcpy. - - * finddomain.c (stpcpy): - Define substitution function local. The macro was to flaky. - - * cat-compat.c: Fix typo. - - * xopen-msg.sed, linux-msg.sed: - While bringing message number to right place only accept digits. - - * linux-msg.sed, xopen-msg.sed: Now that the counter does not have - leading 0s we don't need to remove them. Reported by Marcus - Daniels. - - * Makefile.in (../po/cat-id-tbl.o): Use $(top_srdir) in - dependency. Reported by Marcus Daniels. - - * cat-compat.c: (stpcpy) [!_LIBC && !HAVE_STPCPY]: Define replacement. - Generally cleanup using #if instead of #ifndef. - - * Makefile.in: Correct typos in comment. By Franc,ois Pinard. - -Mon Nov 6 00:27:02 1995 Ulrich Drepper - - * Makefile.in (install-src): Don't install libintl.h and libintl.a - if we use an available gettext implementation. - -Sun Nov 5 22:02:08 1995 Ulrich Drepper - - * libgettext.h: Fix typo: HAVE_CATGETTS -> HAVE_CATGETS. Reported - by Franc,ois Pinard. - - * libgettext.h: Use #if instead of #ifdef/#ifndef. - - * finddomain.c: - Comments describing what has to be done should start with FIXME. - -Sun Nov 5 19:38:01 1995 Ulrich Drepper - - * Makefile.in (DISTFILES): Split. Use DISTFILES with normal meaning. - DISTFILES.common names the files common to both dist goals. - DISTFILES.gettext are the files only distributed in GNU gettext. - -Sun Nov 5 17:32:54 1995 Ulrich Drepper - - * dcgettext.c (DCGETTEXT): Correct searching in derived locales. - This was necessary since a change in _nl_find_msg several weeks - ago. I really don't know this is still not fixed. - -Sun Nov 5 12:43:12 1995 Ulrich Drepper - - * loadmsgcat.c (_nl_load_domain): Test for FILENAME == NULL. This - might mark a special condition. - - * finddomain.c (make_entry_rec): Don't make illegal entry as decided. - - * Makefile.in (dist): Suppress error message when ln failed. - Get files from $(srcdir) explicitly. - - * libgettext.h (gettext_const): Rename to gettext_noop. - -Fri Nov 3 07:36:50 1995 Ulrich Drepper - - * finddomain.c (make_entry_rec): - Protect against wrong locale names by testing mask. - - * libgettext.h (gettext_const): Add macro definition. - Capitalize macro arguments. - -Thu Nov 2 23:15:51 1995 Ulrich Drepper - - * finddomain.c (_nl_find_domain): - Test for pointer != NULL before accessing value. - Reported by Tom Tromey. - - * gettext.c (NULL): - Define as (void*)0 instad of 0. Reported by Franc,ois Pinard. - -Mon Oct 30 21:28:52 1995 Ulrich Drepper - - * po2tbl.sed.in: Serious typo bug fixed by Jim Meyering. - -Sat Oct 28 23:20:47 1995 Ulrich Drepper - - * libgettext.h: Disable dcgettext optimization for Solaris 2.3. - - * localealias.c (alias_compare): - Peter Miller reported that tolower in some systems is - even dumber than I thought. Protect call by `isupper'. - -Fri Oct 27 22:22:51 1995 Ulrich Drepper - - * Makefile.in (libdir, includedir): New variables. - (install-src): Install libintl.a and libintl.h in correct dirs. - -Fri Oct 27 22:07:29 1995 Ulrich Drepper - - * Makefile.in (SOURCES): Fix typo: intrl.compat.c -> intl-compat.c. - - * po2tbl.sed.in: Patch for buggy SEDs by Christian von Roques. - - * localealias.c: - Fix typo and superflous test. Reported by Christian von Roques. - -Fri Oct 6 11:52:05 1995 Ulrich Drepper - - * finddomain.c (_nl_find_domain): - Correct some remainder from the pre-CEN syntax. Now - we don't have a constant number of successors anymore. - -Wed Sep 27 21:41:13 1995 Ulrich Drepper - - * Makefile.in (DISTFILES): Add libintl.h.glibc. - - * Makefile.in (dist-libc): Add goal for packing sources for glibc. - (COMSRCS, COMHDRS): Splitted to separate sources shared with glibc. - - * loadmsgcat.c: Forget to continue #if line. - - * localealias.c: - [_LIBC]: Rename strcasecmp to __strcasecmp to keep ANSI C name - space clean. - - * dcgettext.c, finddomain.c: Better comment to last change. - - * loadmsgcat.c: - [_LIBC]: Rename fstat, open, close, read, mmap, and munmap to - __fstat, __open, __close, __read, __mmap, and __munmap resp - to keep ANSI C name space clean. - - * finddomain.c: - [_LIBC]: Rename stpcpy to __stpcpy to keep ANSI C name space clean. - - * dcgettext.c: - [_LIBC]: Rename getced and stpcpy to __getcwd and __stpcpy resp to - keep ANSI C name space clean. - - * libgettext.h: - Include sys/types.h for those old SysV systems out there. - Reported by Francesco Potorti`. - - * loadmsgcat.c (use_mmap): Define if compiled for glibc. - - * bindtextdom.c: Include all those standard headers - unconditionally if _LIBC is defined. - - * finddomain.c: Fix 2 times defiend -> defined. - - * textdomain.c: Include libintl.h instead of libgettext.h when - compiling for glibc. Include all those standard headers - unconditionally if _LIBC is defined. - - * localealias.c, loadmsgcat.c: Prepare to be compiled in glibc. - - * gettext.c: - Include libintl.h instead of libgettext.h when compiling for glibc. - Get NULL from stddef.h if we compile for glibc. - - * finddomain.c: Include libintl.h instead of libgettext.h when - compiling for glibc. Include all those standard headers - unconditionally if _LIBC is defined. - - * dcgettext.c: Include all those standard headers unconditionally - if _LIBC is defined. - - * dgettext.c: If compiled in glibc include libintl.h instead of - libgettext.h. - (locale.h): Don't rely on HAVE_LOCALE_H when compiling for glibc. - - * dcgettext.c: If compiled in glibc include libintl.h instead of - libgettext.h. - (getcwd): Don't rely on HAVE_GETCWD when compiling for glibc. - - * bindtextdom.c: - If compiled in glibc include libintl.h instead of libgettext.h. - -Mon Sep 25 22:23:06 1995 Ulrich Drepper - - * localealias.c (_nl_expand_alias): Don't call bsearch if NMAP <= 0. - Reported by Marcus Daniels. - - * cat-compat.c (bindtextdomain): - String used in putenv must not be recycled. - Reported by Marcus Daniels. - - * libgettext.h (__USE_GNU_GETTEXT): - Additional symbol to signal that we use GNU gettext - library. - - * cat-compat.c (bindtextdomain): - Fix bug with the strange stpcpy replacement. - Reported by Nelson Beebe. - -Sat Sep 23 08:23:51 1995 Ulrich Drepper - - * cat-compat.c: Include for stpcpy prototype. - - * localealias.c (read_alias_file): - While expand strdup code temporary variable `cp' hided - higher level variable with same name. Rename to `tp'. - - * textdomain.c (textdomain): - Avoid warning by using temporary variable in strdup code. - - * finddomain.c (_nl_find_domain): Remove unused variable `application'. - -Thu Sep 21 15:51:44 1995 Ulrich Drepper - - * localealias.c (alias_compare): - Use strcasecmp() only if available. Else use - implementation in place. - - * intl-compat.c: - Wrapper functions now call *__ functions instead of __*. - - * libgettext.h: Declare prototypes for *__ functions instead for __*. - - * cat-compat.c, loadmsgcat.c: - Don't use xmalloc, xstrdup, and stpcpy. These functions are not part - of the standard libc and so prevent libintl.a from being used - standalone. - - * bindtextdom.c: - Don't use xmalloc, xstrdup, and stpcpy. These functions are not part - of the standard libc and so prevent libintl.a from being used - standalone. - Rename to bindtextdomain__ if not used in GNU C Library. - - * dgettext.c: - Rename function to dgettext__ if not used in GNU C Library. - - * gettext.c: - Don't use xmalloc, xstrdup, and stpcpy. These functions are not part - of the standard libc and so prevent libintl.a from being used - standalone. - Functions now called gettext__ if not used in GNU C Library. - - * dcgettext.c, localealias.c, textdomain.c, finddomain.c: - Don't use xmalloc, xstrdup, and stpcpy. These functions are not part - of the standard libc and so prevent libintl.a from being used - standalone. - -Sun Sep 17 23:14:49 1995 Ulrich Drepper - - * finddomain.c: Correct some bugs in handling of CEN standard - locale definitions. - -Thu Sep 7 01:49:28 1995 Ulrich Drepper - - * finddomain.c: Implement CEN syntax. - - * gettextP.h (loaded_domain): Extend number of successors to 31. - -Sat Aug 19 19:25:29 1995 Ulrich Drepper - - * Makefile.in (aliaspath): Remove path to X11 locale dir. - - * Makefile.in: Make install-src depend on install. This helps - gettext to install the sources and other packages can use the - install goal. - -Sat Aug 19 15:19:33 1995 Ulrich Drepper - - * Makefile.in (uninstall): Remove stuff installed by install-src. - -Tue Aug 15 13:13:53 1995 Ulrich Drepper - - * VERSION.in: Initial revision. - - * Makefile.in (DISTFILES): - Add VERSION file. This is not necessary for gettext, but - for other packages using this library. - -Tue Aug 15 06:16:44 1995 Ulrich Drepper - - * gettextP.h (_nl_find_domain): - New prototype after changing search strategy. - - * finddomain.c (_nl_find_domain): - We now try only to find a specified catalog. Fall back to other - catalogs listed in the locale list is now done in __dcgettext. - - * dcgettext.c (__dcgettext): - Now we provide message fall back even to different languages. - I.e. if a message is not available in one language all the other - in the locale list a tried. Formerly fall back was only possible - within one language. Implemented by moving one loop from - _nl_find_domain to here. - -Mon Aug 14 23:45:50 1995 Ulrich Drepper - - * Makefile.in (gettextsrcdir): - Directory where source of GNU gettext library are made - available. - (INSTALL, INSTALL_DATA): Programs used for installing sources. - (gettext-src): New. Rule to install GNU gettext sources for use in - gettextize shell script. - -Sun Aug 13 14:40:48 1995 Ulrich Drepper - - * loadmsgcat.c (_nl_load_domain): - Use mmap for loading only when munmap function is - also available. - - * Makefile.in (install): Depend on `all' goal. - -Wed Aug 9 11:04:33 1995 Ulrich Drepper - - * localealias.c (read_alias_file): - Do not overwrite '\n' when terminating alias value string. - - * localealias.c (read_alias_file): - Handle long lines. Ignore the rest not fitting in - the buffer after the initial `fgets' call. - -Wed Aug 9 00:54:29 1995 Ulrich Drepper - - * gettextP.h (_nl_load_domain): - Add prototype, replacing prototype for _nl_load_msg_cat. - - * finddomain.c (_nl_find_domain): - Remove unneeded variable filename and filename_len. - (expand_alias): Remove prototype because functions does not - exist anymore. - - * localealias.c (read_alias_file): - Change type of fname_len parameter to int. - (xmalloc): Add prototype. - - * loadmsgcat.c: Better prototypes for xmalloc. - -Tue Aug 8 22:30:39 1995 Ulrich Drepper - - * finddomain.c (_nl_find_domain): - Allow alias name to be constructed from the four components. - - * Makefile.in (aliaspath): New variable. Set to preliminary value. - (SOURCES): Add localealias.c. - (OBJECTS): Add localealias.o. - - * gettextP.h: Add prototype for _nl_expand_alias. - - * finddomain.c: Aliasing handled in intl/localealias.c. - - * localealias.c: Aliasing for locale names. - - * bindtextdom.c: Better prototypes for xmalloc and xstrdup. - -Mon Aug 7 23:47:42 1995 Ulrich Drepper - - * Makefile.in (DISTFILES): gettext.perl is now found in misc/. - - * cat-compat.c (bindtextdomain): - Correct implementation. dirname parameter was not used. - Reported by Marcus Daniels. - - * gettextP.h (loaded_domain): - New fields `successor' and `decided' for oo, lazy - message handling implementation. - - * dcgettext.c: - Adopt for oo, lazy message handliing. - Now we can inherit translations from less specific locales. - (find_msg): New function. - - * loadmsgcat.c, finddomain.c: - Complete rewrite. Implement oo, lazy message handling :-). - We now have an additional environment variable `LANGUAGE' with - a higher priority than LC_ALL for the LC_MESSAGE locale. - Here we can set a colon separated list of specifications each - of the form `language[_territory[.codeset]][@modifier]'. - -Sat Aug 5 09:55:42 1995 Ulrich Drepper - - * finddomain.c (unistd.h): - Include to get _PC_PATH_MAX defined on system having it. - -Fri Aug 4 22:42:00 1995 Ulrich Drepper - - * finddomain.c (stpcpy): Include prototype. - - * Makefile.in (dist): Remove `copying instead' message. - -Wed Aug 2 18:52:03 1995 Ulrich Drepper - - * Makefile.in (ID, TAGS): Do not use $^. - -Tue Aug 1 20:07:11 1995 Ulrich Drepper - - * Makefile.in (TAGS, ID): Use $^ as command argument. - (TAGS): Give etags -o option t write to current directory, - not $(srcdir). - (ID): Use $(srcdir) instead os $(top_srcdir)/src. - (distclean): Remove ID. - -Sun Jul 30 11:51:46 1995 Ulrich Drepper - - * Makefile.in (gnulocaledir): - New variable, always using share/ for data directory. - (DEFS): Add GNULOCALEDIR, used in finddomain.c. - - * finddomain.c (_nl_default_dirname): - Set to GNULOCALEDIR, because it always has to point - to the directory where GNU gettext Library writes it to. - - * intl-compat.c (textdomain, bindtextdomain): - Undefine macros before function definition. - -Sat Jul 22 01:10:02 1995 Ulrich Drepper - - * libgettext.h (_LIBINTL_H): - Protect definition in case where this file is included as - libgettext.h on Solaris machines. Add comment about this. - -Wed Jul 19 02:36:42 1995 Ulrich Drepper - - * intl-compat.c (textdomain): Correct typo. - -Wed Jul 19 01:51:35 1995 Ulrich Drepper - - * dcgettext.c (dcgettext): Function now called __dcgettext. - - * dgettext.c (dgettext): Now called __dgettext and calls - __dcgettext. - - * gettext.c (gettext): - Function now called __gettext and calls __dgettext. - - * textdomain.c (textdomain): Function now called __textdomain. - - * bindtextdom.c (bindtextdomain): Function now called - __bindtextdomain. - - * intl-compat.c: Initial revision. - - * Makefile.in (SOURCES): Add intl-compat.c. - (OBJECTS): We always compile the GNU gettext library functions. - OBJECTS contains all objects but cat-compat.o, ../po/cat-if-tbl.o, - and intl-compat.o. - (GETTOBJS): Contains now only intl-compat.o. - - * libgettext.h: - Re-include protection matches dualistic character of libgettext.h. - For all functions in GNU gettext library define __ counter part. - - * finddomain.c (strchr): Define as index if not found in C library. - (_nl_find_domain): For relative paths paste / in between. - -Tue Jul 18 16:37:45 1995 Ulrich Drepper - - * loadmsgcat.c, finddomain.c: Add inclusion of sys/types.h. - - * xopen-msg.sed: Fix bug with `msgstr ""' lines. - A little bit better comments. - -Tue Jul 18 01:18:27 1995 Ulrich Drepper - - * Makefile.in: - po-mode.el, makelinks, combine-sh are now found in ../misc. - - * po-mode.el, makelinks, combine-sh, elisp-comp: - Moved to ../misc/. - - * libgettext.h, gettextP.h, gettext.h: Uniform test for __STDC__. - -Sun Jul 16 22:33:02 1995 Ulrich Drepper - - * Makefile.in (INSTALL, INSTALL_DATA): New variables. - (install-data, uninstall): Install/uninstall .elc file. - - * po-mode.el (Installation comment): - Add .pox as possible extension of .po files. - -Sun Jul 16 13:23:27 1995 Ulrich Drepper - - * elisp-comp: Complete new version by Franc,ois: This does not - fail when not compiling in the source directory. - -Sun Jul 16 00:12:17 1995 Ulrich Drepper - - * Makefile.in (../po/cat-id-tbl.o): - Use $(MAKE) instead of make for recursive make. - - * Makefile.in (.el.elc): Use $(SHELL) instead of /bin/sh. - (install-exec): Add missing dummy goal. - (install-data, uninstall): @ in multi-line shell command at - beginning, not in front of echo. Reported by Eric Backus. - -Sat Jul 15 00:21:28 1995 Ulrich Drepper - - * Makefile.in (DISTFILES): - Rename libgettext.perl to gettext.perl to fit in 14 chars - file systems. - - * gettext.perl: - Rename to gettext.perl to fit in 14 chars file systems. - -Thu Jul 13 23:17:20 1995 Ulrich Drepper - - * cat-compat.c: If !STDC_HEADERS try to include malloc.h. - -Thu Jul 13 20:55:02 1995 Ulrich Drepper - - * po2tbl.sed.in: Pretty printing. - - * linux-msg.sed, xopen-msg.sed: - Correct bugs with handling substitute flags in branches. - - * hash-string.h (hash_string): - Old K&R compilers don't under stand `unsigned char'. - - * gettext.h (nls_uint32): - Some old K&R compilers (eg HP) don't understand `unsigned int'. - - * cat-compat.c (msg_to_cat_id): De-ANSI-fy prototypes. - -Thu Jul 13 01:34:33 1995 Ulrich Drepper - - * Makefile.in (ELCFILES): New variable. - (DISTFILES): Add elisp-comp. - Add implicit rule for .el -> .elc compilation. - (install-data): install $ELCFILES - (clean): renamed po-to-tbl and po-to-msg to po2tbl and po2msg resp. - - * elisp-comp: Initial revision - -Wed Jul 12 16:14:52 1995 Ulrich Drepper - - * Makefile.in: - cat-id-tbl.c is now found in po/. This enables us to use an identical - intl/ directory in all packages. - - * dcgettext.c (dcgettext): hashing does not work for table size <= 2. - - * textdomain.c: fix typo (#if def -> #if defined) - -Tue Jul 11 18:44:43 1995 Ulrich Drepper - - * Makefile.in (stamp-cat-id): use top_srcdir to address source files - (DISTFILES,distclean): move tupdate.perl to src/ - - * po-to-tbl.sed.in: - add additional jump to clear change flag to recognize multiline strings - -Tue Jul 11 01:32:50 1995 Ulrich Drepper - - * textdomain.c: Protect inclusion of stdlib.h and string.h. - - * loadmsgcat.c: Protect inclusion of stdlib.h. - - * libgettext.h: Protect inclusion of locale.h. - Allow use in C++ programs. - Define NULL is not happened already. - - * Makefile.in (DISTFILES): ship po-to-tbl.sed.in instead of - po-to-tbl.sed. - (distclean): remove po-to-tbl.sed and tupdate.perl. - - * tupdate.perl.in: Substitute Perl path even in exec line. - Don't include entries without translation from old .po file. - -Tue Jul 4 00:41:51 1995 Ulrich Drepper - - * tupdate.perl.in: use "Updated: " in msgid "". - - * cat-compat.c: Fix typo (LOCALDIR -> LOCALEDIR). - Define getenv if !__STDC__. - - * bindtextdom.c: Protect stdlib.h and string.h inclusion. - Define free if !__STDC__. - - * finddomain.c: Change DEF_MSG_DOM_DIR to LOCALEDIR. - Define free if !__STDC__. - - * cat-compat.c: Change DEF_MSG_DOM_DIR to LOCALEDIR. - -Mon Jul 3 23:56:30 1995 Ulrich Drepper - - * Makefile.in: Use LOCALEDIR instead of DEF_MSG_DOM_DIR. - Remove unneeded $(srcdir) from Makefile.in dependency. - - * makelinks: Add copyright and short description. - - * po-mode.el: Last version for 0.7. - - * tupdate.perl.in: Fix die message. - - * dcgettext.c: Protect include of string.h. - - * gettext.c: Protect include of stdlib.h and further tries to get NULL. - - * finddomain.c: Some corrections in includes. - - * Makefile.in (INCLUDES): Prune list correct path to Makefile.in. - - * po-to-tbl.sed: Adopt for new .po file format. - - * linux-msg.sed, xopen-msg.sed: Adopt for new .po file format. - -Sun Jul 2 23:55:03 1995 Ulrich Drepper - - * tupdate.perl.in: Complete rewrite for new .po file format. - -Sun Jul 2 02:06:50 1995 Ulrich Drepper - - * First official release. This directory contains all the code - needed to internationalize own packages. It provides functions - which allow to use the X/Open catgets function with an interface - like the Uniforum gettext function. For system which does not - have neither of those a complete implementation is provided. diff --git a/intl/Makefile.in b/intl/Makefile.in deleted file mode 100644 index 4bdb186d..00000000 --- a/intl/Makefile.in +++ /dev/null @@ -1,214 +0,0 @@ -# Makefile for directory with message catalog handling in GNU NLS Utilities. -# Copyright (C) 1995, 1996, 1997 Free Software Foundation, Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - -PACKAGE = @PACKAGE@ -VERSION = @VERSION@ - -SHELL = /bin/sh - -srcdir = @srcdir@ -top_srcdir = @top_srcdir@ -top_builddir = .. -VPATH = @srcdir@ - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -transform = @program_transform_name@ -libdir = $(exec_prefix)/lib -includedir = $(prefix)/include -datadir = $(prefix)/@DATADIRNAME@ -localedir = $(datadir)/locale -gnulocaledir = $(prefix)/share/locale -gettextsrcdir = @datadir@/gettext/intl -aliaspath = $(localedir):. -subdir = intl - -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -MKINSTALLDIRS = @MKINSTALLDIRS@ - -l = @l@ - -AR = ar -CC = @CC@ -LIBTOOL = @LIBTOOL@ -RANLIB = @RANLIB@ - -DEFS = -DLOCALEDIR=\"$(localedir)\" -DGNULOCALEDIR=\"$(gnulocaledir)\" \ --DLOCALE_ALIAS_PATH=\"$(aliaspath)\" @DEFS@ -CPPFLAGS = @CPPFLAGS@ -CFLAGS = @CFLAGS@ -LDFLAGS = @LDFLAGS@ - -COMPILE = $(CC) -c $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) $(XCFLAGS) - -HEADERS = $(COMHDRS) libgettext.h loadinfo.h -COMHDRS = gettext.h gettextP.h hash-string.h -SOURCES = $(COMSRCS) intl-compat.c cat-compat.c -COMSRCS = bindtextdom.c dcgettext.c dgettext.c gettext.c \ -finddomain.c loadmsgcat.c localealias.c textdomain.c l10nflist.c \ -explodename.c -OBJECTS = @INTLOBJS@ bindtextdom.$lo dcgettext.$lo dgettext.$lo gettext.$lo \ -finddomain.$lo loadmsgcat.$lo localealias.$lo textdomain.$lo l10nflist.$lo \ -explodename.$lo -CATOBJS = cat-compat.$lo ../po/cat-id-tbl.$lo -GETTOBJS = intl-compat.$lo -DISTFILES.common = ChangeLog Makefile.in linux-msg.sed po2tbl.sed.in \ -xopen-msg.sed $(HEADERS) $(SOURCES) -DISTFILES.normal = VERSION -DISTFILES.gettext = libintl.glibc intlh.inst.in - -.SUFFIXES: -.SUFFIXES: .c .o .lo -.c.o: - $(COMPILE) $< -.c.lo: - $(LIBTOOL) --mode=compile $(COMPILE) $< - -INCLUDES = -I.. -I. -I$(top_srcdir)/intl -I$(top_srcdir)/lib - -all: all-@USE_INCLUDED_LIBINTL@ - -all-yes: libintl.$la intlh.inst -all-no: - -libintl.a: $(OBJECTS) - rm -f $@ - $(AR) cru $@ $(OBJECTS) - $(RANLIB) $@ - -libintl.la: $(OBJECTS) - $(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o $@ $(OBJECTS) \ - -version-info 1:0 -rpath $(libdir) - -../po/cat-id-tbl.$lo: ../po/cat-id-tbl.c $(top_srcdir)/po/$(PACKAGE).pot - cd ../po && $(MAKE) cat-id-tbl.$lo - -check: all - -# This installation goal is only used in GNU gettext. Packages which -# only use the library should use install instead. - -# We must not install the libintl.h/libintl.a files if we are on a -# system which has the gettext() function in its C library or in a -# separate library or use the catgets interface. A special case is -# where configure found a previously installed GNU gettext library. -# If you want to use the one which comes with this version of the -# package, you have to use `configure --with-included-gettext'. -install: install-exec install-data -install-exec: all - if test "$(PACKAGE)" = "gettext" \ - && test '@INTLOBJS@' = '$(GETTOBJS)'; then \ - if test -r $(MKINSTALLDIRS); then \ - $(MKINSTALLDIRS) $(libdir) $(includedir); \ - else \ - $(top_srcdir)/mkinstalldirs $(libdir) $(includedir); \ - fi; \ - $(INSTALL_DATA) intlh.inst $(includedir)/libintl.h; \ - $(INSTALL_DATA) libintl.a $(libdir)/libintl.a; \ - else \ - : ; \ - fi -install-data: all - if test "$(PACKAGE)" = "gettext"; then \ - if test -r $(MKINSTALLDIRS); then \ - $(MKINSTALLDIRS) $(gettextsrcdir); \ - else \ - $(top_srcdir)/mkinstalldirs $(gettextsrcdir); \ - fi; \ - $(INSTALL_DATA) VERSION $(gettextsrcdir)/VERSION; \ - dists="$(DISTFILES.common)"; \ - for file in $$dists; do \ - $(INSTALL_DATA) $(srcdir)/$$file $(gettextsrcdir)/$$file; \ - done; \ - else \ - : ; \ - fi - -# Define this as empty until I found a useful application. -installcheck: - -uninstall: - dists="$(DISTFILES.common)"; \ - for file in $$dists; do \ - rm -f $(gettextsrcdir)/$$file; \ - done - -info dvi: - -$(OBJECTS): ../config.h libgettext.h -bindtextdom.$lo finddomain.$lo loadmsgcat.$lo: gettextP.h gettext.h loadinfo.h -dcgettext.$lo: gettextP.h gettext.h hash-string.h loadinfo.h - -tags: TAGS - -TAGS: $(HEADERS) $(SOURCES) - here=`pwd`; cd $(srcdir) && etags -o $$here/TAGS $(HEADERS) $(SOURCES) - -id: ID - -ID: $(HEADERS) $(SOURCES) - here=`pwd`; cd $(srcdir) && mkid -f$$here/ID $(HEADERS) $(SOURCES) - - -mostlyclean: - rm -f *.a *.o *.lo core core.* - -clean: mostlyclean - -distclean: clean - rm -f Makefile ID TAGS po2msg.sed po2tbl.sed - -maintainer-clean: distclean - @echo "This command is intended for maintainers to use;" - @echo "it deletes files that may require special tools to rebuild." - - -# GNU gettext needs not contain the file `VERSION' but contains some -# other files which should not be distributed in other packages. -distdir = ../$(PACKAGE)-$(VERSION)/$(subdir) -dist distdir: Makefile $(DISTFILES) - if test "$(PACKAGE)" = gettext; then \ - additional="$(DISTFILES.gettext)"; \ - else \ - additional="$(DISTFILES.normal)"; \ - fi; \ - for file in $(DISTFILES.common) $$additional; do \ - ln $(srcdir)/$$file $(distdir) 2> /dev/null \ - || cp -p $(srcdir)/$$file $(distdir); \ - done - -dist-libc: - tar zcvf intl-glibc.tar.gz $(COMSRCS) $(COMHDRS) libintl.h.glibc - -Makefile: Makefile.in ../config.status - cd .. \ - && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status - -# The dependency for intlh.inst is different in gettext and all other -# packages. Because we cannot you GNU make features we have to solve -# the problem while rewriting Makefile.in. -@GT_YES@intlh.inst: intlh.inst.in ../config.status -@GT_YES@ cd .. \ -@GT_YES@ && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= \ -@GT_YES@ $(SHELL) ./config.status -@GT_NO@.PHONY: intlh.inst -@GT_NO@intlh.inst: - -# Tell versions [3.59,3.63) of GNU make not to export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: diff --git a/intl/VERSION b/intl/VERSION deleted file mode 100644 index ee66b061..00000000 --- a/intl/VERSION +++ /dev/null @@ -1 +0,0 @@ -GNU gettext library from gettext-0.10.35 diff --git a/intl/bindtextdom.c b/intl/bindtextdom.c deleted file mode 100644 index d9c3f349..00000000 --- a/intl/bindtextdom.c +++ /dev/null @@ -1,203 +0,0 @@ -/* Implementation of the bindtextdomain(3) function - Copyright (C) 1995, 1996, 1997, 1998 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#if defined STDC_HEADERS || defined _LIBC -# include -#else -# ifdef HAVE_MALLOC_H -# include -# else -void free (); -# endif -#endif - -#if defined HAVE_STRING_H || defined _LIBC -# include -#else -# include -# ifndef memcpy -# define memcpy(Dst, Src, Num) bcopy (Src, Dst, Num) -# endif -#endif - -#ifdef _LIBC -# include -#else -# include "libgettext.h" -#endif -#include "gettext.h" -#include "gettextP.h" - -/* @@ end of prolog @@ */ - -/* Contains the default location of the message catalogs. */ -extern const char _nl_default_dirname[]; - -/* List with bindings of specific domains. */ -extern struct binding *_nl_domain_bindings; - - -/* Names for the libintl functions are a problem. They must not clash - with existing names and they should follow ANSI C. But this source - code is also used in GNU C Library where the names have a __ - prefix. So we have to make a difference here. */ -#ifdef _LIBC -# define BINDTEXTDOMAIN __bindtextdomain -# ifndef strdup -# define strdup(str) __strdup (str) -# endif -#else -# define BINDTEXTDOMAIN bindtextdomain__ -#endif - -/* Specify that the DOMAINNAME message catalog will be found - in DIRNAME rather than in the system locale data base. */ -char * -BINDTEXTDOMAIN (domainname, dirname) - const char *domainname; - const char *dirname; -{ - struct binding *binding; - - /* Some sanity checks. */ - if (domainname == NULL || domainname[0] == '\0') - return NULL; - - for (binding = _nl_domain_bindings; binding != NULL; binding = binding->next) - { - int compare = strcmp (domainname, binding->domainname); - if (compare == 0) - /* We found it! */ - break; - if (compare < 0) - { - /* It is not in the list. */ - binding = NULL; - break; - } - } - - if (dirname == NULL) - /* The current binding has be to returned. */ - return binding == NULL ? (char *) _nl_default_dirname : binding->dirname; - - if (binding != NULL) - { - /* The domain is already bound. If the new value and the old - one are equal we simply do nothing. Otherwise replace the - old binding. */ - if (strcmp (dirname, binding->dirname) != 0) - { - char *new_dirname; - - if (strcmp (dirname, _nl_default_dirname) == 0) - new_dirname = (char *) _nl_default_dirname; - else - { -#if defined _LIBC || defined HAVE_STRDUP - new_dirname = strdup (dirname); - if (new_dirname == NULL) - return NULL; -#else - size_t len = strlen (dirname) + 1; - new_dirname = (char *) malloc (len); - if (new_dirname == NULL) - return NULL; - - memcpy (new_dirname, dirname, len); -#endif - } - - if (binding->dirname != _nl_default_dirname) - free (binding->dirname); - - binding->dirname = new_dirname; - } - } - else - { - /* We have to create a new binding. */ -#if !defined _LIBC && !defined HAVE_STRDUP - size_t len; -#endif - struct binding *new_binding = - (struct binding *) malloc (sizeof (*new_binding)); - - if (new_binding == NULL) - return NULL; - -#if defined _LIBC || defined HAVE_STRDUP - new_binding->domainname = strdup (domainname); - if (new_binding->domainname == NULL) - return NULL; -#else - len = strlen (domainname) + 1; - new_binding->domainname = (char *) malloc (len); - if (new_binding->domainname == NULL) - return NULL; - memcpy (new_binding->domainname, domainname, len); -#endif - - if (strcmp (dirname, _nl_default_dirname) == 0) - new_binding->dirname = (char *) _nl_default_dirname; - else - { -#if defined _LIBC || defined HAVE_STRDUP - new_binding->dirname = strdup (dirname); - if (new_binding->dirname == NULL) - return NULL; -#else - len = strlen (dirname) + 1; - new_binding->dirname = (char *) malloc (len); - if (new_binding->dirname == NULL) - return NULL; - memcpy (new_binding->dirname, dirname, len); -#endif - } - - /* Now enqueue it. */ - if (_nl_domain_bindings == NULL - || strcmp (domainname, _nl_domain_bindings->domainname) < 0) - { - new_binding->next = _nl_domain_bindings; - _nl_domain_bindings = new_binding; - } - else - { - binding = _nl_domain_bindings; - while (binding->next != NULL - && strcmp (domainname, binding->next->domainname) > 0) - binding = binding->next; - - new_binding->next = binding->next; - binding->next = new_binding; - } - - binding = new_binding; - } - - return binding->dirname; -} - -#ifdef _LIBC -/* Alias for function name in GNU C Library. */ -weak_alias (__bindtextdomain, bindtextdomain); -#endif diff --git a/intl/cat-compat.c b/intl/cat-compat.c deleted file mode 100644 index 867d901b..00000000 --- a/intl/cat-compat.c +++ /dev/null @@ -1,262 +0,0 @@ -/* Compatibility code for gettext-using-catgets interface. - Copyright (C) 1995, 1997 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include - -#ifdef STDC_HEADERS -# include -# include -#else -char *getenv (); -# ifdef HAVE_MALLOC_H -# include -# endif -#endif - -#ifdef HAVE_NL_TYPES_H -# include -#endif - -#include "libgettext.h" - -/* @@ end of prolog @@ */ - -/* XPG3 defines the result of `setlocale (category, NULL)' as: - ``Directs `setlocale()' to query `category' and return the current - setting of `local'.'' - However it does not specify the exact format. And even worse: POSIX - defines this not at all. So we can use this feature only on selected - system (e.g. those using GNU C Library). */ -#ifdef _LIBC -# define HAVE_LOCALE_NULL -#endif - -/* The catalog descriptor. */ -static nl_catd catalog = (nl_catd) -1; - -/* Name of the default catalog. */ -static const char default_catalog_name[] = "messages"; - -/* Name of currently used catalog. */ -static const char *catalog_name = default_catalog_name; - -/* Get ID for given string. If not found return -1. */ -static int msg_to_cat_id PARAMS ((const char *msg)); - -/* Substitution for systems lacking this function in their C library. */ -#if !_LIBC && !HAVE_STPCPY -static char *stpcpy PARAMS ((char *dest, const char *src)); -#endif - - -/* Set currently used domain/catalog. */ -char * -textdomain (domainname) - const char *domainname; -{ - nl_catd new_catalog; - char *new_name; - size_t new_name_len; - char *lang; - -#if defined HAVE_SETLOCALE && defined HAVE_LC_MESSAGES \ - && defined HAVE_LOCALE_NULL - lang = setlocale (LC_MESSAGES, NULL); -#else - lang = getenv ("LC_ALL"); - if (lang == NULL || lang[0] == '\0') - { - lang = getenv ("LC_MESSAGES"); - if (lang == NULL || lang[0] == '\0') - lang = getenv ("LANG"); - } -#endif - if (lang == NULL || lang[0] == '\0') - lang = "C"; - - /* See whether name of currently used domain is asked. */ - if (domainname == NULL) - return (char *) catalog_name; - - if (domainname[0] == '\0') - domainname = default_catalog_name; - - /* Compute length of added path element. */ - new_name_len = sizeof (LOCALEDIR) - 1 + 1 + strlen (lang) - + sizeof ("/LC_MESSAGES/") - 1 + sizeof (PACKAGE) - 1 - + sizeof (".cat"); - - new_name = (char *) malloc (new_name_len); - if (new_name == NULL) - return NULL; - - strcpy (new_name, PACKAGE); - new_catalog = catopen (new_name, 0); - - if (new_catalog == (nl_catd) -1) - { - /* NLSPATH search didn't work, try absolute path */ - sprintf (new_name, "%s/%s/LC_MESSAGES/%s.cat", LOCALEDIR, lang, - PACKAGE); - new_catalog = catopen (new_name, 0); - - if (new_catalog == (nl_catd) -1) - { - free (new_name); - return (char *) catalog_name; - } - } - - /* Close old catalog. */ - if (catalog != (nl_catd) -1) - catclose (catalog); - if (catalog_name != default_catalog_name) - free ((char *) catalog_name); - - catalog = new_catalog; - catalog_name = new_name; - - return (char *) catalog_name; -} - -char * -bindtextdomain (domainname, dirname) - const char *domainname; - const char *dirname; -{ -#if HAVE_SETENV || HAVE_PUTENV - char *old_val, *new_val, *cp; - size_t new_val_len; - - /* This does not make much sense here but to be compatible do it. */ - if (domainname == NULL) - return NULL; - - /* Compute length of added path element. If we use setenv we don't need - the first byts for NLSPATH=, but why complicate the code for this - peanuts. */ - new_val_len = sizeof ("NLSPATH=") - 1 + strlen (dirname) - + sizeof ("/%L/LC_MESSAGES/%N.cat"); - - old_val = getenv ("NLSPATH"); - if (old_val == NULL || old_val[0] == '\0') - { - old_val = NULL; - new_val_len += 1 + sizeof (LOCALEDIR) - 1 - + sizeof ("/%L/LC_MESSAGES/%N.cat"); - } - else - new_val_len += strlen (old_val); - - new_val = (char *) malloc (new_val_len); - if (new_val == NULL) - return NULL; - -# if HAVE_SETENV - cp = new_val; -# else - cp = stpcpy (new_val, "NLSPATH="); -# endif - - cp = stpcpy (cp, dirname); - cp = stpcpy (cp, "/%L/LC_MESSAGES/%N.cat:"); - - if (old_val == NULL) - { -# if __STDC__ - stpcpy (cp, LOCALEDIR "/%L/LC_MESSAGES/%N.cat"); -# else - - cp = stpcpy (cp, LOCALEDIR); - stpcpy (cp, "/%L/LC_MESSAGES/%N.cat"); -# endif - } - else - stpcpy (cp, old_val); - -# if HAVE_SETENV - setenv ("NLSPATH", new_val, 1); - free (new_val); -# else - putenv (new_val); - /* Do *not* free the environment entry we just entered. It is used - from now on. */ -# endif - -#endif - - return (char *) domainname; -} - -#undef gettext -char * -gettext (msg) - const char *msg; -{ - int msgid; - - if (msg == NULL || catalog == (nl_catd) -1) - return (char *) msg; - - /* Get the message from the catalog. We always use set number 1. - The message ID is computed by the function `msg_to_cat_id' - which works on the table generated by `po-to-tbl'. */ - msgid = msg_to_cat_id (msg); - if (msgid == -1) - return (char *) msg; - - return catgets (catalog, 1, msgid, (char *) msg); -} - -/* Look through the table `_msg_tbl' which has `_msg_tbl_length' entries - for the one equal to msg. If it is found return the ID. In case when - the string is not found return -1. */ -static int -msg_to_cat_id (msg) - const char *msg; -{ - int cnt; - - for (cnt = 0; cnt < _msg_tbl_length; ++cnt) - if (strcmp (msg, _msg_tbl[cnt]._msg) == 0) - return _msg_tbl[cnt]._msg_number; - - return -1; -} - - -/* @@ begin of epilog @@ */ - -/* We don't want libintl.a to depend on any other library. So we - avoid the non-standard function stpcpy. In GNU C Library this - function is available, though. Also allow the symbol HAVE_STPCPY - to be defined. */ -#if !_LIBC && !HAVE_STPCPY -static char * -stpcpy (dest, src) - char *dest; - const char *src; -{ - while ((*dest++ = *src++) != '\0') - /* Do nothing. */ ; - return dest - 1; -} -#endif diff --git a/intl/dcgettext.c b/intl/dcgettext.c deleted file mode 100644 index 0f7bb486..00000000 --- a/intl/dcgettext.c +++ /dev/null @@ -1,655 +0,0 @@ -/* Implementation of the dcgettext(3) function. - Copyright (C) 1995, 1996, 1997, 1998 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include - -#if defined __GNUC__ && !defined C_ALLOCA -# define alloca __builtin_alloca -# define HAVE_ALLOCA 1 -#else -# if (defined HAVE_ALLOCA_H || defined _LIBC) && !defined C_ALLOCA -# include -# else -# ifdef _AIX - #pragma alloca -# else -# ifndef alloca -char *alloca (); -# endif -# endif -# endif -#endif - -#include -#ifndef errno -extern int errno; -#endif -#ifndef __set_errno -# define __set_errno(val) errno = (val) -#endif - -#if defined STDC_HEADERS || defined _LIBC -# include -#else -char *getenv (); -# ifdef HAVE_MALLOC_H -# include -# else -void free (); -# endif -#endif - -#if defined HAVE_STRING_H || defined _LIBC -# ifndef _GNU_SOURCE -# define _GNU_SOURCE 1 -# endif -# include -#else -# include -#endif -#if !HAVE_STRCHR && !defined _LIBC -# ifndef strchr -# define strchr index -# endif -#endif - -#if defined HAVE_UNISTD_H || defined _LIBC -# include -#endif - -#include "gettext.h" -#include "gettextP.h" -#ifdef _LIBC -# include -#else -# include "libgettext.h" -#endif -#include "hash-string.h" - -/* @@ end of prolog @@ */ - -#ifdef _LIBC -/* Rename the non ANSI C functions. This is required by the standard - because some ANSI C functions will require linking with this object - file and the name space must not be polluted. */ -# define getcwd __getcwd -# ifndef stpcpy -# define stpcpy __stpcpy -# endif -#else -# if !defined HAVE_GETCWD -char *getwd (); -# define getcwd(buf, max) getwd (buf) -# else -char *getcwd (); -# endif -# ifndef HAVE_STPCPY -static char *stpcpy PARAMS ((char *dest, const char *src)); -# endif -#endif - -/* Amount to increase buffer size by in each try. */ -#define PATH_INCR 32 - -/* The following is from pathmax.h. */ -/* Non-POSIX BSD systems might have gcc's limits.h, which doesn't define - PATH_MAX but might cause redefinition warnings when sys/param.h is - later included (as on MORE/BSD 4.3). */ -#if defined(_POSIX_VERSION) || (defined(HAVE_LIMITS_H) && !defined(__GNUC__)) -# include -#endif - -#ifndef _POSIX_PATH_MAX -# define _POSIX_PATH_MAX 255 -#endif - -#if !defined(PATH_MAX) && defined(_PC_PATH_MAX) -# define PATH_MAX (pathconf ("/", _PC_PATH_MAX) < 1 ? 1024 : pathconf ("/", _PC_PATH_MAX)) -#endif - -/* Don't include sys/param.h if it already has been. */ -#if defined(HAVE_SYS_PARAM_H) && !defined(PATH_MAX) && !defined(MAXPATHLEN) -# include -#endif - -#if !defined(PATH_MAX) && defined(MAXPATHLEN) -# define PATH_MAX MAXPATHLEN -#endif - -#ifndef PATH_MAX -# define PATH_MAX _POSIX_PATH_MAX -#endif - -/* XPG3 defines the result of `setlocale (category, NULL)' as: - ``Directs `setlocale()' to query `category' and return the current - setting of `local'.'' - However it does not specify the exact format. And even worse: POSIX - defines this not at all. So we can use this feature only on selected - system (e.g. those using GNU C Library). */ -#ifdef _LIBC -# define HAVE_LOCALE_NULL -#endif - -/* Name of the default domain used for gettext(3) prior any call to - textdomain(3). The default value for this is "messages". */ -const char _nl_default_default_domain[] = "messages"; - -/* Value used as the default domain for gettext(3). */ -const char *_nl_current_default_domain = _nl_default_default_domain; - -/* Contains the default location of the message catalogs. */ -const char _nl_default_dirname[] = GNULOCALEDIR; - -/* List with bindings of specific domains created by bindtextdomain() - calls. */ -struct binding *_nl_domain_bindings; - -/* Prototypes for local functions. */ -static char *find_msg PARAMS ((struct loaded_l10nfile *domain_file, - const char *msgid)) internal_function; -static const char *category_to_name PARAMS ((int category)) internal_function; -static const char *guess_category_value PARAMS ((int category, - const char *categoryname)) - internal_function; - - -/* For those loosing systems which don't have `alloca' we have to add - some additional code emulating it. */ -#ifdef HAVE_ALLOCA -/* Nothing has to be done. */ -# define ADD_BLOCK(list, address) /* nothing */ -# define FREE_BLOCKS(list) /* nothing */ -#else -struct block_list -{ - void *address; - struct block_list *next; -}; -# define ADD_BLOCK(list, addr) \ - do { \ - struct block_list *newp = (struct block_list *) malloc (sizeof (*newp)); \ - /* If we cannot get a free block we cannot add the new element to \ - the list. */ \ - if (newp != NULL) { \ - newp->address = (addr); \ - newp->next = (list); \ - (list) = newp; \ - } \ - } while (0) -# define FREE_BLOCKS(list) \ - do { \ - while (list != NULL) { \ - struct block_list *old = list; \ - list = list->next; \ - free (old); \ - } \ - } while (0) -# undef alloca -# define alloca(size) (malloc (size)) -#endif /* have alloca */ - - -/* Names for the libintl functions are a problem. They must not clash - with existing names and they should follow ANSI C. But this source - code is also used in GNU C Library where the names have a __ - prefix. So we have to make a difference here. */ -#ifdef _LIBC -# define DCGETTEXT __dcgettext -#else -# define DCGETTEXT dcgettext__ -#endif - -/* Checking whether the binaries runs SUID must be done and glibc provides - easier methods therefore we make a difference here. */ -#ifdef _LIBC -# define ENABLE_SECURE __libc_enable_secure -# define DETERMINE_SECURE -#else -static int enable_secure; -# define ENABLE_SECURE (enable_secure == 1) -# define DETERMINE_SECURE \ - if (enable_secure == 0) \ - { \ - if (getuid () != geteuid () || getgid () != getegid ()) \ - enable_secure = 1; \ - else \ - enable_secure = -1; \ - } -#endif - -/* Look up MSGID in the DOMAINNAME message catalog for the current CATEGORY - locale. */ -char * -DCGETTEXT (domainname, msgid, category) - const char *domainname; - const char *msgid; - int category; -{ -#ifndef HAVE_ALLOCA - struct block_list *block_list = NULL; -#endif - struct loaded_l10nfile *domain; - struct binding *binding; - const char *categoryname; - const char *categoryvalue; - char *dirname, *xdomainname; - char *single_locale; - char *retval; - int saved_errno = errno; - - /* If no real MSGID is given return NULL. */ - if (msgid == NULL) - return NULL; - - /* See whether this is a SUID binary or not. */ - DETERMINE_SECURE; - - /* If DOMAINNAME is NULL, we are interested in the default domain. If - CATEGORY is not LC_MESSAGES this might not make much sense but the - definition left this undefined. */ - if (domainname == NULL) - domainname = _nl_current_default_domain; - - /* First find matching binding. */ - for (binding = _nl_domain_bindings; binding != NULL; binding = binding->next) - { - int compare = strcmp (domainname, binding->domainname); - if (compare == 0) - /* We found it! */ - break; - if (compare < 0) - { - /* It is not in the list. */ - binding = NULL; - break; - } - } - - if (binding == NULL) - dirname = (char *) _nl_default_dirname; - else if (binding->dirname[0] == '/') - dirname = binding->dirname; - else - { - /* We have a relative path. Make it absolute now. */ - size_t dirname_len = strlen (binding->dirname) + 1; - size_t path_max; - char *ret; - - path_max = (unsigned int) PATH_MAX; - path_max += 2; /* The getcwd docs say to do this. */ - - dirname = (char *) alloca (path_max + dirname_len); - ADD_BLOCK (block_list, dirname); - - __set_errno (0); - while ((ret = getcwd (dirname, path_max)) == NULL && errno == ERANGE) - { - path_max += PATH_INCR; - dirname = (char *) alloca (path_max + dirname_len); - ADD_BLOCK (block_list, dirname); - __set_errno (0); - } - - if (ret == NULL) - { - /* We cannot get the current working directory. Don't signal an - error but simply return the default string. */ - FREE_BLOCKS (block_list); - __set_errno (saved_errno); - return (char *) msgid; - } - - stpcpy (stpcpy (strchr (dirname, '\0'), "/"), binding->dirname); - } - - /* Now determine the symbolic name of CATEGORY and its value. */ - categoryname = category_to_name (category); - categoryvalue = guess_category_value (category, categoryname); - - xdomainname = (char *) alloca (strlen (categoryname) - + strlen (domainname) + 5); - ADD_BLOCK (block_list, xdomainname); - - stpcpy (stpcpy (stpcpy (stpcpy (xdomainname, categoryname), "/"), - domainname), - ".mo"); - - /* Creating working area. */ - single_locale = (char *) alloca (strlen (categoryvalue) + 1); - ADD_BLOCK (block_list, single_locale); - - - /* Search for the given string. This is a loop because we perhaps - got an ordered list of languages to consider for the translation. */ - while (1) - { - /* Make CATEGORYVALUE point to the next element of the list. */ - while (categoryvalue[0] != '\0' && categoryvalue[0] == ':') - ++categoryvalue; - if (categoryvalue[0] == '\0') - { - /* The whole contents of CATEGORYVALUE has been searched but - no valid entry has been found. We solve this situation - by implicitly appending a "C" entry, i.e. no translation - will take place. */ - single_locale[0] = 'C'; - single_locale[1] = '\0'; - } - else - { - char *cp = single_locale; - while (categoryvalue[0] != '\0' && categoryvalue[0] != ':') - *cp++ = *categoryvalue++; - *cp = '\0'; - - /* When this is a SUID binary we must not allow accessing files - outside the dedicated directories. */ - if (ENABLE_SECURE - && (memchr (single_locale, '/', - _nl_find_language (single_locale) - single_locale) - != NULL)) - /* Ingore this entry. */ - continue; - } - - /* If the current locale value is C (or POSIX) we don't load a - domain. Return the MSGID. */ - if (strcmp (single_locale, "C") == 0 - || strcmp (single_locale, "POSIX") == 0) - { - FREE_BLOCKS (block_list); - __set_errno (saved_errno); - return (char *) msgid; - } - - - /* Find structure describing the message catalog matching the - DOMAINNAME and CATEGORY. */ - domain = _nl_find_domain (dirname, single_locale, xdomainname); - - if (domain != NULL) - { - retval = find_msg (domain, msgid); - - if (retval == NULL) - { - int cnt; - - for (cnt = 0; domain->successor[cnt] != NULL; ++cnt) - { - retval = find_msg (domain->successor[cnt], msgid); - - if (retval != NULL) - break; - } - } - - if (retval != NULL) - { - FREE_BLOCKS (block_list); - __set_errno (saved_errno); - return retval; - } - } - } - /* NOTREACHED */ -} - -#ifdef _LIBC -/* Alias for function name in GNU C Library. */ -weak_alias (__dcgettext, dcgettext); -#endif - - -static char * -internal_function -find_msg (domain_file, msgid) - struct loaded_l10nfile *domain_file; - const char *msgid; -{ - size_t act = 0; - size_t top, bottom; - struct loaded_domain *domain; - - if (domain_file->decided == 0) - _nl_load_domain (domain_file); - - if (domain_file->data == NULL) - return NULL; - - domain = (struct loaded_domain *) domain_file->data; - - /* Locate the MSGID and its translation. */ - if (domain->hash_size > 2 && domain->hash_tab != NULL) - { - /* Use the hashing table. */ - nls_uint32 len = strlen (msgid); - nls_uint32 hash_val = hash_string (msgid); - nls_uint32 idx = hash_val % domain->hash_size; - nls_uint32 incr = 1 + (hash_val % (domain->hash_size - 2)); - nls_uint32 nstr = W (domain->must_swap, domain->hash_tab[idx]); - - if (nstr == 0) - /* Hash table entry is empty. */ - return NULL; - - if (W (domain->must_swap, domain->orig_tab[nstr - 1].length) == len - && strcmp (msgid, - domain->data + W (domain->must_swap, - domain->orig_tab[nstr - 1].offset)) == 0) - return (char *) domain->data + W (domain->must_swap, - domain->trans_tab[nstr - 1].offset); - - while (1) - { - if (idx >= domain->hash_size - incr) - idx -= domain->hash_size - incr; - else - idx += incr; - - nstr = W (domain->must_swap, domain->hash_tab[idx]); - if (nstr == 0) - /* Hash table entry is empty. */ - return NULL; - - if (W (domain->must_swap, domain->orig_tab[nstr - 1].length) == len - && strcmp (msgid, - domain->data + W (domain->must_swap, - domain->orig_tab[nstr - 1].offset)) - == 0) - return (char *) domain->data - + W (domain->must_swap, domain->trans_tab[nstr - 1].offset); - } - /* NOTREACHED */ - } - - /* Now we try the default method: binary search in the sorted - array of messages. */ - bottom = 0; - top = domain->nstrings; - while (bottom < top) - { - int cmp_val; - - act = (bottom + top) / 2; - cmp_val = strcmp (msgid, domain->data - + W (domain->must_swap, - domain->orig_tab[act].offset)); - if (cmp_val < 0) - top = act; - else if (cmp_val > 0) - bottom = act + 1; - else - break; - } - - /* If an translation is found return this. */ - return bottom >= top ? NULL : (char *) domain->data - + W (domain->must_swap, - domain->trans_tab[act].offset); -} - - -/* Return string representation of locale CATEGORY. */ -static const char * -internal_function -category_to_name (category) - int category; -{ - const char *retval; - - switch (category) - { -#ifdef LC_COLLATE - case LC_COLLATE: - retval = "LC_COLLATE"; - break; -#endif -#ifdef LC_CTYPE - case LC_CTYPE: - retval = "LC_CTYPE"; - break; -#endif -#ifdef LC_MONETARY - case LC_MONETARY: - retval = "LC_MONETARY"; - break; -#endif -#ifdef LC_NUMERIC - case LC_NUMERIC: - retval = "LC_NUMERIC"; - break; -#endif -#ifdef LC_TIME - case LC_TIME: - retval = "LC_TIME"; - break; -#endif -#ifdef LC_MESSAGES - case LC_MESSAGES: - retval = "LC_MESSAGES"; - break; -#endif -#ifdef LC_RESPONSE - case LC_RESPONSE: - retval = "LC_RESPONSE"; - break; -#endif -#ifdef LC_ALL - case LC_ALL: - /* This might not make sense but is perhaps better than any other - value. */ - retval = "LC_ALL"; - break; -#endif - default: - /* If you have a better idea for a default value let me know. */ - retval = "LC_XXX"; - } - - return retval; -} - -/* Guess value of current locale from value of the environment variables. */ -static const char * -internal_function -guess_category_value (category, categoryname) - int category; - const char *categoryname; -{ - const char *retval; - - /* The highest priority value is the `LANGUAGE' environment - variable. This is a GNU extension. */ - retval = getenv ("LANGUAGE"); - if (retval != NULL && retval[0] != '\0') - return retval; - - /* `LANGUAGE' is not set. So we have to proceed with the POSIX - methods of looking to `LC_ALL', `LC_xxx', and `LANG'. On some - systems this can be done by the `setlocale' function itself. */ -#if defined HAVE_SETLOCALE && defined HAVE_LC_MESSAGES && defined HAVE_LOCALE_NULL - return setlocale (category, NULL); -#else - /* Setting of LC_ALL overwrites all other. */ - retval = getenv ("LC_ALL"); - if (retval != NULL && retval[0] != '\0') - return retval; - - /* Next comes the name of the desired category. */ - retval = getenv (categoryname); - if (retval != NULL && retval[0] != '\0') - return retval; - - /* Last possibility is the LANG environment variable. */ - retval = getenv ("LANG"); - if (retval != NULL && retval[0] != '\0') - return retval; - - /* We use C as the default domain. POSIX says this is implementation - defined. */ - return "C"; -#endif -} - -/* @@ begin of epilog @@ */ - -/* We don't want libintl.a to depend on any other library. So we - avoid the non-standard function stpcpy. In GNU C Library this - function is available, though. Also allow the symbol HAVE_STPCPY - to be defined. */ -#if !_LIBC && !HAVE_STPCPY -static char * -stpcpy (dest, src) - char *dest; - const char *src; -{ - while ((*dest++ = *src++) != '\0') - /* Do nothing. */ ; - return dest - 1; -} -#endif - - -#ifdef _LIBC -/* If we want to free all resources we have to do some work at - program's end. */ -static void __attribute__ ((unused)) -free_mem (void) -{ - struct binding *runp; - - for (runp = _nl_domain_bindings; runp != NULL; runp = runp->next) - { - free (runp->domainname); - if (runp->dirname != _nl_default_dirname) - /* Yes, this is a pointer comparison. */ - free (runp->dirname); - } - - if (_nl_current_default_domain != _nl_default_default_domain) - /* Yes, again a pointer comparison. */ - free ((char *) _nl_current_default_domain); -} - -text_set_element (__libc_subfreeres, free_mem); -#endif diff --git a/intl/dgettext.c b/intl/dgettext.c deleted file mode 100644 index 0510c2b0..00000000 --- a/intl/dgettext.c +++ /dev/null @@ -1,59 +0,0 @@ -/* Implementation of the dgettext(3) function - Copyright (C) 1995, 1996, 1997 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#if defined HAVE_LOCALE_H || defined _LIBC -# include -#endif - -#ifdef _LIBC -# include -#else -# include "libgettext.h" -#endif - -/* @@ end of prolog @@ */ - -/* Names for the libintl functions are a problem. They must not clash - with existing names and they should follow ANSI C. But this source - code is also used in GNU C Library where the names have a __ - prefix. So we have to make a difference here. */ -#ifdef _LIBC -# define DGETTEXT __dgettext -# define DCGETTEXT __dcgettext -#else -# define DGETTEXT dgettext__ -# define DCGETTEXT dcgettext__ -#endif - -/* Look up MSGID in the DOMAINNAME message catalog of the current - LC_MESSAGES locale. */ -char * -DGETTEXT (domainname, msgid) - const char *domainname; - const char *msgid; -{ - return DCGETTEXT (domainname, msgid, LC_MESSAGES); -} - -#ifdef _LIBC -/* Alias for function name in GNU C Library. */ -weak_alias (__dgettext, dgettext); -#endif diff --git a/intl/explodename.c b/intl/explodename.c deleted file mode 100644 index 80a3111c..00000000 --- a/intl/explodename.c +++ /dev/null @@ -1,197 +0,0 @@ -/* Copyright (C) 1995, 1996, 1997, 1998 Free Software Foundation, Inc. - Contributed by Ulrich Drepper , 1995. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#if defined STDC_HEADERS || defined _LIBC -# include -#endif - -#if defined HAVE_STRING_H || defined _LIBC -# include -#else -# include -#endif -#include - -#include "loadinfo.h" - -/* On some strange systems still no definition of NULL is found. Sigh! */ -#ifndef NULL -# if defined __STDC__ && __STDC__ -# define NULL ((void *) 0) -# else -# define NULL 0 -# endif -#endif - -/* @@ end of prolog @@ */ - -char * -_nl_find_language (const char *name) -{ - while (name[0] != '\0' && name[0] != '_' && name[0] != '@' - && name[0] != '+' && name[0] != ',') - ++name; - - return (char *) name; -} - - -int -_nl_explode_name (name, language, modifier, territory, codeset, - normalized_codeset, special, sponsor, revision) - char *name; - const char **language; - const char **modifier; - const char **territory; - const char **codeset; - const char **normalized_codeset; - const char **special; - const char **sponsor; - const char **revision; -{ - enum { undecided, xpg, cen } syntax; - char *cp; - int mask; - - *modifier = NULL; - *territory = NULL; - *codeset = NULL; - *normalized_codeset = NULL; - *special = NULL; - *sponsor = NULL; - *revision = NULL; - - /* Now we determine the single parts of the locale name. First - look for the language. Termination symbols are `_' and `@' if - we use XPG4 style, and `_', `+', and `,' if we use CEN syntax. */ - mask = 0; - syntax = undecided; - *language = cp = name; - cp = _nl_find_language (*language); - - if (*language == cp) - /* This does not make sense: language has to be specified. Use - this entry as it is without exploding. Perhaps it is an alias. */ - cp = strchr (*language, '\0'); - else if (cp[0] == '_') - { - /* Next is the territory. */ - cp[0] = '\0'; - *territory = ++cp; - - while (cp[0] != '\0' && cp[0] != '.' && cp[0] != '@' - && cp[0] != '+' && cp[0] != ',' && cp[0] != '_') - ++cp; - - mask |= TERRITORY; - - if (cp[0] == '.') - { - /* Next is the codeset. */ - syntax = xpg; - cp[0] = '\0'; - *codeset = ++cp; - - while (cp[0] != '\0' && cp[0] != '@') - ++cp; - - mask |= XPG_CODESET; - - if (*codeset != cp && (*codeset)[0] != '\0') - { - *normalized_codeset = _nl_normalize_codeset (*codeset, - cp - *codeset); - if (strcmp (*codeset, *normalized_codeset) == 0) - free ((char *) *normalized_codeset); - else - mask |= XPG_NORM_CODESET; - } - } - } - - if (cp[0] == '@' || (syntax != xpg && cp[0] == '+')) - { - /* Next is the modifier. */ - syntax = cp[0] == '@' ? xpg : cen; - cp[0] = '\0'; - *modifier = ++cp; - - while (syntax == cen && cp[0] != '\0' && cp[0] != '+' - && cp[0] != ',' && cp[0] != '_') - ++cp; - - mask |= XPG_MODIFIER | CEN_AUDIENCE; - } - - if (syntax != xpg && (cp[0] == '+' || cp[0] == ',' || cp[0] == '_')) - { - syntax = cen; - - if (cp[0] == '+') - { - /* Next is special application (CEN syntax). */ - cp[0] = '\0'; - *special = ++cp; - - while (cp[0] != '\0' && cp[0] != ',' && cp[0] != '_') - ++cp; - - mask |= CEN_SPECIAL; - } - - if (cp[0] == ',') - { - /* Next is sponsor (CEN syntax). */ - cp[0] = '\0'; - *sponsor = ++cp; - - while (cp[0] != '\0' && cp[0] != '_') - ++cp; - - mask |= CEN_SPONSOR; - } - - if (cp[0] == '_') - { - /* Next is revision (CEN syntax). */ - cp[0] = '\0'; - *revision = ++cp; - - mask |= CEN_REVISION; - } - } - - /* For CEN syntax values it might be important to have the - separator character in the file name, not for XPG syntax. */ - if (syntax == xpg) - { - if (*territory != NULL && (*territory)[0] == '\0') - mask &= ~TERRITORY; - - if (*codeset != NULL && (*codeset)[0] == '\0') - mask &= ~XPG_CODESET; - - if (*modifier != NULL && (*modifier)[0] == '\0') - mask &= ~XPG_MODIFIER; - } - - return mask; -} diff --git a/intl/finddomain.c b/intl/finddomain.c deleted file mode 100644 index 81ea29bf..00000000 --- a/intl/finddomain.c +++ /dev/null @@ -1,216 +0,0 @@ -/* Handle list of needed message catalogs - Copyright (C) 1995, 1996, 1997, 1998 Free Software Foundation, Inc. - Written by Ulrich Drepper , 1995. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include -#include -#include -#include - -#if defined STDC_HEADERS || defined _LIBC -# include -#else -# ifdef HAVE_MALLOC_H -# include -# else -void free (); -# endif -#endif - -#if defined HAVE_STRING_H || defined _LIBC -# include -#else -# include -# ifndef memcpy -# define memcpy(Dst, Src, Num) bcopy (Src, Dst, Num) -# endif -#endif -#if !HAVE_STRCHR && !defined _LIBC -# ifndef strchr -# define strchr index -# endif -#endif - -#if defined HAVE_UNISTD_H || defined _LIBC -# include -#endif - -#include "gettext.h" -#include "gettextP.h" -#ifdef _LIBC -# include -#else -# include "libgettext.h" -#endif - -/* @@ end of prolog @@ */ -/* List of already loaded domains. */ -static struct loaded_l10nfile *_nl_loaded_domains; - - -/* Return a data structure describing the message catalog described by - the DOMAINNAME and CATEGORY parameters with respect to the currently - established bindings. */ -struct loaded_l10nfile * -internal_function -_nl_find_domain (dirname, locale, domainname) - const char *dirname; - char *locale; - const char *domainname; -{ - struct loaded_l10nfile *retval; - const char *language; - const char *modifier; - const char *territory; - const char *codeset; - const char *normalized_codeset; - const char *special; - const char *sponsor; - const char *revision; - const char *alias_value; - int mask; - - /* LOCALE can consist of up to four recognized parts for the XPG syntax: - - language[_territory[.codeset]][@modifier] - - and six parts for the CEN syntax: - - language[_territory][+audience][+special][,[sponsor][_revision]] - - Beside the first part all of them are allowed to be missing. If - the full specified locale is not found, the less specific one are - looked for. The various parts will be stripped off according to - the following order: - (1) revision - (2) sponsor - (3) special - (4) codeset - (5) normalized codeset - (6) territory - (7) audience/modifier - */ - - /* If we have already tested for this locale entry there has to - be one data set in the list of loaded domains. */ - retval = _nl_make_l10nflist (&_nl_loaded_domains, dirname, - strlen (dirname) + 1, 0, locale, NULL, NULL, - NULL, NULL, NULL, NULL, NULL, domainname, 0); - if (retval != NULL) - { - /* We know something about this locale. */ - int cnt; - - if (retval->decided == 0) - _nl_load_domain (retval); - - if (retval->data != NULL) - return retval; - - for (cnt = 0; retval->successor[cnt] != NULL; ++cnt) - { - if (retval->successor[cnt]->decided == 0) - _nl_load_domain (retval->successor[cnt]); - - if (retval->successor[cnt]->data != NULL) - break; - } - return cnt >= 0 ? retval : NULL; - /* NOTREACHED */ - } - - /* See whether the locale value is an alias. If yes its value - *overwrites* the alias name. No test for the original value is - done. */ - alias_value = _nl_expand_alias (locale); - if (alias_value != NULL) - { -#if defined _LIBC || defined HAVE_STRDUP - locale = strdup (alias_value); - if (locale == NULL) - return NULL; -#else - size_t len = strlen (alias_value) + 1; - locale = (char *) malloc (len); - if (locale == NULL) - return NULL; - - memcpy (locale, alias_value, len); -#endif - } - - /* Now we determine the single parts of the locale name. First - look for the language. Termination symbols are `_' and `@' if - we use XPG4 style, and `_', `+', and `,' if we use CEN syntax. */ - mask = _nl_explode_name (locale, &language, &modifier, &territory, - &codeset, &normalized_codeset, &special, - &sponsor, &revision); - - /* Create all possible locale entries which might be interested in - generalization. */ - retval = _nl_make_l10nflist (&_nl_loaded_domains, dirname, - strlen (dirname) + 1, mask, language, territory, - codeset, normalized_codeset, modifier, special, - sponsor, revision, domainname, 1); - if (retval == NULL) - /* This means we are out of core. */ - return NULL; - - if (retval->decided == 0) - _nl_load_domain (retval); - if (retval->data == NULL) - { - int cnt; - for (cnt = 0; retval->successor[cnt] != NULL; ++cnt) - { - if (retval->successor[cnt]->decided == 0) - _nl_load_domain (retval->successor[cnt]); - if (retval->successor[cnt]->data != NULL) - break; - } - } - - /* The room for an alias was dynamically allocated. Free it now. */ - if (alias_value != NULL) - free (locale); - - return retval; -} - - -#ifdef _LIBC -static void __attribute__ ((unused)) -free_mem (void) -{ - struct loaded_l10nfile *runp = _nl_loaded_domains; - - while (runp != NULL) - { - struct loaded_l10nfile *here = runp; - if (runp->data != NULL) - _nl_unload_domain ((struct loaded_domain *) runp->data); - runp = runp->next; - free (here); - } -} - -text_set_element (__libc_subfreeres, free_mem); -#endif diff --git a/intl/gettext.c b/intl/gettext.c deleted file mode 100644 index d929f98d..00000000 --- a/intl/gettext.c +++ /dev/null @@ -1,70 +0,0 @@ -/* Implementation of gettext(3) function. - Copyright (C) 1995, 1997 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#ifdef _LIBC -# define __need_NULL -# include -#else -# ifdef STDC_HEADERS -# include /* Just for NULL. */ -# else -# ifdef HAVE_STRING_H -# include -# else -# define NULL ((void *) 0) -# endif -# endif -#endif - -#ifdef _LIBC -# include -#else -# include "libgettext.h" -#endif - -/* @@ end of prolog @@ */ - -/* Names for the libintl functions are a problem. They must not clash - with existing names and they should follow ANSI C. But this source - code is also used in GNU C Library where the names have a __ - prefix. So we have to make a difference here. */ -#ifdef _LIBC -# define GETTEXT __gettext -# define DGETTEXT __dgettext -#else -# define GETTEXT gettext__ -# define DGETTEXT dgettext__ -#endif - -/* Look up MSGID in the current default message catalog for the current - LC_MESSAGES locale. If not found, returns MSGID itself (the default - text). */ -char * -GETTEXT (msgid) - const char *msgid; -{ - return DGETTEXT (NULL, msgid); -} - -#ifdef _LIBC -/* Alias for function name in GNU C Library. */ -weak_alias (__gettext, gettext); -#endif diff --git a/intl/gettext.h b/intl/gettext.h deleted file mode 100644 index 3cd23d7d..00000000 --- a/intl/gettext.h +++ /dev/null @@ -1,105 +0,0 @@ -/* Internal header for GNU gettext internationalization functions. - Copyright (C) 1995, 1997 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with the GNU C Library; see the file COPYING.LIB. If not, - write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. */ - -#ifndef _GETTEXT_H -#define _GETTEXT_H 1 - -#include - -#if HAVE_LIMITS_H || _LIBC -# include -#endif - -/* @@ end of prolog @@ */ - -/* The magic number of the GNU message catalog format. */ -#define _MAGIC 0x950412de -#define _MAGIC_SWAPPED 0xde120495 - -/* Revision number of the currently used .mo (binary) file format. */ -#define MO_REVISION_NUMBER 0 - -/* The following contortions are an attempt to use the C preprocessor - to determine an unsigned integral type that is 32 bits wide. An - alternative approach is to use autoconf's AC_CHECK_SIZEOF macro, but - doing that would require that the configure script compile and *run* - the resulting executable. Locally running cross-compiled executables - is usually not possible. */ - -#if __STDC__ -# define UINT_MAX_32_BITS 4294967295U -#else -# define UINT_MAX_32_BITS 0xFFFFFFFF -#endif - -/* If UINT_MAX isn't defined, assume it's a 32-bit type. - This should be valid for all systems GNU cares about because - that doesn't include 16-bit systems, and only modern systems - (that certainly have ) have 64+-bit integral types. */ - -#ifndef UINT_MAX -# define UINT_MAX UINT_MAX_32_BITS -#endif - -#if UINT_MAX == UINT_MAX_32_BITS -typedef unsigned nls_uint32; -#else -# if USHRT_MAX == UINT_MAX_32_BITS -typedef unsigned short nls_uint32; -# else -# if ULONG_MAX == UINT_MAX_32_BITS -typedef unsigned long nls_uint32; -# else - /* The following line is intended to throw an error. Using #error is - not portable enough. */ - "Cannot determine unsigned 32-bit data type." -# endif -# endif -#endif - - -/* Header for binary .mo file format. */ -struct mo_file_header -{ - /* The magic number. */ - nls_uint32 magic; - /* The revision number of the file format. */ - nls_uint32 revision; - /* The number of strings pairs. */ - nls_uint32 nstrings; - /* Offset of table with start offsets of original strings. */ - nls_uint32 orig_tab_offset; - /* Offset of table with start offsets of translation strings. */ - nls_uint32 trans_tab_offset; - /* Size of hashing table. */ - nls_uint32 hash_tab_size; - /* Offset of first hashing entry. */ - nls_uint32 hash_tab_offset; -}; - -struct string_desc -{ - /* Length of addressed string. */ - nls_uint32 length; - /* Offset of string in file. */ - nls_uint32 offset; -}; - -/* @@ begin of epilog @@ */ - -#endif /* gettext.h */ diff --git a/intl/gettextP.h b/intl/gettextP.h deleted file mode 100644 index 00c52031..00000000 --- a/intl/gettextP.h +++ /dev/null @@ -1,89 +0,0 @@ -/* Header describing internals of gettext library - Copyright (C) 1995, 1996, 1997, 1998 Free Software Foundation, Inc. - Written by Ulrich Drepper , 1995. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -#ifndef _GETTEXTP_H -#define _GETTEXTP_H - -#include "loadinfo.h" - -/* @@ end of prolog @@ */ - -#ifndef PARAMS -# if __STDC__ -# define PARAMS(args) args -# else -# define PARAMS(args) () -# endif -#endif - -#ifndef internal_function -# define internal_function -#endif - -#ifndef W -# define W(flag, data) ((flag) ? SWAP (data) : (data)) -#endif - - -#ifdef _LIBC -# include -# define SWAP(i) bswap_32 (i) -#else -static nls_uint32 SWAP PARAMS ((nls_uint32 i)); - -static inline nls_uint32 -SWAP (i) - nls_uint32 i; -{ - return (i << 24) | ((i & 0xff00) << 8) | ((i >> 8) & 0xff00) | (i >> 24); -} -#endif - - -struct loaded_domain -{ - const char *data; - int use_mmap; - size_t mmap_size; - int must_swap; - nls_uint32 nstrings; - struct string_desc *orig_tab; - struct string_desc *trans_tab; - nls_uint32 hash_size; - nls_uint32 *hash_tab; -}; - -struct binding -{ - struct binding *next; - char *domainname; - char *dirname; -}; - -struct loaded_l10nfile *_nl_find_domain PARAMS ((const char *__dirname, - char *__locale, - const char *__domainname)) - internal_function; -void _nl_load_domain PARAMS ((struct loaded_l10nfile *__domain)) - internal_function; -void _nl_unload_domain PARAMS ((struct loaded_domain *__domain)) - internal_function; - -/* @@ begin of epilog @@ */ - -#endif /* gettextP.h */ diff --git a/intl/hash-string.h b/intl/hash-string.h deleted file mode 100644 index 939e9582..00000000 --- a/intl/hash-string.h +++ /dev/null @@ -1,59 +0,0 @@ -/* Implements a string hashing function. - Copyright (C) 1995, 1997 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with the GNU C Library; see the file COPYING.LIB. If not, - write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. */ - -/* @@ end of prolog @@ */ - -#ifndef PARAMS -# if __STDC__ -# define PARAMS(Args) Args -# else -# define PARAMS(Args) () -# endif -#endif - -/* We assume to have `unsigned long int' value with at least 32 bits. */ -#define HASHWORDBITS 32 - - -/* Defines the so called `hashpjw' function by P.J. Weinberger - [see Aho/Sethi/Ullman, COMPILERS: Principles, Techniques and Tools, - 1986, 1987 Bell Telephone Laboratories, Inc.] */ -static unsigned long int hash_string PARAMS ((const char *__str_param)); - -static inline unsigned long int -hash_string (str_param) - const char *str_param; -{ - unsigned long int hval, g; - const char *str = str_param; - - /* Compute the hash value for the given string. */ - hval = 0; - while (*str != '\0') - { - hval <<= 4; - hval += (unsigned long int) *str++; - g = hval & ((unsigned long int) 0xf << (HASHWORDBITS - 4)); - if (g != 0) - { - hval ^= g >> (HASHWORDBITS - 8); - hval ^= g; - } - } - return hval; -} diff --git a/intl/intl-compat.c b/intl/intl-compat.c deleted file mode 100644 index 503efa0f..00000000 --- a/intl/intl-compat.c +++ /dev/null @@ -1,76 +0,0 @@ -/* intl-compat.c - Stub functions to call gettext functions from GNU gettext - Library. - Copyright (C) 1995 Software Foundation, Inc. - -This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -This program is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with this program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include "libgettext.h" - -/* @@ end of prolog @@ */ - - -#undef gettext -#undef dgettext -#undef dcgettext -#undef textdomain -#undef bindtextdomain - - -char * -bindtextdomain (domainname, dirname) - const char *domainname; - const char *dirname; -{ - return bindtextdomain__ (domainname, dirname); -} - - -char * -dcgettext (domainname, msgid, category) - const char *domainname; - const char *msgid; - int category; -{ - return dcgettext__ (domainname, msgid, category); -} - - -char * -dgettext (domainname, msgid) - const char *domainname; - const char *msgid; -{ - return dgettext__ (domainname, msgid); -} - - -char * -gettext (msgid) - const char *msgid; -{ - return gettext__ (msgid); -} - - -char * -textdomain (domainname) - const char *domainname; -{ - return textdomain__ (domainname); -} diff --git a/intl/l10nflist.c b/intl/l10nflist.c deleted file mode 100644 index 30f5f645..00000000 --- a/intl/l10nflist.c +++ /dev/null @@ -1,411 +0,0 @@ -/* Handle list of needed message catalogs - Copyright (C) 1995, 1996, 1997 Free Software Foundation, Inc. - Contributed by Ulrich Drepper , 1995. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -# include -#endif - - -#if defined HAVE_STRING_H || defined _LIBC -# ifndef _GNU_SOURCE -# define _GNU_SOURCE 1 -# endif -# include -#else -# include -# ifndef memcpy -# define memcpy(Dst, Src, Num) bcopy (Src, Dst, Num) -# endif -#endif -#if !HAVE_STRCHR && !defined _LIBC -# ifndef strchr -# define strchr index -# endif -#endif - -#if defined _LIBC || defined HAVE_ARGZ_H -# include -#endif -#include -#include - -#if defined STDC_HEADERS || defined _LIBC -# include -#endif - -#include "loadinfo.h" - -/* On some strange systems still no definition of NULL is found. Sigh! */ -#ifndef NULL -# if defined __STDC__ && __STDC__ -# define NULL ((void *) 0) -# else -# define NULL 0 -# endif -#endif - -/* @@ end of prolog @@ */ - -#ifdef _LIBC -/* Rename the non ANSI C functions. This is required by the standard - because some ANSI C functions will require linking with this object - file and the name space must not be polluted. */ -# ifndef stpcpy -# define stpcpy(dest, src) __stpcpy(dest, src) -# endif -#else -# ifndef HAVE_STPCPY -static char *stpcpy PARAMS ((char *dest, const char *src)); -# endif -#endif - -/* Define function which are usually not available. */ - -#if !defined _LIBC && !defined HAVE___ARGZ_COUNT -/* Returns the number of strings in ARGZ. */ -static size_t argz_count__ PARAMS ((const char *argz, size_t len)); - -static size_t -argz_count__ (argz, len) - const char *argz; - size_t len; -{ - size_t count = 0; - while (len > 0) - { - size_t part_len = strlen (argz); - argz += part_len + 1; - len -= part_len + 1; - count++; - } - return count; -} -# undef __argz_count -# define __argz_count(argz, len) argz_count__ (argz, len) -#endif /* !_LIBC && !HAVE___ARGZ_COUNT */ - -#if !defined _LIBC && !defined HAVE___ARGZ_STRINGIFY -/* Make '\0' separated arg vector ARGZ printable by converting all the '\0's - except the last into the character SEP. */ -static void argz_stringify__ PARAMS ((char *argz, size_t len, int sep)); - -static void -argz_stringify__ (argz, len, sep) - char *argz; - size_t len; - int sep; -{ - while (len > 0) - { - size_t part_len = strlen (argz); - argz += part_len; - len -= part_len + 1; - if (len > 0) - *argz++ = sep; - } -} -# undef __argz_stringify -# define __argz_stringify(argz, len, sep) argz_stringify__ (argz, len, sep) -#endif /* !_LIBC && !HAVE___ARGZ_STRINGIFY */ - -#if !defined _LIBC && !defined HAVE___ARGZ_NEXT -static char *argz_next__ PARAMS ((char *argz, size_t argz_len, - const char *entry)); - -static char * -argz_next__ (argz, argz_len, entry) - char *argz; - size_t argz_len; - const char *entry; -{ - if (entry) - { - if (entry < argz + argz_len) - entry = strchr (entry, '\0') + 1; - - return entry >= argz + argz_len ? NULL : (char *) entry; - } - else - if (argz_len > 0) - return argz; - else - return 0; -} -# undef __argz_next -# define __argz_next(argz, len, entry) argz_next__ (argz, len, entry) -#endif /* !_LIBC && !HAVE___ARGZ_NEXT */ - - -/* Return number of bits set in X. */ -static int pop PARAMS ((int x)); - -static inline int -pop (x) - int x; -{ - /* We assume that no more than 16 bits are used. */ - x = ((x & ~0x5555) >> 1) + (x & 0x5555); - x = ((x & ~0x3333) >> 2) + (x & 0x3333); - x = ((x >> 4) + x) & 0x0f0f; - x = ((x >> 8) + x) & 0xff; - - return x; -} - - -struct loaded_l10nfile * -_nl_make_l10nflist (l10nfile_list, dirlist, dirlist_len, mask, language, - territory, codeset, normalized_codeset, modifier, special, - sponsor, revision, filename, do_allocate) - struct loaded_l10nfile **l10nfile_list; - const char *dirlist; - size_t dirlist_len; - int mask; - const char *language; - const char *territory; - const char *codeset; - const char *normalized_codeset; - const char *modifier; - const char *special; - const char *sponsor; - const char *revision; - const char *filename; - int do_allocate; -{ - char *abs_filename; - struct loaded_l10nfile *last = NULL; - struct loaded_l10nfile *retval; - char *cp; - size_t entries; - int cnt; - - /* Allocate room for the full file name. */ - abs_filename = (char *) malloc (dirlist_len - + strlen (language) - + ((mask & TERRITORY) != 0 - ? strlen (territory) + 1 : 0) - + ((mask & XPG_CODESET) != 0 - ? strlen (codeset) + 1 : 0) - + ((mask & XPG_NORM_CODESET) != 0 - ? strlen (normalized_codeset) + 1 : 0) - + (((mask & XPG_MODIFIER) != 0 - || (mask & CEN_AUDIENCE) != 0) - ? strlen (modifier) + 1 : 0) - + ((mask & CEN_SPECIAL) != 0 - ? strlen (special) + 1 : 0) - + (((mask & CEN_SPONSOR) != 0 - || (mask & CEN_REVISION) != 0) - ? (1 + ((mask & CEN_SPONSOR) != 0 - ? strlen (sponsor) + 1 : 0) - + ((mask & CEN_REVISION) != 0 - ? strlen (revision) + 1 : 0)) : 0) - + 1 + strlen (filename) + 1); - - if (abs_filename == NULL) - return NULL; - - retval = NULL; - last = NULL; - - /* Construct file name. */ - memcpy (abs_filename, dirlist, dirlist_len); - __argz_stringify (abs_filename, dirlist_len, ':'); - cp = abs_filename + (dirlist_len - 1); - *cp++ = '/'; - cp = stpcpy (cp, language); - - if ((mask & TERRITORY) != 0) - { - *cp++ = '_'; - cp = stpcpy (cp, territory); - } - if ((mask & XPG_CODESET) != 0) - { - *cp++ = '.'; - cp = stpcpy (cp, codeset); - } - if ((mask & XPG_NORM_CODESET) != 0) - { - *cp++ = '.'; - cp = stpcpy (cp, normalized_codeset); - } - if ((mask & (XPG_MODIFIER | CEN_AUDIENCE)) != 0) - { - /* This component can be part of both syntaces but has different - leading characters. For CEN we use `+', else `@'. */ - *cp++ = (mask & CEN_AUDIENCE) != 0 ? '+' : '@'; - cp = stpcpy (cp, modifier); - } - if ((mask & CEN_SPECIAL) != 0) - { - *cp++ = '+'; - cp = stpcpy (cp, special); - } - if ((mask & (CEN_SPONSOR | CEN_REVISION)) != 0) - { - *cp++ = ','; - if ((mask & CEN_SPONSOR) != 0) - cp = stpcpy (cp, sponsor); - if ((mask & CEN_REVISION) != 0) - { - *cp++ = '_'; - cp = stpcpy (cp, revision); - } - } - - *cp++ = '/'; - stpcpy (cp, filename); - - /* Look in list of already loaded domains whether it is already - available. */ - last = NULL; - for (retval = *l10nfile_list; retval != NULL; retval = retval->next) - if (retval->filename != NULL) - { - int compare = strcmp (retval->filename, abs_filename); - if (compare == 0) - /* We found it! */ - break; - if (compare < 0) - { - /* It's not in the list. */ - retval = NULL; - break; - } - - last = retval; - } - - if (retval != NULL || do_allocate == 0) - { - free (abs_filename); - return retval; - } - - retval = (struct loaded_l10nfile *) - malloc (sizeof (*retval) + (__argz_count (dirlist, dirlist_len) - * (1 << pop (mask)) - * sizeof (struct loaded_l10nfile *))); - if (retval == NULL) - return NULL; - - retval->filename = abs_filename; - retval->decided = (__argz_count (dirlist, dirlist_len) != 1 - || ((mask & XPG_CODESET) != 0 - && (mask & XPG_NORM_CODESET) != 0)); - retval->data = NULL; - - if (last == NULL) - { - retval->next = *l10nfile_list; - *l10nfile_list = retval; - } - else - { - retval->next = last->next; - last->next = retval; - } - - entries = 0; - /* If the DIRLIST is a real list the RETVAL entry corresponds not to - a real file. So we have to use the DIRLIST separation mechanism - of the inner loop. */ - cnt = __argz_count (dirlist, dirlist_len) == 1 ? mask - 1 : mask; - for (; cnt >= 0; --cnt) - if ((cnt & ~mask) == 0 - && ((cnt & CEN_SPECIFIC) == 0 || (cnt & XPG_SPECIFIC) == 0) - && ((cnt & XPG_CODESET) == 0 || (cnt & XPG_NORM_CODESET) == 0)) - { - /* Iterate over all elements of the DIRLIST. */ - char *dir = NULL; - - while ((dir = __argz_next ((char *) dirlist, dirlist_len, dir)) - != NULL) - retval->successor[entries++] - = _nl_make_l10nflist (l10nfile_list, dir, strlen (dir) + 1, cnt, - language, territory, codeset, - normalized_codeset, modifier, special, - sponsor, revision, filename, 1); - } - retval->successor[entries] = NULL; - - return retval; -} - -/* Normalize codeset name. There is no standard for the codeset - names. Normalization allows the user to use any of the common - names. */ -const char * -_nl_normalize_codeset (codeset, name_len) - const char *codeset; - size_t name_len; -{ - int len = 0; - int only_digit = 1; - char *retval; - char *wp; - size_t cnt; - - for (cnt = 0; cnt < name_len; ++cnt) - if (isalnum (codeset[cnt])) - { - ++len; - - if (isalpha (codeset[cnt])) - only_digit = 0; - } - - retval = (char *) malloc ((only_digit ? 3 : 0) + len + 1); - - if (retval != NULL) - { - if (only_digit) - wp = stpcpy (retval, "iso"); - else - wp = retval; - - for (cnt = 0; cnt < name_len; ++cnt) - if (isalpha (codeset[cnt])) - *wp++ = tolower (codeset[cnt]); - else if (isdigit (codeset[cnt])) - *wp++ = codeset[cnt]; - - *wp = '\0'; - } - - return (const char *) retval; -} - - -/* @@ begin of epilog @@ */ - -/* We don't want libintl.a to depend on any other library. So we - avoid the non-standard function stpcpy. In GNU C Library this - function is available, though. Also allow the symbol HAVE_STPCPY - to be defined. */ -#if !_LIBC && !HAVE_STPCPY -static char * -stpcpy (dest, src) - char *dest; - const char *src; -{ - while ((*dest++ = *src++) != '\0') - /* Do nothing. */ ; - return dest - 1; -} -#endif diff --git a/intl/libgettext.h b/intl/libgettext.h deleted file mode 100644 index 3a92960a..00000000 --- a/intl/libgettext.h +++ /dev/null @@ -1,182 +0,0 @@ -/* Message catalogs for internationalization. - Copyright (C) 1995, 1996, 1997, 1998 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -/* Because on some systems (e.g. Solaris) we sometimes have to include - the systems libintl.h as well as this file we have more complex - include protection above. But the systems header might perhaps also - define _LIBINTL_H and therefore we have to protect the definition here. */ - -#if !defined _LIBINTL_H || !defined _LIBGETTEXT_H -#ifndef _LIBINTL_H -# define _LIBINTL_H 1 -#endif -#define _LIBGETTEXT_H 1 - -/* We define an additional symbol to signal that we use the GNU - implementation of gettext. */ -#define __USE_GNU_GETTEXT 1 - -#include - -#if HAVE_LOCALE_H -# include -#endif - - -#ifdef __cplusplus -extern "C" { -#endif - -/* @@ end of prolog @@ */ - -#ifndef PARAMS -# if __STDC__ || defined __cplusplus -# define PARAMS(args) args -# else -# define PARAMS(args) () -# endif -#endif - -#ifndef NULL -# if !defined __cplusplus || defined __GNUC__ -# define NULL ((void *) 0) -# else -# define NULL (0) -# endif -#endif - -#if !HAVE_LC_MESSAGES -/* This value determines the behaviour of the gettext() and dgettext() - function. But some system does not have this defined. Define it - to a default value. */ -# define LC_MESSAGES (-1) -#endif - - -/* Declarations for gettext-using-catgets interface. Derived from - Jim Meyering's libintl.h. */ -struct _msg_ent -{ - const char *_msg; - int _msg_number; -}; - - -#if HAVE_CATGETS -/* These two variables are defined in the automatically by po-to-tbl.sed - generated file `cat-id-tbl.c'. */ -extern const struct _msg_ent _msg_tbl[]; -extern int _msg_tbl_length; -#endif - - -/* For automatical extraction of messages sometimes no real - translation is needed. Instead the string itself is the result. */ -#define gettext_noop(Str) (Str) - -/* Look up MSGID in the current default message catalog for the current - LC_MESSAGES locale. If not found, returns MSGID itself (the default - text). */ -extern char *gettext PARAMS ((const char *__msgid)); -extern char *gettext__ PARAMS ((const char *__msgid)); - -/* Look up MSGID in the DOMAINNAME message catalog for the current - LC_MESSAGES locale. */ -extern char *dgettext PARAMS ((const char *__domainname, const char *__msgid)); -extern char *dgettext__ PARAMS ((const char *__domainname, - const char *__msgid)); - -/* Look up MSGID in the DOMAINNAME message catalog for the current CATEGORY - locale. */ -extern char *dcgettext PARAMS ((const char *__domainname, const char *__msgid, - int __category)); -extern char *dcgettext__ PARAMS ((const char *__domainname, - const char *__msgid, int __category)); - - -/* Set the current default message catalog to DOMAINNAME. - If DOMAINNAME is null, return the current default. - If DOMAINNAME is "", reset to the default of "messages". */ -extern char *textdomain PARAMS ((const char *__domainname)); -extern char *textdomain__ PARAMS ((const char *__domainname)); - -/* Specify that the DOMAINNAME message catalog will be found - in DIRNAME rather than in the system locale data base. */ -extern char *bindtextdomain PARAMS ((const char *__domainname, - const char *__dirname)); -extern char *bindtextdomain__ PARAMS ((const char *__domainname, - const char *__dirname)); - -#if ENABLE_NLS - -/* Solaris 2.3 has the gettext function but dcgettext is missing. - So we omit this optimization for Solaris 2.3. BTW, Solaris 2.4 - has dcgettext. */ -# if !HAVE_CATGETS && (!HAVE_GETTEXT || HAVE_DCGETTEXT) - -# define gettext(Msgid) \ - dgettext (NULL, Msgid) - -# define dgettext(Domainname, Msgid) \ - dcgettext (Domainname, Msgid, LC_MESSAGES) - -# if defined __GNUC__ && __GNUC__ == 2 && __GNUC_MINOR__ >= 7 -/* This global variable is defined in loadmsgcat.c. We need a sign, - whether a new catalog was loaded, which can be associated with all - translations. */ -extern int _nl_msg_cat_cntr; - -# define dcgettext(Domainname, Msgid, Category) \ - (__extension__ \ - ({ \ - char *__result; \ - if (__builtin_constant_p (Msgid)) \ - { \ - static char *__translation__; \ - static int __catalog_counter__; \ - if (! __translation__ || __catalog_counter__ != _nl_msg_cat_cntr) \ - { \ - __translation__ = \ - dcgettext__ (Domainname, Msgid, Category); \ - __catalog_counter__ = _nl_msg_cat_cntr; \ - } \ - __result = __translation__; \ - } \ - else \ - __result = dcgettext__ (Domainname, Msgid, Category); \ - __result; \ - })) -# endif -# endif - -#else - -# define gettext(Msgid) (Msgid) -# define dgettext(Domainname, Msgid) (Msgid) -# define dcgettext(Domainname, Msgid, Category) (Msgid) -# define textdomain(Domainname) ((char *) Domainname) -# define bindtextdomain(Domainname, Dirname) ((char *) Dirname) - -#endif - -/* @@ begin of epilog @@ */ - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/intl/linux-msg.sed b/intl/linux-msg.sed deleted file mode 100644 index 5918e720..00000000 --- a/intl/linux-msg.sed +++ /dev/null @@ -1,100 +0,0 @@ -# po2msg.sed - Convert Uniforum style .po file to Linux style .msg file -# Copyright (C) 1995 Free Software Foundation, Inc. -# Ulrich Drepper , 1995. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# -# The first directive in the .msg should be the definition of the -# message set number. We use always set number 1. -# -1 { - i\ -$set 1 # Automatically created by po2msg.sed - h - s/.*/0/ - x -} -# -# Mitch's old catalog format does not allow comments. -# -# We copy the original message as a comment into the .msg file. -# -/^msgid/ { - s/msgid[ ]*"// -# -# This does not work now with the new format. -# /"$/! { -# s/\\$// -# s/$/ ... (more lines following)"/ -# } - x -# The following nice solution is by -# Bruno - td -# Increment a decimal number in pattern space. -# First hide trailing `9' digits. - :d - s/9\(_*\)$/_\1/ - td -# Assure at least one digit is available. - s/^\(_*\)$/0\1/ -# Increment the last digit. - s/8\(_*\)$/9\1/ - s/7\(_*\)$/8\1/ - s/6\(_*\)$/7\1/ - s/5\(_*\)$/6\1/ - s/4\(_*\)$/5\1/ - s/3\(_*\)$/4\1/ - s/2\(_*\)$/3\1/ - s/1\(_*\)$/2\1/ - s/0\(_*\)$/1\1/ -# Convert the hidden `9' digits to `0's. - s/_/0/g - x - G - s/\(.*\)"\n\([0-9]*\)/$ #\2 Original Message:(\1)/p -} -# -# The .msg file contains, other then the .po file, only the translations -# but each given a unique ID. Starting from 1 and incrementing by 1 for -# each message we assign them to the messages. -# It is important that the .po file used to generate the cat-id-tbl.c file -# (with po-to-tbl) is the same as the one used here. (At least the order -# of declarations must not be changed.) -# -/^msgstr/ { - s/msgstr[ ]*"\(.*\)"/# \1/ -# Clear substitution flag. - tb -# Append the next line. - :b - N -# Look whether second part is continuation line. - s/\(.*\n\)"\(.*\)"/\1\2/ -# Yes, then branch. - ta - P - D -# Note that D includes a jump to the start!! -# We found a continuation line. But before printing insert '\'. - :a - s/\(.*\)\(\n.*\)/\1\\\2/ - P -# We cannot use D here. - s/.*\n\(.*\)/\1/ - tb -} -d diff --git a/intl/loadinfo.h b/intl/loadinfo.h deleted file mode 100644 index 1c4524ab..00000000 --- a/intl/loadinfo.h +++ /dev/null @@ -1,78 +0,0 @@ -/* Copyright (C) 1996, 1997 Free Software Foundation, Inc. - This file is part of the GNU C Library. - Contributed by Ulrich Drepper , 1996. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -#ifndef PARAMS -# if __STDC__ -# define PARAMS(args) args -# else -# define PARAMS(args) () -# endif -#endif - -/* Encoding of locale name parts. */ -#define CEN_REVISION 1 -#define CEN_SPONSOR 2 -#define CEN_SPECIAL 4 -#define XPG_NORM_CODESET 8 -#define XPG_CODESET 16 -#define TERRITORY 32 -#define CEN_AUDIENCE 64 -#define XPG_MODIFIER 128 - -#define CEN_SPECIFIC (CEN_REVISION|CEN_SPONSOR|CEN_SPECIAL|CEN_AUDIENCE) -#define XPG_SPECIFIC (XPG_CODESET|XPG_NORM_CODESET|XPG_MODIFIER) - - -struct loaded_l10nfile -{ - const char *filename; - int decided; - - const void *data; - - struct loaded_l10nfile *next; - struct loaded_l10nfile *successor[1]; -}; - - -extern const char *_nl_normalize_codeset PARAMS ((const char *codeset, - size_t name_len)); - -extern struct loaded_l10nfile * -_nl_make_l10nflist PARAMS ((struct loaded_l10nfile **l10nfile_list, - const char *dirlist, size_t dirlist_len, int mask, - const char *language, const char *territory, - const char *codeset, - const char *normalized_codeset, - const char *modifier, const char *special, - const char *sponsor, const char *revision, - const char *filename, int do_allocate)); - - -extern const char *_nl_expand_alias PARAMS ((const char *name)); - -extern int _nl_explode_name PARAMS ((char *name, const char **language, - const char **modifier, - const char **territory, - const char **codeset, - const char **normalized_codeset, - const char **special, - const char **sponsor, - const char **revision)); - -extern char *_nl_find_language PARAMS ((const char *name)); diff --git a/intl/loadmsgcat.c b/intl/loadmsgcat.c deleted file mode 100644 index 2c6a5650..00000000 --- a/intl/loadmsgcat.c +++ /dev/null @@ -1,220 +0,0 @@ -/* Load needed message catalogs. - Copyright (C) 1995, 1996, 1997, 1998 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include -#include -#include - -#if defined STDC_HEADERS || defined _LIBC -# include -#endif - -#if defined HAVE_UNISTD_H || defined _LIBC -# include -#endif - -#if (defined HAVE_MMAP && defined HAVE_MUNMAP && !defined DISALLOW_MMAP) \ - || (defined _LIBC && defined _POSIX_MAPPED_FILES) -# include -# undef HAVE_MMAP -# define HAVE_MMAP 1 -#else -# undef HAVE_MMAP -#endif - -#include "gettext.h" -#include "gettextP.h" - -/* @@ end of prolog @@ */ - -#ifdef _LIBC -/* Rename the non ISO C functions. This is required by the standard - because some ISO C functions will require linking with this object - file and the name space must not be polluted. */ -# define open __open -# define close __close -# define read __read -# define mmap __mmap -# define munmap __munmap -#endif - -/* We need a sign, whether a new catalog was loaded, which can be associated - with all translations. This is important if the translations are - cached by one of GCC's features. */ -int _nl_msg_cat_cntr = 0; - - -/* Load the message catalogs specified by FILENAME. If it is no valid - message catalog do nothing. */ -void -internal_function -_nl_load_domain (domain_file) - struct loaded_l10nfile *domain_file; -{ - int fd; - size_t size; - struct stat st; - struct mo_file_header *data = (struct mo_file_header *) -1; - int use_mmap = 0; - struct loaded_domain *domain; - - domain_file->decided = 1; - domain_file->data = NULL; - - /* If the record does not represent a valid locale the FILENAME - might be NULL. This can happen when according to the given - specification the locale file name is different for XPG and CEN - syntax. */ - if (domain_file->filename == NULL) - return; - - /* Try to open the addressed file. */ - fd = open (domain_file->filename, O_RDONLY); - if (fd == -1) - return; - - /* We must know about the size of the file. */ - if (fstat (fd, &st) != 0 - || (size = (size_t) st.st_size) != st.st_size - || size < sizeof (struct mo_file_header)) - { - /* Something went wrong. */ - close (fd); - return; - } - -#ifdef HAVE_MMAP - /* Now we are ready to load the file. If mmap() is available we try - this first. If not available or it failed we try to load it. */ - data = (struct mo_file_header *) mmap (NULL, size, PROT_READ, - MAP_PRIVATE, fd, 0); - - if (data != (struct mo_file_header *) -1) - { - /* mmap() call was successful. */ - close (fd); - use_mmap = 1; - } -#endif - - /* If the data is not yet available (i.e. mmap'ed) we try to load - it manually. */ - if (data == (struct mo_file_header *) -1) - { - size_t to_read; - char *read_ptr; - - data = (struct mo_file_header *) malloc (size); - if (data == NULL) - return; - - to_read = size; - read_ptr = (char *) data; - do - { - long int nb = (long int) read (fd, read_ptr, to_read); - if (nb == -1) - { - close (fd); - return; - } - - read_ptr += nb; - to_read -= nb; - } - while (to_read > 0); - - close (fd); - } - - /* Using the magic number we can test whether it really is a message - catalog file. */ - if (data->magic != _MAGIC && data->magic != _MAGIC_SWAPPED) - { - /* The magic number is wrong: not a message catalog file. */ -#ifdef HAVE_MMAP - if (use_mmap) - munmap ((caddr_t) data, size); - else -#endif - free (data); - return; - } - - domain_file->data - = (struct loaded_domain *) malloc (sizeof (struct loaded_domain)); - if (domain_file->data == NULL) - return; - - domain = (struct loaded_domain *) domain_file->data; - domain->data = (char *) data; - domain->use_mmap = use_mmap; - domain->mmap_size = size; - domain->must_swap = data->magic != _MAGIC; - - /* Fill in the information about the available tables. */ - switch (W (domain->must_swap, data->revision)) - { - case 0: - domain->nstrings = W (domain->must_swap, data->nstrings); - domain->orig_tab = (struct string_desc *) - ((char *) data + W (domain->must_swap, data->orig_tab_offset)); - domain->trans_tab = (struct string_desc *) - ((char *) data + W (domain->must_swap, data->trans_tab_offset)); - domain->hash_size = W (domain->must_swap, data->hash_tab_size); - domain->hash_tab = (nls_uint32 *) - ((char *) data + W (domain->must_swap, data->hash_tab_offset)); - break; - default: - /* This is an invalid revision. */ -#ifdef HAVE_MMAP - if (use_mmap) - munmap ((caddr_t) data, size); - else -#endif - free (data); - free (domain); - domain_file->data = NULL; - return; - } - - /* Show that one domain is changed. This might make some cached - translations invalid. */ - ++_nl_msg_cat_cntr; -} - - -#ifdef _LIBC -void -internal_function -_nl_unload_domain (domain) - struct loaded_domain *domain; -{ -#ifdef _POSIX_MAPPED_FILES - if (domain->use_mmap) - munmap ((caddr_t) domain->data, domain->mmap_size); - else -#endif /* _POSIX_MAPPED_FILES */ - free ((void *) domain->data); - - free (domain); -} -#endif diff --git a/intl/localealias.c b/intl/localealias.c deleted file mode 100644 index 861020dd..00000000 --- a/intl/localealias.c +++ /dev/null @@ -1,438 +0,0 @@ -/* Handle aliases for locale names. - Copyright (C) 1995, 1996, 1997, 1998 Free Software Foundation, Inc. - Written by Ulrich Drepper , 1995. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#include -#include -#include - -#ifdef __GNUC__ -# define alloca __builtin_alloca -# define HAVE_ALLOCA 1 -#else -# if defined HAVE_ALLOCA_H || defined _LIBC -# include -# else -# ifdef _AIX - #pragma alloca -# else -# ifndef alloca -char *alloca (); -# endif -# endif -# endif -#endif - -#if defined STDC_HEADERS || defined _LIBC -# include -#else -char *getenv (); -# ifdef HAVE_MALLOC_H -# include -# else -void free (); -# endif -#endif - -#if defined HAVE_STRING_H || defined _LIBC -# ifndef _GNU_SOURCE -# define _GNU_SOURCE 1 -# endif -# include -#else -# include -# ifndef memcpy -# define memcpy(Dst, Src, Num) bcopy (Src, Dst, Num) -# endif -#endif -#if !HAVE_STRCHR && !defined _LIBC -# ifndef strchr -# define strchr index -# endif -#endif - -#include "gettext.h" -#include "gettextP.h" - -/* @@ end of prolog @@ */ - -#ifdef _LIBC -/* Rename the non ANSI C functions. This is required by the standard - because some ANSI C functions will require linking with this object - file and the name space must not be polluted. */ -# define strcasecmp __strcasecmp - -# ifndef mempcpy -# define mempcpy __mempcpy -# endif -# define HAVE_MEMPCPY 1 - -/* We need locking here since we can be called from different places. */ -# include - -__libc_lock_define_initialized (static, lock); -#endif - -#ifndef internal_function -# define internal_function -#endif - -/* For those loosing systems which don't have `alloca' we have to add - some additional code emulating it. */ -#ifdef HAVE_ALLOCA -/* Nothing has to be done. */ -# define ADD_BLOCK(list, address) /* nothing */ -# define FREE_BLOCKS(list) /* nothing */ -#else -struct block_list -{ - void *address; - struct block_list *next; -}; -# define ADD_BLOCK(list, addr) \ - do { \ - struct block_list *newp = (struct block_list *) malloc (sizeof (*newp)); \ - /* If we cannot get a free block we cannot add the new element to \ - the list. */ \ - if (newp != NULL) { \ - newp->address = (addr); \ - newp->next = (list); \ - (list) = newp; \ - } \ - } while (0) -# define FREE_BLOCKS(list) \ - do { \ - while (list != NULL) { \ - struct block_list *old = list; \ - list = list->next; \ - free (old); \ - } \ - } while (0) -# undef alloca -# define alloca(size) (malloc (size)) -#endif /* have alloca */ - -#if defined _LIBC_REENTRANT || defined HAVE_FGETS_UNLOCKED -# undef fgets -# define fgets(buf, len, s) fgets_unlocked (buf, len, s) -#endif -#if defined _LIBC_REENTRANT || defined HAVE_FEOF_UNLOCKED -# undef feof -# define feof(s) feof_unlocked (s) -#endif - - -struct alias_map -{ - const char *alias; - const char *value; -}; - - -static char *string_space = NULL; -static size_t string_space_act = 0; -static size_t string_space_max = 0; -static struct alias_map *map; -static size_t nmap = 0; -static size_t maxmap = 0; - - -/* Prototypes for local functions. */ -static size_t read_alias_file PARAMS ((const char *fname, int fname_len)) - internal_function; -static void extend_alias_table PARAMS ((void)); -static int alias_compare PARAMS ((const struct alias_map *map1, - const struct alias_map *map2)); - - -const char * -_nl_expand_alias (name) - const char *name; -{ - static const char *locale_alias_path = LOCALE_ALIAS_PATH; - struct alias_map *retval; - const char *result = NULL; - size_t added; - -#ifdef _LIBC - __libc_lock_lock (lock); -#endif - - do - { - struct alias_map item; - - item.alias = name; - - if (nmap > 0) - retval = (struct alias_map *) bsearch (&item, map, nmap, - sizeof (struct alias_map), - (int (*) PARAMS ((const void *, - const void *)) - ) alias_compare); - else - retval = NULL; - - /* We really found an alias. Return the value. */ - if (retval != NULL) - { - result = retval->value; - break; - } - - /* Perhaps we can find another alias file. */ - added = 0; - while (added == 0 && locale_alias_path[0] != '\0') - { - const char *start; - - while (locale_alias_path[0] == ':') - ++locale_alias_path; - start = locale_alias_path; - - while (locale_alias_path[0] != '\0' && locale_alias_path[0] != ':') - ++locale_alias_path; - - if (start < locale_alias_path) - added = read_alias_file (start, locale_alias_path - start); - } - } - while (added != 0); - -#ifdef _LIBC - __libc_lock_unlock (lock); -#endif - - return result; -} - - -static size_t -internal_function -read_alias_file (fname, fname_len) - const char *fname; - int fname_len; -{ -#ifndef HAVE_ALLOCA - struct block_list *block_list = NULL; -#endif - FILE *fp; - char *full_fname; - size_t added; - static const char aliasfile[] = "/locale.alias"; - - full_fname = (char *) alloca (fname_len + sizeof aliasfile); - ADD_BLOCK (block_list, full_fname); -#ifdef HAVE_MEMPCPY - mempcpy (mempcpy (full_fname, fname, fname_len), - aliasfile, sizeof aliasfile); -#else - memcpy (full_fname, fname, fname_len); - memcpy (&full_fname[fname_len], aliasfile, sizeof aliasfile); -#endif - - fp = fopen (full_fname, "r"); - if (fp == NULL) - { - FREE_BLOCKS (block_list); - return 0; - } - - added = 0; - while (!feof (fp)) - { - /* It is a reasonable approach to use a fix buffer here because - a) we are only interested in the first two fields - b) these fields must be usable as file names and so must not - be that long - */ - char buf[BUFSIZ]; - char *alias; - char *value; - char *cp; - - if (fgets (buf, sizeof buf, fp) == NULL) - /* EOF reached. */ - break; - - /* Possibly not the whole line fits into the buffer. Ignore - the rest of the line. */ - if (strchr (buf, '\n') == NULL) - { - char altbuf[BUFSIZ]; - do - if (fgets (altbuf, sizeof altbuf, fp) == NULL) - /* Make sure the inner loop will be left. The outer loop - will exit at the `feof' test. */ - break; - while (strchr (altbuf, '\n') == NULL); - } - - cp = buf; - /* Ignore leading white space. */ - while (isspace (cp[0])) - ++cp; - - /* A leading '#' signals a comment line. */ - if (cp[0] != '\0' && cp[0] != '#') - { - alias = cp++; - while (cp[0] != '\0' && !isspace (cp[0])) - ++cp; - /* Terminate alias name. */ - if (cp[0] != '\0') - *cp++ = '\0'; - - /* Now look for the beginning of the value. */ - while (isspace (cp[0])) - ++cp; - - if (cp[0] != '\0') - { - size_t alias_len; - size_t value_len; - - value = cp++; - while (cp[0] != '\0' && !isspace (cp[0])) - ++cp; - /* Terminate value. */ - if (cp[0] == '\n') - { - /* This has to be done to make the following test - for the end of line possible. We are looking for - the terminating '\n' which do not overwrite here. */ - *cp++ = '\0'; - *cp = '\n'; - } - else if (cp[0] != '\0') - *cp++ = '\0'; - - if (nmap >= maxmap) - extend_alias_table (); - - alias_len = strlen (alias) + 1; - value_len = strlen (value) + 1; - - if (string_space_act + alias_len + value_len > string_space_max) - { - /* Increase size of memory pool. */ - size_t new_size = (string_space_max - + (alias_len + value_len > 1024 - ? alias_len + value_len : 1024)); - char *new_pool = (char *) realloc (string_space, new_size); - if (new_pool == NULL) - { - FREE_BLOCKS (block_list); - return added; - } - string_space = new_pool; - string_space_max = new_size; - } - - map[nmap].alias = memcpy (&string_space[string_space_act], - alias, alias_len); - string_space_act += alias_len; - - map[nmap].value = memcpy (&string_space[string_space_act], - value, value_len); - string_space_act += value_len; - - ++nmap; - ++added; - } - } - } - - /* Should we test for ferror()? I think we have to silently ignore - errors. --drepper */ - fclose (fp); - - if (added > 0) - qsort (map, nmap, sizeof (struct alias_map), - (int (*) PARAMS ((const void *, const void *))) alias_compare); - - FREE_BLOCKS (block_list); - return added; -} - - -static void -extend_alias_table () -{ - size_t new_size; - struct alias_map *new_map; - - new_size = maxmap == 0 ? 100 : 2 * maxmap; - new_map = (struct alias_map *) realloc (map, (new_size - * sizeof (struct alias_map))); - if (new_map == NULL) - /* Simply don't extend: we don't have any more core. */ - return; - - map = new_map; - maxmap = new_size; -} - - -#ifdef _LIBC -static void __attribute__ ((unused)) -free_mem (void) -{ - if (string_space != NULL) - free (string_space); - if (map != NULL) - free (map); -} -text_set_element (__libc_subfreeres, free_mem); -#endif - - -static int -alias_compare (map1, map2) - const struct alias_map *map1; - const struct alias_map *map2; -{ -#if defined _LIBC || defined HAVE_STRCASECMP - return strcasecmp (map1->alias, map2->alias); -#else - const unsigned char *p1 = (const unsigned char *) map1->alias; - const unsigned char *p2 = (const unsigned char *) map2->alias; - unsigned char c1, c2; - - if (p1 == p2) - return 0; - - do - { - /* I know this seems to be odd but the tolower() function in - some systems libc cannot handle nonalpha characters. */ - c1 = isupper (*p1) ? tolower (*p1) : *p1; - c2 = isupper (*p2) ? tolower (*p2) : *p2; - if (c1 == '\0') - break; - ++p1; - ++p2; - } - while (c1 == c2); - - return c1 - c2; -#endif -} diff --git a/intl/po2tbl.sed.in b/intl/po2tbl.sed.in deleted file mode 100644 index b3bcca4d..00000000 --- a/intl/po2tbl.sed.in +++ /dev/null @@ -1,102 +0,0 @@ -# po2tbl.sed - Convert Uniforum style .po file to lookup table for catgets -# Copyright (C) 1995 Free Software Foundation, Inc. -# Ulrich Drepper , 1995. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -1 { - i\ -/* Automatically generated by po2tbl.sed from @PACKAGE NAME@.pot. */\ -\ -#if HAVE_CONFIG_H\ -# include \ -#endif\ -\ -#include "libgettext.h"\ -\ -const struct _msg_ent _msg_tbl[] = { - h - s/.*/0/ - x -} -# -# Write msgid entries in C array form. -# -/^msgid/ { - s/msgid[ ]*\(".*"\)/ {\1/ - tb -# Append the next line - :b - N -# Look whether second part is continuation line. - s/\(.*\)"\(\n\)"\(.*"\)/\1\2\3/ -# Yes, then branch. - ta -# Because we assume that the input file correctly formed the line -# just read cannot be again be a msgid line. So it's safe to ignore -# it. - s/\(.*\)\n.*/\1/ - bc -# We found a continuation line. But before printing insert '\'. - :a - s/\(.*\)\(\n.*\)/\1\\\2/ - P -# We cannot use D here. - s/.*\n\(.*\)/\1/ -# Some buggy seds do not clear the `successful substitution since last ``t''' -# flag on `N', so we do a `t' here to clear it. - tb -# Not reached - :c - x -# The following nice solution is by -# Bruno - td -# Increment a decimal number in pattern space. -# First hide trailing `9' digits. - :d - s/9\(_*\)$/_\1/ - td -# Assure at least one digit is available. - s/^\(_*\)$/0\1/ -# Increment the last digit. - s/8\(_*\)$/9\1/ - s/7\(_*\)$/8\1/ - s/6\(_*\)$/7\1/ - s/5\(_*\)$/6\1/ - s/4\(_*\)$/5\1/ - s/3\(_*\)$/4\1/ - s/2\(_*\)$/3\1/ - s/1\(_*\)$/2\1/ - s/0\(_*\)$/1\1/ -# Convert the hidden `9' digits to `0's. - s/_/0/g - x - G - s/\(.*\)\n\([0-9]*\)/\1, \2},/ - s/\(.*\)"$/\1/ - p -} -# -# Last line. -# -$ { - i\ -};\ - - g - s/0*\(.*\)/int _msg_tbl_length = \1;/p -} -d diff --git a/intl/textdomain.c b/intl/textdomain.c deleted file mode 100644 index 88557460..00000000 --- a/intl/textdomain.c +++ /dev/null @@ -1,108 +0,0 @@ -/* Implementation of the textdomain(3) function. - Copyright (C) 1995, 1996, 1997, 1998 Free Software Foundation, Inc. - Written by Ulrich Drepper , 1995. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software Foundation, - Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - -#ifdef HAVE_CONFIG_H -# include -#endif - -#if defined STDC_HEADERS || defined _LIBC -# include -#endif - -#if defined STDC_HEADERS || defined HAVE_STRING_H || defined _LIBC -# include -#else -# include -# ifndef memcpy -# define memcpy(Dst, Src, Num) bcopy (Src, Dst, Num) -# endif -#endif - -#ifdef _LIBC -# include -#else -# include "libgettext.h" -#endif - -/* @@ end of prolog @@ */ - -/* Name of the default text domain. */ -extern const char _nl_default_default_domain[]; - -/* Default text domain in which entries for gettext(3) are to be found. */ -extern const char *_nl_current_default_domain; - - -/* Names for the libintl functions are a problem. They must not clash - with existing names and they should follow ANSI C. But this source - code is also used in GNU C Library where the names have a __ - prefix. So we have to make a difference here. */ -#ifdef _LIBC -# define TEXTDOMAIN __textdomain -# ifndef strdup -# define strdup(str) __strdup (str) -# endif -#else -# define TEXTDOMAIN textdomain__ -#endif - -/* Set the current default message catalog to DOMAINNAME. - If DOMAINNAME is null, return the current default. - If DOMAINNAME is "", reset to the default of "messages". */ -char * -TEXTDOMAIN (domainname) - const char *domainname; -{ - char *old; - - /* A NULL pointer requests the current setting. */ - if (domainname == NULL) - return (char *) _nl_current_default_domain; - - old = (char *) _nl_current_default_domain; - - /* If domain name is the null string set to default domain "messages". */ - if (domainname[0] == '\0' - || strcmp (domainname, _nl_default_default_domain) == 0) - _nl_current_default_domain = _nl_default_default_domain; - else - { - /* If the following malloc fails `_nl_current_default_domain' - will be NULL. This value will be returned and so signals we - are out of core. */ -#if defined _LIBC || defined HAVE_STRDUP - _nl_current_default_domain = strdup (domainname); -#else - size_t len = strlen (domainname) + 1; - char *cp = (char *) malloc (len); - if (cp != NULL) - memcpy (cp, domainname, len); - _nl_current_default_domain = cp; -#endif - } - - if (old != _nl_default_default_domain) - free (old); - - return (char *) _nl_current_default_domain; -} - -#ifdef _LIBC -/* Alias for function name in GNU C Library. */ -weak_alias (__textdomain, textdomain); -#endif diff --git a/intl/xopen-msg.sed b/intl/xopen-msg.sed deleted file mode 100644 index b19c0bbd..00000000 --- a/intl/xopen-msg.sed +++ /dev/null @@ -1,104 +0,0 @@ -# po2msg.sed - Convert Uniforum style .po file to X/Open style .msg file -# Copyright (C) 1995 Free Software Foundation, Inc. -# Ulrich Drepper , 1995. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# -# The first directive in the .msg should be the definition of the -# message set number. We use always set number 1. -# -1 { - i\ -$set 1 # Automatically created by po2msg.sed - h - s/.*/0/ - x -} -# -# We copy all comments into the .msg file. Perhaps they can help. -# -/^#/ s/^#[ ]*/$ /p -# -# We copy the original message as a comment into the .msg file. -# -/^msgid/ { -# Does not work now -# /"$/! { -# s/\\$// -# s/$/ ... (more lines following)"/ -# } - s/^msgid[ ]*"\(.*\)"$/$ Original Message: \1/ - p -} -# -# The .msg file contains, other then the .po file, only the translations -# but each given a unique ID. Starting from 1 and incrementing by 1 for -# each message we assign them to the messages. -# It is important that the .po file used to generate the cat-id-tbl.c file -# (with po-to-tbl) is the same as the one used here. (At least the order -# of declarations must not be changed.) -# -/^msgstr/ { - s/msgstr[ ]*"\(.*\)"/\1/ - x -# The following nice solution is by -# Bruno - td -# Increment a decimal number in pattern space. -# First hide trailing `9' digits. - :d - s/9\(_*\)$/_\1/ - td -# Assure at least one digit is available. - s/^\(_*\)$/0\1/ -# Increment the last digit. - s/8\(_*\)$/9\1/ - s/7\(_*\)$/8\1/ - s/6\(_*\)$/7\1/ - s/5\(_*\)$/6\1/ - s/4\(_*\)$/5\1/ - s/3\(_*\)$/4\1/ - s/2\(_*\)$/3\1/ - s/1\(_*\)$/2\1/ - s/0\(_*\)$/1\1/ -# Convert the hidden `9' digits to `0's. - s/_/0/g - x -# Bring the line in the format ` ' - G - s/^[^\n]*$/& / - s/\(.*\)\n\([0-9]*\)/\2 \1/ -# Clear flag from last substitution. - tb -# Append the next line. - :b - N -# Look whether second part is a continuation line. - s/\(.*\n\)"\(.*\)"/\1\2/ -# Yes, then branch. - ta - P - D -# Note that `D' includes a jump to the start!! -# We found a continuation line. But before printing insert '\'. - :a - s/\(.*\)\(\n.*\)/\1\\\2/ - P -# We cannot use the sed command `D' here - s/.*\n\(.*\)/\1/ - tb -} -d diff --git a/po/Makefile.in.in b/po/Makefile.in.in deleted file mode 100644 index 111b40fc..00000000 --- a/po/Makefile.in.in +++ /dev/null @@ -1,248 +0,0 @@ -# Makefile for program source directory in GNU NLS utilities package. -# Copyright (C) 1995, 1996, 1997 by Ulrich Drepper -# -# This file file be copied and used freely without restrictions. It can -# be used in projects which are not available under the GNU Public License -# but which still want to provide support for the GNU gettext functionality. -# Please note that the actual code is *not* freely available. - -PACKAGE = @PACKAGE@ -VERSION = @VERSION@ - -SHELL = /bin/sh -@SET_MAKE@ - -srcdir = @srcdir@ -top_srcdir = @top_srcdir@ -VPATH = @srcdir@ - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -datadir = $(prefix)/@DATADIRNAME@ -localedir = $(datadir)/locale -gnulocaledir = $(prefix)/share/locale -gettextsrcdir = $(prefix)/share/gettext/po -subdir = po - -INSTALL = @INSTALL@ -INSTALL_DATA = @INSTALL_DATA@ -MKINSTALLDIRS = $(top_srcdir)/@MKINSTALLDIRS@ - -CC = @CC@ -GENCAT = @GENCAT@ -GMSGFMT = PATH=../src:$$PATH @GMSGFMT@ -MSGFMT = @MSGFMT@ -XGETTEXT = PATH=../src:$$PATH @XGETTEXT@ -MSGMERGE = PATH=../src:$$PATH msgmerge - -DEFS = @DEFS@ -CFLAGS = @CFLAGS@ -CPPFLAGS = @CPPFLAGS@ - -INCLUDES = -I.. -I$(top_srcdir)/intl - -COMPILE = $(CC) -c $(DEFS) $(INCLUDES) $(CPPFLAGS) $(CFLAGS) $(XCFLAGS) - -SOURCES = cat-id-tbl.c -POFILES = @POFILES@ -GMOFILES = @GMOFILES@ -DISTFILES = ChangeLog Makefile.in.in POTFILES.in $(PACKAGE).pot \ -stamp-cat-id $(POFILES) $(GMOFILES) $(SOURCES) - -POTFILES = \ - -CATALOGS = @CATALOGS@ -CATOBJEXT = @CATOBJEXT@ -INSTOBJEXT = @INSTOBJEXT@ - -.SUFFIXES: -.SUFFIXES: .c .o .po .pox .gmo .mo .msg .cat - -.c.o: - $(COMPILE) $< - -.po.pox: - $(MAKE) $(PACKAGE).pot - $(MSGMERGE) $< $(srcdir)/$(PACKAGE).pot -o $*.pox - -.po.mo: - $(MSGFMT) -o $@ $< - -.po.gmo: - file=$(srcdir)/`echo $* | sed 's,.*/,,'`.gmo \ - && rm -f $$file && $(GMSGFMT) -o $$file $< - -.po.cat: - sed -f ../intl/po2msg.sed < $< > $*.msg \ - && rm -f $@ && $(GENCAT) $@ $*.msg - - -all: all-@USE_NLS@ - -all-yes: cat-id-tbl.c $(CATALOGS) -all-no: - -$(srcdir)/$(PACKAGE).pot: $(POTFILES) - $(XGETTEXT) --default-domain=$(PACKAGE) --directory=$(top_srcdir) \ - --add-comments --keyword=_ --keyword=N_ \ - --files-from=$(srcdir)/POTFILES.in \ - && test ! -f $(PACKAGE).po \ - || ( rm -f $(srcdir)/$(PACKAGE).pot \ - && mv $(PACKAGE).po $(srcdir)/$(PACKAGE).pot ) - -$(srcdir)/cat-id-tbl.c: stamp-cat-id; @: -$(srcdir)/stamp-cat-id: $(PACKAGE).pot - rm -f cat-id-tbl.tmp - sed -f ../intl/po2tbl.sed $(srcdir)/$(PACKAGE).pot \ - | sed -e "s/@PACKAGE NAME@/$(PACKAGE)/" > cat-id-tbl.tmp - if cmp -s cat-id-tbl.tmp $(srcdir)/cat-id-tbl.c; then \ - rm cat-id-tbl.tmp; \ - else \ - echo cat-id-tbl.c changed; \ - rm -f $(srcdir)/cat-id-tbl.c; \ - mv cat-id-tbl.tmp $(srcdir)/cat-id-tbl.c; \ - fi - cd $(srcdir) && rm -f stamp-cat-id && echo timestamp > stamp-cat-id - - -install: install-exec install-data -install-exec: -install-data: install-data-@USE_NLS@ -install-data-no: all -install-data-yes: all - if test -r "$(MKINSTALLDIRS)"; then \ - $(MKINSTALLDIRS) $(datadir); \ - else \ - $(SHELL) $(top_srcdir)/mkinstalldirs $(datadir); \ - fi - @catalogs='$(CATALOGS)'; \ - for cat in $$catalogs; do \ - cat=`basename $$cat`; \ - case "$$cat" in \ - *.gmo) destdir=$(gnulocaledir);; \ - *) destdir=$(localedir);; \ - esac; \ - lang=`echo $$cat | sed 's/\$(CATOBJEXT)$$//'`; \ - dir=$$destdir/$$lang/LC_MESSAGES; \ - if test -r "$(MKINSTALLDIRS)"; then \ - $(MKINSTALLDIRS) $$dir; \ - else \ - $(SHELL) $(top_srcdir)/mkinstalldirs $$dir; \ - fi; \ - if test -r $$cat; then \ - $(INSTALL_DATA) $$cat $$dir/$(PACKAGE)$(INSTOBJEXT); \ - echo "installing $$cat as $$dir/$(PACKAGE)$(INSTOBJEXT)"; \ - else \ - $(INSTALL_DATA) $(srcdir)/$$cat $$dir/$(PACKAGE)$(INSTOBJEXT); \ - echo "installing $(srcdir)/$$cat as" \ - "$$dir/$(PACKAGE)$(INSTOBJEXT)"; \ - fi; \ - if test -r $$cat.m; then \ - $(INSTALL_DATA) $$cat.m $$dir/$(PACKAGE)$(INSTOBJEXT).m; \ - echo "installing $$cat.m as $$dir/$(PACKAGE)$(INSTOBJEXT).m"; \ - else \ - if test -r $(srcdir)/$$cat.m ; then \ - $(INSTALL_DATA) $(srcdir)/$$cat.m \ - $$dir/$(PACKAGE)$(INSTOBJEXT).m; \ - echo "installing $(srcdir)/$$cat as" \ - "$$dir/$(PACKAGE)$(INSTOBJEXT).m"; \ - else \ - true; \ - fi; \ - fi; \ - done - if test "$(PACKAGE)" = "gettext"; then \ - if test -r "$(MKINSTALLDIRS)"; then \ - $(MKINSTALLDIRS) $(gettextsrcdir); \ - else \ - $(SHELL) $(top_srcdir)/mkinstalldirs $(gettextsrcdir); \ - fi; \ - $(INSTALL_DATA) $(srcdir)/Makefile.in.in \ - $(gettextsrcdir)/Makefile.in.in; \ - else \ - : ; \ - fi - -# Define this as empty until I found a useful application. -installcheck: - -uninstall: - catalogs='$(CATALOGS)'; \ - for cat in $$catalogs; do \ - cat=`basename $$cat`; \ - lang=`echo $$cat | sed 's/\$(CATOBJEXT)$$//'`; \ - rm -f $(localedir)/$$lang/LC_MESSAGES/$(PACKAGE)$(INSTOBJEXT); \ - rm -f $(localedir)/$$lang/LC_MESSAGES/$(PACKAGE)$(INSTOBJEXT).m; \ - rm -f $(gnulocaledir)/$$lang/LC_MESSAGES/$(PACKAGE)$(INSTOBJEXT); \ - rm -f $(gnulocaledir)/$$lang/LC_MESSAGES/$(PACKAGE)$(INSTOBJEXT).m; \ - done - rm -f $(gettextsrcdir)/po-Makefile.in.in - -check: all - -cat-id-tbl.o: ../intl/libgettext.h - -dvi info tags TAGS ID: - -mostlyclean: - rm -f core core.* *.pox $(PACKAGE).po *.old.po cat-id-tbl.tmp - rm -fr *.o - -clean: mostlyclean - -distclean: clean - rm -f Makefile Makefile.in POTFILES *.mo *.msg *.cat *.cat.m - -maintainer-clean: distclean - @echo "This command is intended for maintainers to use;" - @echo "it deletes files that may require special tools to rebuild." - rm -f $(GMOFILES) - -distdir = ../$(PACKAGE)-$(VERSION)/$(subdir) -dist distdir: update-po $(DISTFILES) - dists="$(DISTFILES)"; \ - for file in $$dists; do \ - ln $(srcdir)/$$file $(distdir) 2> /dev/null \ - || cp -p $(srcdir)/$$file $(distdir); \ - done - -update-po: Makefile - $(MAKE) $(PACKAGE).pot - PATH=`pwd`/../src:$$PATH; \ - cd $(srcdir); \ - catalogs='$(CATALOGS)'; \ - for cat in $$catalogs; do \ - cat=`basename $$cat`; \ - lang=`echo $$cat | sed 's/\$(CATOBJEXT)$$//'`; \ - mv $$lang.po $$lang.old.po; \ - echo "$$lang:"; \ - if $(MSGMERGE) $$lang.old.po $(PACKAGE).pot -o $$lang.po; then \ - rm -f $$lang.old.po; \ - else \ - echo "msgmerge for $$cat failed!"; \ - rm -f $$lang.po; \ - mv $$lang.old.po $$lang.po; \ - fi; \ - done - -POTFILES: POTFILES.in - ( if test 'x$(srcdir)' != 'x.'; then \ - posrcprefix='$(top_srcdir)/'; \ - else \ - posrcprefix="../"; \ - fi; \ - rm -f $@-t $@ \ - && (sed -e '/^#/d' -e '/^[ ]*$$/d' \ - -e "s@.*@ $$posrcprefix& \\\\@" < $(srcdir)/$@.in \ - | sed -e '$$s/\\$$//') > $@-t \ - && chmod a-w $@-t \ - && mv $@-t $@ ) - -Makefile: Makefile.in.in ../config.status POTFILES - cd .. \ - && CONFIG_FILES=$(subdir)/$@.in CONFIG_HEADERS= \ - $(SHELL) ./config.status - -# Tell versions [3.59,3.63) of GNU make not to export all variables. -# Otherwise a system limit (for SysV at least) may be exceeded. -.NOEXPORT: From ef294a69678bc7cba6d2ee0be96f683249672222 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 6 Jun 2000 10:24:33 +0000 Subject: [PATCH 004/923] Include ../intl in the include path, and add @INTLLIBS@ to the list of libraries. --- lib/Makefile.am | 3 ++- src/Makefile.am | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/Makefile.am b/lib/Makefile.am index 68312785..c64675ff 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,8 +1,9 @@ ## Process this file with automake to produce Makefile.in +# $Id: Makefile.am,v 1.2.4.1 2000/06/06 10:24:33 zarq Exp $ noinst_LIBRARIES = libvpn.a -INCLUDES = -I. -I$(top_builddir) +INCLUDES = -I. -I$(top_builddir) -I$(top_srcdir)/intl libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c diff --git a/src/Makefile.am b/src/Makefile.am index 2cd0df4e..a76194b1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,15 +1,16 @@ ## Produce this file with automake to get Makefile.in +# $Id: Makefile.am,v 1.4.4.1 2000/06/06 10:24:33 zarq Exp $ sbin_PROGRAMS = tincd genauth genauth_SOURCES = genauth.c tincd_SOURCES = conf.c encr.c net.c netutl.c protocol.c tincd.c -INCLUDES = -I$(top_builddir) -I$(top_srcdir)/cipher -I$(top_srcdir)/lib +INCLUDES = -I$(top_builddir) -I$(top_srcdir)/cipher -I$(top_srcdir)/lib -I$(top_srcdir)/intl noinst_HEADERS = conf.h encr.h net.h netutl.h protocol.h -LIBS = @LIBS@ +LIBS = @LIBS@ @INTLLIBS@ tincd_LDADD = $(top_builddir)/cipher/libcipher.la \ $(top_builddir)/lib/libvpn.a From 1c8adb5e1f12894fc9a478fbf29678fb662e03ab Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 17 Jun 2000 20:30:44 +0000 Subject: [PATCH 005/923] Merge changes from 1.6-1.8. --- redhat/tinc | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/redhat/tinc b/redhat/tinc index e9f3b410..d3a34dd7 100644 --- a/redhat/tinc +++ b/redhat/tinc @@ -117,7 +117,7 @@ mask_to_prefix () { vpn_load () { CFG="$TCONF/$1/tinc.conf" - [ -f $CFG ] || { MSG="$CFG does not exist!"; return 1 } + [ -f $CFG ] || { MSG="$CFG does not exist!"; return 1; } # load TINCD config DEV="$(grep -i -e '^[[:space:]]*TapDevice' $CFG | sed 's/[[:space:]]//g; s/^.*=//g')" @@ -126,24 +126,24 @@ vpn_load () { # TapDevice syntax validation [ -z "$DEV" ] && \ - { MSG="TapDevice required!"; return 1 } + { MSG="TapDevice required!"; return 1; } [ $(echo $DEV | wc -l) -gt 1 ] && \ - { MSG="multiple TapDevice entries not allowed!"; return 1 } + { MSG="multiple TapDevice entries not allowed!"; return 1; } echo $DEV | grep -q -x -E '/dev/tap[[:digit:]]+' || - { MSG="TapDevice should be in form /dev/tapX!"; return 1 } + { MSG="TapDevice should be in form /dev/tapX!"; return 1; } # MyOwnVPNIP/MyVirtualIP syntax validation [ -z "$VPN" ] && \ - { MSG="MyOwnVPNIP/MyVirtualIP required!"; return 1 } + { MSG="MyOwnVPNIP/MyVirtualIP required!"; return 1; } [ $(echo $VPN | wc -l) -gt 1 ] && \ - { MSG="multiple MyOwnVPNIP/MyVirtualIP entries not allowed!"; return 1 } + { MSG="multiple MyOwnVPNIP/MyVirtualIP entries not allowed!"; return 1; } echo $VPN | grep -q -x -E \ '([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}/[[:digit:]]{1,2}' || \ - { MSG="badly formed MyOwnVPNIP/MyVirtualIP address $VPN!"; return 1 } + { MSG="badly formed MyOwnVPNIP/MyVirtualIP address $VPN!"; return 1; } # VPNMask syntax validation [ $(echo $IFM | wc -l) -gt 1 ] && \ - { MSG="multiple VPNMask entries not allowed!"; return 1 } + { MSG="multiple VPNMask entries not allowed!"; return 1; } # device & IP address extraction @@ -180,7 +180,7 @@ vpn_load () { NET=$(ipcalc --network $ADR $MSK | cut -d"=" -f2) # MAC address - MAC=$(printf "fe:fd:%0.2x:%0.2x:%0.2x:%0.2x" $(echo $ADR | { IFS=. ; read a b c d; echo $a $b $c $d })) + MAC=$(printf "fe:fd:%0.2x:%0.2x:%0.2x:%0.2x" $(echo $ADR | { IFS=. ; read a b c d; echo $a $b $c $d; })) # debugging # echo >&2 @@ -208,21 +208,21 @@ vpn_start () { # load device module ERR="$(insmod ethertap -o "ethertap$NUM" unit="$NUM" 2>&1 1> /dev/null)" || - { MSG="could not insmod ethertap as unit $NUM!"; return 2 } + { MSG="could not insmod ethertap as unit $NUM!"; return 2; } # configure the interface ERR="$(ip link set $TAP address $MAC 2>&1)" || - { MSG="could not set address for device $TAP!"; return 3 } + { MSG="could not set address for device $TAP!"; return 3; } ERR="$(ip link set $TAP up 2>&1)" || - { MSG="could not bring up device $TAP!"; return 3 } + { MSG="could not bring up device $TAP!"; return 3; } ERR="$(ip addr add $VPN brd $BRD dev $TAP 2>&1)" || - { MSG="could not set IP address for device $TAP!"; return 3 } + { MSG="could not set IP address for device $TAP!"; return 3; } # start tincd $TINCD --net="$1" $DEBUG || \ - { MSG="could not start daemon for network $1"; return 3 } + { MSG="could not start daemon for network $1"; return 3; } # setup custom static routes /etc/sysconfig/network-scripts/ifup-routes $TAP From 33c3a25a66251606cbf20d3bd5b392d8837116e3 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 17 Jun 2000 20:55:54 +0000 Subject: [PATCH 006/923] Configuration directive `IndirectData'. --- src/conf.c | 3 ++- src/conf.h | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/conf.c b/src/conf.c index 35ca4d78..0eab0efd 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9 2000/05/30 11:18:12 zarq Exp $ + $Id: conf.c,v 1.9.4.1 2000/06/17 20:55:54 zarq Exp $ */ @@ -65,6 +65,7 @@ static internal_config_t hazahaza[] = { { "KeyExpire", keyexpire, TYPE_INT }, { "VpnMask", vpnmask, TYPE_IP }, { "Hostnames", resolve_dns, TYPE_BOOL }, + { "IndirectData", indirectdata, TYPE_BOOL }, { NULL, 0, 0 } }; diff --git a/src/conf.h b/src/conf.h index de3d583c..968a12a4 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6 2000/05/30 11:18:12 zarq Exp $ + $Id: conf.h,v 1.6.4.1 2000/06/17 20:55:54 zarq Exp $ */ #ifndef __TINC_CONF_H__ @@ -45,7 +45,8 @@ typedef enum which_t { pingtimeout, keyexpire, vpnmask, - resolve_dns + resolve_dns, + indirectdata } which_t; typedef struct config_t { From d8e2f7104c3203edbf23d2349656c765a4310dee Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 23 Jun 2000 19:27:03 +0000 Subject: [PATCH 007/923] First step for implementation of the "indirectdata" directive. This should allow _leaf_ tincds to be behind firewalls. The protocol has changed and is INCOMPATIBLE with previous versions. The PROT_CURRENT value has been incremented. --- TODO | 10 ++-------- src/net.c | 39 ++++++++++++++++++++++++++++++++++++++- src/net.h | 5 +++++ src/protocol.c | 30 +++++++++++++++++++++++++----- src/protocol.h | 1 + 5 files changed, 71 insertions(+), 14 deletions(-) diff --git a/TODO b/TODO index 3d0a7c8c..4415e163 100644 --- a/TODO +++ b/TODO @@ -3,13 +3,7 @@ Things left to do to make cabal superstable: * Check for connection loops. Inter-daemon connections should always satisfy the tree property. - * Check for duplicates. If there's a - timeout and a host reconnects before the - old connection is closed, duplicate - entries appear in every connection list. * Redundancy: multiple ConnectTo lines, if one fails others might be tried. - * Persistence: don't quit when no connection - can be made directly after start of the - daemon. - + * Allow connects to hosts that use + nodirectdata. diff --git a/src/net.c b/src/net.c index 54e13232..62cdb144 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35 2000/05/31 18:23:05 zarq Exp $ + $Id: net.c,v 1.35.4.1 2000/06/23 19:27:02 guus Exp $ */ #include "config.h" @@ -277,6 +277,11 @@ cp syslog(LOG_NOTICE, _("trying to look up " IP_ADDR_S " in connection list failed."), IP_ADDR_V(to)); } + + /* Is this really necessary? If we can't find "to", then neither should any uplink. (GS) */ + + return -1; + for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next); if(!cl) { /* No open outgoing connection has been found. */ @@ -286,6 +291,33 @@ cp } } + /* If indirectdata flag is set, then real_ip is actually the vpn_ip of the gateway tincd + * it is behind. + */ + + if(cl->flags & INDIRECTDATA) + { + if((cl = lookup_conn(cl->vpn_ip)) == NULL) + { + if(debug_lvl > 2) + { + syslog(LOG_NOTICE, _("indirect look up " IP_ADDR_S " in connection list failed."), + IP_ADDR_V(to)); + } + + /* Gateway tincd dead? Should we kill it? (GS) */ + + return -1; + } + if(cl->flags & INDIRECTDATA) /* This should not happen */ + if(debug_lvl > 1) + { + syslog(LOG_NOTICE, _("double indirection for " IP_ADDR_S), + IP_ADDR_V(to)); + } + return -1; + } + if(my_key_expiry <= time(NULL)) regenerate_keys(); @@ -522,12 +554,17 @@ cp myself->vpn_ip = cfg->data.ip->ip; myself->vpn_mask = cfg->data.ip->mask; + myself->flags = 0; if(!(cfg = get_config_val(listenport))) myself->port = 655; else myself->port = cfg->data.val; + if(cfg = get_config_val(indirectdata)) + if(cfg->data.val) + myself->flags |= EXPORTINDIRECTDATA; + if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening socket")); diff --git a/src/net.h b/src/net.h index 3dfc3a56..fdda07ed 100644 --- a/src/net.h +++ b/src/net.h @@ -45,6 +45,10 @@ #define MAXBUFSIZE 2048 /* Probably way too much, but it must fit every possible request. */ +/* flags */ +#define INDIRECTDATA 0x0001 /* Used to indicate that this host has to be reached indirect */ +#define EXPORTINDIRECTDATA 0x0002 /* Used to indicate uplink that it has to tell others to do INDIRECTDATA */ + typedef unsigned long ip_t; typedef short length_t; @@ -102,6 +106,7 @@ typedef struct conn_list_t { ip_t real_ip; /* his real (internet) ip */ char *hostname; /* the hostname of its real ip */ short unsigned int port; /* his portnumber */ + int flags; /* his flags */ int socket; /* our udp vpn socket */ int meta_socket; /* our tcp meta socket */ int protocol_version; /* used protocol */ diff --git a/src/protocol.c b/src/protocol.c index e9bad82e..1e964935 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28 2000/05/30 21:36:16 zarq Exp $ + $Id: protocol.c,v 1.28.4.1 2000/06/23 19:27:03 guus Exp $ */ #include "config.h" @@ -154,12 +154,30 @@ cp int send_add_host(conn_list_t *cl, conn_list_t *new_host) { + ip_t real_ip; + int flags; cp if(debug_lvl > 2) syslog(LOG_DEBUG, _("Sending add host to " IP_ADDR_S), IP_ADDR_V(cl->vpn_ip)); - buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx/%lx:%x\n", ADD_HOST, new_host->real_ip, new_host->vpn_ip, new_host->vpn_mask, new_host->port); + real_ip = new_host->real_ip; + flags = new_host->flags; + + /* If we need to propagate information about a new host that wants us to export + * it's indirectdata flag, we set the INDIRECTDATA flag and unset the EXPORT... + * flag, and set it's real_ip to our vpn_ip, so that net.c send_packet() will + * work correctly. + */ + + if(flags & EXPORTINDIRECTDATA) + { + flags &= ~EXPORTINDIRECTDATA; + flags |= INDIRECTDATA; + real_ip = myself->vpn_ip; + } + + buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx/%lx:%x %d\n", ADD_HOST, new_host->real_ip, new_host->vpn_ip, new_host->vpn_mask, new_host->port, flags); if((write(cl->meta_socket, buffer, buflen)) < 0) { @@ -205,7 +223,7 @@ cp syslog(LOG_DEBUG, _("Send BASIC_INFO to " IP_ADDR_S), IP_ADDR_V(cl->real_ip)); - buflen = snprintf(buffer, MAXBUFSIZE, "%d %d %lx/%lx:%x\n", BASIC_INFO, PROT_CURRENT, myself->vpn_ip, myself->vpn_mask, myself->port); + buflen = snprintf(buffer, MAXBUFSIZE, "%d %d %lx/%lx:%x %d\n", BASIC_INFO, PROT_CURRENT, myself->vpn_ip, myself->vpn_mask, myself->port, myself->flags); if((write(cl->meta_socket, buffer, buflen)) < 0) { @@ -365,7 +383,7 @@ cp int basic_info_h(conn_list_t *cl) { cp - if(sscanf(cl->buffer, "%*d %d %lx/%lx:%hx", &cl->protocol_version, &cl->vpn_ip, &cl->vpn_mask, &cl->port) != 4) + if(sscanf(cl->buffer, "%*d %d %lx/%lx:%hx %d", &cl->protocol_version, &cl->vpn_ip, &cl->vpn_mask, &cl->port, &cl->flags) != 5) { syslog(LOG_ERR, _("got bad BASIC_INFO request: %s"), cl->buffer); return -1; @@ -568,11 +586,12 @@ int add_host_h(conn_list_t *cl) ip_t vpn_ip; ip_t vpn_mask; unsigned short port; + int flags; conn_list_t *ncn, *fw; cp if(!cl->status.active) return -1; - if(sscanf(cl->buffer, "%*d %lx %lx/%lx:%hx", &real_ip, &vpn_ip, &vpn_mask, &port) != 4) + if(sscanf(cl->buffer, "%*d %lx %lx/%lx:%hx %d", &real_ip, &vpn_ip, &vpn_mask, &port, &flags) != 5) { syslog(LOG_ERR, _("got bad ADD_HOST request: %s"), cl->buffer); return -1; @@ -603,6 +622,7 @@ cp ncn->vpn_ip = vpn_ip; ncn->vpn_mask = vpn_mask; ncn->port = port; + ncn->flags = flags; ncn->hostname = hostlookup(real_ip); ncn->nexthop = cl; ncn->next = conn_list; diff --git a/src/protocol.h b/src/protocol.h index 88a0de29..89da86da 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -29,6 +29,7 @@ enum { PROT_3, PROT_4, PROT_ECHELON, + PROT_6, PROT_CURRENT, /* protocol currently in use */ }; From 3c54a513b0c0a3acac60e03403ab4abfa0688c62 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 24 Jun 2000 12:35:42 +0000 Subject: [PATCH 008/923] If we have "indirectdata" flag set, we only send data to our uplink. --- src/net.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/src/net.c b/src/net.c index 62cdb144..94a66513 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.1 2000/06/23 19:27:02 guus Exp $ + $Id: net.c,v 1.35.4.2 2000/06/24 12:35:42 guus Exp $ */ #include "config.h" @@ -291,7 +291,22 @@ cp } } - /* If indirectdata flag is set, then real_ip is actually the vpn_ip of the gateway tincd + /* If we ourselves have indirectdata flag set, we should send only to our uplink! */ + + if(myself->flags & EXPORTINDIRECTDATA) + { + for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next); + if(!cl) + { /* No open outgoing connection has been found. */ + if(debug_lvl > 2) + syslog(LOG_NOTICE, _("There is no remote host I can send this packet to.")); + return -1; + } + } + else + + /* If indirectdata flag is set for the destination we just looked up, + * then real_ip is actually the vpn_ip of the gateway tincd * it is behind. */ From 7f7e158aae8df5c65211bcfa82516e7c243cdd2e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 25 Jun 2000 15:16:12 +0000 Subject: [PATCH 009/923] =?UTF-8?q?Large=20cleanup:=20-=20Removed=20hostna?= =?UTF-8?q?me=20lookup=20(it=20blocks,=20and=20you=20can=20always=20do=20i?= =?UTF-8?q?t=20yourself)=20-=20Reorganized=20debug=20levels=20(after=20hin?= =?UTF-8?q?ts=20from=20Axel=20M=EF=BF=BDller):=20=20=200=09Startup=20messa?= =?UTF-8?q?ge=20and=20errors=20=20=201=09Connection=20logging=20=20=202=09?= =?UTF-8?q?Meta=20protocol=20information=20=20=203=09Verbose=20meta=20prot?= =?UTF-8?q?ocol=20(includes=20copy=20of=20transmitted=20requests)=20=20=20?= =?UTF-8?q?4=09Packet=20information=20(logs=20transmission/errors=20of=20U?= =?UTF-8?q?DP=20packets)=20=20=205=09Verbose=20packet=20information=20(eve?= =?UTF-8?q?ry=20single=20byte,=20not=20implemented=20yet=20=09to=20protect?= =?UTF-8?q?=20ourselves=20from=20filling=20up=20/var/log=20directories)=20?= =?UTF-8?q?-=20Made=20log=20messages=20more=20consistent?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/encr.c | 4 +- src/net.c | 84 ++++++++-------- src/net.h | 2 +- src/netutl.c | 9 +- src/protocol.c | 266 ++++++++++++++++++++++++++----------------------- src/tincd.c | 20 ++-- 6 files changed, 200 insertions(+), 185 deletions(-) diff --git a/src/encr.c b/src/encr.c index 5753de23..cadeba4f 100644 --- a/src/encr.c +++ b/src/encr.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: encr.c,v 1.12 2000/05/31 18:23:06 zarq Exp $ + $Id: encr.c,v 1.12.4.1 2000/06/25 15:16:11 guus Exp $ */ #include "config.h" @@ -150,7 +150,7 @@ cp else my_key_expiry = (time_t)(time(NULL) + cfg->data.val); - syslog(LOG_NOTICE, _("Generating %d bits keys."), PRIVATE_KEY_BITS); + syslog(LOG_NOTICE, _("Generating %d bits keys"), PRIVATE_KEY_BITS); if((f = fopen("/dev/urandom", "r")) == NULL) { diff --git a/src/net.c b/src/net.c index 94a66513..1fee46b8 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.2 2000/06/24 12:35:42 guus Exp $ + $Id: net.c,v 1.35.4.3 2000/06/25 15:16:11 guus Exp $ */ #include "config.h" @@ -247,7 +247,7 @@ void flush_queues(conn_list_t *cl) cp if(cl->sq) { - if(debug_lvl > 1) + if(debug_lvl > 3) syslog(LOG_DEBUG, _("Flushing send queue for " IP_ADDR_S), IP_ADDR_V(cl->vpn_ip)); flush_queue(cl, &(cl->sq), xsend); @@ -255,7 +255,7 @@ cp if(cl->rq) { - if(debug_lvl > 1) + if(debug_lvl > 3) syslog(LOG_DEBUG, _("Flushing receive queue for " IP_ADDR_S), IP_ADDR_V(cl->vpn_ip)); flush_queue(cl, &(cl->rq), xrecv); @@ -272,9 +272,9 @@ int send_packet(ip_t to, vpn_packet_t *packet) cp if((cl = lookup_conn(to)) == NULL) { - if(debug_lvl > 2) + if(debug_lvl > 3) { - syslog(LOG_NOTICE, _("trying to look up " IP_ADDR_S " in connection list failed."), + syslog(LOG_NOTICE, _("Trying to look up " IP_ADDR_S " in connection list failed!"), IP_ADDR_V(to)); } @@ -285,8 +285,8 @@ cp for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next); if(!cl) { /* No open outgoing connection has been found. */ - if(debug_lvl > 2) - syslog(LOG_NOTICE, _("There is no remote host I can send this packet to.")); + if(debug_lvl > 3) + syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!")); return -1; } } @@ -298,8 +298,8 @@ cp for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next); if(!cl) { /* No open outgoing connection has been found. */ - if(debug_lvl > 2) - syslog(LOG_NOTICE, _("There is no remote host I can send this packet to.")); + if(debug_lvl > 3) + syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!")); return -1; } } @@ -314,9 +314,9 @@ cp { if((cl = lookup_conn(cl->vpn_ip)) == NULL) { - if(debug_lvl > 2) + if(debug_lvl > 3) { - syslog(LOG_NOTICE, _("indirect look up " IP_ADDR_S " in connection list failed."), + syslog(LOG_NOTICE, _("Indirect look up " IP_ADDR_S " in connection list failed!"), IP_ADDR_V(to)); } @@ -325,7 +325,7 @@ cp return -1; } if(cl->flags & INDIRECTDATA) /* This should not happen */ - if(debug_lvl > 1) + if(debug_lvl > 3) { syslog(LOG_NOTICE, _("double indirection for " IP_ADDR_S), IP_ADDR_V(to)); @@ -351,8 +351,8 @@ cp if(!cl->status.active) { add_queue(&(cl->sq), packet, packet->len + 2); - if(debug_lvl > 1) - syslog(LOG_INFO, _(IP_ADDR_S " is not ready, queueing packet."), IP_ADDR_V(cl->vpn_ip)); + if(debug_lvl > 3) + syslog(LOG_INFO, _(IP_ADDR_S " is not ready, queueing packet"), IP_ADDR_V(cl->vpn_ip)); return 0; /* We don't want to mess up, do we? */ } @@ -516,9 +516,8 @@ cp return -1; } - cl->hostname = hostlookup(htonl(cl->real_ip)); - - syslog(LOG_INFO, _("Connected to %s:%hd"), cl->hostname, cl->port); + syslog(LOG_INFO, _("Connected to " IP_ADDR_S ":%hd"), + IP_ADDR_V(cl->real_ip), cl->port); cp return 0; } @@ -539,7 +538,7 @@ cp if(setup_outgoing_meta_socket(ncn) < 0) { - syslog(LOG_ERR, _("Could not set up a meta connection.")); + syslog(LOG_ERR, _("Could not set up a meta connection!")); free_conn_element(ncn); return -1; } @@ -595,7 +594,7 @@ cp myself->status.active = 1; - syslog(LOG_NOTICE, _("Ready: listening on port %d."), myself->port); + syslog(LOG_NOTICE, _("Ready: listening on port %d"), myself->port); cp return 0; } @@ -618,7 +617,7 @@ cp if(seconds_till_retry>300) /* Don't wait more than 5 minutes. */ seconds_till_retry = 300; alarm(seconds_till_retry); - syslog(LOG_ERR, _("Still failed to connect to other. Will retry in %d seconds."), + syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"), seconds_till_retry); } cp @@ -651,7 +650,7 @@ cp signal(SIGALRM, sigalrm_handler); seconds_till_retry = 300; alarm(seconds_till_retry); - syslog(LOG_NOTICE, _("Try to re-establish outgoing connection in 5 minutes.")); + syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 minutes")); } cp return 0; @@ -689,7 +688,7 @@ cp close(tap_fd); destroy_conn_list(); - syslog(LOG_NOTICE, _("Terminating.")); + syslog(LOG_NOTICE, _("Terminating")); cp return; } @@ -702,7 +701,7 @@ int setup_vpn_connection(conn_list_t *cl) int nfd, flags; struct sockaddr_in a; cp - if(debug_lvl > 1) + if(debug_lvl > 0) syslog(LOG_DEBUG, _("Opening UDP socket to " IP_ADDR_S), IP_ADDR_V(cl->real_ip)); nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); @@ -754,7 +753,6 @@ cp return NULL; } - p->hostname = hostlookup(ci.sin_addr.s_addr); p->real_ip = ntohl(ci.sin_addr.s_addr); p->meta_socket = sfd; p->status.meta = 1; @@ -762,7 +760,8 @@ cp p->last_ping_time = time(NULL); p->want_ping = 0; - syslog(LOG_NOTICE, _("Connection from %s:%d"), p->hostname, htons(ci.sin_port)); + syslog(LOG_NOTICE, _("Connection from " IP_ADDR_S ":%d"), + IP_ADDR_V(p->real_ip), htons(ci.sin_port)); if(send_basic_info(p) < 0) { @@ -874,7 +873,8 @@ cp return; if(debug_lvl > 0) - syslog(LOG_NOTICE, _("Closing connection with %s."), cl->hostname); + syslog(LOG_NOTICE, _("Closing connection with " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); if(cl->status.timeout) send_timeout(cl); @@ -890,7 +890,7 @@ cp signal(SIGALRM, sigalrm_handler); seconds_till_retry = 5; alarm(seconds_till_retry); - syslog(LOG_NOTICE, _("Try to re-establish outgoing connection in 5 seconds.")); + syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds")); } cl->status.active = 0; @@ -942,8 +942,9 @@ cp { if(p->status.pinged && !p->status.got_pong) { - syslog(LOG_INFO, _("%s (" IP_ADDR_S ") didn't respond to ping"), - p->hostname, IP_ADDR_V(p->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_INFO, _(IP_ADDR_S " (" IP_ADDR_S ") didn't respond to ping"), + IP_ADDR_V(p->vpn_ip), IP_ADDR_V(p->real_ip)); p->status.timeout = 1; terminate_connection(p); } @@ -981,7 +982,7 @@ cp { shutdown(nfd, 2); close(nfd); - syslog(LOG_NOTICE, _("Closed attempted connection.")); + syslog(LOG_NOTICE, _("Closed attempted connection")); return 0; } @@ -1014,7 +1015,7 @@ cp if(cl->buflen >= MAXBUFSIZE) { - syslog(LOG_ERR, _("Metadata read buffer overflow.")); + syslog(LOG_ERR, _("Metadata read buffer overflow!")); return -1; } @@ -1045,26 +1046,29 @@ cp if(cl->reqlen) { + if(debug_lvl > 2) + syslog(LOG_DEBUG, _("Got request from " IP_ADDR_S " (" IP_ADDR_S "): %s"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip), cl->buffer); if(sscanf(cl->buffer, "%d", &request) == 1) { if((request < 0) || (request > 255) || (request_handlers[request] == NULL)) { - syslog(LOG_ERR, _("Unknown request: %s"), cl->buffer); + syslog(LOG_ERR, _("Unknown request from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); return -1; } - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("Got request: %s"), cl->buffer); - if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */ { - syslog(LOG_ERR, _("Error while processing request from " IP_ADDR_S), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Error while processing request from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); return -1; } } else { - syslog(LOG_ERR, _("Bogus data received.")); + syslog(LOG_ERR, _("Bogus data received from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); return -1; } @@ -1152,7 +1156,7 @@ cp ether_type = ntohs(*((unsigned short*)(&vp.data[12]))); if(ether_type != 0x0800) { - if(debug_lvl > 0) + if(debug_lvl > 3) syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S), ether_type, MAC_ADDR_V(vp.data[6])); return; @@ -1160,7 +1164,7 @@ cp if(lenin < 32) { - if(debug_lvl > 0) + if(debug_lvl > 3) syslog(LOG_INFO, _("Dropping short packet")); return; } @@ -1171,7 +1175,7 @@ cp if(debug_lvl > 3) syslog(LOG_DEBUG, _("An IP packet (%04x) for " IP_ADDR_S " from " IP_ADDR_S), ether_type, IP_ADDR_V(to), IP_ADDR_V(from)); - if(debug_lvl > 4) + if(debug_lvl > 3) syslog(LOG_DEBUG, _(MAC_ADDR_S " to " MAC_ADDR_S), MAC_ADDR_V(vp.data[0]), MAC_ADDR_V(vp.data[6])); diff --git a/src/net.h b/src/net.h index fdda07ed..dbf081f7 100644 --- a/src/net.h +++ b/src/net.h @@ -104,7 +104,7 @@ typedef struct conn_list_t { ip_t vpn_ip; /* his vpn ip */ ip_t vpn_mask; /* his vpn network address */ ip_t real_ip; /* his real (internet) ip */ - char *hostname; /* the hostname of its real ip */ +/* char *hostname; /* the hostname of its real ip */ short unsigned int port; /* his portnumber */ int flags; /* his flags */ int socket; /* our udp vpn socket */ diff --git a/src/netutl.c b/src/netutl.c index c75bea27..2ca01ca3 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12 2000/05/31 18:23:06 zarq Exp $ + $Id: netutl.c,v 1.12.4.1 2000/06/25 15:16:12 guus Exp $ */ #include "config.h" @@ -85,8 +85,6 @@ cp void free_conn_element(conn_list_t *p) { cp - if(p->hostname) - free(p->hostname); if(p->sq) destroy_queue(p->sq); if(p->rq) @@ -160,10 +158,10 @@ cp cp } -/* +/* Hostlookups stink. (GS) look up the name associated with the ip address `addr' -*/ + char *hostlookup(unsigned long addr) { char *name; @@ -195,6 +193,7 @@ cp cp return name; } +*/ /* Turn a string into an IP addy with netmask diff --git a/src/protocol.c b/src/protocol.c index 1e964935..199bd7c8 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.1 2000/06/23 19:27:03 guus Exp $ + $Id: protocol.c,v 1.28.4.2 2000/06/25 15:16:12 guus Exp $ */ #include "config.h" @@ -50,18 +50,20 @@ int buflen; int send_ack(conn_list_t *cl) { cp - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Send ACK to %s"), cl->hostname); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending ACK to " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); buflen = snprintf(buffer, MAXBUFSIZE, "%d\n", ACK); if((write(cl->meta_socket, buffer, buflen)) < 0) { - syslog(LOG_ERR, _("send failed: %d:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %d:%d: %m"), __FILE__, __LINE__); return -1; } - syslog(LOG_NOTICE, _("Connection with %s activated."), cl->hostname); + syslog(LOG_NOTICE, _("Connection with " IP_ADDR_S " (" IP_ADDR_S ") activated"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); cp return 0; } @@ -69,16 +71,16 @@ cp int send_termreq(conn_list_t *cl) { cp - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Send TERMREQ to " IP_ADDR_S), - IP_ADDR_V(cl->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending TERMREQ to " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", TERMREQ, myself->vpn_ip); if(write(cl->meta_socket, buffer, buflen) < 0) { if(debug_lvl > 1) - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } cp @@ -88,15 +90,15 @@ cp int send_timeout(conn_list_t *cl) { cp - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Send TIMEOUT to " IP_ADDR_S), - IP_ADDR_V(cl->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending TIMEOUT to " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", PINGTIMEOUT, myself->vpn_ip); if((write(cl->meta_socket, buffer, buflen)) < 0) { - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } cp @@ -106,15 +108,15 @@ cp int send_del_host(conn_list_t *cl, conn_list_t *new_host) { cp - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Sending delete host " IP_ADDR_S " to " IP_ADDR_S), - IP_ADDR_V(new_host->vpn_ip), IP_ADDR_V(cl->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending DEL_HOST for " IP_ADDR_S " to " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(new_host->vpn_ip), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", DEL_HOST, new_host->vpn_ip); if((write(cl->meta_socket, buffer, buflen)) < 0) { - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } cp @@ -124,14 +126,15 @@ cp int send_ping(conn_list_t *cl) { cp - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("pinging " IP_ADDR_S), IP_ADDR_V(cl->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending PING to " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); buflen = snprintf(buffer, MAXBUFSIZE, "%d\n", PING); if((write(cl->meta_socket, buffer, buflen)) < 0) { - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } cp @@ -141,11 +144,15 @@ cp int send_pong(conn_list_t *cl) { cp + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending PONG to " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + buflen = snprintf(buffer, MAXBUFSIZE, "%d\n", PONG); if((write(cl->meta_socket, buffer, buflen)) < 0) { - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } cp @@ -157,10 +164,6 @@ int send_add_host(conn_list_t *cl, conn_list_t *new_host) ip_t real_ip; int flags; cp - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Sending add host to " IP_ADDR_S), - IP_ADDR_V(cl->vpn_ip)); - real_ip = new_host->real_ip; flags = new_host->flags; @@ -177,11 +180,15 @@ cp real_ip = myself->vpn_ip; } + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending ADD_HOST for " IP_ADDR_S " (" IP_ADDR_S ") to " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(new_host->vpn_ip), IP_ADDR_V(real_ip), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx/%lx:%x %d\n", ADD_HOST, new_host->real_ip, new_host->vpn_ip, new_host->vpn_mask, new_host->port, flags); if((write(cl->meta_socket, buffer, buflen)) < 0) { - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } cp @@ -191,15 +198,15 @@ cp int send_key_changed(conn_list_t *cl, conn_list_t *src) { cp - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Sending KEY_CHANGED to " IP_ADDR_S), - IP_ADDR_V(cl->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending KEY_CHANGED origin " IP_ADDR_S " to " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(src->vpn_ip), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", KEY_CHANGED, src->vpn_ip); if((write(cl->meta_socket, buffer, buflen)) < 0) { - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } cp @@ -219,15 +226,15 @@ cp int send_basic_info(conn_list_t *cl) { cp - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Send BASIC_INFO to " IP_ADDR_S), + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending BASIC_INFO to " IP_ADDR_S), IP_ADDR_V(cl->real_ip)); buflen = snprintf(buffer, MAXBUFSIZE, "%d %d %lx/%lx:%x %d\n", BASIC_INFO, PROT_CURRENT, myself->vpn_ip, myself->vpn_mask, myself->port, myself->flags); if((write(cl->meta_socket, buffer, buflen)) < 0) { - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } cp @@ -240,15 +247,15 @@ int send_passphrase(conn_list_t *cl) cp encrypt_passphrase(&tmp); - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Send PASSPHRASE %s to " IP_ADDR_S), - tmp.phrase, IP_ADDR_V(cl->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending PASSPHRASE to " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); buflen = snprintf(buffer, MAXBUFSIZE, "%d %s\n", PASSPHRASE, tmp.phrase); if((write(cl->meta_socket, buffer, buflen)) < 0) { - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } cp @@ -258,21 +265,22 @@ cp int send_public_key(conn_list_t *cl) { cp - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Send PUBLIC_KEY %s to " IP_ADDR_S), - my_public_key_base36, IP_ADDR_V(cl->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending PUBLIC_KEY to " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); buflen = snprintf(buffer, MAXBUFSIZE, "%d %s\n", PUBLIC_KEY, my_public_key_base36); if((write(cl->meta_socket, buffer, buflen)) < 0) { - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } cp return 0; } +/* WDN doet deze functie? (GS) int send_calculate(conn_list_t *cl, char *k) { cp @@ -280,12 +288,13 @@ cp if((write(cl->meta_socket, buffer, buflen)) < 0) { - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } cp return 0; } +*/ int send_key_request(ip_t to) { @@ -294,20 +303,20 @@ cp fw = lookup_conn(to); if(!fw) { - syslog(LOG_ERR, _("Attempting to send key request to " IP_ADDR_S ", which does not exist?"), + syslog(LOG_ERR, _("Attempting to send REQ_KEY to " IP_ADDR_S ", which does not exist?"), IP_ADDR_V(to)); return -1; } - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Sending out request for public key to " IP_ADDR_S), - IP_ADDR_V(fw->nexthop->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending REQ_KEY to " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(fw->nexthop->vpn_ip), IP_ADDR_V(fw->nexthop->real_ip)); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx\n", REQ_KEY, to, myself->vpn_ip); if((write(fw->nexthop->meta_socket, buffer, buflen)) < 0) { - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } fw->status.waitingforkey = 1; @@ -324,14 +333,14 @@ cp if(!fw) { - syslog(LOG_ERR, _("Attempting to send key answer to " IP_ADDR_S ", which does not exist?"), + syslog(LOG_ERR, _("Attempting to send ANS_KEY to " IP_ADDR_S ", which does not exist?"), IP_ADDR_V(to)); return -1; } - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Sending public key to " IP_ADDR_S), - IP_ADDR_V(fw->nexthop->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending ANS_KEY to " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(fw->nexthop->vpn_ip), IP_ADDR_V(fw->nexthop->real_ip)); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx %d %s\n", ANS_KEY, to, myself->vpn_ip, my_key_expiry, my_public_key_base36); @@ -383,26 +392,23 @@ cp int basic_info_h(conn_list_t *cl) { cp + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got BASIC_INFO from " IP_ADDR_S), IP_ADDR_V(cl->real_ip)); + if(sscanf(cl->buffer, "%*d %d %lx/%lx:%hx %d", &cl->protocol_version, &cl->vpn_ip, &cl->vpn_mask, &cl->port, &cl->flags) != 5) { - syslog(LOG_ERR, _("got bad BASIC_INFO request: %s"), cl->buffer); + syslog(LOG_ERR, _("Got bad BASIC_INFO from " IP_ADDR_S), + IP_ADDR_V(cl->real_ip)); return -1; } if(cl->protocol_version != PROT_CURRENT) { - syslog(LOG_ERR, _("Peer uses incompatible protocol version %d."), + syslog(LOG_ERR, _("Peer uses incompatible protocol version %d"), cl->protocol_version); return -1; } - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("got BASIC_INFO(%hd," IP_ADDR_S "," IP_ADDR_S ")"), cl->port, - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->vpn_mask)); - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Peer uses protocol version %d"), - cl->protocol_version); - if(cl->status.outgoing) { if(setup_vpn_connection(cl) < 0) @@ -426,13 +432,15 @@ cp if(sscanf(cl->buffer, "%*d %as", &(cl->pp->phrase)) != 1) { - syslog(LOG_ERR, _("got bad PASSPHRASE request: %s"), cl->buffer); + syslog(LOG_ERR, _("Got bad PASSPHRASE from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); return -1; } cl->pp->len = strlen(cl->pp->phrase); - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("got PASSPHRASE")); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got PASSPHRASE from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); if(cl->status.outgoing) send_passphrase(cl); @@ -449,23 +457,22 @@ int public_key_h(conn_list_t *cl) cp if(sscanf(cl->buffer, "%*d %as", &g_n) != 1) { - syslog(LOG_ERR, _("got bad PUBLIC_KEY request: %s"), cl->buffer); + syslog(LOG_ERR, _("Got bad PUBLIC_KEY from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); return -1; } - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("got PUBLIC_KEY %s"), g_n); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got PUBLIC_KEY from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); if(verify_passphrase(cl, g_n)) { /* intruder! */ - syslog(LOG_ERR, _("Intruder: passphrase does not match.")); + syslog(LOG_ERR, _("Intruder: passphrase does not match!")); return -1; } - if(debug_lvl > 2) - syslog(LOG_INFO, _("Passphrase OK")); - if(cl->status.outgoing) send_public_key(cl); else @@ -491,11 +498,13 @@ cp int ack_h(conn_list_t *cl) { cp - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("got ACK")); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got ACK from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); cl->status.active = 1; - syslog(LOG_NOTICE, _("Connection with %s activated."), cl->hostname); + syslog(LOG_NOTICE, _("Connection with " IP_ADDR_S " (" IP_ADDR_S ") activated"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); cp return 0; } @@ -503,7 +512,10 @@ cp int termreq_h(conn_list_t *cl) { cp - syslog(LOG_NOTICE, _(IP_ADDR_S " wants to quit"), IP_ADDR_V(cl->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got TERMREQ from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + cl->status.termreq = 1; terminate_connection(cl); @@ -515,8 +527,10 @@ cp int timeout_h(conn_list_t *cl) { cp - if(!cl->status.active) return -1; - syslog(LOG_NOTICE, _(IP_ADDR_S " says it's gotten a timeout from us"), IP_ADDR_V(cl->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got TIMEOUT from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + cl->status.termreq = 1; terminate_connection(cl); cp @@ -532,18 +546,19 @@ cp if(sscanf(cl->buffer, "%*d %lx", &vpn_ip) != 1) { - syslog(LOG_ERR, _("got bad DEL_HOST request: %s"), cl->buffer); + syslog(LOG_ERR, _("Got bad DEL_HOST from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); return -1; } - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("got DEL_HOST for " IP_ADDR_S), - IP_ADDR_V(vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got DEL_HOST for " IP_ADDR_S " from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(vpn_ip), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); if(!(fw = lookup_conn(vpn_ip))) { - syslog(LOG_ERR, _("Somebody wanted to delete " IP_ADDR_S " which does not exist?"), - IP_ADDR_V(vpn_ip)); + syslog(LOG_ERR, _("Got DEL_HOST for " IP_ADDR_S " from " IP_ADDR_S " (" IP_ADDR_S ") which does not exist?"), + IP_ADDR_V(vpn_ip), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); return 0; } @@ -558,9 +573,10 @@ cp int ping_h(conn_list_t *cl) { cp - if(!cl->status.active) return -1; - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("responding to ping from " IP_ADDR_S), IP_ADDR_V(cl->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got PING from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + cl->status.pinged = 0; cl->status.got_pong = 1; @@ -572,9 +588,10 @@ cp int pong_h(conn_list_t *cl) { cp - if(!cl->status.active) return -1; - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("ok, got pong from " IP_ADDR_S), IP_ADDR_V(cl->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got PONG from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + cl->status.got_pong = 1; cp return 0; @@ -593,15 +610,14 @@ cp return -1; if(sscanf(cl->buffer, "%*d %lx %lx/%lx:%hx %d", &real_ip, &vpn_ip, &vpn_mask, &port, &flags) != 5) { - syslog(LOG_ERR, _("got bad ADD_HOST request: %s"), cl->buffer); + syslog(LOG_ERR, _("Got bad ADD_HOST from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); return -1; } - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Add host request from " IP_ADDR_S), IP_ADDR_V(cl->vpn_ip)); - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("got ADD_HOST(" IP_ADDR_S "," IP_ADDR_S ",%hd)"), - IP_ADDR_V(vpn_ip), IP_ADDR_V(vpn_mask), port); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got ADD_HOST from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); /* Suggestion of Hans Bayle @@ -611,9 +627,8 @@ cp if(fw->nexthop == cl) notify_others(fw, cl, send_add_host); else - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Invalid add_host request from " IP_ADDR_S), - IP_ADDR_V(cl->vpn_ip)); + syslog(LOG_DEBUG, _("Invalid ADD_HOST from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); return 0; } @@ -623,7 +638,6 @@ cp ncn->vpn_mask = vpn_mask; ncn->port = port; ncn->flags = flags; - ncn->hostname = hostlookup(real_ip); ncn->nexthop = cl; ncn->next = conn_list; conn_list = ncn; @@ -642,13 +656,14 @@ cp if(!cl->status.active) return -1; if(sscanf(cl->buffer, "%*d %lx %lx", &to, &from) != 2) { - syslog(LOG_ERR, _("got bad request: %s"), cl->buffer); + syslog(LOG_ERR, _("Got bad REQ_KEY from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); return -1; } - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("got REQ_KEY from " IP_ADDR_S " for " IP_ADDR_S), - IP_ADDR_V(from), IP_ADDR_V(to)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got REQ_KEY origin " IP_ADDR_S " destination " IP_ADDR_S " from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(from), IP_ADDR_V(to), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); if((to & myself->vpn_mask) == (myself->vpn_ip & myself->vpn_mask)) { /* hey! they want something from ME! :) */ @@ -660,20 +675,20 @@ cp if(!fw) { - syslog(LOG_ERR, _("Attempting to forward key request to " IP_ADDR_S ", which does not exist?"), + syslog(LOG_ERR, _("Attempting to forward REQ_KEY to " IP_ADDR_S ", which does not exist?"), IP_ADDR_V(to)); return -1; } - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("Forwarding request for public key to " IP_ADDR_S), - IP_ADDR_V(fw->nexthop->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Forwarding REQ_KEY to " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(fw->nexthop->vpn_ip), IP_ADDR_V(fw->nexthop->real_ip)); cl->buffer[cl->reqlen-1] = '\n'; if(write(fw->nexthop->meta_socket, cl->buffer, cl->reqlen) < 0) { - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } cp @@ -726,23 +741,22 @@ cp if(!cl->status.active) return -1; if(sscanf(cl->buffer, "%*d %lx %lx %d %as", &to, &from, &expiry, &key) != 4) { - syslog(LOG_ERR, _("got bad ANS_KEY request: %s"), cl->buffer); + syslog(LOG_ERR, _("Got bad ANS_KEY from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); return -1; } - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("got ANS_KEY from " IP_ADDR_S " for " IP_ADDR_S), - IP_ADDR_V(from), IP_ADDR_V(to)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got ANS_KEY origin " IP_ADDR_S " destination " IP_ADDR_S " from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(from), IP_ADDR_V(to), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); if(to == myself->vpn_ip) { /* hey! that key's for ME! :) */ - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Yeah! key arrived. Now do something with it.")); gk = lookup_conn(from); if(!gk) { - syslog(LOG_ERR, _("Receiving key from " IP_ADDR_S ", which does not exist?"), + syslog(LOG_ERR, _("Receiving ANS_KEY from " IP_ADDR_S ", which does not exist?"), IP_ADDR_V(from)); return -1; } @@ -758,20 +772,20 @@ cp if(!fw) { - syslog(LOG_ERR, _("Attempting to forward key to " IP_ADDR_S ", which does not exist?"), + syslog(LOG_ERR, _("Attempting to forward ANS_KEY to " IP_ADDR_S ", which does not exist?"), IP_ADDR_V(to)); return -1; } - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Forwarding public key to " IP_ADDR_S), - IP_ADDR_V(fw->nexthop->vpn_ip)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Forwarding ANS_KEY to " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(fw->nexthop->vpn_ip), IP_ADDR_V(fw->nexthop->real_ip)); cl->buffer[cl->reqlen-1] = '\n'; if((write(fw->nexthop->meta_socket, cl->buffer, cl->reqlen)) < 0) { - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } cp @@ -786,19 +800,20 @@ cp if(!cl->status.active) return -1; if(sscanf(cl->buffer, "%*d %lx", &from) != 1) { - syslog(LOG_ERR, _("got bad ANS_KEY request: %s"), cl->buffer); + syslog(LOG_ERR, _("Got bad KEY_CHANGED from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); return -1; } - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("got KEY_CHANGED from " IP_ADDR_S), - IP_ADDR_V(from)); + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got KEY_CHANGED origin " IP_ADDR_S " from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(from), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); ik = lookup_conn(from); if(!ik) { - syslog(LOG_ERR, _("Got changed key from " IP_ADDR_S ", which does not exist?"), + syslog(LOG_ERR, _("Got KEY_CHANGED from " IP_ADDR_S ", which does not exist?"), IP_ADDR_V(from)); return -1; } @@ -806,9 +821,6 @@ cp ik->status.validkey = 0; ik->status.waitingforkey = 0; - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("Forwarding key invalidation request")); - notify_others(cl, ik, send_key_changed); cp return 0; diff --git a/src/tincd.c b/src/tincd.c index 2a7b63ef..c9cd09ee 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10 2000/05/31 18:23:06 zarq Exp $ + $Id: tincd.c,v 1.10.4.1 2000/06/25 15:16:12 guus Exp $ */ #include "config.h" @@ -156,7 +156,7 @@ parse_options(int argc, char **argv, char **envp) void memory_full(int size) { - syslog(LOG_ERR, _("Memory exhausted (last is %s:%d) (couldn't allocate %d bytes); exiting."), cp_file, cp_line, size); + syslog(LOG_ERR, _("Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting."), cp_file, cp_line, size); exit(1); } @@ -210,11 +210,11 @@ int detach(void) openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); - if(debug_lvl > 1) - syslog(LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d."), + if(debug_lvl > 0) + syslog(LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d"), VERSION, __DATE__, __TIME__, debug_lvl); else - syslog(LOG_NOTICE, _("tincd %s starting, debug level %d."), VERSION, debug_lvl); + syslog(LOG_NOTICE, _("tincd %s starting"), VERSION, debug_lvl); xalloc_fail_func = memory_full; @@ -229,7 +229,7 @@ void cleanup_and_exit(int c) close_network_connections(); if(debug_lvl > 0) - syslog(LOG_INFO, _("Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d."), + syslog(LOG_INFO, _("Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d"), total_tap_out, total_socket_out, total_tap_in, total_socket_in); closelog(); @@ -410,10 +410,10 @@ RETSIGTYPE sigsegv_handler(int a) { if(cp_file) - syslog(LOG_NOTICE, _("Got SEGV signal after %s line %d. Trying to re-execute."), + syslog(LOG_NOTICE, _("Got SEGV signal after %s line %d, trying to re-execute"), cp_file, cp_line); else - syslog(LOG_NOTICE, _("Got SEGV signal; trying to re-execute.")); + syslog(LOG_NOTICE, _("Got SEGV signal, trying to re-execute")); signal(SIGSEGV, sigsegv_square); @@ -458,10 +458,10 @@ RETSIGTYPE sighuh(int a) { if(cp_file) - syslog(LOG_NOTICE, _("Got unexpected signal (%d) after %s line %d."), + syslog(LOG_NOTICE, _("Got unexpected signal %d after %s line %d"), a, cp_file, cp_line); else - syslog(LOG_NOTICE, _("Got unexpected signal (%d)."), a); + syslog(LOG_NOTICE, _("Got unexpected signal %d"), a); } void From 7648bc606596851942dd6437ddaa93f53ab20f09 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 25 Jun 2000 15:22:16 +0000 Subject: [PATCH 010/923] Added CVS Id tags to header files. --- src/encr.h | 2 ++ src/net.h | 2 ++ src/netutl.h | 2 ++ src/protocol.h | 2 ++ 4 files changed, 8 insertions(+) diff --git a/src/encr.h b/src/encr.h index 227c2c8c..77e9923c 100644 --- a/src/encr.h +++ b/src/encr.h @@ -15,6 +15,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: encr.h,v 1.2.4.1 2000/06/25 15:22:16 guus Exp $ */ #ifndef __TINC_ENCR_H__ diff --git a/src/net.h b/src/net.h index dbf081f7..35b500ff 100644 --- a/src/net.h +++ b/src/net.h @@ -15,6 +15,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: net.h,v 1.9.4.3 2000/06/25 15:22:16 guus Exp $ */ #ifndef __TINC_NET_H__ diff --git a/src/netutl.h b/src/netutl.h index f2187406..932814fa 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -15,6 +15,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: netutl.h,v 1.2.4.1 2000/06/25 15:22:16 guus Exp $ */ #ifndef __TINC_NETUTL_H__ diff --git a/src/protocol.h b/src/protocol.h index 89da86da..c9137d69 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -15,6 +15,8 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: protocol.h,v 1.5.4.2 2000/06/25 15:22:16 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ From d8d2b83350e890adae9c9cede6e21ea4169abe00 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 25 Jun 2000 15:42:40 +0000 Subject: [PATCH 011/923] Changed version number to 1.0pre3. --- debian/changelog | 6 ++++++ redhat/tinc.spec | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 6d158d2e..f89acaeb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +tinc (1.0pre3-1) unstable; urgency=low + + * + + -- Ivo Timmermans Sun, 25 Jun 2000 00:00:00 +0200 + tinc (1.0pre2-1) unstable; urgency=low * postinst creates a file /etc/tinc/nets.boot, containing all networks diff --git a/redhat/tinc.spec b/redhat/tinc.spec index eab43466..e5dfb76f 100644 --- a/redhat/tinc.spec +++ b/redhat/tinc.spec @@ -1,6 +1,6 @@ Summary: tinc Virtual Private Network daemon Name: tinc -Version: 1.0pre2 +Version: 1.0pre3 Release: 1 Copyright: GPL Group: System Environment/Daemons From e4b586ed070908f866a450292f9759004e6affa8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 25 Jun 2000 15:45:09 +0000 Subject: [PATCH 012/923] - Log possible spoofing attacks. - Don't broadcast DEL_HOSTs for hosts that haven't been activated yet. - If a host sends a TERMREQ, deactivate them. --- src/protocol.c | 75 ++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 67 insertions(+), 8 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 199bd7c8..b76dbd42 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.2 2000/06/25 15:16:12 guus Exp $ + $Id: protocol.c,v 1.28.4.3 2000/06/25 15:45:09 guus Exp $ */ #include "config.h" @@ -512,14 +512,24 @@ cp int termreq_h(conn_list_t *cl) { cp + if(!cl->status.active) + { + syslog(LOG_ERR, _("Got unauthorized TERMREQ from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + return -1; + } + if(debug_lvl > 1) syslog(LOG_DEBUG, _("Got TERMREQ from " IP_ADDR_S " (" IP_ADDR_S ")"), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); cl->status.termreq = 1; - terminate_connection(cl); + cl->status.active = 0; - notify_others(cl, NULL, send_del_host); + if(cl->status.active) + notify_others(cl, NULL, send_del_host); + + terminate_connection(cl); cp return 0; } @@ -527,6 +537,13 @@ cp int timeout_h(conn_list_t *cl) { cp + if(!cl->status.active) + { + syslog(LOG_ERR, _("Got unauthorized TIMEOUT from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + return -1; + } + if(debug_lvl > 1) syslog(LOG_DEBUG, _("Got TIMEOUT from " IP_ADDR_S " (" IP_ADDR_S ")"), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); @@ -542,7 +559,12 @@ int del_host_h(conn_list_t *cl) ip_t vpn_ip; conn_list_t *fw; cp - if(!cl->status.active) return -1; + if(!cl->status.active) + { + syslog(LOG_ERR, _("Got unauthorized DEL_HOST from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + return -1; + } if(sscanf(cl->buffer, "%*d %lx", &vpn_ip) != 1) { @@ -573,6 +595,13 @@ cp int ping_h(conn_list_t *cl) { cp + if(!cl->status.active) + { + syslog(LOG_ERR, _("Got unauthorized PING from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + return -1; + } + if(debug_lvl > 1) syslog(LOG_DEBUG, _("Got PING from " IP_ADDR_S " (" IP_ADDR_S ")"), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); @@ -588,6 +617,13 @@ cp int pong_h(conn_list_t *cl) { cp + if(!cl->status.active) + { + syslog(LOG_ERR, _("Got unauthorized PONG from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + return -1; + } + if(debug_lvl > 1) syslog(LOG_DEBUG, _("Got PONG from " IP_ADDR_S " (" IP_ADDR_S ")"), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); @@ -607,7 +643,12 @@ int add_host_h(conn_list_t *cl) conn_list_t *ncn, *fw; cp if(!cl->status.active) - return -1; + { + syslog(LOG_ERR, _("Got unauthorized ADD_HOST from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + return -1; + } + if(sscanf(cl->buffer, "%*d %lx %lx/%lx:%hx %d", &real_ip, &vpn_ip, &vpn_mask, &port, &flags) != 5) { syslog(LOG_ERR, _("Got bad ADD_HOST from " IP_ADDR_S " (" IP_ADDR_S ")"), @@ -653,7 +694,13 @@ int req_key_h(conn_list_t *cl) ip_t from; conn_list_t *fw; cp - if(!cl->status.active) return -1; + if(!cl->status.active) + { + syslog(LOG_ERR, _("Got unauthorized REQ_KEY from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + return -1; + } + if(sscanf(cl->buffer, "%*d %lx %lx", &to, &from) != 2) { syslog(LOG_ERR, _("Got bad REQ_KEY from " IP_ADDR_S " (" IP_ADDR_S ")"), @@ -738,7 +785,13 @@ int ans_key_h(conn_list_t *cl) char *key; conn_list_t *fw, *gk; cp - if(!cl->status.active) return -1; + if(!cl->status.active) + { + syslog(LOG_ERR, _("Got unauthorized ANS_KEY from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + return -1; + } + if(sscanf(cl->buffer, "%*d %lx %lx %d %as", &to, &from, &expiry, &key) != 4) { syslog(LOG_ERR, _("Got bad ANS_KEY from " IP_ADDR_S " (" IP_ADDR_S ")"), @@ -797,7 +850,13 @@ int key_changed_h(conn_list_t *cl) ip_t from; conn_list_t *ik; cp - if(!cl->status.active) return -1; + if(!cl->status.active) + { + syslog(LOG_ERR, _("Got unauthorized KEY_CHANGED from " IP_ADDR_S " (" IP_ADDR_S ")"), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + return -1; + } + if(sscanf(cl->buffer, "%*d %lx", &from) != 1) { syslog(LOG_ERR, _("Got bad KEY_CHANGED from " IP_ADDR_S " (" IP_ADDR_S ")"), From 54079bdf03e74c686f556f86082b9d14b5be227c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 25 Jun 2000 16:01:12 +0000 Subject: [PATCH 013/923] Hostnames are back! --- src/net.c | 26 +++---- src/net.h | 4 +- src/netutl.c | 6 +- src/protocol.c | 196 +++++++++++++++++++++++++------------------------ 4 files changed, 118 insertions(+), 114 deletions(-) diff --git a/src/net.c b/src/net.c index 1fee46b8..f1c15906 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.3 2000/06/25 15:16:11 guus Exp $ + $Id: net.c,v 1.35.4.4 2000/06/25 16:01:11 guus Exp $ */ #include "config.h" @@ -873,8 +873,8 @@ cp return; if(debug_lvl > 0) - syslog(LOG_NOTICE, _("Closing connection with " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_NOTICE, _("Closing connection with " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); if(cl->status.timeout) send_timeout(cl); @@ -943,8 +943,8 @@ cp if(p->status.pinged && !p->status.got_pong) { if(debug_lvl > 1) - syslog(LOG_INFO, _(IP_ADDR_S " (" IP_ADDR_S ") didn't respond to ping"), - IP_ADDR_V(p->vpn_ip), IP_ADDR_V(p->real_ip)); + syslog(LOG_INFO, _(IP_ADDR_S " (%s) didn't respond to ping"), + IP_ADDR_V(p->vpn_ip), p->hostname); p->status.timeout = 1; terminate_connection(p); } @@ -1047,28 +1047,28 @@ cp if(cl->reqlen) { if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Got request from " IP_ADDR_S " (" IP_ADDR_S "): %s"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip), cl->buffer); + syslog(LOG_DEBUG, _("Got request from " IP_ADDR_S " (%s): %s"), + IP_ADDR_V(cl->vpn_ip), cl->hostname, cl->buffer); if(sscanf(cl->buffer, "%d", &request) == 1) { if((request < 0) || (request > 255) || (request_handlers[request] == NULL)) { - syslog(LOG_ERR, _("Unknown request from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Unknown request from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */ { - syslog(LOG_ERR, _("Error while processing request from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Error while processing request from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } } else { - syslog(LOG_ERR, _("Bogus data received from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Bogus data received from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } diff --git a/src/net.h b/src/net.h index 35b500ff..3d0dbff7 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.3 2000/06/25 15:22:16 guus Exp $ + $Id: net.h,v 1.9.4.4 2000/06/25 16:01:12 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -106,7 +106,7 @@ typedef struct conn_list_t { ip_t vpn_ip; /* his vpn ip */ ip_t vpn_mask; /* his vpn network address */ ip_t real_ip; /* his real (internet) ip */ -/* char *hostname; /* the hostname of its real ip */ + char *hostname; /* the hostname of its real ip */ short unsigned int port; /* his portnumber */ int flags; /* his flags */ int socket; /* our udp vpn socket */ diff --git a/src/netutl.c b/src/netutl.c index 2ca01ca3..e57ff388 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.1 2000/06/25 15:16:12 guus Exp $ + $Id: netutl.c,v 1.12.4.2 2000/06/25 16:01:12 guus Exp $ */ #include "config.h" @@ -158,9 +158,10 @@ cp cp } -/* Hostlookups stink. (GS) +/* look up the name associated with the ip address `addr' +*/ char *hostlookup(unsigned long addr) { @@ -193,7 +194,6 @@ cp cp return name; } -*/ /* Turn a string into an IP addy with netmask diff --git a/src/protocol.c b/src/protocol.c index b76dbd42..e772d044 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.3 2000/06/25 15:45:09 guus Exp $ + $Id: protocol.c,v 1.28.4.4 2000/06/25 16:01:12 guus Exp $ */ #include "config.h" @@ -51,8 +51,8 @@ int send_ack(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending ACK to " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Sending ACK to " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d\n", ACK); @@ -62,8 +62,8 @@ cp return -1; } - syslog(LOG_NOTICE, _("Connection with " IP_ADDR_S " (" IP_ADDR_S ") activated"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_NOTICE, _("Connection with " IP_ADDR_S " (%s) activated"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); cp return 0; } @@ -72,8 +72,8 @@ int send_termreq(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending TERMREQ to " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Sending TERMREQ to " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", TERMREQ, myself->vpn_ip); @@ -91,8 +91,8 @@ int send_timeout(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending TIMEOUT to " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Sending TIMEOUT to " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", PINGTIMEOUT, myself->vpn_ip); @@ -109,8 +109,8 @@ int send_del_host(conn_list_t *cl, conn_list_t *new_host) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending DEL_HOST for " IP_ADDR_S " to " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(new_host->vpn_ip), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Sending DEL_HOST for " IP_ADDR_S " to " IP_ADDR_S " (%s)"), + IP_ADDR_V(new_host->vpn_ip), IP_ADDR_V(cl->vpn_ip), cl->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", DEL_HOST, new_host->vpn_ip); @@ -127,8 +127,8 @@ int send_ping(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending PING to " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Sending PING to " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d\n", PING); @@ -145,8 +145,8 @@ int send_pong(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending PONG to " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Sending PONG to " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d\n", PONG); @@ -163,8 +163,10 @@ int send_add_host(conn_list_t *cl, conn_list_t *new_host) { ip_t real_ip; int flags; + char *hostname; cp real_ip = new_host->real_ip; + hostname = new_host->hostname; flags = new_host->flags; /* If we need to propagate information about a new host that wants us to export @@ -178,11 +180,12 @@ cp flags &= ~EXPORTINDIRECTDATA; flags |= INDIRECTDATA; real_ip = myself->vpn_ip; + hostname = myself->hostname; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending ADD_HOST for " IP_ADDR_S " (" IP_ADDR_S ") to " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(new_host->vpn_ip), IP_ADDR_V(real_ip), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Sending ADD_HOST for " IP_ADDR_S " (%s) to " IP_ADDR_S " (%s)"), + IP_ADDR_V(new_host->vpn_ip), hostname, IP_ADDR_V(cl->vpn_ip), cl->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx/%lx:%x %d\n", ADD_HOST, new_host->real_ip, new_host->vpn_ip, new_host->vpn_mask, new_host->port, flags); @@ -199,8 +202,8 @@ int send_key_changed(conn_list_t *cl, conn_list_t *src) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending KEY_CHANGED origin " IP_ADDR_S " to " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(src->vpn_ip), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Sending KEY_CHANGED origin " IP_ADDR_S " to " IP_ADDR_S " (%s)"), + IP_ADDR_V(src->vpn_ip), IP_ADDR_V(cl->vpn_ip), cl->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", KEY_CHANGED, src->vpn_ip); @@ -228,7 +231,7 @@ int send_basic_info(conn_list_t *cl) cp if(debug_lvl > 1) syslog(LOG_DEBUG, _("Sending BASIC_INFO to " IP_ADDR_S), - IP_ADDR_V(cl->real_ip)); + cl->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %d %lx/%lx:%x %d\n", BASIC_INFO, PROT_CURRENT, myself->vpn_ip, myself->vpn_mask, myself->port, myself->flags); @@ -248,8 +251,8 @@ cp encrypt_passphrase(&tmp); if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending PASSPHRASE to " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Sending PASSPHRASE to " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %s\n", PASSPHRASE, tmp.phrase); @@ -266,8 +269,8 @@ int send_public_key(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending PUBLIC_KEY to " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Sending PUBLIC_KEY to " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %s\n", PUBLIC_KEY, my_public_key_base36); @@ -309,8 +312,8 @@ cp } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending REQ_KEY to " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(fw->nexthop->vpn_ip), IP_ADDR_V(fw->nexthop->real_ip)); + syslog(LOG_DEBUG, _("Sending REQ_KEY to " IP_ADDR_S " (%s)"), + IP_ADDR_V(fw->nexthop->vpn_ip), fw->nexthop->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx\n", REQ_KEY, to, myself->vpn_ip); @@ -339,8 +342,8 @@ cp } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending ANS_KEY to " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(fw->nexthop->vpn_ip), IP_ADDR_V(fw->nexthop->real_ip)); + syslog(LOG_DEBUG, _("Sending ANS_KEY to " IP_ADDR_S " (%s)"), + IP_ADDR_V(fw->nexthop->vpn_ip), fw->nexthop->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx %d %s\n", ANS_KEY, to, myself->vpn_ip, my_key_expiry, my_public_key_base36); @@ -393,12 +396,12 @@ int basic_info_h(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got BASIC_INFO from " IP_ADDR_S), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Got BASIC_INFO from " IP_ADDR_S), cl->hostname); if(sscanf(cl->buffer, "%*d %d %lx/%lx:%hx %d", &cl->protocol_version, &cl->vpn_ip, &cl->vpn_mask, &cl->port, &cl->flags) != 5) { syslog(LOG_ERR, _("Got bad BASIC_INFO from " IP_ADDR_S), - IP_ADDR_V(cl->real_ip)); + cl->hostname); return -1; } @@ -432,15 +435,15 @@ cp if(sscanf(cl->buffer, "%*d %as", &(cl->pp->phrase)) != 1) { - syslog(LOG_ERR, _("Got bad PASSPHRASE from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got bad PASSPHRASE from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } cl->pp->len = strlen(cl->pp->phrase); if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got PASSPHRASE from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Got PASSPHRASE from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); if(cl->status.outgoing) send_passphrase(cl); @@ -457,14 +460,14 @@ int public_key_h(conn_list_t *cl) cp if(sscanf(cl->buffer, "%*d %as", &g_n) != 1) { - syslog(LOG_ERR, _("Got bad PUBLIC_KEY from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got bad PUBLIC_KEY from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got PUBLIC_KEY from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Got PUBLIC_KEY from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); if(verify_passphrase(cl, g_n)) { @@ -499,12 +502,12 @@ int ack_h(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got ACK from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Got ACK from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); cl->status.active = 1; - syslog(LOG_NOTICE, _("Connection with " IP_ADDR_S " (" IP_ADDR_S ") activated"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_NOTICE, _("Connection with " IP_ADDR_S " (%s) activated"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); cp return 0; } @@ -514,14 +517,14 @@ int termreq_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized TERMREQ from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got unauthorized TERMREQ from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got TERMREQ from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Got TERMREQ from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); cl->status.termreq = 1; cl->status.active = 0; @@ -539,14 +542,14 @@ int timeout_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized TIMEOUT from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got unauthorized TIMEOUT from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got TIMEOUT from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Got TIMEOUT from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); cl->status.termreq = 1; terminate_connection(cl); @@ -561,26 +564,26 @@ int del_host_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized DEL_HOST from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got unauthorized DEL_HOST from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(sscanf(cl->buffer, "%*d %lx", &vpn_ip) != 1) { - syslog(LOG_ERR, _("Got bad DEL_HOST from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got bad DEL_HOST from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got DEL_HOST for " IP_ADDR_S " from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(vpn_ip), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Got DEL_HOST for " IP_ADDR_S " from " IP_ADDR_S " (%s)"), + IP_ADDR_V(vpn_ip), IP_ADDR_V(cl->vpn_ip), cl->hostname); if(!(fw = lookup_conn(vpn_ip))) { - syslog(LOG_ERR, _("Got DEL_HOST for " IP_ADDR_S " from " IP_ADDR_S " (" IP_ADDR_S ") which does not exist?"), - IP_ADDR_V(vpn_ip), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got DEL_HOST for " IP_ADDR_S " from " IP_ADDR_S " (%s) which does not exist?"), + IP_ADDR_V(vpn_ip), IP_ADDR_V(cl->vpn_ip), cl->hostname); return 0; } @@ -597,14 +600,14 @@ int ping_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized PING from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got unauthorized PING from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got PING from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Got PING from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); cl->status.pinged = 0; cl->status.got_pong = 1; @@ -619,14 +622,14 @@ int pong_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized PONG from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got unauthorized PONG from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got PONG from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Got PONG from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); cl->status.got_pong = 1; cp @@ -644,21 +647,21 @@ int add_host_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized ADD_HOST from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got unauthorized ADD_HOST from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(sscanf(cl->buffer, "%*d %lx %lx/%lx:%hx %d", &real_ip, &vpn_ip, &vpn_mask, &port, &flags) != 5) { - syslog(LOG_ERR, _("Got bad ADD_HOST from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got bad ADD_HOST from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got ADD_HOST from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Got ADD_HOST from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); /* Suggestion of Hans Bayle @@ -668,13 +671,14 @@ cp if(fw->nexthop == cl) notify_others(fw, cl, send_add_host); else - syslog(LOG_DEBUG, _("Invalid ADD_HOST from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Invalid ADD_HOST from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return 0; } ncn = new_conn_list(); ncn->real_ip = real_ip; + ncn->hostname = hostlookup(real_ip); ncn->vpn_ip = vpn_ip; ncn->vpn_mask = vpn_mask; ncn->port = port; @@ -696,21 +700,21 @@ int req_key_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized REQ_KEY from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got unauthorized REQ_KEY from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(sscanf(cl->buffer, "%*d %lx %lx", &to, &from) != 2) { - syslog(LOG_ERR, _("Got bad REQ_KEY from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got bad REQ_KEY from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got REQ_KEY origin " IP_ADDR_S " destination " IP_ADDR_S " from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(from), IP_ADDR_V(to), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Got REQ_KEY origin " IP_ADDR_S " destination " IP_ADDR_S " from " IP_ADDR_S " (%s)"), + IP_ADDR_V(from), IP_ADDR_V(to), IP_ADDR_V(cl->vpn_ip), cl->hostname); if((to & myself->vpn_mask) == (myself->vpn_ip & myself->vpn_mask)) { /* hey! they want something from ME! :) */ @@ -728,8 +732,8 @@ cp } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Forwarding REQ_KEY to " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(fw->nexthop->vpn_ip), IP_ADDR_V(fw->nexthop->real_ip)); + syslog(LOG_DEBUG, _("Forwarding REQ_KEY to " IP_ADDR_S " (%s)"), + IP_ADDR_V(fw->nexthop->vpn_ip), fw->nexthop->hostname); cl->buffer[cl->reqlen-1] = '\n'; @@ -787,21 +791,21 @@ int ans_key_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized ANS_KEY from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got unauthorized ANS_KEY from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(sscanf(cl->buffer, "%*d %lx %lx %d %as", &to, &from, &expiry, &key) != 4) { - syslog(LOG_ERR, _("Got bad ANS_KEY from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got bad ANS_KEY from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got ANS_KEY origin " IP_ADDR_S " destination " IP_ADDR_S " from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(from), IP_ADDR_V(to), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Got ANS_KEY origin " IP_ADDR_S " destination " IP_ADDR_S " from " IP_ADDR_S " (%s)"), + IP_ADDR_V(from), IP_ADDR_V(to), IP_ADDR_V(cl->vpn_ip), cl->hostname); if(to == myself->vpn_ip) { /* hey! that key's for ME! :) */ @@ -831,8 +835,8 @@ cp } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Forwarding ANS_KEY to " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(fw->nexthop->vpn_ip), IP_ADDR_V(fw->nexthop->real_ip)); + syslog(LOG_DEBUG, _("Forwarding ANS_KEY to " IP_ADDR_S " (%s)"), + IP_ADDR_V(fw->nexthop->vpn_ip), fw->nexthop->hostname); cl->buffer[cl->reqlen-1] = '\n'; @@ -852,21 +856,21 @@ int key_changed_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized KEY_CHANGED from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got unauthorized KEY_CHANGED from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(sscanf(cl->buffer, "%*d %lx", &from) != 1) { - syslog(LOG_ERR, _("Got bad KEY_CHANGED from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_ERR, _("Got bad KEY_CHANGED from " IP_ADDR_S " (%s)"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got KEY_CHANGED origin " IP_ADDR_S " from " IP_ADDR_S " (" IP_ADDR_S ")"), - IP_ADDR_V(from), IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Got KEY_CHANGED origin " IP_ADDR_S " from " IP_ADDR_S " (%s)"), + IP_ADDR_V(from), IP_ADDR_V(cl->vpn_ip), cl->hostname); ik = lookup_conn(from); From f1f901112e44beaecd3037dae27407ea83edd86e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 25 Jun 2000 16:20:27 +0000 Subject: [PATCH 014/923] Hostlookup() is actually being called now. --- src/net.c | 7 ++++--- src/protocol.c | 6 +++--- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/net.c b/src/net.c index f1c15906..57c61cc7 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.4 2000/06/25 16:01:11 guus Exp $ + $Id: net.c,v 1.35.4.5 2000/06/25 16:20:27 guus Exp $ */ #include "config.h" @@ -754,14 +754,15 @@ cp } p->real_ip = ntohl(ci.sin_addr.s_addr); + p->hostname = hostlookup(ci.sin_addr.s_addr); p->meta_socket = sfd; p->status.meta = 1; p->buflen = 0; p->last_ping_time = time(NULL); p->want_ping = 0; - syslog(LOG_NOTICE, _("Connection from " IP_ADDR_S ":%d"), - IP_ADDR_V(p->real_ip), htons(ci.sin_port)); + syslog(LOG_NOTICE, _("Connection from %s port %d"), + p->hostname, htons(ci.sin_port)); if(send_basic_info(p) < 0) { diff --git a/src/protocol.c b/src/protocol.c index e772d044..e34ee407 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.4 2000/06/25 16:01:12 guus Exp $ + $Id: protocol.c,v 1.28.4.5 2000/06/25 16:20:27 guus Exp $ */ #include "config.h" @@ -230,7 +230,7 @@ int send_basic_info(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending BASIC_INFO to " IP_ADDR_S), + syslog(LOG_DEBUG, _("Sending BASIC_INFO to %s"), cl->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %d %lx/%lx:%x %d\n", BASIC_INFO, PROT_CURRENT, myself->vpn_ip, myself->vpn_mask, myself->port, myself->flags); @@ -396,7 +396,7 @@ int basic_info_h(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got BASIC_INFO from " IP_ADDR_S), cl->hostname); + syslog(LOG_DEBUG, _("Got BASIC_INFO from %s"), cl->hostname); if(sscanf(cl->buffer, "%*d %d %lx/%lx:%hx %d", &cl->protocol_version, &cl->vpn_ip, &cl->vpn_mask, &cl->port, &cl->flags) != 5) { From a473ece8a0d83be5f7992888a6a3ff938dc4fb72 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 25 Jun 2000 16:39:17 +0000 Subject: [PATCH 015/923] - More verbose connection list - Added "myself" as hostname when logging indirect ADD_HOSTs --- src/netutl.c | 6 +++--- src/protocol.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/netutl.c b/src/netutl.c index e57ff388..ee8ca324 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.2 2000/06/25 16:01:12 guus Exp $ + $Id: netutl.c,v 1.12.4.3 2000/06/25 16:39:16 guus Exp $ */ #include "config.h" @@ -243,8 +243,8 @@ cp for(p = conn_list; p != NULL; p = p->next) { - syslog(LOG_DEBUG, " " IP_ADDR_S "/" IP_ADDR_S ": %04x (%d|%d)", - IP_ADDR_V(p->vpn_ip), IP_ADDR_V(p->vpn_mask), p->status, + syslog(LOG_DEBUG, " " IP_ADDR_S "/" IP_ADDR_S " at %s status %04x flags %04x sockets %d, %d", + IP_ADDR_V(p->vpn_ip), IP_ADDR_V(p->vpn_mask), p->hostname, p->status, p->flags, p->socket, p->meta_socket); } cp diff --git a/src/protocol.c b/src/protocol.c index e34ee407..e70e5cb1 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.5 2000/06/25 16:20:27 guus Exp $ + $Id: protocol.c,v 1.28.4.6 2000/06/25 16:39:17 guus Exp $ */ #include "config.h" @@ -180,7 +180,7 @@ cp flags &= ~EXPORTINDIRECTDATA; flags |= INDIRECTDATA; real_ip = myself->vpn_ip; - hostname = myself->hostname; + hostname = "myself"; } if(debug_lvl > 1) From 03af6d8c8056d0b7006f7d8fb19bb33d303ac8f9 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 25 Jun 2000 20:52:29 +0000 Subject: [PATCH 016/923] Version 1.0pre3. --- configure.in | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 configure.in diff --git a/configure.in b/configure.in new file mode 100644 index 00000000..92d6dfff --- /dev/null +++ b/configure.in @@ -0,0 +1,84 @@ +dnl Process this file with autoconf to produce a configure script. + +dnl $Id: configure.in,v 1.13.2.1 2000/06/25 20:52:29 zarq Exp $ + +AC_INIT(src/tincd.c) +AM_INIT_AUTOMAKE(tinc, 1.0pre3) +AM_CONFIG_HEADER(config.h) + +dnl Include the macros from the m4/ directory +AM_ACLOCAL_INCLUDE(m4) + +# Enable GNU extensions. +# Define this here, not in acconfig's @TOP@ section, since definitions +# in the latter don't make it into the configure-time tests. +AC_DEFINE([_GNU_SOURCE], [__USE_BSD]) + +ALL_LINGUAS="nl" + +dnl Checks for programs. +AC_PROG_CC +AC_PROG_CPP +AC_PROG_GCC_TRADITIONAL +AC_PROG_AWK +AC_PROG_INSTALL +AC_PROG_LN_S +AC_PROG_MAKE_SET +jm_PERL +AM_PROG_LIBTOOL + +AC_ISC_POSIX + +dnl Checks for libraries. + +dnl Checks for header files. +AC_HEADER_STDC +AC_CHECK_HEADERS(fcntl.h limits.h sys/ioctl.h syslog.h unistd.h gmp.h gmp2/gmp.h \ +sys/time.h) + +dnl Checks for typedefs, structures, and compiler characteristics. +AC_C_CONST +AC_TYPE_PID_T +AC_TYPE_SIZE_T +AC_HEADER_TIME +AC_STRUCT_TM + +dnl Checks for library functions. +AC_FUNC_MEMCMP +AC_FUNC_ALLOCA +AC_TYPE_SIGNAL +AC_CHECK_FUNCS(ftime socket select strtol strerror) +jm_FUNC_MALLOC +jm_FUNC_REALLOC + +AM_GNU_GETTEXT + +# Check for the GNU Multi Precision Library +libgmp=none +AC_CHECK_LIB(gmp, mpz_powm, [ + libgmp=gmp +]) +AC_CHECK_LIB(gmp2, mpz_powm, [ + libgmp=gmp2 +]) +AC_CHECK_LIB(gmp3, __gmpz_powm, [ + libgmp=gmp3 +]) +AC_CHECK_LIB(gmp, __gmpz_powm, [ + libgmp=gmp +]) + +if test $libgmp = none; then + AC_MSG_ERROR(libgmp is not installed. Please grab it from your + nearest GNU mirror and install it (see README)) +else + LIBS="$LIBS -l$libgmp" +fi + +AC_CHECK_LIB(dl, dlopen, [ + LIBS="$LIBS -ldl" +]) + +AC_OUTPUT([Makefile src/Makefile cipher/Makefile +cipher/blowfish/Makefile doc/Makefile intl/Makefile lib/Makefile +m4/Makefile po/Makefile.in redhat/Makefile debian/Makefile]) From b3681ebf6c255daf082ed254282cbf493af8fa93 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 26 Jun 2000 17:20:58 +0000 Subject: [PATCH 017/923] Fixes some hostlookups. Fixes indirectdata for real now (hopefully). --- src/net.c | 6 ++++-- src/protocol.c | 19 ++++++++++--------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/net.c b/src/net.c index 57c61cc7..72d7bfbd 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.5 2000/06/25 16:20:27 guus Exp $ + $Id: net.c,v 1.35.4.6 2000/06/26 17:20:58 guus Exp $ */ #include "config.h" @@ -535,7 +535,8 @@ int setup_outgoing_connection(ip_t ip) cp ncn = new_conn_list(); ncn->real_ip = ip; - + ncn->hostname = hostlookup(htonl(ip)); + if(setup_outgoing_meta_socket(ncn) < 0) { syslog(LOG_ERR, _("Could not set up a meta connection!")); @@ -567,6 +568,7 @@ cp } myself->vpn_ip = cfg->data.ip->ip; + myself->hostname = hostlookup(htonl(myself->vpn_ip)); myself->vpn_mask = cfg->data.ip->mask; myself->flags = 0; diff --git a/src/protocol.c b/src/protocol.c index e70e5cb1..325177bd 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.6 2000/06/25 16:39:17 guus Exp $ + $Id: protocol.c,v 1.28.4.7 2000/06/26 17:20:58 guus Exp $ */ #include "config.h" @@ -180,14 +180,14 @@ cp flags &= ~EXPORTINDIRECTDATA; flags |= INDIRECTDATA; real_ip = myself->vpn_ip; - hostname = "myself"; + hostname = myself->hostname; } if(debug_lvl > 1) syslog(LOG_DEBUG, _("Sending ADD_HOST for " IP_ADDR_S " (%s) to " IP_ADDR_S " (%s)"), IP_ADDR_V(new_host->vpn_ip), hostname, IP_ADDR_V(cl->vpn_ip), cl->hostname); - buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx/%lx:%x %d\n", ADD_HOST, new_host->real_ip, new_host->vpn_ip, new_host->vpn_mask, new_host->port, flags); + buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx/%lx:%x %d\n", ADD_HOST, real_ip, new_host->vpn_ip, new_host->vpn_mask, new_host->port, flags); if((write(cl->meta_socket, buffer, buflen)) < 0) { @@ -659,10 +659,6 @@ cp return -1; } - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got ADD_HOST from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); - /* Suggestion of Hans Bayle */ @@ -673,12 +669,12 @@ cp else syslog(LOG_DEBUG, _("Invalid ADD_HOST from " IP_ADDR_S " (%s)"), IP_ADDR_V(cl->vpn_ip), cl->hostname); - return 0; + return -1; } ncn = new_conn_list(); ncn->real_ip = real_ip; - ncn->hostname = hostlookup(real_ip); + ncn->hostname = hostlookup(htonl(real_ip)); ncn->vpn_ip = vpn_ip; ncn->vpn_mask = vpn_mask; ncn->port = port; @@ -687,6 +683,11 @@ cp ncn->next = conn_list; conn_list = ncn; ncn->status.active = 1; + + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got ADD_HOST for " IP_ADDR_S " (%s) from " IP_ADDR_S " (%s)"), + IP_ADDR_V(ncn->vpn_ip), ncn->hostname, IP_ADDR_V(cl->vpn_ip), cl->hostname); + notify_others(ncn, cl, send_add_host); cp return 0; From 783c8298610d5670f6e118f49bd3d1fdfa61ae1d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 26 Jun 2000 19:39:34 +0000 Subject: [PATCH 018/923] - Indirectdata finally REALLY REALLY works now! - More precise debug messages --- src/net.c | 75 +++++++++++++++++++++++++------------------------- src/netutl.c | 8 +++--- src/protocol.c | 4 +-- 3 files changed, 43 insertions(+), 44 deletions(-) diff --git a/src/net.c b/src/net.c index 72d7bfbd..31acd389 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.6 2000/06/26 17:20:58 guus Exp $ + $Id: net.c,v 1.35.4.7 2000/06/26 19:39:34 guus Exp $ */ #include "config.h" @@ -103,11 +103,13 @@ cp rp.len = htons(rp.len); if(debug_lvl > 3) - syslog(LOG_ERR, _("Sent %d bytes to %lx"), ntohs(rp.len), cl->vpn_ip); + syslog(LOG_ERR, _("Sending packet of %d bytes to " IP_ADDR_S " (%s)"), + ntohs(rp.len), IP_ADDR_V(cl->vpn_ip), cl->hostname); if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0) { - syslog(LOG_ERR, _("Error sending data: %m")); + syslog(LOG_ERR, _("Error sending packet to " IP_ADDR_S " (%s): %m"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); return -1; } @@ -126,6 +128,10 @@ cp do_decrypt((real_packet_t*)packet, &vp, cl->key); add_mac_addresses(&vp); + if(debug_lvl > 3) + syslog(LOG_ERR, _("Receiving packet of %d bytes from " IP_ADDR_S " (%s)"), + ((real_packet_t*)packet)->len, IP_ADDR_V(cl->vpn_ip), cl->hostname); + if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0) syslog(LOG_ERR, _("Can't write to tap device: %m")); else @@ -145,9 +151,6 @@ void add_queue(packet_queue_t **q, void *packet, size_t s) { queue_element_t *e; cp - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("packet to queue: %d"), s); - e = xmalloc(sizeof(*e)); e->packet = xmalloc(s); memcpy(e->packet, packet, s); @@ -233,7 +236,7 @@ cp } if(debug_lvl > 3) - syslog(LOG_DEBUG, _("queue flushed")); + syslog(LOG_DEBUG, _("Queue flushed")); cp } @@ -290,7 +293,7 @@ cp return -1; } } - + /* If we ourselves have indirectdata flag set, we should send only to our uplink! */ if(myself->flags & EXPORTINDIRECTDATA) @@ -312,25 +315,26 @@ cp if(cl->flags & INDIRECTDATA) { - if((cl = lookup_conn(cl->vpn_ip)) == NULL) + if(debug_lvl > 3) + syslog(LOG_NOTICE, _("Indirect packet to " IP_ADDR_S " via " IP_ADDR_S), + IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + if((cl = lookup_conn(cl->real_ip)) == NULL) { if(debug_lvl > 3) - { syslog(LOG_NOTICE, _("Indirect look up " IP_ADDR_S " in connection list failed!"), IP_ADDR_V(to)); - } /* Gateway tincd dead? Should we kill it? (GS) */ return -1; } if(cl->flags & INDIRECTDATA) /* This should not happen */ - if(debug_lvl > 3) - { - syslog(LOG_NOTICE, _("double indirection for " IP_ADDR_S), - IP_ADDR_V(to)); - } - return -1; + { + if(debug_lvl > 3) + syslog(LOG_NOTICE, _("Double indirection for " IP_ADDR_S), + IP_ADDR_V(to)); + return -1; + } } if(my_key_expiry <= time(NULL)) @@ -338,10 +342,15 @@ cp if(!cl->status.dataopen) if(setup_vpn_connection(cl) < 0) - return -1; - + { + syslog(LOG_ERR, _("Could not open UDP connection to " IP_ADDR_S " (%s)"), IP_ADDR_V(cl->vpn_ip), cl->hostname); + return -1; + } + if(!cl->status.validkey) { + if(debug_lvl > 3) + syslog(LOG_INFO, _(IP_ADDR_S " (%s) has no valid key, queueing packet"), IP_ADDR_V(cl->vpn_ip), cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); if(!cl->status.waitingforkey) send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */ @@ -350,9 +359,9 @@ cp if(!cl->status.active) { - add_queue(&(cl->sq), packet, packet->len + 2); if(debug_lvl > 3) - syslog(LOG_INFO, _(IP_ADDR_S " is not ready, queueing packet"), IP_ADDR_V(cl->vpn_ip)); + syslog(LOG_INFO, _(IP_ADDR_S " (%s) is not ready, queueing packet"), IP_ADDR_V(cl->vpn_ip), cl->hostname); + add_queue(&(cl->sq), packet, packet->len + 2); return 0; /* We don't want to mess up, do we? */ } @@ -704,12 +713,12 @@ int setup_vpn_connection(conn_list_t *cl) struct sockaddr_in a; cp if(debug_lvl > 0) - syslog(LOG_DEBUG, _("Opening UDP socket to " IP_ADDR_S), IP_ADDR_V(cl->real_ip)); + syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname); nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); if(nfd == -1) { - syslog(LOG_ERR, _("Creating data socket failed: %m")); + syslog(LOG_ERR, _("Creating UDP socket failed: %m")); return -1; } @@ -719,8 +728,8 @@ cp if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1) { - syslog(LOG_ERR, _("Connecting to " IP_ADDR_S ":%d failed: %m"), - IP_ADDR_V(cl->real_ip), cl->port); + syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"), + cl->hostname, cl->port); return -1; } @@ -825,7 +834,7 @@ cp lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL); if(lenin <= 0) { - syslog(LOG_ERR, _("Receiving data failed: %m")); + syslog(LOG_ERR, _("Receiving packet from %s failed: %m"), cl->hostname); return -1; } total_socket_in += lenin; @@ -837,13 +846,10 @@ cp if(rp.len >= 0) { f = lookup_conn(rp.from); - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("packet from " IP_ADDR_S " (len %d)"), - IP_ADDR_V(rp.from), rp.len); if(!f) { - syslog(LOG_ERR, _("Got packet from unknown source " IP_ADDR_S), - IP_ADDR_V(rp.from)); + syslog(LOG_ERR, _("Got packet from " IP_ADDR_S " (%s) with unknown origin " IP_ADDR_S "?"), + IP_ADDR_V(cl->vpn_ip), cl->hostname, IP_ADDR_V(rp.from)); return -1; } @@ -1175,13 +1181,6 @@ cp from = ntohl(*((unsigned long*)(&vp.data[26]))); to = ntohl(*((unsigned long*)(&vp.data[30]))); - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("An IP packet (%04x) for " IP_ADDR_S " from " IP_ADDR_S), - ether_type, IP_ADDR_V(to), IP_ADDR_V(from)); - if(debug_lvl > 3) - syslog(LOG_DEBUG, _(MAC_ADDR_S " to " MAC_ADDR_S), - MAC_ADDR_V(vp.data[0]), MAC_ADDR_V(vp.data[6])); - vp.len = (length_t)lenin - 2; strip_mac_addresses(&vp); diff --git a/src/netutl.c b/src/netutl.c index ee8ca324..5beb4a18 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.3 2000/06/25 16:39:16 guus Exp $ + $Id: netutl.c,v 1.12.4.4 2000/06/26 19:39:34 guus Exp $ */ #include "config.h" @@ -243,9 +243,9 @@ cp for(p = conn_list; p != NULL; p = p->next) { - syslog(LOG_DEBUG, " " IP_ADDR_S "/" IP_ADDR_S " at %s status %04x flags %04x sockets %d, %d", - IP_ADDR_V(p->vpn_ip), IP_ADDR_V(p->vpn_mask), p->hostname, p->status, p->flags, - p->socket, p->meta_socket); + syslog(LOG_DEBUG, _(" " IP_ADDR_S "/" IP_ADDR_S " at %s flags %d sockets %d, %d status %04x"), + IP_ADDR_V(p->vpn_ip), IP_ADDR_V(p->vpn_mask), p->hostname, p->flags, + p->socket, p->meta_socket, p->status); } cp } diff --git a/src/protocol.c b/src/protocol.c index 325177bd..b918d5b1 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.7 2000/06/26 17:20:58 guus Exp $ + $Id: protocol.c,v 1.28.4.8 2000/06/26 19:39:34 guus Exp $ */ #include "config.h" @@ -400,7 +400,7 @@ cp if(sscanf(cl->buffer, "%*d %d %lx/%lx:%hx %d", &cl->protocol_version, &cl->vpn_ip, &cl->vpn_mask, &cl->port, &cl->flags) != 5) { - syslog(LOG_ERR, _("Got bad BASIC_INFO from " IP_ADDR_S), + syslog(LOG_ERR, _("Got bad BASIC_INFO from %s"), cl->hostname); return -1; } From 04cb206298df033d254ca007205d13f9a670c402 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 26 Jun 2000 20:30:21 +0000 Subject: [PATCH 019/923] - Moved all connection messages to debug level 1, without -d's only the startup message will be logged. - Fixed DEL_HOST rebound. --- src/net.c | 13 ++++++++++--- src/protocol.c | 12 ++++++++---- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/src/net.c b/src/net.c index 31acd389..6457d4c9 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.7 2000/06/26 19:39:34 guus Exp $ + $Id: net.c,v 1.35.4.8 2000/06/26 20:30:20 guus Exp $ */ #include "config.h" @@ -772,7 +772,8 @@ cp p->last_ping_time = time(NULL); p->want_ping = 0; - syslog(LOG_NOTICE, _("Connection from %s port %d"), + if(debug_lvl > 0) + syslog(LOG_NOTICE, _("Connection from %s port %d"), p->hostname, htons(ci.sin_port)); if(send_basic_info(p) < 0) @@ -902,9 +903,15 @@ cp syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds")); } - cl->status.active = 0; cl->status.remove = 1; + /* If this cl isn't active, don't send any DEL_HOSTs and don't bother + checking for other lost connections. */ + if(!cl->status.active) + return; + + cl->status.active = 0; + cp /* Find all connections that were lost because they were behind cl (the connection that was dropped). */ diff --git a/src/protocol.c b/src/protocol.c index b918d5b1..c843b56a 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.8 2000/06/26 19:39:34 guus Exp $ + $Id: protocol.c,v 1.28.4.9 2000/06/26 20:30:21 guus Exp $ */ #include "config.h" @@ -62,7 +62,8 @@ cp return -1; } - syslog(LOG_NOTICE, _("Connection with " IP_ADDR_S " (%s) activated"), + if(debug_lvl > 0) + syslog(LOG_NOTICE, _("Connection with " IP_ADDR_S " (%s) activated"), IP_ADDR_V(cl->vpn_ip), cl->hostname); cp return 0; @@ -527,11 +528,12 @@ cp IP_ADDR_V(cl->vpn_ip), cl->hostname); cl->status.termreq = 1; - cl->status.active = 0; if(cl->status.active) notify_others(cl, NULL, send_del_host); + cl->status.active = 0; + terminate_connection(cl); cp return 0; @@ -587,9 +589,11 @@ cp return 0; } - notify_others(cl, fw, send_del_host); + notify_others(fw, cl, send_del_host); fw->status.termreq = 1; + fw->status.active = 0; + terminate_connection(fw); cp return 0; From 4faed1b8546563def6a426c563cec2a26d927eda Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 27 Jun 2000 12:58:04 +0000 Subject: [PATCH 020/923] - Fixed KEY_CHANGED notification. A lot of notify_others() calls were wrong (first two arguments swapped). Should probably be doublechecked. - Don't retry to connect to hosts with different protocol versions. --- src/protocol.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index c843b56a..70122c1b 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.9 2000/06/26 20:30:21 guus Exp $ + $Id: protocol.c,v 1.28.4.10 2000/06/27 12:58:04 guus Exp $ */ #include "config.h" @@ -403,6 +403,16 @@ cp { syslog(LOG_ERR, _("Got bad BASIC_INFO from %s"), cl->hostname); + if(cl->status.outgoing) + { + /* If we get here, it means that our uplink uses the wrong protocol. + If we don't do anything, we will reconnect every 5 seconds. Pretty dumb. + So we disable the outgoing flag, so that we won't reconnect anymore. + This still allows other tinc daemons to connect to us. + */ + syslog(LOG_ERR, _("Warning: disabling uplink!")); + cl->status.outgoing = 0; + } return -1; } @@ -889,7 +899,7 @@ cp ik->status.validkey = 0; ik->status.waitingforkey = 0; - notify_others(cl, ik, send_key_changed); + notify_others(ik, cl, send_key_changed); cp return 0; } From 45a28b1e893d4da9d7977945a35ec6a8e4554830 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 27 Jun 2000 15:08:58 +0000 Subject: [PATCH 021/923] - Fixed indirectdata=no problem - Added support for multiple ConnectTo lines in tinc.conf. --- src/conf.c | 20 +++++++++++++++++++- src/conf.h | 3 ++- src/net.c | 50 ++++++++++++++++++++++++++++++-------------------- 3 files changed, 51 insertions(+), 22 deletions(-) diff --git a/src/conf.c b/src/conf.c index 0eab0efd..1e1c60f6 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.1 2000/06/17 20:55:54 zarq Exp $ + $Id: conf.c,v 1.9.4.2 2000/06/27 15:08:57 guus Exp $ */ @@ -219,3 +219,21 @@ get_config_val(which_t type) /* Not found */ return NULL; } + +/* + Support for multiple config lines. + Index is used to get a specific value, 0 being the first, 1 the second etc. +*/ +const config_t * +get_next_config_val(which_t type, int index) +{ + config_t *p; + + for(p = config; p != NULL; p = p->next) + if(p->which == type) + if(--index < 0) + return p; + + /* Not found */ + return NULL; +} diff --git a/src/conf.h b/src/conf.h index 968a12a4..36bc9a4f 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.1 2000/06/17 20:55:54 zarq Exp $ + $Id: conf.h,v 1.6.4.2 2000/06/27 15:08:57 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -74,5 +74,6 @@ extern int timeout; extern config_t *add_config_val(config_t **, int, char *); extern int read_config_file(const char *); extern const config_t *get_config_val(which_t type); +extern const config_t *get_next_config_val(which_t type, int); #endif /* __TINC_CONF_H__ */ diff --git a/src/net.c b/src/net.c index 6457d4c9..cdb593e1 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.8 2000/06/26 20:30:20 guus Exp $ + $Id: net.c,v 1.35.4.9 2000/06/27 15:08:58 guus Exp $ */ #include "config.h" @@ -548,7 +548,8 @@ cp if(setup_outgoing_meta_socket(ncn) < 0) { - syslog(LOG_ERR, _("Could not set up a meta connection!")); + syslog(LOG_ERR, _("Could not set up a meta connection to %s"), + ncn->hostname); free_conn_element(ncn); return -1; } @@ -587,7 +588,7 @@ cp myself->port = cfg->data.val; if(cfg = get_config_val(indirectdata)) - if(cfg->data.val) + if(cfg->data.val == stupid_true) myself->flags |= EXPORTINDIRECTDATA; if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0) @@ -614,23 +615,27 @@ RETSIGTYPE sigalrm_handler(int a) { config_t const *cfg; + int index = 1; cp cfg = get_config_val(upstreamip); - if(!setup_outgoing_connection(cfg->data.ip->ip)) + while(cfg) { - signal(SIGALRM, SIG_IGN); - } - else - { - signal(SIGALRM, sigalrm_handler); - seconds_till_retry += 5; - if(seconds_till_retry>300) /* Don't wait more than 5 minutes. */ - seconds_till_retry = 300; - alarm(seconds_till_retry); - syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"), - seconds_till_retry); + if(!setup_outgoing_connection(cfg->data.ip->ip)) /* function returns 0 when there are no problems */ + { + signal(SIGALRM, SIG_IGN); + return; + } + cfg = get_next_config_val(upstreamip, index++); /* Or else we try the next ConnectTo line */ } + + signal(SIGALRM, sigalrm_handler); + seconds_till_retry += 5; + if(seconds_till_retry>300) /* Don't wait more than 5 minutes. */ + seconds_till_retry = 300; + alarm(seconds_till_retry); + syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"), + seconds_till_retry); cp } @@ -640,6 +645,7 @@ cp int setup_network_connections(void) { config_t const *cfg; + int index = 1; cp if((cfg = get_config_val(pingtimeout)) == NULL) timeout = 5; @@ -656,13 +662,17 @@ cp /* No upstream IP given, we're listen only. */ return 0; - if(setup_outgoing_connection(cfg->data.ip->ip)) + while(cfg) { - signal(SIGALRM, sigalrm_handler); - seconds_till_retry = 300; - alarm(seconds_till_retry); - syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 minutes")); + if(!setup_outgoing_connection(cfg->data.ip->ip)) /* function returns 0 when there are no problems */ + return 0; + cfg = get_next_config_val(upstreamip, index++); /* Or else we try the next ConnectTo line */ } + + signal(SIGALRM, sigalrm_handler); + seconds_till_retry = 300; + alarm(seconds_till_retry); + syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 minutes")); cp return 0; } From 4aeaea5e590fbd38aebbfacf2672304d04ba4ad1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 27 Jun 2000 20:10:48 +0000 Subject: [PATCH 022/923] - Improved handling of errors on connection attempts. --- src/conf.c | 16 ++++++++++++---- src/conf.h | 3 ++- src/net.c | 18 +++++++++++------- src/protocol.c | 13 ++----------- 4 files changed, 27 insertions(+), 23 deletions(-) diff --git a/src/conf.c b/src/conf.c index 1e1c60f6..f8838d78 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.2 2000/06/27 15:08:57 guus Exp $ + $Id: conf.c,v 1.9.4.3 2000/06/27 20:10:47 guus Exp $ */ @@ -75,7 +75,7 @@ static internal_config_t hazahaza[] = { config_t * add_config_val(config_t **cfg, int argtype, char *val) { - config_t *p; + config_t *p, *r; char *q; p = (config_t*)xmalloc(sizeof(*p)); @@ -106,8 +106,16 @@ add_config_val(config_t **cfg, int argtype, char *val) if(p->data.val) { - p->next = *cfg; - *cfg = p; + if(*cfg) + { + r = *cfg; + while(r->next) + r = r->next; + r->next = p; + } + else + *cfg = p; + p->next = NULL; return p; } diff --git a/src/conf.h b/src/conf.h index 36bc9a4f..d9309128 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.2 2000/06/27 15:08:57 guus Exp $ + $Id: conf.h,v 1.6.4.3 2000/06/27 20:10:47 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -70,6 +70,7 @@ enum { extern config_t *config; extern int debug_lvl; extern int timeout; +extern int upstreamindex; extern config_t *add_config_val(config_t **, int, char *); extern int read_config_file(const char *); diff --git a/src/net.c b/src/net.c index cdb593e1..bc3540e9 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.9 2000/06/27 15:08:58 guus Exp $ + $Id: net.c,v 1.35.4.10 2000/06/27 20:10:48 guus Exp $ */ #include "config.h" @@ -56,6 +56,7 @@ int total_tap_out = 0; int total_socket_in = 0; int total_socket_out = 0; +int upstreamindex = 0; static int seconds_till_retry; /* The global list of existing connections */ @@ -496,6 +497,9 @@ int setup_outgoing_meta_socket(conn_list_t *cl) struct sockaddr_in a; config_t const *cfg; cp + if(debug_lvl > 0) + syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname); + if((cfg = get_config_val(upstreamport)) == NULL) cl->port = 655; else @@ -615,9 +619,8 @@ RETSIGTYPE sigalrm_handler(int a) { config_t const *cfg; - int index = 1; cp - cfg = get_config_val(upstreamip); + cfg = get_next_config_val(upstreamip, upstreamindex++); while(cfg) { @@ -626,10 +629,11 @@ cp signal(SIGALRM, SIG_IGN); return; } - cfg = get_next_config_val(upstreamip, index++); /* Or else we try the next ConnectTo line */ + cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */ } signal(SIGALRM, sigalrm_handler); + upstreamindex = 0; seconds_till_retry += 5; if(seconds_till_retry>300) /* Don't wait more than 5 minutes. */ seconds_till_retry = 300; @@ -645,7 +649,6 @@ cp int setup_network_connections(void) { config_t const *cfg; - int index = 1; cp if((cfg = get_config_val(pingtimeout)) == NULL) timeout = 5; @@ -658,7 +661,7 @@ cp if(setup_myself() < 0) return -1; - if((cfg = get_config_val(upstreamip)) == NULL) + if((cfg = get_next_config_val(upstreamip, upstreamindex++)) == NULL) /* No upstream IP given, we're listen only. */ return 0; @@ -666,10 +669,11 @@ cp { if(!setup_outgoing_connection(cfg->data.ip->ip)) /* function returns 0 when there are no problems */ return 0; - cfg = get_next_config_val(upstreamip, index++); /* Or else we try the next ConnectTo line */ + cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */ } signal(SIGALRM, sigalrm_handler); + upstreamindex = 0; seconds_till_retry = 300; alarm(seconds_till_retry); syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 minutes")); diff --git a/src/protocol.c b/src/protocol.c index 70122c1b..1fe75e71 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.10 2000/06/27 12:58:04 guus Exp $ + $Id: protocol.c,v 1.28.4.11 2000/06/27 20:10:48 guus Exp $ */ #include "config.h" @@ -403,16 +403,6 @@ cp { syslog(LOG_ERR, _("Got bad BASIC_INFO from %s"), cl->hostname); - if(cl->status.outgoing) - { - /* If we get here, it means that our uplink uses the wrong protocol. - If we don't do anything, we will reconnect every 5 seconds. Pretty dumb. - So we disable the outgoing flag, so that we won't reconnect anymore. - This still allows other tinc daemons to connect to us. - */ - syslog(LOG_ERR, _("Warning: disabling uplink!")); - cl->status.outgoing = 0; - } return -1; } @@ -519,6 +509,7 @@ cp cl->status.active = 1; syslog(LOG_NOTICE, _("Connection with " IP_ADDR_S " (%s) activated"), IP_ADDR_V(cl->vpn_ip), cl->hostname); + upstreamindex = 0; cp return 0; } From 070ad08118a33755835b31174e2b04e84f75556e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 27 Jun 2000 20:55:12 +0000 Subject: [PATCH 023/923] - Purge old connections that are ADD_HOSTed. --- src/protocol.c | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 1fe75e71..2e9769d2 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.11 2000/06/27 20:10:48 guus Exp $ + $Id: protocol.c,v 1.28.4.12 2000/06/27 20:55:12 guus Exp $ */ #include "config.h" @@ -488,7 +488,7 @@ cp old connection that has timed out but we don't know it yet. Because our conn_list entry is not active, lookup_conn will skip ourself. */ - while(old=lookup_conn(cl->vpn_ip)) + while(old = lookup_conn(cl->vpn_ip)) terminate_connection(old); cl->status.active = 1; @@ -648,7 +648,7 @@ int add_host_h(conn_list_t *cl) ip_t vpn_mask; unsigned short port; int flags; - conn_list_t *ncn, *fw; + conn_list_t *ncn, *old; cp if(!cl->status.active) { @@ -664,19 +664,9 @@ cp return -1; } - /* - Suggestion of Hans Bayle - */ - if((fw = lookup_conn(vpn_ip))) - { - if(fw->nexthop == cl) - notify_others(fw, cl, send_add_host); - else - syslog(LOG_DEBUG, _("Invalid ADD_HOST from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); - return -1; - } - + while(old = lookup_conn(vpn_ip)) + terminate_connection(old); + ncn = new_conn_list(); ncn->real_ip = real_ip; ncn->hostname = hostlookup(htonl(real_ip)); From 4ee53e7dac93d1edad8664edffdfaf142438b85d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 27 Jun 2000 21:05:07 +0000 Subject: [PATCH 024/923] - Fixes a silly little insignificant buglet. --- src/net.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/net.c b/src/net.c index bc3540e9..df67a1cc 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.10 2000/06/27 20:10:48 guus Exp $ + $Id: net.c,v 1.35.4.11 2000/06/27 21:05:07 guus Exp $ */ #include "config.h" @@ -940,7 +940,7 @@ cp /* Then send a notification about all these connections to all hosts that are still connected to us. */ for(p = conn_list; p != NULL; p = p->next) - if(!p->status.remove && p->status.meta) + if(p->status.active && p->status.meta) for(q = conn_list; q != NULL; q = q->next) if(q->status.remove) send_del_host(p, q); From dba2995db73313b1c0a56ce13395dac0bc7571a5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 28 Jun 2000 10:11:10 +0000 Subject: [PATCH 025/923] - Extra check op EINTR bij inlezen requests --- src/net.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/net.c b/src/net.c index df67a1cc..fd38c02e 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.11 2000/06/27 21:05:07 guus Exp $ + $Id: net.c,v 1.35.4.12 2000/06/28 10:11:10 guus Exp $ */ #include "config.h" @@ -1053,6 +1053,8 @@ cp if(lenin<=0) { + if(errno==EINTR) + return 0; syslog(LOG_ERR, _("Metadata socket read error: %m")); return -1; } From ea40d3f1a05e9edf4ccfb77f4e9e0f8355e94a83 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 28 Jun 2000 11:38:01 +0000 Subject: [PATCH 026/923] - Fixed some spelling errors. - Paar zpelvautjes gerepareerd, en de Nederlandse vertaling weer bij de tijd gebracht. --- po/nl.po | 884 ++++++++++++++++++++++++++++--------------------- src/protocol.c | 16 +- src/tincd.c | 4 +- 3 files changed, 520 insertions(+), 384 deletions(-) diff --git a/po/nl.po b/po/nl.po index 8849299b..b94a4506 100644 --- a/po/nl.po +++ b/po/nl.po @@ -4,8 +4,8 @@ # msgid "" msgstr "" -"Project-Id-Version: tinc 1.0pre2\n" -"POT-Creation-Date: 2000-05-31 20:02+0200\n" +"Project-Id-Version: tinc 1.0pre3\n" +"POT-Creation-Date: 2000-06-28 13:12+0200\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -13,27 +13,27 @@ msgstr "" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: src/conf.c:158 +#: src/conf.c:167 #, c-format msgid "%s: %d: Invalid variable name `%s'.\n" msgstr "%s: %d: Ongeldige variabelenaam `%s'.\n" -#: src/conf.c:165 +#: src/conf.c:174 #, c-format msgid "%s: %d: No value given for `%s'.\n" msgstr "%s: %d: Geen waarde gegeven voor `%s'.\n" -#: src/conf.c:173 +#: src/conf.c:182 #, c-format msgid "%s: %d: Invalid value `%s' for variable `%s'.\n" msgstr "%s: %d: Ongeldige waarde `%s' voor variabele `%s'.\n" -#: src/conf.c:194 +#: src/conf.c:203 #, c-format msgid "Could not open %s: %s\n" msgstr "Kon %s niet openen: %s\n" -#: src/encr.c:112 src/net.c:333 +#: src/encr.c:112 src/net.c:390 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" @@ -44,8 +44,8 @@ msgid "Illegal passphrase in %s; size would be %d" msgstr "Ongeldig wachtwoord in %s; grootte zou %d zijn" #: src/encr.c:153 -#, c-format -msgid "Generating %d bits keys." +#, fuzzy, c-format +msgid "Generating %d bits keys" msgstr "%d bits sleutel genereren." #: src/encr.c:157 @@ -58,30 +58,30 @@ msgstr "Openen van /dev/urandom mislukt: %m" msgid "Encryption key set to %s" msgstr "Sleutel ingesteld op %s" -#: src/genauth.c:46 +#: src/genauth.c:48 #, c-format msgid "Usage: %s bits\n" msgstr "Gebruik: %s bits\n" -#: src/genauth.c:55 +#: src/genauth.c:57 #, c-format msgid "Illegal number: %s\n" msgstr "Ongeldig nummer: %s\n" -#: src/genauth.c:60 +#: src/genauth.c:62 #, c-format msgid "Generating %d bits number" msgstr "Genereren van %d bits nummer" -#: src/genauth.c:65 +#: src/genauth.c:67 msgid "Opening /dev/urandom" msgstr "Openen van /dev/urandom" -#: src/genauth.c:78 +#: src/genauth.c:80 msgid "File was empty!\n" msgstr "Bestand was leeg!\n" -#: src/genauth.c:86 +#: src/genauth.c:88 msgid "" ": done.\n" "The following line should be ENTIRELY copied into a passphrase file:\n" @@ -90,552 +90,687 @@ msgstr "" "De volgende regel dient in zijn GEHEEL naar een wachtwoordbestand worden " "gekopieerd:\n" -#: src/genauth.c:98 +#: src/genauth.c:100 msgid ": done.\n" msgstr ": klaar.\n" -#: src/net.c:106 -#, c-format -msgid "Sent %d bytes to %lx" +#: src/net.c:107 +#, fuzzy, c-format +msgid "Sending packet of %d bytes to " msgstr "%d bytes verzonden naar %lx" -#: src/net.c:110 +#: src/net.c:107 src/net.c:133 src/net.c:347 src/net.c:900 src/net.c:1088 +#: src/net.c:1095 src/net.c:1102 src/protocol.c:54 src/protocol.c:76 +#: src/protocol.c:95 src/protocol.c:113 src/protocol.c:131 src/protocol.c:149 +#: src/protocol.c:188 src/protocol.c:206 src/protocol.c:255 src/protocol.c:273 +#: src/protocol.c:316 src/protocol.c:346 src/protocol.c:439 src/protocol.c:446 +#: src/protocol.c:464 src/protocol.c:470 src/protocol.c:506 src/protocol.c:522 +#: src/protocol.c:528 src/protocol.c:548 src/protocol.c:554 src/protocol.c:570 +#: src/protocol.c:577 src/protocol.c:590 src/protocol.c:608 src/protocol.c:614 +#: src/protocol.c:630 src/protocol.c:636 src/protocol.c:655 src/protocol.c:662 +#: src/protocol.c:683 src/protocol.c:699 src/protocol.c:706 src/protocol.c:712 +#: src/protocol.c:731 src/protocol.c:790 src/protocol.c:797 src/protocol.c:803 +#: src/protocol.c:834 src/protocol.c:855 src/protocol.c:862 src/protocol.c:868 #, c-format -msgid "Error sending data: %m" +msgid " (%s)" +msgstr " (%s)" + +#: src/net.c:112 +#, fuzzy +msgid "Error sending packet to " msgstr "Fout bij verzenden van gegevens: %m" -#: src/net.c:130 +#: src/net.c:112 +#, fuzzy, c-format +msgid " (%s): %m" +msgstr ":%d: %m" + +#: src/net.c:133 +#, fuzzy, c-format +msgid "Receiving packet of %d bytes from " +msgstr "Sleutel ontvangen van " + +#: src/net.c:137 #, c-format msgid "Can't write to tap device: %m" msgstr "Kan niet naar tap apparaat schrijven: %m" -#: src/net.c:149 -#, c-format -msgid "packet to queue: %d" -msgstr "pakket naar wachtrij: %d" - -#: src/net.c:236 -msgid "queue flushed" +#: src/net.c:240 +#, fuzzy +msgid "Queue flushed" msgstr "wachtrij leeggemaakt" -#: src/net.c:251 +#: src/net.c:255 msgid "Flushing send queue for " msgstr "Legen van verzend-wachtrij naar " -#: src/net.c:259 +#: src/net.c:263 msgid "Flushing receive queue for " msgstr "Legen van de ontvangst-wachtrij voor " -#: src/net.c:277 -msgid "trying to look up " -msgstr "proberen op te zoeken van " +#: src/net.c:281 +#, fuzzy +msgid "Trying to look up " +msgstr "Proberen op te zoeken van " -#: src/net.c:277 -msgid " in connection list failed." -msgstr " in verbindingslijst mislukte." +#: src/net.c:281 src/net.c:325 +#, fuzzy +msgid " in connection list failed!" +msgstr " in verbindingslijst mislukte!" -#: src/net.c:284 -msgid "There is no remote host I can send this packet to." -msgstr "Er is geen partner waar ik dit pakket naar kan sturen." +#: src/net.c:293 src/net.c:306 +#, fuzzy +msgid "There is no remote host I can send this packet to!" +msgstr "Er is geen partner waar ik dit pakket naar kan sturen!" -#: src/net.c:308 -msgid " is not ready, queueing packet." -msgstr " is niet gereed, pakket wordt in de wachtrij gezet." +#: src/net.c:320 +msgid "Indirect packet to " +msgstr "Indirect pakket naar " + +#: src/net.c:320 +msgid " via " +msgstr " via " + +#: src/net.c:325 +#, fuzzy +msgid "Indirect look up " +msgstr "Indirect opzoeken van " + +#: src/net.c:335 +msgid "Double indirection for " +msgstr "Dubbele indirectie voor " + +#: src/net.c:347 +#, fuzzy +msgid "Could not open UDP connection to " +msgstr "Kon geen UDP verbinding openen naar " #: src/net.c:354 +#, fuzzy, c-format +msgid " (%s) has no valid key, queueing packet" +msgstr " is niet gereed, pakket wordt in de wachtrij gezet." + +#: src/net.c:364 +#, fuzzy, c-format +msgid " (%s) is not ready, queueing packet" +msgstr " is niet gereed, pakket wordt in de wachtrij gezet." + +#: src/net.c:411 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:360 src/net.c:409 +#: src/net.c:417 src/net.c:466 #, c-format msgid "setsockopt: %m" msgstr "setsockopt: %m" -#: src/net.c:367 src/net.c:416 src/net.c:468 +#: src/net.c:424 src/net.c:473 src/net.c:528 #, c-format msgid "fcntl: %m" msgstr "fcntl: %m" -#: src/net.c:378 +#: src/net.c:435 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:384 +#: src/net.c:441 #, c-format msgid "listen: %m" msgstr "listen: %m" -#: src/net.c:403 src/net.c:451 +#: src/net.c:460 src/net.c:511 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:427 +#: src/net.c:484 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:461 +#: src/net.c:501 +#, fuzzy, c-format +msgid "Trying to connect to %s" +msgstr "Beëindigen verbinding met %s." + +#: src/net.c:521 #, c-format msgid ":%d: %m" msgstr ":%d: %m" -#: src/net.c:474 -#, c-format -msgid "Connected to %s:%hd" -msgstr "Verbonden met %s:%hd" +#: src/net.c:532 +#, fuzzy +msgid "Connected to " +msgstr "Verbinden naar " -#: src/net.c:495 -msgid "Could not set up a meta connection." +#: src/net.c:532 +#, fuzzy, c-format +msgid ":%hd" +msgstr ",%hd) ontvangen" + +#: src/net.c:555 +#, fuzzy, c-format +msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan." -#: src/net.c:519 +#: src/net.c:580 msgid "No value for my VPN IP given" msgstr "Geen waarde gegeven voor mijn VPN IP adres" -#: src/net.c:533 +#: src/net.c:600 msgid "Unable to set up a listening socket" msgstr "Kon geen luistersocket aanmaken" -#: src/net.c:539 +#: src/net.c:606 msgid "Unable to set up an incoming vpn data socket" msgstr "Kon geen socket maken voor inkomend vpn verkeer" -#: src/net.c:546 -#, c-format -msgid "Ready: listening on port %d." +#: src/net.c:613 +#, fuzzy, c-format +msgid "Ready: listening on port %d" msgstr "Gereed: luister op poort %d." -#: src/net.c:569 -#, c-format -msgid "Still failed to connect to other. Will retry in %d seconds." +#: src/net.c:641 +#, fuzzy, c-format +msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander. Nieuwe poging over %d seconden." -#: src/net.c:602 -msgid "Try to re-establish outgoing connection in 5 minutes." +#: src/net.c:679 +#, fuzzy +msgid "Trying to re-establish outgoing connection in 5 minutes" msgstr "Poging tot herstellen van uitgaande verbinding over 5 minuten." -#: src/net.c:640 -msgid "Terminating." +#: src/net.c:716 +#, fuzzy +msgid "Terminating" msgstr "Beëindigen." -#: src/net.c:654 -msgid "Opening UDP socket to " +#: src/net.c:730 +#, fuzzy, c-format +msgid "Opening UDP socket to %s" msgstr "Tijdens openen van UDP socket naar " -#: src/net.c:659 -#, c-format -msgid "Creating data socket failed: %m" +#: src/net.c:735 +#, fuzzy, c-format +msgid "Creating UDP socket failed: %m" +msgstr "Aanmaak socket mislukte: %m" + +#: src/net.c:745 +#, fuzzy, c-format +msgid "Connecting to %s port %d failed: %m" msgstr "Aanmaak datasocket mislukt: %m" -#: src/net.c:669 -msgid "Connecting to " -msgstr "Verbinden naar " - -#: src/net.c:669 -#, c-format -msgid ":%d failed: %m" -msgstr ":%d mislukt: %m" - -#: src/net.c:677 src/net.c:761 src/net.c:954 +#: src/net.c:753 src/net.c:839 src/net.c:1037 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:701 +#: src/net.c:777 #, c-format msgid "Error: getpeername: %m" msgstr "Fout: getpeername: %m" -#: src/net.c:713 -#, c-format -msgid "Connection from %s:%d" +#: src/net.c:790 +#, fuzzy, c-format +msgid "Connection from %s port %d" msgstr "Verbinding van %s:%d" -#: src/net.c:766 +#: src/net.c:844 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:774 -#, c-format -msgid "Receiving data failed: %m" +#: src/net.c:852 +#, fuzzy, c-format +msgid "Receiving packet from %s failed: %m" msgstr "Ontvangen van data mislukt: %m" -#: src/net.c:787 -msgid "packet from " -msgstr "pakket van " +#: src/net.c:866 +#, fuzzy +msgid "Got packet from " +msgstr "Kreeg pakket van " -#: src/net.c:787 +#: src/net.c:866 #, c-format -msgid " (len %d)" -msgstr " (lengte %d)" +msgid " (%s) with unknown origin " +msgstr " (%s) met onbekende herkomst " -#: src/net.c:791 -msgid "Got packet from unknown source " -msgstr "Pakket ontvangen met onbekende afzender " +#: src/net.c:866 +msgid "?" +msgstr "?" -#: src/net.c:825 -#, c-format -msgid "Closing connection with %s." -msgstr "Beëindigen verbinding met %s." +#: src/net.c:900 +#, fuzzy +msgid "Closing connection with " +msgstr "Beëindigen verbinding met " -#: src/net.c:841 -msgid "Try to re-establish outgoing connection in 5 seconds." -msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden." +#: src/net.c:917 +#, fuzzy +msgid "Trying to re-establish outgoing connection in 5 seconds" +msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:893 -#, c-format -msgid "%s (" -msgstr "%s (" +#: src/net.c:976 +#, fuzzy, c-format +msgid " (%s) didn't respond to ping" +msgstr " (%s) antwoordde niet op ping" -#: src/net.c:893 -msgid ") didn't respond to ping" -msgstr ") antwoordde niet op verzoeken" - -#: src/net.c:924 +#: src/net.c:1007 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:932 -msgid "Closed attempted connection." -msgstr "Aangenomen verbinding verbroken." +#: src/net.c:1015 +#, fuzzy +msgid "Closed attempted connection" +msgstr "Aangenomen verbinding verbroken" -#: src/net.c:959 +#: src/net.c:1042 #, c-format msgid "Metadata socket error: %s" msgstr "Fout op socket voor metaverkeer: %s" -#: src/net.c:965 -msgid "Metadata read buffer overflow." -msgstr "Metadata ontvangstbuffer overloop." +#: src/net.c:1048 +#, fuzzy +msgid "Metadata read buffer overflow!" +msgstr "Metadata ontvangstbuffer overloop!" -#: src/net.c:973 +#: src/net.c:1058 #, c-format msgid "Metadata socket read error: %m" -msgstr "Fout op socket voor metaverkeer: %m" +msgstr "Fout op socket voor metaverkeer tijdens lezen: %m" -#: src/net.c:1000 +#: src/net.c:1082 +#, fuzzy +msgid "Got request from " +msgstr "Ontving verzoek van " + +#: src/net.c:1082 #, c-format -msgid "Unknown request: %s" -msgstr "Onbekend verzoek: %s" +msgid " (%s): %s" +msgstr " (%s): %s" -#: src/net.c:1005 -#, c-format -msgid "Got request: %s" -msgstr "Ontving verzoek: %s" +#: src/net.c:1088 +#, fuzzy +msgid "Unknown request from " +msgstr "Onbekend verzoek van " -#: src/net.c:1009 +#: src/net.c:1095 msgid "Error while processing request from " msgstr "Fout tijdens afhandelen van verzoek van " -#: src/net.c:1015 -msgid "Bogus data received." -msgstr "Onzinnige data ontvangen." +#: src/net.c:1102 +#, fuzzy +msgid "Bogus data received from " +msgstr "Onzinnige data ontvangen van " -#: src/net.c:1059 +#: src/net.c:1147 #, c-format msgid "Outgoing data socket error: %s" msgstr "Fout op socket voor uitgaand verkeer: %s" -#: src/net.c:1094 +#: src/net.c:1182 #, c-format msgid "Error while reading from tapdevice: %m" -msgstr "Fout tijdens lezen van tap-apparaatbestand: %m" +msgstr "Fout tijdens lezen van tap-apparaatbestand tijdens lezen: %m" -#: src/net.c:1104 +#: src/net.c:1192 #, c-format msgid "Non-IP ethernet frame %04x from " msgstr "Niet-IP ethernet pakket %04x van " -#: src/net.c:1112 +#: src/net.c:1200 msgid "Dropping short packet" msgstr "Te kort pakket genegeerd" -#: src/net.c:1120 -#, c-format -msgid "An IP packet (%04x) for " -msgstr "Een IP pakket (%04x) voor " - -#: src/net.c:1120 -msgid " from " -msgstr " van " - -#: src/net.c:1123 src/protocol.c:110 -msgid " to " -msgstr " naar " - -#: src/net.c:1158 +#: src/net.c:1239 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/netutl.c:219 +#: src/netutl.c:218 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Fout bij het opzoeken van `%s': %s\n" -#: src/netutl.c:243 +#: src/netutl.c:242 msgid "Connection list:" msgstr "Verbindingslijst:" +#: src/netutl.c:246 +msgid " " +msgstr " " + +#: src/netutl.c:246 +msgid "/" +msgstr "/" + +#: src/netutl.c:246 +#, c-format +msgid " at %s flags %d sockets %d, %d status %04x" +msgstr " op %s vlaggen %d sockets %d, %d status %04x" + #: src/protocol.c:54 +#, fuzzy +msgid "Sending ACK to " +msgstr "Verzending ACK naar " + +#: src/protocol.c:61 +#, fuzzy, c-format +msgid "Send failed: %d:%d: %m" +msgstr "Verzenden mislukte: %d:%d: %m" + +#: src/protocol.c:66 src/protocol.c:510 +#, fuzzy +msgid "Connection with " +msgstr "Verbinding met " + +#: src/protocol.c:66 src/protocol.c:510 #, c-format -msgid "Send ACK to %s" -msgstr "ACK zenden naar %s" +msgid " (%s) activated" +msgstr " (%s) geactiveerd" -#: src/protocol.c:60 -#, c-format -msgid "send failed: %d:%d: %m" -msgstr "verzenden mislukte: %d:%d: %m" +#: src/protocol.c:76 +#, fuzzy +msgid "Sending TERMREQ to " +msgstr "Verzending TERMREQ naar " -#: src/protocol.c:64 src/protocol.c:480 -#, c-format -msgid "Connection with %s activated." -msgstr "Verbinding met %s geactiveerd." +#: src/protocol.c:84 src/protocol.c:102 src/protocol.c:120 src/protocol.c:138 +#: src/protocol.c:156 src/protocol.c:195 src/protocol.c:213 src/protocol.c:241 +#: src/protocol.c:262 src/protocol.c:280 src/protocol.c:323 src/protocol.c:738 +#: src/protocol.c:841 +#, fuzzy, c-format +msgid "Send failed: %s:%d: %m" +msgstr "Verzenden mislukte: %s:%d: %m" -#: src/protocol.c:73 -msgid "Send TERMREQ to " -msgstr "TERMREQ zenden naar " +#: src/protocol.c:95 +#, fuzzy +msgid "Sending TIMEOUT to " +msgstr "Verzending TIMEOUT naar " -#: src/protocol.c:81 src/protocol.c:99 src/protocol.c:117 src/protocol.c:134 -#: src/protocol.c:148 src/protocol.c:166 src/protocol.c:184 src/protocol.c:212 -#: src/protocol.c:233 src/protocol.c:251 src/protocol.c:265 src/protocol.c:292 -#: src/protocol.c:322 src/protocol.c:656 src/protocol.c:754 -#, c-format -msgid "send failed: %s:%d: %m" -msgstr "verzenden mislukte: %s:%d: %m" +#: src/protocol.c:113 +#, fuzzy +msgid "Sending DEL_HOST for " +msgstr "Verzending DEL_HOST voor " -#: src/protocol.c:92 -msgid "Send TIMEOUT to " -msgstr "TIMEOUT zenden naar " +#: src/protocol.c:113 src/protocol.c:188 +#, fuzzy, c-format +msgid " (%s) to " +msgstr " (%s) naar " -#: src/protocol.c:110 -msgid "Sending delete host " -msgstr "Verzenden van verwijderingsverzoek van " +#: src/protocol.c:131 +#, fuzzy +msgid "Sending PING to " +msgstr "Verzending PING naar " -#: src/protocol.c:128 -msgid "pinging " -msgstr "pingen van " +#: src/protocol.c:149 +#, fuzzy +msgid "Sending PONG to " +msgstr "Verzending PONG naar " -#: src/protocol.c:159 -msgid "Sending add host to " -msgstr "Verzenden van toevoegen van " +#: src/protocol.c:188 +#, fuzzy +msgid "Sending ADD_HOST for " +msgstr "Verzending ADD_HOST voor " -#: src/protocol.c:177 -msgid "Sending KEY_CHANGED to " -msgstr "KEY_CHANGED verzenden naar " +#: src/protocol.c:206 +#, fuzzy +msgid "Sending KEY_CHANGED origin " +msgstr "Verzending KEY_CHANGED herkomst " -#: src/protocol.c:205 -msgid "Send BASIC_INFO to " -msgstr "BASIC_INFO sturen naar " +#: src/protocol.c:206 +msgid " to " +msgstr " naar " -#: src/protocol.c:226 -#, c-format -msgid "Send PASSPHRASE %s to " -msgstr "PASSPHRASE %s sturen naar " +#: src/protocol.c:234 +#, fuzzy, c-format +msgid "Sending BASIC_INFO to %s" +msgstr "Verzending BASIC_INFO naar %s" -#: src/protocol.c:244 -#, c-format -msgid "Send PUBLIC_KEY %s to " -msgstr "PUBLIC_KEY %s verzenden naar " +#: src/protocol.c:255 +#, fuzzy +msgid "Sending PASSPHRASE to " +msgstr "Verzending PASSPHRASE naar " -#: src/protocol.c:279 -msgid "Attempting to send key request to " -msgstr "Poging tot verzenden van sleutelverzoek naar " +#: src/protocol.c:273 +#, fuzzy +msgid "Sending PUBLIC_KEY to " +msgstr "Verzending PUBLIC_KEY naar " -#: src/protocol.c:279 src/protocol.c:309 src/protocol.c:643 src/protocol.c:725 -#: src/protocol.c:741 src/protocol.c:781 +#: src/protocol.c:310 +#, fuzzy +msgid "Attempting to send REQ_KEY to " +msgstr "Poging tot verzenden REQ_KEY naar " + +#: src/protocol.c:310 src/protocol.c:340 src/protocol.c:725 src/protocol.c:812 +#: src/protocol.c:828 src/protocol.c:875 msgid ", which does not exist?" msgstr ", die niet bestaat?" -#: src/protocol.c:285 -msgid "Sending out request for public key to " -msgstr "Verzoek om openbare sleutel verzenden naar " +#: src/protocol.c:316 +#, fuzzy +msgid "Sending REQ_KEY to " +msgstr "Verzending REQ_KEY naar " -#: src/protocol.c:309 -msgid "Attempting to send key answer to " -msgstr "Poging tot verzenden van een sleutel naar " +#: src/protocol.c:340 +#, fuzzy +msgid "Attempting to send ANS_KEY to " +msgstr "Poging tot verzenden ANS_KEY naar " -#: src/protocol.c:315 -msgid "Sending public key to " -msgstr "Verzenden van openbare sleutel naar " +#: src/protocol.c:346 +#, fuzzy +msgid "Sending ANS_KEY to " +msgstr "Verzending ANS_KEY naar " -#: src/protocol.c:370 +#: src/protocol.c:353 #, c-format -msgid "got bad BASIC_INFO request: %s" -msgstr "Ongeldig BASIC_INFO verzoek ontvangen: %s" +msgid "Send failed: %s:%d: %m" +msgstr "Verzenden mislukte: %s:%d: %m" -#: src/protocol.c:376 -#, c-format -msgid "Peer uses incompatible protocol version %d." -msgstr "De ander gebruikt een niet-compatibel protocol versie %d." +#: src/protocol.c:400 +#, fuzzy, c-format +msgid "Got BASIC_INFO from %s" +msgstr "Kreeg BASIC_INFO van %s" -#: src/protocol.c:382 -#, c-format -msgid "got BASIC_INFO(%hd," -msgstr "BASIC_INFO(%hd," - -#: src/protocol.c:382 src/protocol.c:584 -msgid "," -msgstr "," - -#: src/protocol.c:382 -msgid ")" -msgstr ") ontvangen" - -#: src/protocol.c:385 -#, c-format -msgid "Peer uses protocol version %d" -msgstr "De ander gebruikt protocol versie %d" +#: src/protocol.c:404 +#, fuzzy, c-format +msgid "Got bad BASIC_INFO from %s" +msgstr "Kreeg ongeldige BASIC_INFO van %s" #: src/protocol.c:411 -#, c-format -msgid "got bad PASSPHRASE request: %s" -msgstr "Ongeldig PASSPHRASE verzoek ontvangen: %s" - -#: src/protocol.c:417 -msgid "got PASSPHRASE" -msgstr "PASSPHRASE ontvangen" - -#: src/protocol.c:434 -#, c-format -msgid "got bad PUBLIC_KEY request: %s" -msgstr "Ongeldig PUBLIC_KEY verzoek ontvangen: %s" +#, fuzzy, c-format +msgid "Peer uses incompatible protocol version %d" +msgstr "De ander gebruikt een niet-compatibel protocol versie %d" #: src/protocol.c:439 -#, c-format -msgid "got PUBLIC_KEY %s" -msgstr "PUBLIC_KEY %s verzoek ontvangen" +#, fuzzy +msgid "Got bad PASSPHRASE from " +msgstr "Ongeldig PASSPHRASE verzoek ontvangen: %s" + +#: src/protocol.c:446 +#, fuzzy +msgid "Got PASSPHRASE from " +msgstr "PASSPHRASE ontvangen" + +#: src/protocol.c:464 +#, fuzzy +msgid "Got bad PUBLIC_KEY from " +msgstr "Kreeg ongeldige PUBLIC_KEY van " + +#: src/protocol.c:470 +#, fuzzy +msgid "Got PUBLIC_KEY from " +msgstr "Kreeg PUBLIC_KEY van " #. intruder! -#: src/protocol.c:444 -msgid "Intruder: passphrase does not match." -msgstr "Indringer: wachwoord komt niet overeen." +#: src/protocol.c:476 +#, fuzzy +msgid "Intruder: passphrase does not match!" +msgstr "Indringer: wachwoord komt niet overeen!" -#: src/protocol.c:449 -msgid "Passphrase OK" -msgstr "Wachtwoord OK" - -#: src/protocol.c:477 -msgid "got ACK" -msgstr "ACK ontvangen" - -#: src/protocol.c:488 -msgid " wants to quit" -msgstr " wil beëindigen" - -#: src/protocol.c:501 -msgid " says it's gotten a timeout from us" -msgstr " vindt dat wij te traag zijn" - -#: src/protocol.c:517 -#, c-format -msgid "got bad DEL_HOST request: %s" -msgstr "Ongeldig DEL_HOST verzoek ontvangen: %s" +#: src/protocol.c:506 +#, fuzzy +msgid "Got ACK from " +msgstr "Kreeg ACK van " #: src/protocol.c:522 -msgid "got DEL_HOST for " -msgstr "DEL_HOST ontvangen voor " +msgid "Got unauthorized TERMREQ from " +msgstr "Kreeg niet-geautoriseerde TERMREQ van " -#: src/protocol.c:527 -msgid "Somebody wanted to delete " -msgstr "Iemand wilde " +#: src/protocol.c:528 +#, fuzzy +msgid "Got TERMREQ from " +msgstr "Kreeg TERMREQ van " -#: src/protocol.c:527 -msgid " which does not exist?" -msgstr " verwijderen, die niet bestaat?" +#: src/protocol.c:548 +msgid "Got unauthorized TIMEOUT from " +msgstr "Kreeg niet-geautoriseerde TIMEOUT van " -#: src/protocol.c:545 -msgid "responding to ping from " -msgstr " antwoordde niet op verzoeken" +#: src/protocol.c:554 +#, fuzzy +msgid "Got TIMEOUT from " +msgstr "Kreeg TIMEOUT van " -#: src/protocol.c:559 -msgid "ok, got pong from " -msgstr "ok, pong ontvangen van " +#: src/protocol.c:570 +#, fuzzy +msgid "Got unauthorized DEL_HOST from " +msgstr "Kreeg niet-geautoriseerde DEL_HOST van " #: src/protocol.c:577 -#, c-format -msgid "got bad ADD_HOST request: %s" -msgstr "Ongeldig ADD_HOST verzoek ontvangen: %s" +#, fuzzy +msgid "Got bad DEL_HOST from " +msgstr "Kreeg ongeldige DEL_HOST van " -#: src/protocol.c:582 -msgid "Add host request from " -msgstr "Ontving verzoek tot toevoegen van " +#: src/protocol.c:584 src/protocol.c:590 +#, fuzzy +msgid "Got DEL_HOST for " +msgstr "Kreeg DEL_HOST voor " + +#: src/protocol.c:584 src/protocol.c:712 src/protocol.c:803 src/protocol.c:868 +msgid " from " +msgstr " van " #: src/protocol.c:584 -msgid "got ADD_HOST(" -msgstr "ADD_HOST(" +#, fuzzy, c-format +msgid " (%s) which does not exist?" +msgstr " (%s), die niet bestaat?" -#: src/protocol.c:584 -#, c-format -msgid ",%hd)" -msgstr ",%hd) ontvangen" +#: src/protocol.c:590 src/protocol.c:683 +#, fuzzy, c-format +msgid " (%s) from " +msgstr " (%s) van " -#: src/protocol.c:596 -msgid "Invalid add_host request from " -msgstr "Ontving ongeldig add_host verzoek van " +#: src/protocol.c:608 +msgid "Got unauthorized PING from " +msgstr "Kreeg niet-geautoriseerde PING van " -#: src/protocol.c:625 -#, c-format -msgid "got bad request: %s" -msgstr "Ongeldig verzoek ontvangen: %s" +#: src/protocol.c:614 +#, fuzzy +msgid "Got PING from " +msgstr "Kreeg PING van " #: src/protocol.c:630 -msgid "got REQ_KEY from " -msgstr "REQ_KEY ontvangen van " +msgid "Got unauthorized PONG from " +msgstr "Kreeg niet-geautoriseerde PONG van " -#: src/protocol.c:630 src/protocol.c:714 -msgid " for " -msgstr " voor " +#: src/protocol.c:636 +#, fuzzy +msgid "Got PONG from " +msgstr "Kreeg PONG van " -#: src/protocol.c:643 -msgid "Attempting to forward key request to " -msgstr "Poging tot doorsturen van sleutelaanvraag naar " +#: src/protocol.c:655 +msgid "Got unauthorized ADD_HOST from " +msgstr "Kreeg niet-geautoriseerde ADD_HOST van " -#: src/protocol.c:649 -msgid "Forwarding request for public key to " -msgstr "Doorsturen van openbare sleutel-aanvraag naar " +#: src/protocol.c:662 +#, fuzzy +msgid "Got bad ADD_HOST from " +msgstr "Kreeg ongeldige ADD_HOST van " -#: src/protocol.c:709 src/protocol.c:769 -#, c-format -msgid "got bad ANS_KEY request: %s" -msgstr "Ongeldig ANS_KEY verzoek ontvangen: %s" +#: src/protocol.c:683 +#, fuzzy +msgid "Got ADD_HOST for " +msgstr "Kreeg ADD_HOST voor " -#: src/protocol.c:714 -msgid "got ANS_KEY from " -msgstr "ANS_KEY ontvangen van " +#: src/protocol.c:699 +#, fuzzy +msgid "Got unauthorized REQ_KEY from " +msgstr "Kreeg niet-geautoriseerde REQ_KEY van " -#: src/protocol.c:720 -msgid "Yeah! key arrived. Now do something with it." -msgstr "Hoi hoi! sleutel is binnen. Doe er nu iets leuks mee." +#: src/protocol.c:706 +#, fuzzy +msgid "Got bad REQ_KEY from " +msgstr "Kreeg ongeldige REQ_KEY van " + +#: src/protocol.c:712 +#, fuzzy +msgid "Got REQ_KEY origin " +msgstr "Kreeg REQ_KEY van " + +#: src/protocol.c:712 src/protocol.c:803 +msgid " destination " +msgstr " bestemming " #: src/protocol.c:725 -msgid "Receiving key from " -msgstr "Sleutel ontvangen van " +#, fuzzy +msgid "Attempting to forward REQ_KEY to " +msgstr "Poging tot doorsturenREQ_KEY naar " -#: src/protocol.c:741 -msgid "Attempting to forward key to " -msgstr "Poging tot doorsturen van sleutel naar " - -#: src/protocol.c:747 -msgid "Forwarding public key to " -msgstr "Doorsturen van openbare sleutel naar " - -#: src/protocol.c:774 -msgid "got KEY_CHANGED from " -msgstr "KEY_CHANGED verzoek ontvangen " - -#: src/protocol.c:781 -msgid "Got changed key from " -msgstr "Veranderde sleutel ontvangen van " +#: src/protocol.c:731 +#, fuzzy +msgid "Forwarding REQ_KEY to " +msgstr "Doorsturen REQ_KEY naar " #: src/protocol.c:790 -msgid "Forwarding key invalidation request" -msgstr "Doorsturen van sleutelvervalaanvraag" +#, fuzzy +msgid "Got unauthorized ANS_KEY from " +msgstr "Kreeg niet-geautoriseerde ANS_KEY van " + +#: src/protocol.c:797 +#, fuzzy +msgid "Got bad ANS_KEY from " +msgstr "Kreeg ongeldige ANS_KEY van " + +#: src/protocol.c:803 +#, fuzzy +msgid "Got ANS_KEY origin " +msgstr "Kreeg ANS_KEY van " + +#: src/protocol.c:812 +#, fuzzy +msgid "Receiving ANS_KEY from " +msgstr "Ontvangst ANS_KEY van " + +#: src/protocol.c:828 +#, fuzzy +msgid "Attempting to forward ANS_KEY to " +msgstr "Poging tot doorsturen ANS_KEY naar " + +#: src/protocol.c:834 +#, fuzzy +msgid "Forwarding ANS_KEY to " +msgstr "Doorsturen ANS_KEY naar " + +#: src/protocol.c:855 +#, fuzzy +msgid "Got unauthorized KEY_CHANGED from " +msgstr Kreeg niet-geautoriseerde KEY_CHANGED van " + +#: src/protocol.c:862 +#, fuzzy +msgid "Got bad KEY_CHANGED from " +msgstr "Kreeg ongeldige KEY_CHANGED van " + +#: src/protocol.c:868 +#, fuzzy +msgid "Got KEY_CHANGED origin " +msgstr "Kreeg KEY_CHANGED herkomst " + +#: src/protocol.c:875 +#, fuzzy +msgid "Got KEY_CHANGED from " +msgstr "Kreeg KEY_CHANGED van " #: src/tincd.c:95 #, c-format @@ -689,24 +824,24 @@ msgid "Invalid timeout value `%s'.\n" msgstr "Ongeldige timeout waarde `%s'.\n" #: src/tincd.c:159 -#, c-format -msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes); exiting." +#, fuzzy, c-format +msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken); beëindigen." #: src/tincd.c:214 -#, c-format -msgid "tincd %s (%s %s) starting, debug level %d." +#, fuzzy, c-format +msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) gestart, debugniveau %d." #: src/tincd.c:217 -#, c-format -msgid "tincd %s starting, debug level %d." -msgstr "tincd %s gestart, debugniveau %d." +#, fuzzy, c-format +msgid "tincd %s starting" +msgstr "tincd %s gestart" #: src/tincd.c:232 -#, c-format -msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d." +#, fuzzy, c-format +msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " "socket %d." @@ -766,9 +901,9 @@ msgstr "" "(eay@mincom.oz.au)\n" #: src/tincd.c:355 -msgid "You must be root to run this program. sorry.\n" +msgid "You must be root to run this program. Sorry.\n" msgstr "" -"Je moet systeembeheerder zijn om dit programma te kunnen draaien. sorry.\n" +"Je moet systeembeheerder zijn om dit programma te kunnen draaien. Sorry.\n" #: src/tincd.c:390 msgid "Got TERM signal" @@ -783,13 +918,14 @@ msgid "Got another SEGV signal: not restarting" msgstr "Kreeg nog een SEGV signaal: niet herstarten" #: src/tincd.c:413 -#, c-format -msgid "Got SEGV signal after %s line %d. Trying to re-execute." +#, fuzzy, c-format +msgid "Got SEGV signal after %s line %d, trying to re-execute" msgstr "Kreeg SEGV signaal na %s regel %d. Probeer opnieuw opstarten." #: src/tincd.c:416 -msgid "Got SEGV signal; trying to re-execute." -msgstr "Kreeg SEGV signaal; probeer opnieuw opstarten." +#, fuzzy +msgid "Got SEGV signal, trying to re-execute" +msgstr "Kreeg SEGV signaal, probeer opnieuw opstarten" #: src/tincd.c:429 msgid "Got HUP signal" @@ -804,11 +940,11 @@ msgid "Forcing new key generation" msgstr "Nieuwe sleutels geforceerd" #: src/tincd.c:461 -#, c-format -msgid "Got unexpected signal (%d) after %s line %d." -msgstr "Ontving onverwacht signaal (%d) na %s regel %d." +#, fuzzy, c-format +msgid "Got unexpected signal %d after %s line %d" +msgstr "Ontving onverwacht signaal %d na %s regel %d" #: src/tincd.c:464 -#, c-format -msgid "Got unexpected signal (%d)." -msgstr "Ontving onverwacht signaal (%d)." +#, fuzzy, c-format +msgid "Got unexpected signal %d" +msgstr "Ontving onverwacht signaal %d" diff --git a/src/protocol.c b/src/protocol.c index 2e9769d2..2cc49ad7 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.12 2000/06/27 20:55:12 guus Exp $ + $Id: protocol.c,v 1.28.4.13 2000/06/28 11:38:00 guus Exp $ */ #include "config.h" @@ -110,8 +110,8 @@ int send_del_host(conn_list_t *cl, conn_list_t *new_host) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending DEL_HOST for " IP_ADDR_S " to " IP_ADDR_S " (%s)"), - IP_ADDR_V(new_host->vpn_ip), IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Sending DEL_HOST for " IP_ADDR_S " (%s) to " IP_ADDR_S " (%s)"), + IP_ADDR_V(new_host->vpn_ip), new_host->hostname, IP_ADDR_V(cl->vpn_ip), cl->hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", DEL_HOST, new_host->vpn_ip); @@ -350,7 +350,7 @@ cp if((write(fw->nexthop->meta_socket, buffer, buflen)) < 0) { - syslog(LOG_ERR, _("send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } cp @@ -579,10 +579,6 @@ cp return -1; } - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got DEL_HOST for " IP_ADDR_S " from " IP_ADDR_S " (%s)"), - IP_ADDR_V(vpn_ip), IP_ADDR_V(cl->vpn_ip), cl->hostname); - if(!(fw = lookup_conn(vpn_ip))) { syslog(LOG_ERR, _("Got DEL_HOST for " IP_ADDR_S " from " IP_ADDR_S " (%s) which does not exist?"), @@ -590,6 +586,10 @@ cp return 0; } + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got DEL_HOST for " IP_ADDR_S " (%s) from " IP_ADDR_S " (%s)"), + IP_ADDR_V(fw->vpn_ip), fw->hostname, IP_ADDR_V(cl->vpn_ip), cl->hostname); + notify_others(fw, cl, send_del_host); fw->status.termreq = 1; diff --git a/src/tincd.c b/src/tincd.c index c9cd09ee..0ae2b7c3 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.1 2000/06/25 15:16:12 guus Exp $ + $Id: tincd.c,v 1.10.4.2 2000/06/28 11:38:01 guus Exp $ */ #include "config.h" @@ -352,7 +352,7 @@ main(int argc, char **argv, char **envp) if(geteuid()) { - fprintf(stderr, _("You must be root to run this program. sorry.\n")); + fprintf(stderr, _("You must be root to run this program. Sorry.\n")); return 1; } From 63c5192d570e2ba5952b4e5a807e4ab4d6fdad76 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 28 Jun 2000 11:39:40 +0000 Subject: [PATCH 027/923] - Fixed missing " in nl.po --- po/nl.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/po/nl.po b/po/nl.po index b94a4506..a32c47e2 100644 --- a/po/nl.po +++ b/po/nl.po @@ -755,7 +755,7 @@ msgstr "Doorsturen ANS_KEY naar " #: src/protocol.c:855 #, fuzzy msgid "Got unauthorized KEY_CHANGED from " -msgstr Kreeg niet-geautoriseerde KEY_CHANGED van " +msgstr "Kreeg niet-geautoriseerde KEY_CHANGED van " #: src/protocol.c:862 #, fuzzy From 8c6c60adf3d5942c6368bafe9a4d4377ffad1abe Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 28 Jun 2000 13:41:02 +0000 Subject: [PATCH 028/923] - Fixed a message in nl.po - Woops, we forgot to send our connection list to our uplink when we connect to it... Fixed. --- po/nl.po | 143 +++++++++++++------------------------------------ src/protocol.c | 16 ++++-- 2 files changed, 48 insertions(+), 111 deletions(-) diff --git a/po/nl.po b/po/nl.po index a32c47e2..fdc53aef 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-06-28 13:12+0200\n" +"POT-Creation-Date: 2000-06-28 13:39+0200\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -44,7 +44,7 @@ msgid "Illegal passphrase in %s; size would be %d" msgstr "Ongeldig wachtwoord in %s; grootte zou %d zijn" #: src/encr.c:153 -#, fuzzy, c-format +#, c-format msgid "Generating %d bits keys" msgstr "%d bits sleutel genereren." @@ -95,7 +95,7 @@ msgid ": done.\n" msgstr ": klaar.\n" #: src/net.c:107 -#, fuzzy, c-format +#, c-format msgid "Sending packet of %d bytes to " msgstr "%d bytes verzonden naar %lx" @@ -116,17 +116,16 @@ msgid " (%s)" msgstr " (%s)" #: src/net.c:112 -#, fuzzy msgid "Error sending packet to " msgstr "Fout bij verzenden van gegevens: %m" #: src/net.c:112 -#, fuzzy, c-format +#, c-format msgid " (%s): %m" msgstr ":%d: %m" #: src/net.c:133 -#, fuzzy, c-format +#, c-format msgid "Receiving packet of %d bytes from " msgstr "Sleutel ontvangen van " @@ -136,7 +135,6 @@ msgid "Can't write to tap device: %m" msgstr "Kan niet naar tap apparaat schrijven: %m" #: src/net.c:240 -#, fuzzy msgid "Queue flushed" msgstr "wachtrij leeggemaakt" @@ -149,17 +147,14 @@ msgid "Flushing receive queue for " msgstr "Legen van de ontvangst-wachtrij voor " #: src/net.c:281 -#, fuzzy msgid "Trying to look up " msgstr "Proberen op te zoeken van " #: src/net.c:281 src/net.c:325 -#, fuzzy msgid " in connection list failed!" msgstr " in verbindingslijst mislukte!" #: src/net.c:293 src/net.c:306 -#, fuzzy msgid "There is no remote host I can send this packet to!" msgstr "Er is geen partner waar ik dit pakket naar kan sturen!" @@ -172,7 +167,6 @@ msgid " via " msgstr " via " #: src/net.c:325 -#, fuzzy msgid "Indirect look up " msgstr "Indirect opzoeken van " @@ -181,17 +175,16 @@ msgid "Double indirection for " msgstr "Dubbele indirectie voor " #: src/net.c:347 -#, fuzzy msgid "Could not open UDP connection to " msgstr "Kon geen UDP verbinding openen naar " #: src/net.c:354 -#, fuzzy, c-format +#, c-format msgid " (%s) has no valid key, queueing packet" msgstr " is niet gereed, pakket wordt in de wachtrij gezet." #: src/net.c:364 -#, fuzzy, c-format +#, c-format msgid " (%s) is not ready, queueing packet" msgstr " is niet gereed, pakket wordt in de wachtrij gezet." @@ -231,7 +224,7 @@ msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" #: src/net.c:501 -#, fuzzy, c-format +#, c-format msgid "Trying to connect to %s" msgstr "Beëindigen verbinding met %s." @@ -241,17 +234,16 @@ msgid ":%d: %m" msgstr ":%d: %m" #: src/net.c:532 -#, fuzzy msgid "Connected to " msgstr "Verbinden naar " #: src/net.c:532 -#, fuzzy, c-format +#, c-format msgid ":%hd" msgstr ",%hd) ontvangen" #: src/net.c:555 -#, fuzzy, c-format +#, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan." @@ -268,37 +260,35 @@ msgid "Unable to set up an incoming vpn data socket" msgstr "Kon geen socket maken voor inkomend vpn verkeer" #: src/net.c:613 -#, fuzzy, c-format +#, c-format msgid "Ready: listening on port %d" msgstr "Gereed: luister op poort %d." #: src/net.c:641 -#, fuzzy, c-format +#, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander. Nieuwe poging over %d seconden." #: src/net.c:679 -#, fuzzy msgid "Trying to re-establish outgoing connection in 5 minutes" msgstr "Poging tot herstellen van uitgaande verbinding over 5 minuten." #: src/net.c:716 -#, fuzzy msgid "Terminating" msgstr "Beëindigen." #: src/net.c:730 -#, fuzzy, c-format +#, c-format msgid "Opening UDP socket to %s" -msgstr "Tijdens openen van UDP socket naar " +msgstr "Bezig met openen UDP socket naar %s" #: src/net.c:735 -#, fuzzy, c-format +#, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak socket mislukte: %m" #: src/net.c:745 -#, fuzzy, c-format +#, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Aanmaak datasocket mislukt: %m" @@ -313,7 +303,7 @@ msgid "Error: getpeername: %m" msgstr "Fout: getpeername: %m" #: src/net.c:790 -#, fuzzy, c-format +#, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s:%d" @@ -323,12 +313,11 @@ msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" #: src/net.c:852 -#, fuzzy, c-format +#, c-format msgid "Receiving packet from %s failed: %m" msgstr "Ontvangen van data mislukt: %m" #: src/net.c:866 -#, fuzzy msgid "Got packet from " msgstr "Kreeg pakket van " @@ -342,17 +331,15 @@ msgid "?" msgstr "?" #: src/net.c:900 -#, fuzzy msgid "Closing connection with " msgstr "Beëindigen verbinding met " #: src/net.c:917 -#, fuzzy msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" #: src/net.c:976 -#, fuzzy, c-format +#, c-format msgid " (%s) didn't respond to ping" msgstr " (%s) antwoordde niet op ping" @@ -362,7 +349,6 @@ msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" #: src/net.c:1015 -#, fuzzy msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" @@ -372,7 +358,6 @@ msgid "Metadata socket error: %s" msgstr "Fout op socket voor metaverkeer: %s" #: src/net.c:1048 -#, fuzzy msgid "Metadata read buffer overflow!" msgstr "Metadata ontvangstbuffer overloop!" @@ -382,7 +367,6 @@ msgid "Metadata socket read error: %m" msgstr "Fout op socket voor metaverkeer tijdens lezen: %m" #: src/net.c:1082 -#, fuzzy msgid "Got request from " msgstr "Ontving verzoek van " @@ -392,7 +376,6 @@ msgid " (%s): %s" msgstr " (%s): %s" #: src/net.c:1088 -#, fuzzy msgid "Unknown request from " msgstr "Onbekend verzoek van " @@ -401,7 +384,6 @@ msgid "Error while processing request from " msgstr "Fout tijdens afhandelen van verzoek van " #: src/net.c:1102 -#, fuzzy msgid "Bogus data received from " msgstr "Onzinnige data ontvangen van " @@ -452,17 +434,15 @@ msgid " at %s flags %d sockets %d, %d status %04x" msgstr " op %s vlaggen %d sockets %d, %d status %04x" #: src/protocol.c:54 -#, fuzzy msgid "Sending ACK to " msgstr "Verzending ACK naar " #: src/protocol.c:61 -#, fuzzy, c-format +#, c-format msgid "Send failed: %d:%d: %m" msgstr "Verzenden mislukte: %d:%d: %m" #: src/protocol.c:66 src/protocol.c:510 -#, fuzzy msgid "Connection with " msgstr "Verbinding met " @@ -472,50 +452,43 @@ msgid " (%s) activated" msgstr " (%s) geactiveerd" #: src/protocol.c:76 -#, fuzzy msgid "Sending TERMREQ to " msgstr "Verzending TERMREQ naar " #: src/protocol.c:84 src/protocol.c:102 src/protocol.c:120 src/protocol.c:138 #: src/protocol.c:156 src/protocol.c:195 src/protocol.c:213 src/protocol.c:241 -#: src/protocol.c:262 src/protocol.c:280 src/protocol.c:323 src/protocol.c:738 -#: src/protocol.c:841 -#, fuzzy, c-format +#: src/protocol.c:262 src/protocol.c:280 src/protocol.c:323 src/protocol.c:353 +#: src/protocol.c:738 src/protocol.c:841 +#, c-format msgid "Send failed: %s:%d: %m" msgstr "Verzenden mislukte: %s:%d: %m" #: src/protocol.c:95 -#, fuzzy msgid "Sending TIMEOUT to " msgstr "Verzending TIMEOUT naar " #: src/protocol.c:113 -#, fuzzy msgid "Sending DEL_HOST for " msgstr "Verzending DEL_HOST voor " #: src/protocol.c:113 src/protocol.c:188 -#, fuzzy, c-format +#, c-format msgid " (%s) to " msgstr " (%s) naar " #: src/protocol.c:131 -#, fuzzy msgid "Sending PING to " msgstr "Verzending PING naar " #: src/protocol.c:149 -#, fuzzy msgid "Sending PONG to " msgstr "Verzending PONG naar " #: src/protocol.c:188 -#, fuzzy msgid "Sending ADD_HOST for " msgstr "Verzending ADD_HOST voor " #: src/protocol.c:206 -#, fuzzy msgid "Sending KEY_CHANGED origin " msgstr "Verzending KEY_CHANGED herkomst " @@ -524,22 +497,19 @@ msgid " to " msgstr " naar " #: src/protocol.c:234 -#, fuzzy, c-format +#, c-format msgid "Sending BASIC_INFO to %s" msgstr "Verzending BASIC_INFO naar %s" #: src/protocol.c:255 -#, fuzzy msgid "Sending PASSPHRASE to " msgstr "Verzending PASSPHRASE naar " #: src/protocol.c:273 -#, fuzzy msgid "Sending PUBLIC_KEY to " msgstr "Verzending PUBLIC_KEY naar " #: src/protocol.c:310 -#, fuzzy msgid "Attempting to send REQ_KEY to " msgstr "Poging tot verzenden REQ_KEY naar " @@ -549,68 +519,54 @@ msgid ", which does not exist?" msgstr ", die niet bestaat?" #: src/protocol.c:316 -#, fuzzy msgid "Sending REQ_KEY to " msgstr "Verzending REQ_KEY naar " #: src/protocol.c:340 -#, fuzzy msgid "Attempting to send ANS_KEY to " msgstr "Poging tot verzenden ANS_KEY naar " #: src/protocol.c:346 -#, fuzzy msgid "Sending ANS_KEY to " msgstr "Verzending ANS_KEY naar " -#: src/protocol.c:353 -#, c-format -msgid "Send failed: %s:%d: %m" -msgstr "Verzenden mislukte: %s:%d: %m" - #: src/protocol.c:400 -#, fuzzy, c-format +#, c-format msgid "Got BASIC_INFO from %s" msgstr "Kreeg BASIC_INFO van %s" #: src/protocol.c:404 -#, fuzzy, c-format +#, c-format msgid "Got bad BASIC_INFO from %s" msgstr "Kreeg ongeldige BASIC_INFO van %s" #: src/protocol.c:411 -#, fuzzy, c-format +#, c-format msgid "Peer uses incompatible protocol version %d" msgstr "De ander gebruikt een niet-compatibel protocol versie %d" #: src/protocol.c:439 -#, fuzzy msgid "Got bad PASSPHRASE from " msgstr "Ongeldig PASSPHRASE verzoek ontvangen: %s" #: src/protocol.c:446 -#, fuzzy msgid "Got PASSPHRASE from " msgstr "PASSPHRASE ontvangen" #: src/protocol.c:464 -#, fuzzy msgid "Got bad PUBLIC_KEY from " msgstr "Kreeg ongeldige PUBLIC_KEY van " #: src/protocol.c:470 -#, fuzzy msgid "Got PUBLIC_KEY from " msgstr "Kreeg PUBLIC_KEY van " #. intruder! #: src/protocol.c:476 -#, fuzzy msgid "Intruder: passphrase does not match!" msgstr "Indringer: wachwoord komt niet overeen!" #: src/protocol.c:506 -#, fuzzy msgid "Got ACK from " msgstr "Kreeg ACK van " @@ -619,7 +575,6 @@ msgid "Got unauthorized TERMREQ from " msgstr "Kreeg niet-geautoriseerde TERMREQ van " #: src/protocol.c:528 -#, fuzzy msgid "Got TERMREQ from " msgstr "Kreeg TERMREQ van " @@ -628,22 +583,18 @@ msgid "Got unauthorized TIMEOUT from " msgstr "Kreeg niet-geautoriseerde TIMEOUT van " #: src/protocol.c:554 -#, fuzzy msgid "Got TIMEOUT from " msgstr "Kreeg TIMEOUT van " #: src/protocol.c:570 -#, fuzzy msgid "Got unauthorized DEL_HOST from " msgstr "Kreeg niet-geautoriseerde DEL_HOST van " #: src/protocol.c:577 -#, fuzzy msgid "Got bad DEL_HOST from " msgstr "Kreeg ongeldige DEL_HOST van " #: src/protocol.c:584 src/protocol.c:590 -#, fuzzy msgid "Got DEL_HOST for " msgstr "Kreeg DEL_HOST voor " @@ -652,12 +603,12 @@ msgid " from " msgstr " van " #: src/protocol.c:584 -#, fuzzy, c-format +#, c-format msgid " (%s) which does not exist?" msgstr " (%s), die niet bestaat?" #: src/protocol.c:590 src/protocol.c:683 -#, fuzzy, c-format +#, c-format msgid " (%s) from " msgstr " (%s) van " @@ -666,7 +617,6 @@ msgid "Got unauthorized PING from " msgstr "Kreeg niet-geautoriseerde PING van " #: src/protocol.c:614 -#, fuzzy msgid "Got PING from " msgstr "Kreeg PING van " @@ -675,7 +625,6 @@ msgid "Got unauthorized PONG from " msgstr "Kreeg niet-geautoriseerde PONG van " #: src/protocol.c:636 -#, fuzzy msgid "Got PONG from " msgstr "Kreeg PONG van " @@ -684,27 +633,22 @@ msgid "Got unauthorized ADD_HOST from " msgstr "Kreeg niet-geautoriseerde ADD_HOST van " #: src/protocol.c:662 -#, fuzzy msgid "Got bad ADD_HOST from " msgstr "Kreeg ongeldige ADD_HOST van " #: src/protocol.c:683 -#, fuzzy msgid "Got ADD_HOST for " msgstr "Kreeg ADD_HOST voor " #: src/protocol.c:699 -#, fuzzy msgid "Got unauthorized REQ_KEY from " msgstr "Kreeg niet-geautoriseerde REQ_KEY van " #: src/protocol.c:706 -#, fuzzy msgid "Got bad REQ_KEY from " msgstr "Kreeg ongeldige REQ_KEY van " #: src/protocol.c:712 -#, fuzzy msgid "Got REQ_KEY origin " msgstr "Kreeg REQ_KEY van " @@ -713,62 +657,50 @@ msgid " destination " msgstr " bestemming " #: src/protocol.c:725 -#, fuzzy msgid "Attempting to forward REQ_KEY to " msgstr "Poging tot doorsturenREQ_KEY naar " #: src/protocol.c:731 -#, fuzzy msgid "Forwarding REQ_KEY to " msgstr "Doorsturen REQ_KEY naar " #: src/protocol.c:790 -#, fuzzy msgid "Got unauthorized ANS_KEY from " msgstr "Kreeg niet-geautoriseerde ANS_KEY van " #: src/protocol.c:797 -#, fuzzy msgid "Got bad ANS_KEY from " msgstr "Kreeg ongeldige ANS_KEY van " #: src/protocol.c:803 -#, fuzzy msgid "Got ANS_KEY origin " msgstr "Kreeg ANS_KEY van " #: src/protocol.c:812 -#, fuzzy msgid "Receiving ANS_KEY from " msgstr "Ontvangst ANS_KEY van " #: src/protocol.c:828 -#, fuzzy msgid "Attempting to forward ANS_KEY to " msgstr "Poging tot doorsturen ANS_KEY naar " #: src/protocol.c:834 -#, fuzzy msgid "Forwarding ANS_KEY to " msgstr "Doorsturen ANS_KEY naar " #: src/protocol.c:855 -#, fuzzy msgid "Got unauthorized KEY_CHANGED from " msgstr "Kreeg niet-geautoriseerde KEY_CHANGED van " #: src/protocol.c:862 -#, fuzzy msgid "Got bad KEY_CHANGED from " msgstr "Kreeg ongeldige KEY_CHANGED van " #: src/protocol.c:868 -#, fuzzy msgid "Got KEY_CHANGED origin " msgstr "Kreeg KEY_CHANGED herkomst " #: src/protocol.c:875 -#, fuzzy msgid "Got KEY_CHANGED from " msgstr "Kreeg KEY_CHANGED van " @@ -824,23 +756,23 @@ msgid "Invalid timeout value `%s'.\n" msgstr "Ongeldige timeout waarde `%s'.\n" #: src/tincd.c:159 -#, fuzzy, c-format +#, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken); beëindigen." #: src/tincd.c:214 -#, fuzzy, c-format +#, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) gestart, debugniveau %d." #: src/tincd.c:217 -#, fuzzy, c-format +#, c-format msgid "tincd %s starting" msgstr "tincd %s gestart" #: src/tincd.c:232 -#, fuzzy, c-format +#, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " @@ -918,12 +850,11 @@ msgid "Got another SEGV signal: not restarting" msgstr "Kreeg nog een SEGV signaal: niet herstarten" #: src/tincd.c:413 -#, fuzzy, c-format +#, c-format msgid "Got SEGV signal after %s line %d, trying to re-execute" msgstr "Kreeg SEGV signaal na %s regel %d. Probeer opnieuw opstarten." #: src/tincd.c:416 -#, fuzzy msgid "Got SEGV signal, trying to re-execute" msgstr "Kreeg SEGV signaal, probeer opnieuw opstarten" @@ -940,11 +871,11 @@ msgid "Forcing new key generation" msgstr "Nieuwe sleutels geforceerd" #: src/tincd.c:461 -#, fuzzy, c-format +#, c-format msgid "Got unexpected signal %d after %s line %d" msgstr "Ontving onverwacht signaal %d na %s regel %d" #: src/tincd.c:464 -#, fuzzy, c-format +#, c-format msgid "Got unexpected signal %d" msgstr "Ontving onverwacht signaal %d" diff --git a/src/protocol.c b/src/protocol.c index 2cc49ad7..d079dfb4 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.13 2000/06/28 11:38:00 guus Exp $ + $Id: protocol.c,v 1.28.4.14 2000/06/28 13:41:02 guus Exp $ */ #include "config.h" @@ -61,10 +61,6 @@ cp syslog(LOG_ERR, _("Send failed: %d:%d: %m"), __FILE__, __LINE__); return -1; } - - if(debug_lvl > 0) - syslog(LOG_NOTICE, _("Connection with " IP_ADDR_S " (%s) activated"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); cp return 0; } @@ -492,6 +488,11 @@ cp terminate_connection(old); cl->status.active = 1; + + if(debug_lvl > 0) + syslog(LOG_NOTICE, _("Connection with " IP_ADDR_S " (%s) activated"), + IP_ADDR_V(cl->vpn_ip), cl->hostname); + notify_others(cl, NULL, send_add_host); notify_one(cl); } @@ -507,8 +508,13 @@ cp IP_ADDR_V(cl->vpn_ip), cl->hostname); cl->status.active = 1; + syslog(LOG_NOTICE, _("Connection with " IP_ADDR_S " (%s) activated"), IP_ADDR_V(cl->vpn_ip), cl->hostname); + + notify_others(cl, NULL, send_add_host); + notify_one(cl); + upstreamindex = 0; cp return 0; From 3df9b89204626afdd514d5b7323801af76a5cd26 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 28 Jun 2000 14:34:40 +0000 Subject: [PATCH 029/923] - Added log message when SIGCHLD is received ("thanks" to Ivo van Dong) --- po/nl.po | 252 +++++++++++++++++++--------------------------------- src/tincd.c | 3 +- 2 files changed, 92 insertions(+), 163 deletions(-) diff --git a/po/nl.po b/po/nl.po index fdc53aef..8d180260 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-06-28 13:39+0200\n" +"POT-Creation-Date: 2000-06-28 16:29+0200\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -14,62 +14,50 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" #: src/conf.c:167 -#, c-format msgid "%s: %d: Invalid variable name `%s'.\n" msgstr "%s: %d: Ongeldige variabelenaam `%s'.\n" #: src/conf.c:174 -#, c-format msgid "%s: %d: No value given for `%s'.\n" msgstr "%s: %d: Geen waarde gegeven voor `%s'.\n" #: src/conf.c:182 -#, c-format msgid "%s: %d: Invalid value `%s' for variable `%s'.\n" msgstr "%s: %d: Ongeldige waarde `%s' voor variabele `%s'.\n" #: src/conf.c:203 -#, c-format msgid "Could not open %s: %s\n" msgstr "Kon %s niet openen: %s\n" #: src/encr.c:112 src/net.c:390 -#, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" #: src/encr.c:119 -#, c-format msgid "Illegal passphrase in %s; size would be %d" msgstr "Ongeldig wachtwoord in %s; grootte zou %d zijn" #: src/encr.c:153 -#, c-format msgid "Generating %d bits keys" msgstr "%d bits sleutel genereren." #: src/encr.c:157 -#, c-format msgid "Opening /dev/urandom failed: %m" msgstr "Openen van /dev/urandom mislukt: %m" #: src/encr.c:222 -#, c-format msgid "Encryption key set to %s" msgstr "Sleutel ingesteld op %s" #: src/genauth.c:48 -#, c-format msgid "Usage: %s bits\n" msgstr "Gebruik: %s bits\n" #: src/genauth.c:57 -#, c-format msgid "Illegal number: %s\n" msgstr "Ongeldig nummer: %s\n" #: src/genauth.c:62 -#, c-format msgid "Generating %d bits number" msgstr "Genereren van %d bits nummer" @@ -95,23 +83,21 @@ msgid ": done.\n" msgstr ": klaar.\n" #: src/net.c:107 -#, c-format msgid "Sending packet of %d bytes to " msgstr "%d bytes verzonden naar %lx" #: src/net.c:107 src/net.c:133 src/net.c:347 src/net.c:900 src/net.c:1088 -#: src/net.c:1095 src/net.c:1102 src/protocol.c:54 src/protocol.c:76 -#: src/protocol.c:95 src/protocol.c:113 src/protocol.c:131 src/protocol.c:149 -#: src/protocol.c:188 src/protocol.c:206 src/protocol.c:255 src/protocol.c:273 -#: src/protocol.c:316 src/protocol.c:346 src/protocol.c:439 src/protocol.c:446 -#: src/protocol.c:464 src/protocol.c:470 src/protocol.c:506 src/protocol.c:522 -#: src/protocol.c:528 src/protocol.c:548 src/protocol.c:554 src/protocol.c:570 -#: src/protocol.c:577 src/protocol.c:590 src/protocol.c:608 src/protocol.c:614 -#: src/protocol.c:630 src/protocol.c:636 src/protocol.c:655 src/protocol.c:662 -#: src/protocol.c:683 src/protocol.c:699 src/protocol.c:706 src/protocol.c:712 -#: src/protocol.c:731 src/protocol.c:790 src/protocol.c:797 src/protocol.c:803 -#: src/protocol.c:834 src/protocol.c:855 src/protocol.c:862 src/protocol.c:868 -#, c-format +#: src/net.c:1095 src/net.c:1102 src/protocol.c:54 src/protocol.c:72 +#: src/protocol.c:91 src/protocol.c:109 src/protocol.c:127 src/protocol.c:145 +#: src/protocol.c:184 src/protocol.c:202 src/protocol.c:251 src/protocol.c:269 +#: src/protocol.c:312 src/protocol.c:342 src/protocol.c:435 src/protocol.c:442 +#: src/protocol.c:460 src/protocol.c:466 src/protocol.c:507 src/protocol.c:528 +#: src/protocol.c:534 src/protocol.c:554 src/protocol.c:560 src/protocol.c:576 +#: src/protocol.c:583 src/protocol.c:596 src/protocol.c:614 src/protocol.c:620 +#: src/protocol.c:636 src/protocol.c:642 src/protocol.c:661 src/protocol.c:668 +#: src/protocol.c:689 src/protocol.c:705 src/protocol.c:712 src/protocol.c:718 +#: src/protocol.c:737 src/protocol.c:796 src/protocol.c:803 src/protocol.c:809 +#: src/protocol.c:840 src/protocol.c:861 src/protocol.c:868 src/protocol.c:874 msgid " (%s)" msgstr " (%s)" @@ -120,17 +106,14 @@ msgid "Error sending packet to " msgstr "Fout bij verzenden van gegevens: %m" #: src/net.c:112 -#, c-format msgid " (%s): %m" msgstr ":%d: %m" #: src/net.c:133 -#, c-format msgid "Receiving packet of %d bytes from " msgstr "Sleutel ontvangen van " #: src/net.c:137 -#, c-format msgid "Can't write to tap device: %m" msgstr "Kan niet naar tap apparaat schrijven: %m" @@ -179,57 +162,46 @@ msgid "Could not open UDP connection to " msgstr "Kon geen UDP verbinding openen naar " #: src/net.c:354 -#, c-format msgid " (%s) has no valid key, queueing packet" msgstr " is niet gereed, pakket wordt in de wachtrij gezet." #: src/net.c:364 -#, c-format msgid " (%s) is not ready, queueing packet" msgstr " is niet gereed, pakket wordt in de wachtrij gezet." #: src/net.c:411 -#, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" #: src/net.c:417 src/net.c:466 -#, c-format msgid "setsockopt: %m" msgstr "setsockopt: %m" #: src/net.c:424 src/net.c:473 src/net.c:528 -#, c-format msgid "fcntl: %m" msgstr "fcntl: %m" #: src/net.c:435 -#, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" #: src/net.c:441 -#, c-format msgid "listen: %m" msgstr "listen: %m" #: src/net.c:460 src/net.c:511 -#, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" #: src/net.c:484 -#, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" #: src/net.c:501 -#, c-format msgid "Trying to connect to %s" msgstr "Beëindigen verbinding met %s." #: src/net.c:521 -#, c-format msgid ":%d: %m" msgstr ":%d: %m" @@ -238,12 +210,10 @@ msgid "Connected to " msgstr "Verbinden naar " #: src/net.c:532 -#, c-format msgid ":%hd" msgstr ",%hd) ontvangen" #: src/net.c:555 -#, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan." @@ -260,12 +230,10 @@ msgid "Unable to set up an incoming vpn data socket" msgstr "Kon geen socket maken voor inkomend vpn verkeer" #: src/net.c:613 -#, c-format msgid "Ready: listening on port %d" msgstr "Gereed: luister op poort %d." #: src/net.c:641 -#, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander. Nieuwe poging over %d seconden." @@ -278,42 +246,34 @@ msgid "Terminating" msgstr "Beëindigen." #: src/net.c:730 -#, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" #: src/net.c:735 -#, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak socket mislukte: %m" #: src/net.c:745 -#, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Aanmaak datasocket mislukt: %m" #: src/net.c:753 src/net.c:839 src/net.c:1037 -#, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" #: src/net.c:777 -#, c-format msgid "Error: getpeername: %m" msgstr "Fout: getpeername: %m" #: src/net.c:790 -#, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s:%d" #: src/net.c:844 -#, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" #: src/net.c:852 -#, c-format msgid "Receiving packet from %s failed: %m" msgstr "Ontvangen van data mislukt: %m" @@ -322,7 +282,6 @@ msgid "Got packet from " msgstr "Kreeg pakket van " #: src/net.c:866 -#, c-format msgid " (%s) with unknown origin " msgstr " (%s) met onbekende herkomst " @@ -339,12 +298,10 @@ msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" #: src/net.c:976 -#, c-format msgid " (%s) didn't respond to ping" msgstr " (%s) antwoordde niet op ping" #: src/net.c:1007 -#, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" @@ -353,7 +310,6 @@ msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" #: src/net.c:1042 -#, c-format msgid "Metadata socket error: %s" msgstr "Fout op socket voor metaverkeer: %s" @@ -362,7 +318,6 @@ msgid "Metadata read buffer overflow!" msgstr "Metadata ontvangstbuffer overloop!" #: src/net.c:1058 -#, c-format msgid "Metadata socket read error: %m" msgstr "Fout op socket voor metaverkeer tijdens lezen: %m" @@ -371,7 +326,6 @@ msgid "Got request from " msgstr "Ontving verzoek van " #: src/net.c:1082 -#, c-format msgid " (%s): %s" msgstr " (%s): %s" @@ -388,17 +342,14 @@ msgid "Bogus data received from " msgstr "Onzinnige data ontvangen van " #: src/net.c:1147 -#, c-format msgid "Outgoing data socket error: %s" msgstr "Fout op socket voor uitgaand verkeer: %s" #: src/net.c:1182 -#, c-format msgid "Error while reading from tapdevice: %m" msgstr "Fout tijdens lezen van tap-apparaatbestand tijdens lezen: %m" #: src/net.c:1192 -#, c-format msgid "Non-IP ethernet frame %04x from " msgstr "Niet-IP ethernet pakket %04x van " @@ -407,12 +358,10 @@ msgid "Dropping short packet" msgstr "Te kort pakket genegeerd" #: src/net.c:1239 -#, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" #: src/netutl.c:218 -#, c-format msgid "Error looking up `%s': %s\n" msgstr "Fout bij het opzoeken van `%s': %s\n" @@ -429,7 +378,6 @@ msgid "/" msgstr "/" #: src/netutl.c:246 -#, c-format msgid " at %s flags %d sockets %d, %d status %04x" msgstr " op %s vlaggen %d sockets %d, %d status %04x" @@ -438,279 +386,267 @@ msgid "Sending ACK to " msgstr "Verzending ACK naar " #: src/protocol.c:61 -#, c-format msgid "Send failed: %d:%d: %m" msgstr "Verzenden mislukte: %d:%d: %m" -#: src/protocol.c:66 src/protocol.c:510 -msgid "Connection with " -msgstr "Verbinding met " - -#: src/protocol.c:66 src/protocol.c:510 -#, c-format -msgid " (%s) activated" -msgstr " (%s) geactiveerd" - -#: src/protocol.c:76 +#: src/protocol.c:72 msgid "Sending TERMREQ to " msgstr "Verzending TERMREQ naar " -#: src/protocol.c:84 src/protocol.c:102 src/protocol.c:120 src/protocol.c:138 -#: src/protocol.c:156 src/protocol.c:195 src/protocol.c:213 src/protocol.c:241 -#: src/protocol.c:262 src/protocol.c:280 src/protocol.c:323 src/protocol.c:353 -#: src/protocol.c:738 src/protocol.c:841 -#, c-format +#: src/protocol.c:80 src/protocol.c:98 src/protocol.c:116 src/protocol.c:134 +#: src/protocol.c:152 src/protocol.c:191 src/protocol.c:209 src/protocol.c:237 +#: src/protocol.c:258 src/protocol.c:276 src/protocol.c:319 src/protocol.c:349 +#: src/protocol.c:744 src/protocol.c:847 msgid "Send failed: %s:%d: %m" msgstr "Verzenden mislukte: %s:%d: %m" -#: src/protocol.c:95 +#: src/protocol.c:91 msgid "Sending TIMEOUT to " msgstr "Verzending TIMEOUT naar " -#: src/protocol.c:113 +#: src/protocol.c:109 msgid "Sending DEL_HOST for " msgstr "Verzending DEL_HOST voor " -#: src/protocol.c:113 src/protocol.c:188 -#, c-format +#: src/protocol.c:109 src/protocol.c:184 msgid " (%s) to " msgstr " (%s) naar " -#: src/protocol.c:131 +#: src/protocol.c:127 msgid "Sending PING to " msgstr "Verzending PING naar " -#: src/protocol.c:149 +#: src/protocol.c:145 msgid "Sending PONG to " msgstr "Verzending PONG naar " -#: src/protocol.c:188 +#: src/protocol.c:184 msgid "Sending ADD_HOST for " msgstr "Verzending ADD_HOST voor " -#: src/protocol.c:206 +#: src/protocol.c:202 msgid "Sending KEY_CHANGED origin " msgstr "Verzending KEY_CHANGED herkomst " -#: src/protocol.c:206 +#: src/protocol.c:202 msgid " to " msgstr " naar " -#: src/protocol.c:234 -#, c-format +#: src/protocol.c:230 msgid "Sending BASIC_INFO to %s" msgstr "Verzending BASIC_INFO naar %s" -#: src/protocol.c:255 +#: src/protocol.c:251 msgid "Sending PASSPHRASE to " msgstr "Verzending PASSPHRASE naar " -#: src/protocol.c:273 +#: src/protocol.c:269 msgid "Sending PUBLIC_KEY to " msgstr "Verzending PUBLIC_KEY naar " -#: src/protocol.c:310 +#: src/protocol.c:306 msgid "Attempting to send REQ_KEY to " msgstr "Poging tot verzenden REQ_KEY naar " -#: src/protocol.c:310 src/protocol.c:340 src/protocol.c:725 src/protocol.c:812 -#: src/protocol.c:828 src/protocol.c:875 +#: src/protocol.c:306 src/protocol.c:336 src/protocol.c:731 src/protocol.c:818 +#: src/protocol.c:834 src/protocol.c:881 msgid ", which does not exist?" msgstr ", die niet bestaat?" -#: src/protocol.c:316 +#: src/protocol.c:312 msgid "Sending REQ_KEY to " msgstr "Verzending REQ_KEY naar " -#: src/protocol.c:340 +#: src/protocol.c:336 msgid "Attempting to send ANS_KEY to " msgstr "Poging tot verzenden ANS_KEY naar " -#: src/protocol.c:346 +#: src/protocol.c:342 msgid "Sending ANS_KEY to " msgstr "Verzending ANS_KEY naar " -#: src/protocol.c:400 -#, c-format +#: src/protocol.c:396 msgid "Got BASIC_INFO from %s" msgstr "Kreeg BASIC_INFO van %s" -#: src/protocol.c:404 -#, c-format +#: src/protocol.c:400 msgid "Got bad BASIC_INFO from %s" msgstr "Kreeg ongeldige BASIC_INFO van %s" -#: src/protocol.c:411 -#, c-format +#: src/protocol.c:407 msgid "Peer uses incompatible protocol version %d" msgstr "De ander gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:439 +#: src/protocol.c:435 msgid "Got bad PASSPHRASE from " msgstr "Ongeldig PASSPHRASE verzoek ontvangen: %s" -#: src/protocol.c:446 +#: src/protocol.c:442 msgid "Got PASSPHRASE from " msgstr "PASSPHRASE ontvangen" -#: src/protocol.c:464 +#: src/protocol.c:460 msgid "Got bad PUBLIC_KEY from " msgstr "Kreeg ongeldige PUBLIC_KEY van " -#: src/protocol.c:470 +#: src/protocol.c:466 msgid "Got PUBLIC_KEY from " msgstr "Kreeg PUBLIC_KEY van " #. intruder! -#: src/protocol.c:476 +#: src/protocol.c:472 msgid "Intruder: passphrase does not match!" msgstr "Indringer: wachwoord komt niet overeen!" -#: src/protocol.c:506 +#: src/protocol.c:493 src/protocol.c:512 +msgid "Connection with " +msgstr "Verbinding met " + +#: src/protocol.c:493 src/protocol.c:512 +msgid " (%s) activated" +msgstr " (%s) geactiveerd" + +#: src/protocol.c:507 msgid "Got ACK from " msgstr "Kreeg ACK van " -#: src/protocol.c:522 +#: src/protocol.c:528 msgid "Got unauthorized TERMREQ from " msgstr "Kreeg niet-geautoriseerde TERMREQ van " -#: src/protocol.c:528 +#: src/protocol.c:534 msgid "Got TERMREQ from " msgstr "Kreeg TERMREQ van " -#: src/protocol.c:548 +#: src/protocol.c:554 msgid "Got unauthorized TIMEOUT from " msgstr "Kreeg niet-geautoriseerde TIMEOUT van " -#: src/protocol.c:554 +#: src/protocol.c:560 msgid "Got TIMEOUT from " msgstr "Kreeg TIMEOUT van " -#: src/protocol.c:570 +#: src/protocol.c:576 msgid "Got unauthorized DEL_HOST from " msgstr "Kreeg niet-geautoriseerde DEL_HOST van " -#: src/protocol.c:577 +#: src/protocol.c:583 msgid "Got bad DEL_HOST from " msgstr "Kreeg ongeldige DEL_HOST van " -#: src/protocol.c:584 src/protocol.c:590 +#: src/protocol.c:590 src/protocol.c:596 msgid "Got DEL_HOST for " msgstr "Kreeg DEL_HOST voor " -#: src/protocol.c:584 src/protocol.c:712 src/protocol.c:803 src/protocol.c:868 +#: src/protocol.c:590 src/protocol.c:718 src/protocol.c:809 src/protocol.c:874 msgid " from " msgstr " van " -#: src/protocol.c:584 -#, c-format +#: src/protocol.c:590 msgid " (%s) which does not exist?" msgstr " (%s), die niet bestaat?" -#: src/protocol.c:590 src/protocol.c:683 -#, c-format +#: src/protocol.c:596 src/protocol.c:689 msgid " (%s) from " msgstr " (%s) van " -#: src/protocol.c:608 +#: src/protocol.c:614 msgid "Got unauthorized PING from " msgstr "Kreeg niet-geautoriseerde PING van " -#: src/protocol.c:614 +#: src/protocol.c:620 msgid "Got PING from " msgstr "Kreeg PING van " -#: src/protocol.c:630 +#: src/protocol.c:636 msgid "Got unauthorized PONG from " msgstr "Kreeg niet-geautoriseerde PONG van " -#: src/protocol.c:636 +#: src/protocol.c:642 msgid "Got PONG from " msgstr "Kreeg PONG van " -#: src/protocol.c:655 +#: src/protocol.c:661 msgid "Got unauthorized ADD_HOST from " msgstr "Kreeg niet-geautoriseerde ADD_HOST van " -#: src/protocol.c:662 +#: src/protocol.c:668 msgid "Got bad ADD_HOST from " msgstr "Kreeg ongeldige ADD_HOST van " -#: src/protocol.c:683 +#: src/protocol.c:689 msgid "Got ADD_HOST for " msgstr "Kreeg ADD_HOST voor " -#: src/protocol.c:699 +#: src/protocol.c:705 msgid "Got unauthorized REQ_KEY from " msgstr "Kreeg niet-geautoriseerde REQ_KEY van " -#: src/protocol.c:706 +#: src/protocol.c:712 msgid "Got bad REQ_KEY from " msgstr "Kreeg ongeldige REQ_KEY van " -#: src/protocol.c:712 +#: src/protocol.c:718 msgid "Got REQ_KEY origin " msgstr "Kreeg REQ_KEY van " -#: src/protocol.c:712 src/protocol.c:803 +#: src/protocol.c:718 src/protocol.c:809 msgid " destination " msgstr " bestemming " -#: src/protocol.c:725 +#: src/protocol.c:731 msgid "Attempting to forward REQ_KEY to " msgstr "Poging tot doorsturenREQ_KEY naar " -#: src/protocol.c:731 +#: src/protocol.c:737 msgid "Forwarding REQ_KEY to " msgstr "Doorsturen REQ_KEY naar " -#: src/protocol.c:790 +#: src/protocol.c:796 msgid "Got unauthorized ANS_KEY from " msgstr "Kreeg niet-geautoriseerde ANS_KEY van " -#: src/protocol.c:797 +#: src/protocol.c:803 msgid "Got bad ANS_KEY from " msgstr "Kreeg ongeldige ANS_KEY van " -#: src/protocol.c:803 +#: src/protocol.c:809 msgid "Got ANS_KEY origin " msgstr "Kreeg ANS_KEY van " -#: src/protocol.c:812 +#: src/protocol.c:818 msgid "Receiving ANS_KEY from " msgstr "Ontvangst ANS_KEY van " -#: src/protocol.c:828 +#: src/protocol.c:834 msgid "Attempting to forward ANS_KEY to " msgstr "Poging tot doorsturen ANS_KEY naar " -#: src/protocol.c:834 +#: src/protocol.c:840 msgid "Forwarding ANS_KEY to " msgstr "Doorsturen ANS_KEY naar " -#: src/protocol.c:855 +#: src/protocol.c:861 msgid "Got unauthorized KEY_CHANGED from " msgstr "Kreeg niet-geautoriseerde KEY_CHANGED van " -#: src/protocol.c:862 +#: src/protocol.c:868 msgid "Got bad KEY_CHANGED from " msgstr "Kreeg ongeldige KEY_CHANGED van " -#: src/protocol.c:868 +#: src/protocol.c:874 msgid "Got KEY_CHANGED origin " msgstr "Kreeg KEY_CHANGED herkomst " -#: src/protocol.c:875 +#: src/protocol.c:881 msgid "Got KEY_CHANGED from " msgstr "Kreeg KEY_CHANGED van " #: src/tincd.c:95 -#, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" #: src/tincd.c:98 -#, c-format msgid "" "Usage: %s [option]...\n" "\n" @@ -751,45 +687,37 @@ msgstr "" "meld fouten in de vertaling aan vertaling@nl.linux.org.\n" #: src/tincd.c:145 -#, c-format msgid "Invalid timeout value `%s'.\n" msgstr "Ongeldige timeout waarde `%s'.\n" #: src/tincd.c:159 -#, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken); beëindigen." #: src/tincd.c:214 -#, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) gestart, debugniveau %d." #: src/tincd.c:217 -#, c-format msgid "tincd %s starting" msgstr "tincd %s gestart" #: src/tincd.c:232 -#, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " "socket %d." #: src/tincd.c:250 -#, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd voor net `%s' draait al met procesnummer %d.\n" #: src/tincd.c:253 -#, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met procesnummer %d.\n" #: src/tincd.c:274 -#, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd gevonden voor net `%s'.\n" @@ -802,7 +730,6 @@ msgid "Removing stale lock file.\n" msgstr "Ongebruikt vergrendelingsbestand verwijderd.\n" #: src/tincd.c:339 -#, c-format msgid "%s version %s\n" msgstr "%s versie %s\n" @@ -850,7 +777,6 @@ msgid "Got another SEGV signal: not restarting" msgstr "Kreeg nog een SEGV signaal: niet herstarten" #: src/tincd.c:413 -#, c-format msgid "Got SEGV signal after %s line %d, trying to re-execute" msgstr "Kreeg SEGV signaal na %s regel %d. Probeer opnieuw opstarten." @@ -871,11 +797,13 @@ msgid "Forcing new key generation" msgstr "Nieuwe sleutels geforceerd" #: src/tincd.c:461 -#, c-format msgid "Got unexpected signal %d after %s line %d" -msgstr "Ontving onverwacht signaal %d na %s regel %d" +msgstr "Kreeg onverwacht signaal %d na %s regel %d" #: src/tincd.c:464 -#, c-format msgid "Got unexpected signal %d" -msgstr "Ontving onverwacht signaal %d" +msgstr "Kreeg onverwacht signaal %d" + +#: src/tincd.c:493 +msgid "Got SIGCHLD: exitting immediately" +msgstr "Kreeg SIGCHLD: directe beëindiging" diff --git a/src/tincd.c b/src/tincd.c index 0ae2b7c3..e4549ecb 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.2 2000/06/28 11:38:01 guus Exp $ + $Id: tincd.c,v 1.10.4.3 2000/06/28 14:34:40 guus Exp $ */ #include "config.h" @@ -490,5 +490,6 @@ setup_signals(void) RETSIGTYPE parent_exit(int a) { + syslog(LOG_NOTICE, _("Got SIGCHLD: exitting immediately")); exit(0); } From f2c9e7f3bbada3fbfe80f622ebc06540afb60c21 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 28 Jun 2000 21:01:45 +0000 Subject: [PATCH 030/923] Removed Free Software Foundation copyright, because Guus Sliepen contributed significantly. --- po/nl.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/po/nl.po b/po/nl.po index 8d180260..47323224 100644 --- a/po/nl.po +++ b/po/nl.po @@ -1,5 +1,5 @@ # Dutch messages for tinc -# Copyright (C) 1999, 2000 Free Software Foundation, Inc. +# Copyright (C) 1999, 2000 Ivo Timmermans # Ivo Timmermans , 1999, 2000. # msgid "" From 0a155580a3d55633bbc3a1e7dcbe8906f41913be Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 28 Jun 2000 21:06:40 +0000 Subject: [PATCH 031/923] Oops, and mention Guus too. --- po/nl.po | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/po/nl.po b/po/nl.po index 47323224..86586a95 100644 --- a/po/nl.po +++ b/po/nl.po @@ -1,6 +1,7 @@ # Dutch messages for tinc -# Copyright (C) 1999, 2000 Ivo Timmermans +# Copyright (C) 1999, 2000 Ivo Timmermans, Guus Sliepen. # Ivo Timmermans , 1999, 2000. +# Guus Sliepen , 2000. # msgid "" msgstr "" From e0ddb638d1fb7abf19969ac887f3b7a2bd8225c1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 29 Jun 2000 07:11:23 +0000 Subject: [PATCH 032/923] - Updated Dutch translation. --- po/nl.po | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/po/nl.po b/po/nl.po index 86586a95..d75f3487 100644 --- a/po/nl.po +++ b/po/nl.po @@ -40,7 +40,7 @@ msgstr "Ongeldig wachtwoord in %s; grootte zou %d zijn" #: src/encr.c:153 msgid "Generating %d bits keys" -msgstr "%d bits sleutel genereren." +msgstr "%d bits sleutel genereren" #: src/encr.c:157 msgid "Opening /dev/urandom failed: %m" @@ -85,7 +85,7 @@ msgstr ": klaar.\n" #: src/net.c:107 msgid "Sending packet of %d bytes to " -msgstr "%d bytes verzonden naar %lx" +msgstr "Verzending pakket van %d bytes naar " #: src/net.c:107 src/net.c:133 src/net.c:347 src/net.c:900 src/net.c:1088 #: src/net.c:1095 src/net.c:1102 src/protocol.c:54 src/protocol.c:72 @@ -104,15 +104,15 @@ msgstr " (%s)" #: src/net.c:112 msgid "Error sending packet to " -msgstr "Fout bij verzenden van gegevens: %m" +msgstr "Fout tijdens verzenden pakket naar " #: src/net.c:112 msgid " (%s): %m" -msgstr ":%d: %m" +msgstr " (%s): %m" #: src/net.c:133 msgid "Receiving packet of %d bytes from " -msgstr "Sleutel ontvangen van " +msgstr "Ontvangst pakket van %d bytes van " #: src/net.c:137 msgid "Can't write to tap device: %m" @@ -120,11 +120,11 @@ msgstr "Kan niet naar tap apparaat schrijven: %m" #: src/net.c:240 msgid "Queue flushed" -msgstr "wachtrij leeggemaakt" +msgstr "Wachtrij leeggemaakt" #: src/net.c:255 msgid "Flushing send queue for " -msgstr "Legen van verzend-wachtrij naar " +msgstr "Legen van verzend-wachtrij voor " #: src/net.c:263 msgid "Flushing receive queue for " @@ -164,11 +164,11 @@ msgstr "Kon geen UDP verbinding openen naar " #: src/net.c:354 msgid " (%s) has no valid key, queueing packet" -msgstr " is niet gereed, pakket wordt in de wachtrij gezet." +msgstr " (%s) heeft geen geldige sleutel, pakket wordt in de wachtrij gezet." #: src/net.c:364 msgid " (%s) is not ready, queueing packet" -msgstr " is niet gereed, pakket wordt in de wachtrij gezet." +msgstr " (%s) is niet gereed, pakket wordt in de wachtrij gezet." #: src/net.c:411 msgid "Creating metasocket failed: %m" @@ -200,7 +200,7 @@ msgstr "Kan niet aan poort %hd/udp binden: %m" #: src/net.c:501 msgid "Trying to connect to %s" -msgstr "Beëindigen verbinding met %s." +msgstr "Poging tot verbinding met %s" #: src/net.c:521 msgid ":%d: %m" @@ -208,15 +208,15 @@ msgstr ":%d: %m" #: src/net.c:532 msgid "Connected to " -msgstr "Verbinden naar " +msgstr "Verbonden met " #: src/net.c:532 msgid ":%hd" -msgstr ",%hd) ontvangen" +msgstr ":%hd" #: src/net.c:555 msgid "Could not set up a meta connection to %s" -msgstr "Kon geen metaverbinding aangaan." +msgstr "Kon geen metaverbinding aangaan met %s" #: src/net.c:580 msgid "No value for my VPN IP given" @@ -232,19 +232,19 @@ msgstr "Kon geen socket maken voor inkomend vpn verkeer" #: src/net.c:613 msgid "Ready: listening on port %d" -msgstr "Gereed: luister op poort %d." +msgstr "Gereed: luisterend op poort %d" #: src/net.c:641 msgid "Still failed to connect to other, will retry in %d seconds" -msgstr "Wederom niet verbonden met de ander. Nieuwe poging over %d seconden." +msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" #: src/net.c:679 msgid "Trying to re-establish outgoing connection in 5 minutes" -msgstr "Poging tot herstellen van uitgaande verbinding over 5 minuten." +msgstr "Poging tot herstellen van uitgaande verbinding over 5 minuten" #: src/net.c:716 msgid "Terminating" -msgstr "Beëindigen." +msgstr "Beëindigen" #: src/net.c:730 msgid "Opening UDP socket to %s" @@ -252,11 +252,11 @@ msgstr "Bezig met openen UDP socket naar %s" #: src/net.c:735 msgid "Creating UDP socket failed: %m" -msgstr "Aanmaak socket mislukte: %m" +msgstr "Aanmaak UDP socket mislukte: %m" #: src/net.c:745 msgid "Connecting to %s port %d failed: %m" -msgstr "Aanmaak datasocket mislukt: %m" +msgstr "Verbinding naar %s poort %d mislukt: %m" #: src/net.c:753 src/net.c:839 src/net.c:1037 msgid "This is a bug: %s:%d: %d:%m" @@ -268,7 +268,7 @@ msgstr "Fout: getpeername: %m" #: src/net.c:790 msgid "Connection from %s port %d" -msgstr "Verbinding van %s:%d" +msgstr "Verbinding van %s poort %d" #: src/net.c:844 msgid "Incoming data socket error: %s" @@ -276,7 +276,7 @@ msgstr "Fout op socket voor inkomend verkeer: %s" #: src/net.c:852 msgid "Receiving packet from %s failed: %m" -msgstr "Ontvangen van data mislukt: %m" +msgstr "Ontvangst pakket van %s mislukt: %m" #: src/net.c:866 msgid "Got packet from " From e8e7379311ca3bf6e1fdd7d0f477a43e510e2317 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 29 Jun 2000 13:04:15 +0000 Subject: [PATCH 033/923] - Removed all IP_ADDR_S macros, because gettext doesn't like them. Each connection now has two hostnames: real_hostname (replacing the old), and vpn_hostname. In those places where hostnames really aren't usefull IP_ADDR_S has been replaced by %d.%d.%d.%d. --- po/nl.po | 660 +++++++++++++++++++++++++++---------------------- src/net.c | 94 +++---- src/net.h | 5 +- src/netutl.c | 14 +- src/protocol.c | 219 ++++++++-------- 5 files changed, 530 insertions(+), 462 deletions(-) diff --git a/po/nl.po b/po/nl.po index d75f3487..bcdcf0b8 100644 --- a/po/nl.po +++ b/po/nl.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-06-28 16:29+0200\n" +"POT-Creation-Date: 2000-06-29 14:53+0200\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -15,50 +15,62 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" #: src/conf.c:167 +#, c-format msgid "%s: %d: Invalid variable name `%s'.\n" msgstr "%s: %d: Ongeldige variabelenaam `%s'.\n" #: src/conf.c:174 +#, c-format msgid "%s: %d: No value given for `%s'.\n" msgstr "%s: %d: Geen waarde gegeven voor `%s'.\n" #: src/conf.c:182 +#, c-format msgid "%s: %d: Invalid value `%s' for variable `%s'.\n" msgstr "%s: %d: Ongeldige waarde `%s' voor variabele `%s'.\n" #: src/conf.c:203 +#, c-format msgid "Could not open %s: %s\n" msgstr "Kon %s niet openen: %s\n" #: src/encr.c:112 src/net.c:390 +#, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" #: src/encr.c:119 +#, c-format msgid "Illegal passphrase in %s; size would be %d" msgstr "Ongeldig wachtwoord in %s; grootte zou %d zijn" #: src/encr.c:153 +#, c-format msgid "Generating %d bits keys" msgstr "%d bits sleutel genereren" #: src/encr.c:157 +#, c-format msgid "Opening /dev/urandom failed: %m" msgstr "Openen van /dev/urandom mislukt: %m" #: src/encr.c:222 +#, c-format msgid "Encryption key set to %s" msgstr "Sleutel ingesteld op %s" #: src/genauth.c:48 +#, c-format msgid "Usage: %s bits\n" msgstr "Gebruik: %s bits\n" #: src/genauth.c:57 +#, c-format msgid "Illegal number: %s\n" msgstr "Ongeldig nummer: %s\n" #: src/genauth.c:62 +#, c-format msgid "Generating %d bits number" msgstr "Genereren van %d bits nummer" @@ -84,37 +96,22 @@ msgid ": done.\n" msgstr ": klaar.\n" #: src/net.c:107 -msgid "Sending packet of %d bytes to " -msgstr "Verzending pakket van %d bytes naar " - -#: src/net.c:107 src/net.c:133 src/net.c:347 src/net.c:900 src/net.c:1088 -#: src/net.c:1095 src/net.c:1102 src/protocol.c:54 src/protocol.c:72 -#: src/protocol.c:91 src/protocol.c:109 src/protocol.c:127 src/protocol.c:145 -#: src/protocol.c:184 src/protocol.c:202 src/protocol.c:251 src/protocol.c:269 -#: src/protocol.c:312 src/protocol.c:342 src/protocol.c:435 src/protocol.c:442 -#: src/protocol.c:460 src/protocol.c:466 src/protocol.c:507 src/protocol.c:528 -#: src/protocol.c:534 src/protocol.c:554 src/protocol.c:560 src/protocol.c:576 -#: src/protocol.c:583 src/protocol.c:596 src/protocol.c:614 src/protocol.c:620 -#: src/protocol.c:636 src/protocol.c:642 src/protocol.c:661 src/protocol.c:668 -#: src/protocol.c:689 src/protocol.c:705 src/protocol.c:712 src/protocol.c:718 -#: src/protocol.c:737 src/protocol.c:796 src/protocol.c:803 src/protocol.c:809 -#: src/protocol.c:840 src/protocol.c:861 src/protocol.c:868 src/protocol.c:874 -msgid " (%s)" -msgstr " (%s)" +#, c-format +msgid "Sending packet of %d bytes to %s (%s)" +msgstr "Verzending pakket van %d bytes naar %s (%s)" #: src/net.c:112 -msgid "Error sending packet to " -msgstr "Fout tijdens verzenden pakket naar " - -#: src/net.c:112 -msgid " (%s): %m" -msgstr " (%s): %m" +#, c-format +msgid "Error sending packet to %s (%s): %m" +msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" #: src/net.c:133 -msgid "Receiving packet of %d bytes from " -msgstr "Ontvangst pakket van %d bytes van " +#, c-format +msgid "Receiving packet of %d bytes from %s (%s)" +msgstr "Ontvangst pakket van %d bytes van %s (%s)" #: src/net.c:137 +#, c-format msgid "Can't write to tap device: %m" msgstr "Kan niet naar tap apparaat schrijven: %m" @@ -123,98 +120,106 @@ msgid "Queue flushed" msgstr "Wachtrij leeggemaakt" #: src/net.c:255 -msgid "Flushing send queue for " -msgstr "Legen van verzend-wachtrij voor " +#, c-format +msgid "Flushing send queue for %s (%s)" +msgstr "Legen van verzend-wachtrij voor %s (%s)" #: src/net.c:263 -msgid "Flushing receive queue for " -msgstr "Legen van de ontvangst-wachtrij voor " +#, c-format +msgid "Flushing receive queue for %s (%s)" +msgstr "Legen van de ontvangst-wachtrij voor %s (%s)" #: src/net.c:281 -msgid "Trying to look up " -msgstr "Proberen op te zoeken van " - -#: src/net.c:281 src/net.c:325 -msgid " in connection list failed!" -msgstr " in verbindingslijst mislukte!" +#, c-format +msgid "Trying to look up %d.%d.%d.%d in connection list failed!" +msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" #: src/net.c:293 src/net.c:306 msgid "There is no remote host I can send this packet to!" msgstr "Er is geen partner waar ik dit pakket naar kan sturen!" #: src/net.c:320 -msgid "Indirect packet to " -msgstr "Indirect pakket naar " - -#: src/net.c:320 -msgid " via " -msgstr " via " +#, c-format +msgid "Indirect packet to %s via %s" +msgstr "Indirect pakket naar %s via %s" #: src/net.c:325 -msgid "Indirect look up " -msgstr "Indirect opzoeken van " +#, c-format +msgid "Indirect look up %d.%d.%d.%d in connection list failed!" +msgstr "Indirect opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" #: src/net.c:335 -msgid "Double indirection for " -msgstr "Dubbele indirectie voor " +#, c-format +msgid "Double indirection for %d.%d.%d.%d" +msgstr "Dubbele indirectie voor %d.%d.%d.%d" #: src/net.c:347 -msgid "Could not open UDP connection to " -msgstr "Kon geen UDP verbinding openen naar " +#, c-format +msgid "Could not open UDP connection to %s (%s)" +msgstr "Kon geen UDP verbinding openen naar %s (%s)" #: src/net.c:354 -msgid " (%s) has no valid key, queueing packet" -msgstr " (%s) heeft geen geldige sleutel, pakket wordt in de wachtrij gezet." +#, c-format +msgid "%s (%s) has no valid key, queueing packet" +msgstr "%s (%s) heeft geen geldige sleutel, pakket wordt in de wachtrij gezet" #: src/net.c:364 -msgid " (%s) is not ready, queueing packet" -msgstr " (%s) is niet gereed, pakket wordt in de wachtrij gezet." +#, c-format +msgid "%s (%s) is not ready, queueing packet" +msgstr "%s (%s) is niet gereed, pakket wordt in de wachtrij gezet" #: src/net.c:411 +#, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" #: src/net.c:417 src/net.c:466 +#, c-format msgid "setsockopt: %m" msgstr "setsockopt: %m" #: src/net.c:424 src/net.c:473 src/net.c:528 +#, c-format msgid "fcntl: %m" msgstr "fcntl: %m" #: src/net.c:435 +#, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" #: src/net.c:441 +#, c-format msgid "listen: %m" msgstr "listen: %m" #: src/net.c:460 src/net.c:511 +#, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" #: src/net.c:484 +#, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" #: src/net.c:501 +#, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" #: src/net.c:521 -msgid ":%d: %m" -msgstr ":%d: %m" +#, c-format +msgid "%s port %hd: %m" +msgstr "%s poort %hd: %m" #: src/net.c:532 -msgid "Connected to " -msgstr "Verbonden met " - -#: src/net.c:532 -msgid ":%hd" -msgstr ":%hd" +#, c-format +msgid "Connected to %s port %hd" +msgstr "Verbonden met %s poort %hd" #: src/net.c:555 +#, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" @@ -222,432 +227,473 @@ msgstr "Kon geen metaverbinding aangaan met %s" msgid "No value for my VPN IP given" msgstr "Geen waarde gegeven voor mijn VPN IP adres" -#: src/net.c:600 +#: src/net.c:601 msgid "Unable to set up a listening socket" msgstr "Kon geen luistersocket aanmaken" -#: src/net.c:606 +#: src/net.c:607 msgid "Unable to set up an incoming vpn data socket" msgstr "Kon geen socket maken voor inkomend vpn verkeer" -#: src/net.c:613 -msgid "Ready: listening on port %d" -msgstr "Gereed: luisterend op poort %d" +#: src/net.c:614 +#, c-format +msgid "Ready: listening on port %hd" +msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:641 +#: src/net.c:642 +#, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:679 +#: src/net.c:680 msgid "Trying to re-establish outgoing connection in 5 minutes" msgstr "Poging tot herstellen van uitgaande verbinding over 5 minuten" -#: src/net.c:716 +#: src/net.c:717 msgid "Terminating" msgstr "Beëindigen" -#: src/net.c:730 +#: src/net.c:731 +#, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:735 +#: src/net.c:736 +#, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:745 +#: src/net.c:746 +#, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:753 src/net.c:839 src/net.c:1037 +#: src/net.c:754 src/net.c:841 src/net.c:1039 +#, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:777 +#: src/net.c:778 +#, c-format msgid "Error: getpeername: %m" msgstr "Fout: getpeername: %m" -#: src/net.c:790 +#: src/net.c:782 +msgid "unknown" +msgstr "onbekend" + +#: src/net.c:792 +#, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:844 +#: src/net.c:846 +#, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:852 +#: src/net.c:854 +#, c-format msgid "Receiving packet from %s failed: %m" msgstr "Ontvangst pakket van %s mislukt: %m" -#: src/net.c:866 -msgid "Got packet from " -msgstr "Kreeg pakket van " +#: src/net.c:868 +#, c-format +msgid "Got packet from %s (%s) with unknown origin %d.%d.%d.%d?" +msgstr "Kreeg pakket van %s (%s) met onbekende herkomst %d.%d.%d.%d?" -#: src/net.c:866 -msgid " (%s) with unknown origin " -msgstr " (%s) met onbekende herkomst " +#: src/net.c:902 +#, c-format +msgid "Closing connection with %s (%s)" +msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:866 -msgid "?" -msgstr "?" - -#: src/net.c:900 -msgid "Closing connection with " -msgstr "Beëindigen verbinding met " - -#: src/net.c:917 +#: src/net.c:919 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:976 -msgid " (%s) didn't respond to ping" -msgstr " (%s) antwoordde niet op ping" +#: src/net.c:978 +#, c-format +msgid "%s (%s) didn't respond to PING" +msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1007 +#: src/net.c:1009 +#, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1015 +#: src/net.c:1017 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1042 +#: src/net.c:1044 +#, c-format msgid "Metadata socket error: %s" msgstr "Fout op socket voor metaverkeer: %s" -#: src/net.c:1048 +#: src/net.c:1050 msgid "Metadata read buffer overflow!" msgstr "Metadata ontvangstbuffer overloop!" -#: src/net.c:1058 +#: src/net.c:1060 +#, c-format msgid "Metadata socket read error: %m" msgstr "Fout op socket voor metaverkeer tijdens lezen: %m" -#: src/net.c:1082 -msgid "Got request from " -msgstr "Ontving verzoek van " +#: src/net.c:1084 +#, c-format +msgid "Got request from %s (%s): %s" +msgstr "Ontving verzoek van %s (%s): %s" -#: src/net.c:1082 -msgid " (%s): %s" -msgstr " (%s): %s" +#: src/net.c:1090 +#, c-format +msgid "Unknown request from %s (%s)" +msgstr "Onbekend verzoek van %s (%s)" -#: src/net.c:1088 -msgid "Unknown request from " -msgstr "Onbekend verzoek van " +#: src/net.c:1097 +#, c-format +msgid "Error while processing request from %s (%s)" +msgstr "Fout tijdens afhandelen van verzoek van %s (%s)" -#: src/net.c:1095 -msgid "Error while processing request from " -msgstr "Fout tijdens afhandelen van verzoek van " +#: src/net.c:1104 +#, c-format +msgid "Bogus data received from %s (%s)" +msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/net.c:1102 -msgid "Bogus data received from " -msgstr "Onzinnige data ontvangen van " - -#: src/net.c:1147 +#: src/net.c:1149 +#, c-format msgid "Outgoing data socket error: %s" msgstr "Fout op socket voor uitgaand verkeer: %s" -#: src/net.c:1182 +#: src/net.c:1184 +#, c-format msgid "Error while reading from tapdevice: %m" msgstr "Fout tijdens lezen van tap-apparaatbestand tijdens lezen: %m" -#: src/net.c:1192 +#: src/net.c:1194 +#, c-format msgid "Non-IP ethernet frame %04x from " msgstr "Niet-IP ethernet pakket %04x van " -#: src/net.c:1200 +#: src/net.c:1202 msgid "Dropping short packet" msgstr "Te kort pakket genegeerd" -#: src/net.c:1239 +#: src/net.c:1241 +#, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/netutl.c:218 +#: src/netutl.c:222 +#, c-format msgid "Error looking up `%s': %s\n" msgstr "Fout bij het opzoeken van `%s': %s\n" -#: src/netutl.c:242 +#: src/netutl.c:246 msgid "Connection list:" msgstr "Verbindingslijst:" -#: src/netutl.c:246 -msgid " " -msgstr " " - -#: src/netutl.c:246 -msgid "/" -msgstr "/" - -#: src/netutl.c:246 -msgid " at %s flags %d sockets %d, %d status %04x" -msgstr " op %s vlaggen %d sockets %d, %d status %04x" +#: src/netutl.c:250 +#, c-format +msgid "" +"%s netmask %d.%d.%d.%d at %s port %hd flags %d sockets %d, %d status %04x" +msgstr "%s netmask %d.%d.%d.%d op %s vlaggen %hd sockets %d, %d status %04x" #: src/protocol.c:54 -msgid "Sending ACK to " -msgstr "Verzending ACK naar " +#, c-format +msgid "Sending ACK to %s (%s)" +msgstr "Verzending ACK naar %s (%s)" #: src/protocol.c:61 +#, c-format msgid "Send failed: %d:%d: %m" msgstr "Verzenden mislukte: %d:%d: %m" #: src/protocol.c:72 -msgid "Sending TERMREQ to " -msgstr "Verzending TERMREQ naar " +#, c-format +msgid "Sending TERMREQ to %s (%s)" +msgstr "Verzending TERMREQ naar %s (%s)" #: src/protocol.c:80 src/protocol.c:98 src/protocol.c:116 src/protocol.c:134 #: src/protocol.c:152 src/protocol.c:191 src/protocol.c:209 src/protocol.c:237 #: src/protocol.c:258 src/protocol.c:276 src/protocol.c:319 src/protocol.c:349 -#: src/protocol.c:744 src/protocol.c:847 +#: src/protocol.c:747 src/protocol.c:850 +#, c-format msgid "Send failed: %s:%d: %m" msgstr "Verzenden mislukte: %s:%d: %m" #: src/protocol.c:91 -msgid "Sending TIMEOUT to " -msgstr "Verzending TIMEOUT naar " +#, c-format +msgid "Sending TIMEOUT to %s (%s)" +msgstr "Verzending TIMEOUT naar %s (%s)" #: src/protocol.c:109 -msgid "Sending DEL_HOST for " -msgstr "Verzending DEL_HOST voor " - -#: src/protocol.c:109 src/protocol.c:184 -msgid " (%s) to " -msgstr " (%s) naar " +#, c-format +msgid "Sending DEL_HOST for %s (%s) to %s (%s)" +msgstr "Verzending DEL_HOST voor %s (%s) naar %s (%s)" #: src/protocol.c:127 -msgid "Sending PING to " -msgstr "Verzending PING naar " +#, c-format +msgid "Sending PING to %s (%s)" +msgstr "Verzending PING naar %s (%s)" #: src/protocol.c:145 -msgid "Sending PONG to " -msgstr "Verzending PONG naar " +#, c-format +msgid "Sending PONG to %s (%s)" +msgstr "Verzending PONG naar %s (%s)" #: src/protocol.c:184 -msgid "Sending ADD_HOST for " -msgstr "Verzending ADD_HOST voor " +#, c-format +msgid "Sending ADD_HOST for %s (%s) to %s (%s)" +msgstr "Verzending ADD_HOST voor %s (%s) naar %s (%s)" #: src/protocol.c:202 -msgid "Sending KEY_CHANGED origin " -msgstr "Verzending KEY_CHANGED herkomst " - -#: src/protocol.c:202 -msgid " to " -msgstr " naar " +#, c-format +msgid "Sending KEY_CHANGED origin %s to %s (%s)" +msgstr "Verzending KEY_CHANGED herkomst %s naar %s (%s)" #: src/protocol.c:230 +#, c-format msgid "Sending BASIC_INFO to %s" msgstr "Verzending BASIC_INFO naar %s" #: src/protocol.c:251 -msgid "Sending PASSPHRASE to " -msgstr "Verzending PASSPHRASE naar " +#, c-format +msgid "Sending PASSPHRASE to %s (%s)" +msgstr "Verzending PASSPHRASE naar %s (%s)" #: src/protocol.c:269 -msgid "Sending PUBLIC_KEY to " -msgstr "Verzending PUBLIC_KEY naar " +#, c-format +msgid "Sending PUBLIC_KEY to %s (%s)" +msgstr "Verzending PUBLIC_KEY naar %s (%s)" #: src/protocol.c:306 -msgid "Attempting to send REQ_KEY to " -msgstr "Poging tot verzenden REQ_KEY naar " - -#: src/protocol.c:306 src/protocol.c:336 src/protocol.c:731 src/protocol.c:818 -#: src/protocol.c:834 src/protocol.c:881 -msgid ", which does not exist?" -msgstr ", die niet bestaat?" +#, c-format +msgid "Attempting to send REQ_KEY to %d.%d.%d.%d, which does not exist?" +msgstr "Poging tot verzenden REQ_KEY naar %d.%d.%d.%d, die niet bestaat?" #: src/protocol.c:312 -msgid "Sending REQ_KEY to " -msgstr "Verzending REQ_KEY naar " +#, c-format +msgid "Sending REQ_KEY to %s (%s)" +msgstr "Verzending REQ_KEY naar %s (%s)" #: src/protocol.c:336 -msgid "Attempting to send ANS_KEY to " -msgstr "Poging tot verzenden ANS_KEY naar " +#, c-format +msgid "Attempting to send ANS_KEY to %d.%d.%d.%d, which does not exist?" +msgstr "Poging tot verzenden ANS_KEY naar %d.%d.%d.%d, die niet bestaat?" #: src/protocol.c:342 -msgid "Sending ANS_KEY to " -msgstr "Verzending ANS_KEY naar " +#, c-format +msgid "Sending ANS_KEY to %s (%s)" +msgstr "Verzending ANS_KEY naar %s (%s)" #: src/protocol.c:396 +#, c-format msgid "Got BASIC_INFO from %s" msgstr "Kreeg BASIC_INFO van %s" #: src/protocol.c:400 +#, c-format msgid "Got bad BASIC_INFO from %s" msgstr "Kreeg ongeldige BASIC_INFO van %s" -#: src/protocol.c:407 +#: src/protocol.c:409 +#, c-format msgid "Peer uses incompatible protocol version %d" msgstr "De ander gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:435 -msgid "Got bad PASSPHRASE from " -msgstr "Ongeldig PASSPHRASE verzoek ontvangen: %s" +#: src/protocol.c:437 +#, c-format +msgid "Got bad PASSPHRASE from %s (%s)" +msgstr "Kreeg ongeldige PASSPHRASE van %s (%s)" -#: src/protocol.c:442 -msgid "Got PASSPHRASE from " -msgstr "PASSPHRASE ontvangen" +#: src/protocol.c:444 +#, c-format +msgid "Got PASSPHRASE from %s (%s)" +msgstr "Kreeg PASSPHRASE van %s (%s)" -#: src/protocol.c:460 -msgid "Got bad PUBLIC_KEY from " -msgstr "Kreeg ongeldige PUBLIC_KEY van " +#: src/protocol.c:462 +#, c-format +msgid "Got bad PUBLIC_KEY from %s (%s)" +msgstr "Kreeg ongeldige PUBLIC_KEY van %s (%s)" -#: src/protocol.c:466 -msgid "Got PUBLIC_KEY from " -msgstr "Kreeg PUBLIC_KEY van " +#: src/protocol.c:468 +#, c-format +msgid "Got PUBLIC_KEY from %s (%s)" +msgstr "Kreeg PUBLIC_KEY van %s (%s)" #. intruder! -#: src/protocol.c:472 +#: src/protocol.c:474 msgid "Intruder: passphrase does not match!" msgstr "Indringer: wachwoord komt niet overeen!" -#: src/protocol.c:493 src/protocol.c:512 -msgid "Connection with " -msgstr "Verbinding met " +#: src/protocol.c:495 src/protocol.c:514 +#, c-format +msgid "Connection with %s (%s) activated" +msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:493 src/protocol.c:512 -msgid " (%s) activated" -msgstr " (%s) geactiveerd" +#: src/protocol.c:509 +#, c-format +msgid "Got ACK from %s (%s)" +msgstr "Kreeg ACK van %s (%s)" -#: src/protocol.c:507 -msgid "Got ACK from " -msgstr "Kreeg ACK van " +#: src/protocol.c:530 +#, c-format +msgid "Got unauthorized TERMREQ from %s (%s)" +msgstr "Kreeg niet-geautoriseerde TERMREQ van %s (%s)" -#: src/protocol.c:528 -msgid "Got unauthorized TERMREQ from " -msgstr "Kreeg niet-geautoriseerde TERMREQ van " +#: src/protocol.c:536 +#, c-format +msgid "Got TERMREQ from %s (%s)" +msgstr "Kreeg TERMREQ van %s (%s)" -#: src/protocol.c:534 -msgid "Got TERMREQ from " -msgstr "Kreeg TERMREQ van " +#: src/protocol.c:556 +#, c-format +msgid "Got unauthorized TIMEOUT from %s (%s)" +msgstr "Kreeg niet-geautoriseerde TIMEOUT van %s (%s)" -#: src/protocol.c:554 -msgid "Got unauthorized TIMEOUT from " -msgstr "Kreeg niet-geautoriseerde TIMEOUT van " +#: src/protocol.c:562 +#, c-format +msgid "Got TIMEOUT from %s (%s)" +msgstr "Kreeg TIMEOUT van %s (%s)" -#: src/protocol.c:560 -msgid "Got TIMEOUT from " -msgstr "Kreeg TIMEOUT van " +#: src/protocol.c:578 +#, c-format +msgid "Got unauthorized DEL_HOST from %s (%s)" +msgstr "Kreeg niet-geautoriseerde DEL_HOST van %s (%s)" -#: src/protocol.c:576 -msgid "Got unauthorized DEL_HOST from " -msgstr "Kreeg niet-geautoriseerde DEL_HOST van " +#: src/protocol.c:585 +#, c-format +msgid "Got bad DEL_HOST from %s (%s)" +msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:583 -msgid "Got bad DEL_HOST from " -msgstr "Kreeg ongeldige DEL_HOST van " +#: src/protocol.c:592 +#, c-format +msgid "Got DEL_HOST for %d.%d.%d.%d from %s (%s) which does not exist?" +msgstr "Kreeg DEL_HOST voor %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:590 src/protocol.c:596 -msgid "Got DEL_HOST for " -msgstr "Kreeg DEL_HOST voor " +#: src/protocol.c:598 +#, c-format +msgid "Got DEL_HOST for %s (%s) from %s (%s)" +msgstr "Kreeg DEL_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:590 src/protocol.c:718 src/protocol.c:809 src/protocol.c:874 -msgid " from " -msgstr " van " +#: src/protocol.c:616 +#, c-format +msgid "Got unauthorized PING from %s (%s)" +msgstr "Kreeg niet-geautoriseerde PING van %s (%s)" -#: src/protocol.c:590 -msgid " (%s) which does not exist?" -msgstr " (%s), die niet bestaat?" +#: src/protocol.c:622 +#, c-format +msgid "Got PING from %s (%s)" +msgstr "Kreeg PING van %s (%s)" -#: src/protocol.c:596 src/protocol.c:689 -msgid " (%s) from " -msgstr " (%s) van " +#: src/protocol.c:638 +#, c-format +msgid "Got unauthorized PONG from %s (%s)" +msgstr "Kreeg niet-geautoriseerde PONG van %s (%s)" -#: src/protocol.c:614 -msgid "Got unauthorized PING from " -msgstr "Kreeg niet-geautoriseerde PING van " +#: src/protocol.c:644 +#, c-format +msgid "Got PONG from %s (%s)" +msgstr "Kreeg PONG van %s (%s)" -#: src/protocol.c:620 -msgid "Got PING from " -msgstr "Kreeg PING van " +#: src/protocol.c:663 +#, c-format +msgid "Got unauthorized ADD_HOST from %s (%s)" +msgstr "Kreeg niet-geautoriseerde ADD_HOST van %s (%s)" -#: src/protocol.c:636 -msgid "Got unauthorized PONG from " -msgstr "Kreeg niet-geautoriseerde PONG van " +#: src/protocol.c:670 +#, c-format +msgid "Got bad ADD_HOST from %s (%s)" +msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:642 -msgid "Got PONG from " -msgstr "Kreeg PONG van " +#: src/protocol.c:692 +#, c-format +msgid "Got ADD_HOST for %s (%s) from %s (%s)" +msgstr "Kreeg ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:661 -msgid "Got unauthorized ADD_HOST from " -msgstr "Kreeg niet-geautoriseerde ADD_HOST van " +#: src/protocol.c:708 +#, c-format +msgid "Got unauthorized REQ_KEY from %s (%s)" +msgstr "Kreeg niet-geautoriseerde REQ_KEY van %s (%s)" -#: src/protocol.c:668 -msgid "Got bad ADD_HOST from " -msgstr "Kreeg ongeldige ADD_HOST van " +#: src/protocol.c:715 +#, c-format +msgid "Got bad REQ_KEY from %s (%s)" +msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:689 -msgid "Got ADD_HOST for " -msgstr "Kreeg ADD_HOST voor " +#: src/protocol.c:721 +#, c-format +msgid "Got REQ_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" +msgstr "Kreeg REQ_KEY herkmonst %d.%d.%d.%d bestemming %d.%d.%d.%d van %s (%s)" -#: src/protocol.c:705 -msgid "Got unauthorized REQ_KEY from " -msgstr "Kreeg niet-geautoriseerde REQ_KEY van " +#: src/protocol.c:734 +#, c-format +msgid "Attempting to forward REQ_KEY to %d.%d.%d.%d, which does not exist?" +msgstr "Poging tot doorsturen REQ_KEY naar %d.%d.%d.%d, die niet bestaat?" -#: src/protocol.c:712 -msgid "Got bad REQ_KEY from " -msgstr "Kreeg ongeldige REQ_KEY van " +#: src/protocol.c:740 +#, c-format +msgid "Forwarding REQ_KEY to %s (%s)" +msgstr "Doorsturen REQ_KEY naar %s (%s)" -#: src/protocol.c:718 -msgid "Got REQ_KEY origin " -msgstr "Kreeg REQ_KEY van " +#: src/protocol.c:799 +#, c-format +msgid "Got unauthorized ANS_KEY from %s (%s)" +msgstr "Kreeg niet-geautoriseerde ANS_KEY van %s (%s)" -#: src/protocol.c:718 src/protocol.c:809 -msgid " destination " -msgstr " bestemming " +#: src/protocol.c:806 +#, c-format +msgid "Got bad ANS_KEY from %s (%s)" +msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:731 -msgid "Attempting to forward REQ_KEY to " -msgstr "Poging tot doorsturenREQ_KEY naar " +#: src/protocol.c:812 +#, c-format +msgid "Got ANS_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" +msgstr "Kreeg ANS_KEY herkomst %d.%d.%d.%d bestemming %d.%d.%d.%d van %s (%s)" -#: src/protocol.c:737 -msgid "Forwarding REQ_KEY to " -msgstr "Doorsturen REQ_KEY naar " +#: src/protocol.c:821 +#, c-format +msgid "" +"Receiving ANS_KEY origin %d.%d.%d.%d from %s (%s), which does not exist?" +msgstr "Kreeg ANS_KEY herkomst %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:796 -msgid "Got unauthorized ANS_KEY from " -msgstr "Kreeg niet-geautoriseerde ANS_KEY van " +#: src/protocol.c:837 +#, c-format +msgid "Attempting to forward ANS_KEY to %d.%d.%d.%d, which does not exist?" +msgstr "Poging tot doorsturen ANS_KEY naar %d.%d.%d.%d, die niet besttaat?" -#: src/protocol.c:803 -msgid "Got bad ANS_KEY from " -msgstr "Kreeg ongeldige ANS_KEY van " +#: src/protocol.c:843 +#, c-format +msgid "Forwarding ANS_KEY to %s (%s)" +msgstr "Doorsturen ANS_KEY naar %s (%s)" -#: src/protocol.c:809 -msgid "Got ANS_KEY origin " -msgstr "Kreeg ANS_KEY van " +#: src/protocol.c:864 +#, c-format +msgid "Got unauthorized KEY_CHANGED from %s (%s)" +msgstr "Kreeg niet-geautoriseerde KEY_CHANGED van %s (%s)" -#: src/protocol.c:818 -msgid "Receiving ANS_KEY from " -msgstr "Ontvangst ANS_KEY van " +#: src/protocol.c:871 +#, c-format +msgid "Got bad KEY_CHANGED from %s (%s)" +msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:834 -msgid "Attempting to forward ANS_KEY to " -msgstr "Poging tot doorsturen ANS_KEY naar " +#: src/protocol.c:880 +#, c-format +msgid "Got KEY_CHANGED origin %d.%d.%d.%d from %s (%s), which does not exist?" +msgstr "Kreeg KEY_CHANGED herkomst %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:840 -msgid "Forwarding ANS_KEY to " -msgstr "Doorsturen ANS_KEY naar " - -#: src/protocol.c:861 -msgid "Got unauthorized KEY_CHANGED from " -msgstr "Kreeg niet-geautoriseerde KEY_CHANGED van " - -#: src/protocol.c:868 -msgid "Got bad KEY_CHANGED from " -msgstr "Kreeg ongeldige KEY_CHANGED van " - -#: src/protocol.c:874 -msgid "Got KEY_CHANGED origin " -msgstr "Kreeg KEY_CHANGED herkomst " - -#: src/protocol.c:881 -msgid "Got KEY_CHANGED from " -msgstr "Kreeg KEY_CHANGED van " +#: src/protocol.c:886 +#, c-format +msgid "Got KEY_CHANGED origin %s from %s (%s)" +msgstr "Kreeg KEY_CHANGED herkomst %s van %s (%s)" #: src/tincd.c:95 +#, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" #: src/tincd.c:98 +#, c-format msgid "" "Usage: %s [option]...\n" "\n" @@ -688,37 +734,45 @@ msgstr "" "meld fouten in de vertaling aan vertaling@nl.linux.org.\n" #: src/tincd.c:145 +#, c-format msgid "Invalid timeout value `%s'.\n" msgstr "Ongeldige timeout waarde `%s'.\n" #: src/tincd.c:159 +#, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken); beëindigen." #: src/tincd.c:214 +#, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) gestart, debugniveau %d." #: src/tincd.c:217 +#, c-format msgid "tincd %s starting" msgstr "tincd %s gestart" #: src/tincd.c:232 +#, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " "socket %d." #: src/tincd.c:250 +#, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd voor net `%s' draait al met procesnummer %d.\n" #: src/tincd.c:253 +#, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met procesnummer %d.\n" #: src/tincd.c:274 +#, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd gevonden voor net `%s'.\n" @@ -731,6 +785,7 @@ msgid "Removing stale lock file.\n" msgstr "Ongebruikt vergrendelingsbestand verwijderd.\n" #: src/tincd.c:339 +#, c-format msgid "%s version %s\n" msgstr "%s versie %s\n" @@ -778,6 +833,7 @@ msgid "Got another SEGV signal: not restarting" msgstr "Kreeg nog een SEGV signaal: niet herstarten" #: src/tincd.c:413 +#, c-format msgid "Got SEGV signal after %s line %d, trying to re-execute" msgstr "Kreeg SEGV signaal na %s regel %d. Probeer opnieuw opstarten." @@ -798,10 +854,12 @@ msgid "Forcing new key generation" msgstr "Nieuwe sleutels geforceerd" #: src/tincd.c:461 +#, c-format msgid "Got unexpected signal %d after %s line %d" msgstr "Kreeg onverwacht signaal %d na %s regel %d" #: src/tincd.c:464 +#, c-format msgid "Got unexpected signal %d" msgstr "Kreeg onverwacht signaal %d" diff --git a/src/net.c b/src/net.c index fd38c02e..af9077c8 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.12 2000/06/28 10:11:10 guus Exp $ + $Id: net.c,v 1.35.4.13 2000/06/29 13:04:14 guus Exp $ */ #include "config.h" @@ -104,13 +104,13 @@ cp rp.len = htons(rp.len); if(debug_lvl > 3) - syslog(LOG_ERR, _("Sending packet of %d bytes to " IP_ADDR_S " (%s)"), - ntohs(rp.len), IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), + ntohs(rp.len), cl->vpn_hostname, cl->real_hostname); if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0) { - syslog(LOG_ERR, _("Error sending packet to " IP_ADDR_S " (%s): %m"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), + cl->vpn_hostname, cl->real_hostname); return -1; } @@ -130,8 +130,8 @@ cp add_mac_addresses(&vp); if(debug_lvl > 3) - syslog(LOG_ERR, _("Receiving packet of %d bytes from " IP_ADDR_S " (%s)"), - ((real_packet_t*)packet)->len, IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"), + ((real_packet_t*)packet)->len, cl->vpn_hostname, cl->real_hostname); if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0) syslog(LOG_ERR, _("Can't write to tap device: %m")); @@ -252,16 +252,16 @@ cp if(cl->sq) { if(debug_lvl > 3) - syslog(LOG_DEBUG, _("Flushing send queue for " IP_ADDR_S), - IP_ADDR_V(cl->vpn_ip)); + syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"), + cl->vpn_hostname, cl->real_hostname); flush_queue(cl, &(cl->sq), xsend); } if(cl->rq) { if(debug_lvl > 3) - syslog(LOG_DEBUG, _("Flushing receive queue for " IP_ADDR_S), - IP_ADDR_V(cl->vpn_ip)); + syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"), + cl->vpn_hostname, cl->real_hostname); flush_queue(cl, &(cl->rq), xrecv); } cp @@ -278,7 +278,7 @@ cp { if(debug_lvl > 3) { - syslog(LOG_NOTICE, _("Trying to look up " IP_ADDR_S " in connection list failed!"), + syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"), IP_ADDR_V(to)); } @@ -317,12 +317,12 @@ cp if(cl->flags & INDIRECTDATA) { if(debug_lvl > 3) - syslog(LOG_NOTICE, _("Indirect packet to " IP_ADDR_S " via " IP_ADDR_S), - IP_ADDR_V(cl->vpn_ip), IP_ADDR_V(cl->real_ip)); + syslog(LOG_NOTICE, _("Indirect packet to %s via %s"), + cl->vpn_hostname, cl->real_hostname); if((cl = lookup_conn(cl->real_ip)) == NULL) { if(debug_lvl > 3) - syslog(LOG_NOTICE, _("Indirect look up " IP_ADDR_S " in connection list failed!"), + syslog(LOG_NOTICE, _("Indirect look up %d.%d.%d.%d in connection list failed!"), IP_ADDR_V(to)); /* Gateway tincd dead? Should we kill it? (GS) */ @@ -332,7 +332,7 @@ cp if(cl->flags & INDIRECTDATA) /* This should not happen */ { if(debug_lvl > 3) - syslog(LOG_NOTICE, _("Double indirection for " IP_ADDR_S), + syslog(LOG_NOTICE, _("Double indirection for %d.%d.%d.%d"), IP_ADDR_V(to)); return -1; } @@ -344,14 +344,14 @@ cp if(!cl->status.dataopen) if(setup_vpn_connection(cl) < 0) { - syslog(LOG_ERR, _("Could not open UDP connection to " IP_ADDR_S " (%s)"), IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), cl->vpn_hostname, cl->real_hostname); return -1; } if(!cl->status.validkey) { if(debug_lvl > 3) - syslog(LOG_INFO, _(IP_ADDR_S " (%s) has no valid key, queueing packet"), IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"), cl->vpn_hostname, cl->real_hostname); add_queue(&(cl->sq), packet, packet->len + 2); if(!cl->status.waitingforkey) send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */ @@ -361,7 +361,7 @@ cp if(!cl->status.active) { if(debug_lvl > 3) - syslog(LOG_INFO, _(IP_ADDR_S " (%s) is not ready, queueing packet"), IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->vpn_hostname, cl->real_hostname); add_queue(&(cl->sq), packet, packet->len + 2); return 0; /* We don't want to mess up, do we? */ } @@ -498,7 +498,7 @@ int setup_outgoing_meta_socket(conn_list_t *cl) config_t const *cfg; cp if(debug_lvl > 0) - syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname); + syslog(LOG_INFO, _("Trying to connect to %s"), cl->real_hostname); if((cfg = get_config_val(upstreamport)) == NULL) cl->port = 655; @@ -518,7 +518,7 @@ cp if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1) { - syslog(LOG_ERR, _(IP_ADDR_S ":%d: %m"), IP_ADDR_V(cl->real_ip), cl->port); + syslog(LOG_ERR, _("%s port %hd: %m"), cl->real_hostname, cl->port); return -1; } @@ -529,8 +529,8 @@ cp return -1; } - syslog(LOG_INFO, _("Connected to " IP_ADDR_S ":%hd"), - IP_ADDR_V(cl->real_ip), cl->port); + syslog(LOG_INFO, _("Connected to %s port %hd"), + cl->real_hostname, cl->port); cp return 0; } @@ -548,12 +548,12 @@ int setup_outgoing_connection(ip_t ip) cp ncn = new_conn_list(); ncn->real_ip = ip; - ncn->hostname = hostlookup(htonl(ip)); + ncn->real_hostname = hostlookup(htonl(ip)); if(setup_outgoing_meta_socket(ncn) < 0) { syslog(LOG_ERR, _("Could not set up a meta connection to %s"), - ncn->hostname); + ncn->real_hostname); free_conn_element(ncn); return -1; } @@ -582,7 +582,8 @@ cp } myself->vpn_ip = cfg->data.ip->ip; - myself->hostname = hostlookup(htonl(myself->vpn_ip)); + myself->vpn_hostname = hostlookup(htonl(myself->vpn_ip)); + myself->real_hostname = hostlookup(htonl(myself->vpn_ip)); myself->vpn_mask = cfg->data.ip->mask; myself->flags = 0; @@ -610,7 +611,7 @@ cp myself->status.active = 1; - syslog(LOG_NOTICE, _("Ready: listening on port %d"), myself->port); + syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port); cp return 0; } @@ -727,7 +728,7 @@ int setup_vpn_connection(conn_list_t *cl) struct sockaddr_in a; cp if(debug_lvl > 0) - syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname); + syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->real_hostname); nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); if(nfd == -1) @@ -743,7 +744,7 @@ cp if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1) { syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"), - cl->hostname, cl->port); + cl->real_hostname, cl->port); return -1; } @@ -778,8 +779,9 @@ cp return NULL; } + p->vpn_hostname = _("unknown"); p->real_ip = ntohl(ci.sin_addr.s_addr); - p->hostname = hostlookup(ci.sin_addr.s_addr); + p->real_hostname = hostlookup(ci.sin_addr.s_addr); p->meta_socket = sfd; p->status.meta = 1; p->buflen = 0; @@ -788,7 +790,7 @@ cp if(debug_lvl > 0) syslog(LOG_NOTICE, _("Connection from %s port %d"), - p->hostname, htons(ci.sin_port)); + p->real_hostname, htons(ci.sin_port)); if(send_basic_info(p) < 0) { @@ -849,7 +851,7 @@ cp lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL); if(lenin <= 0) { - syslog(LOG_ERR, _("Receiving packet from %s failed: %m"), cl->hostname); + syslog(LOG_ERR, _("Receiving packet from %s failed: %m"), cl->real_hostname); return -1; } total_socket_in += lenin; @@ -863,8 +865,8 @@ cp f = lookup_conn(rp.from); if(!f) { - syslog(LOG_ERR, _("Got packet from " IP_ADDR_S " (%s) with unknown origin " IP_ADDR_S "?"), - IP_ADDR_V(cl->vpn_ip), cl->hostname, IP_ADDR_V(rp.from)); + syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"), + cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp.from)); return -1; } @@ -897,8 +899,8 @@ cp return; if(debug_lvl > 0) - syslog(LOG_NOTICE, _("Closing connection with " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), + cl->vpn_hostname, cl->real_hostname); if(cl->status.timeout) send_timeout(cl); @@ -973,8 +975,8 @@ cp if(p->status.pinged && !p->status.got_pong) { if(debug_lvl > 1) - syslog(LOG_INFO, _(IP_ADDR_S " (%s) didn't respond to ping"), - IP_ADDR_V(p->vpn_ip), p->hostname); + syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), + p->vpn_hostname, p->real_hostname); p->status.timeout = 1; terminate_connection(p); } @@ -1079,28 +1081,28 @@ cp if(cl->reqlen) { if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Got request from " IP_ADDR_S " (%s): %s"), - IP_ADDR_V(cl->vpn_ip), cl->hostname, cl->buffer); + syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), + cl->vpn_hostname, cl->real_hostname, cl->buffer); if(sscanf(cl->buffer, "%d", &request) == 1) { if((request < 0) || (request > 255) || (request_handlers[request] == NULL)) { - syslog(LOG_ERR, _("Unknown request from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Unknown request from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */ { - syslog(LOG_ERR, _("Error while processing request from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Error while processing request from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } } else { - syslog(LOG_ERR, _("Bogus data received from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Bogus data received from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } diff --git a/src/net.h b/src/net.h index 3d0dbff7..98367a3a 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.4 2000/06/25 16:01:12 guus Exp $ + $Id: net.h,v 1.9.4.5 2000/06/29 13:04:15 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -106,7 +106,8 @@ typedef struct conn_list_t { ip_t vpn_ip; /* his vpn ip */ ip_t vpn_mask; /* his vpn network address */ ip_t real_ip; /* his real (internet) ip */ - char *hostname; /* the hostname of its real ip */ + char *real_hostname; /* the hostname of its real ip */ + char *vpn_hostname; /* the hostname of the vpn ip */ short unsigned int port; /* his portnumber */ int flags; /* his flags */ int socket; /* our udp vpn socket */ diff --git a/src/netutl.c b/src/netutl.c index 5beb4a18..fda9abdc 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.4 2000/06/26 19:39:34 guus Exp $ + $Id: netutl.c,v 1.12.4.5 2000/06/29 13:04:15 guus Exp $ */ #include "config.h" @@ -89,6 +89,10 @@ cp destroy_queue(p->sq); if(p->rq) destroy_queue(p->rq); + if(p->vpn_hostname) + free(p->vpn_hostname); + if(p->real_hostname) + free(p->real_hostname); free_key(p->public_key); free_key(p->key); free(p); @@ -188,8 +192,8 @@ cp } else { - name = xmalloc(strlen(host->h_name)+20); - sprintf(name, "%s (%s)", host->h_name, inet_ntoa(in)); + name = xmalloc(strlen(host->h_name)); + sprintf(name, "%s", host->h_name); } cp return name; @@ -243,8 +247,8 @@ cp for(p = conn_list; p != NULL; p = p->next) { - syslog(LOG_DEBUG, _(" " IP_ADDR_S "/" IP_ADDR_S " at %s flags %d sockets %d, %d status %04x"), - IP_ADDR_V(p->vpn_ip), IP_ADDR_V(p->vpn_mask), p->hostname, p->flags, + syslog(LOG_DEBUG, _("%s netmask %d.%d.%d.%d at %s port %hd flags %d sockets %d, %d status %04x"), + p->vpn_hostname, IP_ADDR_V(p->vpn_mask), p->real_hostname, p->port, p->flags, p->socket, p->meta_socket, p->status); } cp diff --git a/src/protocol.c b/src/protocol.c index d079dfb4..6740cb0d 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.14 2000/06/28 13:41:02 guus Exp $ + $Id: protocol.c,v 1.28.4.15 2000/06/29 13:04:15 guus Exp $ */ #include "config.h" @@ -51,8 +51,8 @@ int send_ack(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending ACK to " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Sending ACK to %s (%s)"), + cl->vpn_hostname, cl->real_hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d\n", ACK); @@ -69,8 +69,8 @@ int send_termreq(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending TERMREQ to " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Sending TERMREQ to %s (%s)"), + cl->vpn_hostname, cl->real_hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", TERMREQ, myself->vpn_ip); @@ -88,8 +88,8 @@ int send_timeout(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending TIMEOUT to " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Sending TIMEOUT to %s (%s)"), + cl->vpn_hostname, cl->real_hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", PINGTIMEOUT, myself->vpn_ip); @@ -106,8 +106,8 @@ int send_del_host(conn_list_t *cl, conn_list_t *new_host) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending DEL_HOST for " IP_ADDR_S " (%s) to " IP_ADDR_S " (%s)"), - IP_ADDR_V(new_host->vpn_ip), new_host->hostname, IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Sending DEL_HOST for %s (%s) to %s (%s)"), + new_host->vpn_hostname, new_host->real_hostname, cl->vpn_hostname, cl->real_hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", DEL_HOST, new_host->vpn_ip); @@ -124,8 +124,8 @@ int send_ping(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending PING to " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Sending PING to %s (%s)"), + cl->vpn_hostname, cl->real_hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d\n", PING); @@ -142,8 +142,8 @@ int send_pong(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending PONG to " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Sending PONG to %s (%s)"), + cl->vpn_hostname, cl->real_hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d\n", PONG); @@ -163,7 +163,7 @@ int send_add_host(conn_list_t *cl, conn_list_t *new_host) char *hostname; cp real_ip = new_host->real_ip; - hostname = new_host->hostname; + hostname = new_host->real_hostname; flags = new_host->flags; /* If we need to propagate information about a new host that wants us to export @@ -177,12 +177,12 @@ cp flags &= ~EXPORTINDIRECTDATA; flags |= INDIRECTDATA; real_ip = myself->vpn_ip; - hostname = myself->hostname; + hostname = myself->real_hostname; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending ADD_HOST for " IP_ADDR_S " (%s) to " IP_ADDR_S " (%s)"), - IP_ADDR_V(new_host->vpn_ip), hostname, IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Sending ADD_HOST for %s (%s) to %s (%s)"), + new_host->vpn_hostname, hostname, cl->vpn_hostname, cl->real_hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx/%lx:%x %d\n", ADD_HOST, real_ip, new_host->vpn_ip, new_host->vpn_mask, new_host->port, flags); @@ -199,8 +199,8 @@ int send_key_changed(conn_list_t *cl, conn_list_t *src) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending KEY_CHANGED origin " IP_ADDR_S " to " IP_ADDR_S " (%s)"), - IP_ADDR_V(src->vpn_ip), IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Sending KEY_CHANGED origin %s to %s (%s)"), + src->vpn_hostname, cl->vpn_hostname, cl->real_hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", KEY_CHANGED, src->vpn_ip); @@ -228,7 +228,7 @@ int send_basic_info(conn_list_t *cl) cp if(debug_lvl > 1) syslog(LOG_DEBUG, _("Sending BASIC_INFO to %s"), - cl->hostname); + cl->real_hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %d %lx/%lx:%x %d\n", BASIC_INFO, PROT_CURRENT, myself->vpn_ip, myself->vpn_mask, myself->port, myself->flags); @@ -248,8 +248,8 @@ cp encrypt_passphrase(&tmp); if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending PASSPHRASE to " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Sending PASSPHRASE to %s (%s)"), + cl->vpn_hostname, cl->real_hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %s\n", PASSPHRASE, tmp.phrase); @@ -266,8 +266,8 @@ int send_public_key(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending PUBLIC_KEY to " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Sending PUBLIC_KEY to %s (%s)"), + cl->vpn_hostname, cl->real_hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %s\n", PUBLIC_KEY, my_public_key_base36); @@ -303,14 +303,14 @@ cp fw = lookup_conn(to); if(!fw) { - syslog(LOG_ERR, _("Attempting to send REQ_KEY to " IP_ADDR_S ", which does not exist?"), + syslog(LOG_ERR, _("Attempting to send REQ_KEY to %d.%d.%d.%d, which does not exist?"), IP_ADDR_V(to)); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending REQ_KEY to " IP_ADDR_S " (%s)"), - IP_ADDR_V(fw->nexthop->vpn_ip), fw->nexthop->hostname); + syslog(LOG_DEBUG, _("Sending REQ_KEY to %s (%s)"), + fw->nexthop->vpn_hostname, fw->nexthop->real_hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx\n", REQ_KEY, to, myself->vpn_ip); @@ -333,14 +333,14 @@ cp if(!fw) { - syslog(LOG_ERR, _("Attempting to send ANS_KEY to " IP_ADDR_S ", which does not exist?"), + syslog(LOG_ERR, _("Attempting to send ANS_KEY to %d.%d.%d.%d, which does not exist?"), IP_ADDR_V(to)); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending ANS_KEY to " IP_ADDR_S " (%s)"), - IP_ADDR_V(fw->nexthop->vpn_ip), fw->nexthop->hostname); + syslog(LOG_DEBUG, _("Sending ANS_KEY to %s (%s)"), + fw->nexthop->vpn_hostname, fw->nexthop->real_hostname); buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx %d %s\n", ANS_KEY, to, myself->vpn_ip, my_key_expiry, my_public_key_base36); @@ -393,14 +393,16 @@ int basic_info_h(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got BASIC_INFO from %s"), cl->hostname); + syslog(LOG_DEBUG, _("Got BASIC_INFO from %s"), cl->real_hostname); if(sscanf(cl->buffer, "%*d %d %lx/%lx:%hx %d", &cl->protocol_version, &cl->vpn_ip, &cl->vpn_mask, &cl->port, &cl->flags) != 5) { syslog(LOG_ERR, _("Got bad BASIC_INFO from %s"), - cl->hostname); + cl->real_hostname); return -1; - } + } + + cl->vpn_hostname = hostlookup(htonl(cl->vpn_ip)); if(cl->protocol_version != PROT_CURRENT) { @@ -432,15 +434,15 @@ cp if(sscanf(cl->buffer, "%*d %as", &(cl->pp->phrase)) != 1) { - syslog(LOG_ERR, _("Got bad PASSPHRASE from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got bad PASSPHRASE from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } cl->pp->len = strlen(cl->pp->phrase); if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got PASSPHRASE from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Got PASSPHRASE from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); if(cl->status.outgoing) send_passphrase(cl); @@ -457,14 +459,14 @@ int public_key_h(conn_list_t *cl) cp if(sscanf(cl->buffer, "%*d %as", &g_n) != 1) { - syslog(LOG_ERR, _("Got bad PUBLIC_KEY from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got bad PUBLIC_KEY from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got PUBLIC_KEY from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Got PUBLIC_KEY from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); if(verify_passphrase(cl, g_n)) { @@ -490,8 +492,8 @@ cp cl->status.active = 1; if(debug_lvl > 0) - syslog(LOG_NOTICE, _("Connection with " IP_ADDR_S " (%s) activated"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), + cl->vpn_hostname, cl->real_hostname); notify_others(cl, NULL, send_add_host); notify_one(cl); @@ -504,13 +506,13 @@ int ack_h(conn_list_t *cl) { cp if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got ACK from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Got ACK from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); cl->status.active = 1; - syslog(LOG_NOTICE, _("Connection with " IP_ADDR_S " (%s) activated"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), + cl->vpn_hostname, cl->real_hostname); notify_others(cl, NULL, send_add_host); notify_one(cl); @@ -525,14 +527,14 @@ int termreq_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized TERMREQ from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got unauthorized TERMREQ from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got TERMREQ from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Got TERMREQ from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); cl->status.termreq = 1; @@ -551,14 +553,14 @@ int timeout_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized TIMEOUT from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got unauthorized TIMEOUT from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got TIMEOUT from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Got TIMEOUT from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); cl->status.termreq = 1; terminate_connection(cl); @@ -573,28 +575,28 @@ int del_host_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized DEL_HOST from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got unauthorized DEL_HOST from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } if(sscanf(cl->buffer, "%*d %lx", &vpn_ip) != 1) { - syslog(LOG_ERR, _("Got bad DEL_HOST from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } if(!(fw = lookup_conn(vpn_ip))) { - syslog(LOG_ERR, _("Got DEL_HOST for " IP_ADDR_S " from " IP_ADDR_S " (%s) which does not exist?"), - IP_ADDR_V(vpn_ip), IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got DEL_HOST for %d.%d.%d.%d from %s (%s) which does not exist?"), + IP_ADDR_V(vpn_ip), cl->vpn_hostname, cl->real_hostname); return 0; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got DEL_HOST for " IP_ADDR_S " (%s) from " IP_ADDR_S " (%s)"), - IP_ADDR_V(fw->vpn_ip), fw->hostname, IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Got DEL_HOST for %s (%s) from %s (%s)"), + fw->vpn_hostname, fw->real_hostname, cl->vpn_hostname, cl->real_hostname); notify_others(fw, cl, send_del_host); @@ -611,14 +613,14 @@ int ping_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized PING from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got unauthorized PING from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got PING from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Got PING from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); cl->status.pinged = 0; cl->status.got_pong = 1; @@ -633,14 +635,14 @@ int pong_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized PONG from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got unauthorized PONG from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got PONG from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Got PONG from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); cl->status.got_pong = 1; cp @@ -658,15 +660,15 @@ int add_host_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized ADD_HOST from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got unauthorized ADD_HOST from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } if(sscanf(cl->buffer, "%*d %lx %lx/%lx:%hx %d", &real_ip, &vpn_ip, &vpn_mask, &port, &flags) != 5) { - syslog(LOG_ERR, _("Got bad ADD_HOST from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } @@ -675,9 +677,10 @@ cp ncn = new_conn_list(); ncn->real_ip = real_ip; - ncn->hostname = hostlookup(htonl(real_ip)); + ncn->real_hostname = hostlookup(htonl(real_ip)); ncn->vpn_ip = vpn_ip; ncn->vpn_mask = vpn_mask; + ncn->vpn_hostname = hostlookup(htonl(vpn_ip)); ncn->port = port; ncn->flags = flags; ncn->nexthop = cl; @@ -686,8 +689,8 @@ cp ncn->status.active = 1; if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got ADD_HOST for " IP_ADDR_S " (%s) from " IP_ADDR_S " (%s)"), - IP_ADDR_V(ncn->vpn_ip), ncn->hostname, IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Got ADD_HOST for %s (%s) from %s (%s)"), + ncn->vpn_hostname, ncn->real_hostname, cl->vpn_hostname, cl->real_hostname); notify_others(ncn, cl, send_add_host); cp @@ -702,21 +705,21 @@ int req_key_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized REQ_KEY from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got unauthorized REQ_KEY from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } if(sscanf(cl->buffer, "%*d %lx %lx", &to, &from) != 2) { - syslog(LOG_ERR, _("Got bad REQ_KEY from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got bad REQ_KEY from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got REQ_KEY origin " IP_ADDR_S " destination " IP_ADDR_S " from " IP_ADDR_S " (%s)"), - IP_ADDR_V(from), IP_ADDR_V(to), IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Got REQ_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)"), + IP_ADDR_V(from), IP_ADDR_V(to), cl->vpn_hostname, cl->real_hostname); if((to & myself->vpn_mask) == (myself->vpn_ip & myself->vpn_mask)) { /* hey! they want something from ME! :) */ @@ -728,14 +731,14 @@ cp if(!fw) { - syslog(LOG_ERR, _("Attempting to forward REQ_KEY to " IP_ADDR_S ", which does not exist?"), + syslog(LOG_ERR, _("Attempting to forward REQ_KEY to %d.%d.%d.%d, which does not exist?"), IP_ADDR_V(to)); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Forwarding REQ_KEY to " IP_ADDR_S " (%s)"), - IP_ADDR_V(fw->nexthop->vpn_ip), fw->nexthop->hostname); + syslog(LOG_DEBUG, _("Forwarding REQ_KEY to %s (%s)"), + fw->nexthop->vpn_hostname, fw->nexthop->real_hostname); cl->buffer[cl->reqlen-1] = '\n'; @@ -793,21 +796,21 @@ int ans_key_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized ANS_KEY from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got unauthorized ANS_KEY from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } if(sscanf(cl->buffer, "%*d %lx %lx %d %as", &to, &from, &expiry, &key) != 4) { - syslog(LOG_ERR, _("Got bad ANS_KEY from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got ANS_KEY origin " IP_ADDR_S " destination " IP_ADDR_S " from " IP_ADDR_S " (%s)"), - IP_ADDR_V(from), IP_ADDR_V(to), IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_DEBUG, _("Got ANS_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)"), + IP_ADDR_V(from), IP_ADDR_V(to), cl->vpn_hostname, cl->real_hostname); if(to == myself->vpn_ip) { /* hey! that key's for ME! :) */ @@ -815,8 +818,8 @@ cp if(!gk) { - syslog(LOG_ERR, _("Receiving ANS_KEY from " IP_ADDR_S ", which does not exist?"), - IP_ADDR_V(from)); + syslog(LOG_ERR, _("Receiving ANS_KEY origin %d.%d.%d.%d from %s (%s), which does not exist?"), + IP_ADDR_V(from), cl->vpn_hostname, cl->real_hostname); return -1; } @@ -831,14 +834,14 @@ cp if(!fw) { - syslog(LOG_ERR, _("Attempting to forward ANS_KEY to " IP_ADDR_S ", which does not exist?"), + syslog(LOG_ERR, _("Attempting to forward ANS_KEY to %d.%d.%d.%d, which does not exist?"), IP_ADDR_V(to)); return -1; } if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Forwarding ANS_KEY to " IP_ADDR_S " (%s)"), - IP_ADDR_V(fw->nexthop->vpn_ip), fw->nexthop->hostname); + syslog(LOG_DEBUG, _("Forwarding ANS_KEY to %s (%s)"), + fw->nexthop->vpn_hostname, fw->nexthop->real_hostname); cl->buffer[cl->reqlen-1] = '\n'; @@ -858,31 +861,31 @@ int key_changed_h(conn_list_t *cl) cp if(!cl->status.active) { - syslog(LOG_ERR, _("Got unauthorized KEY_CHANGED from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got unauthorized KEY_CHANGED from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } if(sscanf(cl->buffer, "%*d %lx", &from) != 1) { - syslog(LOG_ERR, _("Got bad KEY_CHANGED from " IP_ADDR_S " (%s)"), - IP_ADDR_V(cl->vpn_ip), cl->hostname); + syslog(LOG_ERR, _("Got bad KEY_CHANGED from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); return -1; } - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got KEY_CHANGED origin " IP_ADDR_S " from " IP_ADDR_S " (%s)"), - IP_ADDR_V(from), IP_ADDR_V(cl->vpn_ip), cl->hostname); - ik = lookup_conn(from); if(!ik) { - syslog(LOG_ERR, _("Got KEY_CHANGED from " IP_ADDR_S ", which does not exist?"), - IP_ADDR_V(from)); + syslog(LOG_ERR, _("Got KEY_CHANGED origin %d.%d.%d.%d from %s (%s), which does not exist?"), + IP_ADDR_V(from), cl->vpn_hostname, cl->real_hostname); return -1; } + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got KEY_CHANGED origin %s from %s (%s)"), + ik->vpn_hostname, cl->vpn_hostname, cl->real_hostname); + ik->status.validkey = 0; ik->status.waitingforkey = 0; From 18c85caac36f7236454deef11b9eba74328dbd96 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 29 Jun 2000 17:09:08 +0000 Subject: [PATCH 034/923] - New semantics for BASIC_INFO, ADD_HOST and DEL_HOST requests. This will improve connection list consistency, ensures the tree property, and allows for recovery from situations where track of connections is lost. --- po/nl.po | 148 ++++++++++++++++++++++++++++--------------------- src/net.c | 30 ++++++---- src/netutl.c | 4 +- src/protocol.c | 58 ++++++++++++++----- src/protocol.h | 3 +- src/tincd.c | 5 +- 6 files changed, 153 insertions(+), 95 deletions(-) diff --git a/po/nl.po b/po/nl.po index bcdcf0b8..7b44a4a6 100644 --- a/po/nl.po +++ b/po/nl.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-06-29 14:53+0200\n" +"POT-Creation-Date: 2000-06-29 18:49+0200\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -268,7 +268,7 @@ msgstr "Aanmaak UDP socket mislukte: %m" msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:754 src/net.c:841 src/net.c:1039 +#: src/net.c:754 src/net.c:841 src/net.c:1044 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" @@ -311,74 +311,74 @@ msgstr "Be msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:978 +#: src/net.c:983 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1009 +#: src/net.c:1014 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1017 +#: src/net.c:1022 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1044 +#: src/net.c:1049 #, c-format msgid "Metadata socket error: %s" msgstr "Fout op socket voor metaverkeer: %s" -#: src/net.c:1050 +#: src/net.c:1055 msgid "Metadata read buffer overflow!" msgstr "Metadata ontvangstbuffer overloop!" -#: src/net.c:1060 +#: src/net.c:1065 #, c-format msgid "Metadata socket read error: %m" msgstr "Fout op socket voor metaverkeer tijdens lezen: %m" -#: src/net.c:1084 +#: src/net.c:1089 #, c-format msgid "Got request from %s (%s): %s" msgstr "Ontving verzoek van %s (%s): %s" -#: src/net.c:1090 +#: src/net.c:1095 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/net.c:1097 +#: src/net.c:1102 #, c-format msgid "Error while processing request from %s (%s)" msgstr "Fout tijdens afhandelen van verzoek van %s (%s)" -#: src/net.c:1104 +#: src/net.c:1109 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/net.c:1149 +#: src/net.c:1154 #, c-format -msgid "Outgoing data socket error: %s" -msgstr "Fout op socket voor uitgaand verkeer: %s" +msgid "Outgoing data socket error for %s (%s): %s" +msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" -#: src/net.c:1184 +#: src/net.c:1190 #, c-format msgid "Error while reading from tapdevice: %m" msgstr "Fout tijdens lezen van tap-apparaatbestand tijdens lezen: %m" -#: src/net.c:1194 +#: src/net.c:1200 #, c-format msgid "Non-IP ethernet frame %04x from " msgstr "Niet-IP ethernet pakket %04x van " -#: src/net.c:1202 +#: src/net.c:1208 msgid "Dropping short packet" msgstr "Te kort pakket genegeerd" -#: src/net.c:1241 +#: src/net.c:1247 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" @@ -396,7 +396,8 @@ msgstr "Verbindingslijst:" #, c-format msgid "" "%s netmask %d.%d.%d.%d at %s port %hd flags %d sockets %d, %d status %04x" -msgstr "%s netmask %d.%d.%d.%d op %s vlaggen %hd sockets %d, %d status %04x" +msgstr "" +"%s netmask %d.%d.%d.%d op %s poort %hd vlaggen %hd sockets %d, %d status %04x" #: src/protocol.c:54 #, c-format @@ -416,7 +417,7 @@ msgstr "Verzending TERMREQ naar %s (%s)" #: src/protocol.c:80 src/protocol.c:98 src/protocol.c:116 src/protocol.c:134 #: src/protocol.c:152 src/protocol.c:191 src/protocol.c:209 src/protocol.c:237 #: src/protocol.c:258 src/protocol.c:276 src/protocol.c:319 src/protocol.c:349 -#: src/protocol.c:747 src/protocol.c:850 +#: src/protocol.c:779 src/protocol.c:882 #, c-format msgid "Send failed: %s:%d: %m" msgstr "Verzenden mislukte: %s:%d: %m" @@ -501,188 +502,211 @@ msgstr "Kreeg ongeldige BASIC_INFO van %s" msgid "Peer uses incompatible protocol version %d" msgstr "De ander gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:437 +#: src/protocol.c:430 +#, c-format +msgid "Uplink %s (%s) is already in our connection list, aborting connect" +msgstr "" + +#: src/protocol.c:450 #, c-format msgid "Got bad PASSPHRASE from %s (%s)" msgstr "Kreeg ongeldige PASSPHRASE van %s (%s)" -#: src/protocol.c:444 +#: src/protocol.c:457 #, c-format msgid "Got PASSPHRASE from %s (%s)" msgstr "Kreeg PASSPHRASE van %s (%s)" -#: src/protocol.c:462 +#: src/protocol.c:475 #, c-format msgid "Got bad PUBLIC_KEY from %s (%s)" msgstr "Kreeg ongeldige PUBLIC_KEY van %s (%s)" -#: src/protocol.c:468 +#: src/protocol.c:481 #, c-format msgid "Got PUBLIC_KEY from %s (%s)" msgstr "Kreeg PUBLIC_KEY van %s (%s)" #. intruder! -#: src/protocol.c:474 -msgid "Intruder: passphrase does not match!" -msgstr "Indringer: wachwoord komt niet overeen!" +#: src/protocol.c:487 +#, c-format +msgid "Intruder from %s: passphrase for %s does not match!" +msgstr "Indringer van %s: wachwoord voor %s komt niet overeen!" -#: src/protocol.c:495 src/protocol.c:514 +#: src/protocol.c:505 +#, c-format +msgid "Removing old entry for %s at %s in favour of new connection from %s" +msgstr "" +"Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " +"van %s" + +#: src/protocol.c:514 src/protocol.c:533 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:509 +#: src/protocol.c:528 #, c-format msgid "Got ACK from %s (%s)" msgstr "Kreeg ACK van %s (%s)" -#: src/protocol.c:530 +#: src/protocol.c:549 #, c-format msgid "Got unauthorized TERMREQ from %s (%s)" msgstr "Kreeg niet-geautoriseerde TERMREQ van %s (%s)" -#: src/protocol.c:536 +#: src/protocol.c:555 #, c-format msgid "Got TERMREQ from %s (%s)" msgstr "Kreeg TERMREQ van %s (%s)" -#: src/protocol.c:556 +#: src/protocol.c:570 #, c-format msgid "Got unauthorized TIMEOUT from %s (%s)" msgstr "Kreeg niet-geautoriseerde TIMEOUT van %s (%s)" -#: src/protocol.c:562 +#: src/protocol.c:576 #, c-format msgid "Got TIMEOUT from %s (%s)" msgstr "Kreeg TIMEOUT van %s (%s)" -#: src/protocol.c:578 +#: src/protocol.c:592 #, c-format msgid "Got unauthorized DEL_HOST from %s (%s)" msgstr "Kreeg niet-geautoriseerde DEL_HOST van %s (%s)" -#: src/protocol.c:585 +#: src/protocol.c:599 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:592 +#: src/protocol.c:606 #, c-format msgid "Got DEL_HOST for %d.%d.%d.%d from %s (%s) which does not exist?" msgstr "Kreeg DEL_HOST voor %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:598 +#: src/protocol.c:612 #, c-format msgid "Got DEL_HOST for %s (%s) from %s (%s)" msgstr "Kreeg DEL_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:616 +#: src/protocol.c:630 #, c-format msgid "Got unauthorized PING from %s (%s)" msgstr "Kreeg niet-geautoriseerde PING van %s (%s)" -#: src/protocol.c:622 +#: src/protocol.c:636 #, c-format msgid "Got PING from %s (%s)" msgstr "Kreeg PING van %s (%s)" -#: src/protocol.c:638 +#: src/protocol.c:652 #, c-format msgid "Got unauthorized PONG from %s (%s)" msgstr "Kreeg niet-geautoriseerde PONG van %s (%s)" -#: src/protocol.c:644 +#: src/protocol.c:658 #, c-format msgid "Got PONG from %s (%s)" msgstr "Kreeg PONG van %s (%s)" -#: src/protocol.c:663 +#: src/protocol.c:677 #, c-format msgid "Got unauthorized ADD_HOST from %s (%s)" msgstr "Kreeg niet-geautoriseerde ADD_HOST van %s (%s)" -#: src/protocol.c:670 +#: src/protocol.c:684 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:692 +#: src/protocol.c:694 +#, c-format +msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" +msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" + +#: src/protocol.c:701 +#, c-format +msgid "Removing old entry for %s (%s)" +msgstr "Verwijdering oude verbinding voor %s (%s)" + +#: src/protocol.c:722 #, c-format msgid "Got ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:708 +#: src/protocol.c:740 #, c-format msgid "Got unauthorized REQ_KEY from %s (%s)" msgstr "Kreeg niet-geautoriseerde REQ_KEY van %s (%s)" -#: src/protocol.c:715 +#: src/protocol.c:747 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:721 +#: src/protocol.c:753 #, c-format msgid "Got REQ_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" msgstr "Kreeg REQ_KEY herkmonst %d.%d.%d.%d bestemming %d.%d.%d.%d van %s (%s)" -#: src/protocol.c:734 +#: src/protocol.c:766 #, c-format msgid "Attempting to forward REQ_KEY to %d.%d.%d.%d, which does not exist?" msgstr "Poging tot doorsturen REQ_KEY naar %d.%d.%d.%d, die niet bestaat?" -#: src/protocol.c:740 +#: src/protocol.c:772 #, c-format msgid "Forwarding REQ_KEY to %s (%s)" msgstr "Doorsturen REQ_KEY naar %s (%s)" -#: src/protocol.c:799 +#: src/protocol.c:831 #, c-format msgid "Got unauthorized ANS_KEY from %s (%s)" msgstr "Kreeg niet-geautoriseerde ANS_KEY van %s (%s)" -#: src/protocol.c:806 +#: src/protocol.c:838 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:812 +#: src/protocol.c:844 #, c-format msgid "Got ANS_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" msgstr "Kreeg ANS_KEY herkomst %d.%d.%d.%d bestemming %d.%d.%d.%d van %s (%s)" -#: src/protocol.c:821 +#: src/protocol.c:853 #, c-format msgid "" "Receiving ANS_KEY origin %d.%d.%d.%d from %s (%s), which does not exist?" msgstr "Kreeg ANS_KEY herkomst %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:837 +#: src/protocol.c:869 #, c-format msgid "Attempting to forward ANS_KEY to %d.%d.%d.%d, which does not exist?" msgstr "Poging tot doorsturen ANS_KEY naar %d.%d.%d.%d, die niet besttaat?" -#: src/protocol.c:843 +#: src/protocol.c:875 #, c-format msgid "Forwarding ANS_KEY to %s (%s)" msgstr "Doorsturen ANS_KEY naar %s (%s)" -#: src/protocol.c:864 +#: src/protocol.c:896 #, c-format msgid "Got unauthorized KEY_CHANGED from %s (%s)" msgstr "Kreeg niet-geautoriseerde KEY_CHANGED van %s (%s)" -#: src/protocol.c:871 +#: src/protocol.c:903 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:880 +#: src/protocol.c:912 #, c-format msgid "Got KEY_CHANGED origin %d.%d.%d.%d from %s (%s), which does not exist?" msgstr "Kreeg KEY_CHANGED herkomst %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:886 +#: src/protocol.c:918 #, c-format msgid "Got KEY_CHANGED origin %s from %s (%s)" msgstr "Kreeg KEY_CHANGED herkomst %s van %s (%s)" @@ -862,7 +886,3 @@ msgstr "Kreeg onverwacht signaal %d na %s regel %d" #, c-format msgid "Got unexpected signal %d" msgstr "Kreeg onverwacht signaal %d" - -#: src/tincd.c:493 -msgid "Got SIGCHLD: exitting immediately" -msgstr "Kreeg SIGCHLD: directe beëindiging" diff --git a/src/net.c b/src/net.c index af9077c8..ce60eeac 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.13 2000/06/29 13:04:14 guus Exp $ + $Id: net.c,v 1.35.4.14 2000/06/29 17:09:05 guus Exp $ */ #include "config.h" @@ -921,32 +921,37 @@ cp cl->status.remove = 1; - /* If this cl isn't active, don't send any DEL_HOSTs and don't bother - checking for other lost connections. */ + /* If this cl isn't active, don't send any DEL_HOSTs. */ if(!cl->status.active) return; cl->status.active = 0; - + notify_others(cl,NULL,send_del_host); + cp /* Find all connections that were lost because they were behind cl (the connection that was dropped). */ - for(p = conn_list; p != NULL; p = p->next) - if(p->nexthop == cl) + if(cl->status.meta) + for(p = conn_list; p != NULL; p = p->next) { - p->status.active = 0; - p->status.remove = 1; + if(p->nexthop == cl) + { + if(p->status.active) + notify_others(p,cl,send_del_host); + p->status.active = 0; + p->status.remove = 1; + } } - + cp /* Then send a notification about all these connections to all hosts - that are still connected to us. */ + that are still connected to us. for(p = conn_list; p != NULL; p = p->next) if(p->status.active && p->status.meta) for(q = conn_list; q != NULL; q = q->next) if(q->status.remove) send_del_host(p, q); - + */ cp } @@ -1146,7 +1151,8 @@ cp I've once got here when it said `No route to host'. */ getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l); - syslog(LOG_ERR, _("Outgoing data socket error: %s"), sys_errlist[x]); + syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"), + p->vpn_hostname, p->real_hostname, sys_errlist[x]); terminate_connection(p); return; } diff --git a/src/netutl.c b/src/netutl.c index fda9abdc..f57266c3 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.5 2000/06/29 13:04:15 guus Exp $ + $Id: netutl.c,v 1.12.4.6 2000/06/29 17:09:06 guus Exp $ */ #include "config.h" @@ -192,7 +192,7 @@ cp } else { - name = xmalloc(strlen(host->h_name)); + name = xmalloc(strlen(host->h_name)+1); sprintf(name, "%s", host->h_name); } cp diff --git a/src/protocol.c b/src/protocol.c index 6740cb0d..13593602 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.15 2000/06/29 13:04:15 guus Exp $ + $Id: protocol.c,v 1.28.4.16 2000/06/29 17:09:06 guus Exp $ */ #include "config.h" @@ -419,6 +419,19 @@ cp } else { + /* First check if the host we connected to is already in our + connection list. If so, we are probably making a loop, which + is not desirable. It should not happen though. + */ + + if(lookup_conn(cl->vpn_ip)) + { + if(debug_lvl>0) + syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list, aborting connect"), + cl->vpn_hostname, cl->real_hostname); + return -1; + } + if(setup_vpn_connection(cl) < 0) return -1; send_passphrase(cl); @@ -471,7 +484,8 @@ cp if(verify_passphrase(cl, g_n)) { /* intruder! */ - syslog(LOG_ERR, _("Intruder: passphrase does not match!")); + syslog(LOG_ERR, _("Intruder from %s: passphrase for %s does not match!"), + cl->real_hostname, cl->vpn_hostname); return -1; } @@ -483,12 +497,17 @@ cp /* Okay, before we active the connection, we check if there is another entry in the connection list with the same vpn_ip. If so, it presumably is an - old connection that has timed out but we don't know it yet. Because our - conn_list entry is not active, lookup_conn will skip ourself. */ + old connection that has timed out but we don't know it yet. + */ while(old = lookup_conn(cl->vpn_ip)) - terminate_connection(old); - + { + syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), + cl->vpn_hostname, old->real_hostname, cl->real_hostname); + old->status.active = 0; + terminate_connection(old); + } + cl->status.active = 1; if(debug_lvl > 0) @@ -538,11 +557,6 @@ cp cl->status.termreq = 1; - if(cl->status.active) - notify_others(cl, NULL, send_del_host); - - cl->status.active = 0; - terminate_connection(cl); cp return 0; @@ -672,8 +686,24 @@ cp return -1; } - while(old = lookup_conn(vpn_ip)) - terminate_connection(old); + if(old = lookup_conn(vpn_ip)) + { + if((real_ip==old->real_ip) && (vpn_mask==old->vpn_mask) && (port==old->port)) + { + if(debug_lvl>1) + syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), + old->vpn_hostname, old->real_hostname, cl->vpn_hostname, cl->real_hostname); + goto skip_add_host; /* One goto a day keeps the deeply nested if constructions away. */ + } + else + { + if(debug_lvl>1) + syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"), + old->vpn_hostname, old->real_hostname); + old->status.active = 0; + terminate_connection(old); + } + } ncn = new_conn_list(); ncn->real_ip = real_ip; @@ -692,6 +722,8 @@ cp syslog(LOG_DEBUG, _("Got ADD_HOST for %s (%s) from %s (%s)"), ncn->vpn_hostname, ncn->real_hostname, cl->vpn_hostname, cl->real_hostname); +skip_add_host: + notify_others(ncn, cl, send_add_host); cp return 0; diff --git a/src/protocol.h b/src/protocol.h index c9137d69..110dde8a 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.2 2000/06/25 15:22:16 guus Exp $ + $Id: protocol.h,v 1.5.4.3 2000/06/29 17:09:08 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -72,6 +72,7 @@ extern int send_termreq(conn_list_t *); extern int send_timeout(conn_list_t *); extern int send_key_request(ip_t); extern void send_key_changed_all(void); +extern int send_del_host(conn_list_t *, conn_list_t *); #endif /* __TINC_PROTOCOL_H__ */ diff --git a/src/tincd.c b/src/tincd.c index e4549ecb..5aafb965 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.3 2000/06/28 14:34:40 guus Exp $ + $Id: tincd.c,v 1.10.4.4 2000/06/29 17:09:08 guus Exp $ */ #include "config.h" @@ -485,11 +485,10 @@ setup_signals(void) signal(SIGINT, sigint_handler); signal(SIGUSR1, sigusr1_handler); signal(SIGUSR2, sigusr2_handler); - signal(SIGCHLD, parent_exit); +// signal(SIGCHLD, parent_exit); } RETSIGTYPE parent_exit(int a) { - syslog(LOG_NOTICE, _("Got SIGCHLD: exitting immediately")); exit(0); } From 0f9ad1f047efec53590dc43f07d225e5f20456cb Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 29 Jun 2000 19:47:04 +0000 Subject: [PATCH 035/923] - Fixed memory leak. - Implemented SIGHUP configuration file reloading. - Other small changes. --- po/nl.po | 215 ++++++++++++++++++++++++++----------------------- src/conf.c | 43 +++++++--- src/conf.h | 4 +- src/net.c | 100 +++++++++++++---------- src/protocol.c | 31 ++++--- src/tincd.c | 15 ++-- 6 files changed, 230 insertions(+), 178 deletions(-) diff --git a/po/nl.po b/po/nl.po index 7b44a4a6..3ac74f76 100644 --- a/po/nl.po +++ b/po/nl.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-06-29 18:49+0200\n" +"POT-Creation-Date: 2000-06-29 21:32+0200\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -14,22 +14,22 @@ msgstr "" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: src/conf.c:167 +#: src/conf.c:171 #, c-format msgid "%s: %d: Invalid variable name `%s'.\n" msgstr "%s: %d: Ongeldige variabelenaam `%s'.\n" -#: src/conf.c:174 +#: src/conf.c:178 #, c-format msgid "%s: %d: No value given for `%s'.\n" msgstr "%s: %d: Geen waarde gegeven voor `%s'.\n" -#: src/conf.c:182 +#: src/conf.c:186 #, c-format msgid "%s: %d: Invalid value `%s' for variable `%s'.\n" msgstr "%s: %d: Ongeldige waarde `%s' voor variabele `%s'.\n" -#: src/conf.c:203 +#: src/conf.c:208 #, c-format msgid "Could not open %s: %s\n" msgstr "Kon %s niet openen: %s\n" @@ -268,7 +268,7 @@ msgstr "Aanmaak UDP socket mislukte: %m" msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:754 src/net.c:841 src/net.c:1044 +#: src/net.c:754 src/net.c:841 src/net.c:1037 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" @@ -307,82 +307,90 @@ msgstr "Kreeg pakket van %s (%s) met onbekende herkomst %d.%d.%d.%d?" msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:919 +#: src/net.c:946 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:983 +#: src/net.c:976 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1014 +#: src/net.c:1007 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1022 +#: src/net.c:1015 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1049 +#: src/net.c:1042 #, c-format msgid "Metadata socket error: %s" msgstr "Fout op socket voor metaverkeer: %s" -#: src/net.c:1055 +#: src/net.c:1048 msgid "Metadata read buffer overflow!" msgstr "Metadata ontvangstbuffer overloop!" -#: src/net.c:1065 +#: src/net.c:1058 #, c-format msgid "Metadata socket read error: %m" msgstr "Fout op socket voor metaverkeer tijdens lezen: %m" -#: src/net.c:1089 +#: src/net.c:1082 #, c-format msgid "Got request from %s (%s): %s" msgstr "Ontving verzoek van %s (%s): %s" -#: src/net.c:1095 +#: src/net.c:1088 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/net.c:1102 +#: src/net.c:1095 #, c-format msgid "Error while processing request from %s (%s)" msgstr "Fout tijdens afhandelen van verzoek van %s (%s)" -#: src/net.c:1109 +#: src/net.c:1102 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/net.c:1154 +#: src/net.c:1147 #, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" -#: src/net.c:1190 +#: src/net.c:1183 #, c-format msgid "Error while reading from tapdevice: %m" msgstr "Fout tijdens lezen van tap-apparaatbestand tijdens lezen: %m" -#: src/net.c:1200 +#: src/net.c:1193 #, c-format msgid "Non-IP ethernet frame %04x from " msgstr "Niet-IP ethernet pakket %04x van " -#: src/net.c:1208 +#: src/net.c:1201 msgid "Dropping short packet" msgstr "Te kort pakket genegeerd" -#: src/net.c:1247 +#: src/net.c:1240 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" +#: src/net.c:1251 +msgid "Unable to reread configuration file, exitting" +msgstr "Fout tijdens herlezen configuratie bestand, beëindigen" + +#: src/net.c:1256 +msgid "Unable to restart, exitting" +msgstr "Kon niet herstarten, beëindigen" + #: src/netutl.c:222 #, c-format msgid "Error looking up `%s': %s\n" @@ -417,7 +425,7 @@ msgstr "Verzending TERMREQ naar %s (%s)" #: src/protocol.c:80 src/protocol.c:98 src/protocol.c:116 src/protocol.c:134 #: src/protocol.c:152 src/protocol.c:191 src/protocol.c:209 src/protocol.c:237 #: src/protocol.c:258 src/protocol.c:276 src/protocol.c:319 src/protocol.c:349 -#: src/protocol.c:779 src/protocol.c:882 +#: src/protocol.c:784 src/protocol.c:887 #, c-format msgid "Send failed: %s:%d: %m" msgstr "Verzenden mislukte: %s:%d: %m" @@ -487,236 +495,236 @@ msgstr "Poging tot verzenden ANS_KEY naar %d.%d.%d.%d, die niet bestaat?" msgid "Sending ANS_KEY to %s (%s)" msgstr "Verzending ANS_KEY naar %s (%s)" -#: src/protocol.c:396 +#: src/protocol.c:397 #, c-format msgid "Got BASIC_INFO from %s" msgstr "Kreeg BASIC_INFO van %s" -#: src/protocol.c:400 +#: src/protocol.c:401 #, c-format msgid "Got bad BASIC_INFO from %s" msgstr "Kreeg ongeldige BASIC_INFO van %s" -#: src/protocol.c:409 +#: src/protocol.c:410 #, c-format msgid "Peer uses incompatible protocol version %d" msgstr "De ander gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:430 +#: src/protocol.c:425 #, c-format -msgid "Uplink %s (%s) is already in our connection list, aborting connect" +msgid "Uplink %s (%s) is already in our connection list" msgstr "" -#: src/protocol.c:450 +#: src/protocol.c:455 #, c-format msgid "Got bad PASSPHRASE from %s (%s)" msgstr "Kreeg ongeldige PASSPHRASE van %s (%s)" -#: src/protocol.c:457 +#: src/protocol.c:462 #, c-format msgid "Got PASSPHRASE from %s (%s)" msgstr "Kreeg PASSPHRASE van %s (%s)" -#: src/protocol.c:475 +#: src/protocol.c:480 #, c-format msgid "Got bad PUBLIC_KEY from %s (%s)" msgstr "Kreeg ongeldige PUBLIC_KEY van %s (%s)" -#: src/protocol.c:481 +#: src/protocol.c:486 #, c-format msgid "Got PUBLIC_KEY from %s (%s)" msgstr "Kreeg PUBLIC_KEY van %s (%s)" #. intruder! -#: src/protocol.c:487 +#: src/protocol.c:492 #, c-format msgid "Intruder from %s: passphrase for %s does not match!" msgstr "Indringer van %s: wachwoord voor %s komt niet overeen!" -#: src/protocol.c:505 +#: src/protocol.c:510 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:514 src/protocol.c:533 +#: src/protocol.c:519 src/protocol.c:538 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:528 +#: src/protocol.c:533 #, c-format msgid "Got ACK from %s (%s)" msgstr "Kreeg ACK van %s (%s)" -#: src/protocol.c:549 +#: src/protocol.c:554 #, c-format msgid "Got unauthorized TERMREQ from %s (%s)" msgstr "Kreeg niet-geautoriseerde TERMREQ van %s (%s)" -#: src/protocol.c:555 +#: src/protocol.c:560 #, c-format msgid "Got TERMREQ from %s (%s)" msgstr "Kreeg TERMREQ van %s (%s)" -#: src/protocol.c:570 +#: src/protocol.c:575 #, c-format msgid "Got unauthorized TIMEOUT from %s (%s)" msgstr "Kreeg niet-geautoriseerde TIMEOUT van %s (%s)" -#: src/protocol.c:576 +#: src/protocol.c:581 #, c-format msgid "Got TIMEOUT from %s (%s)" msgstr "Kreeg TIMEOUT van %s (%s)" -#: src/protocol.c:592 +#: src/protocol.c:597 #, c-format msgid "Got unauthorized DEL_HOST from %s (%s)" msgstr "Kreeg niet-geautoriseerde DEL_HOST van %s (%s)" -#: src/protocol.c:599 +#: src/protocol.c:604 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:606 +#: src/protocol.c:611 #, c-format msgid "Got DEL_HOST for %d.%d.%d.%d from %s (%s) which does not exist?" msgstr "Kreeg DEL_HOST voor %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:612 +#: src/protocol.c:617 #, c-format msgid "Got DEL_HOST for %s (%s) from %s (%s)" msgstr "Kreeg DEL_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:630 +#: src/protocol.c:635 #, c-format msgid "Got unauthorized PING from %s (%s)" msgstr "Kreeg niet-geautoriseerde PING van %s (%s)" -#: src/protocol.c:636 +#: src/protocol.c:641 #, c-format msgid "Got PING from %s (%s)" msgstr "Kreeg PING van %s (%s)" -#: src/protocol.c:652 +#: src/protocol.c:657 #, c-format msgid "Got unauthorized PONG from %s (%s)" msgstr "Kreeg niet-geautoriseerde PONG van %s (%s)" -#: src/protocol.c:658 +#: src/protocol.c:663 #, c-format msgid "Got PONG from %s (%s)" msgstr "Kreeg PONG van %s (%s)" -#: src/protocol.c:677 +#: src/protocol.c:682 #, c-format msgid "Got unauthorized ADD_HOST from %s (%s)" msgstr "Kreeg niet-geautoriseerde ADD_HOST van %s (%s)" -#: src/protocol.c:684 +#: src/protocol.c:689 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:694 +#: src/protocol.c:699 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:701 +#: src/protocol.c:706 #, c-format msgid "Removing old entry for %s (%s)" msgstr "Verwijdering oude verbinding voor %s (%s)" -#: src/protocol.c:722 +#: src/protocol.c:727 #, c-format msgid "Got ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:740 +#: src/protocol.c:745 #, c-format msgid "Got unauthorized REQ_KEY from %s (%s)" msgstr "Kreeg niet-geautoriseerde REQ_KEY van %s (%s)" -#: src/protocol.c:747 +#: src/protocol.c:752 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:753 +#: src/protocol.c:758 #, c-format msgid "Got REQ_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" msgstr "Kreeg REQ_KEY herkmonst %d.%d.%d.%d bestemming %d.%d.%d.%d van %s (%s)" -#: src/protocol.c:766 +#: src/protocol.c:771 #, c-format msgid "Attempting to forward REQ_KEY to %d.%d.%d.%d, which does not exist?" msgstr "Poging tot doorsturen REQ_KEY naar %d.%d.%d.%d, die niet bestaat?" -#: src/protocol.c:772 +#: src/protocol.c:777 #, c-format msgid "Forwarding REQ_KEY to %s (%s)" msgstr "Doorsturen REQ_KEY naar %s (%s)" -#: src/protocol.c:831 +#: src/protocol.c:836 #, c-format msgid "Got unauthorized ANS_KEY from %s (%s)" msgstr "Kreeg niet-geautoriseerde ANS_KEY van %s (%s)" -#: src/protocol.c:838 +#: src/protocol.c:843 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:844 +#: src/protocol.c:849 #, c-format msgid "Got ANS_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" msgstr "Kreeg ANS_KEY herkomst %d.%d.%d.%d bestemming %d.%d.%d.%d van %s (%s)" -#: src/protocol.c:853 +#: src/protocol.c:858 #, c-format msgid "" "Receiving ANS_KEY origin %d.%d.%d.%d from %s (%s), which does not exist?" msgstr "Kreeg ANS_KEY herkomst %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:869 +#: src/protocol.c:874 #, c-format msgid "Attempting to forward ANS_KEY to %d.%d.%d.%d, which does not exist?" msgstr "Poging tot doorsturen ANS_KEY naar %d.%d.%d.%d, die niet besttaat?" -#: src/protocol.c:875 +#: src/protocol.c:880 #, c-format msgid "Forwarding ANS_KEY to %s (%s)" msgstr "Doorsturen ANS_KEY naar %s (%s)" -#: src/protocol.c:896 +#: src/protocol.c:901 #, c-format msgid "Got unauthorized KEY_CHANGED from %s (%s)" msgstr "Kreeg niet-geautoriseerde KEY_CHANGED van %s (%s)" -#: src/protocol.c:903 +#: src/protocol.c:908 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:912 +#: src/protocol.c:917 #, c-format msgid "Got KEY_CHANGED origin %d.%d.%d.%d from %s (%s), which does not exist?" msgstr "Kreeg KEY_CHANGED herkomst %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:918 +#: src/protocol.c:923 #, c-format msgid "Got KEY_CHANGED origin %s from %s (%s)" msgstr "Kreeg KEY_CHANGED herkomst %s van %s (%s)" -#: src/tincd.c:95 +#: src/tincd.c:98 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:98 +#: src/tincd.c:101 #, c-format msgid "" "Usage: %s [option]...\n" @@ -725,7 +733,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:99 +#: src/tincd.c:102 msgid "" " -c, --config=FILE Read configuration options from FILE.\n" " -D, --no-detach Don't fork and detach.\n" @@ -741,7 +749,7 @@ msgstr "" " -n, --net=NETNAAM Verbind met net NETNAAM.\n" " -t, --timeout=TIMEOUT Seconden wachten op timeout.\n" -#: src/tincd.c:105 +#: src/tincd.c:108 msgid "" " --help Display this help and exit.\n" " --version Output version information and exit.\n" @@ -751,69 +759,69 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:107 +#: src/tincd.c:110 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:145 +#: src/tincd.c:148 #, c-format msgid "Invalid timeout value `%s'.\n" msgstr "Ongeldige timeout waarde `%s'.\n" -#: src/tincd.c:159 +#: src/tincd.c:162 #, c-format -msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." +msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting" msgstr "" -"Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken); beëindigen." +"Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken), beëindigen" -#: src/tincd.c:214 +#: src/tincd.c:217 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) gestart, debugniveau %d." -#: src/tincd.c:217 +#: src/tincd.c:220 #, c-format msgid "tincd %s starting" msgstr "tincd %s gestart" -#: src/tincd.c:232 +#: src/tincd.c:235 #, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " "socket %d." -#: src/tincd.c:250 +#: src/tincd.c:253 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd voor net `%s' draait al met procesnummer %d.\n" -#: src/tincd.c:253 +#: src/tincd.c:256 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met procesnummer %d.\n" -#: src/tincd.c:274 +#: src/tincd.c:277 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd gevonden voor net `%s'.\n" -#: src/tincd.c:276 +#: src/tincd.c:279 msgid "No other tincd is running.\n" msgstr "Geen andere tincd gevonden.\n" -#: src/tincd.c:283 +#: src/tincd.c:286 msgid "Removing stale lock file.\n" msgstr "Ongebruikt vergrendelingsbestand verwijderd.\n" -#: src/tincd.c:339 +#: src/tincd.c:342 #, c-format msgid "%s version %s\n" msgstr "%s versie %s\n" -#: src/tincd.c:340 +#: src/tincd.c:343 msgid "" "Copyright (C) 1998,1999,2000 Ivo Timmermans and others,\n" "see the AUTHORS file for a complete list.\n" @@ -832,50 +840,50 @@ msgstr "" "zie het bestand COPYING voor details.\n" "\n" -#: src/tincd.c:345 +#: src/tincd.c:348 msgid "" "This product includes software developed by Eric Young (eay@mincom.oz.au)\n" msgstr "" "Dit produkt bevat programmatuur ontwikkeld door Eric Young " "(eay@mincom.oz.au)\n" -#: src/tincd.c:355 +#: src/tincd.c:358 msgid "You must be root to run this program. Sorry.\n" msgstr "" "Je moet systeembeheerder zijn om dit programma te kunnen draaien. Sorry.\n" -#: src/tincd.c:390 +#: src/tincd.c:393 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/tincd.c:398 +#: src/tincd.c:401 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/tincd.c:405 +#: src/tincd.c:408 msgid "Got another SEGV signal: not restarting" msgstr "Kreeg nog een SEGV signaal: niet herstarten" -#: src/tincd.c:413 +#: src/tincd.c:416 #, c-format msgid "Got SEGV signal after %s line %d, trying to re-execute" -msgstr "Kreeg SEGV signaal na %s regel %d. Probeer opnieuw opstarten." +msgstr "Kreeg SEGV signaal na %s regel %d, probeer opnieuw opstarten" -#: src/tincd.c:416 +#: src/tincd.c:419 msgid "Got SEGV signal, trying to re-execute" msgstr "Kreeg SEGV signaal, probeer opnieuw opstarten" -#: src/tincd.c:429 -msgid "Got HUP signal" -msgstr "Kreeg HUP signaal" +#: src/tincd.c:431 +msgid "Got HUP signal, rereading configuration and restarting" +msgstr "Kreeg HUP signaal, herlezen configuratie en herstarten" #: src/tincd.c:439 -msgid "Got INT signal" -msgstr "Kreeg INT signaal" +msgid "Got INT signal, exitting" +msgstr "Kreeg INT signaal, beëindigen" #: src/tincd.c:453 -msgid "Forcing new key generation" -msgstr "Nieuwe sleutels geforceerd" +msgid "Got USR2 signal, forcing new key generation" +msgstr "Kreeg USR2 signaal, nieuwe sleutels geforceerd" #: src/tincd.c:461 #, c-format @@ -886,3 +894,6 @@ msgstr "Kreeg onverwacht signaal %d na %s regel %d" #, c-format msgid "Got unexpected signal %d" msgstr "Kreeg onverwacht signaal %d" + +#~ msgid "Got HUP signal" +#~ msgstr "Kreeg HUP signaal" diff --git a/src/conf.c b/src/conf.c index f8838d78..0a72a371 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.3 2000/06/27 20:10:47 guus Exp $ + $Id: conf.c,v 1.9.4.4 2000/06/29 19:47:02 guus Exp $ */ @@ -36,12 +36,17 @@ #include "conf.h" #include "netutl.h" /* for strtoip */ +#include /* for cp */ #include "system.h" config_t *config; int debug_lvl = 0; int timeout = 0; /* seconds before timeout */ +char *configfilename = NULL; + +/* Will be set if HUP signal is received. It will be processed when it is safe. */ +int sighup = 0; typedef struct internal_config_t { char *name; @@ -77,7 +82,7 @@ add_config_val(config_t **cfg, int argtype, char *val) { config_t *p, *r; char *q; - +cp p = (config_t*)xmalloc(sizeof(*p)); p->data.val = 0; @@ -120,6 +125,7 @@ add_config_val(config_t **cfg, int argtype, char *val) } free(p); +cp return NULL; } @@ -133,7 +139,7 @@ readconfig(const char *fname, FILE *fp) char *p, *q; int i, lineno = 0; config_t *cfg; - +cp line = (char *)xmalloc(80 * sizeof(char)); temp_buf = (char *)xmalloc(80 * sizeof(char)); @@ -188,6 +194,7 @@ readconfig(const char *fname, FILE *fp) if(!config) config = cfg; } +cp } /* @@ -197,7 +204,7 @@ int read_config_file(const char *fname) { FILE *fp; - +cp if((fp = fopen (fname, "r")) == NULL) { fprintf(stderr, _("Could not open %s: %s\n"), fname, sys_errlist[errno]); @@ -208,7 +215,7 @@ read_config_file(const char *fname) return -1; fclose (fp); - +cp return 0; } @@ -219,11 +226,11 @@ const config_t * get_config_val(which_t type) { config_t *p; - +cp for(p = config; p != NULL; p = p->next) if(p->which == type) return p; - +cp /* Not found */ return NULL; } @@ -236,12 +243,30 @@ const config_t * get_next_config_val(which_t type, int index) { config_t *p; - +cp for(p = config; p != NULL; p = p->next) if(p->which == type) if(--index < 0) return p; - +cp /* Not found */ return NULL; } + +/* + Remove the complete configuration tree. +*/ +void clear_config() +{ + config_t *p, *next; +cp + for(p = config; p; p = next) + { + next = p->next; + if(p->data.ptr) + free(p->data.ptr); + free(p); + } + config = NULL; +cp +} diff --git a/src/conf.h b/src/conf.h index d9309128..57a02f5d 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.3 2000/06/27 20:10:47 guus Exp $ + $Id: conf.h,v 1.6.4.4 2000/06/29 19:47:03 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -71,6 +71,8 @@ extern config_t *config; extern int debug_lvl; extern int timeout; extern int upstreamindex; +extern int sighup; +extern char *configfilename; extern config_t *add_config_val(config_t **, int, char *); extern int read_config_file(const char *); diff --git a/src/net.c b/src/net.c index ce60eeac..a1757c5b 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.14 2000/06/29 17:09:05 guus Exp $ + $Id: net.c,v 1.35.4.15 2000/06/29 19:47:03 guus Exp $ */ #include "config.h" @@ -794,7 +794,7 @@ cp if(send_basic_info(p) < 0) { - free(p); + free_conn_element(p); return NULL; } cp @@ -904,13 +904,40 @@ cp if(cl->status.timeout) send_timeout(cl); - else if(!cl->status.termreq) +/* else if(!cl->status.termreq) send_termreq(cl); - - close(cl->socket); + */ + + if(cl->socket) + close(cl->socket); if(cl->status.meta) close(cl->meta_socket); + cl->status.remove = 1; + + /* If this cl isn't active, don't send any DEL_HOSTs. */ + if(cl->status.active) + notify_others(cl,NULL,send_del_host); + +cp + /* Find all connections that were lost because they were behind cl + (the connection that was dropped). */ + if(cl->status.meta) + for(p = conn_list; p != NULL; p = p->next) + { + if((p->nexthop == cl) && (p != cl)) + { + if(cl->status.active && p->status.active) + notify_others(p,cl,send_del_host); + if(cl->socket) + close(cl->socket); + p->status.active = 0; + p->status.remove = 1; + } + } + + cl->status.active = 0; + if(cl->status.outgoing) { signal(SIGALRM, sigalrm_handler); @@ -918,40 +945,6 @@ cp alarm(seconds_till_retry); syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds")); } - - cl->status.remove = 1; - - /* If this cl isn't active, don't send any DEL_HOSTs. */ - if(!cl->status.active) - return; - - cl->status.active = 0; - notify_others(cl,NULL,send_del_host); - -cp - /* Find all connections that were lost because they were behind cl - (the connection that was dropped). */ - if(cl->status.meta) - for(p = conn_list; p != NULL; p = p->next) - { - if(p->nexthop == cl) - { - if(p->status.active) - notify_others(p,cl,send_del_host); - p->status.active = 0; - p->status.remove = 1; - } - } - -cp - /* Then send a notification about all these connections to all hosts - that are still connected to us. - for(p = conn_list; p != NULL; p = p->next) - if(p->status.active && p->status.meta) - for(q = conn_list; q != NULL; q = q->next) - if(q->status.remove) - send_del_host(p, q); - */ cp } @@ -1015,7 +1008,7 @@ cp return -1; } - if((ncn = create_new_connection(nfd)) == NULL) + if(!(ncn = create_new_connection(nfd))) { shutdown(nfd, 2); close(nfd); @@ -1242,10 +1235,29 @@ cp if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) { - if(errno == EINTR) /* because of alarm */ - continue; - syslog(LOG_ERR, _("Error while waiting for input: %m")); - return; + if(errno != EINTR) /* because of alarm */ + { + syslog(LOG_ERR, _("Error while waiting for input: %m")); + return; + } + } + + if(sighup) + { + close_network_connections(); + clear_config(); + if(read_config_file(configfilename)) + { + syslog(LOG_ERR, _("Unable to reread configuration file, exitting")); + exit(0); + } + if(setup_network_connections()) + { + syslog(LOG_ERR, _("Unable to restart, exitting")); + exit(0); + } + sighup = 0; + continue; } if(last_ping_check + timeout < time(NULL)) diff --git a/src/protocol.c b/src/protocol.c index 13593602..a6f30290 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.16 2000/06/29 17:09:06 guus Exp $ + $Id: protocol.c,v 1.28.4.17 2000/06/29 19:47:03 guus Exp $ */ #include "config.h" @@ -391,6 +391,7 @@ cp int basic_info_h(conn_list_t *cl) { + conn_list_t *old; cp if(debug_lvl > 1) syslog(LOG_DEBUG, _("Got BASIC_INFO from %s"), cl->real_hostname); @@ -413,24 +414,28 @@ cp if(cl->status.outgoing) { + /* First check if the host we connected to is already in our + connection list. If so, we are probably making a loop, which + is not desirable. + */ + + if(old=lookup_conn(cl->vpn_ip)) + { + if(debug_lvl>0) + syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), + cl->vpn_hostname, cl->real_hostname); + cl->status.outgoing = 0; + old->status.outgoing = 1; + terminate_connection(cl); + return 0; + } + if(setup_vpn_connection(cl) < 0) return -1; send_basic_info(cl); } else { - /* First check if the host we connected to is already in our - connection list. If so, we are probably making a loop, which - is not desirable. It should not happen though. - */ - - if(lookup_conn(cl->vpn_ip)) - { - if(debug_lvl>0) - syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list, aborting connect"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } if(setup_vpn_connection(cl) < 0) return -1; diff --git a/src/tincd.c b/src/tincd.c index 5aafb965..cecf95ed 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.4 2000/06/29 17:09:08 guus Exp $ + $Id: tincd.c,v 1.10.4.5 2000/06/29 19:47:04 guus Exp $ */ #include "config.h" @@ -62,7 +62,7 @@ static int kill_tincd = 0; static int do_detach = 1; char *confbase = NULL; /* directory in which all config files are */ -char *configfilename = NULL; /* configuration file name */ +/* char *configfilename = NULL; /* configuration file name, moved to config.c */ char *identname; /* program name for syslog */ char *netname = NULL; /* name of the vpn network */ char *pidfilename; /* pid file location */ @@ -416,7 +416,6 @@ sigsegv_handler(int a) syslog(LOG_NOTICE, _("Got SEGV signal, trying to re-execute")); signal(SIGSEGV, sigsegv_square); - close_network_connections(); remove_pid(pidfilename); execvp(g_argv[0], g_argv); @@ -426,17 +425,15 @@ RETSIGTYPE sighup_handler(int a) { if(debug_lvl > 0) - syslog(LOG_NOTICE, _("Got HUP signal")); - close_network_connections(); - setup_network_connections(); - /* FIXME: read config-file and re-establish network connections */ + syslog(LOG_NOTICE, _("Got HUP signal, rereading configuration and restarting")); + sighup = 1; } RETSIGTYPE sigint_handler(int a) { if(debug_lvl > 0) - syslog(LOG_NOTICE, _("Got INT signal")); + syslog(LOG_NOTICE, _("Got INT signal, exitting")); cleanup_and_exit(0); } @@ -450,7 +447,7 @@ RETSIGTYPE sigusr2_handler(int a) { if(debug_lvl > 1) - syslog(LOG_NOTICE, _("Forcing new key generation")); + syslog(LOG_NOTICE, _("Got USR2 signal, forcing new key generation")); regenerate_keys(); } From 24874d0806bac5d75663ea9de67a71171bfc97b6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 30 Jun 2000 11:45:16 +0000 Subject: [PATCH 036/923] - Removed segfault bug in conf.c (must have been there for ages!) - Made main_loop() signal proof - #defined MAXTIMEOUT (15 minutes) - If something really really bad happens, close all connections, wait for MAXTIMEOUT seconds, and then restart tinc --- po/nl.po | 149 +++++++++++++++++++++++++--------------------------- src/conf.c | 20 ++++--- src/conf.h | 7 ++- src/net.c | 35 ++++++------ src/tincd.c | 18 ++++--- 5 files changed, 116 insertions(+), 113 deletions(-) diff --git a/po/nl.po b/po/nl.po index 3ac74f76..b432fe19 100644 --- a/po/nl.po +++ b/po/nl.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-06-29 21:32+0200\n" +"POT-Creation-Date: 2000-06-30 13:23+0200\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -14,22 +14,22 @@ msgstr "" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: src/conf.c:171 +#: src/conf.c:175 #, c-format msgid "%s: %d: Invalid variable name `%s'.\n" msgstr "%s: %d: Ongeldige variabelenaam `%s'.\n" -#: src/conf.c:178 +#: src/conf.c:182 #, c-format msgid "%s: %d: No value given for `%s'.\n" msgstr "%s: %d: Geen waarde gegeven voor `%s'.\n" -#: src/conf.c:186 +#: src/conf.c:190 #, c-format msgid "%s: %d: Invalid value `%s' for variable `%s'.\n" msgstr "%s: %d: Ongeldige waarde `%s' voor variabele `%s'.\n" -#: src/conf.c:208 +#: src/conf.c:214 #, c-format msgid "Could not open %s: %s\n" msgstr "Kon %s niet openen: %s\n" @@ -240,14 +240,15 @@ msgstr "Kon geen socket maken voor inkomend vpn verkeer" msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:642 +#: src/net.c:641 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:680 -msgid "Trying to re-establish outgoing connection in 5 minutes" -msgstr "Poging tot herstellen van uitgaande verbinding over 5 minuten" +#: src/net.c:679 +#, c-format +msgid "Trying to re-establish outgoing connection in %d seconds" +msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" #: src/net.c:717 msgid "Terminating" @@ -268,7 +269,7 @@ msgstr "Aanmaak UDP socket mislukte: %m" msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:754 src/net.c:841 src/net.c:1037 +#: src/net.c:754 src/net.c:840 src/net.c:1036 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" @@ -278,119 +279,111 @@ msgstr "Dit is een programmeerfout: %s:%d: %d:%m" msgid "Error: getpeername: %m" msgstr "Fout: getpeername: %m" -#: src/net.c:782 -msgid "unknown" -msgstr "onbekend" - -#: src/net.c:792 +#: src/net.c:791 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:846 +#: src/net.c:845 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:854 +#: src/net.c:853 #, c-format msgid "Receiving packet from %s failed: %m" msgstr "Ontvangst pakket van %s mislukt: %m" -#: src/net.c:868 +#: src/net.c:867 #, c-format msgid "Got packet from %s (%s) with unknown origin %d.%d.%d.%d?" msgstr "Kreeg pakket van %s (%s) met onbekende herkomst %d.%d.%d.%d?" -#: src/net.c:902 +#: src/net.c:901 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:946 +#: src/net.c:945 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:976 +#: src/net.c:975 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1007 +#: src/net.c:1006 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1015 +#: src/net.c:1014 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1042 +#: src/net.c:1041 #, c-format msgid "Metadata socket error: %s" msgstr "Fout op socket voor metaverkeer: %s" -#: src/net.c:1048 +#: src/net.c:1047 msgid "Metadata read buffer overflow!" msgstr "Metadata ontvangstbuffer overloop!" -#: src/net.c:1058 +#: src/net.c:1057 #, c-format msgid "Metadata socket read error: %m" msgstr "Fout op socket voor metaverkeer tijdens lezen: %m" -#: src/net.c:1082 +#: src/net.c:1081 #, c-format msgid "Got request from %s (%s): %s" msgstr "Ontving verzoek van %s (%s): %s" -#: src/net.c:1088 +#: src/net.c:1087 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/net.c:1095 +#: src/net.c:1094 #, c-format msgid "Error while processing request from %s (%s)" msgstr "Fout tijdens afhandelen van verzoek van %s (%s)" -#: src/net.c:1102 +#: src/net.c:1101 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/net.c:1147 +#: src/net.c:1146 #, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" -#: src/net.c:1183 +#: src/net.c:1182 #, c-format msgid "Error while reading from tapdevice: %m" msgstr "Fout tijdens lezen van tap-apparaatbestand tijdens lezen: %m" -#: src/net.c:1193 +#: src/net.c:1192 #, c-format msgid "Non-IP ethernet frame %04x from " msgstr "Niet-IP ethernet pakket %04x van " -#: src/net.c:1201 +#: src/net.c:1200 msgid "Dropping short packet" msgstr "Te kort pakket genegeerd" -#: src/net.c:1240 +#: src/net.c:1239 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" #: src/net.c:1251 -msgid "Unable to reread configuration file, exitting" +msgid "Unable to reread configuration file, exiting" msgstr "Fout tijdens herlezen configuratie bestand, beëindigen" -#: src/net.c:1256 -msgid "Unable to restart, exitting" -msgstr "Kon niet herstarten, beëindigen" - #: src/netutl.c:222 #, c-format msgid "Error looking up `%s': %s\n" @@ -513,7 +506,7 @@ msgstr "De ander gebruikt een niet-compatibel protocol versie %d" #: src/protocol.c:425 #, c-format msgid "Uplink %s (%s) is already in our connection list" -msgstr "" +msgstr "%s (%s) staat al in onze verbindingslijst" #: src/protocol.c:455 #, c-format @@ -719,12 +712,12 @@ msgstr "Kreeg KEY_CHANGED herkomst %d.%d.%d.%d van %s (%s), die niet bestaat?" msgid "Got KEY_CHANGED origin %s from %s (%s)" msgstr "Kreeg KEY_CHANGED herkomst %s van %s (%s)" -#: src/tincd.c:98 +#: src/tincd.c:95 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:101 +#: src/tincd.c:98 #, c-format msgid "" "Usage: %s [option]...\n" @@ -733,7 +726,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:102 +#: src/tincd.c:99 msgid "" " -c, --config=FILE Read configuration options from FILE.\n" " -D, --no-detach Don't fork and detach.\n" @@ -749,7 +742,7 @@ msgstr "" " -n, --net=NETNAAM Verbind met net NETNAAM.\n" " -t, --timeout=TIMEOUT Seconden wachten op timeout.\n" -#: src/tincd.c:108 +#: src/tincd.c:105 msgid "" " --help Display this help and exit.\n" " --version Output version information and exit.\n" @@ -759,69 +752,69 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:110 +#: src/tincd.c:107 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:148 +#: src/tincd.c:145 #, c-format msgid "Invalid timeout value `%s'.\n" msgstr "Ongeldige timeout waarde `%s'.\n" -#: src/tincd.c:162 +#: src/tincd.c:159 #, c-format -msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting" +msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" -"Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken), beëindigen" +"Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken), beëindigen." -#: src/tincd.c:217 +#: src/tincd.c:214 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" -msgstr "tincd %s (%s %s) gestart, debugniveau %d." +msgstr "tincd %s (%s %s) gestart, debugniveau %d" -#: src/tincd.c:220 +#: src/tincd.c:217 #, c-format msgid "tincd %s starting" msgstr "tincd %s gestart" -#: src/tincd.c:235 +#: src/tincd.c:232 #, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " "socket %d." -#: src/tincd.c:253 +#: src/tincd.c:250 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd voor net `%s' draait al met procesnummer %d.\n" -#: src/tincd.c:256 +#: src/tincd.c:253 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met procesnummer %d.\n" -#: src/tincd.c:277 +#: src/tincd.c:274 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd gevonden voor net `%s'.\n" -#: src/tincd.c:279 +#: src/tincd.c:276 msgid "No other tincd is running.\n" msgstr "Geen andere tincd gevonden.\n" -#: src/tincd.c:286 +#: src/tincd.c:283 msgid "Removing stale lock file.\n" msgstr "Ongebruikt vergrendelingsbestand verwijderd.\n" -#: src/tincd.c:342 +#: src/tincd.c:339 #, c-format msgid "%s version %s\n" msgstr "%s versie %s\n" -#: src/tincd.c:343 +#: src/tincd.c:340 msgid "" "Copyright (C) 1998,1999,2000 Ivo Timmermans and others,\n" "see the AUTHORS file for a complete list.\n" @@ -840,60 +833,62 @@ msgstr "" "zie het bestand COPYING voor details.\n" "\n" -#: src/tincd.c:348 +#: src/tincd.c:345 msgid "" "This product includes software developed by Eric Young (eay@mincom.oz.au)\n" msgstr "" "Dit produkt bevat programmatuur ontwikkeld door Eric Young " "(eay@mincom.oz.au)\n" -#: src/tincd.c:358 +#: src/tincd.c:355 msgid "You must be root to run this program. Sorry.\n" msgstr "" "Je moet systeembeheerder zijn om dit programma te kunnen draaien. Sorry.\n" -#: src/tincd.c:393 +#: src/tincd.c:385 +#, c-format +msgid "Unrecoverable error, restarting in %d seconds!" +msgstr "Onherstelbare fout, herstart in %d seconden!" + +#: src/tincd.c:394 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/tincd.c:401 +#: src/tincd.c:402 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/tincd.c:408 +#: src/tincd.c:409 msgid "Got another SEGV signal: not restarting" msgstr "Kreeg nog een SEGV signaal: niet herstarten" -#: src/tincd.c:416 +#: src/tincd.c:417 #, c-format msgid "Got SEGV signal after %s line %d, trying to re-execute" msgstr "Kreeg SEGV signaal na %s regel %d, probeer opnieuw opstarten" -#: src/tincd.c:419 +#: src/tincd.c:420 msgid "Got SEGV signal, trying to re-execute" msgstr "Kreeg SEGV signaal, probeer opnieuw opstarten" -#: src/tincd.c:431 +#: src/tincd.c:432 msgid "Got HUP signal, rereading configuration and restarting" msgstr "Kreeg HUP signaal, herlezen configuratie en herstarten" -#: src/tincd.c:439 -msgid "Got INT signal, exitting" +#: src/tincd.c:440 +msgid "Got INT signal, exiting" msgstr "Kreeg INT signaal, beëindigen" -#: src/tincd.c:453 +#: src/tincd.c:454 msgid "Got USR2 signal, forcing new key generation" msgstr "Kreeg USR2 signaal, nieuwe sleutels geforceerd" -#: src/tincd.c:461 +#: src/tincd.c:462 #, c-format msgid "Got unexpected signal %d after %s line %d" msgstr "Kreeg onverwacht signaal %d na %s regel %d" -#: src/tincd.c:464 +#: src/tincd.c:465 #, c-format msgid "Got unexpected signal %d" msgstr "Kreeg onverwacht signaal %d" - -#~ msgid "Got HUP signal" -#~ msgstr "Kreeg HUP signaal" diff --git a/src/conf.c b/src/conf.c index 0a72a371..5d6437ff 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.4 2000/06/29 19:47:02 guus Exp $ + $Id: conf.c,v 1.9.4.5 2000/06/30 11:45:14 guus Exp $ */ @@ -109,6 +109,8 @@ cp p->data.val = 0; } + p->argtype = argtype; + if(p->data.val) { if(*cfg) @@ -195,6 +197,7 @@ cp config = cfg; } cp + return 0; } /* @@ -203,6 +206,7 @@ cp int read_config_file(const char *fname) { + int err; FILE *fp; cp if((fp = fopen (fname, "r")) == NULL) @@ -211,12 +215,10 @@ cp return 1; } - if(readconfig(fname, fp)) - return -1; - + err = readconfig(fname, fp); fclose (fp); cp - return 0; + return err; } /* @@ -260,11 +262,13 @@ void clear_config() { config_t *p, *next; cp - for(p = config; p; p = next) + for(p = config; p != NULL; p = next) { next = p->next; - if(p->data.ptr) - free(p->data.ptr); + if(p->data.ptr && (p->argtype == TYPE_NAME)) + { + free(p->data.ptr); + } free(p); } config = NULL; diff --git a/src/conf.h b/src/conf.h index 57a02f5d..1d758595 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,12 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.4 2000/06/29 19:47:03 guus Exp $ + $Id: conf.h,v 1.6.4.5 2000/06/30 11:45:14 guus Exp $ */ #ifndef __TINC_CONF_H__ #define __TINC_CONF_H__ +#define MAXTIMEOUT 900 /* Maximum timeout value for retries. Should this be a configuration option? */ + typedef struct ip_mask_t { unsigned long ip; unsigned long mask; @@ -46,12 +48,13 @@ typedef enum which_t { keyexpire, vpnmask, resolve_dns, - indirectdata + indirectdata, } which_t; typedef struct config_t { struct config_t *next; which_t which; + int argtype; data_t data; } config_t; diff --git a/src/net.c b/src/net.c index a1757c5b..efd30e6f 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.15 2000/06/29 19:47:03 guus Exp $ + $Id: net.c,v 1.35.4.16 2000/06/30 11:45:14 guus Exp $ */ #include "config.h" @@ -636,11 +636,11 @@ cp signal(SIGALRM, sigalrm_handler); upstreamindex = 0; seconds_till_retry += 5; - if(seconds_till_retry>300) /* Don't wait more than 5 minutes. */ - seconds_till_retry = 300; - alarm(seconds_till_retry); + if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */ + seconds_till_retry = MAXTIMEOUT; syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"), seconds_till_retry); + alarm(seconds_till_retry); cp } @@ -675,9 +675,9 @@ cp signal(SIGALRM, sigalrm_handler); upstreamindex = 0; - seconds_till_retry = 300; + seconds_till_retry = MAXTIMEOUT; + syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); alarm(seconds_till_retry); - syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 minutes")); cp return 0; } @@ -779,7 +779,6 @@ cp return NULL; } - p->vpn_hostname = _("unknown"); p->real_ip = ntohl(ci.sin_addr.s_addr); p->real_hostname = hostlookup(ci.sin_addr.s_addr); p->meta_socket = sfd; @@ -1244,19 +1243,15 @@ cp if(sighup) { + sighup = 0; close_network_connections(); clear_config(); if(read_config_file(configfilename)) { - syslog(LOG_ERR, _("Unable to reread configuration file, exitting")); + syslog(LOG_ERR, _("Unable to reread configuration file, exiting")); exit(0); } - if(setup_network_connections()) - { - syslog(LOG_ERR, _("Unable to restart, exitting")); - exit(0); - } - sighup = 0; + setup_network_connections(); continue; } @@ -1265,14 +1260,16 @@ cp { check_dead_connections(); last_ping_check = time(NULL); - continue; } - check_network_activity(&fset); + if(r > 0) + { + check_network_activity(&fset); - /* local tap data */ - if(FD_ISSET(tap_fd, &fset)) - handle_tap_input(); + /* local tap data */ + if(FD_ISSET(tap_fd, &fset)) + handle_tap_input(); + } } cp } diff --git a/src/tincd.c b/src/tincd.c index cecf95ed..f63540aa 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.5 2000/06/29 19:47:04 guus Exp $ + $Id: tincd.c,v 1.10.4.6 2000/06/30 11:45:16 guus Exp $ */ #include "config.h" @@ -374,13 +374,17 @@ main(int argc, char **argv, char **envp) if(security_init()) return 1; - if(setup_network_connections()) - cleanup_and_exit(1); + for(;;) + { + setup_network_connections(); - main_loop(); + main_loop(); - cleanup_and_exit(1); - return 1; + cleanup_and_exit(1); + + syslog(LOG_ERR, _("Unrecoverable error, restarting in %d seconds!"), MAXTIMEOUT); + sleep(MAXTIMEOUT); + } } RETSIGTYPE @@ -433,7 +437,7 @@ RETSIGTYPE sigint_handler(int a) { if(debug_lvl > 0) - syslog(LOG_NOTICE, _("Got INT signal, exitting")); + syslog(LOG_NOTICE, _("Got INT signal, exiting")); cleanup_and_exit(0); } From c5737583c8a5d099a71174e1eb997e0972ae03e9 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 30 Jun 2000 12:41:06 +0000 Subject: [PATCH 037/923] - Instead of logging an error when remote end closes the connection, we print a nice message if appropiate debug level is set. - If we get ADD_HOSTs or DEL_HOSTs for ourself, then connection lists are really messed up. We restart, and hope our problems go away. --- po/nl.po | 183 ++++++++++++++++++++++++++++--------------------- src/net.c | 34 ++++++--- src/protocol.c | 20 +++++- 3 files changed, 147 insertions(+), 90 deletions(-) diff --git a/po/nl.po b/po/nl.po index b432fe19..d24dcccc 100644 --- a/po/nl.po +++ b/po/nl.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-06-30 13:23+0200\n" +"POT-Creation-Date: 2000-06-30 14:36+0200\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -178,7 +178,7 @@ msgstr "Aanmaak van metasocket mislukt: %m" msgid "setsockopt: %m" msgstr "setsockopt: %m" -#: src/net.c:424 src/net.c:473 src/net.c:528 +#: src/net.c:424 src/net.c:473 #, c-format msgid "fcntl: %m" msgstr "fcntl: %m" @@ -193,7 +193,7 @@ msgstr "Kan niet aan poort %hd/tcp binden: %m" msgid "listen: %m" msgstr "listen: %m" -#: src/net.c:460 src/net.c:511 +#: src/net.c:460 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" @@ -208,179 +208,194 @@ msgstr "Kan niet aan poort %hd/udp binden: %m" msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:521 +#: src/net.c:511 +#, c-format +msgid "Creating socket for %s port %d failed: %m" +msgstr "Aanmaken socket voor %s poort %d mislukt: %m" + +#: src/net.c:522 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:532 +#: src/net.c:529 +#, c-format +msgid "fcntl for %s port %d: %m" +msgstr "fcntl voor %s poort %d: %m" + +#: src/net.c:534 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:555 +#: src/net.c:557 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:580 +#: src/net.c:582 msgid "No value for my VPN IP given" msgstr "Geen waarde gegeven voor mijn VPN IP adres" -#: src/net.c:601 +#: src/net.c:603 msgid "Unable to set up a listening socket" msgstr "Kon geen luistersocket aanmaken" -#: src/net.c:607 +#: src/net.c:609 msgid "Unable to set up an incoming vpn data socket" msgstr "Kon geen socket maken voor inkomend vpn verkeer" -#: src/net.c:614 +#: src/net.c:616 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:641 +#: src/net.c:643 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:679 +#: src/net.c:681 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:717 +#: src/net.c:719 msgid "Terminating" msgstr "Beëindigen" -#: src/net.c:731 +#: src/net.c:733 #, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:736 +#: src/net.c:738 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:746 +#: src/net.c:748 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:754 src/net.c:840 src/net.c:1036 +#: src/net.c:756 src/net.c:843 src/net.c:1041 #, c-format -msgid "This is a bug: %s:%d: %d:%m" -msgstr "Dit is een programmeerfout: %s:%d: %d:%m" +msgid "This is a bug: %s:%d: %d:%m %s (%s)" +msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" -#: src/net.c:778 +#: src/net.c:781 #, c-format msgid "Error: getpeername: %m" msgstr "Fout: getpeername: %m" -#: src/net.c:791 +#: src/net.c:794 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:845 +#: src/net.c:849 #, c-format -msgid "Incoming data socket error: %s" -msgstr "Fout op socket voor inkomend verkeer: %s" +msgid "Incoming data socket error for %s (%s): %s" +msgstr "Fout op socket voor inkomend verkeer voor %s (%s): %s" -#: src/net.c:853 +#: src/net.c:858 #, c-format -msgid "Receiving packet from %s failed: %m" -msgstr "Ontvangst pakket van %s mislukt: %m" +msgid "Receiving packet from %s (%s) failed: %m" +msgstr "Ontvangst pakket van %s (%s) mislukt: %m" -#: src/net.c:867 +#: src/net.c:872 #, c-format msgid "Got packet from %s (%s) with unknown origin %d.%d.%d.%d?" msgstr "Kreeg pakket van %s (%s) met onbekende herkomst %d.%d.%d.%d?" -#: src/net.c:901 +#: src/net.c:906 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:945 +#: src/net.c:950 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:975 +#: src/net.c:980 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1006 +#: src/net.c:1011 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1014 +#: src/net.c:1019 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1041 -#, c-format -msgid "Metadata socket error: %s" -msgstr "Fout op socket voor metaverkeer: %s" - #: src/net.c:1047 +#, c-format +msgid "Metadata socket error for %s (%s): %s" +msgstr "Fout op socket voor metaverkeer voor %s (%s): %s" + +#: src/net.c:1054 msgid "Metadata read buffer overflow!" msgstr "Metadata ontvangstbuffer overloop!" -#: src/net.c:1057 +#: src/net.c:1066 #, c-format -msgid "Metadata socket read error: %m" -msgstr "Fout op socket voor metaverkeer tijdens lezen: %m" +msgid "Connection closed by %s (%s)" +msgstr "Verbinding verbroken door %s (%s)" -#: src/net.c:1081 +#: src/net.c:1069 +#, c-format +msgid "Metadata socket read error for %s (%s): %m" +msgstr "Fout op socket voor metaverkeer voor %s (%s) tijdens lezen: %m" + +#: src/net.c:1094 #, c-format msgid "Got request from %s (%s): %s" msgstr "Ontving verzoek van %s (%s): %s" -#: src/net.c:1087 +#: src/net.c:1100 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/net.c:1094 +#: src/net.c:1107 #, c-format msgid "Error while processing request from %s (%s)" msgstr "Fout tijdens afhandelen van verzoek van %s (%s)" -#: src/net.c:1101 +#: src/net.c:1114 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/net.c:1146 +#: src/net.c:1159 #, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" -#: src/net.c:1182 +#: src/net.c:1195 #, c-format msgid "Error while reading from tapdevice: %m" msgstr "Fout tijdens lezen van tap-apparaatbestand tijdens lezen: %m" -#: src/net.c:1192 +#: src/net.c:1205 #, c-format msgid "Non-IP ethernet frame %04x from " msgstr "Niet-IP ethernet pakket %04x van " -#: src/net.c:1200 +#: src/net.c:1213 msgid "Dropping short packet" msgstr "Te kort pakket genegeerd" -#: src/net.c:1239 +#: src/net.c:1252 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1251 +#: src/net.c:1264 msgid "Unable to reread configuration file, exiting" msgstr "Fout tijdens herlezen configuratie bestand, beëindigen" @@ -418,7 +433,7 @@ msgstr "Verzending TERMREQ naar %s (%s)" #: src/protocol.c:80 src/protocol.c:98 src/protocol.c:116 src/protocol.c:134 #: src/protocol.c:152 src/protocol.c:191 src/protocol.c:209 src/protocol.c:237 #: src/protocol.c:258 src/protocol.c:276 src/protocol.c:319 src/protocol.c:349 -#: src/protocol.c:784 src/protocol.c:887 +#: src/protocol.c:802 src/protocol.c:905 #, c-format msgid "Send failed: %s:%d: %m" msgstr "Verzenden mislukte: %s:%d: %m" @@ -586,128 +601,138 @@ msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" msgid "Got DEL_HOST for %d.%d.%d.%d from %s (%s) which does not exist?" msgstr "Kreeg DEL_HOST voor %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:617 +#: src/protocol.c:619 +#, c-format +msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" +msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" + +#: src/protocol.c:626 #, c-format msgid "Got DEL_HOST for %s (%s) from %s (%s)" msgstr "Kreeg DEL_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:635 +#: src/protocol.c:644 #, c-format msgid "Got unauthorized PING from %s (%s)" msgstr "Kreeg niet-geautoriseerde PING van %s (%s)" -#: src/protocol.c:641 +#: src/protocol.c:650 #, c-format msgid "Got PING from %s (%s)" msgstr "Kreeg PING van %s (%s)" -#: src/protocol.c:657 +#: src/protocol.c:666 #, c-format msgid "Got unauthorized PONG from %s (%s)" msgstr "Kreeg niet-geautoriseerde PONG van %s (%s)" -#: src/protocol.c:663 +#: src/protocol.c:672 #, c-format msgid "Got PONG from %s (%s)" msgstr "Kreeg PONG van %s (%s)" -#: src/protocol.c:682 +#: src/protocol.c:691 #, c-format msgid "Got unauthorized ADD_HOST from %s (%s)" msgstr "Kreeg niet-geautoriseerde ADD_HOST van %s (%s)" -#: src/protocol.c:689 +#: src/protocol.c:698 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:699 +#: src/protocol.c:708 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:706 +#: src/protocol.c:715 #, c-format msgid "Removing old entry for %s (%s)" msgstr "Verwijdering oude verbinding voor %s (%s)" -#: src/protocol.c:727 +#: src/protocol.c:725 +#, c-format +msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" +msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" + +#: src/protocol.c:745 #, c-format msgid "Got ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:745 +#: src/protocol.c:763 #, c-format msgid "Got unauthorized REQ_KEY from %s (%s)" msgstr "Kreeg niet-geautoriseerde REQ_KEY van %s (%s)" -#: src/protocol.c:752 +#: src/protocol.c:770 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:758 +#: src/protocol.c:776 #, c-format msgid "Got REQ_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" msgstr "Kreeg REQ_KEY herkmonst %d.%d.%d.%d bestemming %d.%d.%d.%d van %s (%s)" -#: src/protocol.c:771 +#: src/protocol.c:789 #, c-format msgid "Attempting to forward REQ_KEY to %d.%d.%d.%d, which does not exist?" msgstr "Poging tot doorsturen REQ_KEY naar %d.%d.%d.%d, die niet bestaat?" -#: src/protocol.c:777 +#: src/protocol.c:795 #, c-format msgid "Forwarding REQ_KEY to %s (%s)" msgstr "Doorsturen REQ_KEY naar %s (%s)" -#: src/protocol.c:836 +#: src/protocol.c:854 #, c-format msgid "Got unauthorized ANS_KEY from %s (%s)" msgstr "Kreeg niet-geautoriseerde ANS_KEY van %s (%s)" -#: src/protocol.c:843 +#: src/protocol.c:861 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:849 +#: src/protocol.c:867 #, c-format msgid "Got ANS_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" msgstr "Kreeg ANS_KEY herkomst %d.%d.%d.%d bestemming %d.%d.%d.%d van %s (%s)" -#: src/protocol.c:858 +#: src/protocol.c:876 #, c-format msgid "" "Receiving ANS_KEY origin %d.%d.%d.%d from %s (%s), which does not exist?" msgstr "Kreeg ANS_KEY herkomst %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:874 +#: src/protocol.c:892 #, c-format msgid "Attempting to forward ANS_KEY to %d.%d.%d.%d, which does not exist?" msgstr "Poging tot doorsturen ANS_KEY naar %d.%d.%d.%d, die niet besttaat?" -#: src/protocol.c:880 +#: src/protocol.c:898 #, c-format msgid "Forwarding ANS_KEY to %s (%s)" msgstr "Doorsturen ANS_KEY naar %s (%s)" -#: src/protocol.c:901 +#: src/protocol.c:919 #, c-format msgid "Got unauthorized KEY_CHANGED from %s (%s)" msgstr "Kreeg niet-geautoriseerde KEY_CHANGED van %s (%s)" -#: src/protocol.c:908 +#: src/protocol.c:926 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:917 +#: src/protocol.c:935 #, c-format msgid "Got KEY_CHANGED origin %d.%d.%d.%d from %s (%s), which does not exist?" msgstr "Kreeg KEY_CHANGED herkomst %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:923 +#: src/protocol.c:941 #, c-format msgid "Got KEY_CHANGED origin %s from %s (%s)" msgstr "Kreeg KEY_CHANGED herkomst %s van %s (%s)" @@ -889,6 +914,6 @@ msgid "Got unexpected signal %d after %s line %d" msgstr "Kreeg onverwacht signaal %d na %s regel %d" #: src/tincd.c:465 -#, c-format +#, fuzzy, c-format msgid "Got unexpected signal %d" -msgstr "Kreeg onverwacht signaal %d" +msgstr "Kreeg onverwacht signaal %d na %s regel %d" diff --git a/src/net.c b/src/net.c index efd30e6f..c7e8b857 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.16 2000/06/30 11:45:14 guus Exp $ + $Id: net.c,v 1.35.4.17 2000/06/30 12:41:05 guus Exp $ */ #include "config.h" @@ -508,7 +508,8 @@ cp cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); if(cl->meta_socket == -1) { - syslog(LOG_ERR, _("Creating socket failed: %m")); + syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"), + cl->real_hostname, cl->port); return -1; } @@ -525,7 +526,8 @@ cp flags = fcntl(cl->meta_socket, F_GETFL); if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, _("fcntl: %m")); + syslog(LOG_ERR, _("fcntl for %s port %d: %m"), + cl->real_hostname, cl->port); return -1; } @@ -751,7 +753,8 @@ cp flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, nfd); + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd, + cl->vpn_hostname, cl->real_hostname); return -1; } @@ -837,12 +840,14 @@ int handle_incoming_vpn_data(conn_list_t *cl) cp if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->socket); + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->socket, + cl->vpn_hostname, cl->real_hostname); return -1; } if(x) { - syslog(LOG_ERR, _("Incoming data socket error: %s"), sys_errlist[x]); + syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"), + cl->vpn_hostname, cl->real_hostname, sys_errlist[x]); return -1; } @@ -850,7 +855,7 @@ cp lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL); if(lenin <= 0) { - syslog(LOG_ERR, _("Receiving packet from %s failed: %m"), cl->real_hostname); + syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"), cl->vpn_hostname, cl->real_hostname); return -1; } total_socket_in += lenin; @@ -1033,12 +1038,14 @@ int handle_incoming_meta_data(conn_list_t *cl) cp if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, cl->meta_socket); + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket, + cl->vpn_hostname, cl->real_hostname); return -1; } if(x) { - syslog(LOG_ERR, _("Metadata socket error: %s"), sys_errlist[x]); + syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), + cl->vpn_hostname, cl->real_hostname, sys_errlist[x]); return -1; } @@ -1054,7 +1061,13 @@ cp { if(errno==EINTR) return 0; - syslog(LOG_ERR, _("Metadata socket read error: %m")); + if(errno==0) + if(debug_lvl>0) + syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + else + syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"), + cl->vpn_hostname, cl->real_hostname); return -1; } @@ -1251,6 +1264,7 @@ cp syslog(LOG_ERR, _("Unable to reread configuration file, exiting")); exit(0); } + sleep(5); setup_network_connections(); continue; } diff --git a/src/protocol.c b/src/protocol.c index a6f30290..f8d72298 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.17 2000/06/29 19:47:03 guus Exp $ + $Id: protocol.c,v 1.28.4.18 2000/06/30 12:41:06 guus Exp $ */ #include "config.h" @@ -613,6 +613,15 @@ cp return 0; } + /* Connections lists are really messed up if this happens */ + if(vpn_ip == myself->vpn_ip) + { + syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"), + cl->vpn_hostname, cl->real_hostname); + sighup = 1; + return 0; + } + if(debug_lvl > 1) syslog(LOG_DEBUG, _("Got DEL_HOST for %s (%s) from %s (%s)"), fw->vpn_hostname, fw->real_hostname, cl->vpn_hostname, cl->real_hostname); @@ -709,6 +718,15 @@ cp terminate_connection(old); } } + + /* Connections lists are really messed up if this happens */ + if(vpn_ip == myself->vpn_ip) + { + syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), + cl->vpn_hostname, cl->real_hostname); + sighup = 1; + return 0; + } ncn = new_conn_list(); ncn->real_ip = real_ip; From 8309e9b869c25677d674f5cecb8b7ac5469d1758 Mon Sep 17 00:00:00 2001 From: Wessel Dankers Date: Fri, 30 Jun 2000 20:50:47 +0000 Subject: [PATCH 038/923] File added to CABAL (hopefully) --- doc/HOWTO | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 doc/HOWTO diff --git a/doc/HOWTO b/doc/HOWTO new file mode 100644 index 00000000..15c89713 --- /dev/null +++ b/doc/HOWTO @@ -0,0 +1,115 @@ + ============== + The TINC HOWTO + ============== + + Wessel Dankers + wsl@nl.linux.org + +Introduction +------------ +Tinc is a system to create a virtual ethernet network on top of an existing +infrastructure. This infrastructure can be anything from modem lines to +gigabit ethernet networks, as long as they talk IP. Once you install and +configure tinc, your host will get an extra IP address, just like it would +when you stick an extra ethernet card into it. Using this IP address, it can +communicate with all hosts in its virtual network using strong encryption. + +If you install Tinc on a router (and pick your numbers correctly) you can +have the router forward all packets. This way you can---instead of +connecting hosts---connect entire sites together! Now you need only one +outgoing network connection for both internet and intranet. + +Architecture +------------ +FIXME + +Getting Tinc +------------ +Before you fetch the latest tarball, you might want to check if there's a +package for your Linux distribution. One of the main authors is a Debian +Developer, so you can expect the Debian packages to be very up to date. + +The official website for Tinc can be found at http://tinc.nl.linux.org/. +There you can find Debian packages, RPM's and of course... the tarball! +Since we run Doohickey Linux Pro 1.0, for which no package exists (or +indeed the distribution itself) we shall compile the package ourselves. + +Building +-------- +The Tinc source adheres to so many standards it makes you head spin. +Even the debug messages have been localized! Amazing. Tinc also comes +with a configuration script. If you like to see what is there to +configure run ./configure --help | more. If you don't have time for such +nonsense: + + ./configure --sysconfdir=/etc + +This will see if your system is nice enough to run tinc on, and will +create some Makefiles and other stuff which will together build tinc. + + make + make install + +The first will do the actual build, the second copies all files into place. + +The kernel +---------- +FIXME + +Picking your numbers +-------------------- +The first thing we should do is pick network numbers. Tinc has a very +peculiar taste for network numbers, which is caused by the way it routes +traffic. However, it turns out to be really handy if you want to use +your tinc host as a router for a site. + +The numbers have to be in a range that is not yet in use in your existing, +real network! In this example we will use numbers from the 192.168.0/16 +range. This is standard CIDR notation for all IP addresses from 192.168.0.0 +to 192.168.255.255. The /16 means that the first 16 bits form the network +part. + +It is common practice for Tinc networks to use private (RFC 1918) addresses. +This is not necessary, but it would be a waste to use official addresses +for a private network! + +In the example we will connect three machines: f00f, fdiv and hlt. We will +give each an address, but not just that, also a slice of our address space +to play with. + + Host Real address Tinc network + --------------------------------------------------- + f00f 126.202.37.20 192.168.1.1/24 + fdiv 126.202.37.81 192.168.2.1/24 + hlt 103.22.1.218 192.168.3.1/24 + +It is very important that none of the Tinc netmasks overlap! Note how the +192.168.0/16 network covers the entire address space of the three hosts. +We will refer to the 192.168.0/16 network as the `umbrella' from now on. +As you can see we can fit 256 hosts into this umbrella this way, which is +also the practical maximum for tinc. + +The configuration file +---------------------- +Let's create a configuration file for f00f. We have to put it in /etc/tinc, +unless you participate in multiple umbrella's (more on that later). + + MyOwnVPNIP = 192.168.1.1/24 + VpnMask = 255.255.0.0 + ConnectTo = 126.202.37.81 + ConnectTo = 103.22.1.218 + +The first two lines tell Tinc about the numbers we have chosen above. +Using the ConnectTo lines, the daemon will seek contact with the rest of +the umbrella. It's possible to configure any number of ConnectTo lines, +you can even omit them so that it just sits and waits until someone else +contacts it. Until someone does, the poor daemon won't be able to send +any data because it doesn't know where everybody is. + +The passphrases +--------------- +We will have to generate keys for ourselves, and get a key from everybody +we want to ConnectTo. + +-- +$Id: HOWTO,v 1.2.2.1 2000/06/30 20:50:47 wsl Exp $ From 1a1ebefd572c18d6af187750847b024ce07551ae Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 30 Jun 2000 21:03:51 +0000 Subject: [PATCH 039/923] - Made tinc even more silent if no -d flag is given at all. --- src/encr.c | 8 +++++--- src/net.c | 5 +++-- src/protocol.c | 8 +++++--- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/src/encr.c b/src/encr.c index cadeba4f..7830bbee 100644 --- a/src/encr.c +++ b/src/encr.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: encr.c,v 1.12.4.1 2000/06/25 15:16:11 guus Exp $ + $Id: encr.c,v 1.12.4.2 2000/06/30 21:03:50 guus Exp $ */ #include "config.h" @@ -109,7 +109,8 @@ cp if((f = fopen(filename, "rb")) == NULL) { - syslog(LOG_ERR, _("Could not open %s: %m"), filename); + if(debug_lvl > 1) + syslog(LOG_ERR, _("Could not open %s: %m"), filename); return -1; } @@ -150,7 +151,8 @@ cp else my_key_expiry = (time_t)(time(NULL) + cfg->data.val); - syslog(LOG_NOTICE, _("Generating %d bits keys"), PRIVATE_KEY_BITS); + if(debug_lvl > 1) + syslog(LOG_NOTICE, _("Generating %d bits keys"), PRIVATE_KEY_BITS); if((f = fopen("/dev/urandom", "r")) == NULL) { diff --git a/src/net.c b/src/net.c index c7e8b857..f136a58e 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.17 2000/06/30 12:41:05 guus Exp $ + $Id: net.c,v 1.35.4.18 2000/06/30 21:03:51 guus Exp $ */ #include "config.h" @@ -531,7 +531,8 @@ cp return -1; } - syslog(LOG_INFO, _("Connected to %s port %hd"), + if(debug_lvl > 0) + syslog(LOG_INFO, _("Connected to %s port %hd"), cl->real_hostname, cl->port); cp return 0; diff --git a/src/protocol.c b/src/protocol.c index f8d72298..3c20f3b2 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.18 2000/06/30 12:41:06 guus Exp $ + $Id: protocol.c,v 1.28.4.19 2000/06/30 21:03:51 guus Exp $ */ #include "config.h" @@ -507,7 +507,8 @@ cp while(old = lookup_conn(cl->vpn_ip)) { - syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), + if(debug_lvl > 1) + syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), cl->vpn_hostname, old->real_hostname, cl->real_hostname); old->status.active = 0; terminate_connection(old); @@ -535,7 +536,8 @@ cp cl->status.active = 1; - syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), + if(debug_lvl > 0) + syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->vpn_hostname, cl->real_hostname); notify_others(cl, NULL, send_add_host); From ce72275a4342ff4e21d21bb740ee88dca1ddb5f1 Mon Sep 17 00:00:00 2001 From: Wessel Dankers Date: Fri, 30 Jun 2000 21:16:52 +0000 Subject: [PATCH 040/923] Grrr, recommit --- doc/HOWTO | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/doc/HOWTO b/doc/HOWTO index 15c89713..b229cafc 100644 --- a/doc/HOWTO +++ b/doc/HOWTO @@ -109,7 +109,25 @@ any data because it doesn't know where everybody is. The passphrases --------------- We will have to generate keys for ourselves, and get a key from everybody -we want to ConnectTo. +we want to ConnectTo. All of these go into a directory named +/etc/tinc/passphrases. PROTECT THIS DIRECTORY! + + mkdir -m 700 /etc/tinc/passphrases + +To generate our own key: + + genauth 1024 >/etc/tinc/passphrases/local + +You should then proceed to give this key to anyone who wants to ConnectTo +you. DO THIS IN A SECURE MANNER! Anyone who has this number can do icky +things to the umbrella network! Encrypt it using PGP, GPG or another +program using asymetric keys. Read it over the phone (without anyone +listening of course). Send it by snailmail. Write the key down and bring +it to your partners yourself! + +If you get any keys from your partners, store them under their network +number. For example, the key we get from fdiv's network administrator +will be stored in /etc/tinc/passphrases/192.168.2.0 (note the 0). -- -$Id: HOWTO,v 1.2.2.1 2000/06/30 20:50:47 wsl Exp $ +$Id: HOWTO,v 1.2.2.2 2000/06/30 21:16:52 wsl Exp $ From 8ec648abf438bb5fcfe84e3a1c6a31192dc32b2e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 30 Jun 2000 22:38:58 +0000 Subject: [PATCH 041/923] - Added documentation for the protocols (most important the meta protocol) used by tinc. --- doc/PROTOCOL | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 doc/PROTOCOL diff --git a/doc/PROTOCOL b/doc/PROTOCOL new file mode 100644 index 00000000..81de215c --- /dev/null +++ b/doc/PROTOCOL @@ -0,0 +1,96 @@ +This is the protocol documentation for tinc, a Virtual Private Network daemon. + + Copyright 2000 Guus Sliepen + + Permission is granted to make and distribute verbatim copies of + this documentation provided the copyright notice and this permission + notice are preserved on all copies. + + Permission is granted to copy and distribute modified versions + of this documentation under the conditions for verbatim copying, provided + that the entire resulting derived work is distributed under + the terms of a permission notice identical to this one. + + $Id: PROTOCOL,v 1.1.2.1 2000/06/30 22:38:58 guus Exp $ + + +1. Protocols used in tinc +------------------------- + +Tinc uses several protocols to function correctly. To enter the network of tinc +daemons that make up the virtual private network, tinc makes TCP connections to +other tinc daemons. It uses the "meta protocol" for these connections. To +exchange packets on the virtual network, UDP connections are made and the +"packet protocol" is used. Tinc also needs to exchange network packets with the +kernel. This is done using the ethertap device in Linux. Also planned is a +generic PPP interface, because it is supported on virtually all UNIX flavours. +The protocols for those interfaces will not be described in this document. + +2. Packet protocol +------------------ + +This is described in net.h. + +3. Meta protocol +---------------- + +The meta protocol is used to tie all tinc daemons together, and exchange +information about which tinc daemon serves which virtual subnet. + +The meta protocol consists of requests that can be sent to the other side. Each +request has a unique number and several parameters. All requests are represented +in the standard ASCII character set. It is possible to use tools such as telnet +or netcat to connect to a tinc daemon and to read and write requests by hand, +provided that one understands the numeric codes sent. + +When tinc daemons connect to each other, they will have to authenticate each +other first. This is done by exchanging BASIC_INFO, PASSPHRASE, PUBLIC_KEY and +ACK requests. BASIC_INFO requests contain the virtual address and netmask of the +tinc daemon, protocol version, port number and flags. This identifies that tinc +daemon, though it still has to be verified. To that end, passphrases and public +keys are exchanged. The passphrases are known at both ends, but they are +encrypted with the public key before transmission. This way, nobody that sniffs +the network can see what the passphrase actually was, and at the same time this +ensures that the other host really knows the secret key that belongs to the +public key it sends. If both hosts are satisfied, the connection is activated, +the contents of each other's connection lists are exchanged and other requests +may be sent. The following diagram shows how authentication is done: + +Client Server +---------------------------------------------------------------- +Connects to server + Accepts connection + Sends BASIC_INFO +Verifies BASIC_INFO +If server is already in +connection list, abort. +Else sends his own BASIC_INFO + Verifies BASIC_INFO + If client is alread in + connection list, remove + old entry. + Sends PASSPHRASE +Receives and stores PASSPHRASE. +Sends his own PASSPHRASE + Receives and stores PASSPHRASE. + Sends PUBLIC_KEY +Verifies PUBLIC key and stored +PASSPHRASE. If wrong, abort. +Else sends his own PUBLIC_KEY + Verifies PUBLIC key and stored + PASSPHRASE. If wrong, abort. + Else activates connection and + sends ACK and ADD_HOSTs for all + known hosts +Receives ACK and activates +connection. +Sends ADD_HOSTs for all known +hosts +---------------------------------------------------------------- + +The client must never make a connection to a server that is already in it's +connection list. Not only would it corrupt the connection list, but it would +also violate the tree property. The meta connections must always be so that +there are no loops. This is very important, because certain requests are +broadcast over the entire network of tinc daemons. If there were loops, packets +would be sent infinitely. From 7fdc881b86fe379216f09dd5703bb88d398c87a8 Mon Sep 17 00:00:00 2001 From: Wessel Dankers Date: Sat, 1 Jul 2000 07:29:32 +0000 Subject: [PATCH 042/923] Added architecture section, made a start with the kernel section. ToDo: install tinc myself to see if everything is as I say =) --- doc/HOWTO | 66 +++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 54 insertions(+), 12 deletions(-) diff --git a/doc/HOWTO b/doc/HOWTO index b229cafc..d645285f 100644 --- a/doc/HOWTO +++ b/doc/HOWTO @@ -21,7 +21,20 @@ outgoing network connection for both internet and intranet. Architecture ------------ -FIXME +When a few Tinc daemons are running they will try to seek contact with +eachother. A daemon is all the time connected to a few other daemons, +but if traffic is required with a daemon it doesn't know yet, it will +instantly contact it and exchange keys. These so-called meta-connections +are made over TCP, using encryption of course. + +When actual traffic has to be sent, a daemon checks his connection list to +see if the addressee is known (and makes contact with it if neccessary). +All packets are then sent using UDP to the other host, just like in a real +network. If a packet gets lost, the connection layer of Linux will resend +the packet, just like it would over a normal network. + +Once in a while the daemons will renegotiate keys so that even if a cracker +breaks one, it'll be of limited use. Getting Tinc ------------ @@ -54,7 +67,11 @@ The first will do the actual build, the second copies all files into place. The kernel ---------- -FIXME +Next you will have to configure the kernel to support the tap device. +It is important that you run a recent kernel, but anything after 2.2.16 +will do. You have to enable both the netlink device AND the ethertap +device (in that order). Enable them as modules! +Compile, install =) You don't even have to reboot. Picking your numbers -------------------- @@ -87,17 +104,18 @@ It is very important that none of the Tinc netmasks overlap! Note how the 192.168.0/16 network covers the entire address space of the three hosts. We will refer to the 192.168.0/16 network as the `umbrella' from now on. As you can see we can fit 256 hosts into this umbrella this way, which is -also the practical maximum for tinc. +also the practical maximum for tinc. Let's name our VPN 'fubar'. The configuration file ---------------------- -Let's create a configuration file for f00f. We have to put it in /etc/tinc, -unless you participate in multiple umbrella's (more on that later). +Let's create a configuration file for f00f. We have to put it in +/etc/tinc/fubar because that's how we named our VPN. MyOwnVPNIP = 192.168.1.1/24 VpnMask = 255.255.0.0 ConnectTo = 126.202.37.81 ConnectTo = 103.22.1.218 + TapDevice = /dev/tap0 The first two lines tell Tinc about the numbers we have chosen above. Using the ConnectTo lines, the daemon will seek contact with the rest of @@ -105,29 +123,53 @@ the umbrella. It's possible to configure any number of ConnectTo lines, you can even omit them so that it just sits and waits until someone else contacts it. Until someone does, the poor daemon won't be able to send any data because it doesn't know where everybody is. +The TapDevice is where the tinc daemon will interface with the kernel. The passphrases --------------- We will have to generate keys for ourselves, and get a key from everybody we want to ConnectTo. All of these go into a directory named -/etc/tinc/passphrases. PROTECT THIS DIRECTORY! +/etc/tinc/fubar/passphrases. PROTECT THIS DIRECTORY! - mkdir -m 700 /etc/tinc/passphrases + mkdir -m 700 /etc/tinc/fubar/passphrases To generate our own key: - genauth 1024 >/etc/tinc/passphrases/local + genauth 1024 >/etc/tinc/fubar/passphrases/local You should then proceed to give this key to anyone who wants to ConnectTo you. DO THIS IN A SECURE MANNER! Anyone who has this number can do icky things to the umbrella network! Encrypt it using PGP, GPG or another -program using asymetric keys. Read it over the phone (without anyone +program using asymmetric keys. Read it over the phone (without anyone listening of course). Send it by snailmail. Write the key down and bring -it to your partners yourself! +it to your partners personally! If you get any keys from your partners, store them under their network number. For example, the key we get from fdiv's network administrator -will be stored in /etc/tinc/passphrases/192.168.2.0 (note the 0). +will be stored in /etc/tinc/fubar/passphrases/192.168.2.0 (note the 0). + +Running the daemon +------------------ +If you use a package manager to install Tinc, the startup scripts use a file +called /etc/tinc/nets.boot to see which umbrella's exist. It has a line +per VPN, and lines starting with a # are ignored. Ours will contain: + + # Example VPN from the HOWTO + fubar + +In Debian, /etc/init.d/tinc start will start the daemons. + +If you use Doohickey Linux just like we do, you'll have to edit the systems +startup scripts by hand. It should contain something along the lines of: + + insmod ethertap -s --name=tap0 unit=0 + ifconfig tap0 hw ether fe:fd:c0:a8:01:01 + ifconfig tap0 192.168.1.1 netmask 255.255.0.0 broadcast 192.168.255.255 -arp + +There are two things to note here! First, the MAC address of the ethertap +device is very important. It must start with fe:fd, and end in the +hexadecimal representation of the VPN IP number. +Second, the netmask of the tap device is set to that of the umbrella! -- -$Id: HOWTO,v 1.2.2.2 2000/06/30 21:16:52 wsl Exp $ +$Id: HOWTO,v 1.2.2.3 2000/07/01 07:29:32 wsl Exp $ From 1b28f88808b9ac3193cf9a0db7a81a89eed8b4ef Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 1 Jul 2000 07:49:21 +0000 Subject: [PATCH 043/923] - Removed a single unused bit from status_bits_t. --- src/net.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/net.h b/src/net.h index 98367a3a..a74a9f9f 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.5 2000/06/29 13:04:15 guus Exp $ + $Id: net.h,v 1.9.4.6 2000/07/01 07:49:21 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -82,7 +82,7 @@ typedef struct status_bits_t { int validkey:1; /* 1 if we currently have a valid key for him */ int waitingforkey:1; /* 1 if we already sent out a request */ int dataopen:1; /* 1 if we have a valid UDP connection open */ - int unused:22; + int unused:21; } status_bits_t; typedef struct queue_element_t { From 09f4ec190119298187cec09dd5049af8fd8bad94 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 1 Jul 2000 14:32:24 +0000 Subject: [PATCH 044/923] - Updated PROTOCOL (a bit) - Included a real tincd.8 describing the options, signals, debug levels and files used by tincd. --- doc/Makefile.am | 4 +- doc/PROTOCOL | 28 +++++------ doc/tincd.8 | 131 ++++++++++++++++++++++++++++++++++++++++++++++++ doc/tincd.x | 22 -------- 4 files changed, 147 insertions(+), 38 deletions(-) create mode 100644 doc/tincd.8 delete mode 100644 doc/tincd.x diff --git a/doc/Makefile.am b/doc/Makefile.am index 09707ed6..d0bdb3a3 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -2,10 +2,10 @@ info_TEXINFOS = tinc.texi -dyn_MANS = tincd.8 +dyn_MANS = man_aux = $(dyn_MANS:.8=.x) -man_MANS = tinc.conf.5 genauth.8 $(dyn_MANS) +man_MANS = tincd.8 tinc.conf.5 genauth.8 $(dyn_MANS) PERL = @PERL@ HELP2MAN = help2man diff --git a/doc/PROTOCOL b/doc/PROTOCOL index 81de215c..6b8f9fac 100644 --- a/doc/PROTOCOL +++ b/doc/PROTOCOL @@ -11,7 +11,7 @@ This is the protocol documentation for tinc, a Virtual Private Network daemon. that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: PROTOCOL,v 1.1.2.1 2000/06/30 22:38:58 guus Exp $ + $Id: PROTOCOL,v 1.1.2.2 2000/07/01 14:32:24 guus Exp $ 1. Protocols used in tinc @@ -29,7 +29,7 @@ The protocols for those interfaces will not be described in this document. 2. Packet protocol ------------------ -This is described in net.h. +See net.h for now. 3. Meta protocol ---------------- @@ -58,34 +58,34 @@ may be sent. The following diagram shows how authentication is done: Client Server ---------------------------------------------------------------- -Connects to server - Accepts connection - Sends BASIC_INFO -Verifies BASIC_INFO +Connects to server: + Accepts connection. + Sends BASIC_INFO: +Verifies BASIC_INFO. If server is already in connection list, abort. -Else sends his own BASIC_INFO - Verifies BASIC_INFO +Else sends his own BASIC_INFO: + Verifies BASIC_INFO. If client is alread in connection list, remove old entry. - Sends PASSPHRASE + Sends PASSPHRASE: Receives and stores PASSPHRASE. -Sends his own PASSPHRASE +Sends his own PASSPHRASE: Receives and stores PASSPHRASE. - Sends PUBLIC_KEY + Sends PUBLIC_KEY: Verifies PUBLIC key and stored PASSPHRASE. If wrong, abort. -Else sends his own PUBLIC_KEY +Else sends his own PUBLIC_KEY: Verifies PUBLIC key and stored PASSPHRASE. If wrong, abort. Else activates connection and sends ACK and ADD_HOSTs for all - known hosts + known hosts. Receives ACK and activates connection. Sends ADD_HOSTs for all known -hosts +hosts. ---------------------------------------------------------------- The client must never make a connection to a server that is already in it's diff --git a/doc/tincd.8 b/doc/tincd.8 new file mode 100644 index 00000000..d38f6d4e --- /dev/null +++ b/doc/tincd.8 @@ -0,0 +1,131 @@ +.TH TINCD 8 "June 2000" "tinc version 1.0pre3" "FSF" +.SH NAME +tinc \- tinc VPN daemon +.SH SYNOPSIS +.B tincd +[\fIoption\fR]... +.SH DESCRIPTION +.PP + +This is the daemon of tinc, a secure virtual private +network (VPN) project. When started, tincd will read +it's configuration file to determine what virtual subnet +it has to serve and to what other tinc daemons it should connect. +It will connect to the ethertap device and set up a socket for incomming +connections. +If that succeeds, it will detach from the controlling terminal and +continue in the background, accepting and setting up connections to other +tinc daemons that are part of the virtual private network. + +.SH OPTIONS +.TP +\fB\-c\fR, \fB\-\-config\fR=\fIFILE\fR +Read configuration options from FILE. +.TP +\fB\-D\fR, \fB\-\-no\-detach\fR +Don't fork and detach. +.TP +\fB\-d\fR +Increase debug level. +.TP +\fB\-k\fR, \fB\-\-kill\fR +Attempt to kill a running tincd and exit. +.TP +\fB\-n\fR, \fB\-\-net\fR=\fINETNAME\fR +Connect to net NETNAME. +.TP +\fB\-t\fR, \fB\-\-timeout\fR=\fITIMEOUT\fR +Seconds to wait before giving a timeout. +.TP +\fB\-\-help\fR +Display this help and exit. +.TP +\fB\-\-version\fR +Output version information and exit. +.PP +.SH "SIGNALS" +.TP +\fBHUP\fR +Closes all connections, rereads the configuration file and restarts the daemon. +.TP +\fBINT\fR +Closes all connections and quits. +.TP +\fBUSR1\fR +Dumps the connection list to syslog. +.TP +\fBUSR2\fR +Invalidates the current cryptographic key and generates a new one. +.TP +\fBALRM\fR +Forces tincd to try to connect to an uplink immediately. Usually tincd attempts +to do this itself, but increases the time it waits between the attempts each time +it failed, and if tincd didn't succeed to connect to an uplink the first time after +it started, it defaults to the maximum time of 15 minutes. +.PP +.SH "DEBUG LEVELS" +The tinc daemon can send a lot of messages to the syslog. The more \fB\-d\fR options are +given to tincd, the more messages it will log. Each level inherits all messages of the +previous level: +.TP +\fIno debug options\fR +This will log a message indicating tincd has started along with a version number. +It will also any serious error. +.TP +\fB\-d\fR +This will log all connections that are made with other tinc daemons. +.TP +\fB\-d \-d\fR +This will log all requests that are exchanged with other tinc daemons. These include +authentication, key exchange and connection list updates. +.TP +\fB\-d \-d \-d\fR +This will log a copy of everything received on the meta socket. +.TP +\fB\-d \-d \-d \-d\fR +This will log all packets that are sent over the virtual private network. +.PP +.SH "FILES" +.TP +\fI/etc/tinc//tinc.conf\fR +The configuration file for tincd. +.TP +\fI/etc/tinc//passphrases/*\fR +The directory containing the secret passphrases +used to authenticate other tinc daemons. +.PP +.SH "BUGS" +Maintaining a connection list on each tinc daemon that can connect and disconnect at any +moment, and making sure that all connections satisfy the tree property isn't easy. Although +we have done a lot to make sure tinc is sturdy and foolproof, it might happen that +some connection lists get corrupted. +.PP +If you find any bugs, report them to tinc@nl.linux.org. +.PP +.SH "TODO" +A lot. If something you would like to see is not implemented, just ask; we most certainly will. +.PP +.SH "SEE ALSO" +\fBtinc.conf\fR(5), \fBgenauth\fR(8) +.TP +\fBhttp://tinc.nl.linux.org/\fR +.TP +\fBhttp://www.cabal.org/\fR +.PP +The full documentation for +.B tinc +is maintained as a Texinfo manual. If the +.B info +and +.B tinc +programs are properly installed at your site, the command +.IP +.B info tinc +.PP +should give you access to the complete manual. +.PP +tinc comes with ABSOLUTELY NO WARRANTY. This is free software, +and you are welcome to redistribute it under certain conditions; +see the file COPYING for details. +.PP +This product includes software developed by Eric Young (eay@mincom.oz.au) diff --git a/doc/tincd.x b/doc/tincd.x deleted file mode 100644 index c834d8ea..00000000 --- a/doc/tincd.x +++ /dev/null @@ -1,22 +0,0 @@ -[DESCRIPTION] -." Add any additional description here - -This is the daemon part of tinc. tinc is a secure virtual private -network (VPN) project. - -.SH OPTIONS - - -[FILES] -.TP -\fI/etc/tinc\fR -The top directory for configuration files. -.PP - -[SEE ALSO] -\fBtincd.conf\fR(5), \fBgenauth\fR(8) -.TP -\fBhttp://tinc.nl.linux.org/\fR -.TP -\fBhttp://www.cabal.org/\fR - From e821a22876d15c921a4c1fbc0f792d83e90916f6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 1 Jul 2000 14:40:56 +0000 Subject: [PATCH 045/923] - Forgot to mention ourselves in the tincd manual page! :) --- doc/tincd.8 | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/tincd.8 b/doc/tincd.8 index d38f6d4e..573531eb 100644 --- a/doc/tincd.8 +++ b/doc/tincd.8 @@ -129,3 +129,11 @@ and you are welcome to redistribute it under certain conditions; see the file COPYING for details. .PP This product includes software developed by Eric Young (eay@mincom.oz.au) +.SH "AUTHORS" +.na +.nf +Ivo Timmermans +Guus Sliepen + +And thanks to many others for their contributions to tinc! +.PP From 721d85f77277813345bdb63a610e984cec996613 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 2 Jul 2000 12:35:28 +0000 Subject: [PATCH 046/923] - Added Spanish translation from Enrique Zanardi. --- po/es.po | 742 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 742 insertions(+) create mode 100644 po/es.po diff --git a/po/es.po b/po/es.po new file mode 100644 index 00000000..b4c8fc93 --- /dev/null +++ b/po/es.po @@ -0,0 +1,742 @@ +# Spanish messages for tinc +# Copyright (C) 1999, 2000 Free Software Foundation, Inc. +# Ivo Timmermans , 1999, 2000. +# +msgid "" +msgstr "" +"Project-Id-Version: tinc 1.0pre2\n" +"POT-Creation-Date: 2000-07-02 12:47+0100\n" +"PO-Revision-Date: 2000-07-02 12:49+01:00\n" +"Last-Translator: Enrique Zanardi \n" +"Language-Team: Spanish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#: src/conf.c:158 +#, c-format +msgid "%s: %d: Invalid variable name `%s'.\n" +msgstr "%s: %d: Nombre de variable `%s' no válido.\n" + +#: src/conf.c:165 +#, c-format +msgid "%s: %d: No value given for `%s'.\n" +msgstr "%s: %d: No se ha definido un valor para `%s'.\n" + +#: src/conf.c:173 +#, c-format +msgid "%s: %d: Invalid value `%s' for variable `%s'.\n" +msgstr "%s: %d: Valor `%s' para la variable `%s' no válido.\n" + +#: src/conf.c:194 +#, c-format +msgid "Could not open %s: %s\n" +msgstr "No pude abrir %s: %s\n" + +#: src/encr.c:112 src/net.c:333 +#, c-format +msgid "Could not open %s: %m" +msgstr "No pude abrir %s: %m" + +#: src/encr.c:119 +#, c-format +msgid "Illegal passphrase in %s; size would be %d" +msgstr "Frase de paso ilegal en %s; el tamaño debe ser %d" + +#: src/encr.c:153 +#, c-format +msgid "Generating %d bits keys." +msgstr "Generando claves de %d bits." + +#: src/encr.c:157 +#, c-format +msgid "Opening /dev/urandom failed: %m" +msgstr "Fallo abriendo /dev/urandom : %m" + +#: src/encr.c:222 +#, c-format +msgid "Encryption key set to %s" +msgstr "Clave de cifrado definida como %s" + +#: src/genauth.c:48 +#, c-format +msgid "Usage: %s bits\n" +msgstr "Uso: %s bits\n" + +#: src/genauth.c:57 +#, c-format +msgid "Illegal number: %s\n" +msgstr "Número ilegal: %s\n" + +#: src/genauth.c:62 +#, c-format +msgid "Generating %d bits number" +msgstr "Generando número de %d bits" + +#: src/genauth.c:67 +msgid "Opening /dev/urandom" +msgstr "Abriendo /dev/urandom" + +#: src/genauth.c:80 +msgid "File was empty!\n" +msgstr "¡El fichero estaba vacío!\n" + +#: src/genauth.c:88 +msgid "" +": done.\n" +"The following line should be ENTIRELY copied into a passphrase file:\n" +msgstr "" +": hecho.\n" +"La siguiente línea debe ser copiada ENTERA a un fichero de frase de paso:\n" + +#: src/genauth.c:100 +msgid ": done.\n" +msgstr ": hecho.\n" + +#: src/net.c:106 +#, c-format +msgid "Sent %d bytes to %lx" +msgstr "Enviados %d bytes a %lx" + +#: src/net.c:110 +#, c-format +msgid "Error sending data: %m" +msgstr "Error enviando datos: %m" + +#: src/net.c:130 +#, c-format +msgid "Can't write to tap device: %m" +msgstr "No puedo escribir en el dispositivo tap: %m" + +#: src/net.c:149 +#, c-format +msgid "packet to queue: %d" +msgstr "paquete a poner en cola: %d" + +#: src/net.c:236 +msgid "queue flushed" +msgstr "cola vaciada" + +#: src/net.c:251 +msgid "Flushing send queue for " +msgstr "Vaciando la cola de envíos para " + +#: src/net.c:259 +msgid "Flushing receive queue for " +msgstr "Vaciando la cola de recepción para " + +#: src/net.c:277 +msgid "trying to look up " +msgstr "intentando buscar " + +#: src/net.c:284 +msgid "There is no remote host I can send this packet to." +msgstr "No hay máquina remota a la que pueda enviar este paquete." + +#: src/net.c:354 +#, c-format +msgid "Creating metasocket failed: %m" +msgstr "Fallo al crear el metasocket: %m" + +#: src/net.c:360 src/net.c:409 +#, c-format +msgid "setsockopt: %m" +msgstr "setsockopt(): %m" + +#: src/net.c:367 src/net.c:416 src/net.c:468 +#, c-format +msgid "fcntl: %m" +msgstr "fcntl(): %m" + +#: src/net.c:378 +#, c-format +msgid "Can't bind to port %hd/tcp: %m" +msgstr "Ha fallado la llamada a bind() con el puerto %hd/tcp: %m" + +#: src/net.c:384 +#, c-format +msgid "listen: %m" +msgstr "listen(): %m" + +#: src/net.c:403 src/net.c:451 +#, c-format +msgid "Creating socket failed: %m" +msgstr "Error al crear el `socket': %m" + +#: src/net.c:427 +#, c-format +msgid "Can't bind to port %hd/udp: %m" +msgstr "Ha fallado la llamada a bind() con el puerto %hd/udp: %m" + +#: src/net.c:474 +#, c-format +msgid "Connected to %s:%hd" +msgstr "Conectado a %s:%hd" + +#: src/net.c:495 +msgid "Could not set up a meta connection." +msgstr "No he podido configurar una meta conexión." + +#: src/net.c:519 +msgid "No value for my VPN IP given" +msgstr "No se ha definido un valor para mi VPN IP" + +#: src/net.c:533 +msgid "Unable to set up a listening socket" +msgstr "No puedo configurar un `socket' a la escucha" + +#: src/net.c:539 +msgid "Unable to set up an incoming vpn data socket" +msgstr "No puedo configurar un `socket' para recibir datos de la vpn" + +#: src/net.c:546 +#, c-format +msgid "Ready: listening on port %d." +msgstr "Listo: escuchando en el puerto %d." + +#: src/net.c:569 +#, c-format +msgid "Still failed to connect to other. Will retry in %d seconds." +msgstr "Siguo sin poder conectar con el otro. Lo reintentaré en %d segundos." + +#: src/net.c:602 +msgid "Try to re-establish outgoing connection in 5 minutes." +msgstr "Intento reestablecer la conexión saliente en 5 minutos." + +#: src/net.c:640 +msgid "Terminating." +msgstr "Terminando." + +#: src/net.c:654 +msgid "Opening UDP socket to " +msgstr "Abriendo `socket' UDP a " + +#: src/net.c:659 +#, c-format +msgid "Creating data socket failed: %m" +msgstr "Error al crear `socket' de datos: %m" + +#: src/net.c:669 +msgid "Connecting to " +msgstr "Conectando a " + +#: src/net.c:677 src/net.c:761 src/net.c:954 +#, c-format +msgid "This is a bug: %s:%d: %d:%m" +msgstr "Esto es un `bug': %s:%d: %d:%m" + +#: src/net.c:701 +#, c-format +msgid "Error: getpeername: %m" +msgstr "Error: getpeername(): %m" + +#: src/net.c:713 +#, c-format +msgid "Connection from %s:%d" +msgstr "Conexión desde %s:%d" + +#: src/net.c:766 +#, c-format +msgid "Incoming data socket error: %s" +msgstr "Error en el `socket' de recepción de datos: %s" + +#: src/net.c:774 +#, c-format +msgid "Receiving data failed: %m" +msgstr "Error recibiendo datos: %m" + +#: src/net.c:787 +msgid "packet from " +msgstr "paquete desde " + +#: src/net.c:791 +msgid "Got packet from unknown source " +msgstr "He recibido un paquete desde un origen desconocido " + +#: src/net.c:825 +#, c-format +msgid "Closing connection with %s." +msgstr "Cerrando conexión con %s." + +#: src/net.c:841 +msgid "Try to re-establish outgoing connection in 5 seconds." +msgstr "Intento re-establecer la conexión saliente en 5 segundos." + +#: src/net.c:893 +#, c-format +msgid "%s (" +msgstr "%s (" + +#: src/net.c:924 +#, c-format +msgid "Accepting a new connection failed: %m" +msgstr "Error al aceptar una nueva conexión: %m" + +#: src/net.c:932 +msgid "Closed attempted connection." +msgstr "Se ha cerrado la conexión que se intentaba realizar." + +#: src/net.c:959 +#, c-format +msgid "Metadata socket error: %s" +msgstr "Error en el `socket' de metadatos: %s" + +#: src/net.c:965 +msgid "Metadata read buffer overflow." +msgstr "Desbordamiento del búfer de lectura de metadatos" + +#: src/net.c:973 +#, c-format +msgid "Metadata socket read error: %m" +msgstr "Error de lectura del `socket' de metadatos: %m" + +#: src/net.c:1000 +#, c-format +msgid "Unknown request: %s" +msgstr "Petición desconocida: %s" + +#: src/net.c:1005 +#, c-format +msgid "Got request: %s" +msgstr "He recibido una petición: %s" + +#: src/net.c:1009 +msgid "Error while processing request from " +msgstr "Error al procesar la petición de " + +#: src/net.c:1015 +msgid "Bogus data received." +msgstr "Se han recibido datos sin sentido." + +#: src/net.c:1059 +#, c-format +msgid "Outgoing data socket error: %s" +msgstr "Error en el `socket' de datos salientes: %s" + +#: src/net.c:1094 +#, c-format +msgid "Error while reading from tapdevice: %m" +msgstr "Error leyendo del dispositivo tap: %m" + +#: src/net.c:1104 +#, c-format +msgid "Non-IP ethernet frame %04x from " +msgstr "Trama ethernet no-IP %04x de " + +#: src/net.c:1112 +msgid "Dropping short packet" +msgstr "Descartando paquete corto" + +#: src/net.c:1120 +#, c-format +msgid "An IP packet (%04x) for " +msgstr "Un paquete IP (%04x) para " + +#: src/net.c:1158 +#, c-format +msgid "Error while waiting for input: %m" +msgstr "Error esperando entrada: %m" + +#: src/netutl.c:219 +#, c-format +msgid "Error looking up `%s': %s\n" +msgstr "Error buscando `%s': %s\n" + +#: src/netutl.c:243 +msgid "Connection list:" +msgstr "Lista de conexiones:" + +#: src/protocol.c:54 +#, c-format +msgid "Send ACK to %s" +msgstr "Envio ACK a %s" + +#: src/protocol.c:60 +#, c-format +msgid "send failed: %d:%d: %m" +msgstr "Error enviando: %d:%d: %m" + +#: src/protocol.c:64 src/protocol.c:480 +#, c-format +msgid "Connection with %s activated." +msgstr "Activada la conexión con %s." + +#: src/protocol.c:73 +msgid "Send TERMREQ to " +msgstr "Envío TERMREQ a " + +#: src/protocol.c:81 src/protocol.c:99 src/protocol.c:117 src/protocol.c:134 +#: src/protocol.c:148 src/protocol.c:166 src/protocol.c:184 src/protocol.c:212 +#: src/protocol.c:233 src/protocol.c:251 src/protocol.c:265 src/protocol.c:292 +#: src/protocol.c:322 src/protocol.c:656 src/protocol.c:754 +#, c-format +msgid "send failed: %s:%d: %m" +msgstr "Error enviando: %s:%d: %m" + +#: src/protocol.c:92 +msgid "Send TIMEOUT to " +msgstr "Envío TIMEOUT a " + +#: src/protocol.c:110 +msgid "Sending delete host " +msgstr "Enviando borra `host' " + +#: src/protocol.c:128 +msgid "pinging " +msgstr "pinging " + +#: src/protocol.c:159 +msgid "Sending add host to " +msgstr "Enviando añade `host' a " + +#: src/protocol.c:177 +msgid "Sending KEY_CHANGED to " +msgstr "Enviando KEY_CHANGED to " + +#: src/protocol.c:205 +msgid "Send BASIC_INFO to " +msgstr "Enviando BASIC_INFO a " + +#: src/protocol.c:226 +#, c-format +msgid "Send PASSPHRASE %s to " +msgstr "Enviando PASSPHRASE %s a " + +#: src/protocol.c:244 +#, c-format +msgid "Send PUBLIC_KEY %s to " +msgstr "Enviando PUBLIC_KEY %s a " + +#: src/protocol.c:279 +msgid "Attempting to send key request to " +msgstr "Intentando enviar petición de clave a " + +#: src/protocol.c:285 +msgid "Sending out request for public key to " +msgstr "Enviando petición de clave pública a " + +#: src/protocol.c:309 +msgid "Attempting to send key answer to " +msgstr "Intentando enviar respuesta de la clave a " + +#: src/protocol.c:315 +msgid "Sending public key to " +msgstr "Enviando clave pública a " + +#: src/protocol.c:370 +#, c-format +msgid "got bad BASIC_INFO request: %s" +msgstr "recibí una petición BASIC_INFO incorrecta: %s" + +#: src/protocol.c:376 +#, c-format +msgid "Peer uses incompatible protocol version %d." +msgstr "" +"La máquina remota usa una versión incompatible del protocolo (versión %d)." + +#: src/protocol.c:382 +#, c-format +msgid "got BASIC_INFO(%hd," +msgstr "recibí BASIC_INFO(%hd," + +#: src/protocol.c:385 +#, c-format +msgid "Peer uses protocol version %d" +msgstr "La máquina remota usa la versión %d del protocolo" + +#: src/protocol.c:411 +#, c-format +msgid "got bad PASSPHRASE request: %s" +msgstr "recibí una petición PASSPHRASE incorrecta: %s" + +#: src/protocol.c:417 +msgid "got PASSPHRASE" +msgstr "recibí PASSPHRASE" + +#: src/protocol.c:434 +#, c-format +msgid "got bad PUBLIC_KEY request: %s" +msgstr "recibí una petición PUBLIC_KEY incorrecta: %s" + +#: src/protocol.c:439 +#, c-format +msgid "got PUBLIC_KEY %s" +msgstr "recibí PUBLIC_KEY %s" + +#. intruder! +#: src/protocol.c:444 +msgid "Intruder: passphrase does not match." +msgstr "Intruso: la frase de paso no concuerda." + +#: src/protocol.c:449 +msgid "Passphrase OK" +msgstr "Frase de paso OK" + +#: src/protocol.c:477 +msgid "got ACK" +msgstr "recibí ACK" + +#: src/protocol.c:517 +#, c-format +msgid "got bad DEL_HOST request: %s" +msgstr "recibí una petición DEL_HOST incorrecta: %s" + +#: src/protocol.c:522 +msgid "got DEL_HOST for " +msgstr "recibí DEL_HOST para " + +#: src/protocol.c:527 +msgid "Somebody wanted to delete " +msgstr "Alguien quería borrar " + +#: src/protocol.c:545 +msgid "responding to ping from " +msgstr "respondiendo al `ping' de " + +#: src/protocol.c:559 +msgid "ok, got pong from " +msgstr "ok, recibí `pong' de " + +#: src/protocol.c:577 +#, c-format +msgid "got bad ADD_HOST request: %s" +msgstr "recibí una petición ADD_HOST incorrecta: %s" + +#: src/protocol.c:582 +msgid "Add host request from " +msgstr "Añado petición de `host' de " + +#: src/protocol.c:584 +msgid "got ADD_HOST(" +msgstr "recibí ADD_HOST(" + +#: src/protocol.c:596 +msgid "Invalid add_host request from " +msgstr "Petición add_host no válida de " + +#: src/protocol.c:625 +#, c-format +msgid "got bad request: %s" +msgstr "recibí una petición incorrecta: %s" + +#: src/protocol.c:630 +msgid "got REQ_KEY from " +msgstr "recibí REQ_KEY de " + +#: src/protocol.c:643 +msgid "Attempting to forward key request to " +msgstr "Intentando redirigir petición de clave a " + +#: src/protocol.c:649 +msgid "Forwarding request for public key to " +msgstr "Reenviando petición de clave pública a " + +#: src/protocol.c:709 src/protocol.c:769 +#, c-format +msgid "got bad ANS_KEY request: %s" +msgstr "recibí una petición ANS_KEY incorrecta: %s" + +#: src/protocol.c:714 +msgid "got ANS_KEY from " +msgstr "recibí ANS_KEY de " + +#: src/protocol.c:720 +msgid "Yeah! key arrived. Now do something with it." +msgstr "¡Sí! ha llegado una clave. Ahora a hacer algo con ella." + +#: src/protocol.c:725 +msgid "Receiving key from " +msgstr "Recibiendo clave de " + +#: src/protocol.c:741 +msgid "Attempting to forward key to " +msgstr "Intentando redirigir la clave a " + +#: src/protocol.c:747 +msgid "Forwarding public key to " +msgstr "Redirigiendo clave pública a " + +#: src/protocol.c:774 +msgid "got KEY_CHANGED from " +msgstr "recibí KEY_CHANGED de " + +#: src/protocol.c:781 +msgid "Got changed key from " +msgstr "Recibí clave modificada de " + +#: src/protocol.c:790 +msgid "Forwarding key invalidation request" +msgstr "Redirigiendo petición de invalidación de clave" + +#: src/tincd.c:95 +#, c-format +msgid "Try `%s --help' for more information.\n" +msgstr "Pruebe `%s --help' para más información.\n" + +#: src/tincd.c:98 +#, c-format +msgid "" +"Usage: %s [option]...\n" +"\n" +msgstr "" +"Modo de empleo: %s [opción]...\n" +"\n" + +#: src/tincd.c:99 +msgid "" +" -c, --config=FILE Read configuration options from FILE.\n" +" -D, --no-detach Don't fork and detach.\n" +" -d Increase debug level.\n" +" -k, --kill Attempt to kill a running tincd and exit.\n" +" -n, --net=NETNAME Connect to net NETNAME.\n" +" -t, --timeout=TIMEOUT Seconds to wait before giving a timeout.\n" +msgstr "" +" -c, --config=FICHERO Lee opciones de configuración del FICHERO.\n" +" -D, --no-detach No hagas fork() y liberes la terminal.\n" +" -d Aumenta el nivel de depuración.\n" +" -k, --kill Intenta eliminar un tincd en ejecución y termina.\n" +" -n, --net=NOMBREDERED Conecta a la red NOMBREDERED.\n" +" -t, --timeout=TIEMPO Segundos a esperar antes de cancelar una " +"trasmisión.\n" + +#: src/tincd.c:105 +msgid "" +" --help Display this help and exit.\n" +" --version Output version information and exit.\n" +"\n" +msgstr "" +" --help Muestra esta ayuda y termina.\n" +" --version Muestra información de la versión y termina.\n" +"\n" + +#: src/tincd.c:107 +msgid "Report bugs to tinc@nl.linux.org.\n" +msgstr "Comunicar `bugs' a tinc@nl.linux.org.\n" + +#: src/tincd.c:145 +#, c-format +msgid "Invalid timeout value `%s'.\n" +msgstr "Valor de `timeout' no válido `%s'.\n" + +#: src/tincd.c:159 +#, c-format +msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes); exiting." +msgstr "" +"Memoria agotada (la última es %s:%d) (no pude asignar %d bytes); terminando." + +#: src/tincd.c:214 +#, c-format +msgid "tincd %s (%s %s) starting, debug level %d." +msgstr "tincd %s (%s %s) comenzando, nivel de depuración %d." + +#: src/tincd.c:217 +#, c-format +msgid "tincd %s starting, debug level %d." +msgstr "tincd %s comenzando, nivel de depuración %d." + +#: src/tincd.c:232 +#, c-format +msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d." +msgstr "" +"Total de bytes escritos: tap %d, socket %d; bytes leidos: tap %d, socket %d." + +#: src/tincd.c:250 +#, c-format +msgid "A tincd is already running for net `%s' with pid %d.\n" +msgstr "" +"Un tincd está actualmente en ejecución para la red `%s' con el pid %d.\n" + +#: src/tincd.c:253 +#, c-format +msgid "A tincd is already running with pid %d.\n" +msgstr "Un tincd está actualmente en ejecución con el pid %d.\n" + +#: src/tincd.c:274 +#, c-format +msgid "No other tincd is running for net `%s'.\n" +msgstr "No hay ningún otro tincd en ejecución para la red `%s'.\n" + +#: src/tincd.c:276 +msgid "No other tincd is running.\n" +msgstr "No hay ningún otro tincd en ejecución.\n" + +#: src/tincd.c:283 +msgid "Removing stale lock file.\n" +msgstr "Borrando fichero de bloqueo en desuso.\n" + +#: src/tincd.c:339 +#, c-format +msgid "%s version %s\n" +msgstr "%s versión %s\n" + +#: src/tincd.c:340 +msgid "" +"Copyright (C) 1998,1999,2000 Ivo Timmermans and others,\n" +"see the AUTHORS file for a complete list.\n" +"\n" +"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" +"and you are welcome to redistribute it under certain conditions;\n" +"see the file COPYING for details.\n" +"\n" +msgstr "" +"Copyright (C) 1998,1999,2000 Ivo Timmermans y otros,\n" +"vea el fichero AUTHORS para una lista completa.\n" +"\n" +"tinc viene SIN NINGUNA GARANTÍA. Esto es software libre,\n" +"y puede ser redistribuido bajo ciertas condiciones;\n" +"vea el fichero COPYING para los detalles.\n" + +#: src/tincd.c:345 +msgid "" +"This product includes software developed by Eric Young (eay@mincom.oz.au)\n" +msgstr "" +"Este producto incluye software desarrollado por Eric Young " +"(eay@mincom.oz.au)\n" + +#: src/tincd.c:355 +msgid "You must be root to run this program. sorry.\n" +msgstr "" +"Usted debe ser el superusuario para ejecutar este programa. Lo siento.\n" + +#: src/tincd.c:390 +msgid "Got TERM signal" +msgstr "Recibí la señal TERM" + +#: src/tincd.c:398 +msgid "Got QUIT signal" +msgstr "Recibí la señal QUIT" + +#: src/tincd.c:405 +msgid "Got another SEGV signal: not restarting" +msgstr "Recibí otra señal SEGV: no reinicio" + +#: src/tincd.c:413 +#, c-format +msgid "Got SEGV signal after %s line %d. Trying to re-execute." +msgstr "Recibí la señal SEGV después de %s línea %d. Intento reiniciar." + +#: src/tincd.c:416 +msgid "Got SEGV signal; trying to re-execute." +msgstr "Recibí la señal SEGV; intento reiniciar." + +#: src/tincd.c:429 +msgid "Got HUP signal" +msgstr "Recibí la señal HUP" + +#: src/tincd.c:439 +msgid "Got INT signal" +msgstr "Recibí la señal INT" + +#: src/tincd.c:453 +msgid "Forcing new key generation" +msgstr "Forzando generación de una nueva clave" + +#: src/tincd.c:461 +#, c-format +msgid "Got unexpected signal (%d) after %s line %d." +msgstr "Recibí una señal inesperada (%d) después de %s línea %d." + +#: src/tincd.c:464 +#, c-format +msgid "Got unexpected signal (%d)." +msgstr "Recibí una señal inesperada (%d)." From e0de803c7e80621600409a0c760241a3d97617bd Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 2 Jul 2000 12:41:03 +0000 Subject: [PATCH 047/923] Include the Spanish translation in the distribution/build process. --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 92d6dfff..29b711e9 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.1 2000/06/25 20:52:29 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.2 2000/07/02 12:41:03 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre3) @@ -14,7 +14,7 @@ AM_ACLOCAL_INCLUDE(m4) # in the latter don't make it into the configure-time tests. AC_DEFINE([_GNU_SOURCE], [__USE_BSD]) -ALL_LINGUAS="nl" +ALL_LINGUAS="es nl" dnl Checks for programs. AC_PROG_CC From 6642ec2ea4e97a2fb3e737653ab1b9351ac759e9 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 2 Jul 2000 12:48:04 +0000 Subject: [PATCH 048/923] - Updated THANKS file --- THANKS | 1 + 1 file changed, 1 insertion(+) diff --git a/THANKS b/THANKS index 2084100f..9f8f47f5 100644 --- a/THANKS +++ b/THANKS @@ -12,6 +12,7 @@ I would like to thank testing and debugging) * Robert van der Meulen (early configuration code) * Cris van Pelt (small fixes) + * Enrique Zanardi (for the Spanish translation) for their help, support and ideas. Thank you guys! From b1ecbf977722ec473fc8007acd39eb0de581de1a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 2 Jul 2000 13:36:18 +0000 Subject: [PATCH 049/923] - Delayed address resolving for ConnectTo lines in configuration file to allow DynDNS to work without restarting tincd. --- src/conf.c | 4 ++-- src/net.c | 17 ++++++++++++----- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/src/conf.c b/src/conf.c index 5d6437ff..9bc25a79 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.5 2000/06/30 11:45:14 guus Exp $ + $Id: conf.c,v 1.9.4.6 2000/07/02 13:36:18 guus Exp $ */ @@ -59,7 +59,7 @@ typedef struct internal_config_t { */ static internal_config_t hazahaza[] = { { "AllowConnect", allowconnect, TYPE_BOOL }, /* Is not used anywhere. Remove? */ - { "ConnectTo", upstreamip, TYPE_IP }, + { "ConnectTo", upstreamip, TYPE_NAME }, { "ConnectPort", upstreamport, TYPE_INT }, { "ListenPort", listenport, TYPE_INT }, { "MyOwnVPNIP", myvpnip, TYPE_IP }, diff --git a/src/net.c b/src/net.c index f136a58e..01c1426c 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.18 2000/06/30 21:03:51 guus Exp $ + $Id: net.c,v 1.35.4.19 2000/07/02 13:36:18 guus Exp $ */ #include "config.h" @@ -545,12 +545,19 @@ cp an authentication sequence during which we will do just that. */ -int setup_outgoing_connection(ip_t ip) +int setup_outgoing_connection(char *hostname) { conn_list_t *ncn; + struct hostent *h; cp + if(!(h = gethostbyname(hostname))) + { + syslog(LOG_ERR, _("Error looking up `%s': %m"), hostname); + return -1; + } + ncn = new_conn_list(); - ncn->real_ip = ip; + ncn->real_ip = ntohl(*((ip_t*)(h->h_addr_list[0]))); ncn->real_hostname = hostlookup(htonl(ip)); if(setup_outgoing_meta_socket(ncn) < 0) @@ -628,7 +635,7 @@ cp while(cfg) { - if(!setup_outgoing_connection(cfg->data.ip->ip)) /* function returns 0 when there are no problems */ + if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ { signal(SIGALRM, SIG_IGN); return; @@ -671,7 +678,7 @@ cp while(cfg) { - if(!setup_outgoing_connection(cfg->data.ip->ip)) /* function returns 0 when there are no problems */ + if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ return 0; cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */ } From 42455e97a057fb4386f9d8fb2f8963b2ec6ddf24 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 2 Jul 2000 13:40:57 +0000 Subject: [PATCH 050/923] - Fixed typo. --- src/net.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/net.c b/src/net.c index 01c1426c..dce4ae4f 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.19 2000/07/02 13:36:18 guus Exp $ + $Id: net.c,v 1.35.4.20 2000/07/02 13:40:57 guus Exp $ */ #include "config.h" @@ -558,7 +558,7 @@ cp ncn = new_conn_list(); ncn->real_ip = ntohl(*((ip_t*)(h->h_addr_list[0]))); - ncn->real_hostname = hostlookup(htonl(ip)); + ncn->real_hostname = hostlookup(htonl(ncn->real_ip)); if(setup_outgoing_meta_socket(ncn) < 0) { From fdc6a2f106315cd9ed22943d8c0bd279631e66b4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 7 Aug 2000 14:52:16 +0000 Subject: [PATCH 051/923] - Added experimental hackish tunneling-over-TCP support. Just use TCPonly = true in the configuration file. --- src/conf.c | 3 +- src/conf.h | 3 +- src/net.c | 17 +++++++--- src/net.h | 3 +- src/protocol.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++---- src/protocol.h | 3 +- 6 files changed, 103 insertions(+), 16 deletions(-) diff --git a/src/conf.c b/src/conf.c index 9bc25a79..3b1eb49c 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.6 2000/07/02 13:36:18 guus Exp $ + $Id: conf.c,v 1.9.4.7 2000/08/07 14:52:14 guus Exp $ */ @@ -71,6 +71,7 @@ static internal_config_t hazahaza[] = { { "VpnMask", vpnmask, TYPE_IP }, { "Hostnames", resolve_dns, TYPE_BOOL }, { "IndirectData", indirectdata, TYPE_BOOL }, + { "TCPonly", tcponly, TYPE_BOOL }, { NULL, 0, 0 } }; diff --git a/src/conf.h b/src/conf.h index 1d758595..94020909 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.5 2000/06/30 11:45:14 guus Exp $ + $Id: conf.h,v 1.6.4.6 2000/08/07 14:52:14 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -49,6 +49,7 @@ typedef enum which_t { vpnmask, resolve_dns, indirectdata, + tcponly, } which_t; typedef struct config_t { diff --git a/src/net.c b/src/net.c index dce4ae4f..93be1cbc 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.20 2000/07/02 13:40:57 guus Exp $ + $Id: net.c,v 1.35.4.21 2000/08/07 14:52:15 guus Exp $ */ #include "config.h" @@ -107,16 +107,19 @@ cp syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), ntohs(rp.len), cl->vpn_hostname, cl->real_hostname); + total_socket_out += r; + + cl->want_ping = 1; + + if((cl->flags | myself->flags) & TCPONLY) + return send_tcppacket(cl, packet, ntohs(rp.len)); + if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->vpn_hostname, cl->real_hostname); return -1; } - - total_socket_out += r; - - cl->want_ping = 1; cp return 0; } @@ -606,6 +609,10 @@ cp if(cfg->data.val == stupid_true) myself->flags |= EXPORTINDIRECTDATA; + if(cfg = get_config_val(tcponly)) + if(cfg->data.val == stupid_true) + myself->flags |= TCPONLY; + if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening socket")); diff --git a/src/net.h b/src/net.h index a74a9f9f..40bc934e 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.6 2000/07/01 07:49:21 guus Exp $ + $Id: net.h,v 1.9.4.7 2000/08/07 14:52:15 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -50,6 +50,7 @@ /* flags */ #define INDIRECTDATA 0x0001 /* Used to indicate that this host has to be reached indirect */ #define EXPORTINDIRECTDATA 0x0002 /* Used to indicate uplink that it has to tell others to do INDIRECTDATA */ +#define TCPONLY 0x0004 /* Tells sender to send packets over TCP instead of UDP (for firewalls) */ typedef unsigned long ip_t; typedef short length_t; diff --git a/src/protocol.c b/src/protocol.c index 3c20f3b2..a3fa5f1a 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.19 2000/06/30 21:03:51 guus Exp $ + $Id: protocol.c,v 1.28.4.20 2000/08/07 14:52:15 guus Exp $ */ #include "config.h" @@ -120,6 +120,32 @@ cp return 0; } +/* Evil hack - TCP tunneling is bad */ +int send_tcppacket(conn_list_t *cl, void *data, int len) +{ +cp + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Sending PACKET to %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + + buflen = snprintf(buffer, MAXBUFSIZE, "%d %d\n", PACKET, len); + + if((write(cl->meta_socket, buffer, buflen)) < 0) + { + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); + return -1; + } + + if((write(cl->meta_socket, data, len)) < 0) + { + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); + return -1; + } + +cp + return 0; +} + int send_ping(conn_list_t *cl) { cp @@ -638,6 +664,50 @@ cp return 0; } +int tcppacket_h(conn_list_t *cl) +{ + char packet[1600]; + int len; +cp + if(!cl->status.active) + { + syslog(LOG_ERR, _("Got unauthorized PACKET from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + return -1; + } + + if(sscanf(cl->buffer, "%*d %d", &len) != 1) + { + syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + return -1; + } + + if(len>1600) + { + syslog(LOG_ERR, _("Got too big PACKET from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + return -1; + } + + if(debug_lvl > 1) + syslog(LOG_DEBUG, _("Got PACKET from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + + /* Evil kludge comming up */ + if(read(cl->meta_socket,packet,len)!=len) + { + syslog(LOG_ERR, _("Error while receiving PACKET data from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + return -1; + } + + xrecv(cl,packet); +cp + return 0; +} + + int ping_h(conn_list_t *cl) { cp @@ -963,13 +1033,19 @@ int (*request_handlers[256])(conn_list_t*) = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + tcppacket_h, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, req_key_h, ans_key_h, key_changed_h, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0 }; diff --git a/src/protocol.h b/src/protocol.h index 110dde8a..fecaa88e 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.3 2000/06/29 17:09:08 guus Exp $ + $Id: protocol.h,v 1.5.4.4 2000/08/07 14:52:16 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -59,6 +59,7 @@ enum { CALCULATE = 100, /* calculate the following numer^privkey and send me the result */ CALC_RES, /* result of the above */ ALMOST_KEY, /* this number^privkey is the shared key */ + PACKET = 110, /* TCP tunneled network packet */ REQ_KEY = 160, /* request public key */ ANS_KEY, /* answer to such request */ KEY_CHANGED, /* public key has changed */ From b6997b0050e78a2f2e517beba3ff01d9232b3d1f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 7 Aug 2000 16:27:29 +0000 Subject: [PATCH 052/923] - Lots o' buglets fixed (-Wall helps) - Made TCPonly work :) --- src/conf.h | 3 ++- src/net.c | 34 ++++++++++++------------ src/net.h | 4 ++- src/protocol.c | 70 ++++++++++++++++++++++++++++++++++++++------------ src/protocol.h | 5 +++- 5 files changed, 80 insertions(+), 36 deletions(-) diff --git a/src/conf.h b/src/conf.h index 94020909..ca3c27e1 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.6 2000/08/07 14:52:14 guus Exp $ + $Id: conf.h,v 1.6.4.7 2000/08/07 16:27:27 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -82,5 +82,6 @@ extern config_t *add_config_val(config_t **, int, char *); extern int read_config_file(const char *); extern const config_t *get_config_val(which_t type); extern const config_t *get_next_config_val(which_t type, int); +extern void clear_config(); #endif /* __TINC_CONF_H__ */ diff --git a/src/net.c b/src/net.c index 93be1cbc..da39686d 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.21 2000/08/07 14:52:15 guus Exp $ + $Id: net.c,v 1.35.4.22 2000/08/07 16:27:28 guus Exp $ */ #include "config.h" @@ -95,7 +95,6 @@ cp int xsend(conn_list_t *cl, void *packet) { - int r; real_packet_t rp; cp do_encrypt((vpn_packet_t*)packet, &rp, cl->key); @@ -107,14 +106,14 @@ cp syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), ntohs(rp.len), cl->vpn_hostname, cl->real_hostname); - total_socket_out += r; + total_socket_out += ntohs(rp.len); cl->want_ping = 1; if((cl->flags | myself->flags) & TCPONLY) - return send_tcppacket(cl, packet, ntohs(rp.len)); + return send_tcppacket(cl, (void*)&rp, ntohs(rp.len)); - if((r = send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0) + if((send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->vpn_hostname, cl->real_hostname); @@ -130,17 +129,18 @@ int xrecv(conn_list_t *cl, void *packet) int lenin; cp do_decrypt((real_packet_t*)packet, &vp, cl->key); +cp add_mac_addresses(&vp); - +cp if(debug_lvl > 3) syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"), ((real_packet_t*)packet)->len, cl->vpn_hostname, cl->real_hostname); - +cp if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0) syslog(LOG_ERR, _("Can't write to tap device: %m")); else total_tap_out += lenin; - +cp cl->want_ping = 0; cl->last_ping_time = time(NULL); cp @@ -527,13 +527,13 @@ cp } flags = fcntl(cl->meta_socket, F_GETFL); - if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0) +/* if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0) { syslog(LOG_ERR, _("fcntl for %s port %d: %m"), cl->real_hostname, cl->port); return -1; } - +*/ if(debug_lvl > 0) syslog(LOG_INFO, _("Connected to %s port %hd"), cl->real_hostname, cl->port); @@ -605,11 +605,11 @@ cp else myself->port = cfg->data.val; - if(cfg = get_config_val(indirectdata)) + if((cfg = get_config_val(indirectdata))) if(cfg->data.val == stupid_true) myself->flags |= EXPORTINDIRECTDATA; - if(cfg = get_config_val(tcponly)) + if((cfg = get_config_val(tcponly))) if(cfg->data.val == stupid_true) myself->flags |= TCPONLY; @@ -911,7 +911,7 @@ cp */ void terminate_connection(conn_list_t *cl) { - conn_list_t *p, *q; + conn_list_t *p; cp if(cl->status.remove) @@ -1077,9 +1077,11 @@ cp if(errno==EINTR) return 0; if(errno==0) - if(debug_lvl>0) - syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), - cl->vpn_hostname, cl->real_hostname); + { + if(debug_lvl>0) + syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + } else syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"), cl->vpn_hostname, cl->real_hostname); diff --git a/src/net.h b/src/net.h index 40bc934e..41f90b09 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.7 2000/08/07 14:52:15 guus Exp $ + $Id: net.h,v 1.9.4.8 2000/08/07 16:27:28 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -147,5 +147,7 @@ extern void main_loop(void); extern int setup_vpn_connection(conn_list_t *); extern void terminate_connection(conn_list_t *); extern void flush_queues(conn_list_t*); +extern int xrecv(conn_list_t *, void *); +extern void add_queue(packet_queue_t **, void *, size_t); #endif /* __TINC_NET_H__ */ diff --git a/src/protocol.c b/src/protocol.c index a3fa5f1a..fe3309ae 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.20 2000/08/07 14:52:15 guus Exp $ + $Id: protocol.c,v 1.28.4.21 2000/08/07 16:27:28 guus Exp $ */ #include "config.h" @@ -34,6 +34,8 @@ #include #include +#include + #include "conf.h" #include "encr.h" #include "net.h" @@ -445,7 +447,7 @@ cp is not desirable. */ - if(old=lookup_conn(cl->vpn_ip)) + if((old=lookup_conn(cl->vpn_ip))) { if(debug_lvl>0) syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), @@ -531,7 +533,7 @@ cp old connection that has timed out but we don't know it yet. */ - while(old = lookup_conn(cl->vpn_ip)) + while((old = lookup_conn(cl->vpn_ip))) { if(debug_lvl > 1) syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), @@ -666,8 +668,9 @@ cp int tcppacket_h(conn_list_t *cl) { - char packet[1600]; - int len; + real_packet_t rp; + int len, count = 0, result; + conn_list_t *f; cp if(!cl->status.active) { @@ -690,19 +693,52 @@ cp return -1; } - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got PACKET from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - /* Evil kludge comming up */ - if(read(cl->meta_socket,packet,len)!=len) + while(len) { - syslog(LOG_ERR, _("Error while receiving PACKET data from %s (%s)"), + result=read(cl->meta_socket,&rp+count,len); + if(result<0) + { + syslog(LOG_ERR, _("Error while receiving PACKET data from %s (%s): %m"), cl->vpn_hostname, cl->real_hostname); - return -1; - } + return -1; + } + count+=result; + len-=result; + } - xrecv(cl,packet); + if(debug_lvl > 3) + syslog(LOG_DEBUG, _("Got PACKET length %d from %s (%s)"), len, + cl->vpn_hostname, cl->real_hostname); + + total_socket_in += len; + + rp.data.len = ntohs(rp.data.len); + rp.len = ntohs(rp.len); + rp.from = ntohl(rp.from); + + if(rp.len >= 0) + { + f = lookup_conn(rp.from); + if(!f) + { + syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"), + cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp.from)); + return -1; + } + + if(f->status.validkey) + xrecv(f, &rp); + else + { + add_queue(&(f->rq), &rp, rp.len); + if(!cl->status.waitingforkey) + send_key_request(rp.from); + } + + if(my_key_expiry <= time(NULL)) + regenerate_keys(); + } cp return 0; } @@ -772,7 +808,7 @@ cp return -1; } - if(old = lookup_conn(vpn_ip)) + if((old = lookup_conn(vpn_ip))) { if((real_ip==old->real_ip) && (vpn_mask==old->vpn_mask) && (port==old->port)) { @@ -817,9 +853,9 @@ cp syslog(LOG_DEBUG, _("Got ADD_HOST for %s (%s) from %s (%s)"), ncn->vpn_hostname, ncn->real_hostname, cl->vpn_hostname, cl->real_hostname); -skip_add_host: - notify_others(ncn, cl, send_add_host); + +skip_add_host: cp return 0; } diff --git a/src/protocol.h b/src/protocol.h index fecaa88e..7e0e8988 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.4 2000/08/07 14:52:16 guus Exp $ + $Id: protocol.h,v 1.5.4.5 2000/08/07 16:27:29 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -74,6 +74,9 @@ extern int send_timeout(conn_list_t *); extern int send_key_request(ip_t); extern void send_key_changed_all(void); extern int send_del_host(conn_list_t *, conn_list_t *); +extern int send_tcppacket(conn_list_t *, void *, int); +extern int notify_others(conn_list_t *, conn_list_t *, int (*function)(conn_list_t*, conn_list_t*)); #endif /* __TINC_PROTOCOL_H__ */ + From ac73c72488dd8b33464fac1f392e89df48f7a23b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 8 Aug 2000 08:48:50 +0000 Subject: [PATCH 053/923] Fixed PACKET read loop. --- src/protocol.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index fe3309ae..7bd64cc9 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.21 2000/08/07 16:27:28 guus Exp $ + $Id: protocol.c,v 1.28.4.22 2000/08/08 08:48:50 guus Exp $ */ #include "config.h" @@ -132,13 +132,13 @@ cp buflen = snprintf(buffer, MAXBUFSIZE, "%d %d\n", PACKET, len); - if((write(cl->meta_socket, buffer, buflen)) < 0) + if((write(cl->meta_socket, buffer, buflen)) != buflen) { syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } - if((write(cl->meta_socket, data, len)) < 0) + if((write(cl->meta_socket, data, len)) != len) { syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; @@ -696,7 +696,8 @@ cp /* Evil kludge comming up */ while(len) { - result=read(cl->meta_socket,&rp+count,len); + syslog(LOG_DEBUG, _("Direct read count=%d len=%d rp=%p socket=%d"), count, len, ((char *)&rp)+count, cl->meta_socket); + result=read(cl->meta_socket,((char *)&rp)+count,len); if(result<0) { syslog(LOG_ERR, _("Error while receiving PACKET data from %s (%s): %m"), From ff87f385c3a81499eff6b848aed8548cf6e5132e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 8 Aug 2000 13:47:57 +0000 Subject: [PATCH 054/923] Removed calling add_queue for tcponly packets. --- src/net.c | 9 ++++----- src/protocol.c | 22 ++++++++++++---------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/src/net.c b/src/net.c index da39686d..c2cbfa6c 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.22 2000/08/07 16:27:28 guus Exp $ + $Id: net.c,v 1.35.4.23 2000/08/08 13:47:56 guus Exp $ */ #include "config.h" @@ -129,18 +129,17 @@ int xrecv(conn_list_t *cl, void *packet) int lenin; cp do_decrypt((real_packet_t*)packet, &vp, cl->key); -cp add_mac_addresses(&vp); -cp + if(debug_lvl > 3) syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"), ((real_packet_t*)packet)->len, cl->vpn_hostname, cl->real_hostname); -cp + if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0) syslog(LOG_ERR, _("Can't write to tap device: %m")); else total_tap_out += lenin; -cp + cl->want_ping = 0; cl->last_ping_time = time(NULL); cp diff --git a/src/protocol.c b/src/protocol.c index 7bd64cc9..2416599d 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.22 2000/08/08 08:48:50 guus Exp $ + $Id: protocol.c,v 1.28.4.23 2000/08/08 13:47:57 guus Exp $ */ #include "config.h" @@ -126,7 +126,7 @@ cp int send_tcppacket(conn_list_t *cl, void *data, int len) { cp - if(debug_lvl > 1) + if(debug_lvl > 3) syslog(LOG_DEBUG, _("Sending PACKET to %s (%s)"), cl->vpn_hostname, cl->real_hostname); @@ -140,7 +140,7 @@ cp if((write(cl->meta_socket, data, len)) != len) { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Sending PACKET data failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } @@ -686,17 +686,23 @@ cp return -1; } - if(len>1600) + if(len > MTU) { syslog(LOG_ERR, _("Got too big PACKET from %s (%s)"), cl->vpn_hostname, cl->real_hostname); return -1; } + if(debug_lvl > 3) + syslog(LOG_DEBUG, _("Got PACKET length %d from %s (%s)"), len, + cl->vpn_hostname, cl->real_hostname); + /* Evil kludge comming up */ while(len) { - syslog(LOG_DEBUG, _("Direct read count=%d len=%d rp=%p socket=%d"), count, len, ((char *)&rp)+count, cl->meta_socket); + if(debug_lvl > 3) + syslog(LOG_DEBUG, _("Direct read count=%d len=%d rp=%p socket=%d"), count, len, ((char *)&rp)+count, cl->meta_socket); + result=read(cl->meta_socket,((char *)&rp)+count,len); if(result<0) { @@ -708,10 +714,6 @@ cp len-=result; } - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("Got PACKET length %d from %s (%s)"), len, - cl->vpn_hostname, cl->real_hostname); - total_socket_in += len; rp.data.len = ntohs(rp.data.len); @@ -732,7 +734,7 @@ cp xrecv(f, &rp); else { - add_queue(&(f->rq), &rp, rp.len); +/* add_queue(&(f->rq), &rp, rp.len); We can't do this since rp is on the stack */ if(!cl->status.waitingforkey) send_key_request(rp.from); } From e092d15be17db1d69c37f2aba46c66e03631c099 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 8 Aug 2000 14:54:57 +0000 Subject: [PATCH 055/923] - Added date/time of build and protocol number to --version output. --- src/tincd.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/tincd.c b/src/tincd.c index f63540aa..e5257b56 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.6 2000/06/30 11:45:16 guus Exp $ + $Id: tincd.c,v 1.10.4.7 2000/08/08 14:54:57 guus Exp $ */ #include "config.h" @@ -43,6 +43,7 @@ #include "encr.h" #include "net.h" #include "netutl.h" +#include "protocol.h" #include "system.h" @@ -336,7 +337,7 @@ main(int argc, char **argv, char **envp) if(show_version) { - printf(_("%s version %s\n"), PACKAGE, VERSION); + printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT); printf(_("Copyright (C) 1998,1999,2000 Ivo Timmermans and others,\n" "see the AUTHORS file for a complete list.\n\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" From 3cfc9424f255c26f2a7775b6fa059f1e3e47a76e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 8 Aug 2000 17:07:48 +0000 Subject: [PATCH 056/923] - Moved TCP packet reception to meta handler: less kludgy and less buggy! --- src/net.c | 149 ++++++++++++++++++++++++++++++++++++------------- src/net.h | 3 +- src/protocol.c | 61 +++----------------- 3 files changed, 119 insertions(+), 94 deletions(-) diff --git a/src/net.c b/src/net.c index c2cbfa6c..cd433d08 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.23 2000/08/08 13:47:56 guus Exp $ + $Id: net.c,v 1.35.4.24 2000/08/08 17:07:47 guus Exp $ */ #include "config.h" @@ -146,6 +146,59 @@ cp return 0; } +int tcprecv(conn_list_t *cl, real_packet_t *rp) +{ + vpn_packet_t vp; + int lenin; + conn_list_t *f; +cp + rp->data.len = ntohs(rp->data.len); + rp->len = ntohs(rp->len); + rp->from = ntohl(rp->from); + + total_socket_in += rp->len; + + if(rp->len >= 0) + { + f = lookup_conn(rp->from); + if(!f) + { + syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"), + cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp->from)); + return -1; + } + + if(f->status.validkey) + { + do_decrypt(rp, &vp, cl->key); + add_mac_addresses(&vp); + + if(debug_lvl > 3) + syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"), + rp->len, cl->vpn_hostname, cl->real_hostname); + + if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0) + syslog(LOG_ERR, _("Can't write to tap device: %m")); + else + total_tap_out += lenin; + } + else + { + /* Can we add to queue? */ + if(!cl->status.waitingforkey) + send_key_request(rp->from); + } + + if(my_key_expiry <= time(NULL)) + regenerate_keys(); + } + + cl->want_ping = 0; + cl->last_ping_time = time(NULL); +cp + return 0; +} + /* add the given packet of size s to the queue q, be it the send or receive queue @@ -1092,53 +1145,71 @@ cp for(;;) { - cl->reqlen = 0; - - for(i = oldlen; i < cl->buflen; i++) + if(cl->tcppacket) { - if(cl->buffer[i] == '\n') + if(cl->buflen >= cl->tcppacket) { - cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */ - cl->reqlen = i + 1; - break; - } - } - - if(cl->reqlen) - { - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), - cl->vpn_hostname, cl->real_hostname, cl->buffer); - if(sscanf(cl->buffer, "%d", &request) == 1) - { - if((request < 0) || (request > 255) || (request_handlers[request] == NULL)) - { - syslog(LOG_ERR, _("Unknown request from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */ - { - syslog(LOG_ERR, _("Error while processing request from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } + tcprecv(cl, (real_packet_t *)cl->buffer); + cl->buflen -= cl->tcppacket; + memmove(cl->buffer, cl->buffer + cl->tcppacket, cl->buflen); + oldlen = 0; + cl->tcppacket=0; } else { - syslog(LOG_ERR, _("Bogus data received from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; + break; } - - cl->buflen -= cl->reqlen; - memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen); - oldlen = 0; } else { - break; + cl->reqlen = 0; + + for(i = oldlen; i < cl->buflen; i++) + { + if(cl->buffer[i] == '\n') + { + cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */ + cl->reqlen = i + 1; + break; + } + } + + if(cl->reqlen) + { + if(debug_lvl > 2) + syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), + cl->vpn_hostname, cl->real_hostname, cl->buffer); + if(sscanf(cl->buffer, "%d", &request) == 1) + { + if((request < 0) || (request > 255) || (request_handlers[request] == NULL)) + { + syslog(LOG_ERR, _("Unknown request from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + return -1; + } + + if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */ + { + syslog(LOG_ERR, _("Error while processing request from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + return -1; + } + } + else + { + syslog(LOG_ERR, _("Bogus data received from %s (%s)"), + cl->vpn_hostname, cl->real_hostname); + return -1; + } + + cl->buflen -= cl->reqlen; + memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen); + oldlen = 0; + } + else + { + break; + } } } diff --git a/src/net.h b/src/net.h index 41f90b09..ec88d373 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.8 2000/08/07 16:27:28 guus Exp $ + $Id: net.h,v 1.9.4.9 2000/08/08 17:07:48 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -124,6 +124,7 @@ typedef struct conn_list_t { char buffer[MAXBUFSIZE+1]; /* metadata input buffer */ int buflen; /* bytes read into buffer */ int reqlen; /* length of first request in buffer */ + int tcppacket; /* length of incoming TCP tunnelled packet */ time_t last_ping_time; /* last time we saw some activity from the other end */ int want_ping; /* 0 if there's no need to check for activity */ struct conn_list_t *nexthop; /* nearest meta-hop in this direction */ diff --git a/src/protocol.c b/src/protocol.c index 2416599d..d5bb6759 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.23 2000/08/08 13:47:57 guus Exp $ + $Id: protocol.c,v 1.28.4.24 2000/08/08 17:07:48 guus Exp $ */ #include "config.h" @@ -132,18 +132,17 @@ cp buflen = snprintf(buffer, MAXBUFSIZE, "%d %d\n", PACKET, len); - if((write(cl->meta_socket, buffer, buflen)) != buflen) + if((write(cl->meta_socket, buffer, buflen)) < 0) { syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } - - if((write(cl->meta_socket, data, len)) != len) + + if((write(cl->meta_socket, data, len)) < 0) { - syslog(LOG_ERR, _("Sending PACKET data failed: %s:%d: %m"), __FILE__, __LINE__); + syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); return -1; } - cp return 0; } @@ -668,9 +667,7 @@ cp int tcppacket_h(conn_list_t *cl) { - real_packet_t rp; - int len, count = 0, result; - conn_list_t *f; + int len; cp if(!cl->status.active) { @@ -697,51 +694,7 @@ cp syslog(LOG_DEBUG, _("Got PACKET length %d from %s (%s)"), len, cl->vpn_hostname, cl->real_hostname); - /* Evil kludge comming up */ - while(len) - { - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("Direct read count=%d len=%d rp=%p socket=%d"), count, len, ((char *)&rp)+count, cl->meta_socket); - - result=read(cl->meta_socket,((char *)&rp)+count,len); - if(result<0) - { - syslog(LOG_ERR, _("Error while receiving PACKET data from %s (%s): %m"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - count+=result; - len-=result; - } - - total_socket_in += len; - - rp.data.len = ntohs(rp.data.len); - rp.len = ntohs(rp.len); - rp.from = ntohl(rp.from); - - if(rp.len >= 0) - { - f = lookup_conn(rp.from); - if(!f) - { - syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"), - cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp.from)); - return -1; - } - - if(f->status.validkey) - xrecv(f, &rp); - else - { -/* add_queue(&(f->rq), &rp, rp.len); We can't do this since rp is on the stack */ - if(!cl->status.waitingforkey) - send_key_request(rp.from); - } - - if(my_key_expiry <= time(NULL)) - regenerate_keys(); - } + cl->tcppacket=len; cp return 0; } From f6d79366b3efaef0a458717aac5e6754630dd434 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 9 Aug 2000 09:34:21 +0000 Subject: [PATCH 057/923] - Reinstated O_NONBLOCK for meta socket - Set SO_KEEPALIVE on meta socket --- src/net.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/net.c b/src/net.c index cd433d08..3df55a76 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.24 2000/08/08 17:07:47 guus Exp $ + $Id: net.c,v 1.35.4.25 2000/08/09 09:34:21 guus Exp $ */ #include "config.h" @@ -184,7 +184,7 @@ cp } else { - /* Can we add to queue? */ + add_queue(&(cl->sq), rp, rp->len + 2); if(!cl->status.waitingforkey) send_key_request(rp->from); } @@ -473,6 +473,12 @@ cp return -1; } + if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one))) + { + syslog(LOG_ERR, _("setsockopt: %m")); + return -1; + } + flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { @@ -579,13 +585,13 @@ cp } flags = fcntl(cl->meta_socket, F_GETFL); -/* if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0) + if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0) { syslog(LOG_ERR, _("fcntl for %s port %d: %m"), cl->real_hostname, cl->port); return -1; } -*/ + if(debug_lvl > 0) syslog(LOG_INFO, _("Connected to %s port %hd"), cl->real_hostname, cl->port); From 9acd4379f705edc8b736e21b9011434e63f7dd95 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 9 Aug 2000 14:02:16 +0000 Subject: [PATCH 058/923] - Added two extra configuration options, Interface and InterfaceIP, to bind the listen socket to a network device or a specific IP. --- src/conf.c | 4 +++- src/conf.h | 4 +++- src/net.c | 22 ++++++++++++++++++---- 3 files changed, 24 insertions(+), 6 deletions(-) diff --git a/src/conf.c b/src/conf.c index 3b1eb49c..bfa0fee1 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.7 2000/08/07 14:52:14 guus Exp $ + $Id: conf.c,v 1.9.4.8 2000/08/09 14:02:15 guus Exp $ */ @@ -72,6 +72,8 @@ static internal_config_t hazahaza[] = { { "Hostnames", resolve_dns, TYPE_BOOL }, { "IndirectData", indirectdata, TYPE_BOOL }, { "TCPonly", tcponly, TYPE_BOOL }, + { "Interface", interface, TYPE_NAME }, + { "InterfaceIP", interfaceip, TYPE_IP }, { NULL, 0, 0 } }; diff --git a/src/conf.h b/src/conf.h index ca3c27e1..b5d08924 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.7 2000/08/07 16:27:27 guus Exp $ + $Id: conf.h,v 1.6.4.8 2000/08/09 14:02:16 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -50,6 +50,8 @@ typedef enum which_t { resolve_dns, indirectdata, tcponly, + interface, + interfaceip, } which_t; typedef struct config_t { diff --git a/src/net.c b/src/net.c index 3df55a76..7d780608 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.25 2000/08/09 09:34:21 guus Exp $ + $Id: net.c,v 1.35.4.26 2000/08/09 14:02:16 guus Exp $ */ #include "config.h" @@ -157,7 +157,7 @@ cp rp->from = ntohl(rp->from); total_socket_in += rp->len; - + if(rp->len >= 0) { f = lookup_conn(rp->from); @@ -460,6 +460,7 @@ int setup_listen_meta_socket(int port) int nfd, flags; struct sockaddr_in a; const int one = 1; + config_t const *cfg; cp if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { @@ -486,10 +487,23 @@ cp return -1; } + if((cfg = get_config_val(interface))) + { + if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr))) + { + syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr); + return -1; + } + } + memset(&a, 0, sizeof(a)); a.sin_family = AF_INET; a.sin_port = htons(port); - a.sin_addr.s_addr = htonl(INADDR_ANY); + + if((cfg = get_config_val(interfaceip))) + a.sin_addr.s_addr = htonl(cfg->data.ip->ip); + else + a.sin_addr.s_addr = htonl(INADDR_ANY); if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) { @@ -1128,7 +1142,7 @@ cp return -1; } - lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE-cl->buflen); + lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE - cl->buflen); if(lenin<=0) { From 3831f51a53088bfcc1d148fd54b3083afe7fde32 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 17 Aug 2000 16:51:08 +0000 Subject: [PATCH 059/923] Fixed all sprintf() spl01ts. --- src/encr.c | 12 +++++------- src/netutl.c | 8 +++----- src/tincd.c | 20 +++++++------------- 3 files changed, 15 insertions(+), 25 deletions(-) diff --git a/src/encr.c b/src/encr.c index 7830bbee..81c6e117 100644 --- a/src/encr.c +++ b/src/encr.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: encr.c,v 1.12.4.2 2000/06/30 21:03:50 guus Exp $ + $Id: encr.c,v 1.12.4.3 2000/08/17 16:51:07 guus Exp $ */ #include "config.h" @@ -98,13 +98,11 @@ int read_passphrase(char *which, char **out) cp if((cfg = get_config_val(passphrasesdir)) == NULL) { - filename = xmalloc(strlen(confbase)+13+strlen(which)); - sprintf(filename, "%spassphrases/%s", confbase, which); + asprintf(&filename, "%spassphrases/%s", confbase, which); } else { - filename = xmalloc(strlen(cfg->data.ptr)+2+strlen(which)); - sprintf(filename, "%s/%s", (char*)cfg->data.ptr, which); + asprintf(&filename, "%s/%s", (char*)cfg->data.ptr, which); } if((f = fopen(filename, "rb")) == NULL) @@ -268,7 +266,7 @@ int verify_passphrase(conn_list_t *cl, unsigned char *his_pubkey) mpz_t pk; unsigned char *out; BF_KEY bf_key; - char which[sizeof("123.123.123.123")+1]; + char *which; char *meuk; cp mpz_init_set_str(pk, his_pubkey, 36); @@ -282,7 +280,7 @@ cp if(key_inited) cipher_set_key(&encryption_key, encryption_keylen, text_key); - sprintf(which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip)); + asprintf(&which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip)); if((pplen = read_passphrase(which, &meuk)) < 0) return -1; diff --git a/src/netutl.c b/src/netutl.c index f57266c3..f3ef1341 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.6 2000/06/29 17:09:06 guus Exp $ + $Id: netutl.c,v 1.12.4.7 2000/08/17 16:51:07 guus Exp $ */ #include "config.h" @@ -187,13 +187,11 @@ cp if(!lookup_hostname || !host) { - name = xmalloc(20); - sprintf(name, "%s", inet_ntoa(in)); + asprintf(&name, "%s", inet_ntoa(in)); } else { - name = xmalloc(strlen(host->h_name)+1); - sprintf(name, "%s", host->h_name); + asprintf(&name, "%s", host->h_name); } cp return name; diff --git a/src/tincd.c b/src/tincd.c index e5257b56..0e0bc158 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.7 2000/08/08 14:54:57 guus Exp $ + $Id: tincd.c,v 1.10.4.8 2000/08/17 16:51:08 guus Exp $ */ #include "config.h" @@ -296,30 +296,24 @@ void make_names(void) { if(netname) { - configfilename = xmalloc(strlen(netname)+18+strlen(CONFDIR)); - sprintf(configfilename, "%s/tinc/%s/tinc.conf", CONFDIR, netname); + asprintf(&configfilename, "%s/tinc/%s/tinc.conf", CONFDIR, netname); } else { - configfilename = xmalloc(17+strlen(CONFDIR)); - sprintf(configfilename, "%s/tinc/tinc.conf", CONFDIR); + asprintf(&configfilename, "%s/tinc/tinc.conf", CONFDIR); } } if(netname) { - pidfilename = xmalloc(strlen(netname)+20); - sprintf(pidfilename, "/var/run/tinc.%s.pid", netname); - confbase = xmalloc(strlen(netname)+8+strlen(CONFDIR)); - sprintf(confbase, "%s/tinc/%s/", CONFDIR, netname); - identname = xmalloc(strlen(netname)+7); - sprintf(identname, "tinc.%s", netname); + asprintf(&pidfilename, "/var/run/tinc.%s.pid", netname); + asprintf(&confbase, "%s/tinc/%s/", CONFDIR, netname); + asprintf(&identname, "tinc.%s", netname); } else { pidfilename = "/var/run/tinc.pid"; - confbase = xmalloc(7+strlen(CONFDIR)); - sprintf(confbase, "%s/tinc/", CONFDIR); + asprintf(&confbase, "%s/tinc/", CONFDIR); identname = "tinc"; } } From d2c062a0a440d2871939b4ffdc2dbb137a4d45e7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 17 Aug 2000 17:22:01 +0000 Subject: [PATCH 060/923] Ran update-po and updated dutch translation. --- po/es.po | 1014 ++++++++++++++++++++++++++++++++++++------------------ po/nl.po | 681 +++++++++++++++++++----------------- 2 files changed, 1028 insertions(+), 667 deletions(-) diff --git a/po/es.po b/po/es.po index b4c8fc93..a040e0dd 100644 --- a/po/es.po +++ b/po/es.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre2\n" -"POT-Creation-Date: 2000-07-02 12:47+0100\n" +"POT-Creation-Date: 2000-08-17 18:13+0100\n" "PO-Revision-Date: 2000-07-02 12:49+01:00\n" "Last-Translator: Enrique Zanardi \n" "Language-Team: Spanish \n" @@ -13,39 +13,39 @@ msgstr "" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: src/conf.c:158 +#: src/conf.c:178 #, c-format msgid "%s: %d: Invalid variable name `%s'.\n" msgstr "%s: %d: Nombre de variable `%s' no válido.\n" -#: src/conf.c:165 +#: src/conf.c:185 #, c-format msgid "%s: %d: No value given for `%s'.\n" msgstr "%s: %d: No se ha definido un valor para `%s'.\n" -#: src/conf.c:173 +#: src/conf.c:193 #, c-format msgid "%s: %d: Invalid value `%s' for variable `%s'.\n" msgstr "%s: %d: Valor `%s' para la variable `%s' no válido.\n" -#: src/conf.c:194 +#: src/conf.c:217 #, c-format msgid "Could not open %s: %s\n" msgstr "No pude abrir %s: %s\n" -#: src/encr.c:112 src/net.c:333 +#: src/encr.c:111 src/net.c:445 #, c-format msgid "Could not open %s: %m" msgstr "No pude abrir %s: %m" -#: src/encr.c:119 +#: src/encr.c:118 #, c-format msgid "Illegal passphrase in %s; size would be %d" msgstr "Frase de paso ilegal en %s; el tamaño debe ser %d" #: src/encr.c:153 -#, c-format -msgid "Generating %d bits keys." +#, fuzzy, c-format +msgid "Generating %d bits keys" msgstr "Generando claves de %d bits." #: src/encr.c:157 @@ -94,486 +94,692 @@ msgid ": done.\n" msgstr ": hecho.\n" #: src/net.c:106 -#, c-format -msgid "Sent %d bytes to %lx" +#, fuzzy, c-format +msgid "Sending packet of %d bytes to %s (%s)" msgstr "Enviados %d bytes a %lx" -#: src/net.c:110 -#, c-format -msgid "Error sending data: %m" +#: src/net.c:118 +#, fuzzy, c-format +msgid "Error sending packet to %s (%s): %m" msgstr "Error enviando datos: %m" -#: src/net.c:130 +#: src/net.c:135 src/net.c:177 +#, fuzzy, c-format +msgid "Receiving packet of %d bytes from %s (%s)" +msgstr "Recibiendo clave de " + +#: src/net.c:139 src/net.c:181 #, c-format msgid "Can't write to tap device: %m" msgstr "No puedo escribir en el dispositivo tap: %m" -#: src/net.c:149 -#, c-format -msgid "packet to queue: %d" -msgstr "paquete a poner en cola: %d" +#: src/net.c:166 src/net.c:959 +#, fuzzy, c-format +msgid "Got packet from %s (%s) with unknown origin %d.%d.%d.%d?" +msgstr "He recibido un paquete desde un origen desconocido " -#: src/net.c:236 -msgid "queue flushed" +#: src/net.c:295 +#, fuzzy +msgid "Queue flushed" msgstr "cola vaciada" -#: src/net.c:251 -msgid "Flushing send queue for " +#: src/net.c:310 +#, fuzzy, c-format +msgid "Flushing send queue for %s (%s)" msgstr "Vaciando la cola de envíos para " -#: src/net.c:259 -msgid "Flushing receive queue for " +#: src/net.c:318 +#, fuzzy, c-format +msgid "Flushing receive queue for %s (%s)" msgstr "Vaciando la cola de recepción para " -#: src/net.c:277 -msgid "trying to look up " -msgstr "intentando buscar " +#: src/net.c:336 +#, c-format +msgid "Trying to look up %d.%d.%d.%d in connection list failed!" +msgstr "" -#: src/net.c:284 -msgid "There is no remote host I can send this packet to." +#: src/net.c:348 src/net.c:361 +#, fuzzy +msgid "There is no remote host I can send this packet to!" msgstr "No hay máquina remota a la que pueda enviar este paquete." -#: src/net.c:354 +#: src/net.c:375 +#, c-format +msgid "Indirect packet to %s via %s" +msgstr "" + +#: src/net.c:380 +#, c-format +msgid "Indirect look up %d.%d.%d.%d in connection list failed!" +msgstr "" + +#: src/net.c:390 +#, c-format +msgid "Double indirection for %d.%d.%d.%d" +msgstr "" + +#: src/net.c:402 +#, fuzzy, c-format +msgid "Could not open UDP connection to %s (%s)" +msgstr "No pude abrir %s: %s\n" + +#: src/net.c:409 +#, c-format +msgid "%s (%s) has no valid key, queueing packet" +msgstr "" + +#: src/net.c:419 +#, c-format +msgid "%s (%s) is not ready, queueing packet" +msgstr "" + +#: src/net.c:467 #, c-format msgid "Creating metasocket failed: %m" msgstr "Fallo al crear el metasocket: %m" -#: src/net.c:360 src/net.c:409 +#: src/net.c:473 src/net.c:479 src/net.c:541 #, c-format msgid "setsockopt: %m" msgstr "setsockopt(): %m" -#: src/net.c:367 src/net.c:416 src/net.c:468 +#: src/net.c:486 src/net.c:548 #, c-format msgid "fcntl: %m" msgstr "fcntl(): %m" -#: src/net.c:378 +#: src/net.c:494 +#, c-format +msgid "Unable to bind listen socket to interface %s: %m" +msgstr "" + +#: src/net.c:510 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Ha fallado la llamada a bind() con el puerto %hd/tcp: %m" -#: src/net.c:384 +#: src/net.c:516 #, c-format msgid "listen: %m" msgstr "listen(): %m" -#: src/net.c:403 src/net.c:451 +#: src/net.c:535 #, c-format msgid "Creating socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:427 +#: src/net.c:559 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Ha fallado la llamada a bind() con el puerto %hd/udp: %m" -#: src/net.c:474 +#: src/net.c:576 +#, fuzzy, c-format +msgid "Trying to connect to %s" +msgstr "Cerrando conexión con %s." + +#: src/net.c:586 +#, fuzzy, c-format +msgid "Creating socket for %s port %d failed: %m" +msgstr "Error al crear el `socket': %m" + +#: src/net.c:597 #, c-format -msgid "Connected to %s:%hd" +msgid "%s port %hd: %m" +msgstr "" + +#: src/net.c:604 +#, c-format +msgid "fcntl for %s port %d: %m" +msgstr "" + +#: src/net.c:610 +#, fuzzy, c-format +msgid "Connected to %s port %hd" msgstr "Conectado a %s:%hd" -#: src/net.c:495 -msgid "Could not set up a meta connection." +#: src/net.c:630 +#, fuzzy, c-format +msgid "Error looking up `%s': %m" +msgstr "Error buscando `%s': %s\n" + +#: src/net.c:640 +#, fuzzy, c-format +msgid "Could not set up a meta connection to %s" msgstr "No he podido configurar una meta conexión." -#: src/net.c:519 +#: src/net.c:665 msgid "No value for my VPN IP given" msgstr "No se ha definido un valor para mi VPN IP" -#: src/net.c:533 +#: src/net.c:690 msgid "Unable to set up a listening socket" msgstr "No puedo configurar un `socket' a la escucha" -#: src/net.c:539 +#: src/net.c:696 msgid "Unable to set up an incoming vpn data socket" msgstr "No puedo configurar un `socket' para recibir datos de la vpn" -#: src/net.c:546 -#, c-format -msgid "Ready: listening on port %d." +#: src/net.c:703 +#, fuzzy, c-format +msgid "Ready: listening on port %hd" msgstr "Listo: escuchando en el puerto %d." -#: src/net.c:569 -#, c-format -msgid "Still failed to connect to other. Will retry in %d seconds." +#: src/net.c:730 +#, fuzzy, c-format +msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Siguo sin poder conectar con el otro. Lo reintentaré en %d segundos." -#: src/net.c:602 -msgid "Try to re-establish outgoing connection in 5 minutes." -msgstr "Intento reestablecer la conexión saliente en 5 minutos." +#: src/net.c:768 +#, fuzzy, c-format +msgid "Trying to re-establish outgoing connection in %d seconds" +msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:640 -msgid "Terminating." +#: src/net.c:806 +#, fuzzy +msgid "Terminating" msgstr "Terminando." -#: src/net.c:654 -msgid "Opening UDP socket to " +#: src/net.c:820 +#, fuzzy, c-format +msgid "Opening UDP socket to %s" msgstr "Abriendo `socket' UDP a " -#: src/net.c:659 -#, c-format -msgid "Creating data socket failed: %m" +#: src/net.c:825 +#, fuzzy, c-format +msgid "Creating UDP socket failed: %m" +msgstr "Error al crear el `socket': %m" + +#: src/net.c:835 +#, fuzzy, c-format +msgid "Connecting to %s port %d failed: %m" msgstr "Error al crear `socket' de datos: %m" -#: src/net.c:669 -msgid "Connecting to " -msgstr "Conectando a " - -#: src/net.c:677 src/net.c:761 src/net.c:954 -#, c-format -msgid "This is a bug: %s:%d: %d:%m" +#: src/net.c:843 src/net.c:930 src/net.c:1128 +#, fuzzy, c-format +msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Esto es un `bug': %s:%d: %d:%m" -#: src/net.c:701 +#: src/net.c:868 #, c-format msgid "Error: getpeername: %m" msgstr "Error: getpeername(): %m" -#: src/net.c:713 -#, c-format -msgid "Connection from %s:%d" +#: src/net.c:881 +#, fuzzy, c-format +msgid "Connection from %s port %d" msgstr "Conexión desde %s:%d" -#: src/net.c:766 -#, c-format -msgid "Incoming data socket error: %s" +#: src/net.c:936 +#, fuzzy, c-format +msgid "Incoming data socket error for %s (%s): %s" msgstr "Error en el `socket' de recepción de datos: %s" -#: src/net.c:774 -#, c-format -msgid "Receiving data failed: %m" +#: src/net.c:945 +#, fuzzy, c-format +msgid "Receiving packet from %s (%s) failed: %m" msgstr "Error recibiendo datos: %m" -#: src/net.c:787 -msgid "packet from " -msgstr "paquete desde " - -#: src/net.c:791 -msgid "Got packet from unknown source " -msgstr "He recibido un paquete desde un origen desconocido " - -#: src/net.c:825 -#, c-format -msgid "Closing connection with %s." +#: src/net.c:993 +#, fuzzy, c-format +msgid "Closing connection with %s (%s)" msgstr "Cerrando conexión con %s." -#: src/net.c:841 -msgid "Try to re-establish outgoing connection in 5 seconds." +#: src/net.c:1037 +#, fuzzy +msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:893 +#: src/net.c:1067 #, c-format -msgid "%s (" -msgstr "%s (" +msgid "%s (%s) didn't respond to PING" +msgstr "" -#: src/net.c:924 +#: src/net.c:1098 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Error al aceptar una nueva conexión: %m" -#: src/net.c:932 -msgid "Closed attempted connection." +#: src/net.c:1106 +#, fuzzy +msgid "Closed attempted connection" msgstr "Se ha cerrado la conexión que se intentaba realizar." -#: src/net.c:959 -#, c-format -msgid "Metadata socket error: %s" +#: src/net.c:1134 +#, fuzzy, c-format +msgid "Metadata socket error for %s (%s): %s" msgstr "Error en el `socket' de metadatos: %s" -#: src/net.c:965 -msgid "Metadata read buffer overflow." +#: src/net.c:1141 +#, fuzzy +msgid "Metadata read buffer overflow!" msgstr "Desbordamiento del búfer de lectura de metadatos" -#: src/net.c:973 -#, c-format -msgid "Metadata socket read error: %m" +#: src/net.c:1154 +#, fuzzy, c-format +msgid "Connection closed by %s (%s)" +msgstr "Conexión desde %s:%d" + +#: src/net.c:1158 +#, fuzzy, c-format +msgid "Metadata socket read error for %s (%s): %m" msgstr "Error de lectura del `socket' de metadatos: %m" -#: src/net.c:1000 -#, c-format -msgid "Unknown request: %s" -msgstr "Petición desconocida: %s" - -#: src/net.c:1005 -#, c-format -msgid "Got request: %s" +#: src/net.c:1200 +#, fuzzy, c-format +msgid "Got request from %s (%s): %s" msgstr "He recibido una petición: %s" -#: src/net.c:1009 -msgid "Error while processing request from " +#: src/net.c:1206 +#, fuzzy, c-format +msgid "Unknown request from %s (%s)" +msgstr "Petición desconocida: %s" + +#: src/net.c:1213 +#, fuzzy, c-format +msgid "Error while processing request from %s (%s)" msgstr "Error al procesar la petición de " -#: src/net.c:1015 -msgid "Bogus data received." +#: src/net.c:1220 +#, fuzzy, c-format +msgid "Bogus data received from %s (%s)" msgstr "Se han recibido datos sin sentido." -#: src/net.c:1059 -#, c-format -msgid "Outgoing data socket error: %s" +#: src/net.c:1266 +#, fuzzy, c-format +msgid "Outgoing data socket error for %s (%s): %s" msgstr "Error en el `socket' de datos salientes: %s" -#: src/net.c:1094 +#: src/net.c:1302 #, c-format msgid "Error while reading from tapdevice: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1104 +#: src/net.c:1312 #, c-format msgid "Non-IP ethernet frame %04x from " msgstr "Trama ethernet no-IP %04x de " -#: src/net.c:1112 +#: src/net.c:1320 msgid "Dropping short packet" msgstr "Descartando paquete corto" -#: src/net.c:1120 -#, c-format -msgid "An IP packet (%04x) for " -msgstr "Un paquete IP (%04x) para " - -#: src/net.c:1158 +#: src/net.c:1359 #, c-format msgid "Error while waiting for input: %m" msgstr "Error esperando entrada: %m" -#: src/netutl.c:219 +#: src/net.c:1371 +msgid "Unable to reread configuration file, exiting" +msgstr "" + +#: src/netutl.c:220 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Error buscando `%s': %s\n" -#: src/netutl.c:243 +#: src/netutl.c:244 msgid "Connection list:" msgstr "Lista de conexiones:" -#: src/protocol.c:54 +#: src/netutl.c:248 #, c-format -msgid "Send ACK to %s" +msgid "" +"%s netmask %d.%d.%d.%d at %s port %hd flags %d sockets %d, %d status %04x" +msgstr "" + +#: src/protocol.c:56 +#, fuzzy, c-format +msgid "Sending ACK to %s (%s)" msgstr "Envio ACK a %s" -#: src/protocol.c:60 -#, c-format -msgid "send failed: %d:%d: %m" +#: src/protocol.c:63 +#, fuzzy, c-format +msgid "Send failed: %d:%d: %m" msgstr "Error enviando: %d:%d: %m" -#: src/protocol.c:64 src/protocol.c:480 -#, c-format -msgid "Connection with %s activated." -msgstr "Activada la conexión con %s." - -#: src/protocol.c:73 -msgid "Send TERMREQ to " +#: src/protocol.c:74 +#, fuzzy, c-format +msgid "Sending TERMREQ to %s (%s)" msgstr "Envío TERMREQ a " -#: src/protocol.c:81 src/protocol.c:99 src/protocol.c:117 src/protocol.c:134 -#: src/protocol.c:148 src/protocol.c:166 src/protocol.c:184 src/protocol.c:212 -#: src/protocol.c:233 src/protocol.c:251 src/protocol.c:265 src/protocol.c:292 -#: src/protocol.c:322 src/protocol.c:656 src/protocol.c:754 -#, c-format -msgid "send failed: %s:%d: %m" +#: src/protocol.c:82 src/protocol.c:100 src/protocol.c:118 src/protocol.c:137 +#: src/protocol.c:143 src/protocol.c:161 src/protocol.c:179 src/protocol.c:218 +#: src/protocol.c:236 src/protocol.c:264 src/protocol.c:285 src/protocol.c:303 +#: src/protocol.c:346 src/protocol.c:376 src/protocol.c:866 src/protocol.c:969 +#, fuzzy, c-format +msgid "Send failed: %s:%d: %m" msgstr "Error enviando: %s:%d: %m" -#: src/protocol.c:92 -msgid "Send TIMEOUT to " +#: src/protocol.c:93 +#, fuzzy, c-format +msgid "Sending TIMEOUT to %s (%s)" msgstr "Envío TIMEOUT a " -#: src/protocol.c:110 -msgid "Sending delete host " -msgstr "Enviando borra `host' " +#: src/protocol.c:111 +#, c-format +msgid "Sending DEL_HOST for %s (%s) to %s (%s)" +msgstr "" -#: src/protocol.c:128 -msgid "pinging " -msgstr "pinging " +#: src/protocol.c:130 +#, fuzzy, c-format +msgid "Sending PACKET to %s (%s)" +msgstr "Envio ACK a %s" -#: src/protocol.c:159 -msgid "Sending add host to " -msgstr "Enviando añade `host' a " - -#: src/protocol.c:177 -msgid "Sending KEY_CHANGED to " +#: src/protocol.c:154 +#, fuzzy, c-format +msgid "Sending PING to %s (%s)" msgstr "Enviando KEY_CHANGED to " -#: src/protocol.c:205 -msgid "Send BASIC_INFO to " +#: src/protocol.c:172 +#, fuzzy, c-format +msgid "Sending PONG to %s (%s)" +msgstr "Enviando KEY_CHANGED to " + +#: src/protocol.c:211 +#, c-format +msgid "Sending ADD_HOST for %s (%s) to %s (%s)" +msgstr "" + +#: src/protocol.c:229 +#, fuzzy, c-format +msgid "Sending KEY_CHANGED origin %s to %s (%s)" +msgstr "Enviando KEY_CHANGED to " + +#: src/protocol.c:257 +#, fuzzy, c-format +msgid "Sending BASIC_INFO to %s" msgstr "Enviando BASIC_INFO a " -#: src/protocol.c:226 -#, c-format -msgid "Send PASSPHRASE %s to " +#: src/protocol.c:278 +#, fuzzy, c-format +msgid "Sending PASSPHRASE to %s (%s)" msgstr "Enviando PASSPHRASE %s a " -#: src/protocol.c:244 -#, c-format -msgid "Send PUBLIC_KEY %s to " +#: src/protocol.c:296 +#, fuzzy, c-format +msgid "Sending PUBLIC_KEY to %s (%s)" msgstr "Enviando PUBLIC_KEY %s a " -#: src/protocol.c:279 -msgid "Attempting to send key request to " -msgstr "Intentando enviar petición de clave a " - -#: src/protocol.c:285 -msgid "Sending out request for public key to " -msgstr "Enviando petición de clave pública a " - -#: src/protocol.c:309 -msgid "Attempting to send key answer to " -msgstr "Intentando enviar respuesta de la clave a " - -#: src/protocol.c:315 -msgid "Sending public key to " -msgstr "Enviando clave pública a " - -#: src/protocol.c:370 +#: src/protocol.c:333 #, c-format -msgid "got bad BASIC_INFO request: %s" +msgid "Attempting to send REQ_KEY to %d.%d.%d.%d, which does not exist?" +msgstr "" + +#: src/protocol.c:339 +#, fuzzy, c-format +msgid "Sending REQ_KEY to %s (%s)" +msgstr "Enviando KEY_CHANGED to " + +#: src/protocol.c:363 +#, c-format +msgid "Attempting to send ANS_KEY to %d.%d.%d.%d, which does not exist?" +msgstr "" + +#: src/protocol.c:369 +#, fuzzy, c-format +msgid "Sending ANS_KEY to %s (%s)" +msgstr "Envio ACK a %s" + +#: src/protocol.c:424 +#, fuzzy, c-format +msgid "Got BASIC_INFO from %s" msgstr "recibí una petición BASIC_INFO incorrecta: %s" -#: src/protocol.c:376 -#, c-format -msgid "Peer uses incompatible protocol version %d." +#: src/protocol.c:428 +#, fuzzy, c-format +msgid "Got bad BASIC_INFO from %s" +msgstr "recibí una petición BASIC_INFO incorrecta: %s" + +#: src/protocol.c:437 +#, fuzzy, c-format +msgid "Peer uses incompatible protocol version %d" msgstr "" "La máquina remota usa una versión incompatible del protocolo (versión %d)." -#: src/protocol.c:382 +#: src/protocol.c:452 #, c-format -msgid "got BASIC_INFO(%hd," -msgstr "recibí BASIC_INFO(%hd," +msgid "Uplink %s (%s) is already in our connection list" +msgstr "" -#: src/protocol.c:385 -#, c-format -msgid "Peer uses protocol version %d" -msgstr "La máquina remota usa la versión %d del protocolo" - -#: src/protocol.c:411 -#, c-format -msgid "got bad PASSPHRASE request: %s" +#: src/protocol.c:482 +#, fuzzy, c-format +msgid "Got bad PASSPHRASE from %s (%s)" msgstr "recibí una petición PASSPHRASE incorrecta: %s" -#: src/protocol.c:417 -msgid "got PASSPHRASE" -msgstr "recibí PASSPHRASE" +#: src/protocol.c:489 +#, fuzzy, c-format +msgid "Got PASSPHRASE from %s (%s)" +msgstr "recibí una petición PASSPHRASE incorrecta: %s" -#: src/protocol.c:434 -#, c-format -msgid "got bad PUBLIC_KEY request: %s" +#: src/protocol.c:507 +#, fuzzy, c-format +msgid "Got bad PUBLIC_KEY from %s (%s)" msgstr "recibí una petición PUBLIC_KEY incorrecta: %s" -#: src/protocol.c:439 -#, c-format -msgid "got PUBLIC_KEY %s" +#: src/protocol.c:513 +#, fuzzy, c-format +msgid "Got PUBLIC_KEY from %s (%s)" msgstr "recibí PUBLIC_KEY %s" #. intruder! -#: src/protocol.c:444 -msgid "Intruder: passphrase does not match." +#: src/protocol.c:519 +#, fuzzy, c-format +msgid "Intruder from %s: passphrase for %s does not match!" msgstr "Intruso: la frase de paso no concuerda." -#: src/protocol.c:449 -msgid "Passphrase OK" -msgstr "Frase de paso OK" - -#: src/protocol.c:477 -msgid "got ACK" -msgstr "recibí ACK" - -#: src/protocol.c:517 +#: src/protocol.c:538 #, c-format -msgid "got bad DEL_HOST request: %s" +msgid "Removing old entry for %s at %s in favour of new connection from %s" +msgstr "" + +#: src/protocol.c:547 src/protocol.c:567 +#, fuzzy, c-format +msgid "Connection with %s (%s) activated" +msgstr "Activada la conexión con %s." + +#: src/protocol.c:561 +#, c-format +msgid "Got ACK from %s (%s)" +msgstr "" + +#: src/protocol.c:583 +#, c-format +msgid "Got unauthorized TERMREQ from %s (%s)" +msgstr "" + +#: src/protocol.c:589 +#, c-format +msgid "Got TERMREQ from %s (%s)" +msgstr "" + +#: src/protocol.c:604 +#, c-format +msgid "Got unauthorized TIMEOUT from %s (%s)" +msgstr "" + +#: src/protocol.c:610 +#, c-format +msgid "Got TIMEOUT from %s (%s)" +msgstr "" + +#: src/protocol.c:626 +#, fuzzy, c-format +msgid "Got unauthorized DEL_HOST from %s (%s)" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:522 -msgid "got DEL_HOST for " -msgstr "recibí DEL_HOST para " +#: src/protocol.c:633 +#, fuzzy, c-format +msgid "Got bad DEL_HOST from %s (%s)" +msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:527 -msgid "Somebody wanted to delete " -msgstr "Alguien quería borrar " - -#: src/protocol.c:545 -msgid "responding to ping from " -msgstr "respondiendo al `ping' de " - -#: src/protocol.c:559 -msgid "ok, got pong from " -msgstr "ok, recibí `pong' de " - -#: src/protocol.c:577 +#: src/protocol.c:640 #, c-format -msgid "got bad ADD_HOST request: %s" -msgstr "recibí una petición ADD_HOST incorrecta: %s" +msgid "Got DEL_HOST for %d.%d.%d.%d from %s (%s) which does not exist?" +msgstr "" -#: src/protocol.c:582 -msgid "Add host request from " -msgstr "Añado petición de `host' de " - -#: src/protocol.c:584 -msgid "got ADD_HOST(" -msgstr "recibí ADD_HOST(" - -#: src/protocol.c:596 -msgid "Invalid add_host request from " -msgstr "Petición add_host no válida de " - -#: src/protocol.c:625 +#: src/protocol.c:648 #, c-format -msgid "got bad request: %s" -msgstr "recibí una petición incorrecta: %s" +msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" +msgstr "" -#: src/protocol.c:630 -msgid "got REQ_KEY from " -msgstr "recibí REQ_KEY de " - -#: src/protocol.c:643 -msgid "Attempting to forward key request to " -msgstr "Intentando redirigir petición de clave a " - -#: src/protocol.c:649 -msgid "Forwarding request for public key to " -msgstr "Reenviando petición de clave pública a " - -#: src/protocol.c:709 src/protocol.c:769 +#: src/protocol.c:655 #, c-format -msgid "got bad ANS_KEY request: %s" -msgstr "recibí una petición ANS_KEY incorrecta: %s" +msgid "Got DEL_HOST for %s (%s) from %s (%s)" +msgstr "" + +#: src/protocol.c:674 +#, c-format +msgid "Got unauthorized PACKET from %s (%s)" +msgstr "" + +#: src/protocol.c:681 +#, c-format +msgid "Got bad PACKET from %s (%s)" +msgstr "" + +#: src/protocol.c:688 +#, c-format +msgid "Got too big PACKET from %s (%s)" +msgstr "" + +#: src/protocol.c:694 +#, c-format +msgid "Got PACKET length %d from %s (%s)" +msgstr "" + +#: src/protocol.c:708 +#, c-format +msgid "Got unauthorized PING from %s (%s)" +msgstr "" #: src/protocol.c:714 -msgid "got ANS_KEY from " -msgstr "recibí ANS_KEY de " +#, c-format +msgid "Got PING from %s (%s)" +msgstr "" -#: src/protocol.c:720 -msgid "Yeah! key arrived. Now do something with it." -msgstr "¡Sí! ha llegado una clave. Ahora a hacer algo con ella." +#: src/protocol.c:730 +#, c-format +msgid "Got unauthorized PONG from %s (%s)" +msgstr "" -#: src/protocol.c:725 -msgid "Receiving key from " -msgstr "Recibiendo clave de " +#: src/protocol.c:736 +#, c-format +msgid "Got PONG from %s (%s)" +msgstr "" -#: src/protocol.c:741 -msgid "Attempting to forward key to " -msgstr "Intentando redirigir la clave a " +#: src/protocol.c:755 +#, fuzzy, c-format +msgid "Got unauthorized ADD_HOST from %s (%s)" +msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:747 -msgid "Forwarding public key to " -msgstr "Redirigiendo clave pública a " +#: src/protocol.c:762 +#, fuzzy, c-format +msgid "Got bad ADD_HOST from %s (%s)" +msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:774 -msgid "got KEY_CHANGED from " +#: src/protocol.c:772 +#, c-format +msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" +msgstr "" + +#: src/protocol.c:779 +#, c-format +msgid "Removing old entry for %s (%s)" +msgstr "" + +#: src/protocol.c:789 +#, c-format +msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" +msgstr "" + +#: src/protocol.c:809 +#, c-format +msgid "Got ADD_HOST for %s (%s) from %s (%s)" +msgstr "" + +#: src/protocol.c:827 +#, c-format +msgid "Got unauthorized REQ_KEY from %s (%s)" +msgstr "" + +#: src/protocol.c:834 +#, fuzzy, c-format +msgid "Got bad REQ_KEY from %s (%s)" +msgstr "recibí REQ_KEY de " + +#: src/protocol.c:840 +#, c-format +msgid "Got REQ_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" +msgstr "" + +#: src/protocol.c:853 +#, c-format +msgid "Attempting to forward REQ_KEY to %d.%d.%d.%d, which does not exist?" +msgstr "" + +#: src/protocol.c:859 +#, c-format +msgid "Forwarding REQ_KEY to %s (%s)" +msgstr "" + +#: src/protocol.c:918 +#, c-format +msgid "Got unauthorized ANS_KEY from %s (%s)" +msgstr "" + +#: src/protocol.c:925 +#, fuzzy, c-format +msgid "Got bad ANS_KEY from %s (%s)" +msgstr "recibí una petición ANS_KEY incorrecta: %s" + +#: src/protocol.c:931 +#, c-format +msgid "Got ANS_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" +msgstr "" + +#: src/protocol.c:940 +#, c-format +msgid "" +"Receiving ANS_KEY origin %d.%d.%d.%d from %s (%s), which does not exist?" +msgstr "" + +#: src/protocol.c:956 +#, c-format +msgid "Attempting to forward ANS_KEY to %d.%d.%d.%d, which does not exist?" +msgstr "" + +#: src/protocol.c:962 +#, c-format +msgid "Forwarding ANS_KEY to %s (%s)" +msgstr "" + +#: src/protocol.c:983 +#, fuzzy, c-format +msgid "Got unauthorized KEY_CHANGED from %s (%s)" msgstr "recibí KEY_CHANGED de " -#: src/protocol.c:781 -msgid "Got changed key from " -msgstr "Recibí clave modificada de " +#: src/protocol.c:990 +#, fuzzy, c-format +msgid "Got bad KEY_CHANGED from %s (%s)" +msgstr "recibí KEY_CHANGED de " -#: src/protocol.c:790 -msgid "Forwarding key invalidation request" -msgstr "Redirigiendo petición de invalidación de clave" +#: src/protocol.c:999 +#, c-format +msgid "Got KEY_CHANGED origin %d.%d.%d.%d from %s (%s), which does not exist?" +msgstr "" -#: src/tincd.c:95 +#: src/protocol.c:1005 +#, fuzzy, c-format +msgid "Got KEY_CHANGED origin %s from %s (%s)" +msgstr "recibí KEY_CHANGED de " + +#: src/tincd.c:96 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Pruebe `%s --help' para más información.\n" -#: src/tincd.c:98 +#: src/tincd.c:99 #, c-format msgid "" "Usage: %s [option]...\n" @@ -582,7 +788,7 @@ msgstr "" "Modo de empleo: %s [opción]...\n" "\n" -#: src/tincd.c:99 +#: src/tincd.c:100 msgid "" " -c, --config=FILE Read configuration options from FILE.\n" " -D, --no-detach Don't fork and detach.\n" @@ -599,7 +805,7 @@ msgstr "" " -t, --timeout=TIEMPO Segundos a esperar antes de cancelar una " "trasmisión.\n" -#: src/tincd.c:105 +#: src/tincd.c:106 msgid "" " --help Display this help and exit.\n" " --version Output version information and exit.\n" @@ -609,67 +815,67 @@ msgstr "" " --version Muestra información de la versión y termina.\n" "\n" -#: src/tincd.c:107 +#: src/tincd.c:108 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "Comunicar `bugs' a tinc@nl.linux.org.\n" -#: src/tincd.c:145 +#: src/tincd.c:146 #, c-format msgid "Invalid timeout value `%s'.\n" msgstr "Valor de `timeout' no válido `%s'.\n" -#: src/tincd.c:159 -#, c-format -msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes); exiting." +#: src/tincd.c:160 +#, fuzzy, c-format +msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Memoria agotada (la última es %s:%d) (no pude asignar %d bytes); terminando." -#: src/tincd.c:214 -#, c-format -msgid "tincd %s (%s %s) starting, debug level %d." +#: src/tincd.c:215 +#, fuzzy, c-format +msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) comenzando, nivel de depuración %d." -#: src/tincd.c:217 -#, c-format -msgid "tincd %s starting, debug level %d." +#: src/tincd.c:218 +#, fuzzy, c-format +msgid "tincd %s starting" msgstr "tincd %s comenzando, nivel de depuración %d." -#: src/tincd.c:232 -#, c-format -msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d." +#: src/tincd.c:233 +#, fuzzy, c-format +msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Total de bytes escritos: tap %d, socket %d; bytes leidos: tap %d, socket %d." -#: src/tincd.c:250 +#: src/tincd.c:251 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "" "Un tincd está actualmente en ejecución para la red `%s' con el pid %d.\n" -#: src/tincd.c:253 +#: src/tincd.c:254 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Un tincd está actualmente en ejecución con el pid %d.\n" -#: src/tincd.c:274 +#: src/tincd.c:275 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "No hay ningún otro tincd en ejecución para la red `%s'.\n" -#: src/tincd.c:276 +#: src/tincd.c:277 msgid "No other tincd is running.\n" msgstr "No hay ningún otro tincd en ejecución.\n" -#: src/tincd.c:283 +#: src/tincd.c:284 msgid "Removing stale lock file.\n" msgstr "Borrando fichero de bloqueo en desuso.\n" -#: src/tincd.c:339 +#: src/tincd.c:334 #, c-format -msgid "%s version %s\n" -msgstr "%s versión %s\n" +msgid "%s version %s (built %s %s, protocol %d)\n" +msgstr "" -#: src/tincd.c:340 +#: src/tincd.c:335 msgid "" "Copyright (C) 1998,1999,2000 Ivo Timmermans and others,\n" "see the AUTHORS file for a complete list.\n" @@ -686,57 +892,177 @@ msgstr "" "y puede ser redistribuido bajo ciertas condiciones;\n" "vea el fichero COPYING para los detalles.\n" -#: src/tincd.c:345 +#: src/tincd.c:340 msgid "" "This product includes software developed by Eric Young (eay@mincom.oz.au)\n" msgstr "" "Este producto incluye software desarrollado por Eric Young " "(eay@mincom.oz.au)\n" -#: src/tincd.c:355 -msgid "You must be root to run this program. sorry.\n" +#: src/tincd.c:350 +#, fuzzy +msgid "You must be root to run this program. Sorry.\n" msgstr "" "Usted debe ser el superusuario para ejecutar este programa. Lo siento.\n" -#: src/tincd.c:390 +#: src/tincd.c:380 +#, c-format +msgid "Unrecoverable error, restarting in %d seconds!" +msgstr "" + +#: src/tincd.c:389 msgid "Got TERM signal" msgstr "Recibí la señal TERM" -#: src/tincd.c:398 +#: src/tincd.c:397 msgid "Got QUIT signal" msgstr "Recibí la señal QUIT" -#: src/tincd.c:405 +#: src/tincd.c:404 msgid "Got another SEGV signal: not restarting" msgstr "Recibí otra señal SEGV: no reinicio" -#: src/tincd.c:413 -#, c-format -msgid "Got SEGV signal after %s line %d. Trying to re-execute." +#: src/tincd.c:412 +#, fuzzy, c-format +msgid "Got SEGV signal after %s line %d, trying to re-execute" msgstr "Recibí la señal SEGV después de %s línea %d. Intento reiniciar." -#: src/tincd.c:416 -msgid "Got SEGV signal; trying to re-execute." +#: src/tincd.c:415 +#, fuzzy +msgid "Got SEGV signal, trying to re-execute" msgstr "Recibí la señal SEGV; intento reiniciar." -#: src/tincd.c:429 -msgid "Got HUP signal" -msgstr "Recibí la señal HUP" +#: src/tincd.c:427 +msgid "Got HUP signal, rereading configuration and restarting" +msgstr "" -#: src/tincd.c:439 -msgid "Got INT signal" +#: src/tincd.c:435 +#, fuzzy +msgid "Got INT signal, exiting" msgstr "Recibí la señal INT" -#: src/tincd.c:453 -msgid "Forcing new key generation" +#: src/tincd.c:449 +#, fuzzy +msgid "Got USR2 signal, forcing new key generation" msgstr "Forzando generación de una nueva clave" -#: src/tincd.c:461 -#, c-format -msgid "Got unexpected signal (%d) after %s line %d." +#: src/tincd.c:457 +#, fuzzy, c-format +msgid "Got unexpected signal %d after %s line %d" msgstr "Recibí una señal inesperada (%d) después de %s línea %d." -#: src/tincd.c:464 -#, c-format -msgid "Got unexpected signal (%d)." +#: src/tincd.c:460 +#, fuzzy, c-format +msgid "Got unexpected signal %d" msgstr "Recibí una señal inesperada (%d)." + +#~ msgid "packet to queue: %d" +#~ msgstr "paquete a poner en cola: %d" + +#~ msgid "trying to look up " +#~ msgstr "intentando buscar " + +#~ msgid "Try to re-establish outgoing connection in 5 minutes." +#~ msgstr "Intento reestablecer la conexión saliente en 5 minutos." + +#~ msgid "Connecting to " +#~ msgstr "Conectando a " + +#~ msgid "packet from " +#~ msgstr "paquete desde " + +#~ msgid "%s (" +#~ msgstr "%s (" + +#~ msgid "An IP packet (%04x) for " +#~ msgstr "Un paquete IP (%04x) para " + +#~ msgid "Sending delete host " +#~ msgstr "Enviando borra `host' " + +#~ msgid "pinging " +#~ msgstr "pinging " + +#~ msgid "Sending add host to " +#~ msgstr "Enviando añade `host' a " + +#~ msgid "Attempting to send key request to " +#~ msgstr "Intentando enviar petición de clave a " + +#~ msgid "Sending out request for public key to " +#~ msgstr "Enviando petición de clave pública a " + +#~ msgid "Attempting to send key answer to " +#~ msgstr "Intentando enviar respuesta de la clave a " + +#~ msgid "Sending public key to " +#~ msgstr "Enviando clave pública a " + +#~ msgid "got BASIC_INFO(%hd," +#~ msgstr "recibí BASIC_INFO(%hd," + +#~ msgid "Peer uses protocol version %d" +#~ msgstr "La máquina remota usa la versión %d del protocolo" + +#~ msgid "got PASSPHRASE" +#~ msgstr "recibí PASSPHRASE" + +#~ msgid "Passphrase OK" +#~ msgstr "Frase de paso OK" + +#~ msgid "got ACK" +#~ msgstr "recibí ACK" + +#~ msgid "got DEL_HOST for " +#~ msgstr "recibí DEL_HOST para " + +#~ msgid "Somebody wanted to delete " +#~ msgstr "Alguien quería borrar " + +#~ msgid "responding to ping from " +#~ msgstr "respondiendo al `ping' de " + +#~ msgid "ok, got pong from " +#~ msgstr "ok, recibí `pong' de " + +#~ msgid "Add host request from " +#~ msgstr "Añado petición de `host' de " + +#~ msgid "got ADD_HOST(" +#~ msgstr "recibí ADD_HOST(" + +#~ msgid "Invalid add_host request from " +#~ msgstr "Petición add_host no válida de " + +#~ msgid "got bad request: %s" +#~ msgstr "recibí una petición incorrecta: %s" + +#~ msgid "Attempting to forward key request to " +#~ msgstr "Intentando redirigir petición de clave a " + +#~ msgid "Forwarding request for public key to " +#~ msgstr "Reenviando petición de clave pública a " + +#~ msgid "got ANS_KEY from " +#~ msgstr "recibí ANS_KEY de " + +#~ msgid "Yeah! key arrived. Now do something with it." +#~ msgstr "¡Sí! ha llegado una clave. Ahora a hacer algo con ella." + +#~ msgid "Attempting to forward key to " +#~ msgstr "Intentando redirigir la clave a " + +#~ msgid "Forwarding public key to " +#~ msgstr "Redirigiendo clave pública a " + +#~ msgid "Got changed key from " +#~ msgstr "Recibí clave modificada de " + +#~ msgid "Forwarding key invalidation request" +#~ msgstr "Redirigiendo petición de invalidación de clave" + +#~ msgid "%s version %s\n" +#~ msgstr "%s versión %s\n" + +#~ msgid "Got HUP signal" +#~ msgstr "Recibí la señal HUP" diff --git a/po/nl.po b/po/nl.po index d24dcccc..f2ac38f1 100644 --- a/po/nl.po +++ b/po/nl.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-06-30 14:36+0200\n" +"POT-Creation-Date: 2000-08-17 18:13+0100\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -14,32 +14,32 @@ msgstr "" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: src/conf.c:175 +#: src/conf.c:178 #, c-format msgid "%s: %d: Invalid variable name `%s'.\n" msgstr "%s: %d: Ongeldige variabelenaam `%s'.\n" -#: src/conf.c:182 +#: src/conf.c:185 #, c-format msgid "%s: %d: No value given for `%s'.\n" msgstr "%s: %d: Geen waarde gegeven voor `%s'.\n" -#: src/conf.c:190 +#: src/conf.c:193 #, c-format msgid "%s: %d: Invalid value `%s' for variable `%s'.\n" msgstr "%s: %d: Ongeldige waarde `%s' voor variabele `%s'.\n" -#: src/conf.c:214 +#: src/conf.c:217 #, c-format msgid "Could not open %s: %s\n" msgstr "Kon %s niet openen: %s\n" -#: src/encr.c:112 src/net.c:390 +#: src/encr.c:111 src/net.c:445 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" -#: src/encr.c:119 +#: src/encr.c:118 #, c-format msgid "Illegal passphrase in %s; size would be %d" msgstr "Ongeldig wachtwoord in %s; grootte zou %d zijn" @@ -95,654 +95,689 @@ msgstr "" msgid ": done.\n" msgstr ": klaar.\n" -#: src/net.c:107 +#: src/net.c:106 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net.c:112 +#: src/net.c:118 #, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" -#: src/net.c:133 +#: src/net.c:135 src/net.c:177 #, c-format msgid "Receiving packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net.c:137 +#: src/net.c:139 src/net.c:181 #, c-format msgid "Can't write to tap device: %m" msgstr "Kan niet naar tap apparaat schrijven: %m" -#: src/net.c:240 -msgid "Queue flushed" -msgstr "Wachtrij leeggemaakt" - -#: src/net.c:255 -#, c-format -msgid "Flushing send queue for %s (%s)" -msgstr "Legen van verzend-wachtrij voor %s (%s)" - -#: src/net.c:263 -#, c-format -msgid "Flushing receive queue for %s (%s)" -msgstr "Legen van de ontvangst-wachtrij voor %s (%s)" - -#: src/net.c:281 -#, c-format -msgid "Trying to look up %d.%d.%d.%d in connection list failed!" -msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" - -#: src/net.c:293 src/net.c:306 -msgid "There is no remote host I can send this packet to!" -msgstr "Er is geen partner waar ik dit pakket naar kan sturen!" - -#: src/net.c:320 -#, c-format -msgid "Indirect packet to %s via %s" -msgstr "Indirect pakket naar %s via %s" - -#: src/net.c:325 -#, c-format -msgid "Indirect look up %d.%d.%d.%d in connection list failed!" -msgstr "Indirect opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" - -#: src/net.c:335 -#, c-format -msgid "Double indirection for %d.%d.%d.%d" -msgstr "Dubbele indirectie voor %d.%d.%d.%d" - -#: src/net.c:347 -#, c-format -msgid "Could not open UDP connection to %s (%s)" -msgstr "Kon geen UDP verbinding openen naar %s (%s)" - -#: src/net.c:354 -#, c-format -msgid "%s (%s) has no valid key, queueing packet" -msgstr "%s (%s) heeft geen geldige sleutel, pakket wordt in de wachtrij gezet" - -#: src/net.c:364 -#, c-format -msgid "%s (%s) is not ready, queueing packet" -msgstr "%s (%s) is niet gereed, pakket wordt in de wachtrij gezet" - -#: src/net.c:411 -#, c-format -msgid "Creating metasocket failed: %m" -msgstr "Aanmaak van metasocket mislukt: %m" - -#: src/net.c:417 src/net.c:466 -#, c-format -msgid "setsockopt: %m" -msgstr "setsockopt: %m" - -#: src/net.c:424 src/net.c:473 -#, c-format -msgid "fcntl: %m" -msgstr "fcntl: %m" - -#: src/net.c:435 -#, c-format -msgid "Can't bind to port %hd/tcp: %m" -msgstr "Kan niet aan poort %hd/tcp binden: %m" - -#: src/net.c:441 -#, c-format -msgid "listen: %m" -msgstr "listen: %m" - -#: src/net.c:460 -#, c-format -msgid "Creating socket failed: %m" -msgstr "Aanmaak socket mislukte: %m" - -#: src/net.c:484 -#, c-format -msgid "Can't bind to port %hd/udp: %m" -msgstr "Kan niet aan poort %hd/udp binden: %m" - -#: src/net.c:501 -#, c-format -msgid "Trying to connect to %s" -msgstr "Poging tot verbinding met %s" - -#: src/net.c:511 -#, c-format -msgid "Creating socket for %s port %d failed: %m" -msgstr "Aanmaken socket voor %s poort %d mislukt: %m" - -#: src/net.c:522 -#, c-format -msgid "%s port %hd: %m" -msgstr "%s poort %hd: %m" - -#: src/net.c:529 -#, c-format -msgid "fcntl for %s port %d: %m" -msgstr "fcntl voor %s poort %d: %m" - -#: src/net.c:534 -#, c-format -msgid "Connected to %s port %hd" -msgstr "Verbonden met %s poort %hd" - -#: src/net.c:557 -#, c-format -msgid "Could not set up a meta connection to %s" -msgstr "Kon geen metaverbinding aangaan met %s" - -#: src/net.c:582 -msgid "No value for my VPN IP given" -msgstr "Geen waarde gegeven voor mijn VPN IP adres" - -#: src/net.c:603 -msgid "Unable to set up a listening socket" -msgstr "Kon geen luistersocket aanmaken" - -#: src/net.c:609 -msgid "Unable to set up an incoming vpn data socket" -msgstr "Kon geen socket maken voor inkomend vpn verkeer" - -#: src/net.c:616 -#, c-format -msgid "Ready: listening on port %hd" -msgstr "Gereed: luisterend op poort %hd" - -#: src/net.c:643 -#, c-format -msgid "Still failed to connect to other, will retry in %d seconds" -msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" - -#: src/net.c:681 -#, c-format -msgid "Trying to re-establish outgoing connection in %d seconds" -msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" - -#: src/net.c:719 -msgid "Terminating" -msgstr "Beëindigen" - -#: src/net.c:733 -#, c-format -msgid "Opening UDP socket to %s" -msgstr "Bezig met openen UDP socket naar %s" - -#: src/net.c:738 -#, c-format -msgid "Creating UDP socket failed: %m" -msgstr "Aanmaak UDP socket mislukte: %m" - -#: src/net.c:748 -#, c-format -msgid "Connecting to %s port %d failed: %m" -msgstr "Verbinding naar %s poort %d mislukt: %m" - -#: src/net.c:756 src/net.c:843 src/net.c:1041 -#, c-format -msgid "This is a bug: %s:%d: %d:%m %s (%s)" -msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" - -#: src/net.c:781 -#, c-format -msgid "Error: getpeername: %m" -msgstr "Fout: getpeername: %m" - -#: src/net.c:794 -#, c-format -msgid "Connection from %s port %d" -msgstr "Verbinding van %s poort %d" - -#: src/net.c:849 -#, c-format -msgid "Incoming data socket error for %s (%s): %s" -msgstr "Fout op socket voor inkomend verkeer voor %s (%s): %s" - -#: src/net.c:858 -#, c-format -msgid "Receiving packet from %s (%s) failed: %m" -msgstr "Ontvangst pakket van %s (%s) mislukt: %m" - -#: src/net.c:872 +#: src/net.c:166 src/net.c:959 #, c-format msgid "Got packet from %s (%s) with unknown origin %d.%d.%d.%d?" msgstr "Kreeg pakket van %s (%s) met onbekende herkomst %d.%d.%d.%d?" -#: src/net.c:906 +#: src/net.c:295 +msgid "Queue flushed" +msgstr "Wachtrij leeggemaakt" + +#: src/net.c:310 +#, c-format +msgid "Flushing send queue for %s (%s)" +msgstr "Legen van verzend-wachtrij voor %s (%s)" + +#: src/net.c:318 +#, c-format +msgid "Flushing receive queue for %s (%s)" +msgstr "Legen van de ontvangst-wachtrij voor %s (%s)" + +#: src/net.c:336 +#, c-format +msgid "Trying to look up %d.%d.%d.%d in connection list failed!" +msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" + +#: src/net.c:348 src/net.c:361 +msgid "There is no remote host I can send this packet to!" +msgstr "Er is geen partner waar ik dit pakket naar kan sturen!" + +#: src/net.c:375 +#, c-format +msgid "Indirect packet to %s via %s" +msgstr "Indirect pakket naar %s via %s" + +#: src/net.c:380 +#, c-format +msgid "Indirect look up %d.%d.%d.%d in connection list failed!" +msgstr "Indirect opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" + +#: src/net.c:390 +#, c-format +msgid "Double indirection for %d.%d.%d.%d" +msgstr "Dubbele indirectie voor %d.%d.%d.%d" + +#: src/net.c:402 +#, c-format +msgid "Could not open UDP connection to %s (%s)" +msgstr "Kon geen UDP verbinding openen naar %s (%s)" + +#: src/net.c:409 +#, c-format +msgid "%s (%s) has no valid key, queueing packet" +msgstr "%s (%s) heeft geen geldige sleutel, pakket wordt in de wachtrij gezet" + +#: src/net.c:419 +#, c-format +msgid "%s (%s) is not ready, queueing packet" +msgstr "%s (%s) is niet gereed, pakket wordt in de wachtrij gezet" + +#: src/net.c:467 +#, c-format +msgid "Creating metasocket failed: %m" +msgstr "Aanmaak van metasocket mislukt: %m" + +#: src/net.c:473 src/net.c:479 src/net.c:541 +#, c-format +msgid "setsockopt: %m" +msgstr "setsockopt: %m" + +#: src/net.c:486 src/net.c:548 +#, c-format +msgid "fcntl: %m" +msgstr "fcntl: %m" + +#: src/net.c:494 +#, c-format +msgid "Unable to bind listen socket to interface %s: %m" +msgstr "Kon luistersocket niet binden aan interface %s: %m" + +#: src/net.c:510 +#, c-format +msgid "Can't bind to port %hd/tcp: %m" +msgstr "Kan niet aan poort %hd/tcp binden: %m" + +#: src/net.c:516 +#, c-format +msgid "listen: %m" +msgstr "listen: %m" + +#: src/net.c:535 +#, c-format +msgid "Creating socket failed: %m" +msgstr "Aanmaak socket mislukte: %m" + +#: src/net.c:559 +#, c-format +msgid "Can't bind to port %hd/udp: %m" +msgstr "Kan niet aan poort %hd/udp binden: %m" + +#: src/net.c:576 +#, c-format +msgid "Trying to connect to %s" +msgstr "Poging tot verbinding met %s" + +#: src/net.c:586 +#, c-format +msgid "Creating socket for %s port %d failed: %m" +msgstr "Aanmaken socket voor %s poort %d mislukt: %m" + +#: src/net.c:597 +#, c-format +msgid "%s port %hd: %m" +msgstr "%s poort %hd: %m" + +#: src/net.c:604 +#, c-format +msgid "fcntl for %s port %d: %m" +msgstr "fcntl voor %s poort %d: %m" + +#: src/net.c:610 +#, c-format +msgid "Connected to %s port %hd" +msgstr "Verbonden met %s poort %hd" + +#: src/net.c:630 +#, c-format +msgid "Error looking up `%s': %m" +msgstr "Fout bij het opzoeken van `%s': %m" + +#: src/net.c:640 +#, c-format +msgid "Could not set up a meta connection to %s" +msgstr "Kon geen metaverbinding aangaan met %s" + +#: src/net.c:665 +msgid "No value for my VPN IP given" +msgstr "Geen waarde gegeven voor mijn VPN IP adres" + +#: src/net.c:690 +msgid "Unable to set up a listening socket" +msgstr "Kon geen luistersocket aanmaken" + +#: src/net.c:696 +msgid "Unable to set up an incoming vpn data socket" +msgstr "Kon geen socket maken voor inkomend vpn verkeer" + +#: src/net.c:703 +#, c-format +msgid "Ready: listening on port %hd" +msgstr "Gereed: luisterend op poort %hd" + +#: src/net.c:730 +#, c-format +msgid "Still failed to connect to other, will retry in %d seconds" +msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" + +#: src/net.c:768 +#, c-format +msgid "Trying to re-establish outgoing connection in %d seconds" +msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" + +#: src/net.c:806 +msgid "Terminating" +msgstr "Beëindigen" + +#: src/net.c:820 +#, c-format +msgid "Opening UDP socket to %s" +msgstr "Bezig met openen UDP socket naar %s" + +#: src/net.c:825 +#, c-format +msgid "Creating UDP socket failed: %m" +msgstr "Aanmaak UDP socket mislukte: %m" + +#: src/net.c:835 +#, c-format +msgid "Connecting to %s port %d failed: %m" +msgstr "Verbinding naar %s poort %d mislukt: %m" + +#: src/net.c:843 src/net.c:930 src/net.c:1128 +#, c-format +msgid "This is a bug: %s:%d: %d:%m %s (%s)" +msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" + +#: src/net.c:868 +#, c-format +msgid "Error: getpeername: %m" +msgstr "Fout: getpeername: %m" + +#: src/net.c:881 +#, c-format +msgid "Connection from %s port %d" +msgstr "Verbinding van %s poort %d" + +#: src/net.c:936 +#, c-format +msgid "Incoming data socket error for %s (%s): %s" +msgstr "Fout op socket voor inkomend verkeer voor %s (%s): %s" + +#: src/net.c:945 +#, c-format +msgid "Receiving packet from %s (%s) failed: %m" +msgstr "Ontvangst pakket van %s (%s) mislukt: %m" + +#: src/net.c:993 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:950 +#: src/net.c:1037 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:980 +#: src/net.c:1067 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1011 +#: src/net.c:1098 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1019 +#: src/net.c:1106 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1047 +#: src/net.c:1134 #, c-format msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op socket voor metaverkeer voor %s (%s): %s" -#: src/net.c:1054 +#: src/net.c:1141 msgid "Metadata read buffer overflow!" msgstr "Metadata ontvangstbuffer overloop!" -#: src/net.c:1066 +#: src/net.c:1154 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding verbroken door %s (%s)" -#: src/net.c:1069 +#: src/net.c:1158 #, c-format msgid "Metadata socket read error for %s (%s): %m" msgstr "Fout op socket voor metaverkeer voor %s (%s) tijdens lezen: %m" -#: src/net.c:1094 +#: src/net.c:1200 #, c-format msgid "Got request from %s (%s): %s" msgstr "Ontving verzoek van %s (%s): %s" -#: src/net.c:1100 +#: src/net.c:1206 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/net.c:1107 +#: src/net.c:1213 #, c-format msgid "Error while processing request from %s (%s)" msgstr "Fout tijdens afhandelen van verzoek van %s (%s)" -#: src/net.c:1114 +#: src/net.c:1220 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/net.c:1159 +#: src/net.c:1266 #, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" -#: src/net.c:1195 +#: src/net.c:1302 #, c-format msgid "Error while reading from tapdevice: %m" msgstr "Fout tijdens lezen van tap-apparaatbestand tijdens lezen: %m" -#: src/net.c:1205 +#: src/net.c:1312 #, c-format msgid "Non-IP ethernet frame %04x from " msgstr "Niet-IP ethernet pakket %04x van " -#: src/net.c:1213 +#: src/net.c:1320 msgid "Dropping short packet" msgstr "Te kort pakket genegeerd" -#: src/net.c:1252 +#: src/net.c:1359 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1264 +#: src/net.c:1371 msgid "Unable to reread configuration file, exiting" msgstr "Fout tijdens herlezen configuratie bestand, beëindigen" -#: src/netutl.c:222 +#: src/netutl.c:220 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Fout bij het opzoeken van `%s': %s\n" -#: src/netutl.c:246 +#: src/netutl.c:244 msgid "Connection list:" msgstr "Verbindingslijst:" -#: src/netutl.c:250 +#: src/netutl.c:248 #, c-format msgid "" "%s netmask %d.%d.%d.%d at %s port %hd flags %d sockets %d, %d status %04x" msgstr "" "%s netmask %d.%d.%d.%d op %s poort %hd vlaggen %hd sockets %d, %d status %04x" -#: src/protocol.c:54 +#: src/protocol.c:56 #, c-format msgid "Sending ACK to %s (%s)" msgstr "Verzending ACK naar %s (%s)" -#: src/protocol.c:61 +#: src/protocol.c:63 #, c-format msgid "Send failed: %d:%d: %m" msgstr "Verzenden mislukte: %d:%d: %m" -#: src/protocol.c:72 +#: src/protocol.c:74 #, c-format msgid "Sending TERMREQ to %s (%s)" msgstr "Verzending TERMREQ naar %s (%s)" -#: src/protocol.c:80 src/protocol.c:98 src/protocol.c:116 src/protocol.c:134 -#: src/protocol.c:152 src/protocol.c:191 src/protocol.c:209 src/protocol.c:237 -#: src/protocol.c:258 src/protocol.c:276 src/protocol.c:319 src/protocol.c:349 -#: src/protocol.c:802 src/protocol.c:905 +#: src/protocol.c:82 src/protocol.c:100 src/protocol.c:118 src/protocol.c:137 +#: src/protocol.c:143 src/protocol.c:161 src/protocol.c:179 src/protocol.c:218 +#: src/protocol.c:236 src/protocol.c:264 src/protocol.c:285 src/protocol.c:303 +#: src/protocol.c:346 src/protocol.c:376 src/protocol.c:866 src/protocol.c:969 #, c-format msgid "Send failed: %s:%d: %m" msgstr "Verzenden mislukte: %s:%d: %m" -#: src/protocol.c:91 +#: src/protocol.c:93 #, c-format msgid "Sending TIMEOUT to %s (%s)" msgstr "Verzending TIMEOUT naar %s (%s)" -#: src/protocol.c:109 +#: src/protocol.c:111 #, c-format msgid "Sending DEL_HOST for %s (%s) to %s (%s)" msgstr "Verzending DEL_HOST voor %s (%s) naar %s (%s)" -#: src/protocol.c:127 +#: src/protocol.c:130 +#, c-format +msgid "Sending PACKET to %s (%s)" +msgstr "Verzending PACKET naar %s (%s)" + +#: src/protocol.c:154 #, c-format msgid "Sending PING to %s (%s)" msgstr "Verzending PING naar %s (%s)" -#: src/protocol.c:145 +#: src/protocol.c:172 #, c-format msgid "Sending PONG to %s (%s)" msgstr "Verzending PONG naar %s (%s)" -#: src/protocol.c:184 +#: src/protocol.c:211 #, c-format msgid "Sending ADD_HOST for %s (%s) to %s (%s)" msgstr "Verzending ADD_HOST voor %s (%s) naar %s (%s)" -#: src/protocol.c:202 +#: src/protocol.c:229 #, c-format msgid "Sending KEY_CHANGED origin %s to %s (%s)" msgstr "Verzending KEY_CHANGED herkomst %s naar %s (%s)" -#: src/protocol.c:230 +#: src/protocol.c:257 #, c-format msgid "Sending BASIC_INFO to %s" msgstr "Verzending BASIC_INFO naar %s" -#: src/protocol.c:251 +#: src/protocol.c:278 #, c-format msgid "Sending PASSPHRASE to %s (%s)" msgstr "Verzending PASSPHRASE naar %s (%s)" -#: src/protocol.c:269 +#: src/protocol.c:296 #, c-format msgid "Sending PUBLIC_KEY to %s (%s)" msgstr "Verzending PUBLIC_KEY naar %s (%s)" -#: src/protocol.c:306 +#: src/protocol.c:333 #, c-format msgid "Attempting to send REQ_KEY to %d.%d.%d.%d, which does not exist?" msgstr "Poging tot verzenden REQ_KEY naar %d.%d.%d.%d, die niet bestaat?" -#: src/protocol.c:312 +#: src/protocol.c:339 #, c-format msgid "Sending REQ_KEY to %s (%s)" msgstr "Verzending REQ_KEY naar %s (%s)" -#: src/protocol.c:336 +#: src/protocol.c:363 #, c-format msgid "Attempting to send ANS_KEY to %d.%d.%d.%d, which does not exist?" msgstr "Poging tot verzenden ANS_KEY naar %d.%d.%d.%d, die niet bestaat?" -#: src/protocol.c:342 +#: src/protocol.c:369 #, c-format msgid "Sending ANS_KEY to %s (%s)" msgstr "Verzending ANS_KEY naar %s (%s)" -#: src/protocol.c:397 +#: src/protocol.c:424 #, c-format msgid "Got BASIC_INFO from %s" msgstr "Kreeg BASIC_INFO van %s" -#: src/protocol.c:401 +#: src/protocol.c:428 #, c-format msgid "Got bad BASIC_INFO from %s" msgstr "Kreeg ongeldige BASIC_INFO van %s" -#: src/protocol.c:410 +#: src/protocol.c:437 #, c-format msgid "Peer uses incompatible protocol version %d" msgstr "De ander gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:425 +#: src/protocol.c:452 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "%s (%s) staat al in onze verbindingslijst" -#: src/protocol.c:455 +#: src/protocol.c:482 #, c-format msgid "Got bad PASSPHRASE from %s (%s)" msgstr "Kreeg ongeldige PASSPHRASE van %s (%s)" -#: src/protocol.c:462 +#: src/protocol.c:489 #, c-format msgid "Got PASSPHRASE from %s (%s)" msgstr "Kreeg PASSPHRASE van %s (%s)" -#: src/protocol.c:480 +#: src/protocol.c:507 #, c-format msgid "Got bad PUBLIC_KEY from %s (%s)" msgstr "Kreeg ongeldige PUBLIC_KEY van %s (%s)" -#: src/protocol.c:486 +#: src/protocol.c:513 #, c-format msgid "Got PUBLIC_KEY from %s (%s)" msgstr "Kreeg PUBLIC_KEY van %s (%s)" #. intruder! -#: src/protocol.c:492 +#: src/protocol.c:519 #, c-format msgid "Intruder from %s: passphrase for %s does not match!" msgstr "Indringer van %s: wachwoord voor %s komt niet overeen!" -#: src/protocol.c:510 +#: src/protocol.c:538 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:519 src/protocol.c:538 +#: src/protocol.c:547 src/protocol.c:567 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:533 +#: src/protocol.c:561 #, c-format msgid "Got ACK from %s (%s)" msgstr "Kreeg ACK van %s (%s)" -#: src/protocol.c:554 +#: src/protocol.c:583 #, c-format msgid "Got unauthorized TERMREQ from %s (%s)" msgstr "Kreeg niet-geautoriseerde TERMREQ van %s (%s)" -#: src/protocol.c:560 +#: src/protocol.c:589 #, c-format msgid "Got TERMREQ from %s (%s)" msgstr "Kreeg TERMREQ van %s (%s)" -#: src/protocol.c:575 +#: src/protocol.c:604 #, c-format msgid "Got unauthorized TIMEOUT from %s (%s)" msgstr "Kreeg niet-geautoriseerde TIMEOUT van %s (%s)" -#: src/protocol.c:581 +#: src/protocol.c:610 #, c-format msgid "Got TIMEOUT from %s (%s)" msgstr "Kreeg TIMEOUT van %s (%s)" -#: src/protocol.c:597 +#: src/protocol.c:626 #, c-format msgid "Got unauthorized DEL_HOST from %s (%s)" msgstr "Kreeg niet-geautoriseerde DEL_HOST van %s (%s)" -#: src/protocol.c:604 +#: src/protocol.c:633 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:611 +#: src/protocol.c:640 #, c-format msgid "Got DEL_HOST for %d.%d.%d.%d from %s (%s) which does not exist?" msgstr "Kreeg DEL_HOST voor %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:619 +#: src/protocol.c:648 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:626 +#: src/protocol.c:655 #, c-format msgid "Got DEL_HOST for %s (%s) from %s (%s)" msgstr "Kreeg DEL_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:644 +#: src/protocol.c:674 +#, c-format +msgid "Got unauthorized PACKET from %s (%s)" +msgstr "Kreeg niet-geautoriseerde PACKET van %s (%s)" + +#: src/protocol.c:681 +#, c-format +msgid "Got bad PACKET from %s (%s)" +msgstr "Kreeg ongeldige PACKET van %s (%s)" + +#: src/protocol.c:688 +#, c-format +msgid "Got too big PACKET from %s (%s)" +msgstr "Kreeg een te grote PACKET van %s (%s)" + +#: src/protocol.c:694 +#, c-format +msgid "Got PACKET length %d from %s (%s)" +msgstr "Kreeg PACKET met lengte %d van %s (%s)" + +#: src/protocol.c:708 #, c-format msgid "Got unauthorized PING from %s (%s)" msgstr "Kreeg niet-geautoriseerde PING van %s (%s)" -#: src/protocol.c:650 +#: src/protocol.c:714 #, c-format msgid "Got PING from %s (%s)" msgstr "Kreeg PING van %s (%s)" -#: src/protocol.c:666 +#: src/protocol.c:730 #, c-format msgid "Got unauthorized PONG from %s (%s)" msgstr "Kreeg niet-geautoriseerde PONG van %s (%s)" -#: src/protocol.c:672 +#: src/protocol.c:736 #, c-format msgid "Got PONG from %s (%s)" msgstr "Kreeg PONG van %s (%s)" -#: src/protocol.c:691 +#: src/protocol.c:755 #, c-format msgid "Got unauthorized ADD_HOST from %s (%s)" msgstr "Kreeg niet-geautoriseerde ADD_HOST van %s (%s)" -#: src/protocol.c:698 +#: src/protocol.c:762 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:708 +#: src/protocol.c:772 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:715 +#: src/protocol.c:779 #, c-format msgid "Removing old entry for %s (%s)" msgstr "Verwijdering oude verbinding voor %s (%s)" -#: src/protocol.c:725 +#: src/protocol.c:789 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:745 +#: src/protocol.c:809 #, c-format msgid "Got ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:763 +#: src/protocol.c:827 #, c-format msgid "Got unauthorized REQ_KEY from %s (%s)" msgstr "Kreeg niet-geautoriseerde REQ_KEY van %s (%s)" -#: src/protocol.c:770 +#: src/protocol.c:834 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:776 +#: src/protocol.c:840 #, c-format msgid "Got REQ_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" msgstr "Kreeg REQ_KEY herkmonst %d.%d.%d.%d bestemming %d.%d.%d.%d van %s (%s)" -#: src/protocol.c:789 +#: src/protocol.c:853 #, c-format msgid "Attempting to forward REQ_KEY to %d.%d.%d.%d, which does not exist?" msgstr "Poging tot doorsturen REQ_KEY naar %d.%d.%d.%d, die niet bestaat?" -#: src/protocol.c:795 +#: src/protocol.c:859 #, c-format msgid "Forwarding REQ_KEY to %s (%s)" msgstr "Doorsturen REQ_KEY naar %s (%s)" -#: src/protocol.c:854 +#: src/protocol.c:918 #, c-format msgid "Got unauthorized ANS_KEY from %s (%s)" msgstr "Kreeg niet-geautoriseerde ANS_KEY van %s (%s)" -#: src/protocol.c:861 +#: src/protocol.c:925 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:867 +#: src/protocol.c:931 #, c-format msgid "Got ANS_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" msgstr "Kreeg ANS_KEY herkomst %d.%d.%d.%d bestemming %d.%d.%d.%d van %s (%s)" -#: src/protocol.c:876 +#: src/protocol.c:940 #, c-format msgid "" "Receiving ANS_KEY origin %d.%d.%d.%d from %s (%s), which does not exist?" msgstr "Kreeg ANS_KEY herkomst %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:892 +#: src/protocol.c:956 #, c-format msgid "Attempting to forward ANS_KEY to %d.%d.%d.%d, which does not exist?" msgstr "Poging tot doorsturen ANS_KEY naar %d.%d.%d.%d, die niet besttaat?" -#: src/protocol.c:898 +#: src/protocol.c:962 #, c-format msgid "Forwarding ANS_KEY to %s (%s)" msgstr "Doorsturen ANS_KEY naar %s (%s)" -#: src/protocol.c:919 +#: src/protocol.c:983 #, c-format msgid "Got unauthorized KEY_CHANGED from %s (%s)" msgstr "Kreeg niet-geautoriseerde KEY_CHANGED van %s (%s)" -#: src/protocol.c:926 +#: src/protocol.c:990 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:935 +#: src/protocol.c:999 #, c-format msgid "Got KEY_CHANGED origin %d.%d.%d.%d from %s (%s), which does not exist?" msgstr "Kreeg KEY_CHANGED herkomst %d.%d.%d.%d van %s (%s), die niet bestaat?" -#: src/protocol.c:941 +#: src/protocol.c:1005 #, c-format msgid "Got KEY_CHANGED origin %s from %s (%s)" msgstr "Kreeg KEY_CHANGED herkomst %s van %s (%s)" -#: src/tincd.c:95 +#: src/tincd.c:96 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:98 +#: src/tincd.c:99 #, c-format msgid "" "Usage: %s [option]...\n" @@ -751,7 +786,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:99 +#: src/tincd.c:100 msgid "" " -c, --config=FILE Read configuration options from FILE.\n" " -D, --no-detach Don't fork and detach.\n" @@ -767,7 +802,7 @@ msgstr "" " -n, --net=NETNAAM Verbind met net NETNAAM.\n" " -t, --timeout=TIMEOUT Seconden wachten op timeout.\n" -#: src/tincd.c:105 +#: src/tincd.c:106 msgid "" " --help Display this help and exit.\n" " --version Output version information and exit.\n" @@ -777,69 +812,69 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:107 +#: src/tincd.c:108 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:145 +#: src/tincd.c:146 #, c-format msgid "Invalid timeout value `%s'.\n" msgstr "Ongeldige timeout waarde `%s'.\n" -#: src/tincd.c:159 +#: src/tincd.c:160 #, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken), beëindigen." -#: src/tincd.c:214 +#: src/tincd.c:215 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) gestart, debugniveau %d" -#: src/tincd.c:217 +#: src/tincd.c:218 #, c-format msgid "tincd %s starting" msgstr "tincd %s gestart" -#: src/tincd.c:232 +#: src/tincd.c:233 #, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " "socket %d." -#: src/tincd.c:250 +#: src/tincd.c:251 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd voor net `%s' draait al met procesnummer %d.\n" -#: src/tincd.c:253 +#: src/tincd.c:254 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met procesnummer %d.\n" -#: src/tincd.c:274 +#: src/tincd.c:275 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd gevonden voor net `%s'.\n" -#: src/tincd.c:276 +#: src/tincd.c:277 msgid "No other tincd is running.\n" msgstr "Geen andere tincd gevonden.\n" -#: src/tincd.c:283 +#: src/tincd.c:284 msgid "Removing stale lock file.\n" msgstr "Ongebruikt vergrendelingsbestand verwijderd.\n" -#: src/tincd.c:339 +#: src/tincd.c:334 #, c-format -msgid "%s version %s\n" -msgstr "%s versie %s\n" +msgid "%s version %s (built %s %s, protocol %d)\n" +msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:340 +#: src/tincd.c:335 msgid "" "Copyright (C) 1998,1999,2000 Ivo Timmermans and others,\n" "see the AUTHORS file for a complete list.\n" @@ -858,62 +893,62 @@ msgstr "" "zie het bestand COPYING voor details.\n" "\n" -#: src/tincd.c:345 +#: src/tincd.c:340 msgid "" "This product includes software developed by Eric Young (eay@mincom.oz.au)\n" msgstr "" "Dit produkt bevat programmatuur ontwikkeld door Eric Young " "(eay@mincom.oz.au)\n" -#: src/tincd.c:355 +#: src/tincd.c:350 msgid "You must be root to run this program. Sorry.\n" msgstr "" "Je moet systeembeheerder zijn om dit programma te kunnen draaien. Sorry.\n" -#: src/tincd.c:385 +#: src/tincd.c:380 #, c-format msgid "Unrecoverable error, restarting in %d seconds!" msgstr "Onherstelbare fout, herstart in %d seconden!" -#: src/tincd.c:394 +#: src/tincd.c:389 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/tincd.c:402 +#: src/tincd.c:397 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/tincd.c:409 +#: src/tincd.c:404 msgid "Got another SEGV signal: not restarting" msgstr "Kreeg nog een SEGV signaal: niet herstarten" -#: src/tincd.c:417 +#: src/tincd.c:412 #, c-format msgid "Got SEGV signal after %s line %d, trying to re-execute" msgstr "Kreeg SEGV signaal na %s regel %d, probeer opnieuw opstarten" -#: src/tincd.c:420 +#: src/tincd.c:415 msgid "Got SEGV signal, trying to re-execute" msgstr "Kreeg SEGV signaal, probeer opnieuw opstarten" -#: src/tincd.c:432 +#: src/tincd.c:427 msgid "Got HUP signal, rereading configuration and restarting" msgstr "Kreeg HUP signaal, herlezen configuratie en herstarten" -#: src/tincd.c:440 +#: src/tincd.c:435 msgid "Got INT signal, exiting" msgstr "Kreeg INT signaal, beëindigen" -#: src/tincd.c:454 +#: src/tincd.c:449 msgid "Got USR2 signal, forcing new key generation" msgstr "Kreeg USR2 signaal, nieuwe sleutels geforceerd" -#: src/tincd.c:462 +#: src/tincd.c:457 #, c-format msgid "Got unexpected signal %d after %s line %d" msgstr "Kreeg onverwacht signaal %d na %s regel %d" -#: src/tincd.c:465 -#, fuzzy, c-format +#: src/tincd.c:460 +#, c-format msgid "Got unexpected signal %d" -msgstr "Kreeg onverwacht signaal %d na %s regel %d" +msgstr "Kreeg onverwacht signaal %d" From 5c78e158d414595ab32399645678a43bb4469be6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 18 Aug 2000 11:17:09 +0000 Subject: [PATCH 061/923] Commented on some size calculations. --- src/encr.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/encr.c b/src/encr.c index 81c6e117..e90542c6 100644 --- a/src/encr.c +++ b/src/encr.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: encr.c,v 1.12.4.3 2000/08/17 16:51:07 guus Exp $ + $Id: encr.c,v 1.12.4.4 2000/08/18 11:17:09 guus Exp $ */ #include "config.h" @@ -61,8 +61,8 @@ int key_inited = 0, encryption_keylen; mpz_t my_private_key, my_public_key, generator, shared_prime; int my_key_expiry = (time_t)(-1); -static char* mypassphrase; -static int mypassphraselen; +char* mypassphrase; +int mypassphraselen; int char_hex_to_bin(int c) { @@ -118,12 +118,14 @@ cp syslog(LOG_ERR, _("Illegal passphrase in %s; size would be %d"), filename, size); return -1; } - size >>= 2; /* bits->nibbles */ - pp = xmalloc(size+2); - fgets(pp, size+1, f); + + /* Hmz... hackish... strange +1 and +2 stuff... I really like more comments on those alignment thingies! */ + + pp = xmalloc(size/4 + 1); /* Allocate enough for fgets */ + fgets(pp, size/4 + 1, f); /* Read passhrase and reserve one byte for end-of-string */ fclose(f); - *out = xmalloc(size); + *out = xmalloc(size/8 + 2); /* Allocate enough bytes, +1 for rounding if bits%8 != 0, +1 for 2-byte alignment */ cp return str_hex_to_bin(*out, pp); } From d3f41b803bf3c38910f24f1f268f182466723149 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 18 Aug 2000 14:45:38 +0000 Subject: [PATCH 062/923] Updated the manual: - incorporated comments from Stefan Hartsuiker - updated configuration variables section - added some text about key types --- doc/tinc.texi | 173 ++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 133 insertions(+), 40 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 10004234..edb5d2c2 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -30,7 +30,7 @@ Copyright 1998,199,2000 Ivo Timmermans @titlepage @title tinc Manual @subtitle Setting up a Virtual Private Network with tinc -@author Ivo Timmermans +@author Ivo Timmermans and Guus Sliepen @page @vskip 0pt plus 1filll @@ -100,7 +100,7 @@ more than just one way. Private networks can consist of a single stand-alone ethernet LAN. Or even two computers hooked up using a null-modem cable. In these cases, it is -obvious that the network is @emph{private}, noone can access it from the +obvious that the network is @emph{private}, no one can access it from the outside. But if your computers are linked to the internet, the network is not private anymore, unless one uses firewalls to block all private traffic. But then, there is no way to send private data to trusted @@ -219,7 +219,9 @@ kernel. @subsubheading Device files First, you'll need the special device file(s) that form the interface -between the kernel and the daemon. +between the kernel and the daemon. If you are running the new 2.4 kernel and +you are using the devfs filesystem, then the tap device will be automatically +generated as @file{/dev/netlink/tap0}. Otherwise, you have to make it yourself: @example mknod -m 600 /dev/tap0 c 36 16 @@ -233,7 +235,8 @@ tincd as root. If you want to, you may also create more device files, which would be numbered 0...15, with minor device numbers 16...31. They all should be -owned by root and have permission 600. +owned by root and have permission 600. Under devfs, these files will +be automatically generated. @subsubheading @file{/etc/networks} @@ -245,6 +248,9 @@ symbolic name. For example: myvpn 10.0.0.0 @end example +This has nothing to do with the MyVPNIP configuration variable that will be +discussed later, it is only to make the output of the route command more +legible. @subsubheading @file{/etc/services} @@ -288,15 +294,17 @@ use. It should be the same @emph{n} as the one you use for (0--ff). With previous versions of tincd, it didn't matter what they were. But newer kernels require properly set up ethernet addresses. In fact, the old behavior was wrong. It is required that the @emph{xx}s -match MyOwnVPNIP. +match the numbers of the IP address you will give to the tap device +and to the MyOwnVPNIP configuration (which will be discussed later): @example -ifconfig tap@emph{n} @emph{IP} netmask @emph{mask} +ifconfig tap@emph{n} @emph{xx}.@emph{xx}.@emph{xx}.@emph{xx} netmask @emph{mask} @end example This will activate the device with an IP address @emph{IP} with network -mask @emph{mask}. - +mask @emph{mask}. The netmask is the mask of the @emph{entire} VPN network, +not just your own subnet. It is the same netmask you will have to specify +with the VpnMask configuration variable. @c ================================================================== @@ -395,31 +403,67 @@ out, remember to replace it with at least one space character. @node Variables, , Configuration file, Configuration file @subsection Variables -Here are all valid variables, listed in alphabetical order: +Here are all valid variables, listed in alphabetical order. The default +value, required or optional is given between parentheses. @c straight from the manpage @table @asis -@item ConnectPort = port +@item ConnectPort = (655) Connect to the upstream host (given with the ConnectTo directive) on port port. port may be given in decimal (default), octal (when preceded by a single zero) or hexadecimal (prefixed with 0x). port is the port number for both the UDP and the TCP (meta) connections. -@item ConnectTo = (IP address|hostname) -Specifies which host to connect to on startup. If the ConnectPort -variable is omitted, then tinc will try to connect to port 655. +@item ConnectTo = (optional) +Specifies which host to connect to on startup. Multiple ConnectTo variables +may be specified, if connecting to the first one fails then tinc will try +the next one, and so on. It is possible to specify hostnames for dynamic IP +addresses (like those given on dyndns.org), tinc will not cache the resolved +IP address. If you don't specify a host with ConnectTo, regardless of whether a value for ConnectPort is given, tinc won't connect at all, and will -instead just listen for incoming connections. Only the initiator of a -tinc VPN should need this. +instead just listen for incoming connections. -@item ListenPort = port +@item Hostnames = (no) +This option selects whether IP addresses (both real and on the VPN) should +be resolved. Since DNS lookups are blocking, it might affect tinc's +efficiency, even stopping the daemon for a few seconds everytime it does +a lookup if your DNS server is not responding. + +This does not affect resolving hostnames to IP addresses from the configuration +file. + +@item IndirectData = (no) +This option specifies whether other tinc daemons besides the one you +specified with ConnectTo can make a direct connection to you. This is +especially useful if you are behind a firewall and it is impossible +to make a connection from the outside to your tinc daemon. Otherwise, +it is best to leave this option out or set it to no. + +@item Interface = (optional) +If you have more than one network interface in your computer, tinc will by +default listen on all of them for incoming connections. It is possible to +bind tinc to a single interface like eth0 or ppp0 with this variable. + +@item InterfaceIP = (optional) +If your computer has more than one IP address on a single interface (for example +if you are running virtual hosts), tinc will by default listen on all of them for +incoming connections. It is possible to bind tinc to a single IP address with +this variable. It is still possible to listen on several interfaces at the same +time though, if they share the same IP address. + +@item KeyExpire = (3600) +This option controls the time the encryption keys used to encrypt the data +are valid. It is common practice to change keys at regular intervals to +make it even harder for crackers, even though it is thought to be nearly +impossible to crack a single key. + +@item ListenPort = (655) Listen on local port port. The computer connecting to this daemon should -use this number as the argument for his ConnectPort. Again, the -default is 655. +use this number as the argument for his ConnectPort. -@item MyOwnVPNIP = local address[/maskbits] +@item MyOwnVPNIP = (required) The local address is the number that the daemon will propagate to other daemons on the network when it is identifying itself. Hence this will be the file name of the passphrase file that the other end expects @@ -432,32 +476,40 @@ equal to the IP address (see the example). maskbits is the number of bits set to 1 in the netmask part. -@item MyVirtualIP = local address[/maskbits] +@item MyVirtualIP = This is an alias for MyOwnVPNIP. -@item Passphrases = directory +@item Passphrases = (/etc/tinc/NETNAME/passphrases) The directory where tinc will look for passphrases when someone tries to connect. Please see the manpage for genauth(8) for more information about passphrases as used by tinc. -@item PingTimeout = number +@item PingTimeout = (5) The number of seconds of inactivity that tinc will wait before sending a probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. -@item TapDevice = device +@item TapDevice = (/dev/tap0) The ethertap device to use. Note that you can only use one device per daemon. The info pages of the tinc package contain more information about configuring an ethertap device for Linux. -@item VpnMask = mask +@item TCPonly = (no, experimental) +If this variable is set to yes, then the packets are tunnelled over a TCP +connection instead of a UDP connection. This is especially useful for those +who want to run a tinc daemon from behind a masquerading firewall, or if +UDP packet routing is disabled somehow. This is experimental code, +try this at your own risk. + +@item VpnMask = (optional) The mask that defines the scope of the entire VPN. This option is not used by the tinc daemon itself, but can be used by startup scripts to configure the ethertap devices correctly. @end table + @c ================================================================== @node Example, , Configuration file, Configuring tinc @section Example @@ -483,17 +535,18 @@ need to run tincd, but it must do a port forwarding of TCP&UDP on port 655 (unless otherwise configured). In this example, it is assumed that eth0 is the interface that points to -the inner LAN of the office. This could be the same as the interface -that leads to the internet. +the inner LAN of the office, although this could also be the same as the interface +that leads to the internet. The configuration of the real interface is also shown +as a comment, to give you an idea of how these example host is set up. @subsubheading For A @emph{A} would be configured like this: @example +#ifconfig eth0 10.1.54.1 netmask 255.255.0.0 broadcast 10.1.255.255 ifconfig tap0 hw ether fe:fd:0a:01:36:01 ifconfig tap0 10.1.54.1 netmask 255.0.0.0 -ifconfig eth0 10.1.54.1 netmask 255.255.0.0 broadcast 10.1.255.255 @end example and in /etc/tinc/tinc.conf: @@ -507,9 +560,9 @@ VpnMask = 255.0.0.0 @subsubheading For B @example +#ifconfig eth0 10.2.43.8 netmask 255.255.0.0 broadcast 10.2.255.255 ifconfig tap0 hw ether fe:fd:0a:02:01:0c ifconfig tap0 10.2.1.12 netmask 255.0.0.0 -ifconfig eth0 10.2.43.8 netmask 255.255.0.0 broadcast 10.2.255.255 @end example and in /etc/tinc/tinc.conf: @@ -528,30 +581,33 @@ connect to this node. @subsubheading For C @example +#ifconfig eth0 10.3.69.254 netmask 255.255.0.0 broadcast 10.3.255.255 ifconfig tap0 hw ether fe:fd:0a:03:45:fe ifconfig tap0 10.3.69.254 netmask 255.0.0.0 -ifconfig eth0 10.3.69.254 netmask 255.255.0.0 broadcast 10.3.255.255 @end example and in /etc/tinc/A/tinc.conf: @example MyVirtualIP = 10.3.69.254/16 +TapDevice = /dev/tap1 ConnectTo = 1.2.3.4 ListenPort = 2000 VpnMask = 255.0.0.0 @end example C already has another daemon that runs on port 655, so they have to -reserve another port for tinc. They also use the netname to distinguish +reserve another port for tinc. It can connect to other tinc daemons on +the regular port though, so no ConnectPort variable is needed. +They also use the netname to distinguish between the two. tinc is started with `tincd -n A'. @subsubheading For D @example +#ifconfig tap0 10.4.3.32 netmask 255.255.0.0 broadcast 10.4.255.255 ifconfig tap0 hw ether fe:fd:0a:04:03:20 ifconfig tap0 10.4.3.32 netmask 255.0.0.0 -ifconfig tap0 10.4.3.32 netmask 255.255.0.0 broadcast 10.4.255.255 @end example and in /etc/tinc/tinc.conf: @@ -564,7 +620,8 @@ VpnMask=255.0.0.0 @end example D will be connecting to C, which has a tincd running for this network on -port 2000. Hence they need to put in a ConnectPort. +port 2000. Hence they need to put in a ConnectPort, but it doesn't need +to have a different ListenPort. @subsubheading Authentication @@ -810,16 +867,48 @@ This chapter is a mixture of ideas, reasoning and explanation, please don't take it too serious. @menu +* Key Types:: * Key Management:: * Authentication:: * Protection:: @end menu +@c ================================================================== +@node Key Types, Key Management, Security, Security +@subsection Key Types +@c FIXME: check if I'm not talking nonsense + +There are several types of encryption keys. Tinc uses two of them, +symmetric private keypairs and public/private keypairs. + +Public/private keypairs are used in public key cryptography. It enables +someone to send out a public key with which other people can encrypt their +data. The encrypted data now can only be decrypted by the person who has +the private key that matches the public key. So, a public key only allows +@emph{other} people to send encrypted messages to you. This is very useful +in setting up private communications channels. Just send out your public key +and other people can talk to you in a secure way. But how can you know +the other person is who he says he is? + +For authentication itself tinc uses symmetric private keypairs, referred +to as a passphrase. The identity of each tinc daemon is defined by it's +passphrase (like you can be identified by your social security number). +Every tinc daemon that is allowed to connect to you has a copy of your +passphrase (hence symmetrical). + +It would also be possible to use public/private keypairs for authentication, +so that you could shout out your public key and don't need to keep it +secret (like the passphrase you would have to send to someone else). Also, +no one else has to know a private key from you. +Both forms have their pros and cons, and at the moment tinc just uses passphrases +(which are computationaly more efficient and perhaps in some way more +secure). @c ================================================================== -@node Key Management, Authentication, Security, Security +@node Key Management, Authentication, Key Types, Security @subsection Key Management @c FIXME: recheck +@c I did, it sounds sane :) [guus] @cindex Diffie-Hellman You can't just send a private encryption key to your peer, because @@ -840,10 +929,6 @@ mod p. This is then sent to B; while B computes g^b mod p, and transmits this to A, b being generated by B. Both a and b must be smaller than p-1. -These private keys are generated upon startup, and they are not changed -while the connection exists. A possible feature in the future is to -dynamically change the keys, every hour for example. - Both parties then calculate g^ab mod p = k. k is the new, shared, but still secret key. @@ -864,17 +949,25 @@ system. We will let A transmit a passphrase that is also known to B encrypted with g^a, before A sends this to B. This way, B can check whether A is really A or just someone else. +B will never receive the real passphrase though, because it was +encrypted using public/private keypairs. This way there is no way an +imposter could steal A's passphrase. @cindex passphrase +@c ehrmz... but we only use 1024 bits passphrases ourselves? [guus] This passphrase should be 2304 bits for a symmetric encryption system. But since an asymmetric system is more secure, we could do with 2048 bits. This only holds if the passphrase is very random. These passphrases could be stored in a file that is non-readable by -anyone else but root; e.g. @file{/etc/vpn/passphrases}. +anyone else but root; e.g. @file{/etc/tinc/passphrases} with UID 0 +and permissions mode 700. -The only thing that needs to be taken care of is how A announces its -passphrase to B. +The only thing that needs to be taken care of is how A can securely send +a copy of it's passphrase to B if B doesn't have it yet. This could be +done via mail with PGP, but you should be really convinced of the +identity of the person who owns the email address you are sending this to. +Swapping floppy disks in real life might be the best way to do this! @c ================================================================== From 861e808fef1f6796d837215f9ad135fb4cb50f5c Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 20 Aug 2000 23:07:18 +0000 Subject: [PATCH 063/923] (Quoting Laurence Lane:) The prefix is correctly set for /usr, but is overridden with the current make install. DESTDIR is the clean way to relocate the installation into the debian/tmp build dir. --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 34fcb9ba..91c6ac63 100644 --- a/debian/rules +++ b/debian/rules @@ -32,7 +32,7 @@ install: build dh_clean -k dh_installdirs - $(MAKE) install prefix=`pwd`/debian/tmp/usr + $(MAKE) install DESTDIR=`pwd`/debian/tmp/usr mkdir -p `pwd`/debian/tmp/etc/tinc/example cp doc/tinc.conf.sample `pwd`/debian/tmp/etc/tinc/example/tinc.conf ln -s /usr/share/doc/tinc/README.Debian `pwd`/debian/tmp/etc/tinc/example/README From 94a32c4b2d2ff5d4bb1376fe5ec96c6dec55f630 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 20 Aug 2000 23:08:17 +0000 Subject: [PATCH 064/923] Also chomp $VPNMASK --- debian/init.d | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/init.d b/debian/init.d index d61becb1..62c9de35 100644 --- a/debian/init.d +++ b/debian/init.d @@ -1,7 +1,7 @@ #! /usr/bin/perl -w # # System startup script for tinc -# $Id: init.d,v 1.14.2.1 2000/06/03 23:32:03 zarq Exp $ +# $Id: init.d,v 1.14.2.2 2000/08/20 23:08:17 zarq Exp $ # # Based on Lubomir Bulej's Redhat init script. # @@ -68,6 +68,7 @@ sub vpn_load { chomp($VPN); } elsif ( /^[ ]*VpnMask[ =]+([^ \#]+)/i ) { $VPNMASK=$1; + chomp($VPNMASK); } } if(!defined($DEV)) { From d9af4f32330a495789d8eecdabbbb49928f074a7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 21 Aug 2000 12:50:15 +0000 Subject: [PATCH 065/923] Updated tinc.conf manual. --- doc/tinc.conf.5 | 121 +++++++++++++++++++++++++++++++----------------- 1 file changed, 79 insertions(+), 42 deletions(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index bbe1091c..42d9cf28 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -59,67 +59,104 @@ one space character. .PP .SH "VARIABLES" .PP -Here are all valid variables, listed in alphabetical order: +Here are all valid variables, listed in alphabetical order. The default +value, required or optional is given between parentheses. .TP -\fBConnectPort = \fIport\fR -Connect to the upstream host (given with the \fBConnectTo\fR -directive) on port \fIport\fR. \fIport\fR may be given in decimal -(default), octal (when preceded by a single zero) or hexadecimal -(prefixed with \fB0x\fR). \fIport\fR is the port number for both the -UDP and the TCP (meta) connections. +\fBConnectPort\fR = <\fIport\fR> (655) +Connect to the upstream host (given with the \fBConnectTo\fR directive) on +port \fIport\fR. port may be given in decimal (default), octal (when preceded +by a single zero) or hexadecimal (prefixed with 0x). \fIport\fR is the port +number for both the UDP and the TCP (meta) connections. .TP -\fBConnectTo = \fB(\fIIP address\fB|\fIhostname\fB)\fR -Specifies which host to connect to on startup. If the -\fBConnectPort\fR variable is omitted, then tinc will try to connect -to port 655. +\fBConnectTo\fR = <\fIIP address|hostname\fR> (optional) +Specifies which host to connect to on startup. Multiple \fBConnectTo\fR variables +may be specified, if connecting to the first one fails then tinc will try +the next one, and so on. It is possible to specify hostnames for dynamic IP +addresses (like those given on dyndns.org), tinc will not cache the resolved +IP address. -If you don't specify a host with \fBConnectTo\fR, tinc won't connect -at all, and will instead just listen for incoming connections. Only -the initiator of a tinc VPN should need this. +If you don't specify a host with \fBConnectTo\fR, regardless of whether a +value for \fBConnectPort\fR is given, tinc won't connect at all, and will +instead just listen for incoming connections. .TP -\fBKeyExpire = \fIs\fR -The secret (and public) key expires after \fIs\fR seconds. The default -is 3600 seconds, or one hour. +\fBHostnames\fR = <\fIyes|no\fR> (no) +This option selects whether IP addresses (both real and on the VPN) should +be resolved. Since DNS lookups are blocking, it might affect tinc's +efficiency, even stopping the daemon for a few seconds everytime it does +a lookup if your DNS server is not responding. -If you make it shorter, a lot of time and bandwidth is spent -negotiating over the new keys. If you make it longer, you make -yourself more vulnerable to crackers, because they have more data to -work with. The best value depends on the speed of the link, and the -amount of data that goes over it. +This does not affect resolving hostnames to IP addresses from the configuration +file. .TP -\fBListenPort = \fIport\fR -Listen on local port \fIport\fR. The computer connecting to this -daemon should use this number as the argument for his -\fBConnectPort\fR. Again, the default is 655. +\fBIndirectData\fR = <\fIyes|no\fR> (no) +This option specifies whether other tinc daemons besides the one you +specified with \fBConnectTo\fR can make a direct connection to you. This is +especially useful if you are behind a firewall and it is impossible +to make a connection from the outside to your tinc daemon. Otherwise, +it is best to leave this option out or set it to no. .TP -\fBMyOwnVPNIP = \fInetwork address\fR[\fB/\fImaskbits\fR] -The \fInetwork address\fR is the number that the daemon will propagate -to other daemons on the network when it is identifying itself. Hence -this will be the file name of the passphrase file that the other end -expects to find the passphrase in. +\fBInterface\fR = <\fIdevice\fR> (optional) +If you have more than one network interface in your computer, tinc will by +default listen on all of them for incoming connections. It is possible to +bind tinc to a single interface like eth0 or ppp0 with this variable. +.TP +\fBInterfaceIP\fR = <\fIlocal address\fR> (optional) +If your computer has more than one IP address on a single interface (for example +if you are running virtual hosts), tinc will by default listen on all of them for +incoming connections. It is possible to bind tinc to a single IP address with +this variable. It is still possible to listen on several interfaces at the same +time though, if they share the same IP address. +.TP +\fBKeyExpire\fR = <\fIseconds\fR> (3600) +This option controls the time the encryption keys used to encrypt the data +are valid. It is common practice to change keys at regular intervals to +make it even harder for crackers, even though it is thought to be nearly +impossible to crack a single key. +.TP +\fBListenPort\fR = <\fIport\fR> (655) +Listen on local port \fIport\fR. The computer connecting to this daemon should +use this number as the argument for his \fBConnectPort\fR. +.TP +\fBMyOwnVPNIP\fR = <\fIlocal address[/maskbits]\fR> (required) +The \fIlocal address\fR is the number that the daemon will propagate to +other daemons on the network when it is identifying itself. Hence this +will be the file name of the passphrase file that the other end expects +to find the passphrase in. + +The local address is the IP address of the tap device, not the real IP +address of the host running tincd. Due to changes in recent kernels, it +is also necessary that you make the ethernet (also known as MAC) address +equal to the IP address (see the example). \fImaskbits\fR is the number of bits set to 1 in the netmask part. .TP -\fBMyVirtualIP = \fInetwork address\fR[\fB/\fImaskbits\fR] +\fBMyVirtualIP\fR = <\fIlocal address[/maskbits]> This is an alias for \fBMyOwnVPNIP\fR. .TP -\fBPassphrases = \fIdirectory\fR -The directory where tinc will look for passphrases when someone tries -to cennect. Please see the manpage for \fBgenauth\fR(8) for more -information about passphrases as used by tinc. +\fBPassphrases\fR = <\fIdirectory\fR> (/etc/tinc/NETNAME/passphrases) +The directory where tinc will look for passphrases when someone tries to +connect. Please see the manpage for genauth(8) for more information +about passphrases as used by tinc. .TP -\fBPingTimeout = \fInumber\fR -The number of seconds of inactivity that tinc will wait before sending -a probe to the other end. If that other end doesn't answer within that +\fBPingTimeout\fR = <\fIseconds\fR> (5) +The number of seconds of inactivity that tinc will wait before sending a +probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. .TP -\fBTapDevice = \fIdevice\fR +\fBTapDevice\fR = <\fIdevice\fR> (/dev/tap0) The ethertap device to use. Note that you can only use one device per daemon. The info pages of the tinc package contain more information -about configuring an ethertap device for linux. +about configuring an ethertap device for Linux. .TP -\fBNetMask = \fImask\fR +\fBTCPonly\fR = <\fIyes|no\fR> (no, experimental) +If this variable is set to yes, then the packets are tunnelled over a TCP +connection instead of a UDP connection. This is especially useful for those +who want to run a tinc daemon from behind a masquerading firewall, or if +UDP packet routing is disabled somehow. This is experimental code, +try this at your own risk. +.TP +\fBVpnMask\fR = <\fImask\fR> (optional) The mask that defines the scope of the entire VPN. This option is not used by the tinc daemon itself, but can be used by startup scripts to configure the ethertap devices correctly. From 47992fe59f4c1b4116e4872d59251b143edc6763 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Mon, 21 Aug 2000 20:35:47 +0000 Subject: [PATCH 066/923] Added a rule to create an rpm --- Makefile.am | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Makefile.am b/Makefile.am index 8ecab330..fd11ce57 100644 --- a/Makefile.am +++ b/Makefile.am @@ -25,3 +25,9 @@ cvs-clean: maintainer-clean deb: dpkg-buildpackage -rfakeroot + +rpm: dist + cp $(distdir).tar.gz /usr/src/redhat/SOURCES/ + cp redhat/tinc.spec /usr/src/redhat/SOURCES/ + cd /usr/src/redhat/SOURCES/ + rpm -bi tinc.spec From 39e159fbe6bbffb3229542258f956fc412bd871c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 22 Aug 2000 14:55:04 +0000 Subject: [PATCH 067/923] Fix rules (thanks to Laurence) --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 91c6ac63..397e998b 100644 --- a/debian/rules +++ b/debian/rules @@ -32,7 +32,7 @@ install: build dh_clean -k dh_installdirs - $(MAKE) install DESTDIR=`pwd`/debian/tmp/usr + $(MAKE) install DESTDIR=`pwd`/debian/tmp mkdir -p `pwd`/debian/tmp/etc/tinc/example cp doc/tinc.conf.sample `pwd`/debian/tmp/etc/tinc/example/tinc.conf ln -s /usr/share/doc/tinc/README.Debian `pwd`/debian/tmp/etc/tinc/example/README From 66e535a729dd5a9e45600ab74dc19c2b4062ee96 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 27 Aug 2000 11:05:47 +0000 Subject: [PATCH 068/923] Changed CVSROOT path in `make ChangeLog' --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index fd11ce57..0a91b08c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -16,7 +16,7 @@ ChangeLog: rm -f ChangeLog rcs2log -u "zarq Ivo Timmermans itimmermans@bigfoot.com" \ -u "guus Guus Sliepen guus@sliepen.warande.net" | \ - sed -e 's,/home/CVS/tinc/cabal/,,g' > $@ + sed -e 's,/home/CVS/tinc/,,g' > $@ cvs-clean: maintainer-clean for f in $(CVS_CREATED) `find -name Makefile.in` ; do\ From 4dde583bc91985c3ff19ac1d1f1bc791b50658ff Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 6 Sep 2000 11:49:05 +0000 Subject: [PATCH 069/923] - Use strerror() instead of sys_errlist[] for increased portability (Needed for SunOS) --- src/conf.c | 4 ++-- src/net.c | 20 ++++++++++---------- src/netutl.c | 5 +++-- src/tincd.c | 9 +++++---- 4 files changed, 20 insertions(+), 18 deletions(-) diff --git a/src/conf.c b/src/conf.c index bfa0fee1..deb2e4a9 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.8 2000/08/09 14:02:15 guus Exp $ + $Id: conf.c,v 1.9.4.9 2000/09/06 11:49:03 guus Exp $ */ @@ -214,7 +214,7 @@ read_config_file(const char *fname) cp if((fp = fopen (fname, "r")) == NULL) { - fprintf(stderr, _("Could not open %s: %s\n"), fname, sys_errlist[errno]); + fprintf(stderr, _("Could not open %s: %s\n"), fname, strerror(errno)); return 1; } diff --git a/src/net.c b/src/net.c index 7d780608..72c1b5e1 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.26 2000/08/09 14:02:16 guus Exp $ + $Id: net.c,v 1.35.4.27 2000/09/06 11:49:03 guus Exp $ */ #include "config.h" @@ -934,7 +934,7 @@ cp if(x) { syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"), - cl->vpn_hostname, cl->real_hostname, sys_errlist[x]); + cl->vpn_hostname, cl->real_hostname, strerror(x)); return -1; } @@ -1132,13 +1132,7 @@ cp if(x) { syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), - cl->vpn_hostname, cl->real_hostname, sys_errlist[x]); - return -1; - } - - if(cl->buflen >= MAXBUFSIZE) - { - syslog(LOG_ERR, _("Metadata read buffer overflow!")); + cl->vpn_hostname, cl->real_hostname, strerror(x)); return -1; } @@ -1233,6 +1227,12 @@ cp } } + if(cl->buflen >= MAXBUFSIZE) + { + syslog(LOG_ERR, _("Metadata read buffer overflow!")); + return -1; + } + cl->last_ping_time = time(NULL); cl->want_ping = 0; cp @@ -1264,7 +1264,7 @@ cp */ getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l); syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"), - p->vpn_hostname, p->real_hostname, sys_errlist[x]); + p->vpn_hostname, p->real_hostname, strerror(x)); terminate_connection(p); return; } diff --git a/src/netutl.c b/src/netutl.c index f3ef1341..d0ac628a 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.7 2000/08/17 16:51:07 guus Exp $ + $Id: netutl.c,v 1.12.4.8 2000/09/06 11:49:05 guus Exp $ */ #include "config.h" @@ -33,6 +33,7 @@ #include #include +#include "errno.h" #include "conf.h" #include "encr.h" #include "net.h" @@ -217,7 +218,7 @@ cp if(!(h = gethostbyname(p))) { - fprintf(stderr, _("Error looking up `%s': %s\n"), p, sys_errlist[h_errno]); + fprintf(stderr, _("Error looking up `%s': %s\n"), p, strerror(errno)); return NULL; } diff --git a/src/tincd.c b/src/tincd.c index 0e0bc158..fcd70522 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.8 2000/08/17 16:51:08 guus Exp $ + $Id: tincd.c,v 1.10.4.9 2000/09/06 11:49:05 guus Exp $ */ #include "config.h" @@ -30,6 +30,7 @@ #include #include #include +#include #ifdef HAVE_SYS_IOCTL_H # include @@ -454,10 +455,10 @@ RETSIGTYPE sighuh(int a) { if(cp_file) - syslog(LOG_NOTICE, _("Got unexpected signal %d after %s line %d"), - a, cp_file, cp_line); + syslog(LOG_NOTICE, _("Got unexpected %s after %s line %d"), + strsignal(a), cp_file, cp_line); else - syslog(LOG_NOTICE, _("Got unexpected signal %d"), a); + syslog(LOG_NOTICE, _("Got unexpected %s"), strsignal(a)); } void From ae17572e6b94c6e7a2123ddeb45bf66d389ac7a0 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 10 Sep 2000 15:05:45 +0000 Subject: [PATCH 070/923] Link with OpenSSL crypto libraries instead of own blowfish library --- cipher/Makefile.am | 2 - cipher/blowfish/COPYRIGHT | 46 ----- cipher/blowfish/INSTALL | 14 -- cipher/blowfish/Makefile.am | 14 -- cipher/blowfish/README | 12 -- cipher/blowfish/bf_cbc.c | 148 ---------------- cipher/blowfish/bf_cfb64.c | 127 -------------- cipher/blowfish/bf_ecb.c | 95 ----------- cipher/blowfish/bf_enc.c | 140 ---------------- cipher/blowfish/bf_locl.h | 215 ------------------------ cipher/blowfish/bf_ofb64.c | 115 ------------- cipher/blowfish/bf_pi.h | 325 ------------------------------------ cipher/blowfish/bf_skey.c | 119 ------------- cipher/blowfish/blowfish.h | 114 ------------- cipher/cipher.c | 17 +- configure.in | 19 ++- 16 files changed, 20 insertions(+), 1502 deletions(-) delete mode 100644 cipher/blowfish/COPYRIGHT delete mode 100644 cipher/blowfish/INSTALL delete mode 100644 cipher/blowfish/Makefile.am delete mode 100644 cipher/blowfish/README delete mode 100644 cipher/blowfish/bf_cbc.c delete mode 100644 cipher/blowfish/bf_cfb64.c delete mode 100644 cipher/blowfish/bf_ecb.c delete mode 100644 cipher/blowfish/bf_enc.c delete mode 100644 cipher/blowfish/bf_locl.h delete mode 100644 cipher/blowfish/bf_ofb64.c delete mode 100644 cipher/blowfish/bf_pi.h delete mode 100644 cipher/blowfish/bf_skey.c delete mode 100644 cipher/blowfish/blowfish.h diff --git a/cipher/Makefile.am b/cipher/Makefile.am index 1f7ac299..c0e6e0d3 100644 --- a/cipher/Makefile.am +++ b/cipher/Makefile.am @@ -1,7 +1,5 @@ ## Process this file with automake to get Makefile.in -SUBDIRS = blowfish - noinst_LTLIBRARIES = libcipher.la INCLUDES = -I. -I$(top_builddir) -I$(top_srcdir)/src diff --git a/cipher/blowfish/COPYRIGHT b/cipher/blowfish/COPYRIGHT deleted file mode 100644 index 155c475d..00000000 --- a/cipher/blowfish/COPYRIGHT +++ /dev/null @@ -1,46 +0,0 @@ -Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) -All rights reserved. - -This package is an Blowfish implementation written -by Eric Young (eay@mincom.oz.au). - -This library is free for commercial and non-commercial use as long as -the following conditions are aheared to. The following conditions -apply to all code found in this distribution. - -Copyright remains Eric Young's, and as such any Copyright notices in -the code are not to be removed. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - This product includes software developed by Eric Young (eay@mincom.oz.au) - -THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -The license and distribution terms for any publically available version or -derivative of this code cannot be changed. i.e. this code cannot simply be -copied and put under another distrubution license -[including the GNU Public License.] - -The reason behind this being stated in this direct manner is past -experience in code simply being copied and the attribution removed -from it and then being distributed as part of other packages. This -implementation was a non-trivial and unpaid effort. diff --git a/cipher/blowfish/INSTALL b/cipher/blowfish/INSTALL deleted file mode 100644 index ec35edb9..00000000 --- a/cipher/blowfish/INSTALL +++ /dev/null @@ -1,14 +0,0 @@ -This Eric Young's blowfish implementation, taken from his SSLeay library -and made available as a separate library. - -The version number (0.7.2m) is the SSLeay version that this library was -taken from. - -To build, just unpack and type make. -If you are not using gcc, edit the Makefile. -If you are compiling for an x86 box, try the assembler (it needs improving). -There are also some compile time options that can improve performance, -these are documented in the Makefile. - -eric 15-Apr-1997 - diff --git a/cipher/blowfish/Makefile.am b/cipher/blowfish/Makefile.am deleted file mode 100644 index 5f270cf3..00000000 --- a/cipher/blowfish/Makefile.am +++ /dev/null @@ -1,14 +0,0 @@ -## Process this file with automake to produce Makefile.in - -pkglib_LTLIBRARIES = libblowfish.la - -INCLUDES = -I.. -I$(srcdir) - -libblowfish_la_SOURCES = bf_skey.c bf_ecb.c bf_enc.c bf_cbc.c \ -bf_cfb64.c bf_ofb64.c - -libblowfish_la_LDFLAGS = -version-info 0:1:0 -export-dynamic - -noinst_HEADERS = bf_locl.h blowfish.h bf_pi.h - -EXTRA_DIST = COPYRIGHT README \ No newline at end of file diff --git a/cipher/blowfish/README b/cipher/blowfish/README deleted file mode 100644 index c08c1266..00000000 --- a/cipher/blowfish/README +++ /dev/null @@ -1,12 +0,0 @@ -This comes straight from the libbf package. What follows is the -original README. The copyright for these files is in the COPYRIGHT -file. -- IT. - -This is a quick packaging up of my blowfish code into a library. -It has been lifted from SSLeay. -The copyright notices seem a little harsh because I have not spent the -time to rewrite the conditions from the normal SSLeay ones. - -Basically if you just want to play with the library, not a problem. - -eric 15-Apr-1997 diff --git a/cipher/blowfish/bf_cbc.c b/cipher/blowfish/bf_cbc.c deleted file mode 100644 index 6a7305a7..00000000 --- a/cipher/blowfish/bf_cbc.c +++ /dev/null @@ -1,148 +0,0 @@ -/* crypto/bf/bf_cbc.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@mincom.oz.au). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@mincom.oz.au). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@mincom.oz.au)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "blowfish.h" -#include "bf_locl.h" - -void BF_cbc_encrypt(in, out, length, ks, iv, encrypt) -unsigned char *in; -unsigned char *out; -long length; -BF_KEY *ks; -unsigned char *iv; -int encrypt; - { - register BF_LONG tin0,tin1; - register BF_LONG tout0,tout1,xor0,xor1; - register long l=length; - BF_LONG tin[2]; - - if (encrypt) - { - n2l(iv,tout0); - n2l(iv,tout1); - iv-=8; - for (l-=8; l>=0; l-=8) - { - n2l(in,tin0); - n2l(in,tin1); - tin0^=tout0; - tin1^=tout1; - tin[0]=tin0; - tin[1]=tin1; - BF_encrypt(tin,ks,BF_ENCRYPT); - tout0=tin[0]; - tout1=tin[1]; - l2n(tout0,out); - l2n(tout1,out); - } - if (l != -8) - { - n2ln(in,tin0,tin1,l+8); - tin0^=tout0; - tin1^=tout1; - tin[0]=tin0; - tin[1]=tin1; - BF_encrypt(tin,ks,BF_ENCRYPT); - tout0=tin[0]; - tout1=tin[1]; - l2n(tout0,out); - l2n(tout1,out); - } - l2n(tout0,iv); - l2n(tout1,iv); - } - else - { - n2l(iv,xor0); - n2l(iv,xor1); - iv-=8; - for (l-=8; l>=0; l-=8) - { - n2l(in,tin0); - n2l(in,tin1); - tin[0]=tin0; - tin[1]=tin1; - BF_encrypt(tin,ks,BF_DECRYPT); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2n(tout0,out); - l2n(tout1,out); - xor0=tin0; - xor1=tin1; - } - if (l != -8) - { - n2l(in,tin0); - n2l(in,tin1); - tin[0]=tin0; - tin[1]=tin1; - BF_encrypt(tin,ks,BF_DECRYPT); - tout0=tin[0]^xor0; - tout1=tin[1]^xor1; - l2nn(tout0,tout1,out,l+8); - xor0=tin0; - xor1=tin1; - } - l2n(xor0,iv); - l2n(xor1,iv); - } - tin0=tin1=tout0=tout1=xor0=xor1=0; - tin[0]=tin[1]=0; - } - diff --git a/cipher/blowfish/bf_cfb64.c b/cipher/blowfish/bf_cfb64.c deleted file mode 100644 index b2e44c36..00000000 --- a/cipher/blowfish/bf_cfb64.c +++ /dev/null @@ -1,127 +0,0 @@ -/* crypto/bf/bf_cfb64.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@mincom.oz.au). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@mincom.oz.au). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@mincom.oz.au)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "blowfish.h" -#include "bf_locl.h" - -/* The input and output encrypted as though 64bit cfb mode is being - * used. The extra state information to record how much of the - * 64bit block we have used is contained in *num; - */ - -void BF_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt) -unsigned char *in; -unsigned char *out; -long length; -BF_KEY *schedule; -unsigned char *ivec; -int *num; -int encrypt; - { - register BF_LONG v0,v1,t; - register int n= *num; - register long l=length; - BF_LONG ti[2]; - unsigned char *iv,c,cc; - - iv=(unsigned char *)ivec; - if (encrypt) - { - while (l--) - { - if (n == 0) - { - n2l(iv,v0); ti[0]=v0; - n2l(iv,v1); ti[1]=v1; - BF_encrypt((unsigned long *)ti,schedule,BF_ENCRYPT); - iv=(unsigned char *)ivec; - t=ti[0]; l2n(t,iv); - t=ti[1]; l2n(t,iv); - iv=(unsigned char *)ivec; - } - c= *(in++)^iv[n]; - *(out++)=c; - iv[n]=c; - n=(n+1)&0x07; - } - } - else - { - while (l--) - { - if (n == 0) - { - n2l(iv,v0); ti[0]=v0; - n2l(iv,v1); ti[1]=v1; - BF_encrypt((unsigned long *)ti,schedule,BF_ENCRYPT); - iv=(unsigned char *)ivec; - t=ti[0]; l2n(t,iv); - t=ti[1]; l2n(t,iv); - iv=(unsigned char *)ivec; - } - cc= *(in++); - c=iv[n]; - iv[n]=cc; - *(out++)=c^cc; - n=(n+1)&0x07; - } - } - v0=v1=ti[0]=ti[1]=t=c=cc=0; - *num=n; - } - diff --git a/cipher/blowfish/bf_ecb.c b/cipher/blowfish/bf_ecb.c deleted file mode 100644 index e8d1822a..00000000 --- a/cipher/blowfish/bf_ecb.c +++ /dev/null @@ -1,95 +0,0 @@ -/* crypto/bf/bf_ecb.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@mincom.oz.au). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@mincom.oz.au). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@mincom.oz.au)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "blowfish.h" -#include "bf_locl.h" - -/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' - * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, - * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) - */ - -char *BF_version="BlowFish part of SSLeay 0.7.0 30-Jan-1997"; - -char *BF_options() - { -#ifdef BF_PTR - return("blowfish(ptr)"); -#elif defined(BF_PTR2) - return("blowfish(ptr2)"); -#else - return("blowfish(idx)"); -#endif - } - -void BF_ecb_encrypt(in, out, ks, encrypt) -unsigned char *in; -unsigned char *out; -BF_KEY *ks; -int encrypt; - { - BF_LONG l,d[2]; - - n2l(in,l); d[0]=l; - n2l(in,l); d[1]=l; - BF_encrypt(d,ks,encrypt); - l=d[0]; l2n(l,out); - l=d[1]; l2n(l,out); - l=d[0]=d[1]=0; - } - diff --git a/cipher/blowfish/bf_enc.c b/cipher/blowfish/bf_enc.c deleted file mode 100644 index e6d18aa3..00000000 --- a/cipher/blowfish/bf_enc.c +++ /dev/null @@ -1,140 +0,0 @@ -/* crypto/bf/bf_enc.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@mincom.oz.au). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@mincom.oz.au). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@mincom.oz.au)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "blowfish.h" -#include "bf_locl.h" - -/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' - * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, - * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) - */ - -#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20) -If you set BF_ROUNDS to some value other than 16 or 20, you will have -to modify the code. -#endif - -void BF_encrypt(data,key,encrypt) -BF_LONG *data; -BF_KEY *key; -int encrypt; - { - register BF_LONG l,r,*p,*s; - - p=key->P; - s= &(key->S[0]); - l=data[0]; - r=data[1]; - - if (encrypt) - { - l^=p[0]; - BF_ENC(r,l,s,p[ 1]); - BF_ENC(l,r,s,p[ 2]); - BF_ENC(r,l,s,p[ 3]); - BF_ENC(l,r,s,p[ 4]); - BF_ENC(r,l,s,p[ 5]); - BF_ENC(l,r,s,p[ 6]); - BF_ENC(r,l,s,p[ 7]); - BF_ENC(l,r,s,p[ 8]); - BF_ENC(r,l,s,p[ 9]); - BF_ENC(l,r,s,p[10]); - BF_ENC(r,l,s,p[11]); - BF_ENC(l,r,s,p[12]); - BF_ENC(r,l,s,p[13]); - BF_ENC(l,r,s,p[14]); - BF_ENC(r,l,s,p[15]); - BF_ENC(l,r,s,p[16]); -#if BF_ROUNDS == 20 - BF_ENC(r,l,s,p[17]); - BF_ENC(l,r,s,p[18]); - BF_ENC(r,l,s,p[19]); - BF_ENC(l,r,s,p[20]); -#endif - r^=p[BF_ROUNDS+1]; - } - else - { - l^=p[BF_ROUNDS+1]; -#if BF_ROUNDS == 20 - BF_ENC(r,l,s,p[20]); - BF_ENC(l,r,s,p[19]); - BF_ENC(r,l,s,p[18]); - BF_ENC(l,r,s,p[17]); -#endif - BF_ENC(r,l,s,p[16]); - BF_ENC(l,r,s,p[15]); - BF_ENC(r,l,s,p[14]); - BF_ENC(l,r,s,p[13]); - BF_ENC(r,l,s,p[12]); - BF_ENC(l,r,s,p[11]); - BF_ENC(r,l,s,p[10]); - BF_ENC(l,r,s,p[ 9]); - BF_ENC(r,l,s,p[ 8]); - BF_ENC(l,r,s,p[ 7]); - BF_ENC(r,l,s,p[ 6]); - BF_ENC(l,r,s,p[ 5]); - BF_ENC(r,l,s,p[ 4]); - BF_ENC(l,r,s,p[ 3]); - BF_ENC(r,l,s,p[ 2]); - BF_ENC(l,r,s,p[ 1]); - r^=p[0]; - } - data[1]=l&0xffffffff; - data[0]=r&0xffffffff; - } diff --git a/cipher/blowfish/bf_locl.h b/cipher/blowfish/bf_locl.h deleted file mode 100644 index 428ea0e9..00000000 --- a/cipher/blowfish/bf_locl.h +++ /dev/null @@ -1,215 +0,0 @@ -/* crypto/bf/bf_local.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@mincom.oz.au). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@mincom.oz.au). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@mincom.oz.au)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - * - * Always modify bf_locl.org since bf_locl.h is automatically generated from - * it during SSLeay configuration. - * - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - */ - -#undef c2l -#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) - -/* NOTE - c is not incremented as per c2l */ -#undef c2ln -#define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24L; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16L; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24L; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16L; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -#undef l2c -#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) - -/* NOTE - c is not incremented as per l2c */ -#undef l2cn -#define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -/* NOTE - c is not incremented as per n2l */ -#define n2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c)))) ; \ - case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ - case 6: l2|=((unsigned long)(*(--(c))))<<16; \ - case 5: l2|=((unsigned long)(*(--(c))))<<24; \ - case 4: l1 =((unsigned long)(*(--(c)))) ; \ - case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ - case 2: l1|=((unsigned long)(*(--(c))))<<16; \ - case 1: l1|=((unsigned long)(*(--(c))))<<24; \ - } \ - } - -/* NOTE - c is not incremented as per l2n */ -#define l2nn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - } \ - } - -#undef n2l -#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))) - -#undef l2n -#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - -/* This is actually a big endian algorithm, the most significate byte - * is used to lookup array 0 */ - -/* use BF_PTR2 for intel boxes, - * BF_PTR for sparc and MIPS/SGI - * use nothing for Alpha and HP. - */ -#if !defined(BF_PTR) && !defined(BF_PTR2) -#undef BF_PTR -#endif - -#define BF_M 0x3fc -#define BF_0 22L -#define BF_1 14L -#define BF_2 6L -#define BF_3 2L /* left shift */ - -#if defined(BF_PTR2) - -/* This is basically a special pentium verson */ -#define BF_ENC(LL,R,S,P) \ - { \ - BF_LONG t,u,v; \ - u=R>>BF_0; \ - v=R>>BF_1; \ - u&=BF_M; \ - v&=BF_M; \ - t= *(BF_LONG *)((unsigned char *)&(S[ 0])+u); \ - u=R>>BF_2; \ - t+= *(BF_LONG *)((unsigned char *)&(S[256])+v); \ - v=R<>BF_0)&BF_M))+ \ - *(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \ - *(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \ - *(BF_LONG *)((unsigned char *)&(S[768])+((R<>24L) ] + \ - S[0x0100+((R>>16L)&0xff)])^ \ - S[0x0200+((R>> 8L)&0xff)])+ \ - S[0x0300+((R )&0xff)])&0xffffffff; -#endif diff --git a/cipher/blowfish/bf_ofb64.c b/cipher/blowfish/bf_ofb64.c deleted file mode 100644 index 308a5baf..00000000 --- a/cipher/blowfish/bf_ofb64.c +++ /dev/null @@ -1,115 +0,0 @@ -/* crypto/bf/bf_ofb64.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@mincom.oz.au). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@mincom.oz.au). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@mincom.oz.au)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "blowfish.h" -#include "bf_locl.h" - -/* The input and output encrypted as though 64bit ofb mode is being - * used. The extra state information to record how much of the - * 64bit block we have used is contained in *num; - */ -void BF_ofb64_encrypt(in, out, length, schedule, ivec, num) -unsigned char *in; -unsigned char *out; -long length; -BF_KEY *schedule; -unsigned char *ivec; -int *num; - { - register unsigned long v0,v1,t; - register int n= *num; - register long l=length; - unsigned char d[8]; - register char *dp; - unsigned long ti[2]; - unsigned char *iv; - int save=0; - - iv=(unsigned char *)ivec; - n2l(iv,v0); - n2l(iv,v1); - ti[0]=v0; - ti[1]=v1; - dp=(char *)d; - l2n(v0,dp); - l2n(v1,dp); - while (l--) - { - if (n == 0) - { - BF_encrypt((unsigned long *)ti,schedule,BF_ENCRYPT); - dp=(char *)d; - t=ti[0]; l2n(t,dp); - t=ti[1]; l2n(t,dp); - save++; - } - *(out++)= *(in++)^d[n]; - n=(n+1)&0x07; - } - if (save) - { - v0=ti[0]; - v1=ti[1]; - iv=(unsigned char *)ivec; - l2n(v0,iv); - l2n(v1,iv); - } - t=v0=v1=ti[0]=ti[1]=0; - *num=n; - } - diff --git a/cipher/blowfish/bf_pi.h b/cipher/blowfish/bf_pi.h deleted file mode 100644 index b934f490..00000000 --- a/cipher/blowfish/bf_pi.h +++ /dev/null @@ -1,325 +0,0 @@ -/* crypto/bf/bf_pi.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@mincom.oz.au). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@mincom.oz.au). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@mincom.oz.au)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -static BF_KEY bf_init= { - { - 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, - 0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, - 0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL, - 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L, - 0x9216d5d9L, 0x8979fb1b - },{ - 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, - 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, - 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L, - 0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL, - 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL, - 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, - 0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL, - 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL, - 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L, - 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L, - 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, - 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, - 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL, - 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L, - 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L, - 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, - 0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L, - 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L, - 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL, - 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L, - 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, - 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, - 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L, - 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL, - 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L, - 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, - 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, - 0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L, - 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL, - 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L, - 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, - 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, - 0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L, - 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL, - 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L, - 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, - 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, - 0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L, - 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL, - 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L, - 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, - 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, - 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L, - 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L, - 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L, - 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, - 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, - 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL, - 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL, - 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L, - 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, - 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, - 0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L, - 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL, - 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L, - 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, - 0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, - 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L, - 0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L, - 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L, - 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, - 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, - 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L, - 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL, - 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L, - 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, - 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, - 0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL, - 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L, - 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L, - 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, - 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, - 0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L, - 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L, - 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL, - 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, - 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L, - 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L, - 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L, - 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L, - 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, - 0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL, - 0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL, - 0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L, - 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL, - 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, - 0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, - 0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL, - 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL, - 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L, - 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, - 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, - 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL, - 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL, - 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L, - 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, - 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, - 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L, - 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L, - 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L, - 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, - 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, - 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L, - 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL, - 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L, - 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, - 0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L, - 0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L, - 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L, - 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L, - 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, - 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, - 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L, - 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L, - 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L, - 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, - 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, - 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L, - 0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L, - 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L, - 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, - 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, - 0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L, - 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL, - 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L, - 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, - 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, - 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L, - 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L, - 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L, - 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, - 0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L, - 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L, - 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L, - 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL, - 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, - 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, - 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L, - 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L, - 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL, - 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, - 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, - 0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L, - 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL, - 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L, - 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, - 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L, - 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL, - 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L, - 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L, - 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, - 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, - 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L, - 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L, - 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L, - 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, - 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, - 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL, - 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L, - 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL, - 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, - 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, - 0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL, - 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL, - 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L, - 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, - 0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, - 0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL, - 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL, - 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL, - 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, - 0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L, - 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L, - 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L, - 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L, - 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, - 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, - 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L, - 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L, - 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L, - 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, - 0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, - 0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L, - 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L, - 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L, - 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, - 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, - 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL, - 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L, - 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL, - 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, - 0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L, - 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL, - 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL, - 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL, - 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, - 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, - 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L, - 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L, - 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L, - 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, - 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, - 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L, - 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L, - 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L, - 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, - 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, - 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL, - 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL, - 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L, - 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, - 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, - 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL, - 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L, - 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL, - 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, - 0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L, - 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L, - 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L, - 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L, - 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, - 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, - 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L, - 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L, - 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L, - 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, - 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, - 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L, - 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L, - 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL, - 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, - 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, - 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L, - 0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL, - 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL, - 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, - 0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, - 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L, - 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L, - 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL, - 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, - 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, - 0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL, - 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L, - 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L, - 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, - 0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L, - 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL, - 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L, - 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL, - 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, - 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L, - 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL, - 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L, - 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL, - 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L, - } - }; - diff --git a/cipher/blowfish/bf_skey.c b/cipher/blowfish/bf_skey.c deleted file mode 100644 index e01718c1..00000000 --- a/cipher/blowfish/bf_skey.c +++ /dev/null @@ -1,119 +0,0 @@ -/* crypto/bf/bf_skey.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@mincom.oz.au). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@mincom.oz.au). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@mincom.oz.au)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "blowfish.h" -#include "bf_locl.h" -#include "bf_pi.h" - -void BF_set_key(key,len,data) -BF_KEY *key; -int len; -unsigned char *data; - { - int i; - BF_LONG *p,ri,in[2]; - unsigned char *d,*end; - - - memcpy((char *)key,(char *)&bf_init,sizeof(BF_KEY)); - p=key->P; - - if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4; - - d=data; - end= &(data[len]); - for (i=0; i<(BF_ROUNDS+2); i++) - { - ri= *(d++); - if (d >= end) d=data; - - ri<<=8; - ri|= *(d++); - if (d >= end) d=data; - - ri<<=8; - ri|= *(d++); - if (d >= end) d=data; - - ri<<=8; - ri|= *(d++); - if (d >= end) d=data; - - p[i]^=ri; - } - - in[0]=0L; - in[1]=0L; - for (i=0; i<(BF_ROUNDS+2); i+=2) - { - BF_encrypt(in,key,BF_ENCRYPT); - p[i ]=in[0]; - p[i+1]=in[1]; - } - - p=key->S; - for (i=0; i<4*256; i+=2) - { - BF_encrypt(in,key,BF_ENCRYPT); - p[i ]=in[0]; - p[i+1]=in[1]; - } - } - diff --git a/cipher/blowfish/blowfish.h b/cipher/blowfish/blowfish.h deleted file mode 100644 index 24c75f0f..00000000 --- a/cipher/blowfish/blowfish.h +++ /dev/null @@ -1,114 +0,0 @@ -/* crypto/bf/blowfish.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@mincom.oz.au). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@mincom.oz.au). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@mincom.oz.au)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@mincom.oz.au)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_BLOWFISH_H -#define HEADER_BLOWFISH_H - -#ifdef __cplusplus -extern "C" { -#endif - -#define BF_ENCRYPT 1 -#define BF_DECRYPT 0 - -/* If you make this 'unsigned int' the pointer variants will work on - * the Alpha, otherwise they will not. Strangly using the '8 byte' - * BF_LONG and the default 'non-pointer' inner loop is the best configuration - * for the Alpha */ -#define BF_LONG unsigned long - -#define BF_ROUNDS 16 -#define BF_BLOCK 8 - -typedef struct bf_key_st - { - BF_LONG P[BF_ROUNDS+2]; - BF_LONG S[4*256]; - } BF_KEY; - -#ifndef NOPROTO - -void BF_set_key(BF_KEY *key, int len, unsigned char *data); -void BF_ecb_encrypt(unsigned char *in,unsigned char *out,BF_KEY *key, - int encrypt); -void BF_encrypt(BF_LONG *data,BF_KEY *key,int encrypt); -void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length, - BF_KEY *ks, unsigned char *iv, int encrypt); -void BF_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, - BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt); -void BF_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, - BF_KEY *schedule, unsigned char *ivec, int *num); -char *BF_options(void); - -#else - -void BF_set_key(); -void BF_ecb_encrypt(); -void BF_encrypt(); -void BF_cbc_encrypt(); -void BF_cfb64_encrypt(); -void BF_ofb64_encrypt(); -char *BF_options(); - -#endif - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/cipher/cipher.c b/cipher/cipher.c index c504b7e7..3f8593d3 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -1,6 +1,6 @@ /* cipher.c -- wrapper functions for encryption algorithms - Copyright (C) 1999,2000 Ivo Timmermans + Copyright (C) 1999,2000 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -88,19 +88,8 @@ int cipher_init(int which) void *dlhandle; char *error; - if((dlhandle = dlopen(PKGLIBDIR "libblowfish.so.0", RTLD_LAZY)) == NULL) - { - syslog(LOG_ERR, "%s: %m", PKGLIBDIR "libblowfish.so.0"); - return -1; - } - - blowfish_cfb64_encrypt = dlsym(dlhandle, "BF_cfb64_encrypt"); - if((error = dlerror()) != NULL) - { - syslog(LOG_ERR, "%s", error); - return -1; - } - blowfish_set_key = dlsym(dlhandle, "BF_set_key"); + blowfish_cfb64_encrypt = BF_cfb64_encrypt; + blowfish_set_key = BF_set_key; return 0; } diff --git a/configure.in b/configure.in index 29b711e9..79899d70 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.2 2000/07/02 12:41:03 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.3 2000/09/10 15:05:44 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre3) @@ -79,6 +79,21 @@ AC_CHECK_LIB(dl, dlopen, [ LIBS="$LIBS -ldl" ]) + +dnl Crypto stuff + +libcrypto=none +AC_CHECK_LIB(crypto, SHA1_version, [ + libcrypto=yes +]) + +if test $libcrypto = none; then + AC_MSG_ERROR(It seems like OpenSSL is not installed on this system.) +else + LIBS="$LIBS -lcrypto" +fi + + AC_OUTPUT([Makefile src/Makefile cipher/Makefile -cipher/blowfish/Makefile doc/Makefile intl/Makefile lib/Makefile +doc/Makefile intl/Makefile lib/Makefile m4/Makefile po/Makefile.in redhat/Makefile debian/Makefile]) From 45ea3ca432a031ff1b8072d934709aadaae12534 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 10 Sep 2000 15:07:41 +0000 Subject: [PATCH 071/923] Updated text, removed protocol flowchart --- doc/PROTOCOL | 147 ++++++++++++++++++++++++++------------------------- 1 file changed, 74 insertions(+), 73 deletions(-) diff --git a/doc/PROTOCOL b/doc/PROTOCOL index 6b8f9fac..8d7007a4 100644 --- a/doc/PROTOCOL +++ b/doc/PROTOCOL @@ -1,96 +1,97 @@ This is the protocol documentation for tinc, a Virtual Private Network daemon. - Copyright 2000 Guus Sliepen + Copyright 2000 Guus Sliepen , + 2000 Ivo Timmmermans Permission is granted to make and distribute verbatim copies of - this documentation provided the copyright notice and this permission - notice are preserved on all copies. + this documentation provided the copyright notice and this + permission notice are preserved on all copies. - Permission is granted to copy and distribute modified versions - of this documentation under the conditions for verbatim copying, provided - that the entire resulting derived work is distributed under - the terms of a permission notice identical to this one. + Permission is granted to copy and distribute modified versions of + this documentation under the conditions for verbatim copying, + provided that the entire resulting derived work is distributed + under the terms of a permission notice identical to this one. - $Id: PROTOCOL,v 1.1.2.2 2000/07/01 14:32:24 guus Exp $ + $Id: PROTOCOL,v 1.1.2.3 2000/09/10 15:07:41 zarq Exp $ -1. Protocols used in tinc +1. Protocols used in tinc ------------------------- -Tinc uses several protocols to function correctly. To enter the network of tinc -daemons that make up the virtual private network, tinc makes TCP connections to -other tinc daemons. It uses the "meta protocol" for these connections. To -exchange packets on the virtual network, UDP connections are made and the -"packet protocol" is used. Tinc also needs to exchange network packets with the -kernel. This is done using the ethertap device in Linux. Also planned is a -generic PPP interface, because it is supported on virtually all UNIX flavours. -The protocols for those interfaces will not be described in this document. +tinc uses several protocols to function correctly. To enter the +network of tinc daemons that make up the virtual private network, tinc +makes TCP connections to other tinc daemons. It uses the "meta +protocol" for these connections. To exchange packets on the virtual +network, UDP connections are made and the "packet protocol" is used. +Tinc also needs to exchange network packets with the kernel. This is +done using the ethertap device in Linux. Also planned is a generic +PPP interface, because it is supported on virtually all UNIX flavours. +The protocols for those interfaces will not be described in this +document. -2. Packet protocol +2. Packet protocol ------------------ -See net.h for now. +Normal packets are sent without any state information, so the layout +is pretty basic. An exception to this are the connections which only +use TCP (configured with the directive `TCPonly=yes'). An explanation +of this type of packet is given in the next chapter, when we explain +the meta protocol. -3. Meta protocol +A data packet can only be sent if the encryption key is known to both +parties, and the connection is activated. Normally, tinc opens a UDP +connection when it receives an acknowledgement that the newly set up +connection is properly initiated, and has been verified. + + 0 1 2 3 +| SOURCE IP | +| SEQUENCE ID | +| LEN | DATA : \ +: DATA . } encrypted +. : / + . + + +3. Meta protocol ---------------- -The meta protocol is used to tie all tinc daemons together, and exchange -information about which tinc daemon serves which virtual subnet. +The meta protocol is used to tie all tinc daemons together, and +exchange information about which tinc daemon serves which virtual +subnet. -The meta protocol consists of requests that can be sent to the other side. Each -request has a unique number and several parameters. All requests are represented -in the standard ASCII character set. It is possible to use tools such as telnet -or netcat to connect to a tinc daemon and to read and write requests by hand, -provided that one understands the numeric codes sent. +The meta protocol consists of requests that can be sent to the other +side. Each request has a unique number and several parameters. All +requests are represented in the standard ASCII character set. It is +possible to use tools such as telnet or netcat to connect to a tinc +daemon and to read and write requests by hand, provided that one +understands the numeric codes sent. -When tinc daemons connect to each other, they will have to authenticate each -other first. This is done by exchanging BASIC_INFO, PASSPHRASE, PUBLIC_KEY and -ACK requests. BASIC_INFO requests contain the virtual address and netmask of the -tinc daemon, protocol version, port number and flags. This identifies that tinc -daemon, though it still has to be verified. To that end, passphrases and public -keys are exchanged. The passphrases are known at both ends, but they are -encrypted with the public key before transmission. This way, nobody that sniffs -the network can see what the passphrase actually was, and at the same time this -ensures that the other host really knows the secret key that belongs to the -public key it sends. If both hosts are satisfied, the connection is activated, -the contents of each other's connection lists are exchanged and other requests -may be sent. The following diagram shows how authentication is done: +When tinc daemons connect to each other, they will have to +authenticate each other first. This is done by exchanging BASIC_INFO, +PASSPHRASE, PUBLIC_KEY and ACK requests. BASIC_INFO requests contain +the virtual address and netmask of the tinc daemon, protocol version, +port number and flags. This identifies that tinc daemon, though it +still has to be verified. To that end, passphrases and public keys are +exchanged. The passphrases are known at both ends, but they are +encrypted with the public key before transmission. This way, nobody +that sniffs the network can see what the passphrase actually was, and +at the same time this ensures that the other host really knows the +secret key that belongs to the public key it sends. If both hosts are +satisfied, the connection is activated, the contents of each other's +connection lists are exchanged and other requests may be sent. The +following diagram shows how authentication is done: Client Server ---------------------------------------------------------------- -Connects to server: - Accepts connection. - Sends BASIC_INFO: -Verifies BASIC_INFO. -If server is already in -connection list, abort. -Else sends his own BASIC_INFO: - Verifies BASIC_INFO. - If client is alread in - connection list, remove - old entry. - Sends PASSPHRASE: -Receives and stores PASSPHRASE. -Sends his own PASSPHRASE: - Receives and stores PASSPHRASE. - Sends PUBLIC_KEY: -Verifies PUBLIC key and stored -PASSPHRASE. If wrong, abort. -Else sends his own PUBLIC_KEY: - Verifies PUBLIC key and stored - PASSPHRASE. If wrong, abort. - Else activates connection and - sends ACK and ADD_HOSTs for all - known hosts. -Receives ACK and activates -connection. -Sends ADD_HOSTs for all known -hosts. + + ---------------------------------------------------------------- -The client must never make a connection to a server that is already in it's -connection list. Not only would it corrupt the connection list, but it would -also violate the tree property. The meta connections must always be so that -there are no loops. This is very important, because certain requests are -broadcast over the entire network of tinc daemons. If there were loops, packets -would be sent infinitely. +The client must never make a connection to a server that is already in +it's connection list. Not only would it corrupt the connection list, +but it would also violate the tree property. The meta connections must +always be so that there are no loops. This is very important, because +certain requests are broadcast over the entire network of tinc +daemons. If there were loops in the network topology, some packets +would be forwarded in a ring until the end of times (or until the ring +breaks, which probably happens before time ends). From 14554e6f421e881b01be20879e9279545f375154 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 10 Sep 2000 15:15:38 +0000 Subject: [PATCH 072/923] Include openssl/blowfish.h --- cipher/cipher.c | 2 +- cipher/cipher.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cipher/cipher.c b/cipher/cipher.c index 3f8593d3..c9b7e3f5 100644 --- a/cipher/cipher.c +++ b/cipher/cipher.c @@ -25,7 +25,7 @@ #include -#include "blowfish/blowfish.h" +#include #include "net.h" diff --git a/cipher/cipher.h b/cipher/cipher.h index d5897e3d..460ce5c1 100644 --- a/cipher/cipher.h +++ b/cipher/cipher.h @@ -20,7 +20,7 @@ #ifndef __TINC_CIPHER_H__ #define __TINC_CIPHER_H__ -#include "blowfish/blowfish.h" +#include #include "net.h" enum { From 7884d3ecaf78006b3f288d99f10ef541fc97087e Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 10 Sep 2000 15:16:07 +0000 Subject: [PATCH 073/923] Support for -lsocket and -lnsl on SunOS --- configure.in | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/configure.in b/configure.in index 79899d70..a23f1a0e 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.3 2000/09/10 15:05:44 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.4 2000/09/10 15:16:07 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre3) @@ -94,6 +94,11 @@ else fi +dnl Support for SunOS + +AC_CHECK_LIB(socket, connect) +AC_CHECK_LIB(nsl, gethostbyname) + AC_OUTPUT([Makefile src/Makefile cipher/Makefile doc/Makefile intl/Makefile lib/Makefile m4/Makefile po/Makefile.in redhat/Makefile debian/Makefile]) From 28cc30159565a7eda4f66215a5994d84b46b47ad Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 10 Sep 2000 15:18:03 +0000 Subject: [PATCH 074/923] - New protocol. Will break everything else for now. --- src/protocol.c | 632 ++++++++++++++++++++++++++++--------------------- 1 file changed, 357 insertions(+), 275 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index d5bb6759..f1a9e49b 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.24 2000/08/08 17:07:48 guus Exp $ + $Id: protocol.c,v 1.28.4.25 2000/09/10 15:18:03 guus Exp $ */ #include "config.h" @@ -44,29 +44,359 @@ #include "system.h" -char buffer[MAXBUFSIZE+1]; -int buflen; +/* Generic outgoing request routine - takes care of logging and error detection as well */ -/* Outgoing request routines */ +int send_request(conn_list_t *cl, const char *format, int request, /*args*/ ...) +{ + va_list args; + char *buffer = NULL; +cp + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), requestname[request], cl->id, cl->hostname); + + va_start(args, format); + len = vasprintf(&buffer, format, args); + va_end(args); + + if(len < 0 || !buffer) + { + syslog(LOG_ERR, _("Error during vasprintf(): %m")); + return -1; + } + + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Sending meta data to %s (%s): %s"), cl->id, cl->hostname, buffer); + + if(cl->status.encryptout) + { + /* FIXME: Do encryption */ + } + + if((write(cl->meta_socket, buffer, buflen)) < 0) + { + syslog(LOG_ERR, _("Sending meta data failed: %m")); + return -1; + } +cp +} + +/* Connection protocol: + + Client Server + send_id(*) + send_challenge + send_chal_reply(*) + send_id + send_challenge + send_chal_reply + send_ack + send_ack + + (*) Unencrypted. +*/ + +int send_id(conn_list_t *cl) +{ +cp + return send_request(cl, "%d %s %d-%d %s", ID, myself->id, myself->min_version, myself->max_version, opt2str(myself->options)); +} + +int id_h(conn_list_t *cl) +{ + conn_list_t *old; + char *options; +cp + if(sscanf(cl->buffer, "%*d %as %d-%d %as", &cl->id, &cl->min_version, &cl->max_version, &options) != 4) + { + syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname); + return -1; + } + + /* Check if version ranges overlap */ + + if((cl->min_version > myself->max_version) || (cl->max_version < myself_min_version) || (cl->min_version > cl->max_version)) + { + syslog(LOG_ERR, _("Peer %s uses incompatible version (%d-%d)"), cl->hostname, cl->min_version, cl->max_version); + return -1; + } + + /* Check if option string is valid */ + + if(str2opt(options) == -1) + { + syslog(LOG_ERR, _("Peer %s uses invalid option string"), cl->hostname); + return -1; + } + + /* Check if identity is a valid name */ + + if(!check_id(cl->id)) + { + syslog(LOG_ERR, _("Peer %s uses invalid identity name"), cl->hostname); + return -1; + } + + /* Load information about peer */ + + if(!read_id(cl)) + { + syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), cl->hostname, cl->id); + return -1; + } + + + /* First check if the host we connected to is already in our + connection list. If so, we are probably making a loop, which + is not desirable. + */ + + if(cl->status.outgoing) + { + if((old=lookup_id(cl->id))) + { + if(debug_lvl > DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), cl->id, cl->hostname); + cl->status.outgoing = 0; + old->status.outgoing = 1; + terminate_connection(cl); + return 0; + } + } + + /* Since we know the identity now, we can encrypt the meta channel */ + + cl->status.encryptout = 1; + + /* Send a challenge to verify the identity */ + + cl->allow_request = CHAL_REPLY; +cp + return send_challenge(cl); +} + +int send_challenge(conn_list_t *cl) +{ + char *buffer; + int keylength; + int x; +cp + if(cl->chal_hash) + free(cl->chal_hash); + + /* Allocate buffers for the challenge and the hash */ + + cl->chal_hash = xmalloc(SHA_DIGEST_LEN); + keylength = BN_num_bytes(cl->metakey.n); + buffer = xmalloc(keylength*2); + + /* Copy random data and the public key to the buffer */ + + RAND_bytes(buffer, keylength); + BN_bn2bin(cl->metakey.n, buffer+keylength); + + /* Calculate the hash from that */ + + SHA1(buffer, keylength*2, cl->chal_hash); + + /* Convert the random data to a hexadecimal formatted string */ + + bin2hex(buffer,buffer,keylength); + buffer[keylength*2] = '\0'; + + /* Send the challenge */ + + cl->allow_request = CHAL_REPLY; + x = send_request(cl, "%d %s", CHALLENGE, buffer); + free(buffer); +cp + return x; +} + +int challenge_h(conn_list_t *cl) +{ + char *challenge; +cp + if(sscanf(cl->buffer, "%*d %as", &cl->id, &challenge) != 1) + { + syslog(LOG_ERR, _("Got bad CHALLENGE from %s (%s)"), cl->id, cl->hostname); + return -1; + } + + /* Rest is done by send_chal_reply() */ + + x = send_chal_reply(cl, challenge); + free(challenge); +cp + return x; +} + +int send_chal_reply(conn_list_t *cl, char *challenge) +{ + char *buffer; + int keylength; + char *hash; + int x; +cp + keylength = BN_num_bytes(myself->meyakey.n); + + /* Check if the length of the challenge is all right */ + + if(strlen(challenge) != keylength*2) + { + syslog(LOG_ERROR, _("Intruder: wrong challenge length from %s (%s)"), cl->id, cl->hostname); + return -1; + } + + /* Allocate buffers for the challenge and the hash */ + + buffer = xmalloc(keylength*2); + hash = xmalloc(SHA_DIGEST_LEN*2+1); + + /* Copy the incoming random data and our public key to the buffer */ + + hex2bin(challenge, buffer, keylength); + BN_bn2bin(myself->metakey.n, buffer+keylength); + + /* Calculate the hash from that */ + + SHA1(buffer, keylength*2, hash); + free(buffer); + + /* Convert the hash to a hexadecimal formatted string */ + + bin2hex(hash,hash,SHA_DIGEST_LEN); + hash[SHA_DIGEST_LEN*2] = '\0'; + + /* Send the reply */ + + if(cl->status.outgoing) + cl->allow_resuest = ID; + else + cl->allow_request = ACK; + + x = send_request(cl, "%d %s", CHAL_REPLY, hash); + free(hash); +cp + return x; +} + +int chal_reply_h(conn_list_t *cl) +{ + char *hash; +cp + if(sscanf(cl->buffer, "%*d %as", &cl->id, &hash) != 2) + { + syslog(LOG_ERR, _("Got bad CHAL_REPLY from %s (%s)"), cl->id, cl->hostname); + return -1; + } + + /* Check if the length of the hash is all right */ + + if(strlen(hash) != SHA_DIGEST_LEN*2) + { + syslog(LOG_ERROR, _("Intruder: wrong challenge reply length from %s (%s)"), cl->id, cl->hostname); + return -1; + } + + /* Convert the hash to binary format */ + + hex2bin(hash, hash, SHA_DIGEST_LEN); + + /* Verify the incoming hash with the calculated hash */ + + if{!memcmp(hash, cl->chal_hash, SHA_DIGEST_LEN)} + { + syslog(LOG_ERROR, _("Intruder: wrong challenge reply from %s (%s)"), cl->id, cl->hostname); + return -1; + } + + /* Identity has now been positively verified. + If we are accepting this new connection, then send our identity, + if we are making this connecting, acknowledge. + */ + + free(hash); + free(cl->chal_hash); + +cp + if(cl->status.outgoing) + { + cl->allow_request = ACK; + return send_ack(cl); + } + else + { + cl->allow_request = CHALLENGE; + return send_id(cl); + } +} int send_ack(conn_list_t *cl) { cp - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending ACK to %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - - buflen = snprintf(buffer, MAXBUFSIZE, "%d\n", ACK); - - if((write(cl->meta_socket, buffer, buflen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %d:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; + return send_request(cl, "%d", ACK); } +int ack_h(conn_list_t *cl) +{ +cp + /* Okay, before we active the connection, we check if there is another entry + in the connection list with the same vpn_ip. If so, it presumably is an + old connection that has timed out but we don't know it yet. + */ + + while((old = lookup_conn(cl->vpn_ip))) + { + if(debug_lvl > 1) + syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), + cl->vpn_hostname, old->real_hostname, cl->real_hostname); + old->status.active = 0; + terminate_connection(old); + } + + /* Activate this connection */ + + cl->allow_request = ALL; + cl->status.active = 1; + + if(debug_lvl > DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->id, cl->hostname); + + /* Exchange information about other tinc daemons */ + + notify_others(cl, NULL, send_add_host); + notify_one(cl); + + upstreamindex = 0; + +cp + if(cl->status.outgoing) + return 0; + else + return send_ack(cl); +} + +/* Address and subnet information exchange */ + +/* New and closed connections notification */ + +/* Status and error notification routines */ + +int send_status(conn_list_t *cl, int statusno, char *statusstring) +{ +cp + return send_request(cl, "%d %d %s", STATUS, statusno, statusstring); +} + +int send_error(conn_list_t *cl, int errno, char *errstring) +{ +cp + return send_request(cl, "%d %d %s", ERROR, errno, errstring); +} + +/* Old routines */ + + int send_termreq(conn_list_t *cl) { cp @@ -122,7 +452,6 @@ cp return 0; } -/* Evil hack - TCP tunneling is bad */ int send_tcppacket(conn_list_t *cl, void *data, int len) { cp @@ -250,78 +579,6 @@ cp cp } -int send_basic_info(conn_list_t *cl) -{ -cp - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending BASIC_INFO to %s"), - cl->real_hostname); - - buflen = snprintf(buffer, MAXBUFSIZE, "%d %d %lx/%lx:%x %d\n", BASIC_INFO, PROT_CURRENT, myself->vpn_ip, myself->vpn_mask, myself->port, myself->flags); - - if((write(cl->meta_socket, buffer, buflen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} - -int send_passphrase(conn_list_t *cl) -{ - passphrase_t tmp; -cp - encrypt_passphrase(&tmp); - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending PASSPHRASE to %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - - buflen = snprintf(buffer, MAXBUFSIZE, "%d %s\n", PASSPHRASE, tmp.phrase); - - if((write(cl->meta_socket, buffer, buflen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} - -int send_public_key(conn_list_t *cl) -{ -cp - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending PUBLIC_KEY to %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - - buflen = snprintf(buffer, MAXBUFSIZE, "%d %s\n", PUBLIC_KEY, my_public_key_base36); - - if((write(cl->meta_socket, buffer, buflen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} - -/* WDN doet deze functie? (GS) -int send_calculate(conn_list_t *cl, char *k) -{ -cp - buflen = snprintf(buffer, MAXBUFSIZE, "%d %s\n", CALCULATE, k); - - if((write(cl->meta_socket, buffer, buflen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} -*/ int send_key_request(ip_t to) { @@ -416,164 +673,6 @@ cp The incoming request handlers */ -int basic_info_h(conn_list_t *cl) -{ - conn_list_t *old; -cp - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got BASIC_INFO from %s"), cl->real_hostname); - - if(sscanf(cl->buffer, "%*d %d %lx/%lx:%hx %d", &cl->protocol_version, &cl->vpn_ip, &cl->vpn_mask, &cl->port, &cl->flags) != 5) - { - syslog(LOG_ERR, _("Got bad BASIC_INFO from %s"), - cl->real_hostname); - return -1; - } - - cl->vpn_hostname = hostlookup(htonl(cl->vpn_ip)); - - if(cl->protocol_version != PROT_CURRENT) - { - syslog(LOG_ERR, _("Peer uses incompatible protocol version %d"), - cl->protocol_version); - return -1; - } - - if(cl->status.outgoing) - { - /* First check if the host we connected to is already in our - connection list. If so, we are probably making a loop, which - is not desirable. - */ - - if((old=lookup_conn(cl->vpn_ip))) - { - if(debug_lvl>0) - syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), - cl->vpn_hostname, cl->real_hostname); - cl->status.outgoing = 0; - old->status.outgoing = 1; - terminate_connection(cl); - return 0; - } - - if(setup_vpn_connection(cl) < 0) - return -1; - send_basic_info(cl); - } - else - { - - if(setup_vpn_connection(cl) < 0) - return -1; - send_passphrase(cl); - } -cp - return 0; -} - -int passphrase_h(conn_list_t *cl) -{ -cp - cl->pp = xmalloc(sizeof(*(cl->pp))); - - if(sscanf(cl->buffer, "%*d %as", &(cl->pp->phrase)) != 1) - { - syslog(LOG_ERR, _("Got bad PASSPHRASE from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - cl->pp->len = strlen(cl->pp->phrase); - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got PASSPHRASE from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - - if(cl->status.outgoing) - send_passphrase(cl); - else - send_public_key(cl); -cp - return 0; -} - -int public_key_h(conn_list_t *cl) -{ - char *g_n; - conn_list_t *old; -cp - if(sscanf(cl->buffer, "%*d %as", &g_n) != 1) - { - syslog(LOG_ERR, _("Got bad PUBLIC_KEY from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got PUBLIC_KEY from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - - if(verify_passphrase(cl, g_n)) - { - /* intruder! */ - syslog(LOG_ERR, _("Intruder from %s: passphrase for %s does not match!"), - cl->real_hostname, cl->vpn_hostname); - return -1; - } - - if(cl->status.outgoing) - send_public_key(cl); - else - { - send_ack(cl); - - /* Okay, before we active the connection, we check if there is another entry - in the connection list with the same vpn_ip. If so, it presumably is an - old connection that has timed out but we don't know it yet. - */ - - while((old = lookup_conn(cl->vpn_ip))) - { - if(debug_lvl > 1) - syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), - cl->vpn_hostname, old->real_hostname, cl->real_hostname); - old->status.active = 0; - terminate_connection(old); - } - - cl->status.active = 1; - - if(debug_lvl > 0) - syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), - cl->vpn_hostname, cl->real_hostname); - - notify_others(cl, NULL, send_add_host); - notify_one(cl); - } -cp - return 0; -} - -int ack_h(conn_list_t *cl) -{ -cp - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got ACK from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - - cl->status.active = 1; - - if(debug_lvl > 0) - syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), - cl->vpn_hostname, cl->real_hostname); - - notify_others(cl, NULL, send_add_host); - notify_one(cl); - - upstreamindex = 0; -cp - return 0; -} int termreq_h(conn_list_t *cl) { @@ -1013,31 +1112,14 @@ cp return 0; } -int (*request_handlers[256])(conn_list_t*) = { - 0, ack_h, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - termreq_h, timeout_h, del_host_h, 0, 0, 0, 0, 0, 0, 0, - ping_h, pong_h, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - add_host_h, basic_info_h, passphrase_h, public_key_h, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - tcppacket_h, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - req_key_h, ans_key_h, key_changed_h, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0 +/* "Complete overhaul". */ + +int (*request_handlers[6])(conn_list_t*) = { + id_h, challenge_h, chal_reply_h, ack_h, + status_h, error_h, +}; + +char (*request_name[6]) = { + "ID", "CHALLENGE", "CHAL_REPLY", "ACK", + "STATUS", "ERROR", }; From 6b9ec9ed1e818d5e50dda4418ffb4d02c898bcba Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 10 Sep 2000 16:15:35 +0000 Subject: [PATCH 075/923] - Added more function skeletons for the new protocol. --- src/protocol.c | 161 ++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 153 insertions(+), 8 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index f1a9e49b..b68b83a9 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.25 2000/09/10 15:18:03 guus Exp $ + $Id: protocol.c,v 1.28.4.26 2000/09/10 16:15:35 guus Exp $ */ #include "config.h" @@ -339,17 +339,18 @@ cp int ack_h(conn_list_t *cl) { + conn_list_t old; cp /* Okay, before we active the connection, we check if there is another entry in the connection list with the same vpn_ip. If so, it presumably is an old connection that has timed out but we don't know it yet. */ - while((old = lookup_conn(cl->vpn_ip))) + while((old = lookup_id(cl->id))) { - if(debug_lvl > 1) + if(debug_lvl > DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), - cl->vpn_hostname, old->real_hostname, cl->real_hostname); + cl->id, old->hostname, cl->hostname); old->status.active = 0; terminate_connection(old); } @@ -378,22 +379,162 @@ cp /* Address and subnet information exchange */ +int send_add_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) +{ +cp + return send_meta(cl, "%d %s %d %s", ADD_SUBNET, other->id, subnet->type, net2str(subnet)); +} + +int add_subnet_h(conn_list_t *cl) +{ +} + +int send_del_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) +{ +cp + return send_meta(cl, "%d %s %d %s", DEL_SUBNET, other->id, subnet->type, net2str(subnet)); +} + +int del_subnet_h(conn_list_t *cl) +{ +} + /* New and closed connections notification */ +int send_add_host(conn_list_t *cl, conn_list_t *other) +{ +cp + return send_meta(cl, "%d %lx:%d", ADD_HOST, other->id, other->address, other->port); +} + +int add_host_h(conn_list_t *cl) +{ +} + +int send_del_host(conn_list_t *cl, conn_list_t *other) +{ +cp + return send_meta(cl, "%d %lx:%d", DEL_HOST, other->id, other->address, other->port); +} + +int del_host_h(conn_list_t *cl) +{ +} + /* Status and error notification routines */ int send_status(conn_list_t *cl, int statusno, char *statusstring) { +cp + if(!statusstring) + statusstring = status_text[statusno]; cp return send_request(cl, "%d %d %s", STATUS, statusno, statusstring); } +int status_h(conn_list_t *cl) +{ + int statusno; + char *statusstring; +cp + if(sscanf(cl->buffer, "%*d %d %as", &statusno, &statusstring) != 2) + { + syslog(LOG_ERR, _("Got bad STATUS from %s (%s)"), cl->id, cl->hostname); + return -1; + } + + if(debug_lvl > DEBUG_STATUS) + { + syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), cl->id, cl->hostname, status_text[statusno], statusstring); + } + +cp + free(statusstring); + return 0; +} + int send_error(conn_list_t *cl, int errno, char *errstring) { cp + if(!errorstring) + errorstring = error_text[errno]; return send_request(cl, "%d %d %s", ERROR, errno, errstring); } +int error_h(conn_list_t *cl) +{ + int errno; + char *errorstring; +cp + if(sscanf(cl->buffer, "%*d %d %as", &errno, &errorstring) != 2) + { + syslog(LOG_ERR, _("Got bad error from %s (%s)"), cl->id, cl->hostname); + return -1; + } + + if(debug_lvl > DEBUG_error) + { + syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), cl->id, cl->hostname, error_text[errno], errorstring); + } + +cp + free(errorstring); + return 0; +} + +int send_termreq(conn_list_t *cl) +{ +} + +int termreq_h(conn_list_t *cl) +{ +} + +/* Keepalive routines */ + +int send_ping(conn_list_t *cl) +{ +cp + return send_meta(cl, "%d", PING); +} + +int ping_h(conn_list_t *cl) +{ +} + +int send_pong(conn_list_t *cl) +{ +cp + return send_meta(cl, "%d", PONG); +} + +int pong_h(conn_list_t *cl) +{ +} + +/* Key exchange */ + +int send_req_key(conn_list_t *cl, conn_list_t *source) +{ +cp + return send_meta(cl, "%d %s", REQ_KEY, source->id); +} + +int req_key_h(conn_list_t *cl) +{ +} + +int send_key(conn_list_t *cl) +{ +} + +int key_h(conn_list_t *cl) +{ +} + + + + /* Old routines */ @@ -1114,12 +1255,16 @@ cp /* "Complete overhaul". */ -int (*request_handlers[6])(conn_list_t*) = { +int (*request_handlers[])(conn_list_t*) = { id_h, challenge_h, chal_reply_h, ack_h, - status_h, error_h, + status_h, error_h, termreq_h, + add_host_h, del_host_h, + ping_h, pong_h, }; -char (*request_name[6]) = { +char (*request_name[]) = { "ID", "CHALLENGE", "CHAL_REPLY", "ACK", - "STATUS", "ERROR", + "STATUS", "ERROR", "TERMREQ", + "ADD_HOST", "DEL_HOST", + "PING", "PONG", }; From 74157d3f4501f4d1ec913a986b7167d2b847e41e Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 10 Sep 2000 18:37:46 +0000 Subject: [PATCH 076/923] Correct filenames for passphrases given in the example --- doc/tinc.texi | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index edb5d2c2..85a4dae2 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -535,9 +535,10 @@ need to run tincd, but it must do a port forwarding of TCP&UDP on port 655 (unless otherwise configured). In this example, it is assumed that eth0 is the interface that points to -the inner LAN of the office, although this could also be the same as the interface -that leads to the internet. The configuration of the real interface is also shown -as a comment, to give you an idea of how these example host is set up. +the inner LAN of the office, although this could also be the same as the +interface that leads to the internet. The configuration of the real +interface is also shown as a comment, to give you an idea of how these +example host is set up. @subsubheading For A @@ -629,17 +630,17 @@ A, B, C and D all generate a passphrase with genauth 2048, the output is stored in /etc/tinc/passphrases/local, except for C, where it should be /etc/tinc/A/passphrases/local. -A stores a copy of B's passphrase in /etc/tinc/passphrases/10.2.0.0 +A stores a copy of B's passphrase in /etc/tinc/passphrases/10.2.1.12 -A stores a copy of C's passphrase in /etc/tinc/passphrases/10.3.0.0 +A stores a copy of C's passphrase in /etc/tinc/passphrases/10.3.69.254 -B stores a copy of A's passphrase in /etc/tinc/passphrases/10.1.0.0 +B stores a copy of A's passphrase in /etc/tinc/passphrases/10.1.54.1 -C stores a copy of A's passphrase in /etc/tinc/A/passphrases/10.1.0.0 +C stores a copy of A's passphrase in /etc/tinc/A/passphrases/10.1.54.1 -C stores a copy of D's passphrase in /etc/tinc/A/passphrases/10.4.0.0 +C stores a copy of D's passphrase in /etc/tinc/A/passphrases/10.4.3.32 -D stores a copy of C's passphrase in /etc/tinc/passphrases/10.3.0.0 +D stores a copy of C's passphrase in /etc/tinc/passphrases/10.3.69.254 @subsubheading Starting From 9926dae4646a96ee647a2ca7d728e91600dd1cca Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 10 Sep 2000 21:57:11 +0000 Subject: [PATCH 077/923] Add Guus' name and shift out old protocol requests --- src/protocol.h | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/protocol.h b/src/protocol.h index 7e0e8988..3a5c8069 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -1,6 +1,7 @@ /* protocol.h -- header for protocol.c - Copyright (C) 1999,2000 Ivo Timmermans + Copyright (C) 1999,2000 Ivo Timmermans , + 2000 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -16,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.5 2000/08/07 16:27:29 guus Exp $ + $Id: protocol.h,v 1.5.4.6 2000/09/10 21:57:11 zarq Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -37,14 +38,15 @@ enum { enum { ACK = 1, /* acknowledged */ - AUTH_S_INIT = 10, /* initiate authentication */ +/* These requests are obsolete. + AUTH_S_INIT = 10, AUTH_C_INIT, - AUTH_S_SPP, /* send passphrase */ + AUTH_S_SPP, AUTH_C_SPP, - AUTH_S_SKEY, /* send g^k */ + AUTH_S_SKEY, AUTH_C_SKEY, - AUTH_S_SACK, /* send ack */ - AUTH_C_RACK, /* waiting for ack */ + AUTH_S_SACK, + AUTH_C_RACK, */ TERMREQ = 30, /* terminate connection */ PINGTIMEOUT, /* terminate due to ping t.o. */ DEL_HOST, /* forward a termreq to others */ @@ -63,6 +65,7 @@ enum { REQ_KEY = 160, /* request public key */ ANS_KEY, /* answer to such request */ KEY_CHANGED, /* public key has changed */ + }; extern int (*request_handlers[256])(conn_list_t*); From 675ed08a71ec28d8ae99e10e993d5c7cb717f017 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 10 Sep 2000 22:49:46 +0000 Subject: [PATCH 078/923] - Lots of functions added for the new protocol. --- src/protocol.c | 843 ++++++++++++++++--------------------------------- 1 file changed, 276 insertions(+), 567 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index b68b83a9..8c6ce920 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.26 2000/09/10 16:15:35 guus Exp $ + $Id: protocol.c,v 1.28.4.27 2000/09/10 22:49:46 guus Exp $ */ #include "config.h" @@ -98,7 +98,7 @@ cp int send_id(conn_list_t *cl) { cp - return send_request(cl, "%d %s %d-%d %s", ID, myself->id, myself->min_version, myself->max_version, opt2str(myself->options)); + return send_request(cl, "%d %s %d %s", ID, myself->id, myself->version, opt2str(myself->options)); } int id_h(conn_list_t *cl) @@ -106,23 +106,23 @@ int id_h(conn_list_t *cl) conn_list_t *old; char *options; cp - if(sscanf(cl->buffer, "%*d %as %d-%d %as", &cl->id, &cl->min_version, &cl->max_version, &options) != 4) + if(sscanf(cl->buffer, "%*d %as %d %as", &cl->id, &cl->version, &options) != 3) { syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname); return -1; } - /* Check if version ranges overlap */ + /* Check if version matches */ - if((cl->min_version > myself->max_version) || (cl->max_version < myself_min_version) || (cl->min_version > cl->max_version)) + if(cl->version != myself->version) { - syslog(LOG_ERR, _("Peer %s uses incompatible version (%d-%d)"), cl->hostname, cl->min_version, cl->max_version); + syslog(LOG_ERR, _("Peer %s uses incompatible version %d"), cl->hostname, cl->min_version, cl->max_version); return -1; } /* Check if option string is valid */ - if(str2opt(options) == -1) + if((cl->options = str2opt(options)) == -1) { syslog(LOG_ERR, _("Peer %s uses invalid option string"), cl->hostname); return -1; @@ -382,7 +382,7 @@ cp int send_add_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) { cp - return send_meta(cl, "%d %s %d %s", ADD_SUBNET, other->id, subnet->type, net2str(subnet)); + return send_request(cl, "%d %s %d %s", ADD_SUBNET, other->id, subnet->type, net2str(subnet)); } int add_subnet_h(conn_list_t *cl) @@ -392,7 +392,7 @@ int add_subnet_h(conn_list_t *cl) int send_del_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) { cp - return send_meta(cl, "%d %s %d %s", DEL_SUBNET, other->id, subnet->type, net2str(subnet)); + return send_request(cl, "%d %s %d %s", DEL_SUBNET, other->id, subnet->type, net2str(subnet)); } int del_subnet_h(conn_list_t *cl) @@ -404,21 +404,138 @@ int del_subnet_h(conn_list_t *cl) int send_add_host(conn_list_t *cl, conn_list_t *other) { cp - return send_meta(cl, "%d %lx:%d", ADD_HOST, other->id, other->address, other->port); + return send_request(cl, "%d %s %lx:%d %s", ADD_HOST, other->id, other->address, other->port, opt2str(other->options)); } int add_host_h(conn_list_t *cl) { + char *options; + conn_list_t *old, *new; +cp + new = new_conn_list(); + + if(sscanf(cl->buffer, "%*d %as %lx:%d %as", &new->id, &new->address, &new->port, &options) != 4) + { + syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->id, cl->hostname); + return -1; + } + + /* Check if option string is valid */ + + if((new->options = str2opt(options) == -1) + { + syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid option string"), cl->hostname); + return -1; + } + + /* Check if identity is a valid name */ + + if(!check_id(new->id)) + { + syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid identity name"), cl->id, cl->hostname); + return -1; + } + + /* Check if somebody tries to add ourself */ + + if(!strcmp(new->id, myself->id)) + { + syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->id, cl->hostname); + sighup = 1; + return 0; + } + + /* Fill in more of the new conn_list structure */ + + new->hostname = hostlookup(htonl(new->address)); + + /* Check if the new host already exists in the connnection list */ + + if((old = lookup_id(id)) + { + if((new->address == old->address) && (new->port == old->port)) + { + if(debug_lvl > DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), old->id, old->hostname, new->id, new->hostname); + return 0; + } + else + { + if(debug_lvl > DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"), old->id, old->hostname); + old->status.active = 0; + terminate_connection(old); + } + } + + /* Fill in rest of conn_list structure */ + + new->nexthop = cl; + new->status.active = 1; + + /* Hook it up into the conn_list */ + + conn_list_add(conn_list, new); + + /* Tell the rest about the new host */ + + notify_others(new, cl, send_add_host); + +cp + return 0; } int send_del_host(conn_list_t *cl, conn_list_t *other) { cp - return send_meta(cl, "%d %lx:%d", DEL_HOST, other->id, other->address, other->port); + return send_request(cl, "%d %s %lx:%d", DEL_HOST, other->id, other->address, other->port); } int del_host_h(conn_list_t *cl) { + char *id; + ip_t address; + port_t port; + conn_list_t *old; +cp + if(sscanf(cl->buffer, "%*d %as %lx:%d", &id, &address, &port) != 3) + { + syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), cl->id, cl->hostname); + return -1; + } + + /* Check if somebody tries to delete ourself */ + + if(!strcmp(id, myself->id)) + { + syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"), cl->id, cl->hostname); + sighup = 1; + return 0; + } + + /* Check if the new host already exists in the connnection list */ + + if((old = lookup_id(id)) + { + if((address == old->address) && (port == old->port)) + { + notify_others(old, cl, send_del_host); + + fw->status.termreq = 1; + fw->status.active = 0; + + terminate_connection(fw); +cp + return 0; + } + } + + if(debug_lvl > DEBUG_CONNECTIONS) + { + syslog(LOG_NOTICE, _("Got DEL_HOST for %s from %s (%s) which is not in our connection list"), id, cl->id, cl->hostname); + } +cp + return 0; } /* Status and error notification routines */ @@ -477,59 +594,188 @@ cp syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), cl->id, cl->hostname, error_text[errno], errorstring); } -cp free(errorstring); + cl->status.termreq = 1; + terminate_connection(cl); +cp return 0; } int send_termreq(conn_list_t *cl) { +cp + return send_request(cl, "%d", TERMREQ); } int termreq_h(conn_list_t *cl) { +cp + cl->status.termreq = 1; + terminate_connection(cl); +cp + return 0; } -/* Keepalive routines */ +/* Keepalive routines - FIXME: needs a closer look */ int send_ping(conn_list_t *cl) { + cl->status.pinged = 1; cp - return send_meta(cl, "%d", PING); + return send_request(cl, "%d", PING); } int ping_h(conn_list_t *cl) { +cp + return send_pong(cl); } int send_pong(conn_list_t *cl) { cp - return send_meta(cl, "%d", PONG); + return send_request(cl, "%d", PONG); } int pong_h(conn_list_t *cl) { +cp + cl->status.got_pong = 1; +cp + return 0; } /* Key exchange */ -int send_req_key(conn_list_t *cl, conn_list_t *source) +int send_key_changed(conn_list_t *from, conn_list_t *cl) +{ + conn_list_t *p; +cp + for(p = conn_list; p != NULL; p = p->next) + { + if(p!=cl && p->status.meta && p->status.active) + send_request(p, "%d %s", KEY_CHANGED, from->id); + } +cp + return 0; +} + +int key_changed_h(conn_list_t *cl) +{ + char *from_id; + conn_list_t *from; +cp + if(sscanf(cl->buffer, "%*d %as", &from_id) != 1) + { + syslog(LOG_ERR, _("Got bad KEY_CHANGED from %s (%s)"), cl->id, cl->hostname); + return -1; + } + + if(!(from = lookup_id(from_id))) + { + syslog(LOG_ERR, _("Got KEY_CHANGED from %s (%s) origin %s which does not exist in our connection list"), cl->id, cl->hostname, from_id); + free(from); + return -1; + } + + from->status.validkey = 0; + from->status.waitingforkey = 0; + + send_key_changed(from, cl); +cp + return 0; +} + +int send_req_key(conn_list_t *from, conn_list_t *to) { cp - return send_meta(cl, "%d %s", REQ_KEY, source->id); + return send_request(to->nexthop, "%d %s %s", REQ_KEY, from->id, to->id); } int req_key_h(conn_list_t *cl) { + char *from_id, *to_id; + conn_list_t *from, *to; +cp + if(sscanf(cl->buffer, "%*d %as %as", &from_id, &to_id) != 2) + { + syslog(LOG_ERR, _("Got bad REQ_KEY from %s (%s)"), cl->id, cl->hostname); + return -1; + } + + if(!(from = lookup_id(from_id))) + { + syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) origin %s which does not exist in our connection list"), cl->id, cl->hostname, from_id); + free(from); free(to); + return -1; + } + + /* Check if this key request is for us */ + + if(!strcmp(id, myself->strcmp)) + { + send_ans_key(myself, from, myself->datakey); + } + else + { + if(!(to = lookup_id(to_id))) + { + syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) destination %s which does not exist in our connection list"), cl->id, cl->hostname, to_id); + free(from); free(to); + return -1; + } + send_req_key(from, to); + } + + free(from); free(to); +cp + return 0; } -int send_key(conn_list_t *cl) +int send_ans_key(conn_list_t *from, conn_list_t *to, char *datakey) { +cp + return send_request(to->nexthop, "%d %s %s %s", ANS_KEY, from->id, to->id, datakey); } -int key_h(conn_list_t *cl) +int ans_key_h(conn_list_t *cl) { + char *from_id, *to_id, *datakey; + conn_list_t *from, *to; +cp + if(sscanf(cl->buffer, "%*d %as %as %as", &from_id, &to_id, &datakey) != 3) + { + syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s)"), cl->id, cl->hostname); + return -1; + } + + if(!(from = lookup_id(from_id))) + { + syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) origin %s which does not exist in our connection list"), cl->id, cl->hostname, from_id); + free(from); free(to); free(datakey); + return -1; + } + + /* Check if this key request is for us */ + + if(!strcmp(id, myself->strcmp)) + { + send_ans_key(myself, from); + } + else + { + if(!(to = lookup_id(to_id))) + { + syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) destination %s which does not exist in our connection list"), cl->id, cl->hostname, to_id); + free(from); free(to); free(datakey); + return -1; + } + send_ans_key(from, to, datakey); + } + + free(from); free(to); free(datakey); +cp + return 0; } @@ -538,60 +784,7 @@ int key_h(conn_list_t *cl) /* Old routines */ -int send_termreq(conn_list_t *cl) -{ -cp - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending TERMREQ to %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", TERMREQ, myself->vpn_ip); - - if(write(cl->meta_socket, buffer, buflen) < 0) - { - if(debug_lvl > 1) - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} - -int send_timeout(conn_list_t *cl) -{ -cp - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending TIMEOUT to %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - - buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", PINGTIMEOUT, myself->vpn_ip); - - if((write(cl->meta_socket, buffer, buflen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} - -int send_del_host(conn_list_t *cl, conn_list_t *new_host) -{ -cp - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending DEL_HOST for %s (%s) to %s (%s)"), - new_host->vpn_hostname, new_host->real_hostname, cl->vpn_hostname, cl->real_hostname); - - buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", DEL_HOST, new_host->vpn_ip); - - if((write(cl->meta_socket, buffer, buflen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} int send_tcppacket(conn_list_t *cl, void *data, int len) { @@ -617,172 +810,12 @@ cp return 0; } -int send_ping(conn_list_t *cl) -{ -cp - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending PING to %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - - buflen = snprintf(buffer, MAXBUFSIZE, "%d\n", PING); - - if((write(cl->meta_socket, buffer, buflen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} - -int send_pong(conn_list_t *cl) -{ -cp - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending PONG to %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - - buflen = snprintf(buffer, MAXBUFSIZE, "%d\n", PONG); - - if((write(cl->meta_socket, buffer, buflen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} - -int send_add_host(conn_list_t *cl, conn_list_t *new_host) -{ - ip_t real_ip; - int flags; - char *hostname; -cp - real_ip = new_host->real_ip; - hostname = new_host->real_hostname; - flags = new_host->flags; - - /* If we need to propagate information about a new host that wants us to export - * it's indirectdata flag, we set the INDIRECTDATA flag and unset the EXPORT... - * flag, and set it's real_ip to our vpn_ip, so that net.c send_packet() will - * work correctly. - */ - - if(flags & EXPORTINDIRECTDATA) - { - flags &= ~EXPORTINDIRECTDATA; - flags |= INDIRECTDATA; - real_ip = myself->vpn_ip; - hostname = myself->real_hostname; - } - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending ADD_HOST for %s (%s) to %s (%s)"), - new_host->vpn_hostname, hostname, cl->vpn_hostname, cl->real_hostname); - - buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx/%lx:%x %d\n", ADD_HOST, real_ip, new_host->vpn_ip, new_host->vpn_mask, new_host->port, flags); - - if((write(cl->meta_socket, buffer, buflen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} - -int send_key_changed(conn_list_t *cl, conn_list_t *src) -{ -cp - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending KEY_CHANGED origin %s to %s (%s)"), - src->vpn_hostname, cl->vpn_hostname, cl->real_hostname); - - buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx\n", KEY_CHANGED, src->vpn_ip); - - if((write(cl->meta_socket, buffer, buflen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} - -void send_key_changed_all(void) -{ - conn_list_t *p; -cp - for(p = conn_list; p != NULL; p = p->next) - if(p->status.meta && p->status.active) - send_key_changed(p, myself); -cp -} - - -int send_key_request(ip_t to) -{ - conn_list_t *fw; -cp - fw = lookup_conn(to); - if(!fw) - { - syslog(LOG_ERR, _("Attempting to send REQ_KEY to %d.%d.%d.%d, which does not exist?"), - IP_ADDR_V(to)); - return -1; - } - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending REQ_KEY to %s (%s)"), - fw->nexthop->vpn_hostname, fw->nexthop->real_hostname); - - buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx\n", REQ_KEY, to, myself->vpn_ip); - - if((write(fw->nexthop->meta_socket, buffer, buflen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } - fw->status.waitingforkey = 1; -cp - return 0; -} - -int send_key_answer(conn_list_t *cl, ip_t to) -{ - conn_list_t *fw; -cp - - fw = lookup_conn(to); - - if(!fw) - { - syslog(LOG_ERR, _("Attempting to send ANS_KEY to %d.%d.%d.%d, which does not exist?"), - IP_ADDR_V(to)); - return -1; - } - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Sending ANS_KEY to %s (%s)"), - fw->nexthop->vpn_hostname, fw->nexthop->real_hostname); - - buflen = snprintf(buffer, MAXBUFSIZE, "%d %lx %lx %d %s\n", ANS_KEY, to, myself->vpn_ip, my_key_expiry, my_public_key_base36); - - if((write(fw->nexthop->meta_socket, buffer, buflen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} - /* - notify all my direct connections of a new host + Notify all my direct connections of a new host that was added to the vpn, with the exception of the source of the announcement. */ + int notify_others(conn_list_t *new, conn_list_t *source, int (*function)(conn_list_t*, conn_list_t*)) { @@ -796,9 +829,10 @@ cp } /* - notify one connection of everything - i have connected + Notify one connection of everything + I have connected */ + int notify_one(conn_list_t *new) { conn_list_t *p; @@ -814,97 +848,6 @@ cp The incoming request handlers */ - -int termreq_h(conn_list_t *cl) -{ -cp - if(!cl->status.active) - { - syslog(LOG_ERR, _("Got unauthorized TERMREQ from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got TERMREQ from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - - cl->status.termreq = 1; - - terminate_connection(cl); -cp - return 0; -} - -int timeout_h(conn_list_t *cl) -{ -cp - if(!cl->status.active) - { - syslog(LOG_ERR, _("Got unauthorized TIMEOUT from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got TIMEOUT from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - - cl->status.termreq = 1; - terminate_connection(cl); -cp - return 0; -} - -int del_host_h(conn_list_t *cl) -{ - ip_t vpn_ip; - conn_list_t *fw; -cp - if(!cl->status.active) - { - syslog(LOG_ERR, _("Got unauthorized DEL_HOST from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(sscanf(cl->buffer, "%*d %lx", &vpn_ip) != 1) - { - syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(!(fw = lookup_conn(vpn_ip))) - { - syslog(LOG_ERR, _("Got DEL_HOST for %d.%d.%d.%d from %s (%s) which does not exist?"), - IP_ADDR_V(vpn_ip), cl->vpn_hostname, cl->real_hostname); - return 0; - } - - /* Connections lists are really messed up if this happens */ - if(vpn_ip == myself->vpn_ip) - { - syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"), - cl->vpn_hostname, cl->real_hostname); - sighup = 1; - return 0; - } - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got DEL_HOST for %s (%s) from %s (%s)"), - fw->vpn_hostname, fw->real_hostname, cl->vpn_hostname, cl->real_hostname); - - notify_others(fw, cl, send_del_host); - - fw->status.termreq = 1; - fw->status.active = 0; - - terminate_connection(fw); -cp - return 0; -} - int tcppacket_h(conn_list_t *cl) { int len; @@ -939,177 +882,6 @@ cp return 0; } - -int ping_h(conn_list_t *cl) -{ -cp - if(!cl->status.active) - { - syslog(LOG_ERR, _("Got unauthorized PING from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got PING from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - - cl->status.pinged = 0; - cl->status.got_pong = 1; - - send_pong(cl); -cp - return 0; -} - -int pong_h(conn_list_t *cl) -{ -cp - if(!cl->status.active) - { - syslog(LOG_ERR, _("Got unauthorized PONG from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got PONG from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - - cl->status.got_pong = 1; -cp - return 0; -} - -int add_host_h(conn_list_t *cl) -{ - ip_t real_ip; - ip_t vpn_ip; - ip_t vpn_mask; - unsigned short port; - int flags; - conn_list_t *ncn, *old; -cp - if(!cl->status.active) - { - syslog(LOG_ERR, _("Got unauthorized ADD_HOST from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(sscanf(cl->buffer, "%*d %lx %lx/%lx:%hx %d", &real_ip, &vpn_ip, &vpn_mask, &port, &flags) != 5) - { - syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if((old = lookup_conn(vpn_ip))) - { - if((real_ip==old->real_ip) && (vpn_mask==old->vpn_mask) && (port==old->port)) - { - if(debug_lvl>1) - syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), - old->vpn_hostname, old->real_hostname, cl->vpn_hostname, cl->real_hostname); - goto skip_add_host; /* One goto a day keeps the deeply nested if constructions away. */ - } - else - { - if(debug_lvl>1) - syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"), - old->vpn_hostname, old->real_hostname); - old->status.active = 0; - terminate_connection(old); - } - } - - /* Connections lists are really messed up if this happens */ - if(vpn_ip == myself->vpn_ip) - { - syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), - cl->vpn_hostname, cl->real_hostname); - sighup = 1; - return 0; - } - - ncn = new_conn_list(); - ncn->real_ip = real_ip; - ncn->real_hostname = hostlookup(htonl(real_ip)); - ncn->vpn_ip = vpn_ip; - ncn->vpn_mask = vpn_mask; - ncn->vpn_hostname = hostlookup(htonl(vpn_ip)); - ncn->port = port; - ncn->flags = flags; - ncn->nexthop = cl; - ncn->next = conn_list; - conn_list = ncn; - ncn->status.active = 1; - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got ADD_HOST for %s (%s) from %s (%s)"), - ncn->vpn_hostname, ncn->real_hostname, cl->vpn_hostname, cl->real_hostname); - - notify_others(ncn, cl, send_add_host); - -skip_add_host: -cp - return 0; -} - -int req_key_h(conn_list_t *cl) -{ - ip_t to; - ip_t from; - conn_list_t *fw; -cp - if(!cl->status.active) - { - syslog(LOG_ERR, _("Got unauthorized REQ_KEY from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(sscanf(cl->buffer, "%*d %lx %lx", &to, &from) != 2) - { - syslog(LOG_ERR, _("Got bad REQ_KEY from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got REQ_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)"), - IP_ADDR_V(from), IP_ADDR_V(to), cl->vpn_hostname, cl->real_hostname); - - if((to & myself->vpn_mask) == (myself->vpn_ip & myself->vpn_mask)) - { /* hey! they want something from ME! :) */ - send_key_answer(cl, from); - return 0; - } - - fw = lookup_conn(to); - - if(!fw) - { - syslog(LOG_ERR, _("Attempting to forward REQ_KEY to %d.%d.%d.%d, which does not exist?"), - IP_ADDR_V(to)); - return -1; - } - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Forwarding REQ_KEY to %s (%s)"), - fw->nexthop->vpn_hostname, fw->nexthop->real_hostname); - - cl->buffer[cl->reqlen-1] = '\n'; - - if(write(fw->nexthop->meta_socket, cl->buffer, cl->reqlen) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} - void set_keys(conn_list_t *cl, int expiry, char *key) { char *ek; @@ -1145,73 +917,6 @@ cp cp } -int ans_key_h(conn_list_t *cl) -{ - ip_t to; - ip_t from; - int expiry; - char *key; - conn_list_t *fw, *gk; -cp - if(!cl->status.active) - { - syslog(LOG_ERR, _("Got unauthorized ANS_KEY from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(sscanf(cl->buffer, "%*d %lx %lx %d %as", &to, &from, &expiry, &key) != 4) - { - syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got ANS_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)"), - IP_ADDR_V(from), IP_ADDR_V(to), cl->vpn_hostname, cl->real_hostname); - - if(to == myself->vpn_ip) - { /* hey! that key's for ME! :) */ - gk = lookup_conn(from); - - if(!gk) - { - syslog(LOG_ERR, _("Receiving ANS_KEY origin %d.%d.%d.%d from %s (%s), which does not exist?"), - IP_ADDR_V(from), cl->vpn_hostname, cl->real_hostname); - return -1; - } - - set_keys(gk, expiry, key); - gk->status.validkey = 1; - gk->status.waitingforkey = 0; - flush_queues(gk); - return 0; - } - - fw = lookup_conn(to); - - if(!fw) - { - syslog(LOG_ERR, _("Attempting to forward ANS_KEY to %d.%d.%d.%d, which does not exist?"), - IP_ADDR_V(to)); - return -1; - } - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Forwarding ANS_KEY to %s (%s)"), - fw->nexthop->vpn_hostname, fw->nexthop->real_hostname); - - cl->buffer[cl->reqlen-1] = '\n'; - - if((write(fw->nexthop->meta_socket, cl->buffer, cl->reqlen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} int key_changed_h(conn_list_t *cl) { @@ -1258,13 +963,17 @@ cp int (*request_handlers[])(conn_list_t*) = { id_h, challenge_h, chal_reply_h, ack_h, status_h, error_h, termreq_h, - add_host_h, del_host_h, ping_h, pong_h, + add_host_h, del_host_h, + add_subnet_h, del_subnet_h, + key_changed_h, req_key_h, ans_key_h, }; char (*request_name[]) = { "ID", "CHALLENGE", "CHAL_REPLY", "ACK", "STATUS", "ERROR", "TERMREQ", - "ADD_HOST", "DEL_HOST", "PING", "PONG", + "ADD_HOST", "DEL_HOST", + "ADD_SUBNET", "DEL_SUBNET", + "KEY_CHANGED", "REQ_KEY", "ANS_KEY", }; From 76b5f255c6cb0c5dfb5a870c371ec6f7c7879bb2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 10 Sep 2000 23:11:37 +0000 Subject: [PATCH 079/923] - Some key exchange stuff. (Last commit before going to bed.) --- src/protocol.c | 177 +++++++------------------------------------------ 1 file changed, 24 insertions(+), 153 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 8c6ce920..57e071ae 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.27 2000/09/10 22:49:46 guus Exp $ + $Id: protocol.c,v 1.28.4.28 2000/09/10 23:11:37 guus Exp $ */ #include "config.h" @@ -674,9 +674,11 @@ cp if(!(from = lookup_id(from_id))) { syslog(LOG_ERR, _("Got KEY_CHANGED from %s (%s) origin %s which does not exist in our connection list"), cl->id, cl->hostname, from_id); - free(from); + free(from_id); return -1; } + + free(from_id); from->status.validkey = 0; from->status.waitingforkey = 0; @@ -706,7 +708,7 @@ cp if(!(from = lookup_id(from_id))) { syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) origin %s which does not exist in our connection list"), cl->id, cl->hostname, from_id); - free(from); free(to); + free(from_id); free(to_id); return -1; } @@ -721,13 +723,13 @@ cp if(!(to = lookup_id(to_id))) { syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) destination %s which does not exist in our connection list"), cl->id, cl->hostname, to_id); - free(from); free(to); + free(from_id); free(to_id); return -1; } send_req_key(from, to); } - free(from); free(to); + free(from_id); free(to_id); cp return 0; } @@ -741,6 +743,7 @@ cp int ans_key_h(conn_list_t *cl) { char *from_id, *to_id, *datakey; + int keylength; conn_list_t *from, *to; cp if(sscanf(cl->buffer, "%*d %as %as %as", &from_id, &to_id, &datakey) != 3) @@ -752,7 +755,7 @@ cp if(!(from = lookup_id(from_id))) { syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) origin %s which does not exist in our connection list"), cl->id, cl->hostname, from_id); - free(from); free(to); free(datakey); + free(from_id); free(to_id); free(datakey); return -1; } @@ -760,56 +763,38 @@ cp if(!strcmp(id, myself->strcmp)) { - send_ans_key(myself, from); + /* It is for us, convert it to binary and set the key with it. */ + + keylength = strlen(datakey); + + if((keylength%1) || (keylength <= 0)) + { + syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), cl->id, cl->hostname, from->id); + free(from_id); free(to_id); free(datakey); + return -1; + } + keylength /= 2; + hex2bin(datakey, datakey, keylength); + BF_set_key(cl->datakey, keylength, datakey); } else { if(!(to = lookup_id(to_id))) { syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) destination %s which does not exist in our connection list"), cl->id, cl->hostname, to_id); - free(from); free(to); free(datakey); + free(from_id); free(to_id); free(datakey); return -1; } send_ans_key(from, to, datakey); } - free(from); free(to); free(datakey); + free(from_id); free(to_id); free(datakey); cp return 0; } - - - /* Old routines */ - - - -int send_tcppacket(conn_list_t *cl, void *data, int len) -{ -cp - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("Sending PACKET to %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - - buflen = snprintf(buffer, MAXBUFSIZE, "%d %d\n", PACKET, len); - - if((write(cl->meta_socket, buffer, buflen)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } - - if((write(cl->meta_socket, data, len)) < 0) - { - syslog(LOG_ERR, _("Send failed: %s:%d: %m"), __FILE__, __LINE__); - return -1; - } -cp - return 0; -} - /* Notify all my direct connections of a new host that was added to the vpn, with the exception @@ -844,120 +829,6 @@ cp return 0; } -/* - The incoming request handlers -*/ - -int tcppacket_h(conn_list_t *cl) -{ - int len; -cp - if(!cl->status.active) - { - syslog(LOG_ERR, _("Got unauthorized PACKET from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(sscanf(cl->buffer, "%*d %d", &len) != 1) - { - syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(len > MTU) - { - syslog(LOG_ERR, _("Got too big PACKET from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(debug_lvl > 3) - syslog(LOG_DEBUG, _("Got PACKET length %d from %s (%s)"), len, - cl->vpn_hostname, cl->real_hostname); - - cl->tcppacket=len; -cp - return 0; -} - -void set_keys(conn_list_t *cl, int expiry, char *key) -{ - char *ek; -cp - if(!cl->public_key) - { - cl->public_key = xmalloc(sizeof(*cl->key)); - cl->public_key->key = NULL; - } - - if(cl->public_key->key) - free(cl->public_key->key); - cl->public_key->length = strlen(key); - cl->public_key->expiry = expiry; - cl->public_key->key = xmalloc(cl->public_key->length + 1); - strcpy(cl->public_key->key, key); - - ek = make_shared_key(key); - - if(!cl->key) - { - cl->key = xmalloc(sizeof(*cl->key)); - cl->key->key = NULL; - } - - if(cl->key->key) - free(cl->key->key); - - cl->key->length = strlen(ek); - cl->key->expiry = expiry; - cl->key->key = xmalloc(cl->key->length + 1); - strcpy(cl->key->key, ek); -cp -} - - -int key_changed_h(conn_list_t *cl) -{ - ip_t from; - conn_list_t *ik; -cp - if(!cl->status.active) - { - syslog(LOG_ERR, _("Got unauthorized KEY_CHANGED from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(sscanf(cl->buffer, "%*d %lx", &from) != 1) - { - syslog(LOG_ERR, _("Got bad KEY_CHANGED from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - ik = lookup_conn(from); - - if(!ik) - { - syslog(LOG_ERR, _("Got KEY_CHANGED origin %d.%d.%d.%d from %s (%s), which does not exist?"), - IP_ADDR_V(from), cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(debug_lvl > 1) - syslog(LOG_DEBUG, _("Got KEY_CHANGED origin %s from %s (%s)"), - ik->vpn_hostname, cl->vpn_hostname, cl->real_hostname); - - ik->status.validkey = 0; - ik->status.waitingforkey = 0; - - notify_others(ik, cl, send_key_changed); -cp - return 0; -} - /* "Complete overhaul". */ int (*request_handlers[])(conn_list_t*) = { From 9c75350ac6c14886195b6d368af2f118fd5d60e0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 11 Sep 2000 10:05:35 +0000 Subject: [PATCH 080/923] - Fixed modulo in keylength check - Updated header file to reflect new protocol code --- src/protocol.c | 4 +-- src/protocol.h | 72 ++++++++++++++++++++++++-------------------------- 2 files changed, 37 insertions(+), 39 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 57e071ae..2081edc6 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.28 2000/09/10 23:11:37 guus Exp $ + $Id: protocol.c,v 1.28.4.29 2000/09/11 10:05:34 guus Exp $ */ #include "config.h" @@ -767,7 +767,7 @@ cp keylength = strlen(datakey); - if((keylength%1) || (keylength <= 0)) + if((keylength%2) || (keylength <= 0)) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), cl->id, cl->hostname, from->id); free(from_id); free(to_id); free(datakey); diff --git a/src/protocol.h b/src/protocol.h index 3a5c8069..f3119aa8 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.6 2000/09/10 21:57:11 zarq Exp $ + $Id: protocol.h,v 1.5.4.7 2000/09/11 10:05:35 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -25,6 +25,10 @@ #include "net.h" +/* Protocol version. Different versions are incompatible, + incompatible version have different protocols. + */ + enum { PROT_RESERVED = 0, /* reserved: do not use. */ PROT_NOT_IN_USE, @@ -33,50 +37,44 @@ enum { PROT_4, PROT_ECHELON, PROT_6, + PROT_7, PROT_CURRENT, /* protocol currently in use */ }; +/* Request numbers */ + enum { - ACK = 1, /* acknowledged */ -/* These requests are obsolete. - AUTH_S_INIT = 10, - AUTH_C_INIT, - AUTH_S_SPP, - AUTH_C_SPP, - AUTH_S_SKEY, - AUTH_C_SKEY, - AUTH_S_SACK, - AUTH_C_RACK, */ - TERMREQ = 30, /* terminate connection */ - PINGTIMEOUT, /* terminate due to ping t.o. */ - DEL_HOST, /* forward a termreq to others */ - PING = 40, /* ping */ - PONG, - ADD_HOST = 60, /* Add new given host to connection list */ - BASIC_INFO, /* some basic info follows */ - PASSPHRASE, /* encrypted passphrase */ - PUBLIC_KEY, /* public key in base-36 */ - HOLD = 80, /* don't send any data */ - RESUME, /* resume dataflow with new encryption key */ - CALCULATE = 100, /* calculate the following numer^privkey and send me the result */ - CALC_RES, /* result of the above */ - ALMOST_KEY, /* this number^privkey is the shared key */ - PACKET = 110, /* TCP tunneled network packet */ - REQ_KEY = 160, /* request public key */ - ANS_KEY, /* answer to such request */ - KEY_CHANGED, /* public key has changed */ - + ALL = -1, /* Guardian for allow_request */ + ID = 0, CHALLENGE, CHAL_REPLY, ACK, + STATUS, ERROR, TERMREQ, + PING, PONG, + ADD_HOST, DEL_HOST, + ADD_SUBNET, DEL_SUBNET, + KEY_CHANGED, REQ_KEY, ANS_KEY, + LAST /* Guardian for the highest request number */ }; -extern int (*request_handlers[256])(conn_list_t*); +extern int (*request_handlers[])(conn_list_t*); +extern int send_id(conn_list_t*); +extern int send_challenge(conn_list_t*); +extern int send_chal_reply(conn_list_t*, char*); +extern int send_ack(conn_list_t*); +extern int send_status(conn_list_t*, int, char*); +extern int send_error(conn_list_t*, int, char*); +extern int send_termreq(conn_list_t*); extern int send_ping(conn_list_t*); -extern int send_basic_info(conn_list_t *); -extern int send_termreq(conn_list_t *); -extern int send_timeout(conn_list_t *); -extern int send_key_request(ip_t); -extern void send_key_changed_all(void); -extern int send_del_host(conn_list_t *, conn_list_t *); +extern int send_pong(conn_list_t*); +extern int send_add_host(conn_list_t*, conn_list_t*); +extern int send_del_host(conn_list_t*, conn_list_t*); +extern int send_add_subnet(conn_list_t*, conn_list_t*, subnet_t*); +extern int send_del_subnet(conn_list_t*, conn_list_t*, subnet_t*); +extern int send_key_changed(conn_list_t*, conn_list_t*); +extern int send_req_key(conn_list_t*, conn_list_t*); +extern int send_ans_key(conn_list_t*, conn_list_t*, char*); + +/* Old functions */ + extern int send_tcppacket(conn_list_t *, void *, int); extern int notify_others(conn_list_t *, conn_list_t *, int (*function)(conn_list_t*, conn_list_t*)); From cd6695df82c55454a3f5b644f5c20a8ed31e7c97 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Mon, 11 Sep 2000 11:40:46 +0000 Subject: [PATCH 081/923] Better checks for SunOS libraries --- configure.in | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index a23f1a0e..cd7172f7 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.4 2000/09/10 15:16:07 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.5 2000/09/11 11:40:46 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre3) @@ -96,8 +96,12 @@ fi dnl Support for SunOS -AC_CHECK_LIB(socket, connect) -AC_CHECK_LIB(nsl, gethostbyname) +AC_CHECK_FUNC(socket, [], [ + AC_CHECK_LIB(socket, connect) +]) +AC_CHECK_FUNC(gethostbyname, [], [ + AC_CHECK_LIB(nsl, gethostbyname) +]) AC_OUTPUT([Makefile src/Makefile cipher/Makefile doc/Makefile intl/Makefile lib/Makefile From c04c84c98055c6b9e9e7890d3992648a3b715a1a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 14 Sep 2000 11:54:51 +0000 Subject: [PATCH 082/923] - Lots of small changes. --- src/net.c | 256 ++++++++++++++++--------------------------------- src/protocol.c | 57 +++++++---- 2 files changed, 120 insertions(+), 193 deletions(-) diff --git a/src/net.c b/src/net.c index 72c1b5e1..a5989c36 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.27 2000/09/06 11:49:03 guus Exp $ + $Id: net.c,v 1.35.4.28 2000/09/14 11:54:50 guus Exp $ */ #include "config.h" @@ -103,8 +103,7 @@ cp rp.len = htons(rp.len); if(debug_lvl > 3) - syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), - ntohs(rp.len), cl->vpn_hostname, cl->real_hostname); + syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), ntohs(rp.len), cl->id, cl->hostname); total_socket_out += ntohs(rp.len); @@ -115,8 +114,7 @@ cp if((send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0) { - syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), - cl->vpn_hostname, cl->real_hostname); + syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->id, cl->hostname); return -1; } cp @@ -132,8 +130,7 @@ cp add_mac_addresses(&vp); if(debug_lvl > 3) - syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"), - ((real_packet_t*)packet)->len, cl->vpn_hostname, cl->real_hostname); + syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"), ((real_packet_t*)packet)->len, cl->id, cl->hostname); if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0) syslog(LOG_ERR, _("Can't write to tap device: %m")); @@ -146,59 +143,6 @@ cp return 0; } -int tcprecv(conn_list_t *cl, real_packet_t *rp) -{ - vpn_packet_t vp; - int lenin; - conn_list_t *f; -cp - rp->data.len = ntohs(rp->data.len); - rp->len = ntohs(rp->len); - rp->from = ntohl(rp->from); - - total_socket_in += rp->len; - - if(rp->len >= 0) - { - f = lookup_conn(rp->from); - if(!f) - { - syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"), - cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp->from)); - return -1; - } - - if(f->status.validkey) - { - do_decrypt(rp, &vp, cl->key); - add_mac_addresses(&vp); - - if(debug_lvl > 3) - syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"), - rp->len, cl->vpn_hostname, cl->real_hostname); - - if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0) - syslog(LOG_ERR, _("Can't write to tap device: %m")); - else - total_tap_out += lenin; - } - else - { - add_queue(&(cl->sq), rp, rp->len + 2); - if(!cl->status.waitingforkey) - send_key_request(rp->from); - } - - if(my_key_expiry <= time(NULL)) - regenerate_keys(); - } - - cl->want_ping = 0; - cl->last_ping_time = time(NULL); -cp - return 0; -} - /* add the given packet of size s to the queue q, be it the send or receive queue @@ -307,16 +251,14 @@ cp if(cl->sq) { if(debug_lvl > 3) - syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"), - cl->vpn_hostname, cl->real_hostname); + syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"), cl->id, cl->hostname); flush_queue(cl, &(cl->sq), xsend); } if(cl->rq) { if(debug_lvl > 3) - syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"), - cl->vpn_hostname, cl->real_hostname); + syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"), cl->id, cl->hostname); flush_queue(cl, &(cl->rq), xrecv); } cp @@ -336,22 +278,16 @@ cp syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"), IP_ADDR_V(to)); } - - /* Is this really necessary? If we can't find "to", then neither should any uplink. (GS) */ - + return -1; - - for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next); - if(!cl) - { /* No open outgoing connection has been found. */ - if(debug_lvl > 3) - syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!")); - return -1; - } - } + } /* If we ourselves have indirectdata flag set, we should send only to our uplink! */ + /* The next few lines will be obsoleted, if we are going indirect, matching subnet_t + should point to only our uplink as the recepient + */ + if(myself->flags & EXPORTINDIRECTDATA) { for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next); @@ -372,13 +308,11 @@ cp if(cl->flags & INDIRECTDATA) { if(debug_lvl > 3) - syslog(LOG_NOTICE, _("Indirect packet to %s via %s"), - cl->vpn_hostname, cl->real_hostname); + syslog(LOG_NOTICE, _("Indirect packet to %s via %s"), cl->id, cl->hostname); if((cl = lookup_conn(cl->real_ip)) == NULL) { if(debug_lvl > 3) - syslog(LOG_NOTICE, _("Indirect look up %d.%d.%d.%d in connection list failed!"), - IP_ADDR_V(to)); + syslog(LOG_NOTICE, _("Indirect look up %d.%d.%d.%d in connection list failed!"), IP_ADDR_V(to)); /* Gateway tincd dead? Should we kill it? (GS) */ @@ -387,8 +321,7 @@ cp if(cl->flags & INDIRECTDATA) /* This should not happen */ { if(debug_lvl > 3) - syslog(LOG_NOTICE, _("Double indirection for %d.%d.%d.%d"), - IP_ADDR_V(to)); + syslog(LOG_NOTICE, _("Double indirection for %d.%d.%d.%d"), IP_ADDR_V(to)); return -1; } } @@ -399,14 +332,14 @@ cp if(!cl->status.dataopen) if(setup_vpn_connection(cl) < 0) { - syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), cl->vpn_hostname, cl->real_hostname); + syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), cl->id, cl->hostname); return -1; } if(!cl->status.validkey) { if(debug_lvl > 3) - syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"), cl->vpn_hostname, cl->real_hostname); + syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"), cl->id, cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); if(!cl->status.waitingforkey) send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */ @@ -416,7 +349,7 @@ cp if(!cl->status.active) { if(debug_lvl > 3) - syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->vpn_hostname, cl->real_hostname); + syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->id, cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); return 0; /* We don't want to mess up, do we? */ } @@ -573,7 +506,7 @@ int setup_outgoing_meta_socket(conn_list_t *cl) config_t const *cfg; cp if(debug_lvl > 0) - syslog(LOG_INFO, _("Trying to connect to %s"), cl->real_hostname); + syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname); if((cfg = get_config_val(upstreamport)) == NULL) cl->port = 655; @@ -584,7 +517,7 @@ cp if(cl->meta_socket == -1) { syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"), - cl->real_hostname, cl->port); + cl->hostname, cl->port); return -1; } @@ -594,7 +527,7 @@ cp if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1) { - syslog(LOG_ERR, _("%s port %hd: %m"), cl->real_hostname, cl->port); + syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port); return -1; } @@ -602,13 +535,13 @@ cp if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0) { syslog(LOG_ERR, _("fcntl for %s port %d: %m"), - cl->real_hostname, cl->port); + cl->hostname, cl->port); return -1; } if(debug_lvl > 0) syslog(LOG_INFO, _("Connected to %s port %hd"), - cl->real_hostname, cl->port); + cl->hostname, cl->port); cp return 0; } @@ -633,12 +566,12 @@ cp ncn = new_conn_list(); ncn->real_ip = ntohl(*((ip_t*)(h->h_addr_list[0]))); - ncn->real_hostname = hostlookup(htonl(ncn->real_ip)); + ncn->hostname = hostlookup(htonl(ncn->real_ip)); if(setup_outgoing_meta_socket(ncn) < 0) { syslog(LOG_ERR, _("Could not set up a meta connection to %s"), - ncn->real_hostname); + ncn->hostname); free_conn_element(ncn); return -1; } @@ -668,7 +601,7 @@ cp myself->vpn_ip = cfg->data.ip->ip; myself->vpn_hostname = hostlookup(htonl(myself->vpn_ip)); - myself->real_hostname = hostlookup(htonl(myself->vpn_ip)); + myself->hostname = hostlookup(htonl(myself->vpn_ip)); myself->vpn_mask = cfg->data.ip->mask; myself->flags = 0; @@ -817,7 +750,7 @@ int setup_vpn_connection(conn_list_t *cl) struct sockaddr_in a; cp if(debug_lvl > 0) - syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->real_hostname); + syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname); nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); if(nfd == -1) @@ -833,15 +766,14 @@ cp if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1) { syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"), - cl->real_hostname, cl->port); + cl->hostname, cl->port); return -1; } flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd, - cl->vpn_hostname, cl->real_hostname); + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd, cl->id, cl->hostname); return -1; } @@ -870,7 +802,7 @@ cp } p->real_ip = ntohl(ci.sin_addr.s_addr); - p->real_hostname = hostlookup(ci.sin_addr.s_addr); + p->hostname = hostlookup(ci.sin_addr.s_addr); p->meta_socket = sfd; p->status.meta = 1; p->buflen = 0; @@ -879,7 +811,7 @@ cp if(debug_lvl > 0) syslog(LOG_NOTICE, _("Connection from %s port %d"), - p->real_hostname, htons(ci.sin_port)); + p->hostname, htons(ci.sin_port)); if(send_basic_info(p) < 0) { @@ -927,14 +859,12 @@ int handle_incoming_vpn_data(conn_list_t *cl) cp if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->socket, - cl->vpn_hostname, cl->real_hostname); + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->socket, cl->id, cl->hostname); return -1; } if(x) { - syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"), - cl->vpn_hostname, cl->real_hostname, strerror(x)); + syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"), cl->id, cl->hostname, strerror(x)); return -1; } @@ -942,7 +872,7 @@ cp lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL); if(lenin <= 0) { - syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"), cl->vpn_hostname, cl->real_hostname); + syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"), cl->id, cl->hostname); return -1; } total_socket_in += lenin; @@ -956,8 +886,7 @@ cp f = lookup_conn(rp.from); if(!f) { - syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"), - cl->vpn_hostname, cl->real_hostname, IP_ADDR_V(rp.from)); + syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"), cl->id, cl->hostname, IP_ADDR_V(rp.from)); return -1; } @@ -990,8 +919,7 @@ cp return; if(debug_lvl > 0) - syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), - cl->vpn_hostname, cl->real_hostname); + syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), cl->id, cl->hostname); if(cl->status.timeout) send_timeout(cl); @@ -1064,8 +992,7 @@ cp if(p->status.pinged && !p->status.got_pong) { if(debug_lvl > 1) - syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), - p->vpn_hostname, p->real_hostname); + syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), cl->id, cl->hostname); p->status.timeout = 1; terminate_connection(p); } @@ -1125,18 +1052,16 @@ int handle_incoming_meta_data(conn_list_t *cl) cp if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket, - cl->vpn_hostname, cl->real_hostname); + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket, cl->id, cl->hostname); return -1; } if(x) { - syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), - cl->vpn_hostname, cl->real_hostname, strerror(x)); + syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), cl->id, cl->hostname, strerror(x)); return -1; } - lenin = read(cl->meta_socket, cl->buffer, MAXBUFSIZE - cl->buflen); + lenin = read(cl->meta_socket, cl->buffer+cl->buflen, MAXBUFSIZE - cl->buflen); if(lenin<=0) { @@ -1144,92 +1069,77 @@ cp return 0; if(errno==0) { - if(debug_lvl>0) - syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), - cl->vpn_hostname, cl->real_hostname); + if(debug_lvl>DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), cl->id, cl->hostname); } else - syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"), - cl->vpn_hostname, cl->real_hostname); + syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"), cl->id, cl->hostname); return -1; } + if(cl->status.encrypted) + { + /* FIXME: do decryption. */ + } + oldlen = cl->buflen; cl->buflen += lenin; for(;;) { - if(cl->tcppacket) + cl->reqlen = 0; + + for(i = oldlen; i < cl->buflen; i++) { - if(cl->buflen >= cl->tcppacket) - { - tcprecv(cl, (real_packet_t *)cl->buffer); - cl->buflen -= cl->tcppacket; - memmove(cl->buffer, cl->buffer + cl->tcppacket, cl->buflen); - oldlen = 0; - cl->tcppacket=0; - } - else + if(cl->buffer[i] == '\n') { + cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */ + cl->reqlen = i + 1; break; } } - else + + if(cl->reqlen) { - cl->reqlen = 0; - - for(i = oldlen; i < cl->buflen; i++) + if(debug_lvl > DEBUG_PROTOCOL) + syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), cl->id, cl->hostname, cl->buffer); + if(sscanf(cl->buffer, "%d", &request) == 1) { - if(cl->buffer[i] == '\n') + if((request < 0) || (request > 255) || (request_handlers[request] == NULL)) { - cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */ - cl->reqlen = i + 1; - break; - } - } - - if(cl->reqlen) - { - if(debug_lvl > 2) - syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), - cl->vpn_hostname, cl->real_hostname, cl->buffer); - if(sscanf(cl->buffer, "%d", &request) == 1) - { - if((request < 0) || (request > 255) || (request_handlers[request] == NULL)) - { - syslog(LOG_ERR, _("Unknown request from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } - - if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */ - { - syslog(LOG_ERR, _("Error while processing request from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); - return -1; - } + syslog(LOG_ERR, _("Unknown request from %s (%s)"), cl->id, cl->hostname); + return -1; } else { - syslog(LOG_ERR, _("Bogus data received from %s (%s)"), - cl->vpn_hostname, cl->real_hostname); + if(debug_lvl > DEBUG_PROTOCOL) + syslog(LOG_DEBUG, _("Got %s from %s (%s)"), request_name[request], cl->id, cl->hostname); + + if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */ + { + syslog(LOG_ERR, _("Error while processing %s from %s (%s)"), request_name[request], cl->id, cl->hostname); return -1; } - - cl->buflen -= cl->reqlen; - memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen); - oldlen = 0; } else { - break; + syslog(LOG_ERR, _("Bogus data received from %s (%s)"), cl->id, cl->hostname); + return -1; } + + cl->buflen -= cl->reqlen; + memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen); + oldlen = 0; + } + else + { + break; } } if(cl->buflen >= MAXBUFSIZE) { - syslog(LOG_ERR, _("Metadata read buffer overflow!")); + syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), cl->id, cl->hostname); return -1; } @@ -1263,8 +1173,7 @@ cp I've once got here when it said `No route to host'. */ getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l); - syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"), - p->vpn_hostname, p->real_hostname, strerror(x)); + syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"), cl->id, cl->hostname, strerror(x)); terminate_connection(p); return; } @@ -1309,15 +1218,14 @@ cp if(ether_type != 0x0800) { if(debug_lvl > 3) - syslog(LOG_INFO, _("Non-IP ethernet frame %04x from " MAC_ADDR_S), - ether_type, MAC_ADDR_V(vp.data[6])); + syslog(LOG_INFO, _("Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x"), ether_type, MAC_ADDR_V(vp.data[6])); return; } if(lenin < 32) { if(debug_lvl > 3) - syslog(LOG_INFO, _("Dropping short packet")); + syslog(LOG_INFO, _("Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x"), MAC_ADDR_V(vp.data[6])); return; } diff --git a/src/protocol.c b/src/protocol.c index 2081edc6..0b76cc3d 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.29 2000/09/11 10:05:34 guus Exp $ + $Id: protocol.c,v 1.28.4.30 2000/09/14 11:54:51 guus Exp $ */ #include "config.h" @@ -67,7 +67,7 @@ cp if(debug_lvl >= DEBUG_META) syslog(LOG_DEBUG, _("Sending meta data to %s (%s): %s"), cl->id, cl->hostname, buffer); - if(cl->status.encryptout) + if(cl->status.encrypted) { /* FIXME: Do encryption */ } @@ -83,16 +83,22 @@ cp /* Connection protocol: Client Server - send_id(*) - send_challenge - send_chal_reply(*) - send_id - send_challenge - send_chal_reply - send_ack - send_ack + send_id(u) + send_challenge(R) + send_chal_reply(BH) + send_id(B) + send_challenge(BR) + send_chal_reply(BH) + send_ack(B) + send_ack(B) - (*) Unencrypted. + (u) Unencrypted, + (R) RSA, + (H) SHA1, + (B) Blowfish. + + Part of the challenge is directly used to set the blowfish key and the initial vector. + (Twee vliegen in één klap!) */ int send_id(conn_list_t *cl) @@ -163,10 +169,6 @@ cp } } - /* Since we know the identity now, we can encrypt the meta channel */ - - cl->status.encryptout = 1; - /* Send a challenge to verify the identity */ cl->allow_request = CHAL_REPLY; @@ -186,13 +188,20 @@ cp /* Allocate buffers for the challenge and the hash */ cl->chal_hash = xmalloc(SHA_DIGEST_LEN); - keylength = BN_num_bytes(cl->metakey.n); + keylength = BN_num_bytes(cl->rsakey.n); buffer = xmalloc(keylength*2); /* Copy random data and the public key to the buffer */ RAND_bytes(buffer, keylength); - BN_bn2bin(cl->metakey.n, buffer+keylength); + BN_bn2bin(cl->rsakey.n, buffer+keylength); + + /* If we don't have a blowfish key set yet, use the random data from the challenge to do so. */ + + if(!cl->status.encrypted) + { + set_metakey(cl, buffer, keylength); + } /* Calculate the hash from that */ @@ -208,6 +217,7 @@ cp cl->allow_request = CHAL_REPLY; x = send_request(cl, "%d %s", CHALLENGE, buffer); free(buffer); + cl->status.encrypted = 1; cp return x; } @@ -237,7 +247,7 @@ int send_chal_reply(conn_list_t *cl, char *challenge) char *hash; int x; cp - keylength = BN_num_bytes(myself->meyakey.n); + keylength = BN_num_bytes(myself->rsakey.n); /* Check if the length of the challenge is all right */ @@ -255,11 +265,20 @@ cp /* Copy the incoming random data and our public key to the buffer */ hex2bin(challenge, buffer, keylength); - BN_bn2bin(myself->metakey.n, buffer+keylength); + BN_bn2bin(myself->rsakey.n, buffer+keylength); /* Calculate the hash from that */ SHA1(buffer, keylength*2, hash); + + /* If we don't have a blowfish key set yet, use the random data from the challenge to do so. */ + + if(!cl->status.encrypted) + { + set_metakey(cl, buffer, keylength); + cl->status.encrypted = 1; + } + free(buffer); /* Convert the hash to a hexadecimal formatted string */ From d335c6d0d7328fd86154dc60b22deb7953ab0228 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 14 Sep 2000 14:32:34 +0000 Subject: [PATCH 083/923] Added some structures and types that are needed for the overhaul. --- lib/utils.h | 8 ++++++++ src/net.h | 27 ++++++++++++++++++++++----- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/lib/utils.h b/lib/utils.h index ed6550dc..9184a339 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -20,6 +20,14 @@ #ifndef __TINC_UTILS_H__ #define __TINC_UTILS_H__ +enum { + DEBUG_CONNECTIONS = 0, + DEBUG_PROTOCOL, + DEBUG_STATUS, + DEBUG_error, + DEBUG_META +}; + #define min(a,b) (((a)<(b))?(a):(b)) #define cp { cp_line = __LINE__; cp_file = __FILE__; } diff --git a/src/net.h b/src/net.h index ec88d373..3b194cdb 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.9 2000/08/08 17:07:48 guus Exp $ + $Id: net.h,v 1.9.4.10 2000/09/14 14:32:34 zarq Exp $ */ #ifndef __TINC_NET_H__ @@ -55,6 +55,16 @@ typedef unsigned long ip_t; typedef short length_t; +struct conn_list_t; + +typedef struct subnet_t { + ip_t netaddr; + ip_t netmask; + struct conn_list_t *owner; + struct subnet_t *next; + struct subnet_t *prev; +} subnet_t; + typedef struct vpn_packet_t { length_t len; /* the actual number of bytes in the `data' field */ unsigned char data[MAXSIZE]; @@ -83,7 +93,9 @@ typedef struct status_bits_t { int validkey:1; /* 1 if we currently have a valid key for him */ int waitingforkey:1; /* 1 if we already sent out a request */ int dataopen:1; /* 1 if we have a valid UDP connection open */ - int unused:21; + int encryptout:1; /* 1 if we can encrypt outgoing traffic */ + int encryptin:1; /* 1 if we have to decrypt incoming traffic */ + int unused:19; } status_bits_t; typedef struct queue_element_t { @@ -104,11 +116,11 @@ typedef struct enc_key_t { } enc_key_t; typedef struct conn_list_t { + char *name; /* name of this connection */ ip_t vpn_ip; /* his vpn ip */ ip_t vpn_mask; /* his vpn network address */ ip_t real_ip; /* his real (internet) ip */ - char *real_hostname; /* the hostname of its real ip */ - char *vpn_hostname; /* the hostname of the vpn ip */ + char *hostname; /* the hostname of its real ip */ short unsigned int port; /* his portnumber */ int flags; /* his flags */ int socket; /* our udp vpn socket */ @@ -121,12 +133,15 @@ typedef struct conn_list_t { valid key to be decrypted with) */ enc_key_t *public_key; /* the other party's public key */ enc_key_t *key; /* encrypt with this key */ - char buffer[MAXBUFSIZE+1]; /* metadata input buffer */ + char *buffer; /* metadata input buffer */ int buflen; /* bytes read into buffer */ int reqlen; /* length of first request in buffer */ int tcppacket; /* length of incoming TCP tunnelled packet */ time_t last_ping_time; /* last time we saw some activity from the other end */ int want_ping; /* 0 if there's no need to check for activity */ + int allow_request; /* defined if there's only one request possible */ + char *chal_answer; /* answer to the given challenge */ + enc_key_t *metakey; struct conn_list_t *nexthop; /* nearest meta-hop in this direction */ struct conn_list_t *next; /* after all, it's a list of connections */ } conn_list_t; @@ -141,6 +156,8 @@ extern int total_socket_out; extern conn_list_t *conn_list; extern conn_list_t *myself; +extern char *request_name[256]; + extern int send_packet(ip_t, vpn_packet_t *); extern int setup_network_connections(void); extern void close_network_connections(void); From 296171d115614d61480d896cd77898f5393c191d Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 14 Sep 2000 14:34:38 +0000 Subject: [PATCH 084/923] New directive: Name. --- src/conf.c | 3 ++- src/conf.h | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/conf.c b/src/conf.c index deb2e4a9..1b729b2c 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.9 2000/09/06 11:49:03 guus Exp $ + $Id: conf.c,v 1.9.4.10 2000/09/14 14:34:38 zarq Exp $ */ @@ -74,6 +74,7 @@ static internal_config_t hazahaza[] = { { "TCPonly", tcponly, TYPE_BOOL }, { "Interface", interface, TYPE_NAME }, { "InterfaceIP", interfaceip, TYPE_IP }, + { "Name", tincname, TYPE_NAME }, { NULL, 0, 0 } }; diff --git a/src/conf.h b/src/conf.h index b5d08924..a63821c4 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.8 2000/08/09 14:02:16 guus Exp $ + $Id: conf.h,v 1.6.4.9 2000/09/14 14:34:38 zarq Exp $ */ #ifndef __TINC_CONF_H__ @@ -52,6 +52,7 @@ typedef enum which_t { tcponly, interface, interfaceip, + tincname, } which_t; typedef struct config_t { From ed397b6ac676329b237e219c806143cccf456b3c Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 14 Sep 2000 21:51:21 +0000 Subject: [PATCH 085/923] First round of needed fixes after the overhaul --- src/net.c | 99 ++++++++++++++++++--------- src/net.h | 13 +++- src/netutl.c | 12 ++-- src/protocol.c | 182 ++++++++++++++++++++++++++++--------------------- 4 files changed, 187 insertions(+), 119 deletions(-) diff --git a/src/net.c b/src/net.c index a5989c36..1ef53010 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.28 2000/09/14 11:54:50 guus Exp $ + $Id: net.c,v 1.35.4.29 2000/09/14 21:51:19 zarq Exp $ */ #include "config.h" @@ -103,7 +103,8 @@ cp rp.len = htons(rp.len); if(debug_lvl > 3) - syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), ntohs(rp.len), cl->id, cl->hostname); + syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), + ntohs(rp.len), cl->name, cl->hostname); total_socket_out += ntohs(rp.len); @@ -114,7 +115,8 @@ cp if((send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0) { - syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), + cl->name, cl->hostname); return -1; } cp @@ -130,7 +132,8 @@ cp add_mac_addresses(&vp); if(debug_lvl > 3) - syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"), ((real_packet_t*)packet)->len, cl->id, cl->hostname); + syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"), + ((real_packet_t*)packet)->len, cl->name, cl->hostname); if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0) syslog(LOG_ERR, _("Can't write to tap device: %m")); @@ -251,14 +254,16 @@ cp if(cl->sq) { if(debug_lvl > 3) - syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"), cl->id, cl->hostname); + syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"), + cl->name, cl->hostname); flush_queue(cl, &(cl->sq), xsend); } if(cl->rq) { if(debug_lvl > 3) - syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"), cl->id, cl->hostname); + syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"), + cl->name, cl->hostname); flush_queue(cl, &(cl->rq), xrecv); } cp @@ -308,7 +313,8 @@ cp if(cl->flags & INDIRECTDATA) { if(debug_lvl > 3) - syslog(LOG_NOTICE, _("Indirect packet to %s via %s"), cl->id, cl->hostname); + syslog(LOG_NOTICE, _("Indirect packet to %s via %s"), + cl->name, cl->hostname); if((cl = lookup_conn(cl->real_ip)) == NULL) { if(debug_lvl > 3) @@ -332,14 +338,16 @@ cp if(!cl->status.dataopen) if(setup_vpn_connection(cl) < 0) { - syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), + cl->name, cl->hostname); return -1; } if(!cl->status.validkey) { if(debug_lvl > 3) - syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"), cl->id, cl->hostname); + syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"), + cl->name, cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); if(!cl->status.waitingforkey) send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */ @@ -349,7 +357,8 @@ cp if(!cl->status.active) { if(debug_lvl > 3) - syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->id, cl->hostname); + syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), + cl->name, cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); return 0; /* We don't want to mess up, do we? */ } @@ -600,11 +609,15 @@ cp } myself->vpn_ip = cfg->data.ip->ip; - myself->vpn_hostname = hostlookup(htonl(myself->vpn_ip)); myself->hostname = hostlookup(htonl(myself->vpn_ip)); myself->vpn_mask = cfg->data.ip->mask; myself->flags = 0; + if(!(cfg = get_config_val(tincname))) + asprintf(&(myself->name), IP_ADDR_S, IP_ADDR_V(myself->vpn_ip)); + else + myself->name = (char*)cfg->data.val; + if(!(cfg = get_config_val(listenport))) myself->port = 655; else @@ -773,7 +786,8 @@ cp flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd, cl->id, cl->hostname); + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd, + cl->name, cl->hostname); return -1; } @@ -859,12 +873,15 @@ int handle_incoming_vpn_data(conn_list_t *cl) cp if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->socket, cl->id, cl->hostname); + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), + __FILE__, __LINE__, cl->socket, + cl->name, cl->hostname); return -1; } if(x) { - syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"), cl->id, cl->hostname, strerror(x)); + syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"), + cl->name, cl->hostname, strerror(x)); return -1; } @@ -872,7 +889,8 @@ cp lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL); if(lenin <= 0) { - syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"), + cl->name, cl->hostname); return -1; } total_socket_in += lenin; @@ -886,7 +904,8 @@ cp f = lookup_conn(rp.from); if(!f) { - syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"), cl->id, cl->hostname, IP_ADDR_V(rp.from)); + syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"), + cl->name, cl->hostname, IP_ADDR_V(rp.from)); return -1; } @@ -919,7 +938,8 @@ cp return; if(debug_lvl > 0) - syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), cl->id, cl->hostname); + syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), + cl->name, cl->hostname); if(cl->status.timeout) send_timeout(cl); @@ -992,7 +1012,8 @@ cp if(p->status.pinged && !p->status.got_pong) { if(debug_lvl > 1) - syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), cl->id, cl->hostname); + syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), + p->name, p->hostname); p->status.timeout = 1; terminate_connection(p); } @@ -1052,12 +1073,14 @@ int handle_incoming_meta_data(conn_list_t *cl) cp if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket, cl->id, cl->hostname); + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket, + cl->name, cl->hostname); return -1; } if(x) { - syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), cl->id, cl->hostname, strerror(x)); + syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), + cl->name, cl->hostname, strerror(x)); return -1; } @@ -1070,14 +1093,16 @@ cp if(errno==0) { if(debug_lvl>DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), cl->id, cl->hostname); + syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), + cl->name, cl->hostname); } else - syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"), + cl->name, cl->hostname); return -1; } - if(cl->status.encrypted) + if(cl->status.encryptin) { /* FIXME: do decryption. */ } @@ -1102,28 +1127,34 @@ cp if(cl->reqlen) { if(debug_lvl > DEBUG_PROTOCOL) - syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), cl->id, cl->hostname, cl->buffer); + syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), + cl->name, cl->hostname, cl->buffer); if(sscanf(cl->buffer, "%d", &request) == 1) { if((request < 0) || (request > 255) || (request_handlers[request] == NULL)) { - syslog(LOG_ERR, _("Unknown request from %s (%s)"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Unknown request from %s (%s)"), + cl->name, cl->hostname); return -1; } else { if(debug_lvl > DEBUG_PROTOCOL) - syslog(LOG_DEBUG, _("Got %s from %s (%s)"), request_name[request], cl->id, cl->hostname); - - if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */ + syslog(LOG_DEBUG, _("Got %s from %s (%s)"), + request_name[request], cl->name, cl->hostname); + } + if(request_handlers[request](cl)) + /* Something went wrong. Probably scriptkiddies. Terminate. */ { - syslog(LOG_ERR, _("Error while processing %s from %s (%s)"), request_name[request], cl->id, cl->hostname); + syslog(LOG_ERR, _("Error while processing %s from %s (%s)"), + request_name[request], cl->name, cl->hostname); return -1; } } else { - syslog(LOG_ERR, _("Bogus data received from %s (%s)"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Bogus data received from %s (%s)"), + cl->name, cl->hostname); return -1; } @@ -1139,7 +1170,8 @@ cp if(cl->buflen >= MAXBUFSIZE) { - syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), + cl->name, cl->hostname); return -1; } @@ -1173,7 +1205,8 @@ cp I've once got here when it said `No route to host'. */ getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l); - syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"), cl->id, cl->hostname, strerror(x)); + syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"), + p->name, p->hostname, strerror(x)); terminate_connection(p); return; } @@ -1272,6 +1305,8 @@ cp if(sighup) { sighup = 0; + if(debug_lvl > 1) + syslog(LOG_INFO, _("Rereading configuration file")); close_network_connections(); clear_config(); if(read_config_file(configfilename)) diff --git a/src/net.h b/src/net.h index 3b194cdb..af465f62 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.10 2000/09/14 14:32:34 zarq Exp $ + $Id: net.h,v 1.9.4.11 2000/09/14 21:51:20 zarq Exp $ */ #ifndef __TINC_NET_H__ @@ -53,6 +53,7 @@ #define TCPONLY 0x0004 /* Tells sender to send packets over TCP instead of UDP (for firewalls) */ typedef unsigned long ip_t; +typedef unsigned short port_t; typedef short length_t; struct conn_list_t; @@ -95,9 +96,14 @@ typedef struct status_bits_t { int dataopen:1; /* 1 if we have a valid UDP connection open */ int encryptout:1; /* 1 if we can encrypt outgoing traffic */ int encryptin:1; /* 1 if we have to decrypt incoming traffic */ - int unused:19; + int encrypted:1; + int unused:18; } status_bits_t; +typedef struct option_bits_t { + int unused:32; +} option_bits_t; + typedef struct queue_element_t { void *packet; struct queue_element_t *prev; @@ -127,6 +133,7 @@ typedef struct conn_list_t { int meta_socket; /* our tcp meta socket */ int protocol_version; /* used protocol */ status_bits_t status; /* status info */ + option_bits_t options; /* options turned on for this connection */ passphrase_t *pp; /* encoded passphrase */ packet_queue_t *sq; /* pending outgoing packets */ packet_queue_t *rq; /* pending incoming packets (they have no @@ -141,7 +148,7 @@ typedef struct conn_list_t { int want_ping; /* 0 if there's no need to check for activity */ int allow_request; /* defined if there's only one request possible */ char *chal_answer; /* answer to the given challenge */ - enc_key_t *metakey; + enc_key_t *rsakey; struct conn_list_t *nexthop; /* nearest meta-hop in this direction */ struct conn_list_t *next; /* after all, it's a list of connections */ } conn_list_t; diff --git a/src/netutl.c b/src/netutl.c index d0ac628a..5f762920 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.8 2000/09/06 11:49:05 guus Exp $ + $Id: netutl.c,v 1.12.4.9 2000/09/14 21:51:20 zarq Exp $ */ #include "config.h" @@ -90,10 +90,10 @@ cp destroy_queue(p->sq); if(p->rq) destroy_queue(p->rq); - if(p->vpn_hostname) - free(p->vpn_hostname); - if(p->real_hostname) - free(p->real_hostname); + if(p->name) + free(p->name); + if(p->hostname) + free(p->hostname); free_key(p->public_key); free_key(p->key); free(p); @@ -247,7 +247,7 @@ cp for(p = conn_list; p != NULL; p = p->next) { syslog(LOG_DEBUG, _("%s netmask %d.%d.%d.%d at %s port %hd flags %d sockets %d, %d status %04x"), - p->vpn_hostname, IP_ADDR_V(p->vpn_mask), p->real_hostname, p->port, p->flags, + p->name, IP_ADDR_V(p->vpn_mask), p->hostname, p->port, p->flags, p->socket, p->meta_socket, p->status); } cp diff --git a/src/protocol.c b/src/protocol.c index 0b76cc3d..836708ab 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.30 2000/09/14 11:54:51 guus Exp $ + $Id: protocol.c,v 1.28.4.31 2000/09/14 21:51:21 zarq Exp $ */ #include "config.h" @@ -36,6 +36,8 @@ #include +#include + #include "conf.h" #include "encr.h" #include "net.h" @@ -50,11 +52,13 @@ int send_request(conn_list_t *cl, const char *format, int request, /*args*/ ...) { va_list args; char *buffer = NULL; + int len; + cp if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), requestname[request], cl->id, cl->hostname); + syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname); - va_start(args, format); + va_start(args, request); len = vasprintf(&buffer, format, args); va_end(args); @@ -65,14 +69,15 @@ cp } if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending meta data to %s (%s): %s"), cl->id, cl->hostname, buffer); + syslog(LOG_DEBUG, _("Sending meta data to %s (%s): %s"), + cl->name, cl->hostname, buffer); - if(cl->status.encrypted) + if(cl->status.encryptin) { /* FIXME: Do encryption */ } - if((write(cl->meta_socket, buffer, buflen)) < 0) + if((write(cl->meta_socket, buffer, len)) < 0) { syslog(LOG_ERR, _("Sending meta data failed: %m")); return -1; @@ -104,7 +109,8 @@ cp int send_id(conn_list_t *cl) { cp - return send_request(cl, "%d %s %d %s", ID, myself->id, myself->version, opt2str(myself->options)); + return send_request(cl, "%d %s %d %s", ID, + myself->name, myself->protocol_version, opt2str(myself->options)); } int id_h(conn_list_t *cl) @@ -112,7 +118,7 @@ int id_h(conn_list_t *cl) conn_list_t *old; char *options; cp - if(sscanf(cl->buffer, "%*d %as %d %as", &cl->id, &cl->version, &options) != 3) + if(sscanf(cl->buffer, "%*d %as %d %as", &cl->name, &cl->protocol_version, &options) != 3) { syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname); return -1; @@ -120,9 +126,10 @@ cp /* Check if version matches */ - if(cl->version != myself->version) + if(cl->protocol_version != myself->protocol_version) { - syslog(LOG_ERR, _("Peer %s uses incompatible version %d"), cl->hostname, cl->min_version, cl->max_version); + syslog(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), + cl->name, cl->hostname, cl->protocol_version); return -1; } @@ -136,7 +143,7 @@ cp /* Check if identity is a valid name */ - if(!check_id(cl->id)) + if(!check_id(cl->name)) { syslog(LOG_ERR, _("Peer %s uses invalid identity name"), cl->hostname); return -1; @@ -146,7 +153,7 @@ cp if(!read_id(cl)) { - syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), cl->hostname, cl->id); + syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), cl->hostname, cl->name); return -1; } @@ -158,10 +165,10 @@ cp if(cl->status.outgoing) { - if((old=lookup_id(cl->id))) + if((old = lookup_id(cl->name))) { if(debug_lvl > DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), cl->id, cl->hostname); + syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), cl->name, cl->hostname); cl->status.outgoing = 0; old->status.outgoing = 1; terminate_connection(cl); @@ -182,30 +189,30 @@ int send_challenge(conn_list_t *cl) int keylength; int x; cp - if(cl->chal_hash) - free(cl->chal_hash); + if(cl->chal_answer) + free(cl->chal_answer); /* Allocate buffers for the challenge and the hash */ - cl->chal_hash = xmalloc(SHA_DIGEST_LEN); - keylength = BN_num_bytes(cl->rsakey.n); + cl->chal_answer = xmalloc(SHA_DIGEST_LENGTH); + keylength = BN_num_bytes(cl->rsakey->length); buffer = xmalloc(keylength*2); /* Copy random data and the public key to the buffer */ RAND_bytes(buffer, keylength); - BN_bn2bin(cl->rsakey.n, buffer+keylength); + BN_bn2bin(cl->rsakey->length, buffer+keylength); /* If we don't have a blowfish key set yet, use the random data from the challenge to do so. */ - if(!cl->status.encrypted) + if(!cl->status.encryptin) { set_metakey(cl, buffer, keylength); } /* Calculate the hash from that */ - SHA1(buffer, keylength*2, cl->chal_hash); + SHA1(buffer, keylength*2, cl->chal_answer); /* Convert the random data to a hexadecimal formatted string */ @@ -217,7 +224,7 @@ cp cl->allow_request = CHAL_REPLY; x = send_request(cl, "%d %s", CHALLENGE, buffer); free(buffer); - cl->status.encrypted = 1; + cl->status.encryptout = 1; cp return x; } @@ -225,10 +232,12 @@ cp int challenge_h(conn_list_t *cl) { char *challenge; + int x; + cp - if(sscanf(cl->buffer, "%*d %as", &cl->id, &challenge) != 1) + if(sscanf(cl->buffer, "%*d %as", &cl->name, &challenge) != 1) { - syslog(LOG_ERR, _("Got bad CHALLENGE from %s (%s)"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Got bad CHALLENGE from %s (%s)"), cl->name, cl->hostname); return -1; } @@ -246,26 +255,27 @@ int send_chal_reply(conn_list_t *cl, char *challenge) int keylength; char *hash; int x; + cp - keylength = BN_num_bytes(myself->rsakey.n); + keylength = BN_num_bytes(myself->rsakey->length); /* Check if the length of the challenge is all right */ if(strlen(challenge) != keylength*2) { - syslog(LOG_ERROR, _("Intruder: wrong challenge length from %s (%s)"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Intruder: wrong challenge length from %s (%s)"), cl->name, cl->hostname); return -1; } /* Allocate buffers for the challenge and the hash */ buffer = xmalloc(keylength*2); - hash = xmalloc(SHA_DIGEST_LEN*2+1); + hash = xmalloc(SHA_DIGEST_LENGTH*2+1); /* Copy the incoming random data and our public key to the buffer */ hex2bin(challenge, buffer, keylength); - BN_bn2bin(myself->rsakey.n, buffer+keylength); + BN_bn2bin(myself->rsakey->length, buffer+keylength); /* Calculate the hash from that */ @@ -283,13 +293,13 @@ cp /* Convert the hash to a hexadecimal formatted string */ - bin2hex(hash,hash,SHA_DIGEST_LEN); - hash[SHA_DIGEST_LEN*2] = '\0'; + bin2hex(hash,hash,SHA_DIGEST_LENGTH); + hash[SHA_DIGEST_LENGTH*2] = '\0'; /* Send the reply */ if(cl->status.outgoing) - cl->allow_resuest = ID; + cl->allow_request = ID; else cl->allow_request = ACK; @@ -303,29 +313,29 @@ int chal_reply_h(conn_list_t *cl) { char *hash; cp - if(sscanf(cl->buffer, "%*d %as", &cl->id, &hash) != 2) + if(sscanf(cl->buffer, "%*d %as", &cl->name, &hash) != 2) { - syslog(LOG_ERR, _("Got bad CHAL_REPLY from %s (%s)"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Got bad CHAL_REPLY from %s (%s)"), cl->name, cl->hostname); return -1; } /* Check if the length of the hash is all right */ - if(strlen(hash) != SHA_DIGEST_LEN*2) + if(strlen(hash) != SHA_DIGEST_LENGTH*2) { - syslog(LOG_ERROR, _("Intruder: wrong challenge reply length from %s (%s)"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Intruder: wrong challenge reply length from %s (%s)"), cl->name, cl->hostname); return -1; } /* Convert the hash to binary format */ - hex2bin(hash, hash, SHA_DIGEST_LEN); + hex2bin(hash, hash, SHA_DIGEST_LENGTH); /* Verify the incoming hash with the calculated hash */ - if{!memcmp(hash, cl->chal_hash, SHA_DIGEST_LEN)} + if(!memcmp(hash, cl->chal_answer, SHA_DIGEST_LENGTH)) { - syslog(LOG_ERROR, _("Intruder: wrong challenge reply from %s (%s)"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Intruder: wrong challenge reply from %s (%s)"), cl->name, cl->hostname); return -1; } @@ -335,7 +345,7 @@ cp */ free(hash); - free(cl->chal_hash); + free(cl->chal_answer); cp if(cl->status.outgoing) @@ -358,18 +368,19 @@ cp int ack_h(conn_list_t *cl) { - conn_list_t old; + conn_list_t *old; + cp /* Okay, before we active the connection, we check if there is another entry in the connection list with the same vpn_ip. If so, it presumably is an old connection that has timed out but we don't know it yet. */ - while((old = lookup_id(cl->id))) + while((old = lookup_id(cl->name))) { if(debug_lvl > DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), - cl->id, old->hostname, cl->hostname); + cl->name, old->hostname, cl->hostname); old->status.active = 0; terminate_connection(old); } @@ -380,7 +391,7 @@ cp cl->status.active = 1; if(debug_lvl > DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->id, cl->hostname); + syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); /* Exchange information about other tinc daemons */ @@ -401,7 +412,10 @@ cp int send_add_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) { cp - return send_request(cl, "%d %s %d %s", ADD_SUBNET, other->id, subnet->type, net2str(subnet)); +/* return send_request(cl, "%d %s %d %s", ADD_SUBNET, + other->name, subnet->type, net2str(subnet)); */ + return send_request(cl, "%d %s %s", ADD_SUBNET, + other->name, net2str(subnet)); } int add_subnet_h(conn_list_t *cl) @@ -411,7 +425,7 @@ int add_subnet_h(conn_list_t *cl) int send_del_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) { cp - return send_request(cl, "%d %s %d %s", DEL_SUBNET, other->id, subnet->type, net2str(subnet)); + return send_request(cl, "%d %s %s", DEL_SUBNET, other->name, net2str(subnet)); } int del_subnet_h(conn_list_t *cl) @@ -423,7 +437,7 @@ int del_subnet_h(conn_list_t *cl) int send_add_host(conn_list_t *cl, conn_list_t *other) { cp - return send_request(cl, "%d %s %lx:%d %s", ADD_HOST, other->id, other->address, other->port, opt2str(other->options)); + return send_request(cl, "%d %s %lx:%d %s", ADD_HOST, other->name, other->real_ip, other->port, opt2str(other->options)); } int add_host_h(conn_list_t *cl) @@ -433,55 +447,57 @@ int add_host_h(conn_list_t *cl) cp new = new_conn_list(); - if(sscanf(cl->buffer, "%*d %as %lx:%d %as", &new->id, &new->address, &new->port, &options) != 4) + if(sscanf(cl->buffer, "%*d %as %lx:%d %as", &new->name, &new->real_ip, &new->port, &options) != 4) { - syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->name, cl->hostname); return -1; } /* Check if option string is valid */ - if((new->options = str2opt(options) == -1) + if((new->options = str2opt(options)) == -1) { - syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid option string"), cl->hostname); + syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid option string"), cl->name, cl->hostname); return -1; } /* Check if identity is a valid name */ - if(!check_id(new->id)) + if(!check_id(new->name)) { - syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid identity name"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid identity name"), cl->name, cl->hostname); return -1; } /* Check if somebody tries to add ourself */ - if(!strcmp(new->id, myself->id)) + if(!strcmp(new->name, myself->name)) { - syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->name, cl->hostname); sighup = 1; return 0; } /* Fill in more of the new conn_list structure */ - new->hostname = hostlookup(htonl(new->address)); + new->hostname = hostlookup(htonl(new->real_ip)); /* Check if the new host already exists in the connnection list */ - if((old = lookup_id(id)) + if((old = lookup_id(new->name))) { - if((new->address == old->address) && (new->port == old->port)) + if((new->real_ip == old->real_ip) && (new->port == old->port)) { if(debug_lvl > DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), old->id, old->hostname, new->id, new->hostname); + syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), + old->name, old->hostname, new->name, new->hostname); return 0; } else { if(debug_lvl > DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"), old->id, old->hostname); + syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"), + old->name, old->hostname); old->status.active = 0; terminate_connection(old); } @@ -507,7 +523,8 @@ cp int send_del_host(conn_list_t *cl, conn_list_t *other) { cp - return send_request(cl, "%d %s %lx:%d", DEL_HOST, other->id, other->address, other->port); + return send_request(cl, "%d %s %lx:%d", DEL_HOST, + other->name, other->real_ip, other->port); } int del_host_h(conn_list_t *cl) @@ -516,34 +533,37 @@ int del_host_h(conn_list_t *cl) ip_t address; port_t port; conn_list_t *old; + cp if(sscanf(cl->buffer, "%*d %as %lx:%d", &id, &address, &port) != 3) { - syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), cl->id, cl->hostname); - return -1; + syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), + cl->name, cl->hostname); + return -1; } /* Check if somebody tries to delete ourself */ - if(!strcmp(id, myself->id)) + if(!strcmp(id, myself->name)) { - syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"), + cl->name, cl->hostname); sighup = 1; return 0; } /* Check if the new host already exists in the connnection list */ - if((old = lookup_id(id)) + if((old = lookup_id(id))) { - if((address == old->address) && (port == old->port)) + if((address == old->real_ip) && (port == old->port)) { notify_others(old, cl, send_del_host); - fw->status.termreq = 1; - fw->status.active = 0; + old->status.termreq = 1; + old->status.active = 0; - terminate_connection(fw); + terminate_connection(old); cp return 0; } @@ -551,7 +571,8 @@ cp if(debug_lvl > DEBUG_CONNECTIONS) { - syslog(LOG_NOTICE, _("Got DEL_HOST for %s from %s (%s) which is not in our connection list"), id, cl->id, cl->hostname); + syslog(LOG_NOTICE, _("Got DEL_HOST for %s from %s (%s) which is not in our connection list"), + id, cl->name, cl->hostname); } cp return 0; @@ -581,7 +602,8 @@ cp if(debug_lvl > DEBUG_STATUS) { - syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), cl->id, cl->hostname, status_text[statusno], statusstring); + syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), + cl->name, cl->hostname, status_text[statusno], statusstring); } cp @@ -592,8 +614,8 @@ cp int send_error(conn_list_t *cl, int errno, char *errstring) { cp - if(!errorstring) - errorstring = error_text[errno]; + if(!errstring) + errstring = error_text[errno]; return send_request(cl, "%d %d %s", ERROR, errno, errstring); } @@ -604,13 +626,15 @@ int error_h(conn_list_t *cl) cp if(sscanf(cl->buffer, "%*d %d %as", &errno, &errorstring) != 2) { - syslog(LOG_ERR, _("Got bad error from %s (%s)"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Got bad error from %s (%s)"), + cl->name, cl->hostname); return -1; } if(debug_lvl > DEBUG_error) { - syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), cl->id, cl->hostname, error_text[errno], errorstring); + syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), + cl->name, cl->hostname, error_text[errno], errorstring); } free(errorstring); @@ -673,7 +697,8 @@ cp for(p = conn_list; p != NULL; p = p->next) { if(p!=cl && p->status.meta && p->status.active) - send_request(p, "%d %s", KEY_CHANGED, from->id); + send_request(p, "%d %s", KEY_CHANGED, + from->name); } cp return 0; @@ -686,8 +711,9 @@ int key_changed_h(conn_list_t *cl) cp if(sscanf(cl->buffer, "%*d %as", &from_id) != 1) { - syslog(LOG_ERR, _("Got bad KEY_CHANGED from %s (%s)"), cl->id, cl->hostname); - return -1; + syslog(LOG_ERR, _("Got bad KEY_CHANGED from %s (%s)"), + cl->name, cl->hostname); + return -1; } if(!(from = lookup_id(from_id))) From 7f3ab38c222809b15da2fe8dd655d35432eaafe0 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 15 Sep 2000 12:58:40 +0000 Subject: [PATCH 086/923] Second round of fixes --- src/encr.c | 14 ++++++------ src/net.c | 20 ++++++++++++++--- src/net.h | 9 +++++--- src/netutl.c | 4 ++-- src/protocol.c | 60 ++++++++++++++++++++++++++++++++++++-------------- 5 files changed, 75 insertions(+), 32 deletions(-) diff --git a/src/encr.c b/src/encr.c index e90542c6..792323a9 100644 --- a/src/encr.c +++ b/src/encr.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: encr.c,v 1.12.4.4 2000/08/18 11:17:09 guus Exp $ + $Id: encr.c,v 1.12.4.5 2000/09/15 12:58:38 zarq Exp $ */ #include "config.h" @@ -337,12 +337,12 @@ cp /* We haven't received a key from this host (yet). */ continue; ek = make_shared_key(p->public_key->key); - free_key(p->key); - p->key = xmalloc(sizeof(*p->key)); - p->key->length = strlen(ek); - p->key->expiry = p->public_key->expiry; - p->key->key = xmalloc(strlen(ek) + 1); - strcpy(p->key->key, ek); + free_key(p->datakey); + p->datakey = xmalloc(sizeof(*p->datakey)); + p->datakey->length = strlen(ek); + p->datakey->expiry = p->public_key->expiry; + p->datakey->key = xmalloc(strlen(ek) + 1); + strcpy(p->datakey->key, ek); } cp } diff --git a/src/net.c b/src/net.c index 1ef53010..783bfad0 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.29 2000/09/14 21:51:19 zarq Exp $ + $Id: net.c,v 1.35.4.30 2000/09/15 12:58:39 zarq Exp $ */ #include "config.h" @@ -93,11 +93,25 @@ cp cp } +int str2opt(const char *str) { + int r; + + r = 0; + return r; +} + +char *opt2str(int opt) { + static char s[50]; + + snprintf(s, 49, "%d", opt); + return &s; +} + int xsend(conn_list_t *cl, void *packet) { real_packet_t rp; cp - do_encrypt((vpn_packet_t*)packet, &rp, cl->key); + do_encrypt((vpn_packet_t*)packet, &rp, cl->datakey); rp.from = htonl(myself->vpn_ip); rp.data.len = htons(rp.data.len); rp.len = htons(rp.len); @@ -128,7 +142,7 @@ int xrecv(conn_list_t *cl, void *packet) vpn_packet_t vp; int lenin; cp - do_decrypt((real_packet_t*)packet, &vp, cl->key); + do_decrypt((real_packet_t*)packet, &vp, cl->datakey); add_mac_addresses(&vp); if(debug_lvl > 3) diff --git a/src/net.h b/src/net.h index af465f62..829255b2 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.11 2000/09/14 21:51:20 zarq Exp $ + $Id: net.h,v 1.9.4.12 2000/09/15 12:58:40 zarq Exp $ */ #ifndef __TINC_NET_H__ @@ -133,13 +133,13 @@ typedef struct conn_list_t { int meta_socket; /* our tcp meta socket */ int protocol_version; /* used protocol */ status_bits_t status; /* status info */ - option_bits_t options; /* options turned on for this connection */ + int options; /* options turned on for this connection */ passphrase_t *pp; /* encoded passphrase */ packet_queue_t *sq; /* pending outgoing packets */ packet_queue_t *rq; /* pending incoming packets (they have no valid key to be decrypted with) */ enc_key_t *public_key; /* the other party's public key */ - enc_key_t *key; /* encrypt with this key */ + enc_key_t *datakey; /* encrypt data packets with this key */ char *buffer; /* metadata input buffer */ int buflen; /* bytes read into buffer */ int reqlen; /* length of first request in buffer */ @@ -164,7 +164,10 @@ extern conn_list_t *conn_list; extern conn_list_t *myself; extern char *request_name[256]; +extern char *status_text[10]; +extern int str2opt(const char *); +extern char *opt2str(int); extern int send_packet(ip_t, vpn_packet_t *); extern int setup_network_connections(void); extern void close_network_connections(void); diff --git a/src/netutl.c b/src/netutl.c index 5f762920..c5ff5b76 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.9 2000/09/14 21:51:20 zarq Exp $ + $Id: netutl.c,v 1.12.4.10 2000/09/15 12:58:40 zarq Exp $ */ #include "config.h" @@ -95,7 +95,7 @@ cp if(p->hostname) free(p->hostname); free_key(p->public_key); - free_key(p->key); + free_key(p->datakey); free(p); cp } diff --git a/src/protocol.c b/src/protocol.c index 836708ab..43638941 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.31 2000/09/14 21:51:21 zarq Exp $ + $Id: protocol.c,v 1.28.4.32 2000/09/15 12:58:40 zarq Exp $ */ #include "config.h" @@ -46,6 +46,21 @@ #include "system.h" +int check_id(char *id) +{ + int i; + + for (i = 0; i < strlen(id); i++) + { + if(!isalpha(id[i]) && id[i] != '_') + { + return 0; + } + } + + return 1; +} + /* Generic outgoing request routine - takes care of logging and error detection as well */ int send_request(conn_list_t *cl, const char *format, int request, /*args*/ ...) @@ -596,7 +611,8 @@ int status_h(conn_list_t *cl) cp if(sscanf(cl->buffer, "%*d %d %as", &statusno, &statusstring) != 2) { - syslog(LOG_ERR, _("Got bad STATUS from %s (%s)"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Got bad STATUS from %s (%s)"), + cl->name, cl->hostname); return -1; } @@ -615,7 +631,7 @@ int send_error(conn_list_t *cl, int errno, char *errstring) { cp if(!errstring) - errstring = error_text[errno]; + errstring = strerror(errno); return send_request(cl, "%d %d %s", ERROR, errno, errstring); } @@ -634,7 +650,7 @@ cp if(debug_lvl > DEBUG_error) { syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), - cl->name, cl->hostname, error_text[errno], errorstring); + cl->name, cl->hostname, strerror(errno), errorstring); } free(errorstring); @@ -718,7 +734,8 @@ cp if(!(from = lookup_id(from_id))) { - syslog(LOG_ERR, _("Got KEY_CHANGED from %s (%s) origin %s which does not exist in our connection list"), cl->id, cl->hostname, from_id); + syslog(LOG_ERR, _("Got KEY_CHANGED from %s (%s) origin %s which does not exist in our connection list"), + cl->name, cl->hostname, from_id); free(from_id); return -1; } @@ -736,7 +753,8 @@ cp int send_req_key(conn_list_t *from, conn_list_t *to) { cp - return send_request(to->nexthop, "%d %s %s", REQ_KEY, from->id, to->id); + return send_request(to->nexthop, "%d %s %s", REQ_KEY, + from->name, to->name); } int req_key_h(conn_list_t *cl) @@ -746,28 +764,31 @@ int req_key_h(conn_list_t *cl) cp if(sscanf(cl->buffer, "%*d %as %as", &from_id, &to_id) != 2) { - syslog(LOG_ERR, _("Got bad REQ_KEY from %s (%s)"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Got bad REQ_KEY from %s (%s)"), + cl->name, cl->hostname); return -1; } if(!(from = lookup_id(from_id))) { - syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) origin %s which does not exist in our connection list"), cl->id, cl->hostname, from_id); + syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) origin %s which does not exist in our connection list"), + cl->name, cl->hostname, from_id); free(from_id); free(to_id); return -1; } /* Check if this key request is for us */ - if(!strcmp(id, myself->strcmp)) + if(!strcmp(to_id, myself->name)) { - send_ans_key(myself, from, myself->datakey); + send_ans_key(myself, from, myself->datakey->key); } else { if(!(to = lookup_id(to_id))) { - syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) destination %s which does not exist in our connection list"), cl->id, cl->hostname, to_id); + syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) destination %s which does not exist in our connection list"), + cl->name, cl->hostname, to_id); free(from_id); free(to_id); return -1; } @@ -782,7 +803,8 @@ cp int send_ans_key(conn_list_t *from, conn_list_t *to, char *datakey) { cp - return send_request(to->nexthop, "%d %s %s %s", ANS_KEY, from->id, to->id, datakey); + return send_request(to->nexthop, "%d %s %s %s", ANS_KEY, + from->name, to->name, datakey); } int ans_key_h(conn_list_t *cl) @@ -793,20 +815,22 @@ int ans_key_h(conn_list_t *cl) cp if(sscanf(cl->buffer, "%*d %as %as %as", &from_id, &to_id, &datakey) != 3) { - syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s)"), cl->id, cl->hostname); + syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s)"), + cl->name, cl->hostname); return -1; } if(!(from = lookup_id(from_id))) { - syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) origin %s which does not exist in our connection list"), cl->id, cl->hostname, from_id); + syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) origin %s which does not exist in our connection list"), + cl->name, cl->hostname, from_id); free(from_id); free(to_id); free(datakey); return -1; } /* Check if this key request is for us */ - if(!strcmp(id, myself->strcmp)) + if(!strcmp(to_id, myself->name)) { /* It is for us, convert it to binary and set the key with it. */ @@ -814,7 +838,8 @@ cp if((keylength%2) || (keylength <= 0)) { - syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), cl->id, cl->hostname, from->id); + syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), + cl->name, cl->hostname, from->name); free(from_id); free(to_id); free(datakey); return -1; } @@ -826,7 +851,8 @@ cp { if(!(to = lookup_id(to_id))) { - syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) destination %s which does not exist in our connection list"), cl->id, cl->hostname, to_id); + syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) destination %s which does not exist in our connection list"), + cl->name, cl->hostname, to_id); free(from_id); free(to_id); free(datakey); return -1; } From 33a5b4547141c11b5128d9f4863fcf6cf8e33452 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 17 Sep 2000 10:28:57 +0000 Subject: [PATCH 087/923] Added Spanish translation of the docs by Matias Carrasco --- doc/es/tinc-es.html | 960 ++++++++++++++++++++++++++++++++++++++++ doc/es/tinc_toc-es.html | 63 +++ 2 files changed, 1023 insertions(+) create mode 100644 doc/es/tinc-es.html create mode 100644 doc/es/tinc_toc-es.html diff --git a/doc/es/tinc-es.html b/doc/es/tinc-es.html new file mode 100644 index 00000000..f8787000 --- /dev/null +++ b/doc/es/tinc-es.html @@ -0,0 +1,960 @@ + + + +Manual DE tinc + + +

Manual de tinc

+

Preparando una Red Privada Virtual con tinc

+
Ivo Timmermans <itimmermans@bigfoot.com>
+

+

+ +

Introducción

+ +

+Tinc es un demonio de Red Privada Virtual (VPN) que usa túnel y +cifrado de datos para crear una red privada segura entre hosts en +Internet. + + +

+El túnel se realiza en la capa del protocolo IP como un dispositivo de +red normal, por lo cual hay necesidad de adaptar el software existente. + + +

+Este túnel permite que sitios VPN compartan información entre ellos en +Internet sin exponer esta información a otros. + + +

+Este documento es el manual de tinc. Incluye capítulos sobre cómo configurar +su computadora para usar tinc, así como el proceso de configuración de tinc. + + + + + +

Redes Privadas Virtuales

+ +

+Una Red Privada Virtual o VPN es una red que sólo puede ser accedida por +computadoras elegidas para participar. Esta meta es alcanzable en más de una +manera. + + +

+ +Por ejemplo, una VPN puede consistir en una ethernet LAN. O incluso dos +computadoras conectadas usando un cable módem nulo(1). En estos casos, es obvio que la red es privada, nadie puede acceder a esta desde afuera. Pero si estas si estas computadoras están conectadas a internet, la red deja de ser privada, a menos que use cortafuego para bloquear el trafico privado. Pero entonces, no hay manera de enviar datos privado a una computadora de confianza en otro lugar de internet. + + +

+ +Este problema puede resolverse usando redes virtuales. Las redes virtuales pueden vivir arriba de otras redes, pero no interfieren interfieren entre ellas. En su mayor parte, las redes virtuales se ven como simples LAN, aun cuando pueden extenderse a lo largo del mundo. Pero las redes virtuales pueden no ser seguras aunque se uso cortafuegos, porque el trafico que fluye a traves de estas hacia internet puede ser visto por otras personas. + + +

+Cuando se introduce cifrado de datos, podemos formar una verdadera VPN, Otras personas pueden ver el trafico cifrado, pero no pueden saber como decifrar este (necesitan conocer la llave para esto), no pueden leer la información que fluye a traves de la VPN, Esto es para lo que tinc fue hecho. + + +

+ +Tinc usa datagramas IP normales para encapsular datos que viajan sobre el enlace +de red VPN. En este caso está también claro que la red es virtual, porque ningún enlace de red directo tiene que existir entre los participantes. + + +

+Como es el caso con cualquier tipo de VPN, alguien podría escuchar secretamente, +o peor, alterar datos. Aquí es probablemente aconsejable el cifrar los datos que fluyen sobre la red. + + + + +

TINC

+ +

+Yo realmente no recuerdo lo que nos llevó a empezar, pero debe de haber sido idea de Guus. Él escribió una aplicación simple (aproximadamente 50 líneas en C) que usó el dispositivo ethertap que linux tiene desde el núcleo 2.1.60. No funcionó inmediatamente y él la mejoró un poco. En esta fase, el proyecto se llamó simplemente `vpnd'. + + +

+Desde entonces, mucho ha cambiado -- por así decirlo. + + +

+ +Tinc ahora soporta cifrado, consiste en un solo demonio (tincd) para la +recepción y el envío de información, se ha vuelto un paquete profesional completo. + + +

+Mucho puede ser, y será, mejorado. Hay varias cosas que me gustaría ver en las +futuras versiones de tinc. No todo estará disponible en el futuro cercano. Nuestro primer objetivo es hacer que tinc trabaje perfectamente, y luego agregar rasgos más avanzados. + + +

+Entretanto, siempre estaremos abiertos y disponibles hacia las nuevas ideas. + + + + +

Configurando un sistema Linux

+ +

+Este capítulo contiene información sobre cómo configurar un sistema Linux para el uso de tinc. + + + + +

Configurando el Núcleo

+ +

+Dado que esta implementación particular sólo corre en núcleos 2.1 o mayores, +debería conseguir uno (los 2.2 son actuales en este momento). Una migración a 2.0 no es posible, a menos que alguien migre los dispositivos ethertap y netlink a 2.0. + + +

+Si no esta familiarizado con el proceso de configurar y compilar un nuevo núcleo, debería leer primero el Núcleo COMO. ¡Haga eso ahora! + + +

+Aquí están las opciones que usted tiene que activar al configurar un nuevo núcleo. + + + +

+Code maturity level options 
+[*] Prompt for development and/or incomplete code/drivers 
+Networking options 
+[*] Kernel/User netlink socket 
+<*> Netlink device emulation 
+Network device support 
+<*> Ethertap network tap 
+
+ +

+Cualquier otra opción no mencionada aquí no es relevante a tinc. Si usted decide +construirlos como módulos dinámicos, es una buena idea agregar estas líneas en +`/etc/modules.conf'. + + + +

+alias tap0 ethertap 
+alias char-major-36 netlink_dev
+
+ +

Finalmente, construya el núcleo y reinicie la maquina. Desgraciadamente no es +posible insertar estos módulos en un Núcleo que se esta ejecutando. + + + + +

Archivos Necesarios

+ + +

Archivos de dispositivos

+ +

+Primero, necesitará el archivo de dispositivo especial que forma la interfaz entre el Núcleo y el demonio. + + + +

+mknod -m 600 /dev/tap0 c 36 16 
+chown 0.0 /dev/tap0 
+
+ +

+Los permisos serán ahora tales que sólo el super usuario(root) puede leer y escribir en este archivo. Esto debería ser así, porque es más fácil que se filtre información por aquí. Esto, sin embargo, implica que usted tendría que ejecutar tincd como root. + + +

+Si usted quiere, también se puede crear más archivos de dispositivos que se +numerarían de 0 a 15 con números menores de dispositivos de 16 a 31. Todos deben +pertenecer al root y deben tener permisos 600. + + + +

`/etc/networks'

+ +

+Puede agregar una línea en `/etc/networks' para que sus vpn tengan nombres simbólicos. Por ejemplo: + + + +

+Mi_vpn 10.0.0.0 
+
+ + +

`/etc/services'

+ +

+Puede agregar estas líneas en `/etc/services'. El resultado es que puede proporcionar a una `tinc' como un número de puerto válido a algunos programas. El número 655 esta registrado en el IANA. + + + +

+tinc            655/tcp    TINC 
+tinc            655/udp   TINC 
+#               Ivo Timmermans <itimmermans@bigfoot.com>
+62;
+
+ + + +

Preparando los dispositivos

+ +

+Antes de que pueda empezar a transmitir datos sobre el túnel tinc, debe preparar los dispositivos de red ethertap. + + +

+Primero, decida qué direcciones IP quiere asociar con estos dispositivos, y qué +máscara de red deben tener. También necesitara estos números cuando configure tinc. Vea la sección section Configurando tinc. + + +

+No importa mucho que se hace primero, si preparar los dispositivos red o configurar tinc. Pero deben hacerse ante de usar tincd. + + +

+La configuración de dispositivo ethertap es bastante simple, simplemente escriba +esto: + + + +

+ifconfig tapn hw ether fe:fd:xx:xx:xx:xx 
+
+ +

+El n aquí es el número del dispositivo ethertap que quiere usar. Debe ser uno de los mismos n que uso para `/dev/tapn'. Las xxs son cuatro números hexadecimales (0--ff). En las versiones anteriores de tincd no importaban lo que eran, pero los nuevos Núcleos +requieren que sean puestas las direcciones de ethernet. De hecho, el comportamiento estaba equivocado, se requiere que los xxs mapeen Mi_IP_VPN. + + + +

+ifconfig tapn IP netmask mask
+
+ +

+Esto activará el dispositivo con una dirección red IP y con una máscara de red mask. + + + + +

Instalando Tinc

+ +

+Primero consígalo. Esta es la página principal, que tiene las suma de verificación (checksums) de los archivos listados; puede desear verificar éstos con md5sum antes de continuar. + + +

+Tinc viene en un paquete autoconf/automake, que simplemente puede tratar como +cualquier otro paquete. Sólo tiene que descomprimirlo, escribir "Configure" y luego "Make". + + +

+Las instrucciones más detalladas están en el archivo `INSTALL', que es incluido en la distribución fuente. + + + + +

Configurando Tinc

+ + + +

Redes múltiples

+ +

+Es perfectamente aceptable correr más de un demonio tinc. Sin embargo, en su +forma predefinida, pronto notará que no puede usar dos archivos diferentes de +configuración sin la opción -c. + + +

+Hemos pensado en otra manera de tratar esto: nombres de red. Esto significa que +usted llama a tincd con el argumento -n que asignará un nombre a este demonio. + + +

+El efecto de esto es que los demonios buscaran su configuración en /etc/tinc/nn/, donde nn es un argumento a la opción -n. Notará que aparece en syslog como "tincd.nn." + + +

+Sin embargo, no es estrictamente un requisito llamar a tinc con la opción -n. En este caso, el nombre de la red estaría simplemente vacío, y se usará como tal. Tinc busca archivos ahora en /etc/tinc/, en lugar de /etc/tinc/nn/; el archivo de configuración debe ser /etc/tinc/tincd.conf, y se espera ahora que los passphrases (N.T. passphrases es una contraseña o palabra de paso(password), que al ser bastante larga se le llama frase de paso) estén en /etc/tinc/passphrases/. + + +

+Es recomendable usar este rasgo de tinc, porque será él quien decida con que +demonio hablar. Asumiremos que lo usa. + + + + +

Cómo trabajan las conexiones

+ +

+Antes de seguir, primero un poco de cómo tinc ve las conexiones. + + +

+Cuando tinc se pone en marcha, lee en el archivo la configuración y analiza las +opciones de la línea de comandos. Si ve un valor "ConnectTo" en el archivo, intentará conectarse a ese servidor, en el puerto dado. Si esto falla, tinc termina. + + + + +

Archivo de configuración

+ +

+La configuración actual del demonio se hace en el archivo `/etc/tinc/nn/tinc.conf'. + + +

+Este archivo consiste en comentarios (las líneas empiezan con #) o asignaciones de la forma: + + + +

+Variable = Valor. 
+
+ +

+En los nombres de variables se distingue entre mayúsculas o minúsculas, y se +ignora cualquier espacio, etiquetas, nueva línea y retorno de carro. Nota: no se requiere que ponga "=", pero se usa para mejorar la legibilidad. Si lo omite, recuerde reemplazarlo con por lo menos un carácter espacial. + + + + +

Variables

+ +

+Aquí está todas las variables válidas, listadas en orden alfabético: + + +

+ +
ConnectPort = port +
+Conéctese al host (dado en la directiva ConnectTo) en el puerto "port". El puerto puede darse en decimal (valor por defecto), octal (cuando es precedido por un solo cero) o hexadecimal (prefijó con 0x). El puerto es el número del puerto para las conexiones UDP y TCP (meta). + +
ConnectTo = (IP address|hostname) +
+Especifica a qué host conectarse al arrancar. Si la variable "ConnectPort" se +omite, entonces tinc intentará conectarse al puerto 655. + +Si usted no especifica un host con "ConnectTo", sin tener en cuenta si un valor para "ConnectPort" se da, tinc no se conectará en absoluto, y escuchará en cambio simplemente las conexiones entrantes. Sólo el iniciador de un tinc VPN puede necesitar esto. + +
ListenPort = port +
+Escuche en el puerto local "port". La computadora que se conecta a este demonio debe usar este número como el argumento para su "ConnectPort". De nuevo, el +valor por defecto es 655. + +
MyOwnVPNIP = local address[/maskbits] +
+La dirección local es el número que los demonios propagarán a otro demonios en la red cuando se identifican. Aquí será el nombre del archivo de passphrase que el otro extremo espera encontrar en el passphrase. + +La dirección local es la dirección IP del dispositivo Tap, no la dirección IP real del host donde tincd esta corriendo. Debido a los cambios en recientes núcleos, es también necesario que usted haga coincidir la dirección ethernet (también conocida como MAC) y la dirección de IP (vea el ejemplo). + +maskbits es el número de bits en 1 en la parte de la netmask(mascara de red). + +
MyVirtualIP = local address[/maskbits] +
+Esto es un alias para "MyOwnVPNIP". + +
Passphrases = directory +
+El directorio donde tinc buscara las passphrases cuando alguien intenta +conectarse. Por favor vea la pagina del manual de genauth(8) para más información sobre el passphrases usado por tinc. + +
PingTimeout = number +
+El número de segundos de inactividad que tinc esperara antes de enviar una +sonda(ping) al otro extremo. Si el otro extremo no contesta dentro de esa misma cantidad de segundos, la conexión se termina, y se notificara de esto. + +
TapDevice = device +
+El dispositivo ethertap a usar. Note que se puede usar sólo un dispositivo por +demonio. La paginas info del paquete tinc contiene más información sobre como +configurar un dispositivo ethertap en linux. + +
VpnMask = mask +
+La mascara de red que define el alcance de la VPN, Esta opción no es usada por el demonio tinc sino por los script de inicio(startup)para sonigurar los dispositivos ethertap correctamente +
+ + + +

Ejemplo

+ +

+Imagine la situación siguiente. Una compañía A-base quiere conectar tres oficinas en B, C y D usando internet. Las cuatro oficinas tienen una 24/7 (24 horas los 7 días) conexión a internet. + + +

+ A va a servir como el centro de la red. B y C conectarán a A, y D se +conectará a C. Cada oficina asignará sus propios IP de red, 10.x.0.0. + + + +

+A: red 10.1.0.0 máscara 255.255.0.0 gateway 10.1.54.1 internet IP 1.2.3.4 
+B: red 10.2.0.0 máscara 255.255.0.0 gateway 10.2.1.12 internet IP 2.3.4.5 
+C: red 10.3.0.0 máscara 255.255.0.0 gateway 10.3.69.254 internet IP 3.4.5.6 
+D: red 10.4.0.0 máscara 255.255.0.0 gateway 10.4.3.32 internet IP 4.5.6.7 
+
+ +

+"gateway" es la dirección IP VPN_IP de la máquina que está ejecutando el tincd. +"internet IP" es la dirección IP del cortafuego que no necesita ejecutar tincd pero debe tener un puerto de forwarding de TCP y UDP en 655 (a menos que configure otro). + + +

+En este ejemplo, se asume que eth0 es la interfaz que apunta a la LAN interna de la oficina. Esto podría ser igual que la interfaz que lleva a internet. + + + +

Para A

+ +

+Ase configuraría como esto: + + + +

+ifconfig tap0 hw ether fe:fd:0a:01:36:01 
+ifconfig tap0 10.1.54.1 netmask 255.0.0.0 
+ifconfig eth0 10.1.54.1 netmask 255.255.0.0 broadcast 10.1.255.255 
+
+ +

+y en /etc/tinc/tincd.conf: + + + +

+TapDevice = /dev/tap0 
+MyVirtualIP = 10.1.54.1/16 
+VpnMask = 255.0.0.0
+
+ + +

Para B

+ + +
+ifconfig tap0 hw ether fe:fd:0a:02:01:0c 
+ifconfig tap0 10.2.1.12 netmask 255.0.0.0 
+ifconfig eth0 10.2.43.8 netmask 255.255.0.0 broadcast 10.2.255.255 
+
+ +

+y en /etc/tinc/tincd.conf: + + + +

+TapDevice = /dev/tap0 
+MyVirtualIP = 10.2.1.12/16 
+ConnectTo = 1.2.3.4 
+VpnMask = 255.0.0.0
+
+ +

+Note aquí que la dirección interna (en eth0) no tiene por que ser igual que el +dispositivo tap0. También, ConnectTo se da para que nadie pueda conectarse a +este nodo. + + + +

Para C

+ + +
+ifconfig tap0 hw ether fe:fd:0a:03:45:fe 
+ifconfig tap0 10.3.69.254 netmask 255.0.0.0 
+ifconfig eth0 10.3.69.254 netmask 255.255.0.0 broadcast 10.3.255.255 
+
+ +

+y en /etc/tinc/A/tincd.conf: + + + +

+MyVirtualIP = 10.3.69.254/16 
+ConnectTo = 1.2.3.4 
+ListenPort = 2000 
+VpnMask = 255.0.0.0
+
+ +

+C ya tiene otro demonio que corre en el puerto 655, entonces se reservar otro puerto para los que se conecten. Se usa el nombre de red para distinguir entre los dos. tinc se ejecuta con "tincd -n A". + + + +

Para D

+ + +
+ifconfig tap0 hw ether fe:fd:0a:04:03:20 
+ifconfig tap0 10.4.3.32 netmask 255.0.0.0 
+ifconfig tap0 10.4.3.32 netmask 255.255.0.0 broadcast 10.4.255.255 
+
+ +

+y en /etc/tinc/tincd.conf: + + + +

+MyVirtualIP = 10.4.3.32/16 
+ConnectTo = 3.4.5.6 
+ConnectPort = 2000 
+VpnMask=255.0.0.0
+
+ +

+D estará conectando a C que tiene un tincd que corre para esta red en el puerto +2000. Aquí se debe poner un ConnectPort. + + + +

Autenticación

+ +

+A, B, C y D generan su passphrase con genauth 2048, la salida se guarda en +/etc/tinc/passphrases/local, salvo C, donde debe ser /etc/tinc/A/passphrases/local. + + +

+A guarda una copia del passphrase de B en /etc/tinc/passphrases/10.2.0.0 + + +

+A guarda una copia del passphrase de C en /etc/tinc/passphrases/10.3.0.0 + + +

+B guarda una copia del passphrase de A en /etc/tinc/passphrases/10.1.0.0 + + +

+C guarda una copia del passphrase de A en /etc/tinc/A/passphrases/10.1.0.0 + + +

+C guarda una copia del passphrase de D en /etc/tinc/A/passphrases/10.4.0.0 + + +

+D guarda una copia del passphrase de C en /etc/tinc/passphrases/10.3.0.0 + + + +

Ejecución

+ +

+A tiene que ejecutar su tincd primero. Entonces viene B y C, donde C tiene que +proporcionar la opción "-n A", porque aquí se tiene más de una red del tinc. Finalmente, el tincd de D se ejecuta. + + + + +

Corriendo Tinc

+ +

+Ejecutar tinc no es así de fácil como teclear "tincd" y esperar que todo funcione de la manera que se quiso. En cambio, el uso de tinc es un proyecto que involucra relaciones de confianza en más de una computadora. + + + + +

Manejo Llaves

+ +

+Antes de intentar ejecutar tinc, se tienen que crear los passphrases. Cuando tinc intenta hacer una conexión, intercambia algunos datos sensibles. Antes de hacer esto, le gusta saber si el otro extremo es confiable. + + +

+Para hacer esto, ambos extremos deben tener un poco de conocimiento sobre el +otro. En el caso de tinc éste es la autenticación passphrase. + + +

+Este passphrase es un número que es escogido al azar. Este número se envía +entonces a las otras computadoras que quieren hablar directamente con nosotros. Para evitar romper seguridad, esto debe hacerse sobre un cauce seguro conocido (como ssh o similar). + + +

+Todos los passphrases se guardan en el directorio de passphrases que +normalmente es /etc/tinc/nn/passphrases/, pero este puede cambiarse usando la opción "Passphrases" en el archivo de configuración. + + +

+Para generar un passphrase, ejecute "genauth". genauth toma un argumento que es +la longitud del passphrase en bits. La longitud del passphrase debe estar en el rango de 1024--2048 para una llave de 128 bits. genauth crea un número al azar de la longitud especificada, y lo pone en la salida estándar. + + +

+Cada computadora que quiere participar en el VPN debe hacer esto, y guardar la +salida en el directorio de passrasphes, en el archivo `local'. + + +

+Cuando cada computadora tiene su propia llave local, debe copiarlo a la +computadora con la que quiere hablar directamente. Esto debe hacerse vía un cauce seguro, porque es información sensible. Si esto no se hace con seguridad, alguien podría forzar la entrada después de usted. + + +

+Esos archivos de passphrase no locales deben tener el nombre de la dirección IP +VPN con la que ellos se anuncian. Por ejemplo, si una computadora nos dice que es 10.1.1.3 con netmask 255.255.0.0, el archivo debería llamarse 10.1.1.3, y no 10.1.0.0. + + + + +

Opciones en Tiempo de Ejecución

+ +

+Además de las opciones en el archivo de configuración, tinc también acepta algunas opciones de línea de comandos. + + +

+Esta lista es una versión más larga que la de la pagina del manual. Lo ultimo se +genera automáticamente, para que pueda ser más actualizable. + + +

+ +
-c, --config=FILE +
+Lee opciones de configuración desde el archivo FILE. El valor por defecto es +`/etc/tinc/nn/tinc.conf'. + +
-d +
+Incrementa el nivel de depuración. El más alto conseguido es en el que más se +registra en los logs, todo vía syslog. + +0 es el valor por defecto, sólo información básica de algunos intentos de conexión se registran. Poniéndolo a 1 se registra un poco más, todavía no muy alentador. Con dos opciones -d, tincd registrara información protocolar que puede ponerse bastante ruidosa. Tres o más opciones -d, harían que cada paquete +que sale o entra probablemente genere más datos que los paquetes en si. + +
-k, --kill +
+Intente matar un tincd y termina. Una señal TERM(15) se envía al demonio que tiene su PID en /var/run/tincd.nn.pid. + +Como mata sólo un tincd, usted debe usar -n aquí si normalmente lo usa. + +
-n, --net=NETNAME +
+Conectar a la red NETNAME. Vea la sección redes Múltiples. + +
-t, --timeout=TIMEOUT +
+Segundos a esperar antes de dar una interrupción. No debe ponerse demasiado +bajo, porque a cada rato tincd dará interrupción, se desconectara y re-conectara de nuevo, lo que causará tráfico de la red innecesario y mensajes de log. + +
--help +
+Despliegue un recordatorio corto de estas opciones de tiempo de ejecución y +termina. + +
--version +
+Muestra información de versión y termina. + +
+ + + +

Información técnica

+ + + +

Filosofía básica del modo de trabajo de tinc

+

+ + + +

+Tinc es un demonio que toma datos VPN y transmite estos a otra computadora Host +sobre la infraestructura existente de Internet. + + + + +

Una vista previa del modo de trabajo de tinc

+ +

+ + +Los propios datos se leen de un archivo de dispositivo de caracteres, el dispositivo llamado ethertap. Este dispositivo es asociado con una interfaz de la red. Puede leerse cualquier dato enviado a la interfaz de dispositivo, y cualquier dato escrito al dispositivo se envía a la interfaz. Datos a y desde el dispositivo se estructuran como si fuera una tarjeta ethernet +normal, cada marco es precedido por dos direcciones MAC y un campo de tipo de marco. + +

+Para que cuando tinc lea un marco del dispositivo ethernet determine su tipo. +Actualmente, tinc puede manejar sólo marcos del Protocolo Internet versión 4 (IPv4), están haciéndose planes para soportar otros protocolos. Cuando tinc sabe que qué tipo de marco ha leído, también puede leer la dirección de origen y de destino de este. + +

+Ahora es cuando el marco se cifra. Actualmente el único algoritmo de cifrado disponible es blowfish. + + +

+ +Cuando el cifrado está listo, es tiempo de transportar el paquete realmente a la +computadora de destino. Se hace esto enviando el paquete sobre una conexión UDP al host de destino. Esto se llama encapsulación, el paquete de VPN (aunque ahora cifrado) se encapsula en otro datagrama IP. + + +

+Cuando el destino recibe este paquete, ocurre lo mismo, sólo que al revés. Así que realiza un descifrado del contenido del datagrama UDP, y escribe la información descifrada en su propio dispositivo ethertap. + + + + +

La meta-conexión

+ +

+Teniendo sólo una conexión de UDP disponible no es bastante. Aunque conveniente +para transmitir datos, queremos poder enviar otra información confiablemente, como rutear y cifrar información a alguien. + + +

+TCP es una alternativa mejor, porque ya contiene protección contra información que es perdida, no como UDP. + + +

+Así que nosotros establecemos dos conexiones. Una para los datos cifrados de +VPN, y una para la otra información, los meta-datos. Aquí, llamamos a la segunda +conexión la meta-conexión. Podemos estar ahora seguros que la meta-información no se pierde en el camino a la otra computadora. + + +

+ + +Como con cualquier comunicación, debemos tener un protocolo, para que todos +sepan como comunicarse y cómo se debe reaccionar. Como tenemos dos conexiones, +también tenemos dos protocolos. El protocolo usado para los datos de UDP es el "data-protocolo" y el otro es el "meta-protocolo". + + +

+La razon por la que no se usa TCP para ambos protocolos es que UDP es mucho mejor para encapsulación, includo mistra este es menos confiable. El problema real es que cuando TCP es usado para encapsular un stream TCP que esta sobre la red privada, para cada paquete enviado habria tres ACK's enviados en lugar de uno. Aun mas, si se da un timeout, ambos TCP streams serian sencibles al timeout, y ambos reenviarian los paquetes. + + + + +

Algo de cifrado en tinc y otros problemas de seguridad relacionados.

+ +

+ + +tinc consiguio su nombre de "TINC", iniciales de There Is No Cabal (Allí No Hay +Conspiración); el hubo/hay de la Conspiración alega a una organización que se decía que tenia ojos en Internet. Como esto es exactamente lo que usted no quiere, nombramos al proyecto tinc después de TINC. + + +

+ +Pero para ser "inmune" a las escuchas secretas, usted tendrá que cifrar sus +datos. Como tinc es un demonio VPN Seguro (SVPN), hace eso exactamente: cifrar. + + +

+Este capítulo es una mezcla de ideas, razonamientos y explicaciones, por favor no lo tome demasiado en serio. + + + + +

Manejo de Llaves

+ +

+ +Usted no puede enviar simplemente una llave de cifrado privada a su par, +porque alguien podría estar escuchando. De modo que tendrá que negociar sobre una llave compartida pero confidencial. Una manera de hacer esto es usar el protocolo de "Intercambio de Llaves Diffie-Hellman" (http://www.rsa.com/rsalabs/faq/html/3-6-1.html). +La idea es como sigue. + + +

+Usted tiene dos participantes A y B que quiere estar de acuerdo sobre una llave de cifrado confidencial compartida. Ambas parte tienen algún número primo grande p y un generador g. Estos números pueden conocerse al mundo externo, y pueden ser incluidos en la distribución de la fuente. + + +

+ +Ambas partes generan una llave confidencial entonces. A genera a, y calcula g^a +mod p. Este es entonces mandado a B; mientras B calcula g^b mod p, y transmite este a A. a y b deben ser mayores que p-1. + + +

+Estas llaves privadas se generan en el inicio, y ellas no se cambian mientras la +conexión existe. Un posible rasgo en el futuro es cambiar las llaves dinámicamente, todas las horas por ejemplo. + + +

+Ambas partes calculan g^ab mod p = k, k es la nueva llave compartida, pero +secreta. + + +

+Para obtener un k importante de una longitud suficiente (128 bits en nuestro vpnd), p debe tener 2^129-1 o más. + + + + +

Autenticación

+ +

+ +Como el protocolo de Diffie-Hellman es en sí mismo vulnerable al "el ataque del +hombre-en-el-medio," nosotros debemos introducir un sistema de autenticación. + + +

+Nosotros permitiremos que A transmita un passphrase que también conoce B +cifrado con g^a, antes que A le envíe esto a B. De esta manera, B puede verificar si A realmente es A o simplemente alguien más. + + +

+ +Este passphrase deben ser de 2304 bits para un sistema de cifrado simétrico. Pero como un sistema asimétrico es más seguro, nosotros podríamos hacerlo con 2048 bits. Esto sólo sirve si el passphrase es muy el azar. + + +

+Estos passphrases podrían guardarse en un archivo solo leíble por el root; ej. +`/etc/vpn/passphrases'. + + +

+La única cosa que necesita tener en cuidado es cómo A le anuncia su passphrase a +B. + + + + +

Protegiendo sus datos

+ +

+Ahora nosotros hemos escondido nuestros datos firmemente. Pero un cracker +malévolo todavía puede molestarnos alterando los datos cifrados al azar que el intercepta. + + + + +

Sobre Nosotros

+ + + +

Informacion de Contacto

+ +

+La página principal de tinc está en http://tinc.nl.linux.org/, este servidor se localiza en los Países Bajos. + + +

+Nosotros tenemos un canal IRC en la red IRC de Open Projects. Conectarse a +irc.openprojects.net, y entrar en el canal #tinc. + + + + +

Autores

+ +
+ +
Ivo Timmermans (zarq) (itimmermans@bigfoot.com) +
+El codificador/hacker principal y el que mantiene el paquete. + +
Guus Sliepen (guus) +
+Originador de todo esto, coautor. + +
Wessel Dankers (Ubiq) +
+Ofuscador general del código. + +
+ +

+Gracias a: Dekan, Emphyrio, vDong + + +

+Saludos a: braque, Fluor, giggles, macro, smoke, tribbel + +

+Traductor +

+Carrasco Matias (mcarrasco@softwork.com.ar) + + +

Indice de Conceptos

+ +

+Ir a: +a +- +c +- +d +- +e +- +m +- +p +- +s +- +t +- +v +

+

a

+ +
  • ataque hombre-en-el-medio +
    •  +

    c

    + +
  • Cabal +
  • Clave secreta +
  • Conexión +
    •  +

    d

    + +
  • data-protocol +
  • Diffie-Hellman +
    •  +

    e

    + +
  • encapsulación +
  • ethertap +
    •  +

    m

    + +
  • meta-protocol +
    •  +

    p

    + +
  • passphrase +
  • privado +
    •  +

    s

    + +
  • SVPN +
    •  +

    t

    + +
  • tinc +
  • tincd +
  • Tipo de Marco +
    •  +

    v

    + +
  • virtual, virtual +
    •  + + +

    + + diff --git a/doc/es/tinc_toc-es.html b/doc/es/tinc_toc-es.html new file mode 100644 index 00000000..2bb54986 --- /dev/null +++ b/doc/es/tinc_toc-es.html @@ -0,0 +1,63 @@ + + + +Manual de tinc - Tabla de Contenidos + + +

    Manual de tinc

    +

    Preparando una Red Privada Virtual con tinc

    +
    Ivo Timmermans <itimmermans@bigfoot.com>
    +

    +

    +

    +

    + + From 2863134a4113b7805a662f45a21a1be0ae9606cb Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 17 Sep 2000 19:57:39 +0000 Subject: [PATCH 088/923] Added document about the used cryptographic algorithms and the reasons behind them. Feel very free to comment on this! --- doc/SECURITY | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 doc/SECURITY diff --git a/doc/SECURITY b/doc/SECURITY new file mode 100644 index 00000000..a885b46d --- /dev/null +++ b/doc/SECURITY @@ -0,0 +1,92 @@ +This is the security documentation for tinc, a Virtual Private Network daemon. + + Copyright 2000 Guus Sliepen , + 2000 Ivo Timmmermans + + Permission is granted to make and distribute verbatim copies of + this documentation provided the copyright notice and this + permission notice are preserved on all copies. + + Permission is granted to copy and distribute modified versions of + this documentation under the conditions for verbatim copying, + provided that the entire resulting derived work is distributed + under the terms of a permission notice identical to this one. + + $Id: SECURITY,v 1.1.2.1 2000/09/17 19:57:39 guus Exp $ + + +1. Authentication +------------------ + +Authentication in tinc will be done in a way that is very similar to the way +the SSH (Secure SHell) authentication protocol works. It is based on public +key cryptography. + +Every tinc host has it's own public/private key pair. Suppose there are two +tinc hosts, A and B. If A and B trust each other, they store a copy of +eachothers public key (in the same way passphrases were stored in versions +of tinc <= 1.0pre2). They know these public keys beforehand, and the origin +of the public keys has to be known for sure. + +To make sure that when a connection is made from A to B that B knows A is +really who he claims to be, B encrypts a totally random string of bytes with +A's public key. B also calculates the hash value from the unencrypted random +string. B then sends the encrypted string to A. A then has to decrypt the +string, calculate the hash value from that string and send it back to B. Since +only he who possesses A's private key can decrypt this string, only he can send +back the correct hash value. So, if B receives the same hash value he +calculated himself, he knows for sure A is A. + +Both SSH and tinc use RSA for the public key cryptography. SSH uses MD5 as a +secure hash algorithm, tinc uses SHA1. The reason for our choice of SHA1 is +the fact that SHA1 is 160 bits instead of 128 (MD5), which makes brute force +attacks harder. Also, the OpenSSL documentation recommends SHA1. + +2. Key exchange +---------------- + +The rest of the meta connection in tinc will be encrypted with a symmetric +block cipher, since RSA is not really suited for this. When a connection is +made, both sides have to agree on a key for this block cipher. To make sure +that this key exchange is also done securely, and no man-in-the-middle attack +is possible, RSA would be the best choice for exchanging keys. + +Instead of doing RSA encryption again, tinc will use a part of the random +string that was exchanged during the authentication phase as the key for the +symmetric cipher. Some symmetric ciphers require a random initialisation vector +for improved security. This vector can be taken from the random string as well. + +Is this secure? I (Guus Sliepen) think at this moment that it is: + +- Since the random string cannot be decrypted by anyone eavesdropping or + playing man-in-the-middle, the symmetric key cannot be known by sniffing. +- The unencrypted returned hash value is supposed to be cryptographically + secure. Furthermore, it can only at most give a way 160 bits of information + from the complete random string which is longer than the key for the + symmetric cipher, so very few bits will actualy contain information about + the symmetric cipher key alone, if any. +- If the RSA encryption is cracked, the rest of the communications can be + decrypted anyway. +- If the symmetric cipher encryption is cracked without using the information + from the encrypted random strings or the hash values, this still won't give + the full plaintext for the random string, so it won't facilitate a known- + plaintext attack on the RSA encryption. +- RSA and symmetric ciphers are fundamentally different. It is very unlikely + that the overlap of both will create any interference that will facilitate + an easier-than-brute-force attack. + +Other options for key exchange could be: + +* A second exchange of RSA encrypted random strings. + This is equal to the former scheme just without knowing the hash value of + the unecrypted random string. + +* Diffie-Hellman with RSA signing. + This should be very secure, but there are a lot of pitholes with using both + encryption with public keys and private keys together with the same keypair. + +* Diffie-Hellman with passphrases. + This is what tinc <= 1.0pre2 used to do. Passphrases are secret, exchanging + them must be done with great care, nobody may eavesdrop. Exchanging public + keys on the other hand is much safer, everybody may eavesdrop, just as long + as you are sure that the public key itself belongs to the right owner. From 84f210edd9e72a65ca8b034a0d3bbc12e506c580 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 17 Sep 2000 20:11:59 +0000 Subject: [PATCH 089/923] - Included authentication scheme from protocol.c - Added a few comments about the symmetric cipher. --- doc/SECURITY | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/doc/SECURITY b/doc/SECURITY index a885b46d..8ac8dc3c 100644 --- a/doc/SECURITY +++ b/doc/SECURITY @@ -12,12 +12,35 @@ This is the security documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: SECURITY,v 1.1.2.1 2000/09/17 19:57:39 guus Exp $ + $Id: SECURITY,v 1.1.2.2 2000/09/17 20:11:59 guus Exp $ 1. Authentication ------------------ +The authentication protocol (see protocol.c for the up-to-date version) is: + + Client Server + send_id(u) + send_challenge(R) + send_chal_reply(H) + send_id(u) + send_challenge(R) + send_chal_reply(H) + --------------------------------------- + Any negotations about the meta protocol + encryption go here(u). + --------------------------------------- + send_ack(u) + send_ack(u) + --------------------------------------- + Other requests(E)... + + (u) Unencrypted, + (R) RSA, + (H) SHA1, + (E) Encrypted with symmetric cipher. + Authentication in tinc will be done in a way that is very similar to the way the SSH (Secure SHell) authentication protocol works. It is based on public key cryptography. @@ -90,3 +113,11 @@ Other options for key exchange could be: them must be done with great care, nobody may eavesdrop. Exchanging public keys on the other hand is much safer, everybody may eavesdrop, just as long as you are sure that the public key itself belongs to the right owner. + +3. Symmetric cipher +-------------------- + +Since the generalized encryption functions of OpenSSL are used, any symmetric +cipher that is available in OpenSSL could possibly be used. The default however +will be Blowfish. Blowfish is widely in use and still has not been cracked +today (as far as we know). It also is one of the faster ciphers available. From 5d0b3516d5e8a46ca2268bdb32657b72295501ec Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 17 Sep 2000 21:42:05 +0000 Subject: [PATCH 090/923] - Updated authentication scheme. - Removed all trailing spaces from all lines. - Added things to add_ and del_subnet_h. --- src/protocol.c | 300 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 199 insertions(+), 101 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 43638941..35b07882 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.32 2000/09/15 12:58:40 zarq Exp $ + $Id: protocol.c,v 1.28.4.33 2000/09/17 21:42:05 guus Exp $ */ #include "config.h" @@ -53,9 +53,9 @@ int check_id(char *id) for (i = 0; i < strlen(id); i++) { if(!isalpha(id[i]) && id[i] != '_') - { - return 0; - } + { + return 0; + } } return 1; @@ -66,26 +66,29 @@ int check_id(char *id) int send_request(conn_list_t *cl, const char *format, int request, /*args*/ ...) { va_list args; - char *buffer = NULL; + char buffer[MAXBUFSIZE+1]; int len; - + cp - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname); + /* Use vsnprintf instead of vasprintf: faster, no memory fragmentation, cleanup is automatic, + and there is a limit on the input buffer anyway */ va_start(args, request); - len = vasprintf(&buffer, format, args); + len = vsnprintf(buffer, MAXBUFSIZE+1, format, args); va_end(args); - if(len < 0 || !buffer) + if(len < 0 || len > MAXBUFSIZE) { - syslog(LOG_ERR, _("Error during vasprintf(): %m")); + syslog(LOG_ERR, _("Output buffer overflow while sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname); return -1; } if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending meta data to %s (%s): %s"), - cl->name, cl->hostname, buffer); + syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], + cl->name, cl->hostname, buffer); + else if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname); + if(cl->status.encryptin) { @@ -97,7 +100,7 @@ cp syslog(LOG_ERR, _("Sending meta data failed: %m")); return -1; } -cp +cp } /* Connection protocol: @@ -105,27 +108,34 @@ cp Client Server send_id(u) send_challenge(R) - send_chal_reply(BH) - send_id(B) - send_challenge(BR) - send_chal_reply(BH) - send_ack(B) - send_ack(B) + send_chal_reply(H) + send_id(u) + send_challenge(R) + send_chal_reply(H) + --------------------------------------- + Any negotations about the meta protocol + encryption go here(u). + --------------------------------------- + send_ack(u) + send_ack(u) + --------------------------------------- + Other requests(E)... (u) Unencrypted, (R) RSA, (H) SHA1, - (B) Blowfish. + (E) Encrypted with symmetric cipher. - Part of the challenge is directly used to set the blowfish key and the initial vector. - (Twee vliegen in één klap!) -*/ + Part of the challenge is directly used to set the symmetric cipher key and the initial vector. + Since a man-in-the-middle cannot decrypt the RSA challenges, this means that he cannot get or + forge the key for the symmetric cipher. +*/ int send_id(conn_list_t *cl) { cp return send_request(cl, "%d %s %d %s", ID, - myself->name, myself->protocol_version, opt2str(myself->options)); + myself->name, myself->protocol_version, opt2str(myself->options)); } int id_h(conn_list_t *cl) @@ -138,34 +148,34 @@ cp syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname); return -1; } - + /* Check if version matches */ - + if(cl->protocol_version != myself->protocol_version) { syslog(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), - cl->name, cl->hostname, cl->protocol_version); + cl->name, cl->hostname, cl->protocol_version); return -1; } /* Check if option string is valid */ - + if((cl->options = str2opt(options)) == -1) { syslog(LOG_ERR, _("Peer %s uses invalid option string"), cl->hostname); return -1; } - + /* Check if identity is a valid name */ - + if(!check_id(cl->name)) { syslog(LOG_ERR, _("Peer %s uses invalid identity name"), cl->hostname); return -1; } - + /* Load information about peer */ - + if(!read_id(cl)) { syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), cl->hostname, cl->name); @@ -206,20 +216,20 @@ int send_challenge(conn_list_t *cl) cp if(cl->chal_answer) free(cl->chal_answer); - + /* Allocate buffers for the challenge and the hash */ - + cl->chal_answer = xmalloc(SHA_DIGEST_LENGTH); keylength = BN_num_bytes(cl->rsakey->length); buffer = xmalloc(keylength*2); /* Copy random data and the public key to the buffer */ - + RAND_bytes(buffer, keylength); BN_bn2bin(cl->rsakey->length, buffer+keylength); /* If we don't have a blowfish key set yet, use the random data from the challenge to do so. */ - + if(!cl->status.encryptin) { set_metakey(cl, buffer, keylength); @@ -235,7 +245,7 @@ cp buffer[keylength*2] = '\0'; /* Send the challenge */ - + cl->allow_request = CHAL_REPLY; x = send_request(cl, "%d %s", CHALLENGE, buffer); free(buffer); @@ -248,7 +258,7 @@ int challenge_h(conn_list_t *cl) { char *challenge; int x; - + cp if(sscanf(cl->buffer, "%*d %as", &cl->name, &challenge) != 1) { @@ -257,7 +267,7 @@ cp } /* Rest is done by send_chal_reply() */ - + x = send_chal_reply(cl, challenge); free(challenge); cp @@ -270,7 +280,7 @@ int send_chal_reply(conn_list_t *cl, char *challenge) int keylength; char *hash; int x; - + cp keylength = BN_num_bytes(myself->rsakey->length); @@ -283,21 +293,21 @@ cp } /* Allocate buffers for the challenge and the hash */ - + buffer = xmalloc(keylength*2); hash = xmalloc(SHA_DIGEST_LENGTH*2+1); /* Copy the incoming random data and our public key to the buffer */ - hex2bin(challenge, buffer, keylength); + hex2bin(challenge, buffer, keylength); BN_bn2bin(myself->rsakey->length, buffer+keylength); /* Calculate the hash from that */ - + SHA1(buffer, keylength*2, hash); /* If we don't have a blowfish key set yet, use the random data from the challenge to do so. */ - + if(!cl->status.encrypted) { set_metakey(cl, buffer, keylength); @@ -322,7 +332,7 @@ cp free(hash); cp return x; -} +} int chal_reply_h(conn_list_t *cl) { @@ -335,19 +345,19 @@ cp } /* Check if the length of the hash is all right */ - + if(strlen(hash) != SHA_DIGEST_LENGTH*2) { syslog(LOG_ERR, _("Intruder: wrong challenge reply length from %s (%s)"), cl->name, cl->hostname); return -1; } - + /* Convert the hash to binary format */ - + hex2bin(hash, hash, SHA_DIGEST_LENGTH); - + /* Verify the incoming hash with the calculated hash */ - + if(!memcmp(hash, cl->chal_answer, SHA_DIGEST_LENGTH)) { syslog(LOG_ERR, _("Intruder: wrong challenge reply from %s (%s)"), cl->name, cl->hostname); @@ -358,7 +368,7 @@ cp If we are accepting this new connection, then send our identity, if we are making this connecting, acknowledge. */ - + free(hash); free(cl->chal_answer); @@ -384,14 +394,14 @@ cp int ack_h(conn_list_t *cl) { conn_list_t *old; - + cp /* Okay, before we active the connection, we check if there is another entry in the connection list with the same vpn_ip. If so, it presumably is an old connection that has timed out but we don't know it yet. */ - while((old = lookup_id(cl->name))) + while((old = lookup_id(cl->name))) { if(debug_lvl > DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), @@ -427,14 +437,58 @@ cp int send_add_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) { cp -/* return send_request(cl, "%d %s %d %s", ADD_SUBNET, - other->name, subnet->type, net2str(subnet)); */ return send_request(cl, "%d %s %s", ADD_SUBNET, - other->name, net2str(subnet)); + other->name, net2str(subnet)); } int add_subnet_h(conn_list_t *cl) { + char *subnetstr; + char *name; + conn_list_t *owner; + subnet_t *subnet, *old; +cp + if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3) + { + syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s)"), cl->name, cl->hostname); + return -1; + } + + /* Check if owner name is a valid */ + + if(!check_id(name)) + { + syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname); + return -1; + } + + /* Check if subnet string is valid */ + + if((subnet = str2net(subnetstr)) == -1) + { + syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname); + return -1; + } + + /* Check if somebody tries to add a subnet of ourself */ + + if(!strcmp(name, myself->name)) + { + syslog(LOG_ERR, _("Warning: got ADD_SUBNET from %s (%s) for ourself, restarting"), + cl->name, cl->hostname); + sighup = 1; + return 0; + } + + /* Check if the owner of the new subnet is in the connection list */ + + if(!(owner = lookup_id(name)) + { + syslog(LOG_NOTICE, _("Got ADD_SUBNET for %s from %s (%s) which is not in our connection list"), + name, cl->name, cl->hostname); + } + + } int send_del_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) @@ -445,6 +499,50 @@ cp int del_subnet_h(conn_list_t *cl) { + char *subnetstr; + char *name; + conn_list_t *owner; + subnet_t *subnet, *old; +cp + if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3) + { + syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s)"), cl->name, cl->hostname); + return -1; + } + + /* Check if owner name is a valid */ + + if(!check_id(name)) + { + syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname); + return -1; + } + + /* Check if subnet string is valid */ + + if((subnet = str2net(subnetstr)) == -1) + { + syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname); + return -1; + } + + /* Check if somebody tries to delete a subnet of ourself */ + + if(!strcmp(name, myself->name)) + { + syslog(LOG_ERR, _("Warning: got DEL_SUBNET from %s (%s) for ourself, restarting"), + cl->name, cl->hostname); + sighup = 1; + return 0; + } + + /* Check if the owner of the new subnet is in the connection list */ + + if(!(owner = lookup_id(name)) + { + syslog(LOG_NOTICE, _("Got DEL_SUBNET for %s from %s (%s) which is not in our connection list"), + name, cl->name, cl->hostname); + } } /* New and closed connections notification */ @@ -466,10 +564,10 @@ cp { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->name, cl->hostname); return -1; - } + } /* Check if option string is valid */ - + if((new->options = str2opt(options)) == -1) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid option string"), cl->name, cl->hostname); @@ -477,15 +575,15 @@ cp } /* Check if identity is a valid name */ - + if(!check_id(new->name)) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid identity name"), cl->name, cl->hostname); return -1; } - + /* Check if somebody tries to add ourself */ - + if(!strcmp(new->name, myself->name)) { syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->name, cl->hostname); @@ -496,7 +594,7 @@ cp /* Fill in more of the new conn_list structure */ new->hostname = hostlookup(htonl(new->real_ip)); - + /* Check if the new host already exists in the connnection list */ if((old = lookup_id(new->name))) @@ -505,14 +603,14 @@ cp { if(debug_lvl > DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), - old->name, old->hostname, new->name, new->hostname); - return 0; + old->name, old->hostname, new->name, new->hostname); + return 0; } else { if(debug_lvl > DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"), - old->name, old->hostname); + old->name, old->hostname); old->status.active = 0; terminate_connection(old); } @@ -522,15 +620,15 @@ cp new->nexthop = cl; new->status.active = 1; - + /* Hook it up into the conn_list */ conn_list_add(conn_list, new); /* Tell the rest about the new host */ - + notify_others(new, cl, send_add_host); - + cp return 0; } @@ -539,7 +637,7 @@ int send_del_host(conn_list_t *cl, conn_list_t *other) { cp return send_request(cl, "%d %s %lx:%d", DEL_HOST, - other->name, other->real_ip, other->port); + other->name, other->real_ip, other->port); } int del_host_h(conn_list_t *cl) @@ -548,21 +646,21 @@ int del_host_h(conn_list_t *cl) ip_t address; port_t port; conn_list_t *old; - + cp if(sscanf(cl->buffer, "%*d %as %lx:%d", &id, &address, &port) != 3) { syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), - cl->name, cl->hostname); + cl->name, cl->hostname); return -1; - } + } /* Check if somebody tries to delete ourself */ - + if(!strcmp(id, myself->name)) { syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"), - cl->name, cl->hostname); + cl->name, cl->hostname); sighup = 1; return 0; } @@ -587,7 +685,7 @@ cp if(debug_lvl > DEBUG_CONNECTIONS) { syslog(LOG_NOTICE, _("Got DEL_HOST for %s from %s (%s) which is not in our connection list"), - id, cl->name, cl->hostname); + id, cl->name, cl->hostname); } cp return 0; @@ -612,14 +710,14 @@ cp if(sscanf(cl->buffer, "%*d %d %as", &statusno, &statusstring) != 2) { syslog(LOG_ERR, _("Got bad STATUS from %s (%s)"), - cl->name, cl->hostname); + cl->name, cl->hostname); return -1; } if(debug_lvl > DEBUG_STATUS) { syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), - cl->name, cl->hostname, status_text[statusno], statusstring); + cl->name, cl->hostname, status_text[statusno], statusstring); } cp @@ -643,14 +741,14 @@ cp if(sscanf(cl->buffer, "%*d %d %as", &errno, &errorstring) != 2) { syslog(LOG_ERR, _("Got bad error from %s (%s)"), - cl->name, cl->hostname); + cl->name, cl->hostname); return -1; } if(debug_lvl > DEBUG_error) { syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), - cl->name, cl->hostname, strerror(errno), errorstring); + cl->name, cl->hostname, strerror(errno), errorstring); } free(errorstring); @@ -714,7 +812,7 @@ cp { if(p!=cl && p->status.meta && p->status.active) send_request(p, "%d %s", KEY_CHANGED, - from->name); + from->name); } cp return 0; @@ -728,33 +826,33 @@ cp if(sscanf(cl->buffer, "%*d %as", &from_id) != 1) { syslog(LOG_ERR, _("Got bad KEY_CHANGED from %s (%s)"), - cl->name, cl->hostname); + cl->name, cl->hostname); return -1; - } + } if(!(from = lookup_id(from_id))) { syslog(LOG_ERR, _("Got KEY_CHANGED from %s (%s) origin %s which does not exist in our connection list"), - cl->name, cl->hostname, from_id); + cl->name, cl->hostname, from_id); free(from_id); return -1; } free(from_id); - + from->status.validkey = 0; from->status.waitingforkey = 0; - + send_key_changed(from, cl); cp return 0; } - + int send_req_key(conn_list_t *from, conn_list_t *to) { cp return send_request(to->nexthop, "%d %s %s", REQ_KEY, - from->name, to->name); + from->name, to->name); } int req_key_h(conn_list_t *cl) @@ -765,14 +863,14 @@ cp if(sscanf(cl->buffer, "%*d %as %as", &from_id, &to_id) != 2) { syslog(LOG_ERR, _("Got bad REQ_KEY from %s (%s)"), - cl->name, cl->hostname); + cl->name, cl->hostname); return -1; - } + } if(!(from = lookup_id(from_id))) { syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) origin %s which does not exist in our connection list"), - cl->name, cl->hostname, from_id); + cl->name, cl->hostname, from_id); free(from_id); free(to_id); return -1; } @@ -788,7 +886,7 @@ cp if(!(to = lookup_id(to_id))) { syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) destination %s which does not exist in our connection list"), - cl->name, cl->hostname, to_id); + cl->name, cl->hostname, to_id); free(from_id); free(to_id); return -1; } @@ -804,7 +902,7 @@ int send_ans_key(conn_list_t *from, conn_list_t *to, char *datakey) { cp return send_request(to->nexthop, "%d %s %s %s", ANS_KEY, - from->name, to->name, datakey); + from->name, to->name, datakey); } int ans_key_h(conn_list_t *cl) @@ -816,14 +914,14 @@ cp if(sscanf(cl->buffer, "%*d %as %as %as", &from_id, &to_id, &datakey) != 3) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s)"), - cl->name, cl->hostname); + cl->name, cl->hostname); return -1; - } + } if(!(from = lookup_id(from_id))) { syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) origin %s which does not exist in our connection list"), - cl->name, cl->hostname, from_id); + cl->name, cl->hostname, from_id); free(from_id); free(to_id); free(datakey); return -1; } @@ -833,13 +931,13 @@ cp if(!strcmp(to_id, myself->name)) { /* It is for us, convert it to binary and set the key with it. */ - + keylength = strlen(datakey); - + if((keylength%2) || (keylength <= 0)) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), - cl->name, cl->hostname, from->name); + cl->name, cl->hostname, from->name); free(from_id); free(to_id); free(datakey); return -1; } @@ -852,7 +950,7 @@ cp if(!(to = lookup_id(to_id))) { syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) destination %s which does not exist in our connection list"), - cl->name, cl->hostname, to_id); + cl->name, cl->hostname, to_id); free(from_id); free(to_id); free(datakey); return -1; } @@ -873,7 +971,7 @@ cp */ int notify_others(conn_list_t *new, conn_list_t *source, - int (*function)(conn_list_t*, conn_list_t*)) + int (*function)(conn_list_t*, conn_list_t*)) { conn_list_t *p; cp From 5afc1e98f436c4a2ed5da4b64293275b09632c79 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 22 Sep 2000 15:06:28 +0000 Subject: [PATCH 091/923] - Severe code reduction and simplification of challenge requests - "Finished" [add|del]_subnet_h - Added lots of sanity checks to [add|del]_host_h --- src/protocol.c | 349 ++++++++++++++++++++++++++++++------------------- 1 file changed, 218 insertions(+), 131 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 35b07882..78ab00d7 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.33 2000/09/17 21:42:05 guus Exp $ + $Id: protocol.c,v 1.28.4.34 2000/09/22 15:06:28 guus Exp $ */ #include "config.h" @@ -133,17 +133,21 @@ cp int send_id(conn_list_t *cl) { + int x; + char *optstr; cp - return send_request(cl, "%d %s %d %s", ID, - myself->name, myself->protocol_version, opt2str(myself->options)); + x = send_request(cl, "%d %s %d %s", ID, myself->name, myself->protocol_version, optstr=opt2str(myself->options)); + free(optstr); +cp + return x; } int id_h(conn_list_t *cl) { conn_list_t *old; - char *options; + char *optstr; cp - if(sscanf(cl->buffer, "%*d %as %d %as", &cl->name, &cl->protocol_version, &options) != 3) + if(sscanf(cl->buffer, "%*d %as %d %as", &cl->name, &cl->protocol_version, &optstr) != 3) { syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname); return -1; @@ -160,12 +164,15 @@ cp /* Check if option string is valid */ - if((cl->options = str2opt(options)) == -1) + if((cl->options = str2opt(optstr)) == -1) { syslog(LOG_ERR, _("Peer %s uses invalid option string"), cl->hostname); + free(optstr); return -1; } + free(optstr); + /* Check if identity is a valid name */ if(!check_id(cl->name)) @@ -210,111 +217,76 @@ cp int send_challenge(conn_list_t *cl) { - char *buffer; - int keylength; - int x; + char buffer[CHAL_LENGTH*2+1]; cp - if(cl->chal_answer) - free(cl->chal_answer); + /* Allocate buffers for the challenge */ - /* Allocate buffers for the challenge and the hash */ + if(!cl->hischallenge) + cl->hischallenge = xmalloc(CHAL_LENGTH); - cl->chal_answer = xmalloc(SHA_DIGEST_LENGTH); - keylength = BN_num_bytes(cl->rsakey->length); - buffer = xmalloc(keylength*2); + /* Copy random data to the buffer */ - /* Copy random data and the public key to the buffer */ - - RAND_bytes(buffer, keylength); - BN_bn2bin(cl->rsakey->length, buffer+keylength); - - /* If we don't have a blowfish key set yet, use the random data from the challenge to do so. */ - - if(!cl->status.encryptin) - { - set_metakey(cl, buffer, keylength); - } - - /* Calculate the hash from that */ - - SHA1(buffer, keylength*2, cl->chal_answer); + RAND_bytes(cl->hischallenge, CHAL_LENGTH); /* Convert the random data to a hexadecimal formatted string */ - bin2hex(buffer,buffer,keylength); + bin2hex(cl->hischallenge,buffer,CHAL_LENGTH); buffer[keylength*2] = '\0'; /* Send the challenge */ cl->allow_request = CHAL_REPLY; - x = send_request(cl, "%d %s", CHALLENGE, buffer); - free(buffer); - cl->status.encryptout = 1; cp - return x; + return send_request(cl, "%d %s", CHALLENGE, buffer); } int challenge_h(conn_list_t *cl) { - char *challenge; - int x; - + char *buffer; cp - if(sscanf(cl->buffer, "%*d %as", &cl->name, &challenge) != 1) + if(sscanf(cl->buffer, "%*d %as", &buffer) != 1) { syslog(LOG_ERR, _("Got bad CHALLENGE from %s (%s)"), cl->name, cl->hostname); return -1; } - /* Rest is done by send_chal_reply() */ - - x = send_chal_reply(cl, challenge); - free(challenge); -cp - return x; -} - -int send_chal_reply(conn_list_t *cl, char *challenge) -{ - char *buffer; - int keylength; - char *hash; - int x; - -cp - keylength = BN_num_bytes(myself->rsakey->length); - /* Check if the length of the challenge is all right */ - if(strlen(challenge) != keylength*2) + if(strlen(buffer) != CHAL_LENGTH*2) { syslog(LOG_ERR, _("Intruder: wrong challenge length from %s (%s)"), cl->name, cl->hostname); + free(buffer); return -1; } - /* Allocate buffers for the challenge and the hash */ + /* Allocate buffers for the challenge */ - buffer = xmalloc(keylength*2); - hash = xmalloc(SHA_DIGEST_LENGTH*2+1); + if(!cl->mychallenge) + cl->mychallenge = xmalloc(CHAL_LENGTH); - /* Copy the incoming random data and our public key to the buffer */ - - hex2bin(challenge, buffer, keylength); - BN_bn2bin(myself->rsakey->length, buffer+keylength); - - /* Calculate the hash from that */ - - SHA1(buffer, keylength*2, hash); - - /* If we don't have a blowfish key set yet, use the random data from the challenge to do so. */ - - if(!cl->status.encrypted) - { - set_metakey(cl, buffer, keylength); - cl->status.encrypted = 1; - } + /* Convert the challenge from hexadecimal back to binary */ + hex2bin(buffer,cl->mychallenge,CHAL_LENGTH); free(buffer); + + /* Rest is done by send_chal_reply() */ +cp + return send_chal_reply(cl); +} + +int send_chal_reply(conn_list_t *cl) +{ + char hash[SHA_DIGEST_LENGTH*2+1]; +cp + if(!cl->mychallenge) + { + syslog(LOG_ERR, _("Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE"), cl->name, cl->hostname); + return -1; + } + + /* Calculate the hash from the challenge we received */ + + SHA1(cl->mychallenge, CHAL_LENGTH, hash); /* Convert the hash to a hexadecimal formatted string */ @@ -328,17 +300,16 @@ cp else cl->allow_request = ACK; - x = send_request(cl, "%d %s", CHAL_REPLY, hash); - free(hash); cp - return x; + return send_request(cl, "%d %s", CHAL_REPLY, hash); } int chal_reply_h(conn_list_t *cl) { - char *hash; + char *hishash; + char myhash[SHA_DIGEST_LENGTH]; cp - if(sscanf(cl->buffer, "%*d %as", &cl->name, &hash) != 2) + if(sscanf(cl->buffer, "%*d %as", &hishash) != 2) { syslog(LOG_ERR, _("Got bad CHAL_REPLY from %s (%s)"), cl->name, cl->hostname); return -1; @@ -346,7 +317,7 @@ cp /* Check if the length of the hash is all right */ - if(strlen(hash) != SHA_DIGEST_LENGTH*2) + if(strlen(hishash) != SHA_DIGEST_LENGTH*2) { syslog(LOG_ERR, _("Intruder: wrong challenge reply length from %s (%s)"), cl->name, cl->hostname); return -1; @@ -354,24 +325,27 @@ cp /* Convert the hash to binary format */ - hex2bin(hash, hash, SHA_DIGEST_LENGTH); + hex2bin(hishash, hishash, SHA_DIGEST_LENGTH); + + /* Calculate the hash from the challenge we sent */ + + SHA1(cl->hischallenge, CHAL_LENGTH, myhash); /* Verify the incoming hash with the calculated hash */ - if(!memcmp(hash, cl->chal_answer, SHA_DIGEST_LENGTH)) + if(!memcmp(hishash, myhash, SHA_DIGEST_LENGTH)) { syslog(LOG_ERR, _("Intruder: wrong challenge reply from %s (%s)"), cl->name, cl->hostname); + free(hishash); return -1; } + free(hishash); + /* Identity has now been positively verified. If we are accepting this new connection, then send our identity, if we are making this connecting, acknowledge. */ - - free(hash); - free(cl->chal_answer); - cp if(cl->status.outgoing) { @@ -394,10 +368,9 @@ cp int ack_h(conn_list_t *cl) { conn_list_t *old; - cp /* Okay, before we active the connection, we check if there is another entry - in the connection list with the same vpn_ip. If so, it presumably is an + in the connection list with the same name. If so, it presumably is an old connection that has timed out but we don't know it yet. */ @@ -436,9 +409,14 @@ cp int send_add_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) { + int x; + char *netstr; cp - return send_request(cl, "%d %s %s", ADD_SUBNET, - other->name, net2str(subnet)); + x = send_request(cl, "%d %s %s", ADD_SUBNET, + other->name, netstr = net2str(subnet)); + free(netstr); +cp + return x; } int add_subnet_h(conn_list_t *cl) @@ -450,8 +428,9 @@ int add_subnet_h(conn_list_t *cl) cp if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3) { - syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s)"), cl->name, cl->hostname); - return -1; + syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s)"), cl->name, cl->hostname); + free(name); free(subnetstr); + return -1; } /* Check if owner name is a valid */ @@ -459,6 +438,7 @@ cp if(!check_id(name)) { syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname); + free(name); free(subnetstr); return -1; } @@ -467,8 +447,11 @@ cp if((subnet = str2net(subnetstr)) == -1) { syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname); + free(name); free(subnetstr); return -1; } + + free(subnetstr); /* Check if somebody tries to add a subnet of ourself */ @@ -476,6 +459,7 @@ cp { syslog(LOG_ERR, _("Warning: got ADD_SUBNET from %s (%s) for ourself, restarting"), cl->name, cl->hostname); + free(name); sighup = 1; return 0; } @@ -484,11 +468,15 @@ cp if(!(owner = lookup_id(name)) { - syslog(LOG_NOTICE, _("Got ADD_SUBNET for %s from %s (%s) which is not in our connection list"), + syslog(LOG_ERR, _("Got ADD_SUBNET for %s from %s (%s) which is not in our connection list"), name, cl->name, cl->hostname); + free(name); + return -1; } - + /* If everything is correct, add the subnet to the list of the owner */ +cp + return subnet_add(owner, subnet); } int send_del_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) @@ -506,8 +494,9 @@ int del_subnet_h(conn_list_t *cl) cp if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3) { - syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s)"), cl->name, cl->hostname); - return -1; + syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s)"), cl->name, cl->hostname); + free(name); free(subnetstr); + return -1; } /* Check if owner name is a valid */ @@ -515,6 +504,7 @@ cp if(!check_id(name)) { syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname); + free(name); free(subnetstr); return -1; } @@ -523,15 +513,19 @@ cp if((subnet = str2net(subnetstr)) == -1) { syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname); + free(name); free(subnetstr); return -1; } - /* Check if somebody tries to delete a subnet of ourself */ + free(subnetstr); + + /* Check if somebody tries to add a subnet of ourself */ if(!strcmp(name, myself->name)) { syslog(LOG_ERR, _("Warning: got DEL_SUBNET from %s (%s) for ourself, restarting"), cl->name, cl->hostname); + free(name); sighup = 1; return 0; } @@ -540,27 +534,40 @@ cp if(!(owner = lookup_id(name)) { - syslog(LOG_NOTICE, _("Got DEL_SUBNET for %s from %s (%s) which is not in our connection list"), + syslog(LOG_ERR, _("Got DEL_SUBNET for %s from %s (%s) which is not in our connection list"), name, cl->name, cl->hostname); + free(name); + return -1; } + + /* If everything is correct, add the subnet to the list of the owner */ +cp + return subnet_del(owner, subnet); } /* New and closed connections notification */ int send_add_host(conn_list_t *cl, conn_list_t *other) { + char *optstr; + int x; cp - return send_request(cl, "%d %s %lx:%d %s", ADD_HOST, other->name, other->real_ip, other->port, opt2str(other->options)); + x = send_request(cl, "%d %s %s %lx:%d %s", ADD_HOST, + myself->name, other->name, other->real_ip, other->port, optstr = opt2str(other->options)); + free(optstr); +cp + return x; } int add_host_h(conn_list_t *cl) { - char *options; - conn_list_t *old, *new; + char *optstr; + char *sender; + conn_list_t *old, *new, *hisuplink; cp new = new_conn_list(); - if(sscanf(cl->buffer, "%*d %as %lx:%d %as", &new->name, &new->real_ip, &new->port, &options) != 4) + if(sscanf(cl->buffer, "%*d %as %as %lx:%d %as", &sender, &new->name, &new->address, &new->port, &optstr) != 5) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->name, cl->hostname); return -1; @@ -568,17 +575,21 @@ cp /* Check if option string is valid */ - if((new->options = str2opt(options)) == -1) + if((new->options = str2opt(optstr)) == -1) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid option string"), cl->name, cl->hostname); + free(optstr); free(sender); return -1; } + free(optstr); + /* Check if identity is a valid name */ - if(!check_id(new->name)) + if(!check_id(new->name) || !check_id(sender)) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid identity name"), cl->name, cl->hostname); + free(sender); return -1; } @@ -588,9 +599,32 @@ cp { syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->name, cl->hostname); sighup = 1; + free(sender); return 0; } + /* We got an ADD_HOST from ourself!? */ + + if(!strcmp(sender, myself->name)) + { + syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) from ourself, restarting"), cl->name, cl->hostname); + sighup = 1; + free(sender); + return 0; + } + + /* Lookup his uplink */ + + if(!(new->hisuplink = lookup_id(sender)) + { + syslog(LOG_ERR, _("Got ADD_HOST from %s (%s) with origin %s which is not in our connection list"), + sender, cl->name, cl->hostname); + free(sender); + return -1; + } + + free(sender); + /* Fill in more of the new conn_list structure */ new->hostname = hostlookup(htonl(new->real_ip)); @@ -618,7 +652,7 @@ cp /* Fill in rest of conn_list structure */ - new->nexthop = cl; + new->myuplink = cl; new->status.active = 1; /* Hook it up into the conn_list */ @@ -635,58 +669,111 @@ cp int send_del_host(conn_list_t *cl, conn_list_t *other) { + char *optstr; + int x; cp - return send_request(cl, "%d %s %lx:%d", DEL_HOST, - other->name, other->real_ip, other->port); + x = send_request(cl, "%d %s %s %lx:%d %s", DEL_HOST, + myself->name, other->name, other->real_ip, other->port, optstr = opt2str(other->options)); + free(optstr); +cp + return x; } int del_host_h(conn_list_t *cl) { - char *id; + char *name; + char *sender; + char *opstr; ip_t address; port_t port; - conn_list_t *old; + int options; + conn_list_t *old, *hisuplink; cp - if(sscanf(cl->buffer, "%*d %as %lx:%d", &id, &address, &port) != 3) + if(sscanf(cl->buffer, "%*d %as %as %lx:%d %as", &sender, &name, &address, &port, &optstr) != 5) { syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), cl->name, cl->hostname); return -1; } + /* Check if option string is valid */ + + if((options = str2opt(optstr)) == -1) + { + syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s): invalid option string"), cl->name, cl->hostname); + free(optstr); free(sender); free(name); + return -1; + } + + free(optstr); + + /* Check if identity is a valid name */ + + if(!check_id(name) || !check_id(sender)) + { + syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s): invalid identity name"), cl->name, cl->hostname); + free(name); free(sender); + return -1; + } + /* Check if somebody tries to delete ourself */ - if(!strcmp(id, myself->name)) + if(!strcmp(name, myself->name)) { syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"), cl->name, cl->hostname); + free(name); free(sender); sighup = 1; return 0; } + /* We got an ADD_HOST from ourself!? */ + + if(!strcmp(sender, myself->name)) + { + syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) from ourself, restarting"), cl->name, cl->hostname); + sighup = 1; + free(name); free(sender); + return 0; + } + + /* Lookup his uplink */ + + if(!(hisuplink = lookup_id(sender)) + { + syslog(LOG_ERR, _("Got DEL_HOST from %s (%s) with origin %s which is not in our connection list"), + cl->name, cl->hostname, sender); + free(name); free(sender); + return -1; + } + + free(sender); + /* Check if the new host already exists in the connnection list */ - if((old = lookup_id(id))) + if(!(old = lookup_id(name))) { - if((address == old->real_ip) && (port == old->port)) - { - notify_others(old, cl, send_del_host); - - old->status.termreq = 1; - old->status.active = 0; - - terminate_connection(old); -cp - return 0; - } + syslog(LOG_ERR, _("Got DEL_HOST from %s (%s) for %s which is not in our connection list"), + name, cl->name, cl->hostname); + free(name); + return -1; + } + + /* Check if the rest matches */ + + if(address!=old->address || port!=old->port || options!=old->options || hisuplink!=old->hisuplink || cl!=old->myuplink) + { + syslog(LOG_WARNING, _("Got DEL_HOST from %s (%s) for %s which doesn't match"), cl->name, cl->hostname, old->name); + return 0; } - if(debug_lvl > DEBUG_CONNECTIONS) - { - syslog(LOG_NOTICE, _("Got DEL_HOST for %s from %s (%s) which is not in our connection list"), - id, cl->name, cl->hostname); - } + /* Ok, since EVERYTHING seems to check out all right, delete it */ + + old->status.termreq = 1; + old->status.active = 0; + + terminate_connection(old); cp return 0; } From 361690b18c1f5464db7b9cef235c648784780dfb Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 22 Sep 2000 16:20:07 +0000 Subject: [PATCH 092/923] - Removed options "string" stuff. It was a bad idea... - free() everything that is allocated. --- src/net.c | 16 +----- src/protocol.c | 142 ++++++++++++++----------------------------------- 2 files changed, 40 insertions(+), 118 deletions(-) diff --git a/src/net.c b/src/net.c index 783bfad0..f5f1b2fc 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.30 2000/09/15 12:58:39 zarq Exp $ + $Id: net.c,v 1.35.4.31 2000/09/22 16:20:07 guus Exp $ */ #include "config.h" @@ -93,20 +93,6 @@ cp cp } -int str2opt(const char *str) { - int r; - - r = 0; - return r; -} - -char *opt2str(int opt) { - static char s[50]; - - snprintf(s, 49, "%d", opt); - return &s; -} - int xsend(conn_list_t *cl, void *packet) { real_packet_t rp; diff --git a/src/protocol.c b/src/protocol.c index 78ab00d7..d52fd541 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.34 2000/09/22 15:06:28 guus Exp $ + $Id: protocol.c,v 1.28.4.35 2000/09/22 16:20:07 guus Exp $ */ #include "config.h" @@ -83,24 +83,43 @@ cp return -1; } - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], - cl->name, cl->hostname, buffer); - else if(debug_lvl >= DEBUG_PROTOCOL) + if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname); +cp + return send_meta(cl, buffer, length); +} +int send_meta(conn_list_t *cl, const char *buffer, int length) +{ +cp + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s): %s"), int length, + cl->name, cl->hostname, buffer); + if(cl->status.encryptin) { /* FIXME: Do encryption */ } - if((write(cl->meta_socket, buffer, len)) < 0) + if(write(cl->meta_socket, buffer, length) < 0) { - syslog(LOG_ERR, _("Sending meta data failed: %m")); + syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %m"), cl->name, cl->hostname); return -1; } cp + return 0; +} + +int broadcast_meta(conn_list_t *cl, const char *buffer, int length) +{ + conn_list_t *p; +cp + for(p = conn_list; p != NULL; p = p->next) + if(p != cl && p->status.meta && p->status.active) + send_meta(p, buffer, length); +cp + return 0; } /* Connection protocol: @@ -133,21 +152,15 @@ cp int send_id(conn_list_t *cl) { - int x; - char *optstr; cp - x = send_request(cl, "%d %s %d %s", ID, myself->name, myself->protocol_version, optstr=opt2str(myself->options)); - free(optstr); -cp - return x; + return send_request(cl, "%d %s %d %lx", ID, myself->name, myself->protocol_version, myself->options); } int id_h(conn_list_t *cl) { conn_list_t *old; - char *optstr; cp - if(sscanf(cl->buffer, "%*d %as %d %as", &cl->name, &cl->protocol_version, &optstr) != 3) + if(sscanf(cl->buffer, "%*d %as %d %lx", &cl->name, &cl->protocol_version, &cl->options) != 3) { syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname); return -1; @@ -162,17 +175,6 @@ cp return -1; } - /* Check if option string is valid */ - - if((cl->options = str2opt(optstr)) == -1) - { - syslog(LOG_ERR, _("Peer %s uses invalid option string"), cl->hostname); - free(optstr); - return -1; - } - - free(optstr); - /* Check if identity is a valid name */ if(!check_id(cl->name)) @@ -312,6 +314,7 @@ cp if(sscanf(cl->buffer, "%*d %as", &hishash) != 2) { syslog(LOG_ERR, _("Got bad CHAL_REPLY from %s (%s)"), cl->name, cl->hostname); + free(hishash); return -1; } @@ -320,6 +323,7 @@ cp if(strlen(hishash) != SHA_DIGEST_LENGTH*2) { syslog(LOG_ERR, _("Intruder: wrong challenge reply length from %s (%s)"), cl->name, cl->hostname); + free(hishash); return -1; } @@ -549,41 +553,24 @@ cp int send_add_host(conn_list_t *cl, conn_list_t *other) { - char *optstr; - int x; cp - x = send_request(cl, "%d %s %s %lx:%d %s", ADD_HOST, - myself->name, other->name, other->real_ip, other->port, optstr = opt2str(other->options)); - free(optstr); -cp - return x; + return send_request(cl, "%d %s %s %lx:%d %lx", ADD_HOST, + myself->name, other->name, other->real_ip, other->port, other->options); } int add_host_h(conn_list_t *cl) { - char *optstr; char *sender; conn_list_t *old, *new, *hisuplink; cp new = new_conn_list(); - if(sscanf(cl->buffer, "%*d %as %as %lx:%d %as", &sender, &new->name, &new->address, &new->port, &optstr) != 5) + if(sscanf(cl->buffer, "%*d %as %as %lx:%d %lx", &sender, &new->name, &new->address, &new->port, &new->options) != 5) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->name, cl->hostname); return -1; } - /* Check if option string is valid */ - - if((new->options = str2opt(optstr)) == -1) - { - syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid option string"), cl->name, cl->hostname); - free(optstr); free(sender); - return -1; - } - - free(optstr); - /* Check if identity is a valid name */ if(!check_id(new->name) || !check_id(sender)) @@ -669,45 +656,28 @@ cp int send_del_host(conn_list_t *cl, conn_list_t *other) { - char *optstr; - int x; cp - x = send_request(cl, "%d %s %s %lx:%d %s", DEL_HOST, - myself->name, other->name, other->real_ip, other->port, optstr = opt2str(other->options)); - free(optstr); -cp - return x; + return send_request(cl, "%d %s %s %lx:%d %lx", DEL_HOST, + myself->name, other->name, other->real_ip, other->port, other->options); } int del_host_h(conn_list_t *cl) { char *name; char *sender; - char *opstr; ip_t address; port_t port; int options; conn_list_t *old, *hisuplink; cp - if(sscanf(cl->buffer, "%*d %as %as %lx:%d %as", &sender, &name, &address, &port, &optstr) != 5) + if(sscanf(cl->buffer, "%*d %as %as %lx:%d %lx", &sender, &name, &address, &port, &options) != 5) { syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), cl->name, cl->hostname); return -1; } - /* Check if option string is valid */ - - if((options = str2opt(optstr)) == -1) - { - syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s): invalid option string"), cl->name, cl->hostname); - free(optstr); free(sender); free(name); - return -1; - } - - free(optstr); - /* Check if identity is a valid name */ if(!check_id(name) || !check_id(sender)) @@ -1049,43 +1019,7 @@ cp return 0; } -/* Old routines */ - -/* - Notify all my direct connections of a new host - that was added to the vpn, with the exception - of the source of the announcement. -*/ - -int notify_others(conn_list_t *new, conn_list_t *source, - int (*function)(conn_list_t*, conn_list_t*)) -{ - conn_list_t *p; -cp - for(p = conn_list; p != NULL; p = p->next) - if(p != new && p != source && p->status.meta && p->status.active) - function(p, new); -cp - return 0; -} - -/* - Notify one connection of everything - I have connected -*/ - -int notify_one(conn_list_t *new) -{ - conn_list_t *p; -cp - for(p = conn_list; p != NULL; p = p->next) - if(p != new && p->status.active) - send_add_host(new, p); -cp - return 0; -} - -/* "Complete overhaul". */ +/* Jumptable for the request handlers */ int (*request_handlers[])(conn_list_t*) = { id_h, challenge_h, chal_reply_h, ack_h, @@ -1096,6 +1030,8 @@ int (*request_handlers[])(conn_list_t*) = { key_changed_h, req_key_h, ans_key_h, }; +/* Request names */ + char (*request_name[]) = { "ID", "CHALLENGE", "CHAL_REPLY", "ACK", "STATUS", "ERROR", "TERMREQ", From 2c412009e5805f04c650889b19fcb38531f2aa50 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 25 Sep 2000 20:08:50 +0000 Subject: [PATCH 093/923] - Very detailed example of the authentication phase. --- doc/SECURITY | 70 +++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 66 insertions(+), 4 deletions(-) diff --git a/doc/SECURITY b/doc/SECURITY index 8ac8dc3c..5dce6397 100644 --- a/doc/SECURITY +++ b/doc/SECURITY @@ -12,7 +12,7 @@ This is the security documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: SECURITY,v 1.1.2.2 2000/09/17 20:11:59 guus Exp $ + $Id: SECURITY,v 1.1.2.3 2000/09/25 20:08:50 guus Exp $ 1. Authentication @@ -41,11 +41,13 @@ The authentication protocol (see protocol.c for the up-to-date version) is: (H) SHA1, (E) Encrypted with symmetric cipher. +See section 4 for a detailed example version of the authentication. + Authentication in tinc will be done in a way that is very similar to the way the SSH (Secure SHell) authentication protocol works. It is based on public key cryptography. -Every tinc host has it's own public/private key pair. Suppose there are two +Every tinc host has its own public/private key pair. Suppose there are two tinc hosts, A and B. If A and B trust each other, they store a copy of eachothers public key (in the same way passphrases were stored in versions of tinc <= 1.0pre2). They know these public keys beforehand, and the origin @@ -102,10 +104,13 @@ Other options for key exchange could be: * A second exchange of RSA encrypted random strings. This is equal to the former scheme just without knowing the hash value of - the unecrypted random string. + the unecrypted random string. Information theory tells that two seperate + RSA messages are as secure as one if the total amount of bits sent is the + same, so enlarging the challenge will make one exchange just as secure as + two seperate exchanges. * Diffie-Hellman with RSA signing. - This should be very secure, but there are a lot of pitholes with using both + This should be very secure, but there are a lot of pitfalls with using both encryption with public keys and private keys together with the same keypair. * Diffie-Hellman with passphrases. @@ -121,3 +126,60 @@ Since the generalized encryption functions of OpenSSL are used, any symmetric cipher that is available in OpenSSL could possibly be used. The default however will be Blowfish. Blowfish is widely in use and still has not been cracked today (as far as we know). It also is one of the faster ciphers available. + +4. Detailed "example" of communication +--------------------------------------- + +Tinc uses a peer-to-peer protocol, but during the authentication phase we will +make a distinction between a server (a tinc daemon listening for incoming +connections) and a client (a tinc daemon that is trying to connect to the tinc +daemon playing server). + +The message strings here are kept short for clarity. The real length of the +exchanged messages is indicated. The capital words ID, CHALLENGE, CHAL_REPLY +and ACK are in reality replaced by the numbers 1, 2, 3 and 4 respectively. + +daemon message +-------------------------------------------------------------------------- +server +client +server +client ID client 8 0 + | | +-> options + | +---> version + +-------> name of tinc daemon +server CHALLENGE 57fb4b2ccd70d6bb35a64c142f47e61d + \________/\__/ + | +----> 64 bits initial vector and + +-----------> 448 bits symmetric cipher key for meta + data sent to the server + \______________________________/ + +-> 2048 bits totally random string, encrypted + with client's public RSA key +client CHAL_REPLY 191e23 + +-> 160 bits SHA1 value of the complete decrypted + CHALLENGE sent by the server +server ID server 8 0 + | | +-> options + | +---> version + +-------> name of tinc daemon +client CHALLENGE da02add1817c1920989ba6ae2a49cecb + \________/\__/ + | +----> 64 bits initial vector and + +-----------> 448 bits symmetric cipher key for meta + data sent to the client + \______________________________/ + +-> 2048 bits totally random string, encrypted + with server's public RSA key +server CHAL_REPLY 2bdeed + +-> 160 bits SHA1 value of the complete decrypted + CHALLENGE sent by the client +client ACK +server ACK +-------------------------------------------------------------------------- + +When the server receives the ACK from the client, it should prepare itself +for the fact that any subsequent data will be encrypted with the key the server +sent itself in the CHALLENGE. Ofcourse, this key is taken from the decrypted +version of that CHALLENGE, so that we will know for sure only the real client +can send us messages. The same goes for the client when it receives an ACK. From c78a204f06182f50b0812c8e4fef6163e82097bf Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 26 Sep 2000 14:06:11 +0000 Subject: [PATCH 094/923] - Added meta.c which contains functions to send, receive and broadcast metadata. It will also handle encryption and decryption, and possibly compression and checksumming. - Moved request dispatcher to protocol.c. --- src/meta.c | 166 +++++++++++++++++++++++++++++++++++++++++++++++++ src/meta.h | 32 ++++++++++ src/net.c | 124 +----------------------------------- src/protocol.c | 56 +++++++++-------- src/protocol.h | 23 +++---- 5 files changed, 239 insertions(+), 162 deletions(-) create mode 100644 src/meta.c create mode 100644 src/meta.h diff --git a/src/meta.c b/src/meta.c new file mode 100644 index 00000000..21cbe964 --- /dev/null +++ b/src/meta.c @@ -0,0 +1,166 @@ +/* + meta.c -- handle the meta communication + Copyright (C) 2000 Guus Sliepen , + 2000 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: meta.c,v 1.1.2.1 2000/09/26 14:06:03 guus Exp $ +*/ + +#include "config.h" + +int send_meta(conn_list_t *cl, const char *buffer, int length) +{ + char outbuf[MAXBUFSIZE]; + char *bufp; +cp + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s): %s"), int length, + cl->name, cl->hostname, buffer); + + if(cl->status.encryptout) + { + if(EVP_EncryptUpdate(cl->cipher_outctx, cl->buffer + cl->buflen, NULL, inbuf, length) != 1) + { + syslog(LOG_ERR, _("Error during encryption of outgoing metadata to %s (%s)"), cl->name, cl->hostname); + return -1; + } + bufp = outbuf; + } + else + bufp = buffer; + + if(write(cl->meta_socket, bufp, length) < 0) + { + syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %m"), cl->name, cl->hostname); + return -1; + } +cp + return 0; +} + +int broadcast_meta(conn_list_t *cl, const char *buffer, int length) +{ + conn_list_t *p; +cp + for(p = conn_list; p != NULL; p = p->next) + if(p != cl && p->status.meta && p->status.active) + send_meta(p, buffer, length); +cp + return 0; +} + +int receive_meta(conn_list_t *cl) +{ + int x, l = sizeof(x); + int oldlen, i; + int lenin = 0; + char inbuf[MAXBUFSIZE]; + char *bufp; +cp + if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) + { + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket, + cl->name, cl->hostname); + return -1; + } + if(x) + { + syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), + cl->name, cl->hostname, strerror(x)); + return -1; + } + + if(cl->status.encryptin) + bufp = inbuf; + else + bufp = cl->buffer + cl->buflen; + + lenin = read(cl->meta_socket, bufp, MAXBUFSIZE - cl->buflen); + + if(lenin<=0) + { + if(errno==EINTR) + return 0; + if(errno==0) + { + if(debug_lvl>DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), + cl->name, cl->hostname); + } + else + syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"), + cl->name, cl->hostname); + return -1; + } + + if(cl->status.decryptin) + { + if(EVP_DecryptUpdate(cl->cipher_inctx, cl->buffer + cl->buflen, NULL, inbuf, lenin) != 1) + { + syslog(LOG_ERR, _("Error during decryption of incoming metadata from %s (%s)"), cl->name, cl->hostname); + return -1; + } + } + + oldlen = cl->buflen; + cl->buflen += lenin; + + for(;;) + { + cl->reqlen = 0; + + for(i = oldlen; i < cl->buflen; i++) + { + if(cl->buffer[i] == '\n') + { + cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */ + cl->reqlen = i + 1; + break; + } + } + + if(cl->reqlen) + { + if(debug_lvl > DEBUG_META) + syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), + cl->name, cl->hostname, cl->buffer); + + if(receive_request(cl)) + return -1; + + cl->buflen -= cl->reqlen; + memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen); + oldlen = 0; + } + else + { + break; + } + } + + if(cl->buflen >= MAXBUFSIZE) + { + syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), + cl->name, cl->hostname); + return -1; + } + + cl->last_ping_time = time(NULL); + cl->want_ping = 0; +cp + return 0; +} diff --git a/src/meta.h b/src/meta.h new file mode 100644 index 00000000..263131b5 --- /dev/null +++ b/src/meta.h @@ -0,0 +1,32 @@ +/* + protocol.h -- header for protocol.c + Copyright (C) 1999,2000 Ivo Timmermans , + 2000 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: meta.h,v 1.1.2.1 2000/09/26 14:06:04 guus Exp $ +*/ + +#ifndef __TINC_META_H__ +#define __TINC_META_H__ + +#include net.h + +extern int send_meta(conn_list_t *, const char *, int) +extern int broadcast_meta(conn_list_t *, const char *, int) +extern int receive_meta(conn_list_t *) + +#endif /* __TINC_META_H__ */ diff --git a/src/net.c b/src/net.c index f5f1b2fc..94c0e445 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.31 2000/09/22 16:20:07 guus Exp $ + $Id: net.c,v 1.35.4.32 2000/09/26 14:06:04 guus Exp $ */ #include "config.h" @@ -46,6 +46,7 @@ #include "net.h" #include "netutl.h" #include "protocol.h" +#include "meta.h" #include "system.h" @@ -1062,125 +1063,6 @@ cp return 0; } -/* - dispatch any incoming meta requests -*/ -int handle_incoming_meta_data(conn_list_t *cl) -{ - int x, l = sizeof(x); - int request, oldlen, i; - int lenin = 0; -cp - if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) - { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket, - cl->name, cl->hostname); - return -1; - } - if(x) - { - syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), - cl->name, cl->hostname, strerror(x)); - return -1; - } - - lenin = read(cl->meta_socket, cl->buffer+cl->buflen, MAXBUFSIZE - cl->buflen); - - if(lenin<=0) - { - if(errno==EINTR) - return 0; - if(errno==0) - { - if(debug_lvl>DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), - cl->name, cl->hostname); - } - else - syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"), - cl->name, cl->hostname); - return -1; - } - - if(cl->status.encryptin) - { - /* FIXME: do decryption. */ - } - - oldlen = cl->buflen; - cl->buflen += lenin; - - for(;;) - { - cl->reqlen = 0; - - for(i = oldlen; i < cl->buflen; i++) - { - if(cl->buffer[i] == '\n') - { - cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */ - cl->reqlen = i + 1; - break; - } - } - - if(cl->reqlen) - { - if(debug_lvl > DEBUG_PROTOCOL) - syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), - cl->name, cl->hostname, cl->buffer); - if(sscanf(cl->buffer, "%d", &request) == 1) - { - if((request < 0) || (request > 255) || (request_handlers[request] == NULL)) - { - syslog(LOG_ERR, _("Unknown request from %s (%s)"), - cl->name, cl->hostname); - return -1; - } - else - { - if(debug_lvl > DEBUG_PROTOCOL) - syslog(LOG_DEBUG, _("Got %s from %s (%s)"), - request_name[request], cl->name, cl->hostname); - } - if(request_handlers[request](cl)) - /* Something went wrong. Probably scriptkiddies. Terminate. */ - { - syslog(LOG_ERR, _("Error while processing %s from %s (%s)"), - request_name[request], cl->name, cl->hostname); - return -1; - } - } - else - { - syslog(LOG_ERR, _("Bogus data received from %s (%s)"), - cl->name, cl->hostname); - return -1; - } - - cl->buflen -= cl->reqlen; - memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen); - oldlen = 0; - } - else - { - break; - } - } - - if(cl->buflen >= MAXBUFSIZE) - { - syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), - cl->name, cl->hostname); - return -1; - } - - cl->last_ping_time = time(NULL); - cl->want_ping = 0; -cp - return 0; -} - /* check all connections to see if anything happened on their sockets @@ -1213,7 +1095,7 @@ cp if(p->status.meta) if(FD_ISSET(p->meta_socket, f)) - if(handle_incoming_meta_data(p) < 0) + if(receive_meta(p) < 0) { terminate_connection(p); return; diff --git a/src/protocol.c b/src/protocol.c index d52fd541..20a2fc35 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.35 2000/09/22 16:20:07 guus Exp $ + $Id: protocol.c,v 1.28.4.36 2000/09/26 14:06:06 guus Exp $ */ #include "config.h" @@ -43,6 +43,7 @@ #include "net.h" #include "netutl.h" #include "protocol.h" +#include "meta.h" #include "system.h" @@ -61,7 +62,7 @@ int check_id(char *id) return 1; } -/* Generic outgoing request routine - takes care of logging and error detection as well */ +/* Generic request routines - takes care of logging and error detection as well */ int send_request(conn_list_t *cl, const char *format, int request, /*args*/ ...) { @@ -89,37 +90,38 @@ cp return send_meta(cl, buffer, length); } - -int send_meta(conn_list_t *cl, const char *buffer, int length) +int receive_request(conn_list_t *cl) { -cp - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s): %s"), int length, - cl->name, cl->hostname, buffer); - - if(cl->status.encryptin) + int request; +cp + if(sscanf(cl->buffer, "%d", &request) == 1) { - /* FIXME: Do encryption */ + if((request < 0) || (request > 255) || (request_handlers[request] == NULL)) + { + syslog(LOG_ERR, _("Unknown request from %s (%s)"), + cl->name, cl->hostname); + return -1; + } + else + { + if(debug_lvl > DEBUG_PROTOCOL) + syslog(LOG_DEBUG, _("Got %s from %s (%s)"), + request_name[request], cl->name, cl->hostname); + } + if(request_handlers[request](cl)) + /* Something went wrong. Probably scriptkiddies. Terminate. */ + { + syslog(LOG_ERR, _("Error while processing %s from %s (%s)"), + request_name[request], cl->name, cl->hostname); + return -1; + } } - - if(write(cl->meta_socket, buffer, length) < 0) + else { - syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %m"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Bogus data received from %s (%s)"), + cl->name, cl->hostname); return -1; } -cp - return 0; -} - -int broadcast_meta(conn_list_t *cl, const char *buffer, int length) -{ - conn_list_t *p; -cp - for(p = conn_list; p != NULL; p = p->next) - if(p != cl && p->status.meta && p->status.active) - send_meta(p, buffer, length); -cp - return 0; } /* Connection protocol: diff --git a/src/protocol.h b/src/protocol.h index f3119aa8..d77c0455 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.7 2000/09/11 10:05:35 guus Exp $ + $Id: protocol.h,v 1.5.4.8 2000/09/26 14:06:11 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -29,17 +29,14 @@ incompatible version have different protocols. */ -enum { - PROT_RESERVED = 0, /* reserved: do not use. */ - PROT_NOT_IN_USE, - PROT_TOO_OLD = 2, - PROT_3, - PROT_4, - PROT_ECHELON, - PROT_6, - PROT_7, - PROT_CURRENT, /* protocol currently in use */ -}; +#define PROT_CURRENT 8 + +/* Length of the challenge. Since the challenge will also + contain the key for the symmetric cipher, it must be + quite large. + */ + +#define CHAL_LENGTH 2048 /* Request numbers */ @@ -79,5 +76,3 @@ extern int send_tcppacket(conn_list_t *, void *, int); extern int notify_others(conn_list_t *, conn_list_t *, int (*function)(conn_list_t*, conn_list_t*)); #endif /* __TINC_PROTOCOL_H__ */ - - From 676b1c0ea111406eb94a74ae12878dfd5ad9f56d Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 27 Sep 2000 20:32:29 +0000 Subject: [PATCH 095/923] Many updates, parts rewritten, added, shuffled around. --- doc/tinc.texi | 452 ++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 364 insertions(+), 88 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 85a4dae2..3302baa9 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -12,40 +12,42 @@ This is the info manual for tinc, a Virtual Private Network daemon. -Copyright 1998,199,2000 Ivo Timmermans +Copyright @copyright{} 1998,199,2000 Ivo Timmermans +, Guus Sliepen and +Wessel Dankers . - Permission is granted to make and distribute verbatim - copies of this manual provided the copyright notice and - this permission notice are preserved on all copies. - Permission is granted to copy and distribute modified - versions of this manual under the conditions for - verbatim copying, provided - that the entire resulting derived work is distributed - under the terms of a permission notice identical to this - one. +Permission is granted to make and distribute verbatim copies of this +manual provided the copyright notice and this permission notice are +preserved on all copies. + +Permission is granted to copy and distribute modified versions of this +manual under the conditions for verbatim copying, provided that the +entire resulting derived work is distributed under the terms of a +permission notice identical to this one. @end ifinfo @titlepage @title tinc Manual @subtitle Setting up a Virtual Private Network with tinc -@author Ivo Timmermans and Guus Sliepen +@author Ivo Timmermans and Guus Sliepen @page @vskip 0pt plus 1filll -Copyright @copyright{} 1998,1999,2000 Ivo Timmermans +@cindex copyright +Copyright @copyright{} 1998,1999,2000 Ivo Timmermans +, Guus Sliepen and +Wessel Dankers . - Permission is granted to make and distribute verbatim - copies of this manual provided the copyright notice and - this permission notice are preserved on all copies. +Permission is granted to make and distribute verbatim copies of this +manual provided the copyright notice and this permission notice are +preserved on all copies. - Permission is granted to copy and distribute modified - versions of this manual under the conditions for - verbatim copying, provided - that the entire resulting derived work is distributed - under the terms of a permission notice identical to this - one. +Permission is granted to copy and distribute modified versions of this +manual under the conditions for verbatim copying, provided that the +entire resulting derived work is distributed under the terms of a +permission notice identical to this one. @end titlepage @@ -54,8 +56,8 @@ Copyright @copyright{} 1998,1999,2000 Ivo Timmermans @menu * Introduction:: Introduction -* Configuring a Linux system:: Before compiling tinc -* Installing tinc:: +* Installing tinc - preparations:: +* Installing tinc - installation:: * Configuring tinc:: * Running tinc:: * Technical information:: @@ -63,12 +65,14 @@ Copyright @copyright{} 1998,1999,2000 Ivo Timmermans * Concept Index:: All used terms explained @end menu + +@contents + @c ================================================================== -@node Introduction, Configuring a Linux system, Top, Top +@node Introduction, Installing tinc - preparations, Top, Top @chapter Introduction -@c straight from the www page - +@cindex tinc tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet. @@ -86,12 +90,14 @@ process of tinc itself. @menu * VPNs:: Virtual Private Networks in general * tinc:: about tinc +* Supported platforms:: @end menu @c ================================================================== @node VPNs, tinc, Introduction, Introduction @section Virtual Private Networks +@cindex VPN A Virtual Private Network or VPN is a network that can only be accessed by a few elected computers that participate. This goal is achievable in more than just one way. @@ -131,9 +137,11 @@ that flows over the network. @c ================================================================== -@node tinc, , VPNs, Introduction +@node tinc, Supported platforms, VPNs, Introduction @section tinc +@cindex vpnd +@cindex ethertap I really don't quite remember what got us started, but it must have been Guus' idea. He wrote a simple implementation (about 50 lines of C) that used the @emph{ethertap} device that Linux knows of since somewhere @@ -158,23 +166,101 @@ available too. @c ================================================================== -@node Configuring a Linux system, Installing tinc, Introduction, Top -@chapter Configuring a Linux system +@node Supported platforms, , tinc, Introduction +@section Supported platforms -This chapter contains information on how a Linux system is configured -for the use of tinc. +tinc works on Linux, FreeBSD and Solaris. These are the three platforms +that are supported by the universial TUN/TAP device driver, so if +support for other operating systems is added to this driver, perhaps +tinc will run on them as well. Without this driver, tinc will most +likely compile and run, but it will not be able to send or receive data +packets. + +@c ================================================================== +@subsection Linux + +tinc was first written for Linux running on an intel x86 processor, so +this is the best supported platform. The protocol however, and actually +anything about tinc, has been rewritten to support random byte ordering +and arbitrary word length. So in theory it should run on other +processors that Linux runs on. Take care however, we haven't been able +to really test it yet. If you want to run tinc on another platform than +x86, and want to tell us how it went, please do so. + +tinc uses the ethertap device that is provided in the standard kernel +since version 2.1.60, so anything above that (2.2.x, 2.3.x, and the +2.4.0-testx (which is current at the time of this writing) kernel +versions) is able to support tinc. + + +@c ================================================================== +@subsection FreeBSD + +tinc on FreeBSD relies on the universial TUN/TAP driver for its data +acquisition from the kernel. Therefore, tinc suports the same platforms +as this driver. These are: FreeBSD 3.x, 4.x, 5.x. + + +@c ================================================================== +@subsection Solaris + +tinc on Solaris relies on the universial TUN/TAP driver for its data +acquisition from the kernel. Therefore, tinc suports the same platforms +as this driver. These are: Solaris, 2.1.x. + + +@c +@c +@c +@c +@c +@c +@c Preparing your system +@c +@c +@c +@c +@c + +@c ================================================================== +@node Installing tinc - preparations, Installing tinc - installation, Introduction, Top +@chapter Installing tinc: preparations + +This chapter contains information on how to prepare your system to +support tinc. @menu * Configuring the kernel:: -* Files Needed:: -* Setting up the devices:: +* Libraries:: @end menu @c ================================================================== -@node Configuring the kernel, Files Needed, Configuring a Linux system, Configuring a Linux system +@node Configuring the kernel, Libraries, Installing tinc - preparations, Installing tinc - preparations @section Configuring the kernel +If you are running Linux, chances are good that your kernel already +supports all the devices that tinc needs for proper operation. For +example, the standard kernel from Redhat Linux already has support for +ethertap and netlink compiled in. Debian users can use the modconf +utility to select the modules. If your Linux distribution supports this +method of selecting devices, look out for something called `ethertap', +and `netlink_dev'. You need both these devices. + +If you can install these devices in a similar manner, you may skip this +section. + +@menu +* Configuration of the Linux kernel:: +* Configuration of the FreeBSD kernel:: +* Configuration of the Solaris kernel:: +@end menu + + +@c ================================================================== +@node Configuration of the Linux kernel, Configuration of the FreeBSD kernel, Configuring the kernel, Configuring the kernel +@subsection Configuring the Linux kernel + Since this particular implementation only runs on 2.1 or higher Linux kernels, you should grab one (2.2 is current at this time). A 2.0 port is not really possible, unless someone tells me someone ported the @@ -185,9 +271,11 @@ new kernel, you should read the @uref{http://howto.linuxberg.com/LDP/HOWTO/Kernel-HOWTO.html, Kernel HOWTO} first. Do that now! -Here are the options you have to turn on/off when configuring a new +Here are the options you have to turn on when configuring a new kernel. +For kernel 2.2.x: + @example Code maturity level options [*] Prompt for development and/or incomplete code/drivers @@ -198,6 +286,19 @@ Network device support <*> Ethertap network tap @end example +For kernel 2.3.x and 2.4.x: + +@example +Code maturity level options +[*] Prompt for development and/or incomplete code/drivers +Networking options +[*] Kernel/User netlink socket +<*> Netlink device emulation +Network device support +<*> Universal TUN/TAP device driver support +@end example + + Any other options not mentioned here are not relevant to tinc. If you decide to build any of these as dynamic kernel modules, it's a good idea to add these lines to @file{/etc/modules.conf}. @@ -207,37 +308,204 @@ alias tap0 ethertap alias char-major-36 netlink_dev @end example +If you have a 2.4 kernel, you can also choose to use the `Ethertap +network tap' device. This is marked obsolete, because the universal +TUN/TAP driver is a newer implementation that is supposed to be used in +favor of ethertap. For tinc, it doesn't really matter which one you +choose; based on the device file name, tinc will make the right choice +about what protocol to use. + Finally, after having set up other options, build the kernel and boot -it. Unfortunately it's not possible to insert these modules in a running -kernel. +it. Unfortunately it's not possible to insert these modules in a +running kernel. @c ================================================================== -@node Files Needed, Setting up the devices, Configuring the kernel, Configuring a Linux system -@section Files Needed +@node Configuration of the FreeBSD kernel, Configuration of the Solaris kernel, Configuration of the Linux kernel, Configuring the kernel +@subsection Configuring the FreeBSD kernel -@subsubheading Device files +This section will contain information on how to configure your FreeBSD +kernel to support the universal TUN/TAP device. For 5.0 and 4.1 +systems, this is included in the kernel configuration, for earlier +systems (4.0 and 3.x), you need to install the universal TUN/TAP driver +yourself. + +Unfortunately somebody still has to write the text. + + +@c ================================================================== +@node Configuration of the Solaris kernel, , Configuration of the FreeBSD kernel, Configuring the kernel +@subsection Configuring the Solaris kernel + +This section will contain information on how to configure your Solaris +kernel to support the universal TUN/TAP device. You need to install +this driver yourself. + +Unfortunately somebody still has to write the text. + + +@c ================================================================== +@node Libraries, , Configuring the kernel, Installing tinc - preparations +@section Libraries + +@cindex requirements +Before you can configure or build tinc, you need to have two libraries +installed on your system, GMP and OpenSSL. If you try to configure tinc +without having installed both, configure will give you an error message, +and stop. + +@menu +* GMP:: +* OpenSSL:: +@end menu + + +@c ================================================================== +@node GMP, OpenSSL, Libraries, Libraries +@subsection GMP + +@cindex GMP +tinc uses the GNU Multiple Precision (GMP) library to do some +authentication-related calculations. tinc cannot run without this +library. If you try to configure the tinc source code without this +library installed, you will get an error message. + +Currently, versions 1.x, 2.x, 3.0 and 3.0.1 of this library are +supported. You may try to configure if you have another version +installed, chances are big it works without a problem. + +You can use your operating system's package manager to install this if +available. Make sure you install the development AND runtime versions +of this package. + +If you can't install GMP this way, you can get the source of this latest +version of this library from +@url{http://www.gnu.org/software/gmp/gmp.html}. Instructions on how to +configure, build and install this package are included within the +package. Please make sure you build development and runtime libraries +(which is the default). + + +@c ================================================================== +@node OpenSSL, , GMP, Libraries +@subsection OpenSSL + +@cindex OpenSSL +For all cryptography-related functions, tinc uses the functions provided +by the OpenSSL library. We recommend using version 0.9.5 or 0.9.6 of +this library. Other versions may also work, but we can guarantee +nothing. + +Disclaimers from the subsection on GMP also apply here; if this library +is not installed, you wil get an error when running configure. Support +for running tinc without having OpenSSL installed @emph{may} be added in +the future. + +If you have to install OpenSSL manually, you can get the source code +from @url{http://www.openssl.org/}. Instructions on how to configure, +build and install this package are included within the package. Please +make sure you build development and runtime libraries (which is the +default). + + +@c +@c +@c +@c Installing tinc +@c +@c +@c +@c + +@c ================================================================== +@node Installing tinc - installation, Configuring tinc, Installing tinc - preparations, Top +@chapter Installing tinc: installation + +If you use Redhat or Debian, you may want to install one of the +precompiled packages for your system. These packages are equipped with +system startup scripts and sample configurations. + +If you don't run either of these systems, or you want to compile tinc +for yourself, you can use the source. The source is distributed under +the GNU General Public License (GPL). Download the source from the +@uref{http://tinc.nl.linux.org/download.html, download page}, which has +the checksums of these files listed; you may wish to check these with +md5sum before continuing. + +tinc comes in a handy autoconf/automake package, which you can just +treat the same as any other package. Which is just untar it, type +`configure' and then `make'. + +More detailed instructions are in the file @file{INSTALL}, which is +included in the source distribution. + +@menu +* Building tinc:: +* System files:: +* Interfaces:: +@end menu + + +@c ================================================================== +@node Building tinc, System files, Installing tinc - installation, Installing tinc - installation +@section Building tinc + +Detailed instructions on configuring the source and building tinc can be +found in the file called @file{INSTALL}. + + +@c ================================================================== +@node System files, Interfaces, Building tinc, Installing tinc - installation +@section System files + +Before you can run tinc, you + +@menu +* Device files:: +* Other files:: +@end menu + + +@c ================================================================== +@node Device files, Other files, System files, System files +@subsection Device files First, you'll need the special device file(s) that form the interface -between the kernel and the daemon. If you are running the new 2.4 kernel and -you are using the devfs filesystem, then the tap device will be automatically -generated as @file{/dev/netlink/tap0}. Otherwise, you have to make it yourself: +between the kernel and the daemon. + +The permissions for these files have to be such that only the super user +may read/write to this file. You'd want this, because otherwise +eavesdropping would become a bit too easy. This does, however, imply +that you'd have to run tincd as root. + +If you use the universal TUN/TAP driver, you have to create the +following device files (unless they already exist): + +@example +mknod -m 600 /dev/... c .. .. +chown 0.0 /dev/... +@end example + +If you want to have more devices, the device numbers will be .. .. ... + +If you use Linux, and you run the new 2.4 kernel using the devfs +filesystem, then the tap device will be automatically generated as +@file{/dev/netlink/tap0}. + +If you use Linux and have kernel 2.2.x, you have to make the ethertap +devices: @example mknod -m 600 /dev/tap0 c 36 16 chown 0.0 /dev/tap0 @end example -The permissions now will be such that only the super user may read/write -to this file. You'd want this, because otherwise eavesdropping would -become a bit too easy. This does, however, imply that you'd have to run -tincd as root. +Any further ethertap devices have minor device number 16 through 31. -If you want to, you may also create more device files, which would be -numbered 0...15, with minor device numbers 16...31. They all should be -owned by root and have permission 600. Under devfs, these files will -be automatically generated. +@c ================================================================== +@node Other files, , Device files, System files +@subsection Other files @subsubheading @file{/etc/networks} @@ -266,15 +534,15 @@ tinc 655/udp TINC @c ================================================================== -@node Setting up the devices, , Files Needed, Configuring a Linux system -@section Setting up the devices +@node Interfaces, , System files, Installing tinc - installation +@section Interfaces Before you can start transmitting data over the tinc tunnel, you must set up the ethertap network devices. First, decide which IP addresses you want to have associated with these -devices, and what network mask they must have. You also need these -numbers when you are going to configure tinc itself. @xref{Configuring +devices, and what network mask they must have. You also need these +numbers when you are going to configure tinc itself. @xref{Configuring tinc}. It doesn't matter much which part you do first, setting up the network @@ -288,44 +556,52 @@ after me: ifconfig tap@emph{n} hw ether fe:fd:@emph{xx}:@emph{xx}:@emph{xx}:@emph{xx} @end example -The @emph{n} here is the number of the ethertap device you want to -use. It should be the same @emph{n} as the one you use for -@file{/dev/tap@emph{n}}. The @emph{xx}s are four hexadecimal numbers +The @emph{n} here is the number of the ethertap device you want to use. +It should be the same @emph{n} as the one you use for +@file{/dev/tap@emph{n}}. The @emph{xx}s are four hexadecimal numbers (0--ff). With previous versions of tincd, it didn't matter what they -were. But newer kernels require properly set up ethernet addresses. -In fact, the old behavior was wrong. It is required that the @emph{xx}s -match the numbers of the IP address you will give to the tap device -and to the MyOwnVPNIP configuration (which will be discussed later): +were. But newer kernels require properly set up ethernet addresses. In +fact, the old behavior was wrong. It is required that the @emph{xx}s +match the numbers of the IP address you will give to the tap device and +to the MyOwnVPNIP configuration (which will be discussed later). + +@cindex MAC address +@cindex hardware address +@strong{Tip}: for finding out what the MAC address of the tap interface +should be, you can use the following command: + +@example +$ printf 'fe:fd:%02x:%02x:%02x:%02x' 10 1 54 1 +fe:fd:0a:01:36:01 +@end example + +@cindex ifconfig +To activate the device, you have to assign an IP address to it. To set +an IP address @emph{IP} with network mask @emph{mask}, do the following: @example ifconfig tap@emph{n} @emph{xx}.@emph{xx}.@emph{xx}.@emph{xx} netmask @emph{mask} @end example -This will activate the device with an IP address @emph{IP} with network -mask @emph{mask}. The netmask is the mask of the @emph{entire} VPN network, -not just your own subnet. It is the same netmask you will have to specify -with the VpnMask configuration variable. +@cindex netmask +The netmask is the mask of the @emph{entire} VPN network, not just your +own subnet. It is the same netmask you will have to specify with the +VpnMask configuration variable. + + +@c +@c +@c +@c +@c Configuring tinc +@c +@c +@c +@c @c ================================================================== -@node Installing tinc, Configuring tinc, Configuring a Linux system, Top -@chapter Installing tinc - -First download it. This is the -@uref{http://tinc.nl.linux.org/download.html, download -page}, which has the checksums of these files listed; you may wish to -check these with md5sum before continuing. - -tinc comes in a handy autoconf/automake package, which you can just -treat the same as any other package. Which is just untar it, type -`configure' and then `make'. - -More detailed instructions are in the file @file{INSTALL}, which is -included in the source distribution. - - -@c ================================================================== -@node Configuring tinc, Running tinc, Installing tinc, Top +@node Configuring tinc, Running tinc, Installing tinc - installation, Top @chapter Configuring tinc @menu @@ -335,7 +611,6 @@ included in the source distribution. * Example:: @end menu - @c ================================================================== @node Multiple networks, How connections work, Configuring tinc, Configuring tinc @section Multiple networks @@ -514,6 +789,7 @@ the ethertap devices correctly. @node Example, , Configuration file, Configuring tinc @section Example + Imagine the following situation. An A-based company wants to connect three branch offices in B, C and D using the internet. All four offices have a 24/7 connection to the internet. @@ -868,7 +1144,7 @@ This chapter is a mixture of ideas, reasoning and explanation, please don't take it too serious. @menu -* Key Types:: +* Key Types:: * Key Management:: * Authentication:: * Protection:: @@ -908,8 +1184,7 @@ secure). @c ================================================================== @node Key Management, Authentication, Key Types, Security @subsection Key Management -@c FIXME: recheck -@c I did, it sounds sane :) [guus] +@c FIXME change for the current protocol @cindex Diffie-Hellman You can't just send a private encryption key to your peer, because @@ -978,6 +1253,7 @@ Swapping floppy disks in real life might be the best way to do this! Now we have securely hidden our data. But a malicious cracker may still bother you by randomly altering the encrypted data he intercepts. +@c FIXME what the hell is this all about? remove? IT @c ================================================================== @node About us, Concept Index, Technical information, Top From 2228b16159a7aff64e6559ee1635716154e67fe6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 1 Oct 2000 03:21:49 +0000 Subject: [PATCH 096/923] - Added subnet handling code - Other small changes to header files --- src/meta.h | 8 ++--- src/net.h | 43 +++++++++++++------------- src/subnet.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++++++++ src/subnet.h | 48 +++++++++++++++++++++++++++++ 4 files changed, 159 insertions(+), 26 deletions(-) create mode 100644 src/subnet.c create mode 100644 src/subnet.h diff --git a/src/meta.h b/src/meta.h index 263131b5..cd9c2985 100644 --- a/src/meta.h +++ b/src/meta.h @@ -1,7 +1,7 @@ /* - protocol.h -- header for protocol.c - Copyright (C) 1999,2000 Ivo Timmermans , - 2000 Guus Sliepen + meta.h -- header for meta.c + Copyright (C) 2000 Guus Sliepen , + 2000 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.h,v 1.1.2.1 2000/09/26 14:06:04 guus Exp $ + $Id: meta.h,v 1.1.2.2 2000/10/01 03:21:49 guus Exp $ */ #ifndef __TINC_META_H__ diff --git a/src/net.h b/src/net.h index 829255b2..3be9acf9 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.12 2000/09/15 12:58:40 zarq Exp $ + $Id: net.h,v 1.9.4.13 2000/10/01 03:21:49 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -58,14 +58,6 @@ typedef short length_t; struct conn_list_t; -typedef struct subnet_t { - ip_t netaddr; - ip_t netmask; - struct conn_list_t *owner; - struct subnet_t *next; - struct subnet_t *prev; -} subnet_t; - typedef struct vpn_packet_t { length_t len; /* the actual number of bytes in the `data' field */ unsigned char data[MAXSIZE]; @@ -123,33 +115,40 @@ typedef struct enc_key_t { typedef struct conn_list_t { char *name; /* name of this connection */ - ip_t vpn_ip; /* his vpn ip */ - ip_t vpn_mask; /* his vpn network address */ ip_t real_ip; /* his real (internet) ip */ - char *hostname; /* the hostname of its real ip */ + char *hostname; /* the hostname of its real ip */ short unsigned int port; /* his portnumber */ + int protocol_version; /* used protocol */ + int options; /* options turned on for this connection */ + int flags; /* his flags */ int socket; /* our udp vpn socket */ int meta_socket; /* our tcp meta socket */ - int protocol_version; /* used protocol */ status_bits_t status; /* status info */ - int options; /* options turned on for this connection */ - passphrase_t *pp; /* encoded passphrase */ packet_queue_t *sq; /* pending outgoing packets */ packet_queue_t *rq; /* pending incoming packets (they have no valid key to be decrypted with) */ enc_key_t *public_key; /* the other party's public key */ enc_key_t *datakey; /* encrypt data packets with this key */ - char *buffer; /* metadata input buffer */ + enc_key_t *rsakey; + + char *buffer; /* metadata input buffer */ int buflen; /* bytes read into buffer */ int reqlen; /* length of first request in buffer */ - int tcppacket; /* length of incoming TCP tunnelled packet */ - time_t last_ping_time; /* last time we saw some activity from the other end */ - int want_ping; /* 0 if there's no need to check for activity */ int allow_request; /* defined if there's only one request possible */ - char *chal_answer; /* answer to the given challenge */ - enc_key_t *rsakey; - struct conn_list_t *nexthop; /* nearest meta-hop in this direction */ + + time_t last_ping_time; /* last time we saw some activity from the other end */ + int want_ping; /* 0 if there's no need to check for activity. Shouldn't this go into status? (GS) */ + + char *mychallenge; /* challenge we received from him */ + char *hischallenge; /* challenge we sent to him */ + + struct conn_list_t *nexthop; /* nearest meta-hop in this direction, will be changed to myuplink (GS) */ + struct conn_list_t *hisuplink; /* his nearest meta-hop in our direction */ + struct conn_list_t *myuplink; /* our nearest meta-hop in his direction */ + + struct subnet_t *subnets; /* Pointer to a list of subnets belonging to this connection */ + struct conn_list_t *next; /* after all, it's a list of connections */ } conn_list_t; diff --git a/src/subnet.c b/src/subnet.c new file mode 100644 index 00000000..9c225f21 --- /dev/null +++ b/src/subnet.c @@ -0,0 +1,86 @@ +/* + subnet.c -- handle subnet lookups and lists + Copyright (C) 2000 Guus Sliepen , + 2000 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: subnet.c,v 1.1.2.1 2000/10/01 03:21:49 guus Exp $ +*/ + +#include "config.h" +#include "subnet.h" +#include "net.h" + +/* Allocating and freeing space for subnets */ + +subnet_t *new_subnet(void) +{ +cp +cp +} + +void free_subnet(subnet_t *subnet) +{ +cp +cp +} + +/* Linked list management */ + +int subnet_add(conn_list_t *cl, subnet_t *subnet) +{ +cp + subnet->next = cl->subnets->next; + subnet->prev = NULL; + subnet->next->prev = subnet + cl->subnets = subnet; +cp + return 0; +} + +int subnet_del(conn_list_t *cl, subnet_t *subnet) +{ +cp + if(subnet->prev) + { + subnet->prev->next = subnet->next; + } + else + { + subnet->owner->subnets = subnet->next; + } + + subnet->next->prev = subnet->prev; + free_subnet(subnet); +cp + return 0; +} + +/* Ascii representation of subnets */ + +subnet_t *str2net(char *subnetstr) +{ +cp +cp +} + +char *net2str(subnet_t *subnet) +{ +cp +cp +} + +/* Subnet lookup routines */ diff --git a/src/subnet.h b/src/subnet.h new file mode 100644 index 00000000..ceb67102 --- /dev/null +++ b/src/subnet.h @@ -0,0 +1,48 @@ +/* + subnet.h -- header for subnet.c + Copyright (C) 2000 Guus Sliepen , + 2000 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: subnet.h,v 1.1.2.1 2000/10/01 03:21:49 guus Exp $ +*/ + +#ifndef __TINC_SUBNET_H__ +#define __TINC_SUBNET_H__ + +enum{ + SUBNET_MAC = 0, + SUBNET_IPv4, + SUBNET_IPv6, +}; + +typedef struct subnet_t { + struct conn_list_t *owner; /* the owner of this subnet */ + struct conn_list_t *uplink; /* the uplink which we should send packets to for this subnet */ + + struct subnet_t *prev; /* previous subnet_t for this owner */ + struct subnet_t *next; /* next subnet_t for this owner */ + + int type; /* subnet type (IPv4? IPv6? MAC? something even weirder?) */ + + /* Okay this is IPv4 specific because we are lazy and don't want to implement + other types just now. Type should always be SUBNET_IPv4 for now. */ + + ip_t netaddr; + ip_t netmask; +} subnet_t; + +#endif /* __TINC_SUBNET_H__ */ From 73d0dcfcc1019ee745a422982b4e3ede9d59dd91 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Oct 2000 15:09:57 +0000 Subject: [PATCH 097/923] Removing cipher directory (all will be covered by OpenSSL). --- cipher/Makefile.am | 13 ------- cipher/cipher.c | 95 ---------------------------------------------- cipher/cipher.h | 41 -------------------- 3 files changed, 149 deletions(-) delete mode 100644 cipher/Makefile.am delete mode 100644 cipher/cipher.c delete mode 100644 cipher/cipher.h diff --git a/cipher/Makefile.am b/cipher/Makefile.am deleted file mode 100644 index c0e6e0d3..00000000 --- a/cipher/Makefile.am +++ /dev/null @@ -1,13 +0,0 @@ -## Process this file with automake to get Makefile.in - -noinst_LTLIBRARIES = libcipher.la - -INCLUDES = -I. -I$(top_builddir) -I$(top_srcdir)/src - -libcipher_la_SOURCES = cipher.c - -libcipher_la_LDFLAGS = - -noinst_HEADERS = cipher.h - -CFLAGS = @CFLAGS@ -DPKGLIBDIR="\"$(pkglibdir)/\"" diff --git a/cipher/cipher.c b/cipher/cipher.c deleted file mode 100644 index c9b7e3f5..00000000 --- a/cipher/cipher.c +++ /dev/null @@ -1,95 +0,0 @@ -/* - cipher.c -- wrapper functions for encryption algorithms - Copyright (C) 1999,2000 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "config.h" - -#include -#include -#include - -#include - -#include - -#include "net.h" - -void (*blowfish_cfb64_encrypt) (unsigned char*, unsigned char*, int, - BF_KEY*, unsigned char*, int*, int) = NULL; -void (*blowfish_set_key) (BF_KEY*, int, char*) = NULL; - -unsigned char initvec[] = { 0x22, 0x7b, 0xad, 0x55, 0x41, 0xf4, 0x3e, 0xf3 }; -BF_KEY encryption_key; - -void low_crypt_key(unsigned char *in, unsigned char *out, BF_KEY *k, long len, int c) -{ - int count = 7; - unsigned char ivec[8]; - - memcpy(ivec, initvec, 8); - - blowfish_cfb64_encrypt(in, out, len, k, &ivec[0], &count, c); -} - -void do_encrypt(vpn_packet_t *in, real_packet_t *out, enc_key_t *key) -{ - unsigned char ivec[8]; - int r; - - memcpy(ivec, initvec, 8); - cipher_set_key(&encryption_key, key->length, key->key); - low_crypt_key((char*)(&in->data), (char*)(&out->data.data), - &encryption_key, in->len, BF_ENCRYPT); - - out->len = in->len + 2; - r = (in->len + 2) % 8; - if(r) - out->len += (8-r); - out->len += 8; - /* The smallest multiple of 8 greater - than or equal to in->len + 8 */ - - out->data.len = in->len; -} - -void do_decrypt(real_packet_t *in, vpn_packet_t *out, enc_key_t *key) -{ - unsigned char ivec[8]; - - memcpy(ivec, initvec, 8); - cipher_set_key(&encryption_key, key->length, key->key); - low_crypt_key((char*)(&in->data.data), (char*)(&out->data), - &encryption_key, in->data.len, BF_DECRYPT); - out->len = in->data.len; -} - -void cipher_set_key(BF_KEY *k, int l, char *t) -{ - blowfish_set_key(k, l, t); -} - -int cipher_init(int which) -{ - void *dlhandle; - char *error; - - blowfish_cfb64_encrypt = BF_cfb64_encrypt; - blowfish_set_key = BF_set_key; - - return 0; -} diff --git a/cipher/cipher.h b/cipher/cipher.h deleted file mode 100644 index 460ce5c1..00000000 --- a/cipher/cipher.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - cipher.c -- header file for cipher.c - Copyright (C) 1999,2000 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef __TINC_CIPHER_H__ -#define __TINC_CIPHER_H__ - -#include -#include "net.h" - -enum { - CIPHER_BLOWFISH = 1, - CIPHER_IDEA -}; - -extern BF_KEY encryption_key; - -void low_crypt_key(unsigned char*, unsigned char*, BF_KEY*, long, int); - -void do_encrypt(vpn_packet_t *in, real_packet_t *out, enc_key_t *); -void do_decrypt(real_packet_t *in, vpn_packet_t *out, enc_key_t *); - -void cipher_set_key(BF_KEY*, int, char*); -int cipher_init(int); - -#endif /* __TINC_CIPHER_H__ */ From 950fb8e916b0e248dcaa72c96859acd6046683aa Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 11 Oct 2000 10:35:17 +0000 Subject: [PATCH 098/923] Big and bad commit of my current tree... - Added seperate file for connection list handling - Updating everything to use connlist, meta and subnet files - Removed dependency on libgmp - Lots of other stuff... --- AUTHORS | 2 - Makefile.am | 2 +- configure.in | 4 +- src/Makefile.am | 8 +-- src/connlist.c | 183 ++++++++++++++++++++++++++++++++++++++++++++++++ src/connlist.h | 90 ++++++++++++++++++++++++ src/encr.h | 5 +- src/meta.c | 31 ++++---- src/meta.h | 10 +-- src/net.c | 155 +++++++++++++++------------------------- src/net.h | 76 ++++++-------------- src/netutl.c | 122 +------------------------------- src/netutl.h | 9 +-- src/protocol.h | 3 +- src/subnet.c | 160 +++++++++++++++++++++++++++++++++++++++--- src/subnet.h | 52 +++++++++++--- 16 files changed, 579 insertions(+), 333 deletions(-) create mode 100644 src/connlist.c create mode 100644 src/connlist.h diff --git a/AUTHORS b/AUTHORS index aa39942e..532543f4 100644 --- a/AUTHORS +++ b/AUTHORS @@ -5,5 +5,3 @@ Ivo Timmermans These files are from other sources: * lib/pidfile.h and lib/pidfile.c are by Martin Schulze, taken from the syslog 1.3 sources. - * The files in cipher/blowfish/ are from the SSLeay package by - Eric Young. diff --git a/Makefile.am b/Makefile.am index 0a91b08c..19ae3014 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2,7 +2,7 @@ AUTOMAKE_OPTIONS = gnu -SUBDIRS = m4 intl lib cipher src doc po redhat debian +SUBDIRS = m4 intl lib src doc po redhat debian ACLOCAL_AMFLAGS = diff --git a/configure.in b/configure.in index cd7172f7..c553e785 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.5 2000/09/11 11:40:46 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.6 2000/10/11 10:35:15 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre3) @@ -103,6 +103,6 @@ AC_CHECK_FUNC(gethostbyname, [], [ AC_CHECK_LIB(nsl, gethostbyname) ]) -AC_OUTPUT([Makefile src/Makefile cipher/Makefile +AC_OUTPUT([Makefile src/Makefile doc/Makefile intl/Makefile lib/Makefile m4/Makefile po/Makefile.in redhat/Makefile debian/Makefile]) diff --git a/src/Makefile.am b/src/Makefile.am index a76194b1..9755bae8 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,18 +1,18 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.1 2000/06/06 10:24:33 zarq Exp $ +# $Id: Makefile.am,v 1.4.4.2 2000/10/11 10:35:15 guus Exp $ sbin_PROGRAMS = tincd genauth genauth_SOURCES = genauth.c -tincd_SOURCES = conf.c encr.c net.c netutl.c protocol.c tincd.c +tincd_SOURCES = conf.c connlist.c meta.c net.c netutl.c protocol.c subnet.c tincd.c INCLUDES = -I$(top_builddir) -I$(top_srcdir)/cipher -I$(top_srcdir)/lib -I$(top_srcdir)/intl -noinst_HEADERS = conf.h encr.h net.h netutl.h protocol.h +noinst_HEADERS = conf.h connlist.h meta.h net.h netutl.h protocol.h subnet.h LIBS = @LIBS@ @INTLLIBS@ -tincd_LDADD = $(top_builddir)/cipher/libcipher.la \ +tincd_LDADD = \ $(top_builddir)/lib/libvpn.a genauth_LDADD = $(top_builddir)/lib/libvpn.a diff --git a/src/connlist.c b/src/connlist.c new file mode 100644 index 00000000..12a501f1 --- /dev/null +++ b/src/connlist.c @@ -0,0 +1,183 @@ +/* + connlist.c -- connection list management + Copyright (C) 2000 Guus Sliepen , + 2000 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: connlist.c,v 1.1.2.1 2000/10/11 10:35:15 guus Exp $ +*/ + +#include "config.h" +#include + +#include "connlist.h" + +/* Root of the connection list */ + +conn_list_t *conn_list = NULL; +conn_list_t *myself = NULL; + +/* Creation and deletion of conn_list elements */ + +conn_list_t *new_conn_list(void) +{ + conn_list_t *p = xmalloc(sizeof(*p)); +cp + /* initialise all those stupid pointers at once */ + memset(p, '\0', sizeof(*p)); +cp + return p; +} + +void free_conn_list(conn_list_t *p) +{ +cp + if(p->sq) + destroy_queue(p->sq); + if(p->rq) + destroy_queue(p->rq); + if(p->name) + free(p->name); + if(p->hostname) + free(p->hostname); + free_key(p->public_key); + free_key(p->datakey); + free(p); +cp +} + +/* + remove all marked connections +*/ +void prune_conn_list(void) +{ + conn_list_t *p, *prev = NULL, *next = NULL; +cp + for(p = conn_list; p != NULL; ) + { + next = p->next; + + if(p->status.remove) + { + if(prev) + prev->next = next; + else + conn_list = next; + + free_conn_element(p); + } + else + prev = p; + + p = next; + } +cp +} + +/* + free all elements of conn_list +*/ +void destroy_conn_list(void) +{ + conn_list_t *p, *next; +cp + for(p = conn_list; p != NULL; ) + { + next = p->next; + free_conn_element(p); + p = next; + } + + conn_list = NULL; +cp +} + +/* Linked list management */ + +void conn_list_add(conn_list_t *cl) +{ +cp + cl->next = connlist; + cl->prev = NULL; + cl->next->prev = cl; + connlist = cl; +cp +} + +void conn_list_del(conn_list_t *cl) +{ +cp + if(cl->prev) + cl->prev->next = cl->next; + else + connlist = cl->next; + + cl->next->prev = cl->prev; + free_conn_list(cl); +cp +} + +/* Lookup functions */ + +conn_list_t *lookup_conn_list_mac(mac_t address) +{ + conn_list_t *p; +cp + for(p = conn_list; p != NULL; p = p->next) + if(lookup_subnet_mac(p, address)) + break; +cp + return p; +} + +conn_list_t *lookup_conn_list_ipv4(ipv4_t address) +{ + conn_list_t *p; +cp + for(p = conn_list; p != NULL; p = p->next) + if(lookup_subnet_ipv4(p, address)) + break; +cp + return p; +} + +conn_list_t *lookup_conn_list_ipv6(ipv6_t address) +{ + conn_list_t *p; +cp + for(p = conn_list; p != NULL; p = p->next) + if(lookup_subnet_ipv6(p, address)) + break; +cp + return p; +} + +/* Debugging */ + +void dump_conn_list(void) +{ + conn_list_t *p; +cp + syslog(LOG_DEBUG, _("Connection list:")); + + for(p = conn_list; p != NULL; p = p->next) + { + syslog(LOG_DEBUG, _("%s netmask %d.%d.%d.%d at %s port %hd flags %d sockets %d, %d status %04x"), + p->name, IP_ADDR_V(p->vpn_mask), p->hostname, p->port, p->flags, + p->socket, p->meta_socket, p->status); + } +cp +} diff --git a/src/connlist.h b/src/connlist.h new file mode 100644 index 00000000..7ded0bfa --- /dev/null +++ b/src/connlist.h @@ -0,0 +1,90 @@ +/* + connlist.h -- header for connlist.c + Copyright (C) 2000 Guus Sliepen , + 2000 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: connlist.h,v 1.1.2.1 2000/10/11 10:35:15 guus Exp $ +*/ + +#ifndef __TINC_CONNLIST_H__ +#define __TINC_CONNLIST_H__ + +#include + +#include "net.h" +#include "subnet.h" + +typedef struct conn_list_t { + char *name; /* name of this connection */ + ip_t real_ip; /* his real (internet) ip */ + char *hostname; /* the hostname of its real ip */ + short unsigned int port; /* his portnumber */ + int protocol_version; /* used protocol */ + int options; /* options turned on for this connection */ + + int flags; /* his flags */ + int socket; /* our udp vpn socket */ + int meta_socket; /* our tcp meta socket */ + status_bits_t status; /* status info */ + packet_queue_t *sq; /* pending outgoing packets */ + packet_queue_t *rq; /* pending incoming packets (they have no + valid key to be decrypted with) */ + enc_key_t *public_key; /* the other party's public key */ + enc_key_t *datakey; /* encrypt data packets with this key */ + enc_key_t *rsakey; + + EVP_CIPHER_CTX *cipher_inctx; /* Context of encrypted meta data that will come from him to us */ + EVP_CIPHER_CTX *cipher_outctx; /* Context of encrypted meta data that will be sent from us to him */ + + EVP_CIPHER_CTX *cipher_pktctx; /* Context of encrypted vpn packets that will be sent to him */ + EVP_CIPHER *cipher_pkttype; /* Cipher type for encrypted vpn packets */ + char *cipher_pktkey; /* Cipher key */ + char *cipher_pktiv; /* Cipher input vector */ + + char *buffer; /* metadata input buffer */ + int buflen; /* bytes read into buffer */ + int reqlen; /* length of first request in buffer */ + int allow_request; /* defined if there's only one request possible */ + + time_t last_ping_time; /* last time we saw some activity from the other end */ + int want_ping; /* 0 if there's no need to check for activity. Shouldn't this go into status? (GS) */ + + char *mychallenge; /* challenge we received from him */ + char *hischallenge; /* challenge we sent to him */ + + struct conn_list_t *nexthop; /* nearest meta-hop in this direction, will be changed to myuplink (GS) */ + struct conn_list_t *hisuplink; /* his nearest meta-hop in our direction */ + struct conn_list_t *myuplink; /* our nearest meta-hop in his direction */ + + struct subnet_t *subnets; /* Pointer to a list of subnets belonging to this connection */ + + struct conn_list_t *next; /* after all, it's a list of connections */ +} conn_list_t; + +extern conn_list_t *conn_list; +extern conn_list_t *myself; + +extern conn_list_t *new_conn_list(); +extern void free_conn_list(conn_list_t *); +extern void add_conn_list(conn_list_t *); +extern void del_conn_list(conn_list_t *); +extern conn_list_t *lookup_conn_list_mac(mac_t); +extern conn_list_t *lookup_conn_list_ipv4(ipv4_t); +extern conn_list_t *lookup_conn_list_ipv6(ipv6_t); +extern void dump_conn_list(void); + +#endif /* __TINC_CONNLIST_H__ */ diff --git a/src/encr.h b/src/encr.h index 77e9923c..3b3aead7 100644 --- a/src/encr.h +++ b/src/encr.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: encr.h,v 1.2.4.1 2000/06/25 15:22:16 guus Exp $ + $Id: encr.h,v 1.2.4.2 2000/10/11 10:35:15 guus Exp $ */ #ifndef __TINC_ENCR_H__ @@ -32,9 +32,6 @@ extern int my_key_expiry; extern int security_init(void); -extern void do_bf_encrypt(vpn_packet_t *, real_packet_t *); -extern void do_bf_decrypt(real_packet_t *, vpn_packet_t *); - extern int send_portnumbers(int); extern void set_shared_key(char *); extern int send_passphrase(conn_list_t *); diff --git a/src/meta.c b/src/meta.c index 21cbe964..85781b83 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,27 +17,34 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.1 2000/09/26 14:06:03 guus Exp $ + $Id: meta.c,v 1.1.2.2 2000/10/11 10:35:15 guus Exp $ */ #include "config.h" +#include -int send_meta(conn_list_t *cl, const char *buffer, int length) +#include +#include +#include +#include +#include + +#include "net.h" +#include "system.h" + +int send_meta(conn_list_t *cl, char *buffer, int length) { char outbuf[MAXBUFSIZE]; char *bufp; + int outlen; cp if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s): %s"), int length, + syslog(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s): %s"), length, cl->name, cl->hostname, buffer); if(cl->status.encryptout) { - if(EVP_EncryptUpdate(cl->cipher_outctx, cl->buffer + cl->buflen, NULL, inbuf, length) != 1) - { - syslog(LOG_ERR, _("Error during encryption of outgoing metadata to %s (%s)"), cl->name, cl->hostname); - return -1; - } + EVP_EncryptUpdate(cl->cipher_outctx, outbuf, &outlen, buffer, length); bufp = outbuf; } else @@ -84,7 +91,7 @@ cp return -1; } - if(cl->status.encryptin) + if(cl->status.decryptin) bufp = inbuf; else bufp = cl->buffer + cl->buflen; @@ -109,11 +116,7 @@ cp if(cl->status.decryptin) { - if(EVP_DecryptUpdate(cl->cipher_inctx, cl->buffer + cl->buflen, NULL, inbuf, lenin) != 1) - { - syslog(LOG_ERR, _("Error during decryption of incoming metadata from %s (%s)"), cl->name, cl->hostname); - return -1; - } + EVP_DecryptUpdate(cl->cipher_inctx, cl->buffer + cl->buflen, NULL, inbuf, lenin); } oldlen = cl->buflen; diff --git a/src/meta.h b/src/meta.h index cd9c2985..2784947c 100644 --- a/src/meta.h +++ b/src/meta.h @@ -17,16 +17,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.h,v 1.1.2.2 2000/10/01 03:21:49 guus Exp $ + $Id: meta.h,v 1.1.2.3 2000/10/11 10:35:16 guus Exp $ */ #ifndef __TINC_META_H__ #define __TINC_META_H__ -#include net.h +#include "net.h" -extern int send_meta(conn_list_t *, const char *, int) -extern int broadcast_meta(conn_list_t *, const char *, int) -extern int receive_meta(conn_list_t *) +extern int send_meta(conn_list_t *, const char *, int); +extern int broadcast_meta(conn_list_t *, const char *, int); +extern int receive_meta(conn_list_t *); #endif /* __TINC_META_H__ */ diff --git a/src/net.c b/src/net.c index 94c0e445..2efd3408 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.32 2000/09/26 14:06:04 guus Exp $ + $Id: net.c,v 1.35.4.33 2000/10/11 10:35:16 guus Exp $ */ #include "config.h" @@ -37,7 +37,6 @@ #include #include -#include #include #include @@ -69,11 +68,8 @@ conn_list_t *myself = NULL; */ void strip_mac_addresses(vpn_packet_t *p) { - unsigned char tmp[MAXSIZE]; cp - memcpy(tmp, p->data, p->len); - p->len -= 12; - memcpy(p->data, &tmp[12], p->len); + memmove(p->data, p->data + 12, p->len -= 12); cp } @@ -82,39 +78,37 @@ cp */ void add_mac_addresses(vpn_packet_t *p) { - unsigned char tmp[MAXSIZE]; cp - memcpy(&tmp[12], p->data, p->len); + memcpy(p->data + 12, p->data, p->len); p->len += 12; - tmp[0] = tmp[6] = 0xfe; - tmp[1] = tmp[7] = 0xfd; - *((ip_t*)(&tmp[2])) = (ip_t)(htonl(myself->vpn_ip)); - *((ip_t*)(&tmp[8])) = *((ip_t*)(&tmp[26])); - memcpy(p->data, &tmp[0], p->len); + p->data[0] = p->data[6] = 0xfe; + p->data[1] = p->data[7] = 0xfd; + /* Really evil pointer stuff just below! */ + *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->real_ip)); + *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26])); cp } -int xsend(conn_list_t *cl, void *packet) +int xsend(conn_list_t *cl, vpn_packet_t *inpkt) { - real_packet_t rp; + vpn_packet_t outpkt; + int outlen, outpad; cp - do_encrypt((vpn_packet_t*)packet, &rp, cl->datakey); - rp.from = htonl(myself->vpn_ip); - rp.data.len = htons(rp.data.len); - rp.len = htons(rp.len); - + outpkt.len = inpkt->len; + EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktiv); + EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); + EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad); + outlen += outpad; + if(debug_lvl > 3) syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), - ntohs(rp.len), cl->name, cl->hostname); + outlen, cl->name, cl->hostname); - total_socket_out += ntohs(rp.len); + total_socket_out += outlen; cl->want_ping = 1; - if((cl->flags | myself->flags) & TCPONLY) - return send_tcppacket(cl, (void*)&rp, ntohs(rp.len)); - - if((send(cl->socket, (char*)&rp, ntohs(rp.len), 0)) < 0) + if((send(cl->socket, (char *) &(outpkt.len), outlen + 2, 0)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->name, cl->hostname); @@ -124,25 +118,28 @@ cp return 0; } -int xrecv(conn_list_t *cl, void *packet) +int xrecv(vpn_packet_t *inpkt) { - vpn_packet_t vp; - int lenin; + vpn_packet_t outpkt; + int outlen, outpad; cp - do_decrypt((real_packet_t*)packet, &vp, cl->datakey); - add_mac_addresses(&vp); - if(debug_lvl > 3) - syslog(LOG_ERR, _("Receiving packet of %d bytes from %s (%s)"), - ((real_packet_t*)packet)->len, cl->name, cl->hostname); + syslog(LOG_ERR, _("Receiving packet of %d bytes"), + inpkt->len); - if((lenin = write(tap_fd, &vp, vp.len + sizeof(vp.len))) < 0) + outpkt.len = inpkt->len; + EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktiv); + EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); + /* FIXME: grok DecryptFinal + EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad); + */ + + add_mac_addresses(&outpkt); + + if(write(tap_fd, outpkt.data, outpkt.len) < 0) syslog(LOG_ERR, _("Can't write to tap device: %m")); else - total_tap_out += lenin; - - cl->want_ping = 0; - cl->last_ping_time = time(NULL); + total_tap_out += outpkt.len; cp return 0; } @@ -347,11 +344,11 @@ cp if(!cl->status.validkey) { if(debug_lvl > 3) - syslog(LOG_INFO, _("%s (%s) has no valid key, queueing packet"), + syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), cl->name, cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); if(!cl->status.waitingforkey) - send_key_request(cl->vpn_ip); /* Keys should be sent to the host running the tincd */ + send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */ return 0; } @@ -603,19 +600,14 @@ int setup_myself(void) cp myself = new_conn_list(); - if(!(cfg = get_config_val(myvpnip))) - { - syslog(LOG_ERR, _("No value for my VPN IP given")); - return -1; - } - - myself->vpn_ip = cfg->data.ip->ip; - myself->hostname = hostlookup(htonl(myself->vpn_ip)); - myself->vpn_mask = cfg->data.ip->mask; + myself->hostname = "MYSELF"; /* FIXME? */ myself->flags = 0; - if(!(cfg = get_config_val(tincname))) - asprintf(&(myself->name), IP_ADDR_S, IP_ADDR_V(myself->vpn_ip)); + if(!(cfg = get_config_val(tincname))) /* Not acceptable */ + { + syslog(LOG_ERR, _("Name for tinc daemon required!")); + return -1; + } else myself->name = (char*)cfg->data.val; @@ -865,65 +857,32 @@ cp udp socket and write it to the ethertap device after being decrypted */ -int handle_incoming_vpn_data(conn_list_t *cl) +int handle_incoming_vpn_data() { - real_packet_t rp; + vpn_packet_t pkt; int lenin; int x, l = sizeof(x); - conn_list_t *f; cp - if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) + if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), - __FILE__, __LINE__, cl->socket, - cl->name, cl->hostname); + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), + __FILE__, __LINE__, myself->socket); return -1; } if(x) { - syslog(LOG_ERR, _("Incoming data socket error for %s (%s): %s"), - cl->name, cl->hostname, strerror(x)); + syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); return -1; } - rp.len = -1; - lenin = recvfrom(cl->socket, &rp, MTU, 0, NULL, NULL); - if(lenin <= 0) + if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, NULL, NULL) <= 0) { - syslog(LOG_ERR, _("Receiving packet from %s (%s) failed: %m"), - cl->name, cl->hostname); + syslog(LOG_ERR, _("Receiving packet failed: %m")); return -1; } - total_socket_in += lenin; - rp.data.len = ntohs(rp.data.len); - rp.len = ntohs(rp.len); - rp.from = ntohl(rp.from); - - if(rp.len >= 0) - { - f = lookup_conn(rp.from); - if(!f) - { - syslog(LOG_ERR, _("Got packet from %s (%s) with unknown origin %d.%d.%d.%d?"), - cl->name, cl->hostname, IP_ADDR_V(rp.from)); - return -1; - } - - if(f->status.validkey) - xrecv(f, &rp); - else - { - add_queue(&(f->rq), &rp, rp.len); - if(!cl->status.waitingforkey) - send_key_request(rp.from); - } - - if(my_key_expiry <= time(NULL)) - regenerate_keys(); - } cp - return 0; + return xrecv(&pkt); } /* @@ -1036,13 +995,13 @@ cp accept a new tcp connect and create a new connection */ -int handle_new_meta_connection(conn_list_t *cl) +int handle_new_meta_connection() { conn_list_t *ncn; struct sockaddr client; int nfd, len = sizeof(client); cp - if((nfd = accept(cl->meta_socket, &client, &len)) < 0) + if((nfd = accept(myself->meta_socket, &client, &len)) < 0) { syslog(LOG_ERR, _("Accepting a new connection failed: %m")); return -1; @@ -1103,10 +1062,10 @@ cp } if(FD_ISSET(myself->socket, f)) - handle_incoming_vpn_data(myself); + handle_incoming_vpn_data(); if(FD_ISSET(myself->meta_socket, f)) - handle_new_meta_connection(myself); + handle_new_meta_connection(); cp } diff --git a/src/net.h b/src/net.h index 3be9acf9..8d416ec2 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.13 2000/10/01 03:21:49 guus Exp $ + $Id: net.h,v 1.9.4.14 2000/10/11 10:35:16 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -26,6 +26,7 @@ #include "config.h" #include "conf.h" +#include "connlist.h" #define MAXSIZE 1700 /* should be a bit more than the MTU for the tapdevice */ #define MTU 1600 @@ -52,23 +53,29 @@ #define EXPORTINDIRECTDATA 0x0002 /* Used to indicate uplink that it has to tell others to do INDIRECTDATA */ #define TCPONLY 0x0004 /* Tells sender to send packets over TCP instead of UDP (for firewalls) */ -typedef unsigned long ip_t; -typedef unsigned short port_t; -typedef short length_t; +typedef struct mac_t +{ + unsigned char x[6]; +} mac_t; -struct conn_list_t; +typedef unsigned long ipv4_t; + +typedef ipv4_t ip_t; /* alias for ipv4_t */ + +typedef struct ipv6_t +{ + unsigned short x[8]; +} ipv6_t; + +typedef unsigned short port_t; + +typedef short length_t; typedef struct vpn_packet_t { length_t len; /* the actual number of bytes in the `data' field */ unsigned char data[MAXSIZE]; } vpn_packet_t; -typedef struct real_packet_t { - length_t len; /* the length of the entire packet */ - ip_t from; /* where the packet came from */ - vpn_packet_t data; /* encrypted vpn_packet_t */ -} real_packet_t; - typedef struct passphrase_t { unsigned short len; unsigned char *phrase; @@ -87,8 +94,7 @@ typedef struct status_bits_t { int waitingforkey:1; /* 1 if we already sent out a request */ int dataopen:1; /* 1 if we have a valid UDP connection open */ int encryptout:1; /* 1 if we can encrypt outgoing traffic */ - int encryptin:1; /* 1 if we have to decrypt incoming traffic */ - int encrypted:1; + int decryptin:1; /* 1 if we have to decrypt incoming traffic */ int unused:18; } status_bits_t; @@ -113,45 +119,6 @@ typedef struct enc_key_t { time_t expiry; } enc_key_t; -typedef struct conn_list_t { - char *name; /* name of this connection */ - ip_t real_ip; /* his real (internet) ip */ - char *hostname; /* the hostname of its real ip */ - short unsigned int port; /* his portnumber */ - int protocol_version; /* used protocol */ - int options; /* options turned on for this connection */ - - int flags; /* his flags */ - int socket; /* our udp vpn socket */ - int meta_socket; /* our tcp meta socket */ - status_bits_t status; /* status info */ - packet_queue_t *sq; /* pending outgoing packets */ - packet_queue_t *rq; /* pending incoming packets (they have no - valid key to be decrypted with) */ - enc_key_t *public_key; /* the other party's public key */ - enc_key_t *datakey; /* encrypt data packets with this key */ - enc_key_t *rsakey; - - char *buffer; /* metadata input buffer */ - int buflen; /* bytes read into buffer */ - int reqlen; /* length of first request in buffer */ - int allow_request; /* defined if there's only one request possible */ - - time_t last_ping_time; /* last time we saw some activity from the other end */ - int want_ping; /* 0 if there's no need to check for activity. Shouldn't this go into status? (GS) */ - - char *mychallenge; /* challenge we received from him */ - char *hischallenge; /* challenge we sent to him */ - - struct conn_list_t *nexthop; /* nearest meta-hop in this direction, will be changed to myuplink (GS) */ - struct conn_list_t *hisuplink; /* his nearest meta-hop in our direction */ - struct conn_list_t *myuplink; /* our nearest meta-hop in his direction */ - - struct subnet_t *subnets; /* Pointer to a list of subnets belonging to this connection */ - - struct conn_list_t *next; /* after all, it's a list of connections */ -} conn_list_t; - extern int tap_fd; extern int total_tap_in; @@ -159,9 +126,6 @@ extern int total_tap_out; extern int total_socket_in; extern int total_socket_out; -extern conn_list_t *conn_list; -extern conn_list_t *myself; - extern char *request_name[256]; extern char *status_text[10]; @@ -174,7 +138,7 @@ extern void main_loop(void); extern int setup_vpn_connection(conn_list_t *); extern void terminate_connection(conn_list_t *); extern void flush_queues(conn_list_t*); -extern int xrecv(conn_list_t *, void *); +extern int xrecv(vpn_packet_t *); extern void add_queue(packet_queue_t **, void *, size_t); #endif /* __TINC_NET_H__ */ diff --git a/src/netutl.c b/src/netutl.c index c5ff5b76..0a0a3fed 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.10 2000/09/15 12:58:40 zarq Exp $ + $Id: netutl.c,v 1.12.4.11 2000/10/11 10:35:17 guus Exp $ */ #include "config.h" @@ -41,25 +41,6 @@ #include "system.h" -/* - look for a connection associated with the given vpn ip, - return its connection structure. - Skips connections that are not activated! -*/ -conn_list_t *lookup_conn(ip_t ip) -{ - conn_list_t *p = conn_list; -cp - /* Exact match suggested by James B. MacLean */ - for(p = conn_list; p != NULL; p = p->next) - if((ip == p->vpn_ip) && p->status.active) - return p; - for(p = conn_list; p != NULL; p = p->next) - if(((ip & p->vpn_mask) == (p->vpn_ip & p->vpn_mask)) && p->status.active) - return p; -cp - return NULL; -} /* free a queue and all of its elements @@ -80,93 +61,6 @@ cp cp } -/* - free a conn_list_t element and all its pointers -*/ -void free_conn_element(conn_list_t *p) -{ -cp - if(p->sq) - destroy_queue(p->sq); - if(p->rq) - destroy_queue(p->rq); - if(p->name) - free(p->name); - if(p->hostname) - free(p->hostname); - free_key(p->public_key); - free_key(p->datakey); - free(p); -cp -} - -/* - remove all marked connections -*/ -void prune_conn_list(void) -{ - conn_list_t *p, *prev = NULL, *next = NULL; -cp - for(p = conn_list; p != NULL; ) - { - next = p->next; - - if(p->status.remove) - { - if(prev) - prev->next = next; - else - conn_list = next; - - free_conn_element(p); - } - else - prev = p; - - p = next; - } -cp -} - -/* - creates new conn_list element, and initializes it -*/ -conn_list_t *new_conn_list(void) -{ - conn_list_t *p = xmalloc(sizeof(*p)); -cp - /* initialise all those stupid pointers at once */ - memset(p, '\0', sizeof(*p)); - p->vpn_mask = (ip_t)(~0L); /* If this isn't done, it would be a - wastebucket for all packets with - unknown destination. */ - p->nexthop = p; -cp - return p; -} - -/* - free all elements of conn_list -*/ -void destroy_conn_list(void) -{ - conn_list_t *p, *next; -cp - for(p = conn_list; p != NULL; ) - { - next = p->next; - free_conn_element(p); - p = next; - } - - conn_list = NULL; -cp -} - -/* - look up the name associated with the ip - address `addr' -*/ char *hostlookup(unsigned long addr) { @@ -238,17 +132,3 @@ cp return ip; } -void dump_conn_list(void) -{ - conn_list_t *p; -cp - syslog(LOG_DEBUG, _("Connection list:")); - - for(p = conn_list; p != NULL; p = p->next) - { - syslog(LOG_DEBUG, _("%s netmask %d.%d.%d.%d at %s port %hd flags %d sockets %d, %d status %04x"), - p->name, IP_ADDR_V(p->vpn_mask), p->hostname, p->port, p->flags, - p->socket, p->meta_socket, p->status); - } -cp -} diff --git a/src/netutl.h b/src/netutl.h index 932814fa..6b6130b1 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.1 2000/06/25 15:22:16 guus Exp $ + $Id: netutl.h,v 1.2.4.2 2000/10/11 10:35:17 guus Exp $ */ #ifndef __TINC_NETUTL_H__ @@ -24,14 +24,7 @@ #include "net.h" -extern conn_list_t *lookup_conn(ip_t); -extern void free_conn_element(conn_list_t *); -extern void free_conn_list(conn_list_t*); -extern void prune_conn_list(void); -extern conn_list_t *new_conn_list(void); -extern void destroy_conn_list(void); extern char *hostlookup(unsigned long); extern ip_mask_t *strtoip(char*); -extern void dump_conn_list(void); #endif /* __TINC_NETUTL_H__ */ diff --git a/src/protocol.h b/src/protocol.h index d77c0455..e4fd5f1c 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,13 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.8 2000/09/26 14:06:11 guus Exp $ + $Id: protocol.h,v 1.5.4.9 2000/10/11 10:35:17 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ #define __TINC_PROTOCOL_H__ #include "net.h" +#include "subnet.h" /* Protocol version. Different versions are incompatible, incompatible version have different protocols. diff --git a/src/subnet.c b/src/subnet.c index 9c225f21..9a882570 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,10 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.1 2000/10/01 03:21:49 guus Exp $ + $Id: subnet.c,v 1.1.2.2 2000/10/11 10:35:17 guus Exp $ */ #include "config.h" +#include + +#include #include "subnet.h" #include "net.h" @@ -29,29 +32,30 @@ subnet_t *new_subnet(void) { cp -cp + return (subnet_t *)xmalloc(sizeof(subnet_t)); } void free_subnet(subnet_t *subnet) { cp -cp + free(subnet); } /* Linked list management */ -int subnet_add(conn_list_t *cl, subnet_t *subnet) +void subnet_add(conn_list_t *cl, subnet_t *subnet) { cp + /* FIXME: do sorting on netmask size if necessary */ + subnet->next = cl->subnets->next; subnet->prev = NULL; - subnet->next->prev = subnet + subnet->next->prev = subnet; cl->subnets = subnet; cp - return 0; } -int subnet_del(conn_list_t *cl, subnet_t *subnet) +void subnet_del(conn_list_t *cl, subnet_t *subnet) { cp if(subnet->prev) @@ -62,25 +66,163 @@ cp { subnet->owner->subnets = subnet->next; } - + subnet->next->prev = subnet->prev; free_subnet(subnet); cp - return 0; } /* Ascii representation of subnets */ subnet_t *str2net(char *subnetstr) { + int type; + subnet_t *subnet; cp + if(sscanf(subnetstr, "%d,", &type) != 1) + return NULL; + + subnet = new_subnet(); + + switch(type) + { + case SUBNET_MAC: + if(sscanf(netstr, "%d,%hhx:%hhx:%hhx:%hhx:%hhx:%hhx", &subnet->type, + &subnet->net.mac.x[0], + &subnet->net.mac.x[1], + &subnet->net.mac.x[2], + &subnet->net.mac.x[3], + &subnet->net.mac.x[4], + &subnet->net.mac.x[5]) != 7) + { + free_subnet(subnet); + return NULL; + } + break; + case SUBNET_IPv4: + if(sscanf(subnetstr, "%d,%lx:%lx", &subnet->type, &subnet->net.ipv4.address, &subnet->net.ipv4.mask) != 3) + { + free_subnet(subnet); + return NULL; + } + break; + case SUBNET_IPv6: + if(sscanf(netstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", &subnet->type, + &subnet->net.ipv6.address.x[0], + &subnet->net.ipv6.address.x[1], + &subnet->net.ipv6.address.x[2], + &subnet->net.ipv6.address.x[3], + &subnet->net.ipv6.address.x[4], + &subnet->net.ipv6.address.x[5], + &subnet->net.ipv6.address.x[6], + &subnet->net.ipv6.address.x[7], + &subnet->net.ipv6.mask.x[0], + &subnet->net.ipv6.mask.x[1], + &subnet->net.ipv6.mask.x[2], + &subnet->net.ipv6.mask.x[3], + &subnet->net.ipv6.mask.x[4], + &subnet->net.ipv6.mask.x[5], + &subnet->net.ipv6.mask.x[6], + &subnet->net.ipv6.mask.x[7]) != 17) + { + free_subnet(subnet); + return NULL; + } + break; + break; + default: + free_subnet(subnet); + return NULL; cp + return subnet; } char *net2str(subnet_t *subnet) { + char *netstr; cp + switch(subnet->type) + { + case SUBNET_MAC: + asprintf(netstr, "%d,%hhx:%hhx:%hhx:%hhx:%hhx:%hhx", subnet->type, + subnet->net.mac.x[0], + subnet->net.mac.x[1], + subnet->net.mac.x[2], + subnet->net.mac.x[3], + subnet->net.mac.x[4], + subnet->net.mac.x[5]); + case SUBNET_IPv4: + asprintf(netstr, "%d,%lx:%lx", subnet->type, subnet->net.ipv4.address, subnet->net.ipv4.mask); + case SUBNET_IPv6: + asprintf(netstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", + subnet->net.ipv6.address.x[0], + subnet->net.ipv6.address.x[1], + subnet->net.ipv6.address.x[2], + subnet->net.ipv6.address.x[3], + subnet->net.ipv6.address.x[4], + subnet->net.ipv6.address.x[5], + subnet->net.ipv6.address.x[6], + subnet->net.ipv6.address.x[7], + subnet->net.ipv6.mask.x[0], + subnet->net.ipv6.mask.x[1], + subnet->net.ipv6.mask.x[2], + subnet->net.ipv6.mask.x[3], + subnet->net.ipv6.mask.x[4], + subnet->net.ipv6.mask.x[5], + subnet->net.ipv6.mask.x[6], + subnet->net.ipv6.mask.x[7]); + default: + netstr = NULL; + } cp + return netstr; } /* Subnet lookup routines */ + +subnet_t *lookup_subnet_mac(subnet_t *subnets, mac_t address) +{ + subnet_t *subnet; +cp + for(subnet = subnets; subnet != NULL; subnet = subnet->next) + { + if(subnet->type == SUBNET_MAC) + if(memcmp(&address, &subnet->net.mac.address, sizeof(address)) == 0) + break; + } +cp + return subnet; +} + +subnet_t *lookup_subnet_ipv4(subnet_t *subnets, ipv4_t address) +{ + subnet_t *subnet; +cp + for(subnet = subnets; subnet != NULL; subnet = subnet->next) + { + if(subnet->type == SUBNET_IPV4) + if((address & subnet->net.ipv4.mask) == subnet->net.ipv4.address) + break; + } +cp + return subnet; +} + +subnet_t *lookup_subnet_ipv6(subnet_t *subnets, ipv6_t address) +{ + subnet_t *subnet; +cp + for(subnet = subnets; subnet != NULL; subnet = subnet->next) + { + if(subnet->type == SUBNET_IPV6) + { + for(i=0; i<8; i++) + if((address.x[i] & subnet->net.ipv6.mask.x[i]) != subnet->net.ipv6.address.x[i]) + break; + if(i=8) + break; + } + } +cp + return subnet; +} diff --git a/src/subnet.h b/src/subnet.h index ceb67102..b31226c0 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,18 +17,39 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.1 2000/10/01 03:21:49 guus Exp $ + $Id: subnet.h,v 1.1.2.2 2000/10/11 10:35:17 guus Exp $ */ #ifndef __TINC_SUBNET_H__ #define __TINC_SUBNET_H__ -enum{ +#include "net.h" +#include "connlist.h" + +enum +{ SUBNET_MAC = 0, - SUBNET_IPv4, - SUBNET_IPv6, + SUBNET_IPV4, + SUBNET_IPV6, }; +typedef struct subnet_mac_t +{ + mac_t address; +} subnet_mac_t; + +typedef struct subnet_ipv4_t +{ + ipv4_t address; + ipv4_t mask; +} subnet_ipv4_t; + +typedef struct subnet_ipv6_t +{ + ipv6_t address; + ipv6_t mask; +} subnet_ipv6_t; + typedef struct subnet_t { struct conn_list_t *owner; /* the owner of this subnet */ struct conn_list_t *uplink; /* the uplink which we should send packets to for this subnet */ @@ -38,11 +59,26 @@ typedef struct subnet_t { int type; /* subnet type (IPv4? IPv6? MAC? something even weirder?) */ - /* Okay this is IPv4 specific because we are lazy and don't want to implement - other types just now. Type should always be SUBNET_IPv4 for now. */ + /* And now for the actual subnet: */ - ip_t netaddr; - ip_t netmask; + union + { + subnet_mac_t mac; + subnet_ipv4_t ipv4; + subnet_ipv6_t ipv6; + } net; + } subnet_t; +extern subnet_t *new_subnet(void); +extern void free_subnet(subnet_t *); +extern void subnet_add(conn_list_t *, subnet_t *); +extern void subnet_del(subnet_t *); +extern char *net2str(subnet_t *); +extern subnet_t *str2net(char *); +extern subnet_t *lookup_subnet_mac(subnet_t *, mac_t); +extern subnet_t *lookup_subnet_ipv4(subnet_t *, ipv4_t); +extern subnet_t *lookup_subnet_ipv6(subnet_t *, ipv6_t); + + #endif /* __TINC_SUBNET_H__ */ From 451e9e3e7a968151de541de68603a01f0922b415 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 11 Oct 2000 12:07:27 +0000 Subject: [PATCH 099/923] - Changed genauth to produce rsa keypairs instead of random passphrases. --- src/genauth.c | 96 +++++++++++++++++++++++++-------------------------- 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/src/genauth.c b/src/genauth.c index 1d264576..fa2e1ec7 100644 --- a/src/genauth.c +++ b/src/genauth.c @@ -1,6 +1,7 @@ /* - genauth.c -- generate a random passphrase + genauth.c -- generate public/private keypairs Copyright (C) 1998,1999,2000 Ivo Timmermans + 2000 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -16,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: genauth.c,v 1.7 2000/05/31 18:21:27 zarq Exp $ + $Id: genauth.c,v 1.7.4.1 2000/10/11 12:07:27 guus Exp $ */ #include "config.h" @@ -24,20 +25,49 @@ #include #include #include +#include #include -#include "encr.h" - #include "system.h" -unsigned char initvec[] = { 0x22, 0x7b, 0xad, 0x55, 0x41, 0xf4, 0x3e, 0xf3 }; +#define RSA_PUBLIC_EXPONENT 65535 + +void indicator(int a, int b, void *p) +{ + switch(a) + { + case 0: + fprintf(stderr, "."); + break; + case 1: + fprintf(stderr, "+"); + break; + case 2: + fprintf(stderr, "-"); + break; + case 3: + switch(b) + { + case 0: + fprintf(stderr, " p\n"); + break; + case 1: + fprintf(stderr, " q\n"); + break; + default: + fprintf(stderr, "?"); + } + break; + default: + fprintf(stderr, "?"); + } +} int main(int argc, char **argv) { - FILE *fp; - int bits, c, i, bytes; - unsigned char *p; + int bits; + RSA *key; setlocale (LC_ALL, ""); bindtextdomain (PACKAGE, LOCALEDIR); @@ -51,54 +81,24 @@ int main(int argc, char **argv) if(!argv[1]) argv[1] = "1024"; - - if(!(bits = atol(argv[1]))) + + bits = atol(argv[1]); + + if(bits<32) { fprintf(stderr, _("Illegal number: %s\n"), argv[1]); return 1; } + + bits = ((bits - 1) | 7) + 1; /* Align to bytes for easy mallocing and reading */ - bits = ((bits - 1) | 63) + 1; - fprintf(stderr, _("Generating %d bits number"), bits); - bytes = bits >> 3; + fprintf(stderr, _("Generating %d bits keys:\n"), bits); - if((fp = fopen("/dev/urandom", "r")) == NULL) - { - perror(_("Opening /dev/urandom")); - return 1; - } + key = RSA_generate_key(bits, RSA_PUBLIC_EXPONENT, indicator, NULL); - p = xmalloc(bytes); + fprintf(stderr, _("Done.\n")); - setbuf(stdout, NULL); - for(i = 0; i < bytes; i++) - { - c = fgetc(fp); - if(feof(fp)) - { - puts(""); - fprintf(stderr, _("File was empty!\n")); - } - p[i] = c; - } - fclose(fp); - - if(isatty(1)) - { - fprintf(stderr, _(": done.\nThe following line should be ENTIRELY copied into a passphrase file:\n")); - printf("%d ", bits); - for(i = 0; i < bytes; i++) - printf("%02x", p[i]); - puts(""); - } - else - { - printf("%d ", bits); - for(i = 0; i < bytes; i++) - printf("%02x", p[i]); - puts(""); - fprintf(stderr, _(": done.\n")); - } + printf("Public key:\t%s\nPrivate key:\t%s\n", BN_bn2hex(key->n), BN_bn2hex(key->d)); return 0; } From 6e39481d8f2406e60b5e329ace08b5a005d5cc43 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 11 Oct 2000 13:42:52 +0000 Subject: [PATCH 100/923] - Generalized config file parsing to support multiple configuration trees. --- src/conf.c | 128 +++++++++++++++++++++---------------------------- src/conf.h | 34 ++++++++----- src/protocol.c | 4 +- 3 files changed, 78 insertions(+), 88 deletions(-) diff --git a/src/conf.c b/src/conf.c index 1b729b2c..640ec135 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.10 2000/09/14 14:34:38 zarq Exp $ + $Id: conf.c,v 1.9.4.11 2000/10/11 13:42:52 guus Exp $ */ @@ -48,33 +48,31 @@ char *configfilename = NULL; /* Will be set if HUP signal is received. It will be processed when it is safe. */ int sighup = 0; -typedef struct internal_config_t { - char *name; - enum which_t which; - int argtype; -} internal_config_t; - /* These are all the possible configurable values */ static internal_config_t hazahaza[] = { - { "AllowConnect", allowconnect, TYPE_BOOL }, /* Is not used anywhere. Remove? */ - { "ConnectTo", upstreamip, TYPE_NAME }, - { "ConnectPort", upstreamport, TYPE_INT }, - { "ListenPort", listenport, TYPE_INT }, - { "MyOwnVPNIP", myvpnip, TYPE_IP }, - { "MyVirtualIP", myvpnip, TYPE_IP }, /* an alias */ - { "Passphrases", passphrasesdir, TYPE_NAME }, +/* Main configuration file keywords */ + { "Name", tincname, TYPE_NAME }, + { "ConnectTo", connectto, TYPE_NAME }, { "PingTimeout", pingtimeout, TYPE_INT }, { "TapDevice", tapdevice, TYPE_NAME }, + { "PrivateKey", privatekey, TYPE_NAME }, { "KeyExpire", keyexpire, TYPE_INT }, - { "VpnMask", vpnmask, TYPE_IP }, { "Hostnames", resolve_dns, TYPE_BOOL }, - { "IndirectData", indirectdata, TYPE_BOOL }, - { "TCPonly", tcponly, TYPE_BOOL }, { "Interface", interface, TYPE_NAME }, { "InterfaceIP", interfaceip, TYPE_IP }, - { "Name", tincname, TYPE_NAME }, +/* Host configuration file keywords */ + { "Address", address, TYPE_NAME }, + { "Port", port, TYPE_INT }, + { "PublicKey", publickey, TYPE_NAME }, + { "Subnet", subnet, TYPE_NAME }, + { "RestrictHosts", restricthosts, TYPE_BOOL }, + { "RestrictSubnets", restrictsubnets, TYPE_BOOL }, + { "RestrictAddress", restrictaddress, TYPE_BOOL }, + { "RestrictPort", restrictport, TYPE_BOOL }, + { "IndirectData", indirectdata, TYPE_BOOL }, + { "TCPonly", tcponly, TYPE_BOOL }, { NULL, 0, 0 } }; @@ -136,34 +134,39 @@ cp } /* - Get variable from a section in a configfile. returns -1 on failure. + Parse a configuration file and put the results in the configuration tree + starting at *base. */ -int -readconfig(const char *fname, FILE *fp) +int read_config_file(config_t **base, const char *fname) { - char *line, *temp_buf; + int err; + FILE *fp; + char line[MAXBUFSIZE]; /* There really should not be any line longer than this... */ char *p, *q; - int i, lineno = 0; + int i, err = -1, lineno = 0; config_t *cfg; cp - line = (char *)xmalloc(80 * sizeof(char)); - temp_buf = (char *)xmalloc(80 * sizeof(char)); - + if((fp = fopen (fname, "r")) == NULL) + { + return -1; + } + for(;;) { - if(fgets(line, 80, fp) == NULL) - return 0; - - while(!index(line, '\n')) + if(fgets(line, MAXBUFSIZE, fp) == NULL) { - fgets(temp_buf, (strlen(line)+1) * 80, fp); - if(!temp_buf) - break; - strcat(line, temp_buf); - line = (char *)xrealloc(line, (strlen(line)+1) * sizeof(char)); - } + err = 0; + break; + } + lineno++; + if(!index(line, '\n')) + { + syslog(LOG_ERR, _("Line %d too long while reading config file %s"), lineno, fname); + break; + } + if((p = strtok(line, "\t\n\r =")) == NULL) continue; /* no tokens on this line */ @@ -176,50 +179,31 @@ cp if(!hazahaza[i].name) { - fprintf(stderr, _("%s: %d: Invalid variable name `%s'.\n"), - fname, lineno, p); - return -1; + syslog(LOG_ERR, _("Invalid variable name on line %d while reading config file %s"), + lineno, fname); + break; } if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#') { - fprintf(stderr, _("%s: %d: No value given for `%s'.\n"), - fname, lineno, hazahaza[i].name); - return -1; + fprintf(stderr, _("No value for variable on line %d while reading config file %s"), + lineno, fname); + break; } - cfg = add_config_val(&config, hazahaza[i].argtype, q); + cfg = add_config_val(base, hazahaza[i].argtype, q); if(cfg == NULL) { - fprintf(stderr, _("%s: %d: Invalid value `%s' for variable `%s'.\n"), - fname, lineno, q, hazahaza[i].name); - return -1; + fprintf(stderr, _("Invalid value for variable on line %d while reading config file %s"), + lineno, fname); + break; } cfg->which = hazahaza[i].which; if(!config) config = cfg; } -cp - return 0; -} -/* - wrapper function for readconfig -*/ -int -read_config_file(const char *fname) -{ - int err; - FILE *fp; -cp - if((fp = fopen (fname, "r")) == NULL) - { - fprintf(stderr, _("Could not open %s: %s\n"), fname, strerror(errno)); - return 1; - } - - err = readconfig(fname, fp); fclose (fp); cp return err; @@ -228,10 +212,8 @@ cp /* Look up the value of the config option type */ -const config_t * -get_config_val(which_t type) +const config_t *get_config_val(config_t *p, which_t type) { - config_t *p; cp for(p = config; p != NULL; p = p->next) if(p->which == type) @@ -245,10 +227,8 @@ cp Support for multiple config lines. Index is used to get a specific value, 0 being the first, 1 the second etc. */ -const config_t * -get_next_config_val(which_t type, int index) +const config_t *get_next_config_val(config_t *p, which_t type, int index) { - config_t *p; cp for(p = config; p != NULL; p = p->next) if(p->which == type) @@ -262,11 +242,11 @@ cp /* Remove the complete configuration tree. */ -void clear_config() +void clear_config(config_t **base) { config_t *p, *next; cp - for(p = config; p != NULL; p = next) + for(p = *base; p != NULL; p = next) { next = p->next; if(p->data.ptr && (p->argtype == TYPE_NAME)) @@ -275,6 +255,6 @@ cp } free(p); } - config = NULL; + *base = NULL; cp } diff --git a/src/conf.h b/src/conf.h index a63821c4..39f90531 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.9 2000/09/14 14:34:38 zarq Exp $ + $Id: conf.h,v 1.6.4.10 2000/10/11 13:42:52 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -37,22 +37,26 @@ typedef union data_t { } data_t; typedef enum which_t { - passphrasesdir = 1, - upstreamip, - upstreamport, - listenport, - myvpnip, - tapdevice, - allowconnect, + tincname = 1, + connectto, pingtimeout, + tapdevice, + privatekey, keyexpire, - vpnmask, resolve_dns, - indirectdata, - tcponly, interface, interfaceip, - tincname, + configuration + address, + port, + publickey, + subnet, + restricthosts, + restrictsubnets, + restrictaddress, + restrictport, + indirectdata, + tcponly, } which_t; typedef struct config_t { @@ -62,6 +66,12 @@ typedef struct config_t { data_t data; } config_t; +typedef struct internal_config_t { + char *name; + enum which_t which; + int argtype; +} internal_config_t; + enum { stupid_false = 1, stupid_true diff --git a/src/protocol.c b/src/protocol.c index 20a2fc35..e26978bd 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.36 2000/09/26 14:06:06 guus Exp $ + $Id: protocol.c,v 1.28.4.37 2000/10/11 13:42:52 guus Exp $ */ #include "config.h" @@ -187,7 +187,7 @@ cp /* Load information about peer */ - if(!read_id(cl)) + if(!read_host_config(cl)) { syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), cl->hostname, cl->name); return -1; From 183a8edd22ba4bc682392c73ae02fc9e121eda68 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 11 Oct 2000 22:01:02 +0000 Subject: [PATCH 101/923] - Fixing-things pass: every source file compiles into an object file now, but linking tincd does not work yet (must link with openssl libs and define some missing functions). --- lib/xalloc.h | 2 ++ src/conf.c | 11 +++--- src/conf.h | 22 ++++++------ src/connlist.c | 45 ++++++++++++++++++------ src/connlist.h | 12 +++++-- src/meta.c | 4 +-- src/net.c | 92 ++++++++++++++------------------------------------ src/net.h | 7 ++-- src/netutl.c | 4 +-- src/netutl.h | 3 +- src/protocol.c | 36 +++++++++++--------- src/protocol.h | 4 +-- src/subnet.c | 42 ++++++++++++----------- src/subnet.h | 9 ++--- src/tincd.c | 4 +-- 15 files changed, 148 insertions(+), 149 deletions(-) diff --git a/lib/xalloc.h b/lib/xalloc.h index 3f8d7792..e77e6a57 100644 --- a/lib/xalloc.h +++ b/lib/xalloc.h @@ -1,3 +1,5 @@ +#include + #ifndef PARAMS # if defined PROTOTYPES || (defined __STDC__ && __STDC__) # define PARAMS(Args) Args diff --git a/src/conf.c b/src/conf.c index 640ec135..7e135dec 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,18 +19,17 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.11 2000/10/11 13:42:52 guus Exp $ + $Id: conf.c,v 1.9.4.12 2000/10/11 22:00:57 guus Exp $ */ -#include "config.h" - #include #include #include #include #include #include +#include #include @@ -38,6 +37,8 @@ #include "netutl.h" /* for strtoip */ #include /* for cp */ +#include "config.h" + #include "system.h" config_t *config; @@ -139,11 +140,11 @@ cp */ int read_config_file(config_t **base, const char *fname) { - int err; + int err = -1; FILE *fp; char line[MAXBUFSIZE]; /* There really should not be any line longer than this... */ char *p, *q; - int i, err = -1, lineno = 0; + int i, lineno = 0; config_t *cfg; cp if((fp = fopen (fname, "r")) == NULL) diff --git a/src/conf.h b/src/conf.h index 39f90531..f17b6ed8 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.10 2000/10/11 13:42:52 guus Exp $ + $Id: conf.h,v 1.6.4.11 2000/10/11 22:00:58 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -30,12 +30,6 @@ typedef struct ip_mask_t { unsigned long mask; } ip_mask_t; -typedef union data_t { - unsigned long val; - void *ptr; - ip_mask_t *ip; -} data_t; - typedef enum which_t { tincname = 1, connectto, @@ -46,7 +40,6 @@ typedef enum which_t { resolve_dns, interface, interfaceip, - configuration address, port, publickey, @@ -63,7 +56,12 @@ typedef struct config_t { struct config_t *next; which_t which; int argtype; - data_t data; + union data { + unsigned long val; + void *ptr; + ip_mask_t *ip; + struct config_t *next; /* For nested configs! */ + } data; } config_t; typedef struct internal_config_t { @@ -92,9 +90,9 @@ extern int sighup; extern char *configfilename; extern config_t *add_config_val(config_t **, int, char *); -extern int read_config_file(const char *); -extern const config_t *get_config_val(which_t type); -extern const config_t *get_next_config_val(which_t type, int); +extern int read_config_file(config_t **, const char *); +extern const config_t *get_config_val(config_t *, which_t type); +extern const config_t *get_next_config_val(config_t *, which_t type, int); extern void clear_config(); #endif /* __TINC_CONF_H__ */ diff --git a/src/connlist.c b/src/connlist.c index 12a501f1..df10ce37 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,13 +17,15 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.1 2000/10/11 10:35:15 guus Exp $ + $Id: connlist.c,v 1.1.2.2 2000/10/11 22:00:58 guus Exp $ */ +#include + #include "config.h" #include -#include "connlist.h" +#include "net.h" /* Don't ask. */ /* Root of the connection list */ @@ -34,7 +36,7 @@ conn_list_t *myself = NULL; conn_list_t *new_conn_list(void) { - conn_list_t *p = xmalloc(sizeof(*p)); + conn_list_t *p = (conn_list_t *)xmalloc(sizeof(*p)); cp /* initialise all those stupid pointers at once */ memset(p, '\0', sizeof(*p)); @@ -110,10 +112,10 @@ cp void conn_list_add(conn_list_t *cl) { cp - cl->next = connlist; + cl->next = conn_list; cl->prev = NULL; cl->next->prev = cl; - connlist = cl; + conn_list = cl; cp } @@ -123,7 +125,7 @@ cp if(cl->prev) cl->prev->next = cl->next; else - connlist = cl->next; + conn_list = cl->next; cl->next->prev = cl->prev; free_conn_list(cl); @@ -132,12 +134,23 @@ cp /* Lookup functions */ +conn_list_t *lookup_id(char *name) +{ + conn_list_t *p; +cp + for(p = conn_list; p != NULL; p = p->next) + if(strcmp(name, p->name) == 0) + break; +cp + return p; +} + conn_list_t *lookup_conn_list_mac(mac_t address) { conn_list_t *p; cp for(p = conn_list; p != NULL; p = p->next) - if(lookup_subnet_mac(p, address)) + if(lookup_subnet_mac(p->subnets, address)) break; cp return p; @@ -148,7 +161,7 @@ conn_list_t *lookup_conn_list_ipv4(ipv4_t address) conn_list_t *p; cp for(p = conn_list; p != NULL; p = p->next) - if(lookup_subnet_ipv4(p, address)) + if(lookup_subnet_ipv4(p->subnets, address)) break; cp return p; @@ -159,7 +172,7 @@ conn_list_t *lookup_conn_list_ipv6(ipv6_t address) conn_list_t *p; cp for(p = conn_list; p != NULL; p = p->next) - if(lookup_subnet_ipv6(p, address)) + if(lookup_subnet_ipv6(p->subnets, address)) break; cp return p; @@ -170,14 +183,24 @@ cp void dump_conn_list(void) { conn_list_t *p; + subnet_t *s; + char *netstr; cp syslog(LOG_DEBUG, _("Connection list:")); for(p = conn_list; p != NULL; p = p->next) { - syslog(LOG_DEBUG, _("%s netmask %d.%d.%d.%d at %s port %hd flags %d sockets %d, %d status %04x"), - p->name, IP_ADDR_V(p->vpn_mask), p->hostname, p->port, p->flags, + syslog(LOG_DEBUG, _("%s at %s port %hd flags %d sockets %d, %d status %04x"), + p->name, p->hostname, p->port, p->flags, p->socket, p->meta_socket, p->status); + for(s = p->subnets; s != NULL; s = s->next) + { + netstr = net2str(s); + syslog(LOG_DEBUG, ": %s", netstr); + free(netstr); + } } + + syslog(LOG_DEBUG, _("End of connection list.")); cp } diff --git a/src/connlist.h b/src/connlist.h index 7ded0bfa..0f8edcbb 100644 --- a/src/connlist.h +++ b/src/connlist.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.h,v 1.1.2.1 2000/10/11 10:35:15 guus Exp $ + $Id: connlist.h,v 1.1.2.2 2000/10/11 22:00:58 guus Exp $ */ #ifndef __TINC_CONNLIST_H__ @@ -26,11 +26,11 @@ #include #include "net.h" -#include "subnet.h" +#include "conf.h" typedef struct conn_list_t { char *name; /* name of this connection */ - ip_t real_ip; /* his real (internet) ip */ + ipv4_t address; /* his real (internet) ip */ char *hostname; /* the hostname of its real ip */ short unsigned int port; /* his portnumber */ int protocol_version; /* used protocol */ @@ -72,9 +72,14 @@ typedef struct conn_list_t { struct subnet_t *subnets; /* Pointer to a list of subnets belonging to this connection */ + struct config_t *config; /* Pointer to configuration tree belonging to this host */ + struct conn_list_t *next; /* after all, it's a list of connections */ + struct conn_list_t *prev; /* doubly linked for O(1) deletions */ } conn_list_t; +#include "subnet.h" + extern conn_list_t *conn_list; extern conn_list_t *myself; @@ -82,6 +87,7 @@ extern conn_list_t *new_conn_list(); extern void free_conn_list(conn_list_t *); extern void add_conn_list(conn_list_t *); extern void del_conn_list(conn_list_t *); +extern conn_list_t *lookup_id(char *); extern conn_list_t *lookup_conn_list_mac(mac_t); extern conn_list_t *lookup_conn_list_ipv4(ipv4_t); extern conn_list_t *lookup_conn_list_ipv6(ipv6_t); diff --git a/src/meta.c b/src/meta.c index 85781b83..3cd2c533 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.2 2000/10/11 10:35:15 guus Exp $ + $Id: meta.c,v 1.1.2.3 2000/10/11 22:00:58 guus Exp $ */ #include "config.h" @@ -59,7 +59,7 @@ cp return 0; } -int broadcast_meta(conn_list_t *cl, const char *buffer, int length) +int broadcast_meta(conn_list_t *cl, char *buffer, int length) { conn_list_t *p; cp diff --git a/src/net.c b/src/net.c index 2efd3408..59725cad 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.33 2000/10/11 10:35:16 guus Exp $ + $Id: net.c,v 1.35.4.34 2000/10/11 22:00:58 guus Exp $ */ #include "config.h" @@ -84,7 +84,7 @@ cp p->data[0] = p->data[6] = 0xfe; p->data[1] = p->data[7] = 0xfd; /* Really evil pointer stuff just below! */ - *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->real_ip)); + *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address)); *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26])); cp } @@ -274,7 +274,7 @@ int send_packet(ip_t to, vpn_packet_t *packet) { conn_list_t *cl; cp - if((cl = lookup_conn(to)) == NULL) + if((cl = lookup_conn_list_ipv4(to)) == NULL) { if(debug_lvl > 3) { @@ -286,50 +286,9 @@ cp } /* If we ourselves have indirectdata flag set, we should send only to our uplink! */ + + /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */ - /* The next few lines will be obsoleted, if we are going indirect, matching subnet_t - should point to only our uplink as the recepient - */ - - if(myself->flags & EXPORTINDIRECTDATA) - { - for(cl = conn_list; cl != NULL && !cl->status.outgoing; cl = cl->next); - if(!cl) - { /* No open outgoing connection has been found. */ - if(debug_lvl > 3) - syslog(LOG_NOTICE, _("There is no remote host I can send this packet to!")); - return -1; - } - } - else - - /* If indirectdata flag is set for the destination we just looked up, - * then real_ip is actually the vpn_ip of the gateway tincd - * it is behind. - */ - - if(cl->flags & INDIRECTDATA) - { - if(debug_lvl > 3) - syslog(LOG_NOTICE, _("Indirect packet to %s via %s"), - cl->name, cl->hostname); - if((cl = lookup_conn(cl->real_ip)) == NULL) - { - if(debug_lvl > 3) - syslog(LOG_NOTICE, _("Indirect look up %d.%d.%d.%d in connection list failed!"), IP_ADDR_V(to)); - - /* Gateway tincd dead? Should we kill it? (GS) */ - - return -1; - } - if(cl->flags & INDIRECTDATA) /* This should not happen */ - { - if(debug_lvl > 3) - syslog(LOG_NOTICE, _("Double indirection for %d.%d.%d.%d"), IP_ADDR_V(to)); - return -1; - } - } - if(my_key_expiry <= time(NULL)) regenerate_keys(); @@ -375,7 +334,7 @@ int setup_tap_fd(void) const char *tapfname; config_t const *cfg; cp - if((cfg = get_config_val(tapdevice)) == NULL) + if((cfg = get_config_val(config, tapdevice)) == NULL) tapfname = "/dev/tap0"; else tapfname = cfg->data.ptr; @@ -427,7 +386,7 @@ cp return -1; } - if((cfg = get_config_val(interface))) + if((cfg = get_config_val(config, interface))) { if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr))) { @@ -440,7 +399,7 @@ cp a.sin_family = AF_INET; a.sin_port = htons(port); - if((cfg = get_config_val(interfaceip))) + if((cfg = get_config_val(config, interfaceip))) a.sin_addr.s_addr = htonl(cfg->data.ip->ip); else a.sin_addr.s_addr = htonl(INADDR_ANY); @@ -515,7 +474,7 @@ cp if(debug_lvl > 0) syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname); - if((cfg = get_config_val(upstreamport)) == NULL) + if((cfg = get_config_val(cl->config, port)) == NULL) cl->port = 655; else cl->port = cfg->data.val; @@ -530,7 +489,7 @@ cp a.sin_family = AF_INET; a.sin_port = htons(cl->port); - a.sin_addr.s_addr = htonl(cl->real_ip); + a.sin_addr.s_addr = htonl(cl->address); if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1) { @@ -572,8 +531,8 @@ cp } ncn = new_conn_list(); - ncn->real_ip = ntohl(*((ip_t*)(h->h_addr_list[0]))); - ncn->hostname = hostlookup(htonl(ncn->real_ip)); + ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0]))); + ncn->hostname = hostlookup(htonl(ncn->address)); if(setup_outgoing_meta_socket(ncn) < 0) { @@ -603,7 +562,7 @@ cp myself->hostname = "MYSELF"; /* FIXME? */ myself->flags = 0; - if(!(cfg = get_config_val(tincname))) /* Not acceptable */ + if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */ { syslog(LOG_ERR, _("Name for tinc daemon required!")); return -1; @@ -611,16 +570,16 @@ cp else myself->name = (char*)cfg->data.val; - if(!(cfg = get_config_val(listenport))) + if(!(cfg = get_config_val(myself, port))) myself->port = 655; else myself->port = cfg->data.val; - if((cfg = get_config_val(indirectdata))) + if((cfg = get_config_val(config, indirectdata))) if(cfg->data.val == stupid_true) myself->flags |= EXPORTINDIRECTDATA; - if((cfg = get_config_val(tcponly))) + if((cfg = get_config_val(config, tcponly))) if(cfg->data.val == stupid_true) myself->flags |= TCPONLY; @@ -649,8 +608,9 @@ sigalrm_handler(int a) { config_t const *cfg; cp - cfg = get_next_config_val(upstreamip, upstreamindex++); - +/* FIXME! Use name instead of upstreamip. + cfg = get_next_config_val(config, upstreamip, upstreamindex++); +*/ while(cfg) { if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ @@ -658,7 +618,7 @@ cp signal(SIGALRM, SIG_IGN); return; } - cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */ +// cfg = get_next_config_val(config, upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */ } signal(SIGALRM, sigalrm_handler); @@ -679,7 +639,7 @@ int setup_network_connections(void) { config_t const *cfg; cp - if((cfg = get_config_val(pingtimeout)) == NULL) + if((cfg = get_config_val(config, pingtimeout)) == NULL) timeout = 5; else timeout = cfg->data.val; @@ -690,7 +650,7 @@ cp if(setup_myself() < 0) return -1; - if((cfg = get_next_config_val(upstreamip, upstreamindex++)) == NULL) +// if((cfg = get_next_config_val(config, upstreamip, upstreamindex++)) == NULL) /* No upstream IP given, we're listen only. */ return 0; @@ -698,7 +658,7 @@ cp { if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ return 0; - cfg = get_next_config_val(upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */ +// cfg = get_next_config_val(config, upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */ } signal(SIGALRM, sigalrm_handler); @@ -767,7 +727,7 @@ cp a.sin_family = AF_INET; a.sin_port = htons(cl->port); - a.sin_addr.s_addr = htonl(cl->real_ip); + a.sin_addr.s_addr = htonl(cl->address); if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1) { @@ -808,7 +768,7 @@ cp return NULL; } - p->real_ip = ntohl(ci.sin_addr.s_addr); + p->address = ntohl(ci.sin_addr.s_addr); p->hostname = hostlookup(ci.sin_addr.s_addr); p->meta_socket = sfd; p->status.meta = 1; @@ -1150,7 +1110,7 @@ cp syslog(LOG_INFO, _("Rereading configuration file")); close_network_connections(); clear_config(); - if(read_config_file(configfilename)) + if(read_config_file(&config, configfilename)) { syslog(LOG_ERR, _("Unable to reread configuration file, exiting")); exit(0); diff --git a/src/net.h b/src/net.h index 8d416ec2..e2b6d063 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.14 2000/10/11 10:35:16 guus Exp $ + $Id: net.h,v 1.9.4.15 2000/10/11 22:01:00 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -26,7 +26,6 @@ #include "config.h" #include "conf.h" -#include "connlist.h" #define MAXSIZE 1700 /* should be a bit more than the MTU for the tapdevice */ #define MTU 1600 @@ -129,6 +128,8 @@ extern int total_socket_out; extern char *request_name[256]; extern char *status_text[10]; +#include "connlist.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ + extern int str2opt(const char *); extern char *opt2str(int); extern int send_packet(ip_t, vpn_packet_t *); @@ -137,7 +138,7 @@ extern void close_network_connections(void); extern void main_loop(void); extern int setup_vpn_connection(conn_list_t *); extern void terminate_connection(conn_list_t *); -extern void flush_queues(conn_list_t*); +extern void flush_queues(conn_list_t *); extern int xrecv(vpn_packet_t *); extern void add_queue(packet_queue_t **, void *, size_t); diff --git a/src/netutl.c b/src/netutl.c index 0a0a3fed..5f627706 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.11 2000/10/11 10:35:17 guus Exp $ + $Id: netutl.c,v 1.12.4.12 2000/10/11 22:01:00 guus Exp $ */ #include "config.h" @@ -73,7 +73,7 @@ cp in.s_addr = addr; lookup_hostname = 0; - if((cfg = get_config_val(resolve_dns)) != NULL) + if((cfg = get_config_val(config, resolve_dns)) != NULL) if(cfg->data.val == stupid_true) lookup_hostname = 1; diff --git a/src/netutl.h b/src/netutl.h index 6b6130b1..aed4ad78 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -16,13 +16,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.2 2000/10/11 10:35:17 guus Exp $ + $Id: netutl.h,v 1.2.4.3 2000/10/11 22:01:00 guus Exp $ */ #ifndef __TINC_NETUTL_H__ #define __TINC_NETUTL_H__ #include "net.h" +#include "conf.h" extern char *hostlookup(unsigned long); extern ip_mask_t *strtoip(char*); diff --git a/src/protocol.c b/src/protocol.c index e26978bd..25ed4d01 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.37 2000/10/11 13:42:52 guus Exp $ + $Id: protocol.c,v 1.28.4.38 2000/10/11 22:01:00 guus Exp $ */ #include "config.h" @@ -87,7 +87,7 @@ cp if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname); cp - return send_meta(cl, buffer, length); + return send_meta(cl, buffer, len); } int receive_request(conn_list_t *cl) @@ -235,7 +235,7 @@ cp /* Convert the random data to a hexadecimal formatted string */ bin2hex(cl->hischallenge,buffer,CHAL_LENGTH); - buffer[keylength*2] = '\0'; + buffer[CHAL_LENGTH*2] = '\0'; /* Send the challenge */ @@ -450,7 +450,7 @@ cp /* Check if subnet string is valid */ - if((subnet = str2net(subnetstr)) == -1) + if(!(subnet = str2net(subnetstr))) { syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname); free(name); free(subnetstr); @@ -472,7 +472,7 @@ cp /* Check if the owner of the new subnet is in the connection list */ - if(!(owner = lookup_id(name)) + if(!(owner = lookup_id(name))) { syslog(LOG_ERR, _("Got ADD_SUBNET for %s from %s (%s) which is not in our connection list"), name, cl->name, cl->hostname); @@ -481,8 +481,10 @@ cp } /* If everything is correct, add the subnet to the list of the owner */ + + subnet_add(owner, subnet); cp - return subnet_add(owner, subnet); + return 0; } int send_del_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) @@ -516,7 +518,7 @@ cp /* Check if subnet string is valid */ - if((subnet = str2net(subnetstr)) == -1) + if(!(subnet = str2net(subnetstr))) { syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname); free(name); free(subnetstr); @@ -538,7 +540,7 @@ cp /* Check if the owner of the new subnet is in the connection list */ - if(!(owner = lookup_id(name)) + if(!(owner = lookup_id(name))) { syslog(LOG_ERR, _("Got DEL_SUBNET for %s from %s (%s) which is not in our connection list"), name, cl->name, cl->hostname); @@ -546,9 +548,11 @@ cp return -1; } - /* If everything is correct, add the subnet to the list of the owner */ + /* If everything is correct, delete the subnet from the list of the owner */ + + subnet_del(subnet); cp - return subnet_del(owner, subnet); + return 0; } /* New and closed connections notification */ @@ -557,7 +561,7 @@ int send_add_host(conn_list_t *cl, conn_list_t *other) { cp return send_request(cl, "%d %s %s %lx:%d %lx", ADD_HOST, - myself->name, other->name, other->real_ip, other->port, other->options); + myself->name, other->name, other->address, other->port, other->options); } int add_host_h(conn_list_t *cl) @@ -604,7 +608,7 @@ cp /* Lookup his uplink */ - if(!(new->hisuplink = lookup_id(sender)) + if(!(new->hisuplink = lookup_id(sender))) { syslog(LOG_ERR, _("Got ADD_HOST from %s (%s) with origin %s which is not in our connection list"), sender, cl->name, cl->hostname); @@ -616,13 +620,13 @@ cp /* Fill in more of the new conn_list structure */ - new->hostname = hostlookup(htonl(new->real_ip)); + new->hostname = hostlookup(htonl(new->address)); /* Check if the new host already exists in the connnection list */ if((old = lookup_id(new->name))) { - if((new->real_ip == old->real_ip) && (new->port == old->port)) + if((new->address == old->address) && (new->port == old->port)) { if(debug_lvl > DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), @@ -660,7 +664,7 @@ int send_del_host(conn_list_t *cl, conn_list_t *other) { cp return send_request(cl, "%d %s %s %lx:%d %lx", DEL_HOST, - myself->name, other->name, other->real_ip, other->port, other->options); + myself->name, other->name, other->address, other->port, other->options); } int del_host_h(conn_list_t *cl) @@ -712,7 +716,7 @@ cp /* Lookup his uplink */ - if(!(hisuplink = lookup_id(sender)) + if(!(hisuplink = lookup_id(sender))) { syslog(LOG_ERR, _("Got DEL_HOST from %s (%s) with origin %s which is not in our connection list"), cl->name, cl->hostname, sender); diff --git a/src/protocol.h b/src/protocol.h index e4fd5f1c..11041781 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.9 2000/10/11 10:35:17 guus Exp $ + $Id: protocol.h,v 1.5.4.10 2000/10/11 22:01:02 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -56,7 +56,7 @@ extern int (*request_handlers[])(conn_list_t*); extern int send_id(conn_list_t*); extern int send_challenge(conn_list_t*); -extern int send_chal_reply(conn_list_t*, char*); +extern int send_chal_reply(conn_list_t*); extern int send_ack(conn_list_t*); extern int send_status(conn_list_t*, int, char*); extern int send_error(conn_list_t*, int, char*); diff --git a/src/subnet.c b/src/subnet.c index 9a882570..a7312ba4 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.2 2000/10/11 10:35:17 guus Exp $ + $Id: subnet.c,v 1.1.2.3 2000/10/11 22:01:02 guus Exp $ */ #include "config.h" @@ -55,7 +55,7 @@ cp cp } -void subnet_del(conn_list_t *cl, subnet_t *subnet) +void subnet_del(subnet_t *subnet) { cp if(subnet->prev) @@ -87,27 +87,27 @@ cp switch(type) { case SUBNET_MAC: - if(sscanf(netstr, "%d,%hhx:%hhx:%hhx:%hhx:%hhx:%hhx", &subnet->type, - &subnet->net.mac.x[0], - &subnet->net.mac.x[1], - &subnet->net.mac.x[2], - &subnet->net.mac.x[3], - &subnet->net.mac.x[4], - &subnet->net.mac.x[5]) != 7) + if(sscanf(subnetstr, "%d,%hhx:%hhx:%hhx:%hhx:%hhx:%hhx", &subnet->type, + &subnet->net.mac.address.x[0], + &subnet->net.mac.address.x[1], + &subnet->net.mac.address.x[2], + &subnet->net.mac.address.x[3], + &subnet->net.mac.address.x[4], + &subnet->net.mac.address.x[5]) != 7) { free_subnet(subnet); return NULL; } break; - case SUBNET_IPv4: + case SUBNET_IPV4: if(sscanf(subnetstr, "%d,%lx:%lx", &subnet->type, &subnet->net.ipv4.address, &subnet->net.ipv4.mask) != 3) { free_subnet(subnet); return NULL; } break; - case SUBNET_IPv6: - if(sscanf(netstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", &subnet->type, + case SUBNET_IPV6: + if(sscanf(subnetstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", &subnet->type, &subnet->net.ipv6.address.x[0], &subnet->net.ipv6.address.x[1], &subnet->net.ipv6.address.x[2], @@ -133,6 +133,7 @@ cp default: free_subnet(subnet); return NULL; + } cp return subnet; } @@ -145,15 +146,15 @@ cp { case SUBNET_MAC: asprintf(netstr, "%d,%hhx:%hhx:%hhx:%hhx:%hhx:%hhx", subnet->type, - subnet->net.mac.x[0], - subnet->net.mac.x[1], - subnet->net.mac.x[2], - subnet->net.mac.x[3], - subnet->net.mac.x[4], - subnet->net.mac.x[5]); - case SUBNET_IPv4: + subnet->net.mac.address.x[0], + subnet->net.mac.address.x[1], + subnet->net.mac.address.x[2], + subnet->net.mac.address.x[3], + subnet->net.mac.address.x[4], + subnet->net.mac.address.x[5]); + case SUBNET_IPV4: asprintf(netstr, "%d,%lx:%lx", subnet->type, subnet->net.ipv4.address, subnet->net.ipv4.mask); - case SUBNET_IPv6: + case SUBNET_IPV6: asprintf(netstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", subnet->net.ipv6.address.x[0], subnet->net.ipv6.address.x[1], @@ -211,6 +212,7 @@ cp subnet_t *lookup_subnet_ipv6(subnet_t *subnets, ipv6_t address) { subnet_t *subnet; + int i; cp for(subnet = subnets; subnet != NULL; subnet = subnet->next) { diff --git a/src/subnet.h b/src/subnet.h index b31226c0..8ebed81d 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,14 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.2 2000/10/11 10:35:17 guus Exp $ + $Id: subnet.h,v 1.1.2.3 2000/10/11 22:01:02 guus Exp $ */ #ifndef __TINC_SUBNET_H__ #define __TINC_SUBNET_H__ #include "net.h" -#include "connlist.h" enum { @@ -61,7 +60,7 @@ typedef struct subnet_t { /* And now for the actual subnet: */ - union + union net { subnet_mac_t mac; subnet_ipv4_t ipv4; @@ -70,9 +69,11 @@ typedef struct subnet_t { } subnet_t; +#include "connlist.h" + extern subnet_t *new_subnet(void); extern void free_subnet(subnet_t *); -extern void subnet_add(conn_list_t *, subnet_t *); +extern void subnet_add(struct conn_list_t *, subnet_t *); extern void subnet_del(subnet_t *); extern char *net2str(subnet_t *); extern subnet_t *str2net(char *); diff --git a/src/tincd.c b/src/tincd.c index fcd70522..333d00fc 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.9 2000/09/06 11:49:05 guus Exp $ + $Id: tincd.c,v 1.10.4.10 2000/10/11 22:01:02 guus Exp $ */ #include "config.h" @@ -359,7 +359,7 @@ main(int argc, char **argv, char **envp) if(kill_tincd) exit(kill_other()); - if(read_config_file(configfilename)) + if(read_config_file(&config, configfilename)) return 1; setup_signals(); From a96f2f0fc8a02593d4cda5976df3c76fc5c99eae Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 13 Oct 2000 23:29:35 +0000 Subject: [PATCH 102/923] Link with OpenSSL, forget libGMP --- configure.in | 24 +----------------------- 1 file changed, 1 insertion(+), 23 deletions(-) diff --git a/configure.in b/configure.in index c553e785..ea8950f6 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.6 2000/10/11 10:35:15 guus Exp $ +dnl $Id: configure.in,v 1.13.2.7 2000/10/13 23:29:35 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre3) @@ -53,28 +53,6 @@ jm_FUNC_REALLOC AM_GNU_GETTEXT -# Check for the GNU Multi Precision Library -libgmp=none -AC_CHECK_LIB(gmp, mpz_powm, [ - libgmp=gmp -]) -AC_CHECK_LIB(gmp2, mpz_powm, [ - libgmp=gmp2 -]) -AC_CHECK_LIB(gmp3, __gmpz_powm, [ - libgmp=gmp3 -]) -AC_CHECK_LIB(gmp, __gmpz_powm, [ - libgmp=gmp -]) - -if test $libgmp = none; then - AC_MSG_ERROR(libgmp is not installed. Please grab it from your - nearest GNU mirror and install it (see README)) -else - LIBS="$LIBS -l$libgmp" -fi - AC_CHECK_LIB(dl, dlopen, [ LIBS="$LIBS -ldl" ]) From f18e30dab3c208fd353af11e365791035534f444 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 13 Oct 2000 23:30:11 +0000 Subject: [PATCH 103/923] Updated new requirements, pointers to the manual --- README | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/README b/README index 46deda8e..7c0fe125 100644 --- a/README +++ b/README @@ -4,17 +4,26 @@ Installation instructions may be found in the INSTALL file. tinc is Copyright (C) 1998,1999,2000 Ivo Timmermans , Guus Sliepen and others. For a complete list of authors see the AUTHORS file. -This product includes software developed by Eric Young (eay@mincom.oz.au) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See the file COPYING for more details. -This version of tinc relies on the GNU Multi-Precision Library -(gmp). This library is available from your nearest GNU mirror. Please -install this first even before trying to run configure. If you don't -do this, configure will (hopefully) mention it to you. + +Requirements +------------ + +Since 1.0pre3, we use OpenSSL for all cryptographic functions. So you +need to install this library first; grab it from +http://www.openssl.org/. We recommend version 0.9.5 or better. If +this library is not installed on you system, configure will fail. The +manual in doc/tinc.texi contains more detailed information on how to +install this library. + + +Features +-------- This version of tinc supports multiple virtual networks at once. To use this feature, you may supply a netname via the -n or --net @@ -29,7 +38,7 @@ In this version, MAC addresses are stripped off before encoding and sending a packet. When the packet reaches its destination, the MAC addresses are rebuilt again. They then have the form FE:FD:aa:bb:cc:dd. aa, bb, cc and dd are taken from the destination -and source IP address. +and source IP address. See the manual for more detailed information. tincd regenerates its encryption key pairs. It does this on the first activity after the keys have expired. This period is adjustable in the From 6a8c2e346e6125e58aab428e6730c18a949abe12 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 13 Oct 2000 23:34:56 +0000 Subject: [PATCH 104/923] Don't look for GMP header files --- configure.in | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index ea8950f6..cb42fd58 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.7 2000/10/13 23:29:35 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.8 2000/10/13 23:34:56 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre3) @@ -33,8 +33,7 @@ dnl Checks for libraries. dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS(fcntl.h limits.h sys/ioctl.h syslog.h unistd.h gmp.h gmp2/gmp.h \ -sys/time.h) +AC_CHECK_HEADERS(fcntl.h limits.h sys/ioctl.h syslog.h unistd.h sys/time.h) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST From e9635ae38e0e2e3eb92568a1e234f8348856dd69 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 14 Oct 2000 17:04:16 +0000 Subject: [PATCH 105/923] - Second fixing-things pass: it even links now. - Lots of FIXME comments added to the source code. --- lib/utils.c | 29 ++++++++++++++++++++++++++++ lib/utils.h | 5 +++++ src/conf.c | 18 ++++++++++++++--- src/conf.h | 5 +++-- src/connlist.c | 28 +++++++++++++++++++++------ src/connlist.h | 9 ++++----- src/net.c | 52 ++++++++++++++++++++++++++++---------------------- src/net.h | 3 +-- src/protocol.c | 47 ++++++++++++++++++++++++++++----------------- src/tincd.c | 47 ++++++++++++++++++++------------------------- 10 files changed, 159 insertions(+), 84 deletions(-) diff --git a/lib/utils.c b/lib/utils.c index f42ee3ac..c8de214f 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -17,6 +17,9 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#include +#include + #include "config.h" #include @@ -24,3 +27,29 @@ volatile int cp_line; volatile char *cp_file; +char *charbin2hex = "0123456789ABCDEF"; + +int charhex2bin(char c) +{ + if(isdigit(c)) + return c - '0'; + else + return tolower(c) - 'a' + 10; +} + +void hex2bin(char *src, char *dst, size_t length) +{ + size_t i; + for(i=0; i=0; i--) + { + dst[i*2+1] = charbin2hex[src[i] & 15]; + dst[i*2] = charbin2hex[src[i]>>4]; + } +} diff --git a/lib/utils.h b/lib/utils.h index 9184a339..a4684f3d 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -20,6 +20,8 @@ #ifndef __TINC_UTILS_H__ #define __TINC_UTILS_H__ +#include + enum { DEBUG_CONNECTIONS = 0, DEBUG_PROTOCOL, @@ -35,4 +37,7 @@ enum { extern volatile int cp_line; extern volatile char *cp_file; +extern void hex2bin(char *src, char *dst, size_t length); +extern void bin2hex(char *src, char *dst, size_t length); + #endif /* __TINC_UTILS_H__ */ diff --git a/src/conf.c b/src/conf.c index 7e135dec..740f4346 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.12 2000/10/11 22:00:57 guus Exp $ + $Id: conf.c,v 1.9.4.13 2000/10/14 17:04:12 guus Exp $ */ @@ -38,13 +38,13 @@ #include /* for cp */ #include "config.h" - +#include "connlist.h" #include "system.h" config_t *config; int debug_lvl = 0; int timeout = 0; /* seconds before timeout */ -char *configfilename = NULL; +char *confbase = NULL; /* directory in which all config files are */ /* Will be set if HUP signal is received. It will be processed when it is safe. */ int sighup = 0; @@ -210,6 +210,18 @@ cp return err; } +int read_server_config() +{ + char *fname; + int x; +cp + asprintf(fname, "%s/tinc.conf", confbase); + x = read_config_file(&config, fname); + free(fname); +cp + return x; +} + /* Look up the value of the config option type */ diff --git a/src/conf.h b/src/conf.h index f17b6ed8..a1ab1620 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.11 2000/10/11 22:00:58 guus Exp $ + $Id: conf.h,v 1.6.4.12 2000/10/14 17:04:13 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -87,12 +87,13 @@ extern int debug_lvl; extern int timeout; extern int upstreamindex; extern int sighup; -extern char *configfilename; +extern char *confbase; extern config_t *add_config_val(config_t **, int, char *); extern int read_config_file(config_t **, const char *); extern const config_t *get_config_val(config_t *, which_t type); extern const config_t *get_next_config_val(config_t *, which_t type, int); extern void clear_config(); +extern int read_server_config(void); #endif /* __TINC_CONF_H__ */ diff --git a/src/connlist.c b/src/connlist.c index df10ce37..f1b0eba0 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,15 +17,17 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.2 2000/10/11 22:00:58 guus Exp $ + $Id: connlist.c,v 1.1.2.3 2000/10/14 17:04:13 guus Exp $ */ #include +#include "net.h" /* Don't ask. */ #include "config.h" +#include "conf.h" #include -#include "net.h" /* Don't ask. */ +#include "system.h" /* Root of the connection list */ @@ -55,8 +57,10 @@ cp free(p->name); if(p->hostname) free(p->hostname); - free_key(p->public_key); - free_key(p->datakey); + if(p->public_key) + RSA_free(p->public_key); + if(p->cipher_pktkey) + free(p->cipher_pktkey); free(p); cp } @@ -79,7 +83,7 @@ cp else conn_list = next; - free_conn_element(p); + free_conn_list(p); } else prev = p; @@ -99,7 +103,7 @@ cp for(p = conn_list; p != NULL; ) { next = p->next; - free_conn_element(p); + free_conn_list(p); p = next; } @@ -204,3 +208,15 @@ cp syslog(LOG_DEBUG, _("End of connection list.")); cp } + +int read_host_config(conn_list_t *cl) +{ + char *fname; + int x; +cp + asprintf(fname, "%s/hosts/%s", confbase, cl->name); + x = read_config_file(&cl->config, fname); + free(fname); +cp + return x; +} diff --git a/src/connlist.h b/src/connlist.h index 0f8edcbb..96a19474 100644 --- a/src/connlist.h +++ b/src/connlist.h @@ -17,13 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.h,v 1.1.2.2 2000/10/11 22:00:58 guus Exp $ + $Id: connlist.h,v 1.1.2.3 2000/10/14 17:04:13 guus Exp $ */ #ifndef __TINC_CONNLIST_H__ #define __TINC_CONNLIST_H__ #include +#include #include "net.h" #include "conf.h" @@ -43,9 +44,7 @@ typedef struct conn_list_t { packet_queue_t *sq; /* pending outgoing packets */ packet_queue_t *rq; /* pending incoming packets (they have no valid key to be decrypted with) */ - enc_key_t *public_key; /* the other party's public key */ - enc_key_t *datakey; /* encrypt data packets with this key */ - enc_key_t *rsakey; + RSA *public_key; /* the other party's public key */ EVP_CIPHER_CTX *cipher_inctx; /* Context of encrypted meta data that will come from him to us */ EVP_CIPHER_CTX *cipher_outctx; /* Context of encrypted meta data that will be sent from us to him */ @@ -53,7 +52,6 @@ typedef struct conn_list_t { EVP_CIPHER_CTX *cipher_pktctx; /* Context of encrypted vpn packets that will be sent to him */ EVP_CIPHER *cipher_pkttype; /* Cipher type for encrypted vpn packets */ char *cipher_pktkey; /* Cipher key */ - char *cipher_pktiv; /* Cipher input vector */ char *buffer; /* metadata input buffer */ int buflen; /* bytes read into buffer */ @@ -92,5 +90,6 @@ extern conn_list_t *lookup_conn_list_mac(mac_t); extern conn_list_t *lookup_conn_list_ipv4(ipv4_t); extern conn_list_t *lookup_conn_list_ipv6(ipv6_t); extern void dump_conn_list(void); +extern int read_host_config(conn_list_t *); #endif /* __TINC_CONNLIST_H__ */ diff --git a/src/net.c b/src/net.c index 59725cad..c7d3acc9 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.34 2000/10/11 22:00:58 guus Exp $ + $Id: net.c,v 1.35.4.35 2000/10/14 17:04:13 guus Exp $ */ #include "config.h" @@ -59,10 +59,6 @@ int total_socket_out = 0; int upstreamindex = 0; static int seconds_till_retry; -/* The global list of existing connections */ -conn_list_t *conn_list = NULL; -conn_list_t *myself = NULL; - /* strip off the MAC adresses of an ethernet frame */ @@ -95,7 +91,7 @@ int xsend(conn_list_t *cl, vpn_packet_t *inpkt) int outlen, outpad; cp outpkt.len = inpkt->len; - EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktiv); + EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL); EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad); outlen += outpad; @@ -128,7 +124,7 @@ cp inpkt->len); outpkt.len = inpkt->len; - EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktiv); + EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL); EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); /* FIXME: grok DecryptFinal EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad); @@ -289,9 +285,6 @@ cp /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */ - if(my_key_expiry <= time(NULL)) - regenerate_keys(); - if(!cl->status.dataopen) if(setup_vpn_connection(cl) < 0) { @@ -538,7 +531,7 @@ cp { syslog(LOG_ERR, _("Could not set up a meta connection to %s"), ncn->hostname); - free_conn_element(ncn); + free_conn_list(ncn); return -1; } @@ -559,7 +552,7 @@ int setup_myself(void) cp myself = new_conn_list(); - myself->hostname = "MYSELF"; /* FIXME? */ + asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */ myself->flags = 0; if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */ @@ -569,17 +562,29 @@ cp } else myself->name = (char*)cfg->data.val; + + if(check_id(myself->name)) + { + syslog(LOG_ERR, _("Invalid name for myself!")); + return -1; + } + + if(read_host_config(myself)) + { + syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); + return -1; + } - if(!(cfg = get_config_val(myself, port))) + if(!(cfg = get_config_val(myself->config, port))) myself->port = 655; else myself->port = cfg->data.val; - if((cfg = get_config_val(config, indirectdata))) + if((cfg = get_config_val(myself->config, indirectdata))) if(cfg->data.val == stupid_true) myself->flags |= EXPORTINDIRECTDATA; - if((cfg = get_config_val(config, tcponly))) + if((cfg = get_config_val(myself->config, tcponly))) if(cfg->data.val == stupid_true) myself->flags |= TCPONLY; @@ -780,9 +785,9 @@ cp syslog(LOG_NOTICE, _("Connection from %s port %d"), p->hostname, htons(ci.sin_port)); - if(send_basic_info(p) < 0) + if(send_id(p) < 0) { - free_conn_element(p); + free_conn_list(p); return NULL; } cp @@ -860,12 +865,6 @@ cp if(debug_lvl > 0) syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), cl->name, cl->hostname); - - if(cl->status.timeout) - send_timeout(cl); -/* else if(!cl->status.termreq) - send_termreq(cl); - */ if(cl->socket) close(cl->socket); @@ -875,8 +874,11 @@ cp cl->status.remove = 1; /* If this cl isn't active, don't send any DEL_HOSTs. */ + +/* FIXME: reprogram this. if(cl->status.active) notify_others(cl,NULL,send_del_host); +*/ cp /* Find all connections that were lost because they were behind cl @@ -887,7 +889,9 @@ cp if((p->nexthop == cl) && (p != cl)) { if(cl->status.active && p->status.active) +/* FIXME: reprogram this notify_others(p,cl,send_del_host); +*/; if(cl->socket) close(cl->socket); p->status.active = 0; @@ -1106,6 +1110,7 @@ cp if(sighup) { sighup = 0; +/* FIXME: reprogram this. if(debug_lvl > 1) syslog(LOG_INFO, _("Rereading configuration file")); close_network_connections(); @@ -1117,6 +1122,7 @@ cp } sleep(5); setup_network_connections(); +*/ continue; } diff --git a/src/net.h b/src/net.h index e2b6d063..2547b1ea 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.15 2000/10/11 22:01:00 guus Exp $ + $Id: net.h,v 1.9.4.16 2000/10/14 17:04:15 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -25,7 +25,6 @@ #include #include "config.h" -#include "conf.h" #define MAXSIZE 1700 /* should be a bit more than the MTU for the tapdevice */ #define MTU 1600 diff --git a/src/protocol.c b/src/protocol.c index 25ed4d01..42b41ebc 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.38 2000/10/11 22:01:00 guus Exp $ + $Id: protocol.c,v 1.28.4.39 2000/10/14 17:04:15 guus Exp $ */ #include "config.h" @@ -399,9 +399,10 @@ cp /* Exchange information about other tinc daemons */ +/* FIXME: reprogram this. notify_others(cl, NULL, send_add_host); notify_one(cl); - +*/ upstreamindex = 0; cp @@ -653,9 +654,9 @@ cp conn_list_add(conn_list, new); /* Tell the rest about the new host */ - +/* FIXME: reprogram this. notify_others(new, cl, send_add_host); - +*/ cp return 0; } @@ -942,7 +943,7 @@ cp if(!strcmp(to_id, myself->name)) { - send_ans_key(myself, from, myself->datakey->key); + send_ans_key(myself, from, myself->cipher_pktkey); } else { @@ -961,20 +962,20 @@ cp return 0; } -int send_ans_key(conn_list_t *from, conn_list_t *to, char *datakey) +int send_ans_key(conn_list_t *from, conn_list_t *to, char *pktkey) { cp return send_request(to->nexthop, "%d %s %s %s", ANS_KEY, - from->name, to->name, datakey); + from->name, to->name, pktkey); } int ans_key_h(conn_list_t *cl) { - char *from_id, *to_id, *datakey; + char *from_id, *to_id, *pktkey; int keylength; conn_list_t *from, *to; cp - if(sscanf(cl->buffer, "%*d %as %as %as", &from_id, &to_id, &datakey) != 3) + if(sscanf(cl->buffer, "%*d %as %as %as", &from_id, &to_id, &pktkey) != 3) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s)"), cl->name, cl->hostname); @@ -985,7 +986,7 @@ cp { syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) origin %s which does not exist in our connection list"), cl->name, cl->hostname, from_id); - free(from_id); free(to_id); free(datakey); + free(from_id); free(to_id); free(pktkey); return -1; } @@ -995,18 +996,18 @@ cp { /* It is for us, convert it to binary and set the key with it. */ - keylength = strlen(datakey); + keylength = strlen(pktkey); if((keylength%2) || (keylength <= 0)) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), cl->name, cl->hostname, from->name); - free(from_id); free(to_id); free(datakey); + free(from_id); free(to_id); free(pktkey); return -1; } keylength /= 2; - hex2bin(datakey, datakey, keylength); - BF_set_key(cl->datakey, keylength, datakey); + hex2bin(pktkey, pktkey, keylength); + BF_set_key(cl->cipher_pktkey, keylength, pktkey); } else { @@ -1014,13 +1015,13 @@ cp { syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) destination %s which does not exist in our connection list"), cl->name, cl->hostname, to_id); - free(from_id); free(to_id); free(datakey); + free(from_id); free(to_id); free(pktkey); return -1; } - send_ans_key(from, to, datakey); + send_ans_key(from, to, pktkey); } - free(from_id); free(to_id); free(datakey); + free(from_id); free(to_id); free(pktkey); cp return 0; } @@ -1046,3 +1047,15 @@ char (*request_name[]) = { "ADD_SUBNET", "DEL_SUBNET", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", }; + +/* Status strings */ + +char (*status_text[]) = { + "FIXME: status text", +}; + +/* Error strings */ + +char (*error_text[]) = { + "FIXME: error text", +}; diff --git a/src/tincd.c b/src/tincd.c index 333d00fc..b016e12a 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.10 2000/10/11 22:01:02 guus Exp $ + $Id: tincd.c,v 1.10.4.11 2000/10/14 17:04:16 guus Exp $ */ #include "config.h" @@ -63,8 +63,6 @@ static int kill_tincd = 0; /* If zero, don't detach from the terminal. */ static int do_detach = 1; -char *confbase = NULL; /* directory in which all config files are */ -/* char *configfilename = NULL; /* configuration file name, moved to config.c */ char *identname; /* program name for syslog */ char *netname = NULL; /* name of the vpn network */ char *pidfilename; /* pid file location */ @@ -98,7 +96,7 @@ usage(int status) else { printf(_("Usage: %s [option]...\n\n"), program_name); - printf(_(" -c, --config=FILE Read configuration options from FILE.\n" + printf(_(" -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" " -d Increase debug level.\n" " -k, --kill Attempt to kill a running tincd and exit.\n" @@ -125,8 +123,8 @@ parse_options(int argc, char **argv, char **envp) case 0: /* long option */ break; case 'c': /* config file */ - configfilename = xmalloc(strlen(optarg)+1); - strcpy(configfilename, optarg); + confbase = xmalloc(strlen(optarg)+1); + strcpy(confbase, optarg); break; case 'D': /* no detach */ do_detach = 0; @@ -293,29 +291,23 @@ int kill_other(void) */ void make_names(void) { - if(!configfilename) - { - if(netname) - { - asprintf(&configfilename, "%s/tinc/%s/tinc.conf", CONFDIR, netname); - } - else - { - asprintf(&configfilename, "%s/tinc/tinc.conf", CONFDIR); - } - } - if(netname) { - asprintf(&pidfilename, "/var/run/tinc.%s.pid", netname); - asprintf(&confbase, "%s/tinc/%s/", CONFDIR, netname); - asprintf(&identname, "tinc.%s", netname); + if(!pidfilename) + asprintf(&pidfilename, "/var/run/tinc.%s.pid", netname); + if(!confbase) + asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); + if(!identname) + asprintf(&identname, "tinc.%s", netname); } else { - pidfilename = "/var/run/tinc.pid"; - asprintf(&confbase, "%s/tinc/", CONFDIR); - identname = "tinc"; + if(!pidfilename) + pidfilename = "/var/run/tinc.pid"; + if(!confbase) + asprintf(&confbase, "%s/tinc", CONFDIR); + if(!identname) + identname = "tinc"; } } @@ -359,7 +351,7 @@ main(int argc, char **argv, char **envp) if(kill_tincd) exit(kill_other()); - if(read_config_file(&config, configfilename)) + if(read_server_config()) return 1; setup_signals(); @@ -367,9 +359,10 @@ main(int argc, char **argv, char **envp) if(detach()) exit(0); +/* FIXME: wt* is this suppose to do? if(security_init()) return 1; - +*/ for(;;) { setup_network_connections(); @@ -448,7 +441,9 @@ sigusr2_handler(int a) { if(debug_lvl > 1) syslog(LOG_NOTICE, _("Got USR2 signal, forcing new key generation")); +/* FIXME: reprogram this. regenerate_keys(); +*/ } RETSIGTYPE From 1d5bb49f261b4346b5a440ae6bbf58fe391ea46e Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 14 Oct 2000 22:00:09 +0000 Subject: [PATCH 106/923] Update Depends lines to reflect the dependencies on OpenSSL --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index cc18a908..c08c622b 100644 --- a/debian/control +++ b/debian/control @@ -3,11 +3,11 @@ Section: non-US/main Priority: optional Maintainer: Ivo Timmermans Standards-Version: 3.0.1 -Build-Depends: libc6-dev, libgmp2-dev +Build-Depends: libc6-dev, libssl095a-dev, autoconf (>= 2.12), automake, Package: tinc Architecture: i386 -Depends: ${shlibs:Depends}, libgmp2, perl5 +Depends: ${shlibs:Depends}, (libssl095a|libssl09), perl5 Description: Virtual Private Network daemon tinc is a daemon with which you can create a virtual private network (VPN). One daemon can handle multiple connections, so you can From 2e159d0139e77041ad82e96bf0abef6aaf64a258 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 14 Oct 2000 22:17:29 +0000 Subject: [PATCH 107/923] Fix `Requirements'-section for GMP and OpenSSL libraries. --- doc/tinc.texi | 47 +++++++++++------------------------------------ 1 file changed, 11 insertions(+), 36 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 3302baa9..16229e53 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -349,45 +349,17 @@ Unfortunately somebody still has to write the text. @section Libraries @cindex requirements -Before you can configure or build tinc, you need to have two libraries -installed on your system, GMP and OpenSSL. If you try to configure tinc -without having installed both, configure will give you an error message, -and stop. +Before you can configure or build tinc, you need to have the OpenSSL +library installed on your system. If you try to configure tinc without +having installed it, configure will give you an error message, and stop. @menu -* GMP:: * OpenSSL:: @end menu @c ================================================================== -@node GMP, OpenSSL, Libraries, Libraries -@subsection GMP - -@cindex GMP -tinc uses the GNU Multiple Precision (GMP) library to do some -authentication-related calculations. tinc cannot run without this -library. If you try to configure the tinc source code without this -library installed, you will get an error message. - -Currently, versions 1.x, 2.x, 3.0 and 3.0.1 of this library are -supported. You may try to configure if you have another version -installed, chances are big it works without a problem. - -You can use your operating system's package manager to install this if -available. Make sure you install the development AND runtime versions -of this package. - -If you can't install GMP this way, you can get the source of this latest -version of this library from -@url{http://www.gnu.org/software/gmp/gmp.html}. Instructions on how to -configure, build and install this package are included within the -package. Please make sure you build development and runtime libraries -(which is the default). - - -@c ================================================================== -@node OpenSSL, , GMP, Libraries +@node OpenSSL, , Libraries, Libraries @subsection OpenSSL @cindex OpenSSL @@ -396,10 +368,13 @@ by the OpenSSL library. We recommend using version 0.9.5 or 0.9.6 of this library. Other versions may also work, but we can guarantee nothing. -Disclaimers from the subsection on GMP also apply here; if this library -is not installed, you wil get an error when running configure. Support -for running tinc without having OpenSSL installed @emph{may} be added in -the future. +If this library is not installed, you wil get an error when configuring +tinc for build. Support for running tinc without having OpenSSL +installed @emph{may} be added in the future. + +You can use your operating system's package manager to install this if +available. Make sure you install the development AND runtime versions +of this package. If you have to install OpenSSL manually, you can get the source code from @url{http://www.openssl.org/}. Instructions on how to configure, From 97ce045189e330e121873d1b4be1959c60062cbb Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 14 Oct 2000 22:22:06 +0000 Subject: [PATCH 108/923] Add CVS id lines --- doc/tinc.texi | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/doc/tinc.texi b/doc/tinc.texi index 16229e53..8c909b9c 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,4 +1,5 @@ \input texinfo @c -*-texinfo-*- +@c $Id: tinc.texi,v 1.8.4.5 2000/10/14 22:22:06 zarq Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -16,6 +17,7 @@ Copyright @copyright{} 1998,199,2000 Ivo Timmermans , Guus Sliepen and Wessel Dankers . +$Id: tinc.texi,v 1.8.4.5 2000/10/14 22:22:06 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -40,6 +42,8 @@ Copyright @copyright{} 1998,1999,2000 Ivo Timmermans , Guus Sliepen and Wessel Dankers . +$Id: tinc.texi,v 1.8.4.5 2000/10/14 22:22:06 zarq Exp $ + Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. From 85adeef21275633b78a234b2660cbe3bc9dd2c33 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 15 Oct 2000 00:59:37 +0000 Subject: [PATCH 109/923] - The daemon actually runs now (somewhat) - Added support for tun/tap driver (autodetect!) - More sophisticated checkpoint functionality - Updated dutch translation --- lib/utils.c | 35 +- lib/utils.h | 18 +- po/POTFILES.in | 4 +- po/es.po | 1142 ++++++++++++++++++++++++++---------------------- po/nl.po | 985 +++++++++++++++++++---------------------- src/conf.c | 39 +- src/conf.h | 4 +- src/connlist.c | 8 +- src/genauth.c | 5 +- src/meta.c | 4 +- src/net.c | 44 +- src/net.h | 6 +- src/protocol.c | 50 +-- src/protocol.h | 4 +- src/subnet.c | 8 +- src/tincd.c | 76 ++-- 16 files changed, 1259 insertions(+), 1173 deletions(-) diff --git a/lib/utils.c b/lib/utils.c index c8de214f..e0bfe926 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -1,6 +1,7 @@ /* utils.c -- gathering of some stupid small functions - Copyright (C) 1999 Ivo Timmermans + Copyright (C) 1999,2000 Ivo Timmermans + 2000 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -23,9 +24,11 @@ #include "config.h" #include +#include -volatile int cp_line; -volatile char *cp_file; +volatile int (cp_line[]) = {0, 0, 0, 0, 0, 0, 0, 0}; +volatile char (*cp_file[]) = {"?", "?", "?", "?", "?", "?", "?", "?"}; +volatile int cp_index = 0; char *charbin2hex = "0123456789ABCDEF"; @@ -37,19 +40,33 @@ int charhex2bin(char c) return tolower(c) - 'a' + 10; } -void hex2bin(char *src, char *dst, size_t length) +void hex2bin(char *src, char *dst, int length) { - size_t i; + int i; for(i=0; i=0; i--) { - dst[i*2+1] = charbin2hex[src[i] & 15]; - dst[i*2] = charbin2hex[src[i]>>4]; + dst[i*2+1] = charbin2hex[(unsigned char)src[i] & 15]; + dst[i*2] = charbin2hex[(unsigned char)src[i]>>4]; } } + +char *cp_trace() +{ + syslog(LOG_DEBUG, "Checkpoint trace: %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d ...", + cp_file[(cp_index+7)%8], cp_line[(cp_index+7)%8], + cp_file[(cp_index+6)%8], cp_line[(cp_index+6)%8], + cp_file[(cp_index+5)%8], cp_line[(cp_index+5)%8], + cp_file[(cp_index+4)%8], cp_line[(cp_index+4)%8], + cp_file[(cp_index+3)%8], cp_line[(cp_index+3)%8], + cp_file[(cp_index+2)%8], cp_line[(cp_index+2)%8], + cp_file[(cp_index+1)%8], cp_line[(cp_index+1)%8], + cp_file[cp_index], cp_line[cp_index] + ); +} diff --git a/lib/utils.h b/lib/utils.h index a4684f3d..46465f36 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -1,6 +1,7 @@ /* utils.h -- header file for utils.c - Copyright (C) 1999 Ivo Timmermans + Copyright (C) 1999,2000 Ivo Timmermans + 2000 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -26,18 +27,21 @@ enum { DEBUG_CONNECTIONS = 0, DEBUG_PROTOCOL, DEBUG_STATUS, - DEBUG_error, + DEBUG_ERROR, DEBUG_META }; #define min(a,b) (((a)<(b))?(a):(b)) -#define cp { cp_line = __LINE__; cp_file = __FILE__; } +extern volatile int cp_line[]; +extern volatile char *cp_file[]; +extern volatile int cp_index; -extern volatile int cp_line; -extern volatile char *cp_file; +#define cp { cp_line[cp_index] = __LINE__; cp_file[cp_index] = __FILE__; cp_index++; cp_index %= 8; } +#define ecp { fprintf(stderr, "Explicit checkpoint in %s line %d\n", __FILE__, __LINE__); } -extern void hex2bin(char *src, char *dst, size_t length); -extern void bin2hex(char *src, char *dst, size_t length); +extern void hex2bin(char *src, char *dst, int length); +extern void bin2hex(char *src, char *dst, int length); +extern char *cp_trace(void); #endif /* __TINC_UTILS_H__ */ diff --git a/po/POTFILES.in b/po/POTFILES.in index 976c6fd8..df8b507c 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -4,10 +4,12 @@ # Package source files lib/pidfile.c +lib/utils.c src/conf.c -src/encr.c src/genauth.c +src/meta.c src/net.c src/netutl.c src/protocol.c +src/subnet.c src/tincd.c diff --git a/po/es.po b/po/es.po index a040e0dd..6076a85d 100644 --- a/po/es.po +++ b/po/es.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre2\n" -"POT-Creation-Date: 2000-08-17 18:13+0100\n" +"POT-Creation-Date: 2000-10-15 02:53+0200\n" "PO-Revision-Date: 2000-07-02 12:49+01:00\n" "Last-Translator: Enrique Zanardi \n" "Language-Team: Spanish \n" @@ -13,773 +13,677 @@ msgstr "" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: src/conf.c:178 +#: src/conf.c:164 #, c-format -msgid "%s: %d: Invalid variable name `%s'.\n" -msgstr "%s: %d: Nombre de variable `%s' no válido.\n" +msgid "Line %d too long while reading config file %s" +msgstr "" -#: src/conf.c:185 +#: src/conf.c:180 #, c-format -msgid "%s: %d: No value given for `%s'.\n" -msgstr "%s: %d: No se ha definido un valor para `%s'.\n" +msgid "Invalid variable name on line %d while reading config file %s" +msgstr "" -#: src/conf.c:193 +#: src/conf.c:187 #, c-format -msgid "%s: %d: Invalid value `%s' for variable `%s'.\n" -msgstr "%s: %d: Valor `%s' para la variable `%s' no válido.\n" +msgid "No value for variable on line %d while reading config file %s" +msgstr "" -#: src/conf.c:217 +#: src/conf.c:195 #, c-format -msgid "Could not open %s: %s\n" -msgstr "No pude abrir %s: %s\n" +msgid "Invalid value for variable on line %d while reading config file %s" +msgstr "" -#: src/encr.c:111 src/net.c:445 -#, c-format -msgid "Could not open %s: %m" -msgstr "No pude abrir %s: %m" - -#: src/encr.c:118 -#, c-format -msgid "Illegal passphrase in %s; size would be %d" -msgstr "Frase de paso ilegal en %s; el tamaño debe ser %d" - -#: src/encr.c:153 -#, fuzzy, c-format -msgid "Generating %d bits keys" -msgstr "Generando claves de %d bits." - -#: src/encr.c:157 -#, c-format -msgid "Opening /dev/urandom failed: %m" -msgstr "Fallo abriendo /dev/urandom : %m" - -#: src/encr.c:222 -#, c-format -msgid "Encryption key set to %s" -msgstr "Clave de cifrado definida como %s" - -#: src/genauth.c:48 +#: src/genauth.c:78 #, c-format msgid "Usage: %s bits\n" msgstr "Uso: %s bits\n" -#: src/genauth.c:57 +#: src/genauth.c:89 #, c-format msgid "Illegal number: %s\n" msgstr "Número ilegal: %s\n" -#: src/genauth.c:62 -#, c-format -msgid "Generating %d bits number" -msgstr "Generando número de %d bits" +#. Align to bytes for easy mallocing and reading +#: src/genauth.c:95 +#, fuzzy, c-format +msgid "Generating %d bits keys:\n" +msgstr "Generando claves de %d bits." -#: src/genauth.c:67 -msgid "Opening /dev/urandom" -msgstr "Abriendo /dev/urandom" - -#: src/genauth.c:80 -msgid "File was empty!\n" -msgstr "¡El fichero estaba vacío!\n" - -#: src/genauth.c:88 -msgid "" -": done.\n" -"The following line should be ENTIRELY copied into a passphrase file:\n" -msgstr "" -": hecho.\n" -"La siguiente línea debe ser copiada ENTERA a un fichero de frase de paso:\n" - -#: src/genauth.c:100 -msgid ": done.\n" +#: src/genauth.c:99 +#, fuzzy +msgid "Done.\n" msgstr ": hecho.\n" +#: src/genauth.c:101 +#, c-format +msgid "Public key:\t%s\n" +msgstr "" + +#: src/genauth.c:102 +#, c-format +msgid "Private key:\t%s\n" +msgstr "" + +#: src/meta.c:42 +#, fuzzy, c-format +msgid "Sending %d bytes of metadata to %s (%s): %s" +msgstr "Enviados %d bytes a %lx" + +#: src/meta.c:57 +#, fuzzy, c-format +msgid "Sending meta data to %s (%s) failed: %m" +msgstr "Error enviando datos: %m" + +#: src/meta.c:85 src/net.c:773 +#, fuzzy, c-format +msgid "This is a bug: %s:%d: %d:%m %s (%s)" +msgstr "Esto es un `bug': %s:%d: %d:%m" + +#: src/meta.c:91 +#, fuzzy, c-format +msgid "Metadata socket error for %s (%s): %s" +msgstr "Error en el `socket' de metadatos: %s" + +#: src/meta.c:110 +#, fuzzy, c-format +msgid "Connection closed by %s (%s)" +msgstr "Conexión desde %s:%d" + +#: src/meta.c:114 +#, fuzzy, c-format +msgid "Metadata socket read error for %s (%s): %m" +msgstr "Error de lectura del `socket' de metadatos: %m" + +#: src/meta.c:144 +#, fuzzy, c-format +msgid "Got request from %s (%s): %s" +msgstr "Petición desconocida: %s" + +#: src/meta.c:162 +#, fuzzy, c-format +msgid "Metadata read buffer overflow for %s (%s)" +msgstr "Desbordamiento del búfer de lectura de metadatos" + #: src/net.c:106 #, fuzzy, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Enviados %d bytes a %lx" -#: src/net.c:118 +#: src/net.c:115 #, fuzzy, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Error enviando datos: %m" -#: src/net.c:135 src/net.c:177 +#: src/net.c:129 #, fuzzy, c-format -msgid "Receiving packet of %d bytes from %s (%s)" +msgid "Receiving packet of %d bytes" msgstr "Recibiendo clave de " -#: src/net.c:139 src/net.c:181 +#: src/net.c:142 #, c-format msgid "Can't write to tap device: %m" msgstr "No puedo escribir en el dispositivo tap: %m" -#: src/net.c:166 src/net.c:959 -#, fuzzy, c-format -msgid "Got packet from %s (%s) with unknown origin %d.%d.%d.%d?" -msgstr "He recibido un paquete desde un origen desconocido " - -#: src/net.c:295 +#: src/net.c:242 #, fuzzy msgid "Queue flushed" msgstr "cola vaciada" -#: src/net.c:310 +#: src/net.c:257 #, fuzzy, c-format msgid "Flushing send queue for %s (%s)" msgstr "Vaciando la cola de envíos para " -#: src/net.c:318 +#: src/net.c:265 #, fuzzy, c-format msgid "Flushing receive queue for %s (%s)" msgstr "Vaciando la cola de recepción para " -#: src/net.c:336 +#: src/net.c:283 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "" -#: src/net.c:348 src/net.c:361 -#, fuzzy -msgid "There is no remote host I can send this packet to!" -msgstr "No hay máquina remota a la que pueda enviar este paquete." - -#: src/net.c:375 -#, c-format -msgid "Indirect packet to %s via %s" -msgstr "" - -#: src/net.c:380 -#, c-format -msgid "Indirect look up %d.%d.%d.%d in connection list failed!" -msgstr "" - -#: src/net.c:390 -#, c-format -msgid "Double indirection for %d.%d.%d.%d" -msgstr "" - -#: src/net.c:402 +#: src/net.c:297 #, fuzzy, c-format msgid "Could not open UDP connection to %s (%s)" msgstr "No pude abrir %s: %s\n" -#: src/net.c:409 +#: src/net.c:305 #, c-format -msgid "%s (%s) has no valid key, queueing packet" +msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" -#: src/net.c:419 +#: src/net.c:316 #, c-format msgid "%s (%s) is not ready, queueing packet" msgstr "" -#: src/net.c:467 +#: src/net.c:344 +#, c-format +msgid "Could not open %s: %m" +msgstr "No pude abrir %s: %m" + +#: src/net.c:360 +#, c-format +msgid "%s is a new style tun/tap device" +msgstr "" + +#: src/net.c:362 +msgid "tun/tap device will be left unconfigured" +msgstr "" + +#: src/net.c:384 #, c-format msgid "Creating metasocket failed: %m" msgstr "Fallo al crear el metasocket: %m" -#: src/net.c:473 src/net.c:479 src/net.c:541 +#: src/net.c:390 src/net.c:396 src/net.c:458 #, c-format msgid "setsockopt: %m" msgstr "setsockopt(): %m" -#: src/net.c:486 src/net.c:548 +#: src/net.c:403 src/net.c:465 #, c-format msgid "fcntl: %m" msgstr "fcntl(): %m" -#: src/net.c:494 +#: src/net.c:411 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "" -#: src/net.c:510 +#: src/net.c:427 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Ha fallado la llamada a bind() con el puerto %hd/tcp: %m" -#: src/net.c:516 +#: src/net.c:433 #, c-format msgid "listen: %m" msgstr "listen(): %m" -#: src/net.c:535 +#: src/net.c:452 #, c-format msgid "Creating socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:559 +#: src/net.c:476 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Ha fallado la llamada a bind() con el puerto %hd/udp: %m" -#: src/net.c:576 +#: src/net.c:493 #, fuzzy, c-format msgid "Trying to connect to %s" msgstr "Cerrando conexión con %s." -#: src/net.c:586 +#: src/net.c:503 #, fuzzy, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:597 +#: src/net.c:514 #, c-format msgid "%s port %hd: %m" msgstr "" -#: src/net.c:604 +#: src/net.c:521 #, c-format msgid "fcntl for %s port %d: %m" msgstr "" -#: src/net.c:610 +#: src/net.c:527 #, fuzzy, c-format msgid "Connected to %s port %hd" msgstr "Conectado a %s:%hd" -#: src/net.c:630 +#: src/net.c:547 #, fuzzy, c-format msgid "Error looking up `%s': %m" msgstr "Error buscando `%s': %s\n" -#: src/net.c:640 +#: src/net.c:557 #, fuzzy, c-format msgid "Could not set up a meta connection to %s" msgstr "No he podido configurar una meta conexión." -#: src/net.c:665 -msgid "No value for my VPN IP given" -msgstr "No se ha definido un valor para mi VPN IP" +#: src/net.c:586 +msgid "Name for tinc daemon required!" +msgstr "" -#: src/net.c:690 -msgid "Unable to set up a listening socket" +#: src/net.c:594 +msgid "Invalid name for myself!" +msgstr "" + +#: src/net.c:600 +msgid "Cannot open host configuration file for myself!" +msgstr "" + +#: src/net.c:619 +#, fuzzy +msgid "Unable to set up a listening socket!" msgstr "No puedo configurar un `socket' a la escucha" -#: src/net.c:696 -msgid "Unable to set up an incoming vpn data socket" +#: src/net.c:625 +#, fuzzy +msgid "Unable to set up an incoming vpn data socket!" msgstr "No puedo configurar un `socket' para recibir datos de la vpn" -#: src/net.c:703 +#: src/net.c:632 #, fuzzy, c-format msgid "Ready: listening on port %hd" msgstr "Listo: escuchando en el puerto %d." -#: src/net.c:730 +#: src/net.c:660 #, fuzzy, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Siguo sin poder conectar con el otro. Lo reintentaré en %d segundos." -#: src/net.c:768 +#: src/net.c:698 #, fuzzy, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:806 +#: src/net.c:736 #, fuzzy msgid "Terminating" msgstr "Terminando." -#: src/net.c:820 +#: src/net.c:750 #, fuzzy, c-format msgid "Opening UDP socket to %s" msgstr "Abriendo `socket' UDP a " -#: src/net.c:825 +#: src/net.c:755 #, fuzzy, c-format msgid "Creating UDP socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:835 +#: src/net.c:765 #, fuzzy, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Error al crear `socket' de datos: %m" -#: src/net.c:843 src/net.c:930 src/net.c:1128 -#, fuzzy, c-format -msgid "This is a bug: %s:%d: %d:%m %s (%s)" -msgstr "Esto es un `bug': %s:%d: %d:%m" - -#: src/net.c:868 +#: src/net.c:798 #, c-format msgid "Error: getpeername: %m" msgstr "Error: getpeername(): %m" -#: src/net.c:881 +#: src/net.c:813 #, fuzzy, c-format msgid "Connection from %s port %d" msgstr "Conexión desde %s:%d" -#: src/net.c:936 +#: src/net.c:861 #, fuzzy, c-format -msgid "Incoming data socket error for %s (%s): %s" +msgid "This is a bug: %s:%d: %d:%m" +msgstr "Esto es un `bug': %s:%d: %d:%m" + +#: src/net.c:867 +#, fuzzy, c-format +msgid "Incoming data socket error: %s" msgstr "Error en el `socket' de recepción de datos: %s" -#: src/net.c:945 +#: src/net.c:873 #, fuzzy, c-format -msgid "Receiving packet from %s (%s) failed: %m" +msgid "Receiving packet failed: %m" msgstr "Error recibiendo datos: %m" -#: src/net.c:993 +#: src/net.c:894 #, fuzzy, c-format msgid "Closing connection with %s (%s)" msgstr "Cerrando conexión con %s." -#: src/net.c:1037 +#: src/net.c:937 #, fuzzy msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:1067 +#: src/net.c:967 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "" -#: src/net.c:1098 +#: src/net.c:998 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Error al aceptar una nueva conexión: %m" -#: src/net.c:1106 +#: src/net.c:1006 #, fuzzy msgid "Closed attempted connection" msgstr "Se ha cerrado la conexión que se intentaba realizar." -#: src/net.c:1134 -#, fuzzy, c-format -msgid "Metadata socket error for %s (%s): %s" -msgstr "Error en el `socket' de metadatos: %s" - -#: src/net.c:1141 -#, fuzzy -msgid "Metadata read buffer overflow!" -msgstr "Desbordamiento del búfer de lectura de metadatos" - -#: src/net.c:1154 -#, fuzzy, c-format -msgid "Connection closed by %s (%s)" -msgstr "Conexión desde %s:%d" - -#: src/net.c:1158 -#, fuzzy, c-format -msgid "Metadata socket read error for %s (%s): %m" -msgstr "Error de lectura del `socket' de metadatos: %m" - -#: src/net.c:1200 -#, fuzzy, c-format -msgid "Got request from %s (%s): %s" -msgstr "He recibido una petición: %s" - -#: src/net.c:1206 -#, fuzzy, c-format -msgid "Unknown request from %s (%s)" -msgstr "Petición desconocida: %s" - -#: src/net.c:1213 -#, fuzzy, c-format -msgid "Error while processing request from %s (%s)" -msgstr "Error al procesar la petición de " - -#: src/net.c:1220 -#, fuzzy, c-format -msgid "Bogus data received from %s (%s)" -msgstr "Se han recibido datos sin sentido." - -#: src/net.c:1266 +#: src/net.c:1041 #, fuzzy, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Error en el `socket' de datos salientes: %s" -#: src/net.c:1302 +#: src/net.c:1077 #, c-format msgid "Error while reading from tapdevice: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1312 -#, c-format -msgid "Non-IP ethernet frame %04x from " +#: src/net.c:1087 +#, fuzzy, c-format +msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" msgstr "Trama ethernet no-IP %04x de " -#: src/net.c:1320 -msgid "Dropping short packet" -msgstr "Descartando paquete corto" +#: src/net.c:1094 +#, c-format +msgid "Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x" +msgstr "" -#: src/net.c:1359 +#: src/net.c:1133 #, c-format msgid "Error while waiting for input: %m" msgstr "Error esperando entrada: %m" -#: src/net.c:1371 -msgid "Unable to reread configuration file, exiting" -msgstr "" - -#: src/netutl.c:220 +#: src/netutl.c:115 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Error buscando `%s': %s\n" -#: src/netutl.c:244 -msgid "Connection list:" -msgstr "Lista de conexiones:" - -#: src/netutl.c:248 +#: src/protocol.c:80 #, c-format -msgid "" -"%s netmask %d.%d.%d.%d at %s port %hd flags %d sockets %d, %d status %04x" +msgid "Output buffer overflow while sending %s to %s (%s)" msgstr "" -#: src/protocol.c:56 +#: src/protocol.c:87 #, fuzzy, c-format -msgid "Sending ACK to %s (%s)" +msgid "Sending %s to %s (%s)" msgstr "Envio ACK a %s" -#: src/protocol.c:63 +#: src/protocol.c:101 #, fuzzy, c-format -msgid "Send failed: %d:%d: %m" -msgstr "Error enviando: %d:%d: %m" +msgid "Unknown request from %s (%s)" +msgstr "Petición desconocida: %s" -#: src/protocol.c:74 +#: src/protocol.c:108 #, fuzzy, c-format -msgid "Sending TERMREQ to %s (%s)" -msgstr "Envío TERMREQ a " +msgid "Got %s from %s (%s)" +msgstr "He recibido una petición: %s" -#: src/protocol.c:82 src/protocol.c:100 src/protocol.c:118 src/protocol.c:137 -#: src/protocol.c:143 src/protocol.c:161 src/protocol.c:179 src/protocol.c:218 -#: src/protocol.c:236 src/protocol.c:264 src/protocol.c:285 src/protocol.c:303 -#: src/protocol.c:346 src/protocol.c:376 src/protocol.c:866 src/protocol.c:969 +#: src/protocol.c:114 #, fuzzy, c-format -msgid "Send failed: %s:%d: %m" -msgstr "Error enviando: %s:%d: %m" +msgid "Error while processing %s from %s (%s)" +msgstr "Error al procesar la petición de " -#: src/protocol.c:93 +#: src/protocol.c:121 #, fuzzy, c-format -msgid "Sending TIMEOUT to %s (%s)" -msgstr "Envío TIMEOUT a " +msgid "Bogus data received from %s (%s)" +msgstr "Se han recibido datos sin sentido." -#: src/protocol.c:111 -#, c-format -msgid "Sending DEL_HOST for %s (%s) to %s (%s)" -msgstr "" - -#: src/protocol.c:130 +#: src/protocol.c:167 #, fuzzy, c-format -msgid "Sending PACKET to %s (%s)" -msgstr "Envio ACK a %s" - -#: src/protocol.c:154 -#, fuzzy, c-format -msgid "Sending PING to %s (%s)" -msgstr "Enviando KEY_CHANGED to " - -#: src/protocol.c:172 -#, fuzzy, c-format -msgid "Sending PONG to %s (%s)" -msgstr "Enviando KEY_CHANGED to " - -#: src/protocol.c:211 -#, c-format -msgid "Sending ADD_HOST for %s (%s) to %s (%s)" -msgstr "" - -#: src/protocol.c:229 -#, fuzzy, c-format -msgid "Sending KEY_CHANGED origin %s to %s (%s)" -msgstr "Enviando KEY_CHANGED to " - -#: src/protocol.c:257 -#, fuzzy, c-format -msgid "Sending BASIC_INFO to %s" -msgstr "Enviando BASIC_INFO a " - -#: src/protocol.c:278 -#, fuzzy, c-format -msgid "Sending PASSPHRASE to %s (%s)" -msgstr "Enviando PASSPHRASE %s a " - -#: src/protocol.c:296 -#, fuzzy, c-format -msgid "Sending PUBLIC_KEY to %s (%s)" -msgstr "Enviando PUBLIC_KEY %s a " - -#: src/protocol.c:333 -#, c-format -msgid "Attempting to send REQ_KEY to %d.%d.%d.%d, which does not exist?" -msgstr "" - -#: src/protocol.c:339 -#, fuzzy, c-format -msgid "Sending REQ_KEY to %s (%s)" -msgstr "Enviando KEY_CHANGED to " - -#: src/protocol.c:363 -#, c-format -msgid "Attempting to send ANS_KEY to %d.%d.%d.%d, which does not exist?" -msgstr "" - -#: src/protocol.c:369 -#, fuzzy, c-format -msgid "Sending ANS_KEY to %s (%s)" -msgstr "Envio ACK a %s" - -#: src/protocol.c:424 -#, fuzzy, c-format -msgid "Got BASIC_INFO from %s" +msgid "Got bad ID from %s" msgstr "recibí una petición BASIC_INFO incorrecta: %s" -#: src/protocol.c:428 +#: src/protocol.c:175 #, fuzzy, c-format -msgid "Got bad BASIC_INFO from %s" -msgstr "recibí una petición BASIC_INFO incorrecta: %s" - -#: src/protocol.c:437 -#, fuzzy, c-format -msgid "Peer uses incompatible protocol version %d" +msgid "Peer %s (%s) uses incompatible version %d" msgstr "" "La máquina remota usa una versión incompatible del protocolo (versión %d)." -#: src/protocol.c:452 +#: src/protocol.c:184 +#, c-format +msgid "Peer %s uses invalid identity name" +msgstr "" + +#: src/protocol.c:192 +#, c-format +msgid "Peer %s had unknown identity (%s)" +msgstr "" + +#: src/protocol.c:207 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "" -#: src/protocol.c:482 +#: src/protocol.c:253 #, fuzzy, c-format -msgid "Got bad PASSPHRASE from %s (%s)" -msgstr "recibí una petición PASSPHRASE incorrecta: %s" +msgid "Got bad CHALLENGE from %s (%s)" +msgstr "recibí KEY_CHANGED de " -#: src/protocol.c:489 +#: src/protocol.c:261 +#, c-format +msgid "Intruder: wrong challenge length from %s (%s)" +msgstr "" + +#: src/protocol.c:287 +#, c-format +msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" +msgstr "" + +#: src/protocol.c:318 #, fuzzy, c-format -msgid "Got PASSPHRASE from %s (%s)" -msgstr "recibí una petición PASSPHRASE incorrecta: %s" +msgid "Got bad CHAL_REPLY from %s (%s)" +msgstr "recibí una petición ANS_KEY incorrecta: %s" -#: src/protocol.c:507 -#, fuzzy, c-format -msgid "Got bad PUBLIC_KEY from %s (%s)" -msgstr "recibí una petición PUBLIC_KEY incorrecta: %s" +#: src/protocol.c:327 +#, c-format +msgid "Intruder: wrong challenge reply length from %s (%s)" +msgstr "" -#: src/protocol.c:513 -#, fuzzy, c-format -msgid "Got PUBLIC_KEY from %s (%s)" -msgstr "recibí PUBLIC_KEY %s" +#: src/protocol.c:344 +#, c-format +msgid "Intruder: wrong challenge reply from %s (%s)" +msgstr "" -#. intruder! -#: src/protocol.c:519 -#, fuzzy, c-format -msgid "Intruder from %s: passphrase for %s does not match!" -msgstr "Intruso: la frase de paso no concuerda." - -#: src/protocol.c:538 +#: src/protocol.c:386 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" -#: src/protocol.c:547 src/protocol.c:567 +#: src/protocol.c:398 #, fuzzy, c-format msgid "Connection with %s (%s) activated" msgstr "Activada la conexión con %s." -#: src/protocol.c:561 -#, c-format -msgid "Got ACK from %s (%s)" -msgstr "" - -#: src/protocol.c:583 -#, c-format -msgid "Got unauthorized TERMREQ from %s (%s)" -msgstr "" - -#: src/protocol.c:589 -#, c-format -msgid "Got TERMREQ from %s (%s)" -msgstr "" - -#: src/protocol.c:604 -#, c-format -msgid "Got unauthorized TIMEOUT from %s (%s)" -msgstr "" - -#: src/protocol.c:610 -#, c-format -msgid "Got TIMEOUT from %s (%s)" -msgstr "" - -#: src/protocol.c:626 +#: src/protocol.c:438 #, fuzzy, c-format -msgid "Got unauthorized DEL_HOST from %s (%s)" -msgstr "recibí una petición DEL_HOST incorrecta: %s" - -#: src/protocol.c:633 -#, fuzzy, c-format -msgid "Got bad DEL_HOST from %s (%s)" -msgstr "recibí una petición DEL_HOST incorrecta: %s" - -#: src/protocol.c:640 -#, c-format -msgid "Got DEL_HOST for %d.%d.%d.%d from %s (%s) which does not exist?" -msgstr "" - -#: src/protocol.c:648 -#, c-format -msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" -msgstr "" - -#: src/protocol.c:655 -#, c-format -msgid "Got DEL_HOST for %s (%s) from %s (%s)" -msgstr "" - -#: src/protocol.c:674 -#, c-format -msgid "Got unauthorized PACKET from %s (%s)" -msgstr "" - -#: src/protocol.c:681 -#, c-format -msgid "Got bad PACKET from %s (%s)" -msgstr "" - -#: src/protocol.c:688 -#, c-format -msgid "Got too big PACKET from %s (%s)" -msgstr "" - -#: src/protocol.c:694 -#, c-format -msgid "Got PACKET length %d from %s (%s)" -msgstr "" - -#: src/protocol.c:708 -#, c-format -msgid "Got unauthorized PING from %s (%s)" -msgstr "" - -#: src/protocol.c:714 -#, c-format -msgid "Got PING from %s (%s)" -msgstr "" - -#: src/protocol.c:730 -#, c-format -msgid "Got unauthorized PONG from %s (%s)" -msgstr "" - -#: src/protocol.c:736 -#, c-format -msgid "Got PONG from %s (%s)" -msgstr "" - -#: src/protocol.c:755 -#, fuzzy, c-format -msgid "Got unauthorized ADD_HOST from %s (%s)" +msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:762 +#: src/protocol.c:447 +#, fuzzy, c-format +msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" +msgstr "recibí una petición ADD_HOST incorrecta: %s" + +#: src/protocol.c:456 +#, fuzzy, c-format +msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" +msgstr "recibí una petición ADD_HOST incorrecta: %s" + +#: src/protocol.c:467 +#, c-format +msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" +msgstr "" + +#: src/protocol.c:478 +#, c-format +msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" +msgstr "" + +#: src/protocol.c:506 +#, fuzzy, c-format +msgid "Got bad DEL_SUBNET from %s (%s)" +msgstr "recibí una petición DEL_HOST incorrecta: %s" + +#: src/protocol.c:515 +#, fuzzy, c-format +msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" +msgstr "recibí una petición DEL_HOST incorrecta: %s" + +#: src/protocol.c:524 +#, fuzzy, c-format +msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" +msgstr "recibí una petición DEL_HOST incorrecta: %s" + +#: src/protocol.c:535 +#, c-format +msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" +msgstr "" + +#: src/protocol.c:546 +#, c-format +msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" +msgstr "" + +#: src/protocol.c:577 #, fuzzy, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:772 -#, c-format -msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" -msgstr "" +#: src/protocol.c:585 +#, fuzzy, c-format +msgid "Got bad ADD_HOST from %s (%s): invalid identity name" +msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:779 -#, c-format -msgid "Removing old entry for %s (%s)" -msgstr "" - -#: src/protocol.c:789 +#: src/protocol.c:594 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:809 +#: src/protocol.c:604 #, c-format -msgid "Got ADD_HOST for %s (%s) from %s (%s)" +msgid "Warning: got ADD_HOST from %s (%s) from ourself, restarting" msgstr "" -#: src/protocol.c:827 -#, c-format -msgid "Got unauthorized REQ_KEY from %s (%s)" -msgstr "" - -#: src/protocol.c:834 -#, fuzzy, c-format -msgid "Got bad REQ_KEY from %s (%s)" -msgstr "recibí REQ_KEY de " - -#: src/protocol.c:840 -#, c-format -msgid "Got REQ_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" -msgstr "" - -#: src/protocol.c:853 -#, c-format -msgid "Attempting to forward REQ_KEY to %d.%d.%d.%d, which does not exist?" -msgstr "" - -#: src/protocol.c:859 -#, c-format -msgid "Forwarding REQ_KEY to %s (%s)" -msgstr "" - -#: src/protocol.c:918 -#, c-format -msgid "Got unauthorized ANS_KEY from %s (%s)" -msgstr "" - -#: src/protocol.c:925 -#, fuzzy, c-format -msgid "Got bad ANS_KEY from %s (%s)" -msgstr "recibí una petición ANS_KEY incorrecta: %s" - -#: src/protocol.c:931 -#, c-format -msgid "Got ANS_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" -msgstr "" - -#: src/protocol.c:940 +#: src/protocol.c:614 #, c-format msgid "" -"Receiving ANS_KEY origin %d.%d.%d.%d from %s (%s), which does not exist?" +"Got ADD_HOST from %s (%s) with origin %s which is not in our connection list" msgstr "" -#: src/protocol.c:956 +#: src/protocol.c:633 #, c-format -msgid "Attempting to forward ANS_KEY to %d.%d.%d.%d, which does not exist?" +msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "" -#: src/protocol.c:962 +#: src/protocol.c:640 #, c-format -msgid "Forwarding ANS_KEY to %s (%s)" +msgid "Removing old entry for %s (%s)" msgstr "" -#: src/protocol.c:983 +#: src/protocol.c:683 #, fuzzy, c-format -msgid "Got unauthorized KEY_CHANGED from %s (%s)" -msgstr "recibí KEY_CHANGED de " +msgid "Got bad DEL_HOST from %s (%s)" +msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:990 +#: src/protocol.c:692 +#, fuzzy, c-format +msgid "Got bad DEL_HOST from %s (%s): invalid identity name" +msgstr "recibí una petición DEL_HOST incorrecta: %s" + +#: src/protocol.c:701 +#, c-format +msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" +msgstr "" + +#: src/protocol.c:712 +#, c-format +msgid "Warning: got DEL_HOST from %s (%s) from ourself, restarting" +msgstr "" + +#: src/protocol.c:722 +#, c-format +msgid "" +"Got DEL_HOST from %s (%s) with origin %s which is not in our connection list" +msgstr "" + +#: src/protocol.c:734 +#, c-format +msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" +msgstr "" + +#: src/protocol.c:744 +#, fuzzy, c-format +msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" +msgstr "recibí una petición DEL_HOST incorrecta: %s" + +#: src/protocol.c:776 +#, fuzzy, c-format +msgid "Got bad STATUS from %s (%s)" +msgstr "recibí una petición ANS_KEY incorrecta: %s" + +#: src/protocol.c:783 +#, fuzzy, c-format +msgid "Status message from %s (%s): %s: %s" +msgstr "He recibido una petición: %s" + +#: src/protocol.c:807 +#, fuzzy, c-format +msgid "Got bad ERROR from %s (%s)" +msgstr "recibí una petición DEL_HOST incorrecta: %s" + +#: src/protocol.c:814 +#, fuzzy, c-format +msgid "Error message from %s (%s): %s: %s" +msgstr "He recibido una petición: %s" + +#: src/protocol.c:892 #, fuzzy, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "recibí KEY_CHANGED de " -#: src/protocol.c:999 +#: src/protocol.c:899 #, c-format -msgid "Got KEY_CHANGED origin %d.%d.%d.%d from %s (%s), which does not exist?" +msgid "" +"Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " +"connection list" msgstr "" -#: src/protocol.c:1005 +#: src/protocol.c:929 #, fuzzy, c-format -msgid "Got KEY_CHANGED origin %s from %s (%s)" -msgstr "recibí KEY_CHANGED de " +msgid "Got bad REQ_KEY from %s (%s)" +msgstr "recibí REQ_KEY de " -#: src/tincd.c:96 +#: src/protocol.c:936 +#, c-format +msgid "" +"Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " +"list" +msgstr "" + +#: src/protocol.c:952 +#, c-format +msgid "" +"Got REQ_KEY from %s (%s) destination %s which does not exist in our " +"connection list" +msgstr "" + +#: src/protocol.c:980 +#, fuzzy, c-format +msgid "Got bad ANS_KEY from %s (%s)" +msgstr "recibí una petición ANS_KEY incorrecta: %s" + +#: src/protocol.c:987 +#, c-format +msgid "" +"Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " +"list" +msgstr "" + +#: src/protocol.c:1003 +#, fuzzy, c-format +msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key" +msgstr "recibí una petición ANS_KEY incorrecta: %s" + +#: src/protocol.c:1016 +#, c-format +msgid "" +"Got ANS_KEY from %s (%s) destination %s which does not exist in our " +"connection list" +msgstr "" + +#: src/tincd.c:94 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Pruebe `%s --help' para más información.\n" -#: src/tincd.c:99 +#: src/tincd.c:97 #, c-format msgid "" "Usage: %s [option]...\n" @@ -788,9 +692,10 @@ msgstr "" "Modo de empleo: %s [opción]...\n" "\n" -#: src/tincd.c:100 +#: src/tincd.c:98 +#, fuzzy msgid "" -" -c, --config=FILE Read configuration options from FILE.\n" +" -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" " -d Increase debug level.\n" " -k, --kill Attempt to kill a running tincd and exit.\n" @@ -805,7 +710,7 @@ msgstr "" " -t, --timeout=TIEMPO Segundos a esperar antes de cancelar una " "trasmisión.\n" -#: src/tincd.c:106 +#: src/tincd.c:104 msgid "" " --help Display this help and exit.\n" " --version Output version information and exit.\n" @@ -815,75 +720,80 @@ msgstr "" " --version Muestra información de la versión y termina.\n" "\n" -#: src/tincd.c:108 +#: src/tincd.c:106 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "Comunicar `bugs' a tinc@nl.linux.org.\n" -#: src/tincd.c:146 +#: src/tincd.c:144 #, c-format msgid "Invalid timeout value `%s'.\n" msgstr "Valor de `timeout' no válido `%s'.\n" -#: src/tincd.c:160 +#: src/tincd.c:158 #, fuzzy, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Memoria agotada (la última es %s:%d) (no pude asignar %d bytes); terminando." -#: src/tincd.c:215 +#: src/tincd.c:213 #, fuzzy, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) comenzando, nivel de depuración %d." -#: src/tincd.c:218 +#: src/tincd.c:216 #, fuzzy, c-format msgid "tincd %s starting" msgstr "tincd %s comenzando, nivel de depuración %d." -#: src/tincd.c:233 +#: src/tincd.c:231 #, fuzzy, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Total de bytes escritos: tap %d, socket %d; bytes leidos: tap %d, socket %d." -#: src/tincd.c:251 +#: src/tincd.c:249 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "" "Un tincd está actualmente en ejecución para la red `%s' con el pid %d.\n" -#: src/tincd.c:254 +#: src/tincd.c:252 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Un tincd está actualmente en ejecución con el pid %d.\n" -#: src/tincd.c:275 +#: src/tincd.c:273 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "No hay ningún otro tincd en ejecución para la red `%s'.\n" -#: src/tincd.c:277 +#: src/tincd.c:275 msgid "No other tincd is running.\n" msgstr "No hay ningún otro tincd en ejecución.\n" -#: src/tincd.c:284 +#: src/tincd.c:282 msgid "Removing stale lock file.\n" msgstr "Borrando fichero de bloqueo en desuso.\n" -#: src/tincd.c:334 +#. Do some intl stuff right now +#: src/tincd.c:325 +msgid "unknown" +msgstr "" + +#: src/tincd.c:331 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "" -#: src/tincd.c:335 +#: src/tincd.c:332 +#, fuzzy msgid "" -"Copyright (C) 1998,1999,2000 Ivo Timmermans and others,\n" -"see the AUTHORS file for a complete list.\n" +"Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" +"See the AUTHORS file for a complete list.\n" "\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" "and you are welcome to redistribute it under certain conditions;\n" "see the file COPYING for details.\n" -"\n" msgstr "" "Copyright (C) 1998,1999,2000 Ivo Timmermans y otros,\n" "vea el fichero AUTHORS para una lista completa.\n" @@ -892,70 +802,238 @@ msgstr "" "y puede ser redistribuido bajo ciertas condiciones;\n" "vea el fichero COPYING para los detalles.\n" -#: src/tincd.c:340 -msgid "" -"This product includes software developed by Eric Young (eay@mincom.oz.au)\n" -msgstr "" -"Este producto incluye software desarrollado por Eric Young " -"(eay@mincom.oz.au)\n" - -#: src/tincd.c:350 +#: src/tincd.c:346 #, fuzzy msgid "You must be root to run this program. Sorry.\n" msgstr "" "Usted debe ser el superusuario para ejecutar este programa. Lo siento.\n" -#: src/tincd.c:380 -#, c-format -msgid "Unrecoverable error, restarting in %d seconds!" +#: src/tincd.c:377 +msgid "Unrecoverable error" msgstr "" -#: src/tincd.c:389 +#: src/tincd.c:382 +#, c-format +msgid "Restarting in %d seconds!" +msgstr "" + +#: src/tincd.c:387 src/tincd.c:433 +msgid "Aieee! Not restarting." +msgstr "" + +#: src/tincd.c:397 msgid "Got TERM signal" msgstr "Recibí la señal TERM" -#: src/tincd.c:397 +#: src/tincd.c:405 msgid "Got QUIT signal" msgstr "Recibí la señal QUIT" -#: src/tincd.c:404 +#: src/tincd.c:412 msgid "Got another SEGV signal: not restarting" msgstr "Recibí otra señal SEGV: no reinicio" -#: src/tincd.c:412 -#, fuzzy, c-format -msgid "Got SEGV signal after %s line %d, trying to re-execute" -msgstr "Recibí la señal SEGV después de %s línea %d. Intento reiniciar." - -#: src/tincd.c:415 +#: src/tincd.c:419 #, fuzzy -msgid "Got SEGV signal, trying to re-execute" -msgstr "Recibí la señal SEGV; intento reiniciar." +msgid "Got SEGV signal" +msgstr "Recibí la señal TERM" -#: src/tincd.c:427 +#: src/tincd.c:424 +#, fuzzy +msgid "Trying to re-execute in 5 seconds..." +msgstr "Intento re-establecer la conexión saliente en 5 segundos." + +#: src/tincd.c:442 msgid "Got HUP signal, rereading configuration and restarting" msgstr "" -#: src/tincd.c:435 +#: src/tincd.c:450 #, fuzzy msgid "Got INT signal, exiting" msgstr "Recibí la señal INT" -#: src/tincd.c:449 +#: src/tincd.c:464 #, fuzzy msgid "Got USR2 signal, forcing new key generation" msgstr "Forzando generación de una nueva clave" -#: src/tincd.c:457 +#: src/tincd.c:473 #, fuzzy, c-format -msgid "Got unexpected signal %d after %s line %d" -msgstr "Recibí una señal inesperada (%d) después de %s línea %d." - -#: src/tincd.c:460 -#, fuzzy, c-format -msgid "Got unexpected signal %d" +msgid "Got unexpected signal %d (%s)" msgstr "Recibí una señal inesperada (%d)." +#~ msgid "Illegal passphrase in %s; size would be %d" +#~ msgstr "Frase de paso ilegal en %s; el tamaño debe ser %d" + +#, fuzzy +#~ msgid "Generating %d bits keys" +#~ msgstr "Generando claves de %d bits." + +#~ msgid "Opening /dev/urandom failed: %m" +#~ msgstr "Fallo abriendo /dev/urandom : %m" + +#~ msgid "Encryption key set to %s" +#~ msgstr "Clave de cifrado definida como %s" + +#, fuzzy +#~ msgid "Got bad error from %s (%s)" +#~ msgstr "recibí REQ_KEY de " + +#~ msgid "%s: %d: Invalid variable name `%s'.\n" +#~ msgstr "%s: %d: Nombre de variable `%s' no válido.\n" + +#~ msgid "%s: %d: No value given for `%s'.\n" +#~ msgstr "%s: %d: No se ha definido un valor para `%s'.\n" + +#~ msgid "%s: %d: Invalid value `%s' for variable `%s'.\n" +#~ msgstr "%s: %d: Valor `%s' para la variable `%s' no válido.\n" + +#~ msgid "Could not open %s: %s\n" +#~ msgstr "No pude abrir %s: %s\n" + +#~ msgid "Generating %d bits number" +#~ msgstr "Generando número de %d bits" + +#~ msgid "Opening /dev/urandom" +#~ msgstr "Abriendo /dev/urandom" + +#~ msgid "File was empty!\n" +#~ msgstr "¡El fichero estaba vacío!\n" + +#~ msgid "" +#~ ": done.\n" +#~ "The following line should be ENTIRELY copied into a passphrase file:\n" +#~ msgstr "" +#~ ": hecho.\n" +#~ "La siguiente línea debe ser copiada ENTERA a un fichero de frase de paso:\n" + +#, fuzzy +#~ msgid "Got packet from %s (%s) with unknown origin %d.%d.%d.%d?" +#~ msgstr "He recibido un paquete desde un origen desconocido " + +#, fuzzy +#~ msgid "There is no remote host I can send this packet to!" +#~ msgstr "No hay máquina remota a la que pueda enviar este paquete." + +#~ msgid "No value for my VPN IP given" +#~ msgstr "No se ha definido un valor para mi VPN IP" + +#~ msgid "Dropping short packet" +#~ msgstr "Descartando paquete corto" + +#~ msgid "Connection list:" +#~ msgstr "Lista de conexiones:" + +#, fuzzy +#~ msgid "Send failed: %d:%d: %m" +#~ msgstr "Error enviando: %d:%d: %m" + +#, fuzzy +#~ msgid "Sending TERMREQ to %s (%s)" +#~ msgstr "Envío TERMREQ a " + +#, fuzzy +#~ msgid "Send failed: %s:%d: %m" +#~ msgstr "Error enviando: %s:%d: %m" + +#, fuzzy +#~ msgid "Sending TIMEOUT to %s (%s)" +#~ msgstr "Envío TIMEOUT a " + +#, fuzzy +#~ msgid "Sending PACKET to %s (%s)" +#~ msgstr "Envio ACK a %s" + +#, fuzzy +#~ msgid "Sending PING to %s (%s)" +#~ msgstr "Enviando KEY_CHANGED to " + +#, fuzzy +#~ msgid "Sending PONG to %s (%s)" +#~ msgstr "Enviando KEY_CHANGED to " + +#, fuzzy +#~ msgid "Sending KEY_CHANGED origin %s to %s (%s)" +#~ msgstr "Enviando KEY_CHANGED to " + +#, fuzzy +#~ msgid "Sending BASIC_INFO to %s" +#~ msgstr "Enviando BASIC_INFO a " + +#, fuzzy +#~ msgid "Sending PASSPHRASE to %s (%s)" +#~ msgstr "Enviando PASSPHRASE %s a " + +#, fuzzy +#~ msgid "Sending PUBLIC_KEY to %s (%s)" +#~ msgstr "Enviando PUBLIC_KEY %s a " + +#, fuzzy +#~ msgid "Sending REQ_KEY to %s (%s)" +#~ msgstr "Enviando KEY_CHANGED to " + +#, fuzzy +#~ msgid "Sending ANS_KEY to %s (%s)" +#~ msgstr "Envio ACK a %s" + +#, fuzzy +#~ msgid "Got BASIC_INFO from %s" +#~ msgstr "recibí una petición BASIC_INFO incorrecta: %s" + +#, fuzzy +#~ msgid "Got bad PASSPHRASE from %s (%s)" +#~ msgstr "recibí una petición PASSPHRASE incorrecta: %s" + +#, fuzzy +#~ msgid "Got PASSPHRASE from %s (%s)" +#~ msgstr "recibí una petición PASSPHRASE incorrecta: %s" + +#, fuzzy +#~ msgid "Got bad PUBLIC_KEY from %s (%s)" +#~ msgstr "recibí una petición PUBLIC_KEY incorrecta: %s" + +#, fuzzy +#~ msgid "Got PUBLIC_KEY from %s (%s)" +#~ msgstr "recibí PUBLIC_KEY %s" + +#, fuzzy +#~ msgid "Intruder from %s: passphrase for %s does not match!" +#~ msgstr "Intruso: la frase de paso no concuerda." + +#, fuzzy +#~ msgid "Got unauthorized DEL_HOST from %s (%s)" +#~ msgstr "recibí una petición DEL_HOST incorrecta: %s" + +#, fuzzy +#~ msgid "Got unauthorized ADD_HOST from %s (%s)" +#~ msgstr "recibí una petición ADD_HOST incorrecta: %s" + +#, fuzzy +#~ msgid "Got unauthorized KEY_CHANGED from %s (%s)" +#~ msgstr "recibí KEY_CHANGED de " + +#, fuzzy +#~ msgid "Got KEY_CHANGED origin %s from %s (%s)" +#~ msgstr "recibí KEY_CHANGED de " + +#~ msgid "" +#~ "This product includes software developed by Eric Young (eay@mincom.oz.au)\n" +#~ msgstr "" +#~ "Este producto incluye software desarrollado por Eric Young " +#~ "(eay@mincom.oz.au)\n" + +#, fuzzy +#~ msgid "Got SEGV signal after %s line %d, trying to re-execute" +#~ msgstr "Recibí la señal SEGV después de %s línea %d. Intento reiniciar." + +#, fuzzy +#~ msgid "Got SEGV signal, trying to re-execute" +#~ msgstr "Recibí la señal SEGV; intento reiniciar." + +#, fuzzy +#~ msgid "Got unexpected signal %d after %s line %d" +#~ msgstr "Recibí una señal inesperada (%d) después de %s línea %d." + #~ msgid "packet to queue: %d" #~ msgstr "paquete a poner en cola: %d" diff --git a/po/nl.po b/po/nl.po index f2ac38f1..44e097f3 100644 --- a/po/nl.po +++ b/po/nl.po @@ -2,782 +2,707 @@ # Copyright (C) 1999, 2000 Ivo Timmermans, Guus Sliepen. # Ivo Timmermans , 1999, 2000. # Guus Sliepen , 2000. -# msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-08-17 18:13+0100\n" +"POT-Creation-Date: 2000-10-15 02:53+0200\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" -"Last-Translator: Ivo Timmermans \n" +"Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: src/conf.c:178 +#: src/conf.c:164 #, c-format -msgid "%s: %d: Invalid variable name `%s'.\n" -msgstr "%s: %d: Ongeldige variabelenaam `%s'.\n" +msgid "Line %d too long while reading config file %s" +msgstr "Regel %d te lang tijdens het lezen van configuratie bestand %s" -#: src/conf.c:185 +#: src/conf.c:180 #, c-format -msgid "%s: %d: No value given for `%s'.\n" -msgstr "%s: %d: Geen waarde gegeven voor `%s'.\n" +msgid "Invalid variable name on line %d while reading config file %s" +msgstr "" +"Ongeldige naam voor variabele op regel %d tijdens het lezen van configuratie " +"bestand %s" -#: src/conf.c:193 +#: src/conf.c:187 #, c-format -msgid "%s: %d: Invalid value `%s' for variable `%s'.\n" -msgstr "%s: %d: Ongeldige waarde `%s' voor variabele `%s'.\n" +msgid "No value for variable on line %d while reading config file %s" +msgstr "" +"Geen waarde voor variabele op regel %d tijdens het lezen van configuratie " +"bestand %s" -#: src/conf.c:217 +#: src/conf.c:195 #, c-format -msgid "Could not open %s: %s\n" -msgstr "Kon %s niet openen: %s\n" +msgid "Invalid value for variable on line %d while reading config file %s" +msgstr "" +"Ongeldige waarde voor variabele op regel %d tijdens het lezen van " +"configuratie bestand %s" -#: src/encr.c:111 src/net.c:445 -#, c-format -msgid "Could not open %s: %m" -msgstr "Kon %s niet openen: %m" - -#: src/encr.c:118 -#, c-format -msgid "Illegal passphrase in %s; size would be %d" -msgstr "Ongeldig wachtwoord in %s; grootte zou %d zijn" - -#: src/encr.c:153 -#, c-format -msgid "Generating %d bits keys" -msgstr "%d bits sleutel genereren" - -#: src/encr.c:157 -#, c-format -msgid "Opening /dev/urandom failed: %m" -msgstr "Openen van /dev/urandom mislukt: %m" - -#: src/encr.c:222 -#, c-format -msgid "Encryption key set to %s" -msgstr "Sleutel ingesteld op %s" - -#: src/genauth.c:48 +#: src/genauth.c:78 #, c-format msgid "Usage: %s bits\n" msgstr "Gebruik: %s bits\n" -#: src/genauth.c:57 +#: src/genauth.c:89 #, c-format msgid "Illegal number: %s\n" msgstr "Ongeldig nummer: %s\n" -#: src/genauth.c:62 +#. Align to bytes for easy mallocing and reading +#: src/genauth.c:95 #, c-format -msgid "Generating %d bits number" -msgstr "Genereren van %d bits nummer" +msgid "Generating %d bits keys:\n" +msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/genauth.c:67 -msgid "Opening /dev/urandom" -msgstr "Openen van /dev/urandom" +#: src/genauth.c:99 +msgid "Done.\n" +msgstr "Klaar.\n" -#: src/genauth.c:80 -msgid "File was empty!\n" -msgstr "Bestand was leeg!\n" +#: src/genauth.c:101 +#, c-format +msgid "Public key: %s\n" +msgstr "Publieke sleutel: %s\n" -#: src/genauth.c:88 -msgid "" -": done.\n" -"The following line should be ENTIRELY copied into a passphrase file:\n" -msgstr "" -": klaar.\n" -"De volgende regel dient in zijn GEHEEL naar een wachtwoordbestand worden " -"gekopieerd:\n" +#: src/genauth.c:102 +#, c-format +msgid "Private key: %s\n" +msgstr "Privé sleutel: %s\n" -#: src/genauth.c:100 -msgid ": done.\n" -msgstr ": klaar.\n" +#: src/meta.c:42 +#, c-format +msgid "Sending %d bytes of metadata to %s (%s): %s" +msgstr "Verzending %d bytes metadata naar %s (%s): %s" + +#: src/meta.c:57 +#, c-format +msgid "Sending meta data to %s (%s) failed: %m" +msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" + +#: src/meta.c:85 src/net.c:773 +#, c-format +msgid "This is a bug: %s:%d: %d:%m %s (%s)" +msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" + +#: src/meta.c:91 +#, c-format +msgid "Metadata socket error for %s (%s): %s" +msgstr "Fout op metadata socket voor %s (%s): %s" + +#: src/meta.c:110 +#, c-format +msgid "Connection closed by %s (%s)" +msgstr "Verbinding beëindigd door %s (%s)" + +#: src/meta.c:114 +#, c-format +msgid "Metadata socket read error for %s (%s): %m" +msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %m" + +#: src/meta.c:144 +#, c-format +msgid "Got request from %s (%s): %s" +msgstr "Kreeg verzoek van %s (%s): %s" + +#: src/meta.c:162 +#, c-format +msgid "Metadata read buffer overflow for %s (%s)" +msgstr "Metadata leesbuffer overvol voor %s (%s)" #: src/net.c:106 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net.c:118 +#: src/net.c:115 #, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" -#: src/net.c:135 src/net.c:177 +#: src/net.c:129 #, c-format -msgid "Receiving packet of %d bytes from %s (%s)" -msgstr "Ontvangst pakket van %d bytes van %s (%s)" +msgid "Receiving packet of %d bytes" +msgstr "Ontvangst pakket van %d bytes" -#: src/net.c:139 src/net.c:181 +#: src/net.c:142 #, c-format msgid "Can't write to tap device: %m" msgstr "Kan niet naar tap apparaat schrijven: %m" -#: src/net.c:166 src/net.c:959 -#, c-format -msgid "Got packet from %s (%s) with unknown origin %d.%d.%d.%d?" -msgstr "Kreeg pakket van %s (%s) met onbekende herkomst %d.%d.%d.%d?" - -#: src/net.c:295 +#: src/net.c:242 msgid "Queue flushed" msgstr "Wachtrij leeggemaakt" -#: src/net.c:310 +#: src/net.c:257 #, c-format msgid "Flushing send queue for %s (%s)" msgstr "Legen van verzend-wachtrij voor %s (%s)" -#: src/net.c:318 +#: src/net.c:265 #, c-format msgid "Flushing receive queue for %s (%s)" msgstr "Legen van de ontvangst-wachtrij voor %s (%s)" -#: src/net.c:336 +#: src/net.c:283 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" -#: src/net.c:348 src/net.c:361 -msgid "There is no remote host I can send this packet to!" -msgstr "Er is geen partner waar ik dit pakket naar kan sturen!" - -#: src/net.c:375 -#, c-format -msgid "Indirect packet to %s via %s" -msgstr "Indirect pakket naar %s via %s" - -#: src/net.c:380 -#, c-format -msgid "Indirect look up %d.%d.%d.%d in connection list failed!" -msgstr "Indirect opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" - -#: src/net.c:390 -#, c-format -msgid "Double indirection for %d.%d.%d.%d" -msgstr "Dubbele indirectie voor %d.%d.%d.%d" - -#: src/net.c:402 +#: src/net.c:297 #, c-format msgid "Could not open UDP connection to %s (%s)" msgstr "Kon geen UDP verbinding openen naar %s (%s)" -#: src/net.c:409 +#: src/net.c:305 #, c-format -msgid "%s (%s) has no valid key, queueing packet" -msgstr "%s (%s) heeft geen geldige sleutel, pakket wordt in de wachtrij gezet" +msgid "No valid key known yet for %s (%s), queueing packet" +msgstr "" +"Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in de wachtrij " +"gezet" -#: src/net.c:419 +#: src/net.c:316 #, c-format msgid "%s (%s) is not ready, queueing packet" msgstr "%s (%s) is niet gereed, pakket wordt in de wachtrij gezet" -#: src/net.c:467 +#: src/net.c:344 +#, c-format +msgid "Could not open %s: %m" +msgstr "Kon %s niet openen: %m" + +#: src/net.c:360 +#, c-format +msgid "%s is a new style tun/tap device" +msgstr "%s is een nieuwe stijl tun/tap apparaat" + +#: src/net.c:362 +msgid "tun/tap device will be left unconfigured" +msgstr "tun/tap apparaat wordt ongeconfigureerd gelaten" + +#: src/net.c:384 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:473 src/net.c:479 src/net.c:541 +#: src/net.c:390 src/net.c:396 src/net.c:458 #, c-format msgid "setsockopt: %m" msgstr "setsockopt: %m" -#: src/net.c:486 src/net.c:548 +#: src/net.c:403 src/net.c:465 #, c-format msgid "fcntl: %m" msgstr "fcntl: %m" -#: src/net.c:494 +#: src/net.c:411 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:510 +#: src/net.c:427 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:516 +#: src/net.c:433 #, c-format msgid "listen: %m" msgstr "listen: %m" -#: src/net.c:535 +#: src/net.c:452 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:559 +#: src/net.c:476 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:576 +#: src/net.c:493 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:586 +#: src/net.c:503 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:597 +#: src/net.c:514 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:604 +#: src/net.c:521 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:610 +#: src/net.c:527 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:630 +#: src/net.c:547 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:640 +#: src/net.c:557 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:665 -msgid "No value for my VPN IP given" -msgstr "Geen waarde gegeven voor mijn VPN IP adres" +#: src/net.c:586 +msgid "Name for tinc daemon required!" +msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:690 -msgid "Unable to set up a listening socket" -msgstr "Kon geen luistersocket aanmaken" +#: src/net.c:594 +msgid "Invalid name for myself!" +msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:696 -msgid "Unable to set up an incoming vpn data socket" -msgstr "Kon geen socket maken voor inkomend vpn verkeer" +#: src/net.c:600 +msgid "Cannot open host configuration file for myself!" +msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:703 +#: src/net.c:619 +msgid "Unable to set up a listening socket!" +msgstr "Kon geen luistersocket aanmaken!" + +#: src/net.c:625 +msgid "Unable to set up an incoming vpn data socket!" +msgstr "Kon geen socket maken voor inkomend vpn verkeer!" + +#: src/net.c:632 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:730 +#: src/net.c:660 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:768 +#: src/net.c:698 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:806 +#: src/net.c:736 msgid "Terminating" msgstr "Beëindigen" -#: src/net.c:820 +#: src/net.c:750 #, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:825 +#: src/net.c:755 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:835 +#: src/net.c:765 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:843 src/net.c:930 src/net.c:1128 -#, c-format -msgid "This is a bug: %s:%d: %d:%m %s (%s)" -msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" - -#: src/net.c:868 +#: src/net.c:798 #, c-format msgid "Error: getpeername: %m" msgstr "Fout: getpeername: %m" -#: src/net.c:881 +#: src/net.c:813 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:936 +#: src/net.c:861 #, c-format -msgid "Incoming data socket error for %s (%s): %s" -msgstr "Fout op socket voor inkomend verkeer voor %s (%s): %s" +msgid "This is a bug: %s:%d: %d:%m" +msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:945 +#: src/net.c:867 #, c-format -msgid "Receiving packet from %s (%s) failed: %m" -msgstr "Ontvangst pakket van %s (%s) mislukt: %m" +msgid "Incoming data socket error: %s" +msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:993 +#: src/net.c:873 +#, c-format +msgid "Receiving packet failed: %m" +msgstr "Ontvangst pakket mislukt: %m" + +#: src/net.c:894 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1037 +#: src/net.c:937 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:1067 +#: src/net.c:967 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1098 +#: src/net.c:998 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1106 +#: src/net.c:1006 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1134 -#, c-format -msgid "Metadata socket error for %s (%s): %s" -msgstr "Fout op socket voor metaverkeer voor %s (%s): %s" - -#: src/net.c:1141 -msgid "Metadata read buffer overflow!" -msgstr "Metadata ontvangstbuffer overloop!" - -#: src/net.c:1154 -#, c-format -msgid "Connection closed by %s (%s)" -msgstr "Verbinding verbroken door %s (%s)" - -#: src/net.c:1158 -#, c-format -msgid "Metadata socket read error for %s (%s): %m" -msgstr "Fout op socket voor metaverkeer voor %s (%s) tijdens lezen: %m" - -#: src/net.c:1200 -#, c-format -msgid "Got request from %s (%s): %s" -msgstr "Ontving verzoek van %s (%s): %s" - -#: src/net.c:1206 -#, c-format -msgid "Unknown request from %s (%s)" -msgstr "Onbekend verzoek van %s (%s)" - -#: src/net.c:1213 -#, c-format -msgid "Error while processing request from %s (%s)" -msgstr "Fout tijdens afhandelen van verzoek van %s (%s)" - -#: src/net.c:1220 -#, c-format -msgid "Bogus data received from %s (%s)" -msgstr "Onzinnige data ontvangen van %s (%s)" - -#: src/net.c:1266 +#: src/net.c:1041 #, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" -#: src/net.c:1302 +#: src/net.c:1077 #, c-format msgid "Error while reading from tapdevice: %m" msgstr "Fout tijdens lezen van tap-apparaatbestand tijdens lezen: %m" -#: src/net.c:1312 +#: src/net.c:1087 #, c-format -msgid "Non-IP ethernet frame %04x from " -msgstr "Niet-IP ethernet pakket %04x van " +msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" +msgstr "Niet-IP ethernet pakket %04x van %02x:%02x:%02x:%02x:%02x:%02x" -#: src/net.c:1320 -msgid "Dropping short packet" -msgstr "Te kort pakket genegeerd" +#: src/net.c:1094 +#, c-format +msgid "Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x" +msgstr "Te kort pakket van %02x:%02x:%02x:%02x:%02x:%02x genegeerd" -#: src/net.c:1359 +#: src/net.c:1133 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1371 -msgid "Unable to reread configuration file, exiting" -msgstr "Fout tijdens herlezen configuratie bestand, beëindigen" - -#: src/netutl.c:220 +#: src/netutl.c:115 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Fout bij het opzoeken van `%s': %s\n" -#: src/netutl.c:244 -msgid "Connection list:" -msgstr "Verbindingslijst:" - -#: src/netutl.c:248 +#: src/protocol.c:80 #, c-format -msgid "" -"%s netmask %d.%d.%d.%d at %s port %hd flags %d sockets %d, %d status %04x" -msgstr "" -"%s netmask %d.%d.%d.%d op %s poort %hd vlaggen %hd sockets %d, %d status %04x" +msgid "Output buffer overflow while sending %s to %s (%s)" +msgstr "Uitvoer buffer overvol tijdens zenden %s naar %s (%s)" -#: src/protocol.c:56 +#: src/protocol.c:87 #, c-format -msgid "Sending ACK to %s (%s)" -msgstr "Verzending ACK naar %s (%s)" +msgid "Sending %s to %s (%s)" +msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:63 +#: src/protocol.c:101 #, c-format -msgid "Send failed: %d:%d: %m" -msgstr "Verzenden mislukte: %d:%d: %m" +msgid "Unknown request from %s (%s)" +msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:74 +#: src/protocol.c:108 #, c-format -msgid "Sending TERMREQ to %s (%s)" -msgstr "Verzending TERMREQ naar %s (%s)" +msgid "Got %s from %s (%s)" +msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:82 src/protocol.c:100 src/protocol.c:118 src/protocol.c:137 -#: src/protocol.c:143 src/protocol.c:161 src/protocol.c:179 src/protocol.c:218 -#: src/protocol.c:236 src/protocol.c:264 src/protocol.c:285 src/protocol.c:303 -#: src/protocol.c:346 src/protocol.c:376 src/protocol.c:866 src/protocol.c:969 +#: src/protocol.c:114 #, c-format -msgid "Send failed: %s:%d: %m" -msgstr "Verzenden mislukte: %s:%d: %m" +msgid "Error while processing %s from %s (%s)" +msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:93 +#: src/protocol.c:121 #, c-format -msgid "Sending TIMEOUT to %s (%s)" -msgstr "Verzending TIMEOUT naar %s (%s)" +msgid "Bogus data received from %s (%s)" +msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:111 +#: src/protocol.c:167 #, c-format -msgid "Sending DEL_HOST for %s (%s) to %s (%s)" -msgstr "Verzending DEL_HOST voor %s (%s) naar %s (%s)" +msgid "Got bad ID from %s" +msgstr "Kreeg ongeldige ID van %s" -#: src/protocol.c:130 +#: src/protocol.c:175 #, c-format -msgid "Sending PACKET to %s (%s)" -msgstr "Verzending PACKET naar %s (%s)" +msgid "Peer %s (%s) uses incompatible version %d" +msgstr "Ander %s (%s) gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:154 +#: src/protocol.c:184 #, c-format -msgid "Sending PING to %s (%s)" -msgstr "Verzending PING naar %s (%s)" +msgid "Peer %s uses invalid identity name" +msgstr "Ander %s gebruikt een ongeldige identiteitsnaam" -#: src/protocol.c:172 +#: src/protocol.c:192 #, c-format -msgid "Sending PONG to %s (%s)" -msgstr "Verzending PONG naar %s (%s)" +msgid "Peer %s had unknown identity (%s)" +msgstr "Ander %s heeft een onbekende identiteit (%s)" -#: src/protocol.c:211 -#, c-format -msgid "Sending ADD_HOST for %s (%s) to %s (%s)" -msgstr "Verzending ADD_HOST voor %s (%s) naar %s (%s)" - -#: src/protocol.c:229 -#, c-format -msgid "Sending KEY_CHANGED origin %s to %s (%s)" -msgstr "Verzending KEY_CHANGED herkomst %s naar %s (%s)" - -#: src/protocol.c:257 -#, c-format -msgid "Sending BASIC_INFO to %s" -msgstr "Verzending BASIC_INFO naar %s" - -#: src/protocol.c:278 -#, c-format -msgid "Sending PASSPHRASE to %s (%s)" -msgstr "Verzending PASSPHRASE naar %s (%s)" - -#: src/protocol.c:296 -#, c-format -msgid "Sending PUBLIC_KEY to %s (%s)" -msgstr "Verzending PUBLIC_KEY naar %s (%s)" - -#: src/protocol.c:333 -#, c-format -msgid "Attempting to send REQ_KEY to %d.%d.%d.%d, which does not exist?" -msgstr "Poging tot verzenden REQ_KEY naar %d.%d.%d.%d, die niet bestaat?" - -#: src/protocol.c:339 -#, c-format -msgid "Sending REQ_KEY to %s (%s)" -msgstr "Verzending REQ_KEY naar %s (%s)" - -#: src/protocol.c:363 -#, c-format -msgid "Attempting to send ANS_KEY to %d.%d.%d.%d, which does not exist?" -msgstr "Poging tot verzenden ANS_KEY naar %d.%d.%d.%d, die niet bestaat?" - -#: src/protocol.c:369 -#, c-format -msgid "Sending ANS_KEY to %s (%s)" -msgstr "Verzending ANS_KEY naar %s (%s)" - -#: src/protocol.c:424 -#, c-format -msgid "Got BASIC_INFO from %s" -msgstr "Kreeg BASIC_INFO van %s" - -#: src/protocol.c:428 -#, c-format -msgid "Got bad BASIC_INFO from %s" -msgstr "Kreeg ongeldige BASIC_INFO van %s" - -#: src/protocol.c:437 -#, c-format -msgid "Peer uses incompatible protocol version %d" -msgstr "De ander gebruikt een niet-compatibel protocol versie %d" - -#: src/protocol.c:452 +#: src/protocol.c:207 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "%s (%s) staat al in onze verbindingslijst" -#: src/protocol.c:482 +#: src/protocol.c:253 #, c-format -msgid "Got bad PASSPHRASE from %s (%s)" -msgstr "Kreeg ongeldige PASSPHRASE van %s (%s)" +msgid "Got bad CHALLENGE from %s (%s)" +msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" -#: src/protocol.c:489 +#: src/protocol.c:261 #, c-format -msgid "Got PASSPHRASE from %s (%s)" -msgstr "Kreeg PASSPHRASE van %s (%s)" +msgid "Intruder: wrong challenge length from %s (%s)" +msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" -#: src/protocol.c:507 +#: src/protocol.c:287 #, c-format -msgid "Got bad PUBLIC_KEY from %s (%s)" -msgstr "Kreeg ongeldige PUBLIC_KEY van %s (%s)" +msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" +msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" -#: src/protocol.c:513 +#: src/protocol.c:318 #, c-format -msgid "Got PUBLIC_KEY from %s (%s)" -msgstr "Kreeg PUBLIC_KEY van %s (%s)" +msgid "Got bad CHAL_REPLY from %s (%s)" +msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" -#. intruder! -#: src/protocol.c:519 +#: src/protocol.c:327 #, c-format -msgid "Intruder from %s: passphrase for %s does not match!" -msgstr "Indringer van %s: wachwoord voor %s komt niet overeen!" +msgid "Intruder: wrong challenge reply length from %s (%s)" +msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" -#: src/protocol.c:538 +#: src/protocol.c:344 +#, c-format +msgid "Intruder: wrong challenge reply from %s (%s)" +msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" + +#: src/protocol.c:386 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:547 src/protocol.c:567 +#: src/protocol.c:398 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:561 +#: src/protocol.c:438 #, c-format -msgid "Got ACK from %s (%s)" -msgstr "Kreeg ACK van %s (%s)" +msgid "Got bad ADD_SUBNET from %s (%s)" +msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" -#: src/protocol.c:583 +#: src/protocol.c:447 #, c-format -msgid "Got unauthorized TERMREQ from %s (%s)" -msgstr "Kreeg niet-geautoriseerde TERMREQ van %s (%s)" +msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" +msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:589 +#: src/protocol.c:456 #, c-format -msgid "Got TERMREQ from %s (%s)" -msgstr "Kreeg TERMREQ van %s (%s)" +msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" +msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" -#: src/protocol.c:604 +#: src/protocol.c:467 #, c-format -msgid "Got unauthorized TIMEOUT from %s (%s)" -msgstr "Kreeg niet-geautoriseerde TIMEOUT van %s (%s)" +msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" +msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:610 +#: src/protocol.c:478 #, c-format -msgid "Got TIMEOUT from %s (%s)" -msgstr "Kreeg TIMEOUT van %s (%s)" +msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" +msgstr "" +"Kreeg DEL_SUBNET voor %d.%d.%d.%d van %s (%s) die niet voorkomt in onze " +"verbindingslijst" -#: src/protocol.c:626 +#: src/protocol.c:506 #, c-format -msgid "Got unauthorized DEL_HOST from %s (%s)" -msgstr "Kreeg niet-geautoriseerde DEL_HOST van %s (%s)" +msgid "Got bad DEL_SUBNET from %s (%s)" +msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" -#: src/protocol.c:633 +#: src/protocol.c:515 #, c-format -msgid "Got bad DEL_HOST from %s (%s)" -msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" +msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" +msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:640 +#: src/protocol.c:524 #, c-format -msgid "Got DEL_HOST for %d.%d.%d.%d from %s (%s) which does not exist?" -msgstr "Kreeg DEL_HOST voor %d.%d.%d.%d van %s (%s), die niet bestaat?" +msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" +msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:648 +#: src/protocol.c:535 #, c-format -msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" -msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" +msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" +msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:655 +#: src/protocol.c:546 #, c-format -msgid "Got DEL_HOST for %s (%s) from %s (%s)" -msgstr "Kreeg DEL_HOST voor %s (%s) van %s (%s)" +msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" +msgstr "" +"Kreeg DEL_SUBNET voor %d.%d.%d.%d van %s (%s) die niet voorkomt in onze " +"verbindingslijst" -#: src/protocol.c:674 -#, c-format -msgid "Got unauthorized PACKET from %s (%s)" -msgstr "Kreeg niet-geautoriseerde PACKET van %s (%s)" - -#: src/protocol.c:681 -#, c-format -msgid "Got bad PACKET from %s (%s)" -msgstr "Kreeg ongeldige PACKET van %s (%s)" - -#: src/protocol.c:688 -#, c-format -msgid "Got too big PACKET from %s (%s)" -msgstr "Kreeg een te grote PACKET van %s (%s)" - -#: src/protocol.c:694 -#, c-format -msgid "Got PACKET length %d from %s (%s)" -msgstr "Kreeg PACKET met lengte %d van %s (%s)" - -#: src/protocol.c:708 -#, c-format -msgid "Got unauthorized PING from %s (%s)" -msgstr "Kreeg niet-geautoriseerde PING van %s (%s)" - -#: src/protocol.c:714 -#, c-format -msgid "Got PING from %s (%s)" -msgstr "Kreeg PING van %s (%s)" - -#: src/protocol.c:730 -#, c-format -msgid "Got unauthorized PONG from %s (%s)" -msgstr "Kreeg niet-geautoriseerde PONG van %s (%s)" - -#: src/protocol.c:736 -#, c-format -msgid "Got PONG from %s (%s)" -msgstr "Kreeg PONG van %s (%s)" - -#: src/protocol.c:755 -#, c-format -msgid "Got unauthorized ADD_HOST from %s (%s)" -msgstr "Kreeg niet-geautoriseerde ADD_HOST van %s (%s)" - -#: src/protocol.c:762 +#: src/protocol.c:577 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:772 +#: src/protocol.c:585 #, c-format -msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" -msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" +msgid "Got bad ADD_HOST from %s (%s): invalid identity name" +msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:779 -#, c-format -msgid "Removing old entry for %s (%s)" -msgstr "Verwijdering oude verbinding voor %s (%s)" - -#: src/protocol.c:789 +#: src/protocol.c:594 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:809 +#: src/protocol.c:604 #, c-format -msgid "Got ADD_HOST for %s (%s) from %s (%s)" -msgstr "Kreeg ADD_HOST voor %s (%s) van %s (%s)" +msgid "Warning: got ADD_HOST from %s (%s) from ourself, restarting" +msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) van onszelf, herstart" -#: src/protocol.c:827 -#, c-format -msgid "Got unauthorized REQ_KEY from %s (%s)" -msgstr "Kreeg niet-geautoriseerde REQ_KEY van %s (%s)" - -#: src/protocol.c:834 -#, c-format -msgid "Got bad REQ_KEY from %s (%s)" -msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" - -#: src/protocol.c:840 -#, c-format -msgid "Got REQ_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" -msgstr "Kreeg REQ_KEY herkmonst %d.%d.%d.%d bestemming %d.%d.%d.%d van %s (%s)" - -#: src/protocol.c:853 -#, c-format -msgid "Attempting to forward REQ_KEY to %d.%d.%d.%d, which does not exist?" -msgstr "Poging tot doorsturen REQ_KEY naar %d.%d.%d.%d, die niet bestaat?" - -#: src/protocol.c:859 -#, c-format -msgid "Forwarding REQ_KEY to %s (%s)" -msgstr "Doorsturen REQ_KEY naar %s (%s)" - -#: src/protocol.c:918 -#, c-format -msgid "Got unauthorized ANS_KEY from %s (%s)" -msgstr "Kreeg niet-geautoriseerde ANS_KEY van %s (%s)" - -#: src/protocol.c:925 -#, c-format -msgid "Got bad ANS_KEY from %s (%s)" -msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" - -#: src/protocol.c:931 -#, c-format -msgid "Got ANS_KEY origin %d.%d.%d.%d destination %d.%d.%d.%d from %s (%s)" -msgstr "Kreeg ANS_KEY herkomst %d.%d.%d.%d bestemming %d.%d.%d.%d van %s (%s)" - -#: src/protocol.c:940 +#: src/protocol.c:614 #, c-format msgid "" -"Receiving ANS_KEY origin %d.%d.%d.%d from %s (%s), which does not exist?" -msgstr "Kreeg ANS_KEY herkomst %d.%d.%d.%d van %s (%s), die niet bestaat?" +"Got ADD_HOST from %s (%s) with origin %s which is not in our connection list" +msgstr "" +"Kreeg ADD_HOST van %s (%s) met herkomst %s die niet in onze verbindingslijst " +"voorkomt" -#: src/protocol.c:956 +#: src/protocol.c:633 #, c-format -msgid "Attempting to forward ANS_KEY to %d.%d.%d.%d, which does not exist?" -msgstr "Poging tot doorsturen ANS_KEY naar %d.%d.%d.%d, die niet besttaat?" +msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" +msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:962 +#: src/protocol.c:640 #, c-format -msgid "Forwarding ANS_KEY to %s (%s)" -msgstr "Doorsturen ANS_KEY naar %s (%s)" +msgid "Removing old entry for %s (%s)" +msgstr "Verwijdering oude verbinding voor %s (%s)" -#: src/protocol.c:983 +#: src/protocol.c:683 #, c-format -msgid "Got unauthorized KEY_CHANGED from %s (%s)" -msgstr "Kreeg niet-geautoriseerde KEY_CHANGED van %s (%s)" +msgid "Got bad DEL_HOST from %s (%s)" +msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:990 +#: src/protocol.c:692 +#, c-format +msgid "Got bad DEL_HOST from %s (%s): invalid identity name" +msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" + +#: src/protocol.c:701 +#, c-format +msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" +msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" + +#: src/protocol.c:712 +#, c-format +msgid "Warning: got DEL_HOST from %s (%s) from ourself, restarting" +msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) van onszelf, herstart" + +#: src/protocol.c:722 +#, c-format +msgid "" +"Got DEL_HOST from %s (%s) with origin %s which is not in our connection list" +msgstr "" +"Kreeg DEL_HOST voor %s (%s) met herkomst %s die niet in onze " +"verbindingslijst voorkomt" + +#: src/protocol.c:734 +#, c-format +msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" +msgstr "" +"Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" + +#: src/protocol.c:744 +#, c-format +msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" +msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" + +#: src/protocol.c:776 +#, c-format +msgid "Got bad STATUS from %s (%s)" +msgstr "Kreeg ongeldige STATUS van %s (%s)" + +#: src/protocol.c:783 +#, c-format +msgid "Status message from %s (%s): %s: %s" +msgstr "Ontving statusbericht van %s (%s): %s: %s" + +#: src/protocol.c:807 +#, c-format +msgid "Got bad ERROR from %s (%s)" +msgstr "Kreeg ongeldige ERROR van %s (%s)" + +#: src/protocol.c:814 +#, c-format +msgid "Error message from %s (%s): %s: %s" +msgstr "Ontving foutmelding van %s (%s): %s: %s" + +#: src/protocol.c:892 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:999 +#: src/protocol.c:899 #, c-format -msgid "Got KEY_CHANGED origin %d.%d.%d.%d from %s (%s), which does not exist?" -msgstr "Kreeg KEY_CHANGED herkomst %d.%d.%d.%d van %s (%s), die niet bestaat?" +msgid "" +"Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " +"connection list" +msgstr "" +"Kreeg KEY_CHANGED van %s (%s) met herkomst %s die niet in onze " +"verbindingslijst voorkomt" -#: src/protocol.c:1005 +#: src/protocol.c:929 #, c-format -msgid "Got KEY_CHANGED origin %s from %s (%s)" -msgstr "Kreeg KEY_CHANGED herkomst %s van %s (%s)" +msgid "Got bad REQ_KEY from %s (%s)" +msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/tincd.c:96 +#: src/protocol.c:936 +#, c-format +msgid "" +"Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " +"list" +msgstr "" +"Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " +"voorkomt" + +#: src/protocol.c:952 +#, c-format +msgid "" +"Got REQ_KEY from %s (%s) destination %s which does not exist in our " +"connection list" +msgstr "" +"Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" + +#: src/protocol.c:980 +#, c-format +msgid "Got bad ANS_KEY from %s (%s)" +msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" + +#: src/protocol.c:987 +#, c-format +msgid "" +"Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " +"list" +msgstr "" +"Kreeg ANS_KEY van %s (%s) met herkomst %s die niet in onze verbindingslijst " +"voorkomt" + +#: src/protocol.c:1003 +#, c-format +msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key" +msgstr "Kreeg ongeldige ANS_KEY van %s (%s) herkomst %s: ongeldige sleutel" + +#: src/protocol.c:1016 +#, c-format +msgid "" +"Got ANS_KEY from %s (%s) destination %s which does not exist in our " +"connection list" +msgstr "" +"Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" + +#: src/tincd.c:94 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:99 +#: src/tincd.c:97 #, c-format msgid "" "Usage: %s [option]...\n" @@ -786,23 +711,23 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:100 +#: src/tincd.c:98 msgid "" -" -c, --config=FILE Read configuration options from FILE.\n" +" -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" " -d Increase debug level.\n" " -k, --kill Attempt to kill a running tincd and exit.\n" " -n, --net=NETNAME Connect to net NETNAME.\n" " -t, --timeout=TIMEOUT Seconds to wait before giving a timeout.\n" msgstr "" -" -c, --config=BESTAND Lees configuratie uit BESTAND.\n" +" -c, --config=MAP Lees configuratie uit MAP.\n" " -D, --no-detach Start geen nieuw proces.\n" " -d Verhoog debugniveau.\n" " -k, --kill Poging tot doden van lopende tincd en beëindig.\n" " -n, --net=NETNAAM Verbind met net NETNAAM.\n" " -t, --timeout=TIMEOUT Seconden wachten op timeout.\n" -#: src/tincd.c:106 +#: src/tincd.c:104 msgid "" " --help Display this help and exit.\n" " --version Output version information and exit.\n" @@ -812,143 +737,153 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:108 +#: src/tincd.c:106 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" -"meld fouten in de vertaling aan vertaling@nl.linux.org.\n" +"Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:146 +#: src/tincd.c:144 #, c-format msgid "Invalid timeout value `%s'.\n" msgstr "Ongeldige timeout waarde `%s'.\n" -#: src/tincd.c:160 +#: src/tincd.c:158 #, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken), beëindigen." -#: src/tincd.c:215 +#: src/tincd.c:213 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) gestart, debugniveau %d" -#: src/tincd.c:218 +#: src/tincd.c:216 #, c-format msgid "tincd %s starting" msgstr "tincd %s gestart" -#: src/tincd.c:233 +#: src/tincd.c:231 #, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " "socket %d." -#: src/tincd.c:251 +#: src/tincd.c:249 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd voor net `%s' draait al met procesnummer %d.\n" -#: src/tincd.c:254 +#: src/tincd.c:252 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met procesnummer %d.\n" -#: src/tincd.c:275 +#: src/tincd.c:273 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd gevonden voor net `%s'.\n" -#: src/tincd.c:277 +#: src/tincd.c:275 msgid "No other tincd is running.\n" msgstr "Geen andere tincd gevonden.\n" -#: src/tincd.c:284 +#: src/tincd.c:282 msgid "Removing stale lock file.\n" msgstr "Ongebruikt vergrendelingsbestand verwijderd.\n" -#: src/tincd.c:334 +#. Do some intl stuff right now +#: src/tincd.c:325 +msgid "unknown" +msgstr "onbekend" + +#: src/tincd.c:331 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:335 +#: src/tincd.c:332 msgid "" -"Copyright (C) 1998,1999,2000 Ivo Timmermans and others,\n" -"see the AUTHORS file for a complete list.\n" +"Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" +"See the AUTHORS file for a complete list.\n" "\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" "and you are welcome to redistribute it under certain conditions;\n" "see the file COPYING for details.\n" -"\n" msgstr "" -"Copyright (C) 1998,1999,2000 Ivo Timmermans en anderen,\n" -"zie het bestand AUTHORS voor een volledige lijst.\n" +"Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen en anderen.\n" +"Zie het bestand AUTHORS voor een volledige lijst.\n" "\n" "tinc wordt gedistribueerd ZONDER ENIGE GARANTIE. Dit is vrije " "programmatuur,\n" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -"\n" -#: src/tincd.c:340 -msgid "" -"This product includes software developed by Eric Young (eay@mincom.oz.au)\n" -msgstr "" -"Dit produkt bevat programmatuur ontwikkeld door Eric Young " -"(eay@mincom.oz.au)\n" - -#: src/tincd.c:350 +#: src/tincd.c:346 msgid "You must be root to run this program. Sorry.\n" msgstr "" "Je moet systeembeheerder zijn om dit programma te kunnen draaien. Sorry.\n" -#: src/tincd.c:380 -#, c-format -msgid "Unrecoverable error, restarting in %d seconds!" -msgstr "Onherstelbare fout, herstart in %d seconden!" +#: src/tincd.c:377 +msgid "Unrecoverable error" +msgstr "Onherstelbare fout" -#: src/tincd.c:389 +#: src/tincd.c:382 +#, c-format +msgid "Restarting in %d seconds!" +msgstr "Herstart in %d seconden!" + +#: src/tincd.c:387 src/tincd.c:433 +msgid "Aieee! Not restarting." +msgstr "Waaah! Geen herstart." + +#: src/tincd.c:397 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/tincd.c:397 +#: src/tincd.c:405 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/tincd.c:404 +#: src/tincd.c:412 msgid "Got another SEGV signal: not restarting" msgstr "Kreeg nog een SEGV signaal: niet herstarten" -#: src/tincd.c:412 -#, c-format -msgid "Got SEGV signal after %s line %d, trying to re-execute" -msgstr "Kreeg SEGV signaal na %s regel %d, probeer opnieuw opstarten" +#: src/tincd.c:419 +msgid "Got SEGV signal" +msgstr "Kreeg SEGV signaal" -#: src/tincd.c:415 -msgid "Got SEGV signal, trying to re-execute" -msgstr "Kreeg SEGV signaal, probeer opnieuw opstarten" +#: src/tincd.c:424 +msgid "Trying to re-execute in 5 seconds..." +msgstr "Poging tot herstaren over 5 seconden..." -#: src/tincd.c:427 +#: src/tincd.c:442 msgid "Got HUP signal, rereading configuration and restarting" msgstr "Kreeg HUP signaal, herlezen configuratie en herstarten" -#: src/tincd.c:435 +#: src/tincd.c:450 msgid "Got INT signal, exiting" msgstr "Kreeg INT signaal, beëindigen" -#: src/tincd.c:449 +#: src/tincd.c:464 msgid "Got USR2 signal, forcing new key generation" msgstr "Kreeg USR2 signaal, nieuwe sleutels geforceerd" -#: src/tincd.c:457 +#: src/tincd.c:473 #, c-format -msgid "Got unexpected signal %d after %s line %d" -msgstr "Kreeg onverwacht signaal %d na %s regel %d" +msgid "Got unexpected signal %d (%s)" +msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/tincd.c:460 -#, c-format -msgid "Got unexpected signal %d" -msgstr "Kreeg onverwacht signaal %d" +#~ msgid "Illegal passphrase in %s; size would be %d" +#~ msgstr "Ongeldig wachtwoord in %s; grootte zou %d zijn" + +#~ msgid "Generating %d bits keys" +#~ msgstr "%d bits sleutel genereren" + +#~ msgid "Opening /dev/urandom failed: %m" +#~ msgstr "Openen van /dev/urandom mislukt: %m" + +#~ msgid "Encryption key set to %s" +#~ msgstr "Sleutel ingesteld op %s" diff --git a/src/conf.c b/src/conf.c index 740f4346..4fc374f8 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.13 2000/10/14 17:04:12 guus Exp $ + $Id: conf.c,v 1.9.4.14 2000/10/15 00:59:34 guus Exp $ */ @@ -41,10 +41,11 @@ #include "connlist.h" #include "system.h" -config_t *config; +config_t *config = NULL; int debug_lvl = 0; int timeout = 0; /* seconds before timeout */ char *confbase = NULL; /* directory in which all config files are */ +char *netname = NULL; /* name of the vpn network */ /* Will be set if HUP signal is received. It will be processed when it is safe. */ int sighup = 0; @@ -58,6 +59,7 @@ static internal_config_t hazahaza[] = { { "ConnectTo", connectto, TYPE_NAME }, { "PingTimeout", pingtimeout, TYPE_INT }, { "TapDevice", tapdevice, TYPE_NAME }, + { "TapSubnet", tapsubnet, TYPE_IP }, { "PrivateKey", privatekey, TYPE_NAME }, { "KeyExpire", keyexpire, TYPE_INT }, { "Hostnames", resolve_dns, TYPE_BOOL }, @@ -116,22 +118,17 @@ cp if(p->data.val) { - if(*cfg) - { - r = *cfg; - while(r->next) - r = r->next; - r->next = p; - } - else - *cfg = p; - p->next = NULL; + p->next = *cfg; + *cfg = p; +cp return p; } - - free(p); + else + { + free(p); cp - return NULL; + return NULL; + } } /* @@ -215,7 +212,7 @@ int read_server_config() char *fname; int x; cp - asprintf(fname, "%s/tinc.conf", confbase); + asprintf(&fname, "%s/tinc.conf", confbase); x = read_config_file(&config, fname); free(fname); cp @@ -230,10 +227,9 @@ const config_t *get_config_val(config_t *p, which_t type) cp for(p = config; p != NULL; p = p->next) if(p->which == type) - return p; + break; cp - /* Not found */ - return NULL; + return p; } /* @@ -246,10 +242,9 @@ cp for(p = config; p != NULL; p = p->next) if(p->which == type) if(--index < 0) - return p; + break; cp - /* Not found */ - return NULL; + return p; } /* diff --git a/src/conf.h b/src/conf.h index a1ab1620..15170576 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.12 2000/10/14 17:04:13 guus Exp $ + $Id: conf.h,v 1.6.4.13 2000/10/15 00:59:34 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -35,6 +35,7 @@ typedef enum which_t { connectto, pingtimeout, tapdevice, + tapsubnet, privatekey, keyexpire, resolve_dns, @@ -88,6 +89,7 @@ extern int timeout; extern int upstreamindex; extern int sighup; extern char *confbase; +extern char *netname; extern config_t *add_config_val(config_t **, int, char *); extern int read_config_file(config_t **, const char *); diff --git a/src/connlist.c b/src/connlist.c index f1b0eba0..b1e3146b 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.3 2000/10/14 17:04:13 guus Exp $ + $Id: connlist.c,v 1.1.2.4 2000/10/15 00:59:34 guus Exp $ */ #include @@ -53,7 +53,7 @@ cp destroy_queue(p->sq); if(p->rq) destroy_queue(p->rq); - if(p->name) + if(p->name && p->name!=unknown) free(p->name); if(p->hostname) free(p->hostname); @@ -61,6 +61,8 @@ cp RSA_free(p->public_key); if(p->cipher_pktkey) free(p->cipher_pktkey); + if(p->buffer) + free(p->buffer); free(p); cp } @@ -214,7 +216,7 @@ int read_host_config(conn_list_t *cl) char *fname; int x; cp - asprintf(fname, "%s/hosts/%s", confbase, cl->name); + asprintf(&fname, "%s/hosts/%s", confbase, cl->name); x = read_config_file(&cl->config, fname); free(fname); cp diff --git a/src/genauth.c b/src/genauth.c index fa2e1ec7..a27bd779 100644 --- a/src/genauth.c +++ b/src/genauth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: genauth.c,v 1.7.4.1 2000/10/11 12:07:27 guus Exp $ + $Id: genauth.c,v 1.7.4.2 2000/10/15 00:59:34 guus Exp $ */ #include "config.h" @@ -98,7 +98,8 @@ int main(int argc, char **argv) fprintf(stderr, _("Done.\n")); - printf("Public key:\t%s\nPrivate key:\t%s\n", BN_bn2hex(key->n), BN_bn2hex(key->d)); + printf(_("Public key: %s\n"), BN_bn2hex(key->n)); + printf(_("Private key: %s\n"), BN_bn2hex(key->d)); return 0; } diff --git a/src/meta.c b/src/meta.c index 3cd2c533..0a40d8c4 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.3 2000/10/11 22:00:58 guus Exp $ + $Id: meta.c,v 1.1.2.4 2000/10/15 00:59:34 guus Exp $ */ #include "config.h" @@ -42,6 +42,8 @@ cp syslog(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s): %s"), length, cl->name, cl->hostname, buffer); + buffer[length-1]='\n'; + if(cl->status.encryptout) { EVP_EncryptUpdate(cl->cipher_outctx, outbuf, &outlen, buffer, length); diff --git a/src/net.c b/src/net.c index c7d3acc9..0e251bee 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.35 2000/10/14 17:04:13 guus Exp $ + $Id: net.c,v 1.35.4.36 2000/10/15 00:59:34 guus Exp $ */ #include "config.h" @@ -37,6 +37,10 @@ #include #include +/* Next two includes are for tun/tap support */ +#include +#include "/usr/src/linux/include/linux/if_tun.h" + #include #include @@ -59,6 +63,8 @@ int total_socket_out = 0; int upstreamindex = 0; static int seconds_till_retry; +char *unknown = NULL; + /* strip off the MAC adresses of an ethernet frame */ @@ -326,19 +332,38 @@ int setup_tap_fd(void) int nfd; const char *tapfname; config_t const *cfg; + struct ifreq ifr; cp - if((cfg = get_config_val(config, tapdevice)) == NULL) - tapfname = "/dev/tap0"; - else + if((cfg = get_config_val(config, tapdevice))) tapfname = cfg->data.ptr; - + else + tapfname = "/dev/misc/net/tun"; +cp if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0) { syslog(LOG_ERR, _("Could not open %s: %m"), tapfname); return -1; } - +cp tap_fd = nfd; + + /* Ok now check if this is an old ethertap or a new tun/tap thingie */ + + memset(&ifr, 0, sizeof(ifr)); +cp + ifr.ifr_flags = IFF_TAP; + if (netname) + strncpy(ifr.ifr_name, netname, IFNAMSIZ); +cp + if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr)) + { + syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname); + if((cfg = get_config_val(config, tapsubnet)) == NULL) + syslog(LOG_INFO, _("tun/tap device will be left unconfigured")); + else + /* Setup inetaddr/netmask etc */; + } + cp return 0; } @@ -554,6 +579,7 @@ cp asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */ myself->flags = 0; + myself->protocol_version = PROT_CURRENT; if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */ { @@ -590,13 +616,13 @@ cp if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0) { - syslog(LOG_ERR, _("Unable to set up a listening socket")); + syslog(LOG_ERR, _("Unable to set up a listening socket!")); return -1; } if((myself->socket = setup_vpn_in_socket(myself->port)) < 0) { - syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket")); + syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!")); close(myself->meta_socket); return -1; } @@ -773,10 +799,12 @@ cp return NULL; } + p->name = unknown; p->address = ntohl(ci.sin_addr.s_addr); p->hostname = hostlookup(ci.sin_addr.s_addr); p->meta_socket = sfd; p->status.meta = 1; + p->buffer = xmalloc(MAXBUFSIZE); p->buflen = 0; p->last_ping_time = time(NULL); p->want_ping = 0; diff --git a/src/net.h b/src/net.h index 2547b1ea..40f3ff0c 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.16 2000/10/14 17:04:15 guus Exp $ + $Id: net.h,v 1.9.4.17 2000/10/15 00:59:35 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -44,7 +44,7 @@ ((unsigned char*)&(x))[1],((unsigned char*)&(x))[0] #endif -#define MAXBUFSIZE 2048 /* Probably way too much, but it must fit every possible request. */ +#define MAXBUFSIZE 4096 /* Probably way too much, but it must fit every possible request. */ /* flags */ #define INDIRECTDATA 0x0001 /* Used to indicate that this host has to be reached indirect */ @@ -124,6 +124,8 @@ extern int total_tap_out; extern int total_socket_in; extern int total_socket_out; +extern char *unknown; + extern char *request_name[256]; extern char *status_text[10]; diff --git a/src/protocol.c b/src/protocol.c index 42b41ebc..97e35e3a 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.39 2000/10/14 17:04:15 guus Exp $ + $Id: protocol.c,v 1.28.4.40 2000/10/15 00:59:35 guus Exp $ */ #include "config.h" @@ -52,40 +52,40 @@ int check_id(char *id) int i; for (i = 0; i < strlen(id); i++) - { - if(!isalpha(id[i]) && id[i] != '_') - { - return 0; - } - } - - return 1; + if(!isalnum(id[i]) && id[i] != '_') + return -1; + + return 0; } /* Generic request routines - takes care of logging and error detection as well */ -int send_request(conn_list_t *cl, const char *format, int request, /*args*/ ...) +int send_request(conn_list_t *cl, const char *format, ...) { va_list args; - char buffer[MAXBUFSIZE+1]; - int len; + char buffer[MAXBUFSIZE]; + int len, request; cp /* Use vsnprintf instead of vasprintf: faster, no memory fragmentation, cleanup is automatic, and there is a limit on the input buffer anyway */ - va_start(args, request); - len = vsnprintf(buffer, MAXBUFSIZE+1, format, args); + va_start(args, format); + len = vsnprintf(buffer, MAXBUFSIZE, format, args); + request = va_arg(args, int); va_end(args); - if(len < 0 || len > MAXBUFSIZE) + if(len < 0 || len > MAXBUFSIZE-1) { syslog(LOG_ERR, _("Output buffer overflow while sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname); return -1; } + len++; + if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname); + cp return send_meta(cl, buffer, len); } @@ -179,7 +179,7 @@ cp /* Check if identity is a valid name */ - if(!check_id(cl->name)) + if(check_id(cl->name)) { syslog(LOG_ERR, _("Peer %s uses invalid identity name"), cl->hostname); return -1; @@ -227,14 +227,14 @@ cp if(!cl->hischallenge) cl->hischallenge = xmalloc(CHAL_LENGTH); - +cp /* Copy random data to the buffer */ RAND_bytes(cl->hischallenge, CHAL_LENGTH); - +cp /* Convert the random data to a hexadecimal formatted string */ - bin2hex(cl->hischallenge,buffer,CHAL_LENGTH); + bin2hex(cl->hischallenge, buffer, CHAL_LENGTH); buffer[CHAL_LENGTH*2] = '\0'; /* Send the challenge */ @@ -442,7 +442,7 @@ cp /* Check if owner name is a valid */ - if(!check_id(name)) + if(check_id(name)) { syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname); free(name); free(subnetstr); @@ -510,7 +510,7 @@ cp /* Check if owner name is a valid */ - if(!check_id(name)) + if(check_id(name)) { syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname); free(name); free(subnetstr); @@ -580,7 +580,7 @@ cp /* Check if identity is a valid name */ - if(!check_id(new->name) || !check_id(sender)) + if(check_id(new->name) || check_id(sender)) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid identity name"), cl->name, cl->hostname); free(sender); @@ -687,7 +687,7 @@ cp /* Check if identity is a valid name */ - if(!check_id(name) || !check_id(sender)) + if(check_id(name) || check_id(sender)) { syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s): invalid identity name"), cl->name, cl->hostname); free(name); free(sender); @@ -804,12 +804,12 @@ int error_h(conn_list_t *cl) cp if(sscanf(cl->buffer, "%*d %d %as", &errno, &errorstring) != 2) { - syslog(LOG_ERR, _("Got bad error from %s (%s)"), + syslog(LOG_ERR, _("Got bad ERROR from %s (%s)"), cl->name, cl->hostname); return -1; } - if(debug_lvl > DEBUG_error) + if(debug_lvl > DEBUG_ERROR) { syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), cl->name, cl->hostname, strerror(errno), errorstring); diff --git a/src/protocol.h b/src/protocol.h index 11041781..27372587 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.10 2000/10/11 22:01:02 guus Exp $ + $Id: protocol.h,v 1.5.4.11 2000/10/15 00:59:36 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -37,7 +37,7 @@ quite large. */ -#define CHAL_LENGTH 2048 +#define CHAL_LENGTH 1024 /* Okay, this is probably waaaaaaaaaaay too large */ /* Request numbers */ diff --git a/src/subnet.c b/src/subnet.c index a7312ba4..12b78ef8 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.3 2000/10/11 22:01:02 guus Exp $ + $Id: subnet.c,v 1.1.2.4 2000/10/15 00:59:37 guus Exp $ */ #include "config.h" @@ -145,7 +145,7 @@ cp switch(subnet->type) { case SUBNET_MAC: - asprintf(netstr, "%d,%hhx:%hhx:%hhx:%hhx:%hhx:%hhx", subnet->type, + asprintf(&netstr, "%d,%hhx:%hhx:%hhx:%hhx:%hhx:%hhx", subnet->type, subnet->net.mac.address.x[0], subnet->net.mac.address.x[1], subnet->net.mac.address.x[2], @@ -153,9 +153,9 @@ cp subnet->net.mac.address.x[4], subnet->net.mac.address.x[5]); case SUBNET_IPV4: - asprintf(netstr, "%d,%lx:%lx", subnet->type, subnet->net.ipv4.address, subnet->net.ipv4.mask); + asprintf(&netstr, "%d,%lx:%lx", subnet->type, subnet->net.ipv4.address, subnet->net.ipv4.mask); case SUBNET_IPV6: - asprintf(netstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", + asprintf(&netstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", subnet->net.ipv6.address.x[0], subnet->net.ipv6.address.x[1], subnet->net.ipv6.address.x[2], diff --git a/src/tincd.c b/src/tincd.c index b016e12a..0536d96f 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.11 2000/10/14 17:04:16 guus Exp $ + $Id: tincd.c,v 1.10.4.12 2000/10/15 00:59:37 guus Exp $ */ #include "config.h" @@ -64,7 +64,6 @@ static int kill_tincd = 0; static int do_detach = 1; char *identname; /* program name for syslog */ -char *netname = NULL; /* name of the vpn network */ char *pidfilename; /* pid file location */ static pid_t ppid; /* pid of non-detached part */ char **g_argv; /* a copy of the cmdline arguments */ @@ -180,7 +179,7 @@ int detach(void) if(pid) /* parent process */ { signal(SIGTERM, parent_exit); - sleep(600); /* wait 10 minutes */ +// sleep(600); /* wait 10 minutes */ exit(1); } } @@ -302,6 +301,7 @@ void make_names(void) } else { + netname = "bla"; if(!pidfilename) pidfilename = "/var/run/tinc.pid"; if(!confbase) @@ -320,17 +320,20 @@ main(int argc, char **argv, char **envp) bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); + /* Do some intl stuff right now */ + + unknown = _("unknown"); + parse_options(argc, argv, envp); if(show_version) { printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT); - printf(_("Copyright (C) 1998,1999,2000 Ivo Timmermans and others,\n" - "see the AUTHORS file for a complete list.\n\n" + printf(_("Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" + "See the AUTHORS file for a complete list.\n\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" "and you are welcome to redistribute it under certain conditions;\n" - "see the file COPYING for details.\n\n")); - printf(_("This product includes software developed by Eric Young (eay@mincom.oz.au)\n")); + "see the file COPYING for details.\n")); return 0; } @@ -365,14 +368,25 @@ main(int argc, char **argv, char **envp) */ for(;;) { - setup_network_connections(); + if(!setup_network_connections()) + { + main_loop(); + cleanup_and_exit(1); + } + + syslog(LOG_ERR, _("Unrecoverable error")); + cp_trace(); - main_loop(); - - cleanup_and_exit(1); - - syslog(LOG_ERR, _("Unrecoverable error, restarting in %d seconds!"), MAXTIMEOUT); - sleep(MAXTIMEOUT); + if(do_detach) + { + syslog(LOG_NOTICE, _("Restarting in %d seconds!"), MAXTIMEOUT); + sleep(MAXTIMEOUT); + } + else + { + syslog(LOG_ERR, _("Aieee! Not restarting.")); + exit(0); + } } } @@ -395,23 +409,30 @@ sigquit_handler(int a) RETSIGTYPE sigsegv_square(int a) { - syslog(LOG_NOTICE, _("Got another SEGV signal: not restarting")); + syslog(LOG_ERR, _("Got another SEGV signal: not restarting")); exit(0); } RETSIGTYPE sigsegv_handler(int a) { - if(cp_file) - syslog(LOG_NOTICE, _("Got SEGV signal after %s line %d, trying to re-execute"), - cp_file, cp_line); - else - syslog(LOG_NOTICE, _("Got SEGV signal, trying to re-execute")); + syslog(LOG_ERR, _("Got SEGV signal")); + cp_trace(); - signal(SIGSEGV, sigsegv_square); - close_network_connections(); - remove_pid(pidfilename); - execvp(g_argv[0], g_argv); + if(do_detach) + { + syslog(LOG_NOTICE, _("Trying to re-execute in 5 seconds...")); + signal(SIGSEGV, sigsegv_square); + close_network_connections(); + sleep(5); + remove_pid(pidfilename); + execvp(g_argv[0], g_argv); + } + else + { + syslog(LOG_NOTICE, _("Aieee! Not restarting.")); + exit(0); + } } RETSIGTYPE @@ -449,11 +470,8 @@ sigusr2_handler(int a) RETSIGTYPE sighuh(int a) { - if(cp_file) - syslog(LOG_NOTICE, _("Got unexpected %s after %s line %d"), - strsignal(a), cp_file, cp_line); - else - syslog(LOG_NOTICE, _("Got unexpected %s"), strsignal(a)); + syslog(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); + cp_trace(); } void From 3b455b8f318528206b08121f5ce93d16e4ea01df Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 15 Oct 2000 17:26:31 +0000 Subject: [PATCH 110/923] Add checks for the presence of the universal tun/tap device driver. --- acconfig.h | 10 ++++++++++ configure.in | 8 ++++++-- m4/tuntap.m4 | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+), 2 deletions(-) create mode 100644 m4/tuntap.m4 diff --git a/acconfig.h b/acconfig.h index 86a35ecb..f1d9ee74 100644 --- a/acconfig.h +++ b/acconfig.h @@ -43,3 +43,13 @@ # include # undef getopt #endif + + +/* Define to the location of the kernel sources */ +#undef CONFIG_TINC_KERNELDIR + +/* Define to 1 if tun/tap support is enabled and found */ +#undef HAVE_TUNTAP + +/* Define to the location of if_tun.h */ +#undef LINUX_IF_TUN_H diff --git a/configure.in b/configure.in index cb42fd58..bc01f175 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.8 2000/10/13 23:34:56 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.9 2000/10/15 17:26:31 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre3) @@ -33,7 +33,7 @@ dnl Checks for libraries. dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS(fcntl.h limits.h sys/ioctl.h syslog.h unistd.h sys/time.h) +AC_CHECK_HEADERS(fcntl.h limits.h sys/ioctl.h syslog.h unistd.h sys/time.h linux/if_tun.h) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST @@ -80,6 +80,10 @@ AC_CHECK_FUNC(gethostbyname, [], [ AC_CHECK_LIB(nsl, gethostbyname) ]) + +dnl Check for TUN/TAP support in the kernel +tinc_TUNTAP + AC_OUTPUT([Makefile src/Makefile doc/Makefile intl/Makefile lib/Makefile m4/Makefile po/Makefile.in redhat/Makefile debian/Makefile]) diff --git a/m4/tuntap.m4 b/m4/tuntap.m4 new file mode 100644 index 00000000..28ddc9ec --- /dev/null +++ b/m4/tuntap.m4 @@ -0,0 +1,35 @@ +dnl Check to find out whether the running kernel has support for TUN/TAP + +AC_DEFUN(tinc_TUNTAP, +[ +dnl Check for directory with kernel source... (from ALSA) +AC_CACHE_CHECK([for directory with kernel source], tinc_cv_kerneldir, +[ AC_ARG_WITH(kernel, + [ --with-kernel=dir give the directory with kernel sources] + [ (default: /usr/src/linux)], + kerneldir="$withval", kerneldir="/usr/src/linux") + AC_DEFINE_UNQUOTED(CONFIG_TINC_KERNELDIR, "$kerneldir") + CONFIG_TINC_KERNELDIR="$kerneldir" + AC_SUBST(CONFIG_TINC_KERNELDIR) + AC_MSG_RESULT($kerneldir) +]) +AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, +[ AC_TRY_COMPILE([linux/if_tun.h], + [int a = IFF_TAP], + if_tun_h="linux/if_tun.h", + [ AC_TRY_COMPILE([$kerneldir/include/linux/if_tun.h], + [int a = IFF_TAP], + if_tun_h="$kerneldir/include/linux/if_tun.h", + if_tun_h="no") + ]) + if test $if_tun_h = no; then + AC_MSG_RESULT(none) + else + AC_DEFINE(HAVE_TUNTAP) + AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, "$if_tun_h") + AC_SUBST(LINUX_IF_TUN_H) + AC_MSG_RESULT($if_tun_h) + fi + AC_SUBST(HAVE_TUNTAP) +]) +]) From e5130495d7d4083d58ab76c26001aa27f5fc13db Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 15 Oct 2000 19:53:15 +0000 Subject: [PATCH 111/923] Wrap the tun/tap code in #ifdef HAVE_TUNTAP --- src/net.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/src/net.c b/src/net.c index 0e251bee..fecf7e6e 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.36 2000/10/15 00:59:34 guus Exp $ + $Id: net.c,v 1.35.4.37 2000/10/15 19:53:15 zarq Exp $ */ #include "config.h" @@ -39,7 +39,10 @@ /* Next two includes are for tun/tap support */ #include -#include "/usr/src/linux/include/linux/if_tun.h" + +#ifdef HAVE_LINUX_IF_TUN_H +#include +#endif #include #include @@ -332,12 +335,19 @@ int setup_tap_fd(void) int nfd; const char *tapfname; config_t const *cfg; + +#ifdef HAVE_TUNTAP struct ifreq ifr; +#endif cp if((cfg = get_config_val(config, tapdevice))) tapfname = cfg->data.ptr; else +#ifdef HAVE_TUNTAP tapfname = "/dev/misc/net/tun"; +#else + tapfname = "/dev/tap0"; +#endif cp if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0) { @@ -347,8 +357,8 @@ cp cp tap_fd = nfd; +#ifdef HAVE_TUNTAP /* Ok now check if this is an old ethertap or a new tun/tap thingie */ - memset(&ifr, 0, sizeof(ifr)); cp ifr.ifr_flags = IFF_TAP; @@ -363,6 +373,7 @@ cp else /* Setup inetaddr/netmask etc */; } +#endif cp return 0; From 8a54c51238672abd7a72c1dbdc7d17b9956a0d35 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 15 Oct 2000 20:13:55 +0000 Subject: [PATCH 112/923] Linearized checks for if_tun.h --- m4/tuntap.m4 | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/m4/tuntap.m4 b/m4/tuntap.m4 index 28ddc9ec..2fc29aef 100644 --- a/m4/tuntap.m4 +++ b/m4/tuntap.m4 @@ -17,11 +17,13 @@ AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, [ AC_TRY_COMPILE([linux/if_tun.h], [int a = IFF_TAP], if_tun_h="linux/if_tun.h", - [ AC_TRY_COMPILE([$kerneldir/include/linux/if_tun.h], + if_tun_h="no") + if test $if_tun_h = no; then + AC_TRY_COMPILE([$kerneldir/include/linux/if_tun.h], [int a = IFF_TAP], if_tun_h="$kerneldir/include/linux/if_tun.h", if_tun_h="no") - ]) + fi if test $if_tun_h = no; then AC_MSG_RESULT(none) else From 782171fd2c59b7cc5568d2d4b33ce041834710ec Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 15 Oct 2000 20:21:27 +0000 Subject: [PATCH 113/923] Really #include the if_tun.h files now --- m4/tuntap.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/m4/tuntap.m4 b/m4/tuntap.m4 index 2fc29aef..585b41f3 100644 --- a/m4/tuntap.m4 +++ b/m4/tuntap.m4 @@ -14,12 +14,12 @@ AC_CACHE_CHECK([for directory with kernel source], tinc_cv_kerneldir, AC_MSG_RESULT($kerneldir) ]) AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, -[ AC_TRY_COMPILE([linux/if_tun.h], +[ AC_TRY_COMPILE([#include ], [int a = IFF_TAP], if_tun_h="linux/if_tun.h", if_tun_h="no") if test $if_tun_h = no; then - AC_TRY_COMPILE([$kerneldir/include/linux/if_tun.h], + AC_TRY_COMPILE([#include "$kerneldir/include/linux/if_tun.h"], [int a = IFF_TAP], if_tun_h="$kerneldir/include/linux/if_tun.h", if_tun_h="no") From baeac83bf465a47d46082e1de40ea14dcf1d39af Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 15 Oct 2000 20:30:39 +0000 Subject: [PATCH 114/923] Corrected #ifdefs for tun/tap support. --- src/net.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/net.c b/src/net.c index fecf7e6e..c57fc198 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.37 2000/10/15 19:53:15 zarq Exp $ + $Id: net.c,v 1.35.4.38 2000/10/15 20:30:39 guus Exp $ */ #include "config.h" @@ -37,11 +37,9 @@ #include #include -/* Next two includes are for tun/tap support */ +#ifdef HAVE_TUNTAP #include - -#ifdef HAVE_LINUX_IF_TUN_H -#include +#include LINUX_IF_TUN_H #endif #include From 6e32b870ee127555888a115163922362c99009f9 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Mon, 16 Oct 2000 11:35:10 +0000 Subject: [PATCH 115/923] Output doc/es/Makefile --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index bc01f175..93a6f746 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.9 2000/10/15 17:26:31 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.10 2000/10/16 11:35:10 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre3) @@ -85,5 +85,5 @@ dnl Check for TUN/TAP support in the kernel tinc_TUNTAP AC_OUTPUT([Makefile src/Makefile -doc/Makefile intl/Makefile lib/Makefile +doc/Makefile doc/es/Makefile intl/Makefile lib/Makefile m4/Makefile po/Makefile.in redhat/Makefile debian/Makefile]) From bb3d18d56fa0dd2bc5146d0a0044b6ef0880bdb4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 16 Oct 2000 16:33:30 +0000 Subject: [PATCH 116/923] - Fixing little things - Two tinc daemons can connect to eachother now (but they disconnect right after the ACKs). --- lib/utils.c | 12 +++++---- src/conf.c | 8 +++--- src/connlist.c | 5 ++-- src/net.c | 68 ++++++++++++++++++++++++++++++++++++-------------- src/protocol.c | 27 ++++++++------------ 5 files changed, 74 insertions(+), 46 deletions(-) diff --git a/lib/utils.c b/lib/utils.c index e0bfe926..fc7abe4c 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -20,6 +20,7 @@ #include #include +#include #include "config.h" @@ -30,21 +31,22 @@ volatile int (cp_line[]) = {0, 0, 0, 0, 0, 0, 0, 0}; volatile char (*cp_file[]) = {"?", "?", "?", "?", "?", "?", "?", "?"}; volatile int cp_index = 0; -char *charbin2hex = "0123456789ABCDEF"; +char *hexadecimals = "0123456789ABCDEF"; int charhex2bin(char c) { if(isdigit(c)) return c - '0'; else - return tolower(c) - 'a' + 10; + return toupper(c) - 'A' + 10; } + void hex2bin(char *src, char *dst, int length) { int i; for(i=0; i=0; i--) { - dst[i*2+1] = charbin2hex[(unsigned char)src[i] & 15]; - dst[i*2] = charbin2hex[(unsigned char)src[i]>>4]; + dst[i*2+1] = hexadecimals[(unsigned char)src[i] & 15]; + dst[i*2] = hexadecimals[(unsigned char)src[i]>>4]; } } diff --git a/src/conf.c b/src/conf.c index 4fc374f8..72ef4081 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.14 2000/10/15 00:59:34 guus Exp $ + $Id: conf.c,v 1.9.4.15 2000/10/16 16:33:29 guus Exp $ */ @@ -90,7 +90,7 @@ add_config_val(config_t **cfg, int argtype, char *val) cp p = (config_t*)xmalloc(sizeof(*p)); p->data.val = 0; - + switch(argtype) { case TYPE_INT: @@ -225,7 +225,7 @@ cp const config_t *get_config_val(config_t *p, which_t type) { cp - for(p = config; p != NULL; p = p->next) + for(; p != NULL; p = p->next) if(p->which == type) break; cp @@ -239,7 +239,7 @@ cp const config_t *get_next_config_val(config_t *p, which_t type, int index) { cp - for(p = config; p != NULL; p = p->next) + for(; p != NULL; p = p->next) if(p->which == type) if(--index < 0) break; diff --git a/src/connlist.c b/src/connlist.c index b1e3146b..ed1467fa 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.4 2000/10/15 00:59:34 guus Exp $ + $Id: connlist.c,v 1.1.2.5 2000/10/16 16:33:29 guus Exp $ */ #include @@ -120,7 +120,8 @@ void conn_list_add(conn_list_t *cl) cp cl->next = conn_list; cl->prev = NULL; - cl->next->prev = cl; + if(cl->next) + cl->next->prev = cl; conn_list = cl; cp } diff --git a/src/net.c b/src/net.c index c57fc198..e9d6ecba 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.38 2000/10/15 20:30:39 guus Exp $ + $Id: net.c,v 1.35.4.39 2000/10/16 16:33:29 guus Exp $ */ #include "config.h" @@ -535,6 +535,8 @@ cp if(debug_lvl > 0) syslog(LOG_INFO, _("Connected to %s port %hd"), cl->hostname, cl->port); + + cl->status.meta = 1; cp return 0; } @@ -546,18 +548,42 @@ cp an authentication sequence during which we will do just that. */ -int setup_outgoing_connection(char *hostname) +int setup_outgoing_connection(char *name) { conn_list_t *ncn; struct hostent *h; + config_t *cfg; cp - if(!(h = gethostbyname(hostname))) + if(check_id(name)) { - syslog(LOG_ERR, _("Error looking up `%s': %m"), hostname); + syslog(LOG_ERR, _("Invalid name for outgoing connection")); return -1; } ncn = new_conn_list(); + asprintf(&ncn->name, "%s", name); + + if(read_host_config(ncn)) + { + syslog(LOG_ERR, _("Error reading host configuration file for %s")); + free_conn_list(ncn); + return -1; + } + + if(!(cfg = get_config_val(ncn->config, address))) + { + syslog(LOG_ERR, _("No address specified for %s")); + free_conn_list(ncn); + return -1; + } + + if(!(h = gethostbyname(cfg->data.ptr))) + { + syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr); + free_conn_list(ncn); + return -1; + } + ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0]))); ncn->hostname = hostlookup(htonl(ncn->address)); @@ -569,10 +595,15 @@ cp return -1; } - ncn->status.meta = 1; ncn->status.outgoing = 1; - ncn->next = conn_list; - conn_list = ncn; + ncn->buffer = xmalloc(MAXBUFSIZE); + ncn->buflen = 0; + ncn->last_ping_time = time(NULL); + ncn->want_ping = 0; + + conn_list_add(ncn); + + send_id(ncn); cp return 0; } @@ -596,7 +627,7 @@ cp return -1; } else - myself->name = (char*)cfg->data.val; + asprintf(&myself->name, "%s", (char*)cfg->data.val); if(check_id(myself->name)) { @@ -648,9 +679,12 @@ sigalrm_handler(int a) { config_t const *cfg; cp -/* FIXME! Use name instead of upstreamip. - cfg = get_next_config_val(config, upstreamip, upstreamindex++); -*/ + cfg = get_next_config_val(config, connectto, upstreamindex++); + + if(!upstreamindex && !cfg) + /* No upstream IP given, we're listen only. */ + return; + while(cfg) { if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ @@ -658,7 +692,7 @@ cp signal(SIGALRM, SIG_IGN); return; } -// cfg = get_next_config_val(config, upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */ + cfg = get_next_config_val(config, connectto, upstreamindex++); /* Or else we try the next ConnectTo line */ } signal(SIGALRM, sigalrm_handler); @@ -690,7 +724,7 @@ cp if(setup_myself() < 0) return -1; -// if((cfg = get_next_config_val(config, upstreamip, upstreamindex++)) == NULL) + if((cfg = get_next_config_val(config, connectto, upstreamindex++)) == NULL) /* No upstream IP given, we're listen only. */ return 0; @@ -698,7 +732,7 @@ cp { if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ return 0; -// cfg = get_next_config_val(config, upstreamip, upstreamindex++); /* Or else we try the next ConnectTo line */ + cfg = get_next_config_val(config, connectto, upstreamindex++); /* Or else we try the next ConnectTo line */ } signal(SIGALRM, sigalrm_handler); @@ -822,11 +856,7 @@ cp syslog(LOG_NOTICE, _("Connection from %s port %d"), p->hostname, htons(ci.sin_port)); - if(send_id(p) < 0) - { - free_conn_list(p); - return NULL; - } + p->allow_request = ID; cp return p; } diff --git a/src/protocol.c b/src/protocol.c index 97e35e3a..cb5c92fc 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.40 2000/10/15 00:59:35 guus Exp $ + $Id: protocol.c,v 1.28.4.41 2000/10/16 16:33:30 guus Exp $ */ #include "config.h" @@ -154,6 +154,8 @@ cp int send_id(conn_list_t *cl) { +cp + cl->allow_request = CHALLENGE; cp return send_request(cl, "%d %s %d %lx", ID, myself->name, myself->protocol_version, myself->options); } @@ -187,7 +189,7 @@ cp /* Load information about peer */ - if(!read_host_config(cl)) + if(read_host_config(cl)) { syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), cl->hostname, cl->name); return -1; @@ -202,6 +204,7 @@ cp if(cl->status.outgoing) { if((old = lookup_id(cl->name))) + if(old != cl) { if(debug_lvl > DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), cl->name, cl->hostname); @@ -211,10 +214,6 @@ cp return 0; } } - - /* Send a challenge to verify the identity */ - - cl->allow_request = CHAL_REPLY; cp return send_challenge(cl); } @@ -313,7 +312,7 @@ int chal_reply_h(conn_list_t *cl) char *hishash; char myhash[SHA_DIGEST_LENGTH]; cp - if(sscanf(cl->buffer, "%*d %as", &hishash) != 2) + if(sscanf(cl->buffer, "%*d %as", &hishash) != 1) { syslog(LOG_ERR, _("Got bad CHAL_REPLY from %s (%s)"), cl->name, cl->hostname); free(hishash); @@ -339,7 +338,7 @@ cp /* Verify the incoming hash with the calculated hash */ - if(!memcmp(hishash, myhash, SHA_DIGEST_LENGTH)) + if(memcmp(hishash, myhash, SHA_DIGEST_LENGTH)) { syslog(LOG_ERR, _("Intruder: wrong challenge reply from %s (%s)"), cl->name, cl->hostname); free(hishash); @@ -354,19 +353,15 @@ cp */ cp if(cl->status.outgoing) - { - cl->allow_request = ACK; return send_ack(cl); - } else - { - cl->allow_request = CHALLENGE; return send_id(cl); - } } int send_ack(conn_list_t *cl) { +cp + cl->allow_request = ACK; cp return send_request(cl, "%d", ACK); } @@ -1051,11 +1046,11 @@ char (*request_name[]) = { /* Status strings */ char (*status_text[]) = { - "FIXME: status text", + "Warning", }; /* Error strings */ char (*error_text[]) = { - "FIXME: error text", + "Error", }; From 20301888b7a0a206119d2cfc48ccf1a667bb4add Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 16 Oct 2000 19:04:47 +0000 Subject: [PATCH 117/923] - More fixing. Tinc daemons can now even create activated connections. --- src/connlist.c | 7 ++++--- src/net.c | 33 +++++++++++++++++++++++---------- src/protocol.c | 7 +++---- 3 files changed, 30 insertions(+), 17 deletions(-) diff --git a/src/connlist.c b/src/connlist.c index ed1467fa..38c7c8b3 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.5 2000/10/16 16:33:29 guus Exp $ + $Id: connlist.c,v 1.1.2.6 2000/10/16 19:04:46 guus Exp $ */ #include @@ -146,8 +146,9 @@ conn_list_t *lookup_id(char *name) conn_list_t *p; cp for(p = conn_list; p != NULL; p = p->next) - if(strcmp(name, p->name) == 0) - break; + if(p->status.active) + if(strcmp(name, p->name) == 0) + break; cp return p; } diff --git a/src/net.c b/src/net.c index e9d6ecba..00254e05 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.39 2000/10/16 16:33:29 guus Exp $ + $Id: net.c,v 1.35.4.40 2000/10/16 19:04:46 guus Exp $ */ #include "config.h" @@ -55,7 +55,7 @@ #include "system.h" int tap_fd = -1; - +int taptype = 0; int total_tap_in = 0; int total_tap_out = 0; int total_socket_in = 0; @@ -355,17 +355,20 @@ cp cp tap_fd = nfd; + taptype = 0; + #ifdef HAVE_TUNTAP /* Ok now check if this is an old ethertap or a new tun/tap thingie */ memset(&ifr, 0, sizeof(ifr)); cp - ifr.ifr_flags = IFF_TAP; + ifr.ifr_flags = IFF_TAP | IFF_NO_PI; if (netname) strncpy(ifr.ifr_name, netname, IFNAMSIZ); cp if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr)) { syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname); + taptype = 1; if((cfg = get_config_val(config, tapsubnet)) == NULL) syslog(LOG_INFO, _("tun/tap device will be left unconfigured")); else @@ -1111,10 +1114,24 @@ void handle_tap_input(void) int ether_type, lenin; cp memset(&vp, 0, sizeof(vp)); - if((lenin = read(tap_fd, &vp, MTU)) <= 0) + + if(taptype = 1) { - syslog(LOG_ERR, _("Error while reading from tapdevice: %m")); - return; + if((lenin = read(tap_fd, vp.data, MTU)) <= 0) + { + syslog(LOG_ERR, _("Error while reading from tapdevice: %m")); + return; + } + vp.len = lenin; + } + else + { + if((lenin = read(tap_fd, &vp, MTU)) <= 0) + { + syslog(LOG_ERR, _("Error while reading from tapdevice: %m")); + return; + } + vp.len = lenin - 2; } total_tap_in += lenin; @@ -1137,10 +1154,6 @@ cp from = ntohl(*((unsigned long*)(&vp.data[26]))); to = ntohl(*((unsigned long*)(&vp.data[30]))); - vp.len = (length_t)lenin - 2; - - strip_mac_addresses(&vp); - send_packet(to, &vp); cp } diff --git a/src/protocol.c b/src/protocol.c index cb5c92fc..20f66447 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.41 2000/10/16 16:33:30 guus Exp $ + $Id: protocol.c,v 1.28.4.42 2000/10/16 19:04:47 guus Exp $ */ #include "config.h" @@ -157,14 +157,14 @@ int send_id(conn_list_t *cl) cp cl->allow_request = CHALLENGE; cp - return send_request(cl, "%d %s %d %lx", ID, myself->name, myself->protocol_version, myself->options); + return send_request(cl, "%d %s %d %lx %hd", ID, myself->name, myself->protocol_version, myself->options, myself->port); } int id_h(conn_list_t *cl) { conn_list_t *old; cp - if(sscanf(cl->buffer, "%*d %as %d %lx", &cl->name, &cl->protocol_version, &cl->options) != 3) + if(sscanf(cl->buffer, "%*d %as %d %lx %hd", &cl->name, &cl->protocol_version, &cl->options, &cl->port) != 4) { syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname); return -1; @@ -204,7 +204,6 @@ cp if(cl->status.outgoing) { if((old = lookup_id(cl->name))) - if(old != cl) { if(debug_lvl > DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), cl->name, cl->hostname); From 31c543ad0fa1d19667a03a9bd183c668def23da0 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 17 Oct 2000 10:14:25 +0000 Subject: [PATCH 118/923] Process subdir es/ --- doc/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/Makefile.am b/doc/Makefile.am index d0bdb3a3..9f3f7ebd 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,5 +1,7 @@ ## Process this file with automake to get Makefile.in +SUBDIRS = es + info_TEXINFOS = tinc.texi dyn_MANS = From e75315dae609f32041ca5ed939fd2a1b69d32d3e Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 17 Oct 2000 10:15:20 +0000 Subject: [PATCH 119/923] Don't declare cp_file and cp_line in xmalloc() --- lib/xmalloc.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/xmalloc.c b/lib/xmalloc.c index 38fb571a..150b1aa7 100644 --- a/lib/xmalloc.c +++ b/lib/xmalloc.c @@ -87,8 +87,6 @@ xmalloc (n) size_t n; { void *p; - extern char*cp_file; - extern int cp_line; p = malloc (n); if (p == 0) From 571cfb5846c710a0a3cdbdddce8936f6b34f1cf1 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 18 Oct 2000 19:44:11 +0000 Subject: [PATCH 120/923] Get the head revision up to date with cabal --- THANKS | 1 + configure.in | 4 ++-- debian/changelog | 4 ++-- debian/control | 3 ++- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/THANKS b/THANKS index 9f8f47f5..6116810a 100644 --- a/THANKS +++ b/THANKS @@ -13,6 +13,7 @@ I would like to thank * Robert van der Meulen (early configuration code) * Cris van Pelt (small fixes) * Enrique Zanardi (for the Spanish translation) + * Matias Carrasco (for the Spanish translation of the manual) for their help, support and ideas. Thank you guys! diff --git a/configure.in b/configure.in index 93a6f746..4adbb627 100644 --- a/configure.in +++ b/configure.in @@ -1,9 +1,9 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.10 2000/10/16 11:35:10 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.11 2000/10/18 19:44:11 zarq Exp $ AC_INIT(src/tincd.c) -AM_INIT_AUTOMAKE(tinc, 1.0pre3) +AM_INIT_AUTOMAKE(tinc, echelon) AM_CONFIG_HEADER(config.h) dnl Include the macros from the m4/ directory diff --git a/debian/changelog b/debian/changelog index f89acaeb..6c570df1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,6 @@ -tinc (1.0pre3-1) unstable; urgency=low +tinc (1.0pre3-0.1) unstable; urgency=low - * + * upgraded to upstream version 1.0pre3 -- Ivo Timmermans Sun, 25 Jun 2000 00:00:00 +0200 diff --git a/debian/control b/debian/control index c08c622b..ea9c9ca2 100644 --- a/debian/control +++ b/debian/control @@ -14,5 +14,6 @@ Description: Virtual Private Network daemon create an entire (moderately sized) VPN with only one daemon per participating computer. . - You need to have two kernel modules installed, the manual will + You need to have two kernel modules installed, on a Debian system + they should already be there; if they are not, the manual will explain you how to do that. From d5fd1344e668da0bc8536e798f347041d5377843 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 19 Oct 2000 14:42:00 +0000 Subject: [PATCH 121/923] - Seed the PRNG using /dev/random before generating the keys. --- src/genauth.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/genauth.c b/src/genauth.c index a27bd779..ad910b1e 100644 --- a/src/genauth.c +++ b/src/genauth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: genauth.c,v 1.7.4.2 2000/10/15 00:59:34 guus Exp $ + $Id: genauth.c,v 1.7.4.3 2000/10/19 14:42:00 guus Exp $ */ #include "config.h" @@ -26,6 +26,7 @@ #include #include #include +#include #include @@ -92,16 +93,20 @@ int main(int argc, char **argv) bits = ((bits - 1) | 7) + 1; /* Align to bytes for easy mallocing and reading */ + fprintf(stderr, _("Seeding the PRNG: please press some keys or move\nthe mouse if this program seems to have halted...\n")); + + RAND_load_file("/dev/random", 1024); /* OpenSSL PRNG state apparently uses 1024 bytes */ + fprintf(stderr, _("Generating %d bits keys:\n"), bits); - key = RSA_generate_key(bits, RSA_PUBLIC_EXPONENT, indicator, NULL); + key = RSA_generate_key(bits, RSA_PUBLIC_EXPONENT, indicator, NULL); fprintf(stderr, _("Done.\n")); printf(_("Public key: %s\n"), BN_bn2hex(key->n)); printf(_("Private key: %s\n"), BN_bn2hex(key->d)); + fflush(stdin); /* Flush any input caused by random keypresses */ + return 0; } - - From 430e14162918864f9f18aad0ec0badc1ccc3e01f Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 19 Oct 2000 17:29:22 +0000 Subject: [PATCH 122/923] Changed changelog --- debian/changelog | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/debian/changelog b/debian/changelog index 6c570df1..629e5524 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,33 +1,35 @@ tinc (1.0pre3-0.1) unstable; urgency=low - * upgraded to upstream version 1.0pre3 + * New upstream version (1.0pre3) + * Better Depends and Build-Depends lines, including all available + versions of GMP. - -- Ivo Timmermans Sun, 25 Jun 2000 00:00:00 +0200 + -- Ivo Timmermans Wed, 20 Sep 2000 20:26:35 +0200 tinc (1.0pre2-1) unstable; urgency=low * postinst creates a file /etc/tinc/nets.boot, containing all networks to be started upon system startup; * init.d script starts all networks from that list. - * postinst script creates tap devices + * postinst script creates tap devices. -- Ivo Timmermans Tue, 16 May 2000 00:06:25 +0200 tinc (1.0pre1-0.4) unstable; urgency=low - * postinst script + * postinst script. -- Ivo Timmermans Mon, 15 May 2000 19:22:05 +0200 tinc (1.0pre1-0.3) unstable; urgency=low - * system startup script + * system startup script. -- Ivo Timmermans Sun, 14 May 2000 22:58:02 +0200 tinc (1.0pre1-0.2) unstable; urgency=low - * Included the blowfish license + * Included the blowfish license. -- Ivo Timmermans Fri, 21 Apr 2000 17:07:50 +0200 From 9f64499e40a95a8c05c82924219517aa017fc411 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 20 Oct 2000 15:34:38 +0000 Subject: [PATCH 123/923] - tinc now really does public/private key encryption! It even works, whee! --- src/connlist.c | 6 ++-- src/connlist.h | 4 +-- src/genauth.c | 3 +- src/net.c | 32 ++++++++++++++++++-- src/protocol.c | 81 +++++++++++++++++++++++++++++++++++++++----------- src/protocol.h | 9 +----- 6 files changed, 101 insertions(+), 34 deletions(-) diff --git a/src/connlist.c b/src/connlist.c index 38c7c8b3..9da2d6d1 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.6 2000/10/16 19:04:46 guus Exp $ + $Id: connlist.c,v 1.1.2.7 2000/10/20 15:34:34 guus Exp $ */ #include @@ -57,8 +57,8 @@ cp free(p->name); if(p->hostname) free(p->hostname); - if(p->public_key) - RSA_free(p->public_key); + if(p->rsa_key) + RSA_free(p->rsa_key); if(p->cipher_pktkey) free(p->cipher_pktkey); if(p->buffer) diff --git a/src/connlist.h b/src/connlist.h index 96a19474..0c81e06e 100644 --- a/src/connlist.h +++ b/src/connlist.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.h,v 1.1.2.3 2000/10/14 17:04:13 guus Exp $ + $Id: connlist.h,v 1.1.2.4 2000/10/20 15:34:34 guus Exp $ */ #ifndef __TINC_CONNLIST_H__ @@ -44,7 +44,7 @@ typedef struct conn_list_t { packet_queue_t *sq; /* pending outgoing packets */ packet_queue_t *rq; /* pending incoming packets (they have no valid key to be decrypted with) */ - RSA *public_key; /* the other party's public key */ + RSA *rsa_key; /* the public/private key */ EVP_CIPHER_CTX *cipher_inctx; /* Context of encrypted meta data that will come from him to us */ EVP_CIPHER_CTX *cipher_outctx; /* Context of encrypted meta data that will be sent from us to him */ diff --git a/src/genauth.c b/src/genauth.c index ad910b1e..78c567d0 100644 --- a/src/genauth.c +++ b/src/genauth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: genauth.c,v 1.7.4.3 2000/10/19 14:42:00 guus Exp $ + $Id: genauth.c,v 1.7.4.4 2000/10/20 15:34:35 guus Exp $ */ #include "config.h" @@ -105,6 +105,7 @@ int main(int argc, char **argv) printf(_("Public key: %s\n"), BN_bn2hex(key->n)); printf(_("Private key: %s\n"), BN_bn2hex(key->d)); + printf(_("Public exp: %s\n"), BN_bn2hex(key->e)); fflush(stdin); /* Flush any input caused by random keypresses */ diff --git a/src/net.c b/src/net.c index 00254e05..81318e3e 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.40 2000/10/16 19:04:46 guus Exp $ + $Id: net.c,v 1.35.4.41 2000/10/20 15:34:35 guus Exp $ */ #include "config.h" @@ -637,13 +637,41 @@ cp syslog(LOG_ERR, _("Invalid name for myself!")); return -1; } +cp + if(!(cfg = get_config_val(config, privatekey))) + { + syslog(LOG_ERR, _("Private key for tinc daemon required!")); + return -1; + } + else + { + myself->rsa_key = RSA_new(); + BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr); + BN_hex2bn(&myself->rsa_key->e, "FFFF"); + } if(read_host_config(myself)) { syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); return -1; } - +cp + if(!(cfg = get_config_val(myself->config, publickey))) + { + syslog(LOG_ERR, _("Public key for tinc daemon required!")); + return -1; + } + else + { + BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr); + } +/* + if(RSA_check_key(myself->rsa_key) != 1) + { + syslog(LOG_ERR, _("Invalid public/private keypair!")); + return -1; + } +*/ if(!(cfg = get_config_val(myself->config, port))) myself->port = 655; else diff --git a/src/protocol.c b/src/protocol.c index 20f66447..3c596398 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.42 2000/10/16 19:04:47 guus Exp $ + $Id: protocol.c,v 1.28.4.43 2000/10/20 15:34:37 guus Exp $ */ #include "config.h" @@ -163,6 +163,7 @@ cp int id_h(conn_list_t *cl) { conn_list_t *old; + config_t *cfg; cp if(sscanf(cl->buffer, "%*d %as %d %lx %hd", &cl->name, &cl->protocol_version, &cl->options, &cl->port) != 4) { @@ -188,19 +189,18 @@ cp } /* Load information about peer */ - +cp if(read_host_config(cl)) { syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), cl->hostname, cl->name); return -1; } - /* First check if the host we connected to is already in our connection list. If so, we are probably making a loop, which is not desirable. */ - +cp if(cl->status.outgoing) { if((old = lookup_id(cl->name))) @@ -213,38 +213,71 @@ cp return 0; } } +cp + if(!(cfg = get_config_val(cl->config, publickey))) + { + syslog(LOG_ERR, _("No public key known for %s (%s)"), cl->name, cl->hostname); + return -1; + } + else + { +cp + cl->rsa_key = RSA_new(); + BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr); + BN_hex2bn(&cl->rsa_key->e, "FFFF"); + } + cp return send_challenge(cl); } int send_challenge(conn_list_t *cl) { - char buffer[CHAL_LENGTH*2+1]; + char *buffer; + int len, x; cp + len = RSA_size(cl->rsa_key); + /* Allocate buffers for the challenge */ - if(!cl->hischallenge) - cl->hischallenge = xmalloc(CHAL_LENGTH); + buffer = xmalloc(len*2+1); + + if(cl->hischallenge) + free(cl->hischallenge); + + cl->hischallenge = xmalloc(len); cp /* Copy random data to the buffer */ - RAND_bytes(cl->hischallenge, CHAL_LENGTH); -cp - /* Convert the random data to a hexadecimal formatted string */ + RAND_bytes(cl->hischallenge, len); - bin2hex(cl->hischallenge, buffer, CHAL_LENGTH); - buffer[CHAL_LENGTH*2] = '\0'; + /* Encrypt the random data */ + + if(RSA_public_encrypt(len, cl->hischallenge, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */ + { + syslog(LOG_ERR, _("Error during encryption of challenge for %s (%s)"), cl->name, cl->hostname); + free(buffer); + return -1; + } +cp + /* Convert the encrypted random data to a hexadecimal formatted string */ + + bin2hex(buffer, buffer, len); + buffer[len*2] = '\0'; /* Send the challenge */ cl->allow_request = CHAL_REPLY; + x = send_request(cl, "%d %s", CHALLENGE, buffer); + free(buffer); cp - return send_request(cl, "%d %s", CHALLENGE, buffer); + return x; } int challenge_h(conn_list_t *cl) { char *buffer; + int len; cp if(sscanf(cl->buffer, "%*d %as", &buffer) != 1) { @@ -252,9 +285,11 @@ cp return -1; } + len = RSA_size(myself->rsa_key); + /* Check if the length of the challenge is all right */ - if(strlen(buffer) != CHAL_LENGTH*2) + if(strlen(buffer) != len*2) { syslog(LOG_ERR, _("Intruder: wrong challenge length from %s (%s)"), cl->name, cl->hostname); free(buffer); @@ -264,11 +299,21 @@ cp /* Allocate buffers for the challenge */ if(!cl->mychallenge) - cl->mychallenge = xmalloc(CHAL_LENGTH); + cl->mychallenge = xmalloc(len); /* Convert the challenge from hexadecimal back to binary */ - hex2bin(buffer,cl->mychallenge,CHAL_LENGTH); + hex2bin(buffer,buffer,len); + + /* Decrypt the challenge */ + + if(RSA_private_decrypt(len, buffer, cl->mychallenge, myself->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ + { + syslog(LOG_ERR, _("Error during encryption of challenge for %s (%s)"), cl->name, cl->hostname); + free(buffer); + return -1; + } + free(buffer); /* Rest is done by send_chal_reply() */ @@ -288,7 +333,7 @@ cp /* Calculate the hash from the challenge we received */ - SHA1(cl->mychallenge, CHAL_LENGTH, hash); + SHA1(cl->mychallenge, RSA_size(myself->rsa_key), hash); /* Convert the hash to a hexadecimal formatted string */ @@ -333,7 +378,7 @@ cp /* Calculate the hash from the challenge we sent */ - SHA1(cl->hischallenge, CHAL_LENGTH, myhash); + SHA1(cl->hischallenge, RSA_size(cl->rsa_key), myhash); /* Verify the incoming hash with the calculated hash */ diff --git a/src/protocol.h b/src/protocol.h index 27372587..c3147a76 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.11 2000/10/15 00:59:36 guus Exp $ + $Id: protocol.h,v 1.5.4.12 2000/10/20 15:34:38 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -32,13 +32,6 @@ #define PROT_CURRENT 8 -/* Length of the challenge. Since the challenge will also - contain the key for the symmetric cipher, it must be - quite large. - */ - -#define CHAL_LENGTH 1024 /* Okay, this is probably waaaaaaaaaaay too large */ - /* Request numbers */ enum { From fba19c30c92d39e74f5fd5594053793b036f30f4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 20 Oct 2000 16:49:20 +0000 Subject: [PATCH 124/923] - Made Makefile.am stub for doc/es/ - Merged genauth into tincd - Updated dutch translation --- doc/es/Makefile.am | 3 + lib/list.c | 146 +++++++++++++++++ lib/list.h | 44 +++++ po/POTFILES.in | 1 - po/es.po | 386 ++++++++++++++++++++++++-------------------- po/nl.po | 391 +++++++++++++++++++++++++-------------------- src/Makefile.am | 5 +- src/genauth.c | 113 ------------- src/tincd.c | 99 ++++++++++-- 9 files changed, 711 insertions(+), 477 deletions(-) create mode 100644 doc/es/Makefile.am create mode 100644 lib/list.c create mode 100644 lib/list.h delete mode 100644 src/genauth.c diff --git a/doc/es/Makefile.am b/doc/es/Makefile.am new file mode 100644 index 00000000..756d6707 --- /dev/null +++ b/doc/es/Makefile.am @@ -0,0 +1,3 @@ +## Process this file with automake to get Makefile.in + +# Nothing to see here, go away! diff --git a/lib/list.c b/lib/list.c new file mode 100644 index 00000000..5358f198 --- /dev/null +++ b/lib/list.c @@ -0,0 +1,146 @@ +/* + list.c -- functions to deal with double linked lists + Copyright (C) 2000 Ivo Timmermans + 2000 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: list.c,v 1.1 2000/10/20 16:44:32 zarq Exp $ +*/ + +#include "config.h" + +#include + +#include +#include +#include + +#include + +/* + list_new + + Initialize a new list. +*/ +list_t *list_new(void) +{ + list_t *list; + + list = xmalloc_and_zero(sizeof(list_t)); + return list; +} + +/* + list_delete + + Delete the element pointed to by idx from the list. +*/ +list_node_t *list_delete(list_t *list, list_node_t *idx) +{ + list_node_t *res; + + if(!list) + return NULL; + if(!idx) + return NULL; + + if(list->callbacks->delete != NULL) + if(list->callbacks->delete(idx->data)) + error(ERR_WARNING, N_("List callback[delete] failed for %08lx - freeing anyway"), idx->data); + + free(idx->data); + + if(idx->prev == NULL) + /* First element in list */ + { + res = idx->next; + list->head = idx->next; + } + if(idx->next == NULL) + /* Last element in list */ + { + res = NULL; + list->tail = idx->prev; + } + if(idx->prev != NULL && idx->next != NULL) + /* Neither first nor last element */ + { + idx->prev->next = idx->next; + idx->next->prev = idx->prev; + } + if(list->head == NULL) + list->tail = NULL; + else + if(list->tail == NULL) + list->head = NULL; + free(idx); + return res; +} + +/* + list_forall_nodes + + Call function() on each element in the list. If this function + returns non-zero, the element will be removed from the list. +*/ +void list_forall_nodes(list_t *list, int (*function)(void *data)) +{ + list_node_t *p; + int res; + + if(!list) /* no list given */ + return; + if(!function) /* no function given */ + return; + if(!list->head) /* list is empty */ + return; + for(p = list->head; p != NULL; p = p->next) + { + res = function(p->data); + if(res != 0) + p = list_delete(list, p); + } +} + +/* + list_destroy + + Free all datastructures contained in this list. It uses the delete + callback for this list to free each element. +*/ +void list_destroy(list_t *list) +{ + if(!list) + return; + list_destroy_nodes(list); + free(list); +} + +/* + list_append + + Append a new node to the list that points to data. +*/ +list_append(list_t *list, void *data) +{ + list_node_t *n; + + n = xmalloc_and_zero(sizeof(list_node_t)); + n->data = data; + n->prev = list->tail; + list->tail->next = n; + list->tail = n; +} diff --git a/lib/list.h b/lib/list.h new file mode 100644 index 00000000..91628332 --- /dev/null +++ b/lib/list.h @@ -0,0 +1,44 @@ +/* + list.h -- header file for list.c + Copyright (C) 2000 Ivo Timmermans + 2000 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: list.h,v 1.1 2000/10/20 16:44:32 zarq Exp $ +*/ + +#ifndef __TINC_LIST_H__ +#define __TINC_LIST_H__ + +typedef struct list_callbacks_t { + int (*delete) (void *); +} list_callbacks_t; + +typedef struct list_node_t { + void *data; + struct list_node_t *prev; + struct list_node_t *next; +} list_node_t; + +typedef struct list_t { + list_node_t *head; + list_node_t *tail; + list_callbacks_t *callbacks; +} list_t; + + + +#endif /* __TINC_LIST_H__ */ diff --git a/po/POTFILES.in b/po/POTFILES.in index df8b507c..5e6af898 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -6,7 +6,6 @@ lib/pidfile.c lib/utils.c src/conf.c -src/genauth.c src/meta.c src/net.c src/netutl.c diff --git a/po/es.po b/po/es.po index 6076a85d..59404383 100644 --- a/po/es.po +++ b/po/es.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre2\n" -"POT-Creation-Date: 2000-10-15 02:53+0200\n" +"POT-Creation-Date: 2000-10-20 18:35+0200\n" "PO-Revision-Date: 2000-07-02 12:49+01:00\n" "Last-Translator: Enrique Zanardi \n" "Language-Team: Spanish \n" @@ -33,37 +33,6 @@ msgstr "" msgid "Invalid value for variable on line %d while reading config file %s" msgstr "" -#: src/genauth.c:78 -#, c-format -msgid "Usage: %s bits\n" -msgstr "Uso: %s bits\n" - -#: src/genauth.c:89 -#, c-format -msgid "Illegal number: %s\n" -msgstr "Número ilegal: %s\n" - -#. Align to bytes for easy mallocing and reading -#: src/genauth.c:95 -#, fuzzy, c-format -msgid "Generating %d bits keys:\n" -msgstr "Generando claves de %d bits." - -#: src/genauth.c:99 -#, fuzzy -msgid "Done.\n" -msgstr ": hecho.\n" - -#: src/genauth.c:101 -#, c-format -msgid "Public key:\t%s\n" -msgstr "" - -#: src/genauth.c:102 -#, c-format -msgid "Private key:\t%s\n" -msgstr "" - #: src/meta.c:42 #, fuzzy, c-format msgid "Sending %d bytes of metadata to %s (%s): %s" @@ -74,7 +43,7 @@ msgstr "Enviados %d bytes a %lx" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Error enviando datos: %m" -#: src/meta.c:85 src/net.c:773 +#: src/meta.c:85 src/net.c:847 #, fuzzy, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Esto es un `bug': %s:%d: %d:%m" @@ -104,278 +73,300 @@ msgstr "Petici msgid "Metadata read buffer overflow for %s (%s)" msgstr "Desbordamiento del búfer de lectura de metadatos" -#: src/net.c:106 +#: src/net.c:107 #, fuzzy, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Enviados %d bytes a %lx" -#: src/net.c:115 +#: src/net.c:116 #, fuzzy, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Error enviando datos: %m" -#: src/net.c:129 +#: src/net.c:130 #, fuzzy, c-format msgid "Receiving packet of %d bytes" msgstr "Recibiendo clave de " -#: src/net.c:142 +#: src/net.c:143 #, c-format msgid "Can't write to tap device: %m" msgstr "No puedo escribir en el dispositivo tap: %m" -#: src/net.c:242 +#: src/net.c:243 #, fuzzy msgid "Queue flushed" msgstr "cola vaciada" -#: src/net.c:257 +#: src/net.c:258 #, fuzzy, c-format msgid "Flushing send queue for %s (%s)" msgstr "Vaciando la cola de envíos para " -#: src/net.c:265 +#: src/net.c:266 #, fuzzy, c-format msgid "Flushing receive queue for %s (%s)" msgstr "Vaciando la cola de recepción para " -#: src/net.c:283 +#: src/net.c:284 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "" -#: src/net.c:297 +#: src/net.c:298 #, fuzzy, c-format msgid "Could not open UDP connection to %s (%s)" msgstr "No pude abrir %s: %s\n" -#: src/net.c:305 +#: src/net.c:306 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" -#: src/net.c:316 +#: src/net.c:317 #, c-format msgid "%s (%s) is not ready, queueing packet" msgstr "" -#: src/net.c:344 +#: src/net.c:352 #, c-format msgid "Could not open %s: %m" msgstr "No pude abrir %s: %m" -#: src/net.c:360 +#: src/net.c:370 #, c-format msgid "%s is a new style tun/tap device" msgstr "" -#: src/net.c:362 +#: src/net.c:373 msgid "tun/tap device will be left unconfigured" msgstr "" -#: src/net.c:384 +#: src/net.c:396 #, c-format msgid "Creating metasocket failed: %m" msgstr "Fallo al crear el metasocket: %m" -#: src/net.c:390 src/net.c:396 src/net.c:458 +#: src/net.c:402 src/net.c:408 src/net.c:470 #, c-format msgid "setsockopt: %m" msgstr "setsockopt(): %m" -#: src/net.c:403 src/net.c:465 +#: src/net.c:415 src/net.c:477 #, c-format msgid "fcntl: %m" msgstr "fcntl(): %m" -#: src/net.c:411 +#: src/net.c:423 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "" -#: src/net.c:427 +#: src/net.c:439 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Ha fallado la llamada a bind() con el puerto %hd/tcp: %m" -#: src/net.c:433 +#: src/net.c:445 #, c-format msgid "listen: %m" msgstr "listen(): %m" -#: src/net.c:452 +#: src/net.c:464 #, c-format msgid "Creating socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:476 +#: src/net.c:488 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Ha fallado la llamada a bind() con el puerto %hd/udp: %m" -#: src/net.c:493 +#: src/net.c:505 #, fuzzy, c-format msgid "Trying to connect to %s" msgstr "Cerrando conexión con %s." -#: src/net.c:503 +#: src/net.c:515 #, fuzzy, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:514 +#: src/net.c:526 #, c-format msgid "%s port %hd: %m" msgstr "" -#: src/net.c:521 +#: src/net.c:533 #, c-format msgid "fcntl for %s port %d: %m" msgstr "" -#: src/net.c:527 +#: src/net.c:539 #, fuzzy, c-format msgid "Connected to %s port %hd" msgstr "Conectado a %s:%hd" -#: src/net.c:547 +#: src/net.c:562 +msgid "Invalid name for outgoing connection" +msgstr "" + +#: src/net.c:571 +#, c-format +msgid "Error reading host configuration file for %s" +msgstr "" + +#: src/net.c:578 +#, c-format +msgid "No address specified for %s" +msgstr "" + +#: src/net.c:585 #, fuzzy, c-format msgid "Error looking up `%s': %m" msgstr "Error buscando `%s': %s\n" -#: src/net.c:557 +#: src/net.c:595 #, fuzzy, c-format msgid "Could not set up a meta connection to %s" msgstr "No he podido configurar una meta conexión." -#: src/net.c:586 +#: src/net.c:629 msgid "Name for tinc daemon required!" msgstr "" -#: src/net.c:594 +#: src/net.c:637 msgid "Invalid name for myself!" msgstr "" -#: src/net.c:600 +#: src/net.c:643 +msgid "Private key for tinc daemon required!" +msgstr "" + +#: src/net.c:655 msgid "Cannot open host configuration file for myself!" msgstr "" -#: src/net.c:619 +#: src/net.c:661 +msgid "Public key for tinc daemon required!" +msgstr "" + +#: src/net.c:690 #, fuzzy msgid "Unable to set up a listening socket!" msgstr "No puedo configurar un `socket' a la escucha" -#: src/net.c:625 +#: src/net.c:696 #, fuzzy msgid "Unable to set up an incoming vpn data socket!" msgstr "No puedo configurar un `socket' para recibir datos de la vpn" -#: src/net.c:632 +#: src/net.c:703 #, fuzzy, c-format msgid "Ready: listening on port %hd" msgstr "Listo: escuchando en el puerto %d." -#: src/net.c:660 +#: src/net.c:734 #, fuzzy, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Siguo sin poder conectar con el otro. Lo reintentaré en %d segundos." -#: src/net.c:698 +#: src/net.c:772 #, fuzzy, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:736 +#: src/net.c:810 #, fuzzy msgid "Terminating" msgstr "Terminando." -#: src/net.c:750 +#: src/net.c:824 #, fuzzy, c-format msgid "Opening UDP socket to %s" msgstr "Abriendo `socket' UDP a " -#: src/net.c:755 +#: src/net.c:829 #, fuzzy, c-format msgid "Creating UDP socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:765 +#: src/net.c:839 #, fuzzy, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Error al crear `socket' de datos: %m" -#: src/net.c:798 +#: src/net.c:872 #, c-format msgid "Error: getpeername: %m" msgstr "Error: getpeername(): %m" -#: src/net.c:813 +#: src/net.c:887 #, fuzzy, c-format msgid "Connection from %s port %d" msgstr "Conexión desde %s:%d" -#: src/net.c:861 +#: src/net.c:931 #, fuzzy, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Esto es un `bug': %s:%d: %d:%m" -#: src/net.c:867 +#: src/net.c:937 #, fuzzy, c-format msgid "Incoming data socket error: %s" msgstr "Error en el `socket' de recepción de datos: %s" -#: src/net.c:873 +#: src/net.c:943 #, fuzzy, c-format msgid "Receiving packet failed: %m" msgstr "Error recibiendo datos: %m" -#: src/net.c:894 +#: src/net.c:964 #, fuzzy, c-format msgid "Closing connection with %s (%s)" msgstr "Cerrando conexión con %s." -#: src/net.c:937 +#: src/net.c:1007 #, fuzzy msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:967 +#: src/net.c:1037 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "" -#: src/net.c:998 +#: src/net.c:1068 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Error al aceptar una nueva conexión: %m" -#: src/net.c:1006 +#: src/net.c:1076 #, fuzzy msgid "Closed attempted connection" msgstr "Se ha cerrado la conexión que se intentaba realizar." -#: src/net.c:1041 +#: src/net.c:1111 #, fuzzy, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Error en el `socket' de datos salientes: %s" -#: src/net.c:1077 +#: src/net.c:1150 src/net.c:1159 #, c-format msgid "Error while reading from tapdevice: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1087 +#: src/net.c:1171 #, fuzzy, c-format msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" msgstr "Trama ethernet no-IP %04x de " -#: src/net.c:1094 +#: src/net.c:1178 #, c-format msgid "Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x" msgstr "" -#: src/net.c:1133 +#: src/net.c:1213 #, c-format msgid "Error while waiting for input: %m" msgstr "Error esperando entrada: %m" @@ -415,275 +406,285 @@ msgstr "Error al procesar la petici msgid "Bogus data received from %s (%s)" msgstr "Se han recibido datos sin sentido." -#: src/protocol.c:167 +#: src/protocol.c:170 #, fuzzy, c-format msgid "Got bad ID from %s" msgstr "recibí una petición BASIC_INFO incorrecta: %s" -#: src/protocol.c:175 +#: src/protocol.c:178 #, fuzzy, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "" "La máquina remota usa una versión incompatible del protocolo (versión %d)." -#: src/protocol.c:184 +#: src/protocol.c:187 #, c-format msgid "Peer %s uses invalid identity name" msgstr "" -#: src/protocol.c:192 +#: src/protocol.c:195 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "" -#: src/protocol.c:207 +#: src/protocol.c:209 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "" -#: src/protocol.c:253 +#: src/protocol.c:219 +#, c-format +msgid "No public key known for %s (%s)" +msgstr "" + +#: src/protocol.c:258 src/protocol.c:312 +#, c-format +msgid "Error during encryption of challenge for %s (%s)" +msgstr "" + +#: src/protocol.c:284 #, fuzzy, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "recibí KEY_CHANGED de " -#: src/protocol.c:261 +#: src/protocol.c:294 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "" -#: src/protocol.c:287 +#: src/protocol.c:330 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "" -#: src/protocol.c:318 +#: src/protocol.c:361 #, fuzzy, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "recibí una petición ANS_KEY incorrecta: %s" -#: src/protocol.c:327 +#: src/protocol.c:370 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "" -#: src/protocol.c:344 +#: src/protocol.c:387 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "" -#: src/protocol.c:386 +#: src/protocol.c:425 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" -#: src/protocol.c:398 +#: src/protocol.c:437 #, fuzzy, c-format msgid "Connection with %s (%s) activated" msgstr "Activada la conexión con %s." -#: src/protocol.c:438 +#: src/protocol.c:477 #, fuzzy, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:447 +#: src/protocol.c:486 #, fuzzy, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:456 +#: src/protocol.c:495 #, fuzzy, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:467 +#: src/protocol.c:506 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:478 +#: src/protocol.c:517 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" -#: src/protocol.c:506 +#: src/protocol.c:545 #, fuzzy, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:515 +#: src/protocol.c:554 #, fuzzy, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:524 +#: src/protocol.c:563 #, fuzzy, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:535 +#: src/protocol.c:574 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:546 +#: src/protocol.c:585 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" -#: src/protocol.c:577 +#: src/protocol.c:616 #, fuzzy, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:585 +#: src/protocol.c:624 #, fuzzy, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:594 +#: src/protocol.c:633 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:604 +#: src/protocol.c:643 #, c-format msgid "Warning: got ADD_HOST from %s (%s) from ourself, restarting" msgstr "" -#: src/protocol.c:614 +#: src/protocol.c:653 #, c-format msgid "" "Got ADD_HOST from %s (%s) with origin %s which is not in our connection list" msgstr "" -#: src/protocol.c:633 +#: src/protocol.c:672 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "" -#: src/protocol.c:640 +#: src/protocol.c:679 #, c-format msgid "Removing old entry for %s (%s)" msgstr "" -#: src/protocol.c:683 +#: src/protocol.c:722 #, fuzzy, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:692 +#: src/protocol.c:731 #, fuzzy, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:701 +#: src/protocol.c:740 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:712 +#: src/protocol.c:751 #, c-format msgid "Warning: got DEL_HOST from %s (%s) from ourself, restarting" msgstr "" -#: src/protocol.c:722 +#: src/protocol.c:761 #, c-format msgid "" "Got DEL_HOST from %s (%s) with origin %s which is not in our connection list" msgstr "" -#: src/protocol.c:734 +#: src/protocol.c:773 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" -#: src/protocol.c:744 +#: src/protocol.c:783 #, fuzzy, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:776 +#: src/protocol.c:815 #, fuzzy, c-format msgid "Got bad STATUS from %s (%s)" msgstr "recibí una petición ANS_KEY incorrecta: %s" -#: src/protocol.c:783 +#: src/protocol.c:822 #, fuzzy, c-format msgid "Status message from %s (%s): %s: %s" msgstr "He recibido una petición: %s" -#: src/protocol.c:807 +#: src/protocol.c:846 #, fuzzy, c-format msgid "Got bad ERROR from %s (%s)" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:814 +#: src/protocol.c:853 #, fuzzy, c-format msgid "Error message from %s (%s): %s: %s" msgstr "He recibido una petición: %s" -#: src/protocol.c:892 +#: src/protocol.c:931 #, fuzzy, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "recibí KEY_CHANGED de " -#: src/protocol.c:899 +#: src/protocol.c:938 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " "connection list" msgstr "" -#: src/protocol.c:929 +#: src/protocol.c:968 #, fuzzy, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "recibí REQ_KEY de " -#: src/protocol.c:936 +#: src/protocol.c:975 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " "list" msgstr "" -#: src/protocol.c:952 +#: src/protocol.c:991 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " "connection list" msgstr "" -#: src/protocol.c:980 +#: src/protocol.c:1019 #, fuzzy, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "recibí una petición ANS_KEY incorrecta: %s" -#: src/protocol.c:987 +#: src/protocol.c:1026 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " "list" msgstr "" -#: src/protocol.c:1003 +#: src/protocol.c:1042 #, fuzzy, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key" msgstr "recibí una petición ANS_KEY incorrecta: %s" -#: src/protocol.c:1016 +#: src/protocol.c:1055 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " "connection list" msgstr "" -#: src/tincd.c:94 +#: src/tincd.c:99 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Pruebe `%s --help' para más información.\n" -#: src/tincd.c:97 +#: src/tincd.c:102 #, c-format msgid "" "Usage: %s [option]...\n" @@ -692,7 +693,7 @@ msgstr "" "Modo de empleo: %s [opción]...\n" "\n" -#: src/tincd.c:98 +#: src/tincd.c:103 #, fuzzy msgid "" " -c, --config=DIR Read configuration options from DIR.\n" @@ -700,7 +701,6 @@ msgid "" " -d Increase debug level.\n" " -k, --kill Attempt to kill a running tincd and exit.\n" " -n, --net=NETNAME Connect to net NETNAME.\n" -" -t, --timeout=TIMEOUT Seconds to wait before giving a timeout.\n" msgstr "" " -c, --config=FICHERO Lee opciones de configuración del FICHERO.\n" " -D, --no-detach No hagas fork() y liberes la terminal.\n" @@ -710,8 +710,10 @@ msgstr "" " -t, --timeout=TIEMPO Segundos a esperar antes de cancelar una " "trasmisión.\n" -#: src/tincd.c:104 +#: src/tincd.c:108 +#, fuzzy msgid "" +" -K, --keygen[=BITS] Generate public/private RSA keypair.\n" " --help Display this help and exit.\n" " --version Output version information and exit.\n" "\n" @@ -720,72 +722,99 @@ msgstr "" " --version Muestra información de la versión y termina.\n" "\n" -#: src/tincd.c:106 +#: src/tincd.c:111 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "Comunicar `bugs' a tinc@nl.linux.org.\n" -#: src/tincd.c:144 -#, c-format -msgid "Invalid timeout value `%s'.\n" -msgstr "Valor de `timeout' no válido `%s'.\n" +#: src/tincd.c:152 +msgid "Invalid argument! BITS must be a number equal to or greater than 512.\n" +msgstr "" -#: src/tincd.c:158 +#: src/tincd.c:207 +msgid "" +"Seeding the PRNG: please press some keys or move\n" +"the mouse if this program seems to have halted...\n" +msgstr "" + +#. OpenSSL PRNG state apparently uses 1024 bytes, but it seems pretty sufficient anyway :) +#: src/tincd.c:210 +#, fuzzy, c-format +msgid "Generating %d bits keys:\n" +msgstr "Generando claves de %d bits." + +#: src/tincd.c:214 +msgid "Error during key generation!" +msgstr "" + +#: src/tincd.c:218 +#, fuzzy +msgid "Done.\n" +msgstr ": hecho.\n" + +#: src/tincd.c:220 +msgid "" +"Please copy the private key to tinc.conf and the\n" +"public key to your host configuration file:\n" +"\n" +msgstr "" + +#: src/tincd.c:230 #, fuzzy, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Memoria agotada (la última es %s:%d) (no pude asignar %d bytes); terminando." -#: src/tincd.c:213 +#: src/tincd.c:285 #, fuzzy, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) comenzando, nivel de depuración %d." -#: src/tincd.c:216 +#: src/tincd.c:288 #, fuzzy, c-format msgid "tincd %s starting" msgstr "tincd %s comenzando, nivel de depuración %d." -#: src/tincd.c:231 +#: src/tincd.c:303 #, fuzzy, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Total de bytes escritos: tap %d, socket %d; bytes leidos: tap %d, socket %d." -#: src/tincd.c:249 +#: src/tincd.c:321 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "" "Un tincd está actualmente en ejecución para la red `%s' con el pid %d.\n" -#: src/tincd.c:252 +#: src/tincd.c:324 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Un tincd está actualmente en ejecución con el pid %d.\n" -#: src/tincd.c:273 +#: src/tincd.c:345 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "No hay ningún otro tincd en ejecución para la red `%s'.\n" -#: src/tincd.c:275 +#: src/tincd.c:347 msgid "No other tincd is running.\n" msgstr "No hay ningún otro tincd en ejecución.\n" -#: src/tincd.c:282 +#: src/tincd.c:354 msgid "Removing stale lock file.\n" msgstr "Borrando fichero de bloqueo en desuso.\n" #. Do some intl stuff right now -#: src/tincd.c:325 +#: src/tincd.c:397 msgid "unknown" msgstr "" -#: src/tincd.c:331 +#: src/tincd.c:403 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "" -#: src/tincd.c:332 +#: src/tincd.c:404 #, fuzzy msgid "" "Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" @@ -802,66 +831,75 @@ msgstr "" "y puede ser redistribuido bajo ciertas condiciones;\n" "vea el fichero COPYING para los detalles.\n" -#: src/tincd.c:346 +#: src/tincd.c:418 #, fuzzy msgid "You must be root to run this program. Sorry.\n" msgstr "" "Usted debe ser el superusuario para ejecutar este programa. Lo siento.\n" -#: src/tincd.c:377 +#: src/tincd.c:452 msgid "Unrecoverable error" msgstr "" -#: src/tincd.c:382 +#: src/tincd.c:457 #, c-format msgid "Restarting in %d seconds!" msgstr "" -#: src/tincd.c:387 src/tincd.c:433 +#: src/tincd.c:462 src/tincd.c:508 msgid "Aieee! Not restarting." msgstr "" -#: src/tincd.c:397 +#: src/tincd.c:472 msgid "Got TERM signal" msgstr "Recibí la señal TERM" -#: src/tincd.c:405 +#: src/tincd.c:480 msgid "Got QUIT signal" msgstr "Recibí la señal QUIT" -#: src/tincd.c:412 +#: src/tincd.c:487 msgid "Got another SEGV signal: not restarting" msgstr "Recibí otra señal SEGV: no reinicio" -#: src/tincd.c:419 +#: src/tincd.c:494 #, fuzzy msgid "Got SEGV signal" msgstr "Recibí la señal TERM" -#: src/tincd.c:424 +#: src/tincd.c:499 #, fuzzy msgid "Trying to re-execute in 5 seconds..." msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/tincd.c:442 +#: src/tincd.c:517 msgid "Got HUP signal, rereading configuration and restarting" msgstr "" -#: src/tincd.c:450 +#: src/tincd.c:525 #, fuzzy msgid "Got INT signal, exiting" msgstr "Recibí la señal INT" -#: src/tincd.c:464 +#: src/tincd.c:539 #, fuzzy msgid "Got USR2 signal, forcing new key generation" msgstr "Forzando generación de una nueva clave" -#: src/tincd.c:473 +#: src/tincd.c:548 #, fuzzy, c-format msgid "Got unexpected signal %d (%s)" msgstr "Recibí una señal inesperada (%d)." +#~ msgid "Usage: %s bits\n" +#~ msgstr "Uso: %s bits\n" + +#~ msgid "Illegal number: %s\n" +#~ msgstr "Número ilegal: %s\n" + +#~ msgid "Invalid timeout value `%s'.\n" +#~ msgstr "Valor de `timeout' no válido `%s'.\n" + #~ msgid "Illegal passphrase in %s; size would be %d" #~ msgstr "Frase de paso ilegal en %s; el tamaño debe ser %d" diff --git a/po/nl.po b/po/nl.po index 44e097f3..82820328 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-10-15 02:53+0200\n" +"POT-Creation-Date: 2000-10-20 18:35+0200\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -39,36 +39,6 @@ msgstr "" "Ongeldige waarde voor variabele op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/genauth.c:78 -#, c-format -msgid "Usage: %s bits\n" -msgstr "Gebruik: %s bits\n" - -#: src/genauth.c:89 -#, c-format -msgid "Illegal number: %s\n" -msgstr "Ongeldig nummer: %s\n" - -#. Align to bytes for easy mallocing and reading -#: src/genauth.c:95 -#, c-format -msgid "Generating %d bits keys:\n" -msgstr "Bezig met genereren van een %d bits sleutel:\n" - -#: src/genauth.c:99 -msgid "Done.\n" -msgstr "Klaar.\n" - -#: src/genauth.c:101 -#, c-format -msgid "Public key: %s\n" -msgstr "Publieke sleutel: %s\n" - -#: src/genauth.c:102 -#, c-format -msgid "Private key: %s\n" -msgstr "Privé sleutel: %s\n" - #: src/meta.c:42 #, c-format msgid "Sending %d bytes of metadata to %s (%s): %s" @@ -79,7 +49,7 @@ msgstr "Verzending %d bytes metadata naar %s (%s): %s" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:85 src/net.c:773 +#: src/meta.c:85 src/net.c:847 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" @@ -109,274 +79,296 @@ msgstr "Kreeg verzoek van %s (%s): %s" msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overvol voor %s (%s)" -#: src/net.c:106 +#: src/net.c:107 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net.c:115 +#: src/net.c:116 #, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" -#: src/net.c:129 +#: src/net.c:130 #, c-format msgid "Receiving packet of %d bytes" msgstr "Ontvangst pakket van %d bytes" -#: src/net.c:142 +#: src/net.c:143 #, c-format msgid "Can't write to tap device: %m" msgstr "Kan niet naar tap apparaat schrijven: %m" -#: src/net.c:242 +#: src/net.c:243 msgid "Queue flushed" msgstr "Wachtrij leeggemaakt" -#: src/net.c:257 +#: src/net.c:258 #, c-format msgid "Flushing send queue for %s (%s)" msgstr "Legen van verzend-wachtrij voor %s (%s)" -#: src/net.c:265 +#: src/net.c:266 #, c-format msgid "Flushing receive queue for %s (%s)" msgstr "Legen van de ontvangst-wachtrij voor %s (%s)" -#: src/net.c:283 +#: src/net.c:284 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" -#: src/net.c:297 +#: src/net.c:298 #, c-format msgid "Could not open UDP connection to %s (%s)" msgstr "Kon geen UDP verbinding openen naar %s (%s)" -#: src/net.c:305 +#: src/net.c:306 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in de wachtrij " "gezet" -#: src/net.c:316 +#: src/net.c:317 #, c-format msgid "%s (%s) is not ready, queueing packet" msgstr "%s (%s) is niet gereed, pakket wordt in de wachtrij gezet" -#: src/net.c:344 +#: src/net.c:352 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" -#: src/net.c:360 +#: src/net.c:370 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s is een nieuwe stijl tun/tap apparaat" -#: src/net.c:362 +#: src/net.c:373 msgid "tun/tap device will be left unconfigured" msgstr "tun/tap apparaat wordt ongeconfigureerd gelaten" -#: src/net.c:384 +#: src/net.c:396 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:390 src/net.c:396 src/net.c:458 +#: src/net.c:402 src/net.c:408 src/net.c:470 #, c-format msgid "setsockopt: %m" msgstr "setsockopt: %m" -#: src/net.c:403 src/net.c:465 +#: src/net.c:415 src/net.c:477 #, c-format msgid "fcntl: %m" msgstr "fcntl: %m" -#: src/net.c:411 +#: src/net.c:423 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:427 +#: src/net.c:439 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:433 +#: src/net.c:445 #, c-format msgid "listen: %m" msgstr "listen: %m" -#: src/net.c:452 +#: src/net.c:464 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:476 +#: src/net.c:488 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:493 +#: src/net.c:505 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:503 +#: src/net.c:515 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:514 +#: src/net.c:526 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:521 +#: src/net.c:533 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:527 +#: src/net.c:539 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:547 +#: src/net.c:562 +msgid "Invalid name for outgoing connection" +msgstr "Ongelige naam voor uitgaande verbinding" + +#: src/net.c:571 +#, c-format +msgid "Error reading host configuration file for %s" +msgstr "Fout tijdens lezen host configuratie bestand voor %s" + +#: src/net.c:578 +#, c-format +msgid "No address specified for %s" +msgstr "Geen adres gespecificeerd voor %s" + +#: src/net.c:585 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:557 +#: src/net.c:595 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:586 +#: src/net.c:629 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:594 +#: src/net.c:637 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:600 +#: src/net.c:643 +msgid "Private key for tinc daemon required!" +msgstr "Privé sleutel voor tinc daemon verplicht!" + +#: src/net.c:655 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:619 +#: src/net.c:661 +msgid "Public key for tinc daemon required!" +msgstr "Publieke sleutel voor tinc daemon verplicht!" + +#: src/net.c:690 msgid "Unable to set up a listening socket!" msgstr "Kon geen luistersocket aanmaken!" -#: src/net.c:625 +#: src/net.c:696 msgid "Unable to set up an incoming vpn data socket!" msgstr "Kon geen socket maken voor inkomend vpn verkeer!" -#: src/net.c:632 +#: src/net.c:703 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:660 +#: src/net.c:734 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:698 +#: src/net.c:772 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:736 +#: src/net.c:810 msgid "Terminating" msgstr "Beëindigen" -#: src/net.c:750 +#: src/net.c:824 #, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:755 +#: src/net.c:829 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:765 +#: src/net.c:839 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:798 +#: src/net.c:872 #, c-format msgid "Error: getpeername: %m" msgstr "Fout: getpeername: %m" -#: src/net.c:813 +#: src/net.c:887 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:861 +#: src/net.c:931 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:867 +#: src/net.c:937 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:873 +#: src/net.c:943 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:894 +#: src/net.c:964 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:937 +#: src/net.c:1007 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:967 +#: src/net.c:1037 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:998 +#: src/net.c:1068 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1006 +#: src/net.c:1076 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1041 +#: src/net.c:1111 #, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" -#: src/net.c:1077 +#: src/net.c:1150 src/net.c:1159 #, c-format msgid "Error while reading from tapdevice: %m" msgstr "Fout tijdens lezen van tap-apparaatbestand tijdens lezen: %m" -#: src/net.c:1087 +#: src/net.c:1171 #, c-format msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" msgstr "Niet-IP ethernet pakket %04x van %02x:%02x:%02x:%02x:%02x:%02x" -#: src/net.c:1094 +#: src/net.c:1178 #, c-format msgid "Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x" msgstr "Te kort pakket van %02x:%02x:%02x:%02x:%02x:%02x genegeerd" -#: src/net.c:1133 +#: src/net.c:1213 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" @@ -416,148 +408,158 @@ msgstr "Fout tijdens afhandelen %s van %s (%s)" msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:167 +#: src/protocol.c:170 #, c-format msgid "Got bad ID from %s" msgstr "Kreeg ongeldige ID van %s" -#: src/protocol.c:175 +#: src/protocol.c:178 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:184 +#: src/protocol.c:187 #, c-format msgid "Peer %s uses invalid identity name" msgstr "Ander %s gebruikt een ongeldige identiteitsnaam" -#: src/protocol.c:192 +#: src/protocol.c:195 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft een onbekende identiteit (%s)" -#: src/protocol.c:207 +#: src/protocol.c:209 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "%s (%s) staat al in onze verbindingslijst" -#: src/protocol.c:253 +#: src/protocol.c:219 +#, c-format +msgid "No public key known for %s (%s)" +msgstr "Geen publieke sleutel bekend voor %s (%s)" + +#: src/protocol.c:258 src/protocol.c:312 +#, c-format +msgid "Error during encryption of challenge for %s (%s)" +msgstr "Fout tijdens versleuteling van uitdaging voor %s (%s)" + +#: src/protocol.c:284 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" -#: src/protocol.c:261 +#: src/protocol.c:294 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" -#: src/protocol.c:287 +#: src/protocol.c:330 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" -#: src/protocol.c:318 +#: src/protocol.c:361 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" -#: src/protocol.c:327 +#: src/protocol.c:370 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" -#: src/protocol.c:344 +#: src/protocol.c:387 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" -#: src/protocol.c:386 +#: src/protocol.c:425 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:398 +#: src/protocol.c:437 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:438 +#: src/protocol.c:477 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" -#: src/protocol.c:447 +#: src/protocol.c:486 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:456 +#: src/protocol.c:495 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" -#: src/protocol.c:467 +#: src/protocol.c:506 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:478 +#: src/protocol.c:517 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg DEL_SUBNET voor %d.%d.%d.%d van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:506 +#: src/protocol.c:545 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" -#: src/protocol.c:515 +#: src/protocol.c:554 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:524 +#: src/protocol.c:563 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:535 +#: src/protocol.c:574 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:546 +#: src/protocol.c:585 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg DEL_SUBNET voor %d.%d.%d.%d van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:577 +#: src/protocol.c:616 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:585 +#: src/protocol.c:624 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:594 +#: src/protocol.c:633 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:604 +#: src/protocol.c:643 #, c-format msgid "Warning: got ADD_HOST from %s (%s) from ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) van onszelf, herstart" -#: src/protocol.c:614 +#: src/protocol.c:653 #, c-format msgid "" "Got ADD_HOST from %s (%s) with origin %s which is not in our connection list" @@ -565,37 +567,37 @@ msgstr "" "Kreeg ADD_HOST van %s (%s) met herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:633 +#: src/protocol.c:672 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:640 +#: src/protocol.c:679 #, c-format msgid "Removing old entry for %s (%s)" msgstr "Verwijdering oude verbinding voor %s (%s)" -#: src/protocol.c:683 +#: src/protocol.c:722 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:692 +#: src/protocol.c:731 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:701 +#: src/protocol.c:740 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:712 +#: src/protocol.c:751 #, c-format msgid "Warning: got DEL_HOST from %s (%s) from ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) van onszelf, herstart" -#: src/protocol.c:722 +#: src/protocol.c:761 #, c-format msgid "" "Got DEL_HOST from %s (%s) with origin %s which is not in our connection list" @@ -603,43 +605,43 @@ msgstr "" "Kreeg DEL_HOST voor %s (%s) met herkomst %s die niet in onze " "verbindingslijst voorkomt" -#: src/protocol.c:734 +#: src/protocol.c:773 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:744 +#: src/protocol.c:783 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:776 +#: src/protocol.c:815 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:783 +#: src/protocol.c:822 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:807 +#: src/protocol.c:846 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:814 +#: src/protocol.c:853 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:892 +#: src/protocol.c:931 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:899 +#: src/protocol.c:938 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -648,12 +650,12 @@ msgstr "" "Kreeg KEY_CHANGED van %s (%s) met herkomst %s die niet in onze " "verbindingslijst voorkomt" -#: src/protocol.c:929 +#: src/protocol.c:968 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:936 +#: src/protocol.c:975 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -662,7 +664,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:952 +#: src/protocol.c:991 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -670,12 +672,12 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:980 +#: src/protocol.c:1019 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:987 +#: src/protocol.c:1026 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -684,12 +686,12 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) met herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1003 +#: src/protocol.c:1042 #, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key" msgstr "Kreeg ongeldige ANS_KEY van %s (%s) herkomst %s: ongeldige sleutel" -#: src/protocol.c:1016 +#: src/protocol.c:1055 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -697,12 +699,12 @@ msgid "" msgstr "" "Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/tincd.c:94 +#: src/tincd.c:99 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:97 +#: src/tincd.c:102 #, c-format msgid "" "Usage: %s [option]...\n" @@ -711,100 +713,132 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:98 +#: src/tincd.c:103 msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" " -d Increase debug level.\n" " -k, --kill Attempt to kill a running tincd and exit.\n" " -n, --net=NETNAME Connect to net NETNAME.\n" -" -t, --timeout=TIMEOUT Seconds to wait before giving a timeout.\n" msgstr "" " -c, --config=MAP Lees configuratie uit MAP.\n" " -D, --no-detach Start geen nieuw proces.\n" " -d Verhoog debugniveau.\n" " -k, --kill Poging tot doden van lopende tincd en beëindig.\n" " -n, --net=NETNAAM Verbind met net NETNAAM.\n" -" -t, --timeout=TIMEOUT Seconden wachten op timeout.\n" -#: src/tincd.c:104 +#: src/tincd.c:108 msgid "" +" -K, --keygen[=BITS] Generate public/private RSA keypair.\n" " --help Display this help and exit.\n" " --version Output version information and exit.\n" "\n" msgstr "" +" -K, --keygen[=BITS] Genereer publiek/privé RSA sleutelpaar.\n" " --help Geef deze hulp en beëindig.\n" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:106 +#: src/tincd.c:111 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:144 -#, c-format -msgid "Invalid timeout value `%s'.\n" -msgstr "Ongeldige timeout waarde `%s'.\n" +#: src/tincd.c:152 +msgid "Invalid argument! BITS must be a number equal to or greater than 512.\n" +msgstr "" +"Ongeldig argument! BITS moet een nummer zijn gelijk aan of groter dan 512.\n" -#: src/tincd.c:158 +#: src/tincd.c:207 +msgid "" +"Seeding the PRNG: please press some keys or move\n" +"the mouse if this program seems to have halted...\n" +msgstr "" +"Initialisatie van PRNG: druk op de toetsen of beweeg\n" +"de muis als het programma gestopt lijkt te zijn...\n" + +#. OpenSSL PRNG state apparently uses 1024 bytes, but it seems pretty sufficient anyway :) +#: src/tincd.c:210 +#, c-format +msgid "Generating %d bits keys:\n" +msgstr "Bezig met genereren van een %d bits sleutel:\n" + +#: src/tincd.c:214 +msgid "Error during key generation!" +msgstr "Fout tijdens genereren sleutel!" + +#: src/tincd.c:218 +msgid "Done.\n" +msgstr "Klaar.\n" + +#: src/tincd.c:220 +msgid "" +"Please copy the private key to tinc.conf and the\n" +"public key to your host configuration file:\n" +"\n" +msgstr "" +"Copiëer de privé sleutel naar tinc.conf en de\n" +"publieke sleutel naar het host configuratie bestand:\n" +"\n" + +#: src/tincd.c:230 #, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken), beëindigen." -#: src/tincd.c:213 +#: src/tincd.c:285 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) gestart, debugniveau %d" -#: src/tincd.c:216 +#: src/tincd.c:288 #, c-format msgid "tincd %s starting" msgstr "tincd %s gestart" -#: src/tincd.c:231 +#: src/tincd.c:303 #, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " "socket %d." -#: src/tincd.c:249 +#: src/tincd.c:321 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd voor net `%s' draait al met procesnummer %d.\n" -#: src/tincd.c:252 +#: src/tincd.c:324 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met procesnummer %d.\n" -#: src/tincd.c:273 +#: src/tincd.c:345 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd gevonden voor net `%s'.\n" -#: src/tincd.c:275 +#: src/tincd.c:347 msgid "No other tincd is running.\n" msgstr "Geen andere tincd gevonden.\n" -#: src/tincd.c:282 +#: src/tincd.c:354 msgid "Removing stale lock file.\n" msgstr "Ongebruikt vergrendelingsbestand verwijderd.\n" #. Do some intl stuff right now -#: src/tincd.c:325 +#: src/tincd.c:397 msgid "unknown" msgstr "onbekend" -#: src/tincd.c:331 +#: src/tincd.c:403 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:332 +#: src/tincd.c:404 msgid "" "Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -821,61 +855,70 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:346 +#: src/tincd.c:418 msgid "You must be root to run this program. Sorry.\n" msgstr "" "Je moet systeembeheerder zijn om dit programma te kunnen draaien. Sorry.\n" -#: src/tincd.c:377 +#: src/tincd.c:452 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:382 +#: src/tincd.c:457 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:387 src/tincd.c:433 +#: src/tincd.c:462 src/tincd.c:508 msgid "Aieee! Not restarting." msgstr "Waaah! Geen herstart." -#: src/tincd.c:397 +#: src/tincd.c:472 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/tincd.c:405 +#: src/tincd.c:480 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/tincd.c:412 +#: src/tincd.c:487 msgid "Got another SEGV signal: not restarting" msgstr "Kreeg nog een SEGV signaal: niet herstarten" -#: src/tincd.c:419 +#: src/tincd.c:494 msgid "Got SEGV signal" msgstr "Kreeg SEGV signaal" -#: src/tincd.c:424 +#: src/tincd.c:499 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstaren over 5 seconden..." -#: src/tincd.c:442 +#: src/tincd.c:517 msgid "Got HUP signal, rereading configuration and restarting" msgstr "Kreeg HUP signaal, herlezen configuratie en herstarten" -#: src/tincd.c:450 +#: src/tincd.c:525 msgid "Got INT signal, exiting" msgstr "Kreeg INT signaal, beëindigen" -#: src/tincd.c:464 +#: src/tincd.c:539 msgid "Got USR2 signal, forcing new key generation" msgstr "Kreeg USR2 signaal, nieuwe sleutels geforceerd" -#: src/tincd.c:473 +#: src/tincd.c:548 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" +#~ msgid "Usage: %s bits\n" +#~ msgstr "Gebruik: %s bits\n" + +#~ msgid "Illegal number: %s\n" +#~ msgstr "Ongeldig nummer: %s\n" + +#~ msgid "Invalid timeout value `%s'.\n" +#~ msgstr "Ongeldige timeout waarde `%s'.\n" + #~ msgid "Illegal passphrase in %s; size would be %d" #~ msgstr "Ongeldig wachtwoord in %s; grootte zou %d zijn" diff --git a/src/Makefile.am b/src/Makefile.am index 9755bae8..81e57974 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,9 +1,8 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.2 2000/10/11 10:35:15 guus Exp $ +# $Id: Makefile.am,v 1.4.4.3 2000/10/20 16:49:20 guus Exp $ -sbin_PROGRAMS = tincd genauth +sbin_PROGRAMS = tincd -genauth_SOURCES = genauth.c tincd_SOURCES = conf.c connlist.c meta.c net.c netutl.c protocol.c subnet.c tincd.c INCLUDES = -I$(top_builddir) -I$(top_srcdir)/cipher -I$(top_srcdir)/lib -I$(top_srcdir)/intl diff --git a/src/genauth.c b/src/genauth.c deleted file mode 100644 index 78c567d0..00000000 --- a/src/genauth.c +++ /dev/null @@ -1,113 +0,0 @@ -/* - genauth.c -- generate public/private keypairs - Copyright (C) 1998,1999,2000 Ivo Timmermans - 2000 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: genauth.c,v 1.7.4.4 2000/10/20 15:34:35 guus Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include - -#include - -#include "system.h" - -#define RSA_PUBLIC_EXPONENT 65535 - -void indicator(int a, int b, void *p) -{ - switch(a) - { - case 0: - fprintf(stderr, "."); - break; - case 1: - fprintf(stderr, "+"); - break; - case 2: - fprintf(stderr, "-"); - break; - case 3: - switch(b) - { - case 0: - fprintf(stderr, " p\n"); - break; - case 1: - fprintf(stderr, " q\n"); - break; - default: - fprintf(stderr, "?"); - } - break; - default: - fprintf(stderr, "?"); - } -} - -int main(int argc, char **argv) -{ - int bits; - RSA *key; - - setlocale (LC_ALL, ""); - bindtextdomain (PACKAGE, LOCALEDIR); - textdomain (PACKAGE); - - if(argc > 2 || (argc == 2 && (!strcmp(argv[1], "-h") || !strcmp(argv[1], "--help")))) - { - fprintf(stderr, _("Usage: %s bits\n"), argv[0]); - return 1; - } - - if(!argv[1]) - argv[1] = "1024"; - - bits = atol(argv[1]); - - if(bits<32) - { - fprintf(stderr, _("Illegal number: %s\n"), argv[1]); - return 1; - } - - bits = ((bits - 1) | 7) + 1; /* Align to bytes for easy mallocing and reading */ - - fprintf(stderr, _("Seeding the PRNG: please press some keys or move\nthe mouse if this program seems to have halted...\n")); - - RAND_load_file("/dev/random", 1024); /* OpenSSL PRNG state apparently uses 1024 bytes */ - - fprintf(stderr, _("Generating %d bits keys:\n"), bits); - - key = RSA_generate_key(bits, RSA_PUBLIC_EXPONENT, indicator, NULL); - - fprintf(stderr, _("Done.\n")); - - printf(_("Public key: %s\n"), BN_bn2hex(key->n)); - printf(_("Private key: %s\n"), BN_bn2hex(key->d)); - printf(_("Public exp: %s\n"), BN_bn2hex(key->e)); - - fflush(stdin); /* Flush any input caused by random keypresses */ - - return 0; -} diff --git a/src/tincd.c b/src/tincd.c index 0536d96f..f0072522 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.12 2000/10/15 00:59:37 guus Exp $ + $Id: tincd.c,v 1.10.4.13 2000/10/20 16:49:20 guus Exp $ */ #include "config.h" @@ -31,6 +31,8 @@ #include #include #include +#include +#include #ifdef HAVE_SYS_IOCTL_H # include @@ -63,6 +65,9 @@ static int kill_tincd = 0; /* If zero, don't detach from the terminal. */ static int do_detach = 1; +/* If nonzero, generate public/private keypair for this host/net. */ +static int generate_keys = 0; + char *identname; /* program name for syslog */ char *pidfilename; /* pid file location */ static pid_t ppid; /* pid of non-detached part */ @@ -80,10 +85,10 @@ static struct option const long_options[] = { { "kill", no_argument, NULL, 'k' }, { "net", required_argument, NULL, 'n' }, - { "timeout", required_argument, NULL, 'p' }, { "help", no_argument, &show_help, 1 }, { "version", no_argument, &show_version, 1 }, { "no-detach", no_argument, &do_detach, 0 }, + { "keygen", optional_argument, NULL, 'K'}, { NULL, 0, NULL, 0 } }; @@ -99,9 +104,9 @@ usage(int status) " -D, --no-detach Don't fork and detach.\n" " -d Increase debug level.\n" " -k, --kill Attempt to kill a running tincd and exit.\n" - " -n, --net=NETNAME Connect to net NETNAME.\n" - " -t, --timeout=TIMEOUT Seconds to wait before giving a timeout.\n")); - printf(_(" --help Display this help and exit.\n" + " -n, --net=NETNAME Connect to net NETNAME.\n")); + printf(_(" -K, --keygen[=BITS] Generate public/private RSA keypair.\n" + " --help Display this help and exit.\n" " --version Output version information and exit.\n\n")); printf(_("Report bugs to tinc@nl.linux.org.\n")); } @@ -115,7 +120,7 @@ parse_options(int argc, char **argv, char **envp) int option_index = 0; config_t *p; - while((r = getopt_long(argc, argv, "c:Ddkn:t:", long_options, &option_index)) != EOF) + while((r = getopt_long(argc, argv, "c:Ddkn:K::", long_options, &option_index)) != EOF) { switch(r) { @@ -138,12 +143,19 @@ parse_options(int argc, char **argv, char **envp) netname = xmalloc(strlen(optarg)+1); strcpy(netname, optarg); break; - case 't': /* timeout */ - if(!(p = add_config_val(&config, TYPE_INT, optarg))) - { - printf(_("Invalid timeout value `%s'.\n"), optarg); - usage(1); - } + case 'K': /* generate public/private keypair */ + if(optarg) + { + generate_keys = atoi(optarg); + if(generate_keys < 512) + { + fprintf(stderr, _("Invalid argument! BITS must be a number equal to or greater than 512.\n")); + usage(1); + } + generate_keys &= ~7; /* Round it to bytes */ + } + else + generate_keys = 1024; break; case '?': usage(1); @@ -153,6 +165,66 @@ parse_options(int argc, char **argv, char **envp) } } +/* This function prettyprints the key generation process */ + +void indicator(int a, int b, void *p) +{ + switch(a) + { + case 0: + fprintf(stderr, "."); + break; + case 1: + fprintf(stderr, "+"); + break; + case 2: + fprintf(stderr, "-"); + break; + case 3: + switch(b) + { + case 0: + fprintf(stderr, " p\n"); + break; + case 1: + fprintf(stderr, " q\n"); + break; + default: + fprintf(stderr, "?"); + } + break; + default: + fprintf(stderr, "?"); + } +} + +/* Generate a public/private RSA keypair, and possibly store it into the configuration file. */ + +int keygen(int bits) +{ + RSA *rsa_key; + + fprintf(stderr, _("Seeding the PRNG: please press some keys or move\nthe mouse if this program seems to have halted...\n")); + RAND_load_file("/dev/random", 1024); /* OpenSSL PRNG state apparently uses 1024 bytes, but it seems pretty sufficient anyway :) */ + + fprintf(stderr, _("Generating %d bits keys:\n"), bits); + rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL); + if(!rsa_key) + { + fprintf(stderr, _("Error during key generation!")); + return -1; + } + else + fprintf(stderr, _("Done.\n")); + + fprintf(stderr, _("Please copy the private key to tinc.conf and the\npublic key to your host configuration file:\n\n")); + printf("PublicKey = %s\n", BN_bn2hex(rsa_key->n)); + printf("PrivateKey = %s\n", BN_bn2hex(rsa_key->d)); + + fflush(stdin); + return 0; +} + void memory_full(int size) { syslog(LOG_ERR, _("Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting."), cp_file, cp_line, size); @@ -351,6 +423,9 @@ main(int argc, char **argv, char **envp) make_names(); + if(generate_keys) + exit(keygen(generate_keys)); + if(kill_tincd) exit(kill_other()); From 73f7efddd723b25c1477ec1139dc7211307ff660 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 20 Oct 2000 19:46:58 +0000 Subject: [PATCH 125/923] - Removed last reference to genauth from Makefile.am - Tinc spawns tinc-up and tinc-down scripts which can be used to configure the network device. The environment variable IFNAME is set to the name of the interface. --- src/Makefile.am | 4 +--- src/net.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++-- src/tincd.c | 5 ++--- 3 files changed, 50 insertions(+), 8 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 81e57974..dab09fc2 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.3 2000/10/20 16:49:20 guus Exp $ +# $Id: Makefile.am,v 1.4.4.4 2000/10/20 19:46:57 guus Exp $ sbin_PROGRAMS = tincd @@ -14,8 +14,6 @@ LIBS = @LIBS@ @INTLLIBS@ tincd_LDADD = \ $(top_builddir)/lib/libvpn.a -genauth_LDADD = $(top_builddir)/lib/libvpn.a - localedir = $(datadir)/locale CFLAGS = @CFLAGS@ -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"@sysconfdir@\" -DLOCALEDIR=\"$(localedir)\" diff --git a/src/net.c b/src/net.c index 81318e3e..4baefe52 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.41 2000/10/20 15:34:35 guus Exp $ + $Id: net.c,v 1.35.4.42 2000/10/20 19:46:57 guus Exp $ */ #include "config.h" @@ -39,6 +39,7 @@ #ifdef HAVE_TUNTAP #include +#include #include LINUX_IF_TUN_H #endif @@ -333,7 +334,8 @@ int setup_tap_fd(void) int nfd; const char *tapfname; config_t const *cfg; - + char *envvar; + #ifdef HAVE_TUNTAP struct ifreq ifr; #endif @@ -369,12 +371,20 @@ cp { syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname); taptype = 1; + if((cfg = get_config_val(config, tapsubnet)) == NULL) syslog(LOG_INFO, _("tun/tap device will be left unconfigured")); else /* Setup inetaddr/netmask etc */; } #endif + + /* Add name of network interface to environment (for scripts) */ + + ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr); + asprintf(&envvar, "IFNAME=%s", ifr.ifr_name); + putenv(envvar); + free(envvar); cp return 0; @@ -743,6 +753,7 @@ cp int setup_network_connections(void) { config_t const *cfg; + char *scriptname; cp if((cfg = get_config_val(config, pingtimeout)) == NULL) timeout = 5; @@ -755,6 +766,23 @@ cp if(setup_myself() < 0) return -1; + /* Run tinc-up script to further initialize the tap interface */ + + asprintf(&scriptname, "%s/tinc-up", confbase); + + if(!fork()) + { + + execl(scriptname, NULL); + + if(errno != ENOENT) + syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname); + + exit(0); + } + + free(scriptname); + if((cfg = get_next_config_val(config, connectto, upstreamindex++)) == NULL) /* No upstream IP given, we're listen only. */ return 0; @@ -781,6 +809,7 @@ cp void close_network_connections(void) { conn_list_t *p; + char *scriptname; cp for(p = conn_list; p != NULL; p = p->next) { @@ -804,6 +833,22 @@ cp close(myself->socket); } + /* Execute tinc-down script right before shutting down the interface */ + + asprintf(&scriptname, "%s/tinc-down", confbase); + + if(!fork()) + { + execl(scriptname, NULL); + + if(errno != ENOENT) + syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname); + + exit(0); + } + + free(scriptname); + close(tap_fd); destroy_conn_list(); diff --git a/src/tincd.c b/src/tincd.c index f0072522..89519c15 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.13 2000/10/20 16:49:20 guus Exp $ + $Id: tincd.c,v 1.10.4.14 2000/10/20 19:46:58 guus Exp $ */ #include "config.h" @@ -373,7 +373,6 @@ void make_names(void) } else { - netname = "bla"; if(!pidfilename) pidfilename = "/var/run/tinc.pid"; if(!confbase) @@ -570,7 +569,7 @@ setup_signals(void) signal(SIGINT, sigint_handler); signal(SIGUSR1, sigusr1_handler); signal(SIGUSR2, sigusr2_handler); -// signal(SIGCHLD, parent_exit); + signal(SIGCHLD, SIG_IGN); } RETSIGTYPE parent_exit(int a) From 52b842f8076d507d3a6ea07045d085ae21d1aa10 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 21 Oct 2000 11:52:08 +0000 Subject: [PATCH 126/923] - Fixed all debug levels. - Seed PRNG before generating a challenge - Strange thing in challenge decryption: it fails if first bit is set!? --- lib/utils.h | 14 +++++++++----- src/meta.c | 6 +++--- src/net.c | 34 +++++++++++++++++----------------- src/protocol.c | 45 ++++++++++++++++++++++++++++++++++++--------- src/tincd.c | 18 +++++++++--------- 5 files changed, 74 insertions(+), 43 deletions(-) diff --git a/lib/utils.h b/lib/utils.h index 46465f36..cc3d322d 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -24,11 +24,15 @@ #include enum { - DEBUG_CONNECTIONS = 0, - DEBUG_PROTOCOL, - DEBUG_STATUS, - DEBUG_ERROR, - DEBUG_META + DEBUG_NOTHING = 0, /* Quiet mode, only show starting/stopping of the daemon */ + DEBUG_CONNECTIONS = 1, /* Show (dis)connects of other tinc daemons via TCP */ + DEBUG_ERROR = 2, /* Show error messages received from other hosts */ + DEBUG_STATUS = 2, /* Show status messages received from other hosts */ + DEBUG_PROTOCOL = 3, /* Show the requests that are sent/received */ + DEBUG_META = 4, /* Show contents of every request that is sent/received */ + DEBUG_TRAFFIC = 5, /* Show network traffic information */ + DEBUG_PACKET = 6, /* Show contents of each packet that is being sent/received */ + DEBUG_SCARY_THINGS = 10 /* You have been warned */ }; #define min(a,b) (((a)<(b))?(a):(b)) diff --git a/src/meta.c b/src/meta.c index 0a40d8c4..31a387a0 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.4 2000/10/15 00:59:34 guus Exp $ + $Id: meta.c,v 1.1.2.5 2000/10/21 11:52:06 guus Exp $ */ #include "config.h" @@ -106,7 +106,7 @@ cp return 0; if(errno==0) { - if(debug_lvl>DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), cl->name, cl->hostname); } @@ -140,7 +140,7 @@ cp if(cl->reqlen) { - if(debug_lvl > DEBUG_META) + if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), cl->name, cl->hostname, cl->buffer); diff --git a/src/net.c b/src/net.c index 4baefe52..785cb678 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.42 2000/10/20 19:46:57 guus Exp $ + $Id: net.c,v 1.35.4.43 2000/10/21 11:52:06 guus Exp $ */ #include "config.h" @@ -104,7 +104,7 @@ cp EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad); outlen += outpad; - if(debug_lvl > 3) + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), outlen, cl->name, cl->hostname); @@ -127,7 +127,7 @@ int xrecv(vpn_packet_t *inpkt) vpn_packet_t outpkt; int outlen, outpad; cp - if(debug_lvl > 3) + if(debug_lvl > DEBUG_TRAFFIC) syslog(LOG_ERR, _("Receiving packet of %d bytes"), inpkt->len); @@ -240,7 +240,7 @@ cp p = next; } - if(debug_lvl > 3) + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Queue flushed")); cp } @@ -255,7 +255,7 @@ void flush_queues(conn_list_t *cl) cp if(cl->sq) { - if(debug_lvl > 3) + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"), cl->name, cl->hostname); flush_queue(cl, &(cl->sq), xsend); @@ -263,7 +263,7 @@ cp if(cl->rq) { - if(debug_lvl > 3) + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"), cl->name, cl->hostname); flush_queue(cl, &(cl->rq), xrecv); @@ -280,7 +280,7 @@ int send_packet(ip_t to, vpn_packet_t *packet) cp if((cl = lookup_conn_list_ipv4(to)) == NULL) { - if(debug_lvl > 3) + if(debug_lvl >= DEBUG_TRAFFIC) { syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"), IP_ADDR_V(to)); @@ -303,7 +303,7 @@ cp if(!cl->status.validkey) { - if(debug_lvl > 3) + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), cl->name, cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); @@ -314,7 +314,7 @@ cp if(!cl->status.active) { - if(debug_lvl > 3) + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->name, cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); @@ -511,7 +511,7 @@ int setup_outgoing_meta_socket(conn_list_t *cl) struct sockaddr_in a; config_t const *cfg; cp - if(debug_lvl > 0) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname); if((cfg = get_config_val(cl->config, port)) == NULL) @@ -545,7 +545,7 @@ cp return -1; } - if(debug_lvl > 0) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_INFO, _("Connected to %s port %hd"), cl->hostname, cl->port); @@ -865,7 +865,7 @@ int setup_vpn_connection(conn_list_t *cl) int nfd, flags; struct sockaddr_in a; cp - if(debug_lvl > 0) + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname); nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); @@ -928,7 +928,7 @@ cp p->last_ping_time = time(NULL); p->want_ping = 0; - if(debug_lvl > 0) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection from %s port %d"), p->hostname, htons(ci.sin_port)); @@ -1005,7 +1005,7 @@ cp if(cl->status.remove) return; - if(debug_lvl > 0) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), cl->name, cl->hostname); @@ -1078,7 +1078,7 @@ cp { if(p->status.pinged && !p->status.got_pong) { - if(debug_lvl > 1) + if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), p->name, p->hostname); p->status.timeout = 1; @@ -1212,14 +1212,14 @@ cp ether_type = ntohs(*((unsigned short*)(&vp.data[12]))); if(ether_type != 0x0800) { - if(debug_lvl > 3) + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x"), ether_type, MAC_ADDR_V(vp.data[6])); return; } if(lenin < 32) { - if(debug_lvl > 3) + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x"), MAC_ADDR_V(vp.data[6])); return; } diff --git a/src/protocol.c b/src/protocol.c index 3c596398..b19e5725 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.43 2000/10/20 15:34:37 guus Exp $ + $Id: protocol.c,v 1.28.4.44 2000/10/21 11:52:07 guus Exp $ */ #include "config.h" @@ -104,7 +104,7 @@ cp } else { - if(debug_lvl > DEBUG_PROTOCOL) + if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_DEBUG, _("Got %s from %s (%s)"), request_name[request], cl->name, cl->hostname); } @@ -205,7 +205,7 @@ cp { if((old = lookup_id(cl->name))) { - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), cl->name, cl->hostname); cl->status.outgoing = 0; old->status.outgoing = 1; @@ -247,10 +247,23 @@ cp cl->hischallenge = xmalloc(len); cp + /* Seed the PRNG with urandom (can't afford to block) */ + + RAND_load_file("/dev/urandom", 1024); + /* Copy random data to the buffer */ RAND_bytes(cl->hischallenge, len); + cl->hischallenge[0] &= 0x7F; /* Somehow if the first byte is more than 0xD0 or something like that, decryption fails... */ + + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(cl->hischallenge, buffer, len); + buffer[len*2] = '\0'; + syslog(LOG_DEBUG, _("Generated random challenge (unencrypted): %s"), buffer); + } + /* Encrypt the random data */ if(RSA_public_encrypt(len, cl->hischallenge, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */ @@ -314,6 +327,13 @@ cp return -1; } + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(cl->mychallenge, buffer, len); + buffer[len*2] = '\0'; + syslog(LOG_DEBUG, _("Received random challenge (unencrypted): %s"), buffer); + } + free(buffer); /* Rest is done by send_chal_reply() */ @@ -385,10 +405,17 @@ cp if(memcmp(hishash, myhash, SHA_DIGEST_LENGTH)) { syslog(LOG_ERR, _("Intruder: wrong challenge reply from %s (%s)"), cl->name, cl->hostname); + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); + hishash[SHA_DIGEST_LENGTH*2] = '\0'; + syslog(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); + } free(hishash); return -1; } + free(hishash); /* Identity has now been positively verified. @@ -421,7 +448,7 @@ cp while((old = lookup_id(cl->name))) { - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), cl->name, old->hostname, cl->hostname); old->status.active = 0; @@ -433,7 +460,7 @@ cp cl->allow_request = ALL; cl->status.active = 1; - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); /* Exchange information about other tinc daemons */ @@ -668,14 +695,14 @@ cp { if((new->address == old->address) && (new->port == old->port)) { - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), old->name, old->hostname, new->name, new->hostname); return 0; } else { - if(debug_lvl > DEBUG_CONNECTIONS) + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"), old->name, old->hostname); old->status.active = 0; @@ -817,7 +844,7 @@ cp return -1; } - if(debug_lvl > DEBUG_STATUS) + if(debug_lvl >= DEBUG_STATUS) { syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), cl->name, cl->hostname, status_text[statusno], statusstring); @@ -848,7 +875,7 @@ cp return -1; } - if(debug_lvl > DEBUG_ERROR) + if(debug_lvl >= DEBUG_ERROR) { syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), cl->name, cl->hostname, strerror(errno), errorstring); diff --git a/src/tincd.c b/src/tincd.c index 89519c15..a06f3fe3 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.14 2000/10/20 19:46:58 guus Exp $ + $Id: tincd.c,v 1.10.4.15 2000/10/21 11:52:08 guus Exp $ */ #include "config.h" @@ -281,11 +281,11 @@ int detach(void) openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); - if(debug_lvl > 0) + if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d"), VERSION, __DATE__, __TIME__, debug_lvl); else - syslog(LOG_NOTICE, _("tincd %s starting"), VERSION, debug_lvl); + syslog(LOG_NOTICE, _("tincd %s starting"), VERSION); xalloc_fail_func = memory_full; @@ -299,7 +299,7 @@ void cleanup_and_exit(int c) { close_network_connections(); - if(debug_lvl > 0) + if(debug_lvl > DEBUG_NOTHING) syslog(LOG_INFO, _("Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d"), total_tap_out, total_socket_out, total_tap_in, total_socket_in); @@ -467,7 +467,7 @@ main(int argc, char **argv, char **envp) RETSIGTYPE sigterm_handler(int a) { - if(debug_lvl > 0) + if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got TERM signal")); cleanup_and_exit(0); } @@ -475,7 +475,7 @@ sigterm_handler(int a) RETSIGTYPE sigquit_handler(int a) { - if(debug_lvl > 0) + if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got QUIT signal")); cleanup_and_exit(0); } @@ -512,7 +512,7 @@ sigsegv_handler(int a) RETSIGTYPE sighup_handler(int a) { - if(debug_lvl > 0) + if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got HUP signal, rereading configuration and restarting")); sighup = 1; } @@ -520,7 +520,7 @@ sighup_handler(int a) RETSIGTYPE sigint_handler(int a) { - if(debug_lvl > 0) + if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got INT signal, exiting")); cleanup_and_exit(0); } @@ -534,7 +534,7 @@ sigusr1_handler(int a) RETSIGTYPE sigusr2_handler(int a) { - if(debug_lvl > 1) + if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got USR2 signal, forcing new key generation")); /* FIXME: reprogram this. regenerate_keys(); From 56d8e862409ae91c63a27968b01a48a94aafb205 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 22 Oct 2000 13:37:15 +0000 Subject: [PATCH 127/923] Include linux/sockios.h and net/if.h anyway, regardless of the value of HAVE_TUNTAP. --- src/net.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/net.c b/src/net.c index 785cb678..47c185d4 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.43 2000/10/21 11:52:06 guus Exp $ + $Id: net.c,v 1.35.4.44 2000/10/22 13:37:15 zarq Exp $ */ #include "config.h" @@ -25,6 +25,8 @@ #include #include #include +#include +#include #include #include #include @@ -38,8 +40,6 @@ #include #ifdef HAVE_TUNTAP -#include -#include #include LINUX_IF_TUN_H #endif @@ -335,10 +335,8 @@ int setup_tap_fd(void) const char *tapfname; config_t const *cfg; char *envvar; - -#ifdef HAVE_TUNTAP struct ifreq ifr; -#endif + cp if((cfg = get_config_val(config, tapdevice))) tapfname = cfg->data.ptr; From 76d794eaf7c1664a47f4d0080fcd80e4a551740b Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 22 Oct 2000 13:47:41 +0000 Subject: [PATCH 128/923] read_server_config: Check for result of read_config_file. --- src/conf.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/conf.c b/src/conf.c index 72ef4081..641ce3f8 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.15 2000/10/16 16:33:29 guus Exp $ + $Id: conf.c,v 1.9.4.16 2000/10/22 13:47:41 zarq Exp $ */ @@ -214,6 +214,11 @@ int read_server_config() cp asprintf(&fname, "%s/tinc.conf", confbase); x = read_config_file(&config, fname); + if(x != 0) + { + fprintf(stderr, _("Failed to read `%s': %m\n"), + fname); + } free(fname); cp return x; From c46e84837d1c84a8590e0e3507227670368884a7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 23 Oct 2000 13:52:54 +0000 Subject: [PATCH 129/923] - route.c will contain the routing logic. --- src/route.c | 88 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 src/route.c diff --git a/src/route.c b/src/route.c new file mode 100644 index 00000000..a958e1a7 --- /dev/null +++ b/src/route.c @@ -0,0 +1,88 @@ +/* + route.c -- routing + Copyright (C) 2000 Ivo Timmermans , + 2000 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: route.c,v 1.1.2.1 2000/10/23 13:52:54 guus Exp $ +*/ + +#include "config.h" + +#include +#include + +#include "net.h" +#include "connlist.h" + +#include "system.h" + +int routing_mode = 0; /* Will be used to determine if we route by MAC or by payload's protocol */ + +conn_list_t *route_packet(vpn_packet_t *packet) +{ + unsigned short type; +cp + type = ntohs(*((unsigned short*)(&packet.data[12]))) + + switch(type) + { + case 0x0800: + return route_ipv4(packet); + case 0x86DD: + return route_ipv6(packet); +/* + case 0x8137: + return route_ipx(packet); + case 0x0806: + return route_arp(packet); +*/ + default: + /* TODO: try MAC as last resort? */ + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_WARNING, _("Cannot route packet: unknown type %hx"), type); + } + return NULL; + } +} + +conn_list_t *route_ipv4(vpn_packet_t *packet) +{ + ipv4_t dest; + conn_list_t *cl; +cp + dest = ntohl(*((unsigned long*)(&packet.data[30]); + + cl = lookup_conn_list_ipv4(dest); + if(!cl) + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_WARNING, _("Cannot route packet: unknown destination address %d.%d.%d.%d"), + packet.data[30], packet.data[31], packet.data[32], packet.data[33]); + } + + return cl; +cp +} + +conn_list_t *route_ipv6(vpn_packet_t *packet) +{ +cp + syslog(LOG_WARNING, _("Cannot route packet: IPv6 routing not implemented yet")); + return NULL; +cp +} From 60401d99b18ae01d91ca65faf8d2b32fac2b4474 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Mon, 23 Oct 2000 21:56:56 +0000 Subject: [PATCH 130/923] Oops, echelon change committed to cabal... :) --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 4adbb627..194fc931 100644 --- a/configure.in +++ b/configure.in @@ -1,9 +1,9 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.11 2000/10/18 19:44:11 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.12 2000/10/23 21:56:56 zarq Exp $ AC_INIT(src/tincd.c) -AM_INIT_AUTOMAKE(tinc, echelon) +AM_INIT_AUTOMAKE(tinc, 1.0pre3) AM_CONFIG_HEADER(config.h) dnl Include the macros from the m4/ directory From 9c2f805255fa36b05e8fe9391f639581d938b653 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 24 Oct 2000 15:46:18 +0000 Subject: [PATCH 131/923] - Lots of little stuff modified - Succesfully reads in subnets from host config file now and adds them to the list. --- src/conf.c | 19 ++---------- src/conf.h | 10 +++--- src/connlist.c | 14 ++++++++- src/meta.c | 14 +++++---- src/net.c | 84 ++++++++++++++++++++++++++++---------------------- src/netutl.c | 4 +-- src/protocol.c | 3 +- src/subnet.c | 66 ++++++++++++++++++++++++++++++--------- 8 files changed, 130 insertions(+), 84 deletions(-) diff --git a/src/conf.c b/src/conf.c index 641ce3f8..1536b583 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.16 2000/10/22 13:47:41 zarq Exp $ + $Id: conf.c,v 1.9.4.17 2000/10/24 15:46:15 guus Exp $ */ @@ -69,7 +69,7 @@ static internal_config_t hazahaza[] = { { "Address", address, TYPE_NAME }, { "Port", port, TYPE_INT }, { "PublicKey", publickey, TYPE_NAME }, - { "Subnet", subnet, TYPE_NAME }, + { "Subnet", subnet, TYPE_IP }, /* Use IPv4 subnets only for now */ { "RestrictHosts", restricthosts, TYPE_BOOL }, { "RestrictSubnets", restrictsubnets, TYPE_BOOL }, { "RestrictAddress", restrictaddress, TYPE_BOOL }, @@ -237,21 +237,6 @@ cp return p; } -/* - Support for multiple config lines. - Index is used to get a specific value, 0 being the first, 1 the second etc. -*/ -const config_t *get_next_config_val(config_t *p, which_t type, int index) -{ -cp - for(; p != NULL; p = p->next) - if(p->which == type) - if(--index < 0) - break; -cp - return p; -} - /* Remove the complete configuration tree. */ diff --git a/src/conf.h b/src/conf.h index 15170576..c1db544e 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,17 +17,19 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.13 2000/10/15 00:59:34 guus Exp $ + $Id: conf.h,v 1.6.4.14 2000/10/24 15:46:16 guus Exp $ */ #ifndef __TINC_CONF_H__ #define __TINC_CONF_H__ +#include "net.h" + #define MAXTIMEOUT 900 /* Maximum timeout value for retries. Should this be a configuration option? */ typedef struct ip_mask_t { - unsigned long ip; - unsigned long mask; + ipv4_t address; + ipv4_t mask; } ip_mask_t; typedef enum which_t { @@ -86,7 +88,6 @@ enum { extern config_t *config; extern int debug_lvl; extern int timeout; -extern int upstreamindex; extern int sighup; extern char *confbase; extern char *netname; @@ -94,7 +95,6 @@ extern char *netname; extern config_t *add_config_val(config_t **, int, char *); extern int read_config_file(config_t **, const char *); extern const config_t *get_config_val(config_t *, which_t type); -extern const config_t *get_next_config_val(config_t *, which_t type, int); extern void clear_config(); extern int read_server_config(void); diff --git a/src/connlist.c b/src/connlist.c index 9da2d6d1..b3bb3c46 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.7 2000/10/20 15:34:34 guus Exp $ + $Id: connlist.c,v 1.1.2.8 2000/10/24 15:46:16 guus Exp $ */ #include @@ -196,11 +196,23 @@ void dump_conn_list(void) cp syslog(LOG_DEBUG, _("Connection list:")); + syslog(LOG_DEBUG, _("%s at %s port %hd flags %d sockets %d, %d status %04x"), + myself->name, myself->hostname, myself->port, myself->flags, + myself->socket, myself->meta_socket, myself->status); + + for(s = myself->subnets; s != NULL; s = s->next) + { + netstr = net2str(s); + syslog(LOG_DEBUG, ": %s", netstr); + free(netstr); + } + for(p = conn_list; p != NULL; p = p->next) { syslog(LOG_DEBUG, _("%s at %s port %hd flags %d sockets %d, %d status %04x"), p->name, p->hostname, p->port, p->flags, p->socket, p->meta_socket, p->status); + for(s = p->subnets; s != NULL; s = s->next) { netstr = net2str(s); diff --git a/src/meta.c b/src/meta.c index 31a387a0..bc9d0b52 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.5 2000/10/21 11:52:06 guus Exp $ + $Id: meta.c,v 1.1.2.6 2000/10/24 15:46:16 guus Exp $ */ #include "config.h" @@ -43,13 +43,14 @@ cp cl->name, cl->hostname, buffer); buffer[length-1]='\n'; - +/* if(cl->status.encryptout) { EVP_EncryptUpdate(cl->cipher_outctx, outbuf, &outlen, buffer, length); bufp = outbuf; } else +*/ bufp = buffer; if(write(cl->meta_socket, bufp, length) < 0) @@ -92,10 +93,11 @@ cp cl->name, cl->hostname, strerror(x)); return -1; } - +/* if(cl->status.decryptin) bufp = inbuf; else +*/ bufp = cl->buffer + cl->buflen; lenin = read(cl->meta_socket, bufp, MAXBUFSIZE - cl->buflen); @@ -115,12 +117,12 @@ cp cl->name, cl->hostname); return -1; } - +/* if(cl->status.decryptin) { EVP_DecryptUpdate(cl->cipher_inctx, cl->buffer + cl->buflen, NULL, inbuf, lenin); } - +*/ oldlen = cl->buflen; cl->buflen += lenin; @@ -140,7 +142,7 @@ cp if(cl->reqlen) { - if(debug_lvl >= DEBUG_PROTOCOL) + if(debug_lvl >= DEBUG_META) syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), cl->name, cl->hostname, cl->buffer); diff --git a/src/net.c b/src/net.c index 47c185d4..ae6fbed8 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.44 2000/10/22 13:37:15 zarq Exp $ + $Id: net.c,v 1.35.4.45 2000/10/24 15:46:16 guus Exp $ */ #include "config.h" @@ -62,7 +62,7 @@ int total_tap_out = 0; int total_socket_in = 0; int total_socket_out = 0; -int upstreamindex = 0; +config_t *upstreamcfg; static int seconds_till_retry; char *unknown = NULL; @@ -127,19 +127,16 @@ int xrecv(vpn_packet_t *inpkt) vpn_packet_t outpkt; int outlen, outpad; cp - if(debug_lvl > DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Receiving packet of %d bytes"), - inpkt->len); - outpkt.len = inpkt->len; EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL); EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); - /* FIXME: grok DecryptFinal EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad); - */ + outlen += outpad; + /* FIXME sometime add_mac_addresses(&outpkt); - + */ + if(write(tap_fd, outpkt.data, outpkt.len) < 0) syslog(LOG_ERR, _("Can't write to tap device: %m")); else @@ -438,7 +435,7 @@ cp a.sin_port = htons(port); if((cfg = get_config_val(config, interfaceip))) - a.sin_addr.s_addr = htonl(cfg->data.ip->ip); + a.sin_addr.s_addr = htonl(cfg->data.ip->address); else a.sin_addr.s_addr = htonl(INADDR_ANY); @@ -620,11 +617,13 @@ cp } /* - set up the local sockets (listen only) + Configure conn_list_t myself and set up the local sockets (listen only) */ int setup_myself(void) { config_t const *cfg; + subnet_t *net; + int i; cp myself = new_conn_list(); @@ -693,6 +692,18 @@ cp if(cfg->data.val == stupid_true) myself->flags |= TCPONLY; +/* Read in all the subnets specified in the host configuration file */ + + for(cfg = myself->config; cfg = get_config_val(cfg, subnet); cfg = cfg->next) + { + net = new_subnet(); + net->type = SUBNET_IPV4; + net->net.ipv4.address = cfg->data.ip->address; + net->net.ipv4.mask = cfg->data.ip->mask; + + subnet_add(myself, net); + } + if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening socket!")); @@ -718,24 +729,25 @@ sigalrm_handler(int a) { config_t const *cfg; cp - cfg = get_next_config_val(config, connectto, upstreamindex++); + cfg = get_config_val(upstreamcfg, connectto); - if(!upstreamindex && !cfg) + if(!cfg && upstreamcfg == myself->config) /* No upstream IP given, we're listen only. */ return; while(cfg) { + upstreamcfg = cfg->next; if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ { signal(SIGALRM, SIG_IGN); return; } - cfg = get_next_config_val(config, connectto, upstreamindex++); /* Or else we try the next ConnectTo line */ + cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */ } signal(SIGALRM, sigalrm_handler); - upstreamindex = 0; + upstreamcfg = myself->config; seconds_till_retry += 5; if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */ seconds_till_retry = MAXTIMEOUT; @@ -781,19 +793,20 @@ cp free(scriptname); - if((cfg = get_next_config_val(config, connectto, upstreamindex++)) == NULL) + if(!(cfg = get_config_val(myself->config, connectto))) /* No upstream IP given, we're listen only. */ return 0; while(cfg) { + upstreamcfg = cfg->next; if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ return 0; - cfg = get_next_config_val(config, connectto, upstreamindex++); /* Or else we try the next ConnectTo line */ + cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */ } signal(SIGALRM, sigalrm_handler); - upstreamindex = 0; + upstreamcfg = myself->config; seconds_till_retry = MAXTIMEOUT; syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); alarm(seconds_till_retry); @@ -968,6 +981,8 @@ int handle_incoming_vpn_data() vpn_packet_t pkt; int lenin; int x, l = sizeof(x); + struct sockaddr from; + socklen_t fromlen = sizeof(from); cp if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { @@ -981,12 +996,18 @@ cp return -1; } - if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, NULL, NULL) <= 0) + if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); return -1; } - +/* + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len, + from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]); + } +*/ cp return xrecv(&pkt); } @@ -1181,11 +1202,8 @@ cp void handle_tap_input(void) { vpn_packet_t vp; - ip_t from, to; - int ether_type, lenin; + int lenin; cp - memset(&vp, 0, sizeof(vp)); - if(taptype = 1) { if((lenin = read(tap_fd, vp.data, MTU)) <= 0) @@ -1207,25 +1225,19 @@ cp total_tap_in += lenin; - ether_type = ntohs(*((unsigned short*)(&vp.data[12]))); - if(ether_type != 0x0800) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x"), ether_type, MAC_ADDR_V(vp.data[6])); - return; - } - if(lenin < 32) { if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x"), MAC_ADDR_V(vp.data[6])); + syslog(LOG_WARNING, _("Received short packet from tap device")); return; } - from = ntohl(*((unsigned long*)(&vp.data[26]))); - to = ntohl(*((unsigned long*)(&vp.data[30]))); + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len); + } - send_packet(to, &vp); +// route_packet(&vp); cp } diff --git a/src/netutl.c b/src/netutl.c index 5f627706..ff6114c2 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.12 2000/10/11 22:01:00 guus Exp $ + $Id: netutl.c,v 1.12.4.13 2000/10/24 15:46:17 guus Exp $ */ #include "config.h" @@ -125,7 +125,7 @@ cp } ip = xmalloc(sizeof(*ip)); - ip->ip = ntohl(*((ip_t*)(h->h_addr_list[0]))); + ip->address = ntohl(*((ip_t*)(h->h_addr_list[0]))); ip->mask = masker ? ~((1 << (32 - masker)) - 1) : 0; cp diff --git a/src/protocol.c b/src/protocol.c index b19e5725..fe0d180e 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.44 2000/10/21 11:52:07 guus Exp $ + $Id: protocol.c,v 1.28.4.45 2000/10/24 15:46:17 guus Exp $ */ #include "config.h" @@ -469,7 +469,6 @@ cp notify_others(cl, NULL, send_add_host); notify_one(cl); */ - upstreamindex = 0; cp if(cl->status.outgoing) diff --git a/src/subnet.c b/src/subnet.c index 12b78ef8..fbcfba7f 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.4 2000/10/15 00:59:37 guus Exp $ + $Id: subnet.c,v 1.1.2.5 2000/10/24 15:46:18 guus Exp $ */ #include "config.h" @@ -45,13 +45,48 @@ cp void subnet_add(conn_list_t *cl, subnet_t *subnet) { + subnet_t *p = NULL; + subnet_t *q = NULL; cp - /* FIXME: do sorting on netmask size if necessary */ + subnet->owner = cl; - subnet->next = cl->subnets->next; - subnet->prev = NULL; - subnet->next->prev = subnet; - cl->subnets = subnet; + /* Sort on size of subnet mask (IPv4 only at the moment!) + + Three cases: cl->subnets = NULL -> just add this subnet + insert before first -> add it in front of list + rest: insert after another subnet + */ + + if(cl->subnets) + { + p = q = cl->subnets; + + for(; p; p = p->next) + { + if(subnet->net.ipv4.mask >= p->net.ipv4.mask) + break; + + q = p; + } + } + + if(!cl->subnets || p == cl->subnets) /* First two cases */ + { + /* Insert in front */ + subnet->next = cl->subnets; + subnet->prev = NULL; + cl->subnets = subnet; + } + else /* Third case */ + { + /* Insert after q */ + subnet->next = q->next; + subnet->prev = q; + q->next = subnet; + } + + if(subnet->next) + subnet->next->prev = subnet; cp } @@ -59,15 +94,13 @@ void subnet_del(subnet_t *subnet) { cp if(subnet->prev) - { - subnet->prev->next = subnet->next; - } + subnet->prev->next = subnet->next; else - { - subnet->owner->subnets = subnet->next; - } + subnet->owner->subnets = subnet->next; + + if(subnet->next) + subnet->next->prev = subnet->prev; - subnet->next->prev = subnet->prev; free_subnet(subnet); cp } @@ -100,7 +133,7 @@ cp } break; case SUBNET_IPV4: - if(sscanf(subnetstr, "%d,%lx:%lx", &subnet->type, &subnet->net.ipv4.address, &subnet->net.ipv4.mask) != 3) + if(sscanf(subnetstr, "%d,%lx/%lx", &subnet->type, &subnet->net.ipv4.address, &subnet->net.ipv4.mask) != 3) { free_subnet(subnet); return NULL; @@ -152,8 +185,10 @@ cp subnet->net.mac.address.x[3], subnet->net.mac.address.x[4], subnet->net.mac.address.x[5]); + break; case SUBNET_IPV4: - asprintf(&netstr, "%d,%lx:%lx", subnet->type, subnet->net.ipv4.address, subnet->net.ipv4.mask); + asprintf(&netstr, "%d,%lx/%lx", subnet->type, subnet->net.ipv4.address, subnet->net.ipv4.mask); + break; case SUBNET_IPV6: asprintf(&netstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", subnet->net.ipv6.address.x[0], @@ -172,6 +207,7 @@ cp subnet->net.ipv6.mask.x[5], subnet->net.ipv6.mask.x[6], subnet->net.ipv6.mask.x[7]); + break; default: netstr = NULL; } From d47d5932a3bbc4940aa6453ebfe617ef330783c8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 28 Oct 2000 16:41:40 +0000 Subject: [PATCH 132/923] - Updated subnet list handling. Subnets are added to two lists now, the owner's list and a global list. It is all fucked up but it probably works anyway, good enough for pre3 :). --- src/connlist.c | 35 +--------------- src/connlist.h | 5 +-- src/net.c | 7 +++- src/subnet.c | 110 ++++++++++++++++++++++++++++++------------------- src/subnet.h | 12 ++++-- 5 files changed, 82 insertions(+), 87 deletions(-) diff --git a/src/connlist.c b/src/connlist.c index b3bb3c46..ebb276e7 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.8 2000/10/24 15:46:16 guus Exp $ + $Id: connlist.c,v 1.1.2.9 2000/10/28 16:41:37 guus Exp $ */ #include @@ -153,39 +153,6 @@ cp return p; } -conn_list_t *lookup_conn_list_mac(mac_t address) -{ - conn_list_t *p; -cp - for(p = conn_list; p != NULL; p = p->next) - if(lookup_subnet_mac(p->subnets, address)) - break; -cp - return p; -} - -conn_list_t *lookup_conn_list_ipv4(ipv4_t address) -{ - conn_list_t *p; -cp - for(p = conn_list; p != NULL; p = p->next) - if(lookup_subnet_ipv4(p->subnets, address)) - break; -cp - return p; -} - -conn_list_t *lookup_conn_list_ipv6(ipv6_t address) -{ - conn_list_t *p; -cp - for(p = conn_list; p != NULL; p = p->next) - if(lookup_subnet_ipv6(p->subnets, address)) - break; -cp - return p; -} - /* Debugging */ void dump_conn_list(void) diff --git a/src/connlist.h b/src/connlist.h index 0c81e06e..3ea64eed 100644 --- a/src/connlist.h +++ b/src/connlist.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.h,v 1.1.2.4 2000/10/20 15:34:34 guus Exp $ + $Id: connlist.h,v 1.1.2.5 2000/10/28 16:41:37 guus Exp $ */ #ifndef __TINC_CONNLIST_H__ @@ -86,9 +86,6 @@ extern void free_conn_list(conn_list_t *); extern void add_conn_list(conn_list_t *); extern void del_conn_list(conn_list_t *); extern conn_list_t *lookup_id(char *); -extern conn_list_t *lookup_conn_list_mac(mac_t); -extern conn_list_t *lookup_conn_list_ipv4(ipv4_t); -extern conn_list_t *lookup_conn_list_ipv6(ipv6_t); extern void dump_conn_list(void); extern int read_host_config(conn_list_t *); diff --git a/src/net.c b/src/net.c index ae6fbed8..d99bd287 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.45 2000/10/24 15:46:16 guus Exp $ + $Id: net.c,v 1.35.4.46 2000/10/28 16:41:38 guus Exp $ */ #include "config.h" @@ -274,8 +274,9 @@ cp int send_packet(ip_t to, vpn_packet_t *packet) { conn_list_t *cl; + subnet_t *subnet; cp - if((cl = lookup_conn_list_ipv4(to)) == NULL) + if((subnet = lookup_subnet_ipv4(to)) == NULL) { if(debug_lvl >= DEBUG_TRAFFIC) { @@ -285,6 +286,8 @@ cp return -1; } + + cl = subnet->owner; /* If we ourselves have indirectdata flag set, we should send only to our uplink! */ diff --git a/src/subnet.c b/src/subnet.c index fbcfba7f..c7b2ed7e 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.5 2000/10/24 15:46:18 guus Exp $ + $Id: subnet.c,v 1.1.2.6 2000/10/28 16:41:40 guus Exp $ */ #include "config.h" @@ -27,6 +27,10 @@ #include "subnet.h" #include "net.h" +/* lists type of subnet */ + +subnet_t *subnet_list[SUBNET_TYPES] = { NULL }; + /* Allocating and freeing space for subnets */ subnet_t *new_subnet(void) @@ -50,18 +54,28 @@ void subnet_add(conn_list_t *cl, subnet_t *subnet) cp subnet->owner = cl; + /* Link it into the owners list of subnets (unsorted) */ + + subnet->next = cl->subnets->next; + subnet->prev = NULL; + if(subnet->next) + subnet->next->prev = subnet; + cl->subnets = subnet; + + /* And now add it to the global subnet list (sorted) */ + /* Sort on size of subnet mask (IPv4 only at the moment!) - Three cases: cl->subnets = NULL -> just add this subnet + Three cases: subnet_list[] = NULL -> just add this subnet insert before first -> add it in front of list rest: insert after another subnet */ - if(cl->subnets) + if(subnet_list[subnet->type]) { - p = q = cl->subnets; + p = q = subnet_list[subnet->type]; - for(; p; p = p->next) + for(; p; p = p->global_next) { if(subnet->net.ipv4.mask >= p->net.ipv4.mask) break; @@ -69,38 +83,56 @@ cp q = p; } } - - if(!cl->subnets || p == cl->subnets) /* First two cases */ + + if(!subnet_list[subnet->type] || p == subnet_list[subnet->type]) /* First two cases */ { /* Insert in front */ - subnet->next = cl->subnets; - subnet->prev = NULL; - cl->subnets = subnet; + subnet->global_next = subnet_list[subnet->type]; + subnet->global_prev = NULL; + subnet_list[subnet->type] = subnet; } - else /* Third case */ + else /* Third case */ { /* Insert after q */ - subnet->next = q->next; - subnet->prev = q; - q->next = subnet; + subnet->global_next = q->global_next; + subnet->global_prev = q; + q->global_next = subnet; } - if(subnet->next) - subnet->next->prev = subnet; + if(subnet->global_next) + subnet->global_next->global_prev = subnet; cp } void subnet_del(subnet_t *subnet) { cp + /* Remove it from owner's list */ + if(subnet->prev) - subnet->prev->next = subnet->next; + { + subnet->prev->next = subnet->next; + } else - subnet->owner->subnets = subnet->next; + { + subnet->owner->subnets = subnet->next; + } - if(subnet->next) - subnet->next->prev = subnet->prev; + subnet->next->prev = subnet->prev; + /* Remove it from the global list */ + + if(subnet->global_prev) + { + subnet->global_prev->global_next = subnet->global_next; + } + else + { + subnet_list[subnet->type] = subnet->global_next; + } + + subnet->global_next->global_prev = subnet->global_prev; + free_subnet(subnet); cp } @@ -185,10 +217,8 @@ cp subnet->net.mac.address.x[3], subnet->net.mac.address.x[4], subnet->net.mac.address.x[5]); - break; case SUBNET_IPV4: asprintf(&netstr, "%d,%lx/%lx", subnet->type, subnet->net.ipv4.address, subnet->net.ipv4.mask); - break; case SUBNET_IPV6: asprintf(&netstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", subnet->net.ipv6.address.x[0], @@ -207,7 +237,6 @@ cp subnet->net.ipv6.mask.x[5], subnet->net.ipv6.mask.x[6], subnet->net.ipv6.mask.x[7]); - break; default: netstr = NULL; } @@ -217,49 +246,44 @@ cp /* Subnet lookup routines */ -subnet_t *lookup_subnet_mac(subnet_t *subnets, mac_t address) +subnet_t *lookup_subnet_mac(mac_t address) { subnet_t *subnet; cp - for(subnet = subnets; subnet != NULL; subnet = subnet->next) + for(subnet = subnet_list[SUBNET_MAC]; subnet != NULL; subnet = subnet->next) { - if(subnet->type == SUBNET_MAC) - if(memcmp(&address, &subnet->net.mac.address, sizeof(address)) == 0) - break; + if(memcmp(&address, &subnet->net.mac.address, sizeof(address)) == 0) + break; } cp return subnet; } -subnet_t *lookup_subnet_ipv4(subnet_t *subnets, ipv4_t address) +subnet_t *lookup_subnet_ipv4(ipv4_t address) { subnet_t *subnet; cp - for(subnet = subnets; subnet != NULL; subnet = subnet->next) + for(subnet = subnet_list[SUBNET_IPV4]; subnet != NULL; subnet = subnet->next) { - if(subnet->type == SUBNET_IPV4) - if((address & subnet->net.ipv4.mask) == subnet->net.ipv4.address) - break; + if((address & subnet->net.ipv4.mask) == subnet->net.ipv4.address) + break; } cp return subnet; } -subnet_t *lookup_subnet_ipv6(subnet_t *subnets, ipv6_t address) +subnet_t *lookup_subnet_ipv6(ipv6_t address) { subnet_t *subnet; int i; cp - for(subnet = subnets; subnet != NULL; subnet = subnet->next) + for(subnet = subnet_list[SUBNET_IPV6]; subnet != NULL; subnet = subnet->next) { - if(subnet->type == SUBNET_IPV6) - { - for(i=0; i<8; i++) - if((address.x[i] & subnet->net.ipv6.mask.x[i]) != subnet->net.ipv6.address.x[i]) - break; - if(i=8) - break; - } + for(i=0; i<8; i++) + if((address.x[i] & subnet->net.ipv6.mask.x[i]) != subnet->net.ipv6.address.x[i]) + break; + if(i=8) + break; } cp return subnet; diff --git a/src/subnet.h b/src/subnet.h index 8ebed81d..0d628767 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.3 2000/10/11 22:01:02 guus Exp $ + $Id: subnet.h,v 1.1.2.4 2000/10/28 16:41:40 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -30,6 +30,7 @@ enum SUBNET_MAC = 0, SUBNET_IPV4, SUBNET_IPV6, + SUBNET_TYPES /* Guardian */ }; typedef struct subnet_mac_t @@ -56,6 +57,9 @@ typedef struct subnet_t { struct subnet_t *prev; /* previous subnet_t for this owner */ struct subnet_t *next; /* next subnet_t for this owner */ + struct subnet_t *global_prev; /* previous subnet_t for this subnet type */ + struct subnet_t *global_next; /* next subnet_t for this subnet type */ + int type; /* subnet type (IPv4? IPv6? MAC? something even weirder?) */ /* And now for the actual subnet: */ @@ -77,9 +81,9 @@ extern void subnet_add(struct conn_list_t *, subnet_t *); extern void subnet_del(subnet_t *); extern char *net2str(subnet_t *); extern subnet_t *str2net(char *); -extern subnet_t *lookup_subnet_mac(subnet_t *, mac_t); -extern subnet_t *lookup_subnet_ipv4(subnet_t *, ipv4_t); -extern subnet_t *lookup_subnet_ipv6(subnet_t *, ipv6_t); +extern subnet_t *lookup_subnet_mac(mac_t); +extern subnet_t *lookup_subnet_ipv4(ipv4_t); +extern subnet_t *lookup_subnet_ipv6(ipv6_t); #endif /* __TINC_SUBNET_H__ */ From ba6b8005ebe3a53877590c242ff581dc5dee5eae Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 28 Oct 2000 19:34:53 +0000 Subject: [PATCH 133/923] Skip the check for Linux kernel sources --- m4/tuntap.m4 | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/m4/tuntap.m4 b/m4/tuntap.m4 index 585b41f3..975567c7 100644 --- a/m4/tuntap.m4 +++ b/m4/tuntap.m4 @@ -2,29 +2,12 @@ dnl Check to find out whether the running kernel has support for TUN/TAP AC_DEFUN(tinc_TUNTAP, [ -dnl Check for directory with kernel source... (from ALSA) -AC_CACHE_CHECK([for directory with kernel source], tinc_cv_kerneldir, -[ AC_ARG_WITH(kernel, - [ --with-kernel=dir give the directory with kernel sources] - [ (default: /usr/src/linux)], - kerneldir="$withval", kerneldir="/usr/src/linux") - AC_DEFINE_UNQUOTED(CONFIG_TINC_KERNELDIR, "$kerneldir") - CONFIG_TINC_KERNELDIR="$kerneldir" - AC_SUBST(CONFIG_TINC_KERNELDIR) - AC_MSG_RESULT($kerneldir) -]) AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, [ AC_TRY_COMPILE([#include ], [int a = IFF_TAP], if_tun_h="linux/if_tun.h", if_tun_h="no") - if test $if_tun_h = no; then - AC_TRY_COMPILE([#include "$kerneldir/include/linux/if_tun.h"], - [int a = IFF_TAP], - if_tun_h="$kerneldir/include/linux/if_tun.h", - if_tun_h="no") - fi - if test $if_tun_h = no; then + if test $if_tun_h = no; then AC_MSG_RESULT(none) else AC_DEFINE(HAVE_TUNTAP) From f25868fd2b58bc0b350a5cfaf342480f28f804cf Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 28 Oct 2000 21:05:20 +0000 Subject: [PATCH 134/923] - Lots of small fixes - Exchange subnets on acknowledgement of connection - Do proper lookup when incoming packets from tap - off-by-a small number-error when reading/sending tap packets --- lib/utils.c | 2 +- lib/utils.h | 2 +- src/net.c | 44 ++++++++++++++++++++++++++++------------ src/protocol.c | 55 +++++++++++++++++++++++++++++++++----------------- src/protocol.h | 6 +++--- src/subnet.c | 50 +++++++++++++++++++++++++++++++++------------ src/subnet.h | 4 ++-- src/tincd.c | 8 +++++--- 8 files changed, 116 insertions(+), 55 deletions(-) diff --git a/lib/utils.c b/lib/utils.c index fc7abe4c..795ece92 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -59,7 +59,7 @@ void bin2hex(char *src, char *dst, int length) } } -char *cp_trace() +void cp_trace() { syslog(LOG_DEBUG, "Checkpoint trace: %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d ...", cp_file[(cp_index+7)%8], cp_line[(cp_index+7)%8], diff --git a/lib/utils.h b/lib/utils.h index cc3d322d..c172daa2 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -46,6 +46,6 @@ extern volatile int cp_index; extern void hex2bin(char *src, char *dst, int length); extern void bin2hex(char *src, char *dst, int length); -extern char *cp_trace(void); +extern void cp_trace(void); #endif /* __TINC_UTILS_H__ */ diff --git a/src/net.c b/src/net.c index d99bd287..85255a4b 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.46 2000/10/28 16:41:38 guus Exp $ + $Id: net.c,v 1.35.4.47 2000/10/28 21:05:17 guus Exp $ */ #include "config.h" @@ -99,10 +99,16 @@ int xsend(conn_list_t *cl, vpn_packet_t *inpkt) int outlen, outpad; cp outpkt.len = inpkt->len; +/* EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL); EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad); - outlen += outpad; + outlen += outpad + 2; + + Do encryption when everything else is fixed... +*/ + outlen = outpkt.len + 2; + memcpy(&outpkt, inpkt, outlen); if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), @@ -112,7 +118,7 @@ cp cl->want_ping = 1; - if((send(cl->socket, (char *) &(outpkt.len), outlen + 2, 0)) < 0) + if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->name, cl->hostname); @@ -128,11 +134,17 @@ int xrecv(vpn_packet_t *inpkt) int outlen, outpad; cp outpkt.len = inpkt->len; +/* EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL); EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad); outlen += outpad; - + + Do decryption is everything else is fixed... +*/ + outlen = outpkt.len+2; + memcpy(&outpkt, inpkt, outlen); + /* FIXME sometime add_mac_addresses(&outpkt); */ @@ -303,10 +315,12 @@ cp if(!cl->status.validkey) { +/* Don't queue until everything else is fixed. if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), cl->name, cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); +*/ if(!cl->status.waitingforkey) send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */ return 0; @@ -314,10 +328,12 @@ cp if(!cl->status.active) { +/* Don't queue until everything else is fixed. if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->name, cl->hostname); add_queue(&(cl->sq), packet, packet->len + 2); +*/ return 0; /* We don't want to mess up, do we? */ } @@ -734,7 +750,7 @@ sigalrm_handler(int a) cp cfg = get_config_val(upstreamcfg, connectto); - if(!cfg && upstreamcfg == myself->config) + if(!cfg && upstreamcfg == config) /* No upstream IP given, we're listen only. */ return; @@ -750,7 +766,7 @@ cp } signal(SIGALRM, sigalrm_handler); - upstreamcfg = myself->config; + upstreamcfg = config; seconds_till_retry += 5; if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */ seconds_till_retry = MAXTIMEOUT; @@ -796,7 +812,7 @@ cp free(scriptname); - if(!(cfg = get_config_val(myself->config, connectto))) + if(!(cfg = get_config_val(config, connectto))) /* No upstream IP given, we're listen only. */ return 0; @@ -809,7 +825,7 @@ cp } signal(SIGALRM, sigalrm_handler); - upstreamcfg = myself->config; + upstreamcfg = config; seconds_till_retry = MAXTIMEOUT; syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); alarm(seconds_till_retry); @@ -1205,25 +1221,27 @@ cp void handle_tap_input(void) { vpn_packet_t vp; + subnet_t *subnet; + ipv4_t dest; int lenin; cp if(taptype = 1) { if((lenin = read(tap_fd, vp.data, MTU)) <= 0) { - syslog(LOG_ERR, _("Error while reading from tapdevice: %m")); + syslog(LOG_ERR, _("Error while reading from tun/tap device: %m")); return; } vp.len = lenin; } else { - if((lenin = read(tap_fd, &vp, MTU)) <= 0) + if((lenin = read(tap_fd, &vp.len, MTU)) <= 0) { - syslog(LOG_ERR, _("Error while reading from tapdevice: %m")); + syslog(LOG_ERR, _("Error while reading from ethertap device: %m")); return; } - vp.len = lenin - 2; +// vp.len = lenin - 2; } total_tap_in += lenin; @@ -1240,7 +1258,7 @@ cp syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len); } -// route_packet(&vp); + send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp); cp } diff --git a/src/protocol.c b/src/protocol.c index fe0d180e..c3681af4 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.45 2000/10/24 15:46:17 guus Exp $ + $Id: protocol.c,v 1.28.4.46 2000/10/28 21:05:18 guus Exp $ */ #include "config.h" @@ -439,7 +439,8 @@ cp int ack_h(conn_list_t *cl) { - conn_list_t *old; + conn_list_t *old, *p; + subnet_t *s; cp /* Okay, before we active the connection, we check if there is another entry in the connection list with the same name. If so, it presumably is an @@ -455,37 +456,42 @@ cp terminate_connection(old); } + /* Notify others of this connection */ + + for(p = conn_list; p; p = p->next) + if(p->status.active) + send_add_host(p, cl); + /* Activate this connection */ cl->allow_request = ALL; cl->status.active = 1; + cl->nexthop = cl; if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); - /* Exchange information about other tinc daemons */ - -/* FIXME: reprogram this. - notify_others(cl, NULL, send_add_host); - notify_one(cl); -*/ - cp - if(cl->status.outgoing) - return 0; - else - return send_ack(cl); + if(!cl->status.outgoing) + send_ack(cl); + + /* Send him our subnets */ + + for(s = myself->subnets; s; s = s->next) + send_add_subnet(cl, s); +cp + return 0; } /* Address and subnet information exchange */ -int send_add_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) +int send_add_subnet(conn_list_t *cl, subnet_t *subnet) { int x; char *netstr; cp x = send_request(cl, "%d %s %s", ADD_SUBNET, - other->name, netstr = net2str(subnet)); + subnet->owner->name, netstr = net2str(subnet)); free(netstr); cp return x; @@ -498,7 +504,7 @@ int add_subnet_h(conn_list_t *cl) conn_list_t *owner; subnet_t *subnet, *old; cp - if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3) + if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 2) { syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s)"), cl->name, cl->hostname); free(name); free(subnetstr); @@ -553,10 +559,16 @@ cp return 0; } -int send_del_subnet(conn_list_t *cl, conn_list_t *other, subnet_t *subnet) +int send_del_subnet(conn_list_t *cl, subnet_t *subnet) { + int x; + char *netstr; cp - return send_request(cl, "%d %s %s", DEL_SUBNET, other->name, net2str(subnet)); + netstr = net2str(subnet); + x = send_request(cl, "%d %s %s", DEL_SUBNET, subnet->owner->name, netstr); + free(netstr); +cp + return x; } int del_subnet_h(conn_list_t *cl) @@ -711,7 +723,7 @@ cp /* Fill in rest of conn_list structure */ - new->myuplink = cl; + new->nexthop = cl; new->status.active = 1; /* Hook it up into the conn_list */ @@ -1063,6 +1075,7 @@ cp keylength = strlen(pktkey); +/* Don't do this... yet if((keylength%2) || (keylength <= 0)) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), @@ -1073,6 +1086,10 @@ cp keylength /= 2; hex2bin(pktkey, pktkey, keylength); BF_set_key(cl->cipher_pktkey, keylength, pktkey); +*/ + + cl->status.validkey = 1; + cl->status.waitingforkey = 0; } else { diff --git a/src/protocol.h b/src/protocol.h index c3147a76..682f76a0 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.12 2000/10/20 15:34:38 guus Exp $ + $Id: protocol.h,v 1.5.4.13 2000/10/28 21:05:20 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -58,8 +58,8 @@ extern int send_ping(conn_list_t*); extern int send_pong(conn_list_t*); extern int send_add_host(conn_list_t*, conn_list_t*); extern int send_del_host(conn_list_t*, conn_list_t*); -extern int send_add_subnet(conn_list_t*, conn_list_t*, subnet_t*); -extern int send_del_subnet(conn_list_t*, conn_list_t*, subnet_t*); +extern int send_add_subnet(conn_list_t*, subnet_t*); +extern int send_del_subnet(conn_list_t*, subnet_t*); extern int send_key_changed(conn_list_t*, conn_list_t*); extern int send_req_key(conn_list_t*, conn_list_t*); extern int send_ans_key(conn_list_t*, conn_list_t*, char*); diff --git a/src/subnet.c b/src/subnet.c index c7b2ed7e..215b156b 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,15 +17,19 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.6 2000/10/28 16:41:40 guus Exp $ + $Id: subnet.c,v 1.1.2.7 2000/10/28 21:05:20 guus Exp $ */ +#include + #include "config.h" #include #include #include "subnet.h" #include "net.h" +#include "conf.h" +#include "system.h" /* lists type of subnet */ @@ -56,7 +60,7 @@ cp /* Link it into the owners list of subnets (unsorted) */ - subnet->next = cl->subnets->next; + subnet->next = cl->subnets; subnet->prev = NULL; if(subnet->next) subnet->next->prev = subnet; @@ -70,7 +74,7 @@ cp insert before first -> add it in front of list rest: insert after another subnet */ - +cp if(subnet_list[subnet->type]) { p = q = subnet_list[subnet->type]; @@ -83,8 +87,8 @@ cp q = p; } } - - if(!subnet_list[subnet->type] || p == subnet_list[subnet->type]) /* First two cases */ +cp + if(p == subnet_list[subnet->type]) /* First two cases */ { /* Insert in front */ subnet->global_next = subnet_list[subnet->type]; @@ -98,7 +102,7 @@ cp subnet->global_prev = q; q->global_next = subnet; } - +cp if(subnet->global_next) subnet->global_next->global_prev = subnet; cp @@ -146,9 +150,9 @@ subnet_t *str2net(char *subnetstr) cp if(sscanf(subnetstr, "%d,", &type) != 1) return NULL; - +cp subnet = new_subnet(); - +cp switch(type) { case SUBNET_MAC: @@ -194,7 +198,6 @@ cp return NULL; } break; - break; default: free_subnet(subnet); return NULL; @@ -217,8 +220,10 @@ cp subnet->net.mac.address.x[3], subnet->net.mac.address.x[4], subnet->net.mac.address.x[5]); + break; case SUBNET_IPV4: asprintf(&netstr, "%d,%lx/%lx", subnet->type, subnet->net.ipv4.address, subnet->net.ipv4.mask); + break; case SUBNET_IPV6: asprintf(&netstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", subnet->net.ipv6.address.x[0], @@ -237,8 +242,9 @@ cp subnet->net.ipv6.mask.x[5], subnet->net.ipv6.mask.x[6], subnet->net.ipv6.mask.x[7]); + break; default: - netstr = NULL; + asprintf(&netstr, _("unknown")); } cp return netstr; @@ -250,7 +256,7 @@ subnet_t *lookup_subnet_mac(mac_t address) { subnet_t *subnet; cp - for(subnet = subnet_list[SUBNET_MAC]; subnet != NULL; subnet = subnet->next) + for(subnet = subnet_list[SUBNET_MAC]; subnet != NULL; subnet = subnet->global_next) { if(memcmp(&address, &subnet->net.mac.address, sizeof(address)) == 0) break; @@ -263,7 +269,7 @@ subnet_t *lookup_subnet_ipv4(ipv4_t address) { subnet_t *subnet; cp - for(subnet = subnet_list[SUBNET_IPV4]; subnet != NULL; subnet = subnet->next) + for(subnet = subnet_list[SUBNET_IPV4]; subnet != NULL; subnet = subnet->global_next) { if((address & subnet->net.ipv4.mask) == subnet->net.ipv4.address) break; @@ -277,7 +283,7 @@ subnet_t *lookup_subnet_ipv6(ipv6_t address) subnet_t *subnet; int i; cp - for(subnet = subnet_list[SUBNET_IPV6]; subnet != NULL; subnet = subnet->next) + for(subnet = subnet_list[SUBNET_IPV6]; subnet != NULL; subnet = subnet->global_next) { for(i=0; i<8; i++) if((address.x[i] & subnet->net.ipv6.mask.x[i]) != subnet->net.ipv6.address.x[i]) @@ -288,3 +294,21 @@ cp cp return subnet; } + +void dump_subnet_list(void) +{ + subnet_t *subnet; + char *netstr; +cp + syslog(LOG_DEBUG, _("Subnet list:")); + + for(subnet = subnet_list[SUBNET_IPV4]; subnet != NULL; subnet = subnet->global_next) + { + netstr = net2str(subnet); + syslog(LOG_DEBUG, "%s owner %s", netstr, subnet->owner->name); + free(netstr); + } + + syslog(LOG_DEBUG, _("End of subnet list.")); +cp +} diff --git a/src/subnet.h b/src/subnet.h index 0d628767..994c541c 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.4 2000/10/28 16:41:40 guus Exp $ + $Id: subnet.h,v 1.1.2.5 2000/10/28 21:05:20 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -84,6 +84,6 @@ extern subnet_t *str2net(char *); extern subnet_t *lookup_subnet_mac(mac_t); extern subnet_t *lookup_subnet_ipv4(ipv4_t); extern subnet_t *lookup_subnet_ipv6(ipv6_t); - +extern void dump_subnet_list(void); #endif /* __TINC_SUBNET_H__ */ diff --git a/src/tincd.c b/src/tincd.c index a06f3fe3..41361d7c 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.15 2000/10/21 11:52:08 guus Exp $ + $Id: tincd.c,v 1.10.4.16 2000/10/28 21:05:20 guus Exp $ */ #include "config.h" @@ -47,6 +47,7 @@ #include "net.h" #include "netutl.h" #include "protocol.h" +#include "subnet.h" #include "system.h" @@ -534,8 +535,9 @@ sigusr1_handler(int a) RETSIGTYPE sigusr2_handler(int a) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got USR2 signal, forcing new key generation")); + dump_subnet_list(); +// if(debug_lvl > DEBUG_NOTHING) +// syslog(LOG_NOTICE, _("Got USR2 signal, forcing new key generation")); /* FIXME: reprogram this. regenerate_keys(); */ From 8738c007b15eea024bc4ca6ee0f972b2f5bf259f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 28 Oct 2000 21:25:21 +0000 Subject: [PATCH 135/923] - Fixed offsets when reading/writing from/to tap device --- src/net.c | 36 +++++++++++++++++++++++------------- src/net.h | 6 +++++- 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/src/net.c b/src/net.c index 85255a4b..81b30296 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.47 2000/10/28 21:05:17 guus Exp $ + $Id: net.c,v 1.35.4.48 2000/10/28 21:25:20 guus Exp $ */ #include "config.h" @@ -56,7 +56,7 @@ #include "system.h" int tap_fd = -1; -int taptype = 0; +int taptype = TAP_TYPE_ETHERTAP; int total_tap_in = 0; int total_tap_out = 0; int total_socket_in = 0; @@ -148,11 +148,21 @@ cp /* FIXME sometime add_mac_addresses(&outpkt); */ - - if(write(tap_fd, outpkt.data, outpkt.len) < 0) - syslog(LOG_ERR, _("Can't write to tap device: %m")); - else - total_tap_out += outpkt.len; + + if(taptype == TAP_TYPE_TUNTAP) + { + if(write(tap_fd, outpkt.data, outpkt.len) < 0) + syslog(LOG_ERR, _("Can't write to tun/tap device: %m")); + else + total_tap_out += outpkt.len; + } + else /* ethertap */ + { + if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0) + syslog(LOG_ERR, _("Can't write to ethertap device: %m")); + else + total_tap_out += outpkt.len + 2; + } cp return 0; } @@ -371,7 +381,7 @@ cp cp tap_fd = nfd; - taptype = 0; + taptype = TAP_TYPE_ETHERTAP; #ifdef HAVE_TUNTAP /* Ok now check if this is an old ethertap or a new tun/tap thingie */ @@ -384,7 +394,7 @@ cp if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr)) { syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname); - taptype = 1; + taptype = TAP_TYPE_TUNTAP; if((cfg = get_config_val(config, tapsubnet)) == NULL) syslog(LOG_INFO, _("tun/tap device will be left unconfigured")); @@ -1225,7 +1235,7 @@ void handle_tap_input(void) ipv4_t dest; int lenin; cp - if(taptype = 1) + if(taptype == TAP_TYPE_TUNTAP) { if((lenin = read(tap_fd, vp.data, MTU)) <= 0) { @@ -1234,14 +1244,14 @@ cp } vp.len = lenin; } - else + else /* ethertap */ { - if((lenin = read(tap_fd, &vp.len, MTU)) <= 0) + if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0) { syslog(LOG_ERR, _("Error while reading from ethertap device: %m")); return; } -// vp.len = lenin - 2; + vp.len = lenin - 2; } total_tap_in += lenin; diff --git a/src/net.h b/src/net.h index 40f3ff0c..473493f7 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.17 2000/10/15 00:59:35 guus Exp $ + $Id: net.h,v 1.9.4.18 2000/10/28 21:25:21 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -51,6 +51,10 @@ #define EXPORTINDIRECTDATA 0x0002 /* Used to indicate uplink that it has to tell others to do INDIRECTDATA */ #define TCPONLY 0x0004 /* Tells sender to send packets over TCP instead of UDP (for firewalls) */ +/* tap types */ +#define TAP_TYPE_ETHERTAP 0 +#define TAP_TYPE_TUNTAP 1 + typedef struct mac_t { unsigned char x[6]; From db21f015161aac244ec5600c4d0ff685549892c2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 28 Oct 2000 21:52:22 +0000 Subject: [PATCH 136/923] - Override destination ethernet address on incoming packets with FE:FD:00:00:00:00 --- src/net.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/src/net.c b/src/net.c index 81b30296..3da023c3 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.48 2000/10/28 21:25:20 guus Exp $ + $Id: net.c,v 1.35.4.49 2000/10/28 21:52:22 guus Exp $ */ #include "config.h" @@ -52,6 +52,8 @@ #include "netutl.h" #include "protocol.h" #include "meta.h" +#include "connlist.h" +#include "subnet.h" #include "system.h" @@ -67,6 +69,8 @@ static int seconds_till_retry; char *unknown = NULL; +subnet_t mymac; + /* strip off the MAC adresses of an ethernet frame */ @@ -145,9 +149,9 @@ cp outlen = outpkt.len+2; memcpy(&outpkt, inpkt, outlen); - /* FIXME sometime - add_mac_addresses(&outpkt); - */ + /* Fix mac address */ + + memcpy(outpkt.data, mymac.net.mac.address.x, 6); if(taptype == TAP_TYPE_TUNTAP) { @@ -381,7 +385,16 @@ cp cp tap_fd = nfd; + /* Set default MAC address for ethertap devices */ + taptype = TAP_TYPE_ETHERTAP; + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; #ifdef HAVE_TUNTAP /* Ok now check if this is an old ethertap or a new tun/tap thingie */ @@ -395,11 +408,6 @@ cp { syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname); taptype = TAP_TYPE_TUNTAP; - - if((cfg = get_config_val(config, tapsubnet)) == NULL) - syslog(LOG_INFO, _("tun/tap device will be left unconfigured")); - else - /* Setup inetaddr/netmask etc */; } #endif From 35932fe6c8cb481eb687f98424776ce429570c21 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 29 Oct 2000 00:02:20 +0000 Subject: [PATCH 137/923] - Very big cleanup. --- src/conf.c | 5 +- src/connlist.c | 24 +++---- src/connlist.h | 16 ++--- src/meta.c | 5 +- src/net.c | 69 +++++++++---------- src/protocol.c | 180 +++++++++++++++++++++++-------------------------- src/subnet.c | 29 ++++---- src/tincd.c | 6 +- 8 files changed, 154 insertions(+), 180 deletions(-) diff --git a/src/conf.c b/src/conf.c index 1536b583..ca6640a7 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.17 2000/10/24 15:46:15 guus Exp $ + $Id: conf.c,v 1.9.4.18 2000/10/29 00:02:17 guus Exp $ */ @@ -30,6 +30,7 @@ #include #include #include +#include #include @@ -85,7 +86,7 @@ static internal_config_t hazahaza[] = { config_t * add_config_val(config_t **cfg, int argtype, char *val) { - config_t *p, *r; + config_t *p; char *q; cp p = (config_t*)xmalloc(sizeof(*p)); diff --git a/src/connlist.c b/src/connlist.c index ebb276e7..2965ced2 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.9 2000/10/28 16:41:37 guus Exp $ + $Id: connlist.c,v 1.1.2.10 2000/10/29 00:02:17 guus Exp $ */ #include @@ -27,6 +27,7 @@ #include "conf.h" #include +#include "xalloc.h" #include "system.h" /* Root of the connection list */ @@ -79,14 +80,7 @@ cp next = p->next; if(p->status.remove) - { - if(prev) - prev->next = next; - else - conn_list = next; - - free_conn_list(p); - } + conn_list_del(p); else prev = p; @@ -120,8 +114,10 @@ void conn_list_add(conn_list_t *cl) cp cl->next = conn_list; cl->prev = NULL; + if(cl->next) cl->next->prev = cl; + conn_list = cl; cp } @@ -134,7 +130,9 @@ cp else conn_list = cl->next; - cl->next->prev = cl->prev; + if(cl->next) + cl->next->prev = cl->prev; + free_conn_list(cl); cp } @@ -170,20 +168,20 @@ cp for(s = myself->subnets; s != NULL; s = s->next) { netstr = net2str(s); - syslog(LOG_DEBUG, ": %s", netstr); + syslog(LOG_DEBUG, " %s", netstr); free(netstr); } for(p = conn_list; p != NULL; p = p->next) { - syslog(LOG_DEBUG, _("%s at %s port %hd flags %d sockets %d, %d status %04x"), + syslog(LOG_DEBUG, _(" %s at %s port %hd flags %d sockets %d, %d status %04x"), p->name, p->hostname, p->port, p->flags, p->socket, p->meta_socket, p->status); for(s = p->subnets; s != NULL; s = s->next) { netstr = net2str(s); - syslog(LOG_DEBUG, ": %s", netstr); + syslog(LOG_DEBUG, " %s", netstr); free(netstr); } } diff --git a/src/connlist.h b/src/connlist.h index 3ea64eed..ee91aeaf 100644 --- a/src/connlist.h +++ b/src/connlist.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.h,v 1.1.2.5 2000/10/28 16:41:37 guus Exp $ + $Id: connlist.h,v 1.1.2.6 2000/10/29 00:02:18 guus Exp $ */ #ifndef __TINC_CONNLIST_H__ @@ -31,11 +31,11 @@ typedef struct conn_list_t { char *name; /* name of this connection */ - ipv4_t address; /* his real (internet) ip */ + ipv4_t address; /* his real (internet) ip */ char *hostname; /* the hostname of its real ip */ short unsigned int port; /* his portnumber */ int protocol_version; /* used protocol */ - int options; /* options turned on for this connection */ + long int options; /* options turned on for this connection */ int flags; /* his flags */ int socket; /* our udp vpn socket */ @@ -64,10 +64,8 @@ typedef struct conn_list_t { char *mychallenge; /* challenge we received from him */ char *hischallenge; /* challenge we sent to him */ - struct conn_list_t *nexthop; /* nearest meta-hop in this direction, will be changed to myuplink (GS) */ - struct conn_list_t *hisuplink; /* his nearest meta-hop in our direction */ - struct conn_list_t *myuplink; /* our nearest meta-hop in his direction */ - + struct conn_list_t *nexthop; /* nearest meta-hop in this direction */ + struct subnet_t *subnets; /* Pointer to a list of subnets belonging to this connection */ struct config_t *config; /* Pointer to configuration tree belonging to this host */ @@ -83,8 +81,8 @@ extern conn_list_t *myself; extern conn_list_t *new_conn_list(); extern void free_conn_list(conn_list_t *); -extern void add_conn_list(conn_list_t *); -extern void del_conn_list(conn_list_t *); +extern void conn_list_add(conn_list_t *); +extern void conn_list_del(conn_list_t *); extern conn_list_t *lookup_id(char *); extern void dump_conn_list(void); extern int read_host_config(conn_list_t *); diff --git a/src/meta.c b/src/meta.c index bc9d0b52..5774bb93 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.6 2000/10/24 15:46:16 guus Exp $ + $Id: meta.c,v 1.1.2.7 2000/10/29 00:02:18 guus Exp $ */ #include "config.h" @@ -28,9 +28,12 @@ #include #include #include +#include +#include #include "net.h" #include "system.h" +#include "protocol.h" int send_meta(conn_list_t *cl, char *buffer, int length) { diff --git a/src/net.c b/src/net.c index 3da023c3..8b243a5c 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.49 2000/10/28 21:52:22 guus Exp $ + $Id: net.c,v 1.35.4.50 2000/10/29 00:02:18 guus Exp $ */ #include "config.h" @@ -38,6 +38,7 @@ #include #include #include +#include #ifdef HAVE_TUNTAP #include LINUX_IF_TUN_H @@ -660,7 +661,6 @@ int setup_myself(void) { config_t const *cfg; subnet_t *net; - int i; cp myself = new_conn_list(); @@ -731,7 +731,7 @@ cp /* Read in all the subnets specified in the host configuration file */ - for(cfg = myself->config; cfg = get_config_val(cfg, subnet); cfg = cfg->next) + for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next) { net = new_subnet(); net->type = SUBNET_IPV4; @@ -868,7 +868,6 @@ cp } if(p->status.meta) { - send_termreq(p); shutdown(p->meta_socket, 0); /* No more receptions */ close(p->meta_socket); } @@ -1016,7 +1015,6 @@ cp int handle_incoming_vpn_data() { vpn_packet_t pkt; - int lenin; int x, l = sizeof(x); struct sockaddr from; socklen_t fromlen = sizeof(from); @@ -1056,10 +1054,14 @@ cp void terminate_connection(conn_list_t *cl) { conn_list_t *p; - + subnet_t *s; cp if(cl->status.remove) - return; + { + return; + } + + cl->status.remove = 1; if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), @@ -1070,36 +1072,33 @@ cp if(cl->status.meta) close(cl->meta_socket); - cl->status.remove = 1; - - /* If this cl isn't active, don't send any DEL_HOSTs. */ - -/* FIXME: reprogram this. - if(cl->status.active) - notify_others(cl,NULL,send_del_host); -*/ - cp /* Find all connections that were lost because they were behind cl (the connection that was dropped). */ + if(cl->status.meta) for(p = conn_list; p != NULL; p = p->next) - { - if((p->nexthop == cl) && (p != cl)) - { - if(cl->status.active && p->status.active) -/* FIXME: reprogram this - notify_others(p,cl,send_del_host); -*/; - if(cl->socket) - close(cl->socket); - p->status.active = 0; - p->status.remove = 1; - } - } - + if((p->nexthop == cl) && (p != cl)) + terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */ + + /* Inform others of termination if it was still active */ + + if(cl->status.active) + for(p = conn_list; p != NULL; p = p->next) + if(p->status.meta && p->status.active && p!=cl) + send_del_host(p, cl); + + /* Remove the associated subnets */ + + for(s = cl->subnets; s; s = s->next) + subnet_del(s); + + /* Inactivate */ + cl->status.active = 0; - + + /* Check if this was our outgoing connection */ + if(cl->status.outgoing) { signal(SIGALRM, sigalrm_handler); @@ -1126,8 +1125,6 @@ cp now = time(NULL); for(p = conn_list; p != NULL; p = p->next) { - if(p->status.remove) - continue; if(p->status.active && p->status.meta) { if(p->last_ping_time + timeout < now) @@ -1178,9 +1175,7 @@ cp return 0; } - ncn->status.meta = 1; - ncn->next = conn_list; - conn_list = ncn; + conn_list_add(ncn); cp return 0; } @@ -1239,8 +1234,6 @@ cp void handle_tap_input(void) { vpn_packet_t vp; - subnet_t *subnet; - ipv4_t dest; int lenin; cp if(taptype == TAP_TYPE_TUNTAP) diff --git a/src/protocol.c b/src/protocol.c index c3681af4..71b13676 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.46 2000/10/28 21:05:18 guus Exp $ + $Id: protocol.c,v 1.28.4.47 2000/10/29 00:02:19 guus Exp $ */ #include "config.h" @@ -37,6 +37,7 @@ #include #include +#include #include "conf.h" #include "encr.h" @@ -44,6 +45,7 @@ #include "netutl.h" #include "protocol.h" #include "meta.h" +#include "connlist.h" #include "system.h" @@ -108,6 +110,7 @@ cp syslog(LOG_DEBUG, _("Got %s from %s (%s)"), request_name[request], cl->name, cl->hostname); } + if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */ { @@ -122,6 +125,8 @@ cp cl->name, cl->hostname); return -1; } +cp + return 0; } /* Connection protocol: @@ -214,19 +219,17 @@ cp } } cp - if(!(cfg = get_config_val(cl->config, publickey))) + if((cfg = get_config_val(cl->config, publickey))) { - syslog(LOG_ERR, _("No public key known for %s (%s)"), cl->name, cl->hostname); - return -1; - } - else - { -cp cl->rsa_key = RSA_new(); BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr); BN_hex2bn(&cl->rsa_key->e, "FFFF"); } - + else + { + syslog(LOG_ERR, _("No public key known for %s (%s)"), cl->name, cl->hostname); + return -1; + } cp return send_challenge(cl); } @@ -452,16 +455,10 @@ cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), cl->name, old->hostname, cl->hostname); - old->status.active = 0; + terminate_connection(old); } - /* Notify others of this connection */ - - for(p = conn_list; p; p = p->next) - if(p->status.active) - send_add_host(p, cl); - /* Activate this connection */ cl->allow_request = ALL; @@ -479,6 +476,24 @@ cp for(s = myself->subnets; s; s = s->next) send_add_subnet(cl, s); + + /* And send him all the hosts and their subnets we know... */ + + for(p = conn_list; p; p = p->next) + if(p != cl && p->status.active) + { + /* Notify others of this connection */ + + if(p->status.meta) + send_add_host(p, cl); + + /* Notify new connection of everything we know */ + + send_add_host(cl, p); + + for(s = p->subnets; s; s = s->next) + send_add_subnet(cl, s); + } cp return 0; } @@ -501,8 +516,8 @@ int add_subnet_h(conn_list_t *cl) { char *subnetstr; char *name; - conn_list_t *owner; - subnet_t *subnet, *old; + conn_list_t *owner, *p; + subnet_t *subnet; cp if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 2) { @@ -555,6 +570,12 @@ cp /* If everything is correct, add the subnet to the list of the owner */ subnet_add(owner, subnet); + + /* Tell the rest */ + + for(p = conn_list; p; p = p->next) + if(p->status.meta && p->status.active && p!= cl) + send_add_subnet(p, subnet); cp return 0; } @@ -575,8 +596,8 @@ int del_subnet_h(conn_list_t *cl) { char *subnetstr; char *name; - conn_list_t *owner; - subnet_t *subnet, *old; + conn_list_t *owner, *p; + subnet_t *subnet; cp if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3) { @@ -629,6 +650,12 @@ cp /* If everything is correct, delete the subnet from the list of the owner */ subnet_del(subnet); + + /* Tell the rest */ + + for(p = conn_list; p; p = p->next) + if(p->status.meta && p->status.active && p!= cl) + send_del_subnet(p, subnet); cp return 0; } @@ -638,18 +665,18 @@ cp int send_add_host(conn_list_t *cl, conn_list_t *other) { cp - return send_request(cl, "%d %s %s %lx:%d %lx", ADD_HOST, - myself->name, other->name, other->address, other->port, other->options); + return send_request(cl, "%d %s %lx:%d %lx", ADD_HOST, + other->name, other->address, other->port, other->options); } int add_host_h(conn_list_t *cl) { - char *sender; - conn_list_t *old, *new, *hisuplink; + conn_list_t *old, *new; + conn_list_t *p; cp new = new_conn_list(); - if(sscanf(cl->buffer, "%*d %as %as %lx:%d %lx", &sender, &new->name, &new->address, &new->port, &new->options) != 5) + if(sscanf(cl->buffer, "%*d %as %lx:%d %lx", &new->name, &new->address, &new->port, &new->options) != 4) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->name, cl->hostname); return -1; @@ -657,10 +684,10 @@ cp /* Check if identity is a valid name */ - if(check_id(new->name) || check_id(sender)) + if(check_id(new->name)) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid identity name"), cl->name, cl->hostname); - free(sender); + free_conn_list(new); return -1; } @@ -670,32 +697,10 @@ cp { syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->name, cl->hostname); sighup = 1; - free(sender); + free_conn_list(new); return 0; } - - /* We got an ADD_HOST from ourself!? */ - - if(!strcmp(sender, myself->name)) - { - syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) from ourself, restarting"), cl->name, cl->hostname); - sighup = 1; - free(sender); - return 0; - } - - /* Lookup his uplink */ - - if(!(new->hisuplink = lookup_id(sender))) - { - syslog(LOG_ERR, _("Got ADD_HOST from %s (%s) with origin %s which is not in our connection list"), - sender, cl->name, cl->hostname); - free(sender); - return -1; - } - free(sender); - /* Fill in more of the new conn_list structure */ new->hostname = hostlookup(htonl(new->address)); @@ -709,31 +714,34 @@ cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), old->name, old->hostname, new->name, new->hostname); + free_conn_list(new); return 0; } else { if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Removing old entry for %s (%s)"), + syslog(LOG_NOTICE, _("Removing old entry for %s (%s) in favour of new connection"), old->name, old->hostname); - old->status.active = 0; + terminate_connection(old); } } + /* Hook it up into the conn_list */ + + conn_list_add(new); + + /* Tell the rest about the new host */ + + for(p = conn_list; p; p = p->next) + if(p->status.meta && p->status.active && p!=cl) + send_add_host(p, new); + /* Fill in rest of conn_list structure */ new->nexthop = cl; new->status.active = 1; - /* Hook it up into the conn_list */ - - conn_list_add(conn_list, new); - - /* Tell the rest about the new host */ -/* FIXME: reprogram this. - notify_others(new, cl, send_add_host); -*/ cp return 0; } @@ -741,21 +749,19 @@ cp int send_del_host(conn_list_t *cl, conn_list_t *other) { cp - return send_request(cl, "%d %s %s %lx:%d %lx", DEL_HOST, - myself->name, other->name, other->address, other->port, other->options); + return send_request(cl, "%d %s %lx:%d %lx", DEL_HOST, + other->name, other->address, other->port, other->options); } int del_host_h(conn_list_t *cl) { char *name; - char *sender; ip_t address; port_t port; - int options; - conn_list_t *old, *hisuplink; - + long int options; + conn_list_t *old, *p; cp - if(sscanf(cl->buffer, "%*d %as %as %lx:%d %lx", &sender, &name, &address, &port, &options) != 5) + if(sscanf(cl->buffer, "%*d %as %lx:%d %lx", &name, &address, &port, &options) != 4) { syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), cl->name, cl->hostname); @@ -764,10 +770,10 @@ cp /* Check if identity is a valid name */ - if(check_id(name) || check_id(sender)) + if(check_id(name)) { syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s): invalid identity name"), cl->name, cl->hostname); - free(name); free(sender); + free(name); return -1; } @@ -777,33 +783,11 @@ cp { syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"), cl->name, cl->hostname); - free(name); free(sender); + free(name); sighup = 1; return 0; } - /* We got an ADD_HOST from ourself!? */ - - if(!strcmp(sender, myself->name)) - { - syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) from ourself, restarting"), cl->name, cl->hostname); - sighup = 1; - free(name); free(sender); - return 0; - } - - /* Lookup his uplink */ - - if(!(hisuplink = lookup_id(sender))) - { - syslog(LOG_ERR, _("Got DEL_HOST from %s (%s) with origin %s which is not in our connection list"), - cl->name, cl->hostname, sender); - free(name); free(sender); - return -1; - } - - free(sender); - /* Check if the new host already exists in the connnection list */ if(!(old = lookup_id(name))) @@ -816,7 +800,7 @@ cp /* Check if the rest matches */ - if(address!=old->address || port!=old->port || options!=old->options || hisuplink!=old->hisuplink || cl!=old->myuplink) + if(address!=old->address || port!=old->port || options!=old->options || cl!=old->nexthop) { syslog(LOG_WARNING, _("Got DEL_HOST from %s (%s) for %s which doesn't match"), cl->name, cl->hostname, old->name); return 0; @@ -824,10 +808,14 @@ cp /* Ok, since EVERYTHING seems to check out all right, delete it */ - old->status.termreq = 1; old->status.active = 0; - terminate_connection(old); + + /* Tell the rest about the new host */ + + for(p = conn_list; p; p = p->next) + if(p->status.meta && p->status.active && p!=cl) + send_del_host(p, old); cp return 0; } @@ -893,7 +881,6 @@ cp } free(errorstring); - cl->status.termreq = 1; terminate_connection(cl); cp return 0; @@ -908,7 +895,6 @@ cp int termreq_h(conn_list_t *cl) { cp - cl->status.termreq = 1; terminate_connection(cl); cp return 0; diff --git a/src/subnet.c b/src/subnet.c index 215b156b..1a9a5608 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,10 +17,11 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.7 2000/10/28 21:05:20 guus Exp $ + $Id: subnet.c,v 1.1.2.8 2000/10/29 00:02:20 guus Exp $ */ #include +#include #include "config.h" #include @@ -114,28 +115,22 @@ cp /* Remove it from owner's list */ if(subnet->prev) - { - subnet->prev->next = subnet->next; - } + subnet->prev->next = subnet->next; else - { - subnet->owner->subnets = subnet->next; - } + subnet->owner->subnets = subnet->next; - subnet->next->prev = subnet->prev; + if(subnet->next) + subnet->next->prev = subnet->prev; /* Remove it from the global list */ if(subnet->global_prev) - { - subnet->global_prev->global_next = subnet->global_next; - } + subnet->global_prev->global_next = subnet->global_next; else - { - subnet_list[subnet->type] = subnet->global_next; - } + subnet_list[subnet->type] = subnet->global_next; - subnet->global_next->global_prev = subnet->global_prev; + if(subnet->global_next) + subnet->global_next->global_prev = subnet->global_prev; free_subnet(subnet); cp @@ -288,7 +283,7 @@ cp for(i=0; i<8; i++) if((address.x[i] & subnet->net.ipv6.mask.x[i]) != subnet->net.ipv6.address.x[i]) break; - if(i=8) + if(i == 8) break; } cp @@ -305,7 +300,7 @@ cp for(subnet = subnet_list[SUBNET_IPV4]; subnet != NULL; subnet = subnet->global_next) { netstr = net2str(subnet); - syslog(LOG_DEBUG, "%s owner %s", netstr, subnet->owner->name); + syslog(LOG_DEBUG, " %s owner %s", netstr, subnet->owner->name); free(netstr); } diff --git a/src/tincd.c b/src/tincd.c index 41361d7c..ca873ef2 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.16 2000/10/28 21:05:20 guus Exp $ + $Id: tincd.c,v 1.10.4.17 2000/10/29 00:02:20 guus Exp $ */ #include "config.h" @@ -33,6 +33,7 @@ #include #include #include +#include #ifdef HAVE_SYS_IOCTL_H # include @@ -119,8 +120,7 @@ parse_options(int argc, char **argv, char **envp) { int r; int option_index = 0; - config_t *p; - + while((r = getopt_long(argc, argv, "c:Ddkn:K::", long_options, &option_index)) != EOF) { switch(r) From 7398002ade1397bd857953f009f4aed65ffc9218 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 29 Oct 2000 00:24:31 +0000 Subject: [PATCH 138/923] - Fixed ans_key_h - Removed tapsubnet configuration option. --- src/conf.c | 3 +-- src/conf.h | 3 +-- src/protocol.c | 6 +++--- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/src/conf.c b/src/conf.c index ca6640a7..7780a0b2 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.18 2000/10/29 00:02:17 guus Exp $ + $Id: conf.c,v 1.9.4.19 2000/10/29 00:24:31 guus Exp $ */ @@ -60,7 +60,6 @@ static internal_config_t hazahaza[] = { { "ConnectTo", connectto, TYPE_NAME }, { "PingTimeout", pingtimeout, TYPE_INT }, { "TapDevice", tapdevice, TYPE_NAME }, - { "TapSubnet", tapsubnet, TYPE_IP }, { "PrivateKey", privatekey, TYPE_NAME }, { "KeyExpire", keyexpire, TYPE_INT }, { "Hostnames", resolve_dns, TYPE_BOOL }, diff --git a/src/conf.h b/src/conf.h index c1db544e..c4c030ad 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.14 2000/10/24 15:46:16 guus Exp $ + $Id: conf.h,v 1.6.4.15 2000/10/29 00:24:31 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -37,7 +37,6 @@ typedef enum which_t { connectto, pingtimeout, tapdevice, - tapsubnet, privatekey, keyexpire, resolve_dns, diff --git a/src/protocol.c b/src/protocol.c index 71b13676..1bb37346 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.47 2000/10/29 00:02:19 guus Exp $ + $Id: protocol.c,v 1.28.4.48 2000/10/29 00:24:31 guus Exp $ */ #include "config.h" @@ -1074,8 +1074,8 @@ cp BF_set_key(cl->cipher_pktkey, keylength, pktkey); */ - cl->status.validkey = 1; - cl->status.waitingforkey = 0; + from->status.validkey = 1; + from->status.waitingforkey = 0; } else { From 3b9802a542f1fa439321d3386763ec33989194b5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 29 Oct 2000 00:46:43 +0000 Subject: [PATCH 139/923] - Hit people who can't figure out subnet address/mask pairs with a (clue)bat. --- src/net.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/net.c b/src/net.c index 8b243a5c..32c66e87 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.50 2000/10/29 00:02:18 guus Exp $ + $Id: net.c,v 1.35.4.51 2000/10/29 00:46:43 guus Exp $ */ #include "config.h" @@ -738,6 +738,14 @@ cp net->net.ipv4.address = cfg->data.ip->address; net->net.ipv4.mask = cfg->data.ip->mask; + /* Teach newbies what subnets are... */ + + if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address) + { + syslog(LOG_ERR, _("Network address and subnet mask do not match!")); + return -1; + } + subnet_add(myself, net); } From 2689690dc37c384c4a022d03ab80f2cfb7fb9553 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 29 Oct 2000 01:08:09 +0000 Subject: [PATCH 140/923] - Enforce correct order of authentication requests --- src/protocol.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 1bb37346..89e89fa9 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.48 2000/10/29 00:24:31 guus Exp $ + $Id: protocol.c,v 1.28.4.49 2000/10/29 01:08:09 guus Exp $ */ #include "config.h" @@ -111,6 +111,12 @@ cp request_name[request], cl->name, cl->hostname); } + if((cl->allow_request != ALL) && (cl->allow_request != request)) + { + syslog(LOG_ERR, _("Unauthorized request from %s (%s)"), cl->name, cl->hostname); + return -1; + } + if(request_handlers[request](cl)) /* Something went wrong. Probably scriptkiddies. Terminate. */ { @@ -435,7 +441,8 @@ cp int send_ack(conn_list_t *cl) { cp - cl->allow_request = ACK; + if(cl->status.outgoing) + cl->allow_request = ACK; cp return send_request(cl, "%d", ACK); } From e8391bd49975aa29fa62d6ae1d2d2ee398e0eb3e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 29 Oct 2000 01:27:23 +0000 Subject: [PATCH 141/923] - Moved connlist stuff to the proper header file. --- src/connlist.h | 23 ++++++++++++++++++++++- src/net.h | 23 +---------------------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/src/connlist.h b/src/connlist.h index ee91aeaf..d3b2ce30 100644 --- a/src/connlist.h +++ b/src/connlist.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.h,v 1.1.2.6 2000/10/29 00:02:18 guus Exp $ + $Id: connlist.h,v 1.1.2.7 2000/10/29 01:27:23 guus Exp $ */ #ifndef __TINC_CONNLIST_H__ @@ -29,6 +29,27 @@ #include "net.h" #include "conf.h" +typedef struct status_bits_t { + int pinged:1; /* sent ping */ + int got_pong:1; /* received pong */ + int meta:1; /* meta connection exists */ + int active:1; /* 1 if active.. */ + int outgoing:1; /* I myself asked for this conn */ + int termreq:1; /* the termination of this connection was requested */ + int remove:1; /* Set to 1 if you want this connection removed */ + int timeout:1; /* 1 if gotten timeout */ + int validkey:1; /* 1 if we currently have a valid key for him */ + int waitingforkey:1; /* 1 if we already sent out a request */ + int dataopen:1; /* 1 if we have a valid UDP connection open */ + int encryptout:1; /* 1 if we can encrypt outgoing traffic */ + int decryptin:1; /* 1 if we have to decrypt incoming traffic */ + int unused:18; +} status_bits_t; + +typedef struct option_bits_t { + int unused:32; +} option_bits_t; + typedef struct conn_list_t { char *name; /* name of this connection */ ipv4_t address; /* his real (internet) ip */ diff --git a/src/net.h b/src/net.h index 473493f7..b265122a 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.18 2000/10/28 21:25:21 guus Exp $ + $Id: net.h,v 1.9.4.19 2000/10/29 01:27:23 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -83,27 +83,6 @@ typedef struct passphrase_t { unsigned char *phrase; } passphrase_t; -typedef struct status_bits_t { - int pinged:1; /* sent ping */ - int got_pong:1; /* received pong */ - int meta:1; /* meta connection exists */ - int active:1; /* 1 if active.. */ - int outgoing:1; /* I myself asked for this conn */ - int termreq:1; /* the termination of this connection was requested */ - int remove:1; /* Set to 1 if you want this connection removed */ - int timeout:1; /* 1 if gotten timeout */ - int validkey:1; /* 1 if we currently have a valid key for him */ - int waitingforkey:1; /* 1 if we already sent out a request */ - int dataopen:1; /* 1 if we have a valid UDP connection open */ - int encryptout:1; /* 1 if we can encrypt outgoing traffic */ - int decryptin:1; /* 1 if we have to decrypt incoming traffic */ - int unused:18; -} status_bits_t; - -typedef struct option_bits_t { - int unused:32; -} option_bits_t; - typedef struct queue_element_t { void *packet; struct queue_element_t *prev; From a26d371d0df3bee1bdc6e9d7046e949ee29e6de7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 29 Oct 2000 02:07:41 +0000 Subject: [PATCH 142/923] - Updated dutch translation. - Shutdown properly. --- po/es.po | 448 ++++++++++++++++++++++++----------------------- po/nl.po | 459 ++++++++++++++++++++++++------------------------- src/connlist.c | 4 +- src/net.c | 46 +++-- src/tincd.c | 12 +- 5 files changed, 484 insertions(+), 485 deletions(-) diff --git a/po/es.po b/po/es.po index 59404383..b54fbd98 100644 --- a/po/es.po +++ b/po/es.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre2\n" -"POT-Creation-Date: 2000-10-20 18:35+0200\n" +"POT-Creation-Date: 2000-10-29 02:49+0100\n" "PO-Revision-Date: 2000-07-02 12:49+01:00\n" "Last-Translator: Enrique Zanardi \n" "Language-Team: Spanish \n" @@ -33,658 +33,677 @@ msgstr "" msgid "Invalid value for variable on line %d while reading config file %s" msgstr "" -#: src/meta.c:42 +#: src/conf.c:219 +#, c-format +msgid "Failed to read `%s': %m\n" +msgstr "" + +#: src/meta.c:45 #, fuzzy, c-format msgid "Sending %d bytes of metadata to %s (%s): %s" msgstr "Enviados %d bytes a %lx" -#: src/meta.c:57 +#: src/meta.c:61 #, fuzzy, c-format msgid "Sending meta data to %s (%s) failed: %m" msgstr "Error enviando datos: %m" -#: src/meta.c:85 src/net.c:847 +#: src/meta.c:89 src/net.c:940 #, fuzzy, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Esto es un `bug': %s:%d: %d:%m" -#: src/meta.c:91 +#: src/meta.c:95 #, fuzzy, c-format msgid "Metadata socket error for %s (%s): %s" msgstr "Error en el `socket' de metadatos: %s" -#: src/meta.c:110 +#: src/meta.c:115 #, fuzzy, c-format msgid "Connection closed by %s (%s)" msgstr "Conexión desde %s:%d" -#: src/meta.c:114 +#: src/meta.c:119 #, fuzzy, c-format msgid "Metadata socket read error for %s (%s): %m" msgstr "Error de lectura del `socket' de metadatos: %m" -#: src/meta.c:144 +#: src/meta.c:149 #, fuzzy, c-format msgid "Got request from %s (%s): %s" msgstr "Petición desconocida: %s" -#: src/meta.c:162 +#: src/meta.c:167 #, fuzzy, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Desbordamiento del búfer de lectura de metadatos" -#: src/net.c:107 +#: src/net.c:119 #, fuzzy, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Enviados %d bytes a %lx" -#: src/net.c:116 +#: src/net.c:128 #, fuzzy, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Error enviando datos: %m" -#: src/net.c:130 +#: src/net.c:160 #, fuzzy, c-format -msgid "Receiving packet of %d bytes" -msgstr "Recibiendo clave de " - -#: src/net.c:143 -#, c-format -msgid "Can't write to tap device: %m" +msgid "Can't write to tun/tap device: %m" msgstr "No puedo escribir en el dispositivo tap: %m" -#: src/net.c:243 +#: src/net.c:167 +#, fuzzy, c-format +msgid "Can't write to ethertap device: %m" +msgstr "No puedo escribir en el dispositivo tap: %m" + +#: src/net.c:268 #, fuzzy msgid "Queue flushed" msgstr "cola vaciada" -#: src/net.c:258 +#: src/net.c:283 #, fuzzy, c-format msgid "Flushing send queue for %s (%s)" msgstr "Vaciando la cola de envíos para " -#: src/net.c:266 +#: src/net.c:291 #, fuzzy, c-format msgid "Flushing receive queue for %s (%s)" msgstr "Vaciando la cola de recepción para " -#: src/net.c:284 +#: src/net.c:310 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "" -#: src/net.c:298 +#: src/net.c:326 #, fuzzy, c-format msgid "Could not open UDP connection to %s (%s)" msgstr "No pude abrir %s: %s\n" -#: src/net.c:306 -#, c-format -msgid "No valid key known yet for %s (%s), queueing packet" -msgstr "" - -#: src/net.c:317 -#, c-format -msgid "%s (%s) is not ready, queueing packet" -msgstr "" - -#: src/net.c:352 +#: src/net.c:383 #, c-format msgid "Could not open %s: %m" msgstr "No pude abrir %s: %m" -#: src/net.c:370 +#: src/net.c:410 #, c-format msgid "%s is a new style tun/tap device" msgstr "" -#: src/net.c:373 -msgid "tun/tap device will be left unconfigured" -msgstr "" - -#: src/net.c:396 +#: src/net.c:439 #, c-format msgid "Creating metasocket failed: %m" msgstr "Fallo al crear el metasocket: %m" -#: src/net.c:402 src/net.c:408 src/net.c:470 +#: src/net.c:445 src/net.c:451 src/net.c:513 #, c-format msgid "setsockopt: %m" msgstr "setsockopt(): %m" -#: src/net.c:415 src/net.c:477 +#: src/net.c:458 src/net.c:520 #, c-format msgid "fcntl: %m" msgstr "fcntl(): %m" -#: src/net.c:423 +#: src/net.c:466 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "" -#: src/net.c:439 +#: src/net.c:482 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Ha fallado la llamada a bind() con el puerto %hd/tcp: %m" -#: src/net.c:445 +#: src/net.c:488 #, c-format msgid "listen: %m" msgstr "listen(): %m" -#: src/net.c:464 +#: src/net.c:507 #, c-format msgid "Creating socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:488 +#: src/net.c:531 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Ha fallado la llamada a bind() con el puerto %hd/udp: %m" -#: src/net.c:505 +#: src/net.c:548 #, fuzzy, c-format msgid "Trying to connect to %s" msgstr "Cerrando conexión con %s." -#: src/net.c:515 +#: src/net.c:558 #, fuzzy, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:526 +#: src/net.c:569 #, c-format msgid "%s port %hd: %m" msgstr "" -#: src/net.c:533 +#: src/net.c:576 #, c-format msgid "fcntl for %s port %d: %m" msgstr "" -#: src/net.c:539 +#: src/net.c:582 #, fuzzy, c-format msgid "Connected to %s port %hd" msgstr "Conectado a %s:%hd" -#: src/net.c:562 +#: src/net.c:605 msgid "Invalid name for outgoing connection" msgstr "" -#: src/net.c:571 +#: src/net.c:614 #, c-format msgid "Error reading host configuration file for %s" msgstr "" -#: src/net.c:578 +#: src/net.c:621 #, c-format msgid "No address specified for %s" msgstr "" -#: src/net.c:585 +#: src/net.c:628 #, fuzzy, c-format msgid "Error looking up `%s': %m" msgstr "Error buscando `%s': %s\n" -#: src/net.c:595 +#: src/net.c:638 #, fuzzy, c-format msgid "Could not set up a meta connection to %s" msgstr "No he podido configurar una meta conexión." -#: src/net.c:629 +#: src/net.c:673 msgid "Name for tinc daemon required!" msgstr "" -#: src/net.c:637 +#: src/net.c:681 msgid "Invalid name for myself!" msgstr "" -#: src/net.c:643 +#: src/net.c:687 msgid "Private key for tinc daemon required!" msgstr "" -#: src/net.c:655 +#: src/net.c:699 msgid "Cannot open host configuration file for myself!" msgstr "" -#: src/net.c:661 +#: src/net.c:705 msgid "Public key for tinc daemon required!" msgstr "" -#: src/net.c:690 +#: src/net.c:745 +msgid "Network address and subnet mask do not match!" +msgstr "" + +#: src/net.c:754 #, fuzzy msgid "Unable to set up a listening socket!" msgstr "No puedo configurar un `socket' a la escucha" -#: src/net.c:696 +#: src/net.c:760 #, fuzzy msgid "Unable to set up an incoming vpn data socket!" msgstr "No puedo configurar un `socket' para recibir datos de la vpn" -#: src/net.c:703 +#: src/net.c:767 #, fuzzy, c-format msgid "Ready: listening on port %hd" msgstr "Listo: escuchando en el puerto %d." -#: src/net.c:734 +#: src/net.c:799 #, fuzzy, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Siguo sin poder conectar con el otro. Lo reintentaré en %d segundos." -#: src/net.c:772 +#: src/net.c:834 src/net.c:893 +#, fuzzy, c-format +msgid "Error while executing %s: %m" +msgstr "Error esperando entrada: %m" + +#: src/net.c:856 #, fuzzy, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:810 +#: src/net.c:903 #, fuzzy msgid "Terminating" msgstr "Terminando." -#: src/net.c:824 +#: src/net.c:917 #, fuzzy, c-format msgid "Opening UDP socket to %s" msgstr "Abriendo `socket' UDP a " -#: src/net.c:829 +#: src/net.c:922 #, fuzzy, c-format msgid "Creating UDP socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:839 +#: src/net.c:932 #, fuzzy, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Error al crear `socket' de datos: %m" -#: src/net.c:872 +#: src/net.c:965 #, c-format msgid "Error: getpeername: %m" msgstr "Error: getpeername(): %m" -#: src/net.c:887 +#: src/net.c:980 #, fuzzy, c-format msgid "Connection from %s port %d" msgstr "Conexión desde %s:%d" -#: src/net.c:931 +#: src/net.c:1025 #, fuzzy, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Esto es un `bug': %s:%d: %d:%m" -#: src/net.c:937 +#: src/net.c:1031 #, fuzzy, c-format msgid "Incoming data socket error: %s" msgstr "Error en el `socket' de recepción de datos: %s" -#: src/net.c:943 +#: src/net.c:1037 #, fuzzy, c-format msgid "Receiving packet failed: %m" msgstr "Error recibiendo datos: %m" -#: src/net.c:964 +#: src/net.c:1068 #, fuzzy, c-format msgid "Closing connection with %s (%s)" msgstr "Cerrando conexión con %s." -#: src/net.c:1007 +#: src/net.c:1108 #, fuzzy msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:1037 +#: src/net.c:1136 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "" -#: src/net.c:1068 +#: src/net.c:1167 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Error al aceptar una nueva conexión: %m" -#: src/net.c:1076 +#: src/net.c:1175 #, fuzzy msgid "Closed attempted connection" msgstr "Se ha cerrado la conexión que se intentaba realizar." -#: src/net.c:1111 +#: src/net.c:1208 #, fuzzy, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Error en el `socket' de datos salientes: %s" -#: src/net.c:1150 src/net.c:1159 -#, c-format -msgid "Error while reading from tapdevice: %m" +#: src/net.c:1244 +#, fuzzy, c-format +msgid "Error while reading from tun/tap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1171 +#: src/net.c:1253 #, fuzzy, c-format -msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" -msgstr "Trama ethernet no-IP %04x de " +msgid "Error while reading from ethertap device: %m" +msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1178 -#, c-format -msgid "Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x" +#: src/net.c:1264 +msgid "Received short packet from tap device" msgstr "" -#: src/net.c:1213 +#: src/net.c:1270 +#, c-format +msgid "Read packet of length %d from tap device" +msgstr "" + +#: src/net.c:1301 #, c-format msgid "Error while waiting for input: %m" msgstr "Error esperando entrada: %m" +#: src/net.c:1308 +msgid "Rereading configuration file and restarting in 5 seconds" +msgstr "" + +#: src/net.c:1315 +msgid "Unable to reread configuration file, exiting" +msgstr "" + #: src/netutl.c:115 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Error buscando `%s': %s\n" -#: src/protocol.c:80 +#: src/protocol.c:82 #, c-format msgid "Output buffer overflow while sending %s to %s (%s)" msgstr "" -#: src/protocol.c:87 +#: src/protocol.c:89 #, fuzzy, c-format msgid "Sending %s to %s (%s)" msgstr "Envio ACK a %s" -#: src/protocol.c:101 +#: src/protocol.c:103 #, fuzzy, c-format msgid "Unknown request from %s (%s)" msgstr "Petición desconocida: %s" -#: src/protocol.c:108 +#: src/protocol.c:110 #, fuzzy, c-format msgid "Got %s from %s (%s)" msgstr "He recibido una petición: %s" -#: src/protocol.c:114 +#: src/protocol.c:116 +#, fuzzy, c-format +msgid "Unauthorized request from %s (%s)" +msgstr "Petición desconocida: %s" + +#: src/protocol.c:123 #, fuzzy, c-format msgid "Error while processing %s from %s (%s)" msgstr "Error al procesar la petición de " -#: src/protocol.c:121 +#: src/protocol.c:130 #, fuzzy, c-format msgid "Bogus data received from %s (%s)" msgstr "Se han recibido datos sin sentido." -#: src/protocol.c:170 +#: src/protocol.c:181 #, fuzzy, c-format msgid "Got bad ID from %s" msgstr "recibí una petición BASIC_INFO incorrecta: %s" -#: src/protocol.c:178 +#: src/protocol.c:189 #, fuzzy, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "" "La máquina remota usa una versión incompatible del protocolo (versión %d)." -#: src/protocol.c:187 +#: src/protocol.c:198 #, c-format msgid "Peer %s uses invalid identity name" msgstr "" -#: src/protocol.c:195 +#: src/protocol.c:206 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "" -#: src/protocol.c:209 +#: src/protocol.c:220 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "" -#: src/protocol.c:219 +#: src/protocol.c:236 #, c-format msgid "No public key known for %s (%s)" msgstr "" -#: src/protocol.c:258 src/protocol.c:312 +#: src/protocol.c:273 +#, c-format +msgid "Generated random challenge (unencrypted): %s" +msgstr "" + +#: src/protocol.c:280 src/protocol.c:334 #, c-format msgid "Error during encryption of challenge for %s (%s)" msgstr "" -#: src/protocol.c:284 +#: src/protocol.c:306 #, fuzzy, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "recibí KEY_CHANGED de " -#: src/protocol.c:294 +#: src/protocol.c:316 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "" -#: src/protocol.c:330 +#: src/protocol.c:343 +#, c-format +msgid "Received random challenge (unencrypted): %s" +msgstr "" + +#: src/protocol.c:359 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "" -#: src/protocol.c:361 +#: src/protocol.c:390 #, fuzzy, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "recibí una petición ANS_KEY incorrecta: %s" -#: src/protocol.c:370 +#: src/protocol.c:399 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "" -#: src/protocol.c:387 +#: src/protocol.c:416 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "" -#: src/protocol.c:425 +#: src/protocol.c:421 +#, c-format +msgid "Expected challenge reply: %s" +msgstr "" + +#: src/protocol.c:463 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" -#: src/protocol.c:437 +#: src/protocol.c:476 #, fuzzy, c-format msgid "Connection with %s (%s) activated" msgstr "Activada la conexión con %s." -#: src/protocol.c:477 +#: src/protocol.c:531 #, fuzzy, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:486 +#: src/protocol.c:540 #, fuzzy, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:495 +#: src/protocol.c:549 #, fuzzy, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:506 +#: src/protocol.c:560 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:517 +#: src/protocol.c:571 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" -#: src/protocol.c:545 +#: src/protocol.c:611 #, fuzzy, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:554 +#: src/protocol.c:620 #, fuzzy, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:563 +#: src/protocol.c:629 #, fuzzy, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:574 +#: src/protocol.c:640 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:585 +#: src/protocol.c:651 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" -#: src/protocol.c:616 +#: src/protocol.c:688 #, fuzzy, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:624 +#: src/protocol.c:696 #, fuzzy, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:633 +#: src/protocol.c:705 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:643 -#, c-format -msgid "Warning: got ADD_HOST from %s (%s) from ourself, restarting" -msgstr "" - -#: src/protocol.c:653 -#, c-format -msgid "" -"Got ADD_HOST from %s (%s) with origin %s which is not in our connection list" -msgstr "" - -#: src/protocol.c:672 +#: src/protocol.c:722 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "" -#: src/protocol.c:679 +#: src/protocol.c:730 #, c-format -msgid "Removing old entry for %s (%s)" +msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" -#: src/protocol.c:722 +#: src/protocol.c:773 #, fuzzy, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:731 +#: src/protocol.c:782 #, fuzzy, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:740 +#: src/protocol.c:791 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:751 -#, c-format -msgid "Warning: got DEL_HOST from %s (%s) from ourself, restarting" -msgstr "" - -#: src/protocol.c:761 -#, c-format -msgid "" -"Got DEL_HOST from %s (%s) with origin %s which is not in our connection list" -msgstr "" - -#: src/protocol.c:773 +#: src/protocol.c:802 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" -#: src/protocol.c:783 +#: src/protocol.c:812 #, fuzzy, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:815 +#: src/protocol.c:848 #, fuzzy, c-format msgid "Got bad STATUS from %s (%s)" msgstr "recibí una petición ANS_KEY incorrecta: %s" -#: src/protocol.c:822 +#: src/protocol.c:855 #, fuzzy, c-format msgid "Status message from %s (%s): %s: %s" msgstr "He recibido una petición: %s" -#: src/protocol.c:846 +#: src/protocol.c:879 #, fuzzy, c-format msgid "Got bad ERROR from %s (%s)" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:853 +#: src/protocol.c:886 #, fuzzy, c-format msgid "Error message from %s (%s): %s: %s" msgstr "He recibido una petición: %s" -#: src/protocol.c:931 +#: src/protocol.c:962 #, fuzzy, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "recibí KEY_CHANGED de " -#: src/protocol.c:938 +#: src/protocol.c:969 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " "connection list" msgstr "" -#: src/protocol.c:968 +#: src/protocol.c:999 #, fuzzy, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "recibí REQ_KEY de " -#: src/protocol.c:975 +#: src/protocol.c:1006 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " "list" msgstr "" -#: src/protocol.c:991 +#: src/protocol.c:1022 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " "connection list" msgstr "" -#: src/protocol.c:1019 +#: src/protocol.c:1050 #, fuzzy, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "recibí una petición ANS_KEY incorrecta: %s" -#: src/protocol.c:1026 +#: src/protocol.c:1057 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " "list" msgstr "" -#: src/protocol.c:1042 -#, fuzzy, c-format -msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key" -msgstr "recibí una petición ANS_KEY incorrecta: %s" - -#: src/protocol.c:1055 +#: src/protocol.c:1091 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " "connection list" msgstr "" -#: src/tincd.c:99 +#. Do some intl stuff right now +#: src/subnet.c:242 src/tincd.c:397 +msgid "unknown" +msgstr "" + +#: src/subnet.c:298 +#, fuzzy +msgid "Subnet list:" +msgstr "Lista de conexiones:" + +#: src/subnet.c:307 +msgid "End of subnet list." +msgstr "" + +#: src/tincd.c:101 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Pruebe `%s --help' para más información.\n" -#: src/tincd.c:102 +#: src/tincd.c:104 #, c-format msgid "" "Usage: %s [option]...\n" @@ -693,7 +712,7 @@ msgstr "" "Modo de empleo: %s [opción]...\n" "\n" -#: src/tincd.c:103 +#: src/tincd.c:105 #, fuzzy msgid "" " -c, --config=DIR Read configuration options from DIR.\n" @@ -710,7 +729,7 @@ msgstr "" " -t, --timeout=TIEMPO Segundos a esperar antes de cancelar una " "trasmisión.\n" -#: src/tincd.c:108 +#: src/tincd.c:110 #, fuzzy msgid "" " -K, --keygen[=BITS] Generate public/private RSA keypair.\n" @@ -722,93 +741,88 @@ msgstr "" " --version Muestra información de la versión y termina.\n" "\n" -#: src/tincd.c:111 +#: src/tincd.c:113 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "Comunicar `bugs' a tinc@nl.linux.org.\n" -#: src/tincd.c:152 +#: src/tincd.c:153 msgid "Invalid argument! BITS must be a number equal to or greater than 512.\n" msgstr "" -#: src/tincd.c:207 +#: src/tincd.c:208 msgid "" "Seeding the PRNG: please press some keys or move\n" "the mouse if this program seems to have halted...\n" msgstr "" #. OpenSSL PRNG state apparently uses 1024 bytes, but it seems pretty sufficient anyway :) -#: src/tincd.c:210 +#: src/tincd.c:211 #, fuzzy, c-format msgid "Generating %d bits keys:\n" msgstr "Generando claves de %d bits." -#: src/tincd.c:214 +#: src/tincd.c:215 msgid "Error during key generation!" msgstr "" -#: src/tincd.c:218 +#: src/tincd.c:219 #, fuzzy msgid "Done.\n" msgstr ": hecho.\n" -#: src/tincd.c:220 +#: src/tincd.c:221 msgid "" "Please copy the private key to tinc.conf and the\n" "public key to your host configuration file:\n" "\n" msgstr "" -#: src/tincd.c:230 +#: src/tincd.c:231 #, fuzzy, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Memoria agotada (la última es %s:%d) (no pude asignar %d bytes); terminando." -#: src/tincd.c:285 +#: src/tincd.c:286 #, fuzzy, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) comenzando, nivel de depuración %d." -#: src/tincd.c:288 +#: src/tincd.c:289 #, fuzzy, c-format msgid "tincd %s starting" msgstr "tincd %s comenzando, nivel de depuración %d." -#: src/tincd.c:303 +#: src/tincd.c:304 #, fuzzy, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Total de bytes escritos: tap %d, socket %d; bytes leidos: tap %d, socket %d." -#: src/tincd.c:321 +#: src/tincd.c:322 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "" "Un tincd está actualmente en ejecución para la red `%s' con el pid %d.\n" -#: src/tincd.c:324 +#: src/tincd.c:325 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Un tincd está actualmente en ejecución con el pid %d.\n" -#: src/tincd.c:345 +#: src/tincd.c:346 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "No hay ningún otro tincd en ejecución para la red `%s'.\n" -#: src/tincd.c:347 +#: src/tincd.c:348 msgid "No other tincd is running.\n" msgstr "No hay ningún otro tincd en ejecución.\n" -#: src/tincd.c:354 +#: src/tincd.c:355 msgid "Removing stale lock file.\n" msgstr "Borrando fichero de bloqueo en desuso.\n" -#. Do some intl stuff right now -#: src/tincd.c:397 -msgid "unknown" -msgstr "" - #: src/tincd.c:403 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" @@ -847,8 +861,9 @@ msgid "Restarting in %d seconds!" msgstr "" #: src/tincd.c:462 src/tincd.c:508 -msgid "Aieee! Not restarting." -msgstr "" +#, fuzzy +msgid "Not restarting." +msgstr "tincd %s comenzando, nivel de depuración %d." #: src/tincd.c:472 msgid "Got TERM signal" @@ -873,24 +888,35 @@ msgid "Trying to re-execute in 5 seconds..." msgstr "Intento re-establecer la conexión saliente en 5 segundos." #: src/tincd.c:517 -msgid "Got HUP signal, rereading configuration and restarting" -msgstr "" +msgid "Got HUP signal" +msgstr "Recibí la señal HUP" #: src/tincd.c:525 #, fuzzy msgid "Got INT signal, exiting" msgstr "Recibí la señal INT" -#: src/tincd.c:539 -#, fuzzy -msgid "Got USR2 signal, forcing new key generation" -msgstr "Forzando generación de una nueva clave" - -#: src/tincd.c:548 +#: src/tincd.c:549 #, fuzzy, c-format msgid "Got unexpected signal %d (%s)" msgstr "Recibí una señal inesperada (%d)." +#, fuzzy +#~ msgid "Receiving packet of %d bytes" +#~ msgstr "Recibiendo clave de " + +#, fuzzy +#~ msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" +#~ msgstr "Trama ethernet no-IP %04x de " + +#, fuzzy +#~ msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key" +#~ msgstr "recibí una petición ANS_KEY incorrecta: %s" + +#, fuzzy +#~ msgid "Got USR2 signal, forcing new key generation" +#~ msgstr "Forzando generación de una nueva clave" + #~ msgid "Usage: %s bits\n" #~ msgstr "Uso: %s bits\n" @@ -959,9 +985,6 @@ msgstr "Recib #~ msgid "Dropping short packet" #~ msgstr "Descartando paquete corto" -#~ msgid "Connection list:" -#~ msgstr "Lista de conexiones:" - #, fuzzy #~ msgid "Send failed: %d:%d: %m" #~ msgstr "Error enviando: %d:%d: %m" @@ -1179,6 +1202,3 @@ msgstr "Recib #~ msgid "%s version %s\n" #~ msgstr "%s versión %s\n" - -#~ msgid "Got HUP signal" -#~ msgstr "Recibí la señal HUP" diff --git a/po/nl.po b/po/nl.po index 82820328..9dc5634f 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-10-20 18:35+0200\n" +"POT-Creation-Date: 2000-10-29 02:49+0100\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -39,623 +39,628 @@ msgstr "" "Ongeldige waarde voor variabele op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/meta.c:42 +#: src/conf.c:219 +#, c-format +msgid "Failed to read `%s': %m\n" +msgstr "" + +#: src/meta.c:45 #, c-format msgid "Sending %d bytes of metadata to %s (%s): %s" msgstr "Verzending %d bytes metadata naar %s (%s): %s" -#: src/meta.c:57 +#: src/meta.c:61 #, c-format msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:85 src/net.c:847 +#: src/meta.c:89 src/net.c:940 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" -#: src/meta.c:91 +#: src/meta.c:95 #, c-format msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s): %s" -#: src/meta.c:110 +#: src/meta.c:115 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:114 +#: src/meta.c:119 #, c-format msgid "Metadata socket read error for %s (%s): %m" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %m" -#: src/meta.c:144 +#: src/meta.c:149 #, c-format msgid "Got request from %s (%s): %s" msgstr "Kreeg verzoek van %s (%s): %s" -#: src/meta.c:162 +#: src/meta.c:167 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overvol voor %s (%s)" -#: src/net.c:107 +#: src/net.c:119 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net.c:116 +#: src/net.c:128 #, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" -#: src/net.c:130 +#: src/net.c:160 #, c-format -msgid "Receiving packet of %d bytes" -msgstr "Ontvangst pakket van %d bytes" +msgid "Can't write to tun/tap device: %m" +msgstr "Kan niet naar tun/tap apparaat schrijven: %m" -#: src/net.c:143 +#: src/net.c:167 #, c-format -msgid "Can't write to tap device: %m" -msgstr "Kan niet naar tap apparaat schrijven: %m" +msgid "Can't write to ethertap device: %m" +msgstr "Kan niet naar ethertap apparaat schrijven: %m" -#: src/net.c:243 +#: src/net.c:268 msgid "Queue flushed" msgstr "Wachtrij leeggemaakt" -#: src/net.c:258 +#: src/net.c:283 #, c-format msgid "Flushing send queue for %s (%s)" msgstr "Legen van verzend-wachtrij voor %s (%s)" -#: src/net.c:266 +#: src/net.c:291 #, c-format msgid "Flushing receive queue for %s (%s)" msgstr "Legen van de ontvangst-wachtrij voor %s (%s)" -#: src/net.c:284 +#: src/net.c:310 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" -#: src/net.c:298 +#: src/net.c:326 #, c-format msgid "Could not open UDP connection to %s (%s)" msgstr "Kon geen UDP verbinding openen naar %s (%s)" -#: src/net.c:306 -#, c-format -msgid "No valid key known yet for %s (%s), queueing packet" -msgstr "" -"Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in de wachtrij " -"gezet" - -#: src/net.c:317 -#, c-format -msgid "%s (%s) is not ready, queueing packet" -msgstr "%s (%s) is niet gereed, pakket wordt in de wachtrij gezet" - -#: src/net.c:352 +#: src/net.c:383 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" -#: src/net.c:370 +#: src/net.c:410 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s is een nieuwe stijl tun/tap apparaat" -#: src/net.c:373 -msgid "tun/tap device will be left unconfigured" -msgstr "tun/tap apparaat wordt ongeconfigureerd gelaten" - -#: src/net.c:396 +#: src/net.c:439 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:402 src/net.c:408 src/net.c:470 +#: src/net.c:445 src/net.c:451 src/net.c:513 #, c-format msgid "setsockopt: %m" msgstr "setsockopt: %m" -#: src/net.c:415 src/net.c:477 +#: src/net.c:458 src/net.c:520 #, c-format msgid "fcntl: %m" msgstr "fcntl: %m" -#: src/net.c:423 +#: src/net.c:466 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:439 +#: src/net.c:482 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:445 +#: src/net.c:488 #, c-format msgid "listen: %m" msgstr "listen: %m" -#: src/net.c:464 +#: src/net.c:507 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:488 +#: src/net.c:531 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:505 +#: src/net.c:548 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:515 +#: src/net.c:558 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:526 +#: src/net.c:569 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:533 +#: src/net.c:576 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:539 +#: src/net.c:582 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:562 +#: src/net.c:605 msgid "Invalid name for outgoing connection" msgstr "Ongelige naam voor uitgaande verbinding" -#: src/net.c:571 +#: src/net.c:614 #, c-format msgid "Error reading host configuration file for %s" msgstr "Fout tijdens lezen host configuratie bestand voor %s" -#: src/net.c:578 +#: src/net.c:621 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:585 +#: src/net.c:628 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:595 +#: src/net.c:638 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:629 +#: src/net.c:673 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:637 +#: src/net.c:681 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:643 +#: src/net.c:687 msgid "Private key for tinc daemon required!" msgstr "Privé sleutel voor tinc daemon verplicht!" -#: src/net.c:655 +#: src/net.c:699 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:661 +#: src/net.c:705 msgid "Public key for tinc daemon required!" msgstr "Publieke sleutel voor tinc daemon verplicht!" -#: src/net.c:690 +#: src/net.c:745 +msgid "Network address and subnet mask do not match!" +msgstr "Netwerk adres en subnet masker komen niet overeen!" + +#: src/net.c:754 msgid "Unable to set up a listening socket!" msgstr "Kon geen luistersocket aanmaken!" -#: src/net.c:696 +#: src/net.c:760 msgid "Unable to set up an incoming vpn data socket!" msgstr "Kon geen socket maken voor inkomend vpn verkeer!" -#: src/net.c:703 +#: src/net.c:767 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:734 +#: src/net.c:799 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:772 +#: src/net.c:834 src/net.c:893 +#, c-format +msgid "Error while executing %s: %m" +msgstr "Fout tijdens uitvoeren %s: %m" + +#: src/net.c:856 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:810 +#: src/net.c:903 msgid "Terminating" msgstr "Beëindigen" -#: src/net.c:824 +#: src/net.c:917 #, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:829 +#: src/net.c:922 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:839 +#: src/net.c:932 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:872 +#: src/net.c:965 #, c-format msgid "Error: getpeername: %m" msgstr "Fout: getpeername: %m" -#: src/net.c:887 +#: src/net.c:980 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:931 +#: src/net.c:1025 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:937 +#: src/net.c:1031 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:943 +#: src/net.c:1037 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:964 +#: src/net.c:1068 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1007 +#: src/net.c:1108 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:1037 +#: src/net.c:1136 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1068 +#: src/net.c:1167 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1076 +#: src/net.c:1175 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1111 +#: src/net.c:1208 #, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" -#: src/net.c:1150 src/net.c:1159 +#: src/net.c:1244 #, c-format -msgid "Error while reading from tapdevice: %m" -msgstr "Fout tijdens lezen van tap-apparaatbestand tijdens lezen: %m" +msgid "Error while reading from tun/tap device: %m" +msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1171 +#: src/net.c:1253 #, c-format -msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" -msgstr "Niet-IP ethernet pakket %04x van %02x:%02x:%02x:%02x:%02x:%02x" +msgid "Error while reading from ethertap device: %m" +msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1178 +#: src/net.c:1264 +msgid "Received short packet from tap device" +msgstr "Kort pakket ontvangen van tap apparaat" + +#: src/net.c:1270 #, c-format -msgid "Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x" -msgstr "Te kort pakket van %02x:%02x:%02x:%02x:%02x:%02x genegeerd" +msgid "Read packet of length %d from tap device" +msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1213 +#: src/net.c:1301 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" +#: src/net.c:1308 +msgid "Rereading configuration file and restarting in 5 seconds" +msgstr "Herlezen configuratiebestand en herstart in 5 seconden" + +#: src/net.c:1315 +msgid "Unable to reread configuration file, exiting" +msgstr "Kan configuratiebestand niet herlezen, beëindigen" + #: src/netutl.c:115 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Fout bij het opzoeken van `%s': %s\n" -#: src/protocol.c:80 +#: src/protocol.c:82 #, c-format msgid "Output buffer overflow while sending %s to %s (%s)" msgstr "Uitvoer buffer overvol tijdens zenden %s naar %s (%s)" -#: src/protocol.c:87 +#: src/protocol.c:89 #, c-format msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:101 +#: src/protocol.c:103 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:108 +#: src/protocol.c:110 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:114 +#: src/protocol.c:116 +#, c-format +msgid "Unauthorized request from %s (%s)" +msgstr "Niet toegestaan verzoek van %s (%s)" + +#: src/protocol.c:123 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:121 +#: src/protocol.c:130 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:170 +#: src/protocol.c:181 #, c-format msgid "Got bad ID from %s" msgstr "Kreeg ongeldige ID van %s" -#: src/protocol.c:178 +#: src/protocol.c:189 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:187 +#: src/protocol.c:198 #, c-format msgid "Peer %s uses invalid identity name" msgstr "Ander %s gebruikt een ongeldige identiteitsnaam" -#: src/protocol.c:195 +#: src/protocol.c:206 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft een onbekende identiteit (%s)" -#: src/protocol.c:209 +#: src/protocol.c:220 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "%s (%s) staat al in onze verbindingslijst" -#: src/protocol.c:219 +#: src/protocol.c:236 #, c-format msgid "No public key known for %s (%s)" msgstr "Geen publieke sleutel bekend voor %s (%s)" -#: src/protocol.c:258 src/protocol.c:312 +#: src/protocol.c:273 +#, c-format +msgid "Generated random challenge (unencrypted): %s" +msgstr "Uitdaging gegenereerd (niet versleuteld): %s" + +#: src/protocol.c:280 src/protocol.c:334 #, c-format msgid "Error during encryption of challenge for %s (%s)" msgstr "Fout tijdens versleuteling van uitdaging voor %s (%s)" -#: src/protocol.c:284 +#: src/protocol.c:306 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" -#: src/protocol.c:294 +#: src/protocol.c:316 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" -#: src/protocol.c:330 +#: src/protocol.c:343 +#, c-format +msgid "Received random challenge (unencrypted): %s" +msgstr "Uitdaging ontvangen (niet versleuteld): %s" + +#: src/protocol.c:359 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" -#: src/protocol.c:361 +#: src/protocol.c:390 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" -#: src/protocol.c:370 +#: src/protocol.c:399 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" -#: src/protocol.c:387 +#: src/protocol.c:416 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" -#: src/protocol.c:425 +#: src/protocol.c:421 +#, c-format +msgid "Expected challenge reply: %s" +msgstr "Verwacht antwoord op uitdaging: %s" + +#: src/protocol.c:463 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:437 +#: src/protocol.c:476 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:477 +#: src/protocol.c:531 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" -#: src/protocol.c:486 +#: src/protocol.c:540 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:495 +#: src/protocol.c:549 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" -#: src/protocol.c:506 +#: src/protocol.c:560 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:517 +#: src/protocol.c:571 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" -"Kreeg DEL_SUBNET voor %d.%d.%d.%d van %s (%s) die niet voorkomt in onze " +"Kreeg ADD_SUBNET voor %d.%d.%d.%d van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:545 +#: src/protocol.c:611 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" -#: src/protocol.c:554 +#: src/protocol.c:620 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:563 +#: src/protocol.c:629 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:574 +#: src/protocol.c:640 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:585 +#: src/protocol.c:651 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg DEL_SUBNET voor %d.%d.%d.%d van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:616 +#: src/protocol.c:688 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:624 +#: src/protocol.c:696 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:633 +#: src/protocol.c:705 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:643 -#, c-format -msgid "Warning: got ADD_HOST from %s (%s) from ourself, restarting" -msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) van onszelf, herstart" - -#: src/protocol.c:653 -#, c-format -msgid "" -"Got ADD_HOST from %s (%s) with origin %s which is not in our connection list" -msgstr "" -"Kreeg ADD_HOST van %s (%s) met herkomst %s die niet in onze verbindingslijst " -"voorkomt" - -#: src/protocol.c:672 +#: src/protocol.c:722 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:679 +#: src/protocol.c:730 #, c-format -msgid "Removing old entry for %s (%s)" -msgstr "Verwijdering oude verbinding voor %s (%s)" +msgid "Removing old entry for %s (%s) in favour of new connection" +msgstr "" +"Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe verbinding" -#: src/protocol.c:722 +#: src/protocol.c:773 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:731 +#: src/protocol.c:782 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:740 +#: src/protocol.c:791 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:751 -#, c-format -msgid "Warning: got DEL_HOST from %s (%s) from ourself, restarting" -msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) van onszelf, herstart" - -#: src/protocol.c:761 -#, c-format -msgid "" -"Got DEL_HOST from %s (%s) with origin %s which is not in our connection list" -msgstr "" -"Kreeg DEL_HOST voor %s (%s) met herkomst %s die niet in onze " -"verbindingslijst voorkomt" - -#: src/protocol.c:773 +#: src/protocol.c:802 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:783 +#: src/protocol.c:812 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:815 +#: src/protocol.c:848 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:822 +#: src/protocol.c:855 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:846 +#: src/protocol.c:879 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:853 +#: src/protocol.c:886 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:931 +#: src/protocol.c:962 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:938 +#: src/protocol.c:969 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " "connection list" msgstr "" -"Kreeg KEY_CHANGED van %s (%s) met herkomst %s die niet in onze " -"verbindingslijst voorkomt" +"Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " +"voorkomt" -#: src/protocol.c:968 +#: src/protocol.c:999 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:975 +#: src/protocol.c:1006 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -664,7 +669,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:991 +#: src/protocol.c:1022 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -672,26 +677,21 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1019 +#: src/protocol.c:1050 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:1026 +#: src/protocol.c:1057 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " "list" msgstr "" -"Kreeg ANS_KEY van %s (%s) met herkomst %s die niet in onze verbindingslijst " +"Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1042 -#, c-format -msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key" -msgstr "Kreeg ongeldige ANS_KEY van %s (%s) herkomst %s: ongeldige sleutel" - -#: src/protocol.c:1055 +#: src/protocol.c:1091 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -699,12 +699,25 @@ msgid "" msgstr "" "Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/tincd.c:99 +#. Do some intl stuff right now +#: src/subnet.c:242 src/tincd.c:397 +msgid "unknown" +msgstr "onbekend" + +#: src/subnet.c:298 +msgid "Subnet list:" +msgstr "Subnet lijst:" + +#: src/subnet.c:307 +msgid "End of subnet list." +msgstr "Einde van subnet lijst." + +#: src/tincd.c:101 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:102 +#: src/tincd.c:104 #, c-format msgid "" "Usage: %s [option]...\n" @@ -713,7 +726,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:103 +#: src/tincd.c:105 msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" @@ -727,7 +740,7 @@ msgstr "" " -k, --kill Poging tot doden van lopende tincd en beëindig.\n" " -n, --net=NETNAAM Verbind met net NETNAAM.\n" -#: src/tincd.c:108 +#: src/tincd.c:110 msgid "" " -K, --keygen[=BITS] Generate public/private RSA keypair.\n" " --help Display this help and exit.\n" @@ -739,18 +752,18 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:111 +#: src/tincd.c:113 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:152 +#: src/tincd.c:153 msgid "Invalid argument! BITS must be a number equal to or greater than 512.\n" msgstr "" "Ongeldig argument! BITS moet een nummer zijn gelijk aan of groter dan 512.\n" -#: src/tincd.c:207 +#: src/tincd.c:208 msgid "" "Seeding the PRNG: please press some keys or move\n" "the mouse if this program seems to have halted...\n" @@ -759,20 +772,20 @@ msgstr "" "de muis als het programma gestopt lijkt te zijn...\n" #. OpenSSL PRNG state apparently uses 1024 bytes, but it seems pretty sufficient anyway :) -#: src/tincd.c:210 +#: src/tincd.c:211 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:214 +#: src/tincd.c:215 msgid "Error during key generation!" msgstr "Fout tijdens genereren sleutel!" -#: src/tincd.c:218 +#: src/tincd.c:219 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:220 +#: src/tincd.c:221 msgid "" "Please copy the private key to tinc.conf and the\n" "public key to your host configuration file:\n" @@ -782,57 +795,52 @@ msgstr "" "publieke sleutel naar het host configuratie bestand:\n" "\n" -#: src/tincd.c:230 +#: src/tincd.c:231 #, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken), beëindigen." -#: src/tincd.c:285 +#: src/tincd.c:286 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) gestart, debugniveau %d" -#: src/tincd.c:288 +#: src/tincd.c:289 #, c-format msgid "tincd %s starting" msgstr "tincd %s gestart" -#: src/tincd.c:303 +#: src/tincd.c:304 #, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " "socket %d." -#: src/tincd.c:321 +#: src/tincd.c:322 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd voor net `%s' draait al met procesnummer %d.\n" -#: src/tincd.c:324 +#: src/tincd.c:325 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met procesnummer %d.\n" -#: src/tincd.c:345 +#: src/tincd.c:346 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd gevonden voor net `%s'.\n" -#: src/tincd.c:347 +#: src/tincd.c:348 msgid "No other tincd is running.\n" msgstr "Geen andere tincd gevonden.\n" -#: src/tincd.c:354 +#: src/tincd.c:355 msgid "Removing stale lock file.\n" msgstr "Ongebruikt vergrendelingsbestand verwijderd.\n" -#. Do some intl stuff right now -#: src/tincd.c:397 -msgid "unknown" -msgstr "onbekend" - #: src/tincd.c:403 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" @@ -870,8 +878,8 @@ msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" #: src/tincd.c:462 src/tincd.c:508 -msgid "Aieee! Not restarting." -msgstr "Waaah! Geen herstart." +msgid "Not restarting." +msgstr "Geen herstart." #: src/tincd.c:472 msgid "Got TERM signal" @@ -894,39 +902,14 @@ msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstaren over 5 seconden..." #: src/tincd.c:517 -msgid "Got HUP signal, rereading configuration and restarting" -msgstr "Kreeg HUP signaal, herlezen configuratie en herstarten" +msgid "Got HUP signal" +msgstr "Kreeg HUP signaal" #: src/tincd.c:525 msgid "Got INT signal, exiting" msgstr "Kreeg INT signaal, beëindigen" -#: src/tincd.c:539 -msgid "Got USR2 signal, forcing new key generation" -msgstr "Kreeg USR2 signaal, nieuwe sleutels geforceerd" - -#: src/tincd.c:548 +#: src/tincd.c:549 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" - -#~ msgid "Usage: %s bits\n" -#~ msgstr "Gebruik: %s bits\n" - -#~ msgid "Illegal number: %s\n" -#~ msgstr "Ongeldig nummer: %s\n" - -#~ msgid "Invalid timeout value `%s'.\n" -#~ msgstr "Ongeldige timeout waarde `%s'.\n" - -#~ msgid "Illegal passphrase in %s; size would be %d" -#~ msgstr "Ongeldig wachtwoord in %s; grootte zou %d zijn" - -#~ msgid "Generating %d bits keys" -#~ msgstr "%d bits sleutel genereren" - -#~ msgid "Opening /dev/urandom failed: %m" -#~ msgstr "Openen van /dev/urandom mislukt: %m" - -#~ msgid "Encryption key set to %s" -#~ msgstr "Sleutel ingesteld op %s" diff --git a/src/connlist.c b/src/connlist.c index 2965ced2..ac6970b5 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.10 2000/10/29 00:02:17 guus Exp $ + $Id: connlist.c,v 1.1.2.11 2000/10/29 02:07:39 guus Exp $ */ #include @@ -64,6 +64,8 @@ cp free(p->cipher_pktkey); if(p->buffer) free(p->buffer); + if(p->config) + clear_config(&p->config); free(p); cp } diff --git a/src/net.c b/src/net.c index 32c66e87..480a1264 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.51 2000/10/29 00:46:43 guus Exp $ + $Id: net.c,v 1.35.4.52 2000/10/29 02:07:40 guus Exp $ */ #include "config.h" @@ -869,16 +869,8 @@ void close_network_connections(void) cp for(p = conn_list; p != NULL; p = p->next) { - if(p->status.dataopen) - { - shutdown(p->socket, 0); /* No more receptions */ - close(p->socket); - } - if(p->status.meta) - { - shutdown(p->meta_socket, 0); /* No more receptions */ - close(p->meta_socket); - } + p->status.active = 0; + terminate_connection(p); } if(myself) @@ -886,6 +878,8 @@ cp { close(myself->meta_socket); close(myself->socket); + free_conn_list(myself); + myself = NULL; } /* Execute tinc-down script right before shutting down the interface */ @@ -1065,9 +1059,7 @@ void terminate_connection(conn_list_t *cl) subnet_t *s; cp if(cl->status.remove) - { - return; - } + return; cl->status.remove = 1; @@ -1101,19 +1093,19 @@ cp for(s = cl->subnets; s; s = s->next) subnet_del(s); - /* Inactivate */ - - cl->status.active = 0; - /* Check if this was our outgoing connection */ - if(cl->status.outgoing) + if(cl->status.outgoing && cl->status.active) { signal(SIGALRM, sigalrm_handler); seconds_till_retry = 5; alarm(seconds_till_retry); syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds")); } + + /* Inactivate */ + + cl->status.active = 0; cp } @@ -1312,20 +1304,22 @@ cp if(sighup) { + syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds")); sighup = 0; -/* FIXME: reprogram this. - if(debug_lvl > 1) - syslog(LOG_INFO, _("Rereading configuration file")); close_network_connections(); - clear_config(); - if(read_config_file(&config, configfilename)) + clear_config(&config); + + if(read_server_config()) { syslog(LOG_ERR, _("Unable to reread configuration file, exiting")); exit(0); } + sleep(5); - setup_network_connections(); -*/ + + if(setup_network_connections()) + return; + continue; } diff --git a/src/tincd.c b/src/tincd.c index ca873ef2..a220154b 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.17 2000/10/29 00:02:20 guus Exp $ + $Id: tincd.c,v 1.10.4.18 2000/10/29 02:07:41 guus Exp $ */ #include "config.h" @@ -459,7 +459,7 @@ main(int argc, char **argv, char **envp) } else { - syslog(LOG_ERR, _("Aieee! Not restarting.")); + syslog(LOG_ERR, _("Not restarting.")); exit(0); } } @@ -505,7 +505,7 @@ sigsegv_handler(int a) } else { - syslog(LOG_NOTICE, _("Aieee! Not restarting.")); + syslog(LOG_NOTICE, _("Not restarting.")); exit(0); } } @@ -514,7 +514,7 @@ RETSIGTYPE sighup_handler(int a) { if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got HUP signal, rereading configuration and restarting")); + syslog(LOG_NOTICE, _("Got HUP signal")); sighup = 1; } @@ -536,9 +536,9 @@ RETSIGTYPE sigusr2_handler(int a) { dump_subnet_list(); -// if(debug_lvl > DEBUG_NOTHING) -// syslog(LOG_NOTICE, _("Got USR2 signal, forcing new key generation")); /* FIXME: reprogram this. + if(debug_lvl > DEBUG_NOTHING) + syslog(LOG_NOTICE, _("Got USR2 signal, forcing new key generation")); regenerate_keys(); */ } From 8fa9bc017d89b53798903df3fa98311067d4de90 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 29 Oct 2000 09:19:27 +0000 Subject: [PATCH 143/923] - Removed old encr stuff --- src/encr.c | 358 ------------------------------------------------- src/encr.h | 46 ------- src/net.c | 3 +- src/net.h | 7 +- src/netutl.c | 3 +- src/protocol.c | 14 +- src/tincd.c | 8 +- 7 files changed, 15 insertions(+), 424 deletions(-) delete mode 100644 src/encr.c delete mode 100644 src/encr.h diff --git a/src/encr.c b/src/encr.c deleted file mode 100644 index 792323a9..00000000 --- a/src/encr.c +++ /dev/null @@ -1,358 +0,0 @@ -/* - encr.c -- everything that deals with encryption - Copyright (C) 1998,1999,2000 Ivo Timmermans - 2000 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: encr.c,v 1.12.4.5 2000/09/15 12:58:38 zarq Exp $ -*/ - -#include "config.h" - -#include - -#include -#include -#include -#include -#include -#include -#include - -#ifdef HAVE_GMP_H -# include -#else -# ifdef HAVE_GMP2_GMP_H -# include -# endif -#endif - -#include -#include - -#include - -#include "conf.h" -#include "encr.h" -#include "net.h" -#include "protocol.h" - -#include "system.h" - -#define ENCR_GENERATOR "0xd" -#define ENCR_PRIME "0x7fffffffffffffffffffffffffffffff" /* Mersenne :) */ - -char text_key[1000]; -char *my_public_key_base36; -int key_inited = 0, encryption_keylen; -mpz_t my_private_key, my_public_key, generator, shared_prime; -int my_key_expiry = (time_t)(-1); - -char* mypassphrase; -int mypassphraselen; - -int char_hex_to_bin(int c) -{ - if(isdigit(c)) - return c - '0'; - else - return tolower(c) - 'a' + 10; -} - -int str_hex_to_bin(unsigned char *bin, unsigned char *hex) -{ - int i = 0, j = 0, l = strlen(hex); -cp - if(l&1) - { - i = j = 1; - bin[0] = char_hex_to_bin(hex[0]); - } - for(; i < l; i+=2, j++) - bin[j] = (char_hex_to_bin(hex[i]) << 4) + char_hex_to_bin(hex[i+1]); -cp - return j&1?j+1:j; -} - -int read_passphrase(char *which, char **out) -{ - FILE *f; - config_t const *cfg; - char *filename; - int size; - extern char *confbase; - char *pp; -cp - if((cfg = get_config_val(passphrasesdir)) == NULL) - { - asprintf(&filename, "%spassphrases/%s", confbase, which); - } - else - { - asprintf(&filename, "%s/%s", (char*)cfg->data.ptr, which); - } - - if((f = fopen(filename, "rb")) == NULL) - { - if(debug_lvl > 1) - syslog(LOG_ERR, _("Could not open %s: %m"), filename); - return -1; - } - - fscanf(f, "%d ", &size); - if(size < 1 || size > (1<<15)) - { - syslog(LOG_ERR, _("Illegal passphrase in %s; size would be %d"), filename, size); - return -1; - } - - /* Hmz... hackish... strange +1 and +2 stuff... I really like more comments on those alignment thingies! */ - - pp = xmalloc(size/4 + 1); /* Allocate enough for fgets */ - fgets(pp, size/4 + 1, f); /* Read passhrase and reserve one byte for end-of-string */ - fclose(f); - - *out = xmalloc(size/8 + 2); /* Allocate enough bytes, +1 for rounding if bits%8 != 0, +1 for 2-byte alignment */ -cp - return str_hex_to_bin(*out, pp); -} - -int read_my_passphrase(void) -{ -cp - if((mypassphraselen = read_passphrase("local", &mypassphrase)) < 0) - return -1; -cp - return 0; -} - -int generate_private_key(void) -{ - FILE *f; - int i; - char *s; - config_t const *cfg; -cp - if((cfg = get_config_val(keyexpire)) == NULL) - my_key_expiry = (time_t)(time(NULL) + 3600); - else - my_key_expiry = (time_t)(time(NULL) + cfg->data.val); - - if(debug_lvl > 1) - syslog(LOG_NOTICE, _("Generating %d bits keys"), PRIVATE_KEY_BITS); - - if((f = fopen("/dev/urandom", "r")) == NULL) - { - syslog(LOG_ERR, _("Opening /dev/urandom failed: %m")); - return -1; - } - - s = xmalloc((2 * PRIVATE_KEY_LENGTH) + 1); - - for(i = 0; i < PRIVATE_KEY_LENGTH; i++) - sprintf(&s[i << 1], "%02x", fgetc(f)); - - s[2 * PRIVATE_KEY_LENGTH] = '\0'; - - mpz_set_str(my_private_key, s, 16); -cp - return 0; -} - -void calculate_public_key(void) -{ -cp - mpz_powm(my_public_key, generator, my_private_key, shared_prime); - my_public_key_base36 = mpz_get_str(NULL, 36, my_public_key); -cp -} - -unsigned char static_key[] = { 0x9c, 0xbf, 0x36, 0xa9, 0xce, 0x20, 0x1b, 0x8b, 0x67, 0x56, 0x21, 0x5d, 0x27, 0x1b, 0xd8, 0x7a }; - -int security_init(void) -{ -cp - mpz_init(my_private_key); - mpz_init(my_public_key); - mpz_init_set_str(shared_prime, ENCR_PRIME, 0); - mpz_init_set_str(generator, ENCR_GENERATOR, 0); - - if(read_my_passphrase() < 0) - return -1; - if(generate_private_key() < 0) - return -1; - - if(cipher_init(CIPHER_BLOWFISH) < 0) - return -1; - - calculate_public_key(); -cp - return 0; -} - -void set_shared_key(char *almost_key) -{ - char *tmp; - int len; - mpz_t ak, our_shared_key; -cp - mpz_init_set_str(ak, almost_key, 36); - mpz_init(our_shared_key); - mpz_powm(our_shared_key, ak, my_private_key, shared_prime); - - tmp = mpz_get_str(NULL, 16, our_shared_key); - len = str_hex_to_bin(text_key, tmp); - - cipher_set_key(&encryption_key, len, text_key); - key_inited = 1; - encryption_keylen = len; - - if(debug_lvl > 2) - syslog(LOG_INFO, _("Encryption key set to %s"), tmp); - - free(tmp); - mpz_clear(ak); - mpz_clear(our_shared_key); -cp -} - - -void encrypt_passphrase(passphrase_t *pp) -{ - char key[1000]; - char tmp[1000]; - unsigned char phrase[1000]; - int keylen; - int i; - BF_KEY bf_key; - -cp - mpz_get_str(tmp, 16, my_public_key); - keylen = str_hex_to_bin(key, tmp); - - cipher_set_key(&bf_key, keylen, key); - - low_crypt_key(mypassphrase, phrase, &bf_key, mypassphraselen, BF_ENCRYPT); - pp->len = ((mypassphraselen - 1) | 7) + 1; - pp->phrase = xmalloc((pp->len << 1) + 1); - - for(i = 0; i < pp->len; i++) - snprintf(&(pp->phrase)[i << 1], 3, "%02x", (int)phrase[i]); - - pp->phrase[(pp->len << 1) + 1] = '\0'; - - if(key_inited) - cipher_set_key(&encryption_key, encryption_keylen, text_key); -cp -} - -int verify_passphrase(conn_list_t *cl, unsigned char *his_pubkey) -{ - char key[1000]; - char *tmp; - unsigned char phrase[1000]; - int keylen, pplen; - mpz_t pk; - unsigned char *out; - BF_KEY bf_key; - char *which; - char *meuk; -cp - mpz_init_set_str(pk, his_pubkey, 36); - tmp = mpz_get_str(NULL, 16, pk); - keylen = str_hex_to_bin(key, tmp); - out = xmalloc((cl->pp->len >> 1) + 3); - pplen = str_hex_to_bin(phrase, cl->pp->phrase); - - cipher_set_key(&bf_key, keylen, key); - low_crypt_key(phrase, out, &bf_key, pplen, BF_DECRYPT); - if(key_inited) - cipher_set_key(&encryption_key, encryption_keylen, text_key); - - asprintf(&which, IP_ADDR_S, IP_ADDR_V(cl->vpn_ip)); - if((pplen = read_passphrase(which, &meuk)) < 0) - return -1; - - if(memcmp(meuk, out, pplen)) - return -1; -cp - return 0; -} - -char *make_shared_key(char *pk) -{ - mpz_t tmp, res; - char *r; -cp - mpz_init_set_str(tmp, pk, 36); - mpz_init(res); - mpz_powm(res, tmp, my_private_key, shared_prime); - - r = mpz_get_str(NULL, 36, res); - - mpz_clear(res); - mpz_clear(tmp); -cp - return r; -} - -/* - free a key after overwriting it -*/ -void free_key(enc_key_t *k) -{ -cp - if(!k) - return; - if(k->key) - { - memset(k->key, (char)(-1), k->length); - free(k->key); - } - free(k); -cp -} - -void recalculate_encryption_keys(void) -{ - conn_list_t *p; - char *ek; -cp - for(p = conn_list; p != NULL; p = p->next) - { - if(!p->public_key || !p->public_key->key) - /* We haven't received a key from this host (yet). */ - continue; - ek = make_shared_key(p->public_key->key); - free_key(p->datakey); - p->datakey = xmalloc(sizeof(*p->datakey)); - p->datakey->length = strlen(ek); - p->datakey->expiry = p->public_key->expiry; - p->datakey->key = xmalloc(strlen(ek) + 1); - strcpy(p->datakey->key, ek); - } -cp -} - -void regenerate_keys(void) -{ -cp - generate_private_key(); - calculate_public_key(); - send_key_changed_all(); - recalculate_encryption_keys(); -cp -} diff --git a/src/encr.h b/src/encr.h deleted file mode 100644 index 3b3aead7..00000000 --- a/src/encr.h +++ /dev/null @@ -1,46 +0,0 @@ -/* - encr.h -- header for encr.c - Copyright (C) 1998,1999,2000 Ivo Timmermans - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: encr.h,v 1.2.4.2 2000/10/11 10:35:15 guus Exp $ -*/ - -#ifndef __TINC_ENCR_H__ -#define __TINC_ENCR_H__ - -#include "net.h" - -#define PRIVATE_KEY_BITS 128 -#define PRIVATE_KEY_LENGTH (PRIVATE_KEY_BITS >> 3) - -extern char *my_public_key_base36; -extern int my_key_expiry; - -extern int security_init(void); - -extern int send_portnumbers(int); -extern void set_shared_key(char *); -extern int send_passphrase(conn_list_t *); -extern int send_public_key(conn_list_t *); -extern int verify_passphrase(conn_list_t *, unsigned char *); -extern char *make_shared_key(char*); -extern void encrypt_passphrase(passphrase_t *pp); -extern void free_key(enc_key_t*); -extern void regenerate_keys(void); - -#endif /* __TINC_ENCR_H__ */ - diff --git a/src/net.c b/src/net.c index 480a1264..b52412d8 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.52 2000/10/29 02:07:40 guus Exp $ + $Id: net.c,v 1.35.4.53 2000/10/29 09:19:24 guus Exp $ */ #include "config.h" @@ -48,7 +48,6 @@ #include #include "conf.h" -#include "encr.h" #include "net.h" #include "netutl.h" #include "protocol.h" diff --git a/src/net.h b/src/net.h index b265122a..98366349 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.19 2000/10/29 01:27:23 guus Exp $ + $Id: net.h,v 1.9.4.20 2000/10/29 09:19:25 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -78,11 +78,6 @@ typedef struct vpn_packet_t { unsigned char data[MAXSIZE]; } vpn_packet_t; -typedef struct passphrase_t { - unsigned short len; - unsigned char *phrase; -} passphrase_t; - typedef struct queue_element_t { void *packet; struct queue_element_t *prev; diff --git a/src/netutl.c b/src/netutl.c index ff6114c2..b80473b1 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.13 2000/10/24 15:46:17 guus Exp $ + $Id: netutl.c,v 1.12.4.14 2000/10/29 09:19:25 guus Exp $ */ #include "config.h" @@ -35,7 +35,6 @@ #include "errno.h" #include "conf.h" -#include "encr.h" #include "net.h" #include "netutl.h" diff --git a/src/protocol.c b/src/protocol.c index 89e89fa9..50889b91 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.49 2000/10/29 01:08:09 guus Exp $ + $Id: protocol.c,v 1.28.4.50 2000/10/29 09:19:25 guus Exp $ */ #include "config.h" @@ -40,7 +40,6 @@ #include #include "conf.h" -#include "encr.h" #include "net.h" #include "netutl.h" #include "protocol.h" @@ -1068,18 +1067,21 @@ cp keylength = strlen(pktkey); -/* Don't do this... yet - if((keylength%2) || (keylength <= 0)) + if((keylength%2)!=0 || (keylength <= 0)) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), cl->name, cl->hostname, from->name); free(from_id); free(to_id); free(pktkey); return -1; } + + if(from->cipher_pktkey) + free(from->cipher_pktkey); + keylength /= 2; hex2bin(pktkey, pktkey, keylength); - BF_set_key(cl->cipher_pktkey, keylength, pktkey); -*/ + pktkey[keylength] = '\0'; + from->cipher_pktkey = pktkey; from->status.validkey = 1; from->status.waitingforkey = 0; diff --git a/src/tincd.c b/src/tincd.c index a220154b..75482357 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.18 2000/10/29 02:07:41 guus Exp $ + $Id: tincd.c,v 1.10.4.19 2000/10/29 09:19:27 guus Exp $ */ #include "config.h" @@ -44,7 +44,6 @@ #include #include "conf.h" -#include "encr.h" #include "net.h" #include "netutl.h" #include "protocol.h" @@ -252,7 +251,7 @@ int detach(void) if(pid) /* parent process */ { signal(SIGTERM, parent_exit); -// sleep(600); /* wait 10 minutes */ + sleep(600); /* wait 10 minutes */ exit(1); } } @@ -447,7 +446,7 @@ main(int argc, char **argv, char **envp) { main_loop(); cleanup_and_exit(1); - } + } syslog(LOG_ERR, _("Unrecoverable error")); cp_trace(); @@ -470,6 +469,7 @@ sigterm_handler(int a) { if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got TERM signal")); + cleanup_and_exit(0); } From cea3d8f3056d3c6aaaef473443240b8470c8ea2d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 29 Oct 2000 10:39:08 +0000 Subject: [PATCH 144/923] - Small fixes - Do proper key exchange - Encrypt packets - it works, but there is something wrong with the MAC header after decryption... --- src/net.c | 75 ++++++++++++++++++++++++++++++++++++++------------ src/protocol.c | 59 ++++++++++++++++++++------------------- 2 files changed, 87 insertions(+), 47 deletions(-) diff --git a/src/net.c b/src/net.c index b52412d8..e62bb8dc 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.53 2000/10/29 09:19:24 guus Exp $ + $Id: net.c,v 1.35.4.54 2000/10/29 10:39:06 guus Exp $ */ #include "config.h" @@ -39,6 +39,9 @@ #include #include #include +#include +#include +#include #ifdef HAVE_TUNTAP #include LINUX_IF_TUN_H @@ -67,6 +70,9 @@ int total_socket_out = 0; config_t *upstreamcfg; static int seconds_till_retry; +int keylifetime = 0; +int keyexpires = 0; + char *unknown = NULL; subnet_t mymac; @@ -101,19 +107,20 @@ int xsend(conn_list_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; int outlen, outpad; + EVP_CIPHER_CTX ctx; cp outpkt.len = inpkt->len; -/* - EVP_EncryptInit(cl->cipher_pktctx, cl->cipher_pkttype, cl->cipher_pktkey, NULL); - EVP_EncryptUpdate(cl->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); - EVP_EncryptFinal(cl->cipher_pktctx, outpkt.data + outlen, &outpad); + + EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey); + EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); + EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad); outlen += outpad + 2; - Do encryption when everything else is fixed... -*/ +/* Bypass outlen = outpkt.len + 2; memcpy(&outpkt, inpkt, outlen); - +*/ + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), outlen, cl->name, cl->hostname); @@ -136,18 +143,18 @@ int xrecv(vpn_packet_t *inpkt) { vpn_packet_t outpkt; int outlen, outpad; + EVP_CIPHER_CTX ctx; cp outpkt.len = inpkt->len; -/* - EVP_DecryptInit(myself->cipher_pktctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL); - EVP_DecryptUpdate(myself->cipher_pktctx, outpkt.data, &outlen, inpkt->data, inpkt->len); - EVP_DecryptFinal(myself->cipher_pktctx, outpkt.data + outlen, &outpad); + EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL); + EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); + EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad); outlen += outpad; - Do decryption is everything else is fixed... -*/ +/* Bypass outlen = outpkt.len+2; memcpy(&outpkt, inpkt, outlen); +*/ /* Fix mac address */ @@ -329,7 +336,7 @@ cp if(!cl->status.validkey) { -/* Don't queue until everything else is fixed. +/* FIXME: Don't queue until everything else is fixed. if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), cl->name, cl->hostname); @@ -342,7 +349,7 @@ cp if(!cl->status.active) { -/* Don't queue until everything else is fixed. +/* FIXME: Don't queue until everything else is fixed. if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), cl->name, cl->hostname); @@ -761,6 +768,22 @@ cp return -1; } + /* Generate packet encryption key */ + + myself->cipher_pkttype = EVP_bf_cbc(); + + myself->cipher_pktkey = (char *)xmalloc(64); + RAND_bytes(myself->cipher_pktkey, 64); + + if(!(cfg = get_config_val(config, keyexpire))) + keylifetime = 3600; + else + keylifetime = cfg->data.val; + + keyexpires = time(NULL) + keylifetime; + + /* Activate ourselves */ + myself->status.active = 1; syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port); @@ -1281,6 +1304,7 @@ void main_loop(void) struct timeval tv; int r; time_t last_ping_check; + int t; cp last_ping_check = time(NULL); @@ -1322,11 +1346,26 @@ cp continue; } - if(last_ping_check + timeout < time(NULL)) - /* Let's check if everybody is still alive */ + t = time(NULL); + + /* Let's check if everybody is still alive */ + + if(last_ping_check + timeout < t) { check_dead_connections(); last_ping_check = time(NULL); + + /* Should we regenerate our key? */ + + if(keyexpires < t) + { + if(debug_lvl >= DEBUG_STATUS) + syslog(LOG_INFO, _("Regenerating symmetric key")); + + RAND_bytes(myself->cipher_pktkey, 64); + send_key_changed(myself, NULL); + keyexpires = time(NULL) + keylifetime; + } } if(r > 0) diff --git a/src/protocol.c b/src/protocol.c index 50889b91..d9b10dfd 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.50 2000/10/29 09:19:25 guus Exp $ + $Id: protocol.c,v 1.28.4.51 2000/10/29 10:39:08 guus Exp $ */ #include "config.h" @@ -38,6 +38,7 @@ #include #include +#include #include "conf.h" #include "net.h" @@ -470,6 +471,7 @@ cp cl->allow_request = ALL; cl->status.active = 1; cl->nexthop = cl; + cl->cipher_pkttype = EVP_bf_cbc(); if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); @@ -992,6 +994,7 @@ int req_key_h(conn_list_t *cl) { char *from_id, *to_id; conn_list_t *from, *to; + char pktkey[129]; cp if(sscanf(cl->buffer, "%*d %as %as", &from_id, &to_id) != 2) { @@ -1012,7 +1015,9 @@ cp if(!strcmp(to_id, myself->name)) { - send_ans_key(myself, from, myself->cipher_pktkey); + bin2hex(myself->cipher_pktkey, pktkey, 64); + pktkey[128] = 0; + send_ans_key(myself, from, pktkey); } else { @@ -1059,46 +1064,42 @@ cp return -1; } - /* Check if this key request is for us */ + /* Update origin's packet key */ - if(!strcmp(to_id, myself->name)) + keylength = strlen(pktkey); + + if((keylength%2)!=0 || (keylength <= 0)) { - /* It is for us, convert it to binary and set the key with it. */ - - keylength = strlen(pktkey); - - if((keylength%2)!=0 || (keylength <= 0)) - { - syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), - cl->name, cl->hostname, from->name); - free(from_id); free(to_id); free(pktkey); - return -1; - } - - if(from->cipher_pktkey) - free(from->cipher_pktkey); - - keylength /= 2; - hex2bin(pktkey, pktkey, keylength); - pktkey[keylength] = '\0'; - from->cipher_pktkey = pktkey; - - from->status.validkey = 1; - from->status.waitingforkey = 0; + syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), + cl->name, cl->hostname, from->name); + free(from_id); free(to_id); free(pktkey); + return -1; } - else + + if(from->cipher_pktkey) + free(from->cipher_pktkey); + + keylength /= 2; + hex2bin(pktkey, pktkey, keylength); + pktkey[keylength] = '\0'; + from->cipher_pktkey = pktkey; + + from->status.validkey = 1; + from->status.waitingforkey = 0; + + if(strcmp(to_id, myself->name)) { if(!(to = lookup_id(to_id))) { syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) destination %s which does not exist in our connection list"), cl->name, cl->hostname, to_id); - free(from_id); free(to_id); free(pktkey); + free(from_id); free(to_id); return -1; } send_ans_key(from, to, pktkey); } - free(from_id); free(to_id); free(pktkey); + free(from_id); free(to_id); cp return 0; } From ec12269355f7979fdc0783dc15d109832f1e83cd Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 29 Oct 2000 22:10:44 +0000 Subject: [PATCH 145/923] - Use CFB mode for encrypting packets: it works and we don't need padding. --- src/connlist.h | 6 +++--- src/net.c | 37 ++++++++++++++++++++++++------------- src/protocol.c | 23 ++++++++++++++++------- src/tincd.c | 10 +++++----- 4 files changed, 48 insertions(+), 28 deletions(-) diff --git a/src/connlist.h b/src/connlist.h index d3b2ce30..d993c840 100644 --- a/src/connlist.h +++ b/src/connlist.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.h,v 1.1.2.7 2000/10/29 01:27:23 guus Exp $ + $Id: connlist.h,v 1.1.2.8 2000/10/29 22:10:41 guus Exp $ */ #ifndef __TINC_CONNLIST_H__ @@ -70,9 +70,9 @@ typedef struct conn_list_t { EVP_CIPHER_CTX *cipher_inctx; /* Context of encrypted meta data that will come from him to us */ EVP_CIPHER_CTX *cipher_outctx; /* Context of encrypted meta data that will be sent from us to him */ - EVP_CIPHER_CTX *cipher_pktctx; /* Context of encrypted vpn packets that will be sent to him */ EVP_CIPHER *cipher_pkttype; /* Cipher type for encrypted vpn packets */ - char *cipher_pktkey; /* Cipher key */ + char *cipher_pktkey; /* Cipher key and iv */ + int cipher_pktkeylength; /* Cipher key and iv length*/ char *buffer; /* metadata input buffer */ int buflen; /* bytes read into buffer */ diff --git a/src/net.c b/src/net.c index e62bb8dc..5450b9ae 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.54 2000/10/29 10:39:06 guus Exp $ + $Id: net.c,v 1.35.4.55 2000/10/29 22:10:42 guus Exp $ */ #include "config.h" @@ -111,7 +111,9 @@ int xsend(conn_list_t *cl, vpn_packet_t *inpkt) cp outpkt.len = inpkt->len; - EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey); + /* Encrypt the packet */ + + EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad); outlen += outpad + 2; @@ -146,8 +148,11 @@ int xrecv(vpn_packet_t *inpkt) EVP_CIPHER_CTX ctx; cp outpkt.len = inpkt->len; - EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, NULL); - EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); + + /* Decrypt the packet */ + + EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len); + EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8); EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad); outlen += outpad; @@ -156,6 +161,10 @@ cp memcpy(&outpkt, inpkt, outlen); */ + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, _("Writing packet of %d (%d) bytes to tap device"), + outpkt.len, outlen); + /* Fix mac address */ memcpy(outpkt.data, mymac.net.mac.address.x, 6); @@ -770,10 +779,12 @@ cp /* Generate packet encryption key */ - myself->cipher_pkttype = EVP_bf_cbc(); + myself->cipher_pkttype = EVP_bf_cfb(); - myself->cipher_pktkey = (char *)xmalloc(64); - RAND_bytes(myself->cipher_pktkey, 64); + myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len; + + myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength); + RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); if(!(cfg = get_config_val(config, keyexpire))) keylifetime = 3600; @@ -1041,6 +1052,7 @@ int handle_incoming_vpn_data() vpn_packet_t pkt; int x, l = sizeof(x); struct sockaddr from; + int lenin; socklen_t fromlen = sizeof(from); cp if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) @@ -1055,18 +1067,17 @@ cp return -1; } - if(recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen) <= 0) + if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen)) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); return -1; } -/* + if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_DEBUG, _("Received packet of %d bytes from %d.%d.%d.%d"), pkt.len, - from.sa_addr[0], from.sa_addr[1], from.sa_addr[2], from.sa_addr[3]); + syslog(LOG_DEBUG, _("Received packet of %d bytes"), lenin); } -*/ + cp return xrecv(&pkt); } @@ -1362,7 +1373,7 @@ cp if(debug_lvl >= DEBUG_STATUS) syslog(LOG_INFO, _("Regenerating symmetric key")); - RAND_bytes(myself->cipher_pktkey, 64); + RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); send_key_changed(myself, NULL); keyexpires = time(NULL) + keylifetime; } diff --git a/src/protocol.c b/src/protocol.c index d9b10dfd..d3b34c98 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.51 2000/10/29 10:39:08 guus Exp $ + $Id: protocol.c,v 1.28.4.52 2000/10/29 22:10:43 guus Exp $ */ #include "config.h" @@ -471,7 +471,8 @@ cp cl->allow_request = ALL; cl->status.active = 1; cl->nexthop = cl; - cl->cipher_pkttype = EVP_bf_cbc(); + cl->cipher_pkttype = EVP_bf_cfb(); + cl->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); @@ -1015,8 +1016,8 @@ cp if(!strcmp(to_id, myself->name)) { - bin2hex(myself->cipher_pktkey, pktkey, 64); - pktkey[128] = 0; + bin2hex(myself->cipher_pktkey, pktkey, myself->cipher_pktkeylength); + pktkey[myself->cipher_pktkeylength*2] = '\0'; send_ans_key(myself, from, pktkey); } else @@ -1028,7 +1029,15 @@ cp free(from_id); free(to_id); return -1; } - send_req_key(from, to); + + if(to->status.validkey) /* Proxy keys */ + { + bin2hex(to->cipher_pktkey, pktkey, to->cipher_pktkeylength); + pktkey[to->cipher_pktkeylength*2] = '\0'; + send_ans_key(to, from, pktkey); + } + else + send_req_key(from, to); } free(from_id); free(to_id); @@ -1068,9 +1077,9 @@ cp keylength = strlen(pktkey); - if((keylength%2)!=0 || (keylength <= 0)) + if(keylength != from->cipher_pktkeylength*2) { - syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key"), + syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key length"), cl->name, cl->hostname, from->name); free(from_id); free(to_id); free(pktkey); return -1; diff --git a/src/tincd.c b/src/tincd.c index 75482357..2e607b67 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.19 2000/10/29 09:19:27 guus Exp $ + $Id: tincd.c,v 1.10.4.20 2000/10/29 22:10:44 guus Exp $ */ #include "config.h" @@ -33,6 +33,7 @@ #include #include #include +#include #include #ifdef HAVE_SYS_IOCTL_H @@ -436,10 +437,9 @@ main(int argc, char **argv, char **envp) if(detach()) exit(0); -/* FIXME: wt* is this suppose to do? - if(security_init()) - return 1; -*/ + if(debug_lvl >= DEBUG_ERROR) + ERR_load_crypto_strings(); + for(;;) { if(!setup_network_connections()) From b7d4d4c17712e0bb9ee8bd497a2f525b79d5f40d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 29 Oct 2000 22:55:15 +0000 Subject: [PATCH 146/923] - Finishing touch: encrypt the meta connections --- src/connlist.h | 4 +- src/meta.c | 17 +++--- src/protocol.c | 145 +++++++++++++++++++++++++++++++++++++++++++++---- src/protocol.h | 5 +- src/tincd.c | 9 +-- 5 files changed, 152 insertions(+), 28 deletions(-) diff --git a/src/connlist.h b/src/connlist.h index d993c840..69bef9ee 100644 --- a/src/connlist.h +++ b/src/connlist.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.h,v 1.1.2.8 2000/10/29 22:10:41 guus Exp $ + $Id: connlist.h,v 1.1.2.9 2000/10/29 22:55:14 guus Exp $ */ #ifndef __TINC_CONNLIST_H__ @@ -69,6 +69,8 @@ typedef struct conn_list_t { EVP_CIPHER_CTX *cipher_inctx; /* Context of encrypted meta data that will come from him to us */ EVP_CIPHER_CTX *cipher_outctx; /* Context of encrypted meta data that will be sent from us to him */ + char *cipher_inkey; /* His symmetric meta key */ + char *cipher_outkey; /* Our symmetric meta key */ EVP_CIPHER *cipher_pkttype; /* Cipher type for encrypted vpn packets */ char *cipher_pktkey; /* Cipher key and iv */ diff --git a/src/meta.c b/src/meta.c index 5774bb93..6b2a8e2b 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.7 2000/10/29 00:02:18 guus Exp $ + $Id: meta.c,v 1.1.2.8 2000/10/29 22:55:14 guus Exp $ */ #include "config.h" @@ -46,15 +46,15 @@ cp cl->name, cl->hostname, buffer); buffer[length-1]='\n'; -/* + if(cl->status.encryptout) { EVP_EncryptUpdate(cl->cipher_outctx, outbuf, &outlen, buffer, length); bufp = outbuf; + length = outlen; } else -*/ - bufp = buffer; + bufp = buffer; if(write(cl->meta_socket, bufp, length) < 0) { @@ -96,11 +96,10 @@ cp cl->name, cl->hostname, strerror(x)); return -1; } -/* + if(cl->status.decryptin) bufp = inbuf; else -*/ bufp = cl->buffer + cl->buflen; lenin = read(cl->meta_socket, bufp, MAXBUFSIZE - cl->buflen); @@ -120,12 +119,12 @@ cp cl->name, cl->hostname); return -1; } -/* + if(cl->status.decryptin) { - EVP_DecryptUpdate(cl->cipher_inctx, cl->buffer + cl->buflen, NULL, inbuf, lenin); + EVP_DecryptUpdate(cl->cipher_inctx, cl->buffer + cl->buflen, &lenin, inbuf, lenin); } -*/ + oldlen = cl->buflen; cl->buflen += lenin; diff --git a/src/protocol.c b/src/protocol.c index d3b34c98..40acfbb2 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.52 2000/10/29 22:10:43 guus Exp $ + $Id: protocol.c,v 1.28.4.53 2000/10/29 22:55:14 guus Exp $ */ #include "config.h" @@ -145,8 +145,8 @@ cp send_challenge(R) send_chal_reply(H) --------------------------------------- - Any negotations about the meta protocol - encryption go here(u). + send_metakey(R) + send_metakey(R) --------------------------------------- send_ack(u) send_ack(u) @@ -256,10 +256,6 @@ cp cl->hischallenge = xmalloc(len); cp - /* Seed the PRNG with urandom (can't afford to block) */ - - RAND_load_file("/dev/urandom", 1024); - /* Copy random data to the buffer */ RAND_bytes(cl->hischallenge, len); @@ -374,7 +370,7 @@ cp if(cl->status.outgoing) cl->allow_request = ID; else - cl->allow_request = ACK; + cl->allow_request = METAKEY; cp return send_request(cl, "%d %s", CHAL_REPLY, hash); @@ -433,18 +429,142 @@ cp */ cp if(cl->status.outgoing) - return send_ack(cl); + return send_metakey(cl); else return send_id(cl); } +int send_metakey(conn_list_t *cl) +{ + char *buffer; + int len, x; +cp + len = RSA_size(cl->rsa_key); + + /* Allocate buffers for the meta key */ + + buffer = xmalloc(len*2+1); + + if(!cl->cipher_outkey) + cl->cipher_outkey = xmalloc(len); + + if(!cl->cipher_outctx) + cl->cipher_outctx = xmalloc(sizeof(*cl->cipher_outctx)); +cp + /* Copy random data to the buffer */ + + RAND_bytes(cl->cipher_outkey, len); + + cl->cipher_outkey[0] &= 0x7F; /* FIXME: Somehow if the first byte is more than 0xD0 or something like that, decryption fails... */ + + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(cl->cipher_outkey, buffer, len); + buffer[len*2] = '\0'; + syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer); + } + + /* Encrypt the random data */ + + if(RSA_public_encrypt(len, cl->cipher_outkey, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */ + { + syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), cl->name, cl->hostname); + free(buffer); + return -1; + } +cp + /* Convert the encrypted random data to a hexadecimal formatted string */ + + bin2hex(buffer, buffer, len); + buffer[len*2] = '\0'; + + /* Send the meta key */ + + if(cl->status.outgoing) + cl->allow_request = METAKEY; + else + cl->allow_request = ACK; + + x = send_request(cl, "%d %s", METAKEY, buffer); + free(buffer); + + EVP_EncryptInit(cl->cipher_outctx, EVP_bf_cfb(), cl->cipher_outkey, cl->cipher_outkey + EVP_bf_cfb()->key_len); +cp + return x; +} + +int metakey_h(conn_list_t *cl) +{ + char *buffer; + int len; +cp + if(sscanf(cl->buffer, "%*d %as", &buffer) != 1) + { + syslog(LOG_ERR, _("Got bad METAKEY from %s (%s)"), cl->name, cl->hostname); + return -1; + } + + len = RSA_size(myself->rsa_key); + + /* Check if the length of the meta key is all right */ + + if(strlen(buffer) != len*2) + { + syslog(LOG_ERR, _("Intruder: wrong meta key length from %s (%s)"), cl->name, cl->hostname); + free(buffer); + return -1; + } + + /* Allocate buffers for the meta key */ + + if(!cl->cipher_inkey) + cl->cipher_inkey = xmalloc(len); + + if(!cl->cipher_inctx) + cl->cipher_inctx = xmalloc(sizeof(*cl->cipher_inctx)); + + /* Convert the challenge from hexadecimal back to binary */ + + hex2bin(buffer,buffer,len); + + /* Decrypt the meta key */ + + if(RSA_private_decrypt(len, buffer, cl->cipher_inkey, myself->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ + { + syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), cl->name, cl->hostname); + free(buffer); + return -1; + } + + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(cl->cipher_inkey, buffer, len); + buffer[len*2] = '\0'; + syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); + } + + free(buffer); + + EVP_DecryptInit(cl->cipher_inctx, EVP_bf_cfb(), cl->cipher_inkey, cl->cipher_inkey + EVP_bf_cfb()->key_len); + +cp + if(cl->status.outgoing) + return send_ack(cl); + else + return send_metakey(cl); +} + int send_ack(conn_list_t *cl) { + int x; cp if(cl->status.outgoing) cl->allow_request = ACK; + + x = send_request(cl, "%d", ACK); + cl->status.encryptout = 1; cp - return send_request(cl, "%d", ACK); + return x; } int ack_h(conn_list_t *cl) @@ -470,6 +590,7 @@ cp cl->allow_request = ALL; cl->status.active = 1; + cl->status.decryptin = 1; cl->nexthop = cl; cl->cipher_pkttype = EVP_bf_cfb(); cl->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; @@ -1116,7 +1237,7 @@ cp /* Jumptable for the request handlers */ int (*request_handlers[])(conn_list_t*) = { - id_h, challenge_h, chal_reply_h, ack_h, + id_h, challenge_h, chal_reply_h, metakey_h, ack_h, status_h, error_h, termreq_h, ping_h, pong_h, add_host_h, del_host_h, @@ -1127,7 +1248,7 @@ int (*request_handlers[])(conn_list_t*) = { /* Request names */ char (*request_name[]) = { - "ID", "CHALLENGE", "CHAL_REPLY", "ACK", + "ID", "CHALLENGE", "CHAL_REPLY", "METAKEY", "ACK", "STATUS", "ERROR", "TERMREQ", "PING", "PONG", "ADD_HOST", "DEL_HOST", diff --git a/src/protocol.h b/src/protocol.h index 682f76a0..91c0cfba 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.13 2000/10/28 21:05:20 guus Exp $ + $Id: protocol.h,v 1.5.4.14 2000/10/29 22:55:15 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -36,7 +36,7 @@ enum { ALL = -1, /* Guardian for allow_request */ - ID = 0, CHALLENGE, CHAL_REPLY, ACK, + ID = 0, CHALLENGE, CHAL_REPLY, METAKEY, ACK, STATUS, ERROR, TERMREQ, PING, PONG, ADD_HOST, DEL_HOST, @@ -50,6 +50,7 @@ extern int (*request_handlers[])(conn_list_t*); extern int send_id(conn_list_t*); extern int send_challenge(conn_list_t*); extern int send_chal_reply(conn_list_t*); +extern int send_metakey(conn_list_t*); extern int send_ack(conn_list_t*); extern int send_status(conn_list_t*, int, char*); extern int send_error(conn_list_t*, int, char*); diff --git a/src/tincd.c b/src/tincd.c index 2e607b67..ba17b30f 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.20 2000/10/29 22:10:44 guus Exp $ + $Id: tincd.c,v 1.10.4.21 2000/10/29 22:55:15 guus Exp $ */ #include "config.h" @@ -205,9 +205,6 @@ int keygen(int bits) { RSA *rsa_key; - fprintf(stderr, _("Seeding the PRNG: please press some keys or move\nthe mouse if this program seems to have halted...\n")); - RAND_load_file("/dev/random", 1024); /* OpenSSL PRNG state apparently uses 1024 bytes, but it seems pretty sufficient anyway :) */ - fprintf(stderr, _("Generating %d bits keys:\n"), bits); rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL); if(!rsa_key) @@ -423,6 +420,10 @@ main(int argc, char **argv, char **envp) make_names(); + /* Slllluuuuuuurrrrp! */ + + RAND_load_file("/dev/urandom", 1024); + if(generate_keys) exit(keygen(generate_keys)); From 4811afa073c871f2a52dfd5139bd0171046365eb Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 30 Oct 2000 00:22:54 +0000 Subject: [PATCH 147/923] - Small cleanups - Updated dutch translation - Updated man pages --- doc/tinc.conf.5 | 170 ++++++++++++---------- doc/tincd.8 | 52 ++++--- po/es.po | 356 ++++++++++++++++++++++++---------------------- po/nl.po | 365 ++++++++++++++++++++++++++---------------------- src/net.c | 4 +- src/tincd.c | 23 ++- 6 files changed, 525 insertions(+), 445 deletions(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 42d9cf28..930bb060 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -30,18 +30,26 @@ But it is highly recommended that you use this feature of tinc, because it will be so much clearer whom your daemon talks to. Hence, we will assume that you use it. .PP -.SH "PASSPHRASES" -You should use the \fBgenauth\fR(8) program to generate passphrases. -with, it accepts a single parameter, which is the number of bits the -passphrase should be. Its output should be stored in -\fI/etc/tinc/\fBnn\fI/passphrases/local\fR \-\- where \fBnn\fR stands -for the network (See under \fBNETWORKS\fR) above. +.SH "NAMES" +Each tinc daemon should have a name that is unique in the network which +it will be part of. The name will be used by other tinc daemons for +identification. The name has to be declared in the +\fI/etc/tinc/\fBnn\fI/tinc.conf\fR file. -Please see the manpage for \fBgenauth\fR to learn more about setting -up an authentication scheme. +To make things easy, choose something that will give unique names to +your tinc daemon(s): hostnames, owner surnames, location. .PP -.SH "CONFIGURATION" -The actual configuration of the daemon is done in the file +.SH "PUBLIC/PRIVATE KEYS" +You should use \fBtincd --generate-keys\fR to generate public/private +keypairs. It will generate two keys. The line containing the private +key should be completely copied to \fI/etc/tinc/\fBnn\fI/tinc.conf\fR +\-\- where \fBnn\fR stands for the network (See under \fBNETWORKS\fR) +above. The line containing the public key should be completely copied +to \fI/etc/tinc/\fBnn\fI/hosts/\fBname\fR \-\- where \fBname\fR stands +for the name of the tinc daemon (See \fBNAMES\fR). +.PP +.SH "SERVER CONFIGURATION" +The server configuration of the daemon is done in the file \fI/etc/tinc/\fBnn\fI/tincd.conf\fR. This file consists of comments (lines started with a \fB#\fR) or @@ -57,27 +65,18 @@ required that you put in the \fB=\fR sign, but doing so improves readability. If you leave it out, remember to replace it with at least one space character. .PP -.SH "VARIABLES" -.PP Here are all valid variables, listed in alphabetical order. The default value, required or optional is given between parentheses. .TP -\fBConnectPort\fR = <\fIport\fR> (655) -Connect to the upstream host (given with the \fBConnectTo\fR directive) on -port \fIport\fR. port may be given in decimal (default), octal (when preceded -by a single zero) or hexadecimal (prefixed with 0x). \fIport\fR is the port -number for both the UDP and the TCP (meta) connections. -.TP -\fBConnectTo\fR = <\fIIP address|hostname\fR> (optional) +\fBConnectTo\fR = <\fIname\fR> (optional) Specifies which host to connect to on startup. Multiple \fBConnectTo\fR variables may be specified, if connecting to the first one fails then tinc will try -the next one, and so on. It is possible to specify hostnames for dynamic IP -addresses (like those given on dyndns.org), tinc will not cache the resolved -IP address. +the next one, and so on. The names should be known to this tinc daemon +(i.e., there should be a host configuration file for the name on the ConnectTo +line). -If you don't specify a host with \fBConnectTo\fR, regardless of whether a -value for \fBConnectPort\fR is given, tinc won't connect at all, and will -instead just listen for incoming connections. +If you don't specify a host with \fBConnectTo\fR, tinc won't connect at all, +and will instead just listen for incoming connections. .TP \fBHostnames\fR = <\fIyes|no\fR> (no) This option selects whether IP addresses (both real and on the VPN) should @@ -85,15 +84,8 @@ be resolved. Since DNS lookups are blocking, it might affect tinc's efficiency, even stopping the daemon for a few seconds everytime it does a lookup if your DNS server is not responding. -This does not affect resolving hostnames to IP addresses from the configuration -file. -.TP -\fBIndirectData\fR = <\fIyes|no\fR> (no) -This option specifies whether other tinc daemons besides the one you -specified with \fBConnectTo\fR can make a direct connection to you. This is -especially useful if you are behind a firewall and it is impossible -to make a connection from the outside to your tinc daemon. Otherwise, -it is best to leave this option out or set it to no. +This does not affect resolving hostnames to IP addresses from the +host configuration files. .TP \fBInterface\fR = <\fIdevice\fR> (optional) If you have more than one network interface in your computer, tinc will by @@ -113,30 +105,9 @@ are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, even though it is thought to be nearly impossible to crack a single key. .TP -\fBListenPort\fR = <\fIport\fR> (655) -Listen on local port \fIport\fR. The computer connecting to this daemon should -use this number as the argument for his \fBConnectPort\fR. -.TP -\fBMyOwnVPNIP\fR = <\fIlocal address[/maskbits]\fR> (required) -The \fIlocal address\fR is the number that the daemon will propagate to -other daemons on the network when it is identifying itself. Hence this -will be the file name of the passphrase file that the other end expects -to find the passphrase in. - -The local address is the IP address of the tap device, not the real IP -address of the host running tincd. Due to changes in recent kernels, it -is also necessary that you make the ethernet (also known as MAC) address -equal to the IP address (see the example). - -\fImaskbits\fR is the number of bits set to 1 in the netmask part. -.TP -\fBMyVirtualIP\fR = <\fIlocal address[/maskbits]> -This is an alias for \fBMyOwnVPNIP\fR. -.TP -\fBPassphrases\fR = <\fIdirectory\fR> (/etc/tinc/NETNAME/passphrases) -The directory where tinc will look for passphrases when someone tries to -connect. Please see the manpage for genauth(8) for more information -about passphrases as used by tinc. +\fBName\fR = <\fIname\fR> (required) +This is the name which identifies this tinc daemon. It must be unique for +the virtual private network this daemon will connect to. .TP \fBPingTimeout\fR = <\fIseconds\fR> (5) The number of seconds of inactivity that tinc will wait before sending a @@ -144,40 +115,85 @@ probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. .TP +\fBPrivateKey\fR = <\fIkey\fR> (required) +The private RSA key of this tinc daemon. It will allow this tinc daemon to +authenticate itself to other daemons. +.TP \fBTapDevice\fR = <\fIdevice\fR> (/dev/tap0) -The ethertap device to use. Note that you can only use one device per +The ethertap or tun/tap device to use. tinc will automatically detect what +kind of tapdevice it is. +Note that you can only use one device per daemon. The info pages of the tinc package contain more information about configuring an ethertap device for Linux. -.TP -\fBTCPonly\fR = <\fIyes|no\fR> (no, experimental) -If this variable is set to yes, then the packets are tunnelled over a TCP -connection instead of a UDP connection. This is especially useful for those -who want to run a tinc daemon from behind a masquerading firewall, or if -UDP packet routing is disabled somehow. This is experimental code, -try this at your own risk. -.TP -\fBVpnMask\fR = <\fImask\fR> (optional) -The mask that defines the scope of the entire VPN. This option is not used -by the tinc daemon itself, but can be used by startup scripts to configure -the ethertap devices correctly. .PP +.SH "HOST CONFIGURATION FILES" +The host configuration files contain all information needed to establish a +connection to those hosts. A host configuration file is also required for the +local tinc daemon, it will use it to read in it's listen port, public key and +subnets. + +The idea is that these files are ``portable''. You can safely mail your own host +configuration file to someone else. That other person can then copy it to his +own hosts directory, and now his tinc daemon will be able to connect to your +tinc daemon. Since host configuration files only contain public keys, no secrets +are revealed by sending out this information. +.PP +.TP +\fBAddress\fR = <\fIIP address\fR> (required) +The real address or hostname of this tinc daemon. +.TP +\fBPort\fR = <\fIport number\fR> (655) +The port on which this tinc daemon is listening for incoming connections. +.TP +\fBPublicKey\fR = <\fIkey\fR> (required) +The public RSA key of this tinc daemon. It will be used to cryptographically +verify it's identity and to set up a secure connection. +.TP +\fBSubnet\fR = <\fIaddress/masklength\fR> (optional) +The subnet which this tinc daemon will serve. tinc tries to look up which other +daemon it should send a packet to by searching the appropiate subnet. If the +packet matches a subnet, it will be sent to the daemon who has this subnet in his +host configuration file. Multiple subnet lines can be specified. + +At the moment, this directive is only used in the host configuration file of +the local tinc daemon itself. In upcoming versions of tinc, it will be possible to +restrict other hosts in which subnets they server. + +The subnets must be in a form like \fI192.168.1.0/24\fR, where 192.168.1.0 is the +network address and 24 is the number of bits set in the netmask. Note that subnets +like \fI192.168.1.1/24\fR are invalid! Read a networking howto/FAQ/guide if you +don't understand this. .SH "FILES" .TP \fI/etc/tinc/\fR The top directory for configuration files. .TP -\fI/etc/tinc/\fBnn\fI/tincd.conf\fR -The default name of the configuration file for net +\fI/etc/tinc/\fBnn\fI/tinc.conf\fR +The default name of the server configuration file for net \fBnn\fR. .TP -\fI/etc/tinc/\fBnn\fI/passphrases/\fR -Passphrases are kept in this directory. (See the section -\fBPASSPHRASES\fR above). +\fI/etc/tinc/\fBnn\fI/hosts/\fR +Host configuration files are kept in this directory. +.TP +\fI/etc/tinc/\fBnn\fI/tinc-up\fR +If an executable file with this name exists, it will be executed +right after the tinc daemon has connected to the tap device. It can +be used to ifconfig the network interface. + +If the tapdevice is a tun/tap device, the evironment variable +\fB$IFNAME\fR will be set to the name of the network interface. +.TP +\fI/etc/tinc/\fBnn\fI/tinc-down\fR +If an executable file with this name exists, it will be executed +right before the tinc daemon is going to close it's connection to the +tap device. .PP .SH "SEE ALSO" -\fBtincd\fR(8), \fBgenauth\fR(8) +\fBtincd\fR(8) .TP \fBhttp://tinc.nl.linux.org/\fR +.TP +\fBhttp://www.kernelnotes.org/guides/NAG/\fR .PP The full documentation for .B tinc diff --git a/doc/tincd.8 b/doc/tincd.8 index 573531eb..648c5de2 100644 --- a/doc/tincd.8 +++ b/doc/tincd.8 @@ -9,24 +9,25 @@ tinc \- tinc VPN daemon This is the daemon of tinc, a secure virtual private network (VPN) project. When started, tincd will read -it's configuration file to determine what virtual subnet +it's configuration file to determine what virtual subnets it has to serve and to what other tinc daemons it should connect. -It will connect to the ethertap device and set up a socket for incomming -connections. +It will connect to the ethertap or tun/tap device and set up a socket +for incomming connections. If that succeeds, it will detach from the controlling terminal and continue in the background, accepting and setting up connections to other tinc daemons that are part of the virtual private network. .SH OPTIONS .TP -\fB\-c\fR, \fB\-\-config\fR=\fIFILE\fR -Read configuration options from FILE. +\fB\-c\fR, \fB\-\-config\fR=\fIDIR\fR +Read configuration options from DIR. .TP \fB\-D\fR, \fB\-\-no\-detach\fR -Don't fork and detach. +Don't fork and detach. This will also disable the automatic +restart mechanism for fatal errors. .TP \fB\-d\fR -Increase debug level. +Increase debug level (see below). .TP \fB\-k\fR, \fB\-\-kill\fR Attempt to kill a running tincd and exit. @@ -34,11 +35,12 @@ Attempt to kill a running tincd and exit. \fB\-n\fR, \fB\-\-net\fR=\fINETNAME\fR Connect to net NETNAME. .TP -\fB\-t\fR, \fB\-\-timeout\fR=\fITIMEOUT\fR -Seconds to wait before giving a timeout. +\fB\-K\fR, \fB\-\-generate-key\fR[=\fIBITS]\fR +Generate public/private RSA keypair and exit. If BITS is omitted, +the default length will be 1024 bits. .TP \fB\-\-help\fR -Display this help and exit. +Display short list of options. .TP \fB\-\-version\fR Output version information and exit. @@ -55,7 +57,7 @@ Closes all connections and quits. Dumps the connection list to syslog. .TP \fBUSR2\fR -Invalidates the current cryptographic key and generates a new one. +Dumps the subnet list to syslog. .TP \fBALRM\fR Forces tincd to try to connect to an uplink immediately. Usually tincd attempts @@ -75,24 +77,28 @@ It will also any serious error. \fB\-d\fR This will log all connections that are made with other tinc daemons. .TP -\fB\-d \-d\fR +\fB\-dd\fR +This will log status and error messages from other tinc daemons. +.TP +\fB\-ddd\fR This will log all requests that are exchanged with other tinc daemons. These include authentication, key exchange and connection list updates. .TP -\fB\-d \-d \-d\fR +\fB\-dddd\fR This will log a copy of everything received on the meta socket. .TP -\fB\-d \-d \-d \-d\fR -This will log all packets that are sent over the virtual private network. +\fB\-ddddd\fR +This will log all network traffic over the virtual private network. .PP .SH "FILES" .TP \fI/etc/tinc//tinc.conf\fR -The configuration file for tincd. +The configuration file for tincd. This should also contain the private RSA key. .TP -\fI/etc/tinc//passphrases/*\fR -The directory containing the secret passphrases -used to authenticate other tinc daemons. +\fI/etc/tinc//hosts/*\fR +The directory containing the host configuration files +used to authenticate other tinc daemons. They contain +the public RSA keys of other hosts. .PP .SH "BUGS" Maintaining a connection list on each tinc daemon that can connect and disconnect at any @@ -100,13 +106,15 @@ moment, and making sure that all connections satisfy the tree property isn't eas we have done a lot to make sure tinc is sturdy and foolproof, it might happen that some connection lists get corrupted. .PP +\fBThe cryptography in tinc is not well tested yet. Use it at your own risk!\fR +.PP If you find any bugs, report them to tinc@nl.linux.org. .PP .SH "TODO" -A lot. If something you would like to see is not implemented, just ask; we most certainly will. +A lot, especially security auditting. .PP .SH "SEE ALSO" -\fBtinc.conf\fR(5), \fBgenauth\fR(8) +\fBtinc.conf\fR(5) .TP \fBhttp://tinc.nl.linux.org/\fR .TP @@ -127,8 +135,6 @@ should give you access to the complete manual. tinc comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions; see the file COPYING for details. -.PP -This product includes software developed by Eric Young (eay@mincom.oz.au) .SH "AUTHORS" .na .nf diff --git a/po/es.po b/po/es.po index b54fbd98..7755e87c 100644 --- a/po/es.po +++ b/po/es.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre2\n" -"POT-Creation-Date: 2000-10-29 02:49+0100\n" +"POT-Creation-Date: 2000-10-30 01:16+0100\n" "PO-Revision-Date: 2000-07-02 12:49+01:00\n" "Last-Translator: Enrique Zanardi \n" "Language-Team: Spanish \n" @@ -48,7 +48,7 @@ msgstr "Enviados %d bytes a %lx" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Error enviando datos: %m" -#: src/meta.c:89 src/net.c:940 +#: src/meta.c:89 src/net.c:974 #, fuzzy, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Esto es un `bug': %s:%d: %d:%m" @@ -58,332 +58,347 @@ msgstr "Esto es un `bug': %s:%d: %d:%m" msgid "Metadata socket error for %s (%s): %s" msgstr "Error en el `socket' de metadatos: %s" -#: src/meta.c:115 +#: src/meta.c:114 #, fuzzy, c-format msgid "Connection closed by %s (%s)" msgstr "Conexión desde %s:%d" -#: src/meta.c:119 +#: src/meta.c:118 #, fuzzy, c-format msgid "Metadata socket read error for %s (%s): %m" msgstr "Error de lectura del `socket' de metadatos: %m" -#: src/meta.c:149 +#: src/meta.c:148 #, fuzzy, c-format msgid "Got request from %s (%s): %s" msgstr "Petición desconocida: %s" -#: src/meta.c:167 +#: src/meta.c:166 #, fuzzy, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Desbordamiento del búfer de lectura de metadatos" -#: src/net.c:119 +#: src/net.c:127 #, fuzzy, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Enviados %d bytes a %lx" -#: src/net.c:128 +#: src/net.c:136 #, fuzzy, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Error enviando datos: %m" -#: src/net.c:160 +#: src/net.c:165 +#, fuzzy, c-format +msgid "Writing packet of %d bytes to tap device" +msgstr "Enviados %d bytes a %lx" + +#: src/net.c:175 #, fuzzy, c-format msgid "Can't write to tun/tap device: %m" msgstr "No puedo escribir en el dispositivo tap: %m" -#: src/net.c:167 +#: src/net.c:182 #, fuzzy, c-format msgid "Can't write to ethertap device: %m" msgstr "No puedo escribir en el dispositivo tap: %m" -#: src/net.c:268 +#: src/net.c:283 #, fuzzy msgid "Queue flushed" msgstr "cola vaciada" -#: src/net.c:283 +#: src/net.c:298 #, fuzzy, c-format msgid "Flushing send queue for %s (%s)" msgstr "Vaciando la cola de envíos para " -#: src/net.c:291 +#: src/net.c:306 #, fuzzy, c-format msgid "Flushing receive queue for %s (%s)" msgstr "Vaciando la cola de recepción para " -#: src/net.c:310 +#: src/net.c:325 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "" -#: src/net.c:326 +#: src/net.c:341 #, fuzzy, c-format msgid "Could not open UDP connection to %s (%s)" msgstr "No pude abrir %s: %s\n" -#: src/net.c:383 +#: src/net.c:398 #, c-format msgid "Could not open %s: %m" msgstr "No pude abrir %s: %m" -#: src/net.c:410 +#: src/net.c:425 #, c-format msgid "%s is a new style tun/tap device" msgstr "" -#: src/net.c:439 +#: src/net.c:454 #, c-format msgid "Creating metasocket failed: %m" msgstr "Fallo al crear el metasocket: %m" -#: src/net.c:445 src/net.c:451 src/net.c:513 +#: src/net.c:460 src/net.c:466 src/net.c:528 #, c-format msgid "setsockopt: %m" msgstr "setsockopt(): %m" -#: src/net.c:458 src/net.c:520 +#: src/net.c:473 src/net.c:535 #, c-format msgid "fcntl: %m" msgstr "fcntl(): %m" -#: src/net.c:466 +#: src/net.c:481 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "" -#: src/net.c:482 +#: src/net.c:497 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Ha fallado la llamada a bind() con el puerto %hd/tcp: %m" -#: src/net.c:488 +#: src/net.c:503 #, c-format msgid "listen: %m" msgstr "listen(): %m" -#: src/net.c:507 +#: src/net.c:522 #, c-format msgid "Creating socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:531 +#: src/net.c:546 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Ha fallado la llamada a bind() con el puerto %hd/udp: %m" -#: src/net.c:548 +#: src/net.c:563 #, fuzzy, c-format msgid "Trying to connect to %s" msgstr "Cerrando conexión con %s." -#: src/net.c:558 +#: src/net.c:573 #, fuzzy, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:569 +#: src/net.c:584 #, c-format msgid "%s port %hd: %m" msgstr "" -#: src/net.c:576 +#: src/net.c:591 #, c-format msgid "fcntl for %s port %d: %m" msgstr "" -#: src/net.c:582 +#: src/net.c:597 #, fuzzy, c-format msgid "Connected to %s port %hd" msgstr "Conectado a %s:%hd" -#: src/net.c:605 +#: src/net.c:620 msgid "Invalid name for outgoing connection" msgstr "" -#: src/net.c:614 +#: src/net.c:629 #, c-format msgid "Error reading host configuration file for %s" msgstr "" -#: src/net.c:621 +#: src/net.c:636 #, c-format msgid "No address specified for %s" msgstr "" -#: src/net.c:628 +#: src/net.c:643 #, fuzzy, c-format msgid "Error looking up `%s': %m" msgstr "Error buscando `%s': %s\n" -#: src/net.c:638 +#: src/net.c:653 #, fuzzy, c-format msgid "Could not set up a meta connection to %s" msgstr "No he podido configurar una meta conexión." -#: src/net.c:673 +#: src/net.c:688 msgid "Name for tinc daemon required!" msgstr "" -#: src/net.c:681 +#: src/net.c:696 msgid "Invalid name for myself!" msgstr "" -#: src/net.c:687 +#: src/net.c:702 msgid "Private key for tinc daemon required!" msgstr "" -#: src/net.c:699 +#: src/net.c:714 msgid "Cannot open host configuration file for myself!" msgstr "" -#: src/net.c:705 +#: src/net.c:720 msgid "Public key for tinc daemon required!" msgstr "" -#: src/net.c:745 +#: src/net.c:760 msgid "Network address and subnet mask do not match!" msgstr "" -#: src/net.c:754 +#: src/net.c:769 #, fuzzy msgid "Unable to set up a listening socket!" msgstr "No puedo configurar un `socket' a la escucha" -#: src/net.c:760 +#: src/net.c:775 #, fuzzy msgid "Unable to set up an incoming vpn data socket!" msgstr "No puedo configurar un `socket' para recibir datos de la vpn" -#: src/net.c:767 +#: src/net.c:800 #, fuzzy, c-format msgid "Ready: listening on port %hd" msgstr "Listo: escuchando en el puerto %d." -#: src/net.c:799 +#: src/net.c:832 #, fuzzy, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Siguo sin poder conectar con el otro. Lo reintentaré en %d segundos." -#: src/net.c:834 src/net.c:893 +#: src/net.c:867 src/net.c:927 #, fuzzy, c-format msgid "Error while executing %s: %m" msgstr "Error esperando entrada: %m" -#: src/net.c:856 +#: src/net.c:889 #, fuzzy, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:903 +#: src/net.c:937 #, fuzzy msgid "Terminating" msgstr "Terminando." -#: src/net.c:917 +#: src/net.c:951 #, fuzzy, c-format msgid "Opening UDP socket to %s" msgstr "Abriendo `socket' UDP a " -#: src/net.c:922 +#: src/net.c:956 #, fuzzy, c-format msgid "Creating UDP socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:932 +#: src/net.c:966 #, fuzzy, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Error al crear `socket' de datos: %m" -#: src/net.c:965 +#: src/net.c:999 #, c-format msgid "Error: getpeername: %m" msgstr "Error: getpeername(): %m" -#: src/net.c:980 +#: src/net.c:1014 #, fuzzy, c-format msgid "Connection from %s port %d" msgstr "Conexión desde %s:%d" -#: src/net.c:1025 +#: src/net.c:1060 #, fuzzy, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Esto es un `bug': %s:%d: %d:%m" -#: src/net.c:1031 +#: src/net.c:1066 #, fuzzy, c-format msgid "Incoming data socket error: %s" msgstr "Error en el `socket' de recepción de datos: %s" -#: src/net.c:1037 +#: src/net.c:1072 #, fuzzy, c-format msgid "Receiving packet failed: %m" msgstr "Error recibiendo datos: %m" -#: src/net.c:1068 +#: src/net.c:1078 +#, fuzzy, c-format +msgid "Received packet of %d bytes" +msgstr "Recibiendo clave de " + +#: src/net.c:1100 #, fuzzy, c-format msgid "Closing connection with %s (%s)" msgstr "Cerrando conexión con %s." -#: src/net.c:1108 +#: src/net.c:1136 #, fuzzy msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:1136 +#: src/net.c:1168 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "" -#: src/net.c:1167 +#: src/net.c:1199 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Error al aceptar una nueva conexión: %m" -#: src/net.c:1175 +#: src/net.c:1207 #, fuzzy msgid "Closed attempted connection" msgstr "Se ha cerrado la conexión que se intentaba realizar." -#: src/net.c:1208 +#: src/net.c:1240 #, fuzzy, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Error en el `socket' de datos salientes: %s" -#: src/net.c:1244 +#: src/net.c:1276 #, fuzzy, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1253 +#: src/net.c:1285 #, fuzzy, c-format msgid "Error while reading from ethertap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1264 +#: src/net.c:1296 msgid "Received short packet from tap device" msgstr "" -#: src/net.c:1270 +#: src/net.c:1302 #, c-format msgid "Read packet of length %d from tap device" msgstr "" -#: src/net.c:1301 +#: src/net.c:1334 #, c-format msgid "Error while waiting for input: %m" msgstr "Error esperando entrada: %m" -#: src/net.c:1308 +#: src/net.c:1341 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "" -#: src/net.c:1315 +#: src/net.c:1348 msgid "Unable to reread configuration file, exiting" msgstr "" -#: src/netutl.c:115 +#: src/net.c:1374 +#, fuzzy +msgid "Regenerating symmetric key" +msgstr "Generando claves de %d bits." + +#: src/netutl.c:114 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Error buscando `%s': %s\n" @@ -454,230 +469,260 @@ msgstr "" msgid "No public key known for %s (%s)" msgstr "" -#: src/protocol.c:273 +#: src/protocol.c:269 #, c-format msgid "Generated random challenge (unencrypted): %s" msgstr "" -#: src/protocol.c:280 src/protocol.c:334 +#: src/protocol.c:276 src/protocol.c:330 #, c-format msgid "Error during encryption of challenge for %s (%s)" msgstr "" -#: src/protocol.c:306 +#: src/protocol.c:302 #, fuzzy, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "recibí KEY_CHANGED de " -#: src/protocol.c:316 +#: src/protocol.c:312 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "" -#: src/protocol.c:343 +#: src/protocol.c:339 #, c-format msgid "Received random challenge (unencrypted): %s" msgstr "" -#: src/protocol.c:359 +#: src/protocol.c:355 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "" -#: src/protocol.c:390 +#: src/protocol.c:386 #, fuzzy, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "recibí una petición ANS_KEY incorrecta: %s" -#: src/protocol.c:399 +#: src/protocol.c:395 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "" -#: src/protocol.c:416 +#: src/protocol.c:412 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "" -#: src/protocol.c:421 +#: src/protocol.c:417 #, c-format msgid "Expected challenge reply: %s" msgstr "" -#: src/protocol.c:463 +#: src/protocol.c:464 +#, c-format +msgid "Generated random meta key (unencrypted): %s" +msgstr "" + +#: src/protocol.c:471 src/protocol.c:534 +#, fuzzy, c-format +msgid "Error during encryption of meta key for %s (%s)" +msgstr "Error enviando datos: %m" + +#: src/protocol.c:503 +#, fuzzy, c-format +msgid "Got bad METAKEY from %s (%s)" +msgstr "recibí REQ_KEY de " + +#: src/protocol.c:513 +#, c-format +msgid "Intruder: wrong meta key length from %s (%s)" +msgstr "" + +#: src/protocol.c:543 +#, c-format +msgid "Received random meta key (unencrypted): %s" +msgstr "" + +#: src/protocol.c:583 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" -#: src/protocol.c:476 +#: src/protocol.c:599 #, fuzzy, c-format msgid "Connection with %s (%s) activated" msgstr "Activada la conexión con %s." -#: src/protocol.c:531 +#: src/protocol.c:654 #, fuzzy, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:540 +#: src/protocol.c:663 #, fuzzy, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:549 +#: src/protocol.c:672 #, fuzzy, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:560 +#: src/protocol.c:683 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:571 +#: src/protocol.c:694 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" -#: src/protocol.c:611 +#: src/protocol.c:734 #, fuzzy, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:620 +#: src/protocol.c:743 #, fuzzy, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:629 +#: src/protocol.c:752 #, fuzzy, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:640 +#: src/protocol.c:763 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:651 +#: src/protocol.c:774 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" -#: src/protocol.c:688 +#: src/protocol.c:811 #, fuzzy, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:696 +#: src/protocol.c:819 #, fuzzy, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:705 +#: src/protocol.c:828 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:722 +#: src/protocol.c:845 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "" -#: src/protocol.c:730 +#: src/protocol.c:853 #, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" -#: src/protocol.c:773 +#: src/protocol.c:896 #, fuzzy, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:782 +#: src/protocol.c:905 #, fuzzy, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:791 +#: src/protocol.c:914 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:802 +#: src/protocol.c:925 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" -#: src/protocol.c:812 +#: src/protocol.c:935 #, fuzzy, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:848 +#: src/protocol.c:971 #, fuzzy, c-format msgid "Got bad STATUS from %s (%s)" msgstr "recibí una petición ANS_KEY incorrecta: %s" -#: src/protocol.c:855 +#: src/protocol.c:978 #, fuzzy, c-format msgid "Status message from %s (%s): %s: %s" msgstr "He recibido una petición: %s" -#: src/protocol.c:879 +#: src/protocol.c:1002 #, fuzzy, c-format msgid "Got bad ERROR from %s (%s)" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:886 +#: src/protocol.c:1009 #, fuzzy, c-format msgid "Error message from %s (%s): %s: %s" msgstr "He recibido una petición: %s" -#: src/protocol.c:962 +#: src/protocol.c:1085 #, fuzzy, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "recibí KEY_CHANGED de " -#: src/protocol.c:969 +#: src/protocol.c:1092 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " "connection list" msgstr "" -#: src/protocol.c:999 +#: src/protocol.c:1123 #, fuzzy, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "recibí REQ_KEY de " -#: src/protocol.c:1006 +#: src/protocol.c:1130 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " "list" msgstr "" -#: src/protocol.c:1022 +#: src/protocol.c:1148 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " "connection list" msgstr "" -#: src/protocol.c:1050 +#: src/protocol.c:1184 #, fuzzy, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "recibí una petición ANS_KEY incorrecta: %s" -#: src/protocol.c:1057 +#: src/protocol.c:1191 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " "list" msgstr "" -#: src/protocol.c:1091 +#: src/protocol.c:1203 +#, fuzzy, c-format +msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" +msgstr "recibí una petición ANS_KEY incorrecta: %s" + +#: src/protocol.c:1224 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -685,7 +730,7 @@ msgid "" msgstr "" #. Do some intl stuff right now -#: src/subnet.c:242 src/tincd.c:397 +#: src/subnet.c:242 src/tincd.c:394 msgid "unknown" msgstr "" @@ -715,11 +760,11 @@ msgstr "" #: src/tincd.c:105 #, fuzzy msgid "" -" -c, --config=DIR Read configuration options from DIR.\n" -" -D, --no-detach Don't fork and detach.\n" -" -d Increase debug level.\n" -" -k, --kill Attempt to kill a running tincd and exit.\n" -" -n, --net=NETNAME Connect to net NETNAME.\n" +" -c, --config=DIR Read configuration options from DIR.\n" +" -D, --no-detach Don't fork and detach.\n" +" -d Increase debug level.\n" +" -k, --kill Attempt to kill a running tincd and exit.\n" +" -n, --net=NETNAME Connect to net NETNAME.\n" msgstr "" " -c, --config=FICHERO Lee opciones de configuración del FICHERO.\n" " -D, --no-detach No hagas fork() y liberes la terminal.\n" @@ -732,9 +777,9 @@ msgstr "" #: src/tincd.c:110 #, fuzzy msgid "" -" -K, --keygen[=BITS] Generate public/private RSA keypair.\n" -" --help Display this help and exit.\n" -" --version Output version information and exit.\n" +" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" +" --help Display this help and exit.\n" +" --version Output version information and exit.\n" "\n" msgstr "" " --help Muestra esta ayuda y termina.\n" @@ -750,85 +795,78 @@ msgid "Invalid argument! BITS must be a number equal to or greater than 512.\n" msgstr "" #: src/tincd.c:208 -msgid "" -"Seeding the PRNG: please press some keys or move\n" -"the mouse if this program seems to have halted...\n" -msgstr "" - -#. OpenSSL PRNG state apparently uses 1024 bytes, but it seems pretty sufficient anyway :) -#: src/tincd.c:211 #, fuzzy, c-format msgid "Generating %d bits keys:\n" msgstr "Generando claves de %d bits." -#: src/tincd.c:215 +#: src/tincd.c:212 msgid "Error during key generation!" msgstr "" -#: src/tincd.c:219 +#: src/tincd.c:216 #, fuzzy msgid "Done.\n" msgstr ": hecho.\n" -#: src/tincd.c:221 +#: src/tincd.c:218 msgid "" "Please copy the private key to tinc.conf and the\n" "public key to your host configuration file:\n" "\n" msgstr "" -#: src/tincd.c:231 +#: src/tincd.c:228 #, fuzzy, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Memoria agotada (la última es %s:%d) (no pude asignar %d bytes); terminando." -#: src/tincd.c:286 +#: src/tincd.c:283 #, fuzzy, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) comenzando, nivel de depuración %d." -#: src/tincd.c:289 +#: src/tincd.c:286 #, fuzzy, c-format msgid "tincd %s starting" msgstr "tincd %s comenzando, nivel de depuración %d." -#: src/tincd.c:304 +#: src/tincd.c:301 #, fuzzy, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Total de bytes escritos: tap %d, socket %d; bytes leidos: tap %d, socket %d." -#: src/tincd.c:322 +#: src/tincd.c:319 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "" "Un tincd está actualmente en ejecución para la red `%s' con el pid %d.\n" -#: src/tincd.c:325 +#: src/tincd.c:322 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Un tincd está actualmente en ejecución con el pid %d.\n" -#: src/tincd.c:346 +#: src/tincd.c:343 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "No hay ningún otro tincd en ejecución para la red `%s'.\n" -#: src/tincd.c:348 +#: src/tincd.c:345 msgid "No other tincd is running.\n" msgstr "No hay ningún otro tincd en ejecución.\n" -#: src/tincd.c:355 +#: src/tincd.c:352 msgid "Removing stale lock file.\n" msgstr "Borrando fichero de bloqueo en desuso.\n" -#: src/tincd.c:403 +#: src/tincd.c:400 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "" -#: src/tincd.c:404 +#: src/tincd.c:401 #, fuzzy msgid "" "Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" @@ -845,7 +883,7 @@ msgstr "" "y puede ser redistribuido bajo ciertas condiciones;\n" "vea el fichero COPYING para los detalles.\n" -#: src/tincd.c:418 +#: src/tincd.c:415 #, fuzzy msgid "You must be root to run this program. Sorry.\n" msgstr "" @@ -860,7 +898,7 @@ msgstr "" msgid "Restarting in %d seconds!" msgstr "" -#: src/tincd.c:462 src/tincd.c:508 +#: src/tincd.c:462 src/tincd.c:509 #, fuzzy msgid "Not restarting." msgstr "tincd %s comenzando, nivel de depuración %d." @@ -869,50 +907,42 @@ msgstr "tincd %s comenzando, nivel de depuraci msgid "Got TERM signal" msgstr "Recibí la señal TERM" -#: src/tincd.c:480 +#: src/tincd.c:481 msgid "Got QUIT signal" msgstr "Recibí la señal QUIT" -#: src/tincd.c:487 +#: src/tincd.c:488 msgid "Got another SEGV signal: not restarting" msgstr "Recibí otra señal SEGV: no reinicio" -#: src/tincd.c:494 +#: src/tincd.c:495 #, fuzzy msgid "Got SEGV signal" msgstr "Recibí la señal TERM" -#: src/tincd.c:499 +#: src/tincd.c:500 #, fuzzy msgid "Trying to re-execute in 5 seconds..." msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/tincd.c:517 +#: src/tincd.c:518 msgid "Got HUP signal" msgstr "Recibí la señal HUP" -#: src/tincd.c:525 +#: src/tincd.c:526 #, fuzzy msgid "Got INT signal, exiting" msgstr "Recibí la señal INT" -#: src/tincd.c:549 +#: src/tincd.c:545 #, fuzzy, c-format msgid "Got unexpected signal %d (%s)" msgstr "Recibí una señal inesperada (%d)." -#, fuzzy -#~ msgid "Receiving packet of %d bytes" -#~ msgstr "Recibiendo clave de " - #, fuzzy #~ msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" #~ msgstr "Trama ethernet no-IP %04x de " -#, fuzzy -#~ msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key" -#~ msgstr "recibí una petición ANS_KEY incorrecta: %s" - #, fuzzy #~ msgid "Got USR2 signal, forcing new key generation" #~ msgstr "Forzando generación de una nueva clave" @@ -929,10 +959,6 @@ msgstr "Recib #~ msgid "Illegal passphrase in %s; size would be %d" #~ msgstr "Frase de paso ilegal en %s; el tamaño debe ser %d" -#, fuzzy -#~ msgid "Generating %d bits keys" -#~ msgstr "Generando claves de %d bits." - #~ msgid "Opening /dev/urandom failed: %m" #~ msgstr "Fallo abriendo /dev/urandom : %m" diff --git a/po/nl.po b/po/nl.po index 9dc5634f..aabeee11 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-10-29 02:49+0100\n" +"POT-Creation-Date: 2000-10-30 01:16+0100\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -42,7 +42,7 @@ msgstr "" #: src/conf.c:219 #, c-format msgid "Failed to read `%s': %m\n" -msgstr "" +msgstr "Gefaald om `%s' te lezen: %m\n" #: src/meta.c:45 #, c-format @@ -54,7 +54,7 @@ msgstr "Verzending %d bytes metadata naar %s (%s): %s" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:89 src/net.c:940 +#: src/meta.c:89 src/net.c:974 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" @@ -64,326 +64,340 @@ msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s): %s" -#: src/meta.c:115 +#: src/meta.c:114 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:119 +#: src/meta.c:118 #, c-format msgid "Metadata socket read error for %s (%s): %m" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %m" -#: src/meta.c:149 +#: src/meta.c:148 #, c-format msgid "Got request from %s (%s): %s" msgstr "Kreeg verzoek van %s (%s): %s" -#: src/meta.c:167 +#: src/meta.c:166 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overvol voor %s (%s)" -#: src/net.c:119 +#: src/net.c:127 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net.c:128 +#: src/net.c:136 #, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" -#: src/net.c:160 +#: src/net.c:165 +#, c-format +msgid "Writing packet of %d bytes to tap device" +msgstr "Verzending pakket van %d bytes naar tap device" + +#: src/net.c:175 #, c-format msgid "Can't write to tun/tap device: %m" msgstr "Kan niet naar tun/tap apparaat schrijven: %m" -#: src/net.c:167 +#: src/net.c:182 #, c-format msgid "Can't write to ethertap device: %m" msgstr "Kan niet naar ethertap apparaat schrijven: %m" -#: src/net.c:268 +#: src/net.c:283 msgid "Queue flushed" msgstr "Wachtrij leeggemaakt" -#: src/net.c:283 +#: src/net.c:298 #, c-format msgid "Flushing send queue for %s (%s)" msgstr "Legen van verzend-wachtrij voor %s (%s)" -#: src/net.c:291 +#: src/net.c:306 #, c-format msgid "Flushing receive queue for %s (%s)" msgstr "Legen van de ontvangst-wachtrij voor %s (%s)" -#: src/net.c:310 +#: src/net.c:325 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" -#: src/net.c:326 +#: src/net.c:341 #, c-format msgid "Could not open UDP connection to %s (%s)" msgstr "Kon geen UDP verbinding openen naar %s (%s)" -#: src/net.c:383 +#: src/net.c:398 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" -#: src/net.c:410 +#: src/net.c:425 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s is een nieuwe stijl tun/tap apparaat" -#: src/net.c:439 +#: src/net.c:454 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:445 src/net.c:451 src/net.c:513 +#: src/net.c:460 src/net.c:466 src/net.c:528 #, c-format msgid "setsockopt: %m" msgstr "setsockopt: %m" -#: src/net.c:458 src/net.c:520 +#: src/net.c:473 src/net.c:535 #, c-format msgid "fcntl: %m" msgstr "fcntl: %m" -#: src/net.c:466 +#: src/net.c:481 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:482 +#: src/net.c:497 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:488 +#: src/net.c:503 #, c-format msgid "listen: %m" msgstr "listen: %m" -#: src/net.c:507 +#: src/net.c:522 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:531 +#: src/net.c:546 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:548 +#: src/net.c:563 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:558 +#: src/net.c:573 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:569 +#: src/net.c:584 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:576 +#: src/net.c:591 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:582 +#: src/net.c:597 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:605 +#: src/net.c:620 msgid "Invalid name for outgoing connection" msgstr "Ongelige naam voor uitgaande verbinding" -#: src/net.c:614 +#: src/net.c:629 #, c-format msgid "Error reading host configuration file for %s" msgstr "Fout tijdens lezen host configuratie bestand voor %s" -#: src/net.c:621 +#: src/net.c:636 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:628 +#: src/net.c:643 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:638 +#: src/net.c:653 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:673 +#: src/net.c:688 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:681 +#: src/net.c:696 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:687 +#: src/net.c:702 msgid "Private key for tinc daemon required!" msgstr "Privé sleutel voor tinc daemon verplicht!" -#: src/net.c:699 +#: src/net.c:714 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:705 +#: src/net.c:720 msgid "Public key for tinc daemon required!" msgstr "Publieke sleutel voor tinc daemon verplicht!" -#: src/net.c:745 +#: src/net.c:760 msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" -#: src/net.c:754 +#: src/net.c:769 msgid "Unable to set up a listening socket!" msgstr "Kon geen luistersocket aanmaken!" -#: src/net.c:760 +#: src/net.c:775 msgid "Unable to set up an incoming vpn data socket!" msgstr "Kon geen socket maken voor inkomend vpn verkeer!" -#: src/net.c:767 +#: src/net.c:800 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:799 +#: src/net.c:832 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:834 src/net.c:893 +#: src/net.c:867 src/net.c:927 #, c-format msgid "Error while executing %s: %m" msgstr "Fout tijdens uitvoeren %s: %m" -#: src/net.c:856 +#: src/net.c:889 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:903 +#: src/net.c:937 msgid "Terminating" msgstr "Beëindigen" -#: src/net.c:917 +#: src/net.c:951 #, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:922 +#: src/net.c:956 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:932 +#: src/net.c:966 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:965 +#: src/net.c:999 #, c-format msgid "Error: getpeername: %m" msgstr "Fout: getpeername: %m" -#: src/net.c:980 +#: src/net.c:1014 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1025 +#: src/net.c:1060 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1031 +#: src/net.c:1066 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1037 +#: src/net.c:1072 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1068 +#: src/net.c:1078 +#, c-format +msgid "Received packet of %d bytes" +msgstr "Ontvangst pakket van %d bytes" + +#: src/net.c:1100 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1108 +#: src/net.c:1136 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:1136 +#: src/net.c:1168 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1167 +#: src/net.c:1199 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1175 +#: src/net.c:1207 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1208 +#: src/net.c:1240 #, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" -#: src/net.c:1244 +#: src/net.c:1276 #, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1253 +#: src/net.c:1285 #, c-format msgid "Error while reading from ethertap device: %m" msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1264 +#: src/net.c:1296 msgid "Received short packet from tap device" msgstr "Kort pakket ontvangen van tap apparaat" -#: src/net.c:1270 +#: src/net.c:1302 #, c-format msgid "Read packet of length %d from tap device" msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1301 +#: src/net.c:1334 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1308 +#: src/net.c:1341 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1315 +#: src/net.c:1348 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/netutl.c:115 +#: src/net.c:1374 +msgid "Regenerating symmetric key" +msgstr "Hergenereren symmetrische sleutel" + +#: src/netutl.c:114 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Fout bij het opzoeken van `%s': %s\n" @@ -453,200 +467,225 @@ msgstr "%s (%s) staat al in onze verbindingslijst" msgid "No public key known for %s (%s)" msgstr "Geen publieke sleutel bekend voor %s (%s)" -#: src/protocol.c:273 +#: src/protocol.c:269 #, c-format msgid "Generated random challenge (unencrypted): %s" msgstr "Uitdaging gegenereerd (niet versleuteld): %s" -#: src/protocol.c:280 src/protocol.c:334 +#: src/protocol.c:276 src/protocol.c:330 #, c-format msgid "Error during encryption of challenge for %s (%s)" msgstr "Fout tijdens versleuteling van uitdaging voor %s (%s)" -#: src/protocol.c:306 +#: src/protocol.c:302 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" -#: src/protocol.c:316 +#: src/protocol.c:312 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" -#: src/protocol.c:343 +#: src/protocol.c:339 #, c-format msgid "Received random challenge (unencrypted): %s" msgstr "Uitdaging ontvangen (niet versleuteld): %s" -#: src/protocol.c:359 +#: src/protocol.c:355 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" -#: src/protocol.c:390 +#: src/protocol.c:386 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" -#: src/protocol.c:399 +#: src/protocol.c:395 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" -#: src/protocol.c:416 +#: src/protocol.c:412 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" -#: src/protocol.c:421 +#: src/protocol.c:417 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwacht antwoord op uitdaging: %s" -#: src/protocol.c:463 +#: src/protocol.c:464 +#, c-format +msgid "Generated random meta key (unencrypted): %s" +msgstr "Meta sleutel gegenereerd (niet versleuteld): %s" + +#: src/protocol.c:471 src/protocol.c:534 +#, c-format +msgid "Error during encryption of meta key for %s (%s)" +msgstr "Fout tijdens versleuteling van meta sleutel voor %s (%s)" + +#: src/protocol.c:503 +#, c-format +msgid "Got bad METAKEY from %s (%s)" +msgstr "Kreeg ongeldige METAKEY van %s (%s)" + +#: src/protocol.c:513 +#, c-format +msgid "Intruder: wrong meta key length from %s (%s)" +msgstr "Indringer: verkeerde lengte voor meta sleutel van %s (%s)" + +#: src/protocol.c:543 +#, c-format +msgid "Received random meta key (unencrypted): %s" +msgstr "Meta sleutel ontvangen (niet versleuteld): %s" + +#: src/protocol.c:583 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:476 +#: src/protocol.c:599 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:531 +#: src/protocol.c:654 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" -#: src/protocol.c:540 +#: src/protocol.c:663 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:549 +#: src/protocol.c:672 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" -#: src/protocol.c:560 +#: src/protocol.c:683 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:571 +#: src/protocol.c:694 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg ADD_SUBNET voor %d.%d.%d.%d van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:611 +#: src/protocol.c:734 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" -#: src/protocol.c:620 +#: src/protocol.c:743 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:629 +#: src/protocol.c:752 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:640 +#: src/protocol.c:763 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:651 +#: src/protocol.c:774 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg DEL_SUBNET voor %d.%d.%d.%d van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:688 +#: src/protocol.c:811 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:696 +#: src/protocol.c:819 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:705 +#: src/protocol.c:828 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:722 +#: src/protocol.c:845 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:730 +#: src/protocol.c:853 #, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe verbinding" -#: src/protocol.c:773 +#: src/protocol.c:896 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:782 +#: src/protocol.c:905 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:791 +#: src/protocol.c:914 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:802 +#: src/protocol.c:925 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:812 +#: src/protocol.c:935 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:848 +#: src/protocol.c:971 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:855 +#: src/protocol.c:978 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:879 +#: src/protocol.c:1002 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:886 +#: src/protocol.c:1009 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:962 +#: src/protocol.c:1085 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:969 +#: src/protocol.c:1092 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -655,12 +694,12 @@ msgstr "" "Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:999 +#: src/protocol.c:1123 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:1006 +#: src/protocol.c:1130 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -669,7 +708,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1022 +#: src/protocol.c:1148 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -677,12 +716,12 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1050 +#: src/protocol.c:1184 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:1057 +#: src/protocol.c:1191 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -691,7 +730,13 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1091 +#: src/protocol.c:1203 +#, c-format +msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" +msgstr "" +"Kreeg ongeldige ADD_KEY van %s (%s) herkomst %s: ongeldige sleutellengte" + +#: src/protocol.c:1224 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -700,7 +745,7 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" #. Do some intl stuff right now -#: src/subnet.c:242 src/tincd.c:397 +#: src/subnet.c:242 src/tincd.c:394 msgid "unknown" msgstr "onbekend" @@ -728,28 +773,29 @@ msgstr "" #: src/tincd.c:105 msgid "" -" -c, --config=DIR Read configuration options from DIR.\n" -" -D, --no-detach Don't fork and detach.\n" -" -d Increase debug level.\n" -" -k, --kill Attempt to kill a running tincd and exit.\n" -" -n, --net=NETNAME Connect to net NETNAME.\n" +" -c, --config=DIR Read configuration options from DIR.\n" +" -D, --no-detach Don't fork and detach.\n" +" -d Increase debug level.\n" +" -k, --kill Attempt to kill a running tincd and exit.\n" +" -n, --net=NETNAME Connect to net NETNAME.\n" msgstr "" -" -c, --config=MAP Lees configuratie uit MAP.\n" -" -D, --no-detach Start geen nieuw proces.\n" -" -d Verhoog debugniveau.\n" -" -k, --kill Poging tot doden van lopende tincd en beëindig.\n" -" -n, --net=NETNAAM Verbind met net NETNAAM.\n" +" -c, --config=MAP Lees configuratie uit MAP.\n" +" -D, --no-detach Start geen nieuw proces.\n" +" -d Verhoog debugniveau.\n" +" -k, --kill Poging tot doden van lopende tincd en " +"beëindig.\n" +" -n, --net=NETNAAM Verbind met net NETNAAM.\n" #: src/tincd.c:110 msgid "" -" -K, --keygen[=BITS] Generate public/private RSA keypair.\n" -" --help Display this help and exit.\n" -" --version Output version information and exit.\n" +" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" +" --help Display this help and exit.\n" +" --version Output version information and exit.\n" "\n" msgstr "" -" -K, --keygen[=BITS] Genereer publiek/privé RSA sleutelpaar.\n" -" --help Geef deze hulp en beëindig.\n" -" --version Geef versie informatie en beëindig.\n" +" -K, --generate-keys[=BITS] Genereer publiek/privé RSA sleutelpaar.\n" +" --help Geef deze hulp en beëindig.\n" +" --version Geef versie informatie en beëindig.\n" "\n" #: src/tincd.c:113 @@ -764,28 +810,19 @@ msgstr "" "Ongeldig argument! BITS moet een nummer zijn gelijk aan of groter dan 512.\n" #: src/tincd.c:208 -msgid "" -"Seeding the PRNG: please press some keys or move\n" -"the mouse if this program seems to have halted...\n" -msgstr "" -"Initialisatie van PRNG: druk op de toetsen of beweeg\n" -"de muis als het programma gestopt lijkt te zijn...\n" - -#. OpenSSL PRNG state apparently uses 1024 bytes, but it seems pretty sufficient anyway :) -#: src/tincd.c:211 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:215 +#: src/tincd.c:212 msgid "Error during key generation!" msgstr "Fout tijdens genereren sleutel!" -#: src/tincd.c:219 +#: src/tincd.c:216 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:221 +#: src/tincd.c:218 msgid "" "Please copy the private key to tinc.conf and the\n" "public key to your host configuration file:\n" @@ -795,58 +832,58 @@ msgstr "" "publieke sleutel naar het host configuratie bestand:\n" "\n" -#: src/tincd.c:231 +#: src/tincd.c:228 #, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken), beëindigen." -#: src/tincd.c:286 +#: src/tincd.c:283 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) gestart, debugniveau %d" -#: src/tincd.c:289 +#: src/tincd.c:286 #, c-format msgid "tincd %s starting" msgstr "tincd %s gestart" -#: src/tincd.c:304 +#: src/tincd.c:301 #, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " "socket %d." -#: src/tincd.c:322 +#: src/tincd.c:319 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd voor net `%s' draait al met procesnummer %d.\n" -#: src/tincd.c:325 +#: src/tincd.c:322 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met procesnummer %d.\n" -#: src/tincd.c:346 +#: src/tincd.c:343 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd gevonden voor net `%s'.\n" -#: src/tincd.c:348 +#: src/tincd.c:345 msgid "No other tincd is running.\n" msgstr "Geen andere tincd gevonden.\n" -#: src/tincd.c:355 +#: src/tincd.c:352 msgid "Removing stale lock file.\n" msgstr "Ongebruikt vergrendelingsbestand verwijderd.\n" -#: src/tincd.c:403 +#: src/tincd.c:400 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:404 +#: src/tincd.c:401 msgid "" "Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -863,7 +900,7 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:418 +#: src/tincd.c:415 msgid "You must be root to run this program. Sorry.\n" msgstr "" "Je moet systeembeheerder zijn om dit programma te kunnen draaien. Sorry.\n" @@ -877,7 +914,7 @@ msgstr "Onherstelbare fout" msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:462 src/tincd.c:508 +#: src/tincd.c:462 src/tincd.c:509 msgid "Not restarting." msgstr "Geen herstart." @@ -885,31 +922,31 @@ msgstr "Geen herstart." msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/tincd.c:480 +#: src/tincd.c:481 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/tincd.c:487 +#: src/tincd.c:488 msgid "Got another SEGV signal: not restarting" msgstr "Kreeg nog een SEGV signaal: niet herstarten" -#: src/tincd.c:494 +#: src/tincd.c:495 msgid "Got SEGV signal" msgstr "Kreeg SEGV signaal" -#: src/tincd.c:499 +#: src/tincd.c:500 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstaren over 5 seconden..." -#: src/tincd.c:517 +#: src/tincd.c:518 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/tincd.c:525 +#: src/tincd.c:526 msgid "Got INT signal, exiting" msgstr "Kreeg INT signaal, beëindigen" -#: src/tincd.c:549 +#: src/tincd.c:545 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" diff --git a/src/net.c b/src/net.c index 5450b9ae..9376ec3b 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.55 2000/10/29 22:10:42 guus Exp $ + $Id: net.c,v 1.35.4.56 2000/10/30 00:22:53 guus Exp $ */ #include "config.h" @@ -162,7 +162,7 @@ cp */ if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Writing packet of %d (%d) bytes to tap device"), + syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"), outpkt.len, outlen); /* Fix mac address */ diff --git a/src/tincd.c b/src/tincd.c index ba17b30f..dac3dbc3 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.21 2000/10/29 22:55:15 guus Exp $ + $Id: tincd.c,v 1.10.4.22 2000/10/30 00:22:54 guus Exp $ */ #include "config.h" @@ -102,14 +102,14 @@ usage(int status) else { printf(_("Usage: %s [option]...\n\n"), program_name); - printf(_(" -c, --config=DIR Read configuration options from DIR.\n" - " -D, --no-detach Don't fork and detach.\n" - " -d Increase debug level.\n" - " -k, --kill Attempt to kill a running tincd and exit.\n" - " -n, --net=NETNAME Connect to net NETNAME.\n")); - printf(_(" -K, --keygen[=BITS] Generate public/private RSA keypair.\n" - " --help Display this help and exit.\n" - " --version Output version information and exit.\n\n")); + printf(_(" -c, --config=DIR Read configuration options from DIR.\n" + " -D, --no-detach Don't fork and detach.\n" + " -d Increase debug level.\n" + " -k, --kill Attempt to kill a running tincd and exit.\n" + " -n, --net=NETNAME Connect to net NETNAME.\n")); + printf(_(" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" + " --help Display this help and exit.\n" + " --version Output version information and exit.\n\n")); printf(_("Report bugs to tinc@nl.linux.org.\n")); } exit(status); @@ -537,11 +537,6 @@ RETSIGTYPE sigusr2_handler(int a) { dump_subnet_list(); -/* FIXME: reprogram this. - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got USR2 signal, forcing new key generation")); - regenerate_keys(); -*/ } RETSIGTYPE From b4c1d4e2d3287acd7ca438455c64e50a2828ad24 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 30 Oct 2000 10:19:06 +0000 Subject: [PATCH 148/923] - Fixed some spelling mistakes and terminology here and there. --- doc/tinc.conf.5 | 23 ++++++----------------- doc/tincd.8 | 6 +++--- src/tincd.c | 4 ++-- 3 files changed, 11 insertions(+), 22 deletions(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 930bb060..d647bbbd 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -1,6 +1,6 @@ .TH TINC 5 "May 2000" "tinc version 1.0" "FSF" .SH NAME -tincd.conf \- tinc daemon configuration +tinc.conf \- tinc daemon configuration .SH "DESCRIPTION" The files in the \fI/etc/tinc\fR directory contain runtime and security information for the \fBtinc\fR(8) daemon. @@ -23,7 +23,7 @@ However, it is not strictly necessary that you call tinc with the -n option. In this case, the network name would just be empty, and it will be used as such. tinc now looks for files in \fI/etc/tinc/\fR, instead of \fI/etc/tinc/\fBnn\fI/\fR; the configuration file should be -\fI/etc/tinc/tincd.conf\fR, and the passphrases are now expected to be +\fI/etc/tinc/tinc.conf\fR, and the passphrases are now expected to be in \fI/etc/tinc/passphrases/\fR. But it is highly recommended that you use this feature of tinc, @@ -36,8 +36,9 @@ it will be part of. The name will be used by other tinc daemons for identification. The name has to be declared in the \fI/etc/tinc/\fBnn\fI/tinc.conf\fR file. -To make things easy, choose something that will give unique names to -your tinc daemon(s): hostnames, owner surnames, location. +To make things easy, choose something that will give unique and easy +to rememebr names to your tinc daemon(s). +You could try things like hostnames, owner surnames or location names. .PP .SH "PUBLIC/PRIVATE KEYS" You should use \fBtincd --generate-keys\fR to generate public/private @@ -50,7 +51,7 @@ for the name of the tinc daemon (See \fBNAMES\fR). .PP .SH "SERVER CONFIGURATION" The server configuration of the daemon is done in the file -\fI/etc/tinc/\fBnn\fI/tincd.conf\fR. +\fI/etc/tinc/\fBnn\fI/tinc.conf\fR. This file consists of comments (lines started with a \fB#\fR) or assignments in the form of @@ -87,18 +88,6 @@ a lookup if your DNS server is not responding. This does not affect resolving hostnames to IP addresses from the host configuration files. .TP -\fBInterface\fR = <\fIdevice\fR> (optional) -If you have more than one network interface in your computer, tinc will by -default listen on all of them for incoming connections. It is possible to -bind tinc to a single interface like eth0 or ppp0 with this variable. -.TP -\fBInterfaceIP\fR = <\fIlocal address\fR> (optional) -If your computer has more than one IP address on a single interface (for example -if you are running virtual hosts), tinc will by default listen on all of them for -incoming connections. It is possible to bind tinc to a single IP address with -this variable. It is still possible to listen on several interfaces at the same -time though, if they share the same IP address. -.TP \fBKeyExpire\fR = <\fIseconds\fR> (3600) This option controls the time the encryption keys used to encrypt the data are valid. It is common practice to change keys at regular intervals to diff --git a/doc/tincd.8 b/doc/tincd.8 index 648c5de2..b96164ac 100644 --- a/doc/tincd.8 +++ b/doc/tincd.8 @@ -1,6 +1,6 @@ .TH TINCD 8 "June 2000" "tinc version 1.0pre3" "FSF" .SH NAME -tinc \- tinc VPN daemon +tincd \- tinc VPN daemon .SH SYNOPSIS .B tincd [\fIoption\fR]... @@ -12,7 +12,7 @@ network (VPN) project. When started, tincd will read it's configuration file to determine what virtual subnets it has to serve and to what other tinc daemons it should connect. It will connect to the ethertap or tun/tap device and set up a socket -for incomming connections. +for incoming connections. If that succeeds, it will detach from the controlling terminal and continue in the background, accepting and setting up connections to other tinc daemons that are part of the virtual private network. @@ -35,7 +35,7 @@ Attempt to kill a running tincd and exit. \fB\-n\fR, \fB\-\-net\fR=\fINETNAME\fR Connect to net NETNAME. .TP -\fB\-K\fR, \fB\-\-generate-key\fR[=\fIBITS]\fR +\fB\-K\fR, \fB\-\-generate-keys\fR[=\fIBITS]\fR Generate public/private RSA keypair and exit. If BITS is omitted, the default length will be 1024 bits. .TP diff --git a/src/tincd.c b/src/tincd.c index dac3dbc3..a99b81bc 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.22 2000/10/30 00:22:54 guus Exp $ + $Id: tincd.c,v 1.10.4.23 2000/10/30 10:19:06 guus Exp $ */ #include "config.h" @@ -90,7 +90,7 @@ static struct option const long_options[] = { "help", no_argument, &show_help, 1 }, { "version", no_argument, &show_version, 1 }, { "no-detach", no_argument, &do_detach, 0 }, - { "keygen", optional_argument, NULL, 'K'}, + { "generate-keys", optional_argument, NULL, 'K'}, { NULL, 0, NULL, 0 } }; From af565d00220b7536b9987c48e2a71459b45027b4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 31 Oct 2000 16:10:17 +0000 Subject: [PATCH 149/923] - Update. --- NEWS | 7 ++++++ README | 79 ++++++++++++++++++++++++++++++++++------------------------ TODO | 25 ++++++++++++------- 3 files changed, 69 insertions(+), 42 deletions(-) diff --git a/NEWS b/NEWS index ee5c2c18..da91eef3 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,10 @@ +version 1.0pre3 Oct 31 2000 + * Major overhaul + * Use public/private key cryptography (fixes security hole) + * Use OpenSSL crypto library for all cryptography + * Support for multiple subnets per tinc daemon + * Support for tun/tap device + version 1.0pre2 May 31 2000 * Internationalized, Dutch translation available * Many sanity checks on the meta protocol added diff --git a/README b/README index 7c0fe125..65b6be33 100644 --- a/README +++ b/README @@ -1,47 +1,60 @@ -This is the README file for tinc version 1.0. -Installation instructions may be found in the INSTALL file. +This is the README file for tinc version 1.0pre3. Installation instructions may +be found in the INSTALL file. -tinc is Copyright (C) 1998,1999,2000 Ivo Timmermans -, Guus Sliepen and -others. For a complete list of authors see the AUTHORS file. +tinc is Copyright (C) 1998,1999,2000 Ivo Timmermans , +Guus Sliepen and others. For a complete list of +authors see the AUTHORS file. -This program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2 of the License, or (at -your option) any later version. See the file COPYING for more details. +This program is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; either version 2 of the License, or (at your option) any later +version. See the file COPYING for more details. +Security statement +------------------ + +In august 2000, we discovered the existence of a security hole in all versions +of tinc up to and including 1.0pre2. This had to do with the way we exchanged +keys. Since then, we have been working on a new authentication scheme to make +tinc as secure as possible. The current version uses the OpenSSL library and +does authentication in much the same way as the SSH protocol does. + +Cryptography is a hard thing to get right. We cannot make any guarantees. Time, +review and feedback are the only things that can prove the security of any +cryptographic product. If you wish to review tinc or give us feedback, you are +stronly encouraged to do so. + Requirements ------------ -Since 1.0pre3, we use OpenSSL for all cryptographic functions. So you -need to install this library first; grab it from -http://www.openssl.org/. We recommend version 0.9.5 or better. If -this library is not installed on you system, configure will fail. The -manual in doc/tinc.texi contains more detailed information on how to -install this library. +Since 1.0pre3, we use OpenSSL for all cryptographic functions. So you need to +install this library first; grab it from http://www.openssl.org/. We recommend +version 0.9.5 or better. If this library is not installed on you system, +configure will fail. The manual in doc/tinc.texi contains more detailed +information on how to install this library. Features -------- -This version of tinc supports multiple virtual networks at once. To -use this feature, you may supply a netname via the -n or --net -options. The standard locations for the config files will then be -/etc/tinc//. Because of this feature, tinc will send packets -directly to their destinations, instead of to the uplink. If this -behaviour is undesirable (for instance because of firewalls or -other restrictions), please use an older version of tinc (I would -recommend tinc-0.2.19). +This version of tinc supports multiple virtual networks at once. To use this +feature, you may supply a netname via the -n or --net options. The standard +locations for the config files will then be /etc/tinc//. Because of this +feature, tinc will send packets directly to their destinations, instead of to +the uplink. If this behaviour is undesirable (for instance because of firewalls +or other restrictions), please use an older version of tinc (I would recommend +tinc-0.2.19). -In this version, MAC addresses are stripped off before encoding and -sending a packet. When the packet reaches its destination, the MAC -addresses are rebuilt again. They then have the form -FE:FD:aa:bb:cc:dd. aa, bb, cc and dd are taken from the destination -and source IP address. See the manual for more detailed information. +In order to force the kernel to accept received packets, the destination MAC +address will be set to FE:FD:00:00:00:00 upon reception. The MAC address of the +ethertap or tun/tap interface must also be set to this address. See the manual +for more detailed information. -tincd regenerates its encryption key pairs. It does this on the first -activity after the keys have expired. This period is adjustable in the -configuration file, and the default time is 3600 seconds (one -hour). If you send a USR2 signal to the daemon, it'll regenerate -immediately. +tincd regenerates its encryption key pairs. It does this on the first activity +after the keys have expired. This period is adjustable in the configuration +file, and the default time is 3600 seconds (one hour). + +This version supports multiple subnets at once. They are also sorted on subnet +mask size. This means that it is possible to have overlapping subnets on the +VPN, as long as their subnet mask sizes differ. diff --git a/TODO b/TODO index 4415e163..e054e099 100644 --- a/TODO +++ b/TODO @@ -1,9 +1,16 @@ -Things left to do to make cabal superstable: --------------------------------------------- - * Check for connection loops. Inter-daemon - connections should always satisfy the - tree property. - * Redundancy: multiple ConnectTo lines, if - one fails others might be tried. - * Allow connects to hosts that use - nodirectdata. +Todo list (in no specific order): + +* Compression +* Routing by MAC (allows for more than only IPv4) +* Store private key in a separate file +* Sanity checks on configuration directory +* Use efficient tree algorithms instead of linked lists +* Reenable queues for delayed packets +* Broadcast/multicast +* Windowing, chaffing, scattering, background noise +* ABC protocol (superscalabilty) +* Proxy ARP +* Eazy setup scripts (graphical?) +* FreeBSD and Solaris ports +* Threading +* Everything else not mentioned. From 59528ec892e8b9a599f2b39bf432a3d842e963fe Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 31 Oct 2000 16:22:49 +0000 Subject: [PATCH 150/923] Removed config file parsing and interface setup. This will be handled by the tinc-up and tinc-down scripts from now on. --- debian/init.d | 118 +++----------------------------------------------- 1 file changed, 5 insertions(+), 113 deletions(-) diff --git a/debian/init.d b/debian/init.d index 62c9de35..109191b0 100644 --- a/debian/init.d +++ b/debian/init.d @@ -1,7 +1,7 @@ #! /usr/bin/perl -w # # System startup script for tinc -# $Id: init.d,v 1.14.2.2 2000/08/20 23:08:17 zarq Exp $ +# $Id: init.d,v 1.14.2.3 2000/10/31 16:22:49 guus Exp $ # # Based on Lubomir Bulej's Redhat init script. # @@ -42,114 +42,6 @@ sub find_nets { } - -############################################################################## -# vpn_load () Loads VPN configuration -# -# $_[0] ... VPN to load - -sub vpn_load { - my @addr; - $CFG="$TCONF/$_[0]/tinc.conf"; - if(! open($CFG, "< $CFG")) { - warn "tinc: $CFG does not exist\n"; - return 0; - } - - # load TINCD config - while(<$CFG>) { - if( /^[ ]*TapDevice[ =]+([^ \#]+)/i ) { - $DEV=$1; - chomp($DEV); - $DEV =~ s/^.*\/([^\/0-9]+)([0-9]+)$/$1$2/; - $NUM = $2; - } elsif ( /^[ ]*(MyOwnVPNIP|MyVirtualIP)[ =]+([^ \#]+)/i ) { - $VPN=$2; - chomp($VPN); - } elsif ( /^[ ]*VpnMask[ =]+([^ \#]+)/i ) { - $VPNMASK=$1; - chomp($VPNMASK); - } - } - if(!defined($DEV)) { - warn "tinc: There must be a TapDevice\n"; - return 0; - } - if($DEV eq "") { - warn "tinc: TapDevice should be of the form /dev/tapN\n"; - return 0; - } - if(!defined($VPN)) { - warn "tinc: MyVirtualIP required\n"; - return 0; - } - if($VPN eq "") { - warn "tinc: No argument to MyVirtualIP/MyOwnVPNIP\n"; - return 0; - } - if(defined($VPNMASK) && $VPNMASK eq "") { - warn "tinc: Invalid argument to VpnMask\n"; - return 0; - } - - $ADR = $VPN; - $ADR =~ s/^([^\/]+)\/.*$/$1/; - $LEN = $VPN; - $LEN =~ s/^.*\/([^\/]+)$/$1/; - if($ADR eq "" || $LEN eq "") { - warn "tinc: Badly formed MyVirtualIP/MyOwnVPNIP\n"; - return 0; - } - @addr = split(/\./, $ADR); - - $ADR = pack('C4', @addr); - $MSK = pack('N4', -1 << (32 - $LEN)); - $BRD = join(".", unpack('C4', $ADR | ~$MSK)); - $MAC = "fe:fd:" . join(":", map { sprintf "%02x", $_ } unpack('C4', $ADR)); - - if(!defined($VPNMASK)) { - $VPNMASK = $MSK; - $VPNMASK = join(".", unpack('C4', $VPNMASK)); - } - $ADR = join(".", unpack('C4', $ADR)); - $MSK = join(".", unpack('C4', $MSK)); - - 1; -} - - -############################################################################## -# vpn_start () starts specified VPN -# -# $_[0] ... VPN to start - -sub vpn_start { - vpn_load($_[0]) || return 0; - - system("insmod ethertap -s --name=\"ethertap$NUM\" unit=\"$NUM\" >/dev/null"); - system("ifconfig $DEV hw ether $MAC"); - system("ifconfig $DEV $ADR netmask $VPNMASK broadcast $BRD mtu 1448 -arp"); - system("start-stop-daemon --start --quiet --pidfile /var/run/$NAME.$_[0].pid --exec $DAEMON -- -n $_[0] $EXTRA"); -} - - - - -############################################################################## -# vpn_stop () Stops specified VPN -# -# $_[0] ... VPN to stop - -sub vpn_stop { - vpn_load($_[0]) || return 1; - - system("start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.$_[0].pid --exec $DAEMON -- -n $_[0] $EXTRA -k"); - - system("ifconfig $DEV down"); - system("rmmod ethertap$NUM -s"); -} - - if(!defined($ARGV[0])) { die "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}\n"; } @@ -159,7 +51,7 @@ if($ARGV[0] eq "start") { print "Starting $DESC:"; foreach $n (@NETS) { print " $n"; - vpn_start($n); + system("$DAEMON -n $_[0] $EXTRA"); } print ".\n"; } elsif ($ARGV[0] eq "stop") { @@ -167,7 +59,7 @@ if($ARGV[0] eq "start") { print "Stopping $DESC:"; foreach $n (@NETS) { print " $n"; - vpn_stop($n); + system("$DAEMON -n $_[0] $EXTRA -k"); } print ".\n"; } elsif ($ARGV[0] eq "restart" || $ARGV[0] eq "force-reload") { @@ -175,13 +67,13 @@ if($ARGV[0] eq "start") { print "Stopping $DESC:"; foreach $n (@NETS) { print " $n"; - vpn_stop($n); + system("$DAEMON -n $_[0] $EXTRA -k"); } print ".\n"; print "Starting $DESC:"; foreach $n (@NETS) { print " $n"; - vpn_start($n); + system("$DAEMON -n $_[0] $EXTRA"); } print ".\n"; } else { From a13d9c9da7434154b33e666c2236844011b87d46 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 2 Nov 2000 20:25:35 +0000 Subject: [PATCH 151/923] This file is no longer needed. --- debian/shlibs | 1 - 1 file changed, 1 deletion(-) delete mode 100644 debian/shlibs diff --git a/debian/shlibs b/debian/shlibs deleted file mode 100644 index 70162689..00000000 --- a/debian/shlibs +++ /dev/null @@ -1 +0,0 @@ -libblowfish 0 libc6 From fd32d771a84765281ea4ab8a5d9dbf5cebfa2911 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 2 Nov 2000 20:29:03 +0000 Subject: [PATCH 152/923] - Synchronized changelog with the package's changelog. - Changed maintainer email address. - New file doc-base.tinc. - Better Build-Depends and Depends lines. --- debian/changelog | 17 +++++++++++++---- debian/control | 7 ++++--- debian/doc-base.tinc | 10 ++++++++++ 3 files changed, 27 insertions(+), 7 deletions(-) create mode 100644 debian/doc-base.tinc diff --git a/debian/changelog b/debian/changelog index 629e5524..6db75e92 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,19 @@ tinc (1.0pre3-0.1) unstable; urgency=low - * New upstream version (1.0pre3) - * Better Depends and Build-Depends lines, including all available - versions of GMP. + * New upstream version (1.0pre3) (Closes: #71274). + * Better Depends and Build-Depends lines. + * Dropped dependencies on libgmp, added libssl. + * doc-base.tinc: New file. + * Deleted the file shlibs, as there on longer is a libblowfish. - -- Ivo Timmermans Wed, 20 Sep 2000 20:26:35 +0200 + -- Ivo Timmermans Thu, 2 Nov 2000 16:53:52 +0100 + +tinc (1.0pre2-1.1) unstable; urgency=low + + * NMU at Ivo's request as his application is being processed, and his + sponsor is based in the US. + + -- J.H.M. Dassen (Ray) Wed, 28 Jun 2000 21:52:30 +0200 tinc (1.0pre2-1) unstable; urgency=low diff --git a/debian/control b/debian/control index ea9c9ca2..21b624c0 100644 --- a/debian/control +++ b/debian/control @@ -1,13 +1,14 @@ Source: tinc Section: non-US/main Priority: optional -Maintainer: Ivo Timmermans +Maintainer: Ivo Timmermans Standards-Version: 3.0.1 -Build-Depends: libc6-dev, libssl095a-dev, autoconf (>= 2.12), automake, +Build-Depends: libc6-dev, libssl095a-dev, autoconf (>= 2.12), + automake, debhelper Package: tinc Architecture: i386 -Depends: ${shlibs:Depends}, (libssl095a|libssl09), perl5 +Depends: ${shlibs:Depends}, (libssl095a|libssl095|libssl09), perl5 Description: Virtual Private Network daemon tinc is a daemon with which you can create a virtual private network (VPN). One daemon can handle multiple connections, so you can diff --git a/debian/doc-base.tinc b/debian/doc-base.tinc new file mode 100644 index 00000000..6f28d1f6 --- /dev/null +++ b/debian/doc-base.tinc @@ -0,0 +1,10 @@ +Document: tinc +Title: tinc Manual +Author: Ivo Timmermans, Guus Sliepen +Abstract: This manual describes how to set up a Virtual Private + Network with tinc. +Section: net + +Format: HTML +Files: /usr/share/doc/tinc/tinc*.html +Index: /usr/share/doc/tinc/tinc_toc.html From cadf81fe67aed424504758865c2ea2bb263c76fb Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 2 Nov 2000 21:26:51 +0000 Subject: [PATCH 153/923] Do not include $(top_srcdir)/cipher, it does no longer exist. --- src/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index dab09fc2..7ef3ab3b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,11 +1,11 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.4 2000/10/20 19:46:57 guus Exp $ +# $Id: Makefile.am,v 1.4.4.5 2000/11/02 21:26:51 zarq Exp $ sbin_PROGRAMS = tincd tincd_SOURCES = conf.c connlist.c meta.c net.c netutl.c protocol.c subnet.c tincd.c -INCLUDES = -I$(top_builddir) -I$(top_srcdir)/cipher -I$(top_srcdir)/lib -I$(top_srcdir)/intl +INCLUDES = -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl noinst_HEADERS = conf.h connlist.h meta.h net.h netutl.h protocol.h subnet.h From 1b11bcb0128ca65580cbf28ffb16078c81e6d678 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 2 Nov 2000 21:34:45 +0000 Subject: [PATCH 154/923] Added a perl example to turn an IP address into a MAC address. --- doc/tinc.texi | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 8c909b9c..b51bf01a 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.5 2000/10/14 22:22:06 zarq Exp $ +@c $Id: tinc.texi,v 1.8.4.6 2000/11/02 21:34:45 zarq Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -17,7 +17,7 @@ Copyright @copyright{} 1998,199,2000 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.5 2000/10/14 22:22:06 zarq Exp $ +$Id: tinc.texi,v 1.8.4.6 2000/11/02 21:34:45 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -42,7 +42,7 @@ Copyright @copyright{} 1998,1999,2000 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.5 2000/10/14 22:22:06 zarq Exp $ +$Id: tinc.texi,v 1.8.4.6 2000/11/02 21:34:45 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -554,6 +554,14 @@ $ printf 'fe:fd:%02x:%02x:%02x:%02x' 10 1 54 1 fe:fd:0a:01:36:01 @end example +or with perl: + +@example +$ perl -e 'print "fe:fd:", join(":", map @{sprintf "%02x", $_@} split(/\./, $ARGV[0])), "\n";' 10.1.54.1 +fe:fd:0a:01:36:01 +@end example + + @cindex ifconfig To activate the device, you have to assign an IP address to it. To set an IP address @emph{IP} with network mask @emph{mask}, do the following: From 3db3a41667f90ce74bfd0197fc867cc71a087e50 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 2 Nov 2000 21:38:55 +0000 Subject: [PATCH 155/923] Only check for linux/if_tun.h once --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 194fc931..beab3517 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.12 2000/10/23 21:56:56 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.13 2000/11/02 21:38:55 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre3) @@ -33,7 +33,7 @@ dnl Checks for libraries. dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS(fcntl.h limits.h sys/ioctl.h syslog.h unistd.h sys/time.h linux/if_tun.h) +AC_CHECK_HEADERS(fcntl.h limits.h sys/ioctl.h syslog.h unistd.h sys/time.h) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST From e954fc8f0c731e7116fd27f38c176b83cca519f7 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 2 Nov 2000 21:39:57 +0000 Subject: [PATCH 156/923] Changed `I' to `We' - small change, lots of difference :) --- THANKS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/THANKS b/THANKS index 6116810a..bee2a27c 100644 --- a/THANKS +++ b/THANKS @@ -1,4 +1,4 @@ -I would like to thank +We would like to thank * Hans Bayle (for making some useful coding suggestions and fixing a bug or two) From 5b6815751e581bedd64bfc63aea5b42c746bbceb Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 2 Nov 2000 21:40:33 +0000 Subject: [PATCH 157/923] More exhaustive list of changes - perhaps it can be worded differently? --- NEWS | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index da91eef3..c8e3cd34 100644 --- a/NEWS +++ b/NEWS @@ -1,10 +1,12 @@ version 1.0pre3 Oct 31 2000 - * Major overhaul + * New protocol * Use public/private key cryptography (fixes security hole) + * Spanish translation of the program and the manual * Use OpenSSL crypto library for all cryptography * Support for multiple subnets per tinc daemon - * Support for tun/tap device - + * Support for universal tun/tap device + * No longer depends on GMP + version 1.0pre2 May 31 2000 * Internationalized, Dutch translation available * Many sanity checks on the meta protocol added From 84c842def74c5d0e9c4a69e4f584fe9eb66eb728 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 2 Nov 2000 21:41:53 +0000 Subject: [PATCH 158/923] Change wsl to Wessel's name and email address in the ChangeLog creation --- Makefile.am | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 19ae3014..8ee22a7a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -14,8 +14,10 @@ CVS_CREATED = configure aclocal.m4 config.h.in config.guess \ ChangeLog: rm -f ChangeLog - rcs2log -u "zarq Ivo Timmermans itimmermans@bigfoot.com" \ - -u "guus Guus Sliepen guus@sliepen.warande.net" | \ + rcs2log -r -r -r CABAL \ + -u "zarq Ivo Timmermans itimmermans@bigfoot.com" \ + -u "guus Guus Sliepen guus@sliepen.warande.net" \ + -u "wsl Wessel Dankers wsl@nl.linux.org" | \ sed -e 's,/home/CVS/tinc/,,g' > $@ cvs-clean: maintainer-clean From c444305c0bb965aa515a503406844ceeb483c285 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 2 Nov 2000 21:43:03 +0000 Subject: [PATCH 159/923] Mention fileutils, add a pointer to THANKS for more details --- AUTHORS | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/AUTHORS b/AUTHORS index 532543f4..4721984f 100644 --- a/AUTHORS +++ b/AUTHORS @@ -5,3 +5,9 @@ Ivo Timmermans These files are from other sources: * lib/pidfile.h and lib/pidfile.c are by Martin Schulze, taken from the syslog 1.3 sources. + +Also some of the macro files in the directory m4, and their +accompanying files in lib, were taken from GNU fileutils. + +Please see the file THANKS for more information on contributions from +users. From 013fcb0e9f9c0222f4f63ddf42a2f25bfc4a5546 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 2 Nov 2000 22:05:36 +0000 Subject: [PATCH 160/923] Changed a few messages wrt. system calls; updated and changed the Dutch translation a bit. --- po/nl.po | 148 +++++++++++++++++++++++++++--------------------------- src/net.c | 24 +++++---- 2 files changed, 88 insertions(+), 84 deletions(-) diff --git a/po/nl.po b/po/nl.po index aabeee11..50e97e74 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-10-30 01:16+0100\n" +"POT-Creation-Date: 2000-11-02 23:03+0100\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -42,19 +42,19 @@ msgstr "" #: src/conf.c:219 #, c-format msgid "Failed to read `%s': %m\n" -msgstr "Gefaald om `%s' te lezen: %m\n" +msgstr "`%s' lezen mislukte: %m\n" #: src/meta.c:45 #, c-format msgid "Sending %d bytes of metadata to %s (%s): %s" -msgstr "Verzending %d bytes metadata naar %s (%s): %s" +msgstr "Verzenden van %d bytes metadata naar %s (%s): %s" #: src/meta.c:61 #, c-format msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:89 src/net.c:974 +#: src/meta.c:89 src/net.c:979 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" @@ -82,7 +82,7 @@ msgstr "Kreeg verzoek van %s (%s): %s" #: src/meta.c:166 #, c-format msgid "Metadata read buffer overflow for %s (%s)" -msgstr "Metadata leesbuffer overvol voor %s (%s)" +msgstr "Metadata leesbuffer overloop voor %s (%s)" #: src/net.c:127 #, c-format @@ -97,7 +97,7 @@ msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" #: src/net.c:165 #, c-format msgid "Writing packet of %d bytes to tap device" -msgstr "Verzending pakket van %d bytes naar tap device" +msgstr "Verzending pakket van %d bytes naar tap-apparaat" #: src/net.c:175 #, c-format @@ -148,252 +148,238 @@ msgstr "%s is een nieuwe stijl tun/tap apparaat" msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:460 src/net.c:466 src/net.c:528 +#: src/net.c:460 src/net.c:467 src/net.c:475 src/net.c:506 src/net.c:532 +#: src/net.c:540 src/net.c:1004 #, c-format -msgid "setsockopt: %m" -msgstr "setsockopt: %m" +msgid "System call `%s' failed: %m" +msgstr "Systeemaanroep `%s' mislukte: %m" -#: src/net.c:473 src/net.c:535 -#, c-format -msgid "fcntl: %m" -msgstr "fcntl: %m" - -#: src/net.c:481 +#: src/net.c:484 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:497 +#: src/net.c:500 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:503 -#, c-format -msgid "listen: %m" -msgstr "listen: %m" - -#: src/net.c:522 +#: src/net.c:526 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:546 +#: src/net.c:552 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:563 +#: src/net.c:569 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:573 +#: src/net.c:579 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:584 +#: src/net.c:590 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:591 +#: src/net.c:597 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:597 +#: src/net.c:603 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:620 +#: src/net.c:626 msgid "Invalid name for outgoing connection" msgstr "Ongelige naam voor uitgaande verbinding" -#: src/net.c:629 +#: src/net.c:635 #, c-format msgid "Error reading host configuration file for %s" msgstr "Fout tijdens lezen host configuratie bestand voor %s" -#: src/net.c:636 +#: src/net.c:642 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:643 +#: src/net.c:649 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:653 +#: src/net.c:659 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:688 +#: src/net.c:694 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:696 +#: src/net.c:702 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:702 +#: src/net.c:708 msgid "Private key for tinc daemon required!" msgstr "Privé sleutel voor tinc daemon verplicht!" -#: src/net.c:714 +#: src/net.c:720 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:720 +#: src/net.c:726 msgid "Public key for tinc daemon required!" msgstr "Publieke sleutel voor tinc daemon verplicht!" -#: src/net.c:760 +#: src/net.c:766 msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" -#: src/net.c:769 +#: src/net.c:775 msgid "Unable to set up a listening socket!" msgstr "Kon geen luistersocket aanmaken!" -#: src/net.c:775 +#: src/net.c:781 msgid "Unable to set up an incoming vpn data socket!" msgstr "Kon geen socket maken voor inkomend vpn verkeer!" -#: src/net.c:800 +#: src/net.c:806 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:832 +#: src/net.c:838 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:867 src/net.c:927 +#: src/net.c:872 src/net.c:932 #, c-format msgid "Error while executing %s: %m" msgstr "Fout tijdens uitvoeren %s: %m" -#: src/net.c:889 +#: src/net.c:894 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:937 +#: src/net.c:942 msgid "Terminating" msgstr "Beëindigen" -#: src/net.c:951 +#: src/net.c:956 #, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:956 +#: src/net.c:961 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:966 +#: src/net.c:971 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:999 -#, c-format -msgid "Error: getpeername: %m" -msgstr "Fout: getpeername: %m" - -#: src/net.c:1014 +#: src/net.c:1020 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1060 +#: src/net.c:1066 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1066 +#: src/net.c:1072 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1072 +#: src/net.c:1078 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1078 +#: src/net.c:1084 #, c-format msgid "Received packet of %d bytes" msgstr "Ontvangst pakket van %d bytes" -#: src/net.c:1100 +#: src/net.c:1106 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1136 +#: src/net.c:1142 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:1168 +#: src/net.c:1174 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1199 +#: src/net.c:1205 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1207 +#: src/net.c:1213 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1240 +#: src/net.c:1246 #, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" -#: src/net.c:1276 +#: src/net.c:1282 #, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1285 +#: src/net.c:1291 #, c-format msgid "Error while reading from ethertap device: %m" msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1296 +#: src/net.c:1302 msgid "Received short packet from tap device" msgstr "Kort pakket ontvangen van tap apparaat" -#: src/net.c:1302 +#: src/net.c:1308 #, c-format msgid "Read packet of length %d from tap device" msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1334 +#: src/net.c:1340 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1341 +#: src/net.c:1347 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1348 +#: src/net.c:1354 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1374 +#: src/net.c:1380 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" @@ -578,7 +564,7 @@ msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" -"Kreeg ADD_SUBNET voor %d.%d.%d.%d van %s (%s) die niet voorkomt in onze " +"Kreeg ADD_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" #: src/protocol.c:734 @@ -605,7 +591,7 @@ msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" -"Kreeg DEL_SUBNET voor %d.%d.%d.%d van %s (%s) die niet voorkomt in onze " +"Kreeg DEL_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" #: src/protocol.c:811 @@ -950,3 +936,15 @@ msgstr "Kreeg INT signaal, be #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" + +#~ msgid "Error: getpeername: %m" +#~ msgstr "Fout: getpeername: %m" + +#~ msgid "setsockopt: %m" +#~ msgstr "setsockopt: %m" + +#~ msgid "fcntl: %m" +#~ msgstr "fcntl: %m" + +#~ msgid "listen: %m" +#~ msgstr "listen: %m" diff --git a/src/net.c b/src/net.c index 9376ec3b..308a64f6 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.56 2000/10/30 00:22:53 guus Exp $ + $Id: net.c,v 1.35.4.57 2000/11/02 22:05:35 zarq Exp $ */ #include "config.h" @@ -457,20 +457,23 @@ cp if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { - syslog(LOG_ERR, _("setsockopt: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "setsockopt"); return -1; } if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one))) { - syslog(LOG_ERR, _("setsockopt: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "setsockopt"); return -1; } flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, _("fcntl: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fcntl"); return -1; } @@ -500,7 +503,8 @@ cp if(listen(nfd, 3)) { - syslog(LOG_ERR, _("listen: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "listen"); return -1; } cp @@ -525,14 +529,16 @@ cp if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { - syslog(LOG_ERR, _("setsockopt: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "setsockopt"); return -1; } flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, _("fcntl: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fcntl"); return -1; } @@ -860,7 +866,6 @@ cp if(!fork()) { - execl(scriptname, NULL); if(errno != ENOENT) @@ -996,7 +1001,8 @@ cp if(getpeername(sfd, &ci, &len) < 0) { - syslog(LOG_ERR, _("Error: getpeername: %m")); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "getpeername"); return NULL; } From 5672ddd6cb9116420a1904f7741fdbed89c2ec54 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 2 Nov 2000 22:10:09 +0000 Subject: [PATCH 161/923] Don't include shlibs, as it no longer exists. --- debian/Makefile.am | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/Makefile.am b/debian/Makefile.am index c082aea5..7a602e48 100644 --- a/debian/Makefile.am +++ b/debian/Makefile.am @@ -1 +1,2 @@ -EXTRA_DIST = README.Debian changelog conffiles control copyright dirs docs info init.d postinst rules shlibs +EXTRA_DIST = README.Debian changelog conffiles control copyright dirs \ + docs info init.d postinst rules From ef12849c1a03b3aaf85dd46786d6631f66b104bd Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 2 Nov 2000 22:11:18 +0000 Subject: [PATCH 162/923] Oops, and include doc-base.tinc (new file). --- debian/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/Makefile.am b/debian/Makefile.am index 7a602e48..6bb365bb 100644 --- a/debian/Makefile.am +++ b/debian/Makefile.am @@ -1,2 +1,2 @@ EXTRA_DIST = README.Debian changelog conffiles control copyright dirs \ - docs info init.d postinst rules + docs info init.d postinst rules doc-base.tinc From 6a10e42f734e8bec9848a11e73bc2a8211a9f401 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 2 Nov 2000 22:51:16 +0000 Subject: [PATCH 163/923] - If necessary, patch po/Makefile.in from po-Makefile.in.in.diff to get DESTDIR installation (required to get locales installed correctly). - Use dh_perl to get accurate perl dependencies. --- debian/changelog | 4 +++- debian/control | 2 +- debian/po-Makefile.in.in.diff | 32 ++++++++++++++++++++++++++++++++ debian/rules | 19 +++++++------------ 4 files changed, 43 insertions(+), 14 deletions(-) create mode 100644 debian/po-Makefile.in.in.diff diff --git a/debian/changelog b/debian/changelog index 6db75e92..fc2b8b87 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,12 @@ -tinc (1.0pre3-0.1) unstable; urgency=low +tinc (1.0pre3-0.2) unstable; urgency=low * New upstream version (1.0pre3) (Closes: #71274). * Better Depends and Build-Depends lines. * Dropped dependencies on libgmp, added libssl. * doc-base.tinc: New file. * Deleted the file shlibs, as there on longer is a libblowfish. + * Patch po/Makefile.in.in from po-Makefile.in.in.diff if necessary. + * Use dh_perl to get accurate perl dependencies. -- Ivo Timmermans Thu, 2 Nov 2000 16:53:52 +0100 diff --git a/debian/control b/debian/control index 21b624c0..4938b7bb 100644 --- a/debian/control +++ b/debian/control @@ -8,7 +8,7 @@ Build-Depends: libc6-dev, libssl095a-dev, autoconf (>= 2.12), Package: tinc Architecture: i386 -Depends: ${shlibs:Depends}, (libssl095a|libssl095|libssl09), perl5 +Depends: ${shlibs:Depends}, ${perl:Depends} Description: Virtual Private Network daemon tinc is a daemon with which you can create a virtual private network (VPN). One daemon can handle multiple connections, so you can diff --git a/debian/po-Makefile.in.in.diff b/debian/po-Makefile.in.in.diff new file mode 100644 index 00000000..b33223af --- /dev/null +++ b/debian/po-Makefile.in.in.diff @@ -0,0 +1,32 @@ +--- Makefile.in.in.orig Thu Nov 2 20:02:58 2000 ++++ Makefile.in.in Thu Nov 2 23:25:42 2000 +@@ -24,6 +24,8 @@ + gettextsrcdir = $(prefix)/share/gettext/po + subdir = po + ++DESTDIR = ++ + INSTALL = @INSTALL@ + INSTALL_DATA = @INSTALL_DATA@ + MKINSTALLDIRS = $(top_srcdir)/@MKINSTALLDIRS@ +@@ -111,16 +113,16 @@ + install-data-no: all + install-data-yes: all + if test -r "$(MKINSTALLDIRS)"; then \ +- $(MKINSTALLDIRS) $(datadir); \ ++ $(MKINSTALLDIRS) $(DESTDIR)$(datadir); \ + else \ +- $(SHELL) $(top_srcdir)/mkinstalldirs $(datadir); \ ++ $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(datadir); \ + fi + @catalogs='$(CATALOGS)'; \ + for cat in $$catalogs; do \ + cat=`basename $$cat`; \ + case "$$cat" in \ +- *.gmo) destdir=$(gnulocaledir);; \ +- *) destdir=$(localedir);; \ ++ *.gmo) destdir=$(DESTDIR)$(gnulocaledir);; \ ++ *) destdir=$(DESTDIR)$(localedir);; \ + esac; \ + lang=`echo $$cat | sed 's/\$(CATOBJEXT)$$//'`; \ + dir=$$destdir/$$lang/LC_MESSAGES; \ diff --git a/debian/rules b/debian/rules index 397e998b..421d544b 100644 --- a/debian/rules +++ b/debian/rules @@ -12,6 +12,12 @@ build: build-stamp build-stamp: dh_testdir +# # If the Makefile.in.in file in po/ already contains DESTDIR support, skip the patching. + cd `pwd`/po ; ( \ + if ! grep DESTDIR Makefile.in.in > /dev/null ; then \ + patch -Ns -p0 < `pwd`/../debian/po-Makefile.in.in.diff || true ;\ + fi ;\ + ) ./configure --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --sysconfdir=/etc $(MAKE) @@ -36,7 +42,6 @@ install: build mkdir -p `pwd`/debian/tmp/etc/tinc/example cp doc/tinc.conf.sample `pwd`/debian/tmp/etc/tinc/example/tinc.conf ln -s /usr/share/doc/tinc/README.Debian `pwd`/debian/tmp/etc/tinc/example/README - rm -f `pwd`/debian/tmp/usr/lib/tinc/libblowfish.so # Build architecture-independent files here. @@ -45,30 +50,20 @@ binary-indep: build install # Build architecture-dependent files here. binary-arch: build install -# dh_testversion dh_testdir dh_testroot -# dh_installdebconf dh_installdocs dh_installexamples -# dh_installmenu -# dh_installemacsen -# dh_installpam dh_installinit -# dh_installcron dh_installmanpages dh_installinfo -# dh_undocumented dh_installchangelogs ChangeLog dh_link dh_strip dh_compress dh_fixperms -# # You may want to make some executables suid here. -# dh_suidregister -# dh_makeshlibs dh_installdeb -# dh_perl + dh_perl dh_shlibdeps dh_gencontrol dh_md5sums From 7612c6da3890ce5a0730e4dfde9d5ba07bdbf5b3 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 2 Nov 2000 23:02:49 +0000 Subject: [PATCH 164/923] Minor cosmetic change. --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 4938b7bb..cfbce0af 100644 --- a/debian/control +++ b/debian/control @@ -16,5 +16,5 @@ Description: Virtual Private Network daemon participating computer. . You need to have two kernel modules installed, on a Debian system - they should already be there; if they are not, the manual will + they should already be there. If they are not, the manual will explain you how to do that. From 4ad1e382d6f10acf94ce59d85b80925cee7553a6 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 3 Nov 2000 22:31:55 +0000 Subject: [PATCH 165/923] Save the environment on startup. --- src/tincd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/tincd.c b/src/tincd.c index a99b81bc..4c494f5c 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.23 2000/10/30 10:19:06 guus Exp $ + $Id: tincd.c,v 1.10.4.24 2000/11/03 22:31:55 zarq Exp $ */ #include "config.h" @@ -74,6 +74,8 @@ char *identname; /* program name for syslog */ char *pidfilename; /* pid file location */ static pid_t ppid; /* pid of non-detached part */ char **g_argv; /* a copy of the cmdline arguments */ +char **environment; /* A pointer to the environment on + startup */ void cleanup_and_exit(int); int detach(void); @@ -393,6 +395,7 @@ main(int argc, char **argv, char **envp) unknown = _("unknown"); + environment = envp; parse_options(argc, argv, envp); if(show_version) From 73aa7fbf7e1b623398d1bc1493f567ce4d846f22 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 3 Nov 2000 22:33:16 +0000 Subject: [PATCH 166/923] Run the scripts tinc-up and tinc-down from a separate function, which sets the environment as it should be and checks for errors. --- src/net.c | 89 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 51 insertions(+), 38 deletions(-) diff --git a/src/net.c b/src/net.c index 308a64f6..049f28e3 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.57 2000/11/02 22:05:35 zarq Exp $ + $Id: net.c,v 1.35.4.58 2000/11/03 22:33:16 zarq Exp $ */ #include "config.h" @@ -51,11 +51,11 @@ #include #include "conf.h" +#include "connlist.h" +#include "meta.h" #include "net.h" #include "netutl.h" #include "protocol.h" -#include "meta.h" -#include "connlist.h" #include "subnet.h" #include "system.h" @@ -74,6 +74,7 @@ int keylifetime = 0; int keyexpires = 0; char *unknown = NULL; +char *interface_name = NULL; /* Contains the name of the interface */ subnet_t mymac; @@ -103,6 +104,47 @@ cp cp } +/* + Execute the given script. + This function doesn't really belong here. +*/ +int execute_script(const char* name) +{ + char *scriptname; + pid_t pid; + char **env; + extern char **environment; /* From tincd.c; contains our env */ + + asprintf(&scriptname, "%s/%s", confbase, name); + + if((pid = fork()) < 0) + { + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fork"); + return -1; + } + + if(pid) + { + free(scriptname); + return 0; + } + + /* Child here */ + + env = xmalloc(sizeof(environment) + 1 * sizeof(char*)); + memcpy(&(env[1]), environment, sizeof(environment)); + asprintf(&(env[0]), "IFNAME=%s", interface_name); + execle(scriptname, NULL, env); + /* No return on success */ + + if(errno != ENOENT) /* Ignore if the file does not exist */ + syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname); + + /* No need to free things */ + exit(0); +} + int xsend(conn_list_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; @@ -380,7 +422,6 @@ int setup_tap_fd(void) int nfd; const char *tapfname; config_t const *cfg; - char *envvar; struct ifreq ifr; cp @@ -430,9 +471,8 @@ cp /* Add name of network interface to environment (for scripts) */ ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr); - asprintf(&envvar, "IFNAME=%s", ifr.ifr_name); - putenv(envvar); - free(envvar); + interface_name = xmalloc(strlen(ifr.ifr_name)); + strcpy(interface_name, ifr.ifr_name); cp return 0; @@ -619,7 +659,7 @@ int setup_outgoing_connection(char *name) { conn_list_t *ncn; struct hostent *h; - config_t *cfg; + config_t const *cfg; cp if(check_id(name)) { @@ -847,7 +887,6 @@ cp int setup_network_connections(void) { config_t const *cfg; - char *scriptname; cp if((cfg = get_config_val(config, pingtimeout)) == NULL) timeout = 5; @@ -861,21 +900,8 @@ cp return -1; /* Run tinc-up script to further initialize the tap interface */ - - asprintf(&scriptname, "%s/tinc-up", confbase); - - if(!fork()) - { - execl(scriptname, NULL); - - if(errno != ENOENT) - syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname); - - exit(0); - } - - free(scriptname); - + execute_script("tinc-up"); + if(!(cfg = get_config_val(config, connectto))) /* No upstream IP given, we're listen only. */ return 0; @@ -921,20 +947,7 @@ cp } /* Execute tinc-down script right before shutting down the interface */ - - asprintf(&scriptname, "%s/tinc-down", confbase); - - if(!fork()) - { - execl(scriptname, NULL); - - if(errno != ENOENT) - syslog(LOG_WARNING, _("Error while executing %s: %m"), scriptname); - - exit(0); - } - - free(scriptname); + execute_script("tinc-down"); close(tap_fd); destroy_conn_list(); From 5065ea32c32e27478d93c00a1bba0c812b7a2b8c Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 3 Nov 2000 22:35:12 +0000 Subject: [PATCH 167/923] Warnings removal pass: always include config.h first; add a few prototypes in the header files. This also fixes a few lint errors/warnings. --- src/conf.c | 4 ++-- src/connlist.c | 5 ++++- src/connlist.h | 4 +++- src/protocol.c | 5 +++-- src/protocol.h | 4 +++- src/subnet.c | 17 +++++++++-------- 6 files changed, 24 insertions(+), 15 deletions(-) diff --git a/src/conf.c b/src/conf.c index 7780a0b2..477d0fd8 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,9 +19,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.19 2000/10/29 00:24:31 guus Exp $ + $Id: conf.c,v 1.9.4.20 2000/11/03 22:35:10 zarq Exp $ */ +#include "config.h" #include #include @@ -30,7 +31,6 @@ #include #include #include -#include #include diff --git a/src/connlist.c b/src/connlist.c index ac6970b5..89b11fbe 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,9 +17,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.11 2000/10/29 02:07:39 guus Exp $ + $Id: connlist.c,v 1.1.2.12 2000/11/03 22:35:10 zarq Exp $ */ +#include "config.h" + +#include #include #include "net.h" /* Don't ask. */ diff --git a/src/connlist.h b/src/connlist.h index 69bef9ee..8f974c97 100644 --- a/src/connlist.h +++ b/src/connlist.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.h,v 1.1.2.9 2000/10/29 22:55:14 guus Exp $ + $Id: connlist.h,v 1.1.2.10 2000/11/03 22:35:10 zarq Exp $ */ #ifndef __TINC_CONNLIST_H__ @@ -109,5 +109,7 @@ extern void conn_list_del(conn_list_t *); extern conn_list_t *lookup_id(char *); extern void dump_conn_list(void); extern int read_host_config(conn_list_t *); +extern void destroy_conn_list(void); +extern void prune_conn_list(void); #endif /* __TINC_CONNLIST_H__ */ diff --git a/src/protocol.c b/src/protocol.c index 40acfbb2..aeeec1be 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.53 2000/10/29 22:55:14 guus Exp $ + $Id: protocol.c,v 1.28.4.54 2000/11/03 22:35:11 zarq Exp $ */ #include "config.h" @@ -174,7 +174,7 @@ cp int id_h(conn_list_t *cl) { conn_list_t *old; - config_t *cfg; + config_t const *cfg; cp if(sscanf(cl->buffer, "%*d %as %d %lx %hd", &cl->name, &cl->protocol_version, &cl->options, &cl->port) != 4) { @@ -803,6 +803,7 @@ int add_host_h(conn_list_t *cl) { conn_list_t *old, *new; conn_list_t *p; + cp new = new_conn_list(); diff --git a/src/protocol.h b/src/protocol.h index 91c0cfba..82e3f903 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.14 2000/10/29 22:55:15 guus Exp $ + $Id: protocol.h,v 1.5.4.15 2000/11/03 22:35:12 zarq Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -69,5 +69,7 @@ extern int send_ans_key(conn_list_t*, conn_list_t*, char*); extern int send_tcppacket(conn_list_t *, void *, int); extern int notify_others(conn_list_t *, conn_list_t *, int (*function)(conn_list_t*, conn_list_t*)); +extern int receive_request(conn_list_t *); +extern int check_id(char *); #endif /* __TINC_PROTOCOL_H__ */ diff --git a/src/subnet.c b/src/subnet.c index 1a9a5608..9fceea8e 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,21 +17,22 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.8 2000/10/29 00:02:20 guus Exp $ + $Id: subnet.c,v 1.1.2.9 2000/11/03 22:35:12 zarq Exp $ */ -#include -#include - #include "config.h" -#include -#include -#include "subnet.h" -#include "net.h" +#include +#include + #include "conf.h" +#include "net.h" +#include "subnet.h" #include "system.h" +#include +#include + /* lists type of subnet */ subnet_t *subnet_list[SUBNET_TYPES] = { NULL }; From dc699f8b1265deb7606d553e36326527dbd29746 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 4 Nov 2000 10:37:27 +0000 Subject: [PATCH 168/923] - Removed unused MAC strip/add functions. --- src/net.c | 28 +--------------------------- 1 file changed, 1 insertion(+), 27 deletions(-) diff --git a/src/net.c b/src/net.c index 049f28e3..fb15b5ee 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.58 2000/11/03 22:33:16 zarq Exp $ + $Id: net.c,v 1.35.4.59 2000/11/04 10:37:27 guus Exp $ */ #include "config.h" @@ -78,32 +78,6 @@ char *interface_name = NULL; /* Contains the name of the interface */ subnet_t mymac; -/* - strip off the MAC adresses of an ethernet frame -*/ -void strip_mac_addresses(vpn_packet_t *p) -{ -cp - memmove(p->data, p->data + 12, p->len -= 12); -cp -} - -/* - reassemble MAC addresses -*/ -void add_mac_addresses(vpn_packet_t *p) -{ -cp - memcpy(p->data + 12, p->data, p->len); - p->len += 12; - p->data[0] = p->data[6] = 0xfe; - p->data[1] = p->data[7] = 0xfd; - /* Really evil pointer stuff just below! */ - *((ip_t*)(&p->data[2])) = (ip_t)(htonl(myself->address)); - *((ip_t*)(&p->data[8])) = *((ip_t*)(&p->data[26])); -cp -} - /* Execute the given script. This function doesn't really belong here. From ed0bf283e37642f9f7673f664713a16d916bd70f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 4 Nov 2000 11:49:58 +0000 Subject: [PATCH 169/923] - Removed even more warnings. --- src/connlist.c | 3 ++- src/connlist.h | 4 ++-- src/net.c | 8 ++++---- src/netutl.h | 3 ++- src/subnet.c | 4 ++-- 5 files changed, 12 insertions(+), 10 deletions(-) diff --git a/src/connlist.c b/src/connlist.c index 89b11fbe..105049ef 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.12 2000/11/03 22:35:10 zarq Exp $ + $Id: connlist.c,v 1.1.2.13 2000/11/04 11:49:56 guus Exp $ */ #include "config.h" @@ -26,6 +26,7 @@ #include #include "net.h" /* Don't ask. */ +#include "netutl.h" #include "config.h" #include "conf.h" #include diff --git a/src/connlist.h b/src/connlist.h index 8f974c97..0b9fa6b3 100644 --- a/src/connlist.h +++ b/src/connlist.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.h,v 1.1.2.10 2000/11/03 22:35:10 zarq Exp $ + $Id: connlist.h,v 1.1.2.11 2000/11/04 11:49:57 guus Exp $ */ #ifndef __TINC_CONNLIST_H__ @@ -56,7 +56,7 @@ typedef struct conn_list_t { char *hostname; /* the hostname of its real ip */ short unsigned int port; /* his portnumber */ int protocol_version; /* used protocol */ - long int options; /* options turned on for this connection */ + long unsigned int options; /* options turned on for this connection */ int flags; /* his flags */ int socket; /* our udp vpn socket */ diff --git a/src/net.c b/src/net.c index fb15b5ee..f8f84bcd 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.59 2000/11/04 10:37:27 guus Exp $ + $Id: net.c,v 1.35.4.60 2000/11/04 11:49:57 guus Exp $ */ #include "config.h" @@ -903,7 +903,6 @@ cp void close_network_connections(void) { conn_list_t *p; - char *scriptname; cp for(p = conn_list; p != NULL; p = p->next) { @@ -920,10 +919,11 @@ cp myself = NULL; } - /* Execute tinc-down script right before shutting down the interface */ + close(tap_fd); + + /* Execute tinc-down script right after shutting down the interface */ execute_script("tinc-down"); - close(tap_fd); destroy_conn_list(); syslog(LOG_NOTICE, _("Terminating")); diff --git a/src/netutl.h b/src/netutl.h index aed4ad78..0ce22d42 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.3 2000/10/11 22:01:00 guus Exp $ + $Id: netutl.h,v 1.2.4.4 2000/11/04 11:49:58 guus Exp $ */ #ifndef __TINC_NETUTL_H__ @@ -25,6 +25,7 @@ #include "net.h" #include "conf.h" +extern void destroy_queue(packet_queue_t *); extern char *hostlookup(unsigned long); extern ip_mask_t *strtoip(char*); diff --git a/src/subnet.c b/src/subnet.c index 9fceea8e..15ae528e 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.9 2000/11/03 22:35:12 zarq Exp $ + $Id: subnet.c,v 1.1.2.10 2000/11/04 11:49:58 guus Exp $ */ #include "config.h" @@ -221,7 +221,7 @@ cp asprintf(&netstr, "%d,%lx/%lx", subnet->type, subnet->net.ipv4.address, subnet->net.ipv4.mask); break; case SUBNET_IPV6: - asprintf(&netstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", + asprintf(&netstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", subnet->type, subnet->net.ipv6.address.x[0], subnet->net.ipv6.address.x[1], subnet->net.ipv6.address.x[2], From f83803c1bf6557d5af93982e7cd987e151eba401 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 4 Nov 2000 13:25:15 +0000 Subject: [PATCH 170/923] Small change to the way the environment is copied. --- src/net.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/net.c b/src/net.c index f8f84bcd..4e003416 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.60 2000/11/04 11:49:57 guus Exp $ + $Id: net.c,v 1.35.4.61 2000/11/04 13:25:15 zarq Exp $ */ #include "config.h" @@ -88,6 +88,8 @@ int execute_script(const char* name) pid_t pid; char **env; extern char **environment; /* From tincd.c; contains our env */ + char **p; + int i; asprintf(&scriptname, "%s/%s", confbase, name); @@ -107,7 +109,8 @@ int execute_script(const char* name) /* Child here */ env = xmalloc(sizeof(environment) + 1 * sizeof(char*)); - memcpy(&(env[1]), environment, sizeof(environment)); + while(p = environment, i = 0; *p != NULL; p++) + env[++i] = *p; asprintf(&(env[0]), "IFNAME=%s", interface_name); execle(scriptname, NULL, env); /* No return on success */ From d38772ebc42f5ad1d946ee89d955f5d43bb2fe8c Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 4 Nov 2000 14:16:46 +0000 Subject: [PATCH 171/923] Use putenv() instead of clumsy do-it-yourself in execute_script. --- src/net.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/src/net.c b/src/net.c index 4e003416..bd991e90 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.61 2000/11/04 13:25:15 zarq Exp $ + $Id: net.c,v 1.35.4.62 2000/11/04 14:16:46 zarq Exp $ */ #include "config.h" @@ -86,10 +86,7 @@ int execute_script(const char* name) { char *scriptname; pid_t pid; - char **env; - extern char **environment; /* From tincd.c; contains our env */ - char **p; - int i; + char *s; asprintf(&scriptname, "%s/%s", confbase, name); @@ -108,11 +105,9 @@ int execute_script(const char* name) /* Child here */ - env = xmalloc(sizeof(environment) + 1 * sizeof(char*)); - while(p = environment, i = 0; *p != NULL; p++) - env[++i] = *p; - asprintf(&(env[0]), "IFNAME=%s", interface_name); - execle(scriptname, NULL, env); + asprintf(&s, "IFNAME=%s", interface_name); + putenv(s); + execl(scriptname, NULL); /* No return on success */ if(errno != ENOENT) /* Ignore if the file does not exist */ From 3d7189a444fe3efed58dc93a071129007041aebf Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 4 Nov 2000 14:52:40 +0000 Subject: [PATCH 172/923] - Resolve scriptname after fork() --- src/net.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/net.c b/src/net.c index bd991e90..5b2fe0db 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.62 2000/11/04 14:16:46 zarq Exp $ + $Id: net.c,v 1.35.4.63 2000/11/04 14:52:40 guus Exp $ */ #include "config.h" @@ -88,8 +88,6 @@ int execute_script(const char* name) pid_t pid; char *s; - asprintf(&scriptname, "%s/%s", confbase, name); - if((pid = fork()) < 0) { syslog(LOG_ERR, _("System call `%s' failed: %m"), @@ -99,12 +97,12 @@ int execute_script(const char* name) if(pid) { - free(scriptname); return 0; } /* Child here */ + asprintf(&scriptname, "%s/%s", confbase, name); asprintf(&s, "IFNAME=%s", interface_name); putenv(s); execl(scriptname, NULL); From 417f36a07990ff9bc7de7d4e63e57146bef0dd75 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 4 Nov 2000 15:17:02 +0000 Subject: [PATCH 173/923] - Removed manpage for no longer existing genauth. --- doc/Makefile.am | 2 +- doc/genauth.8 | 54 ------------------------------------------------- 2 files changed, 1 insertion(+), 55 deletions(-) delete mode 100644 doc/genauth.8 diff --git a/doc/Makefile.am b/doc/Makefile.am index 9f3f7ebd..24e83df0 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -7,7 +7,7 @@ info_TEXINFOS = tinc.texi dyn_MANS = man_aux = $(dyn_MANS:.8=.x) -man_MANS = tincd.8 tinc.conf.5 genauth.8 $(dyn_MANS) +man_MANS = tincd.8 tinc.conf.5 $(dyn_MANS) PERL = @PERL@ HELP2MAN = help2man diff --git a/doc/genauth.8 b/doc/genauth.8 deleted file mode 100644 index ecdfe826..00000000 --- a/doc/genauth.8 +++ /dev/null @@ -1,54 +0,0 @@ -.TH TINC 1 "April 2000" "tinc version 1.0" "FSF" -.SH NAME -genauth \- generate a passphrase for tinc -.SH SYNOPSIS -.PP -.B genauth -\fIbits\fR \fB>\fR \fIfile\fR -.PP -.B genauth -\fI-h\fR\fB|\fR\fI--help\fR -.SH DESCRIPTION -.PP -Use \fBgenauth\fR to generate a random passphrase for tinc. -\fIbits\fR is the desired length of the passphrase in bits. The -actual number will be rounded up to the next multiple of 64. The -default value is 1024. -.PP -If \fIfile\fR is omitted, the passphrase is written to stdout. -.SH OPTIONS -.TP -\fB\-h\fR, \fB\-\-help\fR -Show the syntax. -.SH "REPORTING BUGS" -Report bugs to tinc@nl.linux.org. -.SH "FILES" -.TP -\fI/etc/tinc\fR -The top directory for configuration files. -.PP -.SH "SEE ALSO" -\fBtincd\fR(8), -\fBtincd.conf\fR(5) -.TP -\fBhttp://tinc.nl.linux.org/\fR -.TP -\fBhttp://www.cabal.org/\fR -.PP -The full documentation for -.B tinc -is maintained as a Texinfo manual. If the -.B info -and -.B tinc -programs are properly installed at your site, the command -.IP -.B info tinc -.PP -should give you access to the complete manual. -.PP -tinc comes with ABSOLUTELY NO WARRANTY. This is free software, -and you are welcome to redistribute it under certain conditions; -see the file COPYING for details. -.PP -This product includes software developed by Eric Young (eay@mincom.oz.au) From 69618c01385eb7226cd6eab0918d1f30b0ed6c66 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 4 Nov 2000 15:18:58 +0000 Subject: [PATCH 174/923] Do not include the passphrases directory --- debian/dirs | 1 - 1 file changed, 1 deletion(-) diff --git a/debian/dirs b/debian/dirs index d6cca390..3c032175 100644 --- a/debian/dirs +++ b/debian/dirs @@ -1,3 +1,2 @@ etc/tinc etc/tinc/example -etc/tinc/example/passphrases From 15246df85d6171c92478541a835effb96d6085c4 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 4 Nov 2000 15:32:05 +0000 Subject: [PATCH 175/923] In execute_script: - add an environment variable NETNAME. - chdir to the configuration directory before execing the script. --- src/net.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/net.c b/src/net.c index 5b2fe0db..016b86ad 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.63 2000/11/04 14:52:40 guus Exp $ + $Id: net.c,v 1.35.4.64 2000/11/04 15:32:05 zarq Exp $ */ #include "config.h" @@ -105,6 +105,25 @@ int execute_script(const char* name) asprintf(&scriptname, "%s/%s", confbase, name); asprintf(&s, "IFNAME=%s", interface_name); putenv(s); + free(s); + + if(netname) + { + asprintf(&s, "NETNAME=%s", netname); + putenv(s); + free(s); + } + else + { + unsetenv("NETNAME"); + } + + if(chdir(confbase) < 0) + { + syslog(LOG_ERR, _("Couldn't chdir to `%s': %m"), + confbase); + } + execl(scriptname, NULL); /* No return on success */ From 433858d410c1fedf8d2a5f2b4ecd7c980dd79dd2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 4 Nov 2000 15:34:07 +0000 Subject: [PATCH 176/923] - connlist.c added to translation --- po/POTFILES.in | 1 + po/es.po | 312 ++++++++++++++++++++------------------- po/nl.po | 387 +++++++++++++++++++++++++------------------------ src/connlist.c | 4 +- 4 files changed, 360 insertions(+), 344 deletions(-) diff --git a/po/POTFILES.in b/po/POTFILES.in index 5e6af898..e26c1daa 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -6,6 +6,7 @@ lib/pidfile.c lib/utils.c src/conf.c +src/connlist.c src/meta.c src/net.c src/netutl.c diff --git a/po/es.po b/po/es.po index 7755e87c..d619e13c 100644 --- a/po/es.po +++ b/po/es.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre2\n" -"POT-Creation-Date: 2000-10-30 01:16+0100\n" +"POT-Creation-Date: 2000-11-04 16:32+0100\n" "PO-Revision-Date: 2000-07-02 12:49+01:00\n" "Last-Translator: Enrique Zanardi \n" "Language-Team: Spanish \n" @@ -38,6 +38,21 @@ msgstr "" msgid "Failed to read `%s': %m\n" msgstr "" +#: src/connlist.c:168 +#, fuzzy +msgid "Connection list:" +msgstr "Conectando a " + +#: src/connlist.c:170 src/connlist.c:183 +#, c-format +msgid " %s at %s port %hd flags %d sockets %d, %d status %04x" +msgstr "" + +#: src/connlist.c:195 +#, fuzzy +msgid "End of connection list." +msgstr "Cerrando conexión con %s." + #: src/meta.c:45 #, fuzzy, c-format msgid "Sending %d bytes of metadata to %s (%s): %s" @@ -48,7 +63,7 @@ msgstr "Enviados %d bytes a %lx" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Error enviando datos: %m" -#: src/meta.c:89 src/net.c:974 +#: src/meta.c:89 src/net.c:962 #, fuzzy, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Esto es un `bug': %s:%d: %d:%m" @@ -78,322 +93,310 @@ msgstr "Petici msgid "Metadata read buffer overflow for %s (%s)" msgstr "Desbordamiento del búfer de lectura de metadatos" -#: src/net.c:127 +#: src/net.c:93 src/net.c:470 src/net.c:477 src/net.c:485 src/net.c:516 +#: src/net.c:542 src/net.c:550 src/net.c:987 +#, c-format +msgid "System call `%s' failed: %m" +msgstr "" + +#. No return on success +#. Ignore if the file does not exist +#: src/net.c:112 +#, fuzzy, c-format +msgid "Error executing `%s': %m" +msgstr "Error esperando entrada: %m" + +#: src/net.c:139 #, fuzzy, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Enviados %d bytes a %lx" -#: src/net.c:136 +#: src/net.c:148 #, fuzzy, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Error enviando datos: %m" -#: src/net.c:165 +#: src/net.c:177 #, fuzzy, c-format msgid "Writing packet of %d bytes to tap device" msgstr "Enviados %d bytes a %lx" -#: src/net.c:175 +#: src/net.c:187 #, fuzzy, c-format msgid "Can't write to tun/tap device: %m" msgstr "No puedo escribir en el dispositivo tap: %m" -#: src/net.c:182 +#: src/net.c:194 #, fuzzy, c-format msgid "Can't write to ethertap device: %m" msgstr "No puedo escribir en el dispositivo tap: %m" -#: src/net.c:283 +#: src/net.c:295 #, fuzzy msgid "Queue flushed" msgstr "cola vaciada" -#: src/net.c:298 +#: src/net.c:310 #, fuzzy, c-format msgid "Flushing send queue for %s (%s)" msgstr "Vaciando la cola de envíos para " -#: src/net.c:306 +#: src/net.c:318 #, fuzzy, c-format msgid "Flushing receive queue for %s (%s)" msgstr "Vaciando la cola de recepción para " -#: src/net.c:325 +#: src/net.c:337 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "" -#: src/net.c:341 +#: src/net.c:353 #, fuzzy, c-format msgid "Could not open UDP connection to %s (%s)" msgstr "No pude abrir %s: %s\n" -#: src/net.c:398 +#: src/net.c:409 #, c-format msgid "Could not open %s: %m" msgstr "No pude abrir %s: %m" -#: src/net.c:425 +#: src/net.c:436 #, c-format msgid "%s is a new style tun/tap device" msgstr "" -#: src/net.c:454 +#: src/net.c:464 #, c-format msgid "Creating metasocket failed: %m" msgstr "Fallo al crear el metasocket: %m" -#: src/net.c:460 src/net.c:466 src/net.c:528 -#, c-format -msgid "setsockopt: %m" -msgstr "setsockopt(): %m" - -#: src/net.c:473 src/net.c:535 -#, c-format -msgid "fcntl: %m" -msgstr "fcntl(): %m" - -#: src/net.c:481 +#: src/net.c:494 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "" -#: src/net.c:497 +#: src/net.c:510 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Ha fallado la llamada a bind() con el puerto %hd/tcp: %m" -#: src/net.c:503 -#, c-format -msgid "listen: %m" -msgstr "listen(): %m" - -#: src/net.c:522 +#: src/net.c:536 #, c-format msgid "Creating socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:546 +#: src/net.c:562 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Ha fallado la llamada a bind() con el puerto %hd/udp: %m" -#: src/net.c:563 +#: src/net.c:579 #, fuzzy, c-format msgid "Trying to connect to %s" msgstr "Cerrando conexión con %s." -#: src/net.c:573 +#: src/net.c:589 #, fuzzy, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:584 +#: src/net.c:600 #, c-format msgid "%s port %hd: %m" msgstr "" -#: src/net.c:591 +#: src/net.c:607 #, c-format msgid "fcntl for %s port %d: %m" msgstr "" -#: src/net.c:597 +#: src/net.c:613 #, fuzzy, c-format msgid "Connected to %s port %hd" msgstr "Conectado a %s:%hd" -#: src/net.c:620 +#: src/net.c:636 msgid "Invalid name for outgoing connection" msgstr "" -#: src/net.c:629 +#: src/net.c:645 #, c-format msgid "Error reading host configuration file for %s" msgstr "" -#: src/net.c:636 +#: src/net.c:652 #, c-format msgid "No address specified for %s" msgstr "" -#: src/net.c:643 +#: src/net.c:659 #, fuzzy, c-format msgid "Error looking up `%s': %m" msgstr "Error buscando `%s': %s\n" -#: src/net.c:653 +#: src/net.c:669 #, fuzzy, c-format msgid "Could not set up a meta connection to %s" msgstr "No he podido configurar una meta conexión." -#: src/net.c:688 +#: src/net.c:704 msgid "Name for tinc daemon required!" msgstr "" -#: src/net.c:696 +#: src/net.c:712 msgid "Invalid name for myself!" msgstr "" -#: src/net.c:702 +#: src/net.c:718 msgid "Private key for tinc daemon required!" msgstr "" -#: src/net.c:714 +#: src/net.c:730 msgid "Cannot open host configuration file for myself!" msgstr "" -#: src/net.c:720 +#: src/net.c:736 msgid "Public key for tinc daemon required!" msgstr "" -#: src/net.c:760 +#: src/net.c:776 msgid "Network address and subnet mask do not match!" msgstr "" -#: src/net.c:769 +#: src/net.c:785 #, fuzzy msgid "Unable to set up a listening socket!" msgstr "No puedo configurar un `socket' a la escucha" -#: src/net.c:775 +#: src/net.c:791 #, fuzzy msgid "Unable to set up an incoming vpn data socket!" msgstr "No puedo configurar un `socket' para recibir datos de la vpn" -#: src/net.c:800 +#: src/net.c:816 #, fuzzy, c-format msgid "Ready: listening on port %hd" msgstr "Listo: escuchando en el puerto %d." -#: src/net.c:832 +#: src/net.c:848 #, fuzzy, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Siguo sin poder conectar con el otro. Lo reintentaré en %d segundos." -#: src/net.c:867 src/net.c:927 -#, fuzzy, c-format -msgid "Error while executing %s: %m" -msgstr "Error esperando entrada: %m" - -#: src/net.c:889 +#: src/net.c:890 #, fuzzy, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:937 +#: src/net.c:925 #, fuzzy msgid "Terminating" msgstr "Terminando." -#: src/net.c:951 +#: src/net.c:939 #, fuzzy, c-format msgid "Opening UDP socket to %s" msgstr "Abriendo `socket' UDP a " -#: src/net.c:956 +#: src/net.c:944 #, fuzzy, c-format msgid "Creating UDP socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:966 +#: src/net.c:954 #, fuzzy, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Error al crear `socket' de datos: %m" -#: src/net.c:999 -#, c-format -msgid "Error: getpeername: %m" -msgstr "Error: getpeername(): %m" - -#: src/net.c:1014 +#: src/net.c:1003 #, fuzzy, c-format msgid "Connection from %s port %d" msgstr "Conexión desde %s:%d" -#: src/net.c:1060 +#: src/net.c:1049 #, fuzzy, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Esto es un `bug': %s:%d: %d:%m" -#: src/net.c:1066 +#: src/net.c:1055 #, fuzzy, c-format msgid "Incoming data socket error: %s" msgstr "Error en el `socket' de recepción de datos: %s" -#: src/net.c:1072 +#: src/net.c:1061 #, fuzzy, c-format msgid "Receiving packet failed: %m" msgstr "Error recibiendo datos: %m" -#: src/net.c:1078 +#: src/net.c:1067 #, fuzzy, c-format msgid "Received packet of %d bytes" msgstr "Recibiendo clave de " -#: src/net.c:1100 +#: src/net.c:1089 #, fuzzy, c-format msgid "Closing connection with %s (%s)" msgstr "Cerrando conexión con %s." -#: src/net.c:1136 +#: src/net.c:1125 #, fuzzy msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:1168 +#: src/net.c:1157 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "" -#: src/net.c:1199 +#: src/net.c:1188 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Error al aceptar una nueva conexión: %m" -#: src/net.c:1207 +#: src/net.c:1196 #, fuzzy msgid "Closed attempted connection" msgstr "Se ha cerrado la conexión que se intentaba realizar." -#: src/net.c:1240 +#: src/net.c:1229 #, fuzzy, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Error en el `socket' de datos salientes: %s" -#: src/net.c:1276 +#: src/net.c:1265 #, fuzzy, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1285 +#: src/net.c:1274 #, fuzzy, c-format msgid "Error while reading from ethertap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1296 +#: src/net.c:1285 msgid "Received short packet from tap device" msgstr "" -#: src/net.c:1302 +#: src/net.c:1291 #, c-format msgid "Read packet of length %d from tap device" msgstr "" -#: src/net.c:1334 +#: src/net.c:1323 #, c-format msgid "Error while waiting for input: %m" msgstr "Error esperando entrada: %m" -#: src/net.c:1341 +#: src/net.c:1330 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "" -#: src/net.c:1348 +#: src/net.c:1337 msgid "Unable to reread configuration file, exiting" msgstr "" -#: src/net.c:1374 +#: src/net.c:1363 #, fuzzy msgid "Regenerating symmetric key" msgstr "Generando claves de %d bits." @@ -604,125 +607,125 @@ msgstr "" msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" -#: src/protocol.c:811 +#: src/protocol.c:812 #, fuzzy, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:819 +#: src/protocol.c:820 #, fuzzy, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "recibí una petición ADD_HOST incorrecta: %s" -#: src/protocol.c:828 +#: src/protocol.c:829 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:845 +#: src/protocol.c:846 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "" -#: src/protocol.c:853 +#: src/protocol.c:854 #, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" -#: src/protocol.c:896 +#: src/protocol.c:897 #, fuzzy, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:905 +#: src/protocol.c:906 #, fuzzy, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:914 +#: src/protocol.c:915 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "" -#: src/protocol.c:925 +#: src/protocol.c:926 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" -#: src/protocol.c:935 +#: src/protocol.c:936 #, fuzzy, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:971 +#: src/protocol.c:972 #, fuzzy, c-format msgid "Got bad STATUS from %s (%s)" msgstr "recibí una petición ANS_KEY incorrecta: %s" -#: src/protocol.c:978 +#: src/protocol.c:979 #, fuzzy, c-format msgid "Status message from %s (%s): %s: %s" msgstr "He recibido una petición: %s" -#: src/protocol.c:1002 +#: src/protocol.c:1003 #, fuzzy, c-format msgid "Got bad ERROR from %s (%s)" msgstr "recibí una petición DEL_HOST incorrecta: %s" -#: src/protocol.c:1009 +#: src/protocol.c:1010 #, fuzzy, c-format msgid "Error message from %s (%s): %s: %s" msgstr "He recibido una petición: %s" -#: src/protocol.c:1085 +#: src/protocol.c:1086 #, fuzzy, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "recibí KEY_CHANGED de " -#: src/protocol.c:1092 +#: src/protocol.c:1093 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " "connection list" msgstr "" -#: src/protocol.c:1123 +#: src/protocol.c:1124 #, fuzzy, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "recibí REQ_KEY de " -#: src/protocol.c:1130 +#: src/protocol.c:1131 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " "list" msgstr "" -#: src/protocol.c:1148 +#: src/protocol.c:1149 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " "connection list" msgstr "" -#: src/protocol.c:1184 +#: src/protocol.c:1185 #, fuzzy, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "recibí una petición ANS_KEY incorrecta: %s" -#: src/protocol.c:1191 +#: src/protocol.c:1192 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " "list" msgstr "" -#: src/protocol.c:1203 +#: src/protocol.c:1204 #, fuzzy, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "recibí una petición ANS_KEY incorrecta: %s" -#: src/protocol.c:1224 +#: src/protocol.c:1225 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -730,25 +733,25 @@ msgid "" msgstr "" #. Do some intl stuff right now -#: src/subnet.c:242 src/tincd.c:394 +#: src/subnet.c:243 src/tincd.c:396 msgid "unknown" msgstr "" -#: src/subnet.c:298 +#: src/subnet.c:299 #, fuzzy msgid "Subnet list:" msgstr "Lista de conexiones:" -#: src/subnet.c:307 +#: src/subnet.c:308 msgid "End of subnet list." msgstr "" -#: src/tincd.c:101 +#: src/tincd.c:103 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Pruebe `%s --help' para más información.\n" -#: src/tincd.c:104 +#: src/tincd.c:106 #, c-format msgid "" "Usage: %s [option]...\n" @@ -757,7 +760,7 @@ msgstr "" "Modo de empleo: %s [opción]...\n" "\n" -#: src/tincd.c:105 +#: src/tincd.c:107 #, fuzzy msgid "" " -c, --config=DIR Read configuration options from DIR.\n" @@ -774,7 +777,7 @@ msgstr "" " -t, --timeout=TIEMPO Segundos a esperar antes de cancelar una " "trasmisión.\n" -#: src/tincd.c:110 +#: src/tincd.c:112 #, fuzzy msgid "" " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" @@ -786,87 +789,87 @@ msgstr "" " --version Muestra información de la versión y termina.\n" "\n" -#: src/tincd.c:113 +#: src/tincd.c:115 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "Comunicar `bugs' a tinc@nl.linux.org.\n" -#: src/tincd.c:153 +#: src/tincd.c:155 msgid "Invalid argument! BITS must be a number equal to or greater than 512.\n" msgstr "" -#: src/tincd.c:208 +#: src/tincd.c:210 #, fuzzy, c-format msgid "Generating %d bits keys:\n" msgstr "Generando claves de %d bits." -#: src/tincd.c:212 +#: src/tincd.c:214 msgid "Error during key generation!" msgstr "" -#: src/tincd.c:216 +#: src/tincd.c:218 #, fuzzy msgid "Done.\n" msgstr ": hecho.\n" -#: src/tincd.c:218 +#: src/tincd.c:220 msgid "" "Please copy the private key to tinc.conf and the\n" "public key to your host configuration file:\n" "\n" msgstr "" -#: src/tincd.c:228 +#: src/tincd.c:230 #, fuzzy, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Memoria agotada (la última es %s:%d) (no pude asignar %d bytes); terminando." -#: src/tincd.c:283 +#: src/tincd.c:285 #, fuzzy, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) comenzando, nivel de depuración %d." -#: src/tincd.c:286 +#: src/tincd.c:288 #, fuzzy, c-format msgid "tincd %s starting" msgstr "tincd %s comenzando, nivel de depuración %d." -#: src/tincd.c:301 +#: src/tincd.c:303 #, fuzzy, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Total de bytes escritos: tap %d, socket %d; bytes leidos: tap %d, socket %d." -#: src/tincd.c:319 +#: src/tincd.c:321 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "" "Un tincd está actualmente en ejecución para la red `%s' con el pid %d.\n" -#: src/tincd.c:322 +#: src/tincd.c:324 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Un tincd está actualmente en ejecución con el pid %d.\n" -#: src/tincd.c:343 +#: src/tincd.c:345 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "No hay ningún otro tincd en ejecución para la red `%s'.\n" -#: src/tincd.c:345 +#: src/tincd.c:347 msgid "No other tincd is running.\n" msgstr "No hay ningún otro tincd en ejecución.\n" -#: src/tincd.c:352 +#: src/tincd.c:354 msgid "Removing stale lock file.\n" msgstr "Borrando fichero de bloqueo en desuso.\n" -#: src/tincd.c:400 +#: src/tincd.c:403 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "" -#: src/tincd.c:401 +#: src/tincd.c:404 #, fuzzy msgid "" "Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" @@ -883,62 +886,74 @@ msgstr "" "y puede ser redistribuido bajo ciertas condiciones;\n" "vea el fichero COPYING para los detalles.\n" -#: src/tincd.c:415 +#: src/tincd.c:418 #, fuzzy msgid "You must be root to run this program. Sorry.\n" msgstr "" "Usted debe ser el superusuario para ejecutar este programa. Lo siento.\n" -#: src/tincd.c:452 +#: src/tincd.c:455 msgid "Unrecoverable error" msgstr "" -#: src/tincd.c:457 +#: src/tincd.c:460 #, c-format msgid "Restarting in %d seconds!" msgstr "" -#: src/tincd.c:462 src/tincd.c:509 +#: src/tincd.c:465 src/tincd.c:512 #, fuzzy msgid "Not restarting." msgstr "tincd %s comenzando, nivel de depuración %d." -#: src/tincd.c:472 +#: src/tincd.c:475 msgid "Got TERM signal" msgstr "Recibí la señal TERM" -#: src/tincd.c:481 +#: src/tincd.c:484 msgid "Got QUIT signal" msgstr "Recibí la señal QUIT" -#: src/tincd.c:488 +#: src/tincd.c:491 msgid "Got another SEGV signal: not restarting" msgstr "Recibí otra señal SEGV: no reinicio" -#: src/tincd.c:495 +#: src/tincd.c:498 #, fuzzy msgid "Got SEGV signal" msgstr "Recibí la señal TERM" -#: src/tincd.c:500 +#: src/tincd.c:503 #, fuzzy msgid "Trying to re-execute in 5 seconds..." msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/tincd.c:518 +#: src/tincd.c:521 msgid "Got HUP signal" msgstr "Recibí la señal HUP" -#: src/tincd.c:526 +#: src/tincd.c:529 #, fuzzy msgid "Got INT signal, exiting" msgstr "Recibí la señal INT" -#: src/tincd.c:545 +#: src/tincd.c:548 #, fuzzy, c-format msgid "Got unexpected signal %d (%s)" msgstr "Recibí una señal inesperada (%d)." +#~ msgid "setsockopt: %m" +#~ msgstr "setsockopt(): %m" + +#~ msgid "fcntl: %m" +#~ msgstr "fcntl(): %m" + +#~ msgid "listen: %m" +#~ msgstr "listen(): %m" + +#~ msgid "Error: getpeername: %m" +#~ msgstr "Error: getpeername(): %m" + #, fuzzy #~ msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" #~ msgstr "Trama ethernet no-IP %04x de " @@ -1130,9 +1145,6 @@ msgstr "Recib #~ msgid "Try to re-establish outgoing connection in 5 minutes." #~ msgstr "Intento reestablecer la conexión saliente en 5 minutos." -#~ msgid "Connecting to " -#~ msgstr "Conectando a " - #~ msgid "packet from " #~ msgstr "paquete desde " diff --git a/po/nl.po b/po/nl.po index 50e97e74..08b2e101 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-11-02 23:03+0100\n" +"POT-Creation-Date: 2000-11-04 16:32+0100\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -44,6 +44,19 @@ msgstr "" msgid "Failed to read `%s': %m\n" msgstr "`%s' lezen mislukte: %m\n" +#: src/connlist.c:168 +msgid "Connection list:" +msgstr "Verbindingslijst:" + +#: src/connlist.c:170 src/connlist.c:183 +#, c-format +msgid " %s at %s port %hd flags %d sockets %d, %d status %04x" +msgstr " %s op %s poort %hd vlaggen %d sockets %d, %d status %04x" + +#: src/connlist.c:195 +msgid "End of connection list." +msgstr "Einde van verbindingslijst." + #: src/meta.c:45 #, c-format msgid "Sending %d bytes of metadata to %s (%s): %s" @@ -54,7 +67,7 @@ msgstr "Verzenden van %d bytes metadata naar %s (%s): %s" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:89 src/net.c:979 +#: src/meta.c:89 src/net.c:962 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" @@ -84,302 +97,304 @@ msgstr "Kreeg verzoek van %s (%s): %s" msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:127 -#, c-format -msgid "Sending packet of %d bytes to %s (%s)" -msgstr "Verzending pakket van %d bytes naar %s (%s)" - -#: src/net.c:136 -#, c-format -msgid "Error sending packet to %s (%s): %m" -msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" - -#: src/net.c:165 -#, c-format -msgid "Writing packet of %d bytes to tap device" -msgstr "Verzending pakket van %d bytes naar tap-apparaat" - -#: src/net.c:175 -#, c-format -msgid "Can't write to tun/tap device: %m" -msgstr "Kan niet naar tun/tap apparaat schrijven: %m" - -#: src/net.c:182 -#, c-format -msgid "Can't write to ethertap device: %m" -msgstr "Kan niet naar ethertap apparaat schrijven: %m" - -#: src/net.c:283 -msgid "Queue flushed" -msgstr "Wachtrij leeggemaakt" - -#: src/net.c:298 -#, c-format -msgid "Flushing send queue for %s (%s)" -msgstr "Legen van verzend-wachtrij voor %s (%s)" - -#: src/net.c:306 -#, c-format -msgid "Flushing receive queue for %s (%s)" -msgstr "Legen van de ontvangst-wachtrij voor %s (%s)" - -#: src/net.c:325 -#, c-format -msgid "Trying to look up %d.%d.%d.%d in connection list failed!" -msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" - -#: src/net.c:341 -#, c-format -msgid "Could not open UDP connection to %s (%s)" -msgstr "Kon geen UDP verbinding openen naar %s (%s)" - -#: src/net.c:398 -#, c-format -msgid "Could not open %s: %m" -msgstr "Kon %s niet openen: %m" - -#: src/net.c:425 -#, c-format -msgid "%s is a new style tun/tap device" -msgstr "%s is een nieuwe stijl tun/tap apparaat" - -#: src/net.c:454 -#, c-format -msgid "Creating metasocket failed: %m" -msgstr "Aanmaak van metasocket mislukt: %m" - -#: src/net.c:460 src/net.c:467 src/net.c:475 src/net.c:506 src/net.c:532 -#: src/net.c:540 src/net.c:1004 +#: src/net.c:93 src/net.c:470 src/net.c:477 src/net.c:485 src/net.c:516 +#: src/net.c:542 src/net.c:550 src/net.c:987 #, c-format msgid "System call `%s' failed: %m" msgstr "Systeemaanroep `%s' mislukte: %m" -#: src/net.c:484 +#. No return on success +#. Ignore if the file does not exist +#: src/net.c:112 +#, c-format +msgid "Error executing `%s': %m" +msgstr "Fout tijdens uitvoeren `%s': %m" + +#: src/net.c:139 +#, c-format +msgid "Sending packet of %d bytes to %s (%s)" +msgstr "Verzending pakket van %d bytes naar %s (%s)" + +#: src/net.c:148 +#, c-format +msgid "Error sending packet to %s (%s): %m" +msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" + +#: src/net.c:177 +#, c-format +msgid "Writing packet of %d bytes to tap device" +msgstr "Verzending pakket van %d bytes naar tap-apparaat" + +#: src/net.c:187 +#, c-format +msgid "Can't write to tun/tap device: %m" +msgstr "Kan niet naar tun/tap apparaat schrijven: %m" + +#: src/net.c:194 +#, c-format +msgid "Can't write to ethertap device: %m" +msgstr "Kan niet naar ethertap apparaat schrijven: %m" + +#: src/net.c:295 +msgid "Queue flushed" +msgstr "Wachtrij leeggemaakt" + +#: src/net.c:310 +#, c-format +msgid "Flushing send queue for %s (%s)" +msgstr "Legen van verzend-wachtrij voor %s (%s)" + +#: src/net.c:318 +#, c-format +msgid "Flushing receive queue for %s (%s)" +msgstr "Legen van de ontvangst-wachtrij voor %s (%s)" + +#: src/net.c:337 +#, c-format +msgid "Trying to look up %d.%d.%d.%d in connection list failed!" +msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" + +#: src/net.c:353 +#, c-format +msgid "Could not open UDP connection to %s (%s)" +msgstr "Kon geen UDP verbinding openen naar %s (%s)" + +#: src/net.c:409 +#, c-format +msgid "Could not open %s: %m" +msgstr "Kon %s niet openen: %m" + +#: src/net.c:436 +#, c-format +msgid "%s is a new style tun/tap device" +msgstr "%s is een nieuwe stijl tun/tap apparaat" + +#: src/net.c:464 +#, c-format +msgid "Creating metasocket failed: %m" +msgstr "Aanmaak van metasocket mislukt: %m" + +#: src/net.c:494 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:500 +#: src/net.c:510 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:526 +#: src/net.c:536 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:552 +#: src/net.c:562 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:569 +#: src/net.c:579 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:579 +#: src/net.c:589 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:590 +#: src/net.c:600 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:597 +#: src/net.c:607 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:603 +#: src/net.c:613 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:626 +#: src/net.c:636 msgid "Invalid name for outgoing connection" msgstr "Ongelige naam voor uitgaande verbinding" -#: src/net.c:635 +#: src/net.c:645 #, c-format msgid "Error reading host configuration file for %s" msgstr "Fout tijdens lezen host configuratie bestand voor %s" -#: src/net.c:642 +#: src/net.c:652 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:649 +#: src/net.c:659 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:659 +#: src/net.c:669 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:694 +#: src/net.c:704 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:702 +#: src/net.c:712 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:708 +#: src/net.c:718 msgid "Private key for tinc daemon required!" msgstr "Privé sleutel voor tinc daemon verplicht!" -#: src/net.c:720 +#: src/net.c:730 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:726 +#: src/net.c:736 msgid "Public key for tinc daemon required!" msgstr "Publieke sleutel voor tinc daemon verplicht!" -#: src/net.c:766 +#: src/net.c:776 msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" -#: src/net.c:775 +#: src/net.c:785 msgid "Unable to set up a listening socket!" msgstr "Kon geen luistersocket aanmaken!" -#: src/net.c:781 +#: src/net.c:791 msgid "Unable to set up an incoming vpn data socket!" msgstr "Kon geen socket maken voor inkomend vpn verkeer!" -#: src/net.c:806 +#: src/net.c:816 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:838 +#: src/net.c:848 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:872 src/net.c:932 -#, c-format -msgid "Error while executing %s: %m" -msgstr "Fout tijdens uitvoeren %s: %m" - -#: src/net.c:894 +#: src/net.c:890 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:942 +#: src/net.c:925 msgid "Terminating" msgstr "Beëindigen" -#: src/net.c:956 +#: src/net.c:939 #, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:961 +#: src/net.c:944 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:971 +#: src/net.c:954 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:1020 +#: src/net.c:1003 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1066 +#: src/net.c:1049 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1072 +#: src/net.c:1055 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1078 +#: src/net.c:1061 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1084 +#: src/net.c:1067 #, c-format msgid "Received packet of %d bytes" msgstr "Ontvangst pakket van %d bytes" -#: src/net.c:1106 +#: src/net.c:1089 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1142 +#: src/net.c:1125 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:1174 +#: src/net.c:1157 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1205 +#: src/net.c:1188 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1213 +#: src/net.c:1196 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1246 +#: src/net.c:1229 #, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" -#: src/net.c:1282 +#: src/net.c:1265 #, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1291 +#: src/net.c:1274 #, c-format msgid "Error while reading from ethertap device: %m" msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1302 +#: src/net.c:1285 msgid "Received short packet from tap device" msgstr "Kort pakket ontvangen van tap apparaat" -#: src/net.c:1308 +#: src/net.c:1291 #, c-format msgid "Read packet of length %d from tap device" msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1340 +#: src/net.c:1323 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1347 +#: src/net.c:1330 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1354 +#: src/net.c:1337 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1380 +#: src/net.c:1363 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" @@ -594,84 +609,84 @@ msgstr "" "Kreeg DEL_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:811 +#: src/protocol.c:812 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:819 +#: src/protocol.c:820 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:828 +#: src/protocol.c:829 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:845 +#: src/protocol.c:846 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:853 +#: src/protocol.c:854 #, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe verbinding" -#: src/protocol.c:896 +#: src/protocol.c:897 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:905 +#: src/protocol.c:906 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:914 +#: src/protocol.c:915 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:925 +#: src/protocol.c:926 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:935 +#: src/protocol.c:936 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:971 +#: src/protocol.c:972 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:978 +#: src/protocol.c:979 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:1002 +#: src/protocol.c:1003 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:1009 +#: src/protocol.c:1010 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:1085 +#: src/protocol.c:1086 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:1092 +#: src/protocol.c:1093 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -680,12 +695,12 @@ msgstr "" "Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1123 +#: src/protocol.c:1124 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:1130 +#: src/protocol.c:1131 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -694,7 +709,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1148 +#: src/protocol.c:1149 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -702,12 +717,12 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1184 +#: src/protocol.c:1185 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:1191 +#: src/protocol.c:1192 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -716,13 +731,13 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1203 +#: src/protocol.c:1204 #, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "" "Kreeg ongeldige ADD_KEY van %s (%s) herkomst %s: ongeldige sleutellengte" -#: src/protocol.c:1224 +#: src/protocol.c:1225 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -731,24 +746,24 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" #. Do some intl stuff right now -#: src/subnet.c:242 src/tincd.c:394 +#: src/subnet.c:243 src/tincd.c:396 msgid "unknown" msgstr "onbekend" -#: src/subnet.c:298 +#: src/subnet.c:299 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:307 +#: src/subnet.c:308 msgid "End of subnet list." msgstr "Einde van subnet lijst." -#: src/tincd.c:101 +#: src/tincd.c:103 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:104 +#: src/tincd.c:106 #, c-format msgid "" "Usage: %s [option]...\n" @@ -757,7 +772,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:105 +#: src/tincd.c:107 msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" @@ -772,7 +787,7 @@ msgstr "" "beëindig.\n" " -n, --net=NETNAAM Verbind met net NETNAAM.\n" -#: src/tincd.c:110 +#: src/tincd.c:112 msgid "" " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" " --help Display this help and exit.\n" @@ -784,31 +799,31 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:113 +#: src/tincd.c:115 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:153 +#: src/tincd.c:155 msgid "Invalid argument! BITS must be a number equal to or greater than 512.\n" msgstr "" "Ongeldig argument! BITS moet een nummer zijn gelijk aan of groter dan 512.\n" -#: src/tincd.c:208 +#: src/tincd.c:210 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:212 +#: src/tincd.c:214 msgid "Error during key generation!" msgstr "Fout tijdens genereren sleutel!" -#: src/tincd.c:216 +#: src/tincd.c:218 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:218 +#: src/tincd.c:220 msgid "" "Please copy the private key to tinc.conf and the\n" "public key to your host configuration file:\n" @@ -818,58 +833,58 @@ msgstr "" "publieke sleutel naar het host configuratie bestand:\n" "\n" -#: src/tincd.c:228 +#: src/tincd.c:230 #, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" "Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken), beëindigen." -#: src/tincd.c:283 +#: src/tincd.c:285 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) gestart, debugniveau %d" -#: src/tincd.c:286 +#: src/tincd.c:288 #, c-format msgid "tincd %s starting" msgstr "tincd %s gestart" -#: src/tincd.c:301 +#: src/tincd.c:303 #, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " "socket %d." -#: src/tincd.c:319 +#: src/tincd.c:321 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd voor net `%s' draait al met procesnummer %d.\n" -#: src/tincd.c:322 +#: src/tincd.c:324 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met procesnummer %d.\n" -#: src/tincd.c:343 +#: src/tincd.c:345 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd gevonden voor net `%s'.\n" -#: src/tincd.c:345 +#: src/tincd.c:347 msgid "No other tincd is running.\n" msgstr "Geen andere tincd gevonden.\n" -#: src/tincd.c:352 +#: src/tincd.c:354 msgid "Removing stale lock file.\n" msgstr "Ongebruikt vergrendelingsbestand verwijderd.\n" -#: src/tincd.c:400 +#: src/tincd.c:403 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:401 +#: src/tincd.c:404 msgid "" "Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -886,65 +901,53 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:415 +#: src/tincd.c:418 msgid "You must be root to run this program. Sorry.\n" msgstr "" "Je moet systeembeheerder zijn om dit programma te kunnen draaien. Sorry.\n" -#: src/tincd.c:452 +#: src/tincd.c:455 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:457 +#: src/tincd.c:460 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:462 src/tincd.c:509 +#: src/tincd.c:465 src/tincd.c:512 msgid "Not restarting." msgstr "Geen herstart." -#: src/tincd.c:472 +#: src/tincd.c:475 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/tincd.c:481 +#: src/tincd.c:484 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/tincd.c:488 +#: src/tincd.c:491 msgid "Got another SEGV signal: not restarting" msgstr "Kreeg nog een SEGV signaal: niet herstarten" -#: src/tincd.c:495 +#: src/tincd.c:498 msgid "Got SEGV signal" msgstr "Kreeg SEGV signaal" -#: src/tincd.c:500 +#: src/tincd.c:503 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstaren over 5 seconden..." -#: src/tincd.c:518 +#: src/tincd.c:521 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/tincd.c:526 +#: src/tincd.c:529 msgid "Got INT signal, exiting" msgstr "Kreeg INT signaal, beëindigen" -#: src/tincd.c:545 +#: src/tincd.c:548 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" - -#~ msgid "Error: getpeername: %m" -#~ msgstr "Fout: getpeername: %m" - -#~ msgid "setsockopt: %m" -#~ msgstr "setsockopt: %m" - -#~ msgid "fcntl: %m" -#~ msgstr "fcntl: %m" - -#~ msgid "listen: %m" -#~ msgstr "listen: %m" diff --git a/src/connlist.c b/src/connlist.c index 105049ef..63f9e6c5 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.13 2000/11/04 11:49:56 guus Exp $ + $Id: connlist.c,v 1.1.2.14 2000/11/04 15:34:07 guus Exp $ */ #include "config.h" @@ -167,7 +167,7 @@ void dump_conn_list(void) cp syslog(LOG_DEBUG, _("Connection list:")); - syslog(LOG_DEBUG, _("%s at %s port %hd flags %d sockets %d, %d status %04x"), + syslog(LOG_DEBUG, _(" %s at %s port %hd flags %d sockets %d, %d status %04x"), myself->name, myself->hostname, myself->port, myself->flags, myself->socket, myself->meta_socket, myself->status); From 3f8f067e8b559366b9b41dee6a4312702c82042f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 4 Nov 2000 16:39:19 +0000 Subject: [PATCH 177/923] - Don't forget to set packet cipher for added hosts. --- src/protocol.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/protocol.c b/src/protocol.c index aeeec1be..31c9aeeb 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.54 2000/11/03 22:35:11 zarq Exp $ + $Id: protocol.c,v 1.28.4.55 2000/11/04 16:39:19 guus Exp $ */ #include "config.h" @@ -872,6 +872,8 @@ cp new->nexthop = cl; new->status.active = 1; + new->cipher_pkttype = EVP_bf_cfb(); + new->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; cp return 0; From ac47586552710425417ed80878f8f853c313b421 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 4 Nov 2000 16:54:21 +0000 Subject: [PATCH 178/923] - Forward keys in hex notation, not as binary data. --- src/protocol.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 31c9aeeb..8d03cc0b 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.55 2000/11/04 16:39:19 guus Exp $ + $Id: protocol.c,v 1.28.4.56 2000/11/04 16:54:21 guus Exp $ */ #include "config.h" @@ -1197,7 +1197,7 @@ cp return -1; } - /* Update origin's packet key */ + /* Check correctness of packet key */ keylength = strlen(pktkey); @@ -1209,17 +1209,8 @@ cp return -1; } - if(from->cipher_pktkey) - free(from->cipher_pktkey); + /* Forward it if necessary */ - keylength /= 2; - hex2bin(pktkey, pktkey, keylength); - pktkey[keylength] = '\0'; - from->cipher_pktkey = pktkey; - - from->status.validkey = 1; - from->status.waitingforkey = 0; - if(strcmp(to_id, myself->name)) { if(!(to = lookup_id(to_id))) @@ -1232,6 +1223,19 @@ cp send_ans_key(from, to, pktkey); } + /* Update our copy of the origin's packet key */ + + if(from->cipher_pktkey) + free(from->cipher_pktkey); + + keylength /= 2; + hex2bin(pktkey, pktkey, keylength); + pktkey[keylength] = '\0'; + from->cipher_pktkey = pktkey; + + from->status.validkey = 1; + from->status.waitingforkey = 0; + free(from_id); free(to_id); cp return 0; From 3f177e9bf02b6121055414a2cc7fd3f4cff01cba Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 4 Nov 2000 17:01:55 +0000 Subject: [PATCH 179/923] Add route.c to the list of source files. --- po/POTFILES.in | 1 + 1 file changed, 1 insertion(+) diff --git a/po/POTFILES.in b/po/POTFILES.in index e26c1daa..7ec2c0f4 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -11,5 +11,6 @@ src/meta.c src/net.c src/netutl.c src/protocol.c +src/route.c src/subnet.c src/tincd.c From 20dd5aff4d2898d8b59f371671cc110b870fa09c Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 4 Nov 2000 17:04:17 +0000 Subject: [PATCH 180/923] Updated Dutch translation --- po/nl.po | 187 ++++++++++++++++++++++++++++++------------------------- 1 file changed, 103 insertions(+), 84 deletions(-) diff --git a/po/nl.po b/po/nl.po index 08b2e101..08bda2ac 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-11-04 16:32+0100\n" +"POT-Creation-Date: 2000-11-04 18:01+0100\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -67,7 +67,7 @@ msgstr "Verzenden van %d bytes metadata naar %s (%s): %s" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:89 src/net.c:962 +#: src/meta.c:89 src/net.c:981 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" @@ -97,304 +97,309 @@ msgstr "Kreeg verzoek van %s (%s): %s" msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:93 src/net.c:470 src/net.c:477 src/net.c:485 src/net.c:516 -#: src/net.c:542 src/net.c:550 src/net.c:987 +#: src/net.c:93 src/net.c:489 src/net.c:496 src/net.c:504 src/net.c:535 +#: src/net.c:561 src/net.c:569 src/net.c:1006 #, c-format msgid "System call `%s' failed: %m" msgstr "Systeemaanroep `%s' mislukte: %m" +#: src/net.c:123 +#, c-format +msgid "Couldn't chdir to `%s': %m" +msgstr "Kon map niet veranderen naar `%s': %m" + #. No return on success #. Ignore if the file does not exist -#: src/net.c:112 +#: src/net.c:131 #, c-format msgid "Error executing `%s': %m" msgstr "Fout tijdens uitvoeren `%s': %m" -#: src/net.c:139 +#: src/net.c:158 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net.c:148 +#: src/net.c:167 #, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" -#: src/net.c:177 +#: src/net.c:196 #, c-format msgid "Writing packet of %d bytes to tap device" msgstr "Verzending pakket van %d bytes naar tap-apparaat" -#: src/net.c:187 +#: src/net.c:206 #, c-format msgid "Can't write to tun/tap device: %m" msgstr "Kan niet naar tun/tap apparaat schrijven: %m" -#: src/net.c:194 +#: src/net.c:213 #, c-format msgid "Can't write to ethertap device: %m" msgstr "Kan niet naar ethertap apparaat schrijven: %m" -#: src/net.c:295 +#: src/net.c:314 msgid "Queue flushed" msgstr "Wachtrij leeggemaakt" -#: src/net.c:310 +#: src/net.c:329 #, c-format msgid "Flushing send queue for %s (%s)" msgstr "Legen van verzend-wachtrij voor %s (%s)" -#: src/net.c:318 +#: src/net.c:337 #, c-format msgid "Flushing receive queue for %s (%s)" msgstr "Legen van de ontvangst-wachtrij voor %s (%s)" -#: src/net.c:337 +#: src/net.c:356 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" -#: src/net.c:353 +#: src/net.c:372 #, c-format msgid "Could not open UDP connection to %s (%s)" msgstr "Kon geen UDP verbinding openen naar %s (%s)" -#: src/net.c:409 +#: src/net.c:428 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" -#: src/net.c:436 +#: src/net.c:455 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s is een nieuwe stijl tun/tap apparaat" -#: src/net.c:464 +#: src/net.c:483 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:494 +#: src/net.c:513 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:510 +#: src/net.c:529 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:536 +#: src/net.c:555 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:562 +#: src/net.c:581 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:579 +#: src/net.c:598 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:589 +#: src/net.c:608 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:600 +#: src/net.c:619 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:607 +#: src/net.c:626 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:613 +#: src/net.c:632 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:636 +#: src/net.c:655 msgid "Invalid name for outgoing connection" msgstr "Ongelige naam voor uitgaande verbinding" -#: src/net.c:645 +#: src/net.c:664 #, c-format msgid "Error reading host configuration file for %s" msgstr "Fout tijdens lezen host configuratie bestand voor %s" -#: src/net.c:652 +#: src/net.c:671 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:659 +#: src/net.c:678 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:669 +#: src/net.c:688 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:704 +#: src/net.c:723 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:712 +#: src/net.c:731 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:718 +#: src/net.c:737 msgid "Private key for tinc daemon required!" msgstr "Privé sleutel voor tinc daemon verplicht!" -#: src/net.c:730 +#: src/net.c:749 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:736 +#: src/net.c:755 msgid "Public key for tinc daemon required!" msgstr "Publieke sleutel voor tinc daemon verplicht!" -#: src/net.c:776 +#: src/net.c:795 msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" -#: src/net.c:785 +#: src/net.c:804 msgid "Unable to set up a listening socket!" msgstr "Kon geen luistersocket aanmaken!" -#: src/net.c:791 +#: src/net.c:810 msgid "Unable to set up an incoming vpn data socket!" msgstr "Kon geen socket maken voor inkomend vpn verkeer!" -#: src/net.c:816 +#: src/net.c:835 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:848 +#: src/net.c:867 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:890 +#: src/net.c:909 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:925 +#: src/net.c:944 msgid "Terminating" msgstr "Beëindigen" -#: src/net.c:939 +#: src/net.c:958 #, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:944 +#: src/net.c:963 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:954 +#: src/net.c:973 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:1003 +#: src/net.c:1022 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1049 +#: src/net.c:1068 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1055 +#: src/net.c:1074 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1061 +#: src/net.c:1080 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1067 +#: src/net.c:1086 #, c-format msgid "Received packet of %d bytes" msgstr "Ontvangst pakket van %d bytes" -#: src/net.c:1089 +#: src/net.c:1108 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1125 +#: src/net.c:1144 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:1157 +#: src/net.c:1176 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1188 +#: src/net.c:1207 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1196 +#: src/net.c:1215 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1229 +#: src/net.c:1248 #, c-format msgid "Outgoing data socket error for %s (%s): %s" msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" -#: src/net.c:1265 +#: src/net.c:1284 #, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1274 +#: src/net.c:1293 #, c-format msgid "Error while reading from ethertap device: %m" msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1285 +#: src/net.c:1304 msgid "Received short packet from tap device" msgstr "Kort pakket ontvangen van tap apparaat" -#: src/net.c:1291 +#: src/net.c:1310 #, c-format msgid "Read packet of length %d from tap device" msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1323 +#: src/net.c:1342 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1330 +#: src/net.c:1349 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1337 +#: src/net.c:1356 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1363 +#: src/net.c:1382 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" @@ -635,58 +640,58 @@ msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe verbinding" -#: src/protocol.c:897 +#: src/protocol.c:899 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:906 +#: src/protocol.c:908 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:915 +#: src/protocol.c:917 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:926 +#: src/protocol.c:928 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:936 +#: src/protocol.c:938 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:972 +#: src/protocol.c:974 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:979 +#: src/protocol.c:981 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:1003 +#: src/protocol.c:1005 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:1010 +#: src/protocol.c:1012 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:1086 +#: src/protocol.c:1088 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:1093 +#: src/protocol.c:1095 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -695,12 +700,12 @@ msgstr "" "Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1124 +#: src/protocol.c:1126 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:1131 +#: src/protocol.c:1133 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -709,7 +714,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1149 +#: src/protocol.c:1151 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -717,12 +722,12 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1185 +#: src/protocol.c:1187 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:1192 +#: src/protocol.c:1194 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -731,13 +736,13 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1204 +#: src/protocol.c:1206 #, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "" "Kreeg ongeldige ADD_KEY van %s (%s) herkomst %s: ongeldige sleutellengte" -#: src/protocol.c:1225 +#: src/protocol.c:1218 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -745,6 +750,20 @@ msgid "" msgstr "" "Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" +#: src/route.c:57 +#, c-format +msgid "Cannot route packet: unknown type %hx" +msgstr "Kan pakket niet routeren: onbekend type %hx" + +#: src/route.c:74 +#, c-format +msgid "Cannot route packet: unknown destination address %d.%d.%d.%d" +msgstr "Kan pakket niet routeren: onbekend doeladres %d.%d.%d.%d" + +#: src/route.c:85 +msgid "Cannot route packet: IPv6 routing not implemented yet" +msgstr "Kan pakket niet routeren: IPv6 routering nog niet ingebouwd" + #. Do some intl stuff right now #: src/subnet.c:243 src/tincd.c:396 msgid "unknown" From 5019dd879177b5ab9413e5c0aa72a15d0e585acf Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 4 Nov 2000 17:09:10 +0000 Subject: [PATCH 181/923] - Check for packets that are looping back. --- src/net.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/net.c b/src/net.c index 016b86ad..6e4fa663 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.64 2000/11/04 15:32:05 zarq Exp $ + $Id: net.c,v 1.35.4.65 2000/11/04 17:09:10 guus Exp $ */ #include "config.h" @@ -358,10 +358,21 @@ cp } return -1; - } + } cl = subnet->owner; + if(cl == myself) + { + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_NOTICE, _("Packet with destination %d.%d.%d.%d is looping back to us!"), + IP_ADDR_V(to)); + } + + return -1; + } + /* If we ourselves have indirectdata flag set, we should send only to our uplink! */ /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */ From 2191d894bfd615e8fa7857d031ea630edc12a854 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 4 Nov 2000 17:29:45 +0000 Subject: [PATCH 182/923] Build-depends on libtool --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index cfbce0af..97c84214 100644 --- a/debian/control +++ b/debian/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: Ivo Timmermans Standards-Version: 3.0.1 Build-Depends: libc6-dev, libssl095a-dev, autoconf (>= 2.12), - automake, debhelper + automake, debhelper, libtool Package: tinc Architecture: i386 From afc05797077641baa33b024ffeaafd6cad3ff7a7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 4 Nov 2000 20:44:28 +0000 Subject: [PATCH 183/923] - Simplified ping mechanism. --- src/connlist.h | 4 +--- src/meta.c | 3 +-- src/net.c | 23 +++++++++++------------ src/protocol.c | 6 ++++-- 4 files changed, 17 insertions(+), 19 deletions(-) diff --git a/src/connlist.h b/src/connlist.h index 0b9fa6b3..2d66289a 100644 --- a/src/connlist.h +++ b/src/connlist.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.h,v 1.1.2.11 2000/11/04 11:49:57 guus Exp $ + $Id: connlist.h,v 1.1.2.12 2000/11/04 20:44:26 guus Exp $ */ #ifndef __TINC_CONNLIST_H__ @@ -31,7 +31,6 @@ typedef struct status_bits_t { int pinged:1; /* sent ping */ - int got_pong:1; /* received pong */ int meta:1; /* meta connection exists */ int active:1; /* 1 if active.. */ int outgoing:1; /* I myself asked for this conn */ @@ -82,7 +81,6 @@ typedef struct conn_list_t { int allow_request; /* defined if there's only one request possible */ time_t last_ping_time; /* last time we saw some activity from the other end */ - int want_ping; /* 0 if there's no need to check for activity. Shouldn't this go into status? (GS) */ char *mychallenge; /* challenge we received from him */ char *hischallenge; /* challenge we sent to him */ diff --git a/src/meta.c b/src/meta.c index 6b2a8e2b..da090629 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.8 2000/10/29 22:55:14 guus Exp $ + $Id: meta.c,v 1.1.2.9 2000/11/04 20:44:26 guus Exp $ */ #include "config.h" @@ -169,7 +169,6 @@ cp } cl->last_ping_time = time(NULL); - cl->want_ping = 0; cp return 0; } diff --git a/src/net.c b/src/net.c index 6e4fa663..dd692e8e 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.65 2000/11/04 17:09:10 guus Exp $ + $Id: net.c,v 1.35.4.66 2000/11/04 20:44:26 guus Exp $ */ #include "config.h" @@ -160,8 +160,6 @@ cp total_socket_out += outlen; - cl->want_ping = 1; - if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), @@ -706,7 +704,6 @@ cp ncn->buffer = xmalloc(MAXBUFSIZE); ncn->buflen = 0; ncn->last_ping_time = time(NULL); - ncn->want_ping = 0; conn_list_add(ncn); @@ -889,9 +886,15 @@ int setup_network_connections(void) config_t const *cfg; cp if((cfg = get_config_val(config, pingtimeout)) == NULL) - timeout = 5; + timeout = 60; else - timeout = cfg->data.val; + { + timeout = cfg->data.val; + if(timeout < 1) + { + timeout = 86400; + } + } if(setup_tap_fd() < 0) return -1; @@ -1027,7 +1030,6 @@ cp p->buffer = xmalloc(MAXBUFSIZE); p->buflen = 0; p->last_ping_time = time(NULL); - p->want_ping = 0; if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection from %s port %d"), @@ -1181,7 +1183,7 @@ cp { if(p->last_ping_time + timeout < now) { - if(p->status.pinged && !p->status.got_pong) + if(p->status.pinged) { if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), @@ -1189,12 +1191,9 @@ cp p->status.timeout = 1; terminate_connection(p); } - else if(p->want_ping) + else { send_ping(p); - p->last_ping_time = now; - p->status.pinged = 1; - p->status.got_pong = 0; } } } diff --git a/src/protocol.c b/src/protocol.c index 8d03cc0b..0728ea1a 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.56 2000/11/04 16:54:21 guus Exp $ + $Id: protocol.c,v 1.28.4.57 2000/11/04 20:44:28 guus Exp $ */ #include "config.h" @@ -1037,7 +1037,9 @@ cp int send_ping(conn_list_t *cl) { +cp cl->status.pinged = 1; + cl->last_ping_time = time(NULL); cp return send_request(cl, "%d", PING); } @@ -1057,7 +1059,7 @@ cp int pong_h(conn_list_t *cl) { cp - cl->status.got_pong = 1; + cl->status.pinged = 0; cp return 0; } From 698191fd2f512f3618e2d60592fcd57cd750b965 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 4 Nov 2000 22:57:33 +0000 Subject: [PATCH 184/923] - Prepended config_ to all configuration option names, because it confused everything (including myself). - Use connection oriented UDP sockets for both incoming and outgoing packets. --- src/conf.c | 40 ++++++++--------- src/conf.h | 40 ++++++++--------- src/connlist.c | 18 +------- src/net.c | 114 ++++++++++++++++++++++++++++--------------------- src/net.h | 3 +- src/netutl.c | 4 +- src/protocol.c | 6 ++- src/route.c | 40 +++++++++++++---- src/subnet.c | 4 +- 9 files changed, 147 insertions(+), 122 deletions(-) diff --git a/src/conf.c b/src/conf.c index 477d0fd8..0a65e32d 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.20 2000/11/03 22:35:10 zarq Exp $ + $Id: conf.c,v 1.9.4.21 2000/11/04 22:57:30 guus Exp $ */ #include "config.h" @@ -56,26 +56,26 @@ int sighup = 0; */ static internal_config_t hazahaza[] = { /* Main configuration file keywords */ - { "Name", tincname, TYPE_NAME }, - { "ConnectTo", connectto, TYPE_NAME }, - { "PingTimeout", pingtimeout, TYPE_INT }, - { "TapDevice", tapdevice, TYPE_NAME }, - { "PrivateKey", privatekey, TYPE_NAME }, - { "KeyExpire", keyexpire, TYPE_INT }, - { "Hostnames", resolve_dns, TYPE_BOOL }, - { "Interface", interface, TYPE_NAME }, - { "InterfaceIP", interfaceip, TYPE_IP }, + { "Name", config_name, TYPE_NAME }, + { "ConnectTo", config_connectto, TYPE_NAME }, + { "PingTimeout", config_pingtimeout, TYPE_INT }, + { "TapDevice", config_tapdevice, TYPE_NAME }, + { "PrivateKey", config_privatekey, TYPE_NAME }, + { "KeyExpire", config_keyexpire, TYPE_INT }, + { "Hostnames", config_hostnames, TYPE_BOOL }, + { "Interface", config_interface, TYPE_NAME }, + { "InterfaceIP", config_interfaceip, TYPE_IP }, /* Host configuration file keywords */ - { "Address", address, TYPE_NAME }, - { "Port", port, TYPE_INT }, - { "PublicKey", publickey, TYPE_NAME }, - { "Subnet", subnet, TYPE_IP }, /* Use IPv4 subnets only for now */ - { "RestrictHosts", restricthosts, TYPE_BOOL }, - { "RestrictSubnets", restrictsubnets, TYPE_BOOL }, - { "RestrictAddress", restrictaddress, TYPE_BOOL }, - { "RestrictPort", restrictport, TYPE_BOOL }, - { "IndirectData", indirectdata, TYPE_BOOL }, - { "TCPonly", tcponly, TYPE_BOOL }, + { "Address", config_address, TYPE_NAME }, + { "Port", config_port, TYPE_INT }, + { "PublicKey", config_publickey, TYPE_NAME }, + { "Subnet", config_subnet, TYPE_IP }, /* Use IPv4 subnets only for now */ + { "RestrictHosts", config_restricthosts, TYPE_BOOL }, + { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL }, + { "RestrictAddress", config_restrictaddress, TYPE_BOOL }, + { "RestrictPort", config_restrictport, TYPE_BOOL }, + { "IndirectData", config_indirectdata, TYPE_BOOL }, + { "TCPonly", config_tcponly, TYPE_BOOL }, { NULL, 0, 0 } }; diff --git a/src/conf.h b/src/conf.h index c4c030ad..9ab0add6 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.15 2000/10/29 00:24:31 guus Exp $ + $Id: conf.h,v 1.6.4.16 2000/11/04 22:57:30 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -33,25 +33,25 @@ typedef struct ip_mask_t { } ip_mask_t; typedef enum which_t { - tincname = 1, - connectto, - pingtimeout, - tapdevice, - privatekey, - keyexpire, - resolve_dns, - interface, - interfaceip, - address, - port, - publickey, - subnet, - restricthosts, - restrictsubnets, - restrictaddress, - restrictport, - indirectdata, - tcponly, + config_name = 1, + config_connectto, + config_pingtimeout, + config_tapdevice, + config_privatekey, + config_keyexpire, + config_hostnames, + config_interface, + config_interfaceip, + config_address, + config_port, + config_publickey, + config_subnet, + config_restricthosts, + config_restrictsubnets, + config_restrictaddress, + config_restrictport, + config_indirectdata, + config_tcponly, } which_t; typedef struct config_t { diff --git a/src/connlist.c b/src/connlist.c index 63f9e6c5..5d41dcb6 100644 --- a/src/connlist.c +++ b/src/connlist.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.14 2000/11/04 15:34:07 guus Exp $ + $Id: connlist.c,v 1.1.2.15 2000/11/04 22:57:30 guus Exp $ */ #include "config.h" @@ -162,8 +162,6 @@ cp void dump_conn_list(void) { conn_list_t *p; - subnet_t *s; - char *netstr; cp syslog(LOG_DEBUG, _("Connection list:")); @@ -171,25 +169,11 @@ cp myself->name, myself->hostname, myself->port, myself->flags, myself->socket, myself->meta_socket, myself->status); - for(s = myself->subnets; s != NULL; s = s->next) - { - netstr = net2str(s); - syslog(LOG_DEBUG, " %s", netstr); - free(netstr); - } - for(p = conn_list; p != NULL; p = p->next) { syslog(LOG_DEBUG, _(" %s at %s port %hd flags %d sockets %d, %d status %04x"), p->name, p->hostname, p->port, p->flags, p->socket, p->meta_socket, p->status); - - for(s = p->subnets; s != NULL; s = s->next) - { - netstr = net2str(s); - syslog(LOG_DEBUG, " %s", netstr); - free(netstr); - } } syslog(LOG_DEBUG, _("End of connection list.")); diff --git a/src/net.c b/src/net.c index dd692e8e..a4324a47 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.66 2000/11/04 20:44:26 guus Exp $ + $Id: net.c,v 1.35.4.67 2000/11/04 22:57:30 guus Exp $ */ #include "config.h" @@ -170,7 +170,7 @@ cp return 0; } -int xrecv(vpn_packet_t *inpkt) +int xrecv(conn_list_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; int outlen, outpad; @@ -294,7 +294,7 @@ cp returned a zero exit code */ void flush_queue(conn_list_t *cl, packet_queue_t **pq, - int (*function)(conn_list_t*,void*)) + int (*function)(conn_list_t*,vpn_packet_t*)) { queue_element_t *p, *next = NULL; cp @@ -375,6 +375,8 @@ cp /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */ + /* Connections are now opened beforehand... + if(!cl->status.dataopen) if(setup_vpn_connection(cl) < 0) { @@ -382,6 +384,7 @@ cp cl->name, cl->hostname); return -1; } + */ if(!cl->status.validkey) { @@ -423,7 +426,7 @@ int setup_tap_fd(void) struct ifreq ifr; cp - if((cfg = get_config_val(config, tapdevice))) + if((cfg = get_config_val(config, config_tapdevice))) tapfname = cfg->data.ptr; else #ifdef HAVE_TUNTAP @@ -515,7 +518,7 @@ cp return -1; } - if((cfg = get_config_val(config, interface))) + if((cfg = get_config_val(config, config_interface))) { if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr))) { @@ -528,7 +531,7 @@ cp a.sin_family = AF_INET; a.sin_port = htons(port); - if((cfg = get_config_val(config, interfaceip))) + if((cfg = get_config_val(config, config_interfaceip))) a.sin_addr.s_addr = htonl(cfg->data.ip->address); else a.sin_addr.s_addr = htonl(INADDR_ANY); @@ -606,7 +609,7 @@ cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname); - if((cfg = get_config_val(cl->config, port)) == NULL) + if((cfg = get_config_val(cl->config, config_port)) == NULL) cl->port = 655; else cl->port = cfg->data.val; @@ -675,7 +678,7 @@ cp return -1; } - if(!(cfg = get_config_val(ncn->config, address))) + if(!(cfg = get_config_val(ncn->config, config_address))) { syslog(LOG_ERR, _("No address specified for %s")); free_conn_list(ncn); @@ -718,6 +721,7 @@ cp int setup_myself(void) { config_t const *cfg; + config_t *next; subnet_t *net; cp myself = new_conn_list(); @@ -726,7 +730,7 @@ cp myself->flags = 0; myself->protocol_version = PROT_CURRENT; - if(!(cfg = get_config_val(config, tincname))) /* Not acceptable */ + if(!(cfg = get_config_val(config, config_name))) /* Not acceptable */ { syslog(LOG_ERR, _("Name for tinc daemon required!")); return -1; @@ -740,7 +744,7 @@ cp return -1; } cp - if(!(cfg = get_config_val(config, privatekey))) + if(!(cfg = get_config_val(config, config_privatekey))) { syslog(LOG_ERR, _("Private key for tinc daemon required!")); return -1; @@ -758,7 +762,7 @@ cp return -1; } cp - if(!(cfg = get_config_val(myself->config, publickey))) + if(!(cfg = get_config_val(myself->config, config_publickey))) { syslog(LOG_ERR, _("Public key for tinc daemon required!")); return -1; @@ -774,22 +778,22 @@ cp return -1; } */ - if(!(cfg = get_config_val(myself->config, port))) + if(!(cfg = get_config_val(myself->config, config_port))) myself->port = 655; else myself->port = cfg->data.val; - if((cfg = get_config_val(myself->config, indirectdata))) + if((cfg = get_config_val(myself->config, config_indirectdata))) if(cfg->data.val == stupid_true) myself->flags |= EXPORTINDIRECTDATA; - if((cfg = get_config_val(myself->config, tcponly))) + if((cfg = get_config_val(myself->config, config_tcponly))) if(cfg->data.val == stupid_true) myself->flags |= TCPONLY; /* Read in all the subnets specified in the host configuration file */ - for(cfg = myself->config; (cfg = get_config_val(cfg, subnet)); cfg = cfg->next) + for(next = myself->config; (cfg = get_config_val(next, config_subnet)); next = cfg->next) { net = new_subnet(); net->type = SUBNET_IPV4; @@ -813,13 +817,6 @@ cp return -1; } - if((myself->socket = setup_vpn_in_socket(myself->port)) < 0) - { - syslog(LOG_ERR, _("Unable to set up an incoming vpn data socket!")); - close(myself->meta_socket); - return -1; - } - /* Generate packet encryption key */ myself->cipher_pkttype = EVP_bf_cfb(); @@ -829,7 +826,7 @@ cp myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength); RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); - if(!(cfg = get_config_val(config, keyexpire))) + if(!(cfg = get_config_val(config, config_keyexpire))) keylifetime = 3600; else keylifetime = cfg->data.val; @@ -850,7 +847,7 @@ sigalrm_handler(int a) { config_t const *cfg; cp - cfg = get_config_val(upstreamcfg, connectto); + cfg = get_config_val(upstreamcfg, config_connectto); if(!cfg && upstreamcfg == config) /* No upstream IP given, we're listen only. */ @@ -864,7 +861,7 @@ cp signal(SIGALRM, SIG_IGN); return; } - cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */ + cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */ } signal(SIGALRM, sigalrm_handler); @@ -885,7 +882,7 @@ int setup_network_connections(void) { config_t const *cfg; cp - if((cfg = get_config_val(config, pingtimeout)) == NULL) + if((cfg = get_config_val(config, config_pingtimeout)) == NULL) timeout = 60; else { @@ -905,7 +902,7 @@ cp /* Run tinc-up script to further initialize the tap interface */ execute_script("tinc-up"); - if(!(cfg = get_config_val(config, connectto))) + if(!(cfg = get_config_val(config, config_connectto))) /* No upstream IP given, we're listen only. */ return 0; @@ -914,7 +911,7 @@ cp upstreamcfg = cfg->next; if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ return 0; - cfg = get_config_val(upstreamcfg, connectto); /* Or else we try the next ConnectTo line */ + cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */ } signal(SIGALRM, sigalrm_handler); @@ -943,7 +940,6 @@ cp if(myself->status.active) { close(myself->meta_socket); - close(myself->socket); free_conn_list(myself); myself = NULL; } @@ -967,6 +963,7 @@ int setup_vpn_connection(conn_list_t *cl) { int nfd, flags; struct sockaddr_in a; + const int one = 1; cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname); @@ -978,6 +975,32 @@ cp return -1; } + if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) + { + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "setsockopt"); + return -1; + } + + flags = fcntl(nfd, F_GETFL); + if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) + { + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fcntl"); + return -1; + } + + memset(&a, 0, sizeof(a)); + a.sin_family = AF_INET; + a.sin_port = htons(myself->port); + a.sin_addr.s_addr = htonl(INADDR_ANY); + + if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) + { + syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), myself->port); + return -1; + } + a.sin_family = AF_INET; a.sin_port = htons(cl->port); a.sin_addr.s_addr = htonl(cl->address); @@ -1058,7 +1081,6 @@ cp } FD_SET(myself->meta_socket, fs); - FD_SET(myself->socket, fs); FD_SET(tap_fd, fs); cp } @@ -1068,18 +1090,16 @@ cp udp socket and write it to the ethertap device after being decrypted */ -int handle_incoming_vpn_data() +int handle_incoming_vpn_data(conn_list_t *cl) { vpn_packet_t pkt; int x, l = sizeof(x); - struct sockaddr from; int lenin; - socklen_t fromlen = sizeof(from); cp - if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) + if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), - __FILE__, __LINE__, myself->socket); + __FILE__, __LINE__, cl->socket); return -1; } if(x) @@ -1088,7 +1108,7 @@ cp return -1; } - if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, &from, &fromlen)) <= 0) + if((lenin = recv(cl->socket, (char *) &(pkt.len), MTU, 0)) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); return -1; @@ -1096,11 +1116,12 @@ cp if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_DEBUG, _("Received packet of %d bytes"), lenin); - } + syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), lenin, + cl->name, cl->hostname); + } cp - return xrecv(&pkt); + return xrecv(cl, &pkt); } /* @@ -1238,7 +1259,6 @@ cp void check_network_activity(fd_set *f) { conn_list_t *p; - int x, l = sizeof(x); cp for(p = conn_list; p != NULL; p = p->next) { @@ -1248,16 +1268,15 @@ cp if(p->status.dataopen) if(FD_ISSET(p->socket, f)) { - /* - The only thing that can happen to get us here is apparently an - error on this outgoing(!) UDP socket that isn't immediate (i.e. - something that will not trigger an error directly on send()). - I've once got here when it said `No route to host'. - */ + handle_incoming_vpn_data(p); + + /* Old error stuff (FIXME: copy this to handle_incoming_vpn_data() + getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l); syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"), p->name, p->hostname, strerror(x)); terminate_connection(p); + */ return; } @@ -1270,9 +1289,6 @@ cp } } - if(FD_ISSET(myself->socket, f)) - handle_incoming_vpn_data(); - if(FD_ISSET(myself->meta_socket, f)) handle_new_meta_connection(); cp diff --git a/src/net.h b/src/net.h index 98366349..e3d974ed 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.20 2000/10/29 09:19:25 guus Exp $ + $Id: net.h,v 1.9.4.21 2000/11/04 22:57:31 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -118,7 +118,6 @@ extern void main_loop(void); extern int setup_vpn_connection(conn_list_t *); extern void terminate_connection(conn_list_t *); extern void flush_queues(conn_list_t *); -extern int xrecv(vpn_packet_t *); extern void add_queue(packet_queue_t **, void *, size_t); #endif /* __TINC_NET_H__ */ diff --git a/src/netutl.c b/src/netutl.c index b80473b1..d92d3ee5 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.14 2000/10/29 09:19:25 guus Exp $ + $Id: netutl.c,v 1.12.4.15 2000/11/04 22:57:31 guus Exp $ */ #include "config.h" @@ -72,7 +72,7 @@ cp in.s_addr = addr; lookup_hostname = 0; - if((cfg = get_config_val(config, resolve_dns)) != NULL) + if((cfg = get_config_val(config, config_hostnames)) != NULL) if(cfg->data.val == stupid_true) lookup_hostname = 1; diff --git a/src/protocol.c b/src/protocol.c index 0728ea1a..879e06f1 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.57 2000/11/04 20:44:28 guus Exp $ + $Id: protocol.c,v 1.28.4.58 2000/11/04 22:57:32 guus Exp $ */ #include "config.h" @@ -225,7 +225,7 @@ cp } } cp - if((cfg = get_config_val(cl->config, publickey))) + if((cfg = get_config_val(cl->config, config_publickey))) { cl->rsa_key = RSA_new(); BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr); @@ -561,6 +561,8 @@ cp if(cl->status.outgoing) cl->allow_request = ACK; + setup_vpn_connection(cl); + x = send_request(cl, "%d", ACK); cl->status.encryptout = 1; cp diff --git a/src/route.c b/src/route.c index a958e1a7..0509b962 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.1 2000/10/23 13:52:54 guus Exp $ + $Id: route.c,v 1.1.2.2 2000/11/04 22:57:33 guus Exp $ */ #include "config.h" @@ -30,7 +30,7 @@ #include "system.h" -int routing_mode = 0; /* Will be used to determine if we route by MAC or by payload's protocol */ +int routing_mode = 0; /* Will be used to determine if we route by MAC or by payload's protocol */ conn_list_t *route_packet(vpn_packet_t *packet) { @@ -38,6 +38,11 @@ conn_list_t *route_packet(vpn_packet_t *packet) cp type = ntohs(*((unsigned short*)(&packet.data[12]))) + if(routing_mode) + { + return route_mac(packet); + } + switch(type) { case 0x0800: @@ -51,15 +56,35 @@ cp return route_arp(packet); */ default: - /* TODO: try MAC as last resort? */ if(debug_lvl >= DEBUG_TRAFFIC) { syslog(LOG_WARNING, _("Cannot route packet: unknown type %hx"), type); } - return NULL; + return NULL; } } +conn_list_t *route_mac(vpn_packet_t *packet) +{ + conn_list_t *cl; +cp + cl = lookup_subnet_mac((mac_t *)(&packet.data[6])); + if(!cl) + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_WARNING, _("Cannot route packet: unknown destination address %x:%x:%x:%x:%x:%x"), + packet.data[6], + packet.data[7], + packet.data[8], + packet.data[9], + packet.data[10], + packet.data[11]); + } +cp + return cl; +} + + conn_list_t *route_ipv4(vpn_packet_t *packet) { ipv4_t dest; @@ -67,22 +92,21 @@ conn_list_t *route_ipv4(vpn_packet_t *packet) cp dest = ntohl(*((unsigned long*)(&packet.data[30]); - cl = lookup_conn_list_ipv4(dest); + cl = lookup_subnet_ipv4(dest); if(!cl) if(debug_lvl >= DEBUG_TRAFFIC) { syslog(LOG_WARNING, _("Cannot route packet: unknown destination address %d.%d.%d.%d"), packet.data[30], packet.data[31], packet.data[32], packet.data[33]); } - - return cl; cp + return cl; } conn_list_t *route_ipv6(vpn_packet_t *packet) { cp syslog(LOG_WARNING, _("Cannot route packet: IPv6 routing not implemented yet")); - return NULL; cp + return NULL; } diff --git a/src/subnet.c b/src/subnet.c index 15ae528e..6ca3feef 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.10 2000/11/04 11:49:58 guus Exp $ + $Id: subnet.c,v 1.1.2.11 2000/11/04 22:57:33 guus Exp $ */ #include "config.h" @@ -301,7 +301,7 @@ cp for(subnet = subnet_list[SUBNET_IPV4]; subnet != NULL; subnet = subnet->global_next) { netstr = net2str(subnet); - syslog(LOG_DEBUG, " %s owner %s", netstr, subnet->owner->name); + syslog(LOG_DEBUG, " %s owner %s", netstr, subnet->owner->name); free(netstr); } From efc3a2a466937da942afc84dde080ba8b1731140 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 5 Nov 2000 02:19:58 +0000 Subject: [PATCH 185/923] Build-Depends on gettext --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 97c84214..43d6e428 100644 --- a/debian/control +++ b/debian/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: Ivo Timmermans Standards-Version: 3.0.1 Build-Depends: libc6-dev, libssl095a-dev, autoconf (>= 2.12), - automake, debhelper, libtool + automake, debhelper, libtool, gettext Package: tinc Architecture: i386 From f95cc86d0c14ca4c47e5459af4bb6d1170baa9f5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 7 Nov 2000 21:43:28 +0000 Subject: [PATCH 186/923] Changed execution of tinc-up: - Do not free() strings that have been putenv()d, see man page of the latter. - Do not set IFNAME anymore, it appears that the ioctl to get the name of the interface does not work at all. Since it is set to NETNAME in case of tun/tap and it is known beforehand in case of ethertap, there is no need for it anyway... (though it would've simplified things). --- src/net.c | 31 ++++++++----------------------- 1 file changed, 8 insertions(+), 23 deletions(-) diff --git a/src/net.c b/src/net.c index a4324a47..bc32b7cc 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.67 2000/11/04 22:57:30 guus Exp $ + $Id: net.c,v 1.35.4.68 2000/11/07 21:43:28 guus Exp $ */ #include "config.h" @@ -74,7 +74,6 @@ int keylifetime = 0; int keyexpires = 0; char *unknown = NULL; -char *interface_name = NULL; /* Contains the name of the interface */ subnet_t mymac; @@ -82,7 +81,7 @@ subnet_t mymac; Execute the given script. This function doesn't really belong here. */ -int execute_script(const char* name) +int execute_script(const char *name) { char *scriptname; pid_t pid; @@ -102,35 +101,28 @@ int execute_script(const char* name) /* Child here */ - asprintf(&scriptname, "%s/%s", confbase, name); - asprintf(&s, "IFNAME=%s", interface_name); - putenv(s); - free(s); - if(netname) { asprintf(&s, "NETNAME=%s", netname); - putenv(s); - free(s); + putenv(s); /* Don't free s! see man 3 putenv */ } else { unsetenv("NETNAME"); } - if(chdir(confbase) < 0) - { - syslog(LOG_ERR, _("Couldn't chdir to `%s': %m"), - confbase); - } + chdir(confbase); /* This cannot fail since we already read config files from this directory. */ + asprintf(&scriptname, "%s/%s", confbase, name); execl(scriptname, NULL); + /* No return on success */ if(errno != ENOENT) /* Ignore if the file does not exist */ syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname); /* No need to free things */ + exit(0); } @@ -463,18 +455,11 @@ cp strncpy(ifr.ifr_name, netname, IFNAMSIZ); cp if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr)) - { + { syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname); taptype = TAP_TYPE_TUNTAP; } #endif - - /* Add name of network interface to environment (for scripts) */ - - ioctl(tap_fd, SIOCGIFNAME, (void *) &ifr); - interface_name = xmalloc(strlen(ifr.ifr_name)); - strcpy(interface_name, ifr.ifr_name); - cp return 0; } From 7d0f82bd4b7044a5151835e25e830fd28dfaaebd Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 7 Nov 2000 22:02:14 +0000 Subject: [PATCH 187/923] - Open UDP connection for all known hosts. Comments please. --- src/protocol.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/protocol.c b/src/protocol.c index 879e06f1..361820bd 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.58 2000/11/04 22:57:32 guus Exp $ + $Id: protocol.c,v 1.28.4.59 2000/11/07 22:02:14 guus Exp $ */ #include "config.h" @@ -877,6 +877,11 @@ cp new->cipher_pkttype = EVP_bf_cfb(); new->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; + /* Okay this is a bit ugly... it would be better to setup UDP sockets dynamically, or + * perhaps just one UDP socket... but then again, this has benefits too... + */ + + setup_vpn_connection(new); cp return 0; } From 56bd0864e4c5680fee59af48228b1ec3fb97b57b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 7 Nov 2000 22:33:33 +0000 Subject: [PATCH 188/923] Porting to SunOS 5.8: - Include all header files necessary - Check for flock() function --- configure.in | 4 ++-- lib/pidfile.c | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index beab3517..3295de99 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.13 2000/11/02 21:38:55 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.14 2000/11/07 22:33:33 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre3) @@ -46,7 +46,7 @@ dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL -AC_CHECK_FUNCS(ftime socket select strtol strerror) +AC_CHECK_FUNCS(ftime socket select strtol strerror flock) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/lib/pidfile.c b/lib/pidfile.c index 2f30a4e8..54a6b4c1 100644 --- a/lib/pidfile.c +++ b/lib/pidfile.c @@ -32,6 +32,8 @@ #include #include #include +#include +#include /* read_pid * @@ -93,13 +95,15 @@ int write_pid (char *pidfile) fprintf(stderr, "Can't open or create %s.\n", pidfile); return 0; } - + +#ifdef HAVE_FLOCK if (flock(fd, LOCK_EX|LOCK_NB) == -1) { fscanf(f, "%d", &pid); fclose(f); printf("Can't lock, lock is held by pid %d.\n", pid); return 0; } +#endif pid = getpid(); if (!fprintf(f,"%d\n", pid)) { @@ -109,11 +113,13 @@ int write_pid (char *pidfile) } fflush(f); +#ifdef HAVE_FLOCK if (flock(fd, LOCK_UN) == -1) { printf("Can't unlock pidfile %s, %s.\n", pidfile, strerror(errno)); close(fd); return 0; } +#endif close(fd); return pid; From f8f1007bf469d44480d95d0d78ddc156d00e059f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 8 Nov 2000 00:10:50 +0000 Subject: [PATCH 189/923] Porting to SunOS 5.8: - More #includes Linux doesn't seem to need - Don't do unsetenv() on SunOS - Use a replacement asprintf() in case the OS doesn't support it It now compiles properly under SunOS. --- configure.in | 4 ++-- lib/utils.c | 31 +++++++++++++++++++++++++++++++ src/net.c | 8 +++++--- src/tincd.c | 3 ++- 4 files changed, 40 insertions(+), 6 deletions(-) diff --git a/configure.in b/configure.in index 3295de99..3514e0e2 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.14 2000/11/07 22:33:33 guus Exp $ +dnl $Id: configure.in,v 1.13.2.15 2000/11/08 00:10:49 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre3) @@ -46,7 +46,7 @@ dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL -AC_CHECK_FUNCS(ftime socket select strtol strerror flock) +AC_CHECK_FUNCS(ftime socket select strtol strerror flock unsetenv asprintf) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/lib/utils.c b/lib/utils.c index 795ece92..7f588b47 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -21,11 +21,13 @@ #include #include #include +#include #include "config.h" #include #include +#include volatile int (cp_line[]) = {0, 0, 0, 0, 0, 0, 0, 0}; volatile char (*cp_file[]) = {"?", "?", "?", "?", "?", "?", "?", "?"}; @@ -72,3 +74,32 @@ void cp_trace() cp_file[cp_index], cp_line[cp_index] ); } + +#ifndef HAVE_ASPRINTF +int asprintf(char **buf, const char *fmt, ...) +{ + int status; + va_list ap; + int len; + + len = 4096; + *buf = xmalloc(len); + + va_start(ap, fmt); + status = vsnprintf (*buf, len, fmt, ap); + va_end (ap); + + if(status >= 0) + *buf = xrealloc(*buf, status); + + if(status > len-1) + { + len = status; + va_start(ap, fmt); + status = vsnprintf (*buf, len, fmt, ap); + va_end (ap); + } + + return status; +} +#endif diff --git a/src/net.c b/src/net.c index bc32b7cc..5d7f8413 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.68 2000/11/07 21:43:28 guus Exp $ + $Id: net.c,v 1.35.4.69 2000/11/08 00:10:49 guus Exp $ */ #include "config.h" @@ -25,7 +25,8 @@ #include #include #include -#include +/* SunOS really wants sys/socket.h BEFORE net/if.h */ +#include #include #include #include @@ -33,7 +34,6 @@ #include #include #include -#include #include #include #include @@ -106,10 +106,12 @@ int execute_script(const char *name) asprintf(&s, "NETNAME=%s", netname); putenv(s); /* Don't free s! see man 3 putenv */ } +#ifdef HAVE_UNSETENV else { unsetenv("NETNAME"); } +#endif chdir(confbase); /* This cannot fail since we already read config files from this directory. */ diff --git a/src/tincd.c b/src/tincd.c index 4c494f5c..e4a2a44b 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.24 2000/11/03 22:31:55 zarq Exp $ + $Id: tincd.c,v 1.10.4.25 2000/11/08 00:10:50 guus Exp $ */ #include "config.h" @@ -35,6 +35,7 @@ #include #include #include +#include #ifdef HAVE_SYS_IOCTL_H # include From 74326df7adc514798565df0a8719421adbb5fef3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 8 Nov 2000 00:20:06 +0000 Subject: [PATCH 190/923] - Fixed --config - Show warning when both netname and config directory are given. --- src/tincd.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/tincd.c b/src/tincd.c index e4a2a44b..eea15dbd 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.25 2000/11/08 00:10:50 guus Exp $ + $Id: tincd.c,v 1.10.4.26 2000/11/08 00:20:06 guus Exp $ */ #include "config.h" @@ -88,6 +88,7 @@ int write_pidfile(void); static struct option const long_options[] = { + { "config", required_argument, NULL, 'c' }, { "kill", no_argument, NULL, 'k' }, { "net", required_argument, NULL, 'n' }, { "help", no_argument, &show_help, 1 }, @@ -369,6 +370,8 @@ void make_names(void) asprintf(&pidfilename, "/var/run/tinc.%s.pid", netname); if(!confbase) asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); + else + fprintf(stderr, "Both netname and configuration directory given, using the latter...\n"); if(!identname) asprintf(&identname, "tinc.%s", netname); } From 5055e1dedc9fe984c497448c1b2ffc4afdf18aa3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 8 Nov 2000 17:56:34 +0000 Subject: [PATCH 191/923] - Applied Jamie Brigg's patch (close sockets after error) --- src/net.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/src/net.c b/src/net.c index 5d7f8413..0a23212b 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.69 2000/11/08 00:10:49 guus Exp $ + $Id: net.c,v 1.35.4.70 2000/11/08 17:56:34 guus Exp $ */ #include "config.h" @@ -485,6 +485,7 @@ cp if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "setsockopt"); return -1; @@ -492,6 +493,7 @@ cp if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one))) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "setsockopt"); return -1; @@ -500,6 +502,7 @@ cp flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "fcntl"); return -1; @@ -509,6 +512,7 @@ cp { if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr))) { + close(nfd); syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr); return -1; } @@ -525,12 +529,14 @@ cp if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) { + close(nfd); syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port); return -1; } if(listen(nfd, 3)) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "listen"); return -1; @@ -551,12 +557,14 @@ int setup_vpn_in_socket(int port) cp if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) { + close(nfd); syslog(LOG_ERR, _("Creating socket failed: %m")); return -1; } if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "setsockopt"); return -1; @@ -565,6 +573,7 @@ cp flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "fcntl"); return -1; @@ -577,6 +586,7 @@ cp if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) { + close(nfd); syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port); return -1; } @@ -615,6 +625,7 @@ cp if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1) { + close(cl->meta_socket); syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port); return -1; } @@ -622,6 +633,7 @@ cp flags = fcntl(cl->meta_socket, F_GETFL); if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0) { + close(cl->meta_socket); syslog(LOG_ERR, _("fcntl for %s port %d: %m"), cl->hostname, cl->port); return -1; @@ -964,6 +976,7 @@ cp if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "setsockopt"); return -1; @@ -972,6 +985,7 @@ cp flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %m"), "fcntl"); return -1; @@ -984,6 +998,7 @@ cp if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) { + close(nfd); syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), myself->port); return -1; } @@ -994,6 +1009,7 @@ cp if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1) { + close(nfd); syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"), cl->hostname, cl->port); return -1; @@ -1002,6 +1018,7 @@ cp flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + close(nfd); syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd, cl->name, cl->hostname); return -1; From 55d7b5a2bb1df6f55f0a93e9cfed77c1da337588 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 8 Nov 2000 18:05:06 +0000 Subject: [PATCH 192/923] - Add Jamie :) --- THANKS | 1 + 1 file changed, 1 insertion(+) diff --git a/THANKS b/THANKS index bee2a27c..81658b1a 100644 --- a/THANKS +++ b/THANKS @@ -14,6 +14,7 @@ We would like to thank * Cris van Pelt (small fixes) * Enrique Zanardi (for the Spanish translation) * Matias Carrasco (for the Spanish translation of the manual) + * Jamie Briggs (for finding a lot of socket leaks) for their help, support and ideas. Thank you guys! From 16847ea255fa8a7c0ed922af80a2f36b7bdf4b3b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 8 Nov 2000 20:52:37 +0000 Subject: [PATCH 193/923] - Make checkpoint tracing a compile time option (off by default) --- acconfig.h | 3 +++ configure.in | 8 +++++++- lib/utils.c | 4 ++++ lib/utils.h | 12 +++++++++--- src/tincd.c | 7 ++++--- 5 files changed, 27 insertions(+), 7 deletions(-) diff --git a/acconfig.h b/acconfig.h index f1d9ee74..9861a745 100644 --- a/acconfig.h +++ b/acconfig.h @@ -53,3 +53,6 @@ /* Define to the location of if_tun.h */ #undef LINUX_IF_TUN_H + +/* Define to 1 if checkpoint tracing is enabled */ +#undef ENABLE_TRACING diff --git a/configure.in b/configure.in index 3514e0e2..4d5bf9dd 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.15 2000/11/08 00:10:49 guus Exp $ +dnl $Id: configure.in,v 1.13.2.16 2000/11/08 20:52:36 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre3) @@ -84,6 +84,12 @@ AC_CHECK_FUNC(gethostbyname, [], [ dnl Check for TUN/TAP support in the kernel tinc_TUNTAP +dnl Check if checkpoint tracing has to be enabled +AC_ARG_ENABLE(tracing, + --enable-tracing enable checkpoint tracing (for debugging purposes only), + [ AC_DEFINE(ENABLE_TRACING) ] +) + AC_OUTPUT([Makefile src/Makefile doc/Makefile doc/es/Makefile intl/Makefile lib/Makefile m4/Makefile po/Makefile.in redhat/Makefile debian/Makefile]) diff --git a/lib/utils.c b/lib/utils.c index 7f588b47..8e460f4a 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -29,9 +29,11 @@ #include #include +#ifdef ENABLE_TRACING volatile int (cp_line[]) = {0, 0, 0, 0, 0, 0, 0, 0}; volatile char (*cp_file[]) = {"?", "?", "?", "?", "?", "?", "?", "?"}; volatile int cp_index = 0; +#endif char *hexadecimals = "0123456789ABCDEF"; @@ -61,6 +63,7 @@ void bin2hex(char *src, char *dst, int length) } } +#ifdef ENABLE_TRACING void cp_trace() { syslog(LOG_DEBUG, "Checkpoint trace: %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d ...", @@ -74,6 +77,7 @@ void cp_trace() cp_file[cp_index], cp_line[cp_index] ); } +#endif #ifndef HAVE_ASPRINTF int asprintf(char **buf, const char *fmt, ...) diff --git a/lib/utils.h b/lib/utils.h index c172daa2..0fa5de3e 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -37,15 +37,21 @@ enum { #define min(a,b) (((a)<(b))?(a):(b)) +#ifdef ENABLE_TRACING extern volatile int cp_line[]; extern volatile char *cp_file[]; extern volatile int cp_index; +extern void cp_trace(void); -#define cp { cp_line[cp_index] = __LINE__; cp_file[cp_index] = __FILE__; cp_index++; cp_index %= 8; } -#define ecp { fprintf(stderr, "Explicit checkpoint in %s line %d\n", __FILE__, __LINE__); } + #define cp { cp_line[cp_index] = __LINE__; cp_file[cp_index] = __FILE__; cp_index++; cp_index %= 8; } + #define ecp { fprintf(stderr, "Explicit checkpoint in %s line %d\n", __FILE__, __LINE__); } +#else + #define cp + #define ecp + #define cp_trace() +#endif extern void hex2bin(char *src, char *dst, int length); extern void bin2hex(char *src, char *dst, int length); -extern void cp_trace(void); #endif /* __TINC_UTILS_H__ */ diff --git a/src/tincd.c b/src/tincd.c index eea15dbd..ea2d3a7a 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.26 2000/11/08 00:20:06 guus Exp $ + $Id: tincd.c,v 1.10.4.27 2000/11/08 20:52:37 guus Exp $ */ #include "config.h" @@ -229,7 +229,8 @@ int keygen(int bits) void memory_full(int size) { - syslog(LOG_ERR, _("Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting."), cp_file, cp_line, size); + syslog(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exiting."), size); + cp_trace(); exit(1); } @@ -371,7 +372,7 @@ void make_names(void) if(!confbase) asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); else - fprintf(stderr, "Both netname and configuration directory given, using the latter...\n"); + fprintf(stderr, _("Both netname and configuration directory given, using the latter...\n")); if(!identname) asprintf(&identname, "tinc.%s", netname); } From 4310b17be9cefcc1814ddef471e4c5cd8f9f867e Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 9 Nov 2000 20:41:13 +0000 Subject: [PATCH 194/923] Final release notes added, also edited release notes for 1.0pre2 to what the announcement on the mailing list looked like. --- NEWS | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 76 insertions(+), 9 deletions(-) diff --git a/NEWS b/NEWS index c8e3cd34..f3e4e237 100644 --- a/NEWS +++ b/NEWS @@ -1,15 +1,82 @@ version 1.0pre3 Oct 31 2000 - * New protocol - * Use public/private key cryptography (fixes security hole) - * Spanish translation of the program and the manual - * Use OpenSSL crypto library for all cryptography - * Support for multiple subnets per tinc daemon - * Support for universal tun/tap device - * No longer depends on GMP + +* The protocol has been redesigned, and although some details are + still under discussion, this is secure. Care has been taken to + resist most, if not all, attacks. + +* Unfortunately this protocol is not compatible with earlier versions, + nor are earlier versions compatible with this version. Because the + older protocol has huge security flaws, we feel that not + implementing backwards compatibility is justified. + +* Some data about the protocol: + + * It uses public/private RSA keys for authentication (this is the + actual fix for the security hole). + + * All cryptographic functions have been taken out of tinc, instead + it uses the OpenSSL library functions. + + * Offers support for multiple subnets per tinc daemon. + +* New is also the support for the universal tun/tap device. This + means better portability to FreeBSD and Solaris. + +* tinc is tested to compile on Solaris, Linux x86, Linux alpha. + +* tinc now uses the OpenSSL library for cryptographic operations. + More information on getting and installing OpenSSL is in the manual. + This also means that the GMP library is no longer required. + +* Further, thanks to Enrique Zanardi, we have Spanish messages; Matias + Carrasco provided us with a Spanish translation of the manual. + + +What still needs to be done before 1.0: + +* Documentation. Especially since the protocol has changed, and a lot + of configuration directives have been added. + + + version 1.0pre2 May 31 2000 - * Internationalized, Dutch translation available - * Many sanity checks on the meta protocol added + +* This version has been internationalized; and a Dutch translation has + been included. + +* Two configuration variables have been added: + * VpnMask - the IP network mask for the entire VPN, not just our + subnet (as given by MyVirtualIP). The Redhat and Debian packages + use this variable in their system startup scripts, but it is + ignored by tinc. + * Hostnames - if set to `yes', look up the names of IP addresses + trying to connect to us. Default set to `no', to prevent lockups + during lookups. + +* The system startup scripts for Debian and Redhat use + /etc/tinc/nets.boot to find out which networks need to be started + during system boot. + +* Fixes to prevent denial of service attacks by sending random data + after connecting (and even when the connection has been established), + either random garbage or just nonsensical protocol fields. + +* tinc will retry to connect upon startup, does not quit if it doesn't + work the first time. + +* Hosts that are disconnected implicitly if we lose a connection get + deleted from the internal list, to prevent hogging eachother with + add and delete requests when the connection is restored. + + +What still needs to be done before 1.0: + +* Documentation. +* Failover ConnectTo lines, try another one if the first doesn't work. + + + version 1.0pre1 May 12 2000 * New meta-protocol From e65a93053cca3f8aebf63094cf160835c3108e25 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 9 Nov 2000 20:42:16 +0000 Subject: [PATCH 195/923] Wrapped text to 70 (72?) columns for easy reading --- README | 84 +++++++++++++++++++++++++++++++--------------------------- 1 file changed, 45 insertions(+), 39 deletions(-) diff --git a/README b/README index 65b6be33..195946b9 100644 --- a/README +++ b/README @@ -1,60 +1,66 @@ -This is the README file for tinc version 1.0pre3. Installation instructions may -be found in the INSTALL file. +This is the README file for tinc version 1.0pre3. Installation +instructions may be found in the INSTALL file. -tinc is Copyright (C) 1998,1999,2000 Ivo Timmermans , -Guus Sliepen and others. For a complete list of -authors see the AUTHORS file. +tinc is Copyright (C) 1998,1999,2000 Ivo Timmermans +, Guus Sliepen and +others. For a complete list of authors see the AUTHORS file. -This program is free software; you can redistribute it and/or modify it under -the terms of the GNU General Public License as published by the Free Software -Foundation; either version 2 of the License, or (at your option) any later -version. See the file COPYING for more details. +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. See the file COPYING for more details. Security statement ------------------ -In august 2000, we discovered the existence of a security hole in all versions -of tinc up to and including 1.0pre2. This had to do with the way we exchanged -keys. Since then, we have been working on a new authentication scheme to make -tinc as secure as possible. The current version uses the OpenSSL library and -does authentication in much the same way as the SSH protocol does. +In august 2000, we discovered the existence of a security hole in all +versions of tinc up to and including 1.0pre2. This had to do with the +way we exchanged keys. Since then, we have been working on a new +authentication scheme to make tinc as secure as possible. The current +version uses the OpenSSL library and does authentication in much the +same way as the SSH protocol does. + +Cryptography is a hard thing to get right. We cannot make any +guarantees. Time, review and feedback are the only things that can +prove the security of any cryptographic product. If you wish to review +tinc or give us feedback, you are stronly encouraged to do so. -Cryptography is a hard thing to get right. We cannot make any guarantees. Time, -review and feedback are the only things that can prove the security of any -cryptographic product. If you wish to review tinc or give us feedback, you are -stronly encouraged to do so. Requirements ------------ -Since 1.0pre3, we use OpenSSL for all cryptographic functions. So you need to -install this library first; grab it from http://www.openssl.org/. We recommend -version 0.9.5 or better. If this library is not installed on you system, -configure will fail. The manual in doc/tinc.texi contains more detailed -information on how to install this library. +Since 1.0pre3, we use OpenSSL for all cryptographic functions. So you +need to install this library first; grab it from +http://www.openssl.org/. We recommend version 0.9.5 or better. If +this library is not installed on you system, configure will fail. The +manual in doc/tinc.texi contains more detailed information on how to +install this library. Features -------- -This version of tinc supports multiple virtual networks at once. To use this -feature, you may supply a netname via the -n or --net options. The standard -locations for the config files will then be /etc/tinc//. Because of this -feature, tinc will send packets directly to their destinations, instead of to -the uplink. If this behaviour is undesirable (for instance because of firewalls -or other restrictions), please use an older version of tinc (I would recommend +This version of tinc supports multiple virtual networks at once. To +use this feature, you may supply a netname via the -n or --net +options. The standard locations for the config files will then be +/etc/tinc//. Because of this feature, tinc will send packets +directly to their destinations, instead of to the uplink. If this +behaviour is undesirable (for instance because of firewalls or other +restrictions), please use an older version of tinc (I would recommend tinc-0.2.19). -In order to force the kernel to accept received packets, the destination MAC -address will be set to FE:FD:00:00:00:00 upon reception. The MAC address of the -ethertap or tun/tap interface must also be set to this address. See the manual -for more detailed information. +In order to force the kernel to accept received packets, the +destination MAC address will be set to FE:FD:00:00:00:00 upon +reception. The MAC address of the ethertap or tun/tap interface must +also be set to this address. See the manual for more detailed +information. -tincd regenerates its encryption key pairs. It does this on the first activity -after the keys have expired. This period is adjustable in the configuration -file, and the default time is 3600 seconds (one hour). +tincd regenerates its encryption key pairs. It does this on the first +activity after the keys have expired. This period is adjustable in the +configuration file, and the default time is 3600 seconds (one hour). -This version supports multiple subnets at once. They are also sorted on subnet -mask size. This means that it is possible to have overlapping subnets on the -VPN, as long as their subnet mask sizes differ. +This version supports multiple subnets at once. They are also sorted +on subnet mask size. This means that it is possible to have +overlapping subnets on the VPN, as long as their subnet mask sizes +differ. From a91eae538d9cff8aed399a175c0bbc7d744cd22a Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 9 Nov 2000 20:59:35 +0000 Subject: [PATCH 196/923] Bop version number to 1.0pre3-1 --- debian/changelog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index fc2b8b87..81f37dd4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -tinc (1.0pre3-0.2) unstable; urgency=low +tinc (1.0pre3-1) unstable; urgency=low * New upstream version (1.0pre3) (Closes: #71274). * Better Depends and Build-Depends lines. @@ -8,7 +8,7 @@ tinc (1.0pre3-0.2) unstable; urgency=low * Patch po/Makefile.in.in from po-Makefile.in.in.diff if necessary. * Use dh_perl to get accurate perl dependencies. - -- Ivo Timmermans Thu, 2 Nov 2000 16:53:52 +0100 + -- Ivo Timmermans Thu, 9 Nov 2000 21:58:40 +0100 tinc (1.0pre2-1.1) unstable; urgency=low From 6e27618708233998db7e5886ed9afaa21bb9d938 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 9 Nov 2000 21:29:58 +0000 Subject: [PATCH 197/923] Updates, updates --- doc/tinc.texi | 48 +++++++++++++++--------------------------------- 1 file changed, 15 insertions(+), 33 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index b51bf01a..d9105862 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.6 2000/11/02 21:34:45 zarq Exp $ +@c $Id: tinc.texi,v 1.8.4.7 2000/11/09 21:29:58 zarq Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -17,7 +17,7 @@ Copyright @copyright{} 1998,199,2000 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.6 2000/11/02 21:34:45 zarq Exp $ +$Id: tinc.texi,v 1.8.4.7 2000/11/09 21:29:58 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -42,7 +42,7 @@ Copyright @copyright{} 1998,1999,2000 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.6 2000/11/02 21:34:45 zarq Exp $ +$Id: tinc.texi,v 1.8.4.7 2000/11/09 21:29:58 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -532,35 +532,14 @@ The actual setup of the ethertap device is quite simple, just repeat after me: @example -ifconfig tap@emph{n} hw ether fe:fd:@emph{xx}:@emph{xx}:@emph{xx}:@emph{xx} +ifconfig tap@emph{n} hw ether fe:fd:00:00:00:00 @end example -The @emph{n} here is the number of the ethertap device you want to use. -It should be the same @emph{n} as the one you use for -@file{/dev/tap@emph{n}}. The @emph{xx}s are four hexadecimal numbers -(0--ff). With previous versions of tincd, it didn't matter what they -were. But newer kernels require properly set up ethernet addresses. In -fact, the old behavior was wrong. It is required that the @emph{xx}s -match the numbers of the IP address you will give to the tap device and -to the MyOwnVPNIP configuration (which will be discussed later). - @cindex MAC address @cindex hardware address -@strong{Tip}: for finding out what the MAC address of the tap interface -should be, you can use the following command: - -@example -$ printf 'fe:fd:%02x:%02x:%02x:%02x' 10 1 54 1 -fe:fd:0a:01:36:01 -@end example - -or with perl: - -@example -$ perl -e 'print "fe:fd:", join(":", map @{sprintf "%02x", $_@} split(/\./, $ARGV[0])), "\n";' 10.1.54.1 -fe:fd:0a:01:36:01 -@end example - +@strong{Note:} Since version 1.0pre3, all interface addresses are set to +this address, whereas previous versions required the MAC to match the +actual IP address. @cindex ifconfig To activate the device, you have to assign an IP address to it. To set @@ -741,17 +720,20 @@ maskbits is the number of bits set to 1 in the netmask part. @item MyVirtualIP = This is an alias for MyOwnVPNIP. -@item Passphrases = (/etc/tinc/NETNAME/passphrases) -The directory where tinc will look for passphrases when someone tries to -connect. Please see the manpage for genauth(8) for more information -about passphrases as used by tinc. - @item PingTimeout = (5) The number of seconds of inactivity that tinc will wait before sending a probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. +@item PrivateKey = +This is a sequence of hexadecimal numbers, as generated by ``tincd +--generate-keys''. + +@item PublicKey = +This is a sequence of hexadecimal numbers, as generated by ``tincd +--generate-keys''. + @item TapDevice = (/dev/tap0) The ethertap device to use. Note that you can only use one device per daemon. The info pages of the tinc package contain more information From 5b74909ea070fbd482340dc42193e33366a9dddb Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 9 Nov 2000 21:33:18 +0000 Subject: [PATCH 198/923] Add prototype for destroy_queue --- src/netutl.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/netutl.h b/src/netutl.h index 0ce22d42..e542792c 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.4 2000/11/04 11:49:58 guus Exp $ + $Id: netutl.h,v 1.2.4.5 2000/11/09 21:33:18 zarq Exp $ */ #ifndef __TINC_NETUTL_H__ @@ -28,5 +28,6 @@ extern void destroy_queue(packet_queue_t *); extern char *hostlookup(unsigned long); extern ip_mask_t *strtoip(char*); +extern void destroy_queue(packet_queue_t *); #endif /* __TINC_NETUTL_H__ */ From 5344832be1126967ff340cf6bd270a377bb8e487 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Mon, 13 Nov 2000 22:01:27 +0000 Subject: [PATCH 199/923] Add a check for openssl that accepts explicit file locations. --- configure.in | 18 ++++------------- m4/openssl.m4 | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 14 deletions(-) create mode 100644 m4/openssl.m4 diff --git a/configure.in b/configure.in index 4d5bf9dd..11d28481 100644 --- a/configure.in +++ b/configure.in @@ -1,9 +1,9 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.16 2000/11/08 20:52:36 guus Exp $ +dnl $Id: configure.in,v 1.13.2.17 2000/11/13 22:01:26 zarq Exp $ AC_INIT(src/tincd.c) -AM_INIT_AUTOMAKE(tinc, 1.0pre3) +AM_INIT_AUTOMAKE(tinc, 1.0pre4) AM_CONFIG_HEADER(config.h) dnl Include the macros from the m4/ directory @@ -58,17 +58,7 @@ AC_CHECK_LIB(dl, dlopen, [ dnl Crypto stuff - -libcrypto=none -AC_CHECK_LIB(crypto, SHA1_version, [ - libcrypto=yes -]) - -if test $libcrypto = none; then - AC_MSG_ERROR(It seems like OpenSSL is not installed on this system.) -else - LIBS="$LIBS -lcrypto" -fi +tinc_OPENSSL dnl Support for SunOS @@ -86,7 +76,7 @@ tinc_TUNTAP dnl Check if checkpoint tracing has to be enabled AC_ARG_ENABLE(tracing, - --enable-tracing enable checkpoint tracing (for debugging purposes only), + [ --enable-tracing enable checkpoint tracing (for debugging purposes only)], [ AC_DEFINE(ENABLE_TRACING) ] ) diff --git a/m4/openssl.m4 b/m4/openssl.m4 new file mode 100644 index 00000000..3fef464b --- /dev/null +++ b/m4/openssl.m4 @@ -0,0 +1,54 @@ +dnl Check to find the OpenSSL headers/libraries + + +AC_DEFUN(tinc_OPENSSL, +[ + + AC_CACHE_CHECK([for openssl], tinc_cv_openssl_include, + [ + AC_ARG_WITH(openssl, + [ --with-openssl=DIR OpenSSL library and headers prefix], + [echo -ne 'prefix...' + openssl_lib="$withval/lib" + openssl_include="$withval/include"] + ) + AC_ARG_WITH(openssl-include, + [ --with-openssl-include=DIR OpenSSL headers directory], + [echo -ne 'includes...' + openssl_include="$withvall"] + ) + AC_ARG_WITH(openssl-lib, + [ --with-openssl-lib=DIR OpenSSL library directory], + [echo -ne 'libraries...' + openssl_lib="$withval"] + ) + +if test "x$openssl_lib" != "x" ; then + LIBS="$LIBS -L$openssl_lib" +fi +if test "x$openssl_include" != "x" ; then + INCLUDES="$INCLUDES -I$openssl_include" +fi + +AC_MSG_RESULT([done.]) + ]) + +libcrypto=none +AC_CHECK_LIB(crypto, SHA1_version, [ + libcrypto=yes +]) + +if test $libcrypto = none; then + AC_MSG_ERROR( +[It seems like OpenSSL is not installed on this system. But perhaps +you need to supply the exact location of the headers and libraries. +You can try running configure with the --with-openssl=/DIRECTORY +parameter. If you installed the headers and libraries in a different +location you can use --with-openssl-include=/DIR and +--with-openssl-lib=/DIR.]) + +else + LIBS="$LIBS -lcrypto" +fi + +]) From 72c3776d6ac103fa25d216c42847ecba3a4f58e5 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Mon, 13 Nov 2000 22:29:22 +0000 Subject: [PATCH 200/923] Identify version as 1.0pre4-cvs --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 11d28481..368908a0 100644 --- a/configure.in +++ b/configure.in @@ -1,9 +1,9 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.17 2000/11/13 22:01:26 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.18 2000/11/13 22:29:22 zarq Exp $ AC_INIT(src/tincd.c) -AM_INIT_AUTOMAKE(tinc, 1.0pre4) +AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs) AM_CONFIG_HEADER(config.h) dnl Include the macros from the m4/ directory From 9ddb37cee0f754ef88a55f692a508010fe18c782 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 14 Nov 2000 22:57:19 +0000 Subject: [PATCH 201/923] Better checks for OpenSSL. I think it can now detect almost all conceivable installations. --- m4/openssl.m4 | 81 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 54 insertions(+), 27 deletions(-) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 3fef464b..d933b23b 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -3,49 +3,76 @@ dnl Check to find the OpenSSL headers/libraries AC_DEFUN(tinc_OPENSSL, [ - - AC_CACHE_CHECK([for openssl], tinc_cv_openssl_include, + AC_ARG_WITH(openssl, + [ --with-openssl=DIR OpenSSL library and headers prefix], + [openssl_lib="$withval/lib" + openssl_include="$withval/include"] + ) + AC_CACHE_CHECK([for openssl headers], tinc_cv_openssl_include, [ - AC_ARG_WITH(openssl, - [ --with-openssl=DIR OpenSSL library and headers prefix], - [echo -ne 'prefix...' - openssl_lib="$withval/lib" - openssl_include="$withval/include"] - ) AC_ARG_WITH(openssl-include, [ --with-openssl-include=DIR OpenSSL headers directory], - [echo -ne 'includes...' - openssl_include="$withvall"] + [tinc_cv_openssl_include="$withval"], + [if test "x$openssl_include" = "x" ; then + tinc_cv_openssl_include="none given" + else + tinc_cv_openssl_include=$openssl_include + fi] ) + ]) + AC_CACHE_CHECK([for openssl libraries], tinc_cv_openssl_lib, + [ AC_ARG_WITH(openssl-lib, [ --with-openssl-lib=DIR OpenSSL library directory], - [echo -ne 'libraries...' - openssl_lib="$withval"] + [tinc_cv_openssl_lib="$withval"], + [if test "x$openssl_lib" = "x" ; then + tinc_cv_openssl_lib="none given" + else + tinc_cv_openssl_lib=$openssl_lib + fi] ) - -if test "x$openssl_lib" != "x" ; then - LIBS="$LIBS -L$openssl_lib" -fi -if test "x$openssl_include" != "x" ; then - INCLUDES="$INCLUDES -I$openssl_include" -fi - -AC_MSG_RESULT([done.]) ]) +if test "$openssl_lib" != "none given" ; then + LIBS="$LIBS -L$tinc_cv_openssl_lib" +fi +if test "$openssl_include" != "none given" ; then + INCLUDES="$INCLUDES -I$tinc_cv_openssl_include" +fi + +osi=none +AC_CHECK_HEADERS(evp.h rsa.h, +[osi=found + break]) + +if test "$osi" = "none" ; then + AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h, + [osi=found + break]) +fi + + libcrypto=none -AC_CHECK_LIB(crypto, SHA1_version, [ - libcrypto=yes -]) + +if test "$osi" = "found" ; then + AC_CHECK_LIB(crypto, SHA1_version, [ + libcrypto=yes + ]) +fi if test $libcrypto = none; then - AC_MSG_ERROR( -[It seems like OpenSSL is not installed on this system. But perhaps +cat < Date: Tue, 14 Nov 2000 23:02:08 +0000 Subject: [PATCH 202/923] Oops, small error. --- m4/openssl.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index d933b23b..c0c2cabe 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -33,10 +33,10 @@ AC_DEFUN(tinc_OPENSSL, ) ]) -if test "$openssl_lib" != "none given" ; then +if test "$tinc_cv_openssl_lib" != "none given" ; then LIBS="$LIBS -L$tinc_cv_openssl_lib" fi -if test "$openssl_include" != "none given" ; then +if test "$tinc_cv_openssl_include" != "none given" ; then INCLUDES="$INCLUDES -I$tinc_cv_openssl_include" fi From c5c8e99afd3fae3868f20b5c7a4f8754498b39ad Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 14 Nov 2000 23:18:19 +0000 Subject: [PATCH 203/923] Get rid of the annoying empty line --- m4/tuntap.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/m4/tuntap.m4 b/m4/tuntap.m4 index 975567c7..605ebef4 100644 --- a/m4/tuntap.m4 +++ b/m4/tuntap.m4 @@ -8,12 +8,12 @@ AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, if_tun_h="linux/if_tun.h", if_tun_h="no") if test $if_tun_h = no; then - AC_MSG_RESULT(none) + tinc_cv_linux_if_tun_h=none else AC_DEFINE(HAVE_TUNTAP) AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, "$if_tun_h") AC_SUBST(LINUX_IF_TUN_H) - AC_MSG_RESULT($if_tun_h) + tinc_cv_linux_if_tun_h=$if_tun_h fi AC_SUBST(HAVE_TUNTAP) ]) From 8eb60d0ccde2f1de6fd917db7300e537f271783e Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 15 Nov 2000 00:57:26 +0000 Subject: [PATCH 204/923] Also check for rand.h and err.h. If any of these files does not exist, try the next alternative path. --- m4/openssl.m4 | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index c0c2cabe..6e08ebe5 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -40,15 +40,14 @@ if test "$tinc_cv_openssl_include" != "none given" ; then INCLUDES="$INCLUDES -I$tinc_cv_openssl_include" fi -osi=none -AC_CHECK_HEADERS(evp.h rsa.h, -[osi=found - break]) +osi=found +AC_CHECK_HEADERS(evp.h rsa.h rand.h err.h, +[], [osi=none; break]) if test "$osi" = "none" ; then - AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h, - [osi=found - break]) + osi=found + AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h, + [], [osi=none; break]) fi From 6fb4a5b6be5628ece9b391b46e7858fdf5957a80 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 15 Nov 2000 01:02:30 +0000 Subject: [PATCH 205/923] Also check for sha.h. --- m4/openssl.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 6e08ebe5..0db50978 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -41,12 +41,12 @@ if test "$tinc_cv_openssl_include" != "none given" ; then fi osi=found -AC_CHECK_HEADERS(evp.h rsa.h rand.h err.h, +AC_CHECK_HEADERS(evp.h rsa.h rand.h err.h sha.h, [], [osi=none; break]) if test "$osi" = "none" ; then osi=found - AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h, + AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h, [], [osi=none; break]) fi From bb2495e569fb161b42efd633eb1c471b8222b1fb Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 15 Nov 2000 01:06:13 +0000 Subject: [PATCH 206/923] Use the HAVE_OPENSSL_xxx_H defined from m4/openssl.m4 during configure. --- src/connlist.h | 17 ++++++++++++++--- src/meta.c | 9 +++++++-- src/net.c | 23 +++++++++++++++++++---- src/protocol.c | 23 +++++++++++++++++++---- src/tincd.c | 25 +++++++++++++++++++++---- 5 files changed, 80 insertions(+), 17 deletions(-) diff --git a/src/connlist.h b/src/connlist.h index 2d66289a..8f933bca 100644 --- a/src/connlist.h +++ b/src/connlist.h @@ -17,14 +17,25 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.h,v 1.1.2.12 2000/11/04 20:44:26 guus Exp $ + $Id: connlist.h,v 1.1.2.13 2000/11/15 01:06:10 zarq Exp $ */ #ifndef __TINC_CONNLIST_H__ #define __TINC_CONNLIST_H__ -#include -#include +#include "config.h" + +#ifdef HAVE_OPENSSL_EVP_H +# include +#else +# include +#endif + +#ifdef HAVE_OPENSSL_RSA_H +# include +#else +# include +#endif #include "net.h" #include "conf.h" diff --git a/src/meta.c b/src/meta.c index da090629..eb005fdf 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.9 2000/11/04 20:44:26 guus Exp $ + $Id: meta.c,v 1.1.2.10 2000/11/15 01:06:10 zarq Exp $ */ #include "config.h" @@ -27,10 +27,15 @@ #include #include #include -#include #include #include +#ifdef HAVE_OPENSSL_EVP_H +# include +#else +# include +#endif + #include "net.h" #include "system.h" #include "protocol.h" diff --git a/src/net.c b/src/net.c index 0a23212b..0e0bddf4 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.70 2000/11/08 17:56:34 guus Exp $ + $Id: net.c,v 1.35.4.71 2000/11/15 01:06:10 zarq Exp $ */ #include "config.h" @@ -39,9 +39,24 @@ #include #include #include -#include -#include -#include + +#ifdef HAVE_OPENSSL_RAND_H +# include +#else +# include +#endif + +#ifdef HAVE_OPENSSL_EVP_H +# include +#else +# include +#endif + +#ifdef HAVE_OPENSSL_ERR_H +# include +#else +# include +#endif #ifdef HAVE_TUNTAP #include LINUX_IF_TUN_H diff --git a/src/protocol.c b/src/protocol.c index 361820bd..fbb0abf3 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.59 2000/11/07 22:02:14 guus Exp $ + $Id: protocol.c,v 1.28.4.60 2000/11/15 01:06:11 zarq Exp $ */ #include "config.h" @@ -36,9 +36,24 @@ #include -#include -#include -#include +#ifdef HAVE_OPENSSL_SHA_H +# include +#else +# include +#endif + +#ifdef HAVE_OPENSSL_RAND_H +# include +#else +# include +#endif + +#ifdef HAVE_OPENSSL_EVP_H +# include +#else +# include +#endif + #include "conf.h" #include "net.h" diff --git a/src/tincd.c b/src/tincd.c index ea2d3a7a..9c337f88 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.27 2000/11/08 20:52:37 guus Exp $ + $Id: tincd.c,v 1.10.4.28 2000/11/15 01:06:13 zarq Exp $ */ #include "config.h" @@ -31,9 +31,6 @@ #include #include #include -#include -#include -#include #include #include @@ -41,6 +38,26 @@ # include #endif +#ifdef HAVE_OPENSSL_RAND_H +# include +#else +# include +#endif + +#ifdef HAVE_OPENSSL_RSA_H +# include +#else +# include +#endif + +#ifdef HAVE_OPENSSL_ERR_H +# include +#else +# include +#endif + + + #include #include #include From 596e248bc588323cc7ee751286dbcaf677b5c653 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 15 Nov 2000 01:28:21 +0000 Subject: [PATCH 207/923] Let the output from an executed script in execute_script() go to syslog, with proper error detection. --- src/net.c | 48 ++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 44 insertions(+), 4 deletions(-) diff --git a/src/net.c b/src/net.c index 0e0bddf4..09d98f41 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.71 2000/11/15 01:06:10 zarq Exp $ + $Id: net.c,v 1.35.4.72 2000/11/15 01:28:21 zarq Exp $ */ #include "config.h" @@ -101,6 +101,7 @@ int execute_script(const char *name) char *scriptname; pid_t pid; char *s; + int error; if((pid = fork()) < 0) { @@ -116,6 +117,8 @@ int execute_script(const char *name) /* Child here */ + error = 0; + if(netname) { asprintf(&s, "NETNAME=%s", netname); @@ -128,18 +131,55 @@ int execute_script(const char *name) } #endif - chdir(confbase); /* This cannot fail since we already read config files from this directory. */ + if(chdir(confbase) < 0) + /* This cannot fail since we already read config files from this + directory. - Guus */ + /* Yes this can fail, somebody could have removed this directory + when we didn't pay attention. - Ivo */ + { + if(chdir("/") < 0) + /* Now if THIS fails, something wicked is going on. - Ivo */ + syslog(LOG_ERR, _("Couldn't chdir to `/': %m")); + + /* Continue anyway. */ + } asprintf(&scriptname, "%s/%s", confbase, name); - execl(scriptname, NULL); + /* Close all file descriptors */ + closelog(); + fcloseall(); + + /* Open standard input */ + if(open("/dev/null", O_RDONLY) < 0) + { + syslog(LOG_ERR, _("Opening `/dev/null' failed: %m")); + error = 1; + } + + if(!error) + { + /* Standard output directly goes to syslog */ + openlog(name, LOG_CONS | LOG_PID, LOG_DAEMON); + /* Standard error as well */ + if(dup2(1, 2) < 0) + { + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "dup2"); + error = 1; + } + } + + if(error && debug_lvl > 1) + syslog(LOG_INFO, _("This means that any output the script generates will not be shown in syslog.")); + + execl(scriptname, NULL); /* No return on success */ if(errno != ENOENT) /* Ignore if the file does not exist */ syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname); /* No need to free things */ - exit(0); } From e118ba0a648000c48d6a401c9b9249a844d6dbcf Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 15 Nov 2000 13:33:27 +0000 Subject: [PATCH 208/923] Porting to FreeBSD: - Reorganized and added some #includes --- src/Makefile.am | 4 ++-- src/meta.c | 5 +++-- src/net.c | 13 +++++++------ src/protocol.c | 3 ++- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 7ef3ab3b..a1ec3523 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,11 +1,11 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.5 2000/11/02 21:26:51 zarq Exp $ +# $Id: Makefile.am,v 1.4.4.6 2000/11/15 13:33:25 guus Exp $ sbin_PROGRAMS = tincd tincd_SOURCES = conf.c connlist.c meta.c net.c netutl.c protocol.c subnet.c tincd.c -INCLUDES = -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl +INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl noinst_HEADERS = conf.h connlist.h meta.h net.h netutl.h protocol.h subnet.h diff --git a/src/meta.c b/src/meta.c index eb005fdf..a4cfc838 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.10 2000/11/15 01:06:10 zarq Exp $ + $Id: meta.c,v 1.1.2.11 2000/11/15 13:33:25 guus Exp $ */ #include "config.h" @@ -26,9 +26,10 @@ #include #include #include -#include #include #include +/* This line must be below the rest for FreeBSD */ +#include #ifdef HAVE_OPENSSL_EVP_H # include diff --git a/src/net.c b/src/net.c index 09d98f41..e7297d19 100644 --- a/src/net.c +++ b/src/net.c @@ -17,17 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.72 2000/11/15 01:28:21 zarq Exp $ + $Id: net.c,v 1.35.4.73 2000/11/15 13:33:26 guus Exp $ */ #include "config.h" -#include #include #include -/* SunOS really wants sys/socket.h BEFORE net/if.h */ -#include -#include #include #include #include @@ -39,6 +35,11 @@ #include #include #include +/* SunOS really wants sys/socket.h BEFORE net/if.h, + and FreeBSD wants these lines below the rest. */ +#include +#include +#include #ifdef HAVE_OPENSSL_RAND_H # include @@ -1097,7 +1098,7 @@ conn_list_t *create_new_connection(int sfd) cp p = new_conn_list(); - if(getpeername(sfd, &ci, &len) < 0) + if(getpeername(sfd, (struct sockaddr *) &ci, (socklen_t *) &len) < 0) { syslog(LOG_ERR, _("System call `%s' failed: %m"), "getpeername"); diff --git a/src/protocol.c b/src/protocol.c index fbb0abf3..dfb6ad97 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.60 2000/11/15 01:06:11 zarq Exp $ + $Id: protocol.c,v 1.28.4.61 2000/11/15 13:33:27 guus Exp $ */ #include "config.h" @@ -30,6 +30,7 @@ #include #include #include +#include #include #include From d9ce5a7f3f5eddb193b6a9b5974c7c49eac41ea1 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 15 Nov 2000 22:04:48 +0000 Subject: [PATCH 209/923] List management and manipulation routines. --- lib/Makefile.am | 6 +++--- lib/list.c | 2 +- lib/list.h | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/Makefile.am b/lib/Makefile.am index c64675ff..350e8826 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,15 +1,15 @@ ## Process this file with automake to produce Makefile.in -# $Id: Makefile.am,v 1.2.4.1 2000/06/06 10:24:33 zarq Exp $ +# $Id: Makefile.am,v 1.2.4.2 2000/11/15 22:04:48 zarq Exp $ noinst_LIBRARIES = libvpn.a INCLUDES = -I. -I$(top_builddir) -I$(top_srcdir)/intl -libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c +libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c libvpn_a_LIBADD = @LIBOBJS@ @ALLOCA@ libvpn_a_DEPENDENCIES = $(libvpn_a_LIBADD) -noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h +noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h EXTRA_DIST = README \ No newline at end of file diff --git a/lib/list.c b/lib/list.c index 5358f198..4c90b580 100644 --- a/lib/list.c +++ b/lib/list.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1 2000/10/20 16:44:32 zarq Exp $ + $Id: list.c,v 1.1.2.1 2000/11/15 22:04:48 zarq Exp $ */ #include "config.h" diff --git a/lib/list.h b/lib/list.h index 91628332..33035734 100644 --- a/lib/list.h +++ b/lib/list.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.h,v 1.1 2000/10/20 16:44:32 zarq Exp $ + $Id: list.h,v 1.1.2.1 2000/11/15 22:04:48 zarq Exp $ */ #ifndef __TINC_LIST_H__ From 7f87c3d9134612041d56180ea7fc3e6c37991f6b Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 15 Nov 2000 22:07:36 +0000 Subject: [PATCH 210/923] Keep a list of running children, and in each loop in main_loop(), check if one has exited. --- src/net.c | 90 ++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 66 insertions(+), 24 deletions(-) diff --git a/src/net.c b/src/net.c index e7297d19..2e06a39e 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.73 2000/11/15 13:33:26 guus Exp $ + $Id: net.c,v 1.35.4.74 2000/11/15 22:07:36 zarq Exp $ */ #include "config.h" @@ -68,6 +68,7 @@ #include "conf.h" #include "connlist.h" +#include "list.h" #include "meta.h" #include "net.h" #include "netutl.h" @@ -93,32 +94,14 @@ char *unknown = NULL; subnet_t mymac; -/* - Execute the given script. - This function doesn't really belong here. -*/ -int execute_script(const char *name) +list_t *child_pids; + +void _execute_script(const char *name) { + int error = 0; char *scriptname; - pid_t pid; char *s; - int error; - - if((pid = fork()) < 0) - { - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "fork"); - return -1; - } - - if(pid) - { - return 0; - } - - /* Child here */ - - error = 0; + int fd; if(netname) { @@ -184,6 +167,61 @@ int execute_script(const char *name) exit(0); } +/* + Execute the given script. + This function doesn't really belong here. +*/ +int execute_script(const char *name) +{ + pid_t pid; + + if((pid = fork()) < 0) + { + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fork"); + return -1; + } + + if(pid) + { + list_append(child_pids, pid); + return 0; + } + + /* Child here */ + + _execute_script(name); +} + +int check_child(void *data) +{ + pid_t pid; + int status; + + pid = (pid_t) data; + pid = waitpid(pid, &status, WNOHANG); + if(WIFEXITED(status)) + { + if(WIFSIGNALED(status)) /* Child was killed by a signal */ + { + syslog(LOG_ERR, _("Child with PID %d was killed by signal %d (%s)"), + pid, WTERMSIG(status), strsignal(WTERMSIG(status))); + return -1; + } + if(WEXITSTATUS(status) != 0) + { + syslog(LOG_INFO, _("Child with PID %d exited with code %d"), + WEXITSTATUS(status)); + } + return -1; + } +} + +void check_children(void) +{ + list_forall_nodes(child_pids, check_child); +} + int xsend(conn_list_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; @@ -893,6 +931,8 @@ cp myself->status.active = 1; syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port); + + child_pids = list_new(); cp return 0; } @@ -1481,6 +1521,8 @@ cp if(FD_ISSET(tap_fd, &fset)) handle_tap_input(); } + + check_children(); } cp } From aa755206da4bcce3261ecd5dbfa41570a0155c73 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 16 Nov 2000 09:18:38 +0000 Subject: [PATCH 211/923] - Added balanced tree management stuff as well. (It is not finished yet.) --- lib/rbl.c | 85 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ lib/rbl.h | 71 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 156 insertions(+) create mode 100644 lib/rbl.c create mode 100644 lib/rbl.h diff --git a/lib/rbl.c b/lib/rbl.c new file mode 100644 index 00000000..765236c2 --- /dev/null +++ b/lib/rbl.c @@ -0,0 +1,85 @@ +/* + rbl.c -- red-black tree + linked list convenience + Copyright (C) 2000 Ivo Timmermans , + 2000 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: rbl.c,v 1.1.2.1 2000/11/16 09:18:38 guus Exp $ +*/ + +rbl_t *new_rbl(rbltree_t *tree) +{ + rbl_t *rbl; + + rbl = xmalloc(sizeof(*rbl)); + + if(rbl) + { + memset(rbl, 0, sizeof(*rbl)); + rbl->tree = tree; + } + + return rbl; +} + +void free_rbl(rbl_t *rbl) +{ + free(rbl); +} + +rbl_t rbl_search_closest(rbltree_t *tree, void *data) +{ + rbl_t *rbl, *next; + int result; + + for(next = rbltree->head; next; next = rbl) + { + result = rbltree->compare(rbl->data, data) + if(result < 0) + next = rbl->left; + else if(result > 0) + next = rbl->right; + else + break; + } + + return rbl; +} + +rbl_t rbl_search(rbltree_t *tree, void *data) +{ + rbl_t *rbl, *next; + int result; + + for(next = rbltree->head; next; next = rbl) + { + result = rbltree->compare(rbl->data, data) + if(result < 0) + next = rbl->left; + else if(result > 0) + next = rbl->right; + else + return rbl; + } + + return NULL; +} + +rbl_t rbl_insert(rbltree_t *tree, void *data) +{ + rbl_t *rbl; + +} diff --git a/lib/rbl.h b/lib/rbl.h new file mode 100644 index 00000000..40a1c69d --- /dev/null +++ b/lib/rbl.h @@ -0,0 +1,71 @@ +/* + rbl.h -- header file for rbl.c + Copyright (C) 2000 Ivo Timmermans , + 2000 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: rbl.h,v 1.1.2.1 2000/11/16 09:18:38 guus Exp $ +*/ + +typedef int (*rbl_compare_t) (const void *, const void *); +typedef void (*rbl_delete_t) (const void *); + +typedef struct rbl_t +{ + /* 'red-black tree' part */ + + struct rbltree_t *tree; + + int color; + + rbl_t *parent; + rbl_t *left; + rbl_t *right; + + /* 'linked list' part */ + + rbl_t *prev; + rbl_t *next; + + /* payload */ + + void *data; + +} rbl_t; + +typedef struct rbltree_t +{ + rbl_compare_t *compare; + rbl_delete_t *delete; + struct rbl_t *head; +} rbltree_t; + +enum +{ + RBL_RED; + RBL_BLACK; +}; + +extern rbl_t rbl_search(rbltree_t *, void *); +extern rbl_t rbl_search_closest(rbltree_t *, void *); +extern rbl_t rbl_insert(rbltree_t *, void *); +extern rbl_t rbl_unlink(rbltree_t *, void *); +extern rbl_t rbl_delete(rbltree_t *, void *); +extern rbl_t rbl_insert_rbl(rbltree_t *, rbl_t *); +extern rbl_t rbl_unlink_rbl(rbltree_t *, rbl_t *); +extern rbl_t rbl_delete_rbl(rbltree_t *, rbl_t *); +extern rbl_t rbl_prev(rbl_t *); +extern rbl_t rbl_next(rbl_t *); From 2764532ea72200d0a27ad2d79e6e299c00c62404 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 16 Nov 2000 17:54:29 +0000 Subject: [PATCH 212/923] Move all process-related functions into process.c. --- src/Makefile.am | 11 +- src/net.c | 131 +----------------- src/process.c | 348 ++++++++++++++++++++++++++++++++++++++++++++++++ src/process.h | 30 +++++ src/tincd.c | 174 +----------------------- 5 files changed, 389 insertions(+), 305 deletions(-) create mode 100644 src/process.c create mode 100644 src/process.h diff --git a/src/Makefile.am b/src/Makefile.am index a1ec3523..4e11d26b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,13 +1,15 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.6 2000/11/15 13:33:25 guus Exp $ +# $Id: Makefile.am,v 1.4.4.7 2000/11/16 17:54:27 zarq Exp $ sbin_PROGRAMS = tincd -tincd_SOURCES = conf.c connlist.c meta.c net.c netutl.c protocol.c subnet.c tincd.c +tincd_SOURCES = conf.c connlist.c meta.c net.c netutl.c process.c \ + protocol.c subnet.c tincd.c INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl -noinst_HEADERS = conf.h connlist.h meta.h net.h netutl.h protocol.h subnet.h +noinst_HEADERS = conf.h connlist.h meta.h net.h netutl.h process.h \ + protocol.h subnet.h LIBS = @LIBS@ @INTLLIBS@ @@ -16,4 +18,5 @@ tincd_LDADD = \ localedir = $(datadir)/locale -CFLAGS = @CFLAGS@ -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"@sysconfdir@\" -DLOCALEDIR=\"$(localedir)\" +CFLAGS = @CFLAGS@ -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"@sysconfdir@\" \ + -DLOCALEDIR=\"$(localedir)\" diff --git a/src/net.c b/src/net.c index 2e06a39e..7d81176a 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.74 2000/11/15 22:07:36 zarq Exp $ + $Id: net.c,v 1.35.4.75 2000/11/16 17:54:27 zarq Exp $ */ #include "config.h" @@ -72,6 +72,7 @@ #include "meta.h" #include "net.h" #include "netutl.h" +#include "process.h" #include "protocol.h" #include "subnet.h" @@ -94,134 +95,6 @@ char *unknown = NULL; subnet_t mymac; -list_t *child_pids; - -void _execute_script(const char *name) -{ - int error = 0; - char *scriptname; - char *s; - int fd; - - if(netname) - { - asprintf(&s, "NETNAME=%s", netname); - putenv(s); /* Don't free s! see man 3 putenv */ - } -#ifdef HAVE_UNSETENV - else - { - unsetenv("NETNAME"); - } -#endif - - if(chdir(confbase) < 0) - /* This cannot fail since we already read config files from this - directory. - Guus */ - /* Yes this can fail, somebody could have removed this directory - when we didn't pay attention. - Ivo */ - { - if(chdir("/") < 0) - /* Now if THIS fails, something wicked is going on. - Ivo */ - syslog(LOG_ERR, _("Couldn't chdir to `/': %m")); - - /* Continue anyway. */ - } - - asprintf(&scriptname, "%s/%s", confbase, name); - - /* Close all file descriptors */ - closelog(); - fcloseall(); - - /* Open standard input */ - if(open("/dev/null", O_RDONLY) < 0) - { - syslog(LOG_ERR, _("Opening `/dev/null' failed: %m")); - error = 1; - } - - if(!error) - { - /* Standard output directly goes to syslog */ - openlog(name, LOG_CONS | LOG_PID, LOG_DAEMON); - /* Standard error as well */ - if(dup2(1, 2) < 0) - { - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "dup2"); - error = 1; - } - } - - if(error && debug_lvl > 1) - syslog(LOG_INFO, _("This means that any output the script generates will not be shown in syslog.")); - - execl(scriptname, NULL); - /* No return on success */ - - if(errno != ENOENT) /* Ignore if the file does not exist */ - syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname); - - /* No need to free things */ - exit(0); -} - -/* - Execute the given script. - This function doesn't really belong here. -*/ -int execute_script(const char *name) -{ - pid_t pid; - - if((pid = fork()) < 0) - { - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "fork"); - return -1; - } - - if(pid) - { - list_append(child_pids, pid); - return 0; - } - - /* Child here */ - - _execute_script(name); -} - -int check_child(void *data) -{ - pid_t pid; - int status; - - pid = (pid_t) data; - pid = waitpid(pid, &status, WNOHANG); - if(WIFEXITED(status)) - { - if(WIFSIGNALED(status)) /* Child was killed by a signal */ - { - syslog(LOG_ERR, _("Child with PID %d was killed by signal %d (%s)"), - pid, WTERMSIG(status), strsignal(WTERMSIG(status))); - return -1; - } - if(WEXITSTATUS(status) != 0) - { - syslog(LOG_INFO, _("Child with PID %d exited with code %d"), - WEXITSTATUS(status)); - } - return -1; - } -} - -void check_children(void) -{ - list_forall_nodes(child_pids, check_child); -} - int xsend(conn_list_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; diff --git a/src/process.c b/src/process.c new file mode 100644 index 00000000..f221a9aa --- /dev/null +++ b/src/process.c @@ -0,0 +1,348 @@ +/* + process.c -- process management functions + Copyright (C) 1999,2000 Ivo Timmermans , + 2000 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: process.c,v 1.1.2.1 2000/11/16 17:54:28 zarq Exp $ +*/ + +#include "config.h" + +#include + +/* A list containing all our children */ +list_t *child_pids; + +/* If zero, don't detach from the terminal. */ +int do_detach = 1; + +/* + Detach from current terminal, write pidfile, kill parent +*/ +int detach(void) +{ + int fd; + pid_t pid; + + if(do_detach) + { + ppid = getpid(); + + if((pid = fork()) < 0) + { + perror("fork"); + return -1; + } + if(pid) /* parent process */ + { + signal(SIGTERM, parent_exit); + sleep(600); /* wait 10 minutes */ + exit(1); + } + } + + if(write_pidfile()) + return -1; + + if(do_detach) + { + if((fd = open("/dev/tty", O_RDWR)) >= 0) + { + if(ioctl(fd, TIOCNOTTY, NULL)) + { + perror("ioctl"); + return -1; + } + close(fd); + } + + if(setsid() < 0) + return -1; + + kill(ppid, SIGTERM); + } + + chdir("/"); /* avoid keeping a mointpoint busy */ + + openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); + + if(debug_lvl > DEBUG_NOTHING) + syslog(LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d"), + VERSION, __DATE__, __TIME__, debug_lvl); + else + syslog(LOG_NOTICE, _("tincd %s starting"), VERSION); + + xalloc_fail_func = memory_full; + + return 0; +} + +/* + Execute the program name, with sane environment. All output will be + redirected to syslog. +*/ +void _execute_script(const char *name) +{ + int error = 0; + char *scriptname; + char *s; + int fd; + + if(netname) + { + asprintf(&s, "NETNAME=%s", netname); + putenv(s); /* Don't free s! see man 3 putenv */ + } +#ifdef HAVE_UNSETENV + else + { + unsetenv("NETNAME"); + } +#endif + + if(chdir(confbase) < 0) + /* This cannot fail since we already read config files from this + directory. - Guus */ + /* Yes this can fail, somebody could have removed this directory + when we didn't pay attention. - Ivo */ + { + if(chdir("/") < 0) + /* Now if THIS fails, something wicked is going on. - Ivo */ + syslog(LOG_ERR, _("Couldn't chdir to `/': %m")); + + /* Continue anyway. */ + } + + asprintf(&scriptname, "%s/%s", confbase, name); + + /* Close all file descriptors */ + closelog(); + fcloseall(); + + /* Open standard input */ + if(open("/dev/null", O_RDONLY) < 0) + { + syslog(LOG_ERR, _("Opening `/dev/null' failed: %m")); + error = 1; + } + + if(!error) + { + /* Standard output directly goes to syslog */ + openlog(name, LOG_CONS | LOG_PID, LOG_DAEMON); + /* Standard error as well */ + if(dup2(1, 2) < 0) + { + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "dup2"); + error = 1; + } + } + + if(error && debug_lvl > 1) + syslog(LOG_INFO, _("This means that any output the script generates will not be shown in syslog.")); + + execl(scriptname, NULL); + /* No return on success */ + + if(errno != ENOENT) /* Ignore if the file does not exist */ + syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname); + + /* No need to free things */ + exit(0); +} + +/* + Fork and execute the program pointed to by name. +*/ +int execute_script(const char *name) +{ + pid_t pid; + + if((pid = fork()) < 0) + { + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fork"); + return -1; + } + + if(pid) + { + list_append(child_pids, pid); + return 0; + } + + /* Child here */ + + _execute_script(name); +} + +/* + Check a child (the pointer data is actually an integer, the PID of + that child. A non-zero return value means that the child has exited + and can be removed from our list. +*/ +int check_child(void *data) +{ + pid_t pid; + int status; + + pid = (pid_t) data; + pid = waitpid(pid, &status, WNOHANG); + if(WIFEXITED(status)) + { + if(WIFSIGNALED(status)) /* Child was killed by a signal */ + { + syslog(LOG_ERR, _("Child with PID %d was killed by signal %d (%s)"), + pid, WTERMSIG(status), strsignal(WTERMSIG(status))); + return -1; + } + if(WEXITSTATUS(status) != 0) + { + syslog(LOG_INFO, _("Child with PID %d exited with code %d"), + WEXITSTATUS(status)); + } + return -1; + } + + /* Child is still running */ + return 0; +} + +/* + Check the status of all our children. +*/ +void check_children(void) +{ + list_forall_nodes(child_pids, check_child); +} + + + +/* + Signal handlers. +*/ + +RETSIGTYPE +sigterm_handler(int a) +{ + if(debug_lvl > DEBUG_NOTHING) + syslog(LOG_NOTICE, _("Got TERM signal")); + + cleanup_and_exit(0); +} + +RETSIGTYPE +sigquit_handler(int a) +{ + if(debug_lvl > DEBUG_NOTHING) + syslog(LOG_NOTICE, _("Got QUIT signal")); + cleanup_and_exit(0); +} + +RETSIGTYPE +sigsegv_square(int a) +{ + syslog(LOG_ERR, _("Got another SEGV signal: not restarting")); + exit(0); +} + +RETSIGTYPE +sigsegv_handler(int a) +{ + syslog(LOG_ERR, _("Got SEGV signal")); + cp_trace(); + + if(do_detach) + { + syslog(LOG_NOTICE, _("Trying to re-execute in 5 seconds...")); + signal(SIGSEGV, sigsegv_square); + close_network_connections(); + sleep(5); + remove_pid(pidfilename); + execvp(g_argv[0], g_argv); + } + else + { + syslog(LOG_NOTICE, _("Not restarting.")); + exit(0); + } +} + +RETSIGTYPE +sighup_handler(int a) +{ + if(debug_lvl > DEBUG_NOTHING) + syslog(LOG_NOTICE, _("Got HUP signal")); + sighup = 1; +} + +RETSIGTYPE +sigint_handler(int a) +{ + if(debug_lvl > DEBUG_NOTHING) + syslog(LOG_NOTICE, _("Got INT signal, exiting")); + cleanup_and_exit(0); +} + +RETSIGTYPE +sigusr1_handler(int a) +{ + dump_conn_list(); +} + +RETSIGTYPE +sigusr2_handler(int a) +{ + dump_subnet_list(); +} + +RETSIGTYPE +sighuh(int a) +{ + syslog(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); + cp_trace(); +} + +void +setup_signals(void) +{ + int i; + + for(i=0;i<32;i++) + signal(i,sighuh); + + if(signal(SIGTERM, SIG_IGN) != SIG_ERR) + signal(SIGTERM, sigterm_handler); + if(signal(SIGQUIT, SIG_IGN) != SIG_ERR) + signal(SIGQUIT, sigquit_handler); + if(signal(SIGSEGV, SIG_IGN) != SIG_ERR) + signal(SIGSEGV, sigsegv_handler); + if(signal(SIGHUP, SIG_IGN) != SIG_ERR) + signal(SIGHUP, sighup_handler); + signal(SIGPIPE, SIG_IGN); + if(signal(SIGINT, SIG_IGN) != SIG_ERR) + signal(SIGINT, sigint_handler); + signal(SIGUSR1, sigusr1_handler); + signal(SIGUSR2, sigusr2_handler); + signal(SIGCHLD, SIG_IGN); +} + +RETSIGTYPE parent_exit(int a) +{ + exit(0); +} diff --git a/src/process.h b/src/process.h new file mode 100644 index 00000000..c3514dc4 --- /dev/null +++ b/src/process.h @@ -0,0 +1,30 @@ +/* + process.h -- header file for process.c + Copyright (C) 1999,2000 Ivo Timmermans , + 2000 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: process.h,v 1.1.2.1 2000/11/16 17:54:28 zarq Exp $ +*/ + +#ifndef __TINC_PROCESS_H__ +#define __TINC_PROCESS_H__ + +#include + +extern list_t *child_pids; + +#endif /* __TINC_PROCESS_H__ */ diff --git a/src/tincd.c b/src/tincd.c index 9c337f88..9f229b30 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.28 2000/11/15 01:06:13 zarq Exp $ + $Id: tincd.c,v 1.10.4.29 2000/11/16 17:54:29 zarq Exp $ */ #include "config.h" @@ -83,7 +83,7 @@ static int show_version; static int kill_tincd = 0; /* If zero, don't detach from the terminal. */ -static int do_detach = 1; +extern int do_detach; /* If nonzero, generate public/private keypair for this host/net. */ static int generate_keys = 0; @@ -251,67 +251,6 @@ void memory_full(int size) exit(1); } -/* - Detach from current terminal, write pidfile, kill parent -*/ -int detach(void) -{ - int fd; - pid_t pid; - - if(do_detach) - { - ppid = getpid(); - - if((pid = fork()) < 0) - { - perror("fork"); - return -1; - } - if(pid) /* parent process */ - { - signal(SIGTERM, parent_exit); - sleep(600); /* wait 10 minutes */ - exit(1); - } - } - - if(write_pidfile()) - return -1; - - if(do_detach) - { - if((fd = open("/dev/tty", O_RDWR)) >= 0) - { - if(ioctl(fd, TIOCNOTTY, NULL)) - { - perror("ioctl"); - return -1; - } - close(fd); - } - - if(setsid() < 0) - return -1; - - kill(ppid, SIGTERM); - } - - chdir("/"); /* avoid keeping a mointpoint busy */ - - openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); - - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d"), - VERSION, __DATE__, __TIME__, debug_lvl); - else - syslog(LOG_NOTICE, _("tincd %s starting"), VERSION); - - xalloc_fail_func = memory_full; - - return 0; -} - /* Close network connections, and terminate neatly */ @@ -490,112 +429,3 @@ main(int argc, char **argv, char **envp) } } -RETSIGTYPE -sigterm_handler(int a) -{ - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got TERM signal")); - - cleanup_and_exit(0); -} - -RETSIGTYPE -sigquit_handler(int a) -{ - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got QUIT signal")); - cleanup_and_exit(0); -} - -RETSIGTYPE -sigsegv_square(int a) -{ - syslog(LOG_ERR, _("Got another SEGV signal: not restarting")); - exit(0); -} - -RETSIGTYPE -sigsegv_handler(int a) -{ - syslog(LOG_ERR, _("Got SEGV signal")); - cp_trace(); - - if(do_detach) - { - syslog(LOG_NOTICE, _("Trying to re-execute in 5 seconds...")); - signal(SIGSEGV, sigsegv_square); - close_network_connections(); - sleep(5); - remove_pid(pidfilename); - execvp(g_argv[0], g_argv); - } - else - { - syslog(LOG_NOTICE, _("Not restarting.")); - exit(0); - } -} - -RETSIGTYPE -sighup_handler(int a) -{ - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got HUP signal")); - sighup = 1; -} - -RETSIGTYPE -sigint_handler(int a) -{ - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got INT signal, exiting")); - cleanup_and_exit(0); -} - -RETSIGTYPE -sigusr1_handler(int a) -{ - dump_conn_list(); -} - -RETSIGTYPE -sigusr2_handler(int a) -{ - dump_subnet_list(); -} - -RETSIGTYPE -sighuh(int a) -{ - syslog(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); - cp_trace(); -} - -void -setup_signals(void) -{ - int i; - - for(i=0;i<32;i++) - signal(i,sighuh); - - if(signal(SIGTERM, SIG_IGN) != SIG_ERR) - signal(SIGTERM, sigterm_handler); - if(signal(SIGQUIT, SIG_IGN) != SIG_ERR) - signal(SIGQUIT, sigquit_handler); - if(signal(SIGSEGV, SIG_IGN) != SIG_ERR) - signal(SIGSEGV, sigsegv_handler); - if(signal(SIGHUP, SIG_IGN) != SIG_ERR) - signal(SIGHUP, sighup_handler); - signal(SIGPIPE, SIG_IGN); - if(signal(SIGINT, SIG_IGN) != SIG_ERR) - signal(SIGINT, sigint_handler); - signal(SIGUSR1, sigusr1_handler); - signal(SIGUSR2, sigusr2_handler); - signal(SIGCHLD, SIG_IGN); -} - -RETSIGTYPE parent_exit(int a) -{ - exit(0); -} From 30f34015ee11bbe1106c07e381288a702f12dac5 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 16 Nov 2000 18:06:39 +0000 Subject: [PATCH 213/923] New function: xmalloc_and_zero, which initialises the allocated memory to all zeroes. --- lib/xmalloc.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/lib/xmalloc.c b/lib/xmalloc.c index 150b1aa7..037fab87 100644 --- a/lib/xmalloc.c +++ b/lib/xmalloc.c @@ -94,6 +94,21 @@ xmalloc (n) return p; } +/* Allocate N bytes of memory dynamically, and set it all to zero. */ + +void * +xmalloc_and_zero (n) + size_t n; +{ + void *p; + + p = malloc (n); + if (p == 0) + xalloc_fail ((int)n); + memset (p, '\0', n); + return p; +} + /* Change the size of an allocated block of memory P to N bytes, with error checking. If P is NULL, run xmalloc. */ From 485f7a5043a4b3345bd02e5063502603550b4c76 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 16 Nov 2000 22:11:40 +0000 Subject: [PATCH 214/923] Delete struct ifr --- src/net.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/net.c b/src/net.c index 7d81176a..8d92cc10 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.75 2000/11/16 17:54:27 zarq Exp $ + $Id: net.c,v 1.35.4.76 2000/11/16 22:11:40 zarq Exp $ */ #include "config.h" @@ -384,7 +384,6 @@ int setup_tap_fd(void) int nfd; const char *tapfname; config_t const *cfg; - struct ifreq ifr; cp if((cfg = get_config_val(config, config_tapdevice))) From 5d1145f2c4b3b8261ca0aa0e89a2daf321640f0b Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 16 Nov 2000 22:12:23 +0000 Subject: [PATCH 215/923] Move more functions from tincd.c into process.c. --- src/process.c | 107 +++++++++++++++++++++++++++++++++++++++++++++++--- src/process.h | 9 ++++- src/tincd.c | 81 +------------------------------------- 3 files changed, 111 insertions(+), 86 deletions(-) diff --git a/src/process.c b/src/process.c index f221a9aa..2135036f 100644 --- a/src/process.c +++ b/src/process.c @@ -17,12 +17,31 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.1 2000/11/16 17:54:28 zarq Exp $ + $Id: process.c,v 1.1.2.2 2000/11/16 22:12:23 zarq Exp $ */ #include "config.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + #include +#include +#include +#include + +#include "conf.h" +#include "process.h" + +#include "system.h" /* A list containing all our children */ list_t *child_pids; @@ -30,6 +49,84 @@ list_t *child_pids; /* If zero, don't detach from the terminal. */ int do_detach = 1; +static pid_t ppid; + +extern char *identname; +extern char *pidfilename; +extern char **g_argv; + +void memory_full(int size) +{ + syslog(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exiting."), size); + cp_trace(); + exit(1); +} + +/* + Close network connections, and terminate neatly +*/ +void cleanup_and_exit(int c) +{ + close_network_connections(); + + if(debug_lvl > DEBUG_NOTHING) + syslog(LOG_INFO, _("Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d"), + total_tap_out, total_socket_out, total_tap_in, total_socket_in); + + closelog(); + kill(ppid, SIGTERM); + exit(c); +} + +/* + check for an existing tinc for this net, and write pid to pidfile +*/ +int write_pidfile(void) +{ + int pid; + + if((pid = check_pid(pidfilename))) + { + if(netname) + fprintf(stderr, _("A tincd is already running for net `%s' with pid %d.\n"), + netname, pid); + else + fprintf(stderr, _("A tincd is already running with pid %d.\n"), pid); + return 1; + } + + /* if it's locked, write-protected, or whatever */ + if(!write_pid(pidfilename)) + return 1; + + return 0; +} + +/* + kill older tincd for this net +*/ +int kill_other(void) +{ + int pid; + + if(!(pid = read_pid(pidfilename))) + { + if(netname) + fprintf(stderr, _("No other tincd is running for net `%s'.\n"), netname); + else + fprintf(stderr, _("No other tincd is running.\n")); + return 1; + } + + errno = 0; /* No error, sometimes errno is only changed on error */ + /* ESRCH is returned when no process with that pid is found */ + if(kill(pid, SIGTERM) && errno == ESRCH) + fprintf(stderr, _("Removing stale lock file.\n")); + remove_pid(pidfilename); + + return 0; +} + /* Detach from current terminal, write pidfile, kill parent */ @@ -38,6 +135,8 @@ int detach(void) int fd; pid_t pid; + setup_signals(); + if(do_detach) { ppid = getpid(); @@ -95,12 +194,12 @@ int detach(void) Execute the program name, with sane environment. All output will be redirected to syslog. */ +void _execute_script(const char *name) __attribute__ ((noreturn)); void _execute_script(const char *name) { int error = 0; char *scriptname; char *s; - int fd; if(netname) { @@ -182,12 +281,11 @@ int execute_script(const char *name) if(pid) { - list_append(child_pids, pid); + list_append(child_pids, (void*)(int)pid); return 0; } /* Child here */ - _execute_script(name); } @@ -232,7 +330,6 @@ void check_children(void) } - /* Signal handlers. */ diff --git a/src/process.h b/src/process.h index c3514dc4..4f501b2f 100644 --- a/src/process.h +++ b/src/process.h @@ -17,14 +17,21 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.1 2000/11/16 17:54:28 zarq Exp $ + $Id: process.h,v 1.1.2.2 2000/11/16 22:12:23 zarq Exp $ */ #ifndef __TINC_PROCESS_H__ #define __TINC_PROCESS_H__ +#include "config.h" #include extern list_t *child_pids; +extern RETSIGTYPE parent_exit(int a); +extern void setup_signals(void); +extern int execute_script(const char *); +extern void check_children(void); +extern int detach(void); + #endif /* __TINC_PROCESS_H__ */ diff --git a/src/tincd.c b/src/tincd.c index 9f229b30..0b02aad4 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.29 2000/11/16 17:54:29 zarq Exp $ + $Id: tincd.c,v 1.10.4.30 2000/11/16 22:12:23 zarq Exp $ */ #include "config.h" @@ -58,7 +58,6 @@ -#include #include #include @@ -90,17 +89,13 @@ static int generate_keys = 0; char *identname; /* program name for syslog */ char *pidfilename; /* pid file location */ -static pid_t ppid; /* pid of non-detached part */ char **g_argv; /* a copy of the cmdline arguments */ char **environment; /* A pointer to the environment on startup */ void cleanup_and_exit(int); -int detach(void); int kill_other(void); void make_names(void); -RETSIGTYPE parent_exit(int a); -void setup_signals(void); int write_pidfile(void); static struct option const long_options[] = @@ -244,78 +239,6 @@ int keygen(int bits) return 0; } -void memory_full(int size) -{ - syslog(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exiting."), size); - cp_trace(); - exit(1); -} - -/* - Close network connections, and terminate neatly -*/ -void cleanup_and_exit(int c) -{ - close_network_connections(); - - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_INFO, _("Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d"), - total_tap_out, total_socket_out, total_tap_in, total_socket_in); - - closelog(); - kill(ppid, SIGTERM); - exit(c); -} - -/* - check for an existing tinc for this net, and write pid to pidfile -*/ -int write_pidfile(void) -{ - int pid; - - if((pid = check_pid(pidfilename))) - { - if(netname) - fprintf(stderr, _("A tincd is already running for net `%s' with pid %d.\n"), - netname, pid); - else - fprintf(stderr, _("A tincd is already running with pid %d.\n"), pid); - return 1; - } - - /* if it's locked, write-protected, or whatever */ - if(!write_pid(pidfilename)) - return 1; - - return 0; -} - -/* - kill older tincd for this net -*/ -int kill_other(void) -{ - int pid; - - if(!(pid = read_pid(pidfilename))) - { - if(netname) - fprintf(stderr, _("No other tincd is running for net `%s'.\n"), netname); - else - fprintf(stderr, _("No other tincd is running.\n")); - return 1; - } - - errno = 0; /* No error, sometimes errno is only changed on error */ - /* ESRCH is returned when no process with that pid is found */ - if(kill(pid, SIGTERM) && errno == ESRCH) - fprintf(stderr, _("Removing stale lock file.\n")); - remove_pid(pidfilename); - - return 0; -} - /* Set all files and paths according to netname */ @@ -397,8 +320,6 @@ main(int argc, char **argv, char **envp) if(read_server_config()) return 1; - setup_signals(); - if(detach()) exit(0); From 2626c641aa714a8d776f1bb16340586d935aa6b1 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 16 Nov 2000 22:13:09 +0000 Subject: [PATCH 216/923] Use proper prototypes. --- lib/list.c | 10 ++++++---- lib/list.h | 5 ++++- lib/xalloc.h | 1 + 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/lib/list.c b/lib/list.c index 4c90b580..a09cbead 100644 --- a/lib/list.c +++ b/lib/list.c @@ -17,12 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.1 2000/11/15 22:04:48 zarq Exp $ + $Id: list.c,v 1.1.2.2 2000/11/16 22:13:08 zarq Exp $ */ #include "config.h" +#include #include +#include #include #include @@ -59,7 +61,7 @@ list_node_t *list_delete(list_t *list, list_node_t *idx) if(list->callbacks->delete != NULL) if(list->callbacks->delete(idx->data)) - error(ERR_WARNING, N_("List callback[delete] failed for %08lx - freeing anyway"), idx->data); + syslog(LOG_WARNING, _("List callback[delete] failed for %08lx - freeing anyway"), idx->data); free(idx->data); @@ -125,7 +127,7 @@ void list_destroy(list_t *list) { if(!list) return; - list_destroy_nodes(list); +/* list_destroy_nodes(list); */ free(list); } @@ -134,7 +136,7 @@ void list_destroy(list_t *list) Append a new node to the list that points to data. */ -list_append(list_t *list, void *data) +void list_append(list_t *list, void *data) { list_node_t *n; diff --git a/lib/list.h b/lib/list.h index 33035734..86e17e62 100644 --- a/lib/list.h +++ b/lib/list.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.h,v 1.1.2.1 2000/11/15 22:04:48 zarq Exp $ + $Id: list.h,v 1.1.2.2 2000/11/16 22:13:09 zarq Exp $ */ #ifndef __TINC_LIST_H__ @@ -39,6 +39,9 @@ typedef struct list_t { list_callbacks_t *callbacks; } list_t; +extern list_t *list_new(void); +extern void list_append(list_t *, void *); +extern void list_forall_nodes(list_t *, int (*)(void *)); #endif /* __TINC_LIST_H__ */ diff --git a/lib/xalloc.h b/lib/xalloc.h index e77e6a57..84b6cacf 100644 --- a/lib/xalloc.h +++ b/lib/xalloc.h @@ -19,5 +19,6 @@ extern char *const xalloc_msg_memory_exhausted; extern void (*xalloc_fail_func) (); void *xmalloc PARAMS ((size_t n)); +void *xmalloc_and_zero PARAMS ((size_t n)); void *xcalloc PARAMS ((size_t n, size_t s)); void *xrealloc PARAMS ((void *p, size_t n)); From 44cbd13e5248880b074b5068df14a4634204a1d3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 17 Nov 2000 00:56:49 +0000 Subject: [PATCH 217/923] - Simplified do_detach --- src/process.c | 38 ++------------------------------------ 1 file changed, 2 insertions(+), 36 deletions(-) diff --git a/src/process.c b/src/process.c index 2135036f..7808a866 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.2 2000/11/16 22:12:23 zarq Exp $ + $Id: process.c,v 1.1.2.3 2000/11/17 00:56:49 guus Exp $ */ #include "config.h" @@ -137,45 +137,11 @@ int detach(void) setup_signals(); - if(do_detach) - { - ppid = getpid(); - - if((pid = fork()) < 0) - { - perror("fork"); - return -1; - } - if(pid) /* parent process */ - { - signal(SIGTERM, parent_exit); - sleep(600); /* wait 10 minutes */ - exit(1); - } - } - if(write_pidfile()) return -1; if(do_detach) - { - if((fd = open("/dev/tty", O_RDWR)) >= 0) - { - if(ioctl(fd, TIOCNOTTY, NULL)) - { - perror("ioctl"); - return -1; - } - close(fd); - } - - if(setsid() < 0) - return -1; - - kill(ppid, SIGTERM); - } - - chdir("/"); /* avoid keeping a mointpoint busy */ + daemon(FALSE, FALSE); openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); From 7fcc0c6415488ed6ce0089a67ab7cfdd5d0d83ca Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 17 Nov 2000 10:03:02 +0000 Subject: [PATCH 218/923] - Removed stray @INCLUDE@ (how did that get there?) - Use 0 instead of FALSE --- src/Makefile.am | 4 ++-- src/process.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 4e11d26b..c4d6576b 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,12 +1,12 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.7 2000/11/16 17:54:27 zarq Exp $ +# $Id: Makefile.am,v 1.4.4.8 2000/11/17 10:03:02 guus Exp $ sbin_PROGRAMS = tincd tincd_SOURCES = conf.c connlist.c meta.c net.c netutl.c process.c \ protocol.c subnet.c tincd.c -INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl +INCLUDES = -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl noinst_HEADERS = conf.h connlist.h meta.h net.h netutl.h process.h \ protocol.h subnet.h diff --git a/src/process.c b/src/process.c index 7808a866..5d31b8d5 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.3 2000/11/17 00:56:49 guus Exp $ + $Id: process.c,v 1.1.2.4 2000/11/17 10:03:02 guus Exp $ */ #include "config.h" @@ -141,7 +141,7 @@ int detach(void) return -1; if(do_detach) - daemon(FALSE, FALSE); + daemon(0, 0); openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); From 00e5d572621ad5f0263999dbfbfcb11e023bf48b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 18 Nov 2000 18:14:57 +0000 Subject: [PATCH 219/923] - Fixed searching - Insertion implemented --- lib/rbl.c | 238 ++++++++++++++++++++++++++++++++++++++++++++++++++---- lib/rbl.h | 25 +++--- 2 files changed, 235 insertions(+), 28 deletions(-) diff --git a/lib/rbl.c b/lib/rbl.c index 765236c2..88027e86 100644 --- a/lib/rbl.c +++ b/lib/rbl.c @@ -17,37 +17,57 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.c,v 1.1.2.1 2000/11/16 09:18:38 guus Exp $ + $Id: rbl.c,v 1.1.2.2 2000/11/18 18:14:57 guus Exp $ */ -rbl_t *new_rbl(rbltree_t *tree) + +/* Allocate a new rbl node */ +rbl_t *new_rbl() { - rbl_t *rbl; - - rbl = xmalloc(sizeof(*rbl)); - - if(rbl) - { - memset(rbl, 0, sizeof(*rbl)); - rbl->tree = tree; - } - - return rbl; + return (rbl_t *)xmalloc_and_zero(sizeof(*rbl)); } +/* Free a rbl node */ void free_rbl(rbl_t *rbl) { free(rbl); } +/* Allocate a new rbltree header */ +rbltree_t *new_rbltree(rbl_compare_t *compare, rbl_delete_t *delete) +{ + rbltree_t *tree; + + tree = (rbltree_t *)xmalloc_and_zero(sizeof(rbltree_t)); + if(tree) + { + tree->compare = compare; + tree->delete = delete; + } + + return tree; +} + +/* Free a rbltree header */ +void free_rbltree(rbltree_t *tree) +{ + free(tree); +} + +/* Search closest match in the tree */ rbl_t rbl_search_closest(rbltree_t *tree, void *data) { rbl_t *rbl, *next; int result; - for(next = rbltree->head; next; next = rbl) + next = rbl = tree->head; + + while(next) { - result = rbltree->compare(rbl->data, data) + rbl = next; + + result = tree->compare(rbl->data, data); + if(result < 0) next = rbl->left; else if(result > 0) @@ -59,14 +79,20 @@ rbl_t rbl_search_closest(rbltree_t *tree, void *data) return rbl; } +/* Search exact match or return NULL pointer */ rbl_t rbl_search(rbltree_t *tree, void *data) { rbl_t *rbl, *next; int result; - for(next = rbltree->head; next; next = rbl) + next = rbl = tree->head; + + while(next) { - result = rbltree->compare(rbl->data, data) + rbl = next; + + result = tree->compare(rbl->data, data); + if(result < 0) next = rbl->left; else if(result > 0) @@ -78,8 +104,186 @@ rbl_t rbl_search(rbltree_t *tree, void *data) return NULL; } +/* Red-black tree operations taken from Introduction to Algorithms, + Cormen, Leiserson & Rivest, chapter 14. +*/ + +void rbl_left_rotate(rbl_t *x) +{ + rbl_t *y; + + y = x->right; + x->right = y->left; + + if(y->left) + y->left->parent = x; + + y->parent = x->parent; + + if(!x->parent) + x->tree->head = y; + else + if(x == x->parent->left) + x->parent->left = y; + else + x->parent->right = y; + + y->left = x; + x->parent = y; +} + +void rbl_right_rotate(rbl_t *y) +{ + rbl_t *x; + + x = y->left; + y->left = x->right; + + if(x->right) + x->right->parent = y; + + x->parent = y->parent; + + if(!y->parent) + y->tree->head = x; + else + if(y == y->parent->right) + y->parent->right = x; + else + y->parent->left = x; + + x->right = y; + y->parent = x; +} + +/* Insert a node into the rbl tree */ +rbl_t rbl_insert_rbl(rbltree_t *tree, rbl_t *rbl) +{ + rbl_t *closest, y; + int result; + + /* Binary tree and linked list insert */ + + if(tree->head) + { + closest = rbl_search_closest(tree, rbl->data); + result = tree->compare(rbl->data, data); + if(result < 0) + { + closest->left = rbl; + rbl->prev = closest->prev; + rbl->next = closest; + closest->prev = rbl; + rbl->prev->next = rbl; + } + else if(result > 0) + { + closest->right = rbl; + rbl->next = closest->right; + rbl->prev = closest; + closest->next = rbl; + rbl->next->prev = rbl; + } + else + return closest; /* Ofcourse, we cannot add two identical things */ + } + else + tree->head = rbl; + + /* Red-black part of insert */ + + rbl->color = RBL_RED; + + while(rbl->parent && rbl->parent->color == RBL_RED) + { + if(rbl->parent == rbl->parent->parent->left) + { + y = rbl->parent->parent->right; + if(y->color == RBL_RED) + { + rbl->parent->color = RBL_BLACK; + y->color = RBL_BLACK; + rbl->parent->parent->color = RBL_RED; + rbl = rbl->parent->parent; + } + else + { + if(rbl == rbl->parent->right) + { + rbl = rbl->parent; + rbl_left_rotate(rbl); + } + rbl->parent->color = RBL_BLACK; + rbl->parent->parent->color = RBL_RED; + rbl_right_rotate(rbl->parent->parent); + } + } + else + { + y = rbl->parent->parent->left; + if(y->color == RBL_RED) + { + rbl->parent->color = RBL_BLACK; + y->color = RBL_BLACK; + rbl->parent->parent->color = RBL_RED; + rbl = rbl->parent->parent; + } + else + { + if(rbl == rbl->parent->left) + { + rbl = rbl->parent; + rbl_right_rotate(rbl); + } + rbl->parent->color = RBL_BLACK; + rbl->parent->parent->color = RBL_RED; + rbl_left_rotate(rbl->parent->parent); + } + } + } + + tree->head->color = RBL_BLACK; + + return rbl; +} + +/* Create a new node and insert it into the tree */ rbl_t rbl_insert(rbltree_t *tree, void *data) { rbl_t *rbl; + rbl = new_rbl(); + rbl->data = data; + + return rbl_insert_rbl(tree, rbl); +} + +/* Unlink node from the tree, but keep the node intact */ +rbl_t rbl_unlink_rbl(rbl_t *rbl) +{ +} + +/* Search node in tree and unlink it */ +rbl_t rbl_unlink(rbltree_t *tree, void *data) +{ + rbl_t *rbl; + + rbl = rbl_search(tree, data); + + if(rbl) + return rbl_unlink_rbl(rbl); + else + return NULL; +} + +/* Unlink node and free it */ +void rbl_delete_rbl(rbl_t *rbl) +{ + free_rbl(rbl_unlink_rbl(rbl)); +} + +/* Search node in tree, unlink and free it */ +void rbl_delete(rbltree_t *tree, void *data) +{ + free_rbl(rbl_unlink(tree, data)); } diff --git a/lib/rbl.h b/lib/rbl.h index 40a1c69d..bd9ecda3 100644 --- a/lib/rbl.h +++ b/lib/rbl.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.h,v 1.1.2.1 2000/11/16 09:18:38 guus Exp $ + $Id: rbl.h,v 1.1.2.2 2000/11/18 18:14:57 guus Exp $ */ typedef int (*rbl_compare_t) (const void *, const void *); @@ -59,13 +59,16 @@ enum RBL_BLACK; }; -extern rbl_t rbl_search(rbltree_t *, void *); -extern rbl_t rbl_search_closest(rbltree_t *, void *); -extern rbl_t rbl_insert(rbltree_t *, void *); -extern rbl_t rbl_unlink(rbltree_t *, void *); -extern rbl_t rbl_delete(rbltree_t *, void *); -extern rbl_t rbl_insert_rbl(rbltree_t *, rbl_t *); -extern rbl_t rbl_unlink_rbl(rbltree_t *, rbl_t *); -extern rbl_t rbl_delete_rbl(rbltree_t *, rbl_t *); -extern rbl_t rbl_prev(rbl_t *); -extern rbl_t rbl_next(rbl_t *); +extern rbl_t *new_rbltree(rbl_compare_t *, rbl_delete_t *); +extern void free_rbltree(rbltree_t *); +extern rbl_t *new_rbl(void); +extern void free_rbl(rbl_t *); + +extern rbl_t *rbl_search(rbltree_t *, void *); +extern rbl_t *rbl_search_closest(rbltree_t *, void *); +extern rbl_t *rbl_insert(rbltree_t *, void *); +extern rbl_t *rbl_unlink(rbltree_t *, void *); +extern rbl_t *rbl_delete(rbltree_t *, void *); +extern rbl_t *rbl_insert_rbl(rbltree_t *, rbl_t *); +extern rbl_t *rbl_unlink_rbl(rbltree_t *, rbl_t *); +extern rbl_t *rbl_delete_rbl(rbltree_t *, rbl_t *); From 880cd6f1a94ef76ebebc5bd96dd26d62e3d829f4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 18 Nov 2000 23:21:01 +0000 Subject: [PATCH 220/923] - Implemented deletions - Added rbl_foreach() function --- lib/rbl.c | 162 ++++++++++++++++++++++++++++++++++++++++++++++++++---- lib/rbl.h | 21 +++++-- 2 files changed, 169 insertions(+), 14 deletions(-) diff --git a/lib/rbl.c b/lib/rbl.c index 88027e86..32e87bbd 100644 --- a/lib/rbl.c +++ b/lib/rbl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.c,v 1.1.2.2 2000/11/18 18:14:57 guus Exp $ + $Id: rbl.c,v 1.1.2.3 2000/11/18 23:21:00 guus Exp $ */ @@ -34,7 +34,7 @@ void free_rbl(rbl_t *rbl) } /* Allocate a new rbltree header */ -rbltree_t *new_rbltree(rbl_compare_t *compare, rbl_delete_t *delete) +rbltree_t *new_rbltree(rbl_compare_t *compare, rbl_action_t *delete) { rbltree_t *tree; @@ -60,7 +60,7 @@ rbl_t rbl_search_closest(rbltree_t *tree, void *data) rbl_t *rbl, *next; int result; - next = rbl = tree->head; + next = rbl = tree->top; while(next) { @@ -85,7 +85,7 @@ rbl_t rbl_search(rbltree_t *tree, void *data) rbl_t *rbl, *next; int result; - next = rbl = tree->head; + next = rbl = tree->top; while(next) { @@ -121,7 +121,7 @@ void rbl_left_rotate(rbl_t *x) y->parent = x->parent; if(!x->parent) - x->tree->head = y; + x->tree->top = y; else if(x == x->parent->left) x->parent->left = y; @@ -145,7 +145,7 @@ void rbl_right_rotate(rbl_t *y) x->parent = y->parent; if(!y->parent) - y->tree->head = x; + y->tree->top = x; else if(y == y->parent->right) y->parent->right = x; @@ -164,7 +164,7 @@ rbl_t rbl_insert_rbl(rbltree_t *tree, rbl_t *rbl) /* Binary tree and linked list insert */ - if(tree->head) + if(tree->top) { closest = rbl_search_closest(tree, rbl->data); result = tree->compare(rbl->data, data); @@ -188,7 +188,7 @@ rbl_t rbl_insert_rbl(rbltree_t *tree, rbl_t *rbl) return closest; /* Ofcourse, we cannot add two identical things */ } else - tree->head = rbl; + tree->top = rbl; /* Red-black part of insert */ @@ -242,7 +242,7 @@ rbl_t rbl_insert_rbl(rbltree_t *tree, rbl_t *rbl) } } - tree->head->color = RBL_BLACK; + tree->top->color = RBL_BLACK; return rbl; } @@ -258,9 +258,137 @@ rbl_t rbl_insert(rbltree_t *tree, void *data) return rbl_insert_rbl(tree, rbl); } -/* Unlink node from the tree, but keep the node intact */ +/* Restore red-black property after violation due to a deletion */ +void rbl_delete_fixup(rbl_t *x) +{ + rbl_t *w; + + while(x != x->tree->top && x->color == RBL_BLACK) + { + if(x == x->parent->left) + { + w = x->parent->right; + if(w->color == RBL_RED) + { + w->color = RBL_BLACK; + x->partent->color = RBL_RED; + rbl_left_rotate(x->parent); + w = x->parent->right; + } + if(w->left->color == RBL_BLACK && w->right->color == RBL_BLACK) + { + w->color = RBL_RED; + x = x->parent; + } + else + { + if(w->right->color == RBL_BLACK) + { + w->left->color = RBL_BLACK; + w->color = RBL_RED; + rbl_right_rotate(w); + w = x->parent->right; + } + w->color = x->parent->color; + x->parent->color = RBL_BLACK; + w->right->color = RBL_BLACK; + rbl_left_rotate(x->parent); + x = x->tree->top; + } + } + else + { + w = x->parent->left; + if(w->color == RBL_RED) + { + w->color = RBL_BLACK; + x->partent->color = RBL_RED; + rbl_right_rotate(x->parent); + w = x->parent->left; + } + if(w->right->color == RBL_BLACK && w->left->color == RBL_BLACK) + { + w->color = RBL_RED; + x = x->parent; + } + else + { + if(w->left->color == RBL_BLACK) + { + w->right->color = RBL_BLACK; + w->color = RBL_RED; + rbl_left_rotate(w); + w = x->parent->left; + } + w->color = x->parent->color; + x->parent->color = RBL_BLACK; + w->left->color = RBL_BLACK; + rbl_right_rotate(x->parent); + x = x->tree->top; + } + } + } + + x->color = RBL_BLACK; +} + +/* Unlink node from the tree, but keep the node intact. */ rbl_t rbl_unlink_rbl(rbl_t *rbl) { + rbl_t *x, *y; + + /* Binary tree delete */ + + if(rbl->left && rbl->right) + y = rbl->next; + else + y = rbl; + + if(y->left) + x = y->left; + else + x = y->right; + + if(x) + x->parent = y->parent; + + if(!y->parent) + rbl->tree->top = x; + else + if(y == y->parent->left) + y->parent->left = x; + else + y->parent->right = x; + + if(y != rbl) + { + y->left = rbl->left; + y->right = rbl->right; + y->parent = rbl->parent; + if(rbl == rbl->parent->left) + rbl->parent->left = y; + else + rbl->parent->right = y; + } + + /* Linked list delete */ + + if(rbl->prev) + rbl->prev->next = rbl->next; + else + rbl->tree->head = rbl->next; + + if(rbl->next) + rbl->next->prev = rbl->prev; + else + rbl->tree->tail = rbl->prev; + + /* Red-black part of delete */ + + if(y->color == RBL_BLACK) + rbl_delete_fixup(x); + + return rbl; } /* Search node in tree and unlink it */ @@ -287,3 +415,17 @@ void rbl_delete(rbltree_t *tree, void *data) { free_rbl(rbl_unlink(tree, data)); } + +/* Do action for each list entry (in order) + Deletion of entry for which action is called is allowed. + */ +void rbl_foreach(rbltree_t *tree, rbl_action_t *action) +{ + rbl_t *rbl, *next; + + for(rbl = tree->head; rbl; rbl = next); + { + next = rbl->next; + action(rbl); + } +} diff --git a/lib/rbl.h b/lib/rbl.h index bd9ecda3..ff81c1bf 100644 --- a/lib/rbl.h +++ b/lib/rbl.h @@ -17,11 +17,11 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.h,v 1.1.2.2 2000/11/18 18:14:57 guus Exp $ + $Id: rbl.h,v 1.1.2.3 2000/11/18 23:21:01 guus Exp $ */ typedef int (*rbl_compare_t) (const void *, const void *); -typedef void (*rbl_delete_t) (const void *); +typedef void (*rbl_action_t) (const void *); typedef struct rbl_t { @@ -48,9 +48,20 @@ typedef struct rbl_t typedef struct rbltree_t { + /* callback functions */ + rbl_compare_t *compare; - rbl_delete_t *delete; + rbl_action_t *delete; + + /* tree part */ + + struct rbl_t *top; + + /* linked list */ + struct rbl_t *head; + struct rbl_t *tail; + } rbltree_t; enum @@ -59,7 +70,7 @@ enum RBL_BLACK; }; -extern rbl_t *new_rbltree(rbl_compare_t *, rbl_delete_t *); +extern rbl_t *new_rbltree(rbl_compare_t *, rbl_action_t *); extern void free_rbltree(rbltree_t *); extern rbl_t *new_rbl(void); extern void free_rbl(rbl_t *); @@ -72,3 +83,5 @@ extern rbl_t *rbl_delete(rbltree_t *, void *); extern rbl_t *rbl_insert_rbl(rbltree_t *, rbl_t *); extern rbl_t *rbl_unlink_rbl(rbltree_t *, rbl_t *); extern rbl_t *rbl_delete_rbl(rbltree_t *, rbl_t *); + +extern void rbl_foreach(rbltree_t *, rbl_action_t *); From 4f68e5b6133480478edba0959cb87d4eb149a8e7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 18 Nov 2000 23:22:44 +0000 Subject: [PATCH 221/923] - Fix tree head/tail upon insertion --- lib/rbl.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/rbl.c b/lib/rbl.c index 32e87bbd..0edc0ffb 100644 --- a/lib/rbl.c +++ b/lib/rbl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.c,v 1.1.2.3 2000/11/18 23:21:00 guus Exp $ + $Id: rbl.c,v 1.1.2.4 2000/11/18 23:22:44 guus Exp $ */ @@ -190,6 +190,14 @@ rbl_t rbl_insert_rbl(rbltree_t *tree, rbl_t *rbl) else tree->top = rbl; + /* Linked list fixup */ + + if(!rbl->prev) + tree->head = rbl; + + if(!rbl->next) + tree->tail = rbl; + /* Red-black part of insert */ rbl->color = RBL_RED; From 3526f1e151b7a189f075d88c9d88cacaece31d02 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 19 Nov 2000 02:04:29 +0000 Subject: [PATCH 222/923] - Fixed a lot of small things. Tested everything except deletions. --- lib/rbl.c | 137 +++++++++++++++++++++++++++++++----------------------- lib/rbl.h | 34 +++++++------- 2 files changed, 96 insertions(+), 75 deletions(-) diff --git a/lib/rbl.c b/lib/rbl.c index 0edc0ffb..1c661d06 100644 --- a/lib/rbl.c +++ b/lib/rbl.c @@ -17,14 +17,17 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.c,v 1.1.2.4 2000/11/18 23:22:44 guus Exp $ + $Id: rbl.c,v 1.1.2.5 2000/11/19 02:04:29 guus Exp $ */ +#include + +#include "rbl.h" /* Allocate a new rbl node */ rbl_t *new_rbl() { - return (rbl_t *)xmalloc_and_zero(sizeof(*rbl)); + return (rbl_t *)xmalloc_and_zero(sizeof(rbl_t)); } /* Free a rbl node */ @@ -34,7 +37,7 @@ void free_rbl(rbl_t *rbl) } /* Allocate a new rbltree header */ -rbltree_t *new_rbltree(rbl_compare_t *compare, rbl_action_t *delete) +rbltree_t *new_rbltree(rbl_compare_t compare, rbl_action_t delete) { rbltree_t *tree; @@ -55,7 +58,7 @@ void free_rbltree(rbltree_t *tree) } /* Search closest match in the tree */ -rbl_t rbl_search_closest(rbltree_t *tree, void *data) +rbl_t *rbl_search_closest(rbltree_t *tree, void *data) { rbl_t *rbl, *next; int result; @@ -66,7 +69,9 @@ rbl_t rbl_search_closest(rbltree_t *tree, void *data) { rbl = next; - result = tree->compare(rbl->data, data); + result = tree->compare(data, rbl->data); + +// fprintf(stderr, "comparing %s with %s = %d\n", rbl->data, data, result); if(result < 0) next = rbl->left; @@ -80,7 +85,7 @@ rbl_t rbl_search_closest(rbltree_t *tree, void *data) } /* Search exact match or return NULL pointer */ -rbl_t rbl_search(rbltree_t *tree, void *data) +rbl_t *rbl_search(rbltree_t *tree, void *data) { rbl_t *rbl, *next; int result; @@ -127,7 +132,7 @@ void rbl_left_rotate(rbl_t *x) x->parent->left = y; else x->parent->right = y; - + y->left = x; x->parent = y; } @@ -135,7 +140,7 @@ void rbl_left_rotate(rbl_t *x) void rbl_right_rotate(rbl_t *y) { rbl_t *x; - + x = y->left; y->left = x->right; @@ -157,113 +162,129 @@ void rbl_right_rotate(rbl_t *y) } /* Insert a node into the rbl tree */ -rbl_t rbl_insert_rbl(rbltree_t *tree, rbl_t *rbl) +rbl_t *rbl_insert_rbl(rbltree_t *tree, rbl_t *rbl) { - rbl_t *closest, y; - int result; + rbl_t *closest, *x, *y; + int result; + rbl->tree = tree; + /* Binary tree and linked list insert */ if(tree->top) { closest = rbl_search_closest(tree, rbl->data); - result = tree->compare(rbl->data, data); + result = tree->compare(rbl->data, closest->data); if(result < 0) { closest->left = rbl; + rbl->prev = closest->prev; rbl->next = closest; closest->prev = rbl; - rbl->prev->next = rbl; + + if(rbl->prev) + rbl->prev->next = rbl; + else + tree->head = rbl; } else if(result > 0) { closest->right = rbl; - rbl->next = closest->right; + + rbl->next = closest->next; rbl->prev = closest; closest->next = rbl; - rbl->next->prev = rbl; + + if(rbl->next) + rbl->next->prev = rbl; + else + tree->tail = rbl; } else return closest; /* Ofcourse, we cannot add two identical things */ + + rbl->parent = closest; } else - tree->top = rbl; - - /* Linked list fixup */ - - if(!rbl->prev) - tree->head = rbl; - - if(!rbl->next) - tree->tail = rbl; + { + tree->top = rbl; + tree->head = rbl; + tree->tail = rbl; + } /* Red-black part of insert */ - rbl->color = RBL_RED; + x = rbl; + x->color = RBL_RED; - while(rbl->parent && rbl->parent->color == RBL_RED) + while(x != tree->top && x->parent->color == RBL_RED) { - if(rbl->parent == rbl->parent->parent->left) + if(x->parent == x->parent->parent->left) { - y = rbl->parent->parent->right; - if(y->color == RBL_RED) + y = x->parent->parent->right; + if(y && y->color == RBL_RED) { - rbl->parent->color = RBL_BLACK; + x->parent->color = RBL_BLACK; y->color = RBL_BLACK; - rbl->parent->parent->color = RBL_RED; - rbl = rbl->parent->parent; + x->parent->parent->color = RBL_RED; + x = x->parent->parent; } else { - if(rbl == rbl->parent->right) + if(x == x->parent->right) { - rbl = rbl->parent; - rbl_left_rotate(rbl); + x = x->parent; + rbl_left_rotate(x); } - rbl->parent->color = RBL_BLACK; - rbl->parent->parent->color = RBL_RED; - rbl_right_rotate(rbl->parent->parent); + x->parent->color = RBL_BLACK; + x->parent->parent->color = RBL_RED; + rbl_right_rotate(x->parent->parent); } } else { - y = rbl->parent->parent->left; - if(y->color == RBL_RED) + y = x->parent->parent->left; + if(y && y->color == RBL_RED) { - rbl->parent->color = RBL_BLACK; + x->parent->color = RBL_BLACK; y->color = RBL_BLACK; - rbl->parent->parent->color = RBL_RED; - rbl = rbl->parent->parent; + x->parent->parent->color = RBL_RED; + x = x->parent->parent; } else { - if(rbl == rbl->parent->left) + if(x == x->parent->left) { - rbl = rbl->parent; - rbl_right_rotate(rbl); + x = x->parent; + rbl_right_rotate(x); } - rbl->parent->color = RBL_BLACK; - rbl->parent->parent->color = RBL_RED; - rbl_left_rotate(rbl->parent->parent); + x->parent->color = RBL_BLACK; + x->parent->parent->color = RBL_RED; + rbl_left_rotate(x->parent->parent); } } } tree->top->color = RBL_BLACK; - return rbl; } /* Create a new node and insert it into the tree */ -rbl_t rbl_insert(rbltree_t *tree, void *data) +rbl_t *rbl_insert(rbltree_t *tree, void *data) { rbl_t *rbl; rbl = new_rbl(); rbl->data = data; - return rbl_insert_rbl(tree, rbl); + if(rbl_insert_rbl(tree, rbl) == rbl) + return rbl; + else + { + free_rbl(rbl); + return NULL; + } } /* Restore red-black property after violation due to a deletion */ @@ -279,7 +300,7 @@ void rbl_delete_fixup(rbl_t *x) if(w->color == RBL_RED) { w->color = RBL_BLACK; - x->partent->color = RBL_RED; + x->parent->color = RBL_RED; rbl_left_rotate(x->parent); w = x->parent->right; } @@ -310,7 +331,7 @@ void rbl_delete_fixup(rbl_t *x) if(w->color == RBL_RED) { w->color = RBL_BLACK; - x->partent->color = RBL_RED; + x->parent->color = RBL_RED; rbl_right_rotate(x->parent); w = x->parent->left; } @@ -341,7 +362,7 @@ void rbl_delete_fixup(rbl_t *x) } /* Unlink node from the tree, but keep the node intact. */ -rbl_t rbl_unlink_rbl(rbl_t *rbl) +rbl_t *rbl_unlink_rbl(rbl_t *rbl) { rbl_t *x, *y; @@ -400,7 +421,7 @@ rbl_t rbl_unlink_rbl(rbl_t *rbl) } /* Search node in tree and unlink it */ -rbl_t rbl_unlink(rbltree_t *tree, void *data) +rbl_t *rbl_unlink(rbltree_t *tree, void *data) { rbl_t *rbl; @@ -427,11 +448,11 @@ void rbl_delete(rbltree_t *tree, void *data) /* Do action for each list entry (in order) Deletion of entry for which action is called is allowed. */ -void rbl_foreach(rbltree_t *tree, rbl_action_t *action) +void rbl_foreach(rbltree_t *tree, rbl_action_t action) { rbl_t *rbl, *next; - for(rbl = tree->head; rbl; rbl = next); + for(rbl = tree->head; rbl; rbl = next) { next = rbl->next; action(rbl); diff --git a/lib/rbl.h b/lib/rbl.h index ff81c1bf..a1810078 100644 --- a/lib/rbl.h +++ b/lib/rbl.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.h,v 1.1.2.3 2000/11/18 23:21:01 guus Exp $ + $Id: rbl.h,v 1.1.2.4 2000/11/19 02:04:29 guus Exp $ */ typedef int (*rbl_compare_t) (const void *, const void *); @@ -31,14 +31,14 @@ typedef struct rbl_t int color; - rbl_t *parent; - rbl_t *left; - rbl_t *right; + struct rbl_t *parent; + struct rbl_t *left; + struct rbl_t *right; /* 'linked list' part */ - rbl_t *prev; - rbl_t *next; + struct rbl_t *prev; + struct rbl_t *next; /* payload */ @@ -50,8 +50,8 @@ typedef struct rbltree_t { /* callback functions */ - rbl_compare_t *compare; - rbl_action_t *delete; + rbl_compare_t compare; + rbl_action_t delete; /* tree part */ @@ -64,13 +64,13 @@ typedef struct rbltree_t } rbltree_t; -enum +enum color { - RBL_RED; - RBL_BLACK; -}; + RBL_RED, + RBL_BLACK +} color; -extern rbl_t *new_rbltree(rbl_compare_t *, rbl_action_t *); +extern rbltree_t *new_rbltree(rbl_compare_t, rbl_action_t); extern void free_rbltree(rbltree_t *); extern rbl_t *new_rbl(void); extern void free_rbl(rbl_t *); @@ -79,9 +79,9 @@ extern rbl_t *rbl_search(rbltree_t *, void *); extern rbl_t *rbl_search_closest(rbltree_t *, void *); extern rbl_t *rbl_insert(rbltree_t *, void *); extern rbl_t *rbl_unlink(rbltree_t *, void *); -extern rbl_t *rbl_delete(rbltree_t *, void *); +extern void rbl_delete(rbltree_t *, void *); extern rbl_t *rbl_insert_rbl(rbltree_t *, rbl_t *); -extern rbl_t *rbl_unlink_rbl(rbltree_t *, rbl_t *); -extern rbl_t *rbl_delete_rbl(rbltree_t *, rbl_t *); +extern rbl_t *rbl_unlink_rbl(rbl_t *); +extern void rbl_delete_rbl(rbl_t *); -extern void rbl_foreach(rbltree_t *, rbl_action_t *); +extern void rbl_foreach(rbltree_t *, rbl_action_t); From cc7c078774db955cece9b263022e6c1ca955fc10 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 19 Nov 2000 11:05:59 +0000 Subject: [PATCH 223/923] - Deletion also works now. --- lib/rbl.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++----- lib/rbl.h | 6 ++++- 2 files changed, 73 insertions(+), 7 deletions(-) diff --git a/lib/rbl.c b/lib/rbl.c index 1c661d06..d79c5030 100644 --- a/lib/rbl.c +++ b/lib/rbl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.c,v 1.1.2.5 2000/11/19 02:04:29 guus Exp $ + $Id: rbl.c,v 1.1.2.6 2000/11/19 11:05:59 guus Exp $ */ #include @@ -71,8 +71,6 @@ rbl_t *rbl_search_closest(rbltree_t *tree, void *data) result = tree->compare(data, rbl->data); -// fprintf(stderr, "comparing %s with %s = %d\n", rbl->data, data, result); - if(result < 0) next = rbl->left; else if(result > 0) @@ -96,7 +94,7 @@ rbl_t *rbl_search(rbltree_t *tree, void *data) { rbl = next; - result = tree->compare(rbl->data, data); + result = tree->compare(data, rbl->data); if(result < 0) next = rbl->left; @@ -367,7 +365,7 @@ rbl_t *rbl_unlink_rbl(rbl_t *rbl) rbl_t *x, *y; /* Binary tree delete */ - + if(rbl->left && rbl->right) y = rbl->next; else @@ -414,7 +412,7 @@ rbl_t *rbl_unlink_rbl(rbl_t *rbl) /* Red-black part of delete */ - if(y->color == RBL_BLACK) + if(y->color == RBL_BLACK && x) rbl_delete_fixup(x); return rbl; @@ -445,6 +443,59 @@ void rbl_delete(rbltree_t *tree, void *data) free_rbl(rbl_unlink(tree, data)); } +rbl_unlink_rbltree_branch(rbl_t *rbl) +{ + if(rbl->left) + rbl_unlink_rbltree_branch(rbl->left); + + if(rbl->right) + rbl_unlink_rbltree_branch(rbl->right); + + if(rbl->parent) + { + if(rbl == rbl->parent->left) + rbl->parent->left = NULL; + else + rbl->parent->right = NULL; +} + +/* Optimized unlinking for a complete tree */ +rbl_unlink_rbltree(rbltree_t *tree) +{ + rbl_t *rbl, *next; + + for(rbl = tree->head; rbl; rbl = next) + { + next = rbl->next; + rbl->tree = NULL; + rbl->parent = NULL; + rbl->left = NULL; + rbl->right = NULL; + rbl->prev = NULL; + rbl->next = NULL; + } + + tree->top = NULL; + tree->head = NULL; + tree->tail = NULL; +} + +/* Optimized deletion for a complete tree */ +rbl_delete_rbltree(rbltree_t *tree) +{ + rbl_t *rbl, *next; + + for(rbl = tree->head; rbl; rbl = next) + { + next = rbl->next; + tree->delete(rbl->data) + } + + tree->top = NULL; + tree->head = NULL; + tree->tail = NULL; +} + /* Do action for each list entry (in order) Deletion of entry for which action is called is allowed. */ @@ -452,6 +503,17 @@ void rbl_foreach(rbltree_t *tree, rbl_action_t action) { rbl_t *rbl, *next; + for(rbl = tree->head; rbl; rbl = next) + { + next = rbl->next; + action(rbl->data); + } +} + +void rbl_foreach_rbl(rbltree_t *tree, rbl_action_rbl_t action) +{ + rbl_t *rbl, *next; + for(rbl = tree->head; rbl; rbl = next) { next = rbl->next; diff --git a/lib/rbl.h b/lib/rbl.h index a1810078..019ca2e1 100644 --- a/lib/rbl.h +++ b/lib/rbl.h @@ -17,11 +17,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.h,v 1.1.2.4 2000/11/19 02:04:29 guus Exp $ + $Id: rbl.h,v 1.1.2.5 2000/11/19 11:05:59 guus Exp $ */ typedef int (*rbl_compare_t) (const void *, const void *); typedef void (*rbl_action_t) (const void *); +typedef void (*rbl_action_rbl_t) (const struct rbl_t *); typedef struct rbl_t { @@ -83,5 +84,8 @@ extern void rbl_delete(rbltree_t *, void *); extern rbl_t *rbl_insert_rbl(rbltree_t *, rbl_t *); extern rbl_t *rbl_unlink_rbl(rbl_t *); extern void rbl_delete_rbl(rbl_t *); +extern void rbl_unlink_rbltree(rbltree_t *); +extern void rbl_delete_rbltree(rbltree_t *); extern void rbl_foreach(rbltree_t *, rbl_action_t); +extern void rbl_foreach_rbl(rbltree_t *, rbl_action_rbl_t); From 8f273f0ee265c75dd8eea65b2f1cd60a79691cd6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 19 Nov 2000 22:12:46 +0000 Subject: [PATCH 224/923] - Small fixes --- lib/rbl.c | 34 ++++++++++++++++++++++++++-------- lib/rbl.h | 16 +++++++++------- 2 files changed, 35 insertions(+), 15 deletions(-) diff --git a/lib/rbl.c b/lib/rbl.c index d79c5030..cf0316b7 100644 --- a/lib/rbl.c +++ b/lib/rbl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.c,v 1.1.2.6 2000/11/19 11:05:59 guus Exp $ + $Id: rbl.c,v 1.1.2.7 2000/11/19 22:12:46 guus Exp $ */ #include @@ -58,7 +58,7 @@ void free_rbltree(rbltree_t *tree) } /* Search closest match in the tree */ -rbl_t *rbl_search_closest(rbltree_t *tree, void *data) +rbl_t *rbl_search_closest_rbl(rbltree_t *tree, void *data) { rbl_t *rbl, *next; int result; @@ -82,8 +82,13 @@ rbl_t *rbl_search_closest(rbltree_t *tree, void *data) return rbl; } +void *rbl_search_closest(rbltree_t *tree, void *data) +{ + return rbl_search_closest_rbl(tree, data)->data; +} + /* Search exact match or return NULL pointer */ -rbl_t *rbl_search(rbltree_t *tree, void *data) +rbl_t *rbl_search_rbl(rbltree_t *tree, void *data) { rbl_t *rbl, *next; int result; @@ -107,6 +112,18 @@ rbl_t *rbl_search(rbltree_t *tree, void *data) return NULL; } +void *rbl_search(rbltree_t *tree, void *data) +{ + rbl_t *rbl; + + rbl = rbl_search_rbl(tree, data); + + if(rbl) + return rbl->data; + else + return NULL; +} + /* Red-black tree operations taken from Introduction to Algorithms, Cormen, Leiserson & Rivest, chapter 14. */ @@ -171,7 +188,7 @@ rbl_t *rbl_insert_rbl(rbltree_t *tree, rbl_t *rbl) if(tree->top) { - closest = rbl_search_closest(tree, rbl->data); + closest = rbl_search_closest_rbl(tree, rbl->data); result = tree->compare(rbl->data, closest->data); if(result < 0) { @@ -423,7 +440,7 @@ rbl_t *rbl_unlink(rbltree_t *tree, void *data) { rbl_t *rbl; - rbl = rbl_search(tree, data); + rbl = rbl_search_rbl(tree, data); if(rbl) return rbl_unlink_rbl(rbl); @@ -457,10 +474,11 @@ rbl_unlink_rbltree_branch(rbl_t *rbl) rbl->parent->left = NULL; else rbl->parent->right = NULL; + } } /* Optimized unlinking for a complete tree */ -rbl_unlink_rbltree(rbltree_t *tree) +void rbl_unlink_rbltree(rbltree_t *tree) { rbl_t *rbl, *next; @@ -481,14 +499,14 @@ rbl_unlink_rbltree(rbltree_t *tree) } /* Optimized deletion for a complete tree */ -rbl_delete_rbltree(rbltree_t *tree) +void rbl_delete_rbltree(rbltree_t *tree) { rbl_t *rbl, *next; for(rbl = tree->head; rbl; rbl = next) { next = rbl->next; - tree->delete(rbl->data) + tree->delete(rbl->data); } tree->top = NULL; diff --git a/lib/rbl.h b/lib/rbl.h index 019ca2e1..ab6b5f99 100644 --- a/lib/rbl.h +++ b/lib/rbl.h @@ -17,13 +17,9 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.h,v 1.1.2.5 2000/11/19 11:05:59 guus Exp $ + $Id: rbl.h,v 1.1.2.6 2000/11/19 22:12:46 guus Exp $ */ -typedef int (*rbl_compare_t) (const void *, const void *); -typedef void (*rbl_action_t) (const void *); -typedef void (*rbl_action_rbl_t) (const struct rbl_t *); - typedef struct rbl_t { /* 'red-black tree' part */ @@ -47,6 +43,10 @@ typedef struct rbl_t } rbl_t; +typedef int (*rbl_compare_t) (const void *, const void *); +typedef void (*rbl_action_t) (const void *); +typedef void (*rbl_action_rbl_t) (const struct rbl_t *); + typedef struct rbltree_t { /* callback functions */ @@ -76,8 +76,10 @@ extern void free_rbltree(rbltree_t *); extern rbl_t *new_rbl(void); extern void free_rbl(rbl_t *); -extern rbl_t *rbl_search(rbltree_t *, void *); -extern rbl_t *rbl_search_closest(rbltree_t *, void *); +extern void *rbl_search(rbltree_t *, void *); +extern void *rbl_search_closest(rbltree_t *, void *); +extern rbl_t *rbl_search_rbl(rbltree_t *, void *); +extern rbl_t *rbl_search_closest_rbl(rbltree_t *, void *); extern rbl_t *rbl_insert(rbltree_t *, void *); extern rbl_t *rbl_unlink(rbltree_t *, void *); extern void rbl_delete(rbltree_t *, void *); From 59aa15d3d1db4e948113f202dd2183f4bb23970d Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Mon, 20 Nov 2000 18:02:15 +0000 Subject: [PATCH 225/923] Added this release --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index f3e4e237..7062c002 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,7 @@ +version 1.0pre4 UNRELEASED + + + version 1.0pre3 Oct 31 2000 * The protocol has been redesigned, and although some details are From 3cc063d23a6e3a23fd01f03b0bc99825c2b13e16 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Mon, 20 Nov 2000 18:05:34 +0000 Subject: [PATCH 226/923] More function and header checks --- configure.in | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/configure.in b/configure.in index 368908a0..6af75ce7 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.18 2000/11/13 22:29:22 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.19 2000/11/20 18:05:34 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs) @@ -27,13 +27,15 @@ AC_PROG_MAKE_SET jm_PERL AM_PROG_LIBTOOL + AC_ISC_POSIX dnl Checks for libraries. dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS(fcntl.h limits.h sys/ioctl.h syslog.h unistd.h sys/time.h) +AC_CHECK_HEADERS([fcntl.h limits.h sys/ioctl.h syslog.h unistd.h \ +sys/time.h malloc.h strings.h sys/file.h]) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST @@ -46,7 +48,8 @@ dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL -AC_CHECK_FUNCS(ftime socket select strtol strerror flock unsetenv asprintf) +AC_CHECK_FUNCS([ftime socket select strtol strerror flock unsetenv \ +asprintf putenv strdup]) jm_FUNC_MALLOC jm_FUNC_REALLOC @@ -76,10 +79,12 @@ tinc_TUNTAP dnl Check if checkpoint tracing has to be enabled AC_ARG_ENABLE(tracing, - [ --enable-tracing enable checkpoint tracing (for debugging purposes only)], + [ --enable-tracing enable checkpoint tracing (debugging only)], [ AC_DEFINE(ENABLE_TRACING) ] ) +AC_SUBST(INCLUDES) + AC_OUTPUT([Makefile src/Makefile doc/Makefile doc/es/Makefile intl/Makefile lib/Makefile m4/Makefile po/Makefile.in redhat/Makefile debian/Makefile]) From 9024e01ce649b89d304a4aa5b1d6ef0b56b5a12c Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Mon, 20 Nov 2000 18:06:17 +0000 Subject: [PATCH 227/923] Also include process.h --- src/tincd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/tincd.c b/src/tincd.c index 0b02aad4..224a9f91 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.30 2000/11/16 22:12:23 zarq Exp $ + $Id: tincd.c,v 1.10.4.31 2000/11/20 18:06:17 zarq Exp $ */ #include "config.h" @@ -64,6 +64,7 @@ #include "conf.h" #include "net.h" #include "netutl.h" +#include "process.h" #include "protocol.h" #include "subnet.h" From 408ca91766088b6c2d38e198b0692bf394b41248 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 20 Nov 2000 19:12:17 +0000 Subject: [PATCH 228/923] - Integrate rbl trees into tinc. --- lib/Makefile.am | 8 +- lib/rbl.c | 3 +- lib/rbl.h | 9 +- po/POTFILES.in | 2 +- src/Makefile.am | 6 +- src/conf.c | 3 +- src/{connlist.c => connection.c} | 115 ++++++++--------- src/{connlist.h => connection.h} | 48 ++++--- src/meta.c | 22 ++-- src/meta.h | 10 +- src/net.c | 141 ++++++++++++--------- src/net.h | 10 +- src/process.c | 4 +- src/protocol.c | 209 +++++++++++++++++-------------- src/protocol.h | 44 +++---- src/route.c | 16 +-- src/subnet.c | 200 ++++++++++++++--------------- src/subnet.h | 10 +- 18 files changed, 443 insertions(+), 417 deletions(-) rename src/{connlist.c => connection.c} (57%) rename src/{connlist.h => connection.h} (81%) diff --git a/lib/Makefile.am b/lib/Makefile.am index 350e8826..43629d38 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,15 +1,15 @@ ## Process this file with automake to produce Makefile.in -# $Id: Makefile.am,v 1.2.4.2 2000/11/15 22:04:48 zarq Exp $ +# $Id: Makefile.am,v 1.2.4.3 2000/11/20 19:12:10 guus Exp $ noinst_LIBRARIES = libvpn.a INCLUDES = -I. -I$(top_builddir) -I$(top_srcdir)/intl -libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c +libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c rbl.c libvpn_a_LIBADD = @LIBOBJS@ @ALLOCA@ libvpn_a_DEPENDENCIES = $(libvpn_a_LIBADD) -noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h +noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h rbl.h -EXTRA_DIST = README \ No newline at end of file +EXTRA_DIST = README diff --git a/lib/rbl.c b/lib/rbl.c index cf0316b7..3b97da66 100644 --- a/lib/rbl.c +++ b/lib/rbl.c @@ -17,9 +17,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.c,v 1.1.2.7 2000/11/19 22:12:46 guus Exp $ + $Id: rbl.c,v 1.1.2.8 2000/11/20 19:12:10 guus Exp $ */ +#include #include #include "rbl.h" diff --git a/lib/rbl.h b/lib/rbl.h index ab6b5f99..14ef52b2 100644 --- a/lib/rbl.h +++ b/lib/rbl.h @@ -17,9 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.h,v 1.1.2.6 2000/11/19 22:12:46 guus Exp $ + $Id: rbl.h,v 1.1.2.7 2000/11/20 19:12:10 guus Exp $ */ +#ifndef __RBL_H__ +#define __RBL_H__ + +#define RBL_FOREACH(tree,rbl) for(rbl = tree->head; rbl; rbl = rbl->next) + typedef struct rbl_t { /* 'red-black tree' part */ @@ -91,3 +96,5 @@ extern void rbl_delete_rbltree(rbltree_t *); extern void rbl_foreach(rbltree_t *, rbl_action_t); extern void rbl_foreach_rbl(rbltree_t *, rbl_action_rbl_t); + +#endif /* __RBL_H__ */ diff --git a/po/POTFILES.in b/po/POTFILES.in index 7ec2c0f4..4abbbf84 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -6,7 +6,7 @@ lib/pidfile.c lib/utils.c src/conf.c -src/connlist.c +src/connection.c src/meta.c src/net.c src/netutl.c diff --git a/src/Makefile.am b/src/Makefile.am index c4d6576b..bb83f799 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,14 +1,14 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.8 2000/11/17 10:03:02 guus Exp $ +# $Id: Makefile.am,v 1.4.4.9 2000/11/20 19:12:11 guus Exp $ sbin_PROGRAMS = tincd -tincd_SOURCES = conf.c connlist.c meta.c net.c netutl.c process.c \ +tincd_SOURCES = conf.c connection.c meta.c net.c netutl.c process.c \ protocol.c subnet.c tincd.c INCLUDES = -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl -noinst_HEADERS = conf.h connlist.h meta.h net.h netutl.h process.h \ +noinst_HEADERS = conf.h connection.h meta.h net.h netutl.h process.h \ protocol.h subnet.h LIBS = @LIBS@ @INTLLIBS@ diff --git a/src/conf.c b/src/conf.c index 0a65e32d..56d1a8ac 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.21 2000/11/04 22:57:30 guus Exp $ + $Id: conf.c,v 1.9.4.22 2000/11/20 19:12:11 guus Exp $ */ #include "config.h" @@ -39,7 +39,6 @@ #include /* for cp */ #include "config.h" -#include "connlist.h" #include "system.h" config_t *config = NULL; diff --git a/src/connlist.c b/src/connection.c similarity index 57% rename from src/connlist.c rename to src/connection.c index 5d41dcb6..dee0472a 100644 --- a/src/connlist.c +++ b/src/connection.c @@ -1,5 +1,5 @@ /* - connlist.c -- connection list management + connection.c -- connection list management Copyright (C) 2000 Guus Sliepen , 2000 Ivo Timmermans @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.c,v 1.1.2.15 2000/11/04 22:57:30 guus Exp $ + $Id: connection.c,v 1.1.2.1 2000/11/20 19:12:11 guus Exp $ */ #include "config.h" @@ -25,6 +25,8 @@ #include #include +#include + #include "net.h" /* Don't ask. */ #include "netutl.h" #include "config.h" @@ -36,14 +38,26 @@ /* Root of the connection list */ -conn_list_t *conn_list = NULL; -conn_list_t *myself = NULL; +rbltree_t *connection_tree; +connection_t *myself = NULL; -/* Creation and deletion of conn_list elements */ +/* Initialization and callbacks */ -conn_list_t *new_conn_list(void) +int connection_compare(connection_t *a, connection_t *b) { - conn_list_t *p = (conn_list_t *)xmalloc(sizeof(*p)); + return strcmp(a->name, b->name); +} + +void init_connections(void) +{ + connection_tree = new_rbltree((rbl_compare_t)connection_compare, (rbl_action_t)free_connection); +} + +/* Creation and deletion of connection elements */ + +connection_t *new_connection(void) +{ + connection_t *p = (connection_t *)xmalloc(sizeof(*p)); cp /* initialise all those stupid pointers at once */ memset(p, '\0', sizeof(*p)); @@ -51,7 +65,7 @@ cp return p; } -void free_conn_list(conn_list_t *p) +void free_connection(connection_t *p) { cp if(p->sq) @@ -77,110 +91,83 @@ cp /* remove all marked connections */ -void prune_conn_list(void) +void prune_connection_tree(void) { - conn_list_t *p, *prev = NULL, *next = NULL; + rbl_t *rbl; + connection_t *cl; cp - for(p = conn_list; p != NULL; ) + RBL_FOREACH(connection_tree, rbl) { - next = p->next; - - if(p->status.remove) - conn_list_del(p); - else - prev = p; - - p = next; + cl = (connection_t *) rbl->data; + if(cl->status.remove) + connection_del(cl); } cp } /* - free all elements of conn_list + free all elements of connection */ -void destroy_conn_list(void) +void destroy_connection_tree(void) { - conn_list_t *p, *next; cp - for(p = conn_list; p != NULL; ) - { - next = p->next; - free_conn_list(p); - p = next; - } - - conn_list = NULL; + rbl_delete_rbltree(connection_tree); cp } /* Linked list management */ -void conn_list_add(conn_list_t *cl) +void connection_add(connection_t *cl) { cp - cl->next = conn_list; - cl->prev = NULL; - - if(cl->next) - cl->next->prev = cl; - - conn_list = cl; + rbl_insert(connection_tree, cl); cp } -void conn_list_del(conn_list_t *cl) +void connection_del(connection_t *cl) { cp - if(cl->prev) - cl->prev->next = cl->next; - else - conn_list = cl->next; - - if(cl->next) - cl->next->prev = cl->prev; - - free_conn_list(cl); + rbl_delete(connection_tree, cl); cp } /* Lookup functions */ -conn_list_t *lookup_id(char *name) +connection_t *lookup_id(char *name) { - conn_list_t *p; + connection_t cl; cp - for(p = conn_list; p != NULL; p = p->next) - if(p->status.active) - if(strcmp(name, p->name) == 0) - break; + cl.name = name; + return rbl_search(connection_tree, &cl); cp - return p; } /* Debugging */ -void dump_conn_list(void) +void dump_connection_list(void) { - conn_list_t *p; + rbl_t *rbl; + connection_t *cl; cp syslog(LOG_DEBUG, _("Connection list:")); syslog(LOG_DEBUG, _(" %s at %s port %hd flags %d sockets %d, %d status %04x"), - myself->name, myself->hostname, myself->port, myself->flags, - myself->socket, myself->meta_socket, myself->status); + myself->name, myself->hostname, myself->port, myself->flags, + myself->socket, myself->meta_socket, myself->status); - for(p = conn_list; p != NULL; p = p->next) + RBL_FOREACH(connection_tree, rbl) { + cl = (connection_t *)rbl->data; syslog(LOG_DEBUG, _(" %s at %s port %hd flags %d sockets %d, %d status %04x"), - p->name, p->hostname, p->port, p->flags, - p->socket, p->meta_socket, p->status); + cl->name, cl->hostname, cl->port, cl->flags, + cl->socket, cl->meta_socket, cl->status); } - + syslog(LOG_DEBUG, _("End of connection list.")); cp } -int read_host_config(conn_list_t *cl) +int read_host_config(connection_t *cl) { char *fname; int x; diff --git a/src/connlist.h b/src/connection.h similarity index 81% rename from src/connlist.h rename to src/connection.h index 8f933bca..05972997 100644 --- a/src/connlist.h +++ b/src/connection.h @@ -1,5 +1,5 @@ /* - connlist.h -- header for connlist.c + connection.h -- header for connection.c Copyright (C) 2000 Guus Sliepen , 2000 Ivo Timmermans @@ -17,11 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connlist.h,v 1.1.2.13 2000/11/15 01:06:10 zarq Exp $ + $Id: connection.h,v 1.1.2.1 2000/11/20 19:12:11 guus Exp $ */ -#ifndef __TINC_CONNLIST_H__ -#define __TINC_CONNLIST_H__ +#ifndef __TINC_CONNECTION_H__ +#define __TINC_CONNECTION_H__ + +#include #include "config.h" @@ -60,7 +62,7 @@ typedef struct option_bits_t { int unused:32; } option_bits_t; -typedef struct conn_list_t { +typedef struct connection_t { char *name; /* name of this connection */ ipv4_t address; /* his real (internet) ip */ char *hostname; /* the hostname of its real ip */ @@ -96,29 +98,25 @@ typedef struct conn_list_t { char *mychallenge; /* challenge we received from him */ char *hischallenge; /* challenge we sent to him */ - struct conn_list_t *nexthop; /* nearest meta-hop in this direction */ + struct connection_t *nexthop; /* nearest meta-hop in this direction */ - struct subnet_t *subnets; /* Pointer to a list of subnets belonging to this connection */ + rbltree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this connection */ struct config_t *config; /* Pointer to configuration tree belonging to this host */ +} connection_t; - struct conn_list_t *next; /* after all, it's a list of connections */ - struct conn_list_t *prev; /* doubly linked for O(1) deletions */ -} conn_list_t; +extern rbltree_t *connection_tree; +extern connection_t *myself; -#include "subnet.h" +extern void init_connections(void); +extern connection_t *new_connection(void); +extern void free_connection(connection_t *); +extern void connection_add(connection_t *); +extern void connection_del(connection_t *); +extern connection_t *lookup_id(char *); +extern void dump_connection_list(void); +extern int read_host_config(connection_t *); +extern void destroy_connection(void); +extern void prune_connection_tree(void); -extern conn_list_t *conn_list; -extern conn_list_t *myself; - -extern conn_list_t *new_conn_list(); -extern void free_conn_list(conn_list_t *); -extern void conn_list_add(conn_list_t *); -extern void conn_list_del(conn_list_t *); -extern conn_list_t *lookup_id(char *); -extern void dump_conn_list(void); -extern int read_host_config(conn_list_t *); -extern void destroy_conn_list(void); -extern void prune_conn_list(void); - -#endif /* __TINC_CONNLIST_H__ */ +#endif /* __TINC_CONNECTION_H__ */ diff --git a/src/meta.c b/src/meta.c index a4cfc838..289d0b87 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.11 2000/11/15 13:33:25 guus Exp $ + $Id: meta.c,v 1.1.2.12 2000/11/20 19:12:12 guus Exp $ */ #include "config.h" @@ -38,10 +38,11 @@ #endif #include "net.h" +#include "connection.h" #include "system.h" #include "protocol.h" -int send_meta(conn_list_t *cl, char *buffer, int length) +int send_meta(connection_t *cl, char *buffer, int length) { char outbuf[MAXBUFSIZE]; char *bufp; @@ -71,18 +72,21 @@ cp return 0; } -int broadcast_meta(conn_list_t *cl, char *buffer, int length) +void broadcast_meta(connection_t *cl, char *buffer, int length) { - conn_list_t *p; + rbl_t *rbl; + connection_t *p; cp - for(p = conn_list; p != NULL; p = p->next) - if(p != cl && p->status.meta && p->status.active) - send_meta(p, buffer, length); + RBL_FOREACH(connection_tree, rbl) + { + p = (connection_t *)rbl->data; + if(p != cl && p->status.meta && p->status.active) + send_meta(p, buffer, length); + } cp - return 0; } -int receive_meta(conn_list_t *cl) +int receive_meta(connection_t *cl) { int x, l = sizeof(x); int oldlen, i; diff --git a/src/meta.h b/src/meta.h index 2784947c..09df9028 100644 --- a/src/meta.h +++ b/src/meta.h @@ -17,16 +17,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.h,v 1.1.2.3 2000/10/11 10:35:16 guus Exp $ + $Id: meta.h,v 1.1.2.4 2000/11/20 19:12:12 guus Exp $ */ #ifndef __TINC_META_H__ #define __TINC_META_H__ -#include "net.h" +#include "connection.h" -extern int send_meta(conn_list_t *, const char *, int); -extern int broadcast_meta(conn_list_t *, const char *, int); -extern int receive_meta(conn_list_t *); +extern int send_meta(connection_t *, const char *, int); +extern int broadcast_meta(connection_t *, const char *, int); +extern int receive_meta(connection_t *); #endif /* __TINC_META_H__ */ diff --git a/src/net.c b/src/net.c index 8d92cc10..adad4105 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.76 2000/11/16 22:11:40 zarq Exp $ + $Id: net.c,v 1.35.4.77 2000/11/20 19:12:12 guus Exp $ */ #include "config.h" @@ -67,7 +67,7 @@ #include #include "conf.h" -#include "connlist.h" +#include "connection.h" #include "list.h" #include "meta.h" #include "net.h" @@ -95,7 +95,7 @@ char *unknown = NULL; subnet_t mymac; -int xsend(conn_list_t *cl, vpn_packet_t *inpkt) +int xsend(connection_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; int outlen, outpad; @@ -131,7 +131,7 @@ cp return 0; } -int xrecv(conn_list_t *cl, vpn_packet_t *inpkt) +int xrecv(connection_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; int outlen, outpad; @@ -254,8 +254,8 @@ cp each packet, and removing it when that returned a zero exit code */ -void flush_queue(conn_list_t *cl, packet_queue_t **pq, - int (*function)(conn_list_t*,vpn_packet_t*)) +void flush_queue(connection_t *cl, packet_queue_t **pq, + int (*function)(connection_t*,vpn_packet_t*)) { queue_element_t *p, *next = NULL; cp @@ -279,7 +279,7 @@ cp void because nothing goes wrong here, packets remain in the queue if something goes wrong */ -void flush_queues(conn_list_t *cl) +void flush_queues(connection_t *cl) { cp if(cl->sq) @@ -305,7 +305,7 @@ cp */ int send_packet(ip_t to, vpn_packet_t *packet) { - conn_list_t *cl; + connection_t *cl; subnet_t *subnet; cp if((subnet = lookup_subnet_ipv4(to)) == NULL) @@ -384,6 +384,9 @@ int setup_tap_fd(void) int nfd; const char *tapfname; config_t const *cfg; +#ifdef HAVE_TUNTAP + struct ifreq ifr; +#endif cp if((cfg = get_config_val(config, config_tapdevice))) @@ -563,7 +566,7 @@ cp /* setup an outgoing meta (tcp) socket */ -int setup_outgoing_meta_socket(conn_list_t *cl) +int setup_outgoing_meta_socket(connection_t *cl) { int flags; struct sockaddr_in a; @@ -623,7 +626,7 @@ cp */ int setup_outgoing_connection(char *name) { - conn_list_t *ncn; + connection_t *ncn; struct hostent *h; config_t const *cfg; cp @@ -633,27 +636,27 @@ cp return -1; } - ncn = new_conn_list(); + ncn = new_connection(); asprintf(&ncn->name, "%s", name); if(read_host_config(ncn)) { syslog(LOG_ERR, _("Error reading host configuration file for %s")); - free_conn_list(ncn); + free_connection(ncn); return -1; } if(!(cfg = get_config_val(ncn->config, config_address))) { syslog(LOG_ERR, _("No address specified for %s")); - free_conn_list(ncn); + free_connection(ncn); return -1; } if(!(h = gethostbyname(cfg->data.ptr))) { syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr); - free_conn_list(ncn); + free_connection(ncn); return -1; } @@ -664,7 +667,7 @@ cp { syslog(LOG_ERR, _("Could not set up a meta connection to %s"), ncn->hostname); - free_conn_list(ncn); + free_connection(ncn); return -1; } @@ -673,7 +676,7 @@ cp ncn->buflen = 0; ncn->last_ping_time = time(NULL); - conn_list_add(ncn); + connection_add(ncn); send_id(ncn); cp @@ -681,7 +684,7 @@ cp } /* - Configure conn_list_t myself and set up the local sockets (listen only) + Configure connection_t myself and set up the local sockets (listen only) */ int setup_myself(void) { @@ -689,7 +692,7 @@ int setup_myself(void) config_t *next; subnet_t *net; cp - myself = new_conn_list(); + myself = new_connection(); asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */ myself->flags = 0; @@ -895,10 +898,12 @@ cp */ void close_network_connections(void) { - conn_list_t *p; + rbl_t *rbl; + connection_t *p; cp - for(p = conn_list; p != NULL; p = p->next) + RBL_FOREACH(connection_tree, rbl) { + p = (connection_t *)rbl->data; p->status.active = 0; terminate_connection(p); } @@ -907,7 +912,7 @@ cp if(myself->status.active) { close(myself->meta_socket); - free_conn_list(myself); + free_connection(myself); myself = NULL; } @@ -916,7 +921,7 @@ cp /* Execute tinc-down script right after shutting down the interface */ execute_script("tinc-down"); - destroy_conn_list(); + destroy_connection_tree(); syslog(LOG_NOTICE, _("Terminating")); cp @@ -926,7 +931,7 @@ cp /* create a data (udp) socket */ -int setup_vpn_connection(conn_list_t *cl) +int setup_vpn_connection(connection_t *cl) { int nfd, flags; struct sockaddr_in a; @@ -1002,13 +1007,13 @@ cp handle an incoming tcp connect call and open a connection to it. */ -conn_list_t *create_new_connection(int sfd) +connection_t *create_new_connection(int sfd) { - conn_list_t *p; + connection_t *p; struct sockaddr_in ci; int len = sizeof(ci); cp - p = new_conn_list(); + p = new_connection(); if(getpeername(sfd, (struct sockaddr *) &ci, (socklen_t *) &len) < 0) { @@ -1040,16 +1045,18 @@ cp */ void build_fdset(fd_set *fs) { - conn_list_t *p; + rbl_t *rbl; + connection_t *p; cp FD_ZERO(fs); - for(p = conn_list; p != NULL; p = p->next) + RBL_FOREACH(connection_tree, rbl) { + p = (connection_t *)rbl->data; if(p->status.meta) - FD_SET(p->meta_socket, fs); + FD_SET(p->meta_socket, fs); if(p->status.dataopen) - FD_SET(p->socket, fs); + FD_SET(p->socket, fs); } FD_SET(myself->meta_socket, fs); @@ -1062,7 +1069,7 @@ cp udp socket and write it to the ethertap device after being decrypted */ -int handle_incoming_vpn_data(conn_list_t *cl) +int handle_incoming_vpn_data(connection_t *cl) { vpn_packet_t pkt; int x, l = sizeof(x); @@ -1100,10 +1107,12 @@ cp terminate a connection and notify the other end before closing the sockets */ -void terminate_connection(conn_list_t *cl) +void terminate_connection(connection_t *cl) { - conn_list_t *p; + connection_t *p; subnet_t *s; + rbl_t *rbl; + cp if(cl->status.remove) return; @@ -1124,21 +1133,26 @@ cp (the connection that was dropped). */ if(cl->status.meta) - for(p = conn_list; p != NULL; p = p->next) - if((p->nexthop == cl) && (p != cl)) - terminate_connection(p); /* Sounds like recursion, but p does not have a meta connection :) */ + RBL_FOREACH(connection_tree, rbl) + { + p = (connection_t *)rbl->data; + if(p->nexthop == cl && p != cl) + terminate_connection(p); + } /* Inform others of termination if it was still active */ if(cl->status.active) - for(p = conn_list; p != NULL; p = p->next) - if(p->status.meta && p->status.active && p!=cl) - send_del_host(p, cl); + RBL_FOREACH(connection_tree, rbl) + { + p = (connection_t *)rbl->data; + if(p->status.meta && p->status.active && p!=cl) + send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */ + } /* Remove the associated subnets */ - for(s = cl->subnets; s; s = s->next) - subnet_del(s); + rbl_delete_rbltree(cl->subnet_tree); /* Check if this was our outgoing connection */ @@ -1164,35 +1178,37 @@ cp end does not reply in time, we consider them dead and close the connection. */ -int check_dead_connections(void) +void check_dead_connections(void) { - conn_list_t *p; time_t now; + rbl_t *rbl; + connection_t *cl; cp now = time(NULL); - for(p = conn_list; p != NULL; p = p->next) + + RBL_FOREACH(connection_tree, rbl) { - if(p->status.active && p->status.meta) - { - if(p->last_ping_time + timeout < now) + cl = (connection_t *)rbl->data; + if(cl->status.active && cl->status.meta) + { + if(cl->last_ping_time + timeout < now) { - if(p->status.pinged) + if(cl->status.pinged) { if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), - p->name, p->hostname); - p->status.timeout = 1; - terminate_connection(p); + cl->name, cl->hostname); + cl->status.timeout = 1; + terminate_connection(cl); } else { - send_ping(p); + send_ping(cl); } } - } + } } cp - return 0; } /* @@ -1201,7 +1217,7 @@ cp */ int handle_new_meta_connection() { - conn_list_t *ncn; + connection_t *ncn; struct sockaddr client; int nfd, len = sizeof(client); cp @@ -1219,7 +1235,7 @@ cp return 0; } - conn_list_add(ncn); + connection_add(ncn); cp return 0; } @@ -1230,12 +1246,15 @@ cp */ void check_network_activity(fd_set *f) { - conn_list_t *p; + connection_t *p; + rbl_t *rbl; cp - for(p = conn_list; p != NULL; p = p->next) + RBL_FOREACH(connection_tree, rbl) { + p = (connection_t *)rbl->data; + if(p->status.remove) - continue; + return; if(p->status.dataopen) if(FD_ISSET(p->socket, f)) @@ -1260,7 +1279,7 @@ cp return; } } - + if(FD_ISSET(myself->meta_socket, f)) handle_new_meta_connection(); cp @@ -1330,7 +1349,7 @@ cp tv.tv_sec = timeout; tv.tv_usec = 0; - prune_conn_list(); + prune_connection_tree(); build_fdset(&fset); if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) diff --git a/src/net.h b/src/net.h index e3d974ed..7c77fa29 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.21 2000/11/04 22:57:31 guus Exp $ + $Id: net.h,v 1.9.4.22 2000/11/20 19:12:13 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -107,7 +107,7 @@ extern char *unknown; extern char *request_name[256]; extern char *status_text[10]; -#include "connlist.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ +#include "connection.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ extern int str2opt(const char *); extern char *opt2str(int); @@ -115,9 +115,9 @@ extern int send_packet(ip_t, vpn_packet_t *); extern int setup_network_connections(void); extern void close_network_connections(void); extern void main_loop(void); -extern int setup_vpn_connection(conn_list_t *); -extern void terminate_connection(conn_list_t *); -extern void flush_queues(conn_list_t *); +extern int setup_vpn_connection(connection_t *); +extern void terminate_connection(connection_t *); +extern void flush_queues(connection_t *); extern void add_queue(packet_queue_t **, void *, size_t); #endif /* __TINC_NET_H__ */ diff --git a/src/process.c b/src/process.c index 5d31b8d5..6491bfc2 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.4 2000/11/17 10:03:02 guus Exp $ + $Id: process.c,v 1.1.2.5 2000/11/20 19:12:13 guus Exp $ */ #include "config.h" @@ -365,7 +365,7 @@ sigint_handler(int a) RETSIGTYPE sigusr1_handler(int a) { - dump_conn_list(); + dump_connection_list(); } RETSIGTYPE diff --git a/src/protocol.c b/src/protocol.c index dfb6ad97..75818043 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.61 2000/11/15 13:33:27 guus Exp $ + $Id: protocol.c,v 1.28.4.62 2000/11/20 19:12:13 guus Exp $ */ #include "config.h" @@ -61,7 +61,7 @@ #include "netutl.h" #include "protocol.h" #include "meta.h" -#include "connlist.h" +#include "connection.h" #include "system.h" @@ -78,7 +78,7 @@ int check_id(char *id) /* Generic request routines - takes care of logging and error detection as well */ -int send_request(conn_list_t *cl, const char *format, ...) +int send_request(connection_t *cl, const char *format, ...) { va_list args; char buffer[MAXBUFSIZE]; @@ -108,7 +108,7 @@ cp return send_meta(cl, buffer, len); } -int receive_request(conn_list_t *cl) +int receive_request(connection_t *cl) { int request; cp @@ -179,7 +179,7 @@ cp forge the key for the symmetric cipher. */ -int send_id(conn_list_t *cl) +int send_id(connection_t *cl) { cp cl->allow_request = CHALLENGE; @@ -187,9 +187,9 @@ cp return send_request(cl, "%d %s %d %lx %hd", ID, myself->name, myself->protocol_version, myself->options, myself->port); } -int id_h(conn_list_t *cl) +int id_h(connection_t *cl) { - conn_list_t *old; + connection_t *old; config_t const *cfg; cp if(sscanf(cl->buffer, "%*d %as %d %lx %hd", &cl->name, &cl->protocol_version, &cl->options, &cl->port) != 4) @@ -256,7 +256,7 @@ cp return send_challenge(cl); } -int send_challenge(conn_list_t *cl) +int send_challenge(connection_t *cl) { char *buffer; int len, x; @@ -308,7 +308,7 @@ cp return x; } -int challenge_h(conn_list_t *cl) +int challenge_h(connection_t *cl) { char *buffer; int len; @@ -362,7 +362,7 @@ cp return send_chal_reply(cl); } -int send_chal_reply(conn_list_t *cl) +int send_chal_reply(connection_t *cl) { char hash[SHA_DIGEST_LENGTH*2+1]; cp @@ -392,7 +392,7 @@ cp return send_request(cl, "%d %s", CHAL_REPLY, hash); } -int chal_reply_h(conn_list_t *cl) +int chal_reply_h(connection_t *cl) { char *hishash; char myhash[SHA_DIGEST_LENGTH]; @@ -450,7 +450,7 @@ cp return send_id(cl); } -int send_metakey(conn_list_t *cl) +int send_metakey(connection_t *cl) { char *buffer; int len, x; @@ -509,7 +509,7 @@ cp return x; } -int metakey_h(conn_list_t *cl) +int metakey_h(connection_t *cl) { char *buffer; int len; @@ -570,7 +570,7 @@ cp return send_metakey(cl); } -int send_ack(conn_list_t *cl) +int send_ack(connection_t *cl) { int x; cp @@ -585,10 +585,11 @@ cp return x; } -int ack_h(conn_list_t *cl) +int ack_h(connection_t *cl) { - conn_list_t *old, *p; - subnet_t *s; + connection_t *old, *p; + subnet_t *subnet; + rbl_t *rbl, *rbl2; cp /* Okay, before we active the connection, we check if there is another entry in the connection list with the same name. If so, it presumably is an @@ -622,33 +623,42 @@ cp /* Send him our subnets */ - for(s = myself->subnets; s; s = s->next) - send_add_subnet(cl, s); - + RBL_FOREACH(myself->subnet_tree, rbl) + { + subnet = (subnet_t *)rbl->data; + send_add_subnet(cl, subnet); + } /* And send him all the hosts and their subnets we know... */ - for(p = conn_list; p; p = p->next) - if(p != cl && p->status.active) - { - /* Notify others of this connection */ - - if(p->status.meta) - send_add_host(p, cl); + RBL_FOREACH(connection_tree, rbl) + { + p = (connection_t *)rbl->data; + + if(p != cl && p->status.active) + { + /* Notify others of this connection */ - /* Notify new connection of everything we know */ + if(p->status.meta) + send_add_host(p, cl); - send_add_host(cl, p); - - for(s = p->subnets; s; s = s->next) - send_add_subnet(cl, s); - } + /* Notify new connection of everything we know */ + + send_add_host(cl, p); + + RBL_FOREACH(p->subnet_tree, rbl2) + { + subnet = (subnet_t *)rbl2->data; + send_add_subnet(cl, subnet); + } + } + } cp return 0; } /* Address and subnet information exchange */ -int send_add_subnet(conn_list_t *cl, subnet_t *subnet) +int send_add_subnet(connection_t *cl, subnet_t *subnet) { int x; char *netstr; @@ -660,12 +670,13 @@ cp return x; } -int add_subnet_h(conn_list_t *cl) +int add_subnet_h(connection_t *cl) { char *subnetstr; char *name; - conn_list_t *owner, *p; + connection_t *owner, *p; subnet_t *subnet; + rbl_t *rbl; cp if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 2) { @@ -721,14 +732,17 @@ cp /* Tell the rest */ - for(p = conn_list; p; p = p->next) - if(p->status.meta && p->status.active && p!= cl) - send_add_subnet(p, subnet); + RBL_FOREACH(connection_tree, rbl) + { + p = (connection_t *)rbl->data; + if(p->status.meta && p->status.active && p!= cl) + send_add_subnet(p, subnet); + } cp return 0; } -int send_del_subnet(conn_list_t *cl, subnet_t *subnet) +int send_del_subnet(connection_t *cl, subnet_t *subnet) { int x; char *netstr; @@ -740,12 +754,13 @@ cp return x; } -int del_subnet_h(conn_list_t *cl) +int del_subnet_h(connection_t *cl) { char *subnetstr; char *name; - conn_list_t *owner, *p; + connection_t *owner, *p; subnet_t *subnet; + rbl_t *rbl; cp if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3) { @@ -801,29 +816,31 @@ cp /* Tell the rest */ - for(p = conn_list; p; p = p->next) - if(p->status.meta && p->status.active && p!= cl) - send_del_subnet(p, subnet); + RBL_FOREACH(connection_tree, rbl) + { + p = (connection_t *)rbl->data; + if(p->status.meta && p->status.active && p!= cl) + send_del_subnet(p, subnet); + } cp return 0; } /* New and closed connections notification */ -int send_add_host(conn_list_t *cl, conn_list_t *other) +int send_add_host(connection_t *cl, connection_t *other) { cp return send_request(cl, "%d %s %lx:%d %lx", ADD_HOST, other->name, other->address, other->port, other->options); } -int add_host_h(conn_list_t *cl) +int add_host_h(connection_t *cl) { - conn_list_t *old, *new; - conn_list_t *p; - + connection_t *old, *new, *p; + rbl_t *rbl; cp - new = new_conn_list(); + new = new_connection(); if(sscanf(cl->buffer, "%*d %as %lx:%d %lx", &new->name, &new->address, &new->port, &new->options) != 4) { @@ -836,7 +853,7 @@ cp if(check_id(new->name)) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid identity name"), cl->name, cl->hostname); - free_conn_list(new); + free_connection(new); return -1; } @@ -846,11 +863,11 @@ cp { syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->name, cl->hostname); sighup = 1; - free_conn_list(new); + free_connection(new); return 0; } - /* Fill in more of the new conn_list structure */ + /* Fill in more of the new connection structure */ new->hostname = hostlookup(htonl(new->address)); @@ -863,7 +880,7 @@ cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), old->name, old->hostname, new->name, new->hostname); - free_conn_list(new); + free_connection(new); return 0; } else @@ -876,17 +893,20 @@ cp } } - /* Hook it up into the conn_list */ + /* Hook it up into the connection */ - conn_list_add(new); + connection_add(new); /* Tell the rest about the new host */ - for(p = conn_list; p; p = p->next) - if(p->status.meta && p->status.active && p!=cl) - send_add_host(p, new); + RBL_FOREACH(connection_tree, rbl) + { + p = (connection_t *)rbl->data; + if(p->status.meta && p->status.active && p!=cl) + send_add_host(p, new); + } - /* Fill in rest of conn_list structure */ + /* Fill in rest of connection structure */ new->nexthop = cl; new->status.active = 1; @@ -902,20 +922,21 @@ cp return 0; } -int send_del_host(conn_list_t *cl, conn_list_t *other) +int send_del_host(connection_t *cl, connection_t *other) { cp return send_request(cl, "%d %s %lx:%d %lx", DEL_HOST, other->name, other->address, other->port, other->options); } -int del_host_h(conn_list_t *cl) +int del_host_h(connection_t *cl) { char *name; ip_t address; port_t port; long int options; - conn_list_t *old, *p; + connection_t *old, *p; + rbl_t *rbl; cp if(sscanf(cl->buffer, "%*d %as %lx:%d %lx", &name, &address, &port, &options) != 4) { @@ -969,16 +990,19 @@ cp /* Tell the rest about the new host */ - for(p = conn_list; p; p = p->next) - if(p->status.meta && p->status.active && p!=cl) - send_del_host(p, old); + RBL_FOREACH(connection_tree, rbl) + { + p = (connection_t *)rbl->data; + if(p->status.meta && p->status.active && p!=cl) + send_del_host(p, old); + } cp return 0; } /* Status and error notification routines */ -int send_status(conn_list_t *cl, int statusno, char *statusstring) +int send_status(connection_t *cl, int statusno, char *statusstring) { cp if(!statusstring) @@ -987,7 +1011,7 @@ cp return send_request(cl, "%d %d %s", STATUS, statusno, statusstring); } -int status_h(conn_list_t *cl) +int status_h(connection_t *cl) { int statusno; char *statusstring; @@ -1010,7 +1034,7 @@ cp return 0; } -int send_error(conn_list_t *cl, int errno, char *errstring) +int send_error(connection_t *cl, int errno, char *errstring) { cp if(!errstring) @@ -1018,7 +1042,7 @@ cp return send_request(cl, "%d %d %s", ERROR, errno, errstring); } -int error_h(conn_list_t *cl) +int error_h(connection_t *cl) { int errno; char *errorstring; @@ -1042,13 +1066,13 @@ cp return 0; } -int send_termreq(conn_list_t *cl) +int send_termreq(connection_t *cl) { cp return send_request(cl, "%d", TERMREQ); } -int termreq_h(conn_list_t *cl) +int termreq_h(connection_t *cl) { cp terminate_connection(cl); @@ -1058,7 +1082,7 @@ cp /* Keepalive routines - FIXME: needs a closer look */ -int send_ping(conn_list_t *cl) +int send_ping(connection_t *cl) { cp cl->status.pinged = 1; @@ -1067,19 +1091,19 @@ cp return send_request(cl, "%d", PING); } -int ping_h(conn_list_t *cl) +int ping_h(connection_t *cl) { cp return send_pong(cl); } -int send_pong(conn_list_t *cl) +int send_pong(connection_t *cl) { cp return send_request(cl, "%d", PONG); } -int pong_h(conn_list_t *cl) +int pong_h(connection_t *cl) { cp cl->status.pinged = 0; @@ -1089,24 +1113,25 @@ cp /* Key exchange */ -int send_key_changed(conn_list_t *from, conn_list_t *cl) +int send_key_changed(connection_t *from, connection_t *cl) { - conn_list_t *p; + connection_t *p; + rbl_t *rbl; cp - for(p = conn_list; p != NULL; p = p->next) + RBL_FOREACH(connection_tree, rbl) { - if(p!=cl && p->status.meta && p->status.active) - send_request(p, "%d %s", KEY_CHANGED, - from->name); + p = (connection_t *)rbl->data; + if(p != cl && p->status.meta && p->status.active) + send_request(p, "%d %s", KEY_CHANGED, from->name); } cp return 0; } -int key_changed_h(conn_list_t *cl) +int key_changed_h(connection_t *cl) { char *from_id; - conn_list_t *from; + connection_t *from; cp if(sscanf(cl->buffer, "%*d %as", &from_id) != 1) { @@ -1133,17 +1158,17 @@ cp return 0; } -int send_req_key(conn_list_t *from, conn_list_t *to) +int send_req_key(connection_t *from, connection_t *to) { cp return send_request(to->nexthop, "%d %s %s", REQ_KEY, from->name, to->name); } -int req_key_h(conn_list_t *cl) +int req_key_h(connection_t *cl) { char *from_id, *to_id; - conn_list_t *from, *to; + connection_t *from, *to; char pktkey[129]; cp if(sscanf(cl->buffer, "%*d %as %as", &from_id, &to_id) != 2) @@ -1194,18 +1219,18 @@ cp return 0; } -int send_ans_key(conn_list_t *from, conn_list_t *to, char *pktkey) +int send_ans_key(connection_t *from, connection_t *to, char *pktkey) { cp return send_request(to->nexthop, "%d %s %s %s", ANS_KEY, from->name, to->name, pktkey); } -int ans_key_h(conn_list_t *cl) +int ans_key_h(connection_t *cl) { char *from_id, *to_id, *pktkey; int keylength; - conn_list_t *from, *to; + connection_t *from, *to; cp if(sscanf(cl->buffer, "%*d %as %as %as", &from_id, &to_id, &pktkey) != 3) { @@ -1268,7 +1293,7 @@ cp /* Jumptable for the request handlers */ -int (*request_handlers[])(conn_list_t*) = { +int (*request_handlers[])(connection_t*) = { id_h, challenge_h, chal_reply_h, metakey_h, ack_h, status_h, error_h, termreq_h, ping_h, pong_h, diff --git a/src/protocol.h b/src/protocol.h index 82e3f903..79bda43c 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.15 2000/11/03 22:35:12 zarq Exp $ + $Id: protocol.h,v 1.5.4.16 2000/11/20 19:12:16 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -45,31 +45,31 @@ enum { LAST /* Guardian for the highest request number */ }; -extern int (*request_handlers[])(conn_list_t*); +extern int (*request_handlers[])(connection_t*); -extern int send_id(conn_list_t*); -extern int send_challenge(conn_list_t*); -extern int send_chal_reply(conn_list_t*); -extern int send_metakey(conn_list_t*); -extern int send_ack(conn_list_t*); -extern int send_status(conn_list_t*, int, char*); -extern int send_error(conn_list_t*, int, char*); -extern int send_termreq(conn_list_t*); -extern int send_ping(conn_list_t*); -extern int send_pong(conn_list_t*); -extern int send_add_host(conn_list_t*, conn_list_t*); -extern int send_del_host(conn_list_t*, conn_list_t*); -extern int send_add_subnet(conn_list_t*, subnet_t*); -extern int send_del_subnet(conn_list_t*, subnet_t*); -extern int send_key_changed(conn_list_t*, conn_list_t*); -extern int send_req_key(conn_list_t*, conn_list_t*); -extern int send_ans_key(conn_list_t*, conn_list_t*, char*); +extern int send_id(connection_t*); +extern int send_challenge(connection_t*); +extern int send_chal_reply(connection_t*); +extern int send_metakey(connection_t*); +extern int send_ack(connection_t*); +extern int send_status(connection_t*, int, char*); +extern int send_error(connection_t*, int, char*); +extern int send_termreq(connection_t*); +extern int send_ping(connection_t*); +extern int send_pong(connection_t*); +extern int send_add_host(connection_t*, connection_t*); +extern int send_del_host(connection_t*, connection_t*); +extern int send_add_subnet(connection_t*, subnet_t*); +extern int send_del_subnet(connection_t*, subnet_t*); +extern int send_key_changed(connection_t*, connection_t*); +extern int send_req_key(connection_t*, connection_t*); +extern int send_ans_key(connection_t*, connection_t*, char*); /* Old functions */ -extern int send_tcppacket(conn_list_t *, void *, int); -extern int notify_others(conn_list_t *, conn_list_t *, int (*function)(conn_list_t*, conn_list_t*)); -extern int receive_request(conn_list_t *); +extern int send_tcppacket(connection_t *, void *, int); +extern int notify_others(connection_t *, connection_t *, int (*function)(connection_t*, connection_t*)); +extern int receive_request(connection_t *); extern int check_id(char *); #endif /* __TINC_PROTOCOL_H__ */ diff --git a/src/route.c b/src/route.c index 0509b962..46206654 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.2 2000/11/04 22:57:33 guus Exp $ + $Id: route.c,v 1.1.2.3 2000/11/20 19:12:17 guus Exp $ */ #include "config.h" @@ -26,13 +26,13 @@ #include #include "net.h" -#include "connlist.h" +#include "connection.h" #include "system.h" int routing_mode = 0; /* Will be used to determine if we route by MAC or by payload's protocol */ -conn_list_t *route_packet(vpn_packet_t *packet) +connection_t *route_packet(vpn_packet_t *packet) { unsigned short type; cp @@ -64,9 +64,9 @@ cp } } -conn_list_t *route_mac(vpn_packet_t *packet) +connection_t *route_mac(vpn_packet_t *packet) { - conn_list_t *cl; + connection_t *cl; cp cl = lookup_subnet_mac((mac_t *)(&packet.data[6])); if(!cl) @@ -85,10 +85,10 @@ cp } -conn_list_t *route_ipv4(vpn_packet_t *packet) +connection_t *route_ipv4(vpn_packet_t *packet) { ipv4_t dest; - conn_list_t *cl; + connection_t *cl; cp dest = ntohl(*((unsigned long*)(&packet.data[30]); @@ -103,7 +103,7 @@ cp return cl; } -conn_list_t *route_ipv6(vpn_packet_t *packet) +connection_t *route_ipv6(vpn_packet_t *packet) { cp syslog(LOG_WARNING, _("Cannot route packet: IPv6 routing not implemented yet")); diff --git a/src/subnet.c b/src/subnet.c index 6ca3feef..b2ced415 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.11 2000/11/04 22:57:33 guus Exp $ + $Id: subnet.c,v 1.1.2.12 2000/11/20 19:12:17 guus Exp $ */ #include "config.h" @@ -27,15 +27,83 @@ #include "conf.h" #include "net.h" +#include "connection.h" #include "subnet.h" #include "system.h" #include #include +#include /* lists type of subnet */ -subnet_t *subnet_list[SUBNET_TYPES] = { NULL }; +rbltree_t _subnet_tree = { NULL }; +rbltree_t *subnet_tree = &_subnet_tree; + +/* Subnet comparison */ + +int subnet_compare_mac(subnet_t *a, subnet_t *b) +{ +cp + return memcmp(&a->net.mac.address, &b->net.mac.address, sizeof(mac_t)); +} + +int subnet_compare_ipv4(subnet_t *a, subnet_t *b) +{ +cp + /* If the subnet of a falls within the range of subnet b, + then we consider a smaller then b. + Otherwise, the addresses alone (and not the subnet masks) will be compared. + */ + + if(a->net.ipv4.mask > b->net.ipv4.mask) + if((a->net.ipv4.address & b->net.ipv4.mask) == b->net.ipv4.address) + return -1; + + return a->net.ipv4.address - b->net.ipv4.address; +} + +int subnet_compare_ipv6(subnet_t *a, subnet_t *b) +{ +cp + /* Same as ipv4 case, but with nasty 128 bit addresses */ + + if(memcmp(&a->net.ipv6.mask, &b->net.ipv6.mask, sizeof(ipv6_t)) > 0) + if((a->net.ipv6.address.x[0] & b->net.ipv6.mask.x[0]) == b->net.ipv6.address.x[0] && + (a->net.ipv6.address.x[1] & b->net.ipv6.mask.x[1]) == b->net.ipv6.address.x[1] && + (a->net.ipv6.address.x[2] & b->net.ipv6.mask.x[2]) == b->net.ipv6.address.x[2] && + (a->net.ipv6.address.x[3] & b->net.ipv6.mask.x[3]) == b->net.ipv6.address.x[3] && + (a->net.ipv6.address.x[4] & b->net.ipv6.mask.x[4]) == b->net.ipv6.address.x[4] && + (a->net.ipv6.address.x[5] & b->net.ipv6.mask.x[5]) == b->net.ipv6.address.x[5] && + (a->net.ipv6.address.x[6] & b->net.ipv6.mask.x[6]) == b->net.ipv6.address.x[6] && + (a->net.ipv6.address.x[7] & b->net.ipv6.mask.x[7]) == b->net.ipv6.address.x[7]) + return -1; + + return memcmp(&a->net.ipv6.address, &b->net.ipv6.address, sizeof(ipv6_t)); +} + +int subnet_compare(subnet_t *a, subnet_t *b) +{ + int x; +cp + x = a->type - b->type; + if(x) + return x; + + switch(a->type) + { + case SUBNET_MAC: + return subnet_compare_mac(a, b); + case SUBNET_IPV4: + return subnet_compare_ipv4(a, b); + case SUBNET_IPV6: + return subnet_compare_ipv6(a, b); + default: + syslog(LOG_ERR, _("subnet_compare() was called with unknown subnet type %d, restarting!"), a->type); + sighup = 1; + return 0; + } +} /* Allocating and freeing space for subnets */ @@ -53,87 +121,19 @@ cp /* Linked list management */ -void subnet_add(conn_list_t *cl, subnet_t *subnet) +void subnet_add(connection_t *cl, subnet_t *subnet) { - subnet_t *p = NULL; - subnet_t *q = NULL; cp - subnet->owner = cl; - - /* Link it into the owners list of subnets (unsorted) */ - - subnet->next = cl->subnets; - subnet->prev = NULL; - if(subnet->next) - subnet->next->prev = subnet; - cl->subnets = subnet; - - /* And now add it to the global subnet list (sorted) */ - - /* Sort on size of subnet mask (IPv4 only at the moment!) - - Three cases: subnet_list[] = NULL -> just add this subnet - insert before first -> add it in front of list - rest: insert after another subnet - */ -cp - if(subnet_list[subnet->type]) - { - p = q = subnet_list[subnet->type]; - - for(; p; p = p->global_next) - { - if(subnet->net.ipv4.mask >= p->net.ipv4.mask) - break; - - q = p; - } - } -cp - if(p == subnet_list[subnet->type]) /* First two cases */ - { - /* Insert in front */ - subnet->global_next = subnet_list[subnet->type]; - subnet->global_prev = NULL; - subnet_list[subnet->type] = subnet; - } - else /* Third case */ - { - /* Insert after q */ - subnet->global_next = q->global_next; - subnet->global_prev = q; - q->global_next = subnet; - } -cp - if(subnet->global_next) - subnet->global_next->global_prev = subnet; + rbl_insert(subnet_tree, subnet); + rbl_insert(cl->subnet_tree, subnet); cp } void subnet_del(subnet_t *subnet) { cp - /* Remove it from owner's list */ - - if(subnet->prev) - subnet->prev->next = subnet->next; - else - subnet->owner->subnets = subnet->next; - - if(subnet->next) - subnet->next->prev = subnet->prev; - - /* Remove it from the global list */ - - if(subnet->global_prev) - subnet->global_prev->global_next = subnet->global_next; - else - subnet_list[subnet->type] = subnet->global_next; - - if(subnet->global_next) - subnet->global_next->global_prev = subnet->global_prev; - - free_subnet(subnet); + free_rbl(rbl_unlink(subnet->owner->subnet_tree, subnet)); + rbl_delete(subnet_tree, subnet); cp } @@ -250,61 +250,47 @@ cp subnet_t *lookup_subnet_mac(mac_t address) { - subnet_t *subnet; + subnet_t subnet; cp - for(subnet = subnet_list[SUBNET_MAC]; subnet != NULL; subnet = subnet->global_next) - { - if(memcmp(&address, &subnet->net.mac.address, sizeof(address)) == 0) - break; - } -cp - return subnet; + subnet.type = SUBNET_MAC; + subnet.net.mac.address = address; + return (subnet_t *)rbl_search_closest(subnet_tree, &subnet); } subnet_t *lookup_subnet_ipv4(ipv4_t address) { - subnet_t *subnet; + subnet_t subnet; cp - for(subnet = subnet_list[SUBNET_IPV4]; subnet != NULL; subnet = subnet->global_next) - { - if((address & subnet->net.ipv4.mask) == subnet->net.ipv4.address) - break; - } -cp - return subnet; + subnet.type = SUBNET_IPV4; + subnet.net.ipv4.address = address; + subnet.net.ipv4.mask = 0xFFFFFFFF; + return (subnet_t *)rbl_search_closest(subnet_tree, &subnet); } subnet_t *lookup_subnet_ipv6(ipv6_t address) { - subnet_t *subnet; - int i; + subnet_t subnet; cp - for(subnet = subnet_list[SUBNET_IPV6]; subnet != NULL; subnet = subnet->global_next) - { - for(i=0; i<8; i++) - if((address.x[i] & subnet->net.ipv6.mask.x[i]) != subnet->net.ipv6.address.x[i]) - break; - if(i == 8) - break; - } -cp - return subnet; + subnet.type = SUBNET_IPV6; + subnet.net.ipv6.address = address; + memset(&subnet.net.ipv6.mask, 0xFF, 16); + return (subnet_t *)rbl_search_closest(subnet_tree, &subnet); } void dump_subnet_list(void) { - subnet_t *subnet; char *netstr; + subnet_t *subnet; + rbl_t *rbl; cp syslog(LOG_DEBUG, _("Subnet list:")); - - for(subnet = subnet_list[SUBNET_IPV4]; subnet != NULL; subnet = subnet->global_next) + RBL_FOREACH(subnet_tree, rbl) { + subnet = (subnet_t *)rbl->data; netstr = net2str(subnet); syslog(LOG_DEBUG, " %s owner %s", netstr, subnet->owner->name); free(netstr); } - syslog(LOG_DEBUG, _("End of subnet list.")); cp } diff --git a/src/subnet.h b/src/subnet.h index 994c541c..b409fd46 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.5 2000/10/28 21:05:20 guus Exp $ + $Id: subnet.h,v 1.1.2.6 2000/11/20 19:12:17 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -51,8 +51,8 @@ typedef struct subnet_ipv6_t } subnet_ipv6_t; typedef struct subnet_t { - struct conn_list_t *owner; /* the owner of this subnet */ - struct conn_list_t *uplink; /* the uplink which we should send packets to for this subnet */ + struct connection_t *owner; /* the owner of this subnet */ + struct connection_t *uplink; /* the uplink which we should send packets to for this subnet */ struct subnet_t *prev; /* previous subnet_t for this owner */ struct subnet_t *next; /* next subnet_t for this owner */ @@ -73,11 +73,11 @@ typedef struct subnet_t { } subnet_t; -#include "connlist.h" +#include "connection.h" extern subnet_t *new_subnet(void); extern void free_subnet(subnet_t *); -extern void subnet_add(struct conn_list_t *, subnet_t *); +extern void subnet_add(struct connection_t *, subnet_t *); extern void subnet_del(subnet_t *); extern char *net2str(subnet_t *); extern subnet_t *str2net(char *); From 1857b3c97c261dda9978a67d07b315bb3ca68841 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 20 Nov 2000 19:41:13 +0000 Subject: [PATCH 229/923] - Proper initialization of rbltree structures. --- src/connection.c | 5 ++++- src/net.c | 5 ++++- src/subnet.c | 14 ++++++++++---- src/subnet.h | 4 +++- 4 files changed, 21 insertions(+), 7 deletions(-) diff --git a/src/connection.c b/src/connection.c index dee0472a..46d82d2c 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.1 2000/11/20 19:12:11 guus Exp $ + $Id: connection.c,v 1.1.2.2 2000/11/20 19:41:10 guus Exp $ */ #include "config.h" @@ -32,6 +32,7 @@ #include "config.h" #include "conf.h" #include +#include "subnet.h" #include "xalloc.h" #include "system.h" @@ -61,6 +62,8 @@ connection_t *new_connection(void) cp /* initialise all those stupid pointers at once */ memset(p, '\0', sizeof(*p)); + + p->subnet_tree = new_rbltree((rbl_compare_t)subnet_compare, NULL); cp return p; } diff --git a/src/net.c b/src/net.c index adad4105..86223b94 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.77 2000/11/20 19:12:12 guus Exp $ + $Id: net.c,v 1.35.4.78 2000/11/20 19:41:10 guus Exp $ */ #include "config.h" @@ -852,6 +852,9 @@ int setup_network_connections(void) { config_t const *cfg; cp + init_connections(); + init_subnets(); + if((cfg = get_config_val(config, config_pingtimeout)) == NULL) timeout = 60; else diff --git a/src/subnet.c b/src/subnet.c index b2ced415..fcbc45af 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.12 2000/11/20 19:12:17 guus Exp $ + $Id: subnet.c,v 1.1.2.13 2000/11/20 19:41:13 guus Exp $ */ #include "config.h" @@ -37,8 +37,14 @@ /* lists type of subnet */ -rbltree_t _subnet_tree = { NULL }; -rbltree_t *subnet_tree = &_subnet_tree; +rbltree_t *subnet_tree; + +void init_subnets(void) +{ +cp + subnet_tree = new_rbltree((rbl_compare_t)subnet_compare, (rbl_action_t)free_subnet); +cp +} /* Subnet comparison */ @@ -132,7 +138,7 @@ cp void subnet_del(subnet_t *subnet) { cp - free_rbl(rbl_unlink(subnet->owner->subnet_tree, subnet)); + rbl_delete(subnet->owner->subnet_tree, subnet); rbl_delete(subnet_tree, subnet); cp } diff --git a/src/subnet.h b/src/subnet.h index b409fd46..1aab681a 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.6 2000/11/20 19:12:17 guus Exp $ + $Id: subnet.h,v 1.1.2.7 2000/11/20 19:41:13 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -77,10 +77,12 @@ typedef struct subnet_t { extern subnet_t *new_subnet(void); extern void free_subnet(subnet_t *); +extern void init_subnets(void); extern void subnet_add(struct connection_t *, subnet_t *); extern void subnet_del(subnet_t *); extern char *net2str(subnet_t *); extern subnet_t *str2net(char *); +extern int subnet_compare(subnet_t *, subnet_t *); extern subnet_t *lookup_subnet_mac(mac_t); extern subnet_t *lookup_subnet_ipv4(ipv4_t); extern subnet_t *lookup_subnet_ipv6(ipv6_t); From 06afd357b0cf4aab778b1ccabbd1be61a9500d10 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Mon, 20 Nov 2000 19:56:01 +0000 Subject: [PATCH 230/923] Get rid of all libtool references at once. libtool was only used by libblowfish, which was superseded by openssl. --- configure.in | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 6af75ce7..d4b61e6d 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.19 2000/11/20 18:05:34 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.20 2000/11/20 19:56:01 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs) @@ -25,7 +25,6 @@ AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_MAKE_SET jm_PERL -AM_PROG_LIBTOOL AC_ISC_POSIX From 3a6200c1e39b61b249db3d1f9bcffa77351863bd Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 20 Nov 2000 22:13:14 +0000 Subject: [PATCH 231/923] - Various small fixes. --- lib/list.c | 5 +++-- src/connection.c | 10 +++++++--- src/connection.h | 4 ++-- src/net.c | 10 +++++++--- src/process.c | 40 +++++++++++++++++++++++++--------------- src/process.h | 3 ++- src/subnet.c | 3 ++- src/tincd.c | 4 +++- 8 files changed, 51 insertions(+), 28 deletions(-) diff --git a/lib/list.c b/lib/list.c index a09cbead..6ade9e8a 100644 --- a/lib/list.c +++ b/lib/list.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.2 2000/11/16 22:13:08 zarq Exp $ + $Id: list.c,v 1.1.2.3 2000/11/20 22:13:00 guus Exp $ */ #include "config.h" @@ -143,6 +143,7 @@ void list_append(list_t *list, void *data) n = xmalloc_and_zero(sizeof(list_node_t)); n->data = data; n->prev = list->tail; - list->tail->next = n; + if(list->tail) + list->tail->next = n; list->tail = n; } diff --git a/src/connection.c b/src/connection.c index 46d82d2c..772b3c37 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.2 2000/11/20 19:41:10 guus Exp $ + $Id: connection.c,v 1.1.2.3 2000/11/20 22:13:03 guus Exp $ */ #include "config.h" @@ -138,10 +138,14 @@ cp connection_t *lookup_id(char *name) { - connection_t cl; + connection_t cl, *p; cp cl.name = name; - return rbl_search(connection_tree, &cl); + p = rbl_search(connection_tree, &cl); + if(p && p->status.active) + return p; + else + return NULL; cp } diff --git a/src/connection.h b/src/connection.h index 05972997..60398941 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.1 2000/11/20 19:12:11 guus Exp $ + $Id: connection.h,v 1.1.2.2 2000/11/20 22:13:03 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -116,7 +116,7 @@ extern void connection_del(connection_t *); extern connection_t *lookup_id(char *); extern void dump_connection_list(void); extern int read_host_config(connection_t *); -extern void destroy_connection(void); +extern void destroy_connection_tree(void); extern void prune_connection_tree(void); #endif /* __TINC_CONNECTION_H__ */ diff --git a/src/net.c b/src/net.c index 86223b94..f1593b6e 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.78 2000/11/20 19:41:10 guus Exp $ + $Id: net.c,v 1.35.4.79 2000/11/20 22:13:03 guus Exp $ */ #include "config.h" @@ -1113,7 +1113,7 @@ cp void terminate_connection(connection_t *cl) { connection_t *p; - subnet_t *s; + subnet_t *subnet; rbl_t *rbl; cp @@ -1155,7 +1155,11 @@ cp /* Remove the associated subnets */ - rbl_delete_rbltree(cl->subnet_tree); + RBL_FOREACH(cl->subnet_tree, rbl) + { + subnet = (subnet_t *)rbl->data; + subnet_del(subnet); + } /* Check if this was our outgoing connection */ diff --git a/src/process.c b/src/process.c index 6491bfc2..ca992dc3 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.5 2000/11/20 19:12:13 guus Exp $ + $Id: process.c,v 1.1.2.6 2000/11/20 22:13:12 guus Exp $ */ #include "config.h" @@ -44,7 +44,7 @@ #include "system.h" /* A list containing all our children */ -list_t *child_pids; +list_t *child_pids = NULL; /* If zero, don't detach from the terminal. */ int do_detach = 1; @@ -55,6 +55,13 @@ extern char *identname; extern char *pidfilename; extern char **g_argv; +void init_processes(void) +{ +cp + child_pids = list_new(); +cp +} + void memory_full(int size) { syslog(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exiting."), size); @@ -67,6 +74,7 @@ void memory_full(int size) */ void cleanup_and_exit(int c) { +cp close_network_connections(); if(debug_lvl > DEBUG_NOTHING) @@ -84,7 +92,7 @@ void cleanup_and_exit(int c) int write_pidfile(void) { int pid; - +cp if((pid = check_pid(pidfilename))) { if(netname) @@ -98,7 +106,7 @@ int write_pidfile(void) /* if it's locked, write-protected, or whatever */ if(!write_pid(pidfilename)) return 1; - +cp return 0; } @@ -108,7 +116,7 @@ int write_pidfile(void) int kill_other(void) { int pid; - +cp if(!(pid = read_pid(pidfilename))) { if(netname) @@ -123,7 +131,7 @@ int kill_other(void) if(kill(pid, SIGTERM) && errno == ESRCH) fprintf(stderr, _("Removing stale lock file.\n")); remove_pid(pidfilename); - +cp return 0; } @@ -134,7 +142,7 @@ int detach(void) { int fd; pid_t pid; - +cp setup_signals(); if(write_pidfile()) @@ -152,7 +160,7 @@ int detach(void) syslog(LOG_NOTICE, _("tincd %s starting"), VERSION); xalloc_fail_func = memory_full; - +cp return 0; } @@ -166,7 +174,7 @@ void _execute_script(const char *name) int error = 0; char *scriptname; char *s; - +cp if(netname) { asprintf(&s, "NETNAME=%s", netname); @@ -237,20 +245,22 @@ void _execute_script(const char *name) int execute_script(const char *name) { pid_t pid; - +cp if((pid = fork()) < 0) { syslog(LOG_ERR, _("System call `%s' failed: %m"), "fork"); return -1; } - +cp if(pid) { - list_append(child_pids, (void*)(int)pid); + syslog(LOG_DEBUG, "%p, %d (%p)", child_pids, pid, &pid); + list_append(child_pids, &pid); +cp return 0; } - +cp /* Child here */ _execute_script(name); } @@ -264,7 +274,7 @@ int check_child(void *data) { pid_t pid; int status; - +cp pid = (pid_t) data; pid = waitpid(pid, &status, WNOHANG); if(WIFEXITED(status)) @@ -282,7 +292,7 @@ int check_child(void *data) } return -1; } - +cp /* Child is still running */ return 0; } diff --git a/src/process.h b/src/process.h index 4f501b2f..ce357614 100644 --- a/src/process.h +++ b/src/process.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.2 2000/11/16 22:12:23 zarq Exp $ + $Id: process.h,v 1.1.2.3 2000/11/20 22:13:13 guus Exp $ */ #ifndef __TINC_PROCESS_H__ @@ -29,6 +29,7 @@ extern list_t *child_pids; extern RETSIGTYPE parent_exit(int a); +extern void init_processes(void); extern void setup_signals(void); extern int execute_script(const char *); extern void check_children(void); diff --git a/src/subnet.c b/src/subnet.c index fcbc45af..8e506462 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.13 2000/11/20 19:41:13 guus Exp $ + $Id: subnet.c,v 1.1.2.14 2000/11/20 22:13:13 guus Exp $ */ #include "config.h" @@ -130,6 +130,7 @@ cp void subnet_add(connection_t *cl, subnet_t *subnet) { cp + subnet->owner = cl; rbl_insert(subnet_tree, subnet); rbl_insert(cl->subnet_tree, subnet); cp diff --git a/src/tincd.c b/src/tincd.c index 224a9f91..7118d1f3 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.31 2000/11/20 18:06:17 zarq Exp $ + $Id: tincd.c,v 1.10.4.32 2000/11/20 22:13:14 guus Exp $ */ #include "config.h" @@ -321,6 +321,8 @@ main(int argc, char **argv, char **envp) if(read_server_config()) return 1; + init_processes(); + if(detach()) exit(0); From da9a1e8084a9b73306bdbc541ee8af938c3e7754 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 20 Nov 2000 23:29:47 +0000 Subject: [PATCH 232/923] - More fixes. --- src/net.c | 4 +--- src/process.c | 6 ++---- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/src/net.c b/src/net.c index f1593b6e..c16a261b 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.79 2000/11/20 22:13:03 guus Exp $ + $Id: net.c,v 1.35.4.80 2000/11/20 23:29:46 guus Exp $ */ #include "config.h" @@ -1115,7 +1115,6 @@ void terminate_connection(connection_t *cl) connection_t *p; subnet_t *subnet; rbl_t *rbl; - cp if(cl->status.remove) return; @@ -1131,7 +1130,6 @@ cp if(cl->status.meta) close(cl->meta_socket); -cp /* Find all connections that were lost because they were behind cl (the connection that was dropped). */ diff --git a/src/process.c b/src/process.c index ca992dc3..eb066abc 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.6 2000/11/20 22:13:12 guus Exp $ + $Id: process.c,v 1.1.2.7 2000/11/20 23:29:47 guus Exp $ */ #include "config.h" @@ -252,12 +252,10 @@ cp "fork"); return -1; } -cp + if(pid) { - syslog(LOG_DEBUG, "%p, %d (%p)", child_pids, pid, &pid); list_append(child_pids, &pid); -cp return 0; } cp From 9e9e1925b901dff87518f0e1534a33e48eab8303 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 21 Nov 2000 09:13:59 +0000 Subject: [PATCH 233/923] - Check for NULL tree->delete callback - Add xstrdup() function --- lib/rbl.c | 10 ++++++++-- lib/xalloc.h | 2 ++ lib/xmalloc.c | 13 +++++++++++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/lib/rbl.c b/lib/rbl.c index 3b97da66..c5114ef5 100644 --- a/lib/rbl.c +++ b/lib/rbl.c @@ -17,13 +17,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.c,v 1.1.2.8 2000/11/20 19:12:10 guus Exp $ + $Id: rbl.c,v 1.1.2.9 2000/11/21 09:13:59 guus Exp $ */ +#include "config.h" + #include #include #include "rbl.h" +#include /* Allocate a new rbl node */ rbl_t *new_rbl() @@ -34,6 +37,8 @@ rbl_t *new_rbl() /* Free a rbl node */ void free_rbl(rbl_t *rbl) { + if(rbl->data && rbl->tree->delete) + rbl->tree->delete(rbl->data); free(rbl); } @@ -507,7 +512,8 @@ void rbl_delete_rbltree(rbltree_t *tree) for(rbl = tree->head; rbl; rbl = next) { next = rbl->next; - tree->delete(rbl->data); + if(tree->delete) + tree->delete(rbl->data); } tree->top = NULL; diff --git a/lib/xalloc.h b/lib/xalloc.h index 84b6cacf..3579efce 100644 --- a/lib/xalloc.h +++ b/lib/xalloc.h @@ -22,3 +22,5 @@ void *xmalloc PARAMS ((size_t n)); void *xmalloc_and_zero PARAMS ((size_t n)); void *xcalloc PARAMS ((size_t n, size_t s)); void *xrealloc PARAMS ((void *p, size_t n)); + +char *xstrdup PARAMS ((char *s)); diff --git a/lib/xmalloc.c b/lib/xmalloc.c index 037fab87..e86fb070 100644 --- a/lib/xmalloc.c +++ b/lib/xmalloc.c @@ -21,6 +21,7 @@ #include #include +#include #if STDC_HEADERS # include @@ -124,6 +125,18 @@ xrealloc (p, n) return p; } +/* Duplicate a string */ + +char *xstrdup(char *s) +{ + char *p; + + p = strdup(s); + if(!p) + xalloc_fail ((int)strlen(s)); + return p; +} + #ifdef NOT_USED /* Allocate memory for N elements of S bytes, with error checking. */ From 2ed68134047a19e708c2a2af32c58968835a7043 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 22 Nov 2000 16:19:07 +0000 Subject: [PATCH 234/923] Honor the --localstatedir option to configure, instead of hardcoded /var. --- src/Makefile.am | 6 +++--- src/tincd.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index bb83f799..185e5a06 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.9 2000/11/20 19:12:11 guus Exp $ +# $Id: Makefile.am,v 1.4.4.10 2000/11/22 16:19:06 zarq Exp $ sbin_PROGRAMS = tincd @@ -18,5 +18,5 @@ tincd_LDADD = \ localedir = $(datadir)/locale -CFLAGS = @CFLAGS@ -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"@sysconfdir@\" \ - -DLOCALEDIR=\"$(localedir)\" +CFLAGS = @CFLAGS@ -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"$(sysconfdir)\" \ + -DLOCALEDIR=\"$(localedir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" diff --git a/src/tincd.c b/src/tincd.c index 7118d1f3..d2ce14d0 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.32 2000/11/20 22:13:14 guus Exp $ + $Id: tincd.c,v 1.10.4.33 2000/11/22 16:19:07 zarq Exp $ */ #include "config.h" @@ -248,7 +248,7 @@ void make_names(void) if(netname) { if(!pidfilename) - asprintf(&pidfilename, "/var/run/tinc.%s.pid", netname); + asprintf(&pidfilename, LOCALSTATEDIR "/run/tinc.%s.pid", netname); if(!confbase) asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); else @@ -259,7 +259,7 @@ void make_names(void) else { if(!pidfilename) - pidfilename = "/var/run/tinc.pid"; + pidfilename = LOCALSTATEDIR "/run/tinc.pid"; if(!confbase) asprintf(&confbase, "%s/tinc", CONFDIR); if(!identname) From e42255ae1374fe65e92de72de4508a84bdb91fa1 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 22 Nov 2000 17:48:15 +0000 Subject: [PATCH 235/923] Add more checks to ensure that filedescriptors are right in _execute_script(). --- src/process.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/process.c b/src/process.c index eb066abc..c4a76ab5 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.7 2000/11/20 23:29:47 guus Exp $ + $Id: process.c,v 1.1.2.8 2000/11/22 17:48:15 zarq Exp $ */ #include "config.h" @@ -207,14 +207,20 @@ cp fcloseall(); /* Open standard input */ - if(open("/dev/null", O_RDONLY) < 0) + if((fd = open("/dev/null", O_RDONLY)) < 0) { syslog(LOG_ERR, _("Opening `/dev/null' failed: %m")); error = 1; } + if(dup2(fd, 0) != 0) + { + syslog(LOG_ERR, _("Couldn't assign /dev/null to standard input: %m")); + error = 1; + } if(!error) { + close(1); /* fd #1 should be the first available filedescriptor now. */ /* Standard output directly goes to syslog */ openlog(name, LOG_CONS | LOG_PID, LOG_DAEMON); /* Standard error as well */ From 785684f0ec5c9250788b4b32c0eab3f358c9db61 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 22 Nov 2000 17:49:16 +0000 Subject: [PATCH 236/923] Declare fd. --- src/process.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/process.c b/src/process.c index c4a76ab5..264b21dc 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.8 2000/11/22 17:48:15 zarq Exp $ + $Id: process.c,v 1.1.2.9 2000/11/22 17:49:16 zarq Exp $ */ #include "config.h" @@ -174,6 +174,8 @@ void _execute_script(const char *name) int error = 0; char *scriptname; char *s; + int fd; + cp if(netname) { From f8b4a000d008082e5c7e511a49318b8dea8fd08d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 22 Nov 2000 18:54:08 +0000 Subject: [PATCH 237/923] - Cleaned up and checked for some more NULL pointers in rbl.c - Two connection lists: one for incoming connections, sorted on ip/port, one for connections whose identity we know, sorted on id ofcourse... --- lib/rbl.c | 64 ++++++++++++++++++++++-------------------------- src/connection.c | 37 +++++++++++++++++++++++++--- src/netutl.c | 6 +++-- src/protocol.c | 26 +++++++++++++++++--- 4 files changed, 89 insertions(+), 44 deletions(-) diff --git a/lib/rbl.c b/lib/rbl.c index c5114ef5..ab35aee6 100644 --- a/lib/rbl.c +++ b/lib/rbl.c @@ -17,13 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.c,v 1.1.2.9 2000/11/21 09:13:59 guus Exp $ + $Id: rbl.c,v 1.1.2.10 2000/11/22 18:54:07 guus Exp $ */ #include "config.h" #include #include +#include #include "rbl.h" #include @@ -68,7 +69,7 @@ rbl_t *rbl_search_closest_rbl(rbltree_t *tree, void *data) { rbl_t *rbl, *next; int result; - + next = rbl = tree->top; while(next) @@ -90,31 +91,36 @@ rbl_t *rbl_search_closest_rbl(rbltree_t *tree, void *data) void *rbl_search_closest(rbltree_t *tree, void *data) { - return rbl_search_closest_rbl(tree, data)->data; + rbl_t *rbl; + + rbl = rbl_search_closest_rbl(tree, data); + + if(rbl) + return rbl->data; + else + return NULL; } /* Search exact match or return NULL pointer */ rbl_t *rbl_search_rbl(rbltree_t *tree, void *data) { - rbl_t *rbl, *next; + rbl_t *rbl; int result; + + rbl = tree->top; - next = rbl = tree->top; - - while(next) + while(rbl) { - rbl = next; - result = tree->compare(data, rbl->data); if(result < 0) - next = rbl->left; + rbl = rbl->left; else if(result > 0) - next = rbl->right; + rbl = rbl->right; else return rbl; } - + return NULL; } @@ -437,7 +443,7 @@ rbl_t *rbl_unlink_rbl(rbl_t *rbl) if(y->color == RBL_BLACK && x) rbl_delete_fixup(x); - + return rbl; } @@ -449,38 +455,27 @@ rbl_t *rbl_unlink(rbltree_t *tree, void *data) rbl = rbl_search_rbl(tree, data); if(rbl) - return rbl_unlink_rbl(rbl); - else - return NULL; + rbl_unlink_rbl(rbl); + + return rbl; } /* Unlink node and free it */ void rbl_delete_rbl(rbl_t *rbl) { - free_rbl(rbl_unlink_rbl(rbl)); + rbl_unlink_rbl(rbl); + free_rbl(rbl); } /* Search node in tree, unlink and free it */ void rbl_delete(rbltree_t *tree, void *data) { - free_rbl(rbl_unlink(tree, data)); -} + rbl_t *rbl; -rbl_unlink_rbltree_branch(rbl_t *rbl) -{ - if(rbl->left) - rbl_unlink_rbltree_branch(rbl->left); + rbl = rbl_unlink(tree, data); - if(rbl->right) - rbl_unlink_rbltree_branch(rbl->right); - - if(rbl->parent) - { - if(rbl == rbl->parent->left) - rbl->parent->left = NULL; - else - rbl->parent->right = NULL; - } + if(rbl) + free_rbl(rbl); } /* Optimized unlinking for a complete tree */ @@ -512,8 +507,7 @@ void rbl_delete_rbltree(rbltree_t *tree) for(rbl = tree->head; rbl; rbl = next) { next = rbl->next; - if(tree->delete) - tree->delete(rbl->data); + free_rbl(rbl); } tree->top = NULL; diff --git a/src/connection.c b/src/connection.c index 772b3c37..61657a3b 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.3 2000/11/20 22:13:03 guus Exp $ + $Id: connection.c,v 1.1.2.4 2000/11/22 18:54:07 guus Exp $ */ #include "config.h" @@ -40,11 +40,23 @@ /* Root of the connection list */ rbltree_t *connection_tree; +rbltree_t *id_tree; + connection_t *myself = NULL; /* Initialization and callbacks */ int connection_compare(connection_t *a, connection_t *b) +{ + ipv4_t result; + result = a->address - b->address; + if(result) + return result; + else + return a->port - b->port; +} + +int id_compare(connection_t *a, connection_t *b) { return strcmp(a->name, b->name); } @@ -52,6 +64,7 @@ int connection_compare(connection_t *a, connection_t *b) void init_connections(void) { connection_tree = new_rbltree((rbl_compare_t)connection_compare, (rbl_action_t)free_connection); + id_tree = new_rbltree((rbl_compare_t)id_compare, NULL); } /* Creation and deletion of connection elements */ @@ -114,6 +127,7 @@ cp void destroy_connection_tree(void) { cp + rbl_delete_rbltree(id_tree); rbl_delete_rbltree(connection_tree); cp } @@ -127,26 +141,43 @@ cp cp } +void id_add(connection_t *cl) +{ +cp + rbl_insert(id_tree, cl); +cp +} + void connection_del(connection_t *cl) { cp + rbl_delete(id_tree, cl); rbl_delete(connection_tree, cl); cp } /* Lookup functions */ +connection_t *lookup_connection(ipv4_t address, short unsigned int port) +{ + connection_t cl, *p; +cp + cl.address = address; + cl.port = port; + + return rbl_search(connection_tree, &cl); +} + connection_t *lookup_id(char *name) { connection_t cl, *p; cp cl.name = name; - p = rbl_search(connection_tree, &cl); + p = rbl_search(id_tree, &cl); if(p && p->status.active) return p; else return NULL; -cp } /* Debugging */ diff --git a/src/netutl.c b/src/netutl.c index d92d3ee5..7e02ad0d 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.15 2000/11/04 22:57:31 guus Exp $ + $Id: netutl.c,v 1.12.4.16 2000/11/22 18:54:08 guus Exp $ */ #include "config.h" @@ -111,7 +111,9 @@ cp if(!(h = gethostbyname(p))) { - fprintf(stderr, _("Error looking up `%s': %s\n"), p, strerror(errno)); + if(debug_lvl >= DEBUG_ERROR) + syslog(LOG_WARNING, _("Error looking up `%s': %s\n"), p, strerror(errno)); + return NULL; } diff --git a/src/protocol.c b/src/protocol.c index 75818043..69a6918f 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.62 2000/11/20 19:12:13 guus Exp $ + $Id: protocol.c,v 1.28.4.63 2000/11/22 18:54:08 guus Exp $ */ #include "config.h" @@ -216,7 +216,7 @@ cp } /* Load information about peer */ -cp + if(read_host_config(cl)) { syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), cl->hostname, cl->name); @@ -227,7 +227,7 @@ cp connection list. If so, we are probably making a loop, which is not desirable. */ -cp + if(cl->status.outgoing) { if((old = lookup_id(cl->name))) @@ -240,7 +240,13 @@ cp return 0; } } -cp + + /* Now we can add the name to the id tree */ + + id_add(cl); + + /* Read in the public key, so that we can send a challenge */ + if((cfg = get_config_val(cl->config, config_publickey))) { cl->rsa_key = RSA_new(); @@ -722,6 +728,17 @@ cp { syslog(LOG_ERR, _("Got ADD_SUBNET for %s from %s (%s) which is not in our connection list"), name, cl->name, cl->hostname); + cp_trace(); + dump_connection_list(); + { + connection_t cl; + rbl_t *rbl; + cl.name = name; + rbl = rbl_search_rbl(connection_tree, &cl); + syslog(LOG_ERR, "rbl_search_rbl: %p", rbl); + if(rbl) + syslog(LOG_ERR, "rbl->data->name: %s", ((connection_t *)rbl->data)->name); + } free(name); return -1; } @@ -896,6 +913,7 @@ cp /* Hook it up into the connection */ connection_add(new); + id_add(new); /* Tell the rest about the new host */ From 394ed3fb174bb629bfb4b441fe58842562f955de Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 22 Nov 2000 19:14:09 +0000 Subject: [PATCH 238/923] - Write pidfile AFTER detaching... - Minor cleanups --- lib/rbl.c | 3 +-- src/process.c | 8 ++++---- src/tincd.c | 7 +------ 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/lib/rbl.c b/lib/rbl.c index ab35aee6..1a405350 100644 --- a/lib/rbl.c +++ b/lib/rbl.c @@ -17,14 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.c,v 1.1.2.10 2000/11/22 18:54:07 guus Exp $ + $Id: rbl.c,v 1.1.2.11 2000/11/22 19:14:08 guus Exp $ */ #include "config.h" #include #include -#include #include "rbl.h" #include diff --git a/src/process.c b/src/process.c index 264b21dc..29e49fa4 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.9 2000/11/22 17:49:16 zarq Exp $ + $Id: process.c,v 1.1.2.10 2000/11/22 19:14:08 guus Exp $ */ #include "config.h" @@ -145,12 +145,12 @@ int detach(void) cp setup_signals(); - if(write_pidfile()) - return -1; - if(do_detach) daemon(0, 0); + if(write_pidfile()) + return -1; + openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); if(debug_lvl > DEBUG_NOTHING) diff --git a/src/tincd.c b/src/tincd.c index d2ce14d0..18791cc8 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.33 2000/11/22 16:19:07 zarq Exp $ + $Id: tincd.c,v 1.10.4.34 2000/11/22 19:14:09 guus Exp $ */ #include "config.h" @@ -94,11 +94,6 @@ char **g_argv; /* a copy of the cmdline arguments */ char **environment; /* A pointer to the environment on startup */ -void cleanup_and_exit(int); -int kill_other(void); -void make_names(void); -int write_pidfile(void); - static struct option const long_options[] = { { "config", required_argument, NULL, 'c' }, From a07602c4fddfca9894f1d738959ae359695f5bf9 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 22 Nov 2000 19:55:53 +0000 Subject: [PATCH 239/923] - No more %as. --- src/protocol.c | 126 +++++++++++++++++-------------------------------- src/protocol.h | 7 ++- 2 files changed, 48 insertions(+), 85 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 69a6918f..1a791a71 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.63 2000/11/22 18:54:08 guus Exp $ + $Id: protocol.c,v 1.28.4.64 2000/11/22 19:55:50 guus Exp $ */ #include "config.h" @@ -191,8 +191,9 @@ int id_h(connection_t *cl) { connection_t *old; config_t const *cfg; + char name[MAX_STRING_SIZE]; cp - if(sscanf(cl->buffer, "%*d %as %d %lx %hd", &cl->name, &cl->protocol_version, &cl->options, &cl->port) != 4) + if(sscanf(cl->buffer, "%*d "MAX_STRING" %d %lx %hd", name, &cl->protocol_version, &cl->options, &cl->port) != 4) { syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname); return -1; @@ -209,11 +210,15 @@ cp /* Check if identity is a valid name */ - if(check_id(cl->name)) + if(check_id(name)) { syslog(LOG_ERR, _("Peer %s uses invalid identity name"), cl->hostname); return -1; } + + /* Copy string to cl */ + + cl->name = xstrdup(name); /* Load information about peer */ @@ -316,10 +321,10 @@ cp int challenge_h(connection_t *cl) { - char *buffer; + char buffer[MAX_STRING_SIZE]; int len; cp - if(sscanf(cl->buffer, "%*d %as", &buffer) != 1) + if(sscanf(cl->buffer, "%*d "MAX_STRING, buffer) != 1) { syslog(LOG_ERR, _("Got bad CHALLENGE from %s (%s)"), cl->name, cl->hostname); return -1; @@ -332,7 +337,6 @@ cp if(strlen(buffer) != len*2) { syslog(LOG_ERR, _("Intruder: wrong challenge length from %s (%s)"), cl->name, cl->hostname); - free(buffer); return -1; } @@ -350,7 +354,6 @@ cp if(RSA_private_decrypt(len, buffer, cl->mychallenge, myself->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ { syslog(LOG_ERR, _("Error during encryption of challenge for %s (%s)"), cl->name, cl->hostname); - free(buffer); return -1; } @@ -361,8 +364,6 @@ cp syslog(LOG_DEBUG, _("Received random challenge (unencrypted): %s"), buffer); } - free(buffer); - /* Rest is done by send_chal_reply() */ cp return send_chal_reply(cl); @@ -400,13 +401,12 @@ cp int chal_reply_h(connection_t *cl) { - char *hishash; + char hishash[MAX_STRING_SIZE]; char myhash[SHA_DIGEST_LENGTH]; cp - if(sscanf(cl->buffer, "%*d %as", &hishash) != 1) + if(sscanf(cl->buffer, "%*d "MAX_STRING, hishash) != 1) { syslog(LOG_ERR, _("Got bad CHAL_REPLY from %s (%s)"), cl->name, cl->hostname); - free(hishash); return -1; } @@ -415,7 +415,6 @@ cp if(strlen(hishash) != SHA_DIGEST_LENGTH*2) { syslog(LOG_ERR, _("Intruder: wrong challenge reply length from %s (%s)"), cl->name, cl->hostname); - free(hishash); return -1; } @@ -438,13 +437,10 @@ cp hishash[SHA_DIGEST_LENGTH*2] = '\0'; syslog(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); } - free(hishash); return -1; } - free(hishash); - /* Identity has now been positively verified. If we are accepting this new connection, then send our identity, if we are making this connecting, acknowledge. @@ -517,10 +513,10 @@ cp int metakey_h(connection_t *cl) { - char *buffer; + char buffer[MAX_STRING_SIZE]; int len; cp - if(sscanf(cl->buffer, "%*d %as", &buffer) != 1) + if(sscanf(cl->buffer, "%*d "MAX_STRING, buffer) != 1) { syslog(LOG_ERR, _("Got bad METAKEY from %s (%s)"), cl->name, cl->hostname); return -1; @@ -533,7 +529,6 @@ cp if(strlen(buffer) != len*2) { syslog(LOG_ERR, _("Intruder: wrong meta key length from %s (%s)"), cl->name, cl->hostname); - free(buffer); return -1; } @@ -554,7 +549,6 @@ cp if(RSA_private_decrypt(len, buffer, cl->cipher_inkey, myself->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ { syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), cl->name, cl->hostname); - free(buffer); return -1; } @@ -565,8 +559,6 @@ cp syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); } - free(buffer); - EVP_DecryptInit(cl->cipher_inctx, EVP_bf_cfb(), cl->cipher_inkey, cl->cipher_inkey + EVP_bf_cfb()->key_len); cp @@ -678,16 +670,15 @@ cp int add_subnet_h(connection_t *cl) { - char *subnetstr; - char *name; + char subnetstr[MAX_STRING_SIZE]; + char name[MAX_STRING_SIZE]; connection_t *owner, *p; subnet_t *subnet; rbl_t *rbl; cp - if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 2) + if(sscanf(cl->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) { syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s)"), cl->name, cl->hostname); - free(name); free(subnetstr); return -1; } @@ -696,7 +687,6 @@ cp if(check_id(name)) { syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname); - free(name); free(subnetstr); return -1; } @@ -705,19 +695,15 @@ cp if(!(subnet = str2net(subnetstr))) { syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname); - free(name); free(subnetstr); return -1; } - free(subnetstr); - /* Check if somebody tries to add a subnet of ourself */ if(!strcmp(name, myself->name)) { syslog(LOG_ERR, _("Warning: got ADD_SUBNET from %s (%s) for ourself, restarting"), cl->name, cl->hostname); - free(name); sighup = 1; return 0; } @@ -728,18 +714,6 @@ cp { syslog(LOG_ERR, _("Got ADD_SUBNET for %s from %s (%s) which is not in our connection list"), name, cl->name, cl->hostname); - cp_trace(); - dump_connection_list(); - { - connection_t cl; - rbl_t *rbl; - cl.name = name; - rbl = rbl_search_rbl(connection_tree, &cl); - syslog(LOG_ERR, "rbl_search_rbl: %p", rbl); - if(rbl) - syslog(LOG_ERR, "rbl->data->name: %s", ((connection_t *)rbl->data)->name); - } - free(name); return -1; } @@ -773,16 +747,15 @@ cp int del_subnet_h(connection_t *cl) { - char *subnetstr; - char *name; + char subnetstr[MAX_STRING_SIZE]; + char name[MAX_STRING_SIZE]; connection_t *owner, *p; subnet_t *subnet; rbl_t *rbl; cp - if(sscanf(cl->buffer, "%*d %as %as", &name, &subnetstr) != 3) + if(sscanf(cl->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 3) { syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s)"), cl->name, cl->hostname); - free(name); free(subnetstr); return -1; } @@ -791,7 +764,6 @@ cp if(check_id(name)) { syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname); - free(name); free(subnetstr); return -1; } @@ -800,7 +772,6 @@ cp if(!(subnet = str2net(subnetstr))) { syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname); - free(name); free(subnetstr); return -1; } @@ -812,7 +783,6 @@ cp { syslog(LOG_ERR, _("Warning: got DEL_SUBNET from %s (%s) for ourself, restarting"), cl->name, cl->hostname); - free(name); sighup = 1; return 0; } @@ -823,7 +793,6 @@ cp { syslog(LOG_ERR, _("Got DEL_SUBNET for %s from %s (%s) which is not in our connection list"), name, cl->name, cl->hostname); - free(name); return -1; } @@ -855,11 +824,12 @@ cp int add_host_h(connection_t *cl) { connection_t *old, *new, *p; + char name[MAX_STRING_SIZE]; rbl_t *rbl; cp new = new_connection(); - if(sscanf(cl->buffer, "%*d %as %lx:%d %lx", &new->name, &new->address, &new->port, &new->options) != 4) + if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%d %lx", name, &new->address, &new->port, &new->options) != 4) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->name, cl->hostname); return -1; @@ -867,7 +837,7 @@ cp /* Check if identity is a valid name */ - if(check_id(new->name)) + if(check_id(name)) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid identity name"), cl->name, cl->hostname); free_connection(new); @@ -890,13 +860,13 @@ cp /* Check if the new host already exists in the connnection list */ - if((old = lookup_id(new->name))) + if((old = lookup_id(name))) { if((new->address == old->address) && (new->port == old->port)) { if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), - old->name, old->hostname, new->name, new->hostname); + old->name, old->hostname, name, new->hostname); free_connection(new); return 0; } @@ -912,6 +882,7 @@ cp /* Hook it up into the connection */ + new->name = xstrdup(name); connection_add(new); id_add(new); @@ -949,14 +920,14 @@ cp int del_host_h(connection_t *cl) { - char *name; + char name[MAX_STRING_SIZE]; ip_t address; port_t port; long int options; connection_t *old, *p; rbl_t *rbl; cp - if(sscanf(cl->buffer, "%*d %as %lx:%d %lx", &name, &address, &port, &options) != 4) + if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%d %lx", name, &address, &port, &options) != 4) { syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), cl->name, cl->hostname); @@ -968,7 +939,6 @@ cp if(check_id(name)) { syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s): invalid identity name"), cl->name, cl->hostname); - free(name); return -1; } @@ -978,7 +948,6 @@ cp { syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"), cl->name, cl->hostname); - free(name); sighup = 1; return 0; } @@ -989,7 +958,6 @@ cp { syslog(LOG_ERR, _("Got DEL_HOST from %s (%s) for %s which is not in our connection list"), name, cl->name, cl->hostname); - free(name); return -1; } @@ -1032,9 +1000,9 @@ cp int status_h(connection_t *cl) { int statusno; - char *statusstring; + char statusstring[MAX_STRING_SIZE]; cp - if(sscanf(cl->buffer, "%*d %d %as", &statusno, &statusstring) != 2) + if(sscanf(cl->buffer, "%*d %d "MAX_STRING, &statusno, statusstring) != 2) { syslog(LOG_ERR, _("Got bad STATUS from %s (%s)"), cl->name, cl->hostname); @@ -1048,7 +1016,6 @@ cp } cp - free(statusstring); return 0; } @@ -1063,9 +1030,9 @@ cp int error_h(connection_t *cl) { int errno; - char *errorstring; + char errorstring[MAX_STRING_SIZE]; cp - if(sscanf(cl->buffer, "%*d %d %as", &errno, &errorstring) != 2) + if(sscanf(cl->buffer, "%*d %d "MAX_STRING, &errno, errorstring) != 2) { syslog(LOG_ERR, _("Got bad ERROR from %s (%s)"), cl->name, cl->hostname); @@ -1078,7 +1045,6 @@ cp cl->name, cl->hostname, strerror(errno), errorstring); } - free(errorstring); terminate_connection(cl); cp return 0; @@ -1148,10 +1114,10 @@ cp int key_changed_h(connection_t *cl) { - char *from_id; + char from_id[MAX_STRING_SIZE]; connection_t *from; cp - if(sscanf(cl->buffer, "%*d %as", &from_id) != 1) + if(sscanf(cl->buffer, "%*d "MAX_STRING, from_id) != 1) { syslog(LOG_ERR, _("Got bad KEY_CHANGED from %s (%s)"), cl->name, cl->hostname); @@ -1162,12 +1128,9 @@ cp { syslog(LOG_ERR, _("Got KEY_CHANGED from %s (%s) origin %s which does not exist in our connection list"), cl->name, cl->hostname, from_id); - free(from_id); return -1; } - free(from_id); - from->status.validkey = 0; from->status.waitingforkey = 0; @@ -1185,11 +1148,12 @@ cp int req_key_h(connection_t *cl) { - char *from_id, *to_id; + char from_id[MAX_STRING_SIZE]; + char to_id[MAX_STRING_SIZE]; connection_t *from, *to; char pktkey[129]; cp - if(sscanf(cl->buffer, "%*d %as %as", &from_id, &to_id) != 2) + if(sscanf(cl->buffer, "%*d "MAX_STRING" "MAX_STRING, from_id, to_id) != 2) { syslog(LOG_ERR, _("Got bad REQ_KEY from %s (%s)"), cl->name, cl->hostname); @@ -1200,7 +1164,6 @@ cp { syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) origin %s which does not exist in our connection list"), cl->name, cl->hostname, from_id); - free(from_id); free(to_id); return -1; } @@ -1218,7 +1181,6 @@ cp { syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) destination %s which does not exist in our connection list"), cl->name, cl->hostname, to_id); - free(from_id); free(to_id); return -1; } @@ -1232,7 +1194,6 @@ cp send_req_key(from, to); } - free(from_id); free(to_id); cp return 0; } @@ -1246,11 +1207,13 @@ cp int ans_key_h(connection_t *cl) { - char *from_id, *to_id, *pktkey; + char from_id[MAX_STRING_SIZE]; + char to_id[MAX_STRING_SIZE]; + char pktkey[MAX_STRING_SIZE]; int keylength; connection_t *from, *to; cp - if(sscanf(cl->buffer, "%*d %as %as %as", &from_id, &to_id, &pktkey) != 3) + if(sscanf(cl->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING, from_id, to_id, pktkey) != 3) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s)"), cl->name, cl->hostname); @@ -1261,7 +1224,6 @@ cp { syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) origin %s which does not exist in our connection list"), cl->name, cl->hostname, from_id); - free(from_id); free(to_id); free(pktkey); return -1; } @@ -1273,7 +1235,6 @@ cp { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key length"), cl->name, cl->hostname, from->name); - free(from_id); free(to_id); free(pktkey); return -1; } @@ -1285,7 +1246,6 @@ cp { syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) destination %s which does not exist in our connection list"), cl->name, cl->hostname, to_id); - free(from_id); free(to_id); return -1; } send_ans_key(from, to, pktkey); @@ -1296,15 +1256,13 @@ cp if(from->cipher_pktkey) free(from->cipher_pktkey); + from->cipher_pktkey = xstrdup(pktkey); keylength /= 2; hex2bin(pktkey, pktkey, keylength); pktkey[keylength] = '\0'; - from->cipher_pktkey = pktkey; from->status.validkey = 1; from->status.waitingforkey = 0; - - free(from_id); free(to_id); cp return 0; } diff --git a/src/protocol.h b/src/protocol.h index 79bda43c..3789d804 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.16 2000/11/20 19:12:16 guus Exp $ + $Id: protocol.h,v 1.5.4.17 2000/11/22 19:55:53 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -45,6 +45,11 @@ enum { LAST /* Guardian for the highest request number */ }; +/* Maximum size of strings in a request */ + +#define MAX_STRING_SIZE 1024 +#define MAX_STRING "%1024s" + extern int (*request_handlers[])(connection_t*); extern int send_id(connection_t*); From 5971e352dae2cf189f1cbdeacffa4ccdd1e98304 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 22 Nov 2000 20:25:27 +0000 Subject: [PATCH 240/923] - Work with the correct key buffer in ans_key_h --- src/protocol.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 1a791a71..735a14c1 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.64 2000/11/22 19:55:50 guus Exp $ + $Id: protocol.c,v 1.28.4.65 2000/11/22 20:25:27 guus Exp $ */ #include "config.h" @@ -1258,8 +1258,8 @@ cp from->cipher_pktkey = xstrdup(pktkey); keylength /= 2; - hex2bin(pktkey, pktkey, keylength); - pktkey[keylength] = '\0'; + hex2bin(from->cipher_pktkey, from->cipher_pktkey, keylength); + from->cipher_pktkey[keylength] = '\0'; from->status.validkey = 1; from->status.waitingforkey = 0; From 6f373e690236334d8f8333710b61f97ccad54bf1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 22 Nov 2000 22:05:37 +0000 Subject: [PATCH 241/923] - More porting to FreeBSD and Solaris. --- configure.in | 4 ++-- lib/list.c | 3 +-- src/process.c | 61 +++++++++++++++++++++++++++++++++++++++++++++++++- src/protocol.c | 4 ++-- 4 files changed, 65 insertions(+), 7 deletions(-) diff --git a/configure.in b/configure.in index d4b61e6d..07a03471 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.20 2000/11/20 19:56:01 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.21 2000/11/22 22:05:36 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs) @@ -48,7 +48,7 @@ AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL AC_CHECK_FUNCS([ftime socket select strtol strerror flock unsetenv \ -asprintf putenv strdup]) +asprintf putenv strdup fcloseall daemon]) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/lib/list.c b/lib/list.c index 6ade9e8a..39b5b3bb 100644 --- a/lib/list.c +++ b/lib/list.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.3 2000/11/20 22:13:00 guus Exp $ + $Id: list.c,v 1.1.2.4 2000/11/22 22:05:36 guus Exp $ */ #include "config.h" @@ -26,7 +26,6 @@ #include #include -#include #include #include diff --git a/src/process.c b/src/process.c index 29e49fa4..8fad5b0c 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.10 2000/11/22 19:14:08 guus Exp $ + $Id: process.c,v 1.1.2.11 2000/11/22 22:05:37 guus Exp $ */ #include "config.h" @@ -31,7 +31,9 @@ #include #include #include +#include #include +#include #include #include @@ -69,6 +71,63 @@ void memory_full(int size) exit(1); } +/* Some functions the less gifted operating systems might lack... */ + +#ifndef HAVE_FCLOSEALL +int fcloseall(void) +{ + fflush(stdin); + fflush(stdout); + fflush(stderr); + fclose(stdin); + fclose(stdout); + fclose(stderr); +} +#endif + +#ifndef HAVE_DAEMON +int daemon(int nochdir, int noclose) +{ + pid_t pid; + int fd; + + ppid = getpid(); + + if((pid = fork()) < 0) + { + perror("fork"); + return -1; + } + if(pid) /* parent process */ + { + signal(SIGTERM, parent_exit); + sleep(600); /* wait 10 minutes */ + exit(1); + } + + if((fd = open("/dev/tty", O_RDWR)) >= 0) + { + if(ioctl(fd, TIOCNOTTY, NULL)) + { + perror("ioctl"); + return -1; + } + close(fd); + } + + if(setsid() < 0) + return -1; + + kill(ppid, SIGTERM); + + if(!nochdir) + chdir("/"); + + if(!noclose) + fcloseall(); +} +#endif + /* Close network connections, and terminate neatly */ diff --git a/src/protocol.c b/src/protocol.c index 735a14c1..11ce65f0 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.65 2000/11/22 20:25:27 guus Exp $ + $Id: protocol.c,v 1.28.4.66 2000/11/22 22:05:37 guus Exp $ */ #include "config.h" @@ -846,7 +846,7 @@ cp /* Check if somebody tries to add ourself */ - if(!strcmp(new->name, myself->name)) + if(!strcmp(name, myself->name)) { syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->name, cl->hostname); sighup = 1; From dac256505e1af78505c9f905bd55c11d4b87345c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 22 Nov 2000 22:18:03 +0000 Subject: [PATCH 242/923] - Fixed all (except 2) compiler warnings gcc -Wall gave. --- lib/list.c | 23 +++++++++-------------- src/connection.c | 4 ++-- src/connection.h | 4 +++- src/process.c | 6 +++--- src/process.h | 4 +++- 5 files changed, 20 insertions(+), 21 deletions(-) diff --git a/lib/list.c b/lib/list.c index 39b5b3bb..668a5a94 100644 --- a/lib/list.c +++ b/lib/list.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.4 2000/11/22 22:05:36 guus Exp $ + $Id: list.c,v 1.1.2.5 2000/11/22 22:18:03 guus Exp $ */ #include "config.h" @@ -49,14 +49,10 @@ list_t *list_new(void) Delete the element pointed to by idx from the list. */ -list_node_t *list_delete(list_t *list, list_node_t *idx) +void list_delete(list_t *list, list_node_t *idx) { - list_node_t *res; - - if(!list) - return NULL; - if(!idx) - return NULL; + if(!list || !idx) + return; if(list->callbacks->delete != NULL) if(list->callbacks->delete(idx->data)) @@ -67,13 +63,11 @@ list_node_t *list_delete(list_t *list, list_node_t *idx) if(idx->prev == NULL) /* First element in list */ { - res = idx->next; list->head = idx->next; } if(idx->next == NULL) /* Last element in list */ { - res = NULL; list->tail = idx->prev; } if(idx->prev != NULL && idx->next != NULL) @@ -87,8 +81,8 @@ list_node_t *list_delete(list_t *list, list_node_t *idx) else if(list->tail == NULL) list->head = NULL; + free(idx); - return res; } /* @@ -99,7 +93,7 @@ list_node_t *list_delete(list_t *list, list_node_t *idx) */ void list_forall_nodes(list_t *list, int (*function)(void *data)) { - list_node_t *p; + list_node_t *p, *next; int res; if(!list) /* no list given */ @@ -108,11 +102,12 @@ void list_forall_nodes(list_t *list, int (*function)(void *data)) return; if(!list->head) /* list is empty */ return; - for(p = list->head; p != NULL; p = p->next) + for(p = list->head; p != NULL; p = next) { + next = p->next; res = function(p->data); if(res != 0) - p = list_delete(list, p); + list_delete(list, p); } } diff --git a/src/connection.c b/src/connection.c index 61657a3b..4d0b3a81 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.4 2000/11/22 18:54:07 guus Exp $ + $Id: connection.c,v 1.1.2.5 2000/11/22 22:18:03 guus Exp $ */ #include "config.h" @@ -160,7 +160,7 @@ cp connection_t *lookup_connection(ipv4_t address, short unsigned int port) { - connection_t cl, *p; + connection_t cl; cp cl.address = address; cl.port = port; diff --git a/src/connection.h b/src/connection.h index 60398941..e7397810 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.2 2000/11/20 22:13:03 guus Exp $ + $Id: connection.h,v 1.1.2.3 2000/11/22 22:18:03 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -111,9 +111,11 @@ extern connection_t *myself; extern void init_connections(void); extern connection_t *new_connection(void); extern void free_connection(connection_t *); +extern void id_add(connection_t *); extern void connection_add(connection_t *); extern void connection_del(connection_t *); extern connection_t *lookup_id(char *); +extern connection_t *lookup_connection(ipv4_t, short unsigned int); extern void dump_connection_list(void); extern int read_host_config(connection_t *); extern void destroy_connection_tree(void); diff --git a/src/process.c b/src/process.c index 8fad5b0c..e0d4899a 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.11 2000/11/22 22:05:37 guus Exp $ + $Id: process.c,v 1.1.2.12 2000/11/22 22:18:03 guus Exp $ */ #include "config.h" @@ -42,6 +42,8 @@ #include "conf.h" #include "process.h" +#include "subnet.h" +#include "connection.h" #include "system.h" @@ -199,8 +201,6 @@ cp */ int detach(void) { - int fd; - pid_t pid; cp setup_signals(); diff --git a/src/process.h b/src/process.h index ce357614..bd548138 100644 --- a/src/process.h +++ b/src/process.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.3 2000/11/20 22:13:13 guus Exp $ + $Id: process.h,v 1.1.2.4 2000/11/22 22:18:03 guus Exp $ */ #ifndef __TINC_PROCESS_H__ @@ -34,5 +34,7 @@ extern void setup_signals(void); extern int execute_script(const char *); extern void check_children(void); extern int detach(void); +extern int kill_other(void); +extern void cleanup_and_exit(int); #endif /* __TINC_PROCESS_H__ */ From 7aa7895629d72391eccfcb23f3cb6290a9e3abc3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 22 Nov 2000 23:09:38 +0000 Subject: [PATCH 243/923] - #include instead of --- lib/list.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/list.c b/lib/list.c index 668a5a94..f509e216 100644 --- a/lib/list.c +++ b/lib/list.c @@ -17,12 +17,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.5 2000/11/22 22:18:03 guus Exp $ + $Id: list.c,v 1.1.2.6 2000/11/22 23:09:38 guus Exp $ */ #include "config.h" -#include +#include #include #include From cebcf78b9a24f70902009bea23514e55d84b096a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 23 Nov 2000 09:30:33 +0000 Subject: [PATCH 244/923] - Don't link with -ldl anymore - Let's not use bash' built-in pwd function anymore... it does not follow symlinks. --- autogen.sh | 2 +- configure.in | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/autogen.sh b/autogen.sh index 09e5ecdc..344fbfa0 100644 --- a/autogen.sh +++ b/autogen.sh @@ -4,7 +4,7 @@ DIE=0 -srcdir="`pwd`" +srcdir="`/bin/pwd`" (autoconf --version) < /dev/null > /dev/null 2>&1 || { echo diff --git a/configure.in b/configure.in index 07a03471..26f8ba4e 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.21 2000/11/22 22:05:36 guus Exp $ +dnl $Id: configure.in,v 1.13.2.22 2000/11/23 09:30:33 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs) @@ -54,10 +54,6 @@ jm_FUNC_REALLOC AM_GNU_GETTEXT -AC_CHECK_LIB(dl, dlopen, [ - LIBS="$LIBS -ldl" -]) - dnl Crypto stuff tinc_OPENSSL From b0ff879e7c68edd447328f3d806c1ad9e336fece Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 24 Nov 2000 12:44:39 +0000 Subject: [PATCH 245/923] Do not use the C library's daemon() call. --- src/process.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/src/process.c b/src/process.c index e0d4899a..33828bbc 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.12 2000/11/22 22:18:03 guus Exp $ + $Id: process.c,v 1.1.2.13 2000/11/24 12:44:39 zarq Exp $ */ #include "config.h" @@ -87,8 +87,7 @@ int fcloseall(void) } #endif -#ifndef HAVE_DAEMON -int daemon(int nochdir, int noclose) +int become_daemon(void) { pid_t pid; int fd; @@ -122,13 +121,9 @@ int daemon(int nochdir, int noclose) kill(ppid, SIGTERM); - if(!nochdir) - chdir("/"); - - if(!noclose) - fcloseall(); + chdir("/"); + fcloseall(); } -#endif /* Close network connections, and terminate neatly @@ -205,7 +200,8 @@ cp setup_signals(); if(do_detach) - daemon(0, 0); + if(become_daemon() < 0) + return -1; if(write_pidfile()) return -1; From f2dd7bb42c1f4bfa708f542e430f4a56fd43e74f Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 24 Nov 2000 13:32:26 +0000 Subject: [PATCH 246/923] Do not check for the daemon() system call --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 26f8ba4e..891cc24e 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.22 2000/11/23 09:30:33 guus Exp $ +dnl $Id: configure.in,v 1.13.2.23 2000/11/24 13:32:26 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs) @@ -48,7 +48,7 @@ AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL AC_CHECK_FUNCS([ftime socket select strtol strerror flock unsetenv \ -asprintf putenv strdup fcloseall daemon]) +asprintf putenv strdup fcloseall]) jm_FUNC_MALLOC jm_FUNC_REALLOC From 31aa4298463498cbb755db747e901e4269cd1ef6 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 24 Nov 2000 13:33:48 +0000 Subject: [PATCH 247/923] Do not attempt to retreive ChangeLog information only from the CABAL tag, it doesn't work anyway. --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 8ee22a7a..9a820105 100644 --- a/Makefile.am +++ b/Makefile.am @@ -14,7 +14,7 @@ CVS_CREATED = configure aclocal.m4 config.h.in config.guess \ ChangeLog: rm -f ChangeLog - rcs2log -r -r -r CABAL \ + rcs2log \ -u "zarq Ivo Timmermans itimmermans@bigfoot.com" \ -u "guus Guus Sliepen guus@sliepen.warande.net" \ -u "wsl Wessel Dankers wsl@nl.linux.org" | \ From 2f37f2bd8ab6b89eb6b6c2b4bdd6ffe449b1aa98 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 24 Nov 2000 14:03:13 +0000 Subject: [PATCH 248/923] Set localstatedir to /var --- debian/rules | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 421d544b..14b2fe47 100644 --- a/debian/rules +++ b/debian/rules @@ -18,7 +18,8 @@ build-stamp: patch -Ns -p0 < `pwd`/../debian/po-Makefile.in.in.diff || true ;\ fi ;\ ) - ./configure --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info --sysconfdir=/etc + ./configure --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \ + --sysconfdir=/etc --localstatedir=/var $(MAKE) touch build-stamp From eb36b0c1ef7b5ed8ff59c3b41cbb361ed37d5f01 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 24 Nov 2000 14:00:32 +0000 Subject: [PATCH 249/923] Use cvs2cl instead of rcs2log to generate the ChangeLog. --- Makefile.am | 6 +----- cvsusers | 3 +++ 2 files changed, 4 insertions(+), 5 deletions(-) create mode 100644 cvsusers diff --git a/Makefile.am b/Makefile.am index 9a820105..68331c72 100644 --- a/Makefile.am +++ b/Makefile.am @@ -14,11 +14,7 @@ CVS_CREATED = configure aclocal.m4 config.h.in config.guess \ ChangeLog: rm -f ChangeLog - rcs2log \ - -u "zarq Ivo Timmermans itimmermans@bigfoot.com" \ - -u "guus Guus Sliepen guus@sliepen.warande.net" \ - -u "wsl Wessel Dankers wsl@nl.linux.org" | \ - sed -e 's,/home/CVS/tinc/,,g' > $@ + cvs2cl -U cvsusers --fsf cvs-clean: maintainer-clean for f in $(CVS_CREATED) `find -name Makefile.in` ; do\ diff --git a/cvsusers b/cvsusers new file mode 100644 index 00000000..3d1d2d33 --- /dev/null +++ b/cvsusers @@ -0,0 +1,3 @@ +zarq:Ivo Timmermans +guus:Guus Sliepen +wsl:Wessel Dankers From b17822840150f5ba8cfb8e5a44fc10d66bd15a97 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 24 Nov 2000 14:04:49 +0000 Subject: [PATCH 250/923] Set CFLAGS to -O2 -Wall when running configure --- debian/rules | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/rules b/debian/rules index 14b2fe47..7f832829 100644 --- a/debian/rules +++ b/debian/rules @@ -18,8 +18,8 @@ build-stamp: patch -Ns -p0 < `pwd`/../debian/po-Makefile.in.in.diff || true ;\ fi ;\ ) - ./configure --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \ - --sysconfdir=/etc --localstatedir=/var + env CFLAGS='-O2 -Wall' ./configure --prefix=/usr --mandir=\$${prefix}/share/man \ + --infodir=\$${prefix}/share/info --sysconfdir=/etc --localstatedir=/var $(MAKE) touch build-stamp From ef88db63120503a8c9d34d86073795c99dedc3a9 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 24 Nov 2000 14:12:31 +0000 Subject: [PATCH 251/923] Alter CFLAGS, somehow INCLUDES doesn't propagate properly. Still doesn't work exactly like it should, but getting there. --- m4/openssl.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 0db50978..782e7e12 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -37,7 +37,7 @@ if test "$tinc_cv_openssl_lib" != "none given" ; then LIBS="$LIBS -L$tinc_cv_openssl_lib" fi if test "$tinc_cv_openssl_include" != "none given" ; then - INCLUDES="$INCLUDES -I$tinc_cv_openssl_include" + CFLAGS="$CFLAGS -I$tinc_cv_openssl_include" fi osi=found From 4cb4a7d298d560593f84d974bf77d0ee8a911a50 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 24 Nov 2000 14:13:06 +0000 Subject: [PATCH 252/923] Set errno to 0 before trying to kill the other process. --- lib/pidfile.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/pidfile.c b/lib/pidfile.c index 54a6b4c1..a954d18f 100644 --- a/lib/pidfile.c +++ b/lib/pidfile.c @@ -73,6 +73,7 @@ int check_pid (char *pidfile) * be found -- GW */ /* But... errno is usually changed only on error.. */ + errno = 0; if (kill(pid, 0) && errno == ESRCH) return(0); From edb9b4cad09855a9bb3c57c5d4b1b174fde1de6c Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 24 Nov 2000 14:13:51 +0000 Subject: [PATCH 253/923] Explain how to tell configure where OpenSSL lives. --- doc/tinc.texi | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index d9105862..af88c48a 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.7 2000/11/09 21:29:58 zarq Exp $ +@c $Id: tinc.texi,v 1.8.4.8 2000/11/24 14:13:51 zarq Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -17,7 +17,7 @@ Copyright @copyright{} 1998,199,2000 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.7 2000/11/09 21:29:58 zarq Exp $ +$Id: tinc.texi,v 1.8.4.8 2000/11/24 14:13:51 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -42,7 +42,7 @@ Copyright @copyright{} 1998,1999,2000 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.7 2000/11/09 21:29:58 zarq Exp $ +$Id: tinc.texi,v 1.8.4.8 2000/11/24 14:13:51 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -180,6 +180,10 @@ tinc will run on them as well. Without this driver, tinc will most likely compile and run, but it will not be able to send or receive data packets. +For a more up to date list, please check the list on our website: +@uref{http://tinc.nl.linux.org/platforms.html}. + + @c ================================================================== @subsection Linux @@ -386,6 +390,18 @@ build and install this package are included within the package. Please make sure you build development and runtime libraries (which is the default). +If you installed the OpenSSL libraries from source, it may be necessary +to let configure know where they are, by passing configure one of the +--with-openssl-* parameters. + +@example +--with-openssl=DIR OpenSSL library and headers prefix +--with-openssl-include=DIR OpenSSL headers directory + (Default is OPENSSL_DIR/include) +--with-openssl-lib=DIR OpenSSL library directory + (Default is OPENSSL_DIR/lib) +@end example + @c @c From b42c9abafdc102db0641f3d444bdb30fbc29140a Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 24 Nov 2000 14:15:20 +0000 Subject: [PATCH 254/923] Call autogen.sh instead of configure alone; and make cvs-clean instead of distclean. This way you can just cvs checkout && dpkg-buildpackage in one go. --- debian/rules | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/debian/rules b/debian/rules index 7f832829..a5b7b797 100644 --- a/debian/rules +++ b/debian/rules @@ -18,8 +18,10 @@ build-stamp: patch -Ns -p0 < `pwd`/../debian/po-Makefile.in.in.diff || true ;\ fi ;\ ) - env CFLAGS='-O2 -Wall' ./configure --prefix=/usr --mandir=\$${prefix}/share/man \ + + env CFLAGS='-O2 -Wall' ./autogen.sh --prefix=/usr --mandir=\$${prefix}/share/man \ --infodir=\$${prefix}/share/info --sysconfdir=/etc --localstatedir=/var + $(MAKE) touch build-stamp @@ -29,7 +31,7 @@ clean: dh_testroot rm -f build-stamp - -$(MAKE) distclean + -$(MAKE) cvs-clean dh_clean @@ -43,6 +45,9 @@ install: build mkdir -p `pwd`/debian/tmp/etc/tinc/example cp doc/tinc.conf.sample `pwd`/debian/tmp/etc/tinc/example/tinc.conf ln -s /usr/share/doc/tinc/README.Debian `pwd`/debian/tmp/etc/tinc/example/README + cp debian/tinc-up debian/tmp/etc/tinc/example + cp debian/tinc-down debian/tmp/etc/tinc/example + chmod 700 debian/tmp/etc/tinc/example/tinc-up debian/tmp/etc/tinc/example/tinc-down # Build architecture-independent files here. From 97c54ffb35312caf38034952b9ed2733f7e374f9 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 24 Nov 2000 16:52:57 +0000 Subject: [PATCH 255/923] Add default tinc-up and tinc-down scripts for a Debian system. These do not yet work, it's just old code from init.d. --- debian/changelog | 6 ++ debian/conffiles | 2 + debian/tinc-down | 189 +++++++++++++++++++++++++++++++++++++++++++++++ debian/tinc-up | 159 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 356 insertions(+) create mode 100644 debian/tinc-down create mode 100644 debian/tinc-up diff --git a/debian/changelog b/debian/changelog index 81f37dd4..4e74eb74 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +tinc (1.0pre3-2) unstable; urgency=low + + * Added universal tinc-up and tinc-down scripts + + -- Ivo Timmermans Wed, 15 Nov 2000 23:26:56 +0100 + tinc (1.0pre3-1) unstable; urgency=low * New upstream version (1.0pre3) (Closes: #71274). diff --git a/debian/conffiles b/debian/conffiles index 4be7a806..e2cc0633 100644 --- a/debian/conffiles +++ b/debian/conffiles @@ -1,2 +1,4 @@ /etc/tinc/example/tinc.conf +/etc/tinc/example/tinc-down +/etc/tinc/example/tinc-up /etc/init.d/tinc diff --git a/debian/tinc-down b/debian/tinc-down new file mode 100644 index 00000000..17eb92b4 --- /dev/null +++ b/debian/tinc-down @@ -0,0 +1,189 @@ +#! /usr/bin/perl -w +# +# System startup script for tinc +# $Id: tinc-down,v 1.1.2.1 2000/11/24 16:52:57 zarq Exp $ +# +# Based on Lubomir Bulej's Redhat init script. +# +# Create a file $NETSFILE (/etc/tinc/nets.boot), and put all the names of +# the networks in there. These names must be valid directory names under +# $TCONF (/etc/tinc). Lines starting with a # will be ignored in this +# file. +# + +my $DAEMON="/usr/sbin/tincd"; +my $NAME="tinc"; +my $DESC="tinc daemons"; +my $TCONF="/etc/tinc"; +my $EXTRA=""; +my $NETSFILE="$TCONF/nets.boot"; +my @NETS=(); + + +if (! -f $DAEMON) { exit 0; } + + + +sub find_nets { + if(! open(FH, $NETSFILE)) { + warn "Please create $NETSFILE.\n"; + exit 0; + } + while () { + chomp; + if( /^[ ]*([^ \#]+)/i ) { + push(@NETS, "$1"); + } + } + if($#NETS == -1) { + warn "$NETSFILE doesn't contain any nets.\n"; + exit 0; + } + +} + + +############################################################################## +# vpn_load () Loads VPN configuration +# +# $_[0] ... VPN to load + +sub vpn_load { + my @addr; + $CFG="$TCONF/$_[0]/tinc.conf"; + if(! open($CFG, "< $CFG")) { + warn "tinc: $CFG does not exist\n"; + return 0; + } + + # load TINCD config + while(<$CFG>) { + if( /^[ ]*TapDevice[ =]+([^ \#]+)/i ) { + $DEV=$1; + chomp($DEV); + $DEV =~ s/^.*\/([^\/0-9]+)([0-9]+)$/$1$2/; + $NUM = $2; + } elsif ( /^[ ]*(MyOwnVPNIP|MyVirtualIP)[ =]+([^ \#]+)/i ) { + $VPN=$2; + chomp($VPN); + } elsif ( /^[ ]*VpnMask[ =]+([^ \#]+)/i ) { + $VPNMASK=$1; + chomp($VPNMASK); + } + } + if(!defined($DEV)) { + warn "tinc: There must be a TapDevice\n"; + return 0; + } + if($DEV eq "") { + warn "tinc: TapDevice should be of the form /dev/tapN\n"; + return 0; + } + if(!defined($VPN)) { + warn "tinc: MyVirtualIP required\n"; + return 0; + } + if($VPN eq "") { + warn "tinc: No argument to MyVirtualIP/MyOwnVPNIP\n"; + return 0; + } + if(defined($VPNMASK) && $VPNMASK eq "") { + warn "tinc: Invalid argument to VpnMask\n"; + return 0; + } + + $ADR = $VPN; + $ADR =~ s/^([^\/]+)\/.*$/$1/; + $LEN = $VPN; + $LEN =~ s/^.*\/([^\/]+)$/$1/; + if($ADR eq "" || $LEN eq "") { + warn "tinc: Badly formed MyVirtualIP/MyOwnVPNIP\n"; + return 0; + } + @addr = split(/\./, $ADR); + + $ADR = pack('C4', @addr); + $MSK = pack('N4', -1 << (32 - $LEN)); + $BRD = join(".", unpack('C4', $ADR | ~$MSK)); + $MAC = "fe:fd:" . join(":", map { sprintf "%02x", $_ } unpack('C4', $ADR)); + + if(!defined($VPNMASK)) { + $VPNMASK = $MSK; + $VPNMASK = join(".", unpack('C4', $VPNMASK)); + } + $ADR = join(".", unpack('C4', $ADR)); + $MSK = join(".", unpack('C4', $MSK)); + + 1; +} + + +############################################################################## +# vpn_start () starts specified VPN +# +# $_[0] ... VPN to start + +sub vpn_start { + vpn_load($_[0]) || return 0; + + system("insmod ethertap -s --name=\"ethertap$NUM\" unit=\"$NUM\" >/dev/null"); + system("ifconfig $DEV hw ether $MAC"); + system("ifconfig $DEV $ADR netmask $VPNMASK broadcast $BRD mtu 1448 -arp"); + system("start-stop-daemon --start --quiet --pidfile /var/run/$NAME.$_[0].pid --exec $DAEMON -- -n $_[0] $EXTRA"); +} + + + + +############################################################################## +# vpn_stop () Stops specified VPN +# +# $_[0] ... VPN to stop + +sub vpn_stop { + vpn_load($_[0]) || return 1; + + system("start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.$_[0].pid --exec $DAEMON -- -n $_[0] $EXTRA -k"); + + system("ifconfig $DEV down"); + system("rmmod ethertap$NUM -s"); +} + + +if(!defined($ARGV[0])) { + die "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}\n"; +} + +if($ARGV[0] eq "start") { + find_nets; + print "Starting $DESC:"; + foreach $n (@NETS) { + print " $n"; + vpn_start($n); + } + print ".\n"; +} elsif ($ARGV[0] eq "stop") { + find_nets; + print "Stopping $DESC:"; + foreach $n (@NETS) { + print " $n"; + vpn_stop($n); + } + print ".\n"; +} elsif ($ARGV[0] eq "restart" || $ARGV[0] eq "force-reload") { + find_nets; + print "Stopping $DESC:"; + foreach $n (@NETS) { + print " $n"; + vpn_stop($n); + } + print ".\n"; + print "Starting $DESC:"; + foreach $n (@NETS) { + print " $n"; + vpn_start($n); + } + print ".\n"; +} else { + die "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}\n"; +} diff --git a/debian/tinc-up b/debian/tinc-up new file mode 100644 index 00000000..0ca5ebe8 --- /dev/null +++ b/debian/tinc-up @@ -0,0 +1,159 @@ +#! /usr/bin/perl -w +# +# Device configuration script for tinc +# $Id: tinc-up,v 1.1.2.1 2000/11/24 16:52:57 zarq Exp $ +# +# Based on Lubomir Bulej's Redhat init script. +# +# This file is called after the tap device is opened by tinc. The +# environment variable IFNAME contains the name of the device; NETNAME +# contains the name of the network that was started. + +my $IFNAME=$ENV{"IFNAME"}; +my $NETNAME=$ENV{"NETNAME"}; + + +############################################################################## +# vpn_load () Loads VPN configuration +# +# $_[0] ... VPN to load + +sub vpn_load { + my @addr; + $CFG="$TCONF/$_[0]/tinc.conf"; + if(! open($CFG, "< $CFG")) { + warn "tinc: $CFG does not exist\n"; + return 0; + } + + # load TINCD config + while(<$CFG>) { + if( /^[ ]*TapDevice[ =]+([^ \#]+)/i ) { + $DEV=$1; + chomp($DEV); + $DEV =~ s/^.*\/([^\/0-9]+)([0-9]+)$/$1$2/; + $NUM = $2; + } elsif ( /^[ ]*(MyOwnVPNIP|MyVirtualIP)[ =]+([^ \#]+)/i ) { + $VPN=$2; + chomp($VPN); + } elsif ( /^[ ]*VpnMask[ =]+([^ \#]+)/i ) { + $VPNMASK=$1; + chomp($VPNMASK); + } + } + if(!defined($DEV)) { + warn "tinc: There must be a TapDevice\n"; + return 0; + } + if($DEV eq "") { + warn "tinc: TapDevice should be of the form /dev/tapN\n"; + return 0; + } + if(!defined($VPN)) { + warn "tinc: MyVirtualIP required\n"; + return 0; + } + if($VPN eq "") { + warn "tinc: No argument to MyVirtualIP/MyOwnVPNIP\n"; + return 0; + } + if(defined($VPNMASK) && $VPNMASK eq "") { + warn "tinc: Invalid argument to VpnMask\n"; + return 0; + } + + $ADR = $VPN; + $ADR =~ s/^([^\/]+)\/.*$/$1/; + $LEN = $VPN; + $LEN =~ s/^.*\/([^\/]+)$/$1/; + if($ADR eq "" || $LEN eq "") { + warn "tinc: Badly formed MyVirtualIP/MyOwnVPNIP\n"; + return 0; + } + @addr = split(/\./, $ADR); + + $ADR = pack('C4', @addr); + $MSK = pack('N4', -1 << (32 - $LEN)); + $BRD = join(".", unpack('C4', $ADR | ~$MSK)); + $MAC = "fe:fd:" . join(":", map { sprintf "%02x", $_ } unpack('C4', $ADR)); + + if(!defined($VPNMASK)) { + $VPNMASK = $MSK; + $VPNMASK = join(".", unpack('C4', $VPNMASK)); + } + $ADR = join(".", unpack('C4', $ADR)); + $MSK = join(".", unpack('C4', $MSK)); + + 1; +} + + +############################################################################## +# vpn_start () starts specified VPN +# +# $_[0] ... VPN to start + +sub vpn_start { + vpn_load($_[0]) || return 0; + + system("insmod ethertap -s --name=\"ethertap$NUM\" unit=\"$NUM\" >/dev/null"); + system("ifconfig $DEV hw ether $MAC"); + system("ifconfig $DEV $ADR netmask $VPNMASK broadcast $BRD mtu 1448 -arp"); + system("start-stop-daemon --start --quiet --pidfile /var/run/$NAME.$_[0].pid --exec $DAEMON -- -n $_[0] $EXTRA"); +} + + + + +############################################################################## +# vpn_stop () Stops specified VPN +# +# $_[0] ... VPN to stop + +sub vpn_stop { + vpn_load($_[0]) || return 1; + + system("start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.$_[0].pid --exec $DAEMON -- -n $_[0] $EXTRA -k"); + + system("ifconfig $DEV down"); + system("rmmod ethertap$NUM -s"); +} + + +if(!defined($ARGV[0])) { + die "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}\n"; +} + +if($ARGV[0] eq "start") { + find_nets; + print "Starting $DESC:"; + foreach $n (@NETS) { + print " $n"; + vpn_start($n); + } + print ".\n"; +} elsif ($ARGV[0] eq "stop") { + find_nets; + print "Stopping $DESC:"; + foreach $n (@NETS) { + print " $n"; + vpn_stop($n); + } + print ".\n"; +} elsif ($ARGV[0] eq "restart" || $ARGV[0] eq "force-reload") { + find_nets; + print "Stopping $DESC:"; + foreach $n (@NETS) { + print " $n"; + vpn_stop($n); + } + print ".\n"; + print "Starting $DESC:"; + foreach $n (@NETS) { + print " $n"; + vpn_start($n); + } + print ".\n"; +} else { + die "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}\n"; +} From cf49b2c0647554613874cce495e4a7937a9f7863 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 24 Nov 2000 23:13:07 +0000 Subject: [PATCH 256/923] Another big & bad commit: - Added some extra search functions to rbl routines - Fix subnet_lookup() - Reorder some syslog messages to make more sense - daemon() is back - Don't let scripts execute in parallel (gives race conditions, and anyway something MIGHT just be configured which is necessary for further execution of tinc itself) - Accidently merged check_child() with execute_script(). - Small fixes --- configure.in | 4 +- lib/Makefile.am | 6 +- lib/rbl.c | 58 +++++++++++++- lib/rbl.h | 6 +- src/connection.c | 7 +- src/net.c | 14 +--- src/process.c | 199 ++++++++++++----------------------------------- src/process.h | 7 +- src/subnet.c | 28 +++++-- src/tincd.c | 4 +- 10 files changed, 146 insertions(+), 187 deletions(-) diff --git a/configure.in b/configure.in index 891cc24e..7013b995 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.23 2000/11/24 13:32:26 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.24 2000/11/24 23:12:56 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs) @@ -48,7 +48,7 @@ AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL AC_CHECK_FUNCS([ftime socket select strtol strerror flock unsetenv \ -asprintf putenv strdup fcloseall]) +asprintf putenv strdup fcloseall daemon]) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/lib/Makefile.am b/lib/Makefile.am index 43629d38..7ac630a0 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,15 +1,15 @@ ## Process this file with automake to produce Makefile.in -# $Id: Makefile.am,v 1.2.4.3 2000/11/20 19:12:10 guus Exp $ +# $Id: Makefile.am,v 1.2.4.4 2000/11/24 23:12:58 guus Exp $ noinst_LIBRARIES = libvpn.a INCLUDES = -I. -I$(top_builddir) -I$(top_srcdir)/intl -libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c rbl.c +libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c rbl.c daemon.c libvpn_a_LIBADD = @LIBOBJS@ @ALLOCA@ libvpn_a_DEPENDENCIES = $(libvpn_a_LIBADD) -noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h rbl.h +noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h rbl.h daemon.h EXTRA_DIST = README diff --git a/lib/rbl.c b/lib/rbl.c index 1a405350..226e938b 100644 --- a/lib/rbl.c +++ b/lib/rbl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.c,v 1.1.2.11 2000/11/22 19:14:08 guus Exp $ + $Id: rbl.c,v 1.1.2.12 2000/11/24 23:12:59 guus Exp $ */ #include "config.h" @@ -88,6 +88,38 @@ rbl_t *rbl_search_closest_rbl(rbltree_t *tree, void *data) return rbl; } +/* Search closest match in the tree */ +rbl_t *rbl_search_closest_greater_rbl(rbltree_t *tree, void *data) +{ + rbl_t *rbl; + + rbl = rbl_search_closest_rbl(tree, data); + + if(rbl) + { + if(tree->compare(data, rbl->data) > 0) + rbl = rbl->next; + } + + return rbl; +} + +/* Search closest match in the tree */ +rbl_t *rbl_search_closest_smaller_rbl(rbltree_t *tree, void *data) +{ + rbl_t *rbl; + + rbl = rbl_search_closest_rbl(tree, data); + + if(rbl) + { + if(tree->compare(data, rbl->data) < 0) + rbl = rbl->next; + } + + return rbl; +} + void *rbl_search_closest(rbltree_t *tree, void *data) { rbl_t *rbl; @@ -100,6 +132,30 @@ void *rbl_search_closest(rbltree_t *tree, void *data) return NULL; } +void *rbl_search_closest_greater(rbltree_t *tree, void *data) +{ + rbl_t *rbl; + + rbl = rbl_search_closest_greater_rbl(tree, data); + + if(rbl) + return rbl->data; + else + return NULL; +} + +void *rbl_search_closest_smaller(rbltree_t *tree, void *data) +{ + rbl_t *rbl; + + rbl = rbl_search_closest_smaller_rbl(tree, data); + + if(rbl) + return rbl->data; + else + return NULL; +} + /* Search exact match or return NULL pointer */ rbl_t *rbl_search_rbl(rbltree_t *tree, void *data) { diff --git a/lib/rbl.h b/lib/rbl.h index 14ef52b2..0a090bd7 100644 --- a/lib/rbl.h +++ b/lib/rbl.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.h,v 1.1.2.7 2000/11/20 19:12:10 guus Exp $ + $Id: rbl.h,v 1.1.2.8 2000/11/24 23:13:00 guus Exp $ */ #ifndef __RBL_H__ @@ -83,8 +83,12 @@ extern void free_rbl(rbl_t *); extern void *rbl_search(rbltree_t *, void *); extern void *rbl_search_closest(rbltree_t *, void *); +extern void *rbl_search_closest_greater(rbltree_t *, void *); +extern void *rbl_search_closest_smaller(rbltree_t *, void *); extern rbl_t *rbl_search_rbl(rbltree_t *, void *); extern rbl_t *rbl_search_closest_rbl(rbltree_t *, void *); +extern rbl_t *rbl_search_closest_greater_rbl(rbltree_t *, void *); +extern rbl_t *rbl_search_closest_smaller_rbl(rbltree_t *, void *); extern rbl_t *rbl_insert(rbltree_t *, void *); extern rbl_t *rbl_unlink(rbltree_t *, void *); extern void rbl_delete(rbltree_t *, void *); diff --git a/src/connection.c b/src/connection.c index 4d0b3a81..7f48697d 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.5 2000/11/22 22:18:03 guus Exp $ + $Id: connection.c,v 1.1.2.6 2000/11/24 23:13:01 guus Exp $ */ #include "config.h" @@ -71,11 +71,8 @@ void init_connections(void) connection_t *new_connection(void) { - connection_t *p = (connection_t *)xmalloc(sizeof(*p)); + connection_t *p = (connection_t *)xmalloc_and_zero(sizeof(*p)); cp - /* initialise all those stupid pointers at once */ - memset(p, '\0', sizeof(*p)); - p->subnet_tree = new_rbltree((rbl_compare_t)subnet_compare, NULL); cp return p; diff --git a/src/net.c b/src/net.c index c16a261b..5e8cfaff 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.80 2000/11/20 23:29:46 guus Exp $ + $Id: net.c,v 1.35.4.81 2000/11/24 23:13:02 guus Exp $ */ #include "config.h" @@ -806,8 +806,6 @@ cp myself->status.active = 1; syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port); - - child_pids = list_new(); cp return 0; } @@ -869,12 +867,12 @@ cp if(setup_tap_fd() < 0) return -1; - if(setup_myself() < 0) - return -1; - /* Run tinc-up script to further initialize the tap interface */ execute_script("tinc-up"); + if(setup_myself() < 0) + return -1; + if(!(cfg = get_config_val(config, config_connectto))) /* No upstream IP given, we're listen only. */ return 0; @@ -925,8 +923,6 @@ cp execute_script("tinc-down"); destroy_connection_tree(); - - syslog(LOG_NOTICE, _("Terminating")); cp return; } @@ -1417,8 +1413,6 @@ cp if(FD_ISSET(tap_fd, &fset)) handle_tap_input(); } - - check_children(); } cp } diff --git a/src/process.c b/src/process.c index 33828bbc..1319c0c0 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.13 2000/11/24 12:44:39 zarq Exp $ + $Id: process.c,v 1.1.2.14 2000/11/24 23:13:05 guus Exp $ */ #include "config.h" @@ -47,25 +47,13 @@ #include "system.h" -/* A list containing all our children */ -list_t *child_pids = NULL; - /* If zero, don't detach from the terminal. */ int do_detach = 1; -static pid_t ppid; - extern char *identname; extern char *pidfilename; extern char **g_argv; -void init_processes(void) -{ -cp - child_pids = list_new(); -cp -} - void memory_full(int size) { syslog(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exiting."), size); @@ -87,44 +75,6 @@ int fcloseall(void) } #endif -int become_daemon(void) -{ - pid_t pid; - int fd; - - ppid = getpid(); - - if((pid = fork()) < 0) - { - perror("fork"); - return -1; - } - if(pid) /* parent process */ - { - signal(SIGTERM, parent_exit); - sleep(600); /* wait 10 minutes */ - exit(1); - } - - if((fd = open("/dev/tty", O_RDWR)) >= 0) - { - if(ioctl(fd, TIOCNOTTY, NULL)) - { - perror("ioctl"); - return -1; - } - close(fd); - } - - if(setsid() < 0) - return -1; - - kill(ppid, SIGTERM); - - chdir("/"); - fcloseall(); -} - /* Close network connections, and terminate neatly */ @@ -137,8 +87,9 @@ cp syslog(LOG_INFO, _("Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d"), total_tap_out, total_socket_out, total_tap_in, total_socket_in); + syslog(LOG_NOTICE, _("Terminating")); + closelog(); - kill(ppid, SIGTERM); exit(c); } @@ -199,13 +150,13 @@ int detach(void) cp setup_signals(); - if(do_detach) - if(become_daemon() < 0) - return -1; - if(write_pidfile()) return -1; + if(do_detach) + if(daemon(0, 0) < 0) + return -1; + openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); if(debug_lvl > DEBUG_NOTHING) @@ -244,62 +195,21 @@ cp } #endif - if(chdir(confbase) < 0) - /* This cannot fail since we already read config files from this - directory. - Guus */ - /* Yes this can fail, somebody could have removed this directory - when we didn't pay attention. - Ivo */ - { - if(chdir("/") < 0) - /* Now if THIS fails, something wicked is going on. - Ivo */ - syslog(LOG_ERR, _("Couldn't chdir to `/': %m")); - - /* Continue anyway. */ - } + chdir("/"); asprintf(&scriptname, "%s/%s", confbase, name); /* Close all file descriptors */ - closelog(); + closelog(); /* <- this means we cannot use syslog() here anymore! */ fcloseall(); - /* Open standard input */ - if((fd = open("/dev/null", O_RDONLY)) < 0) - { - syslog(LOG_ERR, _("Opening `/dev/null' failed: %m")); - error = 1; - } - if(dup2(fd, 0) != 0) - { - syslog(LOG_ERR, _("Couldn't assign /dev/null to standard input: %m")); - error = 1; - } - - if(!error) - { - close(1); /* fd #1 should be the first available filedescriptor now. */ - /* Standard output directly goes to syslog */ - openlog(name, LOG_CONS | LOG_PID, LOG_DAEMON); - /* Standard error as well */ - if(dup2(1, 2) < 0) - { - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "dup2"); - error = 1; - } - } - - if(error && debug_lvl > 1) - syslog(LOG_INFO, _("This means that any output the script generates will not be shown in syslog.")); - execl(scriptname, NULL); /* No return on success */ - if(errno != ENOENT) /* Ignore if the file does not exist */ - syslog(LOG_WARNING, _("Error executing `%s': %m"), scriptname); - - /* No need to free things */ - exit(0); + if(errno != ENOENT) /* Ignore if the file does not exist */ + exit(-1); /* Some error while trying execl(). */ + else + exit(0); } /* @@ -308,6 +218,7 @@ cp int execute_script(const char *name) { pid_t pid; + int status; cp if((pid = fork()) < 0) { @@ -318,55 +229,45 @@ cp if(pid) { - list_append(child_pids, &pid); - return 0; + if(debug_lvl >= DEBUG_STATUS) + syslog(LOG_INFO, _("Executing script %s"), name); + + if(waitpid(pid, &status, 0) == pid) + { + if(WIFEXITED(status)) /* Child exited by itself */ + { + if(WEXITSTATUS(status)) + { + syslog(LOG_ERR, _("Process %d (%s) exited with non-zero status %d"), pid, name, WEXITSTATUS(status)); + return -1; + } + else + return 0; + } + else if(WIFSIGNALED(status)) /* Child was killed by a signal */ + { + syslog(LOG_ERR, _("Process %d (%s) was killed by signal %d (%s)"), + pid, name, WTERMSIG(status), strsignal(WTERMSIG(status))); + return -1; + } + else /* Something strange happened */ + { + syslog(LOG_ERR, _("Process %d (%s) terminated abnormaly"), pid, name); + return -1; + } + } + else + { + syslog(LOG_ERR, _("System call `%s' failed: %m"), "waitpid"); + return -1; + } } cp /* Child here */ + _execute_script(name); } -/* - Check a child (the pointer data is actually an integer, the PID of - that child. A non-zero return value means that the child has exited - and can be removed from our list. -*/ -int check_child(void *data) -{ - pid_t pid; - int status; -cp - pid = (pid_t) data; - pid = waitpid(pid, &status, WNOHANG); - if(WIFEXITED(status)) - { - if(WIFSIGNALED(status)) /* Child was killed by a signal */ - { - syslog(LOG_ERR, _("Child with PID %d was killed by signal %d (%s)"), - pid, WTERMSIG(status), strsignal(WTERMSIG(status))); - return -1; - } - if(WEXITSTATUS(status) != 0) - { - syslog(LOG_INFO, _("Child with PID %d exited with code %d"), - WEXITSTATUS(status)); - } - return -1; - } -cp - /* Child is still running */ - return 0; -} - -/* - Check the status of all our children. -*/ -void check_children(void) -{ - list_forall_nodes(child_pids, check_child); -} - - /* Signal handlers. */ @@ -392,6 +293,7 @@ RETSIGTYPE sigsegv_square(int a) { syslog(LOG_ERR, _("Got another SEGV signal: not restarting")); + cp_trace(); exit(0); } @@ -475,8 +377,3 @@ setup_signals(void) signal(SIGUSR2, sigusr2_handler); signal(SIGCHLD, SIG_IGN); } - -RETSIGTYPE parent_exit(int a) -{ - exit(0); -} diff --git a/src/process.h b/src/process.h index bd548138..751c1014 100644 --- a/src/process.h +++ b/src/process.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.4 2000/11/22 22:18:03 guus Exp $ + $Id: process.h,v 1.1.2.5 2000/11/24 23:13:06 guus Exp $ */ #ifndef __TINC_PROCESS_H__ @@ -26,13 +26,8 @@ #include "config.h" #include -extern list_t *child_pids; - -extern RETSIGTYPE parent_exit(int a); -extern void init_processes(void); extern void setup_signals(void); extern int execute_script(const char *); -extern void check_children(void); extern int detach(void); extern int kill_other(void); extern void cleanup_and_exit(int); diff --git a/src/subnet.c b/src/subnet.c index 8e506462..574e7a06 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.14 2000/11/20 22:13:13 guus Exp $ + $Id: subnet.c,v 1.1.2.15 2000/11/24 23:13:06 guus Exp $ */ #include "config.h" @@ -140,6 +140,7 @@ void subnet_del(subnet_t *subnet) { cp rbl_delete(subnet->owner->subnet_tree, subnet); +cp rbl_delete(subnet_tree, subnet); cp } @@ -257,21 +258,35 @@ cp subnet_t *lookup_subnet_mac(mac_t address) { - subnet_t subnet; + subnet_t subnet, *p; cp subnet.type = SUBNET_MAC; subnet.net.mac.address = address; - return (subnet_t *)rbl_search_closest(subnet_tree, &subnet); + + p = (subnet_t *)rbl_search_closest(subnet_tree, &subnet); +cp + if(p && !memcmp(&address, &p->net.mac.address, sizeof(mac_t))) + return p; + else + return NULL; } subnet_t *lookup_subnet_ipv4(ipv4_t address) { - subnet_t subnet; + subnet_t subnet, *p; cp subnet.type = SUBNET_IPV4; subnet.net.ipv4.address = address; subnet.net.ipv4.mask = 0xFFFFFFFF; - return (subnet_t *)rbl_search_closest(subnet_tree, &subnet); + + p = (subnet_t *)rbl_search_closest_greater(subnet_tree, &subnet); + + /* Check if the found subnet REALLY matches */ +cp + if(p && ((address & p->net.ipv4.mask) == p->net.ipv4.address)) + return p; + else + return NULL; } subnet_t *lookup_subnet_ipv6(ipv6_t address) @@ -281,6 +296,9 @@ cp subnet.type = SUBNET_IPV6; subnet.net.ipv6.address = address; memset(&subnet.net.ipv6.mask, 0xFF, 16); + +/* FIXME: check if it REALLY matches */ + return (subnet_t *)rbl_search_closest(subnet_tree, &subnet); } diff --git a/src/tincd.c b/src/tincd.c index 18791cc8..f98afe41 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.34 2000/11/22 19:14:09 guus Exp $ + $Id: tincd.c,v 1.10.4.35 2000/11/24 23:13:07 guus Exp $ */ #include "config.h" @@ -316,8 +316,6 @@ main(int argc, char **argv, char **envp) if(read_server_config()) return 1; - init_processes(); - if(detach()) exit(0); From cfb828784ebbcf4b3e40eb9bb351b6ed10a84b35 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 24 Nov 2000 23:14:52 +0000 Subject: [PATCH 257/923] - Added Armijn to the list --- THANKS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/THANKS b/THANKS index 81658b1a..10b7e025 100644 --- a/THANKS +++ b/THANKS @@ -15,7 +15,9 @@ We would like to thank * Enrique Zanardi (for the Spanish translation) * Matias Carrasco (for the Spanish translation of the manual) * Jamie Briggs (for finding a lot of socket leaks) + * Armijn Hemel (for being our very own PR manager) for their help, support and ideas. Thank you guys! And especially Guus Sliepen, for starting this whole project... + From 0806605ce383b7e89fa26eda56f8a5f3bbed9dd3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 24 Nov 2000 23:30:50 +0000 Subject: [PATCH 258/923] - Added daemon() replacement. --- lib/daemon.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++ lib/daemon.h | 30 ++++++++++++++++++ 2 files changed, 118 insertions(+) create mode 100644 lib/daemon.c create mode 100644 lib/daemon.h diff --git a/lib/daemon.c b/lib/daemon.c new file mode 100644 index 00000000..f12599f4 --- /dev/null +++ b/lib/daemon.c @@ -0,0 +1,88 @@ +/* + daemon.c -- replacement daemon() for platforms that do not have it + Copyright (C) 2000 Ivo Timmermans , + 2000 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: daemon.c,v 1.1.2.1 2000/11/24 23:30:50 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include + +#include + +#ifndef HAVE_DAEMON +int daemon(int nochdir, int noclose) +{ + pid_t pid; + int fd; + + pid = fork(); + + /* Check if forking failed */ + + if(pid < 0) + { + perror("fork"); + exit(-1); + } + + /* If we are the parent, terminate */ + + if(pid) + exit(0); + + /* Detach by becoming the new process group leader */ + + if(setsid() < 0) + { + perror("setsid"); + return -1; + } + + /* Change working directory to the root (to avoid keeping mount points busy) */ + + if(!nochdir) + { + chdir("/"); + } + + /* Redirect stdin/out/err to /dev/null */ + + if(!noclose) + { + fd = open("/dev/null", O_RDWR); + + if(fd < 0) + { + perror("opening /dev/null"); + return -1; + } + else + { + dup2(fd, 0); + dup2(fd, 1); + dup2(fd, 2); + } + } +} +#endif diff --git a/lib/daemon.h b/lib/daemon.h new file mode 100644 index 00000000..ce23b762 --- /dev/null +++ b/lib/daemon.h @@ -0,0 +1,30 @@ +/* + daemon.h -- header file for daemon.c + Copyright (C) 2000 Ivo Timmermans , + 2000 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: daemon.h,v 1.1.2.1 2000/11/24 23:30:50 guus Exp $ +*/ + +#ifndef __DAEMON_H__ +#define __DAEMON_H__ + +#ifndef HAVE_DAEMON +extern int daemon(int, int); +#endif + +#endif /* __DAEMON_H__ */ From 1eedf54681d4556c6874f7baee8e810cab867756 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 25 Nov 2000 13:33:33 +0000 Subject: [PATCH 259/923] - Use only one socket for all UDP traffic (for compatibility) - Write pidfile again after detaching - Check OS (for handling FreeBSD/Solaris tun/tap stuff) --- acconfig.h | 8 ++++ autogen.sh | 3 ++ configure.in | 19 ++++++++- src/net.c | 109 ++++++++++++++++++++++++++++--------------------- src/process.c | 20 ++++++--- src/protocol.c | 10 +---- 6 files changed, 105 insertions(+), 64 deletions(-) diff --git a/acconfig.h b/acconfig.h index 9861a745..7bb8efe1 100644 --- a/acconfig.h +++ b/acconfig.h @@ -44,6 +44,14 @@ # undef getopt #endif +/* Linux */ +#undef HAVE_LINUX + +/* FreeBSD */ +#undef HAVE_FREEBSD + +/* Solaris */ +#undef HAVE_SOLARIS /* Define to the location of the kernel sources */ #undef CONFIG_TINC_KERNELDIR diff --git a/autogen.sh b/autogen.sh index 344fbfa0..9e3c0452 100644 --- a/autogen.sh +++ b/autogen.sh @@ -70,6 +70,9 @@ if test "$DIE" -eq 1; then exit 1 fi +# Make sure configure doesn't complain about old configuration +rm -f config.status + if test -z "$*"; then echo "**Warning**: I am going to run \`configure' with no arguments." echo "If you wish to pass any to it, please specify them on the" diff --git a/configure.in b/configure.in index 7013b995..04bfd024 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.24 2000/11/24 23:12:56 guus Exp $ +dnl $Id: configure.in,v 1.13.2.25 2000/11/25 13:33:30 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs) @@ -29,6 +29,22 @@ jm_PERL AC_ISC_POSIX +dnl Check and set OS + +AC_CANONICAL_HOST + +case $host_os in + *linux*) + AC_DEFINE(HAVE_LINUX) + ;; + *freebsd*) + AC_DEFINE(HAVE_FREEBSD) + ;; + *solaris*) + AC_DEFINE(HAVE_SOLARIS) + ;; +esac + dnl Checks for libraries. dnl Checks for header files. @@ -58,7 +74,6 @@ AM_GNU_GETTEXT dnl Crypto stuff tinc_OPENSSL - dnl Support for SunOS AC_CHECK_FUNC(socket, [], [ diff --git a/src/net.c b/src/net.c index 5e8cfaff..893892c0 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.81 2000/11/24 23:13:02 guus Exp $ + $Id: net.c,v 1.35.4.82 2000/11/25 13:33:30 guus Exp $ */ #include "config.h" @@ -100,6 +100,8 @@ int xsend(connection_t *cl, vpn_packet_t *inpkt) vpn_packet_t outpkt; int outlen, outpad; EVP_CIPHER_CTX ctx; + struct sockaddr_in to; + socklen_t tolen = sizeof(to); cp outpkt.len = inpkt->len; @@ -121,7 +123,11 @@ cp total_socket_out += outlen; - if((send(cl->socket, (char *) &(outpkt.len), outlen, 0)) < 0) + to.sin_family = AF_INET; + to.sin_addr.s_addr = htonl(cl->address); + to.sin_port = htons(cl->port); + + if((sendto(myself->socket, (char *) &(outpkt.len), outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->name, cl->hostname); @@ -336,17 +342,6 @@ cp /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */ - /* Connections are now opened beforehand... - - if(!cl->status.dataopen) - if(setup_vpn_connection(cl) < 0) - { - syslog(LOG_ERR, _("Could not open UDP connection to %s (%s)"), - cl->name, cl->hostname); - return -1; - } - */ - if(!cl->status.validkey) { /* FIXME: Don't queue until everything else is fixed. @@ -384,19 +379,31 @@ int setup_tap_fd(void) int nfd; const char *tapfname; config_t const *cfg; -#ifdef HAVE_TUNTAP +#ifdef HAVE_LINUX + #ifdef HAVE_TUNTAP struct ifreq ifr; + #endif #endif cp if((cfg = get_config_val(config, config_tapdevice))) tapfname = cfg->data.ptr; else -#ifdef HAVE_TUNTAP - tapfname = "/dev/misc/net/tun"; -#else - tapfname = "/dev/tap0"; + { +#ifdef HAVE_LINUX + #ifdef HAVE_TUNTAP + tapfname = "/dev/misc/net/tun"; + #else + tapfname = "/dev/tap0"; + #endif #endif +#ifdef HAVE_FREEBSD + tapfname = "/dev/tap0"; +#endif +#ifdef HAVE_SOLARIS + tapfname = "/dev/tun"; +#endif + } cp if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0) { @@ -406,9 +413,10 @@ cp cp tap_fd = nfd; + taptype = TAP_TYPE_ETHERTAP; + /* Set default MAC address for ethertap devices */ - taptype = TAP_TYPE_ETHERTAP; mymac.type = SUBNET_MAC; mymac.net.mac.address.x[0] = 0xfe; mymac.net.mac.address.x[1] = 0xfd; @@ -417,7 +425,8 @@ cp mymac.net.mac.address.x[4] = 0x00; mymac.net.mac.address.x[5] = 0x00; -#ifdef HAVE_TUNTAP +#ifdef HAVE_LINUX + #ifdef HAVE_TUNTAP /* Ok now check if this is an old ethertap or a new tun/tap thingie */ memset(&ifr, 0, sizeof(ifr)); cp @@ -430,6 +439,10 @@ cp syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname); taptype = TAP_TYPE_TUNTAP; } + #endif +#endif +#ifdef HAVE_FREEBSD + taptype = TAP_TYPE_TUNTAP; #endif cp return 0; @@ -618,11 +631,7 @@ cp } /* - setup an outgoing connection. It's not - necessary to also open an udp socket as - well, because the other host will initiate - an authentication sequence during which - we will do just that. + Setup an outgoing meta connection. */ int setup_outgoing_connection(char *name) { @@ -781,7 +790,13 @@ cp if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0) { - syslog(LOG_ERR, _("Unable to set up a listening socket!")); + syslog(LOG_ERR, _("Unable to set up a listening TCP socket!")); + return -1; + } + + if((myself->socket = setup_vpn_in_socket(myself->port)) < 0) + { + syslog(LOG_ERR, _("Unable to set up a listening UDP socket!")); return -1; } @@ -929,6 +944,7 @@ cp /* create a data (udp) socket + OBSOLETED: use only one listening socket for compatibility with non-Linux operating systems */ int setup_vpn_connection(connection_t *cl) { @@ -1049,13 +1065,13 @@ void build_fdset(fd_set *fs) cp FD_ZERO(fs); + FD_SET(myself->socket, fs); + RBL_FOREACH(connection_tree, rbl) { p = (connection_t *)rbl->data; if(p->status.meta) FD_SET(p->meta_socket, fs); - if(p->status.dataopen) - FD_SET(p->socket, fs); } FD_SET(myself->meta_socket, fs); @@ -1068,16 +1084,19 @@ cp udp socket and write it to the ethertap device after being decrypted */ -int handle_incoming_vpn_data(connection_t *cl) +int handle_incoming_vpn_data(void) { vpn_packet_t pkt; int x, l = sizeof(x); int lenin; + struct sockaddr_in from; + socklen_t fromlen = sizeof(from); + connection_t *cl; cp - if(getsockopt(cl->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) + if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), - __FILE__, __LINE__, cl->socket); + __FILE__, __LINE__, myself->socket); return -1; } if(x) @@ -1086,12 +1105,20 @@ cp return -1; } - if((lenin = recv(cl->socket, (char *) &(pkt.len), MTU, 0)) <= 0) + if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); return -1; } + cl = lookup_connection(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + + if(!cl) + { + syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + return 0; + } + if(debug_lvl >= DEBUG_TRAFFIC) { syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), lenin, @@ -1250,6 +1277,9 @@ void check_network_activity(fd_set *f) connection_t *p; rbl_t *rbl; cp + if(FD_ISSET(myself->socket, f)) + handle_incoming_vpn_data(); + RBL_FOREACH(connection_tree, rbl) { p = (connection_t *)rbl->data; @@ -1257,21 +1287,6 @@ cp if(p->status.remove) return; - if(p->status.dataopen) - if(FD_ISSET(p->socket, f)) - { - handle_incoming_vpn_data(p); - - /* Old error stuff (FIXME: copy this to handle_incoming_vpn_data() - - getsockopt(p->socket, SOL_SOCKET, SO_ERROR, &x, &l); - syslog(LOG_ERR, _("Outgoing data socket error for %s (%s): %s"), - p->name, p->hostname, strerror(x)); - terminate_connection(p); - */ - return; - } - if(p->status.meta) if(FD_ISSET(p->meta_socket, f)) if(receive_meta(p) < 0) diff --git a/src/process.c b/src/process.c index 1319c0c0..5aaf573f 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.14 2000/11/24 23:13:05 guus Exp $ + $Id: process.c,v 1.1.2.15 2000/11/25 13:33:33 guus Exp $ */ #include "config.h" @@ -150,12 +150,23 @@ int detach(void) cp setup_signals(); + /* First check if we can open a fresh new pidfile */ + if(write_pidfile()) return -1; + /* If we succeeded in doing that, detach */ + if(do_detach) - if(daemon(0, 0) < 0) - return -1; + { + if(daemon(0, 0) < 0) + return -1; + + /* Now UPDATE the pid in the pidfile, because we changed it... */ + + if(!write_pid(pidfilename)) + return 1; + } openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); @@ -177,11 +188,8 @@ cp void _execute_script(const char *name) __attribute__ ((noreturn)); void _execute_script(const char *name) { - int error = 0; char *scriptname; char *s; - int fd; - cp if(netname) { diff --git a/src/protocol.c b/src/protocol.c index 11ce65f0..087589cd 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.66 2000/11/22 22:05:37 guus Exp $ + $Id: protocol.c,v 1.28.4.67 2000/11/25 13:33:33 guus Exp $ */ #include "config.h" @@ -575,8 +575,6 @@ cp if(cl->status.outgoing) cl->allow_request = ACK; - setup_vpn_connection(cl); - x = send_request(cl, "%d", ACK); cl->status.encryptout = 1; cp @@ -901,12 +899,6 @@ cp new->status.active = 1; new->cipher_pkttype = EVP_bf_cfb(); new->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; - - /* Okay this is a bit ugly... it would be better to setup UDP sockets dynamically, or - * perhaps just one UDP socket... but then again, this has benefits too... - */ - - setup_vpn_connection(new); cp return 0; } From 702e55306dfebe5c6f9a6587ed029c3bc3efbe8f Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 26 Nov 2000 22:32:52 +0000 Subject: [PATCH 260/923] Updated Spanish translation, provided by Enrique Zanardi. --- po/es.po | 1411 +++++++++++++++++++++--------------------------------- 1 file changed, 559 insertions(+), 852 deletions(-) diff --git a/po/es.po b/po/es.po index d619e13c..23883ee5 100644 --- a/po/es.po +++ b/po/es.po @@ -4,754 +4,780 @@ # msgid "" msgstr "" -"Project-Id-Version: tinc 1.0pre2\n" -"POT-Creation-Date: 2000-11-04 16:32+0100\n" -"PO-Revision-Date: 2000-07-02 12:49+01:00\n" +"Project-Id-Version: tinc 1.0pre3\n" +"POT-Creation-Date: 2000-11-26 14:51+0000\n" +"PO-Revision-Date: 2000-11-26 15:20+0000\n" "Last-Translator: Enrique Zanardi \n" "Language-Team: Spanish \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" +#: lib/getopt.c:681 +#, c-format +msgid "%s: option `%s' is ambiguous\n" +msgstr "%s: la opción `%s' es ambigua\n" + +#: lib/getopt.c:705 +#, c-format +msgid "%s: option `--%s' doesn't allow an argument\n" +msgstr "%s: la opción `--%s' no lleva parámetros\n" + +#: lib/getopt.c:710 +#, c-format +msgid "%s: option `%c%s' doesn't allow an argument\n" +msgstr "%s: la opción `%c%s' no lleva parámetros\n" + +#: lib/getopt.c:727 lib/getopt.c:900 +#, c-format +msgid "%s: option `%s' requires an argument\n" +msgstr "%s: la opción `%s' requiere un parámetro\n" + +#. --option +#: lib/getopt.c:756 +#, c-format +msgid "%s: unrecognized option `--%s'\n" +msgstr "%s: opción desconocida `--%s'\n" + +#. +option or -option +#: lib/getopt.c:760 +#, c-format +msgid "%s: unrecognized option `%c%s'\n" +msgstr "%s: opción desconocida `%c%s'\n" + +#. 1003.2 specifies the format of this message. +#: lib/getopt.c:786 +#, c-format +msgid "%s: illegal option -- %c\n" +msgstr "%s: opción ilegal -- %c\n" + +#: lib/getopt.c:789 +#, c-format +msgid "%s: invalid option -- %c\n" +msgstr "%s: opción no válida --%c\n" + +#. 1003.2 specifies the format of this message. +#: lib/getopt.c:819 lib/getopt.c:949 +#, c-format +msgid "%s: option requires an argument -- %c\n" +msgstr "%s: la opción requiere un parámetro -- %c\n" + +#: lib/getopt.c:866 +#, c-format +msgid "%s: option `-W %s' is ambiguous\n" +msgstr "%s: la opción `-W %s' es ambigua\n" + +#: lib/getopt.c:884 +#, c-format +msgid "%s: option `-W %s' doesn't allow an argument\n" +msgstr "%s: la opción `-W %s' no lleva parámetros\n" + +#: lib/list.c:62 +#, c-format +msgid "List callback[delete] failed for %08lx - freeing anyway" +msgstr "" +"El callback[delete] de la lista falló para %08lx - liberándolo de todos modos" + +#. FIXME: describe +#: lib/xmalloc.c:69 +msgid "Memory exhausted" +msgstr "Memoria agotada" + #: src/conf.c:164 #, c-format msgid "Line %d too long while reading config file %s" -msgstr "" +msgstr "La línea %d es demasiado larga en el fichero de configuración %s" #: src/conf.c:180 #, c-format msgid "Invalid variable name on line %d while reading config file %s" msgstr "" +"Nombre de variable no válido en la linea %d del fichero de configuración %s" #: src/conf.c:187 #, c-format msgid "No value for variable on line %d while reading config file %s" msgstr "" +"No hay valor para la variable en la linea %d del fichero de configuración %s" #: src/conf.c:195 #, c-format msgid "Invalid value for variable on line %d while reading config file %s" msgstr "" +"Valor no válido para la variable en la linea %d del fichero de configuración " +"%s" -#: src/conf.c:219 -#, c-format -msgid "Failed to read `%s': %m\n" -msgstr "" - -#: src/connlist.c:168 -#, fuzzy -msgid "Connection list:" -msgstr "Conectando a " - -#: src/connlist.c:170 src/connlist.c:183 -#, c-format -msgid " %s at %s port %hd flags %d sockets %d, %d status %04x" -msgstr "" - -#: src/connlist.c:195 -#, fuzzy -msgid "End of connection list." -msgstr "Cerrando conexión con %s." - -#: src/meta.c:45 -#, fuzzy, c-format -msgid "Sending %d bytes of metadata to %s (%s): %s" -msgstr "Enviados %d bytes a %lx" - -#: src/meta.c:61 -#, fuzzy, c-format -msgid "Sending meta data to %s (%s) failed: %m" -msgstr "Error enviando datos: %m" - -#: src/meta.c:89 src/net.c:962 -#, fuzzy, c-format -msgid "This is a bug: %s:%d: %d:%m %s (%s)" -msgstr "Esto es un `bug': %s:%d: %d:%m" - -#: src/meta.c:95 -#, fuzzy, c-format -msgid "Metadata socket error for %s (%s): %s" -msgstr "Error en el `socket' de metadatos: %s" - -#: src/meta.c:114 -#, fuzzy, c-format -msgid "Connection closed by %s (%s)" -msgstr "Conexión desde %s:%d" - -#: src/meta.c:118 -#, fuzzy, c-format -msgid "Metadata socket read error for %s (%s): %m" -msgstr "Error de lectura del `socket' de metadatos: %m" - -#: src/meta.c:148 -#, fuzzy, c-format -msgid "Got request from %s (%s): %s" -msgstr "Petición desconocida: %s" - -#: src/meta.c:166 -#, fuzzy, c-format -msgid "Metadata read buffer overflow for %s (%s)" -msgstr "Desbordamiento del búfer de lectura de metadatos" - -#: src/net.c:93 src/net.c:470 src/net.c:477 src/net.c:485 src/net.c:516 -#: src/net.c:542 src/net.c:550 src/net.c:987 -#, c-format -msgid "System call `%s' failed: %m" -msgstr "" - -#. No return on success -#. Ignore if the file does not exist -#: src/net.c:112 -#, fuzzy, c-format -msgid "Error executing `%s': %m" -msgstr "Error esperando entrada: %m" - -#: src/net.c:139 -#, fuzzy, c-format -msgid "Sending packet of %d bytes to %s (%s)" -msgstr "Enviados %d bytes a %lx" - -#: src/net.c:148 -#, fuzzy, c-format -msgid "Error sending packet to %s (%s): %m" -msgstr "Error enviando datos: %m" - -#: src/net.c:177 -#, fuzzy, c-format -msgid "Writing packet of %d bytes to tap device" -msgstr "Enviados %d bytes a %lx" - -#: src/net.c:187 -#, fuzzy, c-format -msgid "Can't write to tun/tap device: %m" -msgstr "No puedo escribir en el dispositivo tap: %m" - -#: src/net.c:194 -#, fuzzy, c-format -msgid "Can't write to ethertap device: %m" -msgstr "No puedo escribir en el dispositivo tap: %m" - -#: src/net.c:295 -#, fuzzy -msgid "Queue flushed" -msgstr "cola vaciada" - -#: src/net.c:310 -#, fuzzy, c-format -msgid "Flushing send queue for %s (%s)" -msgstr "Vaciando la cola de envíos para " - -#: src/net.c:318 -#, fuzzy, c-format -msgid "Flushing receive queue for %s (%s)" -msgstr "Vaciando la cola de recepción para " - -#: src/net.c:337 -#, c-format -msgid "Trying to look up %d.%d.%d.%d in connection list failed!" -msgstr "" - -#: src/net.c:353 -#, fuzzy, c-format -msgid "Could not open UDP connection to %s (%s)" -msgstr "No pude abrir %s: %s\n" - -#: src/net.c:409 +#: src/encr.c:111 src/net.c:352 #, c-format msgid "Could not open %s: %m" msgstr "No pude abrir %s: %m" -#: src/net.c:436 +#: src/encr.c:118 +#, c-format +msgid "Illegal passphrase in %s; size would be %d" +msgstr "Frase ilegal en %s; el tamaño debe ser %d" + +#: src/encr.c:155 +#, c-format +msgid "Generating %d bits keys" +msgstr "Generando claves de %d bits" + +#: src/encr.c:159 +#, c-format +msgid "Opening /dev/urandom failed: %m" +msgstr "Fallo al abrir /dev/urandom: %m" + +#: src/encr.c:224 +#, c-format +msgid "Encryption key set to %s" +msgstr "Clave de cifrado definida como %s" + +#: src/genauth.c:78 +#, c-format +msgid "Usage: %s bits\n" +msgstr "Modo de empleo: %s bits\n" + +#: src/genauth.c:89 +#, c-format +msgid "Illegal number: %s\n" +msgstr "Número ilegal: %s\n" + +#. Align to bytes for easy mallocing and reading +#: src/genauth.c:95 +#, c-format +msgid "Generating %d bits keys:\n" +msgstr "Generando claves de %d bits:\n" + +#: src/genauth.c:99 +msgid "Done.\n" +msgstr "Hecho.\n" + +#: src/genauth.c:101 +#, c-format +msgid "Public key: %s\n" +msgstr "Clave pública: %s\n" + +#: src/genauth.c:102 +#, c-format +msgid "Private key: %s\n" +msgstr "Clave privada: %s\n" + +#: src/net.c:107 +#, c-format +msgid "Sending packet of %d bytes to %s (%s)" +msgstr "Enviando paquete de %d bytes a %s (%s)" + +#: src/net.c:116 +#, c-format +msgid "Error sending packet to %s (%s): %m" +msgstr "Error enviando paquete a %s (%s): %m" + +#: src/net.c:130 +#, c-format +msgid "Receiving packet of %d bytes" +msgstr "Recibido paquete de %d bytes" + +#: src/net.c:143 +#, c-format +msgid "Can't write to tap device: %m" +msgstr "No puedo escribir en el dispositivo tap: %m" + +#: src/net.c:243 +msgid "Queue flushed" +msgstr "Cola vaciada" + +#: src/net.c:258 +#, c-format +msgid "Flushing send queue for %s (%s)" +msgstr "Vaciando la cola de envíos para %s (%s)" + +#: src/net.c:266 +#, c-format +msgid "Flushing receive queue for %s (%s)" +msgstr "Vaciando la cola de recepción para %s (%s)" + +#: src/net.c:284 +#, c-format +msgid "Trying to look up %d.%d.%d.%d in connection list failed!" +msgstr "¡Error intentando buscar %d.%d.%d.%d en la lista de conexiones!" + +#: src/net.c:298 +#, c-format +msgid "Could not open UDP connection to %s (%s)" +msgstr "No pude abrir una conexión UDP a %s (%s)" + +#: src/net.c:306 +#, c-format +msgid "No valid key known yet for %s (%s), queueing packet" +msgstr "" +"No conozco ninguna clave válida para %s (%s) aún, pongo el paquete en cola" + +#: src/net.c:317 +#, c-format +msgid "%s (%s) is not ready, queueing packet" +msgstr "%s (%s) no está listo, poniendo el paquete en cola" + +#: src/net.c:370 #, c-format msgid "%s is a new style tun/tap device" -msgstr "" +msgstr "%s es un dispositivo tun/tap del nuevo estilo" -#: src/net.c:464 +#: src/net.c:373 +msgid "tun/tap device will be left unconfigured" +msgstr "el dispositivo tun/tap se dejará sin configurar" + +#: src/net.c:396 #, c-format msgid "Creating metasocket failed: %m" msgstr "Fallo al crear el metasocket: %m" -#: src/net.c:494 +#: src/net.c:402 src/net.c:408 src/net.c:470 +#, c-format +msgid "setsockopt: %m" +msgstr "setsockopt(): %m" + +#: src/net.c:415 src/net.c:477 +#, c-format +msgid "fcntl: %m" +msgstr "fcntl(): %m" + +#: src/net.c:423 #, c-format msgid "Unable to bind listen socket to interface %s: %m" -msgstr "" +msgstr "No puedo enlazar (bind) el `socket' de escucha a la interfaz %s: %m" -#: src/net.c:510 +#: src/net.c:439 #, c-format msgid "Can't bind to port %hd/tcp: %m" -msgstr "Ha fallado la llamada a bind() con el puerto %hd/tcp: %m" +msgstr "No puedo enlazar (bind) al puerto %hd/tcp: %m" -#: src/net.c:536 +#: src/net.c:445 +#, c-format +msgid "listen: %m" +msgstr "listen(): %m" + +#: src/net.c:464 #, c-format msgid "Creating socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:562 +#: src/net.c:488 #, c-format msgid "Can't bind to port %hd/udp: %m" -msgstr "Ha fallado la llamada a bind() con el puerto %hd/udp: %m" +msgstr "No puedo enlazar (bind) al puerto %hd/udp: %m" -#: src/net.c:579 -#, fuzzy, c-format +#: src/net.c:505 +#, c-format msgid "Trying to connect to %s" -msgstr "Cerrando conexión con %s." +msgstr "Intentando conectar con %s" -#: src/net.c:589 -#, fuzzy, c-format +#: src/net.c:515 +#, c-format msgid "Creating socket for %s port %d failed: %m" -msgstr "Error al crear el `socket': %m" +msgstr "Error al crear el `socket' para %s puerto %d: %m" -#: src/net.c:600 +#: src/net.c:526 #, c-format msgid "%s port %hd: %m" -msgstr "" +msgstr "%s puerto %hd: %m" -#: src/net.c:607 +#: src/net.c:533 #, c-format msgid "fcntl for %s port %d: %m" -msgstr "" +msgstr "fcntl() para %s puerto %d: %m" -#: src/net.c:613 -#, fuzzy, c-format +#: src/net.c:539 +#, c-format msgid "Connected to %s port %hd" -msgstr "Conectado a %s:%hd" +msgstr "Conectado a %s puerto %hd" -#: src/net.c:636 +#: src/net.c:562 msgid "Invalid name for outgoing connection" -msgstr "" +msgstr "Nombre no válido para conexión saliente" -#: src/net.c:645 +#: src/net.c:571 #, c-format msgid "Error reading host configuration file for %s" -msgstr "" +msgstr "Error leyendo el fichero de configuración del `host' para %s" -#: src/net.c:652 +#: src/net.c:578 #, c-format msgid "No address specified for %s" -msgstr "" +msgstr "No se especificó dirección para %s" -#: src/net.c:659 -#, fuzzy, c-format +#: src/net.c:585 +#, c-format msgid "Error looking up `%s': %m" -msgstr "Error buscando `%s': %s\n" +msgstr "Error buscando `%s': %m" -#: src/net.c:669 -#, fuzzy, c-format +#: src/net.c:595 +#, c-format msgid "Could not set up a meta connection to %s" -msgstr "No he podido configurar una meta conexión." +msgstr "No he podido configurar una meta conexión a %s" -#: src/net.c:704 +#: src/net.c:629 msgid "Name for tinc daemon required!" -msgstr "" +msgstr "¡Se requiere un nombre para el demonio tinc!" -#: src/net.c:712 +#: src/net.c:637 msgid "Invalid name for myself!" -msgstr "" +msgstr "¡Nombre no válido para mí!" -#: src/net.c:718 -msgid "Private key for tinc daemon required!" -msgstr "" - -#: src/net.c:730 +#: src/net.c:643 msgid "Cannot open host configuration file for myself!" -msgstr "" +msgstr "¡No puedo abrir el fichero de configuración de `host' para mí!" -#: src/net.c:736 -msgid "Public key for tinc daemon required!" -msgstr "" - -#: src/net.c:776 -msgid "Network address and subnet mask do not match!" -msgstr "" - -#: src/net.c:785 -#, fuzzy +#: src/net.c:662 msgid "Unable to set up a listening socket!" -msgstr "No puedo configurar un `socket' a la escucha" +msgstr "¡No puedo configurar un `socket' a la escucha!" -#: src/net.c:791 -#, fuzzy +#: src/net.c:668 msgid "Unable to set up an incoming vpn data socket!" -msgstr "No puedo configurar un `socket' para recibir datos de la vpn" +msgstr "¡No puedo configurar un `socket' para recibir datos de la vpn!" -#: src/net.c:816 -#, fuzzy, c-format +#: src/net.c:675 +#, c-format msgid "Ready: listening on port %hd" -msgstr "Listo: escuchando en el puerto %d." +msgstr "Listo: escuchando en el puerto %hd" -#: src/net.c:848 -#, fuzzy, c-format +#: src/net.c:706 +#, c-format msgid "Still failed to connect to other, will retry in %d seconds" -msgstr "Siguo sin poder conectar con el otro. Lo reintentaré en %d segundos." +msgstr "Sigo sin poder conectar con el otro, lo reintentaré en %d segundos." -#: src/net.c:890 -#, fuzzy, c-format +#: src/net.c:744 +#, c-format msgid "Trying to re-establish outgoing connection in %d seconds" -msgstr "Intento re-establecer la conexión saliente en 5 segundos." +msgstr "Intento re-establecer la conexión saliente en %d segundos" -#: src/net.c:925 -#, fuzzy +#: src/net.c:782 msgid "Terminating" -msgstr "Terminando." +msgstr "Terminando" -#: src/net.c:939 -#, fuzzy, c-format +#: src/net.c:796 +#, c-format msgid "Opening UDP socket to %s" -msgstr "Abriendo `socket' UDP a " +msgstr "Abriendo `socket' UDP a %s" -#: src/net.c:944 -#, fuzzy, c-format +#: src/net.c:801 +#, c-format msgid "Creating UDP socket failed: %m" -msgstr "Error al crear el `socket': %m" +msgstr "Error al crear el `socket' UDP: %m" -#: src/net.c:954 -#, fuzzy, c-format +#: src/net.c:811 +#, c-format msgid "Connecting to %s port %d failed: %m" -msgstr "Error al crear `socket' de datos: %m" +msgstr "Error al conectar a %s puerto %d: %m" -#: src/net.c:1003 -#, fuzzy, c-format +#: src/net.c:819 +#, c-format +msgid "This is a bug: %s:%d: %d:%m %s (%s)" +msgstr "Esto es un `bug': %s:%d: %d:%m %s (%s)" + +#: src/net.c:844 +#, c-format +msgid "Error: getpeername: %m" +msgstr "Error: getpeername(): %m" + +#: src/net.c:859 +#, c-format msgid "Connection from %s port %d" -msgstr "Conexión desde %s:%d" +msgstr "Conexión desde %s puerto %d" -#: src/net.c:1049 -#, fuzzy, c-format +#: src/net.c:903 +#, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Esto es un `bug': %s:%d: %d:%m" -#: src/net.c:1055 -#, fuzzy, c-format +#: src/net.c:909 +#, c-format msgid "Incoming data socket error: %s" msgstr "Error en el `socket' de recepción de datos: %s" -#: src/net.c:1061 -#, fuzzy, c-format +#: src/net.c:915 +#, c-format msgid "Receiving packet failed: %m" -msgstr "Error recibiendo datos: %m" +msgstr "Error recibiendo paquete: %m" -#: src/net.c:1067 -#, fuzzy, c-format -msgid "Received packet of %d bytes" -msgstr "Recibiendo clave de " - -#: src/net.c:1089 -#, fuzzy, c-format +#: src/net.c:936 +#, c-format msgid "Closing connection with %s (%s)" -msgstr "Cerrando conexión con %s." +msgstr "Cerrando conexión con %s (%s)" -#: src/net.c:1125 -#, fuzzy +#: src/net.c:979 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:1157 +#: src/net.c:1009 #, c-format msgid "%s (%s) didn't respond to PING" -msgstr "" +msgstr "%s (%s) no respondió al PING" -#: src/net.c:1188 +#: src/net.c:1040 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Error al aceptar una nueva conexión: %m" -#: src/net.c:1196 -#, fuzzy +#: src/net.c:1048 msgid "Closed attempted connection" msgstr "Se ha cerrado la conexión que se intentaba realizar." -#: src/net.c:1229 -#, fuzzy, c-format -msgid "Outgoing data socket error for %s (%s): %s" -msgstr "Error en el `socket' de datos salientes: %s" - -#: src/net.c:1265 -#, fuzzy, c-format -msgid "Error while reading from tun/tap device: %m" -msgstr "Error leyendo del dispositivo tap: %m" - -#: src/net.c:1274 -#, fuzzy, c-format -msgid "Error while reading from ethertap device: %m" -msgstr "Error leyendo del dispositivo tap: %m" - -#: src/net.c:1285 -msgid "Received short packet from tap device" -msgstr "" - -#: src/net.c:1291 +#: src/net.c:1083 #, c-format -msgid "Read packet of length %d from tap device" -msgstr "" +msgid "Outgoing data socket error for %s (%s): %s" +msgstr "Error en el `socket' de datos salientes para %s (%s): %s" -#: src/net.c:1323 +#: src/net.c:1122 src/net.c:1131 +#, c-format +msgid "Error while reading from tapdevice: %m" +msgstr "Error leyendo del dispositivo tap: %m" + +#: src/net.c:1143 +#, c-format +msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" +msgstr "Trama ethernet no-IP %04x desde %02x:%02x:%02x:%02x:%02x:%02x" + +#: src/net.c:1150 +#, c-format +msgid "Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x" +msgstr "Ignorando paquete corto desde %02x:%02x:%02x:%02x:%02x:%02x" + +#: src/net.c:1185 #, c-format msgid "Error while waiting for input: %m" msgstr "Error esperando entrada: %m" -#: src/net.c:1330 -msgid "Rereading configuration file and restarting in 5 seconds" -msgstr "" - -#: src/net.c:1337 -msgid "Unable to reread configuration file, exiting" -msgstr "" - -#: src/net.c:1363 -#, fuzzy -msgid "Regenerating symmetric key" -msgstr "Generando claves de %d bits." - -#: src/netutl.c:114 +#: src/netutl.c:115 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Error buscando `%s': %s\n" -#: src/protocol.c:82 +#: src/protocol.c:80 #, c-format msgid "Output buffer overflow while sending %s to %s (%s)" -msgstr "" +msgstr "Desbordamiento del bufer de salida mientras enviaba %s a %s (%s)" -#: src/protocol.c:89 -#, fuzzy, c-format +#: src/protocol.c:87 +#, c-format msgid "Sending %s to %s (%s)" -msgstr "Envio ACK a %s" +msgstr "Enviando %s a %s (%s)" -#: src/protocol.c:103 -#, fuzzy, c-format +#: src/protocol.c:101 +#, c-format msgid "Unknown request from %s (%s)" -msgstr "Petición desconocida: %s" +msgstr "Petición desconocida desde %s (%s)" -#: src/protocol.c:110 -#, fuzzy, c-format +#: src/protocol.c:108 +#, c-format msgid "Got %s from %s (%s)" -msgstr "He recibido una petición: %s" +msgstr "He recibido %s desde %s (%s)" -#: src/protocol.c:116 -#, fuzzy, c-format -msgid "Unauthorized request from %s (%s)" -msgstr "Petición desconocida: %s" - -#: src/protocol.c:123 -#, fuzzy, c-format +#: src/protocol.c:114 +#, c-format msgid "Error while processing %s from %s (%s)" -msgstr "Error al procesar la petición de " +msgstr "Error al procesar %s desde %s (%s)" -#: src/protocol.c:130 -#, fuzzy, c-format +#: src/protocol.c:121 +#, c-format msgid "Bogus data received from %s (%s)" -msgstr "Se han recibido datos sin sentido." +msgstr "Se han recibido datos sin sentido desde %s (%s)." -#: src/protocol.c:181 -#, fuzzy, c-format +#: src/protocol.c:169 +#, c-format msgid "Got bad ID from %s" -msgstr "recibí una petición BASIC_INFO incorrecta: %s" +msgstr "Recibí una ID incorrecta desde %s" -#: src/protocol.c:189 -#, fuzzy, c-format +#: src/protocol.c:177 +#, c-format msgid "Peer %s (%s) uses incompatible version %d" -msgstr "" -"La máquina remota usa una versión incompatible del protocolo (versión %d)." +msgstr "La máquina remota %s (%s) usa una versión (%d) incompatible." -#: src/protocol.c:198 +#: src/protocol.c:186 #, c-format msgid "Peer %s uses invalid identity name" -msgstr "" +msgstr "La máquina remota %s usa un nombre de identidad no válido" -#: src/protocol.c:206 +#: src/protocol.c:194 #, c-format msgid "Peer %s had unknown identity (%s)" -msgstr "" +msgstr "La máquina remota %s tiene una identidad desconocida (%s)" -#: src/protocol.c:220 +#: src/protocol.c:209 #, c-format msgid "Uplink %s (%s) is already in our connection list" -msgstr "" +msgstr "El enlace %s (%s) ya está en nuestra lista de conexiones." -#: src/protocol.c:236 +#: src/protocol.c:251 #, c-format -msgid "No public key known for %s (%s)" -msgstr "" - -#: src/protocol.c:269 -#, c-format -msgid "Generated random challenge (unencrypted): %s" -msgstr "" - -#: src/protocol.c:276 src/protocol.c:330 -#, c-format -msgid "Error during encryption of challenge for %s (%s)" -msgstr "" - -#: src/protocol.c:302 -#, fuzzy, c-format msgid "Got bad CHALLENGE from %s (%s)" -msgstr "recibí KEY_CHANGED de " +msgstr "Recibí CHALLENGE incorrecta desde %s (%s)" -#: src/protocol.c:312 +#: src/protocol.c:259 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" -msgstr "" +msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" -#: src/protocol.c:339 -#, c-format -msgid "Received random challenge (unencrypted): %s" -msgstr "" - -#: src/protocol.c:355 +#: src/protocol.c:285 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" -msgstr "" +msgstr "Intento enviar CHAL_REPLY a %s (%s) sin un CHALLENGE válido" -#: src/protocol.c:386 -#, fuzzy, c-format +#: src/protocol.c:316 +#, c-format msgid "Got bad CHAL_REPLY from %s (%s)" -msgstr "recibí una petición ANS_KEY incorrecta: %s" +msgstr "Recibí CHAL_REPLY incorrecta desde %s (%s)" -#: src/protocol.c:395 +#: src/protocol.c:325 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" -msgstr "" +msgstr "Intruso: longitud de respuesta de desafío incorrecta desde %s (%s)" -#: src/protocol.c:412 +#: src/protocol.c:342 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" -msgstr "" +msgstr "Intruso: respuesta de desafío incorrecta desde %s (%s)" -#: src/protocol.c:417 -#, c-format -msgid "Expected challenge reply: %s" -msgstr "" - -#: src/protocol.c:464 -#, c-format -msgid "Generated random meta key (unencrypted): %s" -msgstr "" - -#: src/protocol.c:471 src/protocol.c:534 -#, fuzzy, c-format -msgid "Error during encryption of meta key for %s (%s)" -msgstr "Error enviando datos: %m" - -#: src/protocol.c:503 -#, fuzzy, c-format -msgid "Got bad METAKEY from %s (%s)" -msgstr "recibí REQ_KEY de " - -#: src/protocol.c:513 -#, c-format -msgid "Intruder: wrong meta key length from %s (%s)" -msgstr "" - -#: src/protocol.c:543 -#, c-format -msgid "Received random meta key (unencrypted): %s" -msgstr "" - -#: src/protocol.c:583 +#: src/protocol.c:380 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" +"Eliminando el registro viejo para %s en %s en favor de la nueva conexión " +"desde %s" -#: src/protocol.c:599 -#, fuzzy, c-format +#: src/protocol.c:392 +#, c-format msgid "Connection with %s (%s) activated" -msgstr "Activada la conexión con %s." +msgstr "Activada la conexión con %s (%s)." -#: src/protocol.c:654 -#, fuzzy, c-format +#: src/protocol.c:432 +#, c-format msgid "Got bad ADD_SUBNET from %s (%s)" -msgstr "recibí una petición ADD_HOST incorrecta: %s" +msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s)" -#: src/protocol.c:663 -#, fuzzy, c-format +#: src/protocol.c:441 +#, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" -msgstr "recibí una petición ADD_HOST incorrecta: %s" +msgstr "" +"Recibí ADD_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:672 -#, fuzzy, c-format +#: src/protocol.c:450 +#, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" -msgstr "recibí una petición ADD_HOST incorrecta: %s" +msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s): cadena de subred no válida" -#: src/protocol.c:683 +#: src/protocol.c:461 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "" +"Aviso: recibí ADD_SUBNET desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:694 +#: src/protocol.c:472 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" +"Recibí ADD_SUBNET para %s desde %s (%s) que no está en nuestra lista de " +"conexiones" -#: src/protocol.c:734 -#, fuzzy, c-format +#: src/protocol.c:500 +#, c-format msgid "Got bad DEL_SUBNET from %s (%s)" -msgstr "recibí una petición DEL_HOST incorrecta: %s" +msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s)" -#: src/protocol.c:743 -#, fuzzy, c-format +#: src/protocol.c:509 +#, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" -msgstr "recibí una petición DEL_HOST incorrecta: %s" +msgstr "" +"Recibí DEL_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:752 -#, fuzzy, c-format +#: src/protocol.c:518 +#, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" -msgstr "recibí una petición DEL_HOST incorrecta: %s" +msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s): cadena de subred no válida" -#: src/protocol.c:763 +#: src/protocol.c:529 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "" +"Aviso: recibí DEL_SUBNET desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:774 +#: src/protocol.c:540 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" +"Recibí DEL_SUBNET para %s desde %s (%s) que no está en nuestra lista de " +"conexiones" -#: src/protocol.c:812 -#, fuzzy, c-format +#: src/protocol.c:571 +#, c-format msgid "Got bad ADD_HOST from %s (%s)" -msgstr "recibí una petición ADD_HOST incorrecta: %s" +msgstr "Recibí ADD_HOST incorrecta desde %s (%s)" -#: src/protocol.c:820 -#, fuzzy, c-format +#: src/protocol.c:579 +#, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" -msgstr "recibí una petición ADD_HOST incorrecta: %s" +msgstr "" +"Recibí ADD_HOST incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:829 +#: src/protocol.c:588 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" -msgstr "" +msgstr "Aviso: recibí ADD_HOST desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:846 +#: src/protocol.c:598 +#, c-format +msgid "Warning: got ADD_HOST from %s (%s) from ourself, restarting" +msgstr "Aviso: recibí ADD_HOST desde %s (%s) de nosotros mismos, reiniciando" + +#: src/protocol.c:608 +#, c-format +msgid "" +"Got ADD_HOST from %s (%s) with origin %s which is not in our connection list" +msgstr "" +"Recibí ADD_HOST desde %s (%s) con origen %s que no está en nuestra lista de " +"conexiones" + +#: src/protocol.c:627 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" -msgstr "" +msgstr "Recibí un ADD_HOST duplicado desde %s (%s) para %s (%s)" -#: src/protocol.c:854 +#: src/protocol.c:634 #, c-format -msgid "Removing old entry for %s (%s) in favour of new connection" -msgstr "" +msgid "Removing old entry for %s (%s)" +msgstr "Eliminando el registro viejo para %s (%s)" -#: src/protocol.c:897 -#, fuzzy, c-format +#: src/protocol.c:677 +#, c-format msgid "Got bad DEL_HOST from %s (%s)" -msgstr "recibí una petición DEL_HOST incorrecta: %s" +msgstr "Recibí DEL_HOST incorrecta desde %s (%s)" -#: src/protocol.c:906 -#, fuzzy, c-format +#: src/protocol.c:686 +#, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" -msgstr "recibí una petición DEL_HOST incorrecta: %s" +msgstr "" +"Recibí DEL_HOST incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:915 +#: src/protocol.c:695 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" -msgstr "" +msgstr "Aviso: recibí DEL_HOST desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:926 +#: src/protocol.c:706 +#, c-format +msgid "Warning: got DEL_HOST from %s (%s) from ourself, restarting" +msgstr "Aviso: recibí DEL_HOST desde %s (%s) de nosotros mismos, reiniciando" + +#: src/protocol.c:716 +#, c-format +msgid "" +"Got DEL_HOST from %s (%s) with origin %s which is not in our connection list" +msgstr "" +"Recibí DEL_HOST desde %s (%s) con origen %s que no está en nuestra lista de " +"conexiones" + +#: src/protocol.c:728 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" +"Recibí DEL_HOST desde %s (%s) para %s que no está en nuestra lista de " +"conexiones" -#: src/protocol.c:936 -#, fuzzy, c-format +#: src/protocol.c:738 +#, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" -msgstr "recibí una petición DEL_HOST incorrecta: %s" +msgstr "Recibí DEL_HOST desde %s (%s) para %s que no concuerda" -#: src/protocol.c:972 -#, fuzzy, c-format +#: src/protocol.c:770 +#, c-format msgid "Got bad STATUS from %s (%s)" -msgstr "recibí una petición ANS_KEY incorrecta: %s" +msgstr "Recibí STATUS incorrecta desde %s (%s)" -#: src/protocol.c:979 -#, fuzzy, c-format +#: src/protocol.c:777 +#, c-format msgid "Status message from %s (%s): %s: %s" -msgstr "He recibido una petición: %s" +msgstr "Mensaje de status desde %s (%s): %s: %s" -#: src/protocol.c:1003 -#, fuzzy, c-format +#: src/protocol.c:801 +#, c-format msgid "Got bad ERROR from %s (%s)" -msgstr "recibí una petición DEL_HOST incorrecta: %s" +msgstr "Recibí ERROR incorrecta desde %s (%s)" -#: src/protocol.c:1010 -#, fuzzy, c-format +#: src/protocol.c:808 +#, c-format msgid "Error message from %s (%s): %s: %s" -msgstr "He recibido una petición: %s" +msgstr "Mensaje de error desde %s (%s): %s: %s" -#: src/protocol.c:1086 -#, fuzzy, c-format +#: src/protocol.c:886 +#, c-format msgid "Got bad KEY_CHANGED from %s (%s)" -msgstr "recibí KEY_CHANGED de " +msgstr "Recibí KEY_CHANGED incorrecto desde %s (%s)" -#: src/protocol.c:1093 +#: src/protocol.c:893 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " "connection list" msgstr "" +"Recibí KEY_CHANGED desde %s (%s) origen %s que no está en nuestra lista de " +"conexiones" -#: src/protocol.c:1124 -#, fuzzy, c-format +#: src/protocol.c:923 +#, c-format msgid "Got bad REQ_KEY from %s (%s)" -msgstr "recibí REQ_KEY de " +msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1131 +#: src/protocol.c:930 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " "list" msgstr "" +"Recibí REQ_KEY desde %s (%s) origen %s que no está en nuestra lista de " +"conexiones" -#: src/protocol.c:1149 +#: src/protocol.c:946 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " "connection list" msgstr "" +"Recibí REQ_KEY desde %s (%s) destino %s que no está en nuestra lista de " +"conexiones" -#: src/protocol.c:1185 -#, fuzzy, c-format +#: src/protocol.c:974 +#, c-format msgid "Got bad ANS_KEY from %s (%s)" -msgstr "recibí una petición ANS_KEY incorrecta: %s" +msgstr "Recibí ANS_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1192 +#: src/protocol.c:981 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " "list" msgstr "" +"Recibí ANS_KEY desde %s (%s) origen %s que no está en nuestra lista de " +"conexiones" -#: src/protocol.c:1204 -#, fuzzy, c-format -msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" -msgstr "recibí una petición ANS_KEY incorrecta: %s" +#: src/protocol.c:997 +#, c-format +msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key" +msgstr "Recibí ANS_KEY incorrecta desde %s (%s) origen %s: clave no válida" -#: src/protocol.c:1225 +#: src/protocol.c:1010 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " "connection list" msgstr "" +"Recibí ANS_KEY desde %s (%s) destino %s que no está en nuestra lista de " +"conexiones" -#. Do some intl stuff right now -#: src/subnet.c:243 src/tincd.c:396 -msgid "unknown" -msgstr "" - -#: src/subnet.c:299 -#, fuzzy -msgid "Subnet list:" -msgstr "Lista de conexiones:" - -#: src/subnet.c:308 -msgid "End of subnet list." -msgstr "" - -#: src/tincd.c:103 +#: src/tincd.c:94 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Pruebe `%s --help' para más información.\n" -#: src/tincd.c:106 +#: src/tincd.c:97 #, c-format msgid "" "Usage: %s [option]...\n" @@ -760,117 +786,98 @@ msgstr "" "Modo de empleo: %s [opción]...\n" "\n" -#: src/tincd.c:107 -#, fuzzy +#: src/tincd.c:98 msgid "" -" -c, --config=DIR Read configuration options from DIR.\n" -" -D, --no-detach Don't fork and detach.\n" -" -d Increase debug level.\n" -" -k, --kill Attempt to kill a running tincd and exit.\n" -" -n, --net=NETNAME Connect to net NETNAME.\n" +" -c, --config=DIR Read configuration options from DIR.\n" +" -D, --no-detach Don't fork and detach.\n" +" -d Increase debug level.\n" +" -k, --kill Attempt to kill a running tincd and exit.\n" +" -n, --net=NETNAME Connect to net NETNAME.\n" +" -t, --timeout=TIMEOUT Seconds to wait before giving a timeout.\n" msgstr "" -" -c, --config=FICHERO Lee opciones de configuración del FICHERO.\n" +" -c, --config=DIR Lee opciones de configuración del directorio DIR.\n" " -D, --no-detach No hagas fork() y liberes la terminal.\n" " -d Aumenta el nivel de depuración.\n" " -k, --kill Intenta eliminar un tincd en ejecución y termina.\n" " -n, --net=NOMBREDERED Conecta a la red NOMBREDERED.\n" -" -t, --timeout=TIEMPO Segundos a esperar antes de cancelar una " -"trasmisión.\n" +" -t, --timeout=TIMEOUT Segundos a esperar antes de dar un timeout.\n" -#: src/tincd.c:112 -#, fuzzy +#: src/tincd.c:104 msgid "" -" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" -" --help Display this help and exit.\n" -" --version Output version information and exit.\n" +" --help Display this help and exit.\n" +" --version Output version information and exit.\n" "\n" msgstr "" " --help Muestra esta ayuda y termina.\n" " --version Muestra información de la versión y termina.\n" "\n" -#: src/tincd.c:115 +#: src/tincd.c:106 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "Comunicar `bugs' a tinc@nl.linux.org.\n" -#: src/tincd.c:155 -msgid "Invalid argument! BITS must be a number equal to or greater than 512.\n" -msgstr "" +#: src/tincd.c:144 +#, c-format +msgid "Invalid timeout value `%s'.\n" +msgstr "Valor de timeout `%s' no válido.\n" -#: src/tincd.c:210 -#, fuzzy, c-format -msgid "Generating %d bits keys:\n" -msgstr "Generando claves de %d bits." - -#: src/tincd.c:214 -msgid "Error during key generation!" -msgstr "" - -#: src/tincd.c:218 -#, fuzzy -msgid "Done.\n" -msgstr ": hecho.\n" - -#: src/tincd.c:220 -msgid "" -"Please copy the private key to tinc.conf and the\n" -"public key to your host configuration file:\n" -"\n" -msgstr "" - -#: src/tincd.c:230 -#, fuzzy, c-format +#: src/tincd.c:158 +#, c-format msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." msgstr "" -"Memoria agotada (la última es %s:%d) (no pude asignar %d bytes); terminando." +"Memoria agotada (la última es %s:%d) (no pude asignar %d bytes), terminando." -#: src/tincd.c:285 -#, fuzzy, c-format +#: src/tincd.c:213 +#, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) comenzando, nivel de depuración %d." -#: src/tincd.c:288 -#, fuzzy, c-format +#: src/tincd.c:216 +#, c-format msgid "tincd %s starting" -msgstr "tincd %s comenzando, nivel de depuración %d." +msgstr "tincd %s comenzando" -#: src/tincd.c:303 -#, fuzzy, c-format +#: src/tincd.c:231 +#, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Total de bytes escritos: tap %d, socket %d; bytes leidos: tap %d, socket %d." -#: src/tincd.c:321 +#: src/tincd.c:249 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "" "Un tincd está actualmente en ejecución para la red `%s' con el pid %d.\n" -#: src/tincd.c:324 +#: src/tincd.c:252 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Un tincd está actualmente en ejecución con el pid %d.\n" -#: src/tincd.c:345 +#: src/tincd.c:273 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "No hay ningún otro tincd en ejecución para la red `%s'.\n" -#: src/tincd.c:347 +#: src/tincd.c:275 msgid "No other tincd is running.\n" msgstr "No hay ningún otro tincd en ejecución.\n" -#: src/tincd.c:354 +#: src/tincd.c:282 msgid "Removing stale lock file.\n" msgstr "Borrando fichero de bloqueo en desuso.\n" -#: src/tincd.c:403 +#. Do some intl stuff right now +#: src/tincd.c:325 +msgid "unknown" +msgstr "desconocido" + +#: src/tincd.c:331 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" -msgstr "" +msgstr "%s versión %s (compilado %s %s, protocolo %d)\n" -#: src/tincd.c:404 -#, fuzzy +#: src/tincd.c:332 msgid "" "Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -879,364 +886,64 @@ msgid "" "and you are welcome to redistribute it under certain conditions;\n" "see the file COPYING for details.\n" msgstr "" -"Copyright (C) 1998,1999,2000 Ivo Timmermans y otros,\n" +"Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen y otros,\n" "vea el fichero AUTHORS para una lista completa.\n" "\n" "tinc viene SIN NINGUNA GARANTÍA. Esto es software libre,\n" "y puede ser redistribuido bajo ciertas condiciones;\n" "vea el fichero COPYING para los detalles.\n" -#: src/tincd.c:418 -#, fuzzy +#: src/tincd.c:346 msgid "You must be root to run this program. Sorry.\n" msgstr "" "Usted debe ser el superusuario para ejecutar este programa. Lo siento.\n" -#: src/tincd.c:455 +#: src/tincd.c:377 msgid "Unrecoverable error" -msgstr "" +msgstr "Error irrecuperable" -#: src/tincd.c:460 +#: src/tincd.c:382 #, c-format msgid "Restarting in %d seconds!" -msgstr "" +msgstr "¡Reiniciando en %d segundos!" -#: src/tincd.c:465 src/tincd.c:512 -#, fuzzy -msgid "Not restarting." -msgstr "tincd %s comenzando, nivel de depuración %d." +#: src/tincd.c:387 src/tincd.c:433 +msgid "Aieee! Not restarting." +msgstr "¡Aayyy! No reinicio." -#: src/tincd.c:475 +#: src/tincd.c:397 msgid "Got TERM signal" msgstr "Recibí la señal TERM" -#: src/tincd.c:484 +#: src/tincd.c:405 msgid "Got QUIT signal" msgstr "Recibí la señal QUIT" -#: src/tincd.c:491 +#: src/tincd.c:412 msgid "Got another SEGV signal: not restarting" msgstr "Recibí otra señal SEGV: no reinicio" -#: src/tincd.c:498 -#, fuzzy +#: src/tincd.c:419 msgid "Got SEGV signal" -msgstr "Recibí la señal TERM" +msgstr "Recibí la señal SEGV" -#: src/tincd.c:503 -#, fuzzy +#: src/tincd.c:424 msgid "Trying to re-execute in 5 seconds..." -msgstr "Intento re-establecer la conexión saliente en 5 segundos." +msgstr "Intento re-ejecutar en 5 segundos." -#: src/tincd.c:521 -msgid "Got HUP signal" -msgstr "Recibí la señal HUP" +#: src/tincd.c:442 +msgid "Got HUP signal, rereading configuration and restarting" +msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." -#: src/tincd.c:529 -#, fuzzy +#: src/tincd.c:450 msgid "Got INT signal, exiting" -msgstr "Recibí la señal INT" +msgstr "Recibí la señal INT, saliendo" -#: src/tincd.c:548 -#, fuzzy, c-format +#: src/tincd.c:464 +msgid "Got USR2 signal, forcing new key generation" +msgstr "Recibí la señal USR2, forzando generación de nueva clave" + +#: src/tincd.c:473 +#, c-format msgid "Got unexpected signal %d (%s)" -msgstr "Recibí una señal inesperada (%d)." - -#~ msgid "setsockopt: %m" -#~ msgstr "setsockopt(): %m" - -#~ msgid "fcntl: %m" -#~ msgstr "fcntl(): %m" - -#~ msgid "listen: %m" -#~ msgstr "listen(): %m" - -#~ msgid "Error: getpeername: %m" -#~ msgstr "Error: getpeername(): %m" - -#, fuzzy -#~ msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" -#~ msgstr "Trama ethernet no-IP %04x de " - -#, fuzzy -#~ msgid "Got USR2 signal, forcing new key generation" -#~ msgstr "Forzando generación de una nueva clave" - -#~ msgid "Usage: %s bits\n" -#~ msgstr "Uso: %s bits\n" - -#~ msgid "Illegal number: %s\n" -#~ msgstr "Número ilegal: %s\n" - -#~ msgid "Invalid timeout value `%s'.\n" -#~ msgstr "Valor de `timeout' no válido `%s'.\n" - -#~ msgid "Illegal passphrase in %s; size would be %d" -#~ msgstr "Frase de paso ilegal en %s; el tamaño debe ser %d" - -#~ msgid "Opening /dev/urandom failed: %m" -#~ msgstr "Fallo abriendo /dev/urandom : %m" - -#~ msgid "Encryption key set to %s" -#~ msgstr "Clave de cifrado definida como %s" - -#, fuzzy -#~ msgid "Got bad error from %s (%s)" -#~ msgstr "recibí REQ_KEY de " - -#~ msgid "%s: %d: Invalid variable name `%s'.\n" -#~ msgstr "%s: %d: Nombre de variable `%s' no válido.\n" - -#~ msgid "%s: %d: No value given for `%s'.\n" -#~ msgstr "%s: %d: No se ha definido un valor para `%s'.\n" - -#~ msgid "%s: %d: Invalid value `%s' for variable `%s'.\n" -#~ msgstr "%s: %d: Valor `%s' para la variable `%s' no válido.\n" - -#~ msgid "Could not open %s: %s\n" -#~ msgstr "No pude abrir %s: %s\n" - -#~ msgid "Generating %d bits number" -#~ msgstr "Generando número de %d bits" - -#~ msgid "Opening /dev/urandom" -#~ msgstr "Abriendo /dev/urandom" - -#~ msgid "File was empty!\n" -#~ msgstr "¡El fichero estaba vacío!\n" - -#~ msgid "" -#~ ": done.\n" -#~ "The following line should be ENTIRELY copied into a passphrase file:\n" -#~ msgstr "" -#~ ": hecho.\n" -#~ "La siguiente línea debe ser copiada ENTERA a un fichero de frase de paso:\n" - -#, fuzzy -#~ msgid "Got packet from %s (%s) with unknown origin %d.%d.%d.%d?" -#~ msgstr "He recibido un paquete desde un origen desconocido " - -#, fuzzy -#~ msgid "There is no remote host I can send this packet to!" -#~ msgstr "No hay máquina remota a la que pueda enviar este paquete." - -#~ msgid "No value for my VPN IP given" -#~ msgstr "No se ha definido un valor para mi VPN IP" - -#~ msgid "Dropping short packet" -#~ msgstr "Descartando paquete corto" - -#, fuzzy -#~ msgid "Send failed: %d:%d: %m" -#~ msgstr "Error enviando: %d:%d: %m" - -#, fuzzy -#~ msgid "Sending TERMREQ to %s (%s)" -#~ msgstr "Envío TERMREQ a " - -#, fuzzy -#~ msgid "Send failed: %s:%d: %m" -#~ msgstr "Error enviando: %s:%d: %m" - -#, fuzzy -#~ msgid "Sending TIMEOUT to %s (%s)" -#~ msgstr "Envío TIMEOUT a " - -#, fuzzy -#~ msgid "Sending PACKET to %s (%s)" -#~ msgstr "Envio ACK a %s" - -#, fuzzy -#~ msgid "Sending PING to %s (%s)" -#~ msgstr "Enviando KEY_CHANGED to " - -#, fuzzy -#~ msgid "Sending PONG to %s (%s)" -#~ msgstr "Enviando KEY_CHANGED to " - -#, fuzzy -#~ msgid "Sending KEY_CHANGED origin %s to %s (%s)" -#~ msgstr "Enviando KEY_CHANGED to " - -#, fuzzy -#~ msgid "Sending BASIC_INFO to %s" -#~ msgstr "Enviando BASIC_INFO a " - -#, fuzzy -#~ msgid "Sending PASSPHRASE to %s (%s)" -#~ msgstr "Enviando PASSPHRASE %s a " - -#, fuzzy -#~ msgid "Sending PUBLIC_KEY to %s (%s)" -#~ msgstr "Enviando PUBLIC_KEY %s a " - -#, fuzzy -#~ msgid "Sending REQ_KEY to %s (%s)" -#~ msgstr "Enviando KEY_CHANGED to " - -#, fuzzy -#~ msgid "Sending ANS_KEY to %s (%s)" -#~ msgstr "Envio ACK a %s" - -#, fuzzy -#~ msgid "Got BASIC_INFO from %s" -#~ msgstr "recibí una petición BASIC_INFO incorrecta: %s" - -#, fuzzy -#~ msgid "Got bad PASSPHRASE from %s (%s)" -#~ msgstr "recibí una petición PASSPHRASE incorrecta: %s" - -#, fuzzy -#~ msgid "Got PASSPHRASE from %s (%s)" -#~ msgstr "recibí una petición PASSPHRASE incorrecta: %s" - -#, fuzzy -#~ msgid "Got bad PUBLIC_KEY from %s (%s)" -#~ msgstr "recibí una petición PUBLIC_KEY incorrecta: %s" - -#, fuzzy -#~ msgid "Got PUBLIC_KEY from %s (%s)" -#~ msgstr "recibí PUBLIC_KEY %s" - -#, fuzzy -#~ msgid "Intruder from %s: passphrase for %s does not match!" -#~ msgstr "Intruso: la frase de paso no concuerda." - -#, fuzzy -#~ msgid "Got unauthorized DEL_HOST from %s (%s)" -#~ msgstr "recibí una petición DEL_HOST incorrecta: %s" - -#, fuzzy -#~ msgid "Got unauthorized ADD_HOST from %s (%s)" -#~ msgstr "recibí una petición ADD_HOST incorrecta: %s" - -#, fuzzy -#~ msgid "Got unauthorized KEY_CHANGED from %s (%s)" -#~ msgstr "recibí KEY_CHANGED de " - -#, fuzzy -#~ msgid "Got KEY_CHANGED origin %s from %s (%s)" -#~ msgstr "recibí KEY_CHANGED de " - -#~ msgid "" -#~ "This product includes software developed by Eric Young (eay@mincom.oz.au)\n" -#~ msgstr "" -#~ "Este producto incluye software desarrollado por Eric Young " -#~ "(eay@mincom.oz.au)\n" - -#, fuzzy -#~ msgid "Got SEGV signal after %s line %d, trying to re-execute" -#~ msgstr "Recibí la señal SEGV después de %s línea %d. Intento reiniciar." - -#, fuzzy -#~ msgid "Got SEGV signal, trying to re-execute" -#~ msgstr "Recibí la señal SEGV; intento reiniciar." - -#, fuzzy -#~ msgid "Got unexpected signal %d after %s line %d" -#~ msgstr "Recibí una señal inesperada (%d) después de %s línea %d." - -#~ msgid "packet to queue: %d" -#~ msgstr "paquete a poner en cola: %d" - -#~ msgid "trying to look up " -#~ msgstr "intentando buscar " - -#~ msgid "Try to re-establish outgoing connection in 5 minutes." -#~ msgstr "Intento reestablecer la conexión saliente en 5 minutos." - -#~ msgid "packet from " -#~ msgstr "paquete desde " - -#~ msgid "%s (" -#~ msgstr "%s (" - -#~ msgid "An IP packet (%04x) for " -#~ msgstr "Un paquete IP (%04x) para " - -#~ msgid "Sending delete host " -#~ msgstr "Enviando borra `host' " - -#~ msgid "pinging " -#~ msgstr "pinging " - -#~ msgid "Sending add host to " -#~ msgstr "Enviando añade `host' a " - -#~ msgid "Attempting to send key request to " -#~ msgstr "Intentando enviar petición de clave a " - -#~ msgid "Sending out request for public key to " -#~ msgstr "Enviando petición de clave pública a " - -#~ msgid "Attempting to send key answer to " -#~ msgstr "Intentando enviar respuesta de la clave a " - -#~ msgid "Sending public key to " -#~ msgstr "Enviando clave pública a " - -#~ msgid "got BASIC_INFO(%hd," -#~ msgstr "recibí BASIC_INFO(%hd," - -#~ msgid "Peer uses protocol version %d" -#~ msgstr "La máquina remota usa la versión %d del protocolo" - -#~ msgid "got PASSPHRASE" -#~ msgstr "recibí PASSPHRASE" - -#~ msgid "Passphrase OK" -#~ msgstr "Frase de paso OK" - -#~ msgid "got ACK" -#~ msgstr "recibí ACK" - -#~ msgid "got DEL_HOST for " -#~ msgstr "recibí DEL_HOST para " - -#~ msgid "Somebody wanted to delete " -#~ msgstr "Alguien quería borrar " - -#~ msgid "responding to ping from " -#~ msgstr "respondiendo al `ping' de " - -#~ msgid "ok, got pong from " -#~ msgstr "ok, recibí `pong' de " - -#~ msgid "Add host request from " -#~ msgstr "Añado petición de `host' de " - -#~ msgid "got ADD_HOST(" -#~ msgstr "recibí ADD_HOST(" - -#~ msgid "Invalid add_host request from " -#~ msgstr "Petición add_host no válida de " - -#~ msgid "got bad request: %s" -#~ msgstr "recibí una petición incorrecta: %s" - -#~ msgid "Attempting to forward key request to " -#~ msgstr "Intentando redirigir petición de clave a " - -#~ msgid "Forwarding request for public key to " -#~ msgstr "Reenviando petición de clave pública a " - -#~ msgid "got ANS_KEY from " -#~ msgstr "recibí ANS_KEY de " - -#~ msgid "Yeah! key arrived. Now do something with it." -#~ msgstr "¡Sí! ha llegado una clave. Ahora a hacer algo con ella." - -#~ msgid "Attempting to forward key to " -#~ msgstr "Intentando redirigir la clave a " - -#~ msgid "Forwarding public key to " -#~ msgstr "Redirigiendo clave pública a " - -#~ msgid "Got changed key from " -#~ msgstr "Recibí clave modificada de " - -#~ msgid "Forwarding key invalidation request" -#~ msgstr "Redirigiendo petición de invalidación de clave" - -#~ msgid "%s version %s\n" -#~ msgstr "%s versión %s\n" +msgstr "Recibí una señal inesperada %d (%s)." From 67a4abda707b28b9c77cb35ff1e800e6a5b0991c Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 26 Nov 2000 22:42:34 +0000 Subject: [PATCH 261/923] Give an error message if daemon() failed. --- src/process.c | 87 +++++++++++++++++++++++++++++++++------------------ 1 file changed, 57 insertions(+), 30 deletions(-) diff --git a/src/process.c b/src/process.c index 5aaf573f..013b24df 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.15 2000/11/25 13:33:33 guus Exp $ + $Id: process.c,v 1.1.2.16 2000/11/26 22:42:34 zarq Exp $ */ #include "config.h" @@ -160,14 +160,17 @@ cp if(do_detach) { if(daemon(0, 0) < 0) - return -1; + { + fprintf(stderr, _("Couldn't detach from terminal: %m")); + return -1; + } /* Now UPDATE the pid in the pidfile, because we changed it... */ - + if(!write_pid(pidfilename)) - return 1; + return -1; } - + openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); if(debug_lvl > DEBUG_NOTHING) @@ -276,12 +279,13 @@ cp _execute_script(name); } + /* Signal handlers. */ RETSIGTYPE -sigterm_handler(int a) +sigterm_handler(int a, siginfo_t *info, void *) { if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got TERM signal")); @@ -290,7 +294,7 @@ sigterm_handler(int a) } RETSIGTYPE -sigquit_handler(int a) +sigquit_handler(int a, siginfo_t *info, void *) { if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got QUIT signal")); @@ -298,7 +302,7 @@ sigquit_handler(int a) } RETSIGTYPE -sigsegv_square(int a) +sigsegv_square(int a, siginfo_t *info, void *) { syslog(LOG_ERR, _("Got another SEGV signal: not restarting")); cp_trace(); @@ -306,7 +310,7 @@ sigsegv_square(int a) } RETSIGTYPE -sigsegv_handler(int a) +sigsegv_handler(int a, siginfo_t *info, void *) { syslog(LOG_ERR, _("Got SEGV signal")); cp_trace(); @@ -328,7 +332,7 @@ sigsegv_handler(int a) } RETSIGTYPE -sighup_handler(int a) +sighup_handler(int a, siginfo_t *info, void *) { if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got HUP signal")); @@ -336,7 +340,7 @@ sighup_handler(int a) } RETSIGTYPE -sigint_handler(int a) +sigint_handler(int a, siginfo_t *info, void *) { if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got INT signal, exiting")); @@ -344,44 +348,67 @@ sigint_handler(int a) } RETSIGTYPE -sigusr1_handler(int a) +sigusr1_handler(int a, siginfo_t *info, void *) { dump_connection_list(); } RETSIGTYPE -sigusr2_handler(int a) +sigusr2_handler(int a, siginfo_t *info, void *) { dump_subnet_list(); } RETSIGTYPE -sighuh(int a) +sighuh(int a, siginfo_t *info, void *) { syslog(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); cp_trace(); } +struct { + int signal; + void (*handler)(int, siginfo_t *, void *); +} sighandlers[] = { + { SIGHUP, sighup_handler }, + { SIGTERM, sigterm_handler }, + { SIGQUIT, sigquit_handler }, + { SIGSEGV, sigsegv_handler }, + { SIGPIPE, NULL }, + { SIGINT, sigint_handler }, + { SIGUSR1, sigusr1_handler }, + { SIGUSR2, sigusr2_handler }, + { SIGCHLD, NULL }, + { 0, NULL } +}; + void setup_signals(void) { int i; + sigset_t a; + struct sigaction act; - for(i=0;i<32;i++) - signal(i,sighuh); + sigemptyset(&a); + act.sa_handler = NULL; + act.sa_mask = a; + act.sa_flags = SA_SIGINFO; - if(signal(SIGTERM, SIG_IGN) != SIG_ERR) - signal(SIGTERM, sigterm_handler); - if(signal(SIGQUIT, SIG_IGN) != SIG_ERR) - signal(SIGQUIT, sigquit_handler); - if(signal(SIGSEGV, SIG_IGN) != SIG_ERR) - signal(SIGSEGV, sigsegv_handler); - if(signal(SIGHUP, SIG_IGN) != SIG_ERR) - signal(SIGHUP, sighup_handler); - signal(SIGPIPE, SIG_IGN); - if(signal(SIGINT, SIG_IGN) != SIG_ERR) - signal(SIGINT, sigint_handler); - signal(SIGUSR1, sigusr1_handler); - signal(SIGUSR2, sigusr2_handler); - signal(SIGCHLD, SIG_IGN); + /* Set a default signal handler for every signal, errors will be + ignored. */ + for(i = 0; i < NSIG; i++) + { + act.sa_sigaction = sighuh_handler; + sigaction(sighandlers[i].signal, &act, NULL); + } + + /* Then, for each known signal that we want to catch, assign a + handler to the signal, with error checking this time. */ + for(i = 0; sighandlers[i].signal; i++) + { + act.sa_sigaction = sighandlers[i].handler; + if(sigaction(sighandlers[i].signal, &act, NULL) < 0) + fprintf(stderr, _("Installing signal handler for signal %d (%s) failed: %m\n"), + sighandlers[i].signal, strsignal(sighandlers[i].signal)); + } } From 699f3b4c93482055c0832c9a6b76dc0294967003 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 26 Nov 2000 22:46:53 +0000 Subject: [PATCH 262/923] Check for the function strsignal, and define it to "" if it is not available. --- configure.in | 4 ++-- system.h | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 04bfd024..f03784cb 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.25 2000/11/25 13:33:30 guus Exp $ +dnl $Id: configure.in,v 1.13.2.26 2000/11/26 22:46:53 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs) @@ -64,7 +64,7 @@ AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL AC_CHECK_FUNCS([ftime socket select strtol strerror flock unsetenv \ -asprintf putenv strdup fcloseall daemon]) +asprintf putenv strdup fcloseall daemon strsignal]) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/system.h b/system.h index f6b2bd8b..5691d8bc 100644 --- a/system.h +++ b/system.h @@ -41,5 +41,9 @@ #endif #define N_(Text) Text +#ifndef HAVE_STRSIGNAL +# define strsignal(p) "" +#endif + #endif /* __TINC_SYSTEM_H__ */ From e44dc004b3d1ce8f857971f479c917931eda7091 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Mon, 27 Nov 2000 20:52:55 +0000 Subject: [PATCH 263/923] Sort items to either 1.0 or future release goals. --- TODO | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/TODO b/TODO index e054e099..df5a2597 100644 --- a/TODO +++ b/TODO @@ -1,16 +1,22 @@ -Todo list (in no specific order): +TODO LIST + +Goals for 1.0 release: + +* Check Solaris port +* Check different linux architectures (x86, alpha done) +* Store private key in a separate file +* Sanity checks on configuration directory +* Use efficient tree algorithms instead of linked lists (largely done) +* Reenable queues for delayed packets + + +Goals for future releases: * Compression * Routing by MAC (allows for more than only IPv4) -* Store private key in a separate file -* Sanity checks on configuration directory -* Use efficient tree algorithms instead of linked lists -* Reenable queues for delayed packets * Broadcast/multicast * Windowing, chaffing, scattering, background noise * ABC protocol (superscalabilty) * Proxy ARP * Eazy setup scripts (graphical?) -* FreeBSD and Solaris ports * Threading -* Everything else not mentioned. From 4c502b005bfd24821e817c134e8a442a5f4606de Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 28 Nov 2000 08:59:27 +0000 Subject: [PATCH 264/923] Use sigaction to set signal handlers, the previous commit (1.1.2.16) already contained a large portion of what should have gone in this one. --- src/process.c | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) diff --git a/src/process.c b/src/process.c index 013b24df..695f1f7e 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.16 2000/11/26 22:42:34 zarq Exp $ + $Id: process.c,v 1.1.2.17 2000/11/28 08:59:27 zarq Exp $ */ #include "config.h" @@ -54,6 +54,8 @@ extern char *identname; extern char *pidfilename; extern char **g_argv; +sigset_t emptysigset; + void memory_full(int size) { syslog(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exiting."), size); @@ -263,7 +265,7 @@ cp } else /* Something strange happened */ { - syslog(LOG_ERR, _("Process %d (%s) terminated abnormaly"), pid, name); + syslog(LOG_ERR, _("Process %d (%s) terminated abnormally"), pid, name); return -1; } } @@ -285,7 +287,7 @@ cp */ RETSIGTYPE -sigterm_handler(int a, siginfo_t *info, void *) +sigterm_handler(int a, siginfo_t *info, void *b) { if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got TERM signal")); @@ -294,7 +296,7 @@ sigterm_handler(int a, siginfo_t *info, void *) } RETSIGTYPE -sigquit_handler(int a, siginfo_t *info, void *) +sigquit_handler(int a, siginfo_t *info, void *b) { if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got QUIT signal")); @@ -302,7 +304,7 @@ sigquit_handler(int a, siginfo_t *info, void *) } RETSIGTYPE -sigsegv_square(int a, siginfo_t *info, void *) +sigsegv_square(int a, siginfo_t *info, void *b) { syslog(LOG_ERR, _("Got another SEGV signal: not restarting")); cp_trace(); @@ -310,15 +312,21 @@ sigsegv_square(int a, siginfo_t *info, void *) } RETSIGTYPE -sigsegv_handler(int a, siginfo_t *info, void *) +sigsegv_handler(int a, siginfo_t *info, void *b) { + struct sigaction act; syslog(LOG_ERR, _("Got SEGV signal")); cp_trace(); if(do_detach) { syslog(LOG_NOTICE, _("Trying to re-execute in 5 seconds...")); - signal(SIGSEGV, sigsegv_square); + + act.sa_handler = NULL; + act.sa_mask = emptysigset; + act.sa_flags = SA_SIGINFO; + act.sa_sigaction = sigsegv_square; + close_network_connections(); sleep(5); remove_pid(pidfilename); @@ -332,7 +340,7 @@ sigsegv_handler(int a, siginfo_t *info, void *) } RETSIGTYPE -sighup_handler(int a, siginfo_t *info, void *) +sighup_handler(int a, siginfo_t *info, void *b) { if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got HUP signal")); @@ -340,7 +348,7 @@ sighup_handler(int a, siginfo_t *info, void *) } RETSIGTYPE -sigint_handler(int a, siginfo_t *info, void *) +sigint_handler(int a, siginfo_t *info, void *b) { if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got INT signal, exiting")); @@ -348,19 +356,19 @@ sigint_handler(int a, siginfo_t *info, void *) } RETSIGTYPE -sigusr1_handler(int a, siginfo_t *info, void *) +sigusr1_handler(int a, siginfo_t *info, void *b) { dump_connection_list(); } RETSIGTYPE -sigusr2_handler(int a, siginfo_t *info, void *) +sigusr2_handler(int a, siginfo_t *info, void *b) { dump_subnet_list(); } RETSIGTYPE -sighuh(int a, siginfo_t *info, void *) +unexpected_signal_handler(int a, siginfo_t *info, void *b) { syslog(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); cp_trace(); @@ -386,19 +394,18 @@ void setup_signals(void) { int i; - sigset_t a; struct sigaction act; - sigemptyset(&a); + sigemptyset(&emptysigset); act.sa_handler = NULL; - act.sa_mask = a; + act.sa_mask = emptysigset; act.sa_flags = SA_SIGINFO; /* Set a default signal handler for every signal, errors will be ignored. */ for(i = 0; i < NSIG; i++) { - act.sa_sigaction = sighuh_handler; + act.sa_sigaction = unexpected_signal_handler; sigaction(sighandlers[i].signal, &act, NULL); } From 3ff76eb10acc55b6f269c1075de6bbaa5bc83516 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 28 Nov 2000 23:12:57 +0000 Subject: [PATCH 265/923] Save RSA public and private keys to a separate file, instead of wanting to copy them into a configuration file. --- m4/openssl.m4 | 4 ++-- src/conf.c | 50 +++++++++++++++++++++++++++++++++++++++++++++++--- src/tincd.c | 28 +++++++++++++++++++++------- 3 files changed, 70 insertions(+), 12 deletions(-) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 782e7e12..2d24258c 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -41,12 +41,12 @@ if test "$tinc_cv_openssl_include" != "none given" ; then fi osi=found -AC_CHECK_HEADERS(evp.h rsa.h rand.h err.h sha.h, +AC_CHECK_HEADERS(evp.h rsa.h rand.h err.h sha.h pem.h, [], [osi=none; break]) if test "$osi" = "none" ; then osi=found - AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h, + AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h, [], [osi=none; break]) fi diff --git a/src/conf.c b/src/conf.c index 56d1a8ac..37bfe946 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1,6 +1,6 @@ /* conf.c -- configuration code - Copyright (C) 1998 Emphyrio, + Copyright (C) 1998 Robert van der Meulen Copyright (C) 1998,1999,2000 Ivo Timmermans 2000 Guus Sliepen 2000 Cris van Pelt @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.22 2000/11/20 19:12:11 guus Exp $ + $Id: conf.c,v 1.9.4.23 2000/11/28 23:12:56 zarq Exp $ */ #include "config.h" @@ -33,10 +33,10 @@ #include #include +#include /* for cp */ #include "conf.h" #include "netutl.h" /* for strtoip */ -#include /* for cp */ #include "config.h" #include "system.h" @@ -255,3 +255,47 @@ cp *base = NULL; cp } + +#define is_safe_file(p) 1 + +FILE *ask_and_safe_open(const char* filename) +{ + FILE *r; + char *directory; + char *fn; + int len; + + if(!isatty(0)) + { + /* Argh, they are running us from a script or something. Write + the files to the current directory and let them burn in hell + for ever. */ + directory = "."; /* get_current_directory */ + } + else + { + directory = "."; + } + + len = strlen(filename) + strlen(directory) + 2; /* 1 for the / */ + fn = xmalloc(len); + snprintf(fn, len, "%s/%s", directory, filename); + + if(!is_safe_file(fn)) + { + fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" + "I will not create or overwrite this file.\n"), + fn); + return NULL; + } + + if((r = fopen(fn, "w")) == NULL) + { + fprintf(stderr, _("Error opening file `%s': %m"), + fn); + } + + free(fn); + + return r; +} diff --git a/src/tincd.c b/src/tincd.c index f98afe41..7a65aada 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.35 2000/11/24 23:13:07 guus Exp $ + $Id: tincd.c,v 1.10.4.36 2000/11/28 23:12:57 zarq Exp $ */ #include "config.h" @@ -56,6 +56,12 @@ # include #endif +#ifdef HAVE_OPENSSL_PEM_H +# include +#else +# include +#endif + #include @@ -211,11 +217,14 @@ void indicator(int a, int b, void *p) } } -/* Generate a public/private RSA keypair, and possibly store it into the configuration file. */ - +/* + Generate a public/private RSA keypair, and ask for a file to store + them in. +*/ int keygen(int bits) { RSA *rsa_key; + FILE *f; fprintf(stderr, _("Generating %d bits keys:\n"), bits); rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL); @@ -227,11 +236,16 @@ int keygen(int bits) else fprintf(stderr, _("Done.\n")); - fprintf(stderr, _("Please copy the private key to tinc.conf and the\npublic key to your host configuration file:\n\n")); - printf("PublicKey = %s\n", BN_bn2hex(rsa_key->n)); - printf("PrivateKey = %s\n", BN_bn2hex(rsa_key->d)); + if((f = ask_and_safe_open("rsa_key.pub")) == NULL) + return -1; + PEM_write_RSAPublicKey(f, rsa_key); + fclose(f); - fflush(stdin); + if((f = ask_and_safe_open("rsa_key.priv")) == NULL) + return -1; + PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); + fclose(f); + return 0; } From c94f7637427f4c89d56c41fe4c75f2970b664a63 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 28 Nov 2000 23:23:41 +0000 Subject: [PATCH 266/923] dropin.c/h contain a set of drop-in replacements for non-standard C library functions (read: GNU extensions). --- lib/Makefile.am | 6 +++--- lib/{daemon.c => dropin.c} | 17 +++++++++++++++-- lib/{daemon.h => dropin.h} | 12 ++++++++---- 3 files changed, 26 insertions(+), 9 deletions(-) rename lib/{daemon.c => dropin.c} (89%) rename lib/{daemon.h => dropin.h} (81%) diff --git a/lib/Makefile.am b/lib/Makefile.am index 7ac630a0..355493cd 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,15 +1,15 @@ ## Process this file with automake to produce Makefile.in -# $Id: Makefile.am,v 1.2.4.4 2000/11/24 23:12:58 guus Exp $ +# $Id: Makefile.am,v 1.2.4.5 2000/11/28 23:23:41 zarq Exp $ noinst_LIBRARIES = libvpn.a INCLUDES = -I. -I$(top_builddir) -I$(top_srcdir)/intl -libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c rbl.c daemon.c +libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c rbl.c dropin.c libvpn_a_LIBADD = @LIBOBJS@ @ALLOCA@ libvpn_a_DEPENDENCIES = $(libvpn_a_LIBADD) -noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h rbl.h daemon.h +noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h rbl.h dropin.h EXTRA_DIST = README diff --git a/lib/daemon.c b/lib/dropin.c similarity index 89% rename from lib/daemon.c rename to lib/dropin.c index f12599f4..faa2314b 100644 --- a/lib/daemon.c +++ b/lib/dropin.c @@ -1,5 +1,5 @@ /* - daemon.c -- replacement daemon() for platforms that do not have it + dropin.c -- a set of drop-in replacements for libc functions Copyright (C) 2000 Ivo Timmermans , 2000 Guus Sliepen @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: daemon.c,v 1.1.2.1 2000/11/24 23:30:50 guus Exp $ + $Id: dropin.c,v 1.1.2.1 2000/11/28 23:23:41 zarq Exp $ */ #include "config.h" @@ -86,3 +86,16 @@ int daemon(int nochdir, int noclose) } } #endif + + + + + +#ifndef HAVE_GET_CURRENT_DIR_NAME + +char *get_current_dir_name(void) +{ + return "."; +} + +#endif diff --git a/lib/daemon.h b/lib/dropin.h similarity index 81% rename from lib/daemon.h rename to lib/dropin.h index ce23b762..a104b38e 100644 --- a/lib/daemon.h +++ b/lib/dropin.h @@ -17,14 +17,18 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: daemon.h,v 1.1.2.1 2000/11/24 23:30:50 guus Exp $ + $Id: dropin.h,v 1.1.2.1 2000/11/28 23:23:41 zarq Exp $ */ -#ifndef __DAEMON_H__ -#define __DAEMON_H__ +#ifndef __DROPIN_H__ +#define __DROPIN_H__ #ifndef HAVE_DAEMON extern int daemon(int, int); #endif -#endif /* __DAEMON_H__ */ +#ifndef HAVE_GET_CURRENT_DIR_NAME +extern char* get_current_dir_name(void); +#endif + +#endif /* __DROPIN_H__ */ From 1ca04711aeab615161746c6bbb5d137388c73263 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 29 Nov 2000 00:33:15 +0000 Subject: [PATCH 267/923] Check for get_current_dir_name. There is a replacement function in dropin.c. --- configure.in | 4 ++-- lib/dropin.c | 57 ++++++++++++++++++++++++++++++++++++++++++---------- lib/dropin.h | 4 ++-- 3 files changed, 50 insertions(+), 15 deletions(-) diff --git a/configure.in b/configure.in index f03784cb..ed5f4469 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.26 2000/11/26 22:46:53 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.27 2000/11/29 00:33:15 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs) @@ -64,7 +64,7 @@ AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL AC_CHECK_FUNCS([ftime socket select strtol strerror flock unsetenv \ -asprintf putenv strdup fcloseall daemon strsignal]) +asprintf putenv strdup fcloseall daemon strsignal get_current_dir_name]) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/lib/dropin.c b/lib/dropin.c index faa2314b..5f4fcebd 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.1 2000/11/28 23:23:41 zarq Exp $ + $Id: dropin.c,v 1.1.2.2 2000/11/29 00:33:15 zarq Exp $ */ #include "config.h" @@ -28,9 +28,24 @@ #include #include +#include + #include #ifndef HAVE_DAEMON +/* + Replacement for the daemon() function. + + The daemon() function is for programs wishing to detach themselves + from the controlling terminal and run in the background as system + daemons. + + Unless the argument nochdir is non-zero, daemon() changes the + current working directory to the root (``/''). + + Unless the argument noclose is non-zero, daemon() will redirect + standard input, standard output and standard error to /dev/null. +*/ int daemon(int nochdir, int noclose) { pid_t pid; @@ -39,7 +54,6 @@ int daemon(int nochdir, int noclose) pid = fork(); /* Check if forking failed */ - if(pid < 0) { perror("fork"); @@ -47,27 +61,24 @@ int daemon(int nochdir, int noclose) } /* If we are the parent, terminate */ - if(pid) exit(0); /* Detach by becoming the new process group leader */ - if(setsid() < 0) { perror("setsid"); return -1; } - /* Change working directory to the root (to avoid keeping mount points busy) */ - + /* Change working directory to the root (to avoid keeping mount + points busy) */ if(!nochdir) { chdir("/"); } /* Redirect stdin/out/err to /dev/null */ - if(!noclose) { fd = open("/dev/null", O_RDWR); @@ -77,7 +88,7 @@ int daemon(int nochdir, int noclose) perror("opening /dev/null"); return -1; } - else + else { dup2(fd, 0); dup2(fd, 1); @@ -90,12 +101,36 @@ int daemon(int nochdir, int noclose) - #ifndef HAVE_GET_CURRENT_DIR_NAME +/* + Replacement for the GNU get_current_dir_name function: + get_current_dir_name will malloc(3) an array big enough to hold the + current directory name. If the environment variable PWD is set, and + its value is correct, then that value will be returned. +*/ char *get_current_dir_name(void) { - return "."; -} + size_t size; + char *buf; + /* Start with 100 bytes. If this turns out to be insufficient to + contain the working directory, double the size. */ + size = 100; + buf = xmalloc(size); + + errno = 0; /* Success */ + r = getcwd(buf, size); + /* getcwd returns NULL and sets errno to ERANGE if the bufferspace + is insufficient to contain the entire working directory. */ + while(r == NULL && errno = ERANGE) + { + free(buf); + size <<= 1; /* double the size */ + buf = xmalloc(size); + r = getcwd(buf, size); + } + + return buf; +} #endif diff --git a/lib/dropin.h b/lib/dropin.h index a104b38e..90b24714 100644 --- a/lib/dropin.h +++ b/lib/dropin.h @@ -1,5 +1,5 @@ /* - daemon.h -- header file for daemon.c + dropin.h -- header file for dropin.c Copyright (C) 2000 Ivo Timmermans , 2000 Guus Sliepen @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.h,v 1.1.2.1 2000/11/28 23:23:41 zarq Exp $ + $Id: dropin.h,v 1.1.2.2 2000/11/29 00:33:15 zarq Exp $ */ #ifndef __DROPIN_H__ From 9175d2048382c617a639fd3d437a9e06baa66d0f Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 29 Nov 2000 01:37:50 +0000 Subject: [PATCH 268/923] Added a check for a scanf that knows about %as. --- acconfig.h | 3 +++ configure.in | 10 +++++----- m4/gnuscanf.m4 | 25 +++++++++++++++++++++++++ system.h | 3 +++ 4 files changed, 36 insertions(+), 5 deletions(-) create mode 100644 m4/gnuscanf.m4 diff --git a/acconfig.h b/acconfig.h index 7bb8efe1..031a337b 100644 --- a/acconfig.h +++ b/acconfig.h @@ -64,3 +64,6 @@ /* Define to 1 if checkpoint tracing is enabled */ #undef ENABLE_TRACING + +/* Define to 1 if scanf and friends understand %as */ +#undef HAVE_SCANF_AS diff --git a/configure.in b/configure.in index ed5f4469..70b767f8 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.27 2000/11/29 00:33:15 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.28 2000/11/29 01:37:50 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs) @@ -71,9 +71,6 @@ jm_FUNC_REALLOC AM_GNU_GETTEXT -dnl Crypto stuff -tinc_OPENSSL - dnl Support for SunOS AC_CHECK_FUNC(socket, [], [ @@ -84,8 +81,11 @@ AC_CHECK_FUNC(gethostbyname, [], [ ]) -dnl Check for TUN/TAP support in the kernel +dnl These are defined in files in m4/ tinc_TUNTAP +tinc_OPENSSL +tinc_SCANF_AS + dnl Check if checkpoint tracing has to be enabled AC_ARG_ENABLE(tracing, diff --git a/m4/gnuscanf.m4 b/m4/gnuscanf.m4 new file mode 100644 index 00000000..fd8de464 --- /dev/null +++ b/m4/gnuscanf.m4 @@ -0,0 +1,25 @@ +dnl Check for a scanf that understands about %as as format specifier + +AC_DEFUN(tinc_SCANF_AS, +[ + AC_CACHE_CHECK([for a scanf that groks %as], tinc_cv_scanf_as, + [ + AC_TRY_RUN([ +/* Very naive program which will probably give a segmentation + fault if the sscanf doesn't work as expected. */ +#include +int main() { + char*s = NULL; + sscanf("string\n", "%as\n", &s); + if(s == NULL) + return 1; + return strcmp("string", s); +} + ], [tinc_cv_scanf_as="yes"], [tinc_cv_scanf_as="no"]) + ]) + +if test "$tinc_cv_scanf_as" = "yes" ; then + AC_DEFINE(HAVE_SCANF_AS) + AC_SUBST(HAVE_SCANF_AS) +fi +]) diff --git a/system.h b/system.h index 5691d8bc..51adca0b 100644 --- a/system.h +++ b/system.h @@ -45,5 +45,8 @@ # define strsignal(p) "" #endif +/* Other functions */ +#include + #endif /* __TINC_SYSTEM_H__ */ From 54ef13bf75a7a1e787716ce395ffe847fa74673f Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 29 Nov 2000 14:24:40 +0000 Subject: [PATCH 269/923] Implemented a readline() function that will read an entire line into a dynamically allocated buffer; Ask for a file name in ask_and_safe_open(). --- src/conf.c | 101 ++++++++++++++++++++++++++++++++++++++++++++++------ src/conf.h | 3 +- src/tincd.c | 6 ++-- 3 files changed, 96 insertions(+), 14 deletions(-) diff --git a/src/conf.c b/src/conf.c index 37bfe946..7399c823 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.23 2000/11/28 23:12:56 zarq Exp $ + $Id: conf.c,v 1.9.4.24 2000/11/29 14:24:40 zarq Exp $ */ #include "config.h" @@ -38,7 +38,6 @@ #include "conf.h" #include "netutl.h" /* for strtoip */ -#include "config.h" #include "system.h" config_t *config = NULL; @@ -130,6 +129,66 @@ cp } } +/* + Read exactly one line and strip the trailing newline if any. If the + file was on EOF, return NULL. Otherwise, return all the data in a + dynamically allocated buffer. +*/ +char *readline(FILE *fp) +{ + char *newline = NULL; + char *p; + char *line; /* The array that contains everything that has been read + so far */ + char *idx; /* Read into this pointer, which points to an offset + within line */ + size_t size, newsize; /* The size of the current array pointed to by + line */ + size_t maxlen; /* Maximum number of characters that may be read with + fgets. This is newsize - oldsize. */ + + if(feof(fp)) + return NULL; + + size = 100; + maxlen = size; + line = xmalloc(size); + idx = line; + for(;;) + { + errno = 0; + p = fgets(idx, maxlen, fp); + if(p == NULL) /* EOF or error */ + { + if(feof(fp)) + break; + + /* otherwise: error; let the calling function print an error + message if applicable */ + free(line); + return NULL; + } + + newline = strchr(p, '\n'); + if(newline == NULL) + /* We haven't yet read everything to the end of the line */ + { + newsize = size << 1; + line = xrealloc(line, newsize); + idx = &line[size - 1]; + maxlen = newsize - size + 1; + size = newsize; + } + else + { + *newline = '\0'; /* kill newline */ + break; /* yay */ + } + } + + return line; +} + /* Parse a configuration file and put the results in the configuration tree starting at *base. @@ -258,28 +317,49 @@ cp #define is_safe_file(p) 1 -FILE *ask_and_safe_open(const char* filename) +FILE *ask_and_safe_open(const char* filename, const char* what) { FILE *r; char *directory; char *fn; int len; - if(!isatty(0)) + /* Check stdin and stdout */ + if(!isatty(0) || !isatty(1)) { /* Argh, they are running us from a script or something. Write the files to the current directory and let them burn in hell for ever. */ - directory = "."; /* get_current_directory */ + fn = xstrdup(filename); } else { - directory = "."; + /* Ask for a file and/or directory name. */ + fprintf(stdout, _("Please enter a file to save %s to [%s]: "), + what, filename); + fflush(stdout); /* Don't wait for a newline */ + if((fn = readline(stdin)) == NULL) + { + fprintf(stderr, _("Error while reading stdin: %m\n")); + return NULL; + } + if(strlen(fn) == 0) + /* User just pressed enter. */ + fn = xstrdup(filename); } - len = strlen(filename) + strlen(directory) + 2; /* 1 for the / */ - fn = xmalloc(len); - snprintf(fn, len, "%s/%s", directory, filename); + if((strchr(fn, '/') == NULL) || (fn[0] != '/')) + { + /* The directory is a relative path or a filename. */ + char *p; + + directory = get_current_dir_name(); + len = strlen(fn) + strlen(directory) + 2; /* 1 for the / */ + p = xmalloc(len); + snprintf(p, len, "%s/%s", directory, fn); + free(fn); + fn = p; + } if(!is_safe_file(fn)) { @@ -291,11 +371,12 @@ FILE *ask_and_safe_open(const char* filename) if((r = fopen(fn, "w")) == NULL) { - fprintf(stderr, _("Error opening file `%s': %m"), + fprintf(stderr, _("Error opening file `%s': %m\n"), fn); } free(fn); + free(directory); return r; } diff --git a/src/conf.h b/src/conf.h index 9ab0add6..297dc42b 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.16 2000/11/04 22:57:30 guus Exp $ + $Id: conf.h,v 1.6.4.17 2000/11/29 14:24:40 zarq Exp $ */ #ifndef __TINC_CONF_H__ @@ -96,5 +96,6 @@ extern int read_config_file(config_t **, const char *); extern const config_t *get_config_val(config_t *, which_t type); extern void clear_config(); extern int read_server_config(void); +extern FILE *ask_and_safe_open(const char*, const char*); #endif /* __TINC_CONF_H__ */ diff --git a/src/tincd.c b/src/tincd.c index 7a65aada..77e52c07 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.36 2000/11/28 23:12:57 zarq Exp $ + $Id: tincd.c,v 1.10.4.37 2000/11/29 14:24:40 zarq Exp $ */ #include "config.h" @@ -236,12 +236,12 @@ int keygen(int bits) else fprintf(stderr, _("Done.\n")); - if((f = ask_and_safe_open("rsa_key.pub")) == NULL) + if((f = ask_and_safe_open("rsa_key.pub", _("public RSA key"))) == NULL) return -1; PEM_write_RSAPublicKey(f, rsa_key); fclose(f); - if((f = ask_and_safe_open("rsa_key.priv")) == NULL) + if((f = ask_and_safe_open("rsa_key.priv", _("private RSA key"))) == NULL) return -1; PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); fclose(f); From 8ea23d9ec3f2fe0c113eac5caafb7c2bd03f3016 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 29 Nov 2000 14:23:08 +0000 Subject: [PATCH 270/923] xstrdup now takes a const pointer as an argument. --- lib/xalloc.h | 2 +- lib/xmalloc.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/xalloc.h b/lib/xalloc.h index 3579efce..caf0f37d 100644 --- a/lib/xalloc.h +++ b/lib/xalloc.h @@ -23,4 +23,4 @@ void *xmalloc_and_zero PARAMS ((size_t n)); void *xcalloc PARAMS ((size_t n, size_t s)); void *xrealloc PARAMS ((void *p, size_t n)); -char *xstrdup PARAMS ((char *s)); +char *xstrdup PARAMS ((const char *s)); diff --git a/lib/xmalloc.c b/lib/xmalloc.c index e86fb070..e1ab3140 100644 --- a/lib/xmalloc.c +++ b/lib/xmalloc.c @@ -127,7 +127,7 @@ xrealloc (p, n) /* Duplicate a string */ -char *xstrdup(char *s) +char *xstrdup(const char *s) { char *p; From 9e55426d72fd77fda891edd0023dab2f9909639e Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 29 Nov 2000 14:27:24 +0000 Subject: [PATCH 271/923] Use readline() in read_config_file() instead of fgets. --- src/conf.c | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/src/conf.c b/src/conf.c index 7399c823..aaa44899 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.24 2000/11/29 14:24:40 zarq Exp $ + $Id: conf.c,v 1.9.4.25 2000/11/29 14:27:24 zarq Exp $ */ #include "config.h" @@ -197,7 +197,7 @@ int read_config_file(config_t **base, const char *fname) { int err = -1; FILE *fp; - char line[MAXBUFSIZE]; /* There really should not be any line longer than this... */ + char *line; char *p, *q; int i, lineno = 0; config_t *cfg; @@ -209,21 +209,15 @@ cp for(;;) { - if(fgets(line, MAXBUFSIZE, fp) == NULL) - { - err = 0; - break; - } + if((line = readline(fp)) == NULL) + { + err = -1; + break; + } lineno++; - if(!index(line, '\n')) - { - syslog(LOG_ERR, _("Line %d too long while reading config file %s"), lineno, fname); - break; - } - - if((p = strtok(line, "\t\n\r =")) == NULL) + if((p = strtok(line, "\t =")) == NULL) continue; /* no tokens on this line */ if(p[0] == '#') From d36da1948abdd27e9d0740c2baceb0bd155c18c6 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 29 Nov 2000 14:30:07 +0000 Subject: [PATCH 272/923] Also free the pointer returned by readline(). --- src/conf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/conf.c b/src/conf.c index aaa44899..56935884 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.25 2000/11/29 14:27:24 zarq Exp $ + $Id: conf.c,v 1.9.4.26 2000/11/29 14:30:07 zarq Exp $ */ #include "config.h" @@ -252,8 +252,10 @@ cp cfg->which = hazahaza[i].which; if(!config) config = cfg; + free(line); } + free(line); fclose (fp); cp return err; From 75e3c296b4fa1eb02df2f5f84a1280e791f88603 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 29 Nov 2000 15:22:04 +0000 Subject: [PATCH 273/923] Updated Dutch translation --- po/nl.po | 585 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 304 insertions(+), 281 deletions(-) diff --git a/po/nl.po b/po/nl.po index 08bda2ac..23610fc5 100644 --- a/po/nl.po +++ b/po/nl.po @@ -4,694 +4,698 @@ # Guus Sliepen , 2000. msgid "" msgstr "" -"Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-11-04 18:01+0100\n" +"Project-Id-Version: tinc 1.0pre4\n" +"POT-Creation-Date: 2000-11-29 16:17+0100\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" -"Last-Translator: Guus Sliepen \n" +"Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: src/conf.c:164 -#, c-format -msgid "Line %d too long while reading config file %s" -msgstr "Regel %d te lang tijdens het lezen van configuratie bestand %s" - -#: src/conf.c:180 +#: src/conf.c:230 #, c-format msgid "Invalid variable name on line %d while reading config file %s" msgstr "" "Ongeldige naam voor variabele op regel %d tijdens het lezen van configuratie " "bestand %s" -#: src/conf.c:187 +#: src/conf.c:237 #, c-format msgid "No value for variable on line %d while reading config file %s" msgstr "" "Geen waarde voor variabele op regel %d tijdens het lezen van configuratie " "bestand %s" -#: src/conf.c:195 +#: src/conf.c:245 #, c-format msgid "Invalid value for variable on line %d while reading config file %s" msgstr "" "Ongeldige waarde voor variabele op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/conf.c:219 +#: src/conf.c:271 #, c-format msgid "Failed to read `%s': %m\n" msgstr "`%s' lezen mislukte: %m\n" -#: src/connlist.c:168 +#. Ask for a file and/or directory name. +#: src/conf.c:332 +#, c-format +msgid "Please enter a file to save %s to [%s]: " +msgstr "Geef een bestand om de %s naar de schrijven [%s]: " + +#: src/conf.c:337 +#, c-format +msgid "Error while reading stdin: %m\n" +msgstr "Fout tijdens lezen van standaardinvoer: %m\n" + +#: src/conf.c:360 +#, c-format +msgid "" +"The file `%s' (or any of the leading directories) has unsafe permissions.\n" +"I will not create or overwrite this file.\n" +msgstr "" +"Het bestand `%s' (of een van de voorgaande mappen) heeft onvoldoende bescherming.\n" +"Ik maak of overschrijf dit bestand niet.\n" + +#: src/conf.c:368 +#, c-format +msgid "Error opening file `%s': %m\n" +msgstr "Fout bij het openen van het bestand `%s': %m\n" + +#: src/connection.c:187 msgid "Connection list:" msgstr "Verbindingslijst:" -#: src/connlist.c:170 src/connlist.c:183 +#: src/connection.c:189 src/connection.c:196 #, c-format msgid " %s at %s port %hd flags %d sockets %d, %d status %04x" msgstr " %s op %s poort %hd vlaggen %d sockets %d, %d status %04x" -#: src/connlist.c:195 +#: src/connection.c:201 msgid "End of connection list." msgstr "Einde van verbindingslijst." -#: src/meta.c:45 +#: src/meta.c:52 #, c-format msgid "Sending %d bytes of metadata to %s (%s): %s" msgstr "Verzenden van %d bytes metadata naar %s (%s): %s" -#: src/meta.c:61 +#: src/meta.c:68 #, c-format msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:89 src/net.c:981 +#: src/meta.c:99 src/net.c:1010 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" -#: src/meta.c:95 +#: src/meta.c:105 #, c-format msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s): %s" -#: src/meta.c:114 +#: src/meta.c:124 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:118 +#: src/meta.c:128 #, c-format msgid "Metadata socket read error for %s (%s): %m" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %m" -#: src/meta.c:148 +#: src/meta.c:158 #, c-format msgid "Got request from %s (%s): %s" msgstr "Kreeg verzoek van %s (%s): %s" -#: src/meta.c:166 +#: src/meta.c:176 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:93 src/net.c:489 src/net.c:496 src/net.c:504 src/net.c:535 -#: src/net.c:561 src/net.c:569 src/net.c:1006 -#, c-format -msgid "System call `%s' failed: %m" -msgstr "Systeemaanroep `%s' mislukte: %m" - -#: src/net.c:123 -#, c-format -msgid "Couldn't chdir to `%s': %m" -msgstr "Kon map niet veranderen naar `%s': %m" - -#. No return on success -#. Ignore if the file does not exist -#: src/net.c:131 -#, c-format -msgid "Error executing `%s': %m" -msgstr "Fout tijdens uitvoeren `%s': %m" - -#: src/net.c:158 +#: src/net.c:121 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net.c:167 +#: src/net.c:132 #, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" -#: src/net.c:196 +#: src/net.c:161 #, c-format msgid "Writing packet of %d bytes to tap device" msgstr "Verzending pakket van %d bytes naar tap-apparaat" -#: src/net.c:206 +#: src/net.c:171 #, c-format msgid "Can't write to tun/tap device: %m" msgstr "Kan niet naar tun/tap apparaat schrijven: %m" -#: src/net.c:213 +#: src/net.c:178 #, c-format msgid "Can't write to ethertap device: %m" msgstr "Kan niet naar ethertap apparaat schrijven: %m" -#: src/net.c:314 +#: src/net.c:279 msgid "Queue flushed" msgstr "Wachtrij leeggemaakt" -#: src/net.c:329 +#: src/net.c:294 #, c-format msgid "Flushing send queue for %s (%s)" msgstr "Legen van verzend-wachtrij voor %s (%s)" -#: src/net.c:337 +#: src/net.c:302 #, c-format msgid "Flushing receive queue for %s (%s)" msgstr "Legen van de ontvangst-wachtrij voor %s (%s)" -#: src/net.c:356 +#: src/net.c:321 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" -#: src/net.c:372 +#: src/net.c:334 #, c-format -msgid "Could not open UDP connection to %s (%s)" -msgstr "Kon geen UDP verbinding openen naar %s (%s)" +msgid "Packet with destination %d.%d.%d.%d is looping back to us!" +msgstr "Pakket met doeladres %d.%d.%d.%d komt terug naar ons!" -#: src/net.c:428 +#: src/net.c:410 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" -#: src/net.c:455 +#: src/net.c:439 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s is een nieuwe stijl tun/tap apparaat" -#: src/net.c:483 +#: src/net.c:464 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:513 +#: src/net.c:471 src/net.c:479 src/net.c:488 src/net.c:522 src/net.c:550 +#: src/net.c:559 src/net.c:968 src/net.c:977 src/net.c:1035 +#, c-format +msgid "System call `%s' failed: %m" +msgstr "Systeemaanroep `%s' mislukte: %m" + +#: src/net.c:498 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:529 +#: src/net.c:515 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:555 +#: src/net.c:543 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:581 +#: src/net.c:572 src/net.c:990 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:598 +#: src/net.c:589 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:608 +#: src/net.c:599 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:619 +#: src/net.c:611 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:626 +#: src/net.c:619 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:632 +#: src/net.c:625 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:655 +#: src/net.c:644 msgid "Invalid name for outgoing connection" msgstr "Ongelige naam voor uitgaande verbinding" -#: src/net.c:664 +#: src/net.c:653 #, c-format msgid "Error reading host configuration file for %s" msgstr "Fout tijdens lezen host configuratie bestand voor %s" -#: src/net.c:671 +#: src/net.c:660 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:678 +#: src/net.c:667 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:688 +#: src/net.c:677 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:723 +#: src/net.c:712 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:731 +#: src/net.c:720 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:737 +#: src/net.c:726 msgid "Private key for tinc daemon required!" msgstr "Privé sleutel voor tinc daemon verplicht!" -#: src/net.c:749 +#: src/net.c:738 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:755 +#: src/net.c:744 msgid "Public key for tinc daemon required!" msgstr "Publieke sleutel voor tinc daemon verplicht!" -#: src/net.c:795 +#: src/net.c:784 msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" -#: src/net.c:804 -msgid "Unable to set up a listening socket!" -msgstr "Kon geen luistersocket aanmaken!" +#: src/net.c:793 +msgid "Unable to set up a listening TCP socket!" +msgstr "Kon geen TCP luistersocket aanmaken!" -#: src/net.c:810 -msgid "Unable to set up an incoming vpn data socket!" -msgstr "Kon geen socket maken voor inkomend vpn verkeer!" +#: src/net.c:799 +msgid "Unable to set up a listening UDP socket!" +msgstr "Kon geen UDP luistersocket aanmaken!" -#: src/net.c:835 +#: src/net.c:823 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:867 +#: src/net.c:855 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:909 +#: src/net.c:906 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:944 -msgid "Terminating" -msgstr "Beëindigen" - -#: src/net.c:958 +#: src/net.c:956 #, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:963 +#: src/net.c:961 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:973 +#: src/net.c:1001 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:1022 +#: src/net.c:1050 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1068 +#: src/net.c:1098 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1074 +#: src/net.c:1104 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1080 +#: src/net.c:1110 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1086 +#: src/net.c:1118 #, c-format -msgid "Received packet of %d bytes" -msgstr "Ontvangst pakket van %d bytes" +msgid "Received UDP packets on port %d from unknown source %lx:%d" +msgstr "UDP pakket op poort %d ontvangen met onbekende oorsprong %lx:%d" -#: src/net.c:1108 +#: src/net.c:1124 +#, c-format +msgid "Received packet of %d bytes from %s (%s)" +msgstr "Ontvangst pakket van %d bytes van %s (%s)" + +#: src/net.c:1148 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1144 +#: src/net.c:1192 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:1176 +#: src/net.c:1227 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1207 +#: src/net.c:1254 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1215 +#: src/net.c:1262 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1248 -#, c-format -msgid "Outgoing data socket error for %s (%s): %s" -msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" - -#: src/net.c:1284 +#: src/net.c:1317 #, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1293 +#: src/net.c:1326 #, c-format msgid "Error while reading from ethertap device: %m" msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1304 +#: src/net.c:1337 msgid "Received short packet from tap device" msgstr "Kort pakket ontvangen van tap apparaat" -#: src/net.c:1310 +#: src/net.c:1343 #, c-format msgid "Read packet of length %d from tap device" msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1342 +#: src/net.c:1375 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1349 +#: src/net.c:1382 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1356 +#: src/net.c:1389 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1382 +#: src/net.c:1415 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/netutl.c:114 +#: src/netutl.c:115 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Fout bij het opzoeken van `%s': %s\n" -#: src/protocol.c:82 +#: src/protocol.c:98 #, c-format msgid "Output buffer overflow while sending %s to %s (%s)" msgstr "Uitvoer buffer overvol tijdens zenden %s naar %s (%s)" -#: src/protocol.c:89 +#: src/protocol.c:105 #, c-format msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:103 +#: src/protocol.c:119 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:110 +#: src/protocol.c:126 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:116 +#: src/protocol.c:132 #, c-format msgid "Unauthorized request from %s (%s)" msgstr "Niet toegestaan verzoek van %s (%s)" -#: src/protocol.c:123 +#: src/protocol.c:139 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:130 +#: src/protocol.c:146 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:181 +#: src/protocol.c:198 #, c-format msgid "Got bad ID from %s" msgstr "Kreeg ongeldige ID van %s" -#: src/protocol.c:189 +#: src/protocol.c:206 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:198 +#: src/protocol.c:215 #, c-format msgid "Peer %s uses invalid identity name" msgstr "Ander %s gebruikt een ongeldige identiteitsnaam" -#: src/protocol.c:206 +#: src/protocol.c:227 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft een onbekende identiteit (%s)" -#: src/protocol.c:220 +#: src/protocol.c:241 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "%s (%s) staat al in onze verbindingslijst" -#: src/protocol.c:236 +#: src/protocol.c:263 #, c-format msgid "No public key known for %s (%s)" msgstr "Geen publieke sleutel bekend voor %s (%s)" -#: src/protocol.c:269 +#: src/protocol.c:296 #, c-format msgid "Generated random challenge (unencrypted): %s" msgstr "Uitdaging gegenereerd (niet versleuteld): %s" -#: src/protocol.c:276 src/protocol.c:330 +#: src/protocol.c:303 src/protocol.c:356 #, c-format msgid "Error during encryption of challenge for %s (%s)" msgstr "Fout tijdens versleuteling van uitdaging voor %s (%s)" -#: src/protocol.c:302 +#: src/protocol.c:329 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" -#: src/protocol.c:312 +#: src/protocol.c:339 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" -#: src/protocol.c:339 +#: src/protocol.c:364 #, c-format msgid "Received random challenge (unencrypted): %s" msgstr "Uitdaging ontvangen (niet versleuteld): %s" -#: src/protocol.c:355 +#: src/protocol.c:378 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" -#: src/protocol.c:386 +#: src/protocol.c:409 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" -#: src/protocol.c:395 +#: src/protocol.c:417 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" -#: src/protocol.c:412 +#: src/protocol.c:433 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" -#: src/protocol.c:417 +#: src/protocol.c:438 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwacht antwoord op uitdaging: %s" -#: src/protocol.c:464 +#: src/protocol.c:482 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "Meta sleutel gegenereerd (niet versleuteld): %s" -#: src/protocol.c:471 src/protocol.c:534 +#: src/protocol.c:489 src/protocol.c:551 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleuteling van meta sleutel voor %s (%s)" -#: src/protocol.c:503 +#: src/protocol.c:521 #, c-format msgid "Got bad METAKEY from %s (%s)" msgstr "Kreeg ongeldige METAKEY van %s (%s)" -#: src/protocol.c:513 +#: src/protocol.c:531 #, c-format msgid "Intruder: wrong meta key length from %s (%s)" msgstr "Indringer: verkeerde lengte voor meta sleutel van %s (%s)" -#: src/protocol.c:543 +#: src/protocol.c:559 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Meta sleutel ontvangen (niet versleuteld): %s" -#: src/protocol.c:583 +#: src/protocol.c:598 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:599 +#: src/protocol.c:614 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:654 +#: src/protocol.c:679 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" -#: src/protocol.c:663 +#: src/protocol.c:687 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:672 +#: src/protocol.c:695 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" -#: src/protocol.c:683 +#: src/protocol.c:703 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:694 +#: src/protocol.c:713 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg ADD_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:734 +#: src/protocol.c:756 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" -#: src/protocol.c:743 +#: src/protocol.c:764 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:752 +#: src/protocol.c:772 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:763 +#: src/protocol.c:782 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:774 +#: src/protocol.c:792 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg DEL_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:812 +#: src/protocol.c:832 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:820 +#: src/protocol.c:840 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:829 +#: src/protocol.c:849 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:846 +#: src/protocol.c:866 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:854 +#: src/protocol.c:874 #, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe verbinding" -#: src/protocol.c:899 +#: src/protocol.c:924 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:908 +#: src/protocol.c:933 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:917 +#: src/protocol.c:941 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:928 +#: src/protocol.c:951 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:938 +#: src/protocol.c:960 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:974 +#: src/protocol.c:999 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:981 +#: src/protocol.c:1006 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:1005 +#: src/protocol.c:1029 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:1012 +#: src/protocol.c:1036 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:1088 +#: src/protocol.c:1114 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:1095 +#: src/protocol.c:1121 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -700,12 +704,12 @@ msgstr "" "Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1126 +#: src/protocol.c:1150 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:1133 +#: src/protocol.c:1157 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -714,7 +718,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1151 +#: src/protocol.c:1174 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -722,12 +726,12 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1187 +#: src/protocol.c:1210 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:1194 +#: src/protocol.c:1217 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -736,13 +740,13 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1206 +#: src/protocol.c:1228 #, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "" "Kreeg ongeldige ADD_KEY van %s (%s) herkomst %s: ongeldige sleutellengte" -#: src/protocol.c:1218 +#: src/protocol.c:1239 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -750,39 +754,51 @@ msgid "" msgstr "" "Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/route.c:57 +#: src/route.c:61 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" -#: src/route.c:74 +#: src/route.c:75 +#, c-format +msgid "Cannot route packet: unknown destination address %x:%x:%x:%x:%x:%x" +msgstr "Kan pakket niet routeren: onbekend doeladres %x:%x:%x:%x:%x:%x" + +#: src/route.c:99 #, c-format msgid "Cannot route packet: unknown destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend doeladres %d.%d.%d.%d" -#: src/route.c:85 +#: src/route.c:109 msgid "Cannot route packet: IPv6 routing not implemented yet" msgstr "Kan pakket niet routeren: IPv6 routering nog niet ingebouwd" +#: src/subnet.c:108 +#, c-format +msgid "subnet_compare() was called with unknown subnet type %d, restarting!" +msgstr "" +"subnet_compare() werd aangeroepen met onbekend subnet type %d, opnieuw " +"starten" + #. Do some intl stuff right now -#: src/subnet.c:243 src/tincd.c:396 +#: src/subnet.c:251 src/tincd.c:290 msgid "unknown" msgstr "onbekend" -#: src/subnet.c:299 +#: src/subnet.c:311 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:308 +#: src/subnet.c:319 msgid "End of subnet list." msgstr "Einde van subnet lijst." -#: src/tincd.c:103 +#: src/tincd.c:119 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:106 +#: src/tincd.c:122 #, c-format msgid "" "Usage: %s [option]...\n" @@ -791,7 +807,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:107 +#: src/tincd.c:123 msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" @@ -806,7 +822,7 @@ msgstr "" "beëindig.\n" " -n, --net=NETNAAM Verbind met net NETNAAM.\n" -#: src/tincd.c:112 +#: src/tincd.c:128 msgid "" " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" " --help Display this help and exit.\n" @@ -818,92 +834,49 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:115 +#: src/tincd.c:131 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:155 +#: src/tincd.c:171 msgid "Invalid argument! BITS must be a number equal to or greater than 512.\n" msgstr "" "Ongeldig argument! BITS moet een nummer zijn gelijk aan of groter dan 512.\n" -#: src/tincd.c:210 +#: src/tincd.c:229 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:214 +#: src/tincd.c:233 msgid "Error during key generation!" msgstr "Fout tijdens genereren sleutel!" -#: src/tincd.c:218 +#: src/tincd.c:237 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:220 -msgid "" -"Please copy the private key to tinc.conf and the\n" -"public key to your host configuration file:\n" -"\n" +#: src/tincd.c:239 +msgid "public RSA key" +msgstr "openbare RSA sleutel" + +#: src/tincd.c:244 +msgid "private RSA key" +msgstr "geheime RSA sleutel" + +#: src/tincd.c:264 +msgid "Both netname and configuration directory given, using the latter...\n" msgstr "" -"Copiëer de privé sleutel naar tinc.conf en de\n" -"publieke sleutel naar het host configuratie bestand:\n" -"\n" +"Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt...\n" -#: src/tincd.c:230 -#, c-format -msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." -msgstr "" -"Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken), beëindigen." - -#: src/tincd.c:285 -#, c-format -msgid "tincd %s (%s %s) starting, debug level %d" -msgstr "tincd %s (%s %s) gestart, debugniveau %d" - -#: src/tincd.c:288 -#, c-format -msgid "tincd %s starting" -msgstr "tincd %s gestart" - -#: src/tincd.c:303 -#, c-format -msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" -msgstr "" -"Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " -"socket %d." - -#: src/tincd.c:321 -#, c-format -msgid "A tincd is already running for net `%s' with pid %d.\n" -msgstr "Een tincd voor net `%s' draait al met procesnummer %d.\n" - -#: src/tincd.c:324 -#, c-format -msgid "A tincd is already running with pid %d.\n" -msgstr "Een tincd draait al met procesnummer %d.\n" - -#: src/tincd.c:345 -#, c-format -msgid "No other tincd is running for net `%s'.\n" -msgstr "Geen andere tincd gevonden voor net `%s'.\n" - -#: src/tincd.c:347 -msgid "No other tincd is running.\n" -msgstr "Geen andere tincd gevonden.\n" - -#: src/tincd.c:354 -msgid "Removing stale lock file.\n" -msgstr "Ongebruikt vergrendelingsbestand verwijderd.\n" - -#: src/tincd.c:403 +#: src/tincd.c:297 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:404 +#: src/tincd.c:298 msgid "" "Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -920,53 +893,103 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:418 +#: src/tincd.c:312 msgid "You must be root to run this program. Sorry.\n" msgstr "" "Je moet systeembeheerder zijn om dit programma te kunnen draaien. Sorry.\n" -#: src/tincd.c:455 +#: src/tincd.c:347 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:460 +#: src/tincd.c:352 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:465 src/tincd.c:512 +#: src/tincd.c:357 msgid "Not restarting." msgstr "Geen herstart." -#: src/tincd.c:475 -msgid "Got TERM signal" -msgstr "Kreeg TERM signaal" +#~ msgid "Line %d too long while reading config file %s" +#~ msgstr "Regel %d te lang tijdens het lezen van configuratie bestand %s" -#: src/tincd.c:484 -msgid "Got QUIT signal" -msgstr "Kreeg QUIT signaal" +#~ msgid "Terminating" +#~ msgstr "Beëindigen" -#: src/tincd.c:491 -msgid "Got another SEGV signal: not restarting" -msgstr "Kreeg nog een SEGV signaal: niet herstarten" +#~ msgid "" +#~ "Please copy the private key to tinc.conf and the\n" +#~ "public key to your host configuration file:\n" +#~ "\n" +#~ msgstr "" +#~ "Copiëer de privé sleutel naar tinc.conf en de\n" +#~ "publieke sleutel naar het host configuratie bestand:\n" +#~ "\n" -#: src/tincd.c:498 -msgid "Got SEGV signal" -msgstr "Kreeg SEGV signaal" +#~ msgid "Couldn't chdir to `%s': %m" +#~ msgstr "Kon map niet veranderen naar `%s': %m" -#: src/tincd.c:503 -msgid "Trying to re-execute in 5 seconds..." -msgstr "Poging tot herstaren over 5 seconden..." +#~ msgid "Error executing `%s': %m" +#~ msgstr "Fout tijdens uitvoeren `%s': %m" -#: src/tincd.c:521 -msgid "Got HUP signal" -msgstr "Kreeg HUP signaal" +#~ msgid "Could not open UDP connection to %s (%s)" +#~ msgstr "Kon geen UDP verbinding openen naar %s (%s)" -#: src/tincd.c:529 -msgid "Got INT signal, exiting" -msgstr "Kreeg INT signaal, beëindigen" +#~ msgid "Unable to set up an incoming vpn data socket!" +#~ msgstr "Kon geen socket maken voor inkomend vpn verkeer!" -#: src/tincd.c:548 -#, c-format -msgid "Got unexpected signal %d (%s)" -msgstr "Kreeg onverwacht signaal %d (%s)" +#~ msgid "Outgoing data socket error for %s (%s): %s" +#~ msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" + +#~ msgid "" +#~ "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." +#~ msgstr "" +#~ "Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken), beëindigen." + +#~ msgid "tincd %s (%s %s) starting, debug level %d" +#~ msgstr "tincd %s (%s %s) gestart, debugniveau %d" + +#~ msgid "tincd %s starting" +#~ msgstr "tincd %s gestart" + +#~ msgid "" +#~ "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" +#~ msgstr "" +#~ "Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " +#~ "socket %d." + +#~ msgid "A tincd is already running for net `%s' with pid %d.\n" +#~ msgstr "Een tincd voor net `%s' draait al met procesnummer %d.\n" + +#~ msgid "A tincd is already running with pid %d.\n" +#~ msgstr "Een tincd draait al met procesnummer %d.\n" + +#~ msgid "No other tincd is running for net `%s'.\n" +#~ msgstr "Geen andere tincd gevonden voor net `%s'.\n" + +#~ msgid "No other tincd is running.\n" +#~ msgstr "Geen andere tincd gevonden.\n" + +#~ msgid "Removing stale lock file.\n" +#~ msgstr "Ongebruikt vergrendelingsbestand verwijderd.\n" + +#~ msgid "Got TERM signal" +#~ msgstr "Kreeg TERM signaal" + +#~ msgid "Got another SEGV signal: not restarting" +#~ msgstr "Kreeg nog een SEGV signaal: niet herstarten" + +#~ msgid "Got SEGV signal" +#~ msgstr "Kreeg SEGV signaal" + +#~ msgid "Trying to re-execute in 5 seconds..." +#~ msgstr "Poging tot herstaren over 5 seconden..." + +#~ msgid "Got HUP signal" +#~ msgstr "Kreeg HUP signaal" + +#~ msgid "Got INT signal, exiting" +#~ msgstr "Kreeg INT signaal, beëindigen" + +#~ msgid "Got unexpected signal %d (%s)" +#~ msgstr "Kreeg onverwacht signaal %d (%s)" From 8ccb1ede92fbd55481fa2317c2450bb9dd94a180 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 30 Nov 2000 00:24:13 +0000 Subject: [PATCH 274/923] Implemented is_safe_path, and extended ask_and_safe_open. is_safe_path needs more work before it is useable. --- src/conf.c | 114 +++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 103 insertions(+), 11 deletions(-) diff --git a/src/conf.c b/src/conf.c index 56935884..11a9ca08 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,11 +19,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.26 2000/11/29 14:30:07 zarq Exp $ + $Id: conf.c,v 1.9.4.27 2000/11/30 00:24:13 zarq Exp $ */ #include "config.h" +#include #include #include #include @@ -31,6 +32,9 @@ #include #include #include +#include +#include +#include #include #include /* for cp */ @@ -203,9 +207,7 @@ int read_config_file(config_t **base, const char *fname) config_t *cfg; cp if((fp = fopen (fname, "r")) == NULL) - { - return -1; - } + return -1; for(;;) { @@ -311,7 +313,77 @@ cp cp } -#define is_safe_file(p) 1 +int isadir(const char* f) +{ + struct stat s; + + if(stat(f, &s) < 0) + { + fprintf(stderr, _("Couldn't stat `%s': %m\n"), + f); + return -1; + } + + return S_ISDIR(s.st_mode); +} + +int is_safe_path(const char *file) +{ + char *p; + char *fn = xstrdup(file); + struct stat s; + + p = strrchr(file, '/'); + assert(p); /* p has to contain a / */ + *p = '\0'; + if(stat(file, &s) < 0) + { + fprintf(stderr, _("Couldn't stat `%s': %m\n"), + file); + return 0; + } + if(s.st_uid != geteuid()) + { + fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"), + file, s.st_uid, geteuid()); + return 0; + } + if(S_ISLNK(s.st_mode)) + { + fprintf(stderr, _("Warning: `%s' is a symlink\n"), + file); + /* fixme: read the symlink and start again */ + } + + *p = '/'; + if(stat(file, &s) < 0) + { + fprintf(stderr, _("Couldn't stat `%s': %m\n"), + file); + return 0; + } + if(s.st_uid != geteuid()) + { + fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"), + file, s.st_uid, geteuid()); + return 0; + } + if(S_ISLNK(s.st_mode)) + { + fprintf(stderr, _("Warning: `%s' is a symlink\n"), + file); + /* fixme: read the symlink and start again */ + } + if(s.st_mode & 0007) + { + /* Accessible by others */ + fprintf(stderr, _("`%s' has unsecure permissions.\n"), + file); + return 0; + } + + return 1; +} FILE *ask_and_safe_open(const char* filename, const char* what) { @@ -354,25 +426,45 @@ FILE *ask_and_safe_open(const char* filename, const char* what) p = xmalloc(len); snprintf(p, len, "%s/%s", directory, fn); free(fn); + free(directory); fn = p; } - if(!is_safe_file(fn)) + if(isadir(fn) > 0) /* -1 is error */ { - fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" - "I will not create or overwrite this file.\n"), - fn); - return NULL; + char *p; + + len = strlen(fn) + strlen(filename) + 2; /* 1 for the / */ + p = xmalloc(len); + snprintf(p, len, "%s/%s", fn, filename); + free(fn); + fn = p; } + umask(0077); /* Disallow everything for group and other */ + + /* Open it first to keep the inode busy */ if((r = fopen(fn, "w")) == NULL) { fprintf(stderr, _("Error opening file `%s': %m\n"), fn); + free(fn); + return NULL; + } + + /* Then check the file for nasty attacks */ + if(!is_safe_path(fn)) /* Do not permit any directories that are + readable or writeable by other users. */ + { + fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" + "I will not create or overwrite this file.\n"), + fn); + fclose(r); + free(fn); + return NULL; } free(fn); - free(directory); return r; } From 09260b43d1ff037c22f86c82a6af830e9a6d6ae5 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 30 Nov 2000 20:08:41 +0000 Subject: [PATCH 275/923] Read the PEM file pointed to by the configuration directive PrivateKey. This means thatt he meaning of this variable has changed, it no longer should contain the private key directly. WARNING: This code is untested. --- src/net.c | 42 ++++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/src/net.c b/src/net.c index 893892c0..3dd99742 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.82 2000/11/25 13:33:30 guus Exp $ + $Id: net.c,v 1.35.4.83 2000/11/30 20:08:41 zarq Exp $ */ #include "config.h" @@ -692,6 +692,33 @@ cp return 0; } +int read_rsa_private_key(RSA **key, const char *file) +{ + FILE *fp; + + if((fp = fopen(file, "r")) == NULL) + { + syslog(LOG_ERR, _("Error reading file `%s': %m"), + file); + return -1; + } + PEM_read_RSAPrivateKey(fp, key, NULL, NULL); +} + +int read_rsa_keys(void) +{ + config_t const *cfg; + + if(!(cfg = get_config_val(config, config_privatekey))) + { + syslog(LOG_ERR, _("Private key for tinc daemon required!")); + return -1; + } + + myself->rsa_key = RSA_new(); + return read_rsa_private_key(&(myself->rsa_key), cfg->data.ptr); +} + /* Configure connection_t myself and set up the local sockets (listen only) */ @@ -721,17 +748,8 @@ cp return -1; } cp - if(!(cfg = get_config_val(config, config_privatekey))) - { - syslog(LOG_ERR, _("Private key for tinc daemon required!")); - return -1; - } - else - { - myself->rsa_key = RSA_new(); - BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr); - BN_hex2bn(&myself->rsa_key->e, "FFFF"); - } + if(read_rsa_keys()) + return -1; if(read_host_config(myself)) { From 113198d9c0b3be9904057673cfed165406803f86 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 30 Nov 2000 21:11:03 +0000 Subject: [PATCH 276/923] The file is safe if it doesn't exist. --- src/conf.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/conf.c b/src/conf.c index 11a9ca08..8282e2ff 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.27 2000/11/30 00:24:13 zarq Exp $ + $Id: conf.c,v 1.9.4.28 2000/11/30 21:11:03 zarq Exp $ */ #include "config.h" @@ -356,12 +356,14 @@ int is_safe_path(const char *file) } *p = '/'; - if(stat(file, &s) < 0) + if(stat(file, &s) < 0 && errno != ENOENT) { fprintf(stderr, _("Couldn't stat `%s': %m\n"), file); return 0; } + if(errno == ENOENT) + return 1; if(s.st_uid != geteuid()) { fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"), From bf4e969899bb6cdeb05570d96a567c2833ac83bd Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 30 Nov 2000 22:32:14 +0000 Subject: [PATCH 277/923] In readline(): initialise the line to zero length; In read_config_file(): Test for EOF, and print the variable name that caused an error. --- src/conf.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/src/conf.c b/src/conf.c index 8282e2ff..f9af6851 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.28 2000/11/30 21:11:03 zarq Exp $ + $Id: conf.c,v 1.9.4.29 2000/11/30 22:32:14 zarq Exp $ */ #include "config.h" @@ -158,6 +158,7 @@ char *readline(FILE *fp) maxlen = size; line = xmalloc(size); idx = line; + *idx = 0; for(;;) { errno = 0; @@ -216,7 +217,13 @@ cp err = -1; break; } - + + if(feof(fp)) + { + err = 0; + break; + } + lineno++; if((p = strtok(line, "\t =")) == NULL) @@ -231,23 +238,23 @@ cp if(!hazahaza[i].name) { - syslog(LOG_ERR, _("Invalid variable name on line %d while reading config file %s"), - lineno, fname); + syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"), + p, lineno, fname); break; } if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#') { - fprintf(stderr, _("No value for variable on line %d while reading config file %s"), - lineno, fname); + fprintf(stderr, _("No value for variable `%s' on line %d while reading config file %s"), + hazahaza[i].name, lineno, fname); break; } cfg = add_config_val(base, hazahaza[i].argtype, q); if(cfg == NULL) { - fprintf(stderr, _("Invalid value for variable on line %d while reading config file %s"), - lineno, fname); + fprintf(stderr, _("Invalid value for variable `%s' on line %d while reading config file %s"), + hazahaza[i].name, lineno, fname); break; } From 2293304748f7e4e9a18ee848b8264bdecebae37f Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 30 Nov 2000 22:33:16 +0000 Subject: [PATCH 278/923] Better error checking when reading the RSA private key. --- src/net.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/net.c b/src/net.c index 3dd99742..538584dd 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.83 2000/11/30 20:08:41 zarq Exp $ + $Id: net.c,v 1.35.4.84 2000/11/30 22:33:16 zarq Exp $ */ #include "config.h" @@ -698,11 +698,13 @@ int read_rsa_private_key(RSA **key, const char *file) if((fp = fopen(file, "r")) == NULL) { - syslog(LOG_ERR, _("Error reading file `%s': %m"), + syslog(LOG_ERR, _("Error reading RSA key file `%s': %m"), file); return -1; } - PEM_read_RSAPrivateKey(fp, key, NULL, NULL); + if(PEM_read_RSAPrivateKey(fp, key, NULL, NULL) == NULL) + return -1; + return 0; } int read_rsa_keys(void) @@ -716,7 +718,14 @@ int read_rsa_keys(void) } myself->rsa_key = RSA_new(); - return read_rsa_private_key(&(myself->rsa_key), cfg->data.ptr); + + if(read_rsa_private_key(&(myself->rsa_key), cfg->data.ptr) < 0) + { + syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), + cfg->data.ptr); + return -1; + } + return 0; } /* From 28deaeac14d619efb9830d03fd61dc7cca70a701 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 30 Nov 2000 22:48:48 +0000 Subject: [PATCH 279/923] Avoid printing duplicate messages from read_rsa_keys --- src/net.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/src/net.c b/src/net.c index 538584dd..14a951ff 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.84 2000/11/30 22:33:16 zarq Exp $ + $Id: net.c,v 1.35.4.85 2000/11/30 22:48:48 zarq Exp $ */ #include "config.h" @@ -59,6 +59,12 @@ # include #endif +#ifdef HAVE_OPENSSL_PEM_H +# include +#else +# include +#endif + #ifdef HAVE_TUNTAP #include LINUX_IF_TUN_H #endif @@ -703,7 +709,12 @@ int read_rsa_private_key(RSA **key, const char *file) return -1; } if(PEM_read_RSAPrivateKey(fp, key, NULL, NULL) == NULL) - return -1; + { + syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), + cfg->data.ptr); + return -1; + } + return 0; } @@ -719,13 +730,7 @@ int read_rsa_keys(void) myself->rsa_key = RSA_new(); - if(read_rsa_private_key(&(myself->rsa_key), cfg->data.ptr) < 0) - { - syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), - cfg->data.ptr); - return -1; - } - return 0; + return read_rsa_private_key(&(myself->rsa_key), cfg->data.ptr); } /* From a0f7af3ed79c55d9680cbb0a569b3c8987581d43 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 30 Nov 2000 23:18:21 +0000 Subject: [PATCH 280/923] New function read_rsa_public_key(); In net.c/setup_myself deleted old code to read the public key (which is now implicitly read in together with the private key). --- src/net.c | 36 ++++++++++++++++++++++++------------ src/net.h | 12 +++++++++++- src/protocol.c | 6 +++--- 3 files changed, 38 insertions(+), 16 deletions(-) diff --git a/src/net.c b/src/net.c index 14a951ff..d89c7c6f 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.85 2000/11/30 22:48:48 zarq Exp $ + $Id: net.c,v 1.35.4.86 2000/11/30 23:18:19 zarq Exp $ */ #include "config.h" @@ -698,20 +698,40 @@ cp return 0; } +int read_rsa_public_key(RSA **key, const char *file) +{ + FILE *fp; + + if((fp = fopen(file, "r")) == NULL) + { + syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"), + file); + return -1; + } + if(PEM_read_RSAPublicKey(fp, key, NULL, NULL) == NULL) + { + syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), + file); + return -1; + } + + return 0; +} + int read_rsa_private_key(RSA **key, const char *file) { FILE *fp; if((fp = fopen(file, "r")) == NULL) { - syslog(LOG_ERR, _("Error reading RSA key file `%s': %m"), + syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"), file); return -1; } if(PEM_read_RSAPrivateKey(fp, key, NULL, NULL) == NULL) { syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), - cfg->data.ptr); + file); return -1; } @@ -771,15 +791,7 @@ cp return -1; } cp - if(!(cfg = get_config_val(myself->config, config_publickey))) - { - syslog(LOG_ERR, _("Public key for tinc daemon required!")); - return -1; - } - else - { - BN_hex2bn(&myself->rsa_key->n, cfg->data.ptr); - } + /* if(RSA_check_key(myself->rsa_key) != 1) { diff --git a/src/net.h b/src/net.h index 7c77fa29..2ed8a9ce 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.22 2000/11/20 19:12:13 guus Exp $ + $Id: net.h,v 1.9.4.23 2000/11/30 23:18:21 zarq Exp $ */ #ifndef __TINC_NET_H__ @@ -120,4 +120,14 @@ extern void terminate_connection(connection_t *); extern void flush_queues(connection_t *); extern void add_queue(packet_queue_t **, void *, size_t); + +#include +#ifdef HAVE_OPENSSL_RSA_H +# include +#else +# include +#endif + +extern int read_rsa_public_key(RSA **, const char *); + #endif /* __TINC_NET_H__ */ diff --git a/src/protocol.c b/src/protocol.c index 087589cd..a46894d0 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.67 2000/11/25 13:33:33 guus Exp $ + $Id: protocol.c,v 1.28.4.68 2000/11/30 23:18:21 zarq Exp $ */ #include "config.h" @@ -255,8 +255,8 @@ cp if((cfg = get_config_val(cl->config, config_publickey))) { cl->rsa_key = RSA_new(); - BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr); - BN_hex2bn(&cl->rsa_key->e, "FFFF"); + if(read_rsa_public_key(&(cl->rsa_key), cfg->data.ptr) < 0) + return -1; } else { From 8fe83e98da043e930a88ddd6b2de6c14aa791335 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 30 Nov 2000 23:39:55 +0000 Subject: [PATCH 281/923] All full stops have two spaces after them. (Silly commit, I know.) --- doc/tinc.texi | 286 +++++++++++++++++++++++++------------------------- 1 file changed, 144 insertions(+), 142 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index af88c48a..8ad5f652 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.8 2000/11/24 14:13:51 zarq Exp $ +@c $Id: tinc.texi,v 1.8.4.9 2000/11/30 23:39:55 zarq Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -17,7 +17,7 @@ Copyright @copyright{} 1998,199,2000 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.8 2000/11/24 14:13:51 zarq Exp $ +$Id: tinc.texi,v 1.8.4.9 2000/11/30 23:39:55 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -42,7 +42,7 @@ Copyright @copyright{} 1998,1999,2000 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.8 2000/11/24 14:13:51 zarq Exp $ +$Id: tinc.texi,v 1.8.4.9 2000/11/30 23:39:55 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -87,7 +87,7 @@ network device, there is no need to adapt any existing software. This tunneling allows VPN sites to share information with each other over the Internet without exposing any information to others. -This document is the manual for tinc. Included are chapters on how to +This document is the manual for tinc. Included are chapters on how to configure your computer to use tinc, as well as the configuration process of tinc itself. @@ -103,40 +103,40 @@ process of tinc itself. @cindex VPN A Virtual Private Network or VPN is a network that can only be accessed -by a few elected computers that participate. This goal is achievable in +by a few elected computers that participate. This goal is achievable in more than just one way. @cindex private -Private networks can consist of a single stand-alone ethernet LAN. Or -even two computers hooked up using a null-modem cable. In these cases, +Private networks can consist of a single stand-alone ethernet LAN. Or +even two computers hooked up using a null-modem cable. In these cases, it is obvious that the network is @emph{private}, no one can access it from the -outside. But if your computers are linked to the internet, the network +outside. But if your computers are linked to the internet, the network is not private anymore, unless one uses firewalls to block all private -traffic. But then, there is no way to send private data to trusted +traffic. But then, there is no way to send private data to trusted computers on the other end of the internet. @cindex virtual -This problem can be solved by using @emph{virtual} networks. Virtual +This problem can be solved by using @emph{virtual} networks. Virtual networks can live on top of other networks, but do not interfere with -each other. Mostly, virtual networks appear like a singe LAN, even though -they can span the entire world. But virtual networks can't be secured +each other. Mostly, virtual networks appear like a singe LAN, even though +they can span the entire world. But virtual networks can't be secured by using firewalls, because the traffic that flows through it has to go through the internet, where other people can look at it. -When one introduces encryption, we can form a true VPN. Other people may +When one introduces encryption, we can form a true VPN. Other people may see encrypted traffic, but if they don't know how to decipher it (they need to know the key for that), they cannot read the information that flows -through the VPN. This is what tinc was made for. +through the VPN. This is what tinc was made for. @cindex virtual tinc uses normal IP datagrams to encapsulate data that goes over the VPN -network link. In this case it's also clear that the network is +network link. In this case it's also clear that the network is @emph{virtual}, because no direct network link has to exist between to participants. -As is the case with either type of VPN, anybody could eavesdrop. Or -worse, alter data. Hence it's probably advisable to encrypt the data +As is the case with either type of VPN, anybody could eavesdrop. Or +worse, alter data. Hence it's probably advisable to encrypt the data that flows over the network. @@ -147,10 +147,10 @@ that flows over the network. @cindex vpnd @cindex ethertap I really don't quite remember what got us started, but it must have been -Guus' idea. He wrote a simple implementation (about 50 lines of C) that +Guus' idea. He wrote a simple implementation (about 50 lines of C) that used the @emph{ethertap} device that Linux knows of since somewhere -about kernel 2.1.60. It didn't work immediately and he improved it a -bit. At this stage, the project was still simply called @samp{vpnd}. +about kernel 2.1.60. It didn't work immediately and he improved it a +bit. At this stage, the project was still simply called @samp{vpnd}. Since then, a lot has changed---to say the least. @@ -160,12 +160,12 @@ both the receiving and sending end, it has become largely runtime-configurable---in short, it has become a full-fledged professional package. -A lot can---and will be---changed. I have a few things that I'd like to -see in the future releases of tinc. Not everything will be available in -the near future. Our first objective is to make tinc work perfectly as +A lot can---and will be---changed. I have a few things that I'd like to +see in the future releases of tinc. Not everything will be available in +the near future. Our first objective is to make tinc work perfectly as it stands, and then add more advanced features. -Meanwhile, we're always open-minded towards new ideas. And we're +Meanwhile, we're always open-minded towards new ideas. And we're available too. @@ -270,14 +270,14 @@ section. @subsection Configuring the Linux kernel Since this particular implementation only runs on 2.1 or higher Linux -kernels, you should grab one (2.2 is current at this time). A 2.0 port +kernels, you should grab one (2.2 is current at this time). A 2.0 port is not really possible, unless someone tells me someone ported the ethertap and netlink devices back to 2.0. If you are unfamiliar with the process of configuring and compiling a new kernel, you should read the @uref{http://howto.linuxberg.com/LDP/HOWTO/Kernel-HOWTO.html, Kernel -HOWTO} first. Do that now! +HOWTO} first. Do that now! Here are the options you have to turn on when configuring a new kernel. @@ -307,7 +307,7 @@ Network device support @end example -Any other options not mentioned here are not relevant to tinc. If you +Any other options not mentioned here are not relevant to tinc. If you decide to build any of these as dynamic kernel modules, it's a good idea to add these lines to @file{/etc/modules.conf}. @@ -428,7 +428,7 @@ the checksums of these files listed; you may wish to check these with md5sum before continuing. tinc comes in a handy autoconf/automake package, which you can just -treat the same as any other package. Which is just untar it, type +treat the same as any other package. Which is just untar it, type `configure' and then `make'. More detailed instructions are in the file @file{INSTALL}, which is @@ -505,7 +505,7 @@ Any further ethertap devices have minor device number 16 through 31. @subsubheading @file{/etc/networks} You may add a line to @file{/etc/networks} so that your VPN will get a -symbolic name. For example: +symbolic name. For example: @example myvpn 10.0.0.0 @@ -517,8 +517,8 @@ legible. @subsubheading @file{/etc/services} -You may add this line to @file{/etc/services}. The effect is that you -may supply a @samp{tinc} as a valid port number to some programs. The +You may add this line to @file{/etc/services}. The effect is that you +may supply a @samp{tinc} as a valid port number to some programs. The number 655 is registered with the IANA. @example @@ -541,7 +541,7 @@ numbers when you are going to configure tinc itself. @xref{Configuring tinc}. It doesn't matter much which part you do first, setting up the network -devices or configure tinc. But they both have to be done before you try +devices or configure tinc. But they both have to be done before you try to start a tincd. The actual setup of the ethertap device is quite simple, just repeat @@ -603,22 +603,22 @@ It is perfectly OK for you to run more than one tinc daemon. However, in its default form, you will soon notice that you can't use two different configuration files without the -c option. -We have thought of another way of dealing with this: network names. This +We have thought of another way of dealing with this: network names. This means that you call tincd with the -n argument, which will assign a name to this daemon. The effect of this is that the daemon will set its configuration ``root'' to /etc/tinc/nn/, where nn is your argument to the -n -option. You'll notice that it appears in syslog as ``tinc.nn''. +option. You'll notice that it appears in syslog as ``tinc.nn''. However, it is not strictly necessary that you call tinc with the -n -option. In this case, the network name would just be empty, and it will -be used as such. tinc now looks for files in /etc/tinc/, instead of +option. In this case, the network name would just be empty, and it will +be used as such. tinc now looks for files in /etc/tinc/, instead of /etc/tinc/nn/; the configuration file should be /etc/tinc/tinc.conf, and the passphrases are now expected to be in /etc/tinc/passphrases/. But it is highly recommended that you use this feature of tinc, because -it will be so much clearer whom your daemon talks to. Hence, we will +it will be so much clearer whom your daemon talks to. Hence, we will assume that you use it. @@ -629,8 +629,8 @@ assume that you use it. Before going on, first a bit on how tinc sees connections. When tinc starts up, it reads in the configuration file and parses the -command-line options. If it sees a `ConnectTo' value in the file, it -will try to connect to it, on the given port. If this fails, tinc exits. +command-line options. If it sees a `ConnectTo' value in the file, it +will try to connect to it, on the given port. If this fails, tinc exits. @c ================================================================== @@ -648,7 +648,7 @@ Variable = Value. @end example The variable names are case insensitive, and any spaces, tabs, newlines -and carriage returns are ignored. Note: it is not required that you put +and carriage returns are ignored. Note: it is not required that you put in the `=' sign, but doing so improves readability. If you leave it out, remember to replace it with at least one space character. @@ -660,21 +660,21 @@ out, remember to replace it with at least one space character. @node Variables, , Configuration file, Configuration file @subsection Variables -Here are all valid variables, listed in alphabetical order. The default +Here are all valid variables, listed in alphabetical order. The default value, required or optional is given between parentheses. @c straight from the manpage @table @asis @item ConnectPort = (655) Connect to the upstream host (given with the ConnectTo directive) on -port port. port may be given in decimal (default), octal (when preceded +port port. port may be given in decimal (default), octal (when preceded by a single zero) or hexadecimal (prefixed with 0x). port is the port number for both the UDP and the TCP (meta) connections. @item ConnectTo = (optional) -Specifies which host to connect to on startup. Multiple ConnectTo variables +Specifies which host to connect to on startup. Multiple ConnectTo variables may be specified, if connecting to the first one fails then tinc will try -the next one, and so on. It is possible to specify hostnames for dynamic IP +the next one, and so on. It is possible to specify hostnames for dynamic IP addresses (like those given on dyndns.org), tinc will not cache the resolved IP address. @@ -684,7 +684,7 @@ instead just listen for incoming connections. @item Hostnames = (no) This option selects whether IP addresses (both real and on the VPN) should -be resolved. Since DNS lookups are blocking, it might affect tinc's +be resolved. Since DNS lookups are blocking, it might affect tinc's efficiency, even stopping the daemon for a few seconds everytime it does a lookup if your DNS server is not responding. @@ -693,41 +693,41 @@ file. @item IndirectData = (no) This option specifies whether other tinc daemons besides the one you -specified with ConnectTo can make a direct connection to you. This is +specified with ConnectTo can make a direct connection to you. This is especially useful if you are behind a firewall and it is impossible -to make a connection from the outside to your tinc daemon. Otherwise, +to make a connection from the outside to your tinc daemon. Otherwise, it is best to leave this option out or set it to no. @item Interface = (optional) If you have more than one network interface in your computer, tinc will by -default listen on all of them for incoming connections. It is possible to +default listen on all of them for incoming connections. It is possible to bind tinc to a single interface like eth0 or ppp0 with this variable. @item InterfaceIP = (optional) If your computer has more than one IP address on a single interface (for example if you are running virtual hosts), tinc will by default listen on all of them for -incoming connections. It is possible to bind tinc to a single IP address with -this variable. It is still possible to listen on several interfaces at the same +incoming connections. It is possible to bind tinc to a single IP address with +this variable. It is still possible to listen on several interfaces at the same time though, if they share the same IP address. @item KeyExpire = (3600) This option controls the time the encryption keys used to encrypt the data -are valid. It is common practice to change keys at regular intervals to +are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, even though it is thought to be nearly impossible to crack a single key. @item ListenPort = (655) -Listen on local port port. The computer connecting to this daemon should +Listen on local port port. The computer connecting to this daemon should use this number as the argument for his ConnectPort. @item MyOwnVPNIP = (required) The local address is the number that the daemon will propagate to -other daemons on the network when it is identifying itself. Hence this +other daemons on the network when it is identifying itself. Hence this will be the file name of the passphrase file that the other end expects to find the passphrase in. The local address is the IP address of the tap device, not the real IP -address of the host running tincd. Due to changes in recent kernels, it +address of the host running tincd. Due to changes in recent kernels, it is also necessary that you make the ethernet (also known as MAC) address equal to the IP address (see the example). @@ -738,32 +738,34 @@ This is an alias for MyOwnVPNIP. @item PingTimeout = (5) The number of seconds of inactivity that tinc will wait before sending a -probe to the other end. If that other end doesn't answer within that +probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. @item PrivateKey = This is a sequence of hexadecimal numbers, as generated by ``tincd ---generate-keys''. +--generate-keys''. Please be careful with line breaking, the entire key +should be on one line. @item PublicKey = This is a sequence of hexadecimal numbers, as generated by ``tincd ---generate-keys''. +--generate-keys''. Please be careful with line breaking, the entire key +should be on one line. @item TapDevice = (/dev/tap0) -The ethertap device to use. Note that you can only use one device per -daemon. The info pages of the tinc package contain more information +The ethertap device to use. Note that you can only use one device per +daemon. The info pages of the tinc package contain more information about configuring an ethertap device for Linux. @item TCPonly = (no, experimental) If this variable is set to yes, then the packets are tunnelled over a TCP -connection instead of a UDP connection. This is especially useful for those +connection instead of a UDP connection. This is especially useful for those who want to run a tinc daemon from behind a masquerading firewall, or if -UDP packet routing is disabled somehow. This is experimental code, +UDP packet routing is disabled somehow. This is experimental code, try this at your own risk. @item VpnMask = (optional) -The mask that defines the scope of the entire VPN. This option is not used +The mask that defines the scope of the entire VPN. This option is not used by the tinc daemon itself, but can be used by startup scripts to configure the ethertap devices correctly. @end table @@ -775,12 +777,12 @@ the ethertap devices correctly. @section Example -Imagine the following situation. An A-based company wants to connect -three branch offices in B, C and D using the internet. All four offices +Imagine the following situation. An A-based company wants to connect +three branch offices in B, C and D using the internet. All four offices have a 24/7 connection to the internet. -A is going to serve as the center of the network. B and C will connect -to A, and D will connect to C. Each office will be assigned their own IP +A is going to serve as the center of the network. B and C will connect +to A, and D will connect to C. Each office will be assigned their own IP network, 10.x.0.0. @example @@ -791,13 +793,13 @@ D: net 10.4.0.0 mask 255.255.0.0 gateway 10.4.3.32 internet IP 4.5.6.7 @end example ``gateway'' is the VPN IP address of the machine that is running the -tincd. ``internet IP'' is the IP address of the firewall, which does not +tincd. ``internet IP'' is the IP address of the firewall, which does not need to run tincd, but it must do a port forwarding of TCP&UDP on port 655 (unless otherwise configured). In this example, it is assumed that eth0 is the interface that points to the inner LAN of the office, although this could also be the same as the -interface that leads to the internet. The configuration of the real +interface that leads to the internet. The configuration of the real interface is also shown as a comment, to give you an idea of how these example host is set up. @@ -837,7 +839,7 @@ VpnMask = 255.0.0.0 @end example Note here that the internal address (on eth0) doesn't have to be the -same as on the tap0 device. Also, ConnectTo is given so that no-one can +same as on the tap0 device. Also, ConnectTo is given so that no-one can connect to this node. @subsubheading For C @@ -859,10 +861,10 @@ VpnMask = 255.0.0.0 @end example C already has another daemon that runs on port 655, so they have to -reserve another port for tinc. It can connect to other tinc daemons on +reserve another port for tinc. It can connect to other tinc daemons on the regular port though, so no ConnectPort variable is needed. They also use the netname to distinguish -between the two. tinc is started with `tincd -n A'. +between the two. tinc is started with `tincd -n A'. @subsubheading For D @@ -882,7 +884,7 @@ VpnMask=255.0.0.0 @end example D will be connecting to C, which has a tincd running for this network on -port 2000. Hence they need to put in a ConnectPort, but it doesn't need +port 2000. Hence they need to put in a ConnectPort, but it doesn't need to have a different ListenPort. @subsubheading Authentication @@ -905,9 +907,9 @@ D stores a copy of C's passphrase in /etc/tinc/passphrases/10.3.69.254 @subsubheading Starting -A has to start their tincd first. Then come B and C, where C has to +A has to start their tincd first. Then come B and C, where C has to provide the option `-n A', because they have more than one tinc -network. Finally, D's tincd is started. +network. Finally, D's tincd is started. @@ -916,7 +918,7 @@ network. Finally, D's tincd is started. @chapter Running tinc Running tinc isn't just as easy as typing `tincd' and hoping everything -will just work out the way you wanted. Instead, the use of tinc is a +will just work out the way you wanted. Instead, the use of tinc is a project that involves trust relations and more than one computer. @menu @@ -929,16 +931,16 @@ project that involves trust relations and more than one computer. @node Managing keys, Runtime options, Running tinc, Running tinc @section Managing keys -Before attempting to start tinc, you have to create passphrases. When +Before attempting to start tinc, you have to create passphrases. When tinc tries to make a connection, it exchanges some sensitive -data. Before doing so, it likes to know if the other end is +data. Before doing so, it likes to know if the other end is trustworthy. -To do this, both ends must have some knowledge about the other. In the +To do this, both ends must have some knowledge about the other. In the case of tinc this is the authentication passphrase. -This passphrase is a number, which is chosen at random. This number is -then sent to the other computers which want to talk to us directly. To +This passphrase is a number, which is chosen at random. This number is +then sent to the other computers which want to talk to us directly. To avoid breaking security, this should be done over a known secure channel (such as ssh or similar). @@ -946,23 +948,23 @@ All passphrases are stored in the passphrases directory, which is normally /etc/tinc/nn/passphrases/, but it may be changed using the `Passphrases' option in the config file. -To generate a passphrase, run `genauth'. genauth takes one argument, -which is the length of the passphrase in bits. The length of the +To generate a passphrase, run `genauth'. genauth takes one argument, +which is the length of the passphrase in bits. The length of the passphrase should be in the range 1024--2048 for a key length of 128 -bits. genauth creates a random number of the specified length, and puts +bits. genauth creates a random number of the specified length, and puts it to stdout. Every computer that wants to participate in the VPN should do this, and store the output in the passphrases directory, in the file @file{local}. When every computer has his own local key, it should copy it to the -computer that it wants to talk to directly. (i.e. the one it connects to +computer that it wants to talk to directly. (i.e. the one it connects to during startup.) This should be done via a secure channel, because it is -sensitive information. If this is not done securely, someone might break +sensitive information. If this is not done securely, someone might break in on you later on. Those non-local passphrase files must have the name of the VPN IP -address that they will advertise to you. For instance, if a computer +address that they will advertise to you. For instance, if a computer tells us it likes to be 10.1.1.3 with netmask 255.255.0.0, the file should still be called 10.1.1.3, and not 10.1.0.0. @@ -974,38 +976,38 @@ should still be called 10.1.1.3, and not 10.1.0.0. Besides the settings in the configuration file, tinc also accepts some command line options. -This list is a longer version of that in the manpage. The latter is +This list is a longer version of that in the manpage. The latter is generated automatically, so may be more up-to-date. @c from the manpage @table @asis @item -c, --config=FILE -Read configuration options from FILE. The default is +Read configuration options from FILE. The default is @file{/etc/tinc/nn/tinc.conf}. @item -d -Increase debug level. The higher it gets, the more gets -logged. Everything goes via syslog. +Increase debug level. The higher it gets, the more gets +logged. Everything goes via syslog. 0 is the default, only some basic information connection attempts get -logged. Setting it to 1 will log a bit more, still not very -disturbing. With two -d's tincd will log protocol information, which can -get pretty noisy. Three or more -d's will output every single packet +logged. Setting it to 1 will log a bit more, still not very +disturbing. With two -d's tincd will log protocol information, which can +get pretty noisy. Three or more -d's will output every single packet that goes out or comes in, which probably generates more data than the packets themselves. @item -k, --kill -Attempt to kill a running tincd and exit. A TERM signal (15) gets sent +Attempt to kill a running tincd and exit. A TERM signal (15) gets sent to the daemon that his its PID in /var/run/tinc.nn.pid. Because it kills only one tincd, you should use -n here if you use it normally. @item -n, --net=NETNAME -Connect to net NETNAME. @xref{Multiple networks}. +Connect to net NETNAME. @xref{Multiple networks}. @item -t, --timeout=TIMEOUT -Seconds to wait before giving a timeout. Should not be set too low, +Seconds to wait before giving a timeout. Should not be set too low, because every time tincd senses a timeout, it disconnects and reconnects again, which will cause unnecessary network traffic and log messages. @@ -1049,31 +1051,31 @@ computer over the existing Internet infrastructure. @cindex ethertap @cindex frame type The data itself is read from a character device file, the so-called -@emph{ethertap} device. This device is associated with a network -interface. Any data sent to this interface can be read from the device, -and any data written to the device gets sent from the interface. Data to +@emph{ethertap} device. This device is associated with a network +interface. Any data sent to this interface can be read from the device, +and any data written to the device gets sent from the interface. Data to and from the device is formatted as if it were a normal ethernet card, so a frame is preceded by two MAC addresses and a @emph{frame type} field. So when tinc reads an ethernet frame from the device, it determines its -type. Right now, tinc can only handle Internet Protocol version 4 (IPv4) -frames. Plans to support other protocols are being made. When tinc knows +type. Right now, tinc can only handle Internet Protocol version 4 (IPv4) +frames. Plans to support other protocols are being made. When tinc knows which type of frame it has read, it can also read the source and destination address from it. -Now it is time that the frame gets encrypted. Currently the only +Now it is time that the frame gets encrypted. Currently the only encryption algorithm available is blowfish. @cindex encapsulating When the encryption is ready, time has come to actually transport the -packet to the destination computer. We do this by sending the packet -over an UDP connection to the destination host. This is called +packet to the destination computer. We do this by sending the packet +over an UDP connection to the destination host. This is called @emph{encapsulating}, the VPN packet (though now encrypted) is encapsulated in another IP datagram. When the destination receives this packet, the same thing happens, only -in reverse. So it does a decrypt on the contents of the UDP datagram, +in reverse. So it does a decrypt on the contents of the UDP datagram, and it writes the decrypted information to its own ethertap device. @@ -1081,31 +1083,31 @@ and it writes the decrypted information to its own ethertap device. @node The Meta-connection, , Protocol Preview, The Connection @subsection The meta-connection -Having only an UDP connection available is not enough. Though suitable +Having only an UDP connection available is not enough. Though suitable for transmitting data, we want to be able to reliably send other information, such as routing and encryption information to somebody. TCP is a better alternative, because it already contains protection against information being lost, unlike UDP. -So we establish two connections. One for the encrypted VPN data, and one -for other information, the meta-data. Hence, we call the second -connection the meta-connection. We can now be sure that the +So we establish two connections. One for the encrypted VPN data, and one +for other information, the meta-data. Hence, we call the second +connection the meta-connection. We can now be sure that the meta-information doesn't get lost on the way to another computer. @cindex data-protocol @cindex meta-protocol Like with any communication, we must have a protocol, so that everybody -knows what everything stands for, an how he should react. Because we -have two connections, we also have two protocols. The protocol used for +knows what everything stands for, an how he should react. Because we +have two connections, we also have two protocols. The protocol used for the UDP data is the ``data-protocol,'' the other one is the ``meta-protocol.'' The reason we don't use TCP for both protocols is that UDP is much -better for encapsulation, even while it is less reliable. The real +better for encapsulation, even while it is less reliable. The real problem is that when TCP would be used to encapsulate a TCP stream that's on the private network, for every packet sent there would be -three ACK's sent instead of just one. Furthermore, if there would be +three ACK's sent instead of just one. Furthermore, if there would be a timeout, both TCP streams would sense the timeout, and both would start resending packets. @@ -1117,12 +1119,12 @@ start resending packets. @cindex Cabal tinc got its name from ``TINC,'' short for @emph{There Is No Cabal}; the alleged Cabal was/is an organization that was said to keep an eye on the -entire Internet. As this is exactly what you @emph{don't} want, we named +entire Internet. As this is exactly what you @emph{don't} want, we named the tinc project after TINC. @cindex SVPN But in order to be ``immune'' to eavesdropping, you'll have to encrypt -your data. Because tinc is a @emph{Secure} VPN (SVPN) daemon, it does +your data. Because tinc is a @emph{Secure} VPN (SVPN) daemon, it does exactly that: encrypt. This chapter is a mixture of ideas, reasoning and explanation, please @@ -1140,27 +1142,27 @@ don't take it too serious. @subsection Key Types @c FIXME: check if I'm not talking nonsense -There are several types of encryption keys. Tinc uses two of them, +There are several types of encryption keys. Tinc uses two of them, symmetric private keypairs and public/private keypairs. -Public/private keypairs are used in public key cryptography. It enables +Public/private keypairs are used in public key cryptography. It enables someone to send out a public key with which other people can encrypt their -data. The encrypted data now can only be decrypted by the person who has -the private key that matches the public key. So, a public key only allows -@emph{other} people to send encrypted messages to you. This is very useful -in setting up private communications channels. Just send out your public key -and other people can talk to you in a secure way. But how can you know +data. The encrypted data now can only be decrypted by the person who has +the private key that matches the public key. So, a public key only allows +@emph{other} people to send encrypted messages to you. This is very useful +in setting up private communications channels. Just send out your public key +and other people can talk to you in a secure way. But how can you know the other person is who he says he is? For authentication itself tinc uses symmetric private keypairs, referred -to as a passphrase. The identity of each tinc daemon is defined by it's +to as a passphrase. The identity of each tinc daemon is defined by it's passphrase (like you can be identified by your social security number). Every tinc daemon that is allowed to connect to you has a copy of your passphrase (hence symmetrical). It would also be possible to use public/private keypairs for authentication, so that you could shout out your public key and don't need to keep it -secret (like the passphrase you would have to send to someone else). Also, +secret (like the passphrase you would have to send to someone else). Also, no one else has to know a private key from you. Both forms have their pros and cons, and at the moment tinc just uses passphrases (which are computationaly more efficient and perhaps in some way more @@ -1173,24 +1175,24 @@ secure). @cindex Diffie-Hellman You can't just send a private encryption key to your peer, because -somebody else might already be listening to you. So you'll have to -negotiate over a shared but secret key. One way to do this is by using +somebody else might already be listening to you. So you'll have to +negotiate over a shared but secret key. One way to do this is by using the ``Diffie-Hellman key exchange'' protocol -(@uref{http://www.rsa.com/rsalabs/faq/html/3-6-1.html}). The idea is as +(@uref{http://www.rsa.com/rsalabs/faq/html/3-6-1.html}). The idea is as follows. You have two participants A and B that want to agree over a shared -secret encryption key. Both parties have some large prime number p and a -generator g. These numbers may be known to the outside world, and hence +secret encryption key. Both parties have some large prime number p and a +generator g. These numbers may be known to the outside world, and hence may be included in the source distribution. @cindex secret key -Both parties then generate a secret key. A generates a, and computes g^a -mod p. This is then sent to B; while B computes g^b mod p, and transmits -this to A, b being generated by B. Both a and b must be smaller than +Both parties then generate a secret key. A generates a, and computes g^a +mod p. This is then sent to B; while B computes g^b mod p, and transmits +this to A, b being generated by B. Both a and b must be smaller than p-1. -Both parties then calculate g^ab mod p = k. k is the new, shared, but +Both parties then calculate g^ab mod p = k. k is the new, shared, but still secret key. To obtain a key k of a sufficient length (128 bits in our vpnd), p @@ -1208,24 +1210,24 @@ Because the Diffie-Hellman protocol is in itself vulnerable to the system. We will let A transmit a passphrase that is also known to B encrypted -with g^a, before A sends this to B. This way, B can check whether A is +with g^a, before A sends this to B. This way, B can check whether A is really A or just someone else. B will never receive the real passphrase though, because it was -encrypted using public/private keypairs. This way there is no way an +encrypted using public/private keypairs. This way there is no way an imposter could steal A's passphrase. @cindex passphrase -@c ehrmz... but we only use 1024 bits passphrases ourselves? [guus] +@c ehrmz... but we only use 1024 bits passphrases ourselves? [guus] This passphrase should be 2304 bits for a symmetric encryption -system. But since an asymmetric system is more secure, we could do with -2048 bits. This only holds if the passphrase is very random. +system. But since an asymmetric system is more secure, we could do with +2048 bits. This only holds if the passphrase is very random. These passphrases could be stored in a file that is non-readable by -anyone else but root; e.g. @file{/etc/tinc/passphrases} with UID 0 +anyone else but root; e.g. @file{/etc/tinc/passphrases} with UID 0 and permissions mode 700. The only thing that needs to be taken care of is how A can securely send -a copy of it's passphrase to B if B doesn't have it yet. This could be +a copy of it's passphrase to B if B doesn't have it yet. This could be done via mail with PGP, but you should be really convinced of the identity of the person who owns the email address you are sending this to. Swapping floppy disks in real life might be the best way to do this! @@ -1235,7 +1237,7 @@ Swapping floppy disks in real life might be the best way to do this! @node Protection, , Authentication, Security @subsection Protecting your data -Now we have securely hidden our data. But a malicious cracker may still +Now we have securely hidden our data. But a malicious cracker may still bother you by randomly altering the encrypted data he intercepts. @c FIXME what the hell is this all about? remove? IT @@ -1258,7 +1260,7 @@ bother you by randomly altering the encrypted data he intercepts. tinc's main page is at @url{http://tinc.nl.linux.org/}, this server is located in the Netherlands. -We have an IRC channel on the Open Projects IRC network. Connect to +We have an IRC channel on the Open Projects IRC network. Connect to @uref{http://openprojects.nu/services/irc.html, irc.openprojects.net}, and join channel #tinc. From 6c56a8416eded8f19076a619a27ad7b153dd91f3 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 30 Nov 2000 23:44:07 +0000 Subject: [PATCH 282/923] Tagged `Storing private key in separate file' as done. --- TODO | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TODO b/TODO index df5a2597..a2910fa8 100644 --- a/TODO +++ b/TODO @@ -4,7 +4,7 @@ Goals for 1.0 release: * Check Solaris port * Check different linux architectures (x86, alpha done) -* Store private key in a separate file +* Store private key in a separate file (done, 1 dec 2000) * Sanity checks on configuration directory * Use efficient tree algorithms instead of linked lists (largely done) * Reenable queues for delayed packets From ab33c1aa6081f07333bf1de00e4036dd2b4628a6 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 1 Dec 2000 12:36:36 +0000 Subject: [PATCH 283/923] readline() accepts two extra parameters, buf and buflen, to avoid mallocing and freeing for every line that is read. --- src/conf.c | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) diff --git a/src/conf.c b/src/conf.c index f9af6851..a3c5f693 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.29 2000/11/30 22:32:14 zarq Exp $ + $Id: conf.c,v 1.9.4.30 2000/12/01 12:36:36 zarq Exp $ */ #include "config.h" @@ -137,8 +137,13 @@ cp Read exactly one line and strip the trailing newline if any. If the file was on EOF, return NULL. Otherwise, return all the data in a dynamically allocated buffer. + + If line is non-NULL, it will be used as an initial buffer, to avoid + unnecessary mallocing each time this function is called. If buf is + given, and buf needs to be expanded, the var pointed to by buflen + will be increased. */ -char *readline(FILE *fp) +char *readline(FILE *fp, char *buf, size_t *buflen) { char *newline = NULL; char *p; @@ -153,10 +158,19 @@ char *readline(FILE *fp) if(feof(fp)) return NULL; - - size = 100; + + if((buf != NULL) && (buflen != NULL)) + { + size = *buflen; + line = buf; + } + else + { + size = 100; + line = xmalloc(size); + } + maxlen = size; - line = xmalloc(size); idx = line; *idx = 0; for(;;) @@ -191,6 +205,8 @@ char *readline(FILE *fp) } } + if((buf != NULL) && (buflen != NULL)) + *buf = size; return line; } @@ -206,13 +222,18 @@ int read_config_file(config_t **base, const char *fname) char *p, *q; int i, lineno = 0; config_t *cfg; + size_t bufsize; + cp if((fp = fopen (fname, "r")) == NULL) return -1; + bufsize = 100; + line = xmalloc(bufsize); + for(;;) { - if((line = readline(fp)) == NULL) + if((line = readline(fp, line, &bufsize)) == NULL) { err = -1; break; @@ -261,7 +282,6 @@ cp cfg->which = hazahaza[i].which; if(!config) config = cfg; - free(line); } free(line); @@ -337,7 +357,6 @@ int isadir(const char* f) int is_safe_path(const char *file) { char *p; - char *fn = xstrdup(file); struct stat s; p = strrchr(file, '/'); @@ -415,7 +434,7 @@ FILE *ask_and_safe_open(const char* filename, const char* what) fprintf(stdout, _("Please enter a file to save %s to [%s]: "), what, filename); fflush(stdout); /* Don't wait for a newline */ - if((fn = readline(stdin)) == NULL) + if((fn = readline(stdin, NULL, NULL)) == NULL) { fprintf(stderr, _("Error while reading stdin: %m\n")); return NULL; From 52575a573c1d87ee125a54a2e0b4044698904cae Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 1 Dec 2000 12:38:42 +0000 Subject: [PATCH 284/923] Use buffer instead of line in read_config_file(), line may be assigned NULL, so buffer always holds the pointer to the allocated space. --- src/conf.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/conf.c b/src/conf.c index a3c5f693..833b1eb2 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.30 2000/12/01 12:36:36 zarq Exp $ + $Id: conf.c,v 1.9.4.31 2000/12/01 12:38:42 zarq Exp $ */ #include "config.h" @@ -218,7 +218,7 @@ int read_config_file(config_t **base, const char *fname) { int err = -1; FILE *fp; - char *line; + char *buffer, *line; char *p, *q; int i, lineno = 0; config_t *cfg; @@ -229,11 +229,11 @@ cp return -1; bufsize = 100; - line = xmalloc(bufsize); + buffer = xmalloc(bufsize); for(;;) { - if((line = readline(fp, line, &bufsize)) == NULL) + if((line = readline(fp, buffer, &bufsize)) == NULL) { err = -1; break; @@ -284,7 +284,7 @@ cp config = cfg; } - free(line); + free(buffer); fclose (fp); cp return err; From 94192b3db10fe51ce45fa569ec068423a4491b0b Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 1 Dec 2000 13:45:46 +0000 Subject: [PATCH 285/923] Stated that distributing executables linked with OpenSSL is permitted provided that all other requirements of the GPL are complied with. --- COPYING.README | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 COPYING.README diff --git a/COPYING.README b/COPYING.README new file mode 100644 index 00000000..144207e5 --- /dev/null +++ b/COPYING.README @@ -0,0 +1,4 @@ +This program is released under the GPL with the additional exemption +that compiling, linking, and/or using OpenSSL is allowed. You may +provide binary packages linked to the OpenSSL libraries, provided that +all other requirements of the GPL are met. From e985f6d3cdbebdeb17333bbd3d3c20d4618128cf Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 1 Dec 2000 13:46:26 +0000 Subject: [PATCH 286/923] Include COPYING.README in the distribution. --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 68331c72..33bd6c0f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,7 +6,7 @@ SUBDIRS = m4 intl lib src doc po redhat debian ACLOCAL_AMFLAGS = -EXTRA_DIST = system.h ABOUT-NLS +EXTRA_DIST = system.h ABOUT-NLS COPYING.README CVS_CREATED = configure aclocal.m4 config.h.in config.guess \ config.sub install-sh ltconfig ltmain.sh missing mkinstalldirs \ From d6b77e18b58ad8f9bcd9b60864b95cd2a74482c5 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 3 Dec 2000 12:21:20 +0000 Subject: [PATCH 287/923] Added documentation merger --- TODO | 1 + 1 file changed, 1 insertion(+) diff --git a/TODO b/TODO index a2910fa8..7d3669d3 100644 --- a/TODO +++ b/TODO @@ -8,6 +8,7 @@ Goals for 1.0 release: * Sanity checks on configuration directory * Use efficient tree algorithms instead of linked lists (largely done) * Reenable queues for delayed packets +* Merge documentation files (SECURITY, INSTALL, PROTOCOL) into tinc.texi Goals for future releases: From 01d23601a273d128ebfd13c2ffa10892e9b13094 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 3 Dec 2000 12:22:19 +0000 Subject: [PATCH 288/923] Sort configuration directives --- src/conf.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/conf.c b/src/conf.c index 833b1eb2..272beb6a 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.31 2000/12/01 12:38:42 zarq Exp $ + $Id: conf.c,v 1.9.4.32 2000/12/03 12:22:19 zarq Exp $ */ #include "config.h" @@ -58,25 +58,25 @@ int sighup = 0; */ static internal_config_t hazahaza[] = { /* Main configuration file keywords */ - { "Name", config_name, TYPE_NAME }, { "ConnectTo", config_connectto, TYPE_NAME }, - { "PingTimeout", config_pingtimeout, TYPE_INT }, - { "TapDevice", config_tapdevice, TYPE_NAME }, - { "PrivateKey", config_privatekey, TYPE_NAME }, - { "KeyExpire", config_keyexpire, TYPE_INT }, { "Hostnames", config_hostnames, TYPE_BOOL }, { "Interface", config_interface, TYPE_NAME }, { "InterfaceIP", config_interfaceip, TYPE_IP }, + { "KeyExpire", config_keyexpire, TYPE_INT }, + { "Name", config_name, TYPE_NAME }, + { "PingTimeout", config_pingtimeout, TYPE_INT }, + { "PrivateKey", config_privatekey, TYPE_NAME }, + { "TapDevice", config_tapdevice, TYPE_NAME }, /* Host configuration file keywords */ { "Address", config_address, TYPE_NAME }, + { "IndirectData", config_indirectdata, TYPE_BOOL }, { "Port", config_port, TYPE_INT }, { "PublicKey", config_publickey, TYPE_NAME }, - { "Subnet", config_subnet, TYPE_IP }, /* Use IPv4 subnets only for now */ - { "RestrictHosts", config_restricthosts, TYPE_BOOL }, - { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL }, { "RestrictAddress", config_restrictaddress, TYPE_BOOL }, + { "RestrictHosts", config_restricthosts, TYPE_BOOL }, { "RestrictPort", config_restrictport, TYPE_BOOL }, - { "IndirectData", config_indirectdata, TYPE_BOOL }, + { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL }, + { "Subnet", config_subnet, TYPE_IP }, /* Use IPv4 subnets only for now */ { "TCPonly", config_tcponly, TYPE_BOOL }, { NULL, 0, 0 } }; From bc22ee16e6903d2caf9d22afa85020d1e3e10b56 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 3 Dec 2000 12:23:06 +0000 Subject: [PATCH 289/923] Option -d accepts an argument to set the debug level immediately. --- src/tincd.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/tincd.c b/src/tincd.c index 77e52c07..3dbac7e3 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.37 2000/11/29 14:24:40 zarq Exp $ + $Id: tincd.c,v 1.10.4.38 2000/12/03 12:23:06 zarq Exp $ */ #include "config.h" @@ -153,7 +153,10 @@ parse_options(int argc, char **argv, char **envp) do_detach = 0; break; case 'd': /* inc debug level */ - debug_lvl++; + if(optarg) + debug_lvl = atoi(optarg); + else + debug_lvl++; break; case 'k': /* kill old tincds */ kill_tincd = 1; @@ -168,7 +171,8 @@ parse_options(int argc, char **argv, char **envp) generate_keys = atoi(optarg); if(generate_keys < 512) { - fprintf(stderr, _("Invalid argument! BITS must be a number equal to or greater than 512.\n")); + fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"), + optarg); usage(1); } generate_keys &= ~7; /* Round it to bytes */ From 6ddc9109d7313503895227c7876309b36681393d Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 5 Dec 2000 08:54:22 +0000 Subject: [PATCH 290/923] Massive long awaited documentation update. It's not finished yet, most notably the example configuration is still old. --- doc/tinc.texi | 456 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 323 insertions(+), 133 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 8ad5f652..b79bc02f 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.9 2000/11/30 23:39:55 zarq Exp $ +@c $Id: tinc.texi,v 1.8.4.10 2000/12/05 08:54:22 zarq Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -17,7 +17,7 @@ Copyright @copyright{} 1998,199,2000 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.9 2000/11/30 23:39:55 zarq Exp $ +$Id: tinc.texi,v 1.8.4.10 2000/12/05 08:54:22 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -42,7 +42,7 @@ Copyright @copyright{} 1998,1999,2000 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.9 2000/11/30 23:39:55 zarq Exp $ +$Id: tinc.texi,v 1.8.4.10 2000/12/05 08:54:22 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -403,6 +403,21 @@ to let configure know where they are, by passing configure one of the @end example +@subsubheading License + +Since the license under which OpenSSL is distributed is not directly +compatible with the terms of the GNU GPL +@uref{http://www.openssl.org/support/faq.html#LEGAL2}, therefore we +include an addition to the GPL (see also the file COPYING.README): + +@quotation +This program is released under the GPL with the additional exemption +that compiling, linking, and/or using OpenSSL is allowed. You may +provide binary packages linked to the OpenSSL libraries, provided that +all other requirements of the GPL are met. +@end quotation + + @c @c @c @@ -427,7 +442,7 @@ the GNU General Public License (GPL). Download the source from the the checksums of these files listed; you may wish to check these with md5sum before continuing. -tinc comes in a handy autoconf/automake package, which you can just +tinc comes in a convenient autoconf/automake package, which you can just treat the same as any other package. Which is just untar it, type `configure' and then `make'. @@ -453,7 +468,8 @@ found in the file called @file{INSTALL}. @node System files, Interfaces, Building tinc, Installing tinc - installation @section System files -Before you can run tinc, you +Before you can run tinc, you must make sure you have all the needed +files on your system. @menu * Device files:: @@ -652,89 +668,64 @@ and carriage returns are ignored. Note: it is not required that you put in the `=' sign, but doing so improves readability. If you leave it out, remember to replace it with at least one space character. +In this section all valid variables are listed in alphabetical order. +The default value is given between parentheses; required directives are +given in @strong{bold}. + @menu -* Variables:: +* Main configuration variables:: +* Host configuration variables:: +* How to configure:: @end menu + @c ================================================================== -@node Variables, , Configuration file, Configuration file -@subsection Variables +@node Main configuration variables, Host configuration variables, Configuration file, Configuration file +@subsection Main configuration variables -Here are all valid variables, listed in alphabetical order. The default -value, required or optional is given between parentheses. - -@c straight from the manpage @table @asis -@item ConnectPort = (655) -Connect to the upstream host (given with the ConnectTo directive) on -port port. port may be given in decimal (default), octal (when preceded -by a single zero) or hexadecimal (prefixed with 0x). port is the port -number for both the UDP and the TCP (meta) connections. - -@item ConnectTo = (optional) -Specifies which host to connect to on startup. Multiple ConnectTo variables -may be specified, if connecting to the first one fails then tinc will try -the next one, and so on. It is possible to specify hostnames for dynamic IP -addresses (like those given on dyndns.org), tinc will not cache the resolved -IP address. +@item @strong{ConnectTo = } +Specifies which host to connect to on startup. Multiple ConnectTo +variables may be specified, if connecting to the first one fails then +tinc will try the next one, and so on. It is possible to specify +hostnames for dynamic IP addresses (like those given on dyndns.org), +tinc will not cache the resolved IP address. If you don't specify a host with ConnectTo, regardless of whether a value for ConnectPort is given, tinc won't connect at all, and will instead just listen for incoming connections. @item Hostnames = (no) -This option selects whether IP addresses (both real and on the VPN) should -be resolved. Since DNS lookups are blocking, it might affect tinc's -efficiency, even stopping the daemon for a few seconds everytime it does -a lookup if your DNS server is not responding. +This option selects whether IP addresses (both real and on the VPN) +should be resolved. Since DNS lookups are blocking, it might affect +tinc's efficiency, even stopping the daemon for a few seconds everytime +it does a lookup if your DNS server is not responding. -This does not affect resolving hostnames to IP addresses from the configuration -file. +This does not affect resolving hostnames to IP addresses from the +configuration file. -@item IndirectData = (no) -This option specifies whether other tinc daemons besides the one you -specified with ConnectTo can make a direct connection to you. This is -especially useful if you are behind a firewall and it is impossible -to make a connection from the outside to your tinc daemon. Otherwise, -it is best to leave this option out or set it to no. +@item Interface = +If you have more than one network interface in your computer, tinc will +by default listen on all of them for incoming connections. It is +possible to bind tinc to a single interface like eth0 or ppp0 with this +variable. -@item Interface = (optional) -If you have more than one network interface in your computer, tinc will by -default listen on all of them for incoming connections. It is possible to -bind tinc to a single interface like eth0 or ppp0 with this variable. - -@item InterfaceIP = (optional) -If your computer has more than one IP address on a single interface (for example -if you are running virtual hosts), tinc will by default listen on all of them for -incoming connections. It is possible to bind tinc to a single IP address with -this variable. It is still possible to listen on several interfaces at the same -time though, if they share the same IP address. +@item InterfaceIP = +If your computer has more than one IP address on a single interface (for +example if you are running virtual hosts), tinc will by default listen +on all of them for incoming connections. It is possible to bind tinc to +a single IP address with this variable. It is still possible to listen +on several interfaces at the same time though, if they share the same IP +address. @item KeyExpire = (3600) -This option controls the time the encryption keys used to encrypt the data -are valid. It is common practice to change keys at regular intervals to -make it even harder for crackers, even though it is thought to be nearly -impossible to crack a single key. +This option controls the time the encryption keys used to encrypt the +data are valid. It is common practice to change keys at regular +intervals to make it even harder for crackers, even though it is thought +to be nearly impossible to crack a single key. -@item ListenPort = (655) -Listen on local port port. The computer connecting to this daemon should -use this number as the argument for his ConnectPort. - -@item MyOwnVPNIP = (required) -The local address is the number that the daemon will propagate to -other daemons on the network when it is identifying itself. Hence this -will be the file name of the passphrase file that the other end expects -to find the passphrase in. - -The local address is the IP address of the tap device, not the real IP -address of the host running tincd. Due to changes in recent kernels, it -is also necessary that you make the ethernet (also known as MAC) address -equal to the IP address (see the example). - -maskbits is the number of bits set to 1 in the netmask part. - -@item MyVirtualIP = -This is an alias for MyOwnVPNIP. +@item @strong{Name = } +This is a symbolic name for this connection. It can be anything @item PingTimeout = (5) The number of seconds of inactivity that tinc will wait before sending a @@ -742,41 +733,153 @@ probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. -@item PrivateKey = -This is a sequence of hexadecimal numbers, as generated by ``tincd ---generate-keys''. Please be careful with line breaking, the entire key -should be on one line. - -@item PublicKey = -This is a sequence of hexadecimal numbers, as generated by ``tincd ---generate-keys''. Please be careful with line breaking, the entire key -should be on one line. +@item @strong{PrivateKey = } +This is the full path name of the RSA private key file that was +generated by ``tincd --generate-keys''. It must be a full path, not a +relative directory. (NOTE: In version 1.0pre3, this variable was used +to give the key inline. This is no longer supported.) @item TapDevice = (/dev/tap0) The ethertap device to use. Note that you can only use one device per daemon. The info pages of the tinc package contain more information about configuring an ethertap device for Linux. -@item TCPonly = (no, experimental) -If this variable is set to yes, then the packets are tunnelled over a TCP -connection instead of a UDP connection. This is especially useful for those -who want to run a tinc daemon from behind a masquerading firewall, or if -UDP packet routing is disabled somehow. This is experimental code, -try this at your own risk. - -@item VpnMask = (optional) -The mask that defines the scope of the entire VPN. This option is not used -by the tinc daemon itself, but can be used by startup scripts to configure -the ethertap devices correctly. +@item VpnMask = +The mask that defines the scope of the entire VPN. This option is not +used by the tinc daemon itself, but can be used by startup scripts to +configure the ethertap devices correctly. @end table +@c ================================================================== +@node Host configuration variables, How to configure, Main configuration variables, Configuration file +@subsection Host configuration variables + +@table @asis +@item @strong{Address = } +This variable is only required if you want to connect to this host. It +must resolve to the external IP address where the host can be reached, +not the one that is internal to the VPN. + +@item IndirectData = (no) +This option specifies whether other tinc daemons besides the one you +specified with ConnectTo can make a direct connection to you. This is +especially useful if you are behind a firewall and it is impossible to +make a connection from the outside to your tinc daemon. Otherwise, it +is best to leave this option out or set it to no. + +@item Port = (655) +Connect to the upstream host (given with the ConnectTo directive) on +port port. port may be given in decimal (default), octal (when preceded +by a single zero) o hexadecimal (prefixed with 0x). port is the port +number for both the UDP and the TCP (meta) connections. + +@item PublicKey = +This is the full path name of the RSA public key file that was generated +by ``tincd --generate-keys''. It must be a full path, not a relative +directory. (NOTE: In version 1.0pre3, this variable was used to give +the key inline. This is no longer supported.) + +@item Subnet = +This is the subnet range of all IP addresses that will be accepted by +the host that defines it. Please be careful that no two subnets +overlap. Every host @strong{must} have a different range of IP +addresses that it can handle, otherwise you will see messages like +`packet comes back to us'. + +The range must contain the IP address of the tap device, not the real IP +address of the host running tincd. + +maskbits is the number of bits set to 1 in the netmask part; for +example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes +/22. + +@item TCPonly = (no) +If this variable is set to yes, then the packets are tunnelled over a +TCP connection instead of a UDP connection. This is especially useful +for those who want to run a tinc daemon from behind a masquerading +firewall, or if UDP packet routing is disabled somehow. @emph{This is +experimental code, try this at your own risk.} +@end table + + +@c ================================================================== +@node How to configure, , Host configuration variables, Configuration file +@subsection How to configure + +@subsubheading Step 1. Creating the key files + +For each host, you have to create a pair of RSA keys. One key is your +private key, which is only known to you. The other one is the public +key, which you should copy to all hosts wanting to authenticate to you. + + +@subsubheading Step 2. Configuring each host + +For every host in the VPN, you have to create two files. First there is +the main configuration file, @file{/etc/tinc/vpn-name/tinc.conf}. In +this file there should at least be three directives: + +@table @samp +@item Name +You should fill in the name of this host (or rather, the name of this +leaf of the VPN). It can be called after the hostname, the physical +location, the department, or the name of one of your boss' pets. It can +be anything, as long as all these names are unique across the entire +VPN. + +@item PrivateKey +Fill in the full pathname to the file that contains the private RSA key. + +@item ConnectTo +This is the name of the host that you want to connect to (not a DNS +name, rather the name that is given with the Name parameter in that +hosts tinc.conf). This is the upstream connection. If your computer is +a central node, you might want to leave this out to make it stay idle +until someone connects to it. +@end table + +@cindex host configuration file +Then you should create a file with the name you gave yourself in +tinc.conf (the `Name' parameter), located in +@file{/etc/tinc/vpn-name/hosts/}. In this file, which we call the +`@emph{host configuration file}', only one variable is required: + +@table @samp +@item Subnet +The IP range that this host accepts as being `local'. All packets with +a destination address that is within this subnet will be sent to us. +@end table + + +@subsubheading Step 3. Bringing it all together + +Now for all hosts that you want to create a direct connection to, -- you +connect to them or they connect to you -- you get a copy of their host +configuration file and their public RSA key. + +For each host configuration file, you add two variables: + +@table @samp +@item Address +Enter the IP address or DNS hostname for this host. This is only needed +if you connect to this host. + +@item PublicKey +Put the full pathname to this hosts public RSA key here. +@end table + +When you did this, you should be ready to create your first connection. +Pay attention to the system log, most errors will only be visible +there. If you get an error, you can check @ref{Error messages}. + @c ================================================================== @node Example, , Configuration file, Configuring tinc @section Example +@cindex example Imagine the following situation. An A-based company wants to connect three branch offices in B, C and D using the internet. All four offices have a 24/7 connection to the internet. @@ -798,10 +901,10 @@ need to run tincd, but it must do a port forwarding of TCP&UDP on port 655 (unless otherwise configured). In this example, it is assumed that eth0 is the interface that points to -the inner LAN of the office, although this could also be the same as the -interface that leads to the internet. The configuration of the real -interface is also shown as a comment, to give you an idea of how these -example host is set up. +the inner (physical) LAN of the office, although this could also be the +same as the interface that leads to the internet. The configuration of +the real interface is also shown as a comment, to give you an idea of +how these example host is set up. @subsubheading For A @@ -809,32 +912,41 @@ example host is set up. @example #ifconfig eth0 10.1.54.1 netmask 255.255.0.0 broadcast 10.1.255.255 -ifconfig tap0 hw ether fe:fd:0a:01:36:01 +ifconfig tap0 hw ether fe:fd:00:00:00:00 ifconfig tap0 10.1.54.1 netmask 255.0.0.0 @end example and in /etc/tinc/tinc.conf: @example -TapDevice = /dev/tap0 -MyVirtualIP = 10.1.54.1/16 +Name = A +PrivateKey = /etc/tinc/A.priv VpnMask = 255.0.0.0 @end example +On all hosts, /etc/tinc/hosts/A contains: + +@example +Subnet = 10.1.0.0/16 +Address = 1.2.3.4 +PublicKey = /etc/tinc/hosts/A.pub +@end example + + @subsubheading For B @example #ifconfig eth0 10.2.43.8 netmask 255.255.0.0 broadcast 10.2.255.255 -ifconfig tap0 hw ether fe:fd:0a:02:01:0c +ifconfig tap0 hw ether fe:fd:00:00:00:00 ifconfig tap0 10.2.1.12 netmask 255.0.0.0 @end example and in /etc/tinc/tinc.conf: @example -TapDevice = /dev/tap0 -MyVirtualIP = 10.2.1.12/16 -ConnectTo = 1.2.3.4 +Name = B +ConnectTo = A +PrivateKey = /etc/tinc/B.priv VpnMask = 255.0.0.0 @end example @@ -842,29 +954,46 @@ Note here that the internal address (on eth0) doesn't have to be the same as on the tap0 device. Also, ConnectTo is given so that no-one can connect to this node. +On all hosts, /etc/tinc/hosts/B: + +@example +Subnet = 10.2.0.0/16 +Address = 2.3.4.5 +PublicKey = /etc/tinc/hosts/B.pub +@end example + + @subsubheading For C @example #ifconfig eth0 10.3.69.254 netmask 255.255.0.0 broadcast 10.3.255.255 -ifconfig tap0 hw ether fe:fd:0a:03:45:fe +ifconfig tap0 hw ether fe:fd:00:00:00:00 ifconfig tap0 10.3.69.254 netmask 255.0.0.0 @end example and in /etc/tinc/A/tinc.conf: @example -MyVirtualIP = 10.3.69.254/16 +Name = C +ConnectTo = A TapDevice = /dev/tap1 -ConnectTo = 1.2.3.4 -ListenPort = 2000 VpnMask = 255.0.0.0 @end example C already has another daemon that runs on port 655, so they have to reserve another port for tinc. It can connect to other tinc daemons on -the regular port though, so no ConnectPort variable is needed. -They also use the netname to distinguish -between the two. tinc is started with `tincd -n A'. +the regular port though, so no ConnectPort variable is needed. They +also use the netname to distinguish between the two. tinc is started +with `tincd -n A'. + +On all hosts, /etc/tinc/hosts/C: + +@example +Subnet = 10.3.0.0/16 +Port = 2000 +PublicKey = /etc/tinc/hosts/C.pub +@end example + @subsubheading For D @@ -887,7 +1016,7 @@ D will be connecting to C, which has a tincd running for this network on port 2000. Hence they need to put in a ConnectPort, but it doesn't need to have a different ListenPort. -@subsubheading Authentication +@subsubheading Key files A, B, C and D all generate a passphrase with genauth 2048, the output is stored in /etc/tinc/passphrases/local, except for C, where it should be @@ -924,6 +1053,7 @@ project that involves trust relations and more than one computer. @menu * Managing keys:: * Runtime options:: +* Error messages:: @end menu @@ -970,7 +1100,7 @@ should still be called 10.1.1.3, and not 10.1.0.0. @c ================================================================== -@node Runtime options, , Managing keys, Running tinc +@node Runtime options, Error messages, Managing keys, Running tinc @section Runtime options Besides the settings in the configuration file, tinc also accepts some @@ -979,8 +1109,11 @@ command line options. This list is a longer version of that in the manpage. The latter is generated automatically, so may be more up-to-date. +@cindex command line +@cindex runtime options +@cindex options @c from the manpage -@table @asis +@table @samp @item -c, --config=FILE Read configuration options from FILE. The default is @file{/etc/tinc/nn/tinc.conf}. @@ -998,10 +1131,11 @@ packets themselves. @item -k, --kill Attempt to kill a running tincd and exit. A TERM signal (15) gets sent -to the daemon that his its PID in /var/run/tinc.nn.pid. +to the daemon that his its PID in /var/run/tinc.pid. -Because it kills only one tincd, you should use -n here if you use it -normally. +Because it kills only one tinc daemon, you should use -n here if you +started it that way. It will then read the PID from +@file{/var/run/tinc.NETNAME.pid}. @item -n, --net=NETNAME Connect to net NETNAME. @xref{Multiple networks}. @@ -1021,19 +1155,84 @@ Output version information and exit. @c ================================================================== -@node Technical information, About us, Running tinc, Top -@chapter Technical information +@node Error messages, , Runtime options, Running tinc +@section Error messages + +What follows is a list of the most common error messages you can see +when configuring tinc. Most of these messages are visible in the syslog +only, so keep an eye on it! + +@table @strong +@item Could not open /dev/tap0: No such device +@table @bullet +@item You forgot to insmod netlink_dev.o +@item You forgot to compile `Netlink device emulation' in the kernel +@end table + +@item Can't write to tun/tap device: No such device +@table @bullet +@item You forgot to insmod tun.o +@item You forgot to compile `Universal TUN/TAP driver' in the kernel +@end table + +@item Packet with destination 1.2.3.4 is looping back to us! +@table @bullet +@item Some host has an IP address range that overlaps with yours +Different hosts must have different IP ranges (as given with Subnet in +the host configuration files). tinc relies on this information to route +its data, so each IP address range must have exactly one host +associated. You will only see this message if you specified a debug +level of 5 or higher! +@end table + +@item Network address and subnet mask do not match! +@table @bullet +@item The Subnet field must contain a network address +If you only want to use one IP address, set the netmask to /32. +@end table + +@item This is a bug: net.c:253: 24: Some error +@table @bullet +@item This is something that should not have happened +Please report this, and tell us exactly what went wrong before you got +this message. In normal operation, these errors should not occur. +@end table + +@item Error reading RSA key file `rsa_key.priv': No such file or directory +@table @bullet +@item You must specify the complete pathname +Specifying a relative path does not make sense here. tinc changes its +directory to / when starting (to avoid keeping a mount point busy); and +even if we built in a default directory to look for these files, the key +files are bound to be in a different directory. +@end table + +@item Error reading RSA key file `fd47...8ceb': No such file or directory +@table @bullet +@item You specified the key here, not a pathname +In version 1.0pre3, you had to put your key here. This has changed, the +keys are now stored in separate files. This means you have to +regenerate these keys. +@end table + +@end table + @c ================================================================== +@node Technical information, About us, Running tinc, Top +@chapter Technical information + @menu * The Connection:: * Security:: @end menu + +@c ================================================================== @node The Connection, Security, Technical information, Technical information @section The basic philosophy of the way tinc works -@cindex Connection +@cindex connection tinc is a daemon that takes VPN data and transmit that to another host computer over the existing Internet infrastructure. @@ -1098,7 +1297,7 @@ meta-information doesn't get lost on the way to another computer. @cindex data-protocol @cindex meta-protocol Like with any communication, we must have a protocol, so that everybody -knows what everything stands for, an how he should react. Because we +knows what everything stands for, and how she should react. Because we have two connections, we also have two protocols. The protocol used for the UDP data is the ``data-protocol,'' the other one is the ``meta-protocol.'' @@ -1134,7 +1333,6 @@ don't take it too serious. * Key Types:: * Key Management:: * Authentication:: -* Protection:: @end menu @c ================================================================== @@ -1152,7 +1350,7 @@ the private key that matches the public key. So, a public key only allows @emph{other} people to send encrypted messages to you. This is very useful in setting up private communications channels. Just send out your public key and other people can talk to you in a secure way. But how can you know -the other person is who he says he is? +the other person is who she says she is? For authentication itself tinc uses symmetric private keypairs, referred to as a passphrase. The identity of each tinc daemon is defined by it's @@ -1200,7 +1398,7 @@ should be 2^129-1 or more. @c ================================================================== -@node Authentication, Protection, Key Management, Security +@node Authentication, , Key Management, Security @subsection Authentication @c FIXME: recheck @@ -1233,15 +1431,6 @@ identity of the person who owns the email address you are sending this to. Swapping floppy disks in real life might be the best way to do this! -@c ================================================================== -@node Protection, , Authentication, Security -@subsection Protecting your data - -Now we have securely hidden our data. But a malicious cracker may still -bother you by randomly altering the encrypted data he intercepts. - -@c FIXME what the hell is this all about? remove? IT - @c ================================================================== @node About us, Concept Index, Technical information, Top @chapter About us @@ -1281,9 +1470,10 @@ General obfuscater of the code. @end table -Thank you's to: Dekan, Emphyrio, vDong - -Greetings to: braque, Fluor, giggles, macro, smoke, tribbel +We have received a lot of valuable input from users. With their help, +tinc has become the flexible and robust tool that it is today. We have +composed a list of contributions, in the file called @file{THANKS} in +the source distribution. @c ================================================================== From 9267bed9f516244b00d5c86c8dae44b7eb78a96c Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 5 Dec 2000 08:56:44 +0000 Subject: [PATCH 291/923] Oops. I did some VERY wrong things with readline(). Fixed now. --- src/conf.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/src/conf.c b/src/conf.c index 272beb6a..e0cc11e5 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.32 2000/12/03 12:22:19 zarq Exp $ + $Id: conf.c,v 1.9.4.33 2000/12/05 08:56:44 zarq Exp $ */ #include "config.h" @@ -143,7 +143,7 @@ cp given, and buf needs to be expanded, the var pointed to by buflen will be increased. */ -char *readline(FILE *fp, char *buf, size_t *buflen) +char *readline(FILE *fp, char **buf, size_t *buflen) { char *newline = NULL; char *p; @@ -162,7 +162,7 @@ char *readline(FILE *fp, char *buf, size_t *buflen) if((buf != NULL) && (buflen != NULL)) { size = *buflen; - line = buf; + line = *buf; } else { @@ -206,7 +206,10 @@ char *readline(FILE *fp, char *buf, size_t *buflen) } if((buf != NULL) && (buflen != NULL)) - *buf = size; + { + *buflen = size; + *buf = line; + } return line; } @@ -216,7 +219,7 @@ char *readline(FILE *fp, char *buf, size_t *buflen) */ int read_config_file(config_t **base, const char *fname) { - int err = -1; + int err = -2; /* Parse error */ FILE *fp; char *buffer, *line; char *p, *q; @@ -233,7 +236,8 @@ cp for(;;) { - if((line = readline(fp, buffer, &bufsize)) == NULL) + + if((line = readline(fp, &buffer, &bufsize)) == NULL) { err = -1; break; @@ -297,7 +301,7 @@ int read_server_config() cp asprintf(&fname, "%s/tinc.conf", confbase); x = read_config_file(&config, fname); - if(x != 0) + if(x == -1) /* System error */ { fprintf(stderr, _("Failed to read `%s': %m\n"), fname); From 6327f32f43dc9109fad9952fd50a23876d0acaf0 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 5 Dec 2000 08:59:30 +0000 Subject: [PATCH 292/923] Tiny bits of code beautifying --- src/net.c | 12 ++++++------ src/protocol.c | 19 +++++++++++-------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/src/net.c b/src/net.c index d89c7c6f..ed00610d 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.86 2000/11/30 23:18:19 zarq Exp $ + $Id: net.c,v 1.35.4.87 2000/12/05 08:59:29 zarq Exp $ */ #include "config.h" @@ -386,9 +386,9 @@ int setup_tap_fd(void) const char *tapfname; config_t const *cfg; #ifdef HAVE_LINUX - #ifdef HAVE_TUNTAP +# ifdef HAVE_TUNTAP struct ifreq ifr; - #endif +# endif #endif cp @@ -397,11 +397,11 @@ cp else { #ifdef HAVE_LINUX - #ifdef HAVE_TUNTAP +# ifdef HAVE_TUNTAP tapfname = "/dev/misc/net/tun"; - #else +# else tapfname = "/dev/tap0"; - #endif +# endif #endif #ifdef HAVE_FREEBSD tapfname = "/dev/tap0"; diff --git a/src/protocol.c b/src/protocol.c index a46894d0..8a3d1c38 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.68 2000/11/30 23:18:21 zarq Exp $ + $Id: protocol.c,v 1.28.4.69 2000/12/05 08:59:30 zarq Exp $ */ #include "config.h" @@ -72,11 +72,12 @@ int check_id(char *id) for (i = 0; i < strlen(id); i++) if(!isalnum(id[i]) && id[i] != '_') return -1; - + return 0; } -/* Generic request routines - takes care of logging and error detection as well */ +/* Generic request routines - takes care of logging and error + detection as well */ int send_request(connection_t *cl, const char *format, ...) { @@ -85,8 +86,9 @@ int send_request(connection_t *cl, const char *format, ...) int len, request; cp - /* Use vsnprintf instead of vasprintf: faster, no memory fragmentation, cleanup is automatic, - and there is a limit on the input buffer anyway */ + /* Use vsnprintf instead of vasprintf: faster, no memory + fragmentation, cleanup is automatic, and there is a limit on the + input buffer anyway */ va_start(args, format); len = vsnprintf(buffer, MAXBUFSIZE, format, args); @@ -174,9 +176,10 @@ cp (H) SHA1, (E) Encrypted with symmetric cipher. - Part of the challenge is directly used to set the symmetric cipher key and the initial vector. - Since a man-in-the-middle cannot decrypt the RSA challenges, this means that he cannot get or - forge the key for the symmetric cipher. + Part of the challenge is directly used to set the symmetric cipher + key and the initial vector. Since a man-in-the-middle cannot + decrypt the RSA challenges, this means that he cannot get or forge + the key for the symmetric cipher. */ int send_id(connection_t *cl) From 1e38dcc3fa6c0da2fdb21f83a588338fa8a41818 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 5 Dec 2000 09:03:19 +0000 Subject: [PATCH 293/923] Install a file in /etc/modutils/tinc, containing all necessary aliases and options for kernel modules. --- debian/conffiles | 1 + debian/rules | 1 + debian/tinc.modules | 11 +++++++++++ 3 files changed, 13 insertions(+) create mode 100644 debian/tinc.modules diff --git a/debian/conffiles b/debian/conffiles index e2cc0633..e0faa785 100644 --- a/debian/conffiles +++ b/debian/conffiles @@ -1,4 +1,5 @@ /etc/tinc/example/tinc.conf /etc/tinc/example/tinc-down /etc/tinc/example/tinc-up +/etc/modutils/tinc /etc/init.d/tinc diff --git a/debian/rules b/debian/rules index a5b7b797..6a543ec7 100644 --- a/debian/rules +++ b/debian/rules @@ -62,6 +62,7 @@ binary-arch: build install dh_installexamples dh_installinit dh_installmanpages + dh_installmodules dh_installinfo dh_installchangelogs ChangeLog dh_link diff --git a/debian/tinc.modules b/debian/tinc.modules new file mode 100644 index 00000000..198e92ad --- /dev/null +++ b/debian/tinc.modules @@ -0,0 +1,11 @@ +alias char-major-36 netlink_dev + +alias tap0 ethertap +alias tap1 ethertap +alias tap2 ethertap +alias tap3 ethertap + +options tap0 -o tap0 -x unit=0 +options tap1 -o tap1 -x unit=1 +options tap2 -o tap2 -x unit=2 +options tap3 -o tap3 -x unit=3 From 4610d98c04641fce65747e07d65cbdd03fb6fe30 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 5 Dec 2000 09:03:41 +0000 Subject: [PATCH 294/923] Ported it back to /bin/sh. --- debian/init.d | 117 ++++++++++++++++++++++---------------------------- 1 file changed, 51 insertions(+), 66 deletions(-) diff --git a/debian/init.d b/debian/init.d index 109191b0..e3c55ed8 100644 --- a/debian/init.d +++ b/debian/init.d @@ -1,7 +1,7 @@ -#! /usr/bin/perl -w +#! /bin/sh # # System startup script for tinc -# $Id: init.d,v 1.14.2.3 2000/10/31 16:22:49 guus Exp $ +# $Id: init.d,v 1.14.2.4 2000/12/05 09:03:41 zarq Exp $ # # Based on Lubomir Bulej's Redhat init script. # @@ -11,71 +11,56 @@ # file. # -my $DAEMON="/usr/sbin/tincd"; -my $NAME="tinc"; -my $DESC="tinc daemons"; -my $TCONF="/etc/tinc"; -my $EXTRA=""; -my $NETSFILE="$TCONF/nets.boot"; -my @NETS=(); +DAEMON="/usr/sbin/tincd" +NAME="tinc" +DESC="tinc daemons" +TCONF="/etc/tinc" +EXTRA="" +NETSFILE="$TCONF/nets.boot" +NETS="" +test -f $DAEMON || exit 0 -if (! -f $DAEMON) { exit 0; } - - - -sub find_nets { - if(! open(FH, $NETSFILE)) { - warn "Please create $NETSFILE.\n"; - exit 0; - } - while () { - chomp; - if( /^[ ]*([^ \#]+)/i ) { - push(@NETS, "$1"); - } - } - if($#NETS == -1) { - warn "$NETSFILE doesn't contain any nets.\n"; - exit 0; - } - +find_nets () { + if [ ! -f $NETSFILE ] ; then + echo "Please create $NETSFILE." + exit 0 + fi + NETS="`egrep '^[ ]*[a-zA-Z0-9_]+[ ]*$' $NETSFILE`" } -if(!defined($ARGV[0])) { - die "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}\n"; -} - -if($ARGV[0] eq "start") { - find_nets; - print "Starting $DESC:"; - foreach $n (@NETS) { - print " $n"; - system("$DAEMON -n $_[0] $EXTRA"); - } - print ".\n"; -} elsif ($ARGV[0] eq "stop") { - find_nets; - print "Stopping $DESC:"; - foreach $n (@NETS) { - print " $n"; - system("$DAEMON -n $_[0] $EXTRA -k"); - } - print ".\n"; -} elsif ($ARGV[0] eq "restart" || $ARGV[0] eq "force-reload") { - find_nets; - print "Stopping $DESC:"; - foreach $n (@NETS) { - print " $n"; - system("$DAEMON -n $_[0] $EXTRA -k"); - } - print ".\n"; - print "Starting $DESC:"; - foreach $n (@NETS) { - print " $n"; - system("$DAEMON -n $_[0] $EXTRA"); - } - print ".\n"; -} else { - die "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}\n"; -} +case "$1" in + start) + find_nets + echo -n "Starting $DESC:" + for n in $NETS ; do + echo -n " $n" + $DAEMON -n $n $EXTRA + done + echo "." + ;; + stop) + find_nets + echo -n "Stopping $DESC:" + for n in $NETS ; do + echo -n " $n" + $DAEMON -n $n $EXTRA -k + done + echo "." + ;; + restart|force-reload) + find_nets + echo -n "Restarting $DESC:" + for n in $NETS ; do + echo -n " $n" + $DAEMON -n $n $EXTRA -k + sleep 1 + $DAEMON -n $n $EXTRA + done + echo "." + ;; + *) + echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" + exit 1 + ;; +esac From e50e4a54d6b40b988041a7e9bfdfbf708657f3a5 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 5 Dec 2000 09:04:32 +0000 Subject: [PATCH 295/923] Give a warning about having to re-create the keys --- debian/postinst | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/debian/postinst b/debian/postinst index 1debdae0..b7d022bc 100644 --- a/debian/postinst +++ b/debian/postinst @@ -1,7 +1,7 @@ #! /bin/sh # postinst script for tinc # -# $Id: postinst,v 1.6 2000/05/21 23:01:28 zarq Exp $ +# $Id: postinst,v 1.6.4.1 2000/12/05 09:04:32 zarq Exp $ # # see: dh_installdeb(1) @@ -42,6 +42,12 @@ case "$1" in if [ ! -e $NETSFILE ] ; then echo "## This file contains all names of the networks to be started on system startup." > $NETSFILE fi + + if fgrep -q PublicKey `find /etc/tinc -type f` ; then + echo "If you are upgrading from version 1.0pre3, make sure you" + echo "regenerate the host keys. For more information, refer to" + echo "/usr/share/doc/tinc/UPGRADING.txt." + fi ;; abort-upgrade|abort-remove|abort-deconfigure) From e469fca4d78e9d23698fe1e6b29b232198cc499e Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 6 Dec 2000 13:33:49 +0000 Subject: [PATCH 296/923] Re-introduced MyVirtualIP and VpnMask, as dummy options. --- src/conf.c | 5 ++++- src/conf.h | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/conf.c b/src/conf.c index e0cc11e5..0d6d4c2a 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.33 2000/12/05 08:56:44 zarq Exp $ + $Id: conf.c,v 1.9.4.34 2000/12/06 13:33:48 zarq Exp $ */ #include "config.h" @@ -63,10 +63,13 @@ static internal_config_t hazahaza[] = { { "Interface", config_interface, TYPE_NAME }, { "InterfaceIP", config_interfaceip, TYPE_IP }, { "KeyExpire", config_keyexpire, TYPE_INT }, + { "MyVirtualIP", config_dummy, TYPE_IP }, + { "MyOwnVPNIP", config_dummy, TYPE_IP }, { "Name", config_name, TYPE_NAME }, { "PingTimeout", config_pingtimeout, TYPE_INT }, { "PrivateKey", config_privatekey, TYPE_NAME }, { "TapDevice", config_tapdevice, TYPE_NAME }, + { "VpnMask", config_dummy, TYPE_IP }, /* Host configuration file keywords */ { "Address", config_address, TYPE_NAME }, { "IndirectData", config_indirectdata, TYPE_BOOL }, diff --git a/src/conf.h b/src/conf.h index 297dc42b..60dee5cd 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.17 2000/11/29 14:24:40 zarq Exp $ + $Id: conf.h,v 1.6.4.18 2000/12/06 13:33:49 zarq Exp $ */ #ifndef __TINC_CONF_H__ @@ -33,6 +33,7 @@ typedef struct ip_mask_t { } ip_mask_t; typedef enum which_t { + config_dummy = 0, config_name = 1, config_connectto, config_pingtimeout, From 8a4daf4ea7758270a47a358f43ad97a64eb1c3ff Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 22 Dec 2000 16:54:56 +0000 Subject: [PATCH 297/923] Various small changes. --- debian/Makefile.am | 3 ++- debian/changelog | 6 ++++-- debian/control | 6 +++--- debian/tinc-up | 9 ++++----- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/debian/Makefile.am b/debian/Makefile.am index 6bb365bb..0ed7907e 100644 --- a/debian/Makefile.am +++ b/debian/Makefile.am @@ -1,2 +1,3 @@ EXTRA_DIST = README.Debian changelog conffiles control copyright dirs \ - docs info init.d postinst rules doc-base.tinc + docs info init.d postinst rules doc-base.tinc tinc-up tinc-down \ + tinc.modules diff --git a/debian/changelog b/debian/changelog index 4e74eb74..fc830435 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,10 @@ -tinc (1.0pre3-2) unstable; urgency=low +tinc (1.0pre4-1) unstable; urgency=low + * New upstream version * Added universal tinc-up and tinc-down scripts + * - -- Ivo Timmermans Wed, 15 Nov 2000 23:26:56 +0100 + -- Ivo Timmermans Sun, 3 Dec 2000 13:24:10 +0100 tinc (1.0pre3-1) unstable; urgency=low diff --git a/debian/control b/debian/control index 43d6e428..0b6032c5 100644 --- a/debian/control +++ b/debian/control @@ -3,11 +3,11 @@ Section: non-US/main Priority: optional Maintainer: Ivo Timmermans Standards-Version: 3.0.1 -Build-Depends: libc6-dev, libssl095a-dev, autoconf (>= 2.12), - automake, debhelper, libtool, gettext +Build-Depends: libc6-dev, libssl096-dev, autoconf (>= 2.12), + automake, debhelper, gettext Package: tinc -Architecture: i386 +Architecture: i386 alpha Depends: ${shlibs:Depends}, ${perl:Depends} Description: Virtual Private Network daemon tinc is a daemon with which you can create a virtual private network diff --git a/debian/tinc-up b/debian/tinc-up index 0ca5ebe8..0e40d76a 100644 --- a/debian/tinc-up +++ b/debian/tinc-up @@ -1,7 +1,7 @@ #! /usr/bin/perl -w # # Device configuration script for tinc -# $Id: tinc-up,v 1.1.2.1 2000/11/24 16:52:57 zarq Exp $ +# $Id: tinc-up,v 1.1.2.2 2000/12/22 16:54:56 zarq Exp $ # # Based on Lubomir Bulej's Redhat init script. # @@ -42,8 +42,7 @@ sub vpn_load { } } if(!defined($DEV)) { - warn "tinc: There must be a TapDevice\n"; - return 0; + $DEV = "/dev/tap0"; } if($DEV eq "") { warn "tinc: TapDevice should be of the form /dev/tapN\n"; @@ -75,7 +74,7 @@ sub vpn_load { $ADR = pack('C4', @addr); $MSK = pack('N4', -1 << (32 - $LEN)); $BRD = join(".", unpack('C4', $ADR | ~$MSK)); - $MAC = "fe:fd:" . join(":", map { sprintf "%02x", $_ } unpack('C4', $ADR)); + $MAC = "fe:fd:00:00:00:00"; if(!defined($VPNMASK)) { $VPNMASK = $MSK; @@ -83,7 +82,7 @@ sub vpn_load { } $ADR = join(".", unpack('C4', $ADR)); $MSK = join(".", unpack('C4', $MSK)); - + 1; } From 37544990e96fe5ea161e644f6417f505d666cd00 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 22 Dec 2000 16:59:16 +0000 Subject: [PATCH 298/923] Include autogen.sh (needed for the Debian package). --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 33bd6c0f..a16fc0cb 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,7 +6,7 @@ SUBDIRS = m4 intl lib src doc po redhat debian ACLOCAL_AMFLAGS = -EXTRA_DIST = system.h ABOUT-NLS COPYING.README +EXTRA_DIST = system.h ABOUT-NLS COPYING.README autogen.sh CVS_CREATED = configure aclocal.m4 config.h.in config.guess \ config.sub install-sh ltconfig ltmain.sh missing mkinstalldirs \ From c5fac35c6ce9b9fcc47508810d69aeab83d08c25 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 22 Dec 2000 17:10:25 +0000 Subject: [PATCH 299/923] Forget router.c --- po/POTFILES.in | 1 - 1 file changed, 1 deletion(-) diff --git a/po/POTFILES.in b/po/POTFILES.in index 4abbbf84..a0744e1b 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -11,6 +11,5 @@ src/meta.c src/net.c src/netutl.c src/protocol.c -src/route.c src/subnet.c src/tincd.c From ecae72de94222302aa326888f70cfacdbd775b23 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 22 Dec 2000 17:15:26 +0000 Subject: [PATCH 300/923] Added lint target, requires lclint. --- src/Makefile.am | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Makefile.am b/src/Makefile.am index 185e5a06..27a891e1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.10 2000/11/22 16:19:06 zarq Exp $ +# $Id: Makefile.am,v 1.4.4.11 2000/12/22 17:15:26 zarq Exp $ sbin_PROGRAMS = tincd @@ -20,3 +20,6 @@ localedir = $(datadir)/locale CFLAGS = @CFLAGS@ -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"$(sysconfdir)\" \ -DLOCALEDIR=\"$(localedir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" + +lint: $(tincd_SOURCES) + lclint -nullassign -nullret +trytorecover +posixlib -skipansiheaders -skipposixheaders +gnuextensions -I/usr/include -I/usr/lib/gcc-lib/i386-linux/2.95.2/include -I. -I/home/zarq/p/tinc/cvs/cabal/src -I.. -I.. -I/home/zarq/p/tinc/cvs/cabal/lib -I/home/zarq/p/tinc/cvs/cabal/intl -D_POSIX_SOURCE -D__ELF__ -Dunix -D__i386__ -Dlinux -DHAVE_CONFIG_H -DPKGLIBDIR=/usr/local/lib/tinc -DCONFDIR=\"/usr/local/etc\" -DLOCALEDIR=\"/usr/local/share/locale\" $^ From e1707f7739f450c729e26b921e459d5da07602f9 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 22 Dec 2000 21:34:24 +0000 Subject: [PATCH 301/923] - Don't even think about using sscanf with %as anymore - Allow keys to be inside the config files or in a seperate file - Small fixes --- acconfig.h | 3 -- configure.in | 4 +- m4/gnuscanf.m4 | 25 ---------- src/conf.c | 13 +++-- src/conf.h | 4 +- src/net.c | 129 +++++++++++++++++++++++++++++++------------------ src/net.h | 4 +- src/protocol.c | 18 ++----- 8 files changed, 101 insertions(+), 99 deletions(-) delete mode 100644 m4/gnuscanf.m4 diff --git a/acconfig.h b/acconfig.h index 031a337b..7bb8efe1 100644 --- a/acconfig.h +++ b/acconfig.h @@ -64,6 +64,3 @@ /* Define to 1 if checkpoint tracing is enabled */ #undef ENABLE_TRACING - -/* Define to 1 if scanf and friends understand %as */ -#undef HAVE_SCANF_AS diff --git a/configure.in b/configure.in index 70b767f8..9d40f7af 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.28 2000/11/29 01:37:50 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.29 2000/12/22 21:34:19 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs) @@ -84,8 +84,6 @@ AC_CHECK_FUNC(gethostbyname, [], [ dnl These are defined in files in m4/ tinc_TUNTAP tinc_OPENSSL -tinc_SCANF_AS - dnl Check if checkpoint tracing has to be enabled AC_ARG_ENABLE(tracing, diff --git a/m4/gnuscanf.m4 b/m4/gnuscanf.m4 deleted file mode 100644 index fd8de464..00000000 --- a/m4/gnuscanf.m4 +++ /dev/null @@ -1,25 +0,0 @@ -dnl Check for a scanf that understands about %as as format specifier - -AC_DEFUN(tinc_SCANF_AS, -[ - AC_CACHE_CHECK([for a scanf that groks %as], tinc_cv_scanf_as, - [ - AC_TRY_RUN([ -/* Very naive program which will probably give a segmentation - fault if the sscanf doesn't work as expected. */ -#include -int main() { - char*s = NULL; - sscanf("string\n", "%as\n", &s); - if(s == NULL) - return 1; - return strcmp("string", s); -} - ], [tinc_cv_scanf_as="yes"], [tinc_cv_scanf_as="no"]) - ]) - -if test "$tinc_cv_scanf_as" = "yes" ; then - AC_DEFINE(HAVE_SCANF_AS) - AC_SUBST(HAVE_SCANF_AS) -fi -]) diff --git a/src/conf.c b/src/conf.c index 0d6d4c2a..3edcb302 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.34 2000/12/06 13:33:48 zarq Exp $ + $Id: conf.c,v 1.9.4.35 2000/12/22 21:34:20 guus Exp $ */ #include "config.h" @@ -68,6 +68,7 @@ static internal_config_t hazahaza[] = { { "Name", config_name, TYPE_NAME }, { "PingTimeout", config_pingtimeout, TYPE_INT }, { "PrivateKey", config_privatekey, TYPE_NAME }, + { "PrivateKeyFile", config_privatekeyfile, TYPE_NAME }, { "TapDevice", config_tapdevice, TYPE_NAME }, { "VpnMask", config_dummy, TYPE_IP }, /* Host configuration file keywords */ @@ -75,6 +76,7 @@ static internal_config_t hazahaza[] = { { "IndirectData", config_indirectdata, TYPE_BOOL }, { "Port", config_port, TYPE_INT }, { "PublicKey", config_publickey, TYPE_NAME }, + { "PublicKeyFile", config_publickeyfile, TYPE_NAME }, { "RestrictAddress", config_restrictaddress, TYPE_BOOL }, { "RestrictHosts", config_restricthosts, TYPE_BOOL }, { "RestrictPort", config_restrictport, TYPE_BOOL }, @@ -232,7 +234,10 @@ int read_config_file(config_t **base, const char *fname) cp if((fp = fopen (fname, "r")) == NULL) - return -1; + { + syslog(LOG_ERR, _("Cannot open config file %s: %m"), fname); + return -1; + } bufsize = 100; buffer = xmalloc(bufsize); @@ -273,7 +278,7 @@ cp if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#') { - fprintf(stderr, _("No value for variable `%s' on line %d while reading config file %s"), + syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), hazahaza[i].name, lineno, fname); break; } @@ -281,7 +286,7 @@ cp cfg = add_config_val(base, hazahaza[i].argtype, q); if(cfg == NULL) { - fprintf(stderr, _("Invalid value for variable `%s' on line %d while reading config file %s"), + syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"), hazahaza[i].name, lineno, fname); break; } diff --git a/src/conf.h b/src/conf.h index 60dee5cd..de527d25 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.18 2000/12/06 13:33:49 zarq Exp $ + $Id: conf.h,v 1.6.4.19 2000/12/22 21:34:20 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -39,6 +39,7 @@ typedef enum which_t { config_pingtimeout, config_tapdevice, config_privatekey, + config_privatekeyfile, config_keyexpire, config_hostnames, config_interface, @@ -46,6 +47,7 @@ typedef enum which_t { config_address, config_port, config_publickey, + config_publickeyfile, config_subnet, config_restricthosts, config_restrictsubnets, diff --git a/src/net.c b/src/net.c index ed00610d..cb32caba 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.87 2000/12/05 08:59:29 zarq Exp $ + $Id: net.c,v 1.35.4.88 2000/12/22 21:34:20 guus Exp $ */ #include "config.h" @@ -698,59 +698,89 @@ cp return 0; } -int read_rsa_public_key(RSA **key, const char *file) -{ - FILE *fp; - - if((fp = fopen(file, "r")) == NULL) - { - syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"), - file); - return -1; - } - if(PEM_read_RSAPublicKey(fp, key, NULL, NULL) == NULL) - { - syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), - file); - return -1; - } - - return 0; -} - -int read_rsa_private_key(RSA **key, const char *file) -{ - FILE *fp; - - if((fp = fopen(file, "r")) == NULL) - { - syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"), - file); - return -1; - } - if(PEM_read_RSAPrivateKey(fp, key, NULL, NULL) == NULL) - { - syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), - file); - return -1; - } - - return 0; -} - -int read_rsa_keys(void) +int read_rsa_public_key(connection_t *cl) { config_t const *cfg; + FILE *fp; + void *result; +cp + if(!cl->rsa_key) + cl->rsa_key = RSA_new(); - if(!(cfg = get_config_val(config, config_privatekey))) + if((cfg = get_config_val(cl->config, config_publickey))) { - syslog(LOG_ERR, _("Private key for tinc daemon required!")); + BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr); + BN_hex2bn(&cl->rsa_key->e, "FFFF"); + } + else if((cfg = get_config_val(cl->config, config_publickeyfile))) + { + if(is_safe_path(cfg->data.ptr)) + { + if((fp = fopen(cfg->data.ptr, "r")) == NULL) + { + syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"), + cfg->data.ptr); + return -1; + } + result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL); + fclose(fp); + if(!result) + { + syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %m"), + cfg->data.ptr); + return -1; + } + } + else + return -1; + } + else + { + syslog(LOG_ERR, _("No public key for %s specified!"), cl->name); return -1; } +cp + return 0; +} - myself->rsa_key = RSA_new(); +int read_rsa_private_key(void) +{ + config_t const *cfg; + FILE *fp; + void *result; +cp + if(!myself->rsa_key) + myself->rsa_key = RSA_new(); - return read_rsa_private_key(&(myself->rsa_key), cfg->data.ptr); + if((cfg = get_config_val(config, config_privatekey))) + { + BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr); + BN_hex2bn(&myself->rsa_key->e, "FFFF"); + } + else if((cfg = get_config_val(config, config_privatekeyfile))) + { + if((fp = fopen(cfg->data.ptr, "r")) == NULL) + { + syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"), + cfg->data.ptr); + return -1; + } + result = PEM_read_RSAPrivateKey(fp, &myself->rsa_key, NULL, NULL); + fclose(fp); + if(!result) + { + syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), + cfg->data.ptr); + return -1; + } + } + else + { + syslog(LOG_ERR, _("No private key for tinc daemon specified!")); + return -1; + } +cp + return 0; } /* @@ -782,7 +812,7 @@ cp return -1; } cp - if(read_rsa_keys()) + if(read_rsa_private_key()) return -1; if(read_host_config(myself)) @@ -790,6 +820,9 @@ cp syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); return -1; } + + if(read_rsa_public_key(myself)) + return -1; cp /* @@ -1159,7 +1192,7 @@ cp if(!cl) { - syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); return 0; } diff --git a/src/net.h b/src/net.h index 2ed8a9ce..27ba87c8 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.23 2000/11/30 23:18:21 zarq Exp $ + $Id: net.h,v 1.9.4.24 2000/12/22 21:34:23 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -128,6 +128,6 @@ extern void add_queue(packet_queue_t **, void *, size_t); # include #endif -extern int read_rsa_public_key(RSA **, const char *); +extern int read_rsa_public_key(connection_t *); #endif /* __TINC_NET_H__ */ diff --git a/src/protocol.c b/src/protocol.c index 8a3d1c38..57814fdd 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.69 2000/12/05 08:59:30 zarq Exp $ + $Id: protocol.c,v 1.28.4.70 2000/12/22 21:34:24 guus Exp $ */ #include "config.h" @@ -255,17 +255,9 @@ cp /* Read in the public key, so that we can send a challenge */ - if((cfg = get_config_val(cl->config, config_publickey))) - { - cl->rsa_key = RSA_new(); - if(read_rsa_public_key(&(cl->rsa_key), cfg->data.ptr) < 0) - return -1; - } - else - { - syslog(LOG_ERR, _("No public key known for %s (%s)"), cl->name, cl->hostname); - return -1; - } + if(read_rsa_public_key(cl)) + return -1; + cp return send_challenge(cl); } @@ -300,7 +292,7 @@ cp } /* Encrypt the random data */ - + if(RSA_public_encrypt(len, cl->hischallenge, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */ { syslog(LOG_ERR, _("Error during encryption of challenge for %s (%s)"), cl->name, cl->hostname); From 77509da76c61b881c9967bfb7cdafeaf6b56eb6d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 5 Jan 2001 23:50:56 +0000 Subject: [PATCH 302/923] - AVL tree routines: faster than RBL, and also more stable. --- lib/Makefile.am | 6 +- lib/avl_tree.c | 677 ++++++++++++++++++++++++++++++++++++++++++++++++ lib/avl_tree.h | 145 +++++++++++ 3 files changed, 825 insertions(+), 3 deletions(-) create mode 100644 lib/avl_tree.c create mode 100644 lib/avl_tree.h diff --git a/lib/Makefile.am b/lib/Makefile.am index 355493cd..f7f2798a 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,15 +1,15 @@ ## Process this file with automake to produce Makefile.in -# $Id: Makefile.am,v 1.2.4.5 2000/11/28 23:23:41 zarq Exp $ +# $Id: Makefile.am,v 1.2.4.6 2001/01/05 23:50:55 guus Exp $ noinst_LIBRARIES = libvpn.a INCLUDES = -I. -I$(top_builddir) -I$(top_srcdir)/intl -libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c rbl.c dropin.c +libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c avl_tree.c dropin.c libvpn_a_LIBADD = @LIBOBJS@ @ALLOCA@ libvpn_a_DEPENDENCIES = $(libvpn_a_LIBADD) -noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h rbl.h dropin.h +noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h avl_tree.h dropin.h EXTRA_DIST = README diff --git a/lib/avl_tree.c b/lib/avl_tree.c new file mode 100644 index 00000000..df7a0361 --- /dev/null +++ b/lib/avl_tree.c @@ -0,0 +1,677 @@ +/* + avl_tree.c -- avl_ tree and linked list convenience + Copyright (C) 1998 Michael H. Buselli + 2000 Ivo Timmermans , + 2000 Guus Sliepen + 2000 Wessel Dankers + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + Original AVL tree library by Michael H. Buselli . + + Modified 2000-11-28 by Wessel Dankers to use counts + instead of depths, to add the ->next and ->prev and to generally obfuscate + the code. Mail me if you found a bug. + + Cleaned up and incorporated some of the ideas from the red-black tree + library for inclusion into tinc (http://tinc.nl.linux.org) by + Guus Sliepen . + + $Id: avl_tree.c,v 1.1.2.1 2001/01/05 23:50:56 guus Exp $ +*/ + +#include +#include +#include + +#include "avl_tree.h" + +#ifdef AVL_COUNT +#define AVL_NODE_COUNT(n) ((n) ? (n)->count : 0) +#define AVL_L_COUNT(n) (AVL_NODE_COUNT((n)->left)) +#define AVL_R_COUNT(n) (AVL_NODE_COUNT((n)->right)) +#define AVL_CALC_COUNT(n) (AVL_L_COUNT(n) + AVL_R_COUNT(n) + 1) +#endif + +#ifdef AVL_DEPTH +#define AVL_NODE_DEPTH(n) ((n) ? (n)->depth : 0) +#define L_AVL_DEPTH(n) (AVL_NODE_DEPTH((n)->left)) +#define R_AVL_DEPTH(n) (AVL_NODE_DEPTH((n)->right)) +#define AVL_CALC_DEPTH(n) ((L_AVL_DEPTH(n)>R_AVL_DEPTH(n)?L_AVL_DEPTH(n):R_AVL_DEPTH(n)) + 1) +#endif + +#ifndef AVL_DEPTH +int lg(unsigned int u) +{ + int r = 1; + if (!u) + return 0; + if (u & 0xffff0000) + { + u >>= 16; + r += 16; + } + if (u & 0x0000ff00) + { + u >>= 8; + r += 8; + } + if (u & 0x000000f0) + { + u >>= 4; + r += 4; + } + if (u & 0x0000000c) + { + u >>= 2; + r += 2; + } + if (u & 0x00000002) + r++; + return r; +} +#endif + +/* Internal helper functions */ + +int avl_check_balance(avl_node_t *node) +{ +#ifdef AVL_DEPTH + int d; + d = R_AVL_DEPTH(node) - L_AVL_DEPTH(node); + return d < -1 ? -1 : d > 1 ? 1 : 0; +#else +/* int d; + * d = lg(AVL_R_COUNT(node)) - lg(AVL_L_COUNT(node)); + * d = d<-1?-1:d>1?1:0; + */ + int pl, r; + + pl = lg(AVL_L_COUNT(node)); + r = AVL_R_COUNT(node); + + if (r >> pl + 1) + return 1; + if (pl < 2 || r >> pl - 2) + return 0; + return -1; +#endif +} + +void avl_rebalance(avl_tree_t *tree, avl_node_t *node) +{ + avl_node_t *child; + avl_node_t *gchild; + avl_node_t *parent; + avl_node_t **superparent; + + parent = node; + + while (node) + { + parent = node->parent; + + superparent = parent ? node == parent->left ? &parent->left : &parent->right : &tree->root; + + switch (avl_check_balance(node)) + { + case -1: + child = node->left; +#ifdef AVL_DEPTH + if(L_AVL_DEPTH(child) >= R_AVL_DEPTH(child)) { +#else + if (AVL_L_COUNT(child) >= AVL_R_COUNT(child)) + { +#endif + node->left = child->right; + if (node->left) + node->left->parent = node; + child->right = node; + node->parent = child; + *superparent = child; + child->parent = parent; +#ifdef AVL_COUNT + node->count = AVL_CALC_COUNT(node); + child->count = AVL_CALC_COUNT(child); +#endif +#ifdef AVL_DEPTH + node->depth = AVL_CALC_DEPTH(node); + child->depth = AVL_CALC_DEPTH(child); +#endif + } else + { + gchild = child->right; + node->left = gchild->right; + if (node->left) + node->left->parent = node; + child->right = gchild->left; + if (child->right) + child->right->parent = child; + gchild->right = node; + if (gchild->right) + gchild->right->parent = gchild; + gchild->left = child; + if (gchild->left) + gchild->left->parent = gchild; + *superparent = gchild; + gchild->parent = parent; +#ifdef AVL_COUNT + node->count = AVL_CALC_COUNT(node); + child->count = AVL_CALC_COUNT(child); + gchild->count = AVL_CALC_COUNT(gchild); +#endif +#ifdef AVL_DEPTH + node->depth = AVL_CALC_DEPTH(node); + child->depth = AVL_CALC_DEPTH(child); + gchild->depth = AVL_CALC_DEPTH(gchild); +#endif + } + break; + case 1: + child = node->right; +#ifdef AVL_DEPTH + if(R_AVL_DEPTH(child) >= L_AVL_DEPTH(child)) { +#else + if (AVL_R_COUNT(child) >= AVL_L_COUNT(child)) + { +#endif + node->right = child->left; + if (node->right) + node->right->parent = node; + child->left = node; + node->parent = child; + *superparent = child; + child->parent = parent; +#ifdef AVL_COUNT + node->count = AVL_CALC_COUNT(node); + child->count = AVL_CALC_COUNT(child); +#endif +#ifdef AVL_DEPTH + node->depth = AVL_CALC_DEPTH(node); + child->depth = AVL_CALC_DEPTH(child); +#endif + } else + { + gchild = child->left; + node->right = gchild->left; + if (node->right) + node->right->parent = node; + child->left = gchild->right; + if (child->left) + child->left->parent = child; + gchild->left = node; + if (gchild->left) + gchild->left->parent = gchild; + gchild->right = child; + if (gchild->right) + gchild->right->parent = gchild; + *superparent = gchild; + gchild->parent = parent; +#ifdef AVL_COUNT + node->count = AVL_CALC_COUNT(node); + child->count = AVL_CALC_COUNT(child); + gchild->count = AVL_CALC_COUNT(gchild); +#endif +#ifdef AVL_DEPTH + node->depth = AVL_CALC_DEPTH(node); + child->depth = AVL_CALC_DEPTH(child); + gchild->depth = AVL_CALC_DEPTH(gchild); +#endif + } + break; + default: +#ifdef AVL_COUNT + node->count = AVL_CALC_COUNT(node); +#endif +#ifdef AVL_DEPTH + node->depth = AVL_CALC_DEPTH(node); +#endif + } + node = parent; + } +} + +/* (De)constructors */ + +avl_tree_t *avl_alloc_tree(avl_compare_t compare, avl_action_t delete) +{ + avl_tree_t *tree; + + tree = xmalloc_and_zero(sizeof(avl_tree_t)); + tree->compare = compare; + tree->delete = delete; + + return tree; +} + +void avl_free_tree(avl_tree_t *tree) +{ + free(tree); +} + +avl_node_t *avl_alloc_node(void) +{ + avl_node_t *node; + + node = xmalloc_and_zero(sizeof(avl_node_t)); + + return node; +} + +void avl_free_node(avl_tree_t *tree, avl_node_t *node) +{ + if(node->data && tree->delete) + tree->delete(node->data); + free(node); +} + +/* Searching */ + +void *avl_search(const avl_tree_t *tree, const void *data) +{ + avl_node_t *node; + + node = avl_search_node(tree, data); + + return node?node->data:NULL; +} + +void *avl_search_closest(const avl_tree_t *tree, const void *data, int *result) +{ + avl_node_t *node; + + node = avl_search_closest_node(tree, data, result); + + return node?node->data:NULL; +} + +void *avl_search_closest_smaller(const avl_tree_t *tree, const void *data) +{ + avl_node_t *node; + + node = avl_search_closest_smaller_node(tree, data); + + return node?node->data:NULL; +} + +void *avl_search_closest_greater(const avl_tree_t *tree, const void *data) +{ + avl_node_t *node; + + node = avl_search_closest_greater_node(tree, data); + + return node?node->data:NULL; +} + +avl_node_t *avl_search_node(const avl_tree_t *tree, const void *data) +{ + avl_node_t *node; + int result; + + node = avl_search_closest_node(tree, data, &result); + + return result?NULL:node; +} + +avl_node_t *avl_search_closest_node(const avl_tree_t *tree, const void *data, int *result) +{ + avl_node_t *node; + int c; + + node = tree->root; + + if (!node) + { + if(result) + *result = 0; + return NULL; + } + + for (;;) + { + c = tree->compare(data, node->data); + + if (c < 0) + { + if (node->left) + node = node->left; + else + { + if(result) + *result = -1; + break; + } + } + else if (c > 0) + { + if (node->right) + node = node->right; + else + { + if(result) + *result = 1; + break; + } + } + else + { + if(result) + *result = 0; + break; + } + } + + return node; +} + +avl_node_t *avl_search_closest_smaller_node(const avl_tree_t *tree, const void *data) +{ + avl_node_t *node; + int result; + + node = avl_search_closest_node(tree, data, &result); + + if(result > 0) + node = node->prev; + + return node; +} + +avl_node_t *avl_search_closest_greater_node(const avl_tree_t *tree, const void *data) +{ + avl_node_t *node; + int result; + + node = avl_search_closest_node(tree, data, &result); + + if(result < 0) + node = node->next; + + return node; +} + +/* Insertion and deletion */ + +avl_node_t *avl_insert(avl_tree_t *tree, void *data) +{ + avl_node_t *node; + + node = avl_alloc_node(); + node->data = data; + + return avl_insert_node(tree, node); +} + +avl_node_t *avl_insert_node(avl_tree_t *tree, avl_node_t *node) +{ + avl_node_t *closest; + int result; + + if (!tree->root) + avl_insert_top(tree, node); + else + { + closest = avl_search_closest_node(tree, node->data, &result); + switch(result) + { + case -1: + avl_insert_before(tree, closest, node); + break; + case 1: + avl_insert_after(tree, closest, node); + break; + case 0: + return closest; + } + } + +#ifdef AVL_COUNT + node->count = 1; +#endif +#ifdef AVL_DEPTH + node->depth = 1; +#endif + + return node; +} + +void avl_insert_top(avl_tree_t *tree, avl_node_t *node) +{ + node->prev = node->next = node->parent = NULL; + tree->head = tree->tail = tree->root = node; +} + +void avl_insert_before(avl_tree_t *tree, avl_node_t *before, avl_node_t *node) +{ + if (!before) + return tree->tail ? avl_insert_after(tree, tree->tail, node) : avl_insert_top(tree, node); + + node->next = before; + node->parent = before; + node->prev = before->prev; + + if (before->prev) + before->prev->next = node; + else + tree->head = node; + + before->prev = node; + before->left = node; + + avl_rebalance(tree, before->parent); +} + +void avl_insert_after(avl_tree_t *tree, avl_node_t *after, avl_node_t *node) +{ + if (!after) + return tree->head ? avl_insert_before(tree, tree->head, node) : avl_insert_top(tree, node); + + node->prev = after; + node->parent = after; + node->next = after->next; + + if (after->next) + after->next->prev = node; + else + tree->tail = node; + + after->next = node; + after->right = node; + + avl_rebalance(tree, after->parent); +} + +avl_node_t *avl_unlink(avl_tree_t *tree, void *data) +{ + avl_node_t *node; + + node = avl_search_node(tree, data); + + if(node) + avl_unlink_node(tree, node); + + return node; +} + +void avl_unlink_node(avl_tree_t *tree, avl_node_t *node) +{ + avl_node_t *parent; + avl_node_t **superparent; + avl_node_t *subst, *left, *right; + avl_node_t *balnode; + + if (node->prev) + node->prev->next = node->next; + else + tree->head = node->next; + if (node->next) + node->next->prev = node->prev; + else + tree->tail = node->prev; + + parent = node->parent; + + superparent = parent ? node == parent->left ? &parent->left : &parent->right : &tree->root; + + left = node->left; + right = node->right; + if (!left) + { + *superparent = right; + if (right) + right->parent = parent; + balnode = parent; + } else if (!right) + { + *superparent = left; + left->parent = parent; + balnode = parent; + } else + { + subst = node->prev; + if (subst == left) + { + balnode = subst; + } else + { + balnode = subst->parent; + balnode->right = subst->left; + if (balnode->right) + balnode->right->parent = balnode; + subst->left = left; + left->parent = subst; + } + subst->right = right; + subst->parent = parent; + right->parent = subst; + *superparent = subst; + } + + avl_rebalance(tree, balnode); +} + +void avl_delete_node(avl_tree_t *tree, avl_node_t *node) +{ + avl_unlink_node(tree, node); + avl_free_node(tree, node); +} + +void avl_delete(avl_tree_t *tree, void *data) +{ + avl_node_t *node; + + node = avl_search_node(tree, data); + + if (node) + avl_delete_node(tree, node); +} + +/* Fast tree cleanup */ + +void avl_delete_tree(avl_tree_t *tree) +{ + avl_node_t *node, *next; + + for(node = tree->root; node; node = next) + { + next = node->next; + avl_free_node(tree, node); + } + + avl_free_tree(tree); +} + +/* Tree walking */ + +void avl_foreach(avl_tree_t *tree, avl_action_t action) +{ + avl_node_t *node, *next; + + for(node = tree->head; node; node = next) + { + next = node->next; + action(node->data); + } +} + +void avl_foreach_node(avl_tree_t *tree, avl_action_t action) +{ + avl_node_t *node, *next; + + for(node = tree->head; node; node = next) + { + next = node->next; + action(node); + } +} + +/* Indexing */ + +#ifdef AVL_COUNT +unsigned int avl_count(avl_tree_t *tree) +{ + return AVL_NODE_COUNT(tree->root); +} + +avl_node_t *avl_get_node(const avl_tree_t *tree, unsigned int index) +{ + avl_node_t *node; + unsigned int c; + + node = tree->root; + + while (node) + { + c = AVL_L_COUNT(node); + + if (index < c) + { + node = node->left; + } else if (index > c) + { + node = node->right; + index -= c + 1; + } else + { + return node; + } + } + + return NULL; +} + +unsigned int avl_index(const avl_node_t *node) +{ + avl_node_t *next; + unsigned int index; + + index = AVL_L_COUNT(node); + + while ((next = node->parent)) + { + if (node == next->right) + index += AVL_L_COUNT(next) + 1; + node = next; + } + + return index; +} +#endif +#ifdef AVL_DEPTH +unsigned int avl_depth(avl_tree_t *tree) +{ + return AVL_NODE_DEPTH(tree->root); +} +#endif diff --git a/lib/avl_tree.h b/lib/avl_tree.h new file mode 100644 index 00000000..6e07b92b --- /dev/null +++ b/lib/avl_tree.h @@ -0,0 +1,145 @@ +/* + avl_tree.h -- header file for avl_tree.c + Copyright (C) 1998 Michael H. Buselli + 2000 Ivo Timmermans , + 2000 Guus Sliepen + 2000 Wessel Dankers + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + + Original AVL tree library by Michael H. Buselli . + + Modified 2000-11-28 by Wessel Dankers to use counts + instead of depths, to add the ->next and ->prev and to generally obfuscate + the code. Mail me if you found a bug. + + Cleaned up and incorporated some of the ideas from the red-black tree + library for inclusion into tinc (http://tinc.nl.linux.org) by + Guus Sliepen . + + $Id: avl_tree.h,v 1.1.2.1 2001/01/05 23:50:56 guus Exp $ +*/ + + +#ifndef __AVL_TREE_H__ +#define __AVL_TREE_H__ + +#ifndef AVL_DEPTH + #ifndef AVL_COUNT + #define AVL_DEPTH + #endif +#endif + +typedef struct avl_node_t { + + /* Linked list part */ + + struct avl_node_t *next; + struct avl_node_t *prev; + + /* Tree part */ + + struct avl_node_t *parent; + struct avl_node_t *left; + struct avl_node_t *right; + +#ifdef AVL_COUNT + unsigned int count; +#endif +#ifdef AVL_DEPTH + unsigned char depth; +#endif + + /* Payload */ + + void *data; + +} avl_node_t; + +typedef int (*avl_compare_t) (const void *, const void *); +typedef void (*avl_action_t) (const void *); +typedef void (*avl_action_node_t) (const avl_node_t *); + +typedef struct avl_tree_t { + + /* Linked list part */ + + avl_node_t *head; + avl_node_t *tail; + + /* Tree part */ + + avl_node_t *root; + + avl_compare_t compare; + avl_action_t delete; + +} avl_tree_t; + +/* (De)constructors */ + +extern avl_tree_t *avl_alloc_tree(avl_compare_t, avl_action_t); +extern void avl_free_tree(avl_tree_t *); + +extern avl_node_t *avl_alloc_node(void); +extern void avl_free_node(avl_tree_t *tree, avl_node_t *); + +/* Insertion and deletion */ + +extern avl_node_t *avl_insert(avl_tree_t *, void *); +extern avl_node_t *avl_insert_node(avl_tree_t *, avl_node_t *); + +extern void avl_insert_top(avl_tree_t *, avl_node_t *); +extern void avl_insert_before(avl_tree_t *, avl_node_t *, avl_node_t *); +extern void avl_insert_after(avl_tree_t *, avl_node_t *, avl_node_t *); + +extern avl_node_t *avl_unlink(avl_tree_t *, void *); +extern void avl_unlink_node(avl_tree_t *tree, avl_node_t *); +extern void avl_delete(avl_tree_t *, void *); +extern void avl_delete_node(avl_tree_t *, avl_node_t *); + +/* Fast tree cleanup */ + +extern void avl_delete_tree(avl_tree_t *); + +/* Searching */ + +extern void *avl_search(const avl_tree_t *, const void *); +extern void *avl_search_closest(const avl_tree_t *, const void *, int *); +extern void *avl_search_closest_smaller(const avl_tree_t *, const void *); +extern void *avl_search_closest_greater(const avl_tree_t *, const void *); + +extern avl_node_t *avl_search_node(const avl_tree_t *, const void *); +extern avl_node_t *avl_search_closest_node(const avl_tree_t *, const void *, int *); +extern avl_node_t *avl_search_closest_smaller_node(const avl_tree_t *, const void *); +extern avl_node_t *avl_search_closest_greater_node(const avl_tree_t *, const void *); + +/* Tree walking */ + +extern void avl_foreach(avl_tree_t *, avl_action_t); +extern void avl_foreach_node(avl_tree_t *, avl_action_t); + +/* Indexing */ + +#ifdef AVL_COUNT +extern unsigned int avl_count(avl_tree_t *); +extern avl_node_t *avl_get_node(const avl_tree_t *, unsigned int); +extern unsigned int avl_index(const avl_node_t *); +#endif +#ifdef AVL_DEPTH +extern unsigned int avl_depth(avl_tree_t *); +#endif + +#endif /* __AVL_TREE_H__ */ From 052fbc0bdf36e0dbe2a0867ce770d426c9a44841 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 5 Jan 2001 23:51:41 +0000 Subject: [PATCH 303/923] - Doubled size of trace buffer for easier debugging. --- lib/utils.c | 28 ++++++++++++++++++---------- lib/utils.h | 2 +- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/lib/utils.c b/lib/utils.c index 8e460f4a..be3126dc 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -30,8 +30,8 @@ #include #ifdef ENABLE_TRACING -volatile int (cp_line[]) = {0, 0, 0, 0, 0, 0, 0, 0}; -volatile char (*cp_file[]) = {"?", "?", "?", "?", "?", "?", "?", "?"}; +volatile int (cp_line[]) = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; +volatile char (*cp_file[]) = {"?", "?", "?", "?", "?", "?", "?", "?", "?", "?", "?", "?", "?", "?", "?", "?"}; volatile int cp_index = 0; #endif @@ -66,14 +66,22 @@ void bin2hex(char *src, char *dst, int length) #ifdef ENABLE_TRACING void cp_trace() { - syslog(LOG_DEBUG, "Checkpoint trace: %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d ...", - cp_file[(cp_index+7)%8], cp_line[(cp_index+7)%8], - cp_file[(cp_index+6)%8], cp_line[(cp_index+6)%8], - cp_file[(cp_index+5)%8], cp_line[(cp_index+5)%8], - cp_file[(cp_index+4)%8], cp_line[(cp_index+4)%8], - cp_file[(cp_index+3)%8], cp_line[(cp_index+3)%8], - cp_file[(cp_index+2)%8], cp_line[(cp_index+2)%8], - cp_file[(cp_index+1)%8], cp_line[(cp_index+1)%8], + syslog(LOG_DEBUG, "Checkpoint trace: %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d...", + cp_file[(cp_index+15)%16], cp_line[(cp_index+15)%16], + cp_file[(cp_index+14)%16], cp_line[(cp_index+14)%16], + cp_file[(cp_index+13)%16], cp_line[(cp_index+13)%16], + cp_file[(cp_index+12)%16], cp_line[(cp_index+12)%16], + cp_file[(cp_index+11)%16], cp_line[(cp_index+11)%16], + cp_file[(cp_index+10)%16], cp_line[(cp_index+10)%16], + cp_file[(cp_index+9)%16], cp_line[(cp_index+9)%16], + cp_file[(cp_index+8)%16], cp_line[(cp_index+8)%16], + cp_file[(cp_index+7)%16], cp_line[(cp_index+7)%16], + cp_file[(cp_index+6)%16], cp_line[(cp_index+6)%16], + cp_file[(cp_index+5)%16], cp_line[(cp_index+5)%16], + cp_file[(cp_index+4)%16], cp_line[(cp_index+4)%16], + cp_file[(cp_index+3)%16], cp_line[(cp_index+3)%16], + cp_file[(cp_index+2)%16], cp_line[(cp_index+2)%16], + cp_file[(cp_index+1)%16], cp_line[(cp_index+1)%16], cp_file[cp_index], cp_line[cp_index] ); } diff --git a/lib/utils.h b/lib/utils.h index 0fa5de3e..2507e7d3 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -43,7 +43,7 @@ extern volatile char *cp_file[]; extern volatile int cp_index; extern void cp_trace(void); - #define cp { cp_line[cp_index] = __LINE__; cp_file[cp_index] = __FILE__; cp_index++; cp_index %= 8; } + #define cp { cp_line[cp_index] = __LINE__; cp_file[cp_index] = __FILE__; cp_index++; cp_index %= 16; } #define ecp { fprintf(stderr, "Explicit checkpoint in %s line %d\n", __FILE__, __LINE__); } #else #define cp From e924096f62655d711cd2d114a8d1ef0fecbb593b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 5 Jan 2001 23:53:53 +0000 Subject: [PATCH 304/923] - Let user choose whether keys are in the config files or separate - Use AVL trees instead of RBL trees - Fixed a lot of annoying subtle bugs! Thanks to gdb... --- src/conf.c | 33 +++++++------ src/conf.h | 4 +- src/connection.c | 46 +++++++++--------- src/connection.h | 10 ++-- src/meta.c | 9 ++-- src/net.c | 72 +++++++++++++++++----------- src/process.c | 4 +- src/protocol.c | 61 +++++++++++++----------- src/route.c | 119 +++++++++++++++++++++++++++++------------------ src/subnet.c | 47 +++++++++---------- src/subnet.h | 8 ++-- src/tincd.c | 12 +++-- 12 files changed, 245 insertions(+), 180 deletions(-) diff --git a/src/conf.c b/src/conf.c index 3edcb302..5aaa22a0 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,12 +19,11 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.35 2000/12/22 21:34:20 guus Exp $ + $Id: conf.c,v 1.9.4.36 2001/01/05 23:53:49 guus Exp $ */ #include "config.h" -#include #include #include #include @@ -35,6 +34,7 @@ #include #include #include +#include #include #include /* for cp */ @@ -311,7 +311,7 @@ cp x = read_config_file(&config, fname); if(x == -1) /* System error */ { - fprintf(stderr, _("Failed to read `%s': %m\n"), + syslog(LOG_ERR, _("Failed to read `%s': %m"), fname); } free(fname); @@ -358,7 +358,7 @@ int isadir(const char* f) if(stat(f, &s) < 0) { - fprintf(stderr, _("Couldn't stat `%s': %m\n"), + syslog(LOG_ERR, _("Couldn't stat `%s': %m"), f); return -1; } @@ -371,24 +371,29 @@ int is_safe_path(const char *file) char *p; struct stat s; + if(*file != '/') + { + syslog(LOG_ERR, _("`%s' is not an absolute path"), file); + return 0; + } + p = strrchr(file, '/'); - assert(p); /* p has to contain a / */ *p = '\0'; if(stat(file, &s) < 0) { - fprintf(stderr, _("Couldn't stat `%s': %m\n"), + syslog(LOG_ERR, _("Couldn't stat `%s': %m"), file); return 0; } if(s.st_uid != geteuid()) { - fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"), + syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), file, s.st_uid, geteuid()); return 0; } if(S_ISLNK(s.st_mode)) { - fprintf(stderr, _("Warning: `%s' is a symlink\n"), + syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), file); /* fixme: read the symlink and start again */ } @@ -396,7 +401,7 @@ int is_safe_path(const char *file) *p = '/'; if(stat(file, &s) < 0 && errno != ENOENT) { - fprintf(stderr, _("Couldn't stat `%s': %m\n"), + syslog(LOG_ERR, _("Couldn't stat `%s': %m"), file); return 0; } @@ -404,20 +409,20 @@ int is_safe_path(const char *file) return 1; if(s.st_uid != geteuid()) { - fprintf(stderr, _("`%s' is owned by UID %d instead of %d.\n"), + syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), file, s.st_uid, geteuid()); return 0; } if(S_ISLNK(s.st_mode)) { - fprintf(stderr, _("Warning: `%s' is a symlink\n"), + syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), file); /* fixme: read the symlink and start again */ } if(s.st_mode & 0007) { /* Accessible by others */ - fprintf(stderr, _("`%s' has unsecure permissions.\n"), + syslog(LOG_ERR, _("`%s' has unsecure permissions"), file); return 0; } @@ -445,12 +450,14 @@ FILE *ask_and_safe_open(const char* filename, const char* what) /* Ask for a file and/or directory name. */ fprintf(stdout, _("Please enter a file to save %s to [%s]: "), what, filename); - fflush(stdout); /* Don't wait for a newline */ + fflush(stdout); + if((fn = readline(stdin, NULL, NULL)) == NULL) { fprintf(stderr, _("Error while reading stdin: %m\n")); return NULL; } + if(strlen(fn) == 0) /* User just pressed enter. */ fn = xstrdup(filename); diff --git a/src/conf.h b/src/conf.h index de527d25..00fbcb19 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.19 2000/12/22 21:34:20 guus Exp $ + $Id: conf.h,v 1.6.4.20 2001/01/05 23:53:49 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -63,7 +63,7 @@ typedef struct config_t { int argtype; union data { unsigned long val; - void *ptr; + char *ptr; ip_mask_t *ip; struct config_t *next; /* For nested configs! */ } data; diff --git a/src/connection.c b/src/connection.c index 7f48697d..59ff1201 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.6 2000/11/24 23:13:01 guus Exp $ + $Id: connection.c,v 1.1.2.7 2001/01/05 23:53:49 guus Exp $ */ #include "config.h" @@ -25,7 +25,7 @@ #include #include -#include +#include #include "net.h" /* Don't ask. */ #include "netutl.h" @@ -39,8 +39,10 @@ /* Root of the connection list */ -rbltree_t *connection_tree; -rbltree_t *id_tree; +avl_tree_t *connection_tree; +avl_tree_t *id_tree; + +/* Pointer to connection describing myself */ connection_t *myself = NULL; @@ -49,6 +51,7 @@ connection_t *myself = NULL; int connection_compare(connection_t *a, connection_t *b) { ipv4_t result; + result = a->address - b->address; if(result) return result; @@ -63,8 +66,8 @@ int id_compare(connection_t *a, connection_t *b) void init_connections(void) { - connection_tree = new_rbltree((rbl_compare_t)connection_compare, (rbl_action_t)free_connection); - id_tree = new_rbltree((rbl_compare_t)id_compare, NULL); + connection_tree = avl_alloc_tree((avl_compare_t)connection_compare, (avl_action_t)free_connection); + id_tree = avl_alloc_tree((avl_compare_t)id_compare, NULL); } /* Creation and deletion of connection elements */ @@ -73,7 +76,7 @@ connection_t *new_connection(void) { connection_t *p = (connection_t *)xmalloc_and_zero(sizeof(*p)); cp - p->subnet_tree = new_rbltree((rbl_compare_t)subnet_compare, NULL); + p->subnet_tree = avl_alloc_tree((avl_compare_t)subnet_compare, NULL); cp return p; } @@ -106,12 +109,13 @@ cp */ void prune_connection_tree(void) { - rbl_t *rbl; + avl_node_t *node, *next; connection_t *cl; cp - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = next) { - cl = (connection_t *) rbl->data; + next = node->next; + cl = (connection_t *)node->data; if(cl->status.remove) connection_del(cl); } @@ -124,8 +128,8 @@ cp void destroy_connection_tree(void) { cp - rbl_delete_rbltree(id_tree); - rbl_delete_rbltree(connection_tree); + avl_delete_tree(id_tree); + avl_delete_tree(connection_tree); cp } @@ -134,22 +138,22 @@ cp void connection_add(connection_t *cl) { cp - rbl_insert(connection_tree, cl); + avl_insert(connection_tree, cl); cp } void id_add(connection_t *cl) { cp - rbl_insert(id_tree, cl); + avl_insert(id_tree, cl); cp } void connection_del(connection_t *cl) { cp - rbl_delete(id_tree, cl); - rbl_delete(connection_tree, cl); + avl_delete(id_tree, cl); + avl_delete(connection_tree, cl); cp } @@ -162,7 +166,7 @@ cp cl.address = address; cl.port = port; - return rbl_search(connection_tree, &cl); + return avl_search(connection_tree, &cl); } connection_t *lookup_id(char *name) @@ -170,7 +174,7 @@ connection_t *lookup_id(char *name) connection_t cl, *p; cp cl.name = name; - p = rbl_search(id_tree, &cl); + p = avl_search(id_tree, &cl); if(p && p->status.active) return p; else @@ -181,7 +185,7 @@ cp void dump_connection_list(void) { - rbl_t *rbl; + avl_node_t *node; connection_t *cl; cp syslog(LOG_DEBUG, _("Connection list:")); @@ -190,9 +194,9 @@ cp myself->name, myself->hostname, myself->port, myself->flags, myself->socket, myself->meta_socket, myself->status); - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - cl = (connection_t *)rbl->data; + cl = (connection_t *)node->data; syslog(LOG_DEBUG, _(" %s at %s port %hd flags %d sockets %d, %d status %04x"), cl->name, cl->hostname, cl->port, cl->flags, cl->socket, cl->meta_socket, cl->status); diff --git a/src/connection.h b/src/connection.h index e7397810..195cb1bb 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,13 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.3 2000/11/22 22:18:03 guus Exp $ + $Id: connection.h,v 1.1.2.4 2001/01/05 23:53:49 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ #define __TINC_CONNECTION_H__ -#include +#include #include "config.h" @@ -66,8 +66,8 @@ typedef struct connection_t { char *name; /* name of this connection */ ipv4_t address; /* his real (internet) ip */ char *hostname; /* the hostname of its real ip */ - short unsigned int port; /* his portnumber */ int protocol_version; /* used protocol */ + short unsigned int port; /* port number for UDP traffic */ long unsigned int options; /* options turned on for this connection */ int flags; /* his flags */ @@ -100,12 +100,12 @@ typedef struct connection_t { struct connection_t *nexthop; /* nearest meta-hop in this direction */ - rbltree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this connection */ + avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this connection */ struct config_t *config; /* Pointer to configuration tree belonging to this host */ } connection_t; -extern rbltree_t *connection_tree; +extern avl_tree_t *connection_tree; extern connection_t *myself; extern void init_connections(void); diff --git a/src/meta.c b/src/meta.c index 289d0b87..14a3c1d0 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,11 +17,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.12 2000/11/20 19:12:12 guus Exp $ + $Id: meta.c,v 1.1.2.13 2001/01/05 23:53:49 guus Exp $ */ #include "config.h" #include +#include #include #include @@ -74,12 +75,12 @@ cp void broadcast_meta(connection_t *cl, char *buffer, int length) { - rbl_t *rbl; + avl_node_t *node; connection_t *p; cp - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p != cl && p->status.meta && p->status.active) send_meta(p, buffer, length); } diff --git a/src/net.c b/src/net.c index cb32caba..a42ebce4 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.88 2000/12/22 21:34:20 guus Exp $ + $Id: net.c,v 1.35.4.89 2001/01/05 23:53:49 guus Exp $ */ #include "config.h" @@ -71,6 +71,7 @@ #include #include +#include #include "conf.h" #include "connection.h" @@ -165,7 +166,7 @@ cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"), - outpkt.len, outlen); + outpkt.len); /* Fix mac address */ @@ -320,7 +321,7 @@ int send_packet(ip_t to, vpn_packet_t *packet) connection_t *cl; subnet_t *subnet; cp - if((subnet = lookup_subnet_ipv4(to)) == NULL) + if((subnet = lookup_subnet_ipv4(&to)) == NULL) { if(debug_lvl >= DEBUG_TRAFFIC) { @@ -607,6 +608,19 @@ cp return -1; } + /* Bind first to get a fix on our source port */ + + a.sin_family = AF_INET; + a.sin_port = htons(0); + a.sin_addr.s_addr = htonl(INADDR_ANY); + + if(bind(cl->meta_socket, (struct sockaddr *)&a, sizeof(struct sockaddr))) + { + close(cl->meta_socket); + syslog(LOG_ERR, _("System call `%s' failed: %m"), "bind"); + return -1; + } + a.sin_family = AF_INET; a.sin_port = htons(cl->port); a.sin_addr.s_addr = htonl(cl->address); @@ -656,14 +670,14 @@ cp if(read_host_config(ncn)) { - syslog(LOG_ERR, _("Error reading host configuration file for %s")); + syslog(LOG_ERR, _("Error reading host configuration file for %s"), ncn->name); free_connection(ncn); return -1; } if(!(cfg = get_config_val(ncn->config, config_address))) { - syslog(LOG_ERR, _("No address specified for %s")); + syslog(LOG_ERR, _("No address specified for %s"), ncn->name); free_connection(ncn); return -1; } @@ -876,7 +890,7 @@ cp syslog(LOG_ERR, _("Unable to set up a listening UDP socket!")); return -1; } - +cp /* Generate packet encryption key */ myself->cipher_pkttype = EVP_bf_cfb(); @@ -892,9 +906,9 @@ cp keylifetime = cfg->data.val; keyexpires = time(NULL) + keylifetime; - +cp /* Activate ourselves */ - + myself->status.active = 1; syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port); @@ -991,12 +1005,12 @@ cp */ void close_network_connections(void) { - rbl_t *rbl; + avl_node_t *node; connection_t *p; cp - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; p->status.active = 0; terminate_connection(p); } @@ -1117,6 +1131,7 @@ cp p->name = unknown; p->address = ntohl(ci.sin_addr.s_addr); p->hostname = hostlookup(ci.sin_addr.s_addr); + p->port = htons(ci.sin_port); /* This one will be overwritten later */ p->meta_socket = sfd; p->status.meta = 1; p->buffer = xmalloc(MAXBUFSIZE); @@ -1137,16 +1152,16 @@ cp */ void build_fdset(fd_set *fs) { - rbl_t *rbl; + avl_node_t *node; connection_t *p; cp FD_ZERO(fs); FD_SET(myself->socket, fs); - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->status.meta) FD_SET(p->meta_socket, fs); } @@ -1192,7 +1207,7 @@ cp if(!cl) { - syslog(LOG_WARNING, _("Received UDP packets on port %d from unknown source %lx:%d"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + syslog(LOG_WARNING, _("Received UDP packets on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); return 0; } @@ -1214,7 +1229,7 @@ void terminate_connection(connection_t *cl) { connection_t *p; subnet_t *subnet; - rbl_t *rbl; + avl_node_t *node, *next; cp if(cl->status.remove) return; @@ -1234,9 +1249,9 @@ cp (the connection that was dropped). */ if(cl->status.meta) - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->nexthop == cl && p != cl) terminate_connection(p); } @@ -1244,18 +1259,19 @@ cp /* Inform others of termination if it was still active */ if(cl->status.active) - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->status.meta && p->status.active && p!=cl) send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */ } /* Remove the associated subnets */ - RBL_FOREACH(cl->subnet_tree, rbl) + for(node = cl->subnet_tree->head; node; node = next) { - subnet = (subnet_t *)rbl->data; + next = node->next; + subnet = (subnet_t *)node->data; subnet_del(subnet); } @@ -1286,14 +1302,14 @@ cp void check_dead_connections(void) { time_t now; - rbl_t *rbl; + avl_node_t *node; connection_t *cl; cp now = time(NULL); - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - cl = (connection_t *)rbl->data; + cl = (connection_t *)node->data; if(cl->status.active && cl->status.meta) { if(cl->last_ping_time + timeout < now) @@ -1352,14 +1368,14 @@ cp void check_network_activity(fd_set *f) { connection_t *p; - rbl_t *rbl; + avl_node_t *node; cp if(FD_ISSET(myself->socket, f)) handle_incoming_vpn_data(); - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->status.remove) return; diff --git a/src/process.c b/src/process.c index 695f1f7e..01ca31e1 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.17 2000/11/28 08:59:27 zarq Exp $ + $Id: process.c,v 1.1.2.18 2001/01/05 23:53:51 guus Exp $ */ #include "config.h" @@ -159,6 +159,8 @@ cp /* If we succeeded in doing that, detach */ + closelog(); + if(do_detach) { if(daemon(0, 0) < 0) diff --git a/src/protocol.c b/src/protocol.c index 57814fdd..85a4047c 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.70 2000/12/22 21:34:24 guus Exp $ + $Id: protocol.c,v 1.28.4.71 2001/01/05 23:53:51 guus Exp $ */ #include "config.h" @@ -34,6 +34,7 @@ #include #include +#include #include @@ -193,10 +194,10 @@ cp int id_h(connection_t *cl) { connection_t *old; - config_t const *cfg; + unsigned short int port; char name[MAX_STRING_SIZE]; cp - if(sscanf(cl->buffer, "%*d "MAX_STRING" %d %lx %hd", name, &cl->protocol_version, &cl->options, &cl->port) != 4) + if(sscanf(cl->buffer, "%*d "MAX_STRING" %d %lx %hd", name, &cl->protocol_version, &cl->options, &port) != 4) { syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname); return -1; @@ -253,6 +254,12 @@ cp id_add(cl); + /* And uhr... cl->port just changed so we have to unlink it from the connection tree and re-insert... */ + + avl_unlink(connection_tree, cl); + cl->port = port; + avl_insert(connection_tree, cl); + /* Read in the public key, so that we can send a challenge */ if(read_rsa_public_key(cl)) @@ -283,7 +290,7 @@ cp RAND_bytes(cl->hischallenge, len); cl->hischallenge[0] &= 0x7F; /* Somehow if the first byte is more than 0xD0 or something like that, decryption fails... */ - +cp if(debug_lvl >= DEBUG_SCARY_THINGS) { bin2hex(cl->hischallenge, buffer, len); @@ -304,7 +311,7 @@ cp bin2hex(buffer, buffer, len); buffer[len*2] = '\0'; - +cp /* Send the challenge */ cl->allow_request = CHAL_REPLY; @@ -580,7 +587,7 @@ int ack_h(connection_t *cl) { connection_t *old, *p; subnet_t *subnet; - rbl_t *rbl, *rbl2; + avl_node_t *node, *node2; cp /* Okay, before we active the connection, we check if there is another entry in the connection list with the same name. If so, it presumably is an @@ -614,16 +621,16 @@ cp /* Send him our subnets */ - RBL_FOREACH(myself->subnet_tree, rbl) + for(node = myself->subnet_tree->head; node; node = node->next) { - subnet = (subnet_t *)rbl->data; + subnet = (subnet_t *)node->data; send_add_subnet(cl, subnet); } /* And send him all the hosts and their subnets we know... */ - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p != cl && p->status.active) { @@ -636,9 +643,9 @@ cp send_add_host(cl, p); - RBL_FOREACH(p->subnet_tree, rbl2) + for(node2 = p->subnet_tree->head; node2; node2 = node2->next) { - subnet = (subnet_t *)rbl2->data; + subnet = (subnet_t *)node2->data; send_add_subnet(cl, subnet); } } @@ -667,7 +674,7 @@ int add_subnet_h(connection_t *cl) char name[MAX_STRING_SIZE]; connection_t *owner, *p; subnet_t *subnet; - rbl_t *rbl; + avl_node_t *node; cp if(sscanf(cl->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) { @@ -716,9 +723,9 @@ cp /* Tell the rest */ - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->status.meta && p->status.active && p!= cl) send_add_subnet(p, subnet); } @@ -744,7 +751,7 @@ int del_subnet_h(connection_t *cl) char name[MAX_STRING_SIZE]; connection_t *owner, *p; subnet_t *subnet; - rbl_t *rbl; + avl_node_t *node; cp if(sscanf(cl->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 3) { @@ -795,9 +802,9 @@ cp /* Tell the rest */ - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->status.meta && p->status.active && p!= cl) send_del_subnet(p, subnet); } @@ -818,7 +825,7 @@ int add_host_h(connection_t *cl) { connection_t *old, *new, *p; char name[MAX_STRING_SIZE]; - rbl_t *rbl; + avl_node_t *node; cp new = new_connection(); @@ -881,9 +888,9 @@ cp /* Tell the rest about the new host */ - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->status.meta && p->status.active && p!=cl) send_add_host(p, new); } @@ -912,7 +919,7 @@ int del_host_h(connection_t *cl) port_t port; long int options; connection_t *old, *p; - rbl_t *rbl; + avl_node_t *node; cp if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%d %lx", name, &address, &port, &options) != 4) { @@ -963,9 +970,9 @@ cp /* Tell the rest about the new host */ - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p->status.meta && p->status.active && p!=cl) send_del_host(p, old); } @@ -1087,11 +1094,11 @@ cp int send_key_changed(connection_t *from, connection_t *cl) { connection_t *p; - rbl_t *rbl; + avl_node_t *node; cp - RBL_FOREACH(connection_tree, rbl) + for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)rbl->data; + p = (connection_t *)node->data; if(p != cl && p->status.meta && p->status.active) send_request(p, "%d %s", KEY_CHANGED, from->name); } diff --git a/src/route.c b/src/route.c index 46206654..8ff2e39c 100644 --- a/src/route.c +++ b/src/route.c @@ -17,87 +17,75 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.3 2000/11/20 19:12:17 guus Exp $ + $Id: route.c,v 1.1.2.4 2001/01/05 23:53:53 guus Exp $ */ #include "config.h" #include #include +#include #include "net.h" #include "connection.h" +#include "subnet.h" +#include "route.h" #include "system.h" -int routing_mode = 0; /* Will be used to determine if we route by MAC or by payload's protocol */ +int routing_mode = RMODE_ROUTER; /* Will be used to determine if we route by MAC or by payload's protocol */ -connection_t *route_packet(vpn_packet_t *packet) +connection_t *route_mac(connection_t *source, vpn_packet_t *packet) { - unsigned short type; + connection_t *oldsrc, *dst; + subnet_t *subnet; cp - type = ntohs(*((unsigned short*)(&packet.data[12]))) + /* Learn source address */ - if(routing_mode) + oldsrc = lookup_subnet_mac((mac_t *)(&packet->data[0]))->owner; + + if(!oldsrc) { - return route_mac(packet); + subnet = new_subnet(); + subnet->type = SUBNET_MAC; + memcpy(&subnet->net.mac.address, (mac_t *)(&packet->data[0]), sizeof(mac_t)); + subnet_add(source, subnet); } - switch(type) - { - case 0x0800: - return route_ipv4(packet); - case 0x86DD: - return route_ipv6(packet); -/* - case 0x8137: - return route_ipx(packet); - case 0x0806: - return route_arp(packet); -*/ - default: - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: unknown type %hx"), type); - } - return NULL; - } -} + /* FIXME: do ageing and roaming */ + + /* Lookup destination address */ + + dst = lookup_subnet_mac((mac_t *)(&packet->data[6]))->owner; -connection_t *route_mac(vpn_packet_t *packet) -{ - connection_t *cl; -cp - cl = lookup_subnet_mac((mac_t *)(&packet.data[6])); - if(!cl) + if(!dst) if(debug_lvl >= DEBUG_TRAFFIC) { syslog(LOG_WARNING, _("Cannot route packet: unknown destination address %x:%x:%x:%x:%x:%x"), - packet.data[6], - packet.data[7], - packet.data[8], - packet.data[9], - packet.data[10], - packet.data[11]); + packet->data[6], + packet->data[7], + packet->data[8], + packet->data[9], + packet->data[10], + packet->data[11]); } cp - return cl; + return dst; } - connection_t *route_ipv4(vpn_packet_t *packet) { ipv4_t dest; connection_t *cl; cp - dest = ntohl(*((unsigned long*)(&packet.data[30]); + dest = ntohl(*((unsigned long*)(&packet->data[30]))); - cl = lookup_subnet_ipv4(dest); + cl = lookup_subnet_ipv4(&dest)->owner; if(!cl) if(debug_lvl >= DEBUG_TRAFFIC) { syslog(LOG_WARNING, _("Cannot route packet: unknown destination address %d.%d.%d.%d"), - packet.data[30], packet.data[31], packet.data[32], packet.data[33]); + packet->data[30], packet->data[31], packet->data[32], packet->data[33]); } cp return cl; @@ -106,7 +94,48 @@ cp connection_t *route_ipv6(vpn_packet_t *packet) { cp - syslog(LOG_WARNING, _("Cannot route packet: IPv6 routing not implemented yet")); + if(debug_lvl > DEBUG_NOTHING) + { + syslog(LOG_WARNING, _("Cannot route packet: IPv6 routing not implemented yet")); + } cp return NULL; } + +connection_t *route_packet(connection_t *source, vpn_packet_t *packet) +{ + unsigned short int type; +cp + /* FIXME: multicast? */ + + switch(routing_mode) + { + case RMODE_HUB: + return broadcast; + + case RMODE_SWITCH: + return route_mac(source, packet); + + case RMODE_ROUTER: + type = ntohs(*((unsigned short*)(&packet->data[12]))); + switch(type) + { + case 0x0800: + return route_ipv4(packet); + case 0x86DD: + return route_ipv6(packet); + /* + case 0x8137: + return route_ipx(packet); + case 0x0806: + return route_arp(packet); + */ + default: + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_WARNING, _("Cannot route packet: unknown type %hx"), type); + } + return NULL; + } + } +} diff --git a/src/subnet.c b/src/subnet.c index 574e7a06..28a203dc 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.15 2000/11/24 23:13:06 guus Exp $ + $Id: subnet.c,v 1.1.2.16 2001/01/05 23:53:53 guus Exp $ */ #include "config.h" @@ -33,16 +33,16 @@ #include #include -#include +#include /* lists type of subnet */ -rbltree_t *subnet_tree; +avl_tree_t *subnet_tree; void init_subnets(void) { cp - subnet_tree = new_rbltree((rbl_compare_t)subnet_compare, (rbl_action_t)free_subnet); + subnet_tree = avl_alloc_tree((avl_compare_t)subnet_compare, (avl_action_t)free_subnet); cp } @@ -131,17 +131,17 @@ void subnet_add(connection_t *cl, subnet_t *subnet) { cp subnet->owner = cl; - rbl_insert(subnet_tree, subnet); - rbl_insert(cl->subnet_tree, subnet); + avl_insert(subnet_tree, subnet); + avl_insert(cl->subnet_tree, subnet); cp } void subnet_del(subnet_t *subnet) { cp - rbl_delete(subnet->owner->subnet_tree, subnet); + avl_delete(subnet->owner->subnet_tree, subnet); cp - rbl_delete(subnet_tree, subnet); + avl_delete(subnet_tree, subnet); cp } @@ -256,62 +256,59 @@ cp /* Subnet lookup routines */ -subnet_t *lookup_subnet_mac(mac_t address) +subnet_t *lookup_subnet_mac(mac_t *address) { subnet_t subnet, *p; cp subnet.type = SUBNET_MAC; - subnet.net.mac.address = address; + memcpy(&subnet.net.mac.address, address, sizeof(mac_t)); - p = (subnet_t *)rbl_search_closest(subnet_tree, &subnet); + p = (subnet_t *)avl_search(subnet_tree, &subnet); cp - if(p && !memcmp(&address, &p->net.mac.address, sizeof(mac_t))) - return p; - else - return NULL; + return p; } -subnet_t *lookup_subnet_ipv4(ipv4_t address) +subnet_t *lookup_subnet_ipv4(ipv4_t *address) { subnet_t subnet, *p; cp subnet.type = SUBNET_IPV4; - subnet.net.ipv4.address = address; + subnet.net.ipv4.address = *address; subnet.net.ipv4.mask = 0xFFFFFFFF; - p = (subnet_t *)rbl_search_closest_greater(subnet_tree, &subnet); + p = (subnet_t *)avl_search_closest_greater(subnet_tree, &subnet); /* Check if the found subnet REALLY matches */ cp - if(p && ((address & p->net.ipv4.mask) == p->net.ipv4.address)) + if(p && ((*address & p->net.ipv4.mask) == p->net.ipv4.address)) return p; else return NULL; } -subnet_t *lookup_subnet_ipv6(ipv6_t address) +subnet_t *lookup_subnet_ipv6(ipv6_t *address) { subnet_t subnet; cp subnet.type = SUBNET_IPV6; - subnet.net.ipv6.address = address; + memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); memset(&subnet.net.ipv6.mask, 0xFF, 16); /* FIXME: check if it REALLY matches */ - return (subnet_t *)rbl_search_closest(subnet_tree, &subnet); + return (subnet_t *)avl_search_closest_greater(subnet_tree, &subnet); } void dump_subnet_list(void) { char *netstr; subnet_t *subnet; - rbl_t *rbl; + avl_node_t *node; cp syslog(LOG_DEBUG, _("Subnet list:")); - RBL_FOREACH(subnet_tree, rbl) + for(node = subnet_tree->head; node; node = node->next) { - subnet = (subnet_t *)rbl->data; + subnet = (subnet_t *)node->data; netstr = net2str(subnet); syslog(LOG_DEBUG, " %s owner %s", netstr, subnet->owner->name); free(netstr); diff --git a/src/subnet.h b/src/subnet.h index 1aab681a..a572953c 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.7 2000/11/20 19:41:13 guus Exp $ + $Id: subnet.h,v 1.1.2.8 2001/01/05 23:53:53 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -83,9 +83,9 @@ extern void subnet_del(subnet_t *); extern char *net2str(subnet_t *); extern subnet_t *str2net(char *); extern int subnet_compare(subnet_t *, subnet_t *); -extern subnet_t *lookup_subnet_mac(mac_t); -extern subnet_t *lookup_subnet_ipv4(ipv4_t); -extern subnet_t *lookup_subnet_ipv6(ipv6_t); +extern subnet_t *lookup_subnet_mac(mac_t *); +extern subnet_t *lookup_subnet_ipv4(ipv4_t *); +extern subnet_t *lookup_subnet_ipv6(ipv6_t *); extern void dump_subnet_list(void); #endif /* __TINC_SUBNET_H__ */ diff --git a/src/tincd.c b/src/tincd.c index 3dbac7e3..535fdb32 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.38 2000/12/03 12:23:06 zarq Exp $ + $Id: tincd.c,v 1.10.4.39 2001/01/05 23:53:53 guus Exp $ */ #include "config.h" @@ -283,6 +283,8 @@ void make_names(void) int main(int argc, char **argv, char **envp) { + openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ + program_name = argv[0]; setlocale (LC_ALL, ""); @@ -322,9 +324,9 @@ main(int argc, char **argv, char **envp) make_names(); /* Slllluuuuuuurrrrp! */ - +cp RAND_load_file("/dev/urandom", 1024); - +cp if(generate_keys) exit(keygen(generate_keys)); @@ -333,10 +335,10 @@ main(int argc, char **argv, char **envp) if(read_server_config()) return 1; - +cp if(detach()) exit(0); - +cp if(debug_lvl >= DEBUG_ERROR) ERR_load_crypto_strings(); From 1398edec37336853bfca6ea3dcca7c402f102ea2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 6 Jan 2001 16:51:14 +0000 Subject: [PATCH 305/923] - Updated dutch translation. --- po/es.po | 1243 +++++++++++++++++++++++++++++++----------------------- po/nl.po | 536 +++++++++++------------ 2 files changed, 956 insertions(+), 823 deletions(-) diff --git a/po/es.po b/po/es.po index 23883ee5..87cd1ae1 100644 --- a/po/es.po +++ b/po/es.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2000-11-26 14:51+0000\n" +"POT-Creation-Date: 2001-01-06 17:41+0100\n" "PO-Revision-Date: 2000-11-26 15:20+0000\n" "Last-Translator: Enrique Zanardi \n" "Language-Team: Spanish \n" @@ -13,706 +13,748 @@ msgstr "" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: lib/getopt.c:681 -#, c-format -msgid "%s: option `%s' is ambiguous\n" -msgstr "%s: la opción `%s' es ambigua\n" +#: src/conf.c:238 +#, fuzzy, c-format +msgid "Cannot open config file %s: %m" +msgstr "¡No puedo abrir el fichero de configuración de `host' para mí!" -#: lib/getopt.c:705 -#, c-format -msgid "%s: option `--%s' doesn't allow an argument\n" -msgstr "%s: la opción `--%s' no lleva parámetros\n" - -#: lib/getopt.c:710 -#, c-format -msgid "%s: option `%c%s' doesn't allow an argument\n" -msgstr "%s: la opción `%c%s' no lleva parámetros\n" - -#: lib/getopt.c:727 lib/getopt.c:900 -#, c-format -msgid "%s: option `%s' requires an argument\n" -msgstr "%s: la opción `%s' requiere un parámetro\n" - -#. --option -#: lib/getopt.c:756 -#, c-format -msgid "%s: unrecognized option `--%s'\n" -msgstr "%s: opción desconocida `--%s'\n" - -#. +option or -option -#: lib/getopt.c:760 -#, c-format -msgid "%s: unrecognized option `%c%s'\n" -msgstr "%s: opción desconocida `%c%s'\n" - -#. 1003.2 specifies the format of this message. -#: lib/getopt.c:786 -#, c-format -msgid "%s: illegal option -- %c\n" -msgstr "%s: opción ilegal -- %c\n" - -#: lib/getopt.c:789 -#, c-format -msgid "%s: invalid option -- %c\n" -msgstr "%s: opción no válida --%c\n" - -#. 1003.2 specifies the format of this message. -#: lib/getopt.c:819 lib/getopt.c:949 -#, c-format -msgid "%s: option requires an argument -- %c\n" -msgstr "%s: la opción requiere un parámetro -- %c\n" - -#: lib/getopt.c:866 -#, c-format -msgid "%s: option `-W %s' is ambiguous\n" -msgstr "%s: la opción `-W %s' es ambigua\n" - -#: lib/getopt.c:884 -#, c-format -msgid "%s: option `-W %s' doesn't allow an argument\n" -msgstr "%s: la opción `-W %s' no lleva parámetros\n" - -#: lib/list.c:62 -#, c-format -msgid "List callback[delete] failed for %08lx - freeing anyway" -msgstr "" -"El callback[delete] de la lista falló para %08lx - liberándolo de todos modos" - -#. FIXME: describe -#: lib/xmalloc.c:69 -msgid "Memory exhausted" -msgstr "Memoria agotada" - -#: src/conf.c:164 -#, c-format -msgid "Line %d too long while reading config file %s" -msgstr "La línea %d es demasiado larga en el fichero de configuración %s" - -#: src/conf.c:180 -#, c-format -msgid "Invalid variable name on line %d while reading config file %s" +#: src/conf.c:274 +#, fuzzy, c-format +msgid "Invalid variable name `%s' on line %d while reading config file %s" msgstr "" "Nombre de variable no válido en la linea %d del fichero de configuración %s" -#: src/conf.c:187 -#, c-format -msgid "No value for variable on line %d while reading config file %s" +#: src/conf.c:281 +#, fuzzy, c-format +msgid "No value for variable `%s' on line %d while reading config file %s" msgstr "" "No hay valor para la variable en la linea %d del fichero de configuración %s" -#: src/conf.c:195 -#, c-format -msgid "Invalid value for variable on line %d while reading config file %s" +#: src/conf.c:289 +#, fuzzy, c-format +msgid "Invalid value for variable `%s' on line %d while reading config file %s" msgstr "" "Valor no válido para la variable en la linea %d del fichero de configuración " "%s" -#: src/encr.c:111 src/net.c:352 +#: src/conf.c:314 #, c-format -msgid "Could not open %s: %m" +msgid "Failed to read `%s': %m" +msgstr "" + +#: src/conf.c:361 src/conf.c:384 src/conf.c:404 +#, fuzzy, c-format +msgid "Couldn't stat `%s': %m" msgstr "No pude abrir %s: %m" -#: src/encr.c:118 +#: src/conf.c:376 #, c-format -msgid "Illegal passphrase in %s; size would be %d" -msgstr "Frase ilegal en %s; el tamaño debe ser %d" - -#: src/encr.c:155 -#, c-format -msgid "Generating %d bits keys" -msgstr "Generando claves de %d bits" - -#: src/encr.c:159 -#, c-format -msgid "Opening /dev/urandom failed: %m" -msgstr "Fallo al abrir /dev/urandom: %m" - -#: src/encr.c:224 -#, c-format -msgid "Encryption key set to %s" -msgstr "Clave de cifrado definida como %s" - -#: src/genauth.c:78 -#, c-format -msgid "Usage: %s bits\n" -msgstr "Modo de empleo: %s bits\n" - -#: src/genauth.c:89 -#, c-format -msgid "Illegal number: %s\n" -msgstr "Número ilegal: %s\n" - -#. Align to bytes for easy mallocing and reading -#: src/genauth.c:95 -#, c-format -msgid "Generating %d bits keys:\n" -msgstr "Generando claves de %d bits:\n" - -#: src/genauth.c:99 -msgid "Done.\n" -msgstr "Hecho.\n" - -#: src/genauth.c:101 -#, c-format -msgid "Public key: %s\n" -msgstr "Clave pública: %s\n" - -#: src/genauth.c:102 -#, c-format -msgid "Private key: %s\n" -msgstr "Clave privada: %s\n" - -#: src/net.c:107 -#, c-format -msgid "Sending packet of %d bytes to %s (%s)" -msgstr "Enviando paquete de %d bytes a %s (%s)" - -#: src/net.c:116 -#, c-format -msgid "Error sending packet to %s (%s): %m" -msgstr "Error enviando paquete a %s (%s): %m" - -#: src/net.c:130 -#, c-format -msgid "Receiving packet of %d bytes" -msgstr "Recibido paquete de %d bytes" - -#: src/net.c:143 -#, c-format -msgid "Can't write to tap device: %m" -msgstr "No puedo escribir en el dispositivo tap: %m" - -#: src/net.c:243 -msgid "Queue flushed" -msgstr "Cola vaciada" - -#: src/net.c:258 -#, c-format -msgid "Flushing send queue for %s (%s)" -msgstr "Vaciando la cola de envíos para %s (%s)" - -#: src/net.c:266 -#, c-format -msgid "Flushing receive queue for %s (%s)" -msgstr "Vaciando la cola de recepción para %s (%s)" - -#: src/net.c:284 -#, c-format -msgid "Trying to look up %d.%d.%d.%d in connection list failed!" -msgstr "¡Error intentando buscar %d.%d.%d.%d en la lista de conexiones!" - -#: src/net.c:298 -#, c-format -msgid "Could not open UDP connection to %s (%s)" -msgstr "No pude abrir una conexión UDP a %s (%s)" - -#: src/net.c:306 -#, c-format -msgid "No valid key known yet for %s (%s), queueing packet" +msgid "`%s' is not an absolute path" msgstr "" -"No conozco ninguna clave válida para %s (%s) aún, pongo el paquete en cola" -#: src/net.c:317 +#: src/conf.c:390 src/conf.c:412 #, c-format -msgid "%s (%s) is not ready, queueing packet" -msgstr "%s (%s) no está listo, poniendo el paquete en cola" +msgid "`%s' is owned by UID %d instead of %d" +msgstr "" -#: src/net.c:370 +#: src/conf.c:396 src/conf.c:418 #, c-format -msgid "%s is a new style tun/tap device" -msgstr "%s es un dispositivo tun/tap del nuevo estilo" +msgid "Warning: `%s' is a symlink" +msgstr "" -#: src/net.c:373 -msgid "tun/tap device will be left unconfigured" -msgstr "el dispositivo tun/tap se dejará sin configurar" - -#: src/net.c:396 +#. Accessible by others +#: src/conf.c:425 #, c-format -msgid "Creating metasocket failed: %m" -msgstr "Fallo al crear el metasocket: %m" +msgid "`%s' has unsecure permissions" +msgstr "" -#: src/net.c:402 src/net.c:408 src/net.c:470 +#. Ask for a file and/or directory name. +#: src/conf.c:451 #, c-format -msgid "setsockopt: %m" -msgstr "setsockopt(): %m" +msgid "Please enter a file to save %s to [%s]: " +msgstr "" -#: src/net.c:415 src/net.c:477 -#, c-format -msgid "fcntl: %m" -msgstr "fcntl(): %m" +#: src/conf.c:457 +#, fuzzy, c-format +msgid "Error while reading stdin: %m\n" +msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:423 -#, c-format -msgid "Unable to bind listen socket to interface %s: %m" -msgstr "No puedo enlazar (bind) el `socket' de escucha a la interfaz %s: %m" - -#: src/net.c:439 -#, c-format -msgid "Can't bind to port %hd/tcp: %m" -msgstr "No puedo enlazar (bind) al puerto %hd/tcp: %m" - -#: src/net.c:445 -#, c-format -msgid "listen: %m" -msgstr "listen(): %m" - -#: src/net.c:464 -#, c-format -msgid "Creating socket failed: %m" -msgstr "Error al crear el `socket': %m" - -#: src/net.c:488 -#, c-format -msgid "Can't bind to port %hd/udp: %m" -msgstr "No puedo enlazar (bind) al puerto %hd/udp: %m" - -#: src/net.c:505 -#, c-format -msgid "Trying to connect to %s" -msgstr "Intentando conectar con %s" - -#: src/net.c:515 -#, c-format -msgid "Creating socket for %s port %d failed: %m" -msgstr "Error al crear el `socket' para %s puerto %d: %m" - -#: src/net.c:526 -#, c-format -msgid "%s port %hd: %m" -msgstr "%s puerto %hd: %m" - -#: src/net.c:533 -#, c-format -msgid "fcntl for %s port %d: %m" -msgstr "fcntl() para %s puerto %d: %m" - -#: src/net.c:539 -#, c-format -msgid "Connected to %s port %hd" -msgstr "Conectado a %s puerto %hd" - -#: src/net.c:562 -msgid "Invalid name for outgoing connection" -msgstr "Nombre no válido para conexión saliente" - -#: src/net.c:571 -#, c-format -msgid "Error reading host configuration file for %s" -msgstr "Error leyendo el fichero de configuración del `host' para %s" - -#: src/net.c:578 -#, c-format -msgid "No address specified for %s" -msgstr "No se especificó dirección para %s" - -#: src/net.c:585 -#, c-format -msgid "Error looking up `%s': %m" +#: src/conf.c:496 +#, fuzzy, c-format +msgid "Error opening file `%s': %m\n" msgstr "Error buscando `%s': %m" -#: src/net.c:595 +#: src/conf.c:506 #, c-format -msgid "Could not set up a meta connection to %s" -msgstr "No he podido configurar una meta conexión a %s" +msgid "" +"The file `%s' (or any of the leading directories) has unsafe permissions.\n" +"I will not create or overwrite this file.\n" +msgstr "" -#: src/net.c:629 -msgid "Name for tinc daemon required!" -msgstr "¡Se requiere un nombre para el demonio tinc!" +#: src/connection.c:191 +#, fuzzy +msgid "Connection list:" +msgstr "Conexión desde %s puerto %d" -#: src/net.c:637 -msgid "Invalid name for myself!" -msgstr "¡Nombre no válido para mí!" - -#: src/net.c:643 -msgid "Cannot open host configuration file for myself!" -msgstr "¡No puedo abrir el fichero de configuración de `host' para mí!" - -#: src/net.c:662 -msgid "Unable to set up a listening socket!" -msgstr "¡No puedo configurar un `socket' a la escucha!" - -#: src/net.c:668 -msgid "Unable to set up an incoming vpn data socket!" -msgstr "¡No puedo configurar un `socket' para recibir datos de la vpn!" - -#: src/net.c:675 +#: src/connection.c:193 src/connection.c:200 #, c-format -msgid "Ready: listening on port %hd" -msgstr "Listo: escuchando en el puerto %hd" +msgid " %s at %s port %hd flags %d sockets %d, %d status %04x" +msgstr "" -#: src/net.c:706 -#, c-format -msgid "Still failed to connect to other, will retry in %d seconds" -msgstr "Sigo sin poder conectar con el otro, lo reintentaré en %d segundos." +#: src/connection.c:205 +#, fuzzy +msgid "End of connection list." +msgstr "Intentando conectar con %s" -#: src/net.c:744 -#, c-format -msgid "Trying to re-establish outgoing connection in %d seconds" -msgstr "Intento re-establecer la conexión saliente en %d segundos" +#: src/meta.c:53 +#, fuzzy, c-format +msgid "Sending %d bytes of metadata to %s (%s): %s" +msgstr "Enviando paquete de %d bytes a %s (%s)" -#: src/net.c:782 -msgid "Terminating" -msgstr "Terminando" +#: src/meta.c:69 +#, fuzzy, c-format +msgid "Sending meta data to %s (%s) failed: %m" +msgstr "Error enviando paquete a %s (%s): %m" -#: src/net.c:796 -#, c-format -msgid "Opening UDP socket to %s" -msgstr "Abriendo `socket' UDP a %s" - -#: src/net.c:801 -#, c-format -msgid "Creating UDP socket failed: %m" -msgstr "Error al crear el `socket' UDP: %m" - -#: src/net.c:811 -#, c-format -msgid "Connecting to %s port %d failed: %m" -msgstr "Error al conectar a %s puerto %d: %m" - -#: src/net.c:819 +#: src/meta.c:100 src/net.c:1101 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Esto es un `bug': %s:%d: %d:%m %s (%s)" -#: src/net.c:844 -#, c-format -msgid "Error: getpeername: %m" -msgstr "Error: getpeername(): %m" +#: src/meta.c:106 +#, fuzzy, c-format +msgid "Metadata socket error for %s (%s): %s" +msgstr "Error en el `socket' de datos salientes para %s (%s): %s" -#: src/net.c:859 +#: src/meta.c:125 +#, fuzzy, c-format +msgid "Connection closed by %s (%s)" +msgstr "Cerrando conexión con %s (%s)" + +#: src/meta.c:129 +#, fuzzy, c-format +msgid "Metadata socket read error for %s (%s): %m" +msgstr "Error en el `socket' de datos salientes para %s (%s): %s" + +#: src/meta.c:159 +#, fuzzy, c-format +msgid "Got request from %s (%s): %s" +msgstr "Petición desconocida desde %s (%s)" + +#: src/meta.c:177 +#, fuzzy, c-format +msgid "Metadata read buffer overflow for %s (%s)" +msgstr "Desbordamiento del bufer de salida mientras enviaba %s a %s (%s)" + +#: src/net.c:128 +#, c-format +msgid "Sending packet of %d bytes to %s (%s)" +msgstr "Enviando paquete de %d bytes a %s (%s)" + +#: src/net.c:139 +#, c-format +msgid "Error sending packet to %s (%s): %m" +msgstr "Error enviando paquete a %s (%s): %m" + +#: src/net.c:168 +#, fuzzy, c-format +msgid "Writing packet of %d bytes to tap device" +msgstr "Enviando paquete de %d bytes a %s (%s)" + +#: src/net.c:178 +#, fuzzy, c-format +msgid "Can't write to tun/tap device: %m" +msgstr "No puedo escribir en el dispositivo tap: %m" + +#: src/net.c:185 +#, fuzzy, c-format +msgid "Can't write to ethertap device: %m" +msgstr "No puedo escribir en el dispositivo tap: %m" + +#: src/net.c:286 +msgid "Queue flushed" +msgstr "Cola vaciada" + +#: src/net.c:301 +#, c-format +msgid "Flushing send queue for %s (%s)" +msgstr "Vaciando la cola de envíos para %s (%s)" + +#: src/net.c:309 +#, c-format +msgid "Flushing receive queue for %s (%s)" +msgstr "Vaciando la cola de recepción para %s (%s)" + +#: src/net.c:328 +#, c-format +msgid "Trying to look up %d.%d.%d.%d in connection list failed!" +msgstr "¡Error intentando buscar %d.%d.%d.%d en la lista de conexiones!" + +#: src/net.c:341 +#, c-format +msgid "Packet with destination %d.%d.%d.%d is looping back to us!" +msgstr "" + +#: src/net.c:417 +#, c-format +msgid "Could not open %s: %m" +msgstr "No pude abrir %s: %m" + +#: src/net.c:446 +#, c-format +msgid "%s is a new style tun/tap device" +msgstr "%s es un dispositivo tun/tap del nuevo estilo" + +#: src/net.c:471 +#, c-format +msgid "Creating metasocket failed: %m" +msgstr "Fallo al crear el metasocket: %m" + +#: src/net.c:478 src/net.c:486 src/net.c:495 src/net.c:529 src/net.c:557 +#: src/net.c:566 src/net.c:620 src/net.c:1059 src/net.c:1068 src/net.c:1126 +#, c-format +msgid "System call `%s' failed: %m" +msgstr "" + +#: src/net.c:505 +#, c-format +msgid "Unable to bind listen socket to interface %s: %m" +msgstr "No puedo enlazar (bind) el `socket' de escucha a la interfaz %s: %m" + +#: src/net.c:522 +#, c-format +msgid "Can't bind to port %hd/tcp: %m" +msgstr "No puedo enlazar (bind) al puerto %hd/tcp: %m" + +#: src/net.c:550 +#, c-format +msgid "Creating socket failed: %m" +msgstr "Error al crear el `socket': %m" + +#: src/net.c:579 src/net.c:1081 +#, c-format +msgid "Can't bind to port %hd/udp: %m" +msgstr "No puedo enlazar (bind) al puerto %hd/udp: %m" + +#: src/net.c:596 +#, c-format +msgid "Trying to connect to %s" +msgstr "Intentando conectar con %s" + +#: src/net.c:606 +#, c-format +msgid "Creating socket for %s port %d failed: %m" +msgstr "Error al crear el `socket' para %s puerto %d: %m" + +#: src/net.c:631 +#, c-format +msgid "%s port %hd: %m" +msgstr "%s puerto %hd: %m" + +#: src/net.c:639 +#, c-format +msgid "fcntl for %s port %d: %m" +msgstr "fcntl() para %s puerto %d: %m" + +#: src/net.c:645 +#, c-format +msgid "Connected to %s port %hd" +msgstr "Conectado a %s puerto %hd" + +#: src/net.c:664 +msgid "Invalid name for outgoing connection" +msgstr "Nombre no válido para conexión saliente" + +#: src/net.c:673 +#, c-format +msgid "Error reading host configuration file for %s" +msgstr "Error leyendo el fichero de configuración del `host' para %s" + +#: src/net.c:680 +#, c-format +msgid "No address specified for %s" +msgstr "No se especificó dirección para %s" + +#: src/net.c:687 +#, c-format +msgid "Error looking up `%s': %m" +msgstr "Error buscando `%s': %m" + +#: src/net.c:697 +#, c-format +msgid "Could not set up a meta connection to %s" +msgstr "No he podido configurar una meta conexión a %s" + +#: src/net.c:735 +#, fuzzy, c-format +msgid "Error reading RSA public key file `%s': %m" +msgstr "Error enviando paquete a %s (%s): %m" + +#: src/net.c:743 +#, fuzzy, c-format +msgid "Reading RSA public key file `%s' failed: %m" +msgstr "Error recibiendo paquete: %m" + +#: src/net.c:753 +#, c-format +msgid "No public key for %s specified!" +msgstr "" + +#: src/net.c:778 +#, fuzzy, c-format +msgid "Error reading RSA private key file `%s': %m" +msgstr "Error enviando paquete a %s (%s): %m" + +#: src/net.c:786 +#, c-format +msgid "Reading RSA private key file `%s' failed: %m" +msgstr "" + +#: src/net.c:793 +#, fuzzy +msgid "No private key for tinc daemon specified!" +msgstr "¡Se requiere un nombre para el demonio tinc!" + +#: src/net.c:817 +msgid "Name for tinc daemon required!" +msgstr "¡Se requiere un nombre para el demonio tinc!" + +#: src/net.c:825 +msgid "Invalid name for myself!" +msgstr "¡Nombre no válido para mí!" + +#: src/net.c:834 +msgid "Cannot open host configuration file for myself!" +msgstr "¡No puedo abrir el fichero de configuración de `host' para mí!" + +#: src/net.c:875 +msgid "Network address and subnet mask do not match!" +msgstr "" + +#: src/net.c:884 +#, fuzzy +msgid "Unable to set up a listening TCP socket!" +msgstr "¡No puedo configurar un `socket' a la escucha!" + +#: src/net.c:890 +#, fuzzy +msgid "Unable to set up a listening UDP socket!" +msgstr "¡No puedo configurar un `socket' a la escucha!" + +#: src/net.c:914 +#, c-format +msgid "Ready: listening on port %hd" +msgstr "Listo: escuchando en el puerto %hd" + +#: src/net.c:946 +#, c-format +msgid "Still failed to connect to other, will retry in %d seconds" +msgstr "Sigo sin poder conectar con el otro, lo reintentaré en %d segundos." + +#: src/net.c:997 +#, c-format +msgid "Trying to re-establish outgoing connection in %d seconds" +msgstr "Intento re-establecer la conexión saliente en %d segundos" + +#: src/net.c:1047 +#, c-format +msgid "Opening UDP socket to %s" +msgstr "Abriendo `socket' UDP a %s" + +#: src/net.c:1052 +#, c-format +msgid "Creating UDP socket failed: %m" +msgstr "Error al crear el `socket' UDP: %m" + +#: src/net.c:1092 +#, c-format +msgid "Connecting to %s port %d failed: %m" +msgstr "Error al conectar a %s puerto %d: %m" + +#: src/net.c:1142 #, c-format msgid "Connection from %s port %d" msgstr "Conexión desde %s puerto %d" -#: src/net.c:903 +#: src/net.c:1190 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Esto es un `bug': %s:%d: %d:%m" -#: src/net.c:909 +#: src/net.c:1196 #, c-format msgid "Incoming data socket error: %s" msgstr "Error en el `socket' de recepción de datos: %s" -#: src/net.c:915 +#: src/net.c:1202 #, c-format msgid "Receiving packet failed: %m" msgstr "Error recibiendo paquete: %m" -#: src/net.c:936 +#: src/net.c:1210 +#, c-format +msgid "Received UDP packets on port %hd from unknown source %x:%hd" +msgstr "" + +#: src/net.c:1216 +#, fuzzy, c-format +msgid "Received packet of %d bytes from %s (%s)" +msgstr "Enviando paquete de %d bytes a %s (%s)" + +#: src/net.c:1240 #, c-format msgid "Closing connection with %s (%s)" msgstr "Cerrando conexión con %s (%s)" -#: src/net.c:979 +#: src/net.c:1285 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:1009 +#: src/net.c:1320 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) no respondió al PING" -#: src/net.c:1040 +#: src/net.c:1347 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Error al aceptar una nueva conexión: %m" -#: src/net.c:1048 +#: src/net.c:1355 msgid "Closed attempted connection" msgstr "Se ha cerrado la conexión que se intentaba realizar." -#: src/net.c:1083 -#, c-format -msgid "Outgoing data socket error for %s (%s): %s" -msgstr "Error en el `socket' de datos salientes para %s (%s): %s" - -#: src/net.c:1122 src/net.c:1131 -#, c-format -msgid "Error while reading from tapdevice: %m" +#: src/net.c:1410 +#, fuzzy, c-format +msgid "Error while reading from tun/tap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1143 -#, c-format -msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" -msgstr "Trama ethernet no-IP %04x desde %02x:%02x:%02x:%02x:%02x:%02x" +#: src/net.c:1419 +#, fuzzy, c-format +msgid "Error while reading from ethertap device: %m" +msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1150 -#, c-format -msgid "Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x" -msgstr "Ignorando paquete corto desde %02x:%02x:%02x:%02x:%02x:%02x" +#: src/net.c:1430 +msgid "Received short packet from tap device" +msgstr "" -#: src/net.c:1185 +#: src/net.c:1436 +#, c-format +msgid "Read packet of length %d from tap device" +msgstr "" + +#: src/net.c:1468 #, c-format msgid "Error while waiting for input: %m" msgstr "Error esperando entrada: %m" +#: src/net.c:1475 +#, fuzzy +msgid "Rereading configuration file and restarting in 5 seconds" +msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." + +#: src/net.c:1482 +#, fuzzy +msgid "Unable to reread configuration file, exiting" +msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." + +#: src/net.c:1508 +#, fuzzy +msgid "Regenerating symmetric key" +msgstr "Generando claves de %d bits" + #: src/netutl.c:115 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Error buscando `%s': %s\n" -#: src/protocol.c:80 +#: src/protocol.c:101 #, c-format msgid "Output buffer overflow while sending %s to %s (%s)" msgstr "Desbordamiento del bufer de salida mientras enviaba %s a %s (%s)" -#: src/protocol.c:87 +#: src/protocol.c:108 #, c-format msgid "Sending %s to %s (%s)" msgstr "Enviando %s a %s (%s)" -#: src/protocol.c:101 +#: src/protocol.c:122 #, c-format msgid "Unknown request from %s (%s)" msgstr "Petición desconocida desde %s (%s)" -#: src/protocol.c:108 +#: src/protocol.c:129 #, c-format msgid "Got %s from %s (%s)" msgstr "He recibido %s desde %s (%s)" -#: src/protocol.c:114 +#: src/protocol.c:135 +#, fuzzy, c-format +msgid "Unauthorized request from %s (%s)" +msgstr "Petición desconocida desde %s (%s)" + +#: src/protocol.c:142 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Error al procesar %s desde %s (%s)" -#: src/protocol.c:121 +#: src/protocol.c:149 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Se han recibido datos sin sentido desde %s (%s)." -#: src/protocol.c:169 +#: src/protocol.c:203 #, c-format msgid "Got bad ID from %s" msgstr "Recibí una ID incorrecta desde %s" -#: src/protocol.c:177 +#: src/protocol.c:211 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "La máquina remota %s (%s) usa una versión (%d) incompatible." -#: src/protocol.c:186 +#: src/protocol.c:220 #, c-format msgid "Peer %s uses invalid identity name" msgstr "La máquina remota %s usa un nombre de identidad no válido" -#: src/protocol.c:194 +#: src/protocol.c:232 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "La máquina remota %s tiene una identidad desconocida (%s)" -#: src/protocol.c:209 +#: src/protocol.c:246 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "El enlace %s (%s) ya está en nuestra lista de conexiones." -#: src/protocol.c:251 +#: src/protocol.c:299 +#, c-format +msgid "Generated random challenge (unencrypted): %s" +msgstr "" + +#: src/protocol.c:306 src/protocol.c:359 +#, fuzzy, c-format +msgid "Error during encryption of challenge for %s (%s)" +msgstr "Error leyendo el fichero de configuración del `host' para %s" + +#: src/protocol.c:332 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Recibí CHALLENGE incorrecta desde %s (%s)" -#: src/protocol.c:259 +#: src/protocol.c:342 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" -#: src/protocol.c:285 +#: src/protocol.c:367 +#, c-format +msgid "Received random challenge (unencrypted): %s" +msgstr "" + +#: src/protocol.c:381 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Intento enviar CHAL_REPLY a %s (%s) sin un CHALLENGE válido" -#: src/protocol.c:316 +#: src/protocol.c:412 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Recibí CHAL_REPLY incorrecta desde %s (%s)" -#: src/protocol.c:325 +#: src/protocol.c:420 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Intruso: longitud de respuesta de desafío incorrecta desde %s (%s)" -#: src/protocol.c:342 +#: src/protocol.c:436 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Intruso: respuesta de desafío incorrecta desde %s (%s)" -#: src/protocol.c:380 +#: src/protocol.c:441 +#, c-format +msgid "Expected challenge reply: %s" +msgstr "" + +#: src/protocol.c:485 +#, c-format +msgid "Generated random meta key (unencrypted): %s" +msgstr "" + +#: src/protocol.c:492 src/protocol.c:554 +#, fuzzy, c-format +msgid "Error during encryption of meta key for %s (%s)" +msgstr "Error enviando paquete a %s (%s): %m" + +#: src/protocol.c:524 +#, fuzzy, c-format +msgid "Got bad METAKEY from %s (%s)" +msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" + +#: src/protocol.c:534 +#, fuzzy, c-format +msgid "Intruder: wrong meta key length from %s (%s)" +msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" + +#: src/protocol.c:562 +#, c-format +msgid "Received random meta key (unencrypted): %s" +msgstr "" + +#: src/protocol.c:601 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Eliminando el registro viejo para %s en %s en favor de la nueva conexión " "desde %s" -#: src/protocol.c:392 +#: src/protocol.c:617 #, c-format msgid "Connection with %s (%s) activated" msgstr "Activada la conexión con %s (%s)." -#: src/protocol.c:432 +#: src/protocol.c:682 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s)" -#: src/protocol.c:441 +#: src/protocol.c:690 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "" "Recibí ADD_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:450 +#: src/protocol.c:698 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s): cadena de subred no válida" -#: src/protocol.c:461 +#: src/protocol.c:706 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "" "Aviso: recibí ADD_SUBNET desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:472 +#: src/protocol.c:716 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Recibí ADD_SUBNET para %s desde %s (%s) que no está en nuestra lista de " "conexiones" -#: src/protocol.c:500 +#: src/protocol.c:759 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s)" -#: src/protocol.c:509 +#: src/protocol.c:767 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "" "Recibí DEL_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:518 +#: src/protocol.c:775 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s): cadena de subred no válida" -#: src/protocol.c:529 +#: src/protocol.c:785 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "" "Aviso: recibí DEL_SUBNET desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:540 +#: src/protocol.c:795 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Recibí DEL_SUBNET para %s desde %s (%s) que no está en nuestra lista de " "conexiones" -#: src/protocol.c:571 +#: src/protocol.c:835 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Recibí ADD_HOST incorrecta desde %s (%s)" -#: src/protocol.c:579 +#: src/protocol.c:843 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "" "Recibí ADD_HOST incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:588 +#: src/protocol.c:852 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Aviso: recibí ADD_HOST desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:598 -#, c-format -msgid "Warning: got ADD_HOST from %s (%s) from ourself, restarting" -msgstr "Aviso: recibí ADD_HOST desde %s (%s) de nosotros mismos, reiniciando" - -#: src/protocol.c:608 -#, c-format -msgid "" -"Got ADD_HOST from %s (%s) with origin %s which is not in our connection list" -msgstr "" -"Recibí ADD_HOST desde %s (%s) con origen %s que no está en nuestra lista de " -"conexiones" - -#: src/protocol.c:627 +#: src/protocol.c:869 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Recibí un ADD_HOST duplicado desde %s (%s) para %s (%s)" -#: src/protocol.c:634 -#, c-format -msgid "Removing old entry for %s (%s)" -msgstr "Eliminando el registro viejo para %s (%s)" +#: src/protocol.c:877 +#, fuzzy, c-format +msgid "Removing old entry for %s (%s) in favour of new connection" +msgstr "" +"Eliminando el registro viejo para %s en %s en favor de la nueva conexión " +"desde %s" -#: src/protocol.c:677 +#: src/protocol.c:927 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Recibí DEL_HOST incorrecta desde %s (%s)" -#: src/protocol.c:686 +#: src/protocol.c:936 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "" "Recibí DEL_HOST incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:695 +#: src/protocol.c:944 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Aviso: recibí DEL_HOST desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:706 -#, c-format -msgid "Warning: got DEL_HOST from %s (%s) from ourself, restarting" -msgstr "Aviso: recibí DEL_HOST desde %s (%s) de nosotros mismos, reiniciando" - -#: src/protocol.c:716 -#, c-format -msgid "" -"Got DEL_HOST from %s (%s) with origin %s which is not in our connection list" -msgstr "" -"Recibí DEL_HOST desde %s (%s) con origen %s que no está en nuestra lista de " -"conexiones" - -#: src/protocol.c:728 +#: src/protocol.c:954 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Recibí DEL_HOST desde %s (%s) para %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:738 +#: src/protocol.c:963 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Recibí DEL_HOST desde %s (%s) para %s que no concuerda" -#: src/protocol.c:770 +#: src/protocol.c:1002 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Recibí STATUS incorrecta desde %s (%s)" -#: src/protocol.c:777 +#: src/protocol.c:1009 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Mensaje de status desde %s (%s): %s: %s" -#: src/protocol.c:801 +#: src/protocol.c:1032 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Recibí ERROR incorrecta desde %s (%s)" -#: src/protocol.c:808 +#: src/protocol.c:1039 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Mensaje de error desde %s (%s): %s: %s" -#: src/protocol.c:886 +#: src/protocol.c:1117 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Recibí KEY_CHANGED incorrecto desde %s (%s)" -#: src/protocol.c:893 +#: src/protocol.c:1124 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -721,12 +763,12 @@ msgstr "" "Recibí KEY_CHANGED desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:923 +#: src/protocol.c:1153 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" -#: src/protocol.c:930 +#: src/protocol.c:1160 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -735,7 +777,7 @@ msgstr "" "Recibí REQ_KEY desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:946 +#: src/protocol.c:1177 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -744,12 +786,12 @@ msgstr "" "Recibí REQ_KEY desde %s (%s) destino %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:974 +#: src/protocol.c:1213 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Recibí ANS_KEY incorrecta desde %s (%s)" -#: src/protocol.c:981 +#: src/protocol.c:1220 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -758,12 +800,12 @@ msgstr "" "Recibí ANS_KEY desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:997 -#, c-format -msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key" +#: src/protocol.c:1231 +#, fuzzy, c-format +msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "Recibí ANS_KEY incorrecta desde %s (%s) origen %s: clave no válida" -#: src/protocol.c:1010 +#: src/protocol.c:1242 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -772,12 +814,30 @@ msgstr "" "Recibí ANS_KEY desde %s (%s) destino %s que no está en nuestra lista de " "conexiones" -#: src/tincd.c:94 +#: src/subnet.c:108 +#, c-format +msgid "subnet_compare() was called with unknown subnet type %d, restarting!" +msgstr "" + +#. Do some intl stuff right now +#: src/subnet.c:251 src/tincd.c:296 +msgid "unknown" +msgstr "desconocido" + +#: src/subnet.c:308 +msgid "Subnet list:" +msgstr "" + +#: src/subnet.c:316 +msgid "End of subnet list." +msgstr "" + +#: src/tincd.c:119 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Pruebe `%s --help' para más información.\n" -#: src/tincd.c:97 +#: src/tincd.c:122 #, c-format msgid "" "Usage: %s [option]...\n" @@ -786,14 +846,14 @@ msgstr "" "Modo de empleo: %s [opción]...\n" "\n" -#: src/tincd.c:98 +#: src/tincd.c:123 +#, fuzzy msgid "" -" -c, --config=DIR Read configuration options from DIR.\n" -" -D, --no-detach Don't fork and detach.\n" -" -d Increase debug level.\n" -" -k, --kill Attempt to kill a running tincd and exit.\n" -" -n, --net=NETNAME Connect to net NETNAME.\n" -" -t, --timeout=TIMEOUT Seconds to wait before giving a timeout.\n" +" -c, --config=DIR Read configuration options from DIR.\n" +" -D, --no-detach Don't fork and detach.\n" +" -d Increase debug level.\n" +" -k, --kill Attempt to kill a running tincd and exit.\n" +" -n, --net=NETNAME Connect to net NETNAME.\n" msgstr "" " -c, --config=DIR Lee opciones de configuración del directorio DIR.\n" " -D, --no-detach No hagas fork() y liberes la terminal.\n" @@ -802,82 +862,61 @@ msgstr "" " -n, --net=NOMBREDERED Conecta a la red NOMBREDERED.\n" " -t, --timeout=TIMEOUT Segundos a esperar antes de dar un timeout.\n" -#: src/tincd.c:104 +#: src/tincd.c:128 +#, fuzzy msgid "" -" --help Display this help and exit.\n" -" --version Output version information and exit.\n" +" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" +" --help Display this help and exit.\n" +" --version Output version information and exit.\n" "\n" msgstr "" " --help Muestra esta ayuda y termina.\n" " --version Muestra información de la versión y termina.\n" "\n" -#: src/tincd.c:106 +#: src/tincd.c:131 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "Comunicar `bugs' a tinc@nl.linux.org.\n" -#: src/tincd.c:144 +#: src/tincd.c:174 #, c-format -msgid "Invalid timeout value `%s'.\n" -msgstr "Valor de timeout `%s' no válido.\n" - -#: src/tincd.c:158 -#, c-format -msgid "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." +msgid "" +"Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" msgstr "" -"Memoria agotada (la última es %s:%d) (no pude asignar %d bytes), terminando." -#: src/tincd.c:213 +#: src/tincd.c:233 #, c-format -msgid "tincd %s (%s %s) starting, debug level %d" -msgstr "tincd %s (%s %s) comenzando, nivel de depuración %d." +msgid "Generating %d bits keys:\n" +msgstr "Generando claves de %d bits:\n" -#: src/tincd.c:216 -#, c-format -msgid "tincd %s starting" -msgstr "tincd %s comenzando" - -#: src/tincd.c:231 -#, c-format -msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" +#: src/tincd.c:237 +msgid "Error during key generation!" msgstr "" -"Total de bytes escritos: tap %d, socket %d; bytes leidos: tap %d, socket %d." -#: src/tincd.c:249 -#, c-format -msgid "A tincd is already running for net `%s' with pid %d.\n" +#: src/tincd.c:241 +msgid "Done.\n" +msgstr "Hecho.\n" + +#: src/tincd.c:243 +#, fuzzy +msgid "public RSA key" +msgstr "Clave pública: %s\n" + +#: src/tincd.c:248 +#, fuzzy +msgid "private RSA key" +msgstr "Clave privada: %s\n" + +#: src/tincd.c:268 +msgid "Both netname and configuration directory given, using the latter...\n" msgstr "" -"Un tincd está actualmente en ejecución para la red `%s' con el pid %d.\n" -#: src/tincd.c:252 -#, c-format -msgid "A tincd is already running with pid %d.\n" -msgstr "Un tincd está actualmente en ejecución con el pid %d.\n" - -#: src/tincd.c:273 -#, c-format -msgid "No other tincd is running for net `%s'.\n" -msgstr "No hay ningún otro tincd en ejecución para la red `%s'.\n" - -#: src/tincd.c:275 -msgid "No other tincd is running.\n" -msgstr "No hay ningún otro tincd en ejecución.\n" - -#: src/tincd.c:282 -msgid "Removing stale lock file.\n" -msgstr "Borrando fichero de bloqueo en desuso.\n" - -#. Do some intl stuff right now -#: src/tincd.c:325 -msgid "unknown" -msgstr "desconocido" - -#: src/tincd.c:331 +#: src/tincd.c:303 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versión %s (compilado %s %s, protocolo %d)\n" -#: src/tincd.c:332 +#: src/tincd.c:304 msgid "" "Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -893,57 +932,201 @@ msgstr "" "y puede ser redistribuido bajo ciertas condiciones;\n" "vea el fichero COPYING para los detalles.\n" -#: src/tincd.c:346 +#: src/tincd.c:318 msgid "You must be root to run this program. Sorry.\n" msgstr "" "Usted debe ser el superusuario para ejecutar este programa. Lo siento.\n" -#: src/tincd.c:377 +#: src/tincd.c:353 msgid "Unrecoverable error" msgstr "Error irrecuperable" -#: src/tincd.c:382 +#: src/tincd.c:358 #, c-format msgid "Restarting in %d seconds!" msgstr "¡Reiniciando en %d segundos!" -#: src/tincd.c:387 src/tincd.c:433 -msgid "Aieee! Not restarting." +#: src/tincd.c:363 +#, fuzzy +msgid "Not restarting." msgstr "¡Aayyy! No reinicio." -#: src/tincd.c:397 -msgid "Got TERM signal" -msgstr "Recibí la señal TERM" +#~ msgid "%s: option `%s' is ambiguous\n" +#~ msgstr "%s: la opción `%s' es ambigua\n" -#: src/tincd.c:405 -msgid "Got QUIT signal" -msgstr "Recibí la señal QUIT" +#~ msgid "%s: option `--%s' doesn't allow an argument\n" +#~ msgstr "%s: la opción `--%s' no lleva parámetros\n" -#: src/tincd.c:412 -msgid "Got another SEGV signal: not restarting" -msgstr "Recibí otra señal SEGV: no reinicio" +#~ msgid "%s: option `%c%s' doesn't allow an argument\n" +#~ msgstr "%s: la opción `%c%s' no lleva parámetros\n" -#: src/tincd.c:419 -msgid "Got SEGV signal" -msgstr "Recibí la señal SEGV" +#~ msgid "%s: option `%s' requires an argument\n" +#~ msgstr "%s: la opción `%s' requiere un parámetro\n" -#: src/tincd.c:424 -msgid "Trying to re-execute in 5 seconds..." -msgstr "Intento re-ejecutar en 5 segundos." +#~ msgid "%s: unrecognized option `--%s'\n" +#~ msgstr "%s: opción desconocida `--%s'\n" -#: src/tincd.c:442 -msgid "Got HUP signal, rereading configuration and restarting" -msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." +#~ msgid "%s: unrecognized option `%c%s'\n" +#~ msgstr "%s: opción desconocida `%c%s'\n" -#: src/tincd.c:450 -msgid "Got INT signal, exiting" -msgstr "Recibí la señal INT, saliendo" +#~ msgid "%s: illegal option -- %c\n" +#~ msgstr "%s: opción ilegal -- %c\n" -#: src/tincd.c:464 -msgid "Got USR2 signal, forcing new key generation" -msgstr "Recibí la señal USR2, forzando generación de nueva clave" +#~ msgid "%s: invalid option -- %c\n" +#~ msgstr "%s: opción no válida --%c\n" -#: src/tincd.c:473 -#, c-format -msgid "Got unexpected signal %d (%s)" -msgstr "Recibí una señal inesperada %d (%s)." +#~ msgid "%s: option requires an argument -- %c\n" +#~ msgstr "%s: la opción requiere un parámetro -- %c\n" + +#~ msgid "%s: option `-W %s' is ambiguous\n" +#~ msgstr "%s: la opción `-W %s' es ambigua\n" + +#~ msgid "%s: option `-W %s' doesn't allow an argument\n" +#~ msgstr "%s: la opción `-W %s' no lleva parámetros\n" + +#~ msgid "List callback[delete] failed for %08lx - freeing anyway" +#~ msgstr "" +#~ "El callback[delete] de la lista falló para %08lx - liberándolo de todos modos" + +#~ msgid "Memory exhausted" +#~ msgstr "Memoria agotada" + +#~ msgid "Line %d too long while reading config file %s" +#~ msgstr "La línea %d es demasiado larga en el fichero de configuración %s" + +#~ msgid "Illegal passphrase in %s; size would be %d" +#~ msgstr "Frase ilegal en %s; el tamaño debe ser %d" + +#~ msgid "Opening /dev/urandom failed: %m" +#~ msgstr "Fallo al abrir /dev/urandom: %m" + +#~ msgid "Encryption key set to %s" +#~ msgstr "Clave de cifrado definida como %s" + +#~ msgid "Usage: %s bits\n" +#~ msgstr "Modo de empleo: %s bits\n" + +#~ msgid "Illegal number: %s\n" +#~ msgstr "Número ilegal: %s\n" + +#~ msgid "Receiving packet of %d bytes" +#~ msgstr "Recibido paquete de %d bytes" + +#~ msgid "Could not open UDP connection to %s (%s)" +#~ msgstr "No pude abrir una conexión UDP a %s (%s)" + +#~ msgid "No valid key known yet for %s (%s), queueing packet" +#~ msgstr "" +#~ "No conozco ninguna clave válida para %s (%s) aún, pongo el paquete en cola" + +#~ msgid "%s (%s) is not ready, queueing packet" +#~ msgstr "%s (%s) no está listo, poniendo el paquete en cola" + +#~ msgid "tun/tap device will be left unconfigured" +#~ msgstr "el dispositivo tun/tap se dejará sin configurar" + +#~ msgid "setsockopt: %m" +#~ msgstr "setsockopt(): %m" + +#~ msgid "fcntl: %m" +#~ msgstr "fcntl(): %m" + +#~ msgid "listen: %m" +#~ msgstr "listen(): %m" + +#~ msgid "Unable to set up an incoming vpn data socket!" +#~ msgstr "¡No puedo configurar un `socket' para recibir datos de la vpn!" + +#~ msgid "Terminating" +#~ msgstr "Terminando" + +#~ msgid "Error: getpeername: %m" +#~ msgstr "Error: getpeername(): %m" + +#~ msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" +#~ msgstr "Trama ethernet no-IP %04x desde %02x:%02x:%02x:%02x:%02x:%02x" + +#~ msgid "Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x" +#~ msgstr "Ignorando paquete corto desde %02x:%02x:%02x:%02x:%02x:%02x" + +#~ msgid "Warning: got ADD_HOST from %s (%s) from ourself, restarting" +#~ msgstr "" +#~ "Aviso: recibí ADD_HOST desde %s (%s) de nosotros mismos, reiniciando" + +#~ msgid "" +#~ "Got ADD_HOST from %s (%s) with origin %s which is not in our connection list" +#~ msgstr "" +#~ "Recibí ADD_HOST desde %s (%s) con origen %s que no está en nuestra lista de " +#~ "conexiones" + +#~ msgid "Removing old entry for %s (%s)" +#~ msgstr "Eliminando el registro viejo para %s (%s)" + +#~ msgid "Warning: got DEL_HOST from %s (%s) from ourself, restarting" +#~ msgstr "" +#~ "Aviso: recibí DEL_HOST desde %s (%s) de nosotros mismos, reiniciando" + +#~ msgid "" +#~ "Got DEL_HOST from %s (%s) with origin %s which is not in our connection list" +#~ msgstr "" +#~ "Recibí DEL_HOST desde %s (%s) con origen %s que no está en nuestra lista de " +#~ "conexiones" + +#~ msgid "Invalid timeout value `%s'.\n" +#~ msgstr "Valor de timeout `%s' no válido.\n" + +#~ msgid "" +#~ "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." +#~ msgstr "" +#~ "Memoria agotada (la última es %s:%d) (no pude asignar %d bytes), terminando." + +#~ msgid "tincd %s (%s %s) starting, debug level %d" +#~ msgstr "tincd %s (%s %s) comenzando, nivel de depuración %d." + +#~ msgid "tincd %s starting" +#~ msgstr "tincd %s comenzando" + +#~ msgid "" +#~ "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" +#~ msgstr "" +#~ "Total de bytes escritos: tap %d, socket %d; bytes leidos: tap %d, socket %d." + +#~ msgid "A tincd is already running for net `%s' with pid %d.\n" +#~ msgstr "" +#~ "Un tincd está actualmente en ejecución para la red `%s' con el pid %d.\n" + +#~ msgid "A tincd is already running with pid %d.\n" +#~ msgstr "Un tincd está actualmente en ejecución con el pid %d.\n" + +#~ msgid "No other tincd is running for net `%s'.\n" +#~ msgstr "No hay ningún otro tincd en ejecución para la red `%s'.\n" + +#~ msgid "No other tincd is running.\n" +#~ msgstr "No hay ningún otro tincd en ejecución.\n" + +#~ msgid "Removing stale lock file.\n" +#~ msgstr "Borrando fichero de bloqueo en desuso.\n" + +#~ msgid "Got TERM signal" +#~ msgstr "Recibí la señal TERM" + +#~ msgid "Got QUIT signal" +#~ msgstr "Recibí la señal QUIT" + +#~ msgid "Got another SEGV signal: not restarting" +#~ msgstr "Recibí otra señal SEGV: no reinicio" + +#~ msgid "Got SEGV signal" +#~ msgstr "Recibí la señal SEGV" + +#~ msgid "Trying to re-execute in 5 seconds..." +#~ msgstr "Intento re-ejecutar en 5 segundos." + +#~ msgid "Got INT signal, exiting" +#~ msgstr "Recibí la señal INT, saliendo" + +#~ msgid "Got USR2 signal, forcing new key generation" +#~ msgstr "Recibí la señal USR2, forzando generación de nueva clave" + +#~ msgid "Got unexpected signal %d (%s)" +#~ msgstr "Recibí una señal inesperada %d (%s)." diff --git a/po/nl.po b/po/nl.po index 23610fc5..1b4de07b 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre4\n" -"POT-Creation-Date: 2000-11-29 16:17+0100\n" +"POT-Creation-Date: 2001-01-06 17:41+0100\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -13,397 +13,451 @@ msgstr "" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: src/conf.c:230 +#: src/conf.c:238 #, c-format -msgid "Invalid variable name on line %d while reading config file %s" -msgstr "" -"Ongeldige naam voor variabele op regel %d tijdens het lezen van configuratie " -"bestand %s" +msgid "Cannot open config file %s: %m" +msgstr "Kan configuratie bestand %s niet openen: %m" -#: src/conf.c:237 +#: src/conf.c:274 #, c-format -msgid "No value for variable on line %d while reading config file %s" +msgid "Invalid variable name `%s' on line %d while reading config file %s" msgstr "" -"Geen waarde voor variabele op regel %d tijdens het lezen van configuratie " -"bestand %s" +"Ongeldige variabelenaam `%s' op regel %d tijdens lezen configuratie bestand " +"%s" -#: src/conf.c:245 +#: src/conf.c:281 #, c-format -msgid "Invalid value for variable on line %d while reading config file %s" +msgid "No value for variable `%s' on line %d while reading config file %s" msgstr "" -"Ongeldige waarde voor variabele op regel %d tijdens het lezen van " +"Geen waarde voor variabele `%s' op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/conf.c:271 +#: src/conf.c:289 #, c-format -msgid "Failed to read `%s': %m\n" -msgstr "`%s' lezen mislukte: %m\n" +msgid "Invalid value for variable `%s' on line %d while reading config file %s" +msgstr "" +"Ongeldige waarde voor variabele `%s' op regel %d tijdens lezen van " +"configuratie bestand %s" + +#: src/conf.c:314 +#, c-format +msgid "Failed to read `%s': %m" +msgstr "Lezen van `%s' mislukte: %m" + +#: src/conf.c:361 src/conf.c:384 src/conf.c:404 +#, c-format +msgid "Couldn't stat `%s': %m" +msgstr "Kon `%s' niet statten: %m" + +#: src/conf.c:376 +#, c-format +msgid "`%s' is not an absolute path" +msgstr "`%s' is geen absoluut pad" + +#: src/conf.c:390 src/conf.c:412 +#, c-format +msgid "`%s' is owned by UID %d instead of %d" +msgstr "`%s' is eigendom van UID %d in plaats van %d" + +#: src/conf.c:396 src/conf.c:418 +#, c-format +msgid "Warning: `%s' is a symlink" +msgstr "Waarschuwing: `%s' is een symbolische link" + +#. Accessible by others +#: src/conf.c:425 +#, c-format +msgid "`%s' has unsecure permissions" +msgstr "`%s' heeft onveilige permissies" #. Ask for a file and/or directory name. -#: src/conf.c:332 +#: src/conf.c:451 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "Geef een bestand om de %s naar de schrijven [%s]: " -#: src/conf.c:337 +#: src/conf.c:457 #, c-format msgid "Error while reading stdin: %m\n" msgstr "Fout tijdens lezen van standaardinvoer: %m\n" -#: src/conf.c:360 +#: src/conf.c:496 +#, c-format +msgid "Error opening file `%s': %m\n" +msgstr "Fout bij het openen van het bestand `%s': %m\n" + +#: src/conf.c:506 #, c-format msgid "" "The file `%s' (or any of the leading directories) has unsafe permissions.\n" "I will not create or overwrite this file.\n" msgstr "" -"Het bestand `%s' (of een van de voorgaande mappen) heeft onvoldoende bescherming.\n" +"Het bestand `%s' (of een van de voorgaande mappen) heeft onvoldoende " +"bescherming.\n" "Ik maak of overschrijf dit bestand niet.\n" -#: src/conf.c:368 -#, c-format -msgid "Error opening file `%s': %m\n" -msgstr "Fout bij het openen van het bestand `%s': %m\n" - -#: src/connection.c:187 +#: src/connection.c:191 msgid "Connection list:" msgstr "Verbindingslijst:" -#: src/connection.c:189 src/connection.c:196 +#: src/connection.c:193 src/connection.c:200 #, c-format msgid " %s at %s port %hd flags %d sockets %d, %d status %04x" msgstr " %s op %s poort %hd vlaggen %d sockets %d, %d status %04x" -#: src/connection.c:201 +#: src/connection.c:205 msgid "End of connection list." msgstr "Einde van verbindingslijst." -#: src/meta.c:52 +#: src/meta.c:53 #, c-format msgid "Sending %d bytes of metadata to %s (%s): %s" msgstr "Verzenden van %d bytes metadata naar %s (%s): %s" -#: src/meta.c:68 +#: src/meta.c:69 #, c-format msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:99 src/net.c:1010 +#: src/meta.c:100 src/net.c:1101 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" -#: src/meta.c:105 +#: src/meta.c:106 #, c-format msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s): %s" -#: src/meta.c:124 +#: src/meta.c:125 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:128 +#: src/meta.c:129 #, c-format msgid "Metadata socket read error for %s (%s): %m" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %m" -#: src/meta.c:158 +#: src/meta.c:159 #, c-format msgid "Got request from %s (%s): %s" msgstr "Kreeg verzoek van %s (%s): %s" -#: src/meta.c:176 +#: src/meta.c:177 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:121 +#: src/net.c:128 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net.c:132 +#: src/net.c:139 #, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" -#: src/net.c:161 +#: src/net.c:168 #, c-format msgid "Writing packet of %d bytes to tap device" msgstr "Verzending pakket van %d bytes naar tap-apparaat" -#: src/net.c:171 +#: src/net.c:178 #, c-format msgid "Can't write to tun/tap device: %m" msgstr "Kan niet naar tun/tap apparaat schrijven: %m" -#: src/net.c:178 +#: src/net.c:185 #, c-format msgid "Can't write to ethertap device: %m" msgstr "Kan niet naar ethertap apparaat schrijven: %m" -#: src/net.c:279 +#: src/net.c:286 msgid "Queue flushed" msgstr "Wachtrij leeggemaakt" -#: src/net.c:294 +#: src/net.c:301 #, c-format msgid "Flushing send queue for %s (%s)" msgstr "Legen van verzend-wachtrij voor %s (%s)" -#: src/net.c:302 +#: src/net.c:309 #, c-format msgid "Flushing receive queue for %s (%s)" msgstr "Legen van de ontvangst-wachtrij voor %s (%s)" -#: src/net.c:321 +#: src/net.c:328 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" -#: src/net.c:334 +#: src/net.c:341 #, c-format msgid "Packet with destination %d.%d.%d.%d is looping back to us!" msgstr "Pakket met doeladres %d.%d.%d.%d komt terug naar ons!" -#: src/net.c:410 +#: src/net.c:417 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" -#: src/net.c:439 +#: src/net.c:446 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s is een nieuwe stijl tun/tap apparaat" -#: src/net.c:464 +#: src/net.c:471 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:471 src/net.c:479 src/net.c:488 src/net.c:522 src/net.c:550 -#: src/net.c:559 src/net.c:968 src/net.c:977 src/net.c:1035 +#: src/net.c:478 src/net.c:486 src/net.c:495 src/net.c:529 src/net.c:557 +#: src/net.c:566 src/net.c:620 src/net.c:1059 src/net.c:1068 src/net.c:1126 #, c-format msgid "System call `%s' failed: %m" msgstr "Systeemaanroep `%s' mislukte: %m" -#: src/net.c:498 +#: src/net.c:505 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:515 +#: src/net.c:522 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:543 +#: src/net.c:550 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:572 src/net.c:990 +#: src/net.c:579 src/net.c:1081 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:589 +#: src/net.c:596 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:599 +#: src/net.c:606 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:611 +#: src/net.c:631 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:619 +#: src/net.c:639 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:625 +#: src/net.c:645 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:644 +#: src/net.c:664 msgid "Invalid name for outgoing connection" msgstr "Ongelige naam voor uitgaande verbinding" -#: src/net.c:653 +#: src/net.c:673 #, c-format msgid "Error reading host configuration file for %s" msgstr "Fout tijdens lezen host configuratie bestand voor %s" -#: src/net.c:660 +#: src/net.c:680 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:667 +#: src/net.c:687 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:677 +#: src/net.c:697 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:712 +#: src/net.c:735 +#, c-format +msgid "Error reading RSA public key file `%s': %m" +msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %m" + +#: src/net.c:743 +#, c-format +msgid "Reading RSA public key file `%s' failed: %m" +msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %m" + +#: src/net.c:753 +#, c-format +msgid "No public key for %s specified!" +msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" + +#: src/net.c:778 +#, c-format +msgid "Error reading RSA private key file `%s': %m" +msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" + +#: src/net.c:786 +#, c-format +msgid "Reading RSA private key file `%s' failed: %m" +msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" + +# +#: src/net.c:793 +msgid "No private key for tinc daemon specified!" +msgstr "Geen privé sleutel voor tinc daemon gespecificeerd!" + +#: src/net.c:817 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:720 +#: src/net.c:825 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:726 -msgid "Private key for tinc daemon required!" -msgstr "Privé sleutel voor tinc daemon verplicht!" - -#: src/net.c:738 +#: src/net.c:834 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:744 -msgid "Public key for tinc daemon required!" -msgstr "Publieke sleutel voor tinc daemon verplicht!" - -#: src/net.c:784 +#: src/net.c:875 msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" -#: src/net.c:793 +#: src/net.c:884 msgid "Unable to set up a listening TCP socket!" msgstr "Kon geen TCP luistersocket aanmaken!" -#: src/net.c:799 +#: src/net.c:890 msgid "Unable to set up a listening UDP socket!" msgstr "Kon geen UDP luistersocket aanmaken!" -#: src/net.c:823 +#: src/net.c:914 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:855 +#: src/net.c:946 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:906 +#: src/net.c:997 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:956 +#: src/net.c:1047 #, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:961 +#: src/net.c:1052 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:1001 +#: src/net.c:1092 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:1050 +#: src/net.c:1142 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1098 +#: src/net.c:1190 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1104 +#: src/net.c:1196 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1110 +#: src/net.c:1202 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1118 +#: src/net.c:1210 #, c-format -msgid "Received UDP packets on port %d from unknown source %lx:%d" -msgstr "UDP pakket op poort %d ontvangen met onbekende oorsprong %lx:%d" +msgid "Received UDP packets on port %hd from unknown source %x:%hd" +msgstr "Ontvangst UDP pakket op poort %hd van onbekende oorsprong %x:%hd" -#: src/net.c:1124 +#: src/net.c:1216 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net.c:1148 +#: src/net.c:1240 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1192 +#: src/net.c:1285 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:1227 +#: src/net.c:1320 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1254 +#: src/net.c:1347 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1262 +#: src/net.c:1355 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1317 +#: src/net.c:1410 #, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1326 +#: src/net.c:1419 #, c-format msgid "Error while reading from ethertap device: %m" msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1337 +#: src/net.c:1430 msgid "Received short packet from tap device" msgstr "Kort pakket ontvangen van tap apparaat" -#: src/net.c:1343 +#: src/net.c:1436 #, c-format msgid "Read packet of length %d from tap device" msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1375 +#: src/net.c:1468 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1382 +#: src/net.c:1475 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1389 +#: src/net.c:1482 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1415 +#: src/net.c:1508 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" @@ -412,290 +466,285 @@ msgstr "Hergenereren symmetrische sleutel" msgid "Error looking up `%s': %s\n" msgstr "Fout bij het opzoeken van `%s': %s\n" -#: src/protocol.c:98 +#: src/protocol.c:101 #, c-format msgid "Output buffer overflow while sending %s to %s (%s)" msgstr "Uitvoer buffer overvol tijdens zenden %s naar %s (%s)" -#: src/protocol.c:105 +#: src/protocol.c:108 #, c-format msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:119 +#: src/protocol.c:122 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:126 +#: src/protocol.c:129 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:132 +#: src/protocol.c:135 #, c-format msgid "Unauthorized request from %s (%s)" msgstr "Niet toegestaan verzoek van %s (%s)" -#: src/protocol.c:139 +#: src/protocol.c:142 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:146 +#: src/protocol.c:149 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:198 +#: src/protocol.c:203 #, c-format msgid "Got bad ID from %s" msgstr "Kreeg ongeldige ID van %s" -#: src/protocol.c:206 +#: src/protocol.c:211 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:215 +#: src/protocol.c:220 #, c-format msgid "Peer %s uses invalid identity name" msgstr "Ander %s gebruikt een ongeldige identiteitsnaam" -#: src/protocol.c:227 +#: src/protocol.c:232 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft een onbekende identiteit (%s)" -#: src/protocol.c:241 +#: src/protocol.c:246 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "%s (%s) staat al in onze verbindingslijst" -#: src/protocol.c:263 -#, c-format -msgid "No public key known for %s (%s)" -msgstr "Geen publieke sleutel bekend voor %s (%s)" - -#: src/protocol.c:296 +#: src/protocol.c:299 #, c-format msgid "Generated random challenge (unencrypted): %s" msgstr "Uitdaging gegenereerd (niet versleuteld): %s" -#: src/protocol.c:303 src/protocol.c:356 +#: src/protocol.c:306 src/protocol.c:359 #, c-format msgid "Error during encryption of challenge for %s (%s)" msgstr "Fout tijdens versleuteling van uitdaging voor %s (%s)" -#: src/protocol.c:329 +#: src/protocol.c:332 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" -#: src/protocol.c:339 +#: src/protocol.c:342 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" -#: src/protocol.c:364 +#: src/protocol.c:367 #, c-format msgid "Received random challenge (unencrypted): %s" msgstr "Uitdaging ontvangen (niet versleuteld): %s" -#: src/protocol.c:378 +#: src/protocol.c:381 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" -#: src/protocol.c:409 +#: src/protocol.c:412 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" -#: src/protocol.c:417 +#: src/protocol.c:420 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" -#: src/protocol.c:433 +#: src/protocol.c:436 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" -#: src/protocol.c:438 +#: src/protocol.c:441 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwacht antwoord op uitdaging: %s" -#: src/protocol.c:482 +#: src/protocol.c:485 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "Meta sleutel gegenereerd (niet versleuteld): %s" -#: src/protocol.c:489 src/protocol.c:551 +#: src/protocol.c:492 src/protocol.c:554 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleuteling van meta sleutel voor %s (%s)" -#: src/protocol.c:521 +#: src/protocol.c:524 #, c-format msgid "Got bad METAKEY from %s (%s)" msgstr "Kreeg ongeldige METAKEY van %s (%s)" -#: src/protocol.c:531 +#: src/protocol.c:534 #, c-format msgid "Intruder: wrong meta key length from %s (%s)" msgstr "Indringer: verkeerde lengte voor meta sleutel van %s (%s)" -#: src/protocol.c:559 +#: src/protocol.c:562 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Meta sleutel ontvangen (niet versleuteld): %s" -#: src/protocol.c:598 +#: src/protocol.c:601 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:614 +#: src/protocol.c:617 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:679 +#: src/protocol.c:682 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" -#: src/protocol.c:687 +#: src/protocol.c:690 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:695 +#: src/protocol.c:698 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" -#: src/protocol.c:703 +#: src/protocol.c:706 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:713 +#: src/protocol.c:716 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg ADD_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:756 +#: src/protocol.c:759 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" -#: src/protocol.c:764 +#: src/protocol.c:767 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:772 +#: src/protocol.c:775 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:782 +#: src/protocol.c:785 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:792 +#: src/protocol.c:795 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg DEL_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:832 +#: src/protocol.c:835 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:840 +#: src/protocol.c:843 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:849 +#: src/protocol.c:852 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:866 +#: src/protocol.c:869 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:874 +#: src/protocol.c:877 #, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe verbinding" -#: src/protocol.c:924 +#: src/protocol.c:927 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:933 +#: src/protocol.c:936 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:941 +#: src/protocol.c:944 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:951 +#: src/protocol.c:954 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:960 +#: src/protocol.c:963 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:999 +#: src/protocol.c:1002 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:1006 +#: src/protocol.c:1009 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:1029 +#: src/protocol.c:1032 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:1036 +#: src/protocol.c:1039 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:1114 +#: src/protocol.c:1117 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:1121 +#: src/protocol.c:1124 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -704,12 +753,12 @@ msgstr "" "Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1150 +#: src/protocol.c:1153 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:1157 +#: src/protocol.c:1160 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -718,7 +767,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1174 +#: src/protocol.c:1177 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -726,12 +775,12 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1210 +#: src/protocol.c:1213 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:1217 +#: src/protocol.c:1220 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -740,13 +789,13 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1228 +#: src/protocol.c:1231 #, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "" "Kreeg ongeldige ADD_KEY van %s (%s) herkomst %s: ongeldige sleutellengte" -#: src/protocol.c:1239 +#: src/protocol.c:1242 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -754,25 +803,6 @@ msgid "" msgstr "" "Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/route.c:61 -#, c-format -msgid "Cannot route packet: unknown type %hx" -msgstr "Kan pakket niet routeren: onbekend type %hx" - -#: src/route.c:75 -#, c-format -msgid "Cannot route packet: unknown destination address %x:%x:%x:%x:%x:%x" -msgstr "Kan pakket niet routeren: onbekend doeladres %x:%x:%x:%x:%x:%x" - -#: src/route.c:99 -#, c-format -msgid "Cannot route packet: unknown destination address %d.%d.%d.%d" -msgstr "Kan pakket niet routeren: onbekend doeladres %d.%d.%d.%d" - -#: src/route.c:109 -msgid "Cannot route packet: IPv6 routing not implemented yet" -msgstr "Kan pakket niet routeren: IPv6 routering nog niet ingebouwd" - #: src/subnet.c:108 #, c-format msgid "subnet_compare() was called with unknown subnet type %d, restarting!" @@ -781,15 +811,15 @@ msgstr "" "starten" #. Do some intl stuff right now -#: src/subnet.c:251 src/tincd.c:290 +#: src/subnet.c:251 src/tincd.c:296 msgid "unknown" msgstr "onbekend" -#: src/subnet.c:311 +#: src/subnet.c:308 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:319 +#: src/subnet.c:316 msgid "End of subnet list." msgstr "Einde van subnet lijst." @@ -840,43 +870,46 @@ msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:171 -msgid "Invalid argument! BITS must be a number equal to or greater than 512.\n" +#: src/tincd.c:174 +#, c-format +msgid "" +"Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" msgstr "" -"Ongeldig argument! BITS moet een nummer zijn gelijk aan of groter dan 512.\n" +"Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " +"512.\n" -#: src/tincd.c:229 +#: src/tincd.c:233 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:233 +#: src/tincd.c:237 msgid "Error during key generation!" msgstr "Fout tijdens genereren sleutel!" -#: src/tincd.c:237 +#: src/tincd.c:241 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:239 +#: src/tincd.c:243 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:244 +#: src/tincd.c:248 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:264 +#: src/tincd.c:268 msgid "Both netname and configuration directory given, using the latter...\n" msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt...\n" -#: src/tincd.c:297 +#: src/tincd.c:303 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:298 +#: src/tincd.c:304 msgid "" "Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -893,103 +926,20 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:312 +#: src/tincd.c:318 msgid "You must be root to run this program. Sorry.\n" msgstr "" "Je moet systeembeheerder zijn om dit programma te kunnen draaien. Sorry.\n" -#: src/tincd.c:347 +#: src/tincd.c:353 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:352 +#: src/tincd.c:358 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:357 +#: src/tincd.c:363 msgid "Not restarting." msgstr "Geen herstart." - -#~ msgid "Line %d too long while reading config file %s" -#~ msgstr "Regel %d te lang tijdens het lezen van configuratie bestand %s" - -#~ msgid "Terminating" -#~ msgstr "Beëindigen" - -#~ msgid "" -#~ "Please copy the private key to tinc.conf and the\n" -#~ "public key to your host configuration file:\n" -#~ "\n" -#~ msgstr "" -#~ "Copiëer de privé sleutel naar tinc.conf en de\n" -#~ "publieke sleutel naar het host configuratie bestand:\n" -#~ "\n" - -#~ msgid "Couldn't chdir to `%s': %m" -#~ msgstr "Kon map niet veranderen naar `%s': %m" - -#~ msgid "Error executing `%s': %m" -#~ msgstr "Fout tijdens uitvoeren `%s': %m" - -#~ msgid "Could not open UDP connection to %s (%s)" -#~ msgstr "Kon geen UDP verbinding openen naar %s (%s)" - -#~ msgid "Unable to set up an incoming vpn data socket!" -#~ msgstr "Kon geen socket maken voor inkomend vpn verkeer!" - -#~ msgid "Outgoing data socket error for %s (%s): %s" -#~ msgstr "Fout op socket voor uitgaand verkeer voor %s (%s): %s" - -#~ msgid "" -#~ "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." -#~ msgstr "" -#~ "Geheugen is vol (laatste %s:%d) (kon geen %d bytes vrijmaken), beëindigen." - -#~ msgid "tincd %s (%s %s) starting, debug level %d" -#~ msgstr "tincd %s (%s %s) gestart, debugniveau %d" - -#~ msgid "tincd %s starting" -#~ msgstr "tincd %s gestart" - -#~ msgid "" -#~ "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" -#~ msgstr "" -#~ "Totaal aantal bytes geschreven: tap %d, socket %d; bytes gelezen: top %d, " -#~ "socket %d." - -#~ msgid "A tincd is already running for net `%s' with pid %d.\n" -#~ msgstr "Een tincd voor net `%s' draait al met procesnummer %d.\n" - -#~ msgid "A tincd is already running with pid %d.\n" -#~ msgstr "Een tincd draait al met procesnummer %d.\n" - -#~ msgid "No other tincd is running for net `%s'.\n" -#~ msgstr "Geen andere tincd gevonden voor net `%s'.\n" - -#~ msgid "No other tincd is running.\n" -#~ msgstr "Geen andere tincd gevonden.\n" - -#~ msgid "Removing stale lock file.\n" -#~ msgstr "Ongebruikt vergrendelingsbestand verwijderd.\n" - -#~ msgid "Got TERM signal" -#~ msgstr "Kreeg TERM signaal" - -#~ msgid "Got another SEGV signal: not restarting" -#~ msgstr "Kreeg nog een SEGV signaal: niet herstarten" - -#~ msgid "Got SEGV signal" -#~ msgstr "Kreeg SEGV signaal" - -#~ msgid "Trying to re-execute in 5 seconds..." -#~ msgstr "Poging tot herstaren over 5 seconden..." - -#~ msgid "Got HUP signal" -#~ msgstr "Kreeg HUP signaal" - -#~ msgid "Got INT signal, exiting" -#~ msgstr "Kreeg INT signaal, beëindigen" - -#~ msgid "Got unexpected signal %d (%s)" -#~ msgstr "Kreeg onverwacht signaal %d (%s)" From f7bb205022e02c02c02733cd43544c231373115d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 6 Jan 2001 18:03:41 +0000 Subject: [PATCH 306/923] - Check and follow symlinks in is_safe_path - By default write keys to tinc config directory - Small fix in protocol.c --- src/conf.c | 118 ++++++++++++++++++++++++++++--------------------- src/protocol.c | 7 +-- src/tincd.c | 20 ++++++--- 3 files changed, 85 insertions(+), 60 deletions(-) diff --git a/src/conf.c b/src/conf.c index 5aaa22a0..61f0cf0e 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.36 2001/01/05 23:53:49 guus Exp $ + $Id: conf.c,v 1.9.4.37 2001/01/06 18:03:39 guus Exp $ */ #include "config.h" @@ -357,19 +357,18 @@ int isadir(const char* f) struct stat s; if(stat(f, &s) < 0) - { - syslog(LOG_ERR, _("Couldn't stat `%s': %m"), - f); - return -1; - } - - return S_ISDIR(s.st_mode); + return 0; + else + return S_ISDIR(s.st_mode); } int is_safe_path(const char *file) { char *p; + const char *f; + char x; struct stat s; + char l[MAXBUFSIZE]; if(*file != '/') { @@ -378,52 +377,85 @@ int is_safe_path(const char *file) } p = strrchr(file, '/'); + + if(p == file) /* It's in the root */ + p++; + + x = *p; *p = '\0'; - if(stat(file, &s) < 0) + + f = file; +check1: + if(lstat(f, &s) < 0) { syslog(LOG_ERR, _("Couldn't stat `%s': %m"), - file); + f); return 0; } - if(s.st_uid != geteuid()) - { - syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), - file, s.st_uid, geteuid()); - return 0; - } - if(S_ISLNK(s.st_mode)) - { - syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), - file); - /* fixme: read the symlink and start again */ - } - *p = '/'; - if(stat(file, &s) < 0 && errno != ENOENT) - { - syslog(LOG_ERR, _("Couldn't stat `%s': %m"), - file); - return 0; - } - if(errno == ENOENT) - return 1; if(s.st_uid != geteuid()) { syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), - file, s.st_uid, geteuid()); + f, s.st_uid, geteuid()); return 0; } + if(S_ISLNK(s.st_mode)) { syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), - file); - /* fixme: read the symlink and start again */ + f); + + if(readlink(f, l, MAXBUFSIZE) < 0) + { + syslog(LOG_ERR, _("Unable to read symbolic link `%s': %m"), f); + return 0; + } + + f = l; + goto check1; } + + *p = x; + f = file; + +check2: + if(lstat(f, &s) < 0 && errno != ENOENT) + { + syslog(LOG_ERR, _("Couldn't stat `%s': %m"), + f); + return 0; + } + + if(errno == ENOENT) + return 1; + + if(s.st_uid != geteuid()) + { + syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), + f, s.st_uid, geteuid()); + return 0; + } + + if(S_ISLNK(s.st_mode)) + { + syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), + f); + + if(readlink(f, l, MAXBUFSIZE) < 0) + { + syslog(LOG_ERR, _("Unable to read symbolic link `%s': %m"), f); + return 0; + } + + f = l; + goto check2; + } + if(s.st_mode & 0007) { /* Accessible by others */ syslog(LOG_ERR, _("`%s' has unsecure permissions"), - file); + f); return 0; } @@ -435,7 +467,6 @@ FILE *ask_and_safe_open(const char* filename, const char* what) FILE *r; char *directory; char *fn; - int len; /* Check stdin and stdout */ if(!isatty(0) || !isatty(1)) @@ -469,25 +500,12 @@ FILE *ask_and_safe_open(const char* filename, const char* what) char *p; directory = get_current_dir_name(); - len = strlen(fn) + strlen(directory) + 2; /* 1 for the / */ - p = xmalloc(len); - snprintf(p, len, "%s/%s", directory, fn); + asprintf(&p, "%s/%s", directory, fn); free(fn); free(directory); fn = p; } - if(isadir(fn) > 0) /* -1 is error */ - { - char *p; - - len = strlen(fn) + strlen(filename) + 2; /* 1 for the / */ - p = xmalloc(len); - snprintf(p, len, "%s/%s", fn, filename); - free(fn); - fn = p; - } - umask(0077); /* Disallow everything for group and other */ /* Open it first to keep the inode busy */ diff --git a/src/protocol.c b/src/protocol.c index 85a4047c..72f8c3d0 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.71 2001/01/05 23:53:51 guus Exp $ + $Id: protocol.c,v 1.28.4.72 2001/01/06 18:03:40 guus Exp $ */ #include "config.h" @@ -196,6 +196,7 @@ int id_h(connection_t *cl) connection_t *old; unsigned short int port; char name[MAX_STRING_SIZE]; + avl_node_t *node; cp if(sscanf(cl->buffer, "%*d "MAX_STRING" %d %lx %hd", name, &cl->protocol_version, &cl->options, &port) != 4) { @@ -256,9 +257,9 @@ cp /* And uhr... cl->port just changed so we have to unlink it from the connection tree and re-insert... */ - avl_unlink(connection_tree, cl); + node = avl_unlink(connection_tree, cl); cl->port = port; - avl_insert(connection_tree, cl); + avl_insert_node(connection_tree, node); /* Read in the public key, so that we can send a challenge */ diff --git a/src/tincd.c b/src/tincd.c index 535fdb32..3e02e699 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.39 2001/01/05 23:53:53 guus Exp $ + $Id: tincd.c,v 1.10.4.40 2001/01/06 18:03:41 guus Exp $ */ #include "config.h" @@ -229,9 +229,11 @@ int keygen(int bits) { RSA *rsa_key; FILE *f; + char *filename; fprintf(stderr, _("Generating %d bits keys:\n"), bits); rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL); + if(!rsa_key) { fprintf(stderr, _("Error during key generation!")); @@ -240,15 +242,19 @@ int keygen(int bits) else fprintf(stderr, _("Done.\n")); - if((f = ask_and_safe_open("rsa_key.pub", _("public RSA key"))) == NULL) + asprintf(&filename, "%s/rsa_key.pub", confbase); + if((f = ask_and_safe_open(filename, _("public RSA key"))) == NULL) return -1; PEM_write_RSAPublicKey(f, rsa_key); fclose(f); + free(filename); - if((f = ask_and_safe_open("rsa_key.priv", _("private RSA key"))) == NULL) + asprintf(&filename, "%s/rsa_key.priv", confbase); + if((f = ask_and_safe_open(filename, _("private RSA key"))) == NULL) return -1; PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); fclose(f); + free(filename); return 0; } @@ -265,7 +271,7 @@ void make_names(void) if(!confbase) asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); else - fprintf(stderr, _("Both netname and configuration directory given, using the latter...\n")); + syslog(LOG_INFO, _("Both netname and configuration directory given, using the latter...")); if(!identname) asprintf(&identname, "tinc.%s", netname); } @@ -283,8 +289,6 @@ void make_names(void) int main(int argc, char **argv, char **envp) { - openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ - program_name = argv[0]; setlocale (LC_ALL, ""); @@ -315,10 +319,12 @@ main(int argc, char **argv, char **envp) if(geteuid()) { - fprintf(stderr, _("You must be root to run this program. Sorry.\n")); + fprintf(stderr, _("You must be root to run this program.\n")); return 1; } + openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ + g_argv = argv; make_names(); From 90bf1b21fa7e94d73719da0593e7c0356d05e18f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 6 Jan 2001 18:21:17 +0000 Subject: [PATCH 307/923] - Changed license of AVL tree library to GPL. --- lib/avl_tree.c | 22 +++++++++++----------- lib/avl_tree.h | 22 +++++++++++----------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/lib/avl_tree.c b/lib/avl_tree.c index df7a0361..79bf2dc0 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -5,19 +5,19 @@ 2000 Guus Sliepen 2000 Wessel Dankers - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. - This library is distributed in the hope that it will be useful, + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Original AVL tree library by Michael H. Buselli . @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.1 2001/01/05 23:50:56 guus Exp $ + $Id: avl_tree.c,v 1.1.2.2 2001/01/06 18:21:17 guus Exp $ */ #include diff --git a/lib/avl_tree.h b/lib/avl_tree.h index 6e07b92b..430eeb51 100644 --- a/lib/avl_tree.h +++ b/lib/avl_tree.h @@ -5,19 +5,19 @@ 2000 Guus Sliepen 2000 Wessel Dankers - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. - This library is distributed in the hope that it will be useful, + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. Original AVL tree library by Michael H. Buselli . @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org) by Guus Sliepen . - $Id: avl_tree.h,v 1.1.2.1 2001/01/05 23:50:56 guus Exp $ + $Id: avl_tree.h,v 1.1.2.2 2001/01/06 18:21:17 guus Exp $ */ From 0d99ae59bd7c640d396ce978045f0911567fb9bf Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 6 Jan 2001 18:44:55 +0000 Subject: [PATCH 308/923] - Updated manual pages. --- doc/tinc.conf.5 | 19 ++++++++++++++++--- doc/tincd.8 | 16 ++++++++++++---- 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index d647bbbd..4da55197 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -1,4 +1,4 @@ -.TH TINC 5 "May 2000" "tinc version 1.0" "FSF" +.TH TINC 5 "Jan 2001" "tinc version 1.0pre4" "FSF" .SH NAME tinc.conf \- tinc daemon configuration .SH "DESCRIPTION" @@ -104,10 +104,16 @@ probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. .TP -\fBPrivateKey\fR = <\fIkey\fR> (required) +\fBPrivateKey\fR = <\fIkey\fR> The private RSA key of this tinc daemon. It will allow this tinc daemon to authenticate itself to other daemons. .TP +\fBPrivateKeyFile\fR = <\fIfilename\fR> +The file in which the private RSA key of this tinc daemon resides. + +Note that there must be exactly one of \fBPrivateKey\fR or \fBPrivateKeyFile\fR +specified in the configuration file. +.TP \fBTapDevice\fR = <\fIdevice\fR> (/dev/tap0) The ethertap or tun/tap device to use. tinc will automatically detect what kind of tapdevice it is. @@ -134,10 +140,17 @@ The real address or hostname of this tinc daemon. \fBPort\fR = <\fIport number\fR> (655) The port on which this tinc daemon is listening for incoming connections. .TP -\fBPublicKey\fR = <\fIkey\fR> (required) +\fBPublicKey\fR = <\fIkey\fR> The public RSA key of this tinc daemon. It will be used to cryptographically verify it's identity and to set up a secure connection. .TP +\fBPublicKeyFile\fR = <\fIfilename\fR> +The file in which the public RSA key of this tinc daemon resides. + +Note that there must be exactly one of \fBPublicKey\fR or \fBPublicKeyFile\fR +specified in each host configuration file, if you want to be able to establish +a connection with that host. +.TP \fBSubnet\fR = <\fIaddress/masklength\fR> (optional) The subnet which this tinc daemon will serve. tinc tries to look up which other daemon it should send a packet to by searching the appropiate subnet. If the diff --git a/doc/tincd.8 b/doc/tincd.8 index b96164ac..1dbe280a 100644 --- a/doc/tincd.8 +++ b/doc/tincd.8 @@ -1,4 +1,4 @@ -.TH TINCD 8 "June 2000" "tinc version 1.0pre3" "FSF" +.TH TINCD 8 "Jan 2001" "tinc version 1.0pre4" "FSF" .SH NAME tincd \- tinc VPN daemon .SH SYNOPSIS @@ -13,6 +13,7 @@ it's configuration file to determine what virtual subnets it has to serve and to what other tinc daemons it should connect. It will connect to the ethertap or tun/tap device and set up a socket for incoming connections. +Optionally a script will be executed to further configure the tap device. If that succeeds, it will detach from the controlling terminal and continue in the background, accepting and setting up connections to other tinc daemons that are part of the virtual private network. @@ -93,12 +94,19 @@ This will log all network traffic over the virtual private network. .SH "FILES" .TP \fI/etc/tinc//tinc.conf\fR -The configuration file for tincd. This should also contain the private RSA key. +The configuration file for tincd. +.TP +\fI/etc/tinc//tinc-up\fR +Script which is executed as soon as a tap device has been allocated. +Purpose is to further configure that device. +.TP +\fI/etc/tinc//tinc-down\fR +Script which is executed when tinc quits. +Purpose is to shut down the tap device. .TP \fI/etc/tinc//hosts/*\fR The directory containing the host configuration files -used to authenticate other tinc daemons. They contain -the public RSA keys of other hosts. +used to authenticate other tinc daemons. .PP .SH "BUGS" Maintaining a connection list on each tinc daemon that can connect and disconnect at any From 3d7289cf743f89cab4c71815482a4837a21f6703 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 6 Jan 2001 20:02:21 +0000 Subject: [PATCH 309/923] - Updated texinfo manual. --- doc/tinc.texi | 293 ++++++++++++++++++++------------------------------ 1 file changed, 115 insertions(+), 178 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index b79bc02f..7fdf1de9 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.10 2000/12/05 08:54:22 zarq Exp $ +@c $Id: tinc.texi,v 1.8.4.11 2001/01/06 20:02:21 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -17,7 +17,7 @@ Copyright @copyright{} 1998,199,2000 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.10 2000/12/05 08:54:22 zarq Exp $ +$Id: tinc.texi,v 1.8.4.11 2001/01/06 20:02:21 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -42,7 +42,7 @@ Copyright @copyright{} 1998,1999,2000 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.10 2000/12/05 08:54:22 zarq Exp $ +$Id: tinc.texi,v 1.8.4.11 2001/01/06 20:02:21 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -118,7 +118,8 @@ computers on the other end of the internet. @cindex virtual This problem can be solved by using @emph{virtual} networks. Virtual -networks can live on top of other networks, but do not interfere with +networks can live on top of other networks, but they use encapsulation to +keep using their private address space so they do not interfere with each other. Mostly, virtual networks appear like a singe LAN, even though they can span the entire world. But virtual networks can't be secured by using firewalls, because the traffic that flows through it has to go @@ -160,7 +161,7 @@ both the receiving and sending end, it has become largely runtime-configurable---in short, it has become a full-fledged professional package. -A lot can---and will be---changed. I have a few things that I'd like to +A lot can---and will be---changed. We have a number of things that we would like to see in the future releases of tinc. Not everything will be available in the near future. Our first objective is to make tinc work perfectly as it stands, and then add more advanced features. @@ -173,14 +174,16 @@ available too. @node Supported platforms, , tinc, Introduction @section Supported platforms -tinc works on Linux, FreeBSD and Solaris. These are the three platforms +tinc has been verified to work under Linux, FreeBSD and Solaris, with +various hardware architectures. These are the three platforms that are supported by the universial TUN/TAP device driver, so if support for other operating systems is added to this driver, perhaps tinc will run on them as well. Without this driver, tinc will most likely compile and run, but it will not be able to send or receive data packets. -For a more up to date list, please check the list on our website: +For an up to date list of supported platforms, please check the list on +our website: @uref{http://tinc.nl.linux.org/platforms.html}. @@ -191,14 +194,12 @@ tinc was first written for Linux running on an intel x86 processor, so this is the best supported platform. The protocol however, and actually anything about tinc, has been rewritten to support random byte ordering and arbitrary word length. So in theory it should run on other -processors that Linux runs on. Take care however, we haven't been able -to really test it yet. If you want to run tinc on another platform than -x86, and want to tell us how it went, please do so. +processors that Linux runs on. It has already been verified to run on +alpha and sparc processors as well. tinc uses the ethertap device that is provided in the standard kernel -since version 2.1.60, so anything above that (2.2.x, 2.3.x, and the -2.4.0-testx (which is current at the time of this writing) kernel -versions) is able to support tinc. +since version 2.1.60, so anything above that (2.2.x, 2.3.x, and 2.4.0) +kernel version is able to support tinc. @c ================================================================== @@ -294,6 +295,10 @@ Network device support <*> Ethertap network tap @end example +Note that if you want to run more than one instance of tinc or other +programs that use the ethertap, you have to compile the ethertap driver +as a module. + For kernel 2.3.x and 2.4.x: @example @@ -316,12 +321,14 @@ alias tap0 ethertap alias char-major-36 netlink_dev @end example -If you have a 2.4 kernel, you can also choose to use the `Ethertap -network tap' device. This is marked obsolete, because the universal -TUN/TAP driver is a newer implementation that is supposed to be used in -favor of ethertap. For tinc, it doesn't really matter which one you -choose; based on the device file name, tinc will make the right choice -about what protocol to use. +If you have a 2.4-pre kernel, you can choose both the TUN/TAP driver and +the `Ethertap network tap' device. This latter is marked obsolete, +because the universal TUN/TAP driver is a newer implementation that is +supposed to be used in favour of ethertap. For tinc, it doesn't really +matter which one you choose; based on the device file name, tinc will make +the right choice about what protocol to use. However, chances are that +although you can choose the obsolote ethertap driver, it will not function +at all. The TUN/TAP driver is the safe choice. Finally, after having set up other options, build the kernel and boot it. Unfortunately it's not possible to insert these modules in a @@ -733,11 +740,17 @@ probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. -@item @strong{PrivateKey = } +@item PrivateKey = +This is the RSA private key for tinc. However, for safety reasons it is +advised to store private keys of any kind in separate files. This prevents +accidental eavesdropping if you are editting the configuration file. + +@item PrivateKeyFile = This is the full path name of the RSA private key file that was generated by ``tincd --generate-keys''. It must be a full path, not a -relative directory. (NOTE: In version 1.0pre3, this variable was used -to give the key inline. This is no longer supported.) +relative directory. + +Note that exactly @strong{one of the above two options} must be specified. @item TapDevice = (/dev/tap0) The ethertap device to use. Note that you can only use one device per @@ -774,32 +787,36 @@ port port. port may be given in decimal (default), octal (when preceded by a single zero) o hexadecimal (prefixed with 0x). port is the port number for both the UDP and the TCP (meta) connections. -@item PublicKey = +@item PublicKey = +This is the RSA public key for this host. + +@item PublicKeyFile = This is the full path name of the RSA public key file that was generated by ``tincd --generate-keys''. It must be a full path, not a relative -directory. (NOTE: In version 1.0pre3, this variable was used to give -the key inline. This is no longer supported.) +directory. + +Note that exactly @strong{one of the above two options} must be specified +in each host configuration file, if you want to be able to establish a +connection with that host. @item Subnet = This is the subnet range of all IP addresses that will be accepted by -the host that defines it. Please be careful that no two subnets -overlap. Every host @strong{must} have a different range of IP -addresses that it can handle, otherwise you will see messages like -`packet comes back to us'. +the host that defines it. -The range must contain the IP address of the tap device, not the real IP -address of the host running tincd. +The range must be contained in the IP address range of the tap device, +not the real IP address of the host running tincd. maskbits is the number of bits set to 1 in the netmask part; for example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes -/22. +/22. This conforms to standard CIDR notation as described in +@uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519} @item TCPonly = (no) If this variable is set to yes, then the packets are tunnelled over a TCP connection instead of a UDP connection. This is especially useful for those who want to run a tinc daemon from behind a masquerading firewall, or if UDP packet routing is disabled somehow. @emph{This is -experimental code, try this at your own risk.} +experimental code, try this at your own risk. It may not work at all.} @end table @@ -1018,21 +1035,21 @@ to have a different ListenPort. @subsubheading Key files -A, B, C and D all generate a passphrase with genauth 2048, the output is -stored in /etc/tinc/passphrases/local, except for C, where it should be -/etc/tinc/A/passphrases/local. +A, B, C and D all have generate a public key with tincd -K, the output is +stored in /etc/tinc/hosts/X.pub (where X is A, B or D), except for C, +who stored it in /etc/tinc/A/hosts/C.pub. -A stores a copy of B's passphrase in /etc/tinc/passphrases/10.2.1.12 +A stores a copy of B's public key in /etc/tinc/hosts/B.pub -A stores a copy of C's passphrase in /etc/tinc/passphrases/10.3.69.254 +A stores a copy of C's public key in /etc/tinc/hosts/C.pub -B stores a copy of A's passphrase in /etc/tinc/passphrases/10.1.54.1 +B stores a copy of A's public key in /etc/tinc/hosts/A.pub -C stores a copy of A's passphrase in /etc/tinc/A/passphrases/10.1.54.1 +C stores a copy of A's public key in /etc/tinc/A/hosts/A.pub -C stores a copy of D's passphrase in /etc/tinc/A/passphrases/10.4.3.32 +C stores a copy of D's public key in /etc/tinc/A/hosts/D.pub -D stores a copy of C's passphrase in /etc/tinc/passphrases/10.3.69.254 +D stores a copy of C's public key in /etc/tinc/hosts/C.pub @subsubheading Starting @@ -1061,42 +1078,28 @@ project that involves trust relations and more than one computer. @node Managing keys, Runtime options, Running tinc, Running tinc @section Managing keys -Before attempting to start tinc, you have to create passphrases. When -tinc tries to make a connection, it exchanges some sensitive +Before attempting to start tinc, you have to create public/private keypairs. +When tinc tries to make a connection, it exchanges some sensitive data. Before doing so, it likes to know if the other end is trustworthy. To do this, both ends must have some knowledge about the other. In the -case of tinc this is the authentication passphrase. +case of tinc this is the public keys. -This passphrase is a number, which is chosen at random. This number is -then sent to the other computers which want to talk to us directly. To -avoid breaking security, this should be done over a known secure channel -(such as ssh or similar). +To generate a public/private keypair, run `tincd -n vpn-name -K'. + is optional, you can use it to specify the length of the keys. +The length of the public/private keypairs +should be at least 1024 for reasonable security (reasonable being good enough +to keep the NSA busy for a few weeks). -All passphrases are stored in the passphrases directory, which is -normally /etc/tinc/nn/passphrases/, but it may be changed using the -`Passphrases' option in the config file. +Every computer that wants to participate in the VPN should do this. The +public keyfile should get the name of each tinc daemon and an extension .pub, +and it should be stored in the hosts directory. -To generate a passphrase, run `genauth'. genauth takes one argument, -which is the length of the passphrase in bits. The length of the -passphrase should be in the range 1024--2048 for a key length of 128 -bits. genauth creates a random number of the specified length, and puts -it to stdout. - -Every computer that wants to participate in the VPN should do this, and -store the output in the passphrases directory, in the file @file{local}. - -When every computer has his own local key, it should copy it to the -computer that it wants to talk to directly. (i.e. the one it connects to -during startup.) This should be done via a secure channel, because it is -sensitive information. If this is not done securely, someone might break -in on you later on. - -Those non-local passphrase files must have the name of the VPN IP -address that they will advertise to you. For instance, if a computer -tells us it likes to be 10.1.1.3 with netmask 255.255.0.0, the file -should still be called 10.1.1.3, and not 10.1.0.0. +When every computer has his own keys and configuration files, the files in the +hosts directory should be exchanged with each other computer that it wants to +talk to directly. Since only public keys are involved, you can safely do this +via email, telnet or ftp, or even putting the contents on a public billboard. @c ================================================================== @@ -1114,9 +1117,9 @@ generated automatically, so may be more up-to-date. @cindex options @c from the manpage @table @samp -@item -c, --config=FILE -Read configuration options from FILE. The default is -@file{/etc/tinc/nn/tinc.conf}. +@item -c, --config=PATH +Read configuration options from the directory PATH. The default is +@file{/etc/tinc/nn/}. @item -d Increase debug level. The higher it gets, the more gets @@ -1140,10 +1143,11 @@ started it that way. It will then read the PID from @item -n, --net=NETNAME Connect to net NETNAME. @xref{Multiple networks}. -@item -t, --timeout=TIMEOUT -Seconds to wait before giving a timeout. Should not be set too low, -because every time tincd senses a timeout, it disconnects and reconnects -again, which will cause unnecessary network traffic and log messages. +@item -K, --generate-keys[=BITS] +Generate public/private keypair of BITS length. If BITS is not specified, +1024 is the default. tinc will ask where you want to store the files, +but will default to the configuration directory (you can use the -c or -n option +in combination with -K). After that, tinc will quit. @item --help Display a short reminder of these runtime options and terminate. @@ -1177,18 +1181,22 @@ only, so keep an eye on it! @item Packet with destination 1.2.3.4 is looping back to us! @table @bullet -@item Some host has an IP address range that overlaps with yours -Different hosts must have different IP ranges (as given with Subnet in -the host configuration files). tinc relies on this information to route -its data, so each IP address range must have exactly one host -associated. You will only see this message if you specified a debug +@item Something is not configured right. Packets are being sent out to the +tap device, but according to the Subnet directives in your host configuration +file, those packets should go to your own host. Most common mistake is that +you have a Subnet line in your host configuration file with a netmask which is +just as large as the netmask of the tap device. The latter should in almost all +cases be larger. Rethink your configuration. +Note that you will only see this message if you specified a debug level of 5 or higher! @end table @item Network address and subnet mask do not match! @table @bullet -@item The Subnet field must contain a network address -If you only want to use one IP address, set the netmask to /32. +@item The Subnet field must contain a network address. That means that +the lower order bits of the address must be zero. For example, 192.168.1.1/24 +is wrong, you should use 192.168.1.0/24. +@item If you only want to use one IP address, set the netmask to /32. @end table @item This is a bug: net.c:253: 24: Some error @@ -1207,17 +1215,8 @@ even if we built in a default directory to look for these files, the key files are bound to be in a different directory. @end table -@item Error reading RSA key file `fd47...8ceb': No such file or directory -@table @bullet -@item You specified the key here, not a pathname -In version 1.0pre3, you had to put your key here. This has changed, the -keys are now stored in separate files. This means you have to -regenerate these keys. @end table -@end table - - @c ================================================================== @node Technical information, About us, Running tinc, Top @@ -1259,7 +1258,9 @@ field. So when tinc reads an ethernet frame from the device, it determines its type. Right now, tinc can only handle Internet Protocol version 4 (IPv4) -frames. Plans to support other protocols are being made. When tinc knows +frames, because it needs IP headers for routing. +Plans to support other protocols and switching instead of routing are being made. +When tinc knows which type of frame it has read, it can also read the source and destination address from it. @@ -1277,6 +1278,12 @@ When the destination receives this packet, the same thing happens, only in reverse. So it does a decrypt on the contents of the UDP datagram, and it writes the decrypted information to its own ethertap device. +To let the kernel on the receiving end accept the packet, the destination MAC +address must match that of the tap interface. Because of the routing nature +of tinc, ARP is not possible. tinc solves this by always overwriting the +destination MAC address with fe:fd:0:0:0:0. That is also the reason why you must +set the MAC address of your tap interface to that address. + @c ================================================================== @node The Meta-connection, , Protocol Preview, The Connection @@ -1331,12 +1338,10 @@ don't take it too serious. @menu * Key Types:: -* Key Management:: -* Authentication:: @end menu @c ================================================================== -@node Key Types, Key Management, Security, Security +@node Key Types, , Security, Security @subsection Key Types @c FIXME: check if I'm not talking nonsense @@ -1350,85 +1355,17 @@ the private key that matches the public key. So, a public key only allows @emph{other} people to send encrypted messages to you. This is very useful in setting up private communications channels. Just send out your public key and other people can talk to you in a secure way. But how can you know -the other person is who she says she is? +the other person is who she says she is? This is done by sending out an +encrypted challenge that only the person with the right private key can decode +an respond to. -For authentication itself tinc uses symmetric private keypairs, referred -to as a passphrase. The identity of each tinc daemon is defined by it's -passphrase (like you can be identified by your social security number). -Every tinc daemon that is allowed to connect to you has a copy of your -passphrase (hence symmetrical). +However, encryption with public/private keys is very slow. Symmetric key cryptography +is orders of magnitudes faster, but it is very hard to safely exchange the symmetric +keys, since they should be kept private. -It would also be possible to use public/private keypairs for authentication, -so that you could shout out your public key and don't need to keep it -secret (like the passphrase you would have to send to someone else). Also, -no one else has to know a private key from you. -Both forms have their pros and cons, and at the moment tinc just uses passphrases -(which are computationaly more efficient and perhaps in some way more -secure). - -@c ================================================================== -@node Key Management, Authentication, Key Types, Security -@subsection Key Management -@c FIXME change for the current protocol - -@cindex Diffie-Hellman -You can't just send a private encryption key to your peer, because -somebody else might already be listening to you. So you'll have to -negotiate over a shared but secret key. One way to do this is by using -the ``Diffie-Hellman key exchange'' protocol -(@uref{http://www.rsa.com/rsalabs/faq/html/3-6-1.html}). The idea is as -follows. - -You have two participants A and B that want to agree over a shared -secret encryption key. Both parties have some large prime number p and a -generator g. These numbers may be known to the outside world, and hence -may be included in the source distribution. - -@cindex secret key -Both parties then generate a secret key. A generates a, and computes g^a -mod p. This is then sent to B; while B computes g^b mod p, and transmits -this to A, b being generated by B. Both a and b must be smaller than -p-1. - -Both parties then calculate g^ab mod p = k. k is the new, shared, but -still secret key. - -To obtain a key k of a sufficient length (128 bits in our vpnd), p -should be 2^129-1 or more. - - -@c ================================================================== -@node Authentication, , Key Management, Security -@subsection Authentication -@c FIXME: recheck - -@cindex man-in-the-middle attack -Because the Diffie-Hellman protocol is in itself vulnerable to the -``man-in-the-middle attack,'' we should introduce an authentication -system. - -We will let A transmit a passphrase that is also known to B encrypted -with g^a, before A sends this to B. This way, B can check whether A is -really A or just someone else. -B will never receive the real passphrase though, because it was -encrypted using public/private keypairs. This way there is no way an -imposter could steal A's passphrase. - -@cindex passphrase -@c ehrmz... but we only use 1024 bits passphrases ourselves? [guus] -This passphrase should be 2304 bits for a symmetric encryption -system. But since an asymmetric system is more secure, we could do with -2048 bits. This only holds if the passphrase is very random. - -These passphrases could be stored in a file that is non-readable by -anyone else but root; e.g. @file{/etc/tinc/passphrases} with UID 0 -and permissions mode 700. - -The only thing that needs to be taken care of is how A can securely send -a copy of it's passphrase to B if B doesn't have it yet. This could be -done via mail with PGP, but you should be really convinced of the -identity of the person who owns the email address you are sending this to. -Swapping floppy disks in real life might be the best way to do this! +The idea is to use public/private cryptography for authentication, and for +exchanging symmetric keys in a safe way. After that, all communications are encrypted +with the symmetric cipher. @c ================================================================== @@ -1462,11 +1399,11 @@ and join channel #tinc. @item Ivo Timmermans (zarq) (@email{itimmermans@@bigfoot.com}) Main coder/hacker and maintainer of the package. -@item Guus Sliepen (guus) +@item Guus Sliepen (guus) (@email{guus@@sliepen.warande.net}) Originator of it all, co-author. -@item Wessel Dankers (Ubiq) -General obfuscater of the code. +@item Wessel Dankers (Ubiq) (@email{wsl@@nl.linux.org}) +For the name `tinc' and various suggestions. @end table From 8b4bc5b3a7e31c198c001610c99c2993e1612376 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 6 Jan 2001 20:43:03 +0000 Subject: [PATCH 310/923] - Typo. --- doc/tinc.conf.5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 4da55197..9ba15fc8 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -3,7 +3,7 @@ tinc.conf \- tinc daemon configuration .SH "DESCRIPTION" The files in the \fI/etc/tinc\fR directory contain runtime and -security information for the \fBtinc\fR(8) daemon. +security information for the \fBtincd\fR(8) daemon. .PP .SH "NETWORKS" It is perfectly ok for you to run more than one tinc daemon. However, From 049ff67817e0db5afbba30930531d8ea3f7f2d18 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 7 Jan 2001 15:24:52 +0000 Subject: [PATCH 311/923] - Changed list routines to give it the same look'n'feel as the rbl and avl tree library. --- lib/list.c | 250 +++++++++++++++++++++++++++++++---------------------- lib/list.h | 58 ++++++++++--- 2 files changed, 195 insertions(+), 113 deletions(-) diff --git a/lib/list.c b/lib/list.c index f509e216..d317622d 100644 --- a/lib/list.c +++ b/lib/list.c @@ -17,127 +17,175 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.6 2000/11/22 23:09:38 guus Exp $ + $Id: list.c,v 1.1.2.7 2001/01/07 15:24:52 guus Exp $ */ #include "config.h" #include -#include -#include -#include #include - #include -/* - list_new +#include "list.h" - Initialize a new list. -*/ -list_t *list_new(void) +/* (De)constructors */ + +list_t *list_alloc(list_action_t delete) { list_t *list; list = xmalloc_and_zero(sizeof(list_t)); + list->delete = delete; + return list; } -/* - list_delete - - Delete the element pointed to by idx from the list. -*/ -void list_delete(list_t *list, list_node_t *idx) +void list_free(list_t *list) { - if(!list || !idx) - return; - - if(list->callbacks->delete != NULL) - if(list->callbacks->delete(idx->data)) - syslog(LOG_WARNING, _("List callback[delete] failed for %08lx - freeing anyway"), idx->data); - - free(idx->data); - - if(idx->prev == NULL) - /* First element in list */ - { - list->head = idx->next; - } - if(idx->next == NULL) - /* Last element in list */ - { - list->tail = idx->prev; - } - if(idx->prev != NULL && idx->next != NULL) - /* Neither first nor last element */ - { - idx->prev->next = idx->next; - idx->next->prev = idx->prev; - } - if(list->head == NULL) - list->tail = NULL; - else - if(list->tail == NULL) - list->head = NULL; - - free(idx); -} - -/* - list_forall_nodes - - Call function() on each element in the list. If this function - returns non-zero, the element will be removed from the list. -*/ -void list_forall_nodes(list_t *list, int (*function)(void *data)) -{ - list_node_t *p, *next; - int res; - - if(!list) /* no list given */ - return; - if(!function) /* no function given */ - return; - if(!list->head) /* list is empty */ - return; - for(p = list->head; p != NULL; p = next) - { - next = p->next; - res = function(p->data); - if(res != 0) - list_delete(list, p); - } -} - -/* - list_destroy - - Free all datastructures contained in this list. It uses the delete - callback for this list to free each element. -*/ -void list_destroy(list_t *list) -{ - if(!list) - return; -/* list_destroy_nodes(list); */ free(list); } -/* - list_append - - Append a new node to the list that points to data. -*/ -void list_append(list_t *list, void *data) +list_node_t *list_alloc_node(void) { - list_node_t *n; - - n = xmalloc_and_zero(sizeof(list_node_t)); - n->data = data; - n->prev = list->tail; - if(list->tail) - list->tail->next = n; - list->tail = n; + list_node_t *node; + + node = xmalloc_and_zero(sizeof(list_node_t)); + + return node; +} + +void list_free_node(list_t *list, list_node_t *node) +{ + if(node->data && list->delete) + list->delete(node->data); + + free(node->data); +} + +/* Insertion and deletion */ + +list_node_t *list_insert_head(list_t *list, void *data) +{ + list_node_t *node; + + node = list_alloc_node(); + + node->data = data; + node->prev = NULL; + node->next = list->head; + list->head = node; + + if(node->next) + node->next->prev = node; + else + list->tail = node; + + return node; +} + +list_node_t *list_insert_tail(list_t *list, void *data) +{ + list_node_t *node; + + node = list_alloc_node(); + + node->data = data; + node->next = NULL; + node->prev = list->tail; + list->tail = node; + + if(node->prev) + node->prev->next = node; + else + list->head = node; + + return node; +} + +void list_unlink_node(list_t *list, list_node_t *node) +{ + if(node->prev) + node->prev->next = node->next; + else + list->head = node->next; + + if(node->next) + node->next->prev = node->prev; + else + list->tail = node->prev; +} + +void list_delete_node(list_t *list, list_node_t *node) +{ + list_unlink_node(list, node); + list_free_node(list, node); +} + +void list_delete_head(list_t *list) +{ + list_delete_node(list, list->head); +} + +void list_delete_tail(list_t *list) +{ + list_delete_node(list, list->tail); +} + +/* Head/tail lookup */ + +void *list_get_head(list_t *list) +{ + if(list->head) + return list->head->data; + else + return NULL; +} + +void *list_get_tail(list_t *list) +{ + if(list->tail) + return list->tail->data; + else + return NULL; +} + +/* Fast list deletion */ + +void list_delete_list(list_t *list) +{ + list_node_t *node, *next; + + for(node = list->head; node; node = next) + { + next = node->next; + list_free_node(list, node); + } + + list_free(list); +} + +/* Traversing */ + +void list_foreach_node(list_t *list, list_action_node_t action) +{ + list_node_t *node, *next; + + for(node = list->head; node; node = next) + { + next = node->next; + action(node); + } +} + +void list_foreach(list_t *list, list_action_t action) +{ + list_node_t *node, *next; + + for(node = list->head; node; node = next) + { + next = node->next; + if(node->data) + action(node->data); + } } diff --git a/lib/list.h b/lib/list.h index 86e17e62..960a9091 100644 --- a/lib/list.h +++ b/lib/list.h @@ -17,31 +17,65 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.h,v 1.1.2.2 2000/11/16 22:13:09 zarq Exp $ + $Id: list.h,v 1.1.2.3 2001/01/07 15:24:52 guus Exp $ */ #ifndef __TINC_LIST_H__ #define __TINC_LIST_H__ -typedef struct list_callbacks_t { - int (*delete) (void *); -} list_callbacks_t; - -typedef struct list_node_t { - void *data; +typedef struct list_node_t +{ struct list_node_t *prev; struct list_node_t *next; + + /* Payload */ + + void *data; } list_node_t; -typedef struct list_t { +typedef void (*list_action_t) (const void *); +typedef void (*list_action_node_t) (const list_node_t *); + +typedef struct list_t +{ list_node_t *head; list_node_t *tail; - list_callbacks_t *callbacks; + + /* Callbacks */ + + list_action_t delete; } list_t; -extern list_t *list_new(void); -extern void list_append(list_t *, void *); -extern void list_forall_nodes(list_t *, int (*)(void *)); +/* (De)constructors */ +extern list_t *list_alloc(list_action_t); +extern void list_free(list_t *); +extern list_node_t *list_alloc_node(void); +extern void list_free_node(list_t *, list_node_t *); + +/* Insertion and deletion */ + +extern list_node_t *list_insert_head(list_t *, void *); +extern list_node_t *list_insert_tail(list_t *, void *); + +extern void list_unlink_node(list_t *, list_node_t *); +extern void list_delete_node(list_t *, list_node_t *); + +extern void list_delete_head(list_t *); +extern void list_delete_tail(list_t *); + +/* Head/tail lookup */ + +extern void *list_get_head(list_t *); +extern void *list_get_tail(list_t *); + +/* Fast list deletion */ + +extern void list_delete_list(list_t *); + +/* Traversing */ + +extern void list_foreach(list_t *, list_action_t); +extern void list_foreach_node(list_t *, list_action_node_t); #endif /* __TINC_LIST_H__ */ From 07a08f5539f441e66946d1db1711dc584f8621c4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 7 Jan 2001 15:25:49 +0000 Subject: [PATCH 312/923] - Reinstated a queue for outgoing packets. --- src/connection.c | 10 +-- src/connection.h | 11 ++-- src/net.c | 168 ++++++++--------------------------------------- src/net.h | 6 +- src/netutl.c | 24 +------ src/process.c | 3 +- src/process.h | 3 +- src/protocol.c | 5 +- src/route.c | 100 +++++++++++++++++++--------- 9 files changed, 119 insertions(+), 211 deletions(-) diff --git a/src/connection.c b/src/connection.c index 59ff1201..08c165e5 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.7 2001/01/05 23:53:49 guus Exp $ + $Id: connection.c,v 1.1.2.8 2001/01/07 15:25:40 guus Exp $ */ #include "config.h" @@ -26,6 +26,7 @@ #include #include +#include #include "net.h" /* Don't ask. */ #include "netutl.h" @@ -77,6 +78,7 @@ connection_t *new_connection(void) connection_t *p = (connection_t *)xmalloc_and_zero(sizeof(*p)); cp p->subnet_tree = avl_alloc_tree((avl_compare_t)subnet_compare, NULL); + p->queue = list_alloc((list_action_t)free); cp return p; } @@ -84,10 +86,8 @@ cp void free_connection(connection_t *p) { cp - if(p->sq) - destroy_queue(p->sq); - if(p->rq) - destroy_queue(p->rq); + if(p->queue) + list_delete_list(p->queue); if(p->name && p->name!=unknown) free(p->name); if(p->hostname) diff --git a/src/connection.h b/src/connection.h index 195cb1bb..7f742e18 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,13 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.4 2001/01/05 23:53:49 guus Exp $ + $Id: connection.h,v 1.1.2.5 2001/01/07 15:25:41 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ #define __TINC_CONNECTION_H__ #include +#include #include "config.h" @@ -74,16 +75,12 @@ typedef struct connection_t { int socket; /* our udp vpn socket */ int meta_socket; /* our tcp meta socket */ status_bits_t status; /* status info */ - packet_queue_t *sq; /* pending outgoing packets */ - packet_queue_t *rq; /* pending incoming packets (they have no - valid key to be decrypted with) */ - RSA *rsa_key; /* the public/private key */ + RSA *rsa_key; /* the public/private key */ EVP_CIPHER_CTX *cipher_inctx; /* Context of encrypted meta data that will come from him to us */ EVP_CIPHER_CTX *cipher_outctx; /* Context of encrypted meta data that will be sent from us to him */ char *cipher_inkey; /* His symmetric meta key */ char *cipher_outkey; /* Our symmetric meta key */ - EVP_CIPHER *cipher_pkttype; /* Cipher type for encrypted vpn packets */ char *cipher_pktkey; /* Cipher key and iv */ int cipher_pktkeylength; /* Cipher key and iv length*/ @@ -95,6 +92,8 @@ typedef struct connection_t { time_t last_ping_time; /* last time we saw some activity from the other end */ + list_t *queue; /* Queue for packets awaiting to be encrypted */ + char *mychallenge; /* challenge we received from him */ char *hischallenge; /* challenge we sent to him */ diff --git a/src/net.c b/src/net.c index a42ebce4..f22fd728 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.89 2001/01/05 23:53:49 guus Exp $ + $Id: net.c,v 1.35.4.90 2001/01/07 15:25:41 guus Exp $ */ #include "config.h" @@ -72,10 +72,10 @@ #include #include #include +#include #include "conf.h" #include "connection.h" -#include "list.h" #include "meta.h" #include "net.h" #include "netutl.h" @@ -190,129 +190,6 @@ cp return 0; } -/* - add the given packet of size s to the - queue q, be it the send or receive queue -*/ -void add_queue(packet_queue_t **q, void *packet, size_t s) -{ - queue_element_t *e; -cp - e = xmalloc(sizeof(*e)); - e->packet = xmalloc(s); - memcpy(e->packet, packet, s); - - if(!*q) - { - *q = xmalloc(sizeof(**q)); - (*q)->head = (*q)->tail = NULL; - } - - e->next = NULL; /* We insert at the tail */ - - if((*q)->tail) /* Do we have a tail? */ - { - (*q)->tail->next = e; - e->prev = (*q)->tail; - } - else /* No tail -> no head too */ - { - (*q)->head = e; - e->prev = NULL; - } - - (*q)->tail = e; -cp -} - -/* Remove a queue element */ -void del_queue(packet_queue_t **q, queue_element_t *e) -{ -cp - free(e->packet); - - if(e->next) /* There is a successor, so we are not tail */ - { - if(e->prev) /* There is a predecessor, so we are not head */ - { - e->next->prev = e->prev; - e->prev->next = e->next; - } - else /* We are head */ - { - e->next->prev = NULL; - (*q)->head = e->next; - } - } - else /* We are tail (or all alone!) */ - { - if(e->prev) /* We are not alone :) */ - { - e->prev->next = NULL; - (*q)->tail = e->prev; - } - else /* Adieu */ - { - free(*q); - *q = NULL; - } - } - - free(e); -cp -} - -/* - flush a queue by calling function for - each packet, and removing it when that - returned a zero exit code -*/ -void flush_queue(connection_t *cl, packet_queue_t **pq, - int (*function)(connection_t*,vpn_packet_t*)) -{ - queue_element_t *p, *next = NULL; -cp - for(p = (*pq)->head; p != NULL; ) - { - next = p->next; - - if(!function(cl, p->packet)) - del_queue(pq, p); - - p = next; - } - - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Queue flushed")); -cp -} - -/* - flush the send&recv queues - void because nothing goes wrong here, packets - remain in the queue if something goes wrong -*/ -void flush_queues(connection_t *cl) -{ -cp - if(cl->sq) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Flushing send queue for %s (%s)"), - cl->name, cl->hostname); - flush_queue(cl, &(cl->sq), xsend); - } - - if(cl->rq) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Flushing receive queue for %s (%s)"), - cl->name, cl->hostname); - flush_queue(cl, &(cl->rq), xrecv); - } -cp -} - /* send a packet to the given vpn ip. */ @@ -345,39 +222,52 @@ cp return -1; } + if(!cl->status.active) + { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("%s (%s) is not active, dropping packet"), + cl->name, cl->hostname); + + return 0; + } + /* If we ourselves have indirectdata flag set, we should send only to our uplink! */ /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */ if(!cl->status.validkey) { -/* FIXME: Don't queue until everything else is fixed. if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), cl->name, cl->hostname); - add_queue(&(cl->sq), packet, packet->len + 2); -*/ + + list_insert_tail(cl->queue, packet); + if(!cl->status.waitingforkey) send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */ return 0; } - if(!cl->status.active) - { -/* FIXME: Don't queue until everything else is fixed. - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("%s (%s) is not ready, queueing packet"), - cl->name, cl->hostname); - add_queue(&(cl->sq), packet, packet->len + 2); -*/ - return 0; /* We don't want to mess up, do we? */ - } - /* can we send it? can we? can we? huh? */ cp return xsend(cl, packet); } +void flush_queue(connection_t *cl) +{ + list_node_t *node, *next; + + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Flushing queue for %s (%s)"), cl->name, cl->hostname); + + for(node = cl->queue->head; node; node = next) + { + next = node->next; + xsend(cl, (vpn_packet_t *)node->data); + list_delete_node(cl->queue, node); + } +} + /* open the local ethertap device */ diff --git a/src/net.h b/src/net.h index 27ba87c8..5a1609cb 100644 --- a/src/net.h +++ b/src/net.h @@ -16,7 +16,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.24 2000/12/22 21:34:23 guus Exp $ + $Id: net.h,v 1.9.4.25 2001/01/07 15:25:44 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -117,9 +117,7 @@ extern void close_network_connections(void); extern void main_loop(void); extern int setup_vpn_connection(connection_t *); extern void terminate_connection(connection_t *); -extern void flush_queues(connection_t *); -extern void add_queue(packet_queue_t **, void *, size_t); - +extern void flush_queue(connection_t *); #include #ifdef HAVE_OPENSSL_RSA_H diff --git a/src/netutl.c b/src/netutl.c index 7e02ad0d..200f7768 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -1,6 +1,7 @@ /* netutl.c -- some supporting network utility code Copyright (C) 1998,1999,2000 Ivo Timmermans + 2000 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -16,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.16 2000/11/22 18:54:08 guus Exp $ + $Id: netutl.c,v 1.12.4.17 2001/01/07 15:25:44 guus Exp $ */ #include "config.h" @@ -40,27 +41,6 @@ #include "system.h" - -/* - free a queue and all of its elements -*/ -void destroy_queue(packet_queue_t *pq) -{ - queue_element_t *p, *q; -cp - for(p = pq->head; p != NULL; p = q) - { - q = p->next; - if(p->packet) - free(p->packet); - free(p); - } - - free(pq); -cp -} - - char *hostlookup(unsigned long addr) { char *name; diff --git a/src/process.c b/src/process.c index 01ca31e1..22943c22 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.18 2001/01/05 23:53:51 guus Exp $ + $Id: process.c,v 1.1.2.19 2001/01/07 15:25:45 guus Exp $ */ #include "config.h" @@ -35,7 +35,6 @@ #include #include -#include #include #include #include diff --git a/src/process.h b/src/process.h index 751c1014..1f3675d6 100644 --- a/src/process.h +++ b/src/process.h @@ -17,14 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.5 2000/11/24 23:13:06 guus Exp $ + $Id: process.h,v 1.1.2.6 2001/01/07 15:25:45 guus Exp $ */ #ifndef __TINC_PROCESS_H__ #define __TINC_PROCESS_H__ #include "config.h" -#include extern void setup_signals(void); extern int execute_script(const char *); diff --git a/src/protocol.c b/src/protocol.c index 72f8c3d0..12d279a4 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.72 2001/01/06 18:03:40 guus Exp $ + $Id: protocol.c,v 1.28.4.73 2001/01/07 15:25:45 guus Exp $ */ #include "config.h" @@ -35,6 +35,7 @@ #include #include #include +#include #include @@ -1258,6 +1259,8 @@ cp from->status.validkey = 1; from->status.waitingforkey = 0; + + flush_queue(from); cp return 0; } diff --git a/src/route.c b/src/route.c index 8ff2e39c..a11c55ae 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.4 2001/01/05 23:53:53 guus Exp $ + $Id: route.c,v 1.1.2.5 2001/01/07 15:25:49 guus Exp $ */ #include "config.h" @@ -33,7 +33,36 @@ #include "system.h" -int routing_mode = RMODE_ROUTER; /* Will be used to determine if we route by MAC or by payload's protocol */ +int routing_mode = RMODE_ROUTER; + +void learn_mac(connection_t *source, mac_t *address) +{ + connection_t *old; + subnet_t *subnet; +cp + old = lookup_subnet_mac(address)->owner; + + if(!old) + { + subnet = new_subnet(); + subnet->type = SUBNET_MAC; +// subnet->lasttime = gettimeofday(); + memcpy(&subnet->net.mac.address, address, sizeof(mac_t)); + subnet_add(source, subnet); + + if(DEBUG_LVL >= DEBUG_TRAFFIC) + { + syslog(LOG_DEBUG, _("Learned new MAC address %x:%x:%x:%x:%x:%x from %s (%s)"), + address->address.x[0], + address->address.x[1], + address->address.x[2], + address->address.x[3], + address->address.x[4], + address->address.x[5], + cl->name, cl->hostname); + } + } +} connection_t *route_mac(connection_t *source, vpn_packet_t *packet) { @@ -42,17 +71,7 @@ connection_t *route_mac(connection_t *source, vpn_packet_t *packet) cp /* Learn source address */ - oldsrc = lookup_subnet_mac((mac_t *)(&packet->data[0]))->owner; - - if(!oldsrc) - { - subnet = new_subnet(); - subnet->type = SUBNET_MAC; - memcpy(&subnet->net.mac.address, (mac_t *)(&packet->data[0]), sizeof(mac_t)); - subnet_add(source, subnet); - } - - /* FIXME: do ageing and roaming */ + learn_mac(source, (mac_t *)(&packet->data[0])); /* Lookup destination address */ @@ -96,46 +115,67 @@ connection_t *route_ipv6(vpn_packet_t *packet) cp if(debug_lvl > DEBUG_NOTHING) { - syslog(LOG_WARNING, _("Cannot route packet: IPv6 routing not implemented yet")); + syslog(LOG_WARNING, _("Cannot route packet: IPv6 routing not yet implemented")); } cp return NULL; } -connection_t *route_packet(connection_t *source, vpn_packet_t *packet) +void route_outgoing(vpn_packet_t *packet) { unsigned short int type; + avl_tree_t *node; + connection_t *cl; cp /* FIXME: multicast? */ switch(routing_mode) { - case RMODE_HUB: - return broadcast; - - case RMODE_SWITCH: - return route_mac(source, packet); - case RMODE_ROUTER: type = ntohs(*((unsigned short*)(&packet->data[12]))); switch(type) { case 0x0800: - return route_ipv4(packet); + cl = route_ipv4(packet); + break; case 0x86DD: - return route_ipv6(packet); - /* - case 0x8137: - return route_ipx(packet); - case 0x0806: - return route_arp(packet); - */ + cl = route_ipv6(packet); + break; default: if(debug_lvl >= DEBUG_TRAFFIC) { syslog(LOG_WARNING, _("Cannot route packet: unknown type %hx"), type); } - return NULL; + return; } + send_packet(cl, packet); + break; + + case RMODE_SWITCH: + cl = route_mac(packet); + if(cl) + send_packet(cl, packet); + break; + + case RMODE_HUB: + for(node = connection_tree->head; node; node = node->next) + { + cl = (connection_t *)node->data; + if(cl->status.active) + send_packet(cl, packet); + } + break; } } + +void route_incoming(connection_t *source, vpn_packet_t *packet) +{ + switch(routing_mode) + { + case RMODE_SWITCH: + learn_mac(source, &packet->data[0]); + break; + } + + accept_packet(packet); +} From 7109526c6789c73a18bbe6b228ca35f0374c8d36 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 7 Jan 2001 15:27:30 +0000 Subject: [PATCH 313/923] - Added header file for route.c. The routing routines in it are not used yet, but have a look at the source for the ideas behind it. --- src/route.h | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 src/route.h diff --git a/src/route.h b/src/route.h new file mode 100644 index 00000000..0c708ac4 --- /dev/null +++ b/src/route.h @@ -0,0 +1,38 @@ +/* + route.h -- header file for route.c + Copyright (C) 2000 Ivo Timmermans + 2000 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: route.h,v 1.1.2.1 2001/01/07 15:27:30 guus Exp $ +*/ + +#ifndef __TINC_ROUTE_H__ +#define __TINC_ROUTE_H__ + +enum +{ + RMODE_HUB = 0, + RMODE_SWITCH, + RMODE_ROUTER, +}; + +extern int routing_mode; + +extern connection_t *route_incoming(connection_t *, vpn_packet_t *); +extern connection_t *route_outgoing(connection_t *, vpn_packet_t *); + +#endif /* __TINC_ROUTE_H__ */ From 96b6f958bc733c3963dd164caacd42513be47a86 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 7 Jan 2001 17:08:03 +0000 Subject: [PATCH 314/923] - Description of protocol and authentication updated. --- doc/PROTOCOL | 104 +++++++++++++++++++++++++++++++-------------------- doc/SECURITY | 94 +++++++++++++++------------------------------- 2 files changed, 93 insertions(+), 105 deletions(-) diff --git a/doc/PROTOCOL b/doc/PROTOCOL index 8d7007a4..3ceff075 100644 --- a/doc/PROTOCOL +++ b/doc/PROTOCOL @@ -1,7 +1,7 @@ This is the protocol documentation for tinc, a Virtual Private Network daemon. - Copyright 2000 Guus Sliepen , - 2000 Ivo Timmmermans + Copyright 2000,2001 Guus Sliepen , + 2000,2001 Ivo Timmmermans Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this @@ -12,7 +12,7 @@ This is the protocol documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: PROTOCOL,v 1.1.2.3 2000/09/10 15:07:41 zarq Exp $ + $Id: PROTOCOL,v 1.1.2.4 2001/01/07 17:08:02 guus Exp $ 1. Protocols used in tinc @@ -24,28 +24,21 @@ makes TCP connections to other tinc daemons. It uses the "meta protocol" for these connections. To exchange packets on the virtual network, UDP connections are made and the "packet protocol" is used. Tinc also needs to exchange network packets with the kernel. This is -done using the ethertap device in Linux. Also planned is a generic -PPP interface, because it is supported on virtually all UNIX flavours. -The protocols for those interfaces will not be described in this -document. +done using the ethertap device or the universal TUN/TAP device that +can be found in various UNIX flavours. 2. Packet protocol ------------------ Normal packets are sent without any state information, so the layout -is pretty basic. An exception to this are the connections which only -use TCP (configured with the directive `TCPonly=yes'). An explanation -of this type of packet is given in the next chapter, when we explain -the meta protocol. +is pretty basic. A data packet can only be sent if the encryption key is known to both -parties, and the connection is activated. Normally, tinc opens a UDP -connection when it receives an acknowledgement that the newly set up -connection is properly initiated, and has been verified. +parties, and the connection is activated. If the encryption key is not +known, a request is sent to the destination using the meta connection +to retreive it. 0 1 2 3 -| SOURCE IP | -| SEQUENCE ID | | LEN | DATA : \ : DATA . } encrypted . : / @@ -66,32 +59,61 @@ possible to use tools such as telnet or netcat to connect to a tinc daemon and to read and write requests by hand, provided that one understands the numeric codes sent. -When tinc daemons connect to each other, they will have to -authenticate each other first. This is done by exchanging BASIC_INFO, -PASSPHRASE, PUBLIC_KEY and ACK requests. BASIC_INFO requests contain -the virtual address and netmask of the tinc daemon, protocol version, -port number and flags. This identifies that tinc daemon, though it -still has to be verified. To that end, passphrases and public keys are -exchanged. The passphrases are known at both ends, but they are -encrypted with the public key before transmission. This way, nobody -that sniffs the network can see what the passphrase actually was, and -at the same time this ensures that the other host really knows the -secret key that belongs to the public key it sends. If both hosts are -satisfied, the connection is activated, the contents of each other's -connection lists are exchanged and other requests may be sent. The -following diagram shows how authentication is done: +The authentication scheme is described in the SECURITY file. After a +succesful authentication, the server and the client will exchange all the +information about other tinc daemons and subnets they know of, so that both +sides (and all the other tinc daemons behind them) have their information +synchronised. -Client Server ----------------------------------------------------------------- +daemon message +-------------------------------------------------------------------------- +origin ADD_HOST daemon a329e18c:655 0 + | | +--> options + | +---------> real address:port + +-------------------> name of new tinc daemon +origin ADD_SUBNET daemon 1,0a010100/ffffff00 + | | | +--> netmask + | | +----------> vpn IPv4 network address + | +----------------> subnet type (1=IPv4) + +--------------------> owner of this subnet +-------------------------------------------------------------------------- +In case daemons leave the VPN, DEL_HOST and DEL_SUBNET messages with exactly +the same syntax are sent to inform the other daemons of the departure. ----------------------------------------------------------------- +The keys used to encrypt VPN packets are not sent out directly. This is +because it would generate a lot of traffic on VPNs with many daemons, and +chances are that not every tinc daemon will ever send a packet to every +other daemon. Instead, if a daemon needs a key it sends a request for it +via the meta connection of the nearest hop in the direction of the +destination. If any hop on the way has already learned the key, it will +act as a proxy and forward it's copy back to the requestor. -The client must never make a connection to a server that is already in -it's connection list. Not only would it corrupt the connection list, -but it would also violate the tree property. The meta connections must -always be so that there are no loops. This is very important, because -certain requests are broadcast over the entire network of tinc -daemons. If there were loops in the network topology, some packets -would be forwarded in a ring until the end of times (or until the ring -breaks, which probably happens before time ends). +daemon message +-------------------------------------------------------------------------- +daemon REQ_KEY origin destination + | +--> name of the tinc daemon it wants the key from + +----------> name of the daemon that wants the key +daemon ANS_KEY origin destination e4ae0b0a82d6e0078179b5290c62c7d0 + | | \______________________________/ + | | +--> 128 bits key + | +--> name of the daemon that wants the key + +----------> name of the daemon that uses this key +daemon KEY_CHANGED origin + +--> daemon that has changed it's packet key +-------------------------------------------------------------------------- + +There is also a mechanism to check if hosts are still alive. Since network +failures or a crash can cause a daemon to be killed without properly +shutting down the TCP connection, this is necessary to keep an up to date +connection list. Pings are sent at regular intervals, except when there +is also some other traffic. + +daemon message +-------------------------------------------------------------------------- +origin PING +dest. PONG +-------------------------------------------------------------------------- + +This basically covers everything that is sent over the meta connection by +tinc. diff --git a/doc/SECURITY b/doc/SECURITY index 5dce6397..670135c7 100644 --- a/doc/SECURITY +++ b/doc/SECURITY @@ -1,7 +1,7 @@ This is the security documentation for tinc, a Virtual Private Network daemon. - Copyright 2000 Guus Sliepen , - 2000 Ivo Timmmermans + Copyright 2000,2001 Guus Sliepen , + 2000,2001 Ivo Timmmermans Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this @@ -12,7 +12,7 @@ This is the security documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: SECURITY,v 1.1.2.3 2000/09/25 20:08:50 guus Exp $ + $Id: SECURITY,v 1.1.2.4 2001/01/07 17:08:03 guus Exp $ 1. Authentication @@ -27,10 +27,8 @@ The authentication protocol (see protocol.c for the up-to-date version) is: send_id(u) send_challenge(R) send_chal_reply(H) - --------------------------------------- - Any negotations about the meta protocol - encryption go here(u). - --------------------------------------- + send_metakey(R) + send_metakey(R) send_ack(u) send_ack(u) --------------------------------------- @@ -76,49 +74,6 @@ made, both sides have to agree on a key for this block cipher. To make sure that this key exchange is also done securely, and no man-in-the-middle attack is possible, RSA would be the best choice for exchanging keys. -Instead of doing RSA encryption again, tinc will use a part of the random -string that was exchanged during the authentication phase as the key for the -symmetric cipher. Some symmetric ciphers require a random initialisation vector -for improved security. This vector can be taken from the random string as well. - -Is this secure? I (Guus Sliepen) think at this moment that it is: - -- Since the random string cannot be decrypted by anyone eavesdropping or - playing man-in-the-middle, the symmetric key cannot be known by sniffing. -- The unencrypted returned hash value is supposed to be cryptographically - secure. Furthermore, it can only at most give a way 160 bits of information - from the complete random string which is longer than the key for the - symmetric cipher, so very few bits will actualy contain information about - the symmetric cipher key alone, if any. -- If the RSA encryption is cracked, the rest of the communications can be - decrypted anyway. -- If the symmetric cipher encryption is cracked without using the information - from the encrypted random strings or the hash values, this still won't give - the full plaintext for the random string, so it won't facilitate a known- - plaintext attack on the RSA encryption. -- RSA and symmetric ciphers are fundamentally different. It is very unlikely - that the overlap of both will create any interference that will facilitate - an easier-than-brute-force attack. - -Other options for key exchange could be: - -* A second exchange of RSA encrypted random strings. - This is equal to the former scheme just without knowing the hash value of - the unecrypted random string. Information theory tells that two seperate - RSA messages are as secure as one if the total amount of bits sent is the - same, so enlarging the challenge will make one exchange just as secure as - two seperate exchanges. - -* Diffie-Hellman with RSA signing. - This should be very secure, but there are a lot of pitfalls with using both - encryption with public keys and private keys together with the same keypair. - -* Diffie-Hellman with passphrases. - This is what tinc <= 1.0pre2 used to do. Passphrases are secret, exchanging - them must be done with great care, nobody may eavesdrop. Exchanging public - keys on the other hand is much safer, everybody may eavesdrop, just as long - as you are sure that the public key itself belongs to the right owner. - 3. Symmetric cipher -------------------- @@ -136,8 +91,9 @@ connections) and a client (a tinc daemon that is trying to connect to the tinc daemon playing server). The message strings here are kept short for clarity. The real length of the -exchanged messages is indicated. The capital words ID, CHALLENGE, CHAL_REPLY -and ACK are in reality replaced by the numbers 1, 2, 3 and 4 respectively. +exchanged messages is indicated. The capital words ID, CHALLENGE, CHAL_REPLY, +META_KEY and ACK are in reality replaced by the numbers 0, 1, 2, 3 and 4 +respectively. daemon message -------------------------------------------------------------------------- @@ -149,12 +105,8 @@ client ID client 8 0 | +---> version +-------> name of tinc daemon server CHALLENGE 57fb4b2ccd70d6bb35a64c142f47e61d - \________/\__/ - | +----> 64 bits initial vector and - +-----------> 448 bits symmetric cipher key for meta - data sent to the server \______________________________/ - +-> 2048 bits totally random string, encrypted + +-> KEYLENGTH bits totally random string, encrypted with client's public RSA key client CHAL_REPLY 191e23 +-> 160 bits SHA1 value of the complete decrypted @@ -164,22 +116,36 @@ server ID server 8 0 | +---> version +-------> name of tinc daemon client CHALLENGE da02add1817c1920989ba6ae2a49cecb - \________/\__/ - | +----> 64 bits initial vector and - +-----------> 448 bits symmetric cipher key for meta - data sent to the client \______________________________/ - +-> 2048 bits totally random string, encrypted + +-> KEYLENGTH bits totally random string, encrypted with server's public RSA key server CHAL_REPLY 2bdeed +-> 160 bits SHA1 value of the complete decrypted CHALLENGE sent by the client +client META_KEY 5f0823a93e35b69e7086ec7866ce582b + \______________________________/ + +-> KEYLENGTH bits totally random string, encrypted + with server's public RSA key +server META_KEY 6ab9c1640388f8f045d1a07f8a672630 + \______________________________/ + +-> KEYLENGTH bits totally random string, encrypted + with client's public RSA key client ACK server ACK -------------------------------------------------------------------------- When the server receives the ACK from the client, it should prepare itself for the fact that any subsequent data will be encrypted with the key the server -sent itself in the CHALLENGE. Ofcourse, this key is taken from the decrypted -version of that CHALLENGE, so that we will know for sure only the real client +sent itself in the META_KEY. Ofcourse, this key is taken from the decrypted +version of that META_KEY, so that we will know for sure only the real client can send us messages. The same goes for the client when it receives an ACK. + +5. Encryption of VPN packets +----------------------------- + +The VPN packets are also encrypted, but with a different key than the one used +for the meta connection. The reason is that VPN packets can also come from +other clients which do not have a meta connection with server. Each tinc daemon +propagates (on request) a separate key for packets that it receives. This key +is a random string, generated on the fly. Since it is exchanged using the meta +connection, this key itself will be encrypted. From d3f889c8076dff9c00ebfe1459cb36425f8da41d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 7 Jan 2001 17:09:07 +0000 Subject: [PATCH 315/923] - It's 2001, all copyright notices are updated. --- README | 12 +- THANKS | 4 +- TODO | 10 +- doc/tinc.texi | 10 +- lib/avl_tree.c | 8 +- lib/avl_tree.h | 8 +- lib/dropin.c | 6 +- lib/dropin.h | 6 +- lib/list.c | 6 +- lib/list.h | 6 +- lib/utils.c | 4 +- lib/utils.h | 4 +- po/es.po | 354 ++++++++++++++++++++++++----------------------- po/nl.po | 352 +++++++++++++++++++++++----------------------- src/conf.c | 8 +- src/conf.h | 6 +- src/connection.c | 6 +- src/connection.h | 6 +- src/meta.c | 6 +- src/meta.h | 6 +- src/net.c | 6 +- src/net.h | 5 +- src/netutl.c | 6 +- src/netutl.h | 7 +- src/process.c | 6 +- src/process.h | 6 +- src/protocol.c | 6 +- src/protocol.h | 6 +- src/route.c | 6 +- src/route.h | 6 +- src/subnet.c | 6 +- src/subnet.h | 6 +- src/tincd.c | 8 +- 33 files changed, 463 insertions(+), 445 deletions(-) diff --git a/README b/README index 195946b9..70d76f54 100644 --- a/README +++ b/README @@ -1,9 +1,13 @@ -This is the README file for tinc version 1.0pre3. Installation +This is the README file for tinc version 1.0pre4. Installation instructions may be found in the INSTALL file. -tinc is Copyright (C) 1998,1999,2000 Ivo Timmermans -, Guus Sliepen and -others. For a complete list of authors see the AUTHORS file. +tinc is Copyright (C) 1998-2001 by: + +Ivo Timmermans , +Guus Sliepen , +and others. + +For a complete list of authors see the AUTHORS file. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/THANKS b/THANKS index 10b7e025..ed275bfc 100644 --- a/THANKS +++ b/THANKS @@ -19,5 +19,5 @@ We would like to thank for their help, support and ideas. Thank you guys! -And especially Guus Sliepen, for starting this whole project... - +Ivo Timmermans +Guus Sliepen diff --git a/TODO b/TODO index 7d3669d3..6800c038 100644 --- a/TODO +++ b/TODO @@ -3,18 +3,18 @@ TODO LIST Goals for 1.0 release: * Check Solaris port -* Check different linux architectures (x86, alpha done) +* Check different linux architectures (x86, alpha and sparc32 done) * Store private key in a separate file (done, 1 dec 2000) -* Sanity checks on configuration directory -* Use efficient tree algorithms instead of linked lists (largely done) -* Reenable queues for delayed packets +* Sanity checks on configuration directory (mostly done) +* Use efficient tree algorithms instead of linked lists (done) +* Reenable queues for delayed packets (done) * Merge documentation files (SECURITY, INSTALL, PROTOCOL) into tinc.texi Goals for future releases: * Compression -* Routing by MAC (allows for more than only IPv4) +* Routing by MAC/switching (allows for more than only IPv4) * Broadcast/multicast * Windowing, chaffing, scattering, background noise * ABC protocol (superscalabilty) diff --git a/doc/tinc.texi b/doc/tinc.texi index 7fdf1de9..32ebec3e 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.11 2001/01/06 20:02:21 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -13,11 +13,11 @@ This is the info manual for tinc, a Virtual Private Network daemon. -Copyright @copyright{} 1998,199,2000 Ivo Timmermans +Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.11 2001/01/06 20:02:21 guus Exp $ +$Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -38,11 +38,11 @@ permission notice identical to this one. @page @vskip 0pt plus 1filll @cindex copyright -Copyright @copyright{} 1998,1999,2000 Ivo Timmermans +Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.11 2001/01/06 20:02:21 guus Exp $ +$Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are diff --git a/lib/avl_tree.c b/lib/avl_tree.c index 79bf2dc0..34ce2a33 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -1,9 +1,9 @@ /* avl_tree.c -- avl_ tree and linked list convenience Copyright (C) 1998 Michael H. Buselli - 2000 Ivo Timmermans , - 2000 Guus Sliepen - 2000 Wessel Dankers + 2000,2001 Ivo Timmermans , + 2000,2001 Guus Sliepen + 2000,2001 Wessel Dankers This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.2 2001/01/06 18:21:17 guus Exp $ + $Id: avl_tree.c,v 1.1.2.3 2001/01/07 17:08:49 guus Exp $ */ #include diff --git a/lib/avl_tree.h b/lib/avl_tree.h index 430eeb51..49bca181 100644 --- a/lib/avl_tree.h +++ b/lib/avl_tree.h @@ -1,9 +1,9 @@ /* avl_tree.h -- header file for avl_tree.c Copyright (C) 1998 Michael H. Buselli - 2000 Ivo Timmermans , - 2000 Guus Sliepen - 2000 Wessel Dankers + 2000,2001 Ivo Timmermans , + 2000,2001 Guus Sliepen + 2000,2001 Wessel Dankers This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org) by Guus Sliepen . - $Id: avl_tree.h,v 1.1.2.2 2001/01/06 18:21:17 guus Exp $ + $Id: avl_tree.h,v 1.1.2.3 2001/01/07 17:08:49 guus Exp $ */ diff --git a/lib/dropin.c b/lib/dropin.c index 5f4fcebd..518a175d 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -1,7 +1,7 @@ /* dropin.c -- a set of drop-in replacements for libc functions - Copyright (C) 2000 Ivo Timmermans , - 2000 Guus Sliepen + Copyright (C) 2000,2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.2 2000/11/29 00:33:15 zarq Exp $ + $Id: dropin.c,v 1.1.2.3 2001/01/07 17:08:49 guus Exp $ */ #include "config.h" diff --git a/lib/dropin.h b/lib/dropin.h index 90b24714..9874ca6d 100644 --- a/lib/dropin.h +++ b/lib/dropin.h @@ -1,7 +1,7 @@ /* dropin.h -- header file for dropin.c - Copyright (C) 2000 Ivo Timmermans , - 2000 Guus Sliepen + Copyright (C) 2000,2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.h,v 1.1.2.2 2000/11/29 00:33:15 zarq Exp $ + $Id: dropin.h,v 1.1.2.3 2001/01/07 17:08:49 guus Exp $ */ #ifndef __DROPIN_H__ diff --git a/lib/list.c b/lib/list.c index d317622d..bcee3858 100644 --- a/lib/list.c +++ b/lib/list.c @@ -1,7 +1,7 @@ /* list.c -- functions to deal with double linked lists - Copyright (C) 2000 Ivo Timmermans - 2000 Guus Sliepen + Copyright (C) 2000,2001 Ivo Timmermans + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.7 2001/01/07 15:24:52 guus Exp $ + $Id: list.c,v 1.1.2.8 2001/01/07 17:08:49 guus Exp $ */ #include "config.h" diff --git a/lib/list.h b/lib/list.h index 960a9091..b62ab992 100644 --- a/lib/list.h +++ b/lib/list.h @@ -1,7 +1,7 @@ /* list.h -- header file for list.c - Copyright (C) 2000 Ivo Timmermans - 2000 Guus Sliepen + Copyright (C) 2000,2001 Ivo Timmermans + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.h,v 1.1.2.3 2001/01/07 15:24:52 guus Exp $ + $Id: list.h,v 1.1.2.4 2001/01/07 17:08:50 guus Exp $ */ #ifndef __TINC_LIST_H__ diff --git a/lib/utils.c b/lib/utils.c index be3126dc..26d3b498 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -1,7 +1,7 @@ /* utils.c -- gathering of some stupid small functions - Copyright (C) 1999,2000 Ivo Timmermans - 2000 Guus Sliepen + Copyright (C) 1999-2001 Ivo Timmermans + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/lib/utils.h b/lib/utils.h index 2507e7d3..0b79bfae 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -1,7 +1,7 @@ /* utils.h -- header file for utils.c - Copyright (C) 1999,2000 Ivo Timmermans - 2000 Guus Sliepen + Copyright (C) 1999-2001 Ivo Timmermans + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/po/es.po b/po/es.po index 87cd1ae1..43ef2b61 100644 --- a/po/es.po +++ b/po/es.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2001-01-06 17:41+0100\n" +"POT-Creation-Date: 2001-01-07 18:02+0100\n" "PO-Revision-Date: 2000-11-26 15:20+0000\n" "Last-Translator: Enrique Zanardi \n" "Language-Team: Spanish \n" @@ -42,49 +42,54 @@ msgstr "" msgid "Failed to read `%s': %m" msgstr "" -#: src/conf.c:361 src/conf.c:384 src/conf.c:404 -#, fuzzy, c-format -msgid "Couldn't stat `%s': %m" -msgstr "No pude abrir %s: %m" - -#: src/conf.c:376 +#: src/conf.c:375 #, c-format msgid "`%s' is not an absolute path" msgstr "" -#: src/conf.c:390 src/conf.c:412 +#: src/conf.c:391 src/conf.c:424 +#, fuzzy, c-format +msgid "Couldn't stat `%s': %m" +msgstr "No pude abrir %s: %m" + +#: src/conf.c:398 src/conf.c:434 #, c-format msgid "`%s' is owned by UID %d instead of %d" msgstr "" -#: src/conf.c:396 src/conf.c:418 +#: src/conf.c:405 src/conf.c:441 #, c-format msgid "Warning: `%s' is a symlink" msgstr "" +#: src/conf.c:410 src/conf.c:446 +#, c-format +msgid "Unable to read symbolic link `%s': %m" +msgstr "" + #. Accessible by others -#: src/conf.c:425 +#: src/conf.c:457 #, c-format msgid "`%s' has unsecure permissions" msgstr "" #. Ask for a file and/or directory name. -#: src/conf.c:451 +#: src/conf.c:482 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "" -#: src/conf.c:457 +#: src/conf.c:488 #, fuzzy, c-format msgid "Error while reading stdin: %m\n" msgstr "Error leyendo del dispositivo tap: %m" -#: src/conf.c:496 +#: src/conf.c:514 #, fuzzy, c-format msgid "Error opening file `%s': %m\n" msgstr "Error buscando `%s': %m" -#: src/conf.c:506 +#: src/conf.c:524 #, c-format msgid "" "The file `%s' (or any of the leading directories) has unsafe permissions.\n" @@ -116,7 +121,7 @@ msgstr "Enviando paquete de %d bytes a %s (%s)" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/meta.c:100 src/net.c:1101 +#: src/meta.c:100 src/net.c:991 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Esto es un `bug': %s:%d: %d:%m %s (%s)" @@ -171,590 +176,592 @@ msgstr "No puedo escribir en el dispositivo tap: %m" msgid "Can't write to ethertap device: %m" msgstr "No puedo escribir en el dispositivo tap: %m" -#: src/net.c:286 -msgid "Queue flushed" -msgstr "Cola vaciada" - -#: src/net.c:301 -#, c-format -msgid "Flushing send queue for %s (%s)" -msgstr "Vaciando la cola de envíos para %s (%s)" - -#: src/net.c:309 -#, c-format -msgid "Flushing receive queue for %s (%s)" -msgstr "Vaciando la cola de recepción para %s (%s)" - -#: src/net.c:328 +#: src/net.c:205 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "¡Error intentando buscar %d.%d.%d.%d en la lista de conexiones!" -#: src/net.c:341 +#: src/net.c:218 #, c-format msgid "Packet with destination %d.%d.%d.%d is looping back to us!" msgstr "" -#: src/net.c:417 +#: src/net.c:228 +#, fuzzy, c-format +msgid "%s (%s) is not active, dropping packet" +msgstr "%s (%s) no está listo, poniendo el paquete en cola" + +#: src/net.c:241 +#, c-format +msgid "No valid key known yet for %s (%s), queueing packet" +msgstr "" +"No conozco ninguna clave válida para %s (%s) aún, pongo el paquete en cola" + +#: src/net.c:261 +#, fuzzy, c-format +msgid "Flushing queue for %s (%s)" +msgstr "Vaciando la cola de envíos para %s (%s)" + +#: src/net.c:307 #, c-format msgid "Could not open %s: %m" msgstr "No pude abrir %s: %m" -#: src/net.c:446 +#: src/net.c:336 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s es un dispositivo tun/tap del nuevo estilo" -#: src/net.c:471 +#: src/net.c:361 #, c-format msgid "Creating metasocket failed: %m" msgstr "Fallo al crear el metasocket: %m" -#: src/net.c:478 src/net.c:486 src/net.c:495 src/net.c:529 src/net.c:557 -#: src/net.c:566 src/net.c:620 src/net.c:1059 src/net.c:1068 src/net.c:1126 +#: src/net.c:368 src/net.c:376 src/net.c:385 src/net.c:419 src/net.c:447 +#: src/net.c:456 src/net.c:510 src/net.c:949 src/net.c:958 src/net.c:1016 #, c-format msgid "System call `%s' failed: %m" msgstr "" -#: src/net.c:505 +#: src/net.c:395 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "No puedo enlazar (bind) el `socket' de escucha a la interfaz %s: %m" -#: src/net.c:522 +#: src/net.c:412 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "No puedo enlazar (bind) al puerto %hd/tcp: %m" -#: src/net.c:550 +#: src/net.c:440 #, c-format msgid "Creating socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:579 src/net.c:1081 +#: src/net.c:469 src/net.c:971 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "No puedo enlazar (bind) al puerto %hd/udp: %m" -#: src/net.c:596 +#: src/net.c:486 #, c-format msgid "Trying to connect to %s" msgstr "Intentando conectar con %s" -#: src/net.c:606 +#: src/net.c:496 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Error al crear el `socket' para %s puerto %d: %m" -#: src/net.c:631 +#: src/net.c:521 #, c-format msgid "%s port %hd: %m" msgstr "%s puerto %hd: %m" -#: src/net.c:639 +#: src/net.c:529 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl() para %s puerto %d: %m" -#: src/net.c:645 +#: src/net.c:535 #, c-format msgid "Connected to %s port %hd" msgstr "Conectado a %s puerto %hd" -#: src/net.c:664 +#: src/net.c:554 msgid "Invalid name for outgoing connection" msgstr "Nombre no válido para conexión saliente" -#: src/net.c:673 +#: src/net.c:563 #, c-format msgid "Error reading host configuration file for %s" msgstr "Error leyendo el fichero de configuración del `host' para %s" -#: src/net.c:680 +#: src/net.c:570 #, c-format msgid "No address specified for %s" msgstr "No se especificó dirección para %s" -#: src/net.c:687 +#: src/net.c:577 #, c-format msgid "Error looking up `%s': %m" msgstr "Error buscando `%s': %m" -#: src/net.c:697 +#: src/net.c:587 #, c-format msgid "Could not set up a meta connection to %s" msgstr "No he podido configurar una meta conexión a %s" -#: src/net.c:735 +#: src/net.c:625 #, fuzzy, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/net.c:743 +#: src/net.c:633 #, fuzzy, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Error recibiendo paquete: %m" -#: src/net.c:753 +#: src/net.c:643 #, c-format msgid "No public key for %s specified!" msgstr "" -#: src/net.c:778 +#: src/net.c:668 #, fuzzy, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/net.c:786 +#: src/net.c:676 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "" -#: src/net.c:793 +#: src/net.c:683 #, fuzzy msgid "No private key for tinc daemon specified!" msgstr "¡Se requiere un nombre para el demonio tinc!" -#: src/net.c:817 +#: src/net.c:707 msgid "Name for tinc daemon required!" msgstr "¡Se requiere un nombre para el demonio tinc!" -#: src/net.c:825 +#: src/net.c:715 msgid "Invalid name for myself!" msgstr "¡Nombre no válido para mí!" -#: src/net.c:834 +#: src/net.c:724 msgid "Cannot open host configuration file for myself!" msgstr "¡No puedo abrir el fichero de configuración de `host' para mí!" -#: src/net.c:875 +#: src/net.c:765 msgid "Network address and subnet mask do not match!" msgstr "" -#: src/net.c:884 +#: src/net.c:774 #, fuzzy msgid "Unable to set up a listening TCP socket!" msgstr "¡No puedo configurar un `socket' a la escucha!" -#: src/net.c:890 +#: src/net.c:780 #, fuzzy msgid "Unable to set up a listening UDP socket!" msgstr "¡No puedo configurar un `socket' a la escucha!" -#: src/net.c:914 +#: src/net.c:804 #, c-format msgid "Ready: listening on port %hd" msgstr "Listo: escuchando en el puerto %hd" -#: src/net.c:946 +#: src/net.c:836 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Sigo sin poder conectar con el otro, lo reintentaré en %d segundos." -#: src/net.c:997 +#: src/net.c:887 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Intento re-establecer la conexión saliente en %d segundos" -#: src/net.c:1047 +#: src/net.c:937 #, c-format msgid "Opening UDP socket to %s" msgstr "Abriendo `socket' UDP a %s" -#: src/net.c:1052 +#: src/net.c:942 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Error al crear el `socket' UDP: %m" -#: src/net.c:1092 +#: src/net.c:982 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Error al conectar a %s puerto %d: %m" -#: src/net.c:1142 +#: src/net.c:1032 #, c-format msgid "Connection from %s port %d" msgstr "Conexión desde %s puerto %d" -#: src/net.c:1190 +#: src/net.c:1080 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Esto es un `bug': %s:%d: %d:%m" -#: src/net.c:1196 +#: src/net.c:1086 #, c-format msgid "Incoming data socket error: %s" msgstr "Error en el `socket' de recepción de datos: %s" -#: src/net.c:1202 +#: src/net.c:1092 #, c-format msgid "Receiving packet failed: %m" msgstr "Error recibiendo paquete: %m" -#: src/net.c:1210 +#: src/net.c:1100 #, c-format msgid "Received UDP packets on port %hd from unknown source %x:%hd" msgstr "" -#: src/net.c:1216 +#: src/net.c:1106 #, fuzzy, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Enviando paquete de %d bytes a %s (%s)" -#: src/net.c:1240 +#: src/net.c:1130 #, c-format msgid "Closing connection with %s (%s)" msgstr "Cerrando conexión con %s (%s)" -#: src/net.c:1285 +#: src/net.c:1175 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:1320 +#: src/net.c:1210 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) no respondió al PING" -#: src/net.c:1347 +#: src/net.c:1237 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Error al aceptar una nueva conexión: %m" -#: src/net.c:1355 +#: src/net.c:1245 msgid "Closed attempted connection" msgstr "Se ha cerrado la conexión que se intentaba realizar." -#: src/net.c:1410 +#: src/net.c:1300 #, fuzzy, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1419 +#: src/net.c:1309 #, fuzzy, c-format msgid "Error while reading from ethertap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1430 +#: src/net.c:1320 msgid "Received short packet from tap device" msgstr "" -#: src/net.c:1436 +#: src/net.c:1326 #, c-format msgid "Read packet of length %d from tap device" msgstr "" -#: src/net.c:1468 +#: src/net.c:1358 #, c-format msgid "Error while waiting for input: %m" msgstr "Error esperando entrada: %m" -#: src/net.c:1475 +#: src/net.c:1365 #, fuzzy msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." -#: src/net.c:1482 +#: src/net.c:1372 #, fuzzy msgid "Unable to reread configuration file, exiting" msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." -#: src/net.c:1508 +#: src/net.c:1398 #, fuzzy msgid "Regenerating symmetric key" msgstr "Generando claves de %d bits" -#: src/netutl.c:115 +#: src/netutl.c:95 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Error buscando `%s': %s\n" -#: src/protocol.c:101 +#: src/protocol.c:102 #, c-format msgid "Output buffer overflow while sending %s to %s (%s)" msgstr "Desbordamiento del bufer de salida mientras enviaba %s a %s (%s)" -#: src/protocol.c:108 +#: src/protocol.c:109 #, c-format msgid "Sending %s to %s (%s)" msgstr "Enviando %s a %s (%s)" -#: src/protocol.c:122 +#: src/protocol.c:123 #, c-format msgid "Unknown request from %s (%s)" msgstr "Petición desconocida desde %s (%s)" -#: src/protocol.c:129 +#: src/protocol.c:130 #, c-format msgid "Got %s from %s (%s)" msgstr "He recibido %s desde %s (%s)" -#: src/protocol.c:135 +#: src/protocol.c:136 #, fuzzy, c-format msgid "Unauthorized request from %s (%s)" msgstr "Petición desconocida desde %s (%s)" -#: src/protocol.c:142 +#: src/protocol.c:143 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Error al procesar %s desde %s (%s)" -#: src/protocol.c:149 +#: src/protocol.c:150 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Se han recibido datos sin sentido desde %s (%s)." -#: src/protocol.c:203 +#: src/protocol.c:204 #, c-format msgid "Got bad ID from %s" msgstr "Recibí una ID incorrecta desde %s" -#: src/protocol.c:211 +#: src/protocol.c:212 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "La máquina remota %s (%s) usa una versión (%d) incompatible." -#: src/protocol.c:220 +#: src/protocol.c:221 #, c-format msgid "Peer %s uses invalid identity name" msgstr "La máquina remota %s usa un nombre de identidad no válido" -#: src/protocol.c:232 +#: src/protocol.c:233 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "La máquina remota %s tiene una identidad desconocida (%s)" -#: src/protocol.c:246 +#: src/protocol.c:247 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "El enlace %s (%s) ya está en nuestra lista de conexiones." -#: src/protocol.c:299 +#: src/protocol.c:300 #, c-format msgid "Generated random challenge (unencrypted): %s" msgstr "" -#: src/protocol.c:306 src/protocol.c:359 +#: src/protocol.c:307 src/protocol.c:360 #, fuzzy, c-format msgid "Error during encryption of challenge for %s (%s)" msgstr "Error leyendo el fichero de configuración del `host' para %s" -#: src/protocol.c:332 +#: src/protocol.c:333 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Recibí CHALLENGE incorrecta desde %s (%s)" -#: src/protocol.c:342 +#: src/protocol.c:343 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" -#: src/protocol.c:367 +#: src/protocol.c:368 #, c-format msgid "Received random challenge (unencrypted): %s" msgstr "" -#: src/protocol.c:381 +#: src/protocol.c:382 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Intento enviar CHAL_REPLY a %s (%s) sin un CHALLENGE válido" -#: src/protocol.c:412 +#: src/protocol.c:413 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Recibí CHAL_REPLY incorrecta desde %s (%s)" -#: src/protocol.c:420 +#: src/protocol.c:421 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Intruso: longitud de respuesta de desafío incorrecta desde %s (%s)" -#: src/protocol.c:436 +#: src/protocol.c:437 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Intruso: respuesta de desafío incorrecta desde %s (%s)" -#: src/protocol.c:441 +#: src/protocol.c:442 #, c-format msgid "Expected challenge reply: %s" msgstr "" -#: src/protocol.c:485 +#: src/protocol.c:486 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "" -#: src/protocol.c:492 src/protocol.c:554 +#: src/protocol.c:493 src/protocol.c:555 #, fuzzy, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Error enviando paquete a %s (%s): %m" -#: src/protocol.c:524 +#: src/protocol.c:525 #, fuzzy, c-format msgid "Got bad METAKEY from %s (%s)" msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" -#: src/protocol.c:534 +#: src/protocol.c:535 #, fuzzy, c-format msgid "Intruder: wrong meta key length from %s (%s)" msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" -#: src/protocol.c:562 +#: src/protocol.c:563 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "" -#: src/protocol.c:601 +#: src/protocol.c:602 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Eliminando el registro viejo para %s en %s en favor de la nueva conexión " "desde %s" -#: src/protocol.c:617 +#: src/protocol.c:618 #, c-format msgid "Connection with %s (%s) activated" msgstr "Activada la conexión con %s (%s)." -#: src/protocol.c:682 +#: src/protocol.c:683 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s)" -#: src/protocol.c:690 +#: src/protocol.c:691 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "" "Recibí ADD_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:698 +#: src/protocol.c:699 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s): cadena de subred no válida" -#: src/protocol.c:706 +#: src/protocol.c:707 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "" "Aviso: recibí ADD_SUBNET desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:716 +#: src/protocol.c:717 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Recibí ADD_SUBNET para %s desde %s (%s) que no está en nuestra lista de " "conexiones" -#: src/protocol.c:759 +#: src/protocol.c:760 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s)" -#: src/protocol.c:767 +#: src/protocol.c:768 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "" "Recibí DEL_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:775 +#: src/protocol.c:776 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s): cadena de subred no válida" -#: src/protocol.c:785 +#: src/protocol.c:786 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "" "Aviso: recibí DEL_SUBNET desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:795 +#: src/protocol.c:796 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Recibí DEL_SUBNET para %s desde %s (%s) que no está en nuestra lista de " "conexiones" -#: src/protocol.c:835 +#: src/protocol.c:836 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Recibí ADD_HOST incorrecta desde %s (%s)" -#: src/protocol.c:843 +#: src/protocol.c:844 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "" "Recibí ADD_HOST incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:852 +#: src/protocol.c:853 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Aviso: recibí ADD_HOST desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:869 +#: src/protocol.c:870 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Recibí un ADD_HOST duplicado desde %s (%s) para %s (%s)" -#: src/protocol.c:877 +#: src/protocol.c:878 #, fuzzy, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Eliminando el registro viejo para %s en %s en favor de la nueva conexión " "desde %s" -#: src/protocol.c:927 +#: src/protocol.c:928 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Recibí DEL_HOST incorrecta desde %s (%s)" -#: src/protocol.c:936 +#: src/protocol.c:937 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "" "Recibí DEL_HOST incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:944 +#: src/protocol.c:945 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Aviso: recibí DEL_HOST desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:954 +#: src/protocol.c:955 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Recibí DEL_HOST desde %s (%s) para %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:963 +#: src/protocol.c:964 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Recibí DEL_HOST desde %s (%s) para %s que no concuerda" -#: src/protocol.c:1002 +#: src/protocol.c:1003 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Recibí STATUS incorrecta desde %s (%s)" -#: src/protocol.c:1009 +#: src/protocol.c:1010 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Mensaje de status desde %s (%s): %s: %s" -#: src/protocol.c:1032 +#: src/protocol.c:1033 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Recibí ERROR incorrecta desde %s (%s)" -#: src/protocol.c:1039 +#: src/protocol.c:1040 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Mensaje de error desde %s (%s): %s: %s" -#: src/protocol.c:1117 +#: src/protocol.c:1118 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Recibí KEY_CHANGED incorrecto desde %s (%s)" -#: src/protocol.c:1124 +#: src/protocol.c:1125 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -763,12 +770,12 @@ msgstr "" "Recibí KEY_CHANGED desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1153 +#: src/protocol.c:1154 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1160 +#: src/protocol.c:1161 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -777,7 +784,7 @@ msgstr "" "Recibí REQ_KEY desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1177 +#: src/protocol.c:1178 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -786,12 +793,12 @@ msgstr "" "Recibí REQ_KEY desde %s (%s) destino %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1213 +#: src/protocol.c:1214 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Recibí ANS_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1220 +#: src/protocol.c:1221 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -800,12 +807,12 @@ msgstr "" "Recibí ANS_KEY desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1231 +#: src/protocol.c:1232 #, fuzzy, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "Recibí ANS_KEY incorrecta desde %s (%s) origen %s: clave no válida" -#: src/protocol.c:1242 +#: src/protocol.c:1243 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -820,7 +827,7 @@ msgid "subnet_compare() was called with unknown subnet type %d, restarting!" msgstr "" #. Do some intl stuff right now -#: src/subnet.c:251 src/tincd.c:296 +#: src/subnet.c:251 src/tincd.c:300 msgid "unknown" msgstr "desconocido" @@ -884,41 +891,42 @@ msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" msgstr "" -#: src/tincd.c:233 +#: src/tincd.c:234 #, c-format msgid "Generating %d bits keys:\n" msgstr "Generando claves de %d bits:\n" -#: src/tincd.c:237 +#: src/tincd.c:239 msgid "Error during key generation!" msgstr "" -#: src/tincd.c:241 +#: src/tincd.c:243 msgid "Done.\n" msgstr "Hecho.\n" -#: src/tincd.c:243 +#: src/tincd.c:246 #, fuzzy msgid "public RSA key" msgstr "Clave pública: %s\n" -#: src/tincd.c:248 +#: src/tincd.c:253 #, fuzzy msgid "private RSA key" msgstr "Clave privada: %s\n" -#: src/tincd.c:268 -msgid "Both netname and configuration directory given, using the latter...\n" +#: src/tincd.c:274 +msgid "Both netname and configuration directory given, using the latter..." msgstr "" -#: src/tincd.c:303 +#: src/tincd.c:307 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versión %s (compilado %s %s, protocolo %d)\n" -#: src/tincd.c:304 +#: src/tincd.c:308 +#, fuzzy msgid "" -"Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" +"Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" "\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" @@ -932,25 +940,32 @@ msgstr "" "y puede ser redistribuido bajo ciertas condiciones;\n" "vea el fichero COPYING para los detalles.\n" -#: src/tincd.c:318 -msgid "You must be root to run this program. Sorry.\n" +#: src/tincd.c:322 +#, fuzzy +msgid "You must be root to run this program.\n" msgstr "" "Usted debe ser el superusuario para ejecutar este programa. Lo siento.\n" -#: src/tincd.c:353 +#: src/tincd.c:359 msgid "Unrecoverable error" msgstr "Error irrecuperable" -#: src/tincd.c:358 +#: src/tincd.c:364 #, c-format msgid "Restarting in %d seconds!" msgstr "¡Reiniciando en %d segundos!" -#: src/tincd.c:363 +#: src/tincd.c:369 #, fuzzy msgid "Not restarting." msgstr "¡Aayyy! No reinicio." +#~ msgid "Queue flushed" +#~ msgstr "Cola vaciada" + +#~ msgid "Flushing receive queue for %s (%s)" +#~ msgstr "Vaciando la cola de recepción para %s (%s)" + #~ msgid "%s: option `%s' is ambiguous\n" #~ msgstr "%s: la opción `%s' es ambigua\n" @@ -1015,13 +1030,6 @@ msgstr " #~ msgid "Could not open UDP connection to %s (%s)" #~ msgstr "No pude abrir una conexión UDP a %s (%s)" -#~ msgid "No valid key known yet for %s (%s), queueing packet" -#~ msgstr "" -#~ "No conozco ninguna clave válida para %s (%s) aún, pongo el paquete en cola" - -#~ msgid "%s (%s) is not ready, queueing packet" -#~ msgstr "%s (%s) no está listo, poniendo el paquete en cola" - #~ msgid "tun/tap device will be left unconfigured" #~ msgstr "el dispositivo tun/tap se dejará sin configurar" diff --git a/po/nl.po b/po/nl.po index 1b4de07b..cdede32b 100644 --- a/po/nl.po +++ b/po/nl.po @@ -1,11 +1,11 @@ # Dutch messages for tinc -# Copyright (C) 1999, 2000 Ivo Timmermans, Guus Sliepen. -# Ivo Timmermans , 1999, 2000. -# Guus Sliepen , 2000. +# Copyright (C) 1999-2001 Ivo Timmermans, Guus Sliepen. +# Ivo Timmermans , 1999-2001. +# Guus Sliepen , 2000,2001. msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre4\n" -"POT-Creation-Date: 2001-01-06 17:41+0100\n" +"POT-Creation-Date: 2001-01-07 18:02+0100\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -44,49 +44,54 @@ msgstr "" msgid "Failed to read `%s': %m" msgstr "Lezen van `%s' mislukte: %m" -#: src/conf.c:361 src/conf.c:384 src/conf.c:404 -#, c-format -msgid "Couldn't stat `%s': %m" -msgstr "Kon `%s' niet statten: %m" - -#: src/conf.c:376 +#: src/conf.c:375 #, c-format msgid "`%s' is not an absolute path" msgstr "`%s' is geen absoluut pad" -#: src/conf.c:390 src/conf.c:412 +#: src/conf.c:391 src/conf.c:424 +#, c-format +msgid "Couldn't stat `%s': %m" +msgstr "Kon `%s' niet statten: %m" + +#: src/conf.c:398 src/conf.c:434 #, c-format msgid "`%s' is owned by UID %d instead of %d" msgstr "`%s' is eigendom van UID %d in plaats van %d" -#: src/conf.c:396 src/conf.c:418 +#: src/conf.c:405 src/conf.c:441 #, c-format msgid "Warning: `%s' is a symlink" msgstr "Waarschuwing: `%s' is een symbolische link" +#: src/conf.c:410 src/conf.c:446 +#, c-format +msgid "Unable to read symbolic link `%s': %m" +msgstr "Kan symbolische link `%s' niet lezen: %m" + #. Accessible by others -#: src/conf.c:425 +#: src/conf.c:457 #, c-format msgid "`%s' has unsecure permissions" msgstr "`%s' heeft onveilige permissies" #. Ask for a file and/or directory name. -#: src/conf.c:451 +#: src/conf.c:482 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "Geef een bestand om de %s naar de schrijven [%s]: " -#: src/conf.c:457 +#: src/conf.c:488 #, c-format msgid "Error while reading stdin: %m\n" msgstr "Fout tijdens lezen van standaardinvoer: %m\n" -#: src/conf.c:496 +#: src/conf.c:514 #, c-format msgid "Error opening file `%s': %m\n" msgstr "Fout bij het openen van het bestand `%s': %m\n" -#: src/conf.c:506 +#: src/conf.c:524 #, c-format msgid "" "The file `%s' (or any of the leading directories) has unsafe permissions.\n" @@ -119,7 +124,7 @@ msgstr "Verzenden van %d bytes metadata naar %s (%s): %s" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:100 src/net.c:1101 +#: src/meta.c:100 src/net.c:991 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" @@ -174,577 +179,579 @@ msgstr "Kan niet naar tun/tap apparaat schrijven: %m" msgid "Can't write to ethertap device: %m" msgstr "Kan niet naar ethertap apparaat schrijven: %m" -#: src/net.c:286 -msgid "Queue flushed" -msgstr "Wachtrij leeggemaakt" - -#: src/net.c:301 -#, c-format -msgid "Flushing send queue for %s (%s)" -msgstr "Legen van verzend-wachtrij voor %s (%s)" - -#: src/net.c:309 -#, c-format -msgid "Flushing receive queue for %s (%s)" -msgstr "Legen van de ontvangst-wachtrij voor %s (%s)" - -#: src/net.c:328 +#: src/net.c:205 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" -#: src/net.c:341 +#: src/net.c:218 #, c-format msgid "Packet with destination %d.%d.%d.%d is looping back to us!" msgstr "Pakket met doeladres %d.%d.%d.%d komt terug naar ons!" -#: src/net.c:417 +#: src/net.c:228 +#, c-format +msgid "%s (%s) is not active, dropping packet" +msgstr "%s (%s) is niet actief, pakket wordt genegeerd" + +#: src/net.c:241 +#, c-format +msgid "No valid key known yet for %s (%s), queueing packet" +msgstr "" +"Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" + +#: src/net.c:261 +#, c-format +msgid "Flushing queue for %s (%s)" +msgstr "Legen van wachtrij voor %s (%s)" + +#: src/net.c:307 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" -#: src/net.c:446 +#: src/net.c:336 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s is een nieuwe stijl tun/tap apparaat" -#: src/net.c:471 +#: src/net.c:361 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:478 src/net.c:486 src/net.c:495 src/net.c:529 src/net.c:557 -#: src/net.c:566 src/net.c:620 src/net.c:1059 src/net.c:1068 src/net.c:1126 +#: src/net.c:368 src/net.c:376 src/net.c:385 src/net.c:419 src/net.c:447 +#: src/net.c:456 src/net.c:510 src/net.c:949 src/net.c:958 src/net.c:1016 #, c-format msgid "System call `%s' failed: %m" msgstr "Systeemaanroep `%s' mislukte: %m" -#: src/net.c:505 +#: src/net.c:395 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:522 +#: src/net.c:412 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:550 +#: src/net.c:440 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:579 src/net.c:1081 +#: src/net.c:469 src/net.c:971 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:596 +#: src/net.c:486 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:606 +#: src/net.c:496 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:631 +#: src/net.c:521 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:639 +#: src/net.c:529 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:645 +#: src/net.c:535 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:664 +#: src/net.c:554 msgid "Invalid name for outgoing connection" msgstr "Ongelige naam voor uitgaande verbinding" -#: src/net.c:673 +#: src/net.c:563 #, c-format msgid "Error reading host configuration file for %s" msgstr "Fout tijdens lezen host configuratie bestand voor %s" -#: src/net.c:680 +#: src/net.c:570 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:687 +#: src/net.c:577 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:697 +#: src/net.c:587 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:735 +#: src/net.c:625 #, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %m" -#: src/net.c:743 +#: src/net.c:633 #, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %m" -#: src/net.c:753 +#: src/net.c:643 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net.c:778 +#: src/net.c:668 #, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" -#: src/net.c:786 +#: src/net.c:676 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" # -#: src/net.c:793 +#: src/net.c:683 msgid "No private key for tinc daemon specified!" msgstr "Geen privé sleutel voor tinc daemon gespecificeerd!" -#: src/net.c:817 +#: src/net.c:707 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:825 +#: src/net.c:715 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:834 +#: src/net.c:724 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:875 +#: src/net.c:765 msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" -#: src/net.c:884 +#: src/net.c:774 msgid "Unable to set up a listening TCP socket!" msgstr "Kon geen TCP luistersocket aanmaken!" -#: src/net.c:890 +#: src/net.c:780 msgid "Unable to set up a listening UDP socket!" msgstr "Kon geen UDP luistersocket aanmaken!" -#: src/net.c:914 +#: src/net.c:804 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:946 +#: src/net.c:836 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:997 +#: src/net.c:887 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:1047 +#: src/net.c:937 #, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:1052 +#: src/net.c:942 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:1092 +#: src/net.c:982 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:1142 +#: src/net.c:1032 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1190 +#: src/net.c:1080 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1196 +#: src/net.c:1086 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1202 +#: src/net.c:1092 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1210 +#: src/net.c:1100 #, c-format msgid "Received UDP packets on port %hd from unknown source %x:%hd" msgstr "Ontvangst UDP pakket op poort %hd van onbekende oorsprong %x:%hd" -#: src/net.c:1216 +#: src/net.c:1106 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net.c:1240 +#: src/net.c:1130 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1285 +#: src/net.c:1175 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:1320 +#: src/net.c:1210 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1347 +#: src/net.c:1237 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1355 +#: src/net.c:1245 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1410 +#: src/net.c:1300 #, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1419 +#: src/net.c:1309 #, c-format msgid "Error while reading from ethertap device: %m" msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1430 +#: src/net.c:1320 msgid "Received short packet from tap device" msgstr "Kort pakket ontvangen van tap apparaat" -#: src/net.c:1436 +#: src/net.c:1326 #, c-format msgid "Read packet of length %d from tap device" msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1468 +#: src/net.c:1358 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1475 +#: src/net.c:1365 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1482 +#: src/net.c:1372 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1508 +#: src/net.c:1398 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/netutl.c:115 +#: src/netutl.c:95 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Fout bij het opzoeken van `%s': %s\n" -#: src/protocol.c:101 +#: src/protocol.c:102 #, c-format msgid "Output buffer overflow while sending %s to %s (%s)" msgstr "Uitvoer buffer overvol tijdens zenden %s naar %s (%s)" -#: src/protocol.c:108 +#: src/protocol.c:109 #, c-format msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:122 +#: src/protocol.c:123 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:129 +#: src/protocol.c:130 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:135 +#: src/protocol.c:136 #, c-format msgid "Unauthorized request from %s (%s)" msgstr "Niet toegestaan verzoek van %s (%s)" -#: src/protocol.c:142 +#: src/protocol.c:143 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:149 +#: src/protocol.c:150 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:203 +#: src/protocol.c:204 #, c-format msgid "Got bad ID from %s" msgstr "Kreeg ongeldige ID van %s" -#: src/protocol.c:211 +#: src/protocol.c:212 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:220 +#: src/protocol.c:221 #, c-format msgid "Peer %s uses invalid identity name" msgstr "Ander %s gebruikt een ongeldige identiteitsnaam" -#: src/protocol.c:232 +#: src/protocol.c:233 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft een onbekende identiteit (%s)" -#: src/protocol.c:246 +#: src/protocol.c:247 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "%s (%s) staat al in onze verbindingslijst" -#: src/protocol.c:299 +#: src/protocol.c:300 #, c-format msgid "Generated random challenge (unencrypted): %s" msgstr "Uitdaging gegenereerd (niet versleuteld): %s" -#: src/protocol.c:306 src/protocol.c:359 +#: src/protocol.c:307 src/protocol.c:360 #, c-format msgid "Error during encryption of challenge for %s (%s)" msgstr "Fout tijdens versleuteling van uitdaging voor %s (%s)" -#: src/protocol.c:332 +#: src/protocol.c:333 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" -#: src/protocol.c:342 +#: src/protocol.c:343 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" -#: src/protocol.c:367 +#: src/protocol.c:368 #, c-format msgid "Received random challenge (unencrypted): %s" msgstr "Uitdaging ontvangen (niet versleuteld): %s" -#: src/protocol.c:381 +#: src/protocol.c:382 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" -#: src/protocol.c:412 +#: src/protocol.c:413 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" -#: src/protocol.c:420 +#: src/protocol.c:421 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" -#: src/protocol.c:436 +#: src/protocol.c:437 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" -#: src/protocol.c:441 +#: src/protocol.c:442 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwacht antwoord op uitdaging: %s" -#: src/protocol.c:485 +#: src/protocol.c:486 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "Meta sleutel gegenereerd (niet versleuteld): %s" -#: src/protocol.c:492 src/protocol.c:554 +#: src/protocol.c:493 src/protocol.c:555 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleuteling van meta sleutel voor %s (%s)" -#: src/protocol.c:524 +#: src/protocol.c:525 #, c-format msgid "Got bad METAKEY from %s (%s)" msgstr "Kreeg ongeldige METAKEY van %s (%s)" -#: src/protocol.c:534 +#: src/protocol.c:535 #, c-format msgid "Intruder: wrong meta key length from %s (%s)" msgstr "Indringer: verkeerde lengte voor meta sleutel van %s (%s)" -#: src/protocol.c:562 +#: src/protocol.c:563 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Meta sleutel ontvangen (niet versleuteld): %s" -#: src/protocol.c:601 +#: src/protocol.c:602 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:617 +#: src/protocol.c:618 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:682 +#: src/protocol.c:683 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" -#: src/protocol.c:690 +#: src/protocol.c:691 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:698 +#: src/protocol.c:699 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" -#: src/protocol.c:706 +#: src/protocol.c:707 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:716 +#: src/protocol.c:717 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg ADD_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:759 +#: src/protocol.c:760 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" -#: src/protocol.c:767 +#: src/protocol.c:768 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:775 +#: src/protocol.c:776 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:785 +#: src/protocol.c:786 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:795 +#: src/protocol.c:796 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg DEL_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:835 +#: src/protocol.c:836 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:843 +#: src/protocol.c:844 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:852 +#: src/protocol.c:853 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:869 +#: src/protocol.c:870 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:877 +#: src/protocol.c:878 #, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe verbinding" -#: src/protocol.c:927 +#: src/protocol.c:928 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:936 +#: src/protocol.c:937 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:944 +#: src/protocol.c:945 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:954 +#: src/protocol.c:955 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:963 +#: src/protocol.c:964 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:1002 +#: src/protocol.c:1003 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:1009 +#: src/protocol.c:1010 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:1032 +#: src/protocol.c:1033 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:1039 +#: src/protocol.c:1040 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:1117 +#: src/protocol.c:1118 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:1124 +#: src/protocol.c:1125 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -753,12 +760,12 @@ msgstr "" "Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1153 +#: src/protocol.c:1154 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:1160 +#: src/protocol.c:1161 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -767,7 +774,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1177 +#: src/protocol.c:1178 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -775,12 +782,12 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1213 +#: src/protocol.c:1214 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:1220 +#: src/protocol.c:1221 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -789,13 +796,13 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1231 +#: src/protocol.c:1232 #, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "" "Kreeg ongeldige ADD_KEY van %s (%s) herkomst %s: ongeldige sleutellengte" -#: src/protocol.c:1242 +#: src/protocol.c:1243 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -811,7 +818,7 @@ msgstr "" "starten" #. Do some intl stuff right now -#: src/subnet.c:251 src/tincd.c:296 +#: src/subnet.c:251 src/tincd.c:300 msgid "unknown" msgstr "onbekend" @@ -878,47 +885,47 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:233 +#: src/tincd.c:234 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:237 +#: src/tincd.c:239 msgid "Error during key generation!" msgstr "Fout tijdens genereren sleutel!" -#: src/tincd.c:241 +#: src/tincd.c:243 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:243 +#: src/tincd.c:246 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:248 +#: src/tincd.c:253 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:268 -msgid "Both netname and configuration directory given, using the latter...\n" +#: src/tincd.c:274 +msgid "Both netname and configuration directory given, using the latter..." msgstr "" -"Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt...\n" +"Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:303 +#: src/tincd.c:307 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:304 +#: src/tincd.c:308 msgid "" -"Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" +"Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" "\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" "and you are welcome to redistribute it under certain conditions;\n" "see the file COPYING for details.\n" msgstr "" -"Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen en anderen.\n" +"Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen en anderen.\n" "Zie het bestand AUTHORS voor een volledige lijst.\n" "\n" "tinc wordt gedistribueerd ZONDER ENIGE GARANTIE. Dit is vrije " @@ -926,20 +933,19 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:318 -msgid "You must be root to run this program. Sorry.\n" -msgstr "" -"Je moet systeembeheerder zijn om dit programma te kunnen draaien. Sorry.\n" +#: src/tincd.c:322 +msgid "You must be root to run this program.\n" +msgstr "Je moet systeembeheerder zijn om dit programma te kunnen draaien.\n" -#: src/tincd.c:353 +#: src/tincd.c:359 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:358 +#: src/tincd.c:364 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:363 +#: src/tincd.c:369 msgid "Not restarting." msgstr "Geen herstart." diff --git a/src/conf.c b/src/conf.c index 61f0cf0e..2643785c 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1,9 +1,9 @@ /* conf.c -- configuration code Copyright (C) 1998 Robert van der Meulen - Copyright (C) 1998,1999,2000 Ivo Timmermans - 2000 Guus Sliepen - 2000 Cris van Pelt + 1998-2001 Ivo Timmermans + 2000,2001 Guus Sliepen + 2000 Cris van Pelt This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.37 2001/01/06 18:03:39 guus Exp $ + $Id: conf.c,v 1.9.4.38 2001/01/07 17:08:55 guus Exp $ */ #include "config.h" diff --git a/src/conf.h b/src/conf.h index 00fbcb19..dce3802f 100644 --- a/src/conf.h +++ b/src/conf.h @@ -1,7 +1,7 @@ /* conf.h -- header for conf.c - Copyright (C) 1998,1999,2000 Ivo Timmermans - 2000 Guus Sliepen + Copyright (C) 1998-2001 Ivo Timmermans + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.20 2001/01/05 23:53:49 guus Exp $ + $Id: conf.h,v 1.6.4.21 2001/01/07 17:08:56 guus Exp $ */ #ifndef __TINC_CONF_H__ diff --git a/src/connection.c b/src/connection.c index 08c165e5..1e34329c 100644 --- a/src/connection.c +++ b/src/connection.c @@ -1,7 +1,7 @@ /* connection.c -- connection list management - Copyright (C) 2000 Guus Sliepen , - 2000 Ivo Timmermans + Copyright (C) 2000,2001 Guus Sliepen , + 2000,2001 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.8 2001/01/07 15:25:40 guus Exp $ + $Id: connection.c,v 1.1.2.9 2001/01/07 17:08:56 guus Exp $ */ #include "config.h" diff --git a/src/connection.h b/src/connection.h index 7f742e18..06e08ef1 100644 --- a/src/connection.h +++ b/src/connection.h @@ -1,7 +1,7 @@ /* connection.h -- header for connection.c - Copyright (C) 2000 Guus Sliepen , - 2000 Ivo Timmermans + Copyright (C) 2000,2001 Guus Sliepen , + 2000,2001 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.5 2001/01/07 15:25:41 guus Exp $ + $Id: connection.h,v 1.1.2.6 2001/01/07 17:08:57 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ diff --git a/src/meta.c b/src/meta.c index 14a3c1d0..fa32b896 100644 --- a/src/meta.c +++ b/src/meta.c @@ -1,7 +1,7 @@ /* meta.c -- handle the meta communication - Copyright (C) 2000 Guus Sliepen , - 2000 Ivo Timmermans + Copyright (C) 2000,2001 Guus Sliepen , + 2000,2001 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.13 2001/01/05 23:53:49 guus Exp $ + $Id: meta.c,v 1.1.2.14 2001/01/07 17:08:57 guus Exp $ */ #include "config.h" diff --git a/src/meta.h b/src/meta.h index 09df9028..e0823a82 100644 --- a/src/meta.h +++ b/src/meta.h @@ -1,7 +1,7 @@ /* meta.h -- header for meta.c - Copyright (C) 2000 Guus Sliepen , - 2000 Ivo Timmermans + Copyright (C) 2000,2001 Guus Sliepen , + 2000,2001 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.h,v 1.1.2.4 2000/11/20 19:12:12 guus Exp $ + $Id: meta.h,v 1.1.2.5 2001/01/07 17:08:58 guus Exp $ */ #ifndef __TINC_META_H__ diff --git a/src/net.c b/src/net.c index f22fd728..54e91391 100644 --- a/src/net.c +++ b/src/net.c @@ -1,7 +1,7 @@ /* net.c -- most of the network code - Copyright (C) 1998,1999,2000 Ivo Timmermans , - 2000 Guus Sliepen + Copyright (C) 1998-2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.90 2001/01/07 15:25:41 guus Exp $ + $Id: net.c,v 1.35.4.91 2001/01/07 17:08:58 guus Exp $ */ #include "config.h" diff --git a/src/net.h b/src/net.h index 5a1609cb..ddbd84df 100644 --- a/src/net.h +++ b/src/net.h @@ -1,6 +1,7 @@ /* net.h -- header for net.c - Copyright (C) 1998,1999,2000 Ivo Timmermans + Copyright (C) 1998-2001 Ivo Timmermans + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -16,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.25 2001/01/07 15:25:44 guus Exp $ + $Id: net.h,v 1.9.4.26 2001/01/07 17:09:01 guus Exp $ */ #ifndef __TINC_NET_H__ diff --git a/src/netutl.c b/src/netutl.c index 200f7768..e9f74d08 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -1,7 +1,7 @@ /* netutl.c -- some supporting network utility code - Copyright (C) 1998,1999,2000 Ivo Timmermans - 2000 Guus Sliepen + Copyright (C) 1998-2001 Ivo Timmermans + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.17 2001/01/07 15:25:44 guus Exp $ + $Id: netutl.c,v 1.12.4.18 2001/01/07 17:09:02 guus Exp $ */ #include "config.h" diff --git a/src/netutl.h b/src/netutl.h index e542792c..bcc84c88 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -1,6 +1,7 @@ /* netutl.h -- header file for netutl.c - Copyright (C) 1998,1999,2000 Ivo Timmermans + Copyright (C) 1998-2001 Ivo Timmermans + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -16,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.5 2000/11/09 21:33:18 zarq Exp $ + $Id: netutl.h,v 1.2.4.6 2001/01/07 17:09:02 guus Exp $ */ #ifndef __TINC_NETUTL_H__ @@ -25,9 +26,7 @@ #include "net.h" #include "conf.h" -extern void destroy_queue(packet_queue_t *); extern char *hostlookup(unsigned long); extern ip_mask_t *strtoip(char*); -extern void destroy_queue(packet_queue_t *); #endif /* __TINC_NETUTL_H__ */ diff --git a/src/process.c b/src/process.c index 22943c22..6158fbab 100644 --- a/src/process.c +++ b/src/process.c @@ -1,7 +1,7 @@ /* process.c -- process management functions - Copyright (C) 1999,2000 Ivo Timmermans , - 2000 Guus Sliepen + Copyright (C) 1999-2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.19 2001/01/07 15:25:45 guus Exp $ + $Id: process.c,v 1.1.2.20 2001/01/07 17:09:02 guus Exp $ */ #include "config.h" diff --git a/src/process.h b/src/process.h index 1f3675d6..ed834f0c 100644 --- a/src/process.h +++ b/src/process.h @@ -1,7 +1,7 @@ /* process.h -- header file for process.c - Copyright (C) 1999,2000 Ivo Timmermans , - 2000 Guus Sliepen + Copyright (C) 1999-2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.6 2001/01/07 15:25:45 guus Exp $ + $Id: process.h,v 1.1.2.7 2001/01/07 17:09:02 guus Exp $ */ #ifndef __TINC_PROCESS_H__ diff --git a/src/protocol.c b/src/protocol.c index 12d279a4..46c4c7b8 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -1,7 +1,7 @@ /* protocol.c -- handle the meta-protocol - Copyright (C) 1999,2000 Ivo Timmermans , - 2000 Guus Sliepen + Copyright (C) 1999-2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.73 2001/01/07 15:25:45 guus Exp $ + $Id: protocol.c,v 1.28.4.74 2001/01/07 17:09:02 guus Exp $ */ #include "config.h" diff --git a/src/protocol.h b/src/protocol.h index 3789d804..437f1e29 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -1,7 +1,7 @@ /* protocol.h -- header for protocol.c - Copyright (C) 1999,2000 Ivo Timmermans , - 2000 Guus Sliepen + Copyright (C) 1999-2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.17 2000/11/22 19:55:53 guus Exp $ + $Id: protocol.h,v 1.5.4.18 2001/01/07 17:09:06 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ diff --git a/src/route.c b/src/route.c index a11c55ae..43fe523c 100644 --- a/src/route.c +++ b/src/route.c @@ -1,7 +1,7 @@ /* route.c -- routing - Copyright (C) 2000 Ivo Timmermans , - 2000 Guus Sliepen + Copyright (C) 2000,2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.5 2001/01/07 15:25:49 guus Exp $ + $Id: route.c,v 1.1.2.6 2001/01/07 17:09:06 guus Exp $ */ #include "config.h" diff --git a/src/route.h b/src/route.h index 0c708ac4..e7316cb1 100644 --- a/src/route.h +++ b/src/route.h @@ -1,7 +1,7 @@ /* route.h -- header file for route.c - Copyright (C) 2000 Ivo Timmermans - 2000 Guus Sliepen + Copyright (C) 2000,2001 Ivo Timmermans + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.h,v 1.1.2.1 2001/01/07 15:27:30 guus Exp $ + $Id: route.h,v 1.1.2.2 2001/01/07 17:09:06 guus Exp $ */ #ifndef __TINC_ROUTE_H__ diff --git a/src/subnet.c b/src/subnet.c index 28a203dc..ab881f47 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -1,7 +1,7 @@ /* subnet.c -- handle subnet lookups and lists - Copyright (C) 2000 Guus Sliepen , - 2000 Ivo Timmermans + Copyright (C) 2000,2001 Guus Sliepen , + 2000,2001 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.16 2001/01/05 23:53:53 guus Exp $ + $Id: subnet.c,v 1.1.2.17 2001/01/07 17:09:06 guus Exp $ */ #include "config.h" diff --git a/src/subnet.h b/src/subnet.h index a572953c..21b2a1e5 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -1,7 +1,7 @@ /* subnet.h -- header for subnet.c - Copyright (C) 2000 Guus Sliepen , - 2000 Ivo Timmermans + Copyright (C) 2000,2001 Guus Sliepen , + 2000,2001 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.8 2001/01/05 23:53:53 guus Exp $ + $Id: subnet.h,v 1.1.2.9 2001/01/07 17:09:07 guus Exp $ */ #ifndef __TINC_SUBNET_H__ diff --git a/src/tincd.c b/src/tincd.c index 3e02e699..8eb0be5e 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -1,7 +1,7 @@ /* tincd.c -- the main file for tincd - Copyright (C) 1998,1999,2000 Ivo Timmermans - 2000 Guus Sliepen + Copyright (C) 1998-2001 Ivo Timmermans + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.40 2001/01/06 18:03:41 guus Exp $ + $Id: tincd.c,v 1.10.4.41 2001/01/07 17:09:07 guus Exp $ */ #include "config.h" @@ -305,7 +305,7 @@ main(int argc, char **argv, char **envp) if(show_version) { printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT); - printf(_("Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen and others.\n" + printf(_("Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" "and you are welcome to redistribute it under certain conditions;\n" From 7cd2baedc6027ef6a5b941342bc6d3931d7220ba Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 7 Jan 2001 20:19:08 +0000 Subject: [PATCH 316/923] - Fixed IPv6 subnet lookup routine. --- src/subnet.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/subnet.c b/src/subnet.c index ab881f47..a08e2de7 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.17 2001/01/07 17:09:06 guus Exp $ + $Id: subnet.c,v 1.1.2.18 2001/01/07 20:19:08 guus Exp $ */ #include "config.h" @@ -288,15 +288,21 @@ cp subnet_t *lookup_subnet_ipv6(ipv6_t *address) { - subnet_t subnet; + subnet_t subnet, *p; + int i; cp subnet.type = SUBNET_IPV6; memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); memset(&subnet.net.ipv6.mask, 0xFF, 16); -/* FIXME: check if it REALLY matches */ + p = (subnet_t *)avl_search_closest_greater(subnet_tree, &subnet); + + if(p) + for(i=0; i<8; i++) + if((address->x[i] & p->net.ipv6.address.x[i]) != p->net.ipv6.address.x[i]) + return NULL; - return (subnet_t *)avl_search_closest_greater(subnet_tree, &subnet); + return p; } void dump_subnet_list(void) From 447a43d63960802a7a29201c512246be11eb9c94 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 7 Jan 2001 20:19:35 +0000 Subject: [PATCH 317/923] - Added indirectdata and tcponly functionality. --- src/connection.h | 9 +++-- src/net.c | 49 +++++++++++++++++--------- src/net.h | 3 +- src/protocol.c | 92 +++++++++++++++++++++++++++++++++++++++++++----- src/protocol.h | 5 +-- 5 files changed, 125 insertions(+), 33 deletions(-) diff --git a/src/connection.h b/src/connection.h index 06e08ef1..eef63382 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.6 2001/01/07 17:08:57 guus Exp $ + $Id: connection.h,v 1.1.2.7 2001/01/07 20:19:29 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -59,9 +59,8 @@ typedef struct status_bits_t { int unused:18; } status_bits_t; -typedef struct option_bits_t { - int unused:32; -} option_bits_t; +#define OPTION_INDIRECT 0x0001 +#define OPTION_TCPONLY 0x0002 typedef struct connection_t { char *name; /* name of this connection */ @@ -69,7 +68,7 @@ typedef struct connection_t { char *hostname; /* the hostname of its real ip */ int protocol_version; /* used protocol */ short unsigned int port; /* port number for UDP traffic */ - long unsigned int options; /* options turned on for this connection */ + long int options; /* options turned on for this connection */ int flags; /* his flags */ int socket; /* our udp vpn socket */ diff --git a/src/net.c b/src/net.c index 54e91391..18e5951b 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.91 2001/01/07 17:08:58 guus Exp $ + $Id: net.c,v 1.35.4.92 2001/01/07 20:19:29 guus Exp $ */ #include "config.h" @@ -112,7 +112,7 @@ int xsend(connection_t *cl, vpn_packet_t *inpkt) cp outpkt.len = inpkt->len; - /* Encrypt the packet */ + /* Encrypt the packet. FIXME: we should use CBC, not CFB. */ EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); @@ -163,28 +163,33 @@ cp outlen = outpkt.len+2; memcpy(&outpkt, inpkt, outlen); */ - +cp + return receive_packet(cl, &outpkt); +} + +int receive_packet(connection_t *cl, vpn_packet_t *packet) +{ if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"), - outpkt.len); + packet->len); /* Fix mac address */ - memcpy(outpkt.data, mymac.net.mac.address.x, 6); + memcpy(packet->data, mymac.net.mac.address.x, 6); if(taptype == TAP_TYPE_TUNTAP) { - if(write(tap_fd, outpkt.data, outpkt.len) < 0) + if(write(tap_fd, packet->data, packet->len) < 0) syslog(LOG_ERR, _("Can't write to tun/tap device: %m")); else - total_tap_out += outpkt.len; + total_tap_out += packet->len; } else /* ethertap */ { - if(write(tap_fd, outpkt.data - 2, outpkt.len + 2) < 0) + if(write(tap_fd, packet->data - 2, packet->len + 2) < 0) syslog(LOG_ERR, _("Can't write to ethertap device: %m")); else - total_tap_out += outpkt.len + 2; + total_tap_out += packet->len + 2; } cp return 0; @@ -231,10 +236,6 @@ cp return 0; } - /* If we ourselves have indirectdata flag set, we should send only to our uplink! */ - - /* FIXME - check for indirection and reprogram it The Right Way(tm) this time. */ - if(!cl->status.validkey) { if(debug_lvl >= DEBUG_TRAFFIC) @@ -248,9 +249,12 @@ cp return 0; } - /* can we send it? can we? can we? huh? */ + /* Check if it has to go via UDP or TCP... */ cp - return xsend(cl, packet); + if(cl->options & OPTION_TCPONLY) + return send_tcppacket(cl, packet); + else + return xsend(cl, packet); } void flush_queue(connection_t *cl) @@ -698,7 +702,7 @@ int setup_myself(void) cp myself = new_connection(); - asprintf(&myself->hostname, "MYSELF"); /* FIXME? Do hostlookup on ourselves? */ + asprintf(&myself->hostname, "MYSELF"); myself->flags = 0; myself->protocol_version = PROT_CURRENT; @@ -797,6 +801,19 @@ cp keyexpires = time(NULL) + keylifetime; cp + /* Check some options */ + + if((cfg = get_config_val(config, config_indirectdata))) + { + if(cfg->data.val == stupid_true) + myself->options |= OPTION_INDIRECT; + } + + if((cfg = get_config_val(config, config_tcponly))) + { + if(cfg->data.val == stupid_true) + myself->options |= OPTION_TCPONLY; + } /* Activate ourselves */ myself->status.active = 1; diff --git a/src/net.h b/src/net.h index ddbd84df..f3357248 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.26 2001/01/07 17:09:01 guus Exp $ + $Id: net.h,v 1.9.4.27 2001/01/07 20:19:31 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -113,6 +113,7 @@ extern char *status_text[10]; extern int str2opt(const char *); extern char *opt2str(int); extern int send_packet(ip_t, vpn_packet_t *); +extern int receive_packet(connection_t *, vpn_packet_t *); extern int setup_network_connections(void); extern void close_network_connections(void); extern void main_loop(void); diff --git a/src/protocol.c b/src/protocol.c index 46c4c7b8..0b3563ef 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.74 2001/01/07 17:09:02 guus Exp $ + $Id: protocol.c,v 1.28.4.75 2001/01/07 20:19:31 guus Exp $ */ #include "config.h" @@ -587,6 +587,7 @@ cp int ack_h(connection_t *cl) { + config_t const *cfg; connection_t *old, *p; subnet_t *subnet; avl_node_t *node, *node2; @@ -621,6 +622,20 @@ cp if(!cl->status.outgoing) send_ack(cl); + /* Check some options */ + + if((cfg = get_config_val(cl->config, config_indirectdata))) + { + if(cfg->data.val == stupid_true) + cl->options |= OPTION_INDIRECT; + } + + if((cfg = get_config_val(cl->config, config_tcponly))) + { + if(cfg->data.val == stupid_true) + cl->options |= OPTION_TCPONLY; + } + /* Send him our subnets */ for(node = myself->subnet_tree->head; node; node = node->next) @@ -662,9 +677,15 @@ int send_add_subnet(connection_t *cl, subnet_t *subnet) { int x; char *netstr; + char *owner; cp + if(cl->options & OPTION_INDIRECT) + owner = myself->name; + else + owner = subnet->owner->name; + x = send_request(cl, "%d %s %s", ADD_SUBNET, - subnet->owner->name, netstr = net2str(subnet)); + owner, netstr = net2str(subnet)); free(netstr); cp return x; @@ -739,9 +760,14 @@ int send_del_subnet(connection_t *cl, subnet_t *subnet) { int x; char *netstr; + char *owner; cp - netstr = net2str(subnet); - x = send_request(cl, "%d %s %s", DEL_SUBNET, subnet->owner->name, netstr); + if(cl->options & OPTION_INDIRECT) + owner = myself->name; + else + owner = subnet->owner->name; + + x = send_request(cl, "%d %s %s", DEL_SUBNET, owner, netstr = net2str(subnet)); free(netstr); cp return x; @@ -819,7 +845,8 @@ cp int send_add_host(connection_t *cl, connection_t *other) { cp - return send_request(cl, "%d %s %lx:%d %lx", ADD_HOST, + if(!(cl->options & OPTION_INDIRECT)) + return send_request(cl, "%d %s %lx:%d %lx", ADD_HOST, other->name, other->address, other->port, other->options); } @@ -910,7 +937,8 @@ cp int send_del_host(connection_t *cl, connection_t *other) { cp - return send_request(cl, "%d %s %lx:%d %lx", DEL_HOST, + if(!(cl->options & OPTION_INDIRECT)) + return send_request(cl, "%d %s %lx:%d %lx", DEL_HOST, other->name, other->address, other->port, other->options); } @@ -1060,8 +1088,6 @@ cp return 0; } -/* Keepalive routines - FIXME: needs a closer look */ - int send_ping(connection_t *cl) { cp @@ -1102,7 +1128,8 @@ cp { p = (connection_t *)node->data; if(p != cl && p->status.meta && p->status.active) - send_request(p, "%d %s", KEY_CHANGED, from->name); + if(!(cl->options & OPTION_INDIRECT) || from == myself) + send_request(p, "%d %s", KEY_CHANGED, from->name); } cp return 0; @@ -1265,6 +1292,51 @@ cp return 0; } +int send_tcppacket(connection_t *cl, vpn_packet_t *packet) +{ + int x; + + x = send_request(cl->nexthop, "%d %hd", PACKET, packet->len); + + if(x) + return x; + + return send_meta(cl->nexthop, packet->data, packet->len); +} + +int tcppacket_h(connection_t *cl) +{ + vpn_packet_t packet; + char *p; + int todo, x; + + if(sscanf(cl->buffer, "%*d %hd", packet.len) != 1) + { + syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"), cl->name, cl->hostname); + return -1; + } + + /* Evil hack. */ + + p = packet.data; + todo = packet.len; + + while(todo) + { + x = read(cl->meta_socket, p, todo); + if(x<0) + { + syslog(LOG_ERR, _("Error during reception of PACKET from %s (%s): %m"), cl->name, cl->hostname); + return -1; + } + + todo -= x; + p += x; + } + + return receive_packet(cl, &packet); +} + /* Jumptable for the request handlers */ int (*request_handlers[])(connection_t*) = { @@ -1274,6 +1346,7 @@ int (*request_handlers[])(connection_t*) = { add_host_h, del_host_h, add_subnet_h, del_subnet_h, key_changed_h, req_key_h, ans_key_h, + tcppacket_h, }; /* Request names */ @@ -1285,6 +1358,7 @@ char (*request_name[]) = { "ADD_HOST", "DEL_HOST", "ADD_SUBNET", "DEL_SUBNET", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", + "PACKET", }; /* Status strings */ diff --git a/src/protocol.h b/src/protocol.h index 437f1e29..16248c03 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.18 2001/01/07 17:09:06 guus Exp $ + $Id: protocol.h,v 1.5.4.19 2001/01/07 20:19:35 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -42,6 +42,7 @@ enum { ADD_HOST, DEL_HOST, ADD_SUBNET, DEL_SUBNET, KEY_CHANGED, REQ_KEY, ANS_KEY, + PACKET, LAST /* Guardian for the highest request number */ }; @@ -69,10 +70,10 @@ extern int send_del_subnet(connection_t*, subnet_t*); extern int send_key_changed(connection_t*, connection_t*); extern int send_req_key(connection_t*, connection_t*); extern int send_ans_key(connection_t*, connection_t*, char*); +extern int send_tcppacket(connection_t *, vpn_packet_t *); /* Old functions */ -extern int send_tcppacket(connection_t *, void *, int); extern int notify_others(connection_t *, connection_t *, int (*function)(connection_t*, connection_t*)); extern int receive_request(connection_t *); extern int check_id(char *); From 11f3e9d138daf6b726631cc124b14d66dfa4d1f7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 8 Jan 2001 20:35:30 +0000 Subject: [PATCH 318/923] - Squashed another nasty bug. --- src/protocol.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 0b3563ef..a145c98e 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.75 2001/01/07 20:19:31 guus Exp $ + $Id: protocol.c,v 1.28.4.76 2001/01/08 20:35:30 guus Exp $ */ #include "config.h" @@ -1128,7 +1128,7 @@ cp { p = (connection_t *)node->data; if(p != cl && p->status.meta && p->status.active) - if(!(cl->options & OPTION_INDIRECT) || from == myself) + if(!(p->options & OPTION_INDIRECT) || from == myself) send_request(p, "%d %s", KEY_CHANGED, from->name); } cp From e5e1c20a99b0d72792f28e9a075a9f4a7e8b2c95 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 8 Jan 2001 21:32:00 +0000 Subject: [PATCH 319/923] - Sign was wrong in search_closest_smaller/greater --- lib/avl_tree.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/avl_tree.c b/lib/avl_tree.c index 34ce2a33..341ffeb6 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.3 2001/01/07 17:08:49 guus Exp $ + $Id: avl_tree.c,v 1.1.2.4 2001/01/08 21:32:00 guus Exp $ */ #include @@ -383,7 +383,7 @@ avl_node_t *avl_search_closest_smaller_node(const avl_tree_t *tree, const void * node = avl_search_closest_node(tree, data, &result); - if(result > 0) + if(result < 0) node = node->prev; return node; @@ -396,7 +396,7 @@ avl_node_t *avl_search_closest_greater_node(const avl_tree_t *tree, const void * node = avl_search_closest_node(tree, data, &result); - if(result < 0) + if(result > 0) node = node->next; return node; From c8beaf35ee923c209ee23bedcb3dc892d2c2dae3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 8 Jan 2001 21:32:30 +0000 Subject: [PATCH 320/923] - Cleaned up subnet_t --- src/subnet.h | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/src/subnet.h b/src/subnet.h index 21b2a1e5..2659386e 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.9 2001/01/07 17:09:07 guus Exp $ + $Id: subnet.h,v 1.1.2.10 2001/01/08 21:32:30 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -54,12 +54,6 @@ typedef struct subnet_t { struct connection_t *owner; /* the owner of this subnet */ struct connection_t *uplink; /* the uplink which we should send packets to for this subnet */ - struct subnet_t *prev; /* previous subnet_t for this owner */ - struct subnet_t *next; /* next subnet_t for this owner */ - - struct subnet_t *global_prev; /* previous subnet_t for this subnet type */ - struct subnet_t *global_next; /* next subnet_t for this subnet type */ - int type; /* subnet type (IPv4? IPv6? MAC? something even weirder?) */ /* And now for the actual subnet: */ From d646f4e094b63720f97bfd37bb3489bd9d6231a0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 11 Jan 2001 11:19:08 +0000 Subject: [PATCH 321/923] - Only send out DEL_HOSTs for hosts with a meta connection --- src/net.c | 44 ++++++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/src/net.c b/src/net.c index 18e5951b..074c271d 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.92 2001/01/07 20:19:29 guus Exp $ + $Id: net.c,v 1.35.4.93 2001/01/11 11:19:08 guus Exp $ */ #include "config.h" @@ -1032,6 +1032,7 @@ cp { syslog(LOG_ERR, _("System call `%s' failed: %m"), "getpeername"); + close(sfd); return NULL; } @@ -1141,37 +1142,40 @@ cp if(cl->status.remove) return; - cl->status.remove = 1; - if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), cl->name, cl->hostname); + cl->status.remove = 1; + if(cl->socket) close(cl->socket); if(cl->status.meta) close(cl->meta_socket); - /* Find all connections that were lost because they were behind cl - (the connection that was dropped). */ - if(cl->status.meta) - for(node = connection_tree->head; node; node = node->next) - { - p = (connection_t *)node->data; - if(p->nexthop == cl && p != cl) - terminate_connection(p); - } + { + + /* Find all connections that were lost because they were behind cl + (the connection that was dropped). */ - /* Inform others of termination if it was still active */ + for(node = connection_tree->head; node; node = node->next) + { + p = (connection_t *)node->data; + if(p->nexthop == cl && p != cl) + terminate_connection(p); + } - if(cl->status.active) - for(node = connection_tree->head; node; node = node->next) - { - p = (connection_t *)node->data; - if(p->status.meta && p->status.active && p!=cl) - send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */ - } + /* Inform others of termination if it was still active */ + + if(cl->status.active) + for(node = connection_tree->head; node; node = node->next) + { + p = (connection_t *)node->data; + if(p->status.meta && p->status.active && p != cl) + send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */ + } + } /* Remove the associated subnets */ From b195e8815f0abb2c5527119221886b524d719019 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 13 Jan 2001 14:38:18 +0000 Subject: [PATCH 322/923] Added sample configuration directory. --- doc/sample-config/hosts/alpha | 13 +++++++++ doc/sample-config/hosts/alpha.key | 1 + doc/sample-config/hosts/beta | 14 ++++++++++ doc/sample-config/hosts/beta.key | 1 + doc/sample-config/rsa_key.priv | 1 + doc/sample-config/tinc-down | 7 +++++ doc/sample-config/tinc-up | 14 ++++++++++ doc/sample-config/tinc.conf | 23 ++++++++++++++++ doc/tinc.conf.sample | 46 ------------------------------- 9 files changed, 74 insertions(+), 46 deletions(-) create mode 100644 doc/sample-config/hosts/alpha create mode 100644 doc/sample-config/hosts/alpha.key create mode 100644 doc/sample-config/hosts/beta create mode 100644 doc/sample-config/hosts/beta.key create mode 100644 doc/sample-config/rsa_key.priv create mode 100644 doc/sample-config/tinc-down create mode 100644 doc/sample-config/tinc-up create mode 100644 doc/sample-config/tinc.conf delete mode 100644 doc/tinc.conf.sample diff --git a/doc/sample-config/hosts/alpha b/doc/sample-config/hosts/alpha new file mode 100644 index 00000000..95315e1f --- /dev/null +++ b/doc/sample-config/hosts/alpha @@ -0,0 +1,13 @@ +# Sample host configuration file + +# The real IP address of this tinc host. Can be used by other tinc hosts. +Address = 123.234.35.67 + +# Portnumber for incoming connections. Default is 655. +Port = 655 + +# Subnet on the virtual private network that is local for this host. +Subnet = 192.168.1.0/24 + +# The file in which the public key for this host is stored. Required. +PublicKeyFile = /etc/tinc/example/hosts/alpha.key diff --git a/doc/sample-config/hosts/alpha.key b/doc/sample-config/hosts/alpha.key new file mode 100644 index 00000000..ac135363 --- /dev/null +++ b/doc/sample-config/hosts/alpha.key @@ -0,0 +1 @@ +# Generate this file with `tincd -n example -K` diff --git a/doc/sample-config/hosts/beta b/doc/sample-config/hosts/beta new file mode 100644 index 00000000..9e357b22 --- /dev/null +++ b/doc/sample-config/hosts/beta @@ -0,0 +1,14 @@ +# Sample host configuration file +# This file was generated by host beta. + +# The real IP address of this tinc host. Can be used by other tinc hosts. +Address = 123.45.67.189 + +# Portnumber for incoming connections. Default is 655. +Port = 6500 + +# Subnet on the virtual private network that is local for this host. +Subnet = 192.168.2.0/24 + +# The file in which the public key for this host is stored. Required. +PublicKeyFile = /etc/tinc/example/hosts/beta.key diff --git a/doc/sample-config/hosts/beta.key b/doc/sample-config/hosts/beta.key new file mode 100644 index 00000000..4470b704 --- /dev/null +++ b/doc/sample-config/hosts/beta.key @@ -0,0 +1 @@ +# This file has not been generated by this host, but by beta. diff --git a/doc/sample-config/rsa_key.priv b/doc/sample-config/rsa_key.priv new file mode 100644 index 00000000..ac135363 --- /dev/null +++ b/doc/sample-config/rsa_key.priv @@ -0,0 +1 @@ +# Generate this file with `tincd -n example -K` diff --git a/doc/sample-config/tinc-down b/doc/sample-config/tinc-down new file mode 100644 index 00000000..9f3b499d --- /dev/null +++ b/doc/sample-config/tinc-down @@ -0,0 +1,7 @@ +#!/bin/sh +# This file closes down the tap device. +# Note that if you use the universal tun/tap driver, you don't +# need to do anything; once tinc quits the tap device is already +# removed by the kernel. + +ifconfig tap0 down diff --git a/doc/sample-config/tinc-up b/doc/sample-config/tinc-up new file mode 100644 index 00000000..98df7638 --- /dev/null +++ b/doc/sample-config/tinc-up @@ -0,0 +1,14 @@ +#!/bin/sh +# This file sets up the tap device. +# It gives you the freedom to do anything you want with it. +# Use the correct name for the tap device: +# For ethertap this is tap0, tap1, tap2 etcetera, +# but for the universal tun/tap device use $NETNAME. + +# Set hardware ethernet address (required!) +ifconfig tap0 hw ether fe:fd:0:0:0:0 + +# Give it the right ip and netmask. Remember, the subnet of the +# tap device must be larger than that of the individual Subnets +# as defined in the host configuration file! +ifconfig tap0 192.168.1.1 netmask 255.255.0.0 -arp diff --git a/doc/sample-config/tinc.conf b/doc/sample-config/tinc.conf new file mode 100644 index 00000000..ea5216ea --- /dev/null +++ b/doc/sample-config/tinc.conf @@ -0,0 +1,23 @@ +# Sample tinc configuration file + +# This is a comment. +# Spaces and tabs are eliminated. +# The = sign isn't strictly necessary any longer, though you may want +# to leave it in as it improves readability :) +# Variable names are treated case insensitive. + +# The name of this tinc host. Required. +Name = alpha + +# The internet host to connect with. +# Comment these out to make yourself a listen-only connection +# You must use the name of another tinc host. +# May be used multiple times for redundance. +ConnectTo = beta + +# The tap device tinc will use. Required. +# Default is /dev/tap0 +TapDevice = /dev/tap1 + +# The file in which the private key for this host is stored. Required. +PrivateKeyFile = /etc/tinc/example/rsa_key.priv diff --git a/doc/tinc.conf.sample b/doc/tinc.conf.sample deleted file mode 100644 index bbccc440..00000000 --- a/doc/tinc.conf.sample +++ /dev/null @@ -1,46 +0,0 @@ -# Sample tinc configuration file - -# This is a comment. -# Spaces and tabs are eliminated. -# The = sign isn't strictly necessary any longer, though you may want -# to leave it in as it improves readability :) -# Variable names are treated case insensitive. - -# The internet host to connect with -# comment these out to make yourself a listen-only connection -# You may use an IP address or its FQDN. -ConnectTo = 1.2.3.4 - -# Connect to which port of the `ConnectTo' host - -# It is advised that you only connect to ports that are < 1024, -# because some malicious (non-root) user may run a fake tincd on ports -# above 1024. -# The default port is 655, the port that has been assigned to tinc -# by the IANA. If you want tincd to listen on any other port than 655, -# you can use ListenPort for the `server', and ConnectPort for the -# `client'. - -# You may use the prefixes 0x or 0 to denote a hexadecimal or octal -# number respectively. -ConnectPort = 0x300 - -# Listen on which port -ListenPort = 200 - -# My own VPN IP -# You may use the /nn notation to indicate the number of bits used for -# the mask, /8 is equivalent to the netmask 255.0.0.0 (the first 8 -# bits are set to 1). -MyOwnVPNIP = 10.x.x.x/8 - -# VPN Netmask -# You'll need this option if you use the Debian or Redhat init -# scripts. Put in here a netmask that covers your entire VPN network; -# it is used to set routes from the init script, tinc itself ignores -# it. -VpnMask = 255.255.0.0 - -# Which local file? -# Default is /dev/tap0 -TapDevice = /dev/tap1 From 44c85ab07ed07165b80140da4e2910ca51fa8887 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 13 Jan 2001 14:56:46 +0000 Subject: [PATCH 323/923] - Copy entire sample-config directory to /etc/tinc/example upon installing. --- debian/rules | 7 +- debian/tinc-down | 189 ----------------------------------------------- debian/tinc-up | 158 --------------------------------------- 3 files changed, 2 insertions(+), 352 deletions(-) delete mode 100644 debian/tinc-down delete mode 100644 debian/tinc-up diff --git a/debian/rules b/debian/rules index 6a543ec7..568c809e 100644 --- a/debian/rules +++ b/debian/rules @@ -42,12 +42,9 @@ install: build dh_installdirs $(MAKE) install DESTDIR=`pwd`/debian/tmp - mkdir -p `pwd`/debian/tmp/etc/tinc/example - cp doc/tinc.conf.sample `pwd`/debian/tmp/etc/tinc/example/tinc.conf + mkdir -p `pwd`/debian/tmp/etc/tinc + cp -a doc/sample-config `pwd`/debian/tmp/etc/tinc/example ln -s /usr/share/doc/tinc/README.Debian `pwd`/debian/tmp/etc/tinc/example/README - cp debian/tinc-up debian/tmp/etc/tinc/example - cp debian/tinc-down debian/tmp/etc/tinc/example - chmod 700 debian/tmp/etc/tinc/example/tinc-up debian/tmp/etc/tinc/example/tinc-down # Build architecture-independent files here. diff --git a/debian/tinc-down b/debian/tinc-down deleted file mode 100644 index 17eb92b4..00000000 --- a/debian/tinc-down +++ /dev/null @@ -1,189 +0,0 @@ -#! /usr/bin/perl -w -# -# System startup script for tinc -# $Id: tinc-down,v 1.1.2.1 2000/11/24 16:52:57 zarq Exp $ -# -# Based on Lubomir Bulej's Redhat init script. -# -# Create a file $NETSFILE (/etc/tinc/nets.boot), and put all the names of -# the networks in there. These names must be valid directory names under -# $TCONF (/etc/tinc). Lines starting with a # will be ignored in this -# file. -# - -my $DAEMON="/usr/sbin/tincd"; -my $NAME="tinc"; -my $DESC="tinc daemons"; -my $TCONF="/etc/tinc"; -my $EXTRA=""; -my $NETSFILE="$TCONF/nets.boot"; -my @NETS=(); - - -if (! -f $DAEMON) { exit 0; } - - - -sub find_nets { - if(! open(FH, $NETSFILE)) { - warn "Please create $NETSFILE.\n"; - exit 0; - } - while () { - chomp; - if( /^[ ]*([^ \#]+)/i ) { - push(@NETS, "$1"); - } - } - if($#NETS == -1) { - warn "$NETSFILE doesn't contain any nets.\n"; - exit 0; - } - -} - - -############################################################################## -# vpn_load () Loads VPN configuration -# -# $_[0] ... VPN to load - -sub vpn_load { - my @addr; - $CFG="$TCONF/$_[0]/tinc.conf"; - if(! open($CFG, "< $CFG")) { - warn "tinc: $CFG does not exist\n"; - return 0; - } - - # load TINCD config - while(<$CFG>) { - if( /^[ ]*TapDevice[ =]+([^ \#]+)/i ) { - $DEV=$1; - chomp($DEV); - $DEV =~ s/^.*\/([^\/0-9]+)([0-9]+)$/$1$2/; - $NUM = $2; - } elsif ( /^[ ]*(MyOwnVPNIP|MyVirtualIP)[ =]+([^ \#]+)/i ) { - $VPN=$2; - chomp($VPN); - } elsif ( /^[ ]*VpnMask[ =]+([^ \#]+)/i ) { - $VPNMASK=$1; - chomp($VPNMASK); - } - } - if(!defined($DEV)) { - warn "tinc: There must be a TapDevice\n"; - return 0; - } - if($DEV eq "") { - warn "tinc: TapDevice should be of the form /dev/tapN\n"; - return 0; - } - if(!defined($VPN)) { - warn "tinc: MyVirtualIP required\n"; - return 0; - } - if($VPN eq "") { - warn "tinc: No argument to MyVirtualIP/MyOwnVPNIP\n"; - return 0; - } - if(defined($VPNMASK) && $VPNMASK eq "") { - warn "tinc: Invalid argument to VpnMask\n"; - return 0; - } - - $ADR = $VPN; - $ADR =~ s/^([^\/]+)\/.*$/$1/; - $LEN = $VPN; - $LEN =~ s/^.*\/([^\/]+)$/$1/; - if($ADR eq "" || $LEN eq "") { - warn "tinc: Badly formed MyVirtualIP/MyOwnVPNIP\n"; - return 0; - } - @addr = split(/\./, $ADR); - - $ADR = pack('C4', @addr); - $MSK = pack('N4', -1 << (32 - $LEN)); - $BRD = join(".", unpack('C4', $ADR | ~$MSK)); - $MAC = "fe:fd:" . join(":", map { sprintf "%02x", $_ } unpack('C4', $ADR)); - - if(!defined($VPNMASK)) { - $VPNMASK = $MSK; - $VPNMASK = join(".", unpack('C4', $VPNMASK)); - } - $ADR = join(".", unpack('C4', $ADR)); - $MSK = join(".", unpack('C4', $MSK)); - - 1; -} - - -############################################################################## -# vpn_start () starts specified VPN -# -# $_[0] ... VPN to start - -sub vpn_start { - vpn_load($_[0]) || return 0; - - system("insmod ethertap -s --name=\"ethertap$NUM\" unit=\"$NUM\" >/dev/null"); - system("ifconfig $DEV hw ether $MAC"); - system("ifconfig $DEV $ADR netmask $VPNMASK broadcast $BRD mtu 1448 -arp"); - system("start-stop-daemon --start --quiet --pidfile /var/run/$NAME.$_[0].pid --exec $DAEMON -- -n $_[0] $EXTRA"); -} - - - - -############################################################################## -# vpn_stop () Stops specified VPN -# -# $_[0] ... VPN to stop - -sub vpn_stop { - vpn_load($_[0]) || return 1; - - system("start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.$_[0].pid --exec $DAEMON -- -n $_[0] $EXTRA -k"); - - system("ifconfig $DEV down"); - system("rmmod ethertap$NUM -s"); -} - - -if(!defined($ARGV[0])) { - die "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}\n"; -} - -if($ARGV[0] eq "start") { - find_nets; - print "Starting $DESC:"; - foreach $n (@NETS) { - print " $n"; - vpn_start($n); - } - print ".\n"; -} elsif ($ARGV[0] eq "stop") { - find_nets; - print "Stopping $DESC:"; - foreach $n (@NETS) { - print " $n"; - vpn_stop($n); - } - print ".\n"; -} elsif ($ARGV[0] eq "restart" || $ARGV[0] eq "force-reload") { - find_nets; - print "Stopping $DESC:"; - foreach $n (@NETS) { - print " $n"; - vpn_stop($n); - } - print ".\n"; - print "Starting $DESC:"; - foreach $n (@NETS) { - print " $n"; - vpn_start($n); - } - print ".\n"; -} else { - die "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}\n"; -} diff --git a/debian/tinc-up b/debian/tinc-up deleted file mode 100644 index 0e40d76a..00000000 --- a/debian/tinc-up +++ /dev/null @@ -1,158 +0,0 @@ -#! /usr/bin/perl -w -# -# Device configuration script for tinc -# $Id: tinc-up,v 1.1.2.2 2000/12/22 16:54:56 zarq Exp $ -# -# Based on Lubomir Bulej's Redhat init script. -# -# This file is called after the tap device is opened by tinc. The -# environment variable IFNAME contains the name of the device; NETNAME -# contains the name of the network that was started. - -my $IFNAME=$ENV{"IFNAME"}; -my $NETNAME=$ENV{"NETNAME"}; - - -############################################################################## -# vpn_load () Loads VPN configuration -# -# $_[0] ... VPN to load - -sub vpn_load { - my @addr; - $CFG="$TCONF/$_[0]/tinc.conf"; - if(! open($CFG, "< $CFG")) { - warn "tinc: $CFG does not exist\n"; - return 0; - } - - # load TINCD config - while(<$CFG>) { - if( /^[ ]*TapDevice[ =]+([^ \#]+)/i ) { - $DEV=$1; - chomp($DEV); - $DEV =~ s/^.*\/([^\/0-9]+)([0-9]+)$/$1$2/; - $NUM = $2; - } elsif ( /^[ ]*(MyOwnVPNIP|MyVirtualIP)[ =]+([^ \#]+)/i ) { - $VPN=$2; - chomp($VPN); - } elsif ( /^[ ]*VpnMask[ =]+([^ \#]+)/i ) { - $VPNMASK=$1; - chomp($VPNMASK); - } - } - if(!defined($DEV)) { - $DEV = "/dev/tap0"; - } - if($DEV eq "") { - warn "tinc: TapDevice should be of the form /dev/tapN\n"; - return 0; - } - if(!defined($VPN)) { - warn "tinc: MyVirtualIP required\n"; - return 0; - } - if($VPN eq "") { - warn "tinc: No argument to MyVirtualIP/MyOwnVPNIP\n"; - return 0; - } - if(defined($VPNMASK) && $VPNMASK eq "") { - warn "tinc: Invalid argument to VpnMask\n"; - return 0; - } - - $ADR = $VPN; - $ADR =~ s/^([^\/]+)\/.*$/$1/; - $LEN = $VPN; - $LEN =~ s/^.*\/([^\/]+)$/$1/; - if($ADR eq "" || $LEN eq "") { - warn "tinc: Badly formed MyVirtualIP/MyOwnVPNIP\n"; - return 0; - } - @addr = split(/\./, $ADR); - - $ADR = pack('C4', @addr); - $MSK = pack('N4', -1 << (32 - $LEN)); - $BRD = join(".", unpack('C4', $ADR | ~$MSK)); - $MAC = "fe:fd:00:00:00:00"; - - if(!defined($VPNMASK)) { - $VPNMASK = $MSK; - $VPNMASK = join(".", unpack('C4', $VPNMASK)); - } - $ADR = join(".", unpack('C4', $ADR)); - $MSK = join(".", unpack('C4', $MSK)); - - 1; -} - - -############################################################################## -# vpn_start () starts specified VPN -# -# $_[0] ... VPN to start - -sub vpn_start { - vpn_load($_[0]) || return 0; - - system("insmod ethertap -s --name=\"ethertap$NUM\" unit=\"$NUM\" >/dev/null"); - system("ifconfig $DEV hw ether $MAC"); - system("ifconfig $DEV $ADR netmask $VPNMASK broadcast $BRD mtu 1448 -arp"); - system("start-stop-daemon --start --quiet --pidfile /var/run/$NAME.$_[0].pid --exec $DAEMON -- -n $_[0] $EXTRA"); -} - - - - -############################################################################## -# vpn_stop () Stops specified VPN -# -# $_[0] ... VPN to stop - -sub vpn_stop { - vpn_load($_[0]) || return 1; - - system("start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.$_[0].pid --exec $DAEMON -- -n $_[0] $EXTRA -k"); - - system("ifconfig $DEV down"); - system("rmmod ethertap$NUM -s"); -} - - -if(!defined($ARGV[0])) { - die "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}\n"; -} - -if($ARGV[0] eq "start") { - find_nets; - print "Starting $DESC:"; - foreach $n (@NETS) { - print " $n"; - vpn_start($n); - } - print ".\n"; -} elsif ($ARGV[0] eq "stop") { - find_nets; - print "Stopping $DESC:"; - foreach $n (@NETS) { - print " $n"; - vpn_stop($n); - } - print ".\n"; -} elsif ($ARGV[0] eq "restart" || $ARGV[0] eq "force-reload") { - find_nets; - print "Stopping $DESC:"; - foreach $n (@NETS) { - print " $n"; - vpn_stop($n); - } - print ".\n"; - print "Starting $DESC:"; - foreach $n (@NETS) { - print " $n"; - vpn_start($n); - } - print ".\n"; -} else { - die "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}\n"; -} From a56df1e06be3f47a775919e564c147687e961b5d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 13 Jan 2001 16:36:23 +0000 Subject: [PATCH 324/923] - Allow ASN1 style keys to be in the config files. Note: tinc ignores private key in the main config file, tinc.conf, because it should really be in a separate file. - When generating new keys, check if name is known and by default append the public key to the host configuration file (otherwise rsa_key.pub). --- src/conf.c | 71 ++++++++++++++++++++++++++++++----------------------- src/conf.h | 4 +-- src/net.c | 33 ++++++++++++++++++++----- src/tincd.c | 28 ++++++++++++++++----- 4 files changed, 91 insertions(+), 45 deletions(-) diff --git a/src/conf.c b/src/conf.c index 2643785c..9e8b49b1 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.38 2001/01/07 17:08:55 guus Exp $ + $Id: conf.c,v 1.9.4.39 2001/01/13 16:36:20 guus Exp $ */ #include "config.h" @@ -228,7 +228,7 @@ int read_config_file(config_t **base, const char *fname) FILE *fp; char *buffer, *line; char *p, *q; - int i, lineno = 0; + int i, lineno = 0, ignore = 0; config_t *cfg; size_t bufsize; @@ -265,35 +265,44 @@ cp if(p[0] == '#') continue; /* comment: ignore */ - for(i = 0; hazahaza[i].name != NULL; i++) - if(!strcasecmp(hazahaza[i].name, p)) - break; + if(!strcmp(p, "-----BEGIN")) + ignore = 1; + + if(ignore == 0) + { + for(i = 0; hazahaza[i].name != NULL; i++) + if(!strcasecmp(hazahaza[i].name, p)) + break; - if(!hazahaza[i].name) - { - syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"), - p, lineno, fname); - break; - } + if(!hazahaza[i].name) + { + syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"), + p, lineno, fname); + break; + } - if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#') - { - syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), - hazahaza[i].name, lineno, fname); - break; - } + if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#') + { + syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), + hazahaza[i].name, lineno, fname); + break; + } - cfg = add_config_val(base, hazahaza[i].argtype, q); - if(cfg == NULL) - { - syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"), - hazahaza[i].name, lineno, fname); - break; - } + cfg = add_config_val(base, hazahaza[i].argtype, q); + if(cfg == NULL) + { + syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"), + hazahaza[i].name, lineno, fname); + break; + } - cfg->which = hazahaza[i].which; - if(!config) - config = cfg; + cfg->which = hazahaza[i].which; + if(!config) + config = cfg; + } + + if(!strcmp(p, "-----END")) + ignore = 0; } free(buffer); @@ -462,7 +471,7 @@ check2: return 1; } -FILE *ask_and_safe_open(const char* filename, const char* what) +FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode) { FILE *r; char *directory; @@ -509,14 +518,14 @@ FILE *ask_and_safe_open(const char* filename, const char* what) umask(0077); /* Disallow everything for group and other */ /* Open it first to keep the inode busy */ - if((r = fopen(fn, "w")) == NULL) + if((r = fopen(fn, mode)) == NULL) { fprintf(stderr, _("Error opening file `%s': %m\n"), fn); free(fn); return NULL; } - + /* Then check the file for nasty attacks */ if(!is_safe_path(fn)) /* Do not permit any directories that are readable or writeable by other users. */ @@ -530,6 +539,6 @@ FILE *ask_and_safe_open(const char* filename, const char* what) } free(fn); - + return r; } diff --git a/src/conf.h b/src/conf.h index dce3802f..5223864f 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.21 2001/01/07 17:08:56 guus Exp $ + $Id: conf.h,v 1.6.4.22 2001/01/13 16:36:21 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -99,6 +99,6 @@ extern int read_config_file(config_t **, const char *); extern const config_t *get_config_val(config_t *, which_t type); extern void clear_config(); extern int read_server_config(void); -extern FILE *ask_and_safe_open(const char*, const char*); +extern FILE *ask_and_safe_open(const char*, const char*, const char *); #endif /* __TINC_CONF_H__ */ diff --git a/src/net.c b/src/net.c index 074c271d..5a456832 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.93 2001/01/11 11:19:08 guus Exp $ + $Id: net.c,v 1.35.4.94 2001/01/13 16:36:21 guus Exp $ */ #include "config.h" @@ -610,17 +610,24 @@ int read_rsa_public_key(connection_t *cl) { config_t const *cfg; FILE *fp; + char *fname; void *result; cp if(!cl->rsa_key) cl->rsa_key = RSA_new(); + /* First, check for simple PublicKey statement */ + if((cfg = get_config_val(cl->config, config_publickey))) { BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr); BN_hex2bn(&cl->rsa_key->e, "FFFF"); + return 0; } - else if((cfg = get_config_val(cl->config, config_publickeyfile))) + + /* Else, check for PublicKeyFile statement and read it */ + + if((cfg = get_config_val(cl->config, config_publickeyfile))) { if(is_safe_path(cfg->data.ptr)) { @@ -638,17 +645,31 @@ cp cfg->data.ptr); return -1; } + return 0; } else return -1; } - else + + /* Else, check if a harnessed public key is in the config file */ + + asprintf(&fname, "%s/hosts/%s", confbase, cl->name); + if((fp = fopen(fname, "r"))) { - syslog(LOG_ERR, _("No public key for %s specified!"), cl->name); - return -1; + result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL); + fclose(fp); + free(fname); + if(result) + return 0; } + + free(fname); + + /* Nothing worked. */ + + syslog(LOG_ERR, _("No public key for %s specified!"), cl->name); cp - return 0; + return -1; } int read_rsa_private_key(void) diff --git a/src/tincd.c b/src/tincd.c index 8eb0be5e..b1f0eb59 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.41 2001/01/07 17:09:07 guus Exp $ + $Id: tincd.c,v 1.10.4.42 2001/01/13 16:36:23 guus Exp $ */ #include "config.h" @@ -229,6 +229,7 @@ int keygen(int bits) { RSA *rsa_key; FILE *f; + config_t const *cfg; char *filename; fprintf(stderr, _("Generating %d bits keys:\n"), bits); @@ -242,16 +243,28 @@ int keygen(int bits) else fprintf(stderr, _("Done.\n")); - asprintf(&filename, "%s/rsa_key.pub", confbase); - if((f = ask_and_safe_open(filename, _("public RSA key"))) == NULL) + if(config && (cfg = get_config_val(config, config_name))) + asprintf(&filename, "%s/hosts/%s", confbase, cfg->data.ptr); + else + asprintf(&filename, "%s/rsa_key.priv"); + + if((f = ask_and_safe_open(filename, _("public RSA key"), "a")) == NULL) return -1; + + if(ftell(f)) + fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.")); + PEM_write_RSAPublicKey(f, rsa_key); fclose(f); free(filename); asprintf(&filename, "%s/rsa_key.priv", confbase); - if((f = ask_and_safe_open(filename, _("private RSA key"))) == NULL) + if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL) return -1; + + if(ftell(f)) + fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.")); + PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); fclose(f); free(filename); @@ -334,8 +347,11 @@ cp RAND_load_file("/dev/urandom", 1024); cp if(generate_keys) - exit(keygen(generate_keys)); - + { + read_server_config(); + exit(keygen(generate_keys)); + } + if(kill_tincd) exit(kill_other()); From 54e19d34663cfe4af05e9e1dac94f76e39858f18 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 17 Jan 2001 01:30:05 +0000 Subject: [PATCH 325/923] Fix error reporting of read_config --- src/conf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/conf.c b/src/conf.c index 9e8b49b1..93c0fa3f 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.39 2001/01/13 16:36:20 guus Exp $ + $Id: conf.c,v 1.9.4.40 2001/01/17 01:30:05 zarq Exp $ */ #include "config.h" @@ -236,7 +236,7 @@ cp if((fp = fopen (fname, "r")) == NULL) { syslog(LOG_ERR, _("Cannot open config file %s: %m"), fname); - return -1; + return -3; } bufsize = 100; @@ -318,7 +318,7 @@ int read_server_config() cp asprintf(&fname, "%s/tinc.conf", confbase); x = read_config_file(&config, fname); - if(x == -1) /* System error */ + if(x == -1) /* System error: complain */ { syslog(LOG_ERR, _("Failed to read `%s': %m"), fname); From a893b05cb017c04871c2faf4099f104985f4ad75 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 17 Jan 2001 01:30:32 +0000 Subject: [PATCH 326/923] Set Architecture to `any' --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 0b6032c5..d08a1d6e 100644 --- a/debian/control +++ b/debian/control @@ -7,7 +7,7 @@ Build-Depends: libc6-dev, libssl096-dev, autoconf (>= 2.12), automake, debhelper, gettext Package: tinc -Architecture: i386 alpha +Architecture: all Depends: ${shlibs:Depends}, ${perl:Depends} Description: Virtual Private Network daemon tinc is a daemon with which you can create a virtual private network From b236ddb1df16f8eb025d485b75153c4f25f4afc6 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 17 Jan 2001 01:31:56 +0000 Subject: [PATCH 327/923] Change version to 1.0pre4 --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 9d40f7af..e55dc9e0 100644 --- a/configure.in +++ b/configure.in @@ -1,9 +1,9 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.29 2000/12/22 21:34:19 guus Exp $ +dnl $Id: configure.in,v 1.13.2.30 2001/01/17 01:31:56 zarq Exp $ AC_INIT(src/tincd.c) -AM_INIT_AUTOMAKE(tinc, 1.0pre4-cvs) +AM_INIT_AUTOMAKE(tinc, 1.0pre4) AM_CONFIG_HEADER(config.h) dnl Include the macros from the m4/ directory From 457c6fa7b63a7f2971314d8d63af71c880ec6f53 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 17 Jan 2001 01:34:08 +0000 Subject: [PATCH 328/923] Second draft of the release notes --- NEWS | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 7062c002..d7282fa7 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,16 @@ -version 1.0pre4 UNRELEASED +version 1.0pre4 Jan 17 2000 + +* Updated documentation; the documentation now reflects the + configuration as it is. + +* Some internal changes to make tinc scale better for large + networks, such as using AVL trees instead of linked lists for the + connection list. + +* RSA keys can be stored in separate files if needed. See the + documentation for more information. + +* tinc has now been reported to run on Linux PowerPC and FreeBSD x86. From 1d898e00a964ef922617683a1d29ff24e56ed8ff Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 17 Jan 2001 01:40:46 +0000 Subject: [PATCH 329/923] Merged documentation with various updates I had lying around --- doc/tinc.texi | 77 ++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 58 insertions(+), 19 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 32ebec3e..80878446 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -17,7 +17,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $ +$Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -42,7 +42,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.12 2001/01/07 17:08:47 guus Exp $ +$Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -613,6 +613,7 @@ VpnMask configuration variable. * Multiple networks:: * How connections work:: * Configuration file:: +* Required directives:: * Example:: @end menu @@ -657,7 +658,7 @@ will try to connect to it, on the given port. If this fails, tinc exits. @c ================================================================== -@node Configuration file, Example, How connections work, Configuring tinc +@node Configuration file, Required directives, How connections work, Configuring tinc @section Configuration file The actual configuration of the daemon is done in the file @@ -726,10 +727,30 @@ on several interfaces at the same time though, if they share the same IP address. @item KeyExpire = (3600) -This option controls the time the encryption keys used to encrypt the -data are valid. It is common practice to change keys at regular -intervals to make it even harder for crackers, even though it is thought -to be nearly impossible to crack a single key. +This option controls the time the encryption keys used to encrypt the data +are valid. It is common practice to change keys at regular intervals to +make it even harder for crackers, even though it is thought to be nearly +impossible to crack a single key. + +@item ListenPort = (655) +Listen on local port port. The computer connecting to this daemon should +use this number as the argument for his ConnectPort. + +@item MyOwnVPNIP = (required) +The local address is the number that the daemon will propagate to +other daemons on the network when it is identifying itself. Hence this +will be the file name of the passphrase file that the other end expects +to find the passphrase in. + +The local address is the IP address of the tap device, not the real IP +address of the host running tincd. Due to changes in recent kernels, it +is also necessary that you make the ethernet (also known as MAC) address +equal to the IP address (see the example). + +maskbits is the number of bits set to 1 in the netmask part. + +@item MyVirtualIP = +This is an alias for MyOwnVPNIP. @item @strong{Name = } This is a symbolic name for this connection. It can be anything @@ -740,7 +761,7 @@ probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. -@item PrivateKey = +@item @strong{PrivateKey = } This is the RSA private key for tinc. However, for safety reasons it is advised to store private keys of any kind in separate files. This prevents accidental eavesdropping if you are editting the configuration file. @@ -750,17 +771,35 @@ This is the full path name of the RSA private key file that was generated by ``tincd --generate-keys''. It must be a full path, not a relative directory. -Note that exactly @strong{one of the above two options} must be specified. +@item PublicKey = +This is the full path name of the RSA public key file that was generated +by ``tincd --generate-keys''. It must be a full path, not a relative +directory. (NOTE: In version 1.0pre3, this variable was used to give +the key inline. This is no longer supported.) + +@item Subnet = +This is the subnet range of all IP addresses that will be accepted by +the host that defines it. Please be careful that no two subnets +overlap. Every host @strong{must} have a different range of IP +addresses that it can handle, otherwise you will see messages like +`packet comes back to us'. @item TapDevice = (/dev/tap0) The ethertap device to use. Note that you can only use one device per daemon. The info pages of the tinc package contain more information about configuring an ethertap device for Linux. -@item VpnMask = -The mask that defines the scope of the entire VPN. This option is not -used by the tinc daemon itself, but can be used by startup scripts to -configure the ethertap devices correctly. +@item TCPonly = (no, experimental) +If this variable is set to yes, then the packets are tunnelled over a TCP +connection instead of a UDP connection. This is especially useful for those +who want to run a tinc daemon from behind a masquerading firewall, or if +UDP packet routing is disabled somehow. This is experimental code, +try this at your own risk. + +@item VpnMask = (optional) +The mask that defines the scope of the entire VPN. This option is not used +by the tinc daemon itself, but can be used by startup scripts to configure +the ethertap devices correctly. @end table @@ -892,7 +931,7 @@ there. If you get an error, you can check @ref{Error messages}. @c ================================================================== -@node Example, , Configuration file, Configuring tinc +@node Example, , Required directives, Configuring tinc @section Example @@ -1193,10 +1232,8 @@ level of 5 or higher! @item Network address and subnet mask do not match! @table @bullet -@item The Subnet field must contain a network address. That means that -the lower order bits of the address must be zero. For example, 192.168.1.1/24 -is wrong, you should use 192.168.1.0/24. -@item If you only want to use one IP address, set the netmask to /32. +@item The Subnet field must contain a network address +If you only want to use one IP address, set the netmask to /32. @end table @item This is a bug: net.c:253: 24: Some error @@ -1217,11 +1254,13 @@ files are bound to be in a different directory. @end table +@end table @c ================================================================== @node Technical information, About us, Running tinc, Top @chapter Technical information + @menu * The Connection:: * Security:: From 664f7e5c0b9056d88e2b63b3626ea33c4894387b Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 17 Jan 2001 01:47:39 +0000 Subject: [PATCH 330/923] Get the Debian changelog up to date --- debian/changelog | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/debian/changelog b/debian/changelog index fc830435..20a39cd5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,15 @@ tinc (1.0pre4-1) unstable; urgency=low - * New upstream version - * Added universal tinc-up and tinc-down scripts - * + * New upstream version. - -- Ivo Timmermans Sun, 3 Dec 2000 13:24:10 +0100 + -- Ivo Timmermans Wed, 17 Jan 2001 02:42:49 +0100 + +tinc (1.0pre3-2) unstable; urgency=low + + * Set architecture to any (Closes: #80451). + * Added tinc.modules with some useful module aliases. + + -- Ivo Timmermans Sat, 13 Jan 2001 16:10:57 +0100 tinc (1.0pre3-1) unstable; urgency=low From 6bc77a7710adcbc33331c45e1b6adf7089a42075 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 17 Jan 2001 01:48:44 +0000 Subject: [PATCH 331/923] Get the PO files up to date with the current source --- po/es.po | 216 +++++++++++++++++++++++++++++-------------------------- po/nl.po | 216 +++++++++++++++++++++++++++++-------------------------- 2 files changed, 226 insertions(+), 206 deletions(-) diff --git a/po/es.po b/po/es.po index 43ef2b61..09b7ed7c 100644 --- a/po/es.po +++ b/po/es.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2001-01-07 18:02+0100\n" +"POT-Creation-Date: 2001-01-12 21:04+0100\n" "PO-Revision-Date: 2000-11-26 15:20+0000\n" "Last-Translator: Enrique Zanardi \n" "Language-Team: Spanish \n" @@ -121,7 +121,7 @@ msgstr "Enviando paquete de %d bytes a %s (%s)" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/meta.c:100 src/net.c:991 +#: src/meta.c:100 src/net.c:1008 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Esto es un `bug': %s:%d: %d:%m %s (%s)" @@ -161,311 +161,311 @@ msgstr "Enviando paquete de %d bytes a %s (%s)" msgid "Error sending packet to %s (%s): %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/net.c:168 +#: src/net.c:173 #, fuzzy, c-format msgid "Writing packet of %d bytes to tap device" msgstr "Enviando paquete de %d bytes a %s (%s)" -#: src/net.c:178 +#: src/net.c:183 #, fuzzy, c-format msgid "Can't write to tun/tap device: %m" msgstr "No puedo escribir en el dispositivo tap: %m" -#: src/net.c:185 +#: src/net.c:190 #, fuzzy, c-format msgid "Can't write to ethertap device: %m" msgstr "No puedo escribir en el dispositivo tap: %m" -#: src/net.c:205 +#: src/net.c:210 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "¡Error intentando buscar %d.%d.%d.%d en la lista de conexiones!" -#: src/net.c:218 +#: src/net.c:223 #, c-format msgid "Packet with destination %d.%d.%d.%d is looping back to us!" msgstr "" -#: src/net.c:228 +#: src/net.c:233 #, fuzzy, c-format msgid "%s (%s) is not active, dropping packet" msgstr "%s (%s) no está listo, poniendo el paquete en cola" -#: src/net.c:241 +#: src/net.c:242 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "No conozco ninguna clave válida para %s (%s) aún, pongo el paquete en cola" -#: src/net.c:261 +#: src/net.c:265 #, fuzzy, c-format msgid "Flushing queue for %s (%s)" msgstr "Vaciando la cola de envíos para %s (%s)" -#: src/net.c:307 +#: src/net.c:311 #, c-format msgid "Could not open %s: %m" msgstr "No pude abrir %s: %m" -#: src/net.c:336 +#: src/net.c:340 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s es un dispositivo tun/tap del nuevo estilo" -#: src/net.c:361 +#: src/net.c:365 #, c-format msgid "Creating metasocket failed: %m" msgstr "Fallo al crear el metasocket: %m" -#: src/net.c:368 src/net.c:376 src/net.c:385 src/net.c:419 src/net.c:447 -#: src/net.c:456 src/net.c:510 src/net.c:949 src/net.c:958 src/net.c:1016 +#: src/net.c:372 src/net.c:380 src/net.c:389 src/net.c:423 src/net.c:451 +#: src/net.c:460 src/net.c:514 src/net.c:966 src/net.c:975 src/net.c:1033 #, c-format msgid "System call `%s' failed: %m" msgstr "" -#: src/net.c:395 +#: src/net.c:399 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "No puedo enlazar (bind) el `socket' de escucha a la interfaz %s: %m" -#: src/net.c:412 +#: src/net.c:416 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "No puedo enlazar (bind) al puerto %hd/tcp: %m" -#: src/net.c:440 +#: src/net.c:444 #, c-format msgid "Creating socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:469 src/net.c:971 +#: src/net.c:473 src/net.c:988 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "No puedo enlazar (bind) al puerto %hd/udp: %m" -#: src/net.c:486 +#: src/net.c:490 #, c-format msgid "Trying to connect to %s" msgstr "Intentando conectar con %s" -#: src/net.c:496 +#: src/net.c:500 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Error al crear el `socket' para %s puerto %d: %m" -#: src/net.c:521 +#: src/net.c:525 #, c-format msgid "%s port %hd: %m" msgstr "%s puerto %hd: %m" -#: src/net.c:529 +#: src/net.c:533 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl() para %s puerto %d: %m" -#: src/net.c:535 +#: src/net.c:539 #, c-format msgid "Connected to %s port %hd" msgstr "Conectado a %s puerto %hd" -#: src/net.c:554 +#: src/net.c:558 msgid "Invalid name for outgoing connection" msgstr "Nombre no válido para conexión saliente" -#: src/net.c:563 +#: src/net.c:567 #, c-format msgid "Error reading host configuration file for %s" msgstr "Error leyendo el fichero de configuración del `host' para %s" -#: src/net.c:570 +#: src/net.c:574 #, c-format msgid "No address specified for %s" msgstr "No se especificó dirección para %s" -#: src/net.c:577 +#: src/net.c:581 #, c-format msgid "Error looking up `%s': %m" msgstr "Error buscando `%s': %m" -#: src/net.c:587 +#: src/net.c:591 #, c-format msgid "Could not set up a meta connection to %s" msgstr "No he podido configurar una meta conexión a %s" -#: src/net.c:625 +#: src/net.c:629 #, fuzzy, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/net.c:633 +#: src/net.c:637 #, fuzzy, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Error recibiendo paquete: %m" -#: src/net.c:643 +#: src/net.c:647 #, c-format msgid "No public key for %s specified!" msgstr "" -#: src/net.c:668 +#: src/net.c:672 #, fuzzy, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/net.c:676 +#: src/net.c:680 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "" -#: src/net.c:683 +#: src/net.c:687 #, fuzzy msgid "No private key for tinc daemon specified!" msgstr "¡Se requiere un nombre para el demonio tinc!" -#: src/net.c:707 +#: src/net.c:711 msgid "Name for tinc daemon required!" msgstr "¡Se requiere un nombre para el demonio tinc!" -#: src/net.c:715 +#: src/net.c:719 msgid "Invalid name for myself!" msgstr "¡Nombre no válido para mí!" -#: src/net.c:724 +#: src/net.c:728 msgid "Cannot open host configuration file for myself!" msgstr "¡No puedo abrir el fichero de configuración de `host' para mí!" -#: src/net.c:765 +#: src/net.c:769 msgid "Network address and subnet mask do not match!" msgstr "" -#: src/net.c:774 +#: src/net.c:778 #, fuzzy msgid "Unable to set up a listening TCP socket!" msgstr "¡No puedo configurar un `socket' a la escucha!" -#: src/net.c:780 +#: src/net.c:784 #, fuzzy msgid "Unable to set up a listening UDP socket!" msgstr "¡No puedo configurar un `socket' a la escucha!" -#: src/net.c:804 +#: src/net.c:821 #, c-format msgid "Ready: listening on port %hd" msgstr "Listo: escuchando en el puerto %hd" -#: src/net.c:836 +#: src/net.c:853 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Sigo sin poder conectar con el otro, lo reintentaré en %d segundos." -#: src/net.c:887 +#: src/net.c:904 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Intento re-establecer la conexión saliente en %d segundos" -#: src/net.c:937 +#: src/net.c:954 #, c-format msgid "Opening UDP socket to %s" msgstr "Abriendo `socket' UDP a %s" -#: src/net.c:942 +#: src/net.c:959 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Error al crear el `socket' UDP: %m" -#: src/net.c:982 +#: src/net.c:999 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Error al conectar a %s puerto %d: %m" -#: src/net.c:1032 +#: src/net.c:1049 #, c-format msgid "Connection from %s port %d" msgstr "Conexión desde %s puerto %d" -#: src/net.c:1080 +#: src/net.c:1097 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Esto es un `bug': %s:%d: %d:%m" -#: src/net.c:1086 +#: src/net.c:1103 #, c-format msgid "Incoming data socket error: %s" msgstr "Error en el `socket' de recepción de datos: %s" -#: src/net.c:1092 +#: src/net.c:1109 #, c-format msgid "Receiving packet failed: %m" msgstr "Error recibiendo paquete: %m" -#: src/net.c:1100 +#: src/net.c:1117 #, c-format msgid "Received UDP packets on port %hd from unknown source %x:%hd" msgstr "" -#: src/net.c:1106 +#: src/net.c:1123 #, fuzzy, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Enviando paquete de %d bytes a %s (%s)" -#: src/net.c:1130 +#: src/net.c:1147 #, c-format msgid "Closing connection with %s (%s)" msgstr "Cerrando conexión con %s (%s)" -#: src/net.c:1175 +#: src/net.c:1192 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:1210 +#: src/net.c:1227 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) no respondió al PING" -#: src/net.c:1237 +#: src/net.c:1254 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Error al aceptar una nueva conexión: %m" -#: src/net.c:1245 +#: src/net.c:1262 msgid "Closed attempted connection" msgstr "Se ha cerrado la conexión que se intentaba realizar." -#: src/net.c:1300 +#: src/net.c:1317 #, fuzzy, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1309 +#: src/net.c:1326 #, fuzzy, c-format msgid "Error while reading from ethertap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1320 +#: src/net.c:1337 msgid "Received short packet from tap device" msgstr "" -#: src/net.c:1326 +#: src/net.c:1343 #, c-format msgid "Read packet of length %d from tap device" msgstr "" -#: src/net.c:1358 +#: src/net.c:1375 #, c-format msgid "Error while waiting for input: %m" msgstr "Error esperando entrada: %m" -#: src/net.c:1365 +#: src/net.c:1382 #, fuzzy msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." -#: src/net.c:1372 +#: src/net.c:1389 #, fuzzy msgid "Unable to reread configuration file, exiting" msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." -#: src/net.c:1398 +#: src/net.c:1415 #, fuzzy msgid "Regenerating symmetric key" msgstr "Generando claves de %d bits" @@ -610,158 +610,158 @@ msgstr "Intruso: longitud de desaf msgid "Received random meta key (unencrypted): %s" msgstr "" -#: src/protocol.c:602 +#: src/protocol.c:603 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Eliminando el registro viejo para %s en %s en favor de la nueva conexión " "desde %s" -#: src/protocol.c:618 +#: src/protocol.c:619 #, c-format msgid "Connection with %s (%s) activated" msgstr "Activada la conexión con %s (%s)." -#: src/protocol.c:683 +#: src/protocol.c:704 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s)" -#: src/protocol.c:691 +#: src/protocol.c:712 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "" "Recibí ADD_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:699 +#: src/protocol.c:720 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s): cadena de subred no válida" -#: src/protocol.c:707 +#: src/protocol.c:728 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "" "Aviso: recibí ADD_SUBNET desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:717 +#: src/protocol.c:738 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Recibí ADD_SUBNET para %s desde %s (%s) que no está en nuestra lista de " "conexiones" -#: src/protocol.c:760 +#: src/protocol.c:786 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s)" -#: src/protocol.c:768 +#: src/protocol.c:794 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "" "Recibí DEL_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:776 +#: src/protocol.c:802 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s): cadena de subred no válida" -#: src/protocol.c:786 +#: src/protocol.c:812 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "" "Aviso: recibí DEL_SUBNET desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:796 +#: src/protocol.c:822 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Recibí DEL_SUBNET para %s desde %s (%s) que no está en nuestra lista de " "conexiones" -#: src/protocol.c:836 +#: src/protocol.c:863 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Recibí ADD_HOST incorrecta desde %s (%s)" -#: src/protocol.c:844 +#: src/protocol.c:871 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "" "Recibí ADD_HOST incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:853 +#: src/protocol.c:880 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Aviso: recibí ADD_HOST desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:870 +#: src/protocol.c:897 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Recibí un ADD_HOST duplicado desde %s (%s) para %s (%s)" -#: src/protocol.c:878 +#: src/protocol.c:905 #, fuzzy, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Eliminando el registro viejo para %s en %s en favor de la nueva conexión " "desde %s" -#: src/protocol.c:928 +#: src/protocol.c:956 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Recibí DEL_HOST incorrecta desde %s (%s)" -#: src/protocol.c:937 +#: src/protocol.c:965 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "" "Recibí DEL_HOST incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:945 +#: src/protocol.c:973 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Aviso: recibí DEL_HOST desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:955 +#: src/protocol.c:983 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Recibí DEL_HOST desde %s (%s) para %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:964 +#: src/protocol.c:992 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Recibí DEL_HOST desde %s (%s) para %s que no concuerda" -#: src/protocol.c:1003 +#: src/protocol.c:1031 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Recibí STATUS incorrecta desde %s (%s)" -#: src/protocol.c:1010 +#: src/protocol.c:1038 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Mensaje de status desde %s (%s): %s: %s" -#: src/protocol.c:1033 +#: src/protocol.c:1061 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Recibí ERROR incorrecta desde %s (%s)" -#: src/protocol.c:1040 +#: src/protocol.c:1068 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Mensaje de error desde %s (%s): %s: %s" -#: src/protocol.c:1118 +#: src/protocol.c:1145 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Recibí KEY_CHANGED incorrecto desde %s (%s)" -#: src/protocol.c:1125 +#: src/protocol.c:1152 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -770,12 +770,12 @@ msgstr "" "Recibí KEY_CHANGED desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1154 +#: src/protocol.c:1181 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1161 +#: src/protocol.c:1188 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -784,7 +784,7 @@ msgstr "" "Recibí REQ_KEY desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1178 +#: src/protocol.c:1205 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -793,12 +793,12 @@ msgstr "" "Recibí REQ_KEY desde %s (%s) destino %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1214 +#: src/protocol.c:1241 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Recibí ANS_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1221 +#: src/protocol.c:1248 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -807,12 +807,12 @@ msgstr "" "Recibí ANS_KEY desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1232 +#: src/protocol.c:1259 #, fuzzy, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "Recibí ANS_KEY incorrecta desde %s (%s) origen %s: clave no válida" -#: src/protocol.c:1243 +#: src/protocol.c:1270 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -821,6 +821,16 @@ msgstr "" "Recibí ANS_KEY desde %s (%s) destino %s que no está en nuestra lista de " "conexiones" +#: src/protocol.c:1315 +#, fuzzy, c-format +msgid "Got bad PACKET from %s (%s)" +msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" + +#: src/protocol.c:1329 +#, fuzzy, c-format +msgid "Error during reception of PACKET from %s (%s): %m" +msgstr "Error enviando paquete a %s (%s): %m" + #: src/subnet.c:108 #, c-format msgid "subnet_compare() was called with unknown subnet type %d, restarting!" @@ -831,11 +841,11 @@ msgstr "" msgid "unknown" msgstr "desconocido" -#: src/subnet.c:308 +#: src/subnet.c:314 msgid "Subnet list:" msgstr "" -#: src/subnet.c:316 +#: src/subnet.c:322 msgid "End of subnet list." msgstr "" diff --git a/po/nl.po b/po/nl.po index cdede32b..61af612a 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre4\n" -"POT-Creation-Date: 2001-01-07 18:02+0100\n" +"POT-Creation-Date: 2001-01-12 21:04+0100\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -124,7 +124,7 @@ msgstr "Verzenden van %d bytes metadata naar %s (%s): %s" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:100 src/net.c:991 +#: src/meta.c:100 src/net.c:1008 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" @@ -164,307 +164,307 @@ msgstr "Verzending pakket van %d bytes naar %s (%s)" msgid "Error sending packet to %s (%s): %m" msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" -#: src/net.c:168 +#: src/net.c:173 #, c-format msgid "Writing packet of %d bytes to tap device" msgstr "Verzending pakket van %d bytes naar tap-apparaat" -#: src/net.c:178 +#: src/net.c:183 #, c-format msgid "Can't write to tun/tap device: %m" msgstr "Kan niet naar tun/tap apparaat schrijven: %m" -#: src/net.c:185 +#: src/net.c:190 #, c-format msgid "Can't write to ethertap device: %m" msgstr "Kan niet naar ethertap apparaat schrijven: %m" -#: src/net.c:205 +#: src/net.c:210 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" -#: src/net.c:218 +#: src/net.c:223 #, c-format msgid "Packet with destination %d.%d.%d.%d is looping back to us!" msgstr "Pakket met doeladres %d.%d.%d.%d komt terug naar ons!" -#: src/net.c:228 +#: src/net.c:233 #, c-format msgid "%s (%s) is not active, dropping packet" msgstr "%s (%s) is niet actief, pakket wordt genegeerd" -#: src/net.c:241 +#: src/net.c:242 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net.c:261 +#: src/net.c:265 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net.c:307 +#: src/net.c:311 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" -#: src/net.c:336 +#: src/net.c:340 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s is een nieuwe stijl tun/tap apparaat" -#: src/net.c:361 +#: src/net.c:365 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:368 src/net.c:376 src/net.c:385 src/net.c:419 src/net.c:447 -#: src/net.c:456 src/net.c:510 src/net.c:949 src/net.c:958 src/net.c:1016 +#: src/net.c:372 src/net.c:380 src/net.c:389 src/net.c:423 src/net.c:451 +#: src/net.c:460 src/net.c:514 src/net.c:966 src/net.c:975 src/net.c:1033 #, c-format msgid "System call `%s' failed: %m" msgstr "Systeemaanroep `%s' mislukte: %m" -#: src/net.c:395 +#: src/net.c:399 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:412 +#: src/net.c:416 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:440 +#: src/net.c:444 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:469 src/net.c:971 +#: src/net.c:473 src/net.c:988 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:486 +#: src/net.c:490 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:496 +#: src/net.c:500 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:521 +#: src/net.c:525 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:529 +#: src/net.c:533 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:535 +#: src/net.c:539 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:554 +#: src/net.c:558 msgid "Invalid name for outgoing connection" msgstr "Ongelige naam voor uitgaande verbinding" -#: src/net.c:563 +#: src/net.c:567 #, c-format msgid "Error reading host configuration file for %s" msgstr "Fout tijdens lezen host configuratie bestand voor %s" -#: src/net.c:570 +#: src/net.c:574 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:577 +#: src/net.c:581 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:587 +#: src/net.c:591 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:625 +#: src/net.c:629 #, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %m" -#: src/net.c:633 +#: src/net.c:637 #, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %m" -#: src/net.c:643 +#: src/net.c:647 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net.c:668 +#: src/net.c:672 #, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" -#: src/net.c:676 +#: src/net.c:680 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" # -#: src/net.c:683 +#: src/net.c:687 msgid "No private key for tinc daemon specified!" msgstr "Geen privé sleutel voor tinc daemon gespecificeerd!" -#: src/net.c:707 +#: src/net.c:711 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:715 +#: src/net.c:719 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:724 +#: src/net.c:728 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:765 +#: src/net.c:769 msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" -#: src/net.c:774 +#: src/net.c:778 msgid "Unable to set up a listening TCP socket!" msgstr "Kon geen TCP luistersocket aanmaken!" -#: src/net.c:780 +#: src/net.c:784 msgid "Unable to set up a listening UDP socket!" msgstr "Kon geen UDP luistersocket aanmaken!" -#: src/net.c:804 +#: src/net.c:821 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:836 +#: src/net.c:853 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:887 +#: src/net.c:904 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:937 +#: src/net.c:954 #, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:942 +#: src/net.c:959 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:982 +#: src/net.c:999 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:1032 +#: src/net.c:1049 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1080 +#: src/net.c:1097 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1086 +#: src/net.c:1103 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1092 +#: src/net.c:1109 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1100 +#: src/net.c:1117 #, c-format msgid "Received UDP packets on port %hd from unknown source %x:%hd" msgstr "Ontvangst UDP pakket op poort %hd van onbekende oorsprong %x:%hd" -#: src/net.c:1106 +#: src/net.c:1123 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net.c:1130 +#: src/net.c:1147 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1175 +#: src/net.c:1192 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:1210 +#: src/net.c:1227 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1237 +#: src/net.c:1254 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1245 +#: src/net.c:1262 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1300 +#: src/net.c:1317 #, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1309 +#: src/net.c:1326 #, c-format msgid "Error while reading from ethertap device: %m" msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1320 +#: src/net.c:1337 msgid "Received short packet from tap device" msgstr "Kort pakket ontvangen van tap apparaat" -#: src/net.c:1326 +#: src/net.c:1343 #, c-format msgid "Read packet of length %d from tap device" msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1358 +#: src/net.c:1375 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1365 +#: src/net.c:1382 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1372 +#: src/net.c:1389 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1398 +#: src/net.c:1415 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" @@ -608,150 +608,150 @@ msgstr "Indringer: verkeerde lengte voor meta sleutel van %s (%s)" msgid "Received random meta key (unencrypted): %s" msgstr "Meta sleutel ontvangen (niet versleuteld): %s" -#: src/protocol.c:602 +#: src/protocol.c:603 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:618 +#: src/protocol.c:619 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:683 +#: src/protocol.c:704 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" -#: src/protocol.c:691 +#: src/protocol.c:712 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:699 +#: src/protocol.c:720 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" -#: src/protocol.c:707 +#: src/protocol.c:728 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:717 +#: src/protocol.c:738 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg ADD_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:760 +#: src/protocol.c:786 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" -#: src/protocol.c:768 +#: src/protocol.c:794 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:776 +#: src/protocol.c:802 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:786 +#: src/protocol.c:812 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:796 +#: src/protocol.c:822 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg DEL_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:836 +#: src/protocol.c:863 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:844 +#: src/protocol.c:871 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:853 +#: src/protocol.c:880 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:870 +#: src/protocol.c:897 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:878 +#: src/protocol.c:905 #, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe verbinding" -#: src/protocol.c:928 +#: src/protocol.c:956 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:937 +#: src/protocol.c:965 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:945 +#: src/protocol.c:973 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:955 +#: src/protocol.c:983 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:964 +#: src/protocol.c:992 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:1003 +#: src/protocol.c:1031 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:1010 +#: src/protocol.c:1038 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:1033 +#: src/protocol.c:1061 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:1040 +#: src/protocol.c:1068 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:1118 +#: src/protocol.c:1145 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:1125 +#: src/protocol.c:1152 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -760,12 +760,12 @@ msgstr "" "Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1154 +#: src/protocol.c:1181 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:1161 +#: src/protocol.c:1188 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -774,7 +774,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1178 +#: src/protocol.c:1205 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -782,12 +782,12 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1214 +#: src/protocol.c:1241 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:1221 +#: src/protocol.c:1248 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -796,13 +796,13 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1232 +#: src/protocol.c:1259 #, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "" "Kreeg ongeldige ADD_KEY van %s (%s) herkomst %s: ongeldige sleutellengte" -#: src/protocol.c:1243 +#: src/protocol.c:1270 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -810,6 +810,16 @@ msgid "" msgstr "" "Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" +#: src/protocol.c:1315 +#, c-format +msgid "Got bad PACKET from %s (%s)" +msgstr "Kreeg ongeldig PAKKET van %s (%s)" + +#: src/protocol.c:1329 +#, c-format +msgid "Error during reception of PACKET from %s (%s): %m" +msgstr "Fout bij het ontvangen van PAKKET van %s (%s)" + #: src/subnet.c:108 #, c-format msgid "subnet_compare() was called with unknown subnet type %d, restarting!" @@ -822,11 +832,11 @@ msgstr "" msgid "unknown" msgstr "onbekend" -#: src/subnet.c:308 +#: src/subnet.c:314 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:316 +#: src/subnet.c:322 msgid "End of subnet list." msgstr "Einde van subnet lijst." From a73ec9caa45bda7738376a610030c8ba9b934445 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 18 Jan 2001 13:00:57 +0000 Subject: [PATCH 332/923] Fixed some errors --- doc/tinc.texi | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 80878446..20cd221b 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $ +@c $Id: tinc.texi,v 1.8.4.14 2001/01/18 13:00:57 zarq Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -17,7 +17,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $ +$Id: tinc.texi,v 1.8.4.14 2001/01/18 13:00:57 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -42,7 +42,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.13 2001/01/17 01:40:46 zarq Exp $ +$Id: tinc.texi,v 1.8.4.14 2001/01/18 13:00:57 zarq Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -613,7 +613,6 @@ VpnMask configuration variable. * Multiple networks:: * How connections work:: * Configuration file:: -* Required directives:: * Example:: @end menu @@ -658,7 +657,7 @@ will try to connect to it, on the given port. If this fails, tinc exits. @c ================================================================== -@node Configuration file, Required directives, How connections work, Configuring tinc +@node Configuration file, Example, How connections work, Configuring tinc @section Configuration file The actual configuration of the daemon is done in the file @@ -931,7 +930,7 @@ there. If you get an error, you can check @ref{Error messages}. @c ================================================================== -@node Example, , Required directives, Configuring tinc +@node Example, , Configuration file, Configuring tinc @section Example @@ -1254,8 +1253,6 @@ files are bound to be in a different directory. @end table -@end table - @c ================================================================== @node Technical information, About us, Running tinc, Top @chapter Technical information @@ -1380,7 +1377,7 @@ don't take it too serious. @end menu @c ================================================================== -@node Key Types, , Security, Security +@node Key Types, , Security, Security @subsection Key Types @c FIXME: check if I'm not talking nonsense From fe61e1ffef186aa509a50be3be83955fe1cbb514 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 18 Jan 2001 13:01:42 +0000 Subject: [PATCH 333/923] Distribute the sample config as a .tar.gz --- doc/Makefile.am | 2 +- doc/Makefile.maint | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/doc/Makefile.am b/doc/Makefile.am index 24e83df0..b62feb7e 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -14,7 +14,7 @@ HELP2MAN = help2man MAINTAINERCLEANFILES = $(dyn_MANS) EXTRA_DIST = $(man_MANS) $(HELP2MAN) $(man_aux) \ - Makefile.maint GNUmakefile Makefile.summ tinc.conf.sample + Makefile.maint GNUmakefile Makefile.summ sample-config.tar.gz # Use `ginstall' in the definition of man_MANS to avoid # confusion with the `install' target. The install rule transforms `ginstall' diff --git a/doc/Makefile.maint b/doc/Makefile.maint index e620be4a..947e338f 100644 --- a/doc/Makefile.maint +++ b/doc/Makefile.maint @@ -33,3 +33,6 @@ $(dyn_MANS): %.8: %.x $(HELP2MAN) echo "WARNING: The man page $@ cannot be updated yet."; \ echo " Retry once the corresponding executable is built."; \ fi + +sample-config.tar.gz: + GZIP=$(GZIP_ENV) $(TAR) chozf sample-config.tar.gz sample-config From bb4457d6caf6e424aeaf9b09222d4e62cab939da Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 18 Jan 2001 13:02:34 +0000 Subject: [PATCH 334/923] Unpack sample-config.tar.gz when installing --- debian/rules | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 568c809e..c07a0540 100644 --- a/debian/rules +++ b/debian/rules @@ -43,7 +43,8 @@ install: build $(MAKE) install DESTDIR=`pwd`/debian/tmp mkdir -p `pwd`/debian/tmp/etc/tinc - cp -a doc/sample-config `pwd`/debian/tmp/etc/tinc/example + cp -a doc/sample-config.tar.gz `pwd`/debian/tmp/etc/tinc/example + cd `pwd`/debian/tmp/etc/tinc/example && tar xzf sample-config.tar.gz && rm sample-config.tar.gz ln -s /usr/share/doc/tinc/README.Debian `pwd`/debian/tmp/etc/tinc/example/README From f777c1807d663eaef3e36c395094451214886898 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 6 Feb 2001 10:12:51 +0000 Subject: [PATCH 335/923] FreeBSD compile fixes (thanks to XeF4) --- lib/dropin.c | 6 ++++-- src/protocol.c | 8 ++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/dropin.c b/lib/dropin.c index 518a175d..9de5c2c5 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.3 2001/01/07 17:08:49 guus Exp $ + $Id: dropin.c,v 1.1.2.4 2001/02/06 10:12:51 guus Exp $ */ #include "config.h" @@ -31,6 +31,7 @@ #include #include +#include #ifndef HAVE_DAEMON /* @@ -113,6 +114,7 @@ char *get_current_dir_name(void) { size_t size; char *buf; + char *r; /* Start with 100 bytes. If this turns out to be insufficient to contain the working directory, double the size. */ @@ -123,7 +125,7 @@ char *get_current_dir_name(void) r = getcwd(buf, size); /* getcwd returns NULL and sets errno to ERANGE if the bufferspace is insufficient to contain the entire working directory. */ - while(r == NULL && errno = ERANGE) + while(r == NULL && errno == ERANGE) { free(buf); size <<= 1; /* double the size */ diff --git a/src/protocol.c b/src/protocol.c index a145c98e..5e72017d 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.76 2001/01/08 20:35:30 guus Exp $ + $Id: protocol.c,v 1.28.4.77 2001/02/06 10:12:51 guus Exp $ */ #include "config.h" @@ -1043,12 +1043,12 @@ cp return 0; } -int send_error(connection_t *cl, int errno, char *errstring) +int send_error(connection_t *cl, int err, char *errstring) { cp if(!errstring) - errstring = strerror(errno); - return send_request(cl, "%d %d %s", ERROR, errno, errstring); + errstring = strerror(err); + return send_request(cl, "%d %d %s", ERROR, err, errstring); } int error_h(connection_t *cl) From 4bc394a3e29f2f90434bbbfc9f23d5587398471b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 6 Feb 2001 10:13:22 +0000 Subject: [PATCH 336/923] Fix memory leak in avl_insert() if item was already inserted. --- lib/avl_tree.c | 45 ++++++++++++++++++++++++++++++++++++++------- lib/avl_tree.h | 4 ++-- 2 files changed, 40 insertions(+), 9 deletions(-) diff --git a/lib/avl_tree.c b/lib/avl_tree.c index 341ffeb6..8630d4d0 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -26,10 +26,10 @@ the code. Mail me if you found a bug. Cleaned up and incorporated some of the ideas from the red-black tree - library for inclusion into tinc (http://tinc.nl.linux.org) by + library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.4 2001/01/08 21:32:00 guus Exp $ + $Id: avl_tree.c,v 1.1.2.5 2001/02/06 10:13:21 guus Exp $ */ #include @@ -406,12 +406,43 @@ avl_node_t *avl_search_closest_greater_node(const avl_tree_t *tree, const void * avl_node_t *avl_insert(avl_tree_t *tree, void *data) { - avl_node_t *node; + avl_node_t *closest, *new; + int result; - node = avl_alloc_node(); - node->data = data; + if (!tree->root) + { + new = avl_alloc_node(); + new->data = data; + avl_insert_top(tree, new); + } + else + { + closest = avl_search_closest_node(tree, data, &result); + switch(result) + { + case -1: + new = avl_alloc_node(); + new->data = data; + avl_insert_before(tree, closest, new); + break; + case 1: + new = avl_alloc_node(); + new->data = data; + avl_insert_after(tree, closest, new); + break; + case 0: + return NULL; + } + } + +#ifdef AVL_COUNT + new->count = 1; +#endif +#ifdef AVL_DEPTH + new->depth = 1; +#endif - return avl_insert_node(tree, node); + return new; } avl_node_t *avl_insert_node(avl_tree_t *tree, avl_node_t *node) @@ -433,7 +464,7 @@ avl_node_t *avl_insert_node(avl_tree_t *tree, avl_node_t *node) avl_insert_after(tree, closest, node); break; case 0: - return closest; + return NULL; } } diff --git a/lib/avl_tree.h b/lib/avl_tree.h index 49bca181..d1ad6189 100644 --- a/lib/avl_tree.h +++ b/lib/avl_tree.h @@ -26,10 +26,10 @@ the code. Mail me if you found a bug. Cleaned up and incorporated some of the ideas from the red-black tree - library for inclusion into tinc (http://tinc.nl.linux.org) by + library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.h,v 1.1.2.3 2001/01/07 17:08:49 guus Exp $ + $Id: avl_tree.h,v 1.1.2.4 2001/02/06 10:13:22 guus Exp $ */ From 0f715887c617723e4b450083f8b77641f8b62e80 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 6 Feb 2001 10:13:44 +0000 Subject: [PATCH 337/923] Updated dutch translation. --- po/es.po | 143 ++++++++++++++++++++++++++++-------------------------- po/nl.po | 145 +++++++++++++++++++++++++++++-------------------------- 2 files changed, 152 insertions(+), 136 deletions(-) diff --git a/po/es.po b/po/es.po index 09b7ed7c..46b1f810 100644 --- a/po/es.po +++ b/po/es.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2001-01-12 21:04+0100\n" +"POT-Creation-Date: 2001-02-06 11:09+0100\n" "PO-Revision-Date: 2000-11-26 15:20+0000\n" "Last-Translator: Enrique Zanardi \n" "Language-Team: Spanish \n" @@ -18,78 +18,78 @@ msgstr "" msgid "Cannot open config file %s: %m" msgstr "¡No puedo abrir el fichero de configuración de `host' para mí!" -#: src/conf.c:274 +#: src/conf.c:279 #, fuzzy, c-format msgid "Invalid variable name `%s' on line %d while reading config file %s" msgstr "" "Nombre de variable no válido en la linea %d del fichero de configuración %s" -#: src/conf.c:281 +#: src/conf.c:286 #, fuzzy, c-format msgid "No value for variable `%s' on line %d while reading config file %s" msgstr "" "No hay valor para la variable en la linea %d del fichero de configuración %s" -#: src/conf.c:289 +#: src/conf.c:294 #, fuzzy, c-format msgid "Invalid value for variable `%s' on line %d while reading config file %s" msgstr "" "Valor no válido para la variable en la linea %d del fichero de configuración " "%s" -#: src/conf.c:314 +#: src/conf.c:323 #, c-format msgid "Failed to read `%s': %m" msgstr "" -#: src/conf.c:375 +#: src/conf.c:384 #, c-format msgid "`%s' is not an absolute path" msgstr "" -#: src/conf.c:391 src/conf.c:424 +#: src/conf.c:400 src/conf.c:433 #, fuzzy, c-format msgid "Couldn't stat `%s': %m" msgstr "No pude abrir %s: %m" -#: src/conf.c:398 src/conf.c:434 +#: src/conf.c:407 src/conf.c:443 #, c-format msgid "`%s' is owned by UID %d instead of %d" msgstr "" -#: src/conf.c:405 src/conf.c:441 +#: src/conf.c:414 src/conf.c:450 #, c-format msgid "Warning: `%s' is a symlink" msgstr "" -#: src/conf.c:410 src/conf.c:446 +#: src/conf.c:419 src/conf.c:455 #, c-format msgid "Unable to read symbolic link `%s': %m" msgstr "" #. Accessible by others -#: src/conf.c:457 +#: src/conf.c:466 #, c-format msgid "`%s' has unsecure permissions" msgstr "" #. Ask for a file and/or directory name. -#: src/conf.c:482 +#: src/conf.c:491 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "" -#: src/conf.c:488 +#: src/conf.c:497 #, fuzzy, c-format msgid "Error while reading stdin: %m\n" msgstr "Error leyendo del dispositivo tap: %m" -#: src/conf.c:514 +#: src/conf.c:523 #, fuzzy, c-format msgid "Error opening file `%s': %m\n" msgstr "Error buscando `%s': %m" -#: src/conf.c:524 +#: src/conf.c:533 #, c-format msgid "" "The file `%s' (or any of the leading directories) has unsafe permissions.\n" @@ -121,7 +121,7 @@ msgstr "Enviando paquete de %d bytes a %s (%s)" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/meta.c:100 src/net.c:1008 +#: src/meta.c:100 src/net.c:1029 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Esto es un `bug': %s:%d: %d:%m %s (%s)" @@ -218,7 +218,7 @@ msgid "Creating metasocket failed: %m" msgstr "Fallo al crear el metasocket: %m" #: src/net.c:372 src/net.c:380 src/net.c:389 src/net.c:423 src/net.c:451 -#: src/net.c:460 src/net.c:514 src/net.c:966 src/net.c:975 src/net.c:1033 +#: src/net.c:460 src/net.c:514 src/net.c:987 src/net.c:996 src/net.c:1054 #, c-format msgid "System call `%s' failed: %m" msgstr "" @@ -238,7 +238,7 @@ msgstr "No puedo enlazar (bind) al puerto %hd/tcp: %m" msgid "Creating socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:473 src/net.c:988 +#: src/net.c:473 src/net.c:1009 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "No puedo enlazar (bind) al puerto %hd/udp: %m" @@ -292,180 +292,181 @@ msgstr "Error buscando `%s': %m" msgid "Could not set up a meta connection to %s" msgstr "No he podido configurar una meta conexión a %s" -#: src/net.c:629 +#: src/net.c:636 #, fuzzy, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/net.c:637 +#: src/net.c:644 #, fuzzy, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Error recibiendo paquete: %m" -#: src/net.c:647 +#. Nothing worked. +#: src/net.c:670 #, c-format msgid "No public key for %s specified!" msgstr "" -#: src/net.c:672 +#: src/net.c:693 #, fuzzy, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/net.c:680 +#: src/net.c:701 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "" -#: src/net.c:687 +#: src/net.c:708 #, fuzzy msgid "No private key for tinc daemon specified!" msgstr "¡Se requiere un nombre para el demonio tinc!" -#: src/net.c:711 +#: src/net.c:732 msgid "Name for tinc daemon required!" msgstr "¡Se requiere un nombre para el demonio tinc!" -#: src/net.c:719 +#: src/net.c:740 msgid "Invalid name for myself!" msgstr "¡Nombre no válido para mí!" -#: src/net.c:728 +#: src/net.c:749 msgid "Cannot open host configuration file for myself!" msgstr "¡No puedo abrir el fichero de configuración de `host' para mí!" -#: src/net.c:769 +#: src/net.c:790 msgid "Network address and subnet mask do not match!" msgstr "" -#: src/net.c:778 +#: src/net.c:799 #, fuzzy msgid "Unable to set up a listening TCP socket!" msgstr "¡No puedo configurar un `socket' a la escucha!" -#: src/net.c:784 +#: src/net.c:805 #, fuzzy msgid "Unable to set up a listening UDP socket!" msgstr "¡No puedo configurar un `socket' a la escucha!" -#: src/net.c:821 +#: src/net.c:842 #, c-format msgid "Ready: listening on port %hd" msgstr "Listo: escuchando en el puerto %hd" -#: src/net.c:853 +#: src/net.c:874 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Sigo sin poder conectar con el otro, lo reintentaré en %d segundos." -#: src/net.c:904 +#: src/net.c:925 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Intento re-establecer la conexión saliente en %d segundos" -#: src/net.c:954 +#: src/net.c:975 #, c-format msgid "Opening UDP socket to %s" msgstr "Abriendo `socket' UDP a %s" -#: src/net.c:959 +#: src/net.c:980 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Error al crear el `socket' UDP: %m" -#: src/net.c:999 +#: src/net.c:1020 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Error al conectar a %s puerto %d: %m" -#: src/net.c:1049 +#: src/net.c:1071 #, c-format msgid "Connection from %s port %d" msgstr "Conexión desde %s puerto %d" -#: src/net.c:1097 +#: src/net.c:1119 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Esto es un `bug': %s:%d: %d:%m" -#: src/net.c:1103 +#: src/net.c:1125 #, c-format msgid "Incoming data socket error: %s" msgstr "Error en el `socket' de recepción de datos: %s" -#: src/net.c:1109 +#: src/net.c:1131 #, c-format msgid "Receiving packet failed: %m" msgstr "Error recibiendo paquete: %m" -#: src/net.c:1117 +#: src/net.c:1139 #, c-format msgid "Received UDP packets on port %hd from unknown source %x:%hd" msgstr "" -#: src/net.c:1123 +#: src/net.c:1145 #, fuzzy, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Enviando paquete de %d bytes a %s (%s)" -#: src/net.c:1147 +#: src/net.c:1167 #, c-format msgid "Closing connection with %s (%s)" msgstr "Cerrando conexión con %s (%s)" -#: src/net.c:1192 +#: src/net.c:1217 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:1227 +#: src/net.c:1252 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) no respondió al PING" -#: src/net.c:1254 +#: src/net.c:1279 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Error al aceptar una nueva conexión: %m" -#: src/net.c:1262 +#: src/net.c:1287 msgid "Closed attempted connection" msgstr "Se ha cerrado la conexión que se intentaba realizar." -#: src/net.c:1317 +#: src/net.c:1342 #, fuzzy, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1326 +#: src/net.c:1351 #, fuzzy, c-format msgid "Error while reading from ethertap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1337 +#: src/net.c:1362 msgid "Received short packet from tap device" msgstr "" -#: src/net.c:1343 +#: src/net.c:1368 #, c-format msgid "Read packet of length %d from tap device" msgstr "" -#: src/net.c:1375 +#: src/net.c:1400 #, c-format msgid "Error while waiting for input: %m" msgstr "Error esperando entrada: %m" -#: src/net.c:1382 +#: src/net.c:1407 #, fuzzy msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." -#: src/net.c:1389 +#: src/net.c:1414 #, fuzzy msgid "Unable to reread configuration file, exiting" msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." -#: src/net.c:1415 +#: src/net.c:1440 #, fuzzy msgid "Regenerating symmetric key" msgstr "Generando claves de %d bits" @@ -837,7 +838,7 @@ msgid "subnet_compare() was called with unknown subnet type %d, restarting!" msgstr "" #. Do some intl stuff right now -#: src/subnet.c:251 src/tincd.c:300 +#: src/subnet.c:251 src/tincd.c:313 msgid "unknown" msgstr "desconocido" @@ -901,39 +902,45 @@ msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" msgstr "" -#: src/tincd.c:234 +#: src/tincd.c:235 #, c-format msgid "Generating %d bits keys:\n" msgstr "Generando claves de %d bits:\n" -#: src/tincd.c:239 +#: src/tincd.c:240 msgid "Error during key generation!" msgstr "" -#: src/tincd.c:243 +#: src/tincd.c:244 msgid "Done.\n" msgstr "Hecho.\n" -#: src/tincd.c:246 +#: src/tincd.c:251 #, fuzzy msgid "public RSA key" msgstr "Clave pública: %s\n" -#: src/tincd.c:253 +#: src/tincd.c:255 src/tincd.c:266 +msgid "" +"Appending key to existing contents.\n" +"Make sure only one key is stored in the file." +msgstr "" + +#: src/tincd.c:262 #, fuzzy msgid "private RSA key" msgstr "Clave privada: %s\n" -#: src/tincd.c:274 +#: src/tincd.c:287 msgid "Both netname and configuration directory given, using the latter..." msgstr "" -#: src/tincd.c:307 +#: src/tincd.c:320 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versión %s (compilado %s %s, protocolo %d)\n" -#: src/tincd.c:308 +#: src/tincd.c:321 #, fuzzy msgid "" "Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" @@ -950,22 +957,22 @@ msgstr "" "y puede ser redistribuido bajo ciertas condiciones;\n" "vea el fichero COPYING para los detalles.\n" -#: src/tincd.c:322 +#: src/tincd.c:335 #, fuzzy msgid "You must be root to run this program.\n" msgstr "" "Usted debe ser el superusuario para ejecutar este programa. Lo siento.\n" -#: src/tincd.c:359 +#: src/tincd.c:375 msgid "Unrecoverable error" msgstr "Error irrecuperable" -#: src/tincd.c:364 +#: src/tincd.c:380 #, c-format msgid "Restarting in %d seconds!" msgstr "¡Reiniciando en %d segundos!" -#: src/tincd.c:369 +#: src/tincd.c:385 #, fuzzy msgid "Not restarting." msgstr "¡Aayyy! No reinicio." diff --git a/po/nl.po b/po/nl.po index 61af612a..a572932f 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre4\n" -"POT-Creation-Date: 2001-01-12 21:04+0100\n" +"POT-Creation-Date: 2001-02-06 11:09+0100\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -18,80 +18,80 @@ msgstr "" msgid "Cannot open config file %s: %m" msgstr "Kan configuratie bestand %s niet openen: %m" -#: src/conf.c:274 +#: src/conf.c:279 #, c-format msgid "Invalid variable name `%s' on line %d while reading config file %s" msgstr "" "Ongeldige variabelenaam `%s' op regel %d tijdens lezen configuratie bestand " "%s" -#: src/conf.c:281 +#: src/conf.c:286 #, c-format msgid "No value for variable `%s' on line %d while reading config file %s" msgstr "" "Geen waarde voor variabele `%s' op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/conf.c:289 +#: src/conf.c:294 #, c-format msgid "Invalid value for variable `%s' on line %d while reading config file %s" msgstr "" "Ongeldige waarde voor variabele `%s' op regel %d tijdens lezen van " "configuratie bestand %s" -#: src/conf.c:314 +#: src/conf.c:323 #, c-format msgid "Failed to read `%s': %m" msgstr "Lezen van `%s' mislukte: %m" -#: src/conf.c:375 +#: src/conf.c:384 #, c-format msgid "`%s' is not an absolute path" msgstr "`%s' is geen absoluut pad" -#: src/conf.c:391 src/conf.c:424 +#: src/conf.c:400 src/conf.c:433 #, c-format msgid "Couldn't stat `%s': %m" msgstr "Kon `%s' niet statten: %m" -#: src/conf.c:398 src/conf.c:434 +#: src/conf.c:407 src/conf.c:443 #, c-format msgid "`%s' is owned by UID %d instead of %d" msgstr "`%s' is eigendom van UID %d in plaats van %d" -#: src/conf.c:405 src/conf.c:441 +#: src/conf.c:414 src/conf.c:450 #, c-format msgid "Warning: `%s' is a symlink" msgstr "Waarschuwing: `%s' is een symbolische link" -#: src/conf.c:410 src/conf.c:446 +#: src/conf.c:419 src/conf.c:455 #, c-format msgid "Unable to read symbolic link `%s': %m" msgstr "Kan symbolische link `%s' niet lezen: %m" #. Accessible by others -#: src/conf.c:457 +#: src/conf.c:466 #, c-format msgid "`%s' has unsecure permissions" msgstr "`%s' heeft onveilige permissies" #. Ask for a file and/or directory name. -#: src/conf.c:482 +#: src/conf.c:491 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "Geef een bestand om de %s naar de schrijven [%s]: " -#: src/conf.c:488 +#: src/conf.c:497 #, c-format msgid "Error while reading stdin: %m\n" msgstr "Fout tijdens lezen van standaardinvoer: %m\n" -#: src/conf.c:514 +#: src/conf.c:523 #, c-format msgid "Error opening file `%s': %m\n" msgstr "Fout bij het openen van het bestand `%s': %m\n" -#: src/conf.c:524 +#: src/conf.c:533 #, c-format msgid "" "The file `%s' (or any of the leading directories) has unsafe permissions.\n" @@ -124,7 +124,7 @@ msgstr "Verzenden van %d bytes metadata naar %s (%s): %s" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:100 src/net.c:1008 +#: src/meta.c:100 src/net.c:1029 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" @@ -221,7 +221,7 @@ msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" #: src/net.c:372 src/net.c:380 src/net.c:389 src/net.c:423 src/net.c:451 -#: src/net.c:460 src/net.c:514 src/net.c:966 src/net.c:975 src/net.c:1033 +#: src/net.c:460 src/net.c:514 src/net.c:987 src/net.c:996 src/net.c:1054 #, c-format msgid "System call `%s' failed: %m" msgstr "Systeemaanroep `%s' mislukte: %m" @@ -241,7 +241,7 @@ msgstr "Kan niet aan poort %hd/tcp binden: %m" msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:473 src/net.c:988 +#: src/net.c:473 src/net.c:1009 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" @@ -295,176 +295,177 @@ msgstr "Fout bij het opzoeken van `%s': %m" msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:629 +#: src/net.c:636 #, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %m" -#: src/net.c:637 +#: src/net.c:644 #, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %m" -#: src/net.c:647 +#. Nothing worked. +#: src/net.c:670 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net.c:672 +#: src/net.c:693 #, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" -#: src/net.c:680 +#: src/net.c:701 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" # -#: src/net.c:687 +#: src/net.c:708 msgid "No private key for tinc daemon specified!" msgstr "Geen privé sleutel voor tinc daemon gespecificeerd!" -#: src/net.c:711 +#: src/net.c:732 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:719 +#: src/net.c:740 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:728 +#: src/net.c:749 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:769 +#: src/net.c:790 msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" -#: src/net.c:778 +#: src/net.c:799 msgid "Unable to set up a listening TCP socket!" msgstr "Kon geen TCP luistersocket aanmaken!" -#: src/net.c:784 +#: src/net.c:805 msgid "Unable to set up a listening UDP socket!" msgstr "Kon geen UDP luistersocket aanmaken!" -#: src/net.c:821 +#: src/net.c:842 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:853 +#: src/net.c:874 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:904 +#: src/net.c:925 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:954 +#: src/net.c:975 #, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:959 +#: src/net.c:980 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:999 +#: src/net.c:1020 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:1049 +#: src/net.c:1071 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1097 +#: src/net.c:1119 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1103 +#: src/net.c:1125 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1109 +#: src/net.c:1131 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1117 +#: src/net.c:1139 #, c-format msgid "Received UDP packets on port %hd from unknown source %x:%hd" msgstr "Ontvangst UDP pakket op poort %hd van onbekende oorsprong %x:%hd" -#: src/net.c:1123 +#: src/net.c:1145 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net.c:1147 +#: src/net.c:1167 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1192 +#: src/net.c:1217 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:1227 +#: src/net.c:1252 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1254 +#: src/net.c:1279 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1262 +#: src/net.c:1287 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1317 +#: src/net.c:1342 #, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1326 +#: src/net.c:1351 #, c-format msgid "Error while reading from ethertap device: %m" msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1337 +#: src/net.c:1362 msgid "Received short packet from tap device" msgstr "Kort pakket ontvangen van tap apparaat" -#: src/net.c:1343 +#: src/net.c:1368 #, c-format msgid "Read packet of length %d from tap device" msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1375 +#: src/net.c:1400 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1382 +#: src/net.c:1407 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1389 +#: src/net.c:1414 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1415 +#: src/net.c:1440 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" @@ -828,7 +829,7 @@ msgstr "" "starten" #. Do some intl stuff right now -#: src/subnet.c:251 src/tincd.c:300 +#: src/subnet.c:251 src/tincd.c:313 msgid "unknown" msgstr "onbekend" @@ -895,38 +896,46 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:234 +#: src/tincd.c:235 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:239 +#: src/tincd.c:240 msgid "Error during key generation!" msgstr "Fout tijdens genereren sleutel!" -#: src/tincd.c:243 +#: src/tincd.c:244 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:246 +#: src/tincd.c:251 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:253 +#: src/tincd.c:255 src/tincd.c:266 +msgid "" +"Appending key to existing contents.\n" +"Make sure only one key is stored in the file." +msgstr "" +"Sleutel wordt toegevoegd aan bestaande inhoud.\n" +"Let er op dat er slechts één sleutel in het bestand is.\n" + +#: src/tincd.c:262 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:274 +#: src/tincd.c:287 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:307 +#: src/tincd.c:320 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:308 +#: src/tincd.c:321 msgid "" "Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -943,19 +952,19 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:322 +#: src/tincd.c:335 msgid "You must be root to run this program.\n" msgstr "Je moet systeembeheerder zijn om dit programma te kunnen draaien.\n" -#: src/tincd.c:359 +#: src/tincd.c:375 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:364 +#: src/tincd.c:380 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:369 +#: src/tincd.c:385 msgid "Not restarting." msgstr "Geen herstart." From f1cb3d8fa5f69840f353ca5a62f363dad47eb46f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 6 Feb 2001 10:42:27 +0000 Subject: [PATCH 338/923] Removed another local definition of the variable "errno" --- src/protocol.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 5e72017d..d09bd7a6 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.77 2001/02/06 10:12:51 guus Exp $ + $Id: protocol.c,v 1.28.4.78 2001/02/06 10:42:27 guus Exp $ */ #include "config.h" @@ -1053,10 +1053,10 @@ cp int error_h(connection_t *cl) { - int errno; + int err; char errorstring[MAX_STRING_SIZE]; cp - if(sscanf(cl->buffer, "%*d %d "MAX_STRING, &errno, errorstring) != 2) + if(sscanf(cl->buffer, "%*d %d "MAX_STRING, &err, errorstring) != 2) { syslog(LOG_ERR, _("Got bad ERROR from %s (%s)"), cl->name, cl->hostname); @@ -1066,7 +1066,7 @@ cp if(debug_lvl >= DEBUG_ERROR) { syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), - cl->name, cl->hostname, strerror(errno), errorstring); + cl->name, cl->hostname, strerror(err), errorstring); } terminate_connection(cl); From ef0fc4f687fc25e97551e589941d6a2a2d8ade42 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 11 Feb 2001 11:44:32 +0000 Subject: [PATCH 339/923] Added .cvsignore files to get rid of warnings and prevent autogenerated files from being added accidentaly. --- .cvsignore | 3 +++ doc/.cvsignore | 1 + m4/.cvsignore | 1 + po/.cvsignore | 1 + 4 files changed, 6 insertions(+) create mode 100644 .cvsignore create mode 100644 doc/.cvsignore create mode 100644 m4/.cvsignore create mode 100644 po/.cvsignore diff --git a/.cvsignore b/.cvsignore new file mode 100644 index 00000000..0e59afa8 --- /dev/null +++ b/.cvsignore @@ -0,0 +1,3 @@ +Makefile Makefile.in aclocal.m4 config.cache config.log config.status configure +config.guess config.sub install-sh missing mkinstalldirs +intl diff --git a/doc/.cvsignore b/doc/.cvsignore new file mode 100644 index 00000000..aa61a42e --- /dev/null +++ b/doc/.cvsignore @@ -0,0 +1 @@ +Makefile.in Makefile diff --git a/m4/.cvsignore b/m4/.cvsignore new file mode 100644 index 00000000..df1fab1d --- /dev/null +++ b/m4/.cvsignore @@ -0,0 +1 @@ +Makefile.am Makefile.in Makefile diff --git a/po/.cvsignore b/po/.cvsignore new file mode 100644 index 00000000..493861c8 --- /dev/null +++ b/po/.cvsignore @@ -0,0 +1 @@ +Makefile.in.in POTFILES Makefile.in Makefile cat-id-tbl.c *.gmo stamp-cat-id *.pot From 88dfdc9dbac3f5d0aa70b77509b4a87513433987 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 11 Feb 2001 11:46:14 +0000 Subject: [PATCH 340/923] Ignore file for src/ --- src/.cvsignore | 1 + 1 file changed, 1 insertion(+) create mode 100644 src/.cvsignore diff --git a/src/.cvsignore b/src/.cvsignore new file mode 100644 index 00000000..f3e6f86f --- /dev/null +++ b/src/.cvsignore @@ -0,0 +1 @@ +*.o .libs tincd Makefile.in Makefile From 603781831f251d2e8111e8282d8e624b8e40b175 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 11 Feb 2001 11:50:09 +0000 Subject: [PATCH 341/923] - Updated CVS_CREATED to remove intl/ directory and some other autogenerated files. - Checked if all INCLUDES/LIBS/etc directives inherit the global variables. --- Makefile.am | 5 +++-- autogen.sh | 3 --- lib/Makefile.am | 4 ++-- src/Makefile.am | 4 ++-- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/Makefile.am b/Makefile.am index a16fc0cb..bda83a25 100644 --- a/Makefile.am +++ b/Makefile.am @@ -10,7 +10,8 @@ EXTRA_DIST = system.h ABOUT-NLS COPYING.README autogen.sh CVS_CREATED = configure aclocal.m4 config.h.in config.guess \ config.sub install-sh ltconfig ltmain.sh missing mkinstalldirs \ - stamp-h.in m4/Makefile.am ChangeLog + stamp-h.in m4/Makefile.am ChangeLog po/Makefile.in.in \ + po/tinc.pot src/.libs intl ChangeLog: rm -f ChangeLog @@ -18,7 +19,7 @@ ChangeLog: cvs-clean: maintainer-clean for f in $(CVS_CREATED) `find -name Makefile.in` ; do\ - rm -f "$$f"; \ + rm -Rf "$$f"; \ done deb: diff --git a/autogen.sh b/autogen.sh index 9e3c0452..344fbfa0 100644 --- a/autogen.sh +++ b/autogen.sh @@ -70,9 +70,6 @@ if test "$DIE" -eq 1; then exit 1 fi -# Make sure configure doesn't complain about old configuration -rm -f config.status - if test -z "$*"; then echo "**Warning**: I am going to run \`configure' with no arguments." echo "If you wish to pass any to it, please specify them on the" diff --git a/lib/Makefile.am b/lib/Makefile.am index f7f2798a..aa4d55a3 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,9 +1,9 @@ ## Process this file with automake to produce Makefile.in -# $Id: Makefile.am,v 1.2.4.6 2001/01/05 23:50:55 guus Exp $ +# $Id: Makefile.am,v 1.2.4.7 2001/02/11 11:50:09 guus Exp $ noinst_LIBRARIES = libvpn.a -INCLUDES = -I. -I$(top_builddir) -I$(top_srcdir)/intl +INCLUDES = @INCLUDES@ -I. -I$(top_builddir) -I$(top_srcdir)/intl libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c avl_tree.c dropin.c diff --git a/src/Makefile.am b/src/Makefile.am index 27a891e1..1f6b44bc 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,12 +1,12 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.11 2000/12/22 17:15:26 zarq Exp $ +# $Id: Makefile.am,v 1.4.4.12 2001/02/11 11:50:09 guus Exp $ sbin_PROGRAMS = tincd tincd_SOURCES = conf.c connection.c meta.c net.c netutl.c process.c \ protocol.c subnet.c tincd.c -INCLUDES = -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl +INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl noinst_HEADERS = conf.h connection.h meta.h net.h netutl.h process.h \ protocol.h subnet.h From cebb6efeb0f39bf05ca7836b7a393c8385b49335 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 11 Feb 2001 11:55:28 +0000 Subject: [PATCH 342/923] More files to ignore in CVS --- .cvsignore | 3 ++- debian/.cvsignore | 2 ++ doc/.cvsignore | 2 +- doc/es/.cvsignore | 1 + lib/.cvsignore | 1 + redhat/.cvsignore | 1 + src/.cvsignore | 2 +- 7 files changed, 9 insertions(+), 3 deletions(-) create mode 100644 debian/.cvsignore create mode 100644 doc/es/.cvsignore create mode 100644 lib/.cvsignore create mode 100644 redhat/.cvsignore diff --git a/.cvsignore b/.cvsignore index 0e59afa8..2a3df8e9 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,3 +1,4 @@ Makefile Makefile.in aclocal.m4 config.cache config.log config.status configure -config.guess config.sub install-sh missing mkinstalldirs +config.guess config.sub install-sh missing mkinstalldirs ChangeLog +config.h.in stamp-h.in config.h libtool stamp-h build-stamp intl diff --git a/debian/.cvsignore b/debian/.cvsignore new file mode 100644 index 00000000..35de1541 --- /dev/null +++ b/debian/.cvsignore @@ -0,0 +1,2 @@ +Makefile Makefile.in tmp postinst.debhelper postrm.debhelper +preinst.debhelper prerm.debhelper substvars files diff --git a/doc/.cvsignore b/doc/.cvsignore index aa61a42e..d99f5fe9 100644 --- a/doc/.cvsignore +++ b/doc/.cvsignore @@ -1 +1 @@ -Makefile.in Makefile +Makefile.in Makefile tinc.info sample-config.tar.gz diff --git a/doc/es/.cvsignore b/doc/es/.cvsignore new file mode 100644 index 00000000..6179e0db --- /dev/null +++ b/doc/es/.cvsignore @@ -0,0 +1 @@ +Makefile Makefile.in diff --git a/lib/.cvsignore b/lib/.cvsignore new file mode 100644 index 00000000..1b907a49 --- /dev/null +++ b/lib/.cvsignore @@ -0,0 +1 @@ +Makefile Makefile.in .deps diff --git a/redhat/.cvsignore b/redhat/.cvsignore new file mode 100644 index 00000000..6179e0db --- /dev/null +++ b/redhat/.cvsignore @@ -0,0 +1 @@ +Makefile Makefile.in diff --git a/src/.cvsignore b/src/.cvsignore index f3e6f86f..a7e420fa 100644 --- a/src/.cvsignore +++ b/src/.cvsignore @@ -1 +1 @@ -*.o .libs tincd Makefile.in Makefile +*.o .libs tincd Makefile.in Makefile .deps From bb0870498037565209e24fbb2ffa07b815350a0b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 13 Feb 2001 09:54:29 +0000 Subject: [PATCH 343/923] Added description of the proposed new authentication scheme. --- doc/SECURITY2 | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 doc/SECURITY2 diff --git a/doc/SECURITY2 b/doc/SECURITY2 new file mode 100644 index 00000000..3922f3fa --- /dev/null +++ b/doc/SECURITY2 @@ -0,0 +1,115 @@ +This is the security documentation for tinc, a Virtual Private Network daemon. + + Copyright 2001 Guus Sliepen , + 2001 Wessel Dankers + + Permission is granted to make and distribute verbatim copies of + this documentation provided the copyright notice and this + permission notice are preserved on all copies. + + Permission is granted to copy and distribute modified versions of + this documentation under the conditions for verbatim copying, + provided that the entire resulting derived work is distributed + under the terms of a permission notice identical to this one. + + $Id: SECURITY2,v 1.1.2.1 2001/02/13 09:54:29 guus Exp $ + +Proposed new authentication scheme +---------------------------------- + +A new scheme for authentication in tinc has been devised, which offers some +improvements over the protocol used in 1.0pre2 and 1.0pre3. Explanation is +below. + +daemon message +-------------------------------------------------------------------------- +client + +server + +client ID client 9 0 + | | +-> options + | +---> version + +-------> name of tinc daemon + +server ID server 9 0 + | | +-> options + | +---> version + +-------> name of tinc daemon + +client META_KEY 5f0823a93e35b69e...7086ec7866ce582b + \_________________________________/ + +-> RSAKEYLEN bits totally random string S1, + encrypted with server's public RSA key + +server META_KEY 6ab9c1640388f8f0...45d1a07f8a672630 + \_________________________________/ + +-> RSAKEYLEN bits totally random string S2, + encrypted with client's public RSA key + +From now on: + - the client will symmetrically encrypt outgoing traffic using S1 + - the server will symmetrically encrypt outgoing traffic using S2 + +client CHALLENGE da02add1817c1920989ba6ae2a49cecbda0 + \_________________________________/ + +-> CHALLEN bits totally random string H1 + +server CHALLENGE 57fb4b2ccd70d6bb35a64c142f47e61d57f + \_________________________________/ + +-> CHALLEN bits totally random string H2 + +client CHAL_REPLY 816a86 + +-> 160 bits SHA1 of H2 + +server CHAL_REPLY 928ffe + +-> 160 bits SHA1 of H1 +-------------------------------------------------------------------------- + +This new scheme has several improvements, both in efficiency and security. + +First of all, the server sends exactly the same kind of messages over the wire +as the client. The previous versions of tinc first authenticated the client, +and then the server. This scheme even allows both sides to send their messages +simultaneously, there is no need to wait for the other to send something first. +This means that any calculations that need to be done upon sending or receiving +a message can also be done in parallel. This is especially important when doing +RSA encryption/decryption. Given that these calculations are the main part of +the CPU time spent for the authentication, speed is improved by a factor 2. + +Second, only one RSA encrypted message is sent instead of two. This reduces the +amount of information attackers can see (and thus use for a crypto attack). It +also improves speed by a factor two, making the total speedup a factor 4. + +Third, and most important: + +The symmetric cipher keys are exchanged first, the challenge is done +afterwards. In the previous authentication scheme, because a man-in-the-middle +could pass the challenge/chal_reply phase (by just copying the messages between +the two real tinc daemons), but no information was exchanged that was really +needed to read the rest of the messages, the challenge/chal_reply phase was of +no real use. The man-in-the-middle was only stopped by the fact that only after +the ACK messages were encrypted with the symmetric cipher. Potentially, it +could even send it's own symmetric key to the server (if it knew the server's +public key) and read some of the metadata the server would send it (it was +impossible for the mitm to read actual network packets though). The new scheme +however prevents this. + +This new scheme makes sure that first of all, symmetric keys are exchanged. The +rest of the messages are then encrypted with the symmetric cipher. Then, each +side can only read received messages if they have their private key. The +challenge is there to let the other side know that the private key is really +known, because a challenge reply can only be sent back if the challenge is +decrypted correctly, and that can only be done with knowledge of the private +key. + +Fourth: the first thing that is send via the symmetric cipher encrypted +connection is a totally random string, so that there is no known plaintext (for +an attacker) in the beginning of the encrypted stream. + + +An explicit ACK is no longer needed, the CHAL_REPLY serves as an ACK. + +Some things to be discussed: + + - What should CHALLEN be? Same as RSAKEYLEN? 256 bits? More/less? From 11f8465dd9a4f81b43a31f1cb6a7fc2d76bb7838 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 18 Feb 2001 02:13:26 +0000 Subject: [PATCH 344/923] tinc_TUNTAP now substitutes the values outside the AC_CACHE_CHECK block. configure should now correctly set HAVE_TUNTAP. --- m4/tuntap.m4 | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/m4/tuntap.m4 b/m4/tuntap.m4 index 605ebef4..2c1ee35c 100644 --- a/m4/tuntap.m4 +++ b/m4/tuntap.m4 @@ -10,11 +10,14 @@ AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, if test $if_tun_h = no; then tinc_cv_linux_if_tun_h=none else - AC_DEFINE(HAVE_TUNTAP) - AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, "$if_tun_h") - AC_SUBST(LINUX_IF_TUN_H) tinc_cv_linux_if_tun_h=$if_tun_h fi - AC_SUBST(HAVE_TUNTAP) ]) + +if test $tinc_cv_linux_if_tun_h != none; then + AC_DEFINE(HAVE_TUNTAP) + AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, "$tinc_cv_linux_if_tun_h") + AC_SUBST(LINUX_IF_TUN_H) +fi +AC_SUBST(HAVE_TUNTAP) ]) From 0b0c2a372ff5d11f73af172e07a93b2656374a42 Mon Sep 17 00:00:00 2001 From: Wessel Dankers Date: Tue, 20 Feb 2001 21:53:18 +0000 Subject: [PATCH 345/923] Important bugfix in avl_insert_before() and avl_insert_after() --- lib/avl_tree.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/lib/avl_tree.c b/lib/avl_tree.c index 8630d4d0..9b7a06c1 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.5 2001/02/06 10:13:21 guus Exp $ + $Id: avl_tree.c,v 1.1.2.6 2001/02/20 21:53:18 wsl Exp $ */ #include @@ -493,6 +493,9 @@ void avl_insert_before(avl_tree_t *tree, avl_node_t *before, avl_node_t *node) node->parent = before; node->prev = before->prev; + if(before->left) + return avl_insert_after(tree, before->prev, node); + if (before->prev) before->prev->next = node; else @@ -509,6 +512,9 @@ void avl_insert_after(avl_tree_t *tree, avl_node_t *after, avl_node_t *node) if (!after) return tree->head ? avl_insert_before(tree, tree->head, node) : avl_insert_top(tree, node); + if(after->right) + return avl_insert_before(tree, after->next, node); + node->prev = after; node->parent = after; node->next = after->next; From 153fc35e57c0104aa4ea9103bcdbca3665e4934c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 25 Feb 2001 11:09:29 +0000 Subject: [PATCH 346/923] Corrected check for errors after read() calls. --- src/meta.c | 14 ++++++++------ src/protocol.c | 15 ++++++++++++--- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/src/meta.c b/src/meta.c index fa32b896..f9b18ca3 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.14 2001/01/07 17:08:57 guus Exp $ + $Id: meta.c,v 1.1.2.15 2001/02/25 11:09:29 guus Exp $ */ #include "config.h" @@ -117,17 +117,19 @@ cp if(lenin<=0) { - if(errno==EINTR) - return 0; - if(errno==0) + if(lenin==0) { if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), cl->name, cl->hostname); } else - syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"), - cl->name, cl->hostname); + if(errno==EINTR) + return 0; + else + syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"), + cl->name, cl->hostname); + return -1; } diff --git a/src/protocol.c b/src/protocol.c index d09bd7a6..6da7c2cb 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.78 2001/02/06 10:42:27 guus Exp $ + $Id: protocol.c,v 1.28.4.79 2001/02/25 11:09:29 guus Exp $ */ #include "config.h" @@ -31,6 +31,7 @@ #include #include #include +#include #include #include @@ -1324,9 +1325,17 @@ int tcppacket_h(connection_t *cl) while(todo) { x = read(cl->meta_socket, p, todo); - if(x<0) + + if(x<=0) { - syslog(LOG_ERR, _("Error during reception of PACKET from %s (%s): %m"), cl->name, cl->hostname); + if(x==0) + syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), cl->name, cl->hostname); + else + if(errno==EINTR) + continue; + else + syslog(LOG_ERR, _("Error during reception of PACKET from %s (%s): %m"), cl->name, cl->hostname); + return -1; } From e250d64300cea2a83059866e7cbabcb33684160e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 25 Feb 2001 14:51:42 +0000 Subject: [PATCH 347/923] Add missing \n. --- po/es.po | 140 ++++++++++++++++++++++++------------------------- po/nl.po | 147 +++++++++++++++++++++++++++------------------------- src/tincd.c | 6 +-- 3 files changed, 150 insertions(+), 143 deletions(-) diff --git a/po/es.po b/po/es.po index 46b1f810..2556fe29 100644 --- a/po/es.po +++ b/po/es.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2001-02-06 11:09+0100\n" +"POT-Creation-Date: 2001-02-25 15:08+0100\n" "PO-Revision-Date: 2000-11-26 15:20+0000\n" "Last-Translator: Enrique Zanardi \n" "Language-Team: Spanish \n" @@ -131,22 +131,22 @@ msgstr "Esto es un `bug': %s:%d: %d:%m %s (%s)" msgid "Metadata socket error for %s (%s): %s" msgstr "Error en el `socket' de datos salientes para %s (%s): %s" -#: src/meta.c:125 +#: src/meta.c:123 src/protocol.c:1332 #, fuzzy, c-format msgid "Connection closed by %s (%s)" msgstr "Cerrando conexión con %s (%s)" -#: src/meta.c:129 +#: src/meta.c:130 #, fuzzy, c-format msgid "Metadata socket read error for %s (%s): %m" msgstr "Error en el `socket' de datos salientes para %s (%s): %s" -#: src/meta.c:159 +#: src/meta.c:161 #, fuzzy, c-format msgid "Got request from %s (%s): %s" msgstr "Petición desconocida desde %s (%s)" -#: src/meta.c:177 +#: src/meta.c:179 #, fuzzy, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Desbordamiento del bufer de salida mientras enviaba %s a %s (%s)" @@ -476,293 +476,293 @@ msgstr "Generando claves de %d bits" msgid "Error looking up `%s': %s\n" msgstr "Error buscando `%s': %s\n" -#: src/protocol.c:102 +#: src/protocol.c:103 #, c-format msgid "Output buffer overflow while sending %s to %s (%s)" msgstr "Desbordamiento del bufer de salida mientras enviaba %s a %s (%s)" -#: src/protocol.c:109 +#: src/protocol.c:110 #, c-format msgid "Sending %s to %s (%s)" msgstr "Enviando %s a %s (%s)" -#: src/protocol.c:123 +#: src/protocol.c:124 #, c-format msgid "Unknown request from %s (%s)" msgstr "Petición desconocida desde %s (%s)" -#: src/protocol.c:130 +#: src/protocol.c:131 #, c-format msgid "Got %s from %s (%s)" msgstr "He recibido %s desde %s (%s)" -#: src/protocol.c:136 +#: src/protocol.c:137 #, fuzzy, c-format msgid "Unauthorized request from %s (%s)" msgstr "Petición desconocida desde %s (%s)" -#: src/protocol.c:143 +#: src/protocol.c:144 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Error al procesar %s desde %s (%s)" -#: src/protocol.c:150 +#: src/protocol.c:151 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Se han recibido datos sin sentido desde %s (%s)." -#: src/protocol.c:204 +#: src/protocol.c:205 #, c-format msgid "Got bad ID from %s" msgstr "Recibí una ID incorrecta desde %s" -#: src/protocol.c:212 +#: src/protocol.c:213 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "La máquina remota %s (%s) usa una versión (%d) incompatible." -#: src/protocol.c:221 +#: src/protocol.c:222 #, c-format msgid "Peer %s uses invalid identity name" msgstr "La máquina remota %s usa un nombre de identidad no válido" -#: src/protocol.c:233 +#: src/protocol.c:234 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "La máquina remota %s tiene una identidad desconocida (%s)" -#: src/protocol.c:247 +#: src/protocol.c:248 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "El enlace %s (%s) ya está en nuestra lista de conexiones." -#: src/protocol.c:300 +#: src/protocol.c:301 #, c-format msgid "Generated random challenge (unencrypted): %s" msgstr "" -#: src/protocol.c:307 src/protocol.c:360 +#: src/protocol.c:308 src/protocol.c:361 #, fuzzy, c-format msgid "Error during encryption of challenge for %s (%s)" msgstr "Error leyendo el fichero de configuración del `host' para %s" -#: src/protocol.c:333 +#: src/protocol.c:334 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Recibí CHALLENGE incorrecta desde %s (%s)" -#: src/protocol.c:343 +#: src/protocol.c:344 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" -#: src/protocol.c:368 +#: src/protocol.c:369 #, c-format msgid "Received random challenge (unencrypted): %s" msgstr "" -#: src/protocol.c:382 +#: src/protocol.c:383 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Intento enviar CHAL_REPLY a %s (%s) sin un CHALLENGE válido" -#: src/protocol.c:413 +#: src/protocol.c:414 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Recibí CHAL_REPLY incorrecta desde %s (%s)" -#: src/protocol.c:421 +#: src/protocol.c:422 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Intruso: longitud de respuesta de desafío incorrecta desde %s (%s)" -#: src/protocol.c:437 +#: src/protocol.c:438 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Intruso: respuesta de desafío incorrecta desde %s (%s)" -#: src/protocol.c:442 +#: src/protocol.c:443 #, c-format msgid "Expected challenge reply: %s" msgstr "" -#: src/protocol.c:486 +#: src/protocol.c:487 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "" -#: src/protocol.c:493 src/protocol.c:555 +#: src/protocol.c:494 src/protocol.c:556 #, fuzzy, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Error enviando paquete a %s (%s): %m" -#: src/protocol.c:525 +#: src/protocol.c:526 #, fuzzy, c-format msgid "Got bad METAKEY from %s (%s)" msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" -#: src/protocol.c:535 +#: src/protocol.c:536 #, fuzzy, c-format msgid "Intruder: wrong meta key length from %s (%s)" msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" -#: src/protocol.c:563 +#: src/protocol.c:564 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "" -#: src/protocol.c:603 +#: src/protocol.c:604 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Eliminando el registro viejo para %s en %s en favor de la nueva conexión " "desde %s" -#: src/protocol.c:619 +#: src/protocol.c:620 #, c-format msgid "Connection with %s (%s) activated" msgstr "Activada la conexión con %s (%s)." -#: src/protocol.c:704 +#: src/protocol.c:705 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s)" -#: src/protocol.c:712 +#: src/protocol.c:713 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "" "Recibí ADD_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:720 +#: src/protocol.c:721 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s): cadena de subred no válida" -#: src/protocol.c:728 +#: src/protocol.c:729 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "" "Aviso: recibí ADD_SUBNET desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:738 +#: src/protocol.c:739 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Recibí ADD_SUBNET para %s desde %s (%s) que no está en nuestra lista de " "conexiones" -#: src/protocol.c:786 +#: src/protocol.c:787 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s)" -#: src/protocol.c:794 +#: src/protocol.c:795 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "" "Recibí DEL_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:802 +#: src/protocol.c:803 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s): cadena de subred no válida" -#: src/protocol.c:812 +#: src/protocol.c:813 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "" "Aviso: recibí DEL_SUBNET desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:822 +#: src/protocol.c:823 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Recibí DEL_SUBNET para %s desde %s (%s) que no está en nuestra lista de " "conexiones" -#: src/protocol.c:863 +#: src/protocol.c:864 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Recibí ADD_HOST incorrecta desde %s (%s)" -#: src/protocol.c:871 +#: src/protocol.c:872 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "" "Recibí ADD_HOST incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:880 +#: src/protocol.c:881 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Aviso: recibí ADD_HOST desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:897 +#: src/protocol.c:898 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Recibí un ADD_HOST duplicado desde %s (%s) para %s (%s)" -#: src/protocol.c:905 +#: src/protocol.c:906 #, fuzzy, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Eliminando el registro viejo para %s en %s en favor de la nueva conexión " "desde %s" -#: src/protocol.c:956 +#: src/protocol.c:957 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Recibí DEL_HOST incorrecta desde %s (%s)" -#: src/protocol.c:965 +#: src/protocol.c:966 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "" "Recibí DEL_HOST incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:973 +#: src/protocol.c:974 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Aviso: recibí DEL_HOST desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:983 +#: src/protocol.c:984 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Recibí DEL_HOST desde %s (%s) para %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:992 +#: src/protocol.c:993 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Recibí DEL_HOST desde %s (%s) para %s que no concuerda" -#: src/protocol.c:1031 +#: src/protocol.c:1032 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Recibí STATUS incorrecta desde %s (%s)" -#: src/protocol.c:1038 +#: src/protocol.c:1039 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Mensaje de status desde %s (%s): %s: %s" -#: src/protocol.c:1061 +#: src/protocol.c:1062 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Recibí ERROR incorrecta desde %s (%s)" -#: src/protocol.c:1068 +#: src/protocol.c:1069 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Mensaje de error desde %s (%s): %s: %s" -#: src/protocol.c:1145 +#: src/protocol.c:1146 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Recibí KEY_CHANGED incorrecto desde %s (%s)" -#: src/protocol.c:1152 +#: src/protocol.c:1153 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -771,12 +771,12 @@ msgstr "" "Recibí KEY_CHANGED desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1181 +#: src/protocol.c:1182 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1188 +#: src/protocol.c:1189 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -785,7 +785,7 @@ msgstr "" "Recibí REQ_KEY desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1205 +#: src/protocol.c:1206 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -794,12 +794,12 @@ msgstr "" "Recibí REQ_KEY desde %s (%s) destino %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1241 +#: src/protocol.c:1242 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Recibí ANS_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1248 +#: src/protocol.c:1249 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -808,12 +808,12 @@ msgstr "" "Recibí ANS_KEY desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1259 +#: src/protocol.c:1260 #, fuzzy, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "Recibí ANS_KEY incorrecta desde %s (%s) origen %s: clave no válida" -#: src/protocol.c:1270 +#: src/protocol.c:1271 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -822,12 +822,12 @@ msgstr "" "Recibí ANS_KEY desde %s (%s) destino %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1315 +#: src/protocol.c:1316 #, fuzzy, c-format msgid "Got bad PACKET from %s (%s)" msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1329 +#: src/protocol.c:1337 #, fuzzy, c-format msgid "Error during reception of PACKET from %s (%s): %m" msgstr "Error enviando paquete a %s (%s): %m" @@ -923,7 +923,7 @@ msgstr "Clave p #: src/tincd.c:255 src/tincd.c:266 msgid "" "Appending key to existing contents.\n" -"Make sure only one key is stored in the file." +"Make sure only one key is stored in the file.\n" msgstr "" #: src/tincd.c:262 diff --git a/po/nl.po b/po/nl.po index a572932f..0a82c75c 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre4\n" -"POT-Creation-Date: 2001-02-06 11:09+0100\n" +"POT-Creation-Date: 2001-02-25 15:08+0100\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -134,22 +134,22 @@ msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s): %s" -#: src/meta.c:125 +#: src/meta.c:123 src/protocol.c:1332 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:129 +#: src/meta.c:130 #, c-format msgid "Metadata socket read error for %s (%s): %m" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %m" -#: src/meta.c:159 +#: src/meta.c:161 #, c-format msgid "Got request from %s (%s): %s" msgstr "Kreeg verzoek van %s (%s): %s" -#: src/meta.c:177 +#: src/meta.c:179 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" @@ -474,285 +474,285 @@ msgstr "Hergenereren symmetrische sleutel" msgid "Error looking up `%s': %s\n" msgstr "Fout bij het opzoeken van `%s': %s\n" -#: src/protocol.c:102 +#: src/protocol.c:103 #, c-format msgid "Output buffer overflow while sending %s to %s (%s)" msgstr "Uitvoer buffer overvol tijdens zenden %s naar %s (%s)" -#: src/protocol.c:109 +#: src/protocol.c:110 #, c-format msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:123 +#: src/protocol.c:124 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:130 +#: src/protocol.c:131 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:136 +#: src/protocol.c:137 #, c-format msgid "Unauthorized request from %s (%s)" msgstr "Niet toegestaan verzoek van %s (%s)" -#: src/protocol.c:143 +#: src/protocol.c:144 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:150 +#: src/protocol.c:151 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:204 +#: src/protocol.c:205 #, c-format msgid "Got bad ID from %s" msgstr "Kreeg ongeldige ID van %s" -#: src/protocol.c:212 +#: src/protocol.c:213 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:221 +#: src/protocol.c:222 #, c-format msgid "Peer %s uses invalid identity name" msgstr "Ander %s gebruikt een ongeldige identiteitsnaam" -#: src/protocol.c:233 +#: src/protocol.c:234 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft een onbekende identiteit (%s)" -#: src/protocol.c:247 +#: src/protocol.c:248 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "%s (%s) staat al in onze verbindingslijst" -#: src/protocol.c:300 +#: src/protocol.c:301 #, c-format msgid "Generated random challenge (unencrypted): %s" msgstr "Uitdaging gegenereerd (niet versleuteld): %s" -#: src/protocol.c:307 src/protocol.c:360 +#: src/protocol.c:308 src/protocol.c:361 #, c-format msgid "Error during encryption of challenge for %s (%s)" msgstr "Fout tijdens versleuteling van uitdaging voor %s (%s)" -#: src/protocol.c:333 +#: src/protocol.c:334 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" -#: src/protocol.c:343 +#: src/protocol.c:344 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" -#: src/protocol.c:368 +#: src/protocol.c:369 #, c-format msgid "Received random challenge (unencrypted): %s" msgstr "Uitdaging ontvangen (niet versleuteld): %s" -#: src/protocol.c:382 +#: src/protocol.c:383 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" -#: src/protocol.c:413 +#: src/protocol.c:414 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" -#: src/protocol.c:421 +#: src/protocol.c:422 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" -#: src/protocol.c:437 +#: src/protocol.c:438 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" -#: src/protocol.c:442 +#: src/protocol.c:443 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwacht antwoord op uitdaging: %s" -#: src/protocol.c:486 +#: src/protocol.c:487 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "Meta sleutel gegenereerd (niet versleuteld): %s" -#: src/protocol.c:493 src/protocol.c:555 +#: src/protocol.c:494 src/protocol.c:556 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleuteling van meta sleutel voor %s (%s)" -#: src/protocol.c:525 +#: src/protocol.c:526 #, c-format msgid "Got bad METAKEY from %s (%s)" msgstr "Kreeg ongeldige METAKEY van %s (%s)" -#: src/protocol.c:535 +#: src/protocol.c:536 #, c-format msgid "Intruder: wrong meta key length from %s (%s)" msgstr "Indringer: verkeerde lengte voor meta sleutel van %s (%s)" -#: src/protocol.c:563 +#: src/protocol.c:564 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Meta sleutel ontvangen (niet versleuteld): %s" -#: src/protocol.c:603 +#: src/protocol.c:604 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:619 +#: src/protocol.c:620 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:704 +#: src/protocol.c:705 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" -#: src/protocol.c:712 +#: src/protocol.c:713 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:720 +#: src/protocol.c:721 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" -#: src/protocol.c:728 +#: src/protocol.c:729 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:738 +#: src/protocol.c:739 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg ADD_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:786 +#: src/protocol.c:787 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" -#: src/protocol.c:794 +#: src/protocol.c:795 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:802 +#: src/protocol.c:803 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:812 +#: src/protocol.c:813 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:822 +#: src/protocol.c:823 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg DEL_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:863 +#: src/protocol.c:864 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:871 +#: src/protocol.c:872 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:880 +#: src/protocol.c:881 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:897 +#: src/protocol.c:898 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:905 +#: src/protocol.c:906 #, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe verbinding" -#: src/protocol.c:956 +#: src/protocol.c:957 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:965 +#: src/protocol.c:966 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:973 +#: src/protocol.c:974 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:983 +#: src/protocol.c:984 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:992 +#: src/protocol.c:993 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:1031 +#: src/protocol.c:1032 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:1038 +#: src/protocol.c:1039 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:1061 +#: src/protocol.c:1062 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:1068 +#: src/protocol.c:1069 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:1145 +#: src/protocol.c:1146 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:1152 +#: src/protocol.c:1153 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -761,12 +761,12 @@ msgstr "" "Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1181 +#: src/protocol.c:1182 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:1188 +#: src/protocol.c:1189 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -775,7 +775,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1205 +#: src/protocol.c:1206 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -783,12 +783,12 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1241 +#: src/protocol.c:1242 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:1248 +#: src/protocol.c:1249 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -797,13 +797,13 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1259 +#: src/protocol.c:1260 #, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "" "Kreeg ongeldige ADD_KEY van %s (%s) herkomst %s: ongeldige sleutellengte" -#: src/protocol.c:1270 +#: src/protocol.c:1271 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -811,12 +811,12 @@ msgid "" msgstr "" "Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1315 +#: src/protocol.c:1316 #, c-format msgid "Got bad PACKET from %s (%s)" msgstr "Kreeg ongeldig PAKKET van %s (%s)" -#: src/protocol.c:1329 +#: src/protocol.c:1337 #, c-format msgid "Error during reception of PACKET from %s (%s): %m" msgstr "Fout bij het ontvangen van PAKKET van %s (%s)" @@ -916,7 +916,7 @@ msgstr "openbare RSA sleutel" #: src/tincd.c:255 src/tincd.c:266 msgid "" "Appending key to existing contents.\n" -"Make sure only one key is stored in the file." +"Make sure only one key is stored in the file.\n" msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" @@ -968,3 +968,10 @@ msgstr "Herstart in %d seconden!" #: src/tincd.c:385 msgid "Not restarting." msgstr "Geen herstart." + +#~ msgid "" +#~ "Appending key to existing contents.\n" +#~ "Make sure only one key is stored in the file." +#~ msgstr "" +#~ "Sleutel wordt toegevoegd aan bestaande inhoud.\n" +#~ "Let er op dat er slechts één sleutel in het bestand is.\n" diff --git a/src/tincd.c b/src/tincd.c index b1f0eb59..57482247 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.42 2001/01/13 16:36:23 guus Exp $ + $Id: tincd.c,v 1.10.4.43 2001/02/25 14:51:42 guus Exp $ */ #include "config.h" @@ -252,7 +252,7 @@ int keygen(int bits) return -1; if(ftell(f)) - fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.")); + fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); PEM_write_RSAPublicKey(f, rsa_key); fclose(f); @@ -263,7 +263,7 @@ int keygen(int bits) return -1; if(ftell(f)) - fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.")); + fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); fclose(f); From 38adc479a44b64afcb220cd757f77ab105cb9bcd Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 25 Feb 2001 15:34:50 +0000 Subject: [PATCH 348/923] Free node->data and node, not node->data twice. --- lib/list.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/list.c b/lib/list.c index bcee3858..3082406f 100644 --- a/lib/list.c +++ b/lib/list.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.8 2001/01/07 17:08:49 guus Exp $ + $Id: list.c,v 1.1.2.9 2001/02/25 15:34:50 guus Exp $ */ #include "config.h" @@ -60,7 +60,7 @@ void list_free_node(list_t *list, list_node_t *node) if(node->data && list->delete) list->delete(node->data); - free(node->data); + free(node); } /* Insertion and deletion */ From 9de5787574b21e94c80ddc60def2b3e514aff755 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 25 Feb 2001 16:04:00 +0000 Subject: [PATCH 349/923] Copy packets before putting them in the queue. --- src/net.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/net.c b/src/net.c index 5a456832..4a369ff7 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.94 2001/01/13 16:36:21 guus Exp $ + $Id: net.c,v 1.35.4.95 2001/02/25 16:04:00 guus Exp $ */ #include "config.h" @@ -202,6 +202,7 @@ int send_packet(ip_t to, vpn_packet_t *packet) { connection_t *cl; subnet_t *subnet; + vpn_packet_t *copy; cp if((subnet = lookup_subnet_ipv4(&to)) == NULL) { @@ -242,7 +243,13 @@ cp syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), cl->name, cl->hostname); - list_insert_tail(cl->queue, packet); + /* Since packet is on the stack of handle_tap_input(), + we have to make a copy of it first. */ + + copy = xmalloc(sizeof(vpn_packet_t)); + memcpy(copy, packet, sizeof(vpn_packet_t)); + + list_insert_tail(cl->queue, copy); if(!cl->status.waitingforkey) send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */ @@ -260,7 +267,7 @@ cp void flush_queue(connection_t *cl) { list_node_t *node, *next; - +cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("Flushing queue for %s (%s)"), cl->name, cl->hostname); @@ -270,6 +277,7 @@ void flush_queue(connection_t *cl) xsend(cl, (vpn_packet_t *)node->data); list_delete_node(cl->queue, node); } +cp } /* From 54881faf6fdbf04fb5ee56b7809439fbc50c65cb Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 25 Feb 2001 16:34:19 +0000 Subject: [PATCH 350/923] Encrypt network packets in CBC mode instead of CFB mode. (This breaks compatibility with all previous versions!) --- src/net.c | 6 +++--- src/protocol.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/net.c b/src/net.c index 4a369ff7..7ebe37bf 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.95 2001/02/25 16:04:00 guus Exp $ + $Id: net.c,v 1.35.4.96 2001/02/25 16:34:17 guus Exp $ */ #include "config.h" @@ -112,7 +112,7 @@ int xsend(connection_t *cl, vpn_packet_t *inpkt) cp outpkt.len = inpkt->len; - /* Encrypt the packet. FIXME: we should use CBC, not CFB. */ + /* Encrypt the packet. */ EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); @@ -816,7 +816,7 @@ cp cp /* Generate packet encryption key */ - myself->cipher_pkttype = EVP_bf_cfb(); + myself->cipher_pkttype = EVP_bf_cbc(); myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len; diff --git a/src/protocol.c b/src/protocol.c index 6da7c2cb..31d22064 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.79 2001/02/25 11:09:29 guus Exp $ + $Id: protocol.c,v 1.28.4.80 2001/02/25 16:34:19 guus Exp $ */ #include "config.h" @@ -613,7 +613,7 @@ cp cl->status.active = 1; cl->status.decryptin = 1; cl->nexthop = cl; - cl->cipher_pkttype = EVP_bf_cfb(); + cl->cipher_pkttype = EVP_bf_cbc(); cl->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; if(debug_lvl >= DEBUG_CONNECTIONS) @@ -929,7 +929,7 @@ cp new->nexthop = cl; new->status.active = 1; - new->cipher_pkttype = EVP_bf_cfb(); + new->cipher_pkttype = EVP_bf_cbc(); new->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; cp return 0; From 82455be966027a087a2ac23e3464594c81d7b111 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 25 Feb 2001 19:09:45 +0000 Subject: [PATCH 351/923] Implemented new authentication scheme from doc/SECURITY2. --- src/net.c | 4 +- src/protocol.c | 103 ++++++++++++------------------------------------- src/protocol.h | 7 ++-- 3 files changed, 30 insertions(+), 84 deletions(-) diff --git a/src/net.c b/src/net.c index 7ebe37bf..de1ac58c 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.96 2001/02/25 16:34:17 guus Exp $ + $Id: net.c,v 1.35.4.97 2001/02/25 19:09:41 guus Exp $ */ #include "config.h" @@ -1297,6 +1297,8 @@ cp } connection_add(ncn); + + send_id(ncn); cp return 0; } diff --git a/src/protocol.c b/src/protocol.c index 31d22064..a61e87bc 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.80 2001/02/25 16:34:19 guus Exp $ + $Id: protocol.c,v 1.28.4.81 2001/02/25 19:09:43 guus Exp $ */ #include "config.h" @@ -187,8 +187,6 @@ cp int send_id(connection_t *cl) { -cp - cl->allow_request = CHALLENGE; cp return send_request(cl, "%d %s %d %lx %hd", ID, myself->name, myself->protocol_version, myself->options, myself->port); } @@ -263,13 +261,14 @@ cp cl->port = port; avl_insert_node(connection_tree, node); - /* Read in the public key, so that we can send a challenge */ + /* Read in the public key, so that we can send a metakey */ if(read_rsa_public_key(cl)) return -1; + cl->allow_request = METAKEY; cp - return send_challenge(cl); + return send_metakey(cl); } int send_challenge(connection_t *cl) @@ -277,6 +276,8 @@ int send_challenge(connection_t *cl) char *buffer; int len, x; cp + /* CHECKME: what is most reasonable value for len? */ + len = RSA_size(cl->rsa_key); /* Allocate buffers for the challenge */ @@ -292,32 +293,15 @@ cp RAND_bytes(cl->hischallenge, len); - cl->hischallenge[0] &= 0x7F; /* Somehow if the first byte is more than 0xD0 or something like that, decryption fails... */ cp - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(cl->hischallenge, buffer, len); - buffer[len*2] = '\0'; - syslog(LOG_DEBUG, _("Generated random challenge (unencrypted): %s"), buffer); - } + /* Convert to hex */ - /* Encrypt the random data */ - - if(RSA_public_encrypt(len, cl->hischallenge, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */ - { - syslog(LOG_ERR, _("Error during encryption of challenge for %s (%s)"), cl->name, cl->hostname); - free(buffer); - return -1; - } -cp - /* Convert the encrypted random data to a hexadecimal formatted string */ - - bin2hex(buffer, buffer, len); + bin2hex(cl->hischallenge, buffer, len); buffer[len*2] = '\0'; + cp /* Send the challenge */ - cl->allow_request = CHAL_REPLY; x = send_request(cl, "%d %s", CHALLENGE, buffer); free(buffer); cp @@ -352,22 +336,9 @@ cp /* Convert the challenge from hexadecimal back to binary */ - hex2bin(buffer,buffer,len); + hex2bin(buffer,cl->mychallenge,len); - /* Decrypt the challenge */ - - if(RSA_private_decrypt(len, buffer, cl->mychallenge, myself->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ - { - syslog(LOG_ERR, _("Error during encryption of challenge for %s (%s)"), cl->name, cl->hostname); - return -1; - } - - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(cl->mychallenge, buffer, len); - buffer[len*2] = '\0'; - syslog(LOG_DEBUG, _("Received random challenge (unencrypted): %s"), buffer); - } + cl->allow_request = CHAL_REPLY; /* Rest is done by send_chal_reply() */ cp @@ -395,11 +366,6 @@ cp /* Send the reply */ - if(cl->status.outgoing) - cl->allow_request = ID; - else - cl->allow_request = METAKEY; - cp return send_request(cl, "%d %s", CHAL_REPLY, hash); } @@ -445,16 +411,11 @@ cp return -1; } - /* Identity has now been positively verified. - If we are accepting this new connection, then send our identity, - if we are making this connecting, acknowledge. + ack_h() handles the rest from now on. */ cp - if(cl->status.outgoing) - return send_metakey(cl); - else - return send_id(cl); + return ack_h(cl); } int send_metakey(connection_t *cl) @@ -503,15 +464,14 @@ cp /* Send the meta key */ - if(cl->status.outgoing) - cl->allow_request = METAKEY; - else - cl->allow_request = ACK; - x = send_request(cl, "%d %s", METAKEY, buffer); free(buffer); + /* Further outgoing requests are encrypted with the key we just generated */ + EVP_EncryptInit(cl->cipher_outctx, EVP_bf_cfb(), cl->cipher_outkey, cl->cipher_outkey + EVP_bf_cfb()->key_len); + + cl->status.encryptout = 1; cp return x; } @@ -564,26 +524,15 @@ cp syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); } + /* All incoming requests will now be encrypted. */ + EVP_DecryptInit(cl->cipher_inctx, EVP_bf_cfb(), cl->cipher_inkey, cl->cipher_inkey + EVP_bf_cfb()->key_len); -cp - if(cl->status.outgoing) - return send_ack(cl); - else - return send_metakey(cl); -} + cl->status.decryptin = 1; -int send_ack(connection_t *cl) -{ - int x; + cl->allow_request = CHALLENGE; cp - if(cl->status.outgoing) - cl->allow_request = ACK; - - x = send_request(cl, "%d", ACK); - cl->status.encryptout = 1; -cp - return x; + return send_challenge(cl); } int ack_h(connection_t *cl) @@ -611,7 +560,6 @@ cp cl->allow_request = ALL; cl->status.active = 1; - cl->status.decryptin = 1; cl->nexthop = cl; cl->cipher_pkttype = EVP_bf_cbc(); cl->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; @@ -620,9 +568,6 @@ cp syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); cp - if(!cl->status.outgoing) - send_ack(cl); - /* Check some options */ if((cfg = get_config_val(cl->config, config_indirectdata))) @@ -1349,7 +1294,7 @@ int tcppacket_h(connection_t *cl) /* Jumptable for the request handlers */ int (*request_handlers[])(connection_t*) = { - id_h, challenge_h, chal_reply_h, metakey_h, ack_h, + id_h, metakey_h, challenge_h, chal_reply_h, status_h, error_h, termreq_h, ping_h, pong_h, add_host_h, del_host_h, @@ -1361,7 +1306,7 @@ int (*request_handlers[])(connection_t*) = { /* Request names */ char (*request_name[]) = { - "ID", "CHALLENGE", "CHAL_REPLY", "METAKEY", "ACK", + "ID", "METAKEY", "CHALLENGE", "CHAL_REPLY", "STATUS", "ERROR", "TERMREQ", "PING", "PONG", "ADD_HOST", "DEL_HOST", diff --git a/src/protocol.h b/src/protocol.h index 16248c03..54cf67e5 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.19 2001/01/07 20:19:35 guus Exp $ + $Id: protocol.h,v 1.5.4.20 2001/02/25 19:09:45 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -30,13 +30,13 @@ incompatible version have different protocols. */ -#define PROT_CURRENT 8 +#define PROT_CURRENT 9 /* Request numbers */ enum { ALL = -1, /* Guardian for allow_request */ - ID = 0, CHALLENGE, CHAL_REPLY, METAKEY, ACK, + ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, STATUS, ERROR, TERMREQ, PING, PONG, ADD_HOST, DEL_HOST, @@ -57,7 +57,6 @@ extern int send_id(connection_t*); extern int send_challenge(connection_t*); extern int send_chal_reply(connection_t*); extern int send_metakey(connection_t*); -extern int send_ack(connection_t*); extern int send_status(connection_t*, int, char*); extern int send_error(connection_t*, int, char*); extern int send_termreq(connection_t*); From 4b0ad4d97abd3643c44f45841d52f3000a34ba60 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 25 Feb 2001 20:17:46 +0000 Subject: [PATCH 352/923] Added process.c to the translated files. --- po/POTFILES.in | 1 + po/es.po | 428 +++++++++++++++++++++++++++---------------------- po/nl.po | 371 ++++++++++++++++++++++++++---------------- 3 files changed, 470 insertions(+), 330 deletions(-) diff --git a/po/POTFILES.in b/po/POTFILES.in index a0744e1b..a60c42c9 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -13,3 +13,4 @@ src/netutl.c src/protocol.c src/subnet.c src/tincd.c +src/process.c diff --git a/po/es.po b/po/es.po index 2556fe29..83b66195 100644 --- a/po/es.po +++ b/po/es.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2001-02-25 15:08+0100\n" +"POT-Creation-Date: 2001-02-25 20:22+0100\n" "PO-Revision-Date: 2000-11-26 15:20+0000\n" "Last-Translator: Enrique Zanardi \n" "Language-Team: Spanish \n" @@ -121,7 +121,7 @@ msgstr "Enviando paquete de %d bytes a %s (%s)" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/meta.c:100 src/net.c:1029 +#: src/meta.c:100 src/net.c:1037 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Esto es un `bug': %s:%d: %d:%m %s (%s)" @@ -131,7 +131,7 @@ msgstr "Esto es un `bug': %s:%d: %d:%m %s (%s)" msgid "Metadata socket error for %s (%s): %s" msgstr "Error en el `socket' de datos salientes para %s (%s): %s" -#: src/meta.c:123 src/protocol.c:1332 +#: src/meta.c:123 src/protocol.c:1277 #, fuzzy, c-format msgid "Connection closed by %s (%s)" msgstr "Cerrando conexión con %s (%s)" @@ -176,297 +176,298 @@ msgstr "No puedo escribir en el dispositivo tap: %m" msgid "Can't write to ethertap device: %m" msgstr "No puedo escribir en el dispositivo tap: %m" -#: src/net.c:210 +#: src/net.c:211 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "¡Error intentando buscar %d.%d.%d.%d en la lista de conexiones!" -#: src/net.c:223 +#: src/net.c:224 #, c-format msgid "Packet with destination %d.%d.%d.%d is looping back to us!" msgstr "" -#: src/net.c:233 +#: src/net.c:234 #, fuzzy, c-format msgid "%s (%s) is not active, dropping packet" msgstr "%s (%s) no está listo, poniendo el paquete en cola" -#: src/net.c:242 +#: src/net.c:243 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "No conozco ninguna clave válida para %s (%s) aún, pongo el paquete en cola" -#: src/net.c:265 +#: src/net.c:272 #, fuzzy, c-format msgid "Flushing queue for %s (%s)" msgstr "Vaciando la cola de envíos para %s (%s)" -#: src/net.c:311 +#: src/net.c:319 #, c-format msgid "Could not open %s: %m" msgstr "No pude abrir %s: %m" -#: src/net.c:340 +#: src/net.c:348 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s es un dispositivo tun/tap del nuevo estilo" -#: src/net.c:365 +#: src/net.c:373 #, c-format msgid "Creating metasocket failed: %m" msgstr "Fallo al crear el metasocket: %m" -#: src/net.c:372 src/net.c:380 src/net.c:389 src/net.c:423 src/net.c:451 -#: src/net.c:460 src/net.c:514 src/net.c:987 src/net.c:996 src/net.c:1054 +#: src/net.c:380 src/net.c:388 src/net.c:397 src/net.c:431 src/net.c:459 +#: src/net.c:468 src/net.c:522 src/net.c:995 src/net.c:1004 src/net.c:1062 +#: src/process.c:239 src/process.c:275 #, c-format msgid "System call `%s' failed: %m" msgstr "" -#: src/net.c:399 +#: src/net.c:407 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "No puedo enlazar (bind) el `socket' de escucha a la interfaz %s: %m" -#: src/net.c:416 +#: src/net.c:424 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "No puedo enlazar (bind) al puerto %hd/tcp: %m" -#: src/net.c:444 +#: src/net.c:452 #, c-format msgid "Creating socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:473 src/net.c:1009 +#: src/net.c:481 src/net.c:1017 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "No puedo enlazar (bind) al puerto %hd/udp: %m" -#: src/net.c:490 +#: src/net.c:498 #, c-format msgid "Trying to connect to %s" msgstr "Intentando conectar con %s" -#: src/net.c:500 +#: src/net.c:508 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Error al crear el `socket' para %s puerto %d: %m" -#: src/net.c:525 +#: src/net.c:533 #, c-format msgid "%s port %hd: %m" msgstr "%s puerto %hd: %m" -#: src/net.c:533 +#: src/net.c:541 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl() para %s puerto %d: %m" -#: src/net.c:539 +#: src/net.c:547 #, c-format msgid "Connected to %s port %hd" msgstr "Conectado a %s puerto %hd" -#: src/net.c:558 +#: src/net.c:566 msgid "Invalid name for outgoing connection" msgstr "Nombre no válido para conexión saliente" -#: src/net.c:567 +#: src/net.c:575 #, c-format msgid "Error reading host configuration file for %s" msgstr "Error leyendo el fichero de configuración del `host' para %s" -#: src/net.c:574 +#: src/net.c:582 #, c-format msgid "No address specified for %s" msgstr "No se especificó dirección para %s" -#: src/net.c:581 +#: src/net.c:589 #, c-format msgid "Error looking up `%s': %m" msgstr "Error buscando `%s': %m" -#: src/net.c:591 +#: src/net.c:599 #, c-format msgid "Could not set up a meta connection to %s" msgstr "No he podido configurar una meta conexión a %s" -#: src/net.c:636 +#: src/net.c:644 #, fuzzy, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/net.c:644 +#: src/net.c:652 #, fuzzy, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Error recibiendo paquete: %m" #. Nothing worked. -#: src/net.c:670 +#: src/net.c:678 #, c-format msgid "No public key for %s specified!" msgstr "" -#: src/net.c:693 +#: src/net.c:701 #, fuzzy, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/net.c:701 +#: src/net.c:709 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "" -#: src/net.c:708 +#: src/net.c:716 #, fuzzy msgid "No private key for tinc daemon specified!" msgstr "¡Se requiere un nombre para el demonio tinc!" -#: src/net.c:732 +#: src/net.c:740 msgid "Name for tinc daemon required!" msgstr "¡Se requiere un nombre para el demonio tinc!" -#: src/net.c:740 +#: src/net.c:748 msgid "Invalid name for myself!" msgstr "¡Nombre no válido para mí!" -#: src/net.c:749 +#: src/net.c:757 msgid "Cannot open host configuration file for myself!" msgstr "¡No puedo abrir el fichero de configuración de `host' para mí!" -#: src/net.c:790 +#: src/net.c:798 msgid "Network address and subnet mask do not match!" msgstr "" -#: src/net.c:799 +#: src/net.c:807 #, fuzzy msgid "Unable to set up a listening TCP socket!" msgstr "¡No puedo configurar un `socket' a la escucha!" -#: src/net.c:805 +#: src/net.c:813 #, fuzzy msgid "Unable to set up a listening UDP socket!" msgstr "¡No puedo configurar un `socket' a la escucha!" -#: src/net.c:842 +#: src/net.c:850 #, c-format msgid "Ready: listening on port %hd" msgstr "Listo: escuchando en el puerto %hd" -#: src/net.c:874 +#: src/net.c:882 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Sigo sin poder conectar con el otro, lo reintentaré en %d segundos." -#: src/net.c:925 +#: src/net.c:933 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Intento re-establecer la conexión saliente en %d segundos" -#: src/net.c:975 +#: src/net.c:983 #, c-format msgid "Opening UDP socket to %s" msgstr "Abriendo `socket' UDP a %s" -#: src/net.c:980 +#: src/net.c:988 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Error al crear el `socket' UDP: %m" -#: src/net.c:1020 +#: src/net.c:1028 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Error al conectar a %s puerto %d: %m" -#: src/net.c:1071 +#: src/net.c:1079 #, c-format msgid "Connection from %s port %d" msgstr "Conexión desde %s puerto %d" -#: src/net.c:1119 +#: src/net.c:1127 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Esto es un `bug': %s:%d: %d:%m" -#: src/net.c:1125 +#: src/net.c:1133 #, c-format msgid "Incoming data socket error: %s" msgstr "Error en el `socket' de recepción de datos: %s" -#: src/net.c:1131 +#: src/net.c:1139 #, c-format msgid "Receiving packet failed: %m" msgstr "Error recibiendo paquete: %m" -#: src/net.c:1139 +#: src/net.c:1147 #, c-format msgid "Received UDP packets on port %hd from unknown source %x:%hd" msgstr "" -#: src/net.c:1145 +#: src/net.c:1153 #, fuzzy, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Enviando paquete de %d bytes a %s (%s)" -#: src/net.c:1167 +#: src/net.c:1175 #, c-format msgid "Closing connection with %s (%s)" msgstr "Cerrando conexión con %s (%s)" -#: src/net.c:1217 +#: src/net.c:1225 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:1252 +#: src/net.c:1260 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) no respondió al PING" -#: src/net.c:1279 +#: src/net.c:1287 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Error al aceptar una nueva conexión: %m" -#: src/net.c:1287 +#: src/net.c:1295 msgid "Closed attempted connection" msgstr "Se ha cerrado la conexión que se intentaba realizar." -#: src/net.c:1342 +#: src/net.c:1352 #, fuzzy, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1351 +#: src/net.c:1361 #, fuzzy, c-format msgid "Error while reading from ethertap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1362 +#: src/net.c:1372 msgid "Received short packet from tap device" msgstr "" -#: src/net.c:1368 +#: src/net.c:1378 #, c-format msgid "Read packet of length %d from tap device" msgstr "" -#: src/net.c:1400 +#: src/net.c:1410 #, c-format msgid "Error while waiting for input: %m" msgstr "Error esperando entrada: %m" -#: src/net.c:1407 +#: src/net.c:1417 #, fuzzy msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." -#: src/net.c:1414 +#: src/net.c:1424 #, fuzzy msgid "Unable to reread configuration file, exiting" msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." -#: src/net.c:1440 +#: src/net.c:1450 #, fuzzy msgid "Regenerating symmetric key" msgstr "Generando claves de %d bits" @@ -511,258 +512,243 @@ msgstr "Error al procesar %s desde %s (%s)" msgid "Bogus data received from %s (%s)" msgstr "Se han recibido datos sin sentido desde %s (%s)." -#: src/protocol.c:205 +#: src/protocol.c:203 #, c-format msgid "Got bad ID from %s" msgstr "Recibí una ID incorrecta desde %s" -#: src/protocol.c:213 +#: src/protocol.c:211 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "La máquina remota %s (%s) usa una versión (%d) incompatible." -#: src/protocol.c:222 +#: src/protocol.c:220 #, c-format msgid "Peer %s uses invalid identity name" msgstr "La máquina remota %s usa un nombre de identidad no válido" -#: src/protocol.c:234 +#: src/protocol.c:232 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "La máquina remota %s tiene una identidad desconocida (%s)" -#: src/protocol.c:248 +#: src/protocol.c:246 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "El enlace %s (%s) ya está en nuestra lista de conexiones." -#: src/protocol.c:301 -#, c-format -msgid "Generated random challenge (unencrypted): %s" -msgstr "" - -#: src/protocol.c:308 src/protocol.c:361 -#, fuzzy, c-format -msgid "Error during encryption of challenge for %s (%s)" -msgstr "Error leyendo el fichero de configuración del `host' para %s" - -#: src/protocol.c:334 +#: src/protocol.c:318 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Recibí CHALLENGE incorrecta desde %s (%s)" -#: src/protocol.c:344 +#: src/protocol.c:328 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" -#: src/protocol.c:369 -#, c-format -msgid "Received random challenge (unencrypted): %s" -msgstr "" - -#: src/protocol.c:383 +#: src/protocol.c:354 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Intento enviar CHAL_REPLY a %s (%s) sin un CHALLENGE válido" -#: src/protocol.c:414 +#: src/protocol.c:380 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Recibí CHAL_REPLY incorrecta desde %s (%s)" -#: src/protocol.c:422 +#: src/protocol.c:388 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Intruso: longitud de respuesta de desafío incorrecta desde %s (%s)" -#: src/protocol.c:438 +#: src/protocol.c:404 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Intruso: respuesta de desafío incorrecta desde %s (%s)" -#: src/protocol.c:443 +#: src/protocol.c:409 #, c-format msgid "Expected challenge reply: %s" msgstr "" -#: src/protocol.c:487 +#: src/protocol.c:448 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "" -#: src/protocol.c:494 src/protocol.c:556 +#: src/protocol.c:455 src/protocol.c:516 #, fuzzy, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Error enviando paquete a %s (%s): %m" -#: src/protocol.c:526 +#: src/protocol.c:486 #, fuzzy, c-format msgid "Got bad METAKEY from %s (%s)" msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" -#: src/protocol.c:536 +#: src/protocol.c:496 #, fuzzy, c-format msgid "Intruder: wrong meta key length from %s (%s)" msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" -#: src/protocol.c:564 +#: src/protocol.c:524 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "" -#: src/protocol.c:604 +#: src/protocol.c:553 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Eliminando el registro viejo para %s en %s en favor de la nueva conexión " "desde %s" -#: src/protocol.c:620 +#: src/protocol.c:568 #, c-format msgid "Connection with %s (%s) activated" msgstr "Activada la conexión con %s (%s)." -#: src/protocol.c:705 +#: src/protocol.c:650 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s)" -#: src/protocol.c:713 +#: src/protocol.c:658 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "" "Recibí ADD_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:721 +#: src/protocol.c:666 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s): cadena de subred no válida" -#: src/protocol.c:729 +#: src/protocol.c:674 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "" "Aviso: recibí ADD_SUBNET desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:739 +#: src/protocol.c:684 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Recibí ADD_SUBNET para %s desde %s (%s) que no está en nuestra lista de " "conexiones" -#: src/protocol.c:787 +#: src/protocol.c:732 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s)" -#: src/protocol.c:795 +#: src/protocol.c:740 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "" "Recibí DEL_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:803 +#: src/protocol.c:748 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s): cadena de subred no válida" -#: src/protocol.c:813 +#: src/protocol.c:758 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "" "Aviso: recibí DEL_SUBNET desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:823 +#: src/protocol.c:768 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Recibí DEL_SUBNET para %s desde %s (%s) que no está en nuestra lista de " "conexiones" -#: src/protocol.c:864 +#: src/protocol.c:809 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Recibí ADD_HOST incorrecta desde %s (%s)" -#: src/protocol.c:872 +#: src/protocol.c:817 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "" "Recibí ADD_HOST incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:881 +#: src/protocol.c:826 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Aviso: recibí ADD_HOST desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:898 +#: src/protocol.c:843 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Recibí un ADD_HOST duplicado desde %s (%s) para %s (%s)" -#: src/protocol.c:906 +#: src/protocol.c:851 #, fuzzy, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Eliminando el registro viejo para %s en %s en favor de la nueva conexión " "desde %s" -#: src/protocol.c:957 +#: src/protocol.c:902 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Recibí DEL_HOST incorrecta desde %s (%s)" -#: src/protocol.c:966 +#: src/protocol.c:911 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "" "Recibí DEL_HOST incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:974 +#: src/protocol.c:919 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Aviso: recibí DEL_HOST desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:984 +#: src/protocol.c:929 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Recibí DEL_HOST desde %s (%s) para %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:993 +#: src/protocol.c:938 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Recibí DEL_HOST desde %s (%s) para %s que no concuerda" -#: src/protocol.c:1032 +#: src/protocol.c:977 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Recibí STATUS incorrecta desde %s (%s)" -#: src/protocol.c:1039 +#: src/protocol.c:984 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Mensaje de status desde %s (%s): %s: %s" -#: src/protocol.c:1062 +#: src/protocol.c:1007 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Recibí ERROR incorrecta desde %s (%s)" -#: src/protocol.c:1069 +#: src/protocol.c:1014 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Mensaje de error desde %s (%s): %s: %s" -#: src/protocol.c:1146 +#: src/protocol.c:1091 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Recibí KEY_CHANGED incorrecto desde %s (%s)" -#: src/protocol.c:1153 +#: src/protocol.c:1098 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -771,12 +757,12 @@ msgstr "" "Recibí KEY_CHANGED desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1182 +#: src/protocol.c:1127 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1189 +#: src/protocol.c:1134 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -785,7 +771,7 @@ msgstr "" "Recibí REQ_KEY desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1206 +#: src/protocol.c:1151 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -794,12 +780,12 @@ msgstr "" "Recibí REQ_KEY desde %s (%s) destino %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1242 +#: src/protocol.c:1187 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Recibí ANS_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1249 +#: src/protocol.c:1194 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -808,12 +794,12 @@ msgstr "" "Recibí ANS_KEY desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1260 +#: src/protocol.c:1205 #, fuzzy, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "Recibí ANS_KEY incorrecta desde %s (%s) origen %s: clave no válida" -#: src/protocol.c:1271 +#: src/protocol.c:1216 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -822,12 +808,12 @@ msgstr "" "Recibí ANS_KEY desde %s (%s) destino %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1316 +#: src/protocol.c:1261 #, fuzzy, c-format msgid "Got bad PACKET from %s (%s)" msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1337 +#: src/protocol.c:1282 #, fuzzy, c-format msgid "Error during reception of PACKET from %s (%s): %m" msgstr "Error enviando paquete a %s (%s): %m" @@ -972,11 +958,129 @@ msgstr "Error irrecuperable" msgid "Restarting in %d seconds!" msgstr "¡Reiniciando en %d segundos!" -#: src/tincd.c:385 +#: src/process.c:338 src/tincd.c:385 #, fuzzy msgid "Not restarting." msgstr "¡Aayyy! No reinicio." +#: src/process.c:60 +#, fuzzy, c-format +msgid "Memory exhausted (couldn't allocate %d bytes), exiting." +msgstr "" +"Memoria agotada (la última es %s:%d) (no pude asignar %d bytes), terminando." + +#: src/process.c:88 +#, c-format +msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" +msgstr "" +"Total de bytes escritos: tap %d, socket %d; bytes leidos: tap %d, socket %d." + +#: src/process.c:91 +msgid "Terminating" +msgstr "Terminando" + +#: src/process.c:107 +#, c-format +msgid "A tincd is already running for net `%s' with pid %d.\n" +msgstr "" +"Un tincd está actualmente en ejecución para la red `%s' con el pid %d.\n" + +#: src/process.c:110 +#, c-format +msgid "A tincd is already running with pid %d.\n" +msgstr "Un tincd está actualmente en ejecución con el pid %d.\n" + +#: src/process.c:131 +#, c-format +msgid "No other tincd is running for net `%s'.\n" +msgstr "No hay ningún otro tincd en ejecución para la red `%s'.\n" + +#: src/process.c:133 +msgid "No other tincd is running.\n" +msgstr "No hay ningún otro tincd en ejecución.\n" + +#: src/process.c:140 +msgid "Removing stale lock file.\n" +msgstr "Borrando fichero de bloqueo en desuso.\n" + +#: src/process.c:167 +#, c-format +msgid "Couldn't detach from terminal: %m" +msgstr "" + +#: src/process.c:180 +#, c-format +msgid "tincd %s (%s %s) starting, debug level %d" +msgstr "tincd %s (%s %s) comenzando, nivel de depuración %d." + +#: src/process.c:183 +#, c-format +msgid "tincd %s starting" +msgstr "tincd %s comenzando" + +#: src/process.c:247 +#, c-format +msgid "Executing script %s" +msgstr "" + +#: src/process.c:255 +#, c-format +msgid "Process %d (%s) exited with non-zero status %d" +msgstr "" + +#: src/process.c:263 +#, c-format +msgid "Process %d (%s) was killed by signal %d (%s)" +msgstr "" + +#: src/process.c:269 +#, c-format +msgid "Process %d (%s) terminated abnormally" +msgstr "" + +#: src/process.c:294 +msgid "Got TERM signal" +msgstr "Recibí la señal TERM" + +#: src/process.c:303 +msgid "Got QUIT signal" +msgstr "Recibí la señal QUIT" + +#: src/process.c:310 +msgid "Got another SEGV signal: not restarting" +msgstr "Recibí otra señal SEGV: no reinicio" + +#: src/process.c:319 +msgid "Got SEGV signal" +msgstr "Recibí la señal SEGV" + +#: src/process.c:324 +msgid "Trying to re-execute in 5 seconds..." +msgstr "Intento re-ejecutar en 5 segundos." + +#: src/process.c:347 +#, fuzzy +msgid "Got HUP signal" +msgstr "Recibí la señal QUIT" + +#: src/process.c:355 +msgid "Got INT signal, exiting" +msgstr "Recibí la señal INT, saliendo" + +#: src/process.c:374 +#, c-format +msgid "Got unexpected signal %d (%s)" +msgstr "Recibí una señal inesperada %d (%s)." + +#: src/process.c:419 +#, c-format +msgid "Installing signal handler for signal %d (%s) failed: %m\n" +msgstr "" + +#, fuzzy +#~ msgid "Error during encryption of challenge for %s (%s)" +#~ msgstr "Error leyendo el fichero de configuración del `host' para %s" + #~ msgid "Queue flushed" #~ msgstr "Cola vaciada" @@ -1062,9 +1166,6 @@ msgstr " #~ msgid "Unable to set up an incoming vpn data socket!" #~ msgstr "¡No puedo configurar un `socket' para recibir datos de la vpn!" -#~ msgid "Terminating" -#~ msgstr "Terminando" - #~ msgid "Error: getpeername: %m" #~ msgstr "Error: getpeername(): %m" @@ -1100,58 +1201,5 @@ msgstr " #~ msgid "Invalid timeout value `%s'.\n" #~ msgstr "Valor de timeout `%s' no válido.\n" -#~ msgid "" -#~ "Memory exhausted (last is %s:%d) (couldn't allocate %d bytes), exiting." -#~ msgstr "" -#~ "Memoria agotada (la última es %s:%d) (no pude asignar %d bytes), terminando." - -#~ msgid "tincd %s (%s %s) starting, debug level %d" -#~ msgstr "tincd %s (%s %s) comenzando, nivel de depuración %d." - -#~ msgid "tincd %s starting" -#~ msgstr "tincd %s comenzando" - -#~ msgid "" -#~ "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" -#~ msgstr "" -#~ "Total de bytes escritos: tap %d, socket %d; bytes leidos: tap %d, socket %d." - -#~ msgid "A tincd is already running for net `%s' with pid %d.\n" -#~ msgstr "" -#~ "Un tincd está actualmente en ejecución para la red `%s' con el pid %d.\n" - -#~ msgid "A tincd is already running with pid %d.\n" -#~ msgstr "Un tincd está actualmente en ejecución con el pid %d.\n" - -#~ msgid "No other tincd is running for net `%s'.\n" -#~ msgstr "No hay ningún otro tincd en ejecución para la red `%s'.\n" - -#~ msgid "No other tincd is running.\n" -#~ msgstr "No hay ningún otro tincd en ejecución.\n" - -#~ msgid "Removing stale lock file.\n" -#~ msgstr "Borrando fichero de bloqueo en desuso.\n" - -#~ msgid "Got TERM signal" -#~ msgstr "Recibí la señal TERM" - -#~ msgid "Got QUIT signal" -#~ msgstr "Recibí la señal QUIT" - -#~ msgid "Got another SEGV signal: not restarting" -#~ msgstr "Recibí otra señal SEGV: no reinicio" - -#~ msgid "Got SEGV signal" -#~ msgstr "Recibí la señal SEGV" - -#~ msgid "Trying to re-execute in 5 seconds..." -#~ msgstr "Intento re-ejecutar en 5 segundos." - -#~ msgid "Got INT signal, exiting" -#~ msgstr "Recibí la señal INT, saliendo" - #~ msgid "Got USR2 signal, forcing new key generation" #~ msgstr "Recibí la señal USR2, forzando generación de nueva clave" - -#~ msgid "Got unexpected signal %d (%s)" -#~ msgstr "Recibí una señal inesperada %d (%s)." diff --git a/po/nl.po b/po/nl.po index 0a82c75c..5addbdbb 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre4\n" -"POT-Creation-Date: 2001-02-25 15:08+0100\n" +"POT-Creation-Date: 2001-02-25 20:22+0100\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -124,7 +124,7 @@ msgstr "Verzenden van %d bytes metadata naar %s (%s): %s" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:100 src/net.c:1029 +#: src/meta.c:100 src/net.c:1037 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" @@ -134,7 +134,7 @@ msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s): %s" -#: src/meta.c:123 src/protocol.c:1332 +#: src/meta.c:123 src/protocol.c:1277 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" @@ -179,293 +179,294 @@ msgstr "Kan niet naar tun/tap apparaat schrijven: %m" msgid "Can't write to ethertap device: %m" msgstr "Kan niet naar ethertap apparaat schrijven: %m" -#: src/net.c:210 +#: src/net.c:211 #, c-format msgid "Trying to look up %d.%d.%d.%d in connection list failed!" msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" -#: src/net.c:223 +#: src/net.c:224 #, c-format msgid "Packet with destination %d.%d.%d.%d is looping back to us!" msgstr "Pakket met doeladres %d.%d.%d.%d komt terug naar ons!" -#: src/net.c:233 +#: src/net.c:234 #, c-format msgid "%s (%s) is not active, dropping packet" msgstr "%s (%s) is niet actief, pakket wordt genegeerd" -#: src/net.c:242 +#: src/net.c:243 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net.c:265 +#: src/net.c:272 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net.c:311 +#: src/net.c:319 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" -#: src/net.c:340 +#: src/net.c:348 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s is een nieuwe stijl tun/tap apparaat" -#: src/net.c:365 +#: src/net.c:373 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:372 src/net.c:380 src/net.c:389 src/net.c:423 src/net.c:451 -#: src/net.c:460 src/net.c:514 src/net.c:987 src/net.c:996 src/net.c:1054 +#: src/net.c:380 src/net.c:388 src/net.c:397 src/net.c:431 src/net.c:459 +#: src/net.c:468 src/net.c:522 src/net.c:995 src/net.c:1004 src/net.c:1062 +#: src/process.c:239 src/process.c:275 #, c-format msgid "System call `%s' failed: %m" msgstr "Systeemaanroep `%s' mislukte: %m" -#: src/net.c:399 +#: src/net.c:407 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:416 +#: src/net.c:424 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:444 +#: src/net.c:452 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:473 src/net.c:1009 +#: src/net.c:481 src/net.c:1017 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:490 +#: src/net.c:498 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:500 +#: src/net.c:508 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:525 +#: src/net.c:533 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:533 +#: src/net.c:541 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:539 +#: src/net.c:547 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:558 +#: src/net.c:566 msgid "Invalid name for outgoing connection" msgstr "Ongelige naam voor uitgaande verbinding" -#: src/net.c:567 +#: src/net.c:575 #, c-format msgid "Error reading host configuration file for %s" msgstr "Fout tijdens lezen host configuratie bestand voor %s" -#: src/net.c:574 +#: src/net.c:582 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:581 +#: src/net.c:589 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:591 +#: src/net.c:599 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:636 +#: src/net.c:644 #, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %m" -#: src/net.c:644 +#: src/net.c:652 #, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %m" #. Nothing worked. -#: src/net.c:670 +#: src/net.c:678 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net.c:693 +#: src/net.c:701 #, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" -#: src/net.c:701 +#: src/net.c:709 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" # -#: src/net.c:708 +#: src/net.c:716 msgid "No private key for tinc daemon specified!" msgstr "Geen privé sleutel voor tinc daemon gespecificeerd!" -#: src/net.c:732 +#: src/net.c:740 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:740 +#: src/net.c:748 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:749 +#: src/net.c:757 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:790 +#: src/net.c:798 msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" -#: src/net.c:799 +#: src/net.c:807 msgid "Unable to set up a listening TCP socket!" msgstr "Kon geen TCP luistersocket aanmaken!" -#: src/net.c:805 +#: src/net.c:813 msgid "Unable to set up a listening UDP socket!" msgstr "Kon geen UDP luistersocket aanmaken!" -#: src/net.c:842 +#: src/net.c:850 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:874 +#: src/net.c:882 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:925 +#: src/net.c:933 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:975 +#: src/net.c:983 #, c-format msgid "Opening UDP socket to %s" msgstr "Bezig met openen UDP socket naar %s" -#: src/net.c:980 +#: src/net.c:988 #, c-format msgid "Creating UDP socket failed: %m" msgstr "Aanmaak UDP socket mislukte: %m" -#: src/net.c:1020 +#: src/net.c:1028 #, c-format msgid "Connecting to %s port %d failed: %m" msgstr "Verbinding naar %s poort %d mislukt: %m" -#: src/net.c:1071 +#: src/net.c:1079 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1119 +#: src/net.c:1127 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1125 +#: src/net.c:1133 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1131 +#: src/net.c:1139 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1139 +#: src/net.c:1147 #, c-format msgid "Received UDP packets on port %hd from unknown source %x:%hd" msgstr "Ontvangst UDP pakket op poort %hd van onbekende oorsprong %x:%hd" -#: src/net.c:1145 +#: src/net.c:1153 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net.c:1167 +#: src/net.c:1175 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1217 +#: src/net.c:1225 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:1252 +#: src/net.c:1260 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1279 +#: src/net.c:1287 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1287 +#: src/net.c:1295 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1342 +#: src/net.c:1352 #, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1351 +#: src/net.c:1361 #, c-format msgid "Error while reading from ethertap device: %m" msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1362 +#: src/net.c:1372 msgid "Received short packet from tap device" msgstr "Kort pakket ontvangen van tap apparaat" -#: src/net.c:1368 +#: src/net.c:1378 #, c-format msgid "Read packet of length %d from tap device" msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1400 +#: src/net.c:1410 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1407 +#: src/net.c:1417 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1414 +#: src/net.c:1424 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1440 +#: src/net.c:1450 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" @@ -509,250 +510,235 @@ msgstr "Fout tijdens afhandelen %s van %s (%s)" msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:205 +#: src/protocol.c:203 #, c-format msgid "Got bad ID from %s" msgstr "Kreeg ongeldige ID van %s" -#: src/protocol.c:213 +#: src/protocol.c:211 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:222 +#: src/protocol.c:220 #, c-format msgid "Peer %s uses invalid identity name" msgstr "Ander %s gebruikt een ongeldige identiteitsnaam" -#: src/protocol.c:234 +#: src/protocol.c:232 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft een onbekende identiteit (%s)" -#: src/protocol.c:248 +#: src/protocol.c:246 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "%s (%s) staat al in onze verbindingslijst" -#: src/protocol.c:301 -#, c-format -msgid "Generated random challenge (unencrypted): %s" -msgstr "Uitdaging gegenereerd (niet versleuteld): %s" - -#: src/protocol.c:308 src/protocol.c:361 -#, c-format -msgid "Error during encryption of challenge for %s (%s)" -msgstr "Fout tijdens versleuteling van uitdaging voor %s (%s)" - -#: src/protocol.c:334 +#: src/protocol.c:318 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" -#: src/protocol.c:344 +#: src/protocol.c:328 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" -#: src/protocol.c:369 -#, c-format -msgid "Received random challenge (unencrypted): %s" -msgstr "Uitdaging ontvangen (niet versleuteld): %s" - -#: src/protocol.c:383 +#: src/protocol.c:354 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" -#: src/protocol.c:414 +#: src/protocol.c:380 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" -#: src/protocol.c:422 +#: src/protocol.c:388 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" -#: src/protocol.c:438 +#: src/protocol.c:404 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" -#: src/protocol.c:443 +#: src/protocol.c:409 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwacht antwoord op uitdaging: %s" -#: src/protocol.c:487 +#: src/protocol.c:448 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "Meta sleutel gegenereerd (niet versleuteld): %s" -#: src/protocol.c:494 src/protocol.c:556 +#: src/protocol.c:455 src/protocol.c:516 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleuteling van meta sleutel voor %s (%s)" -#: src/protocol.c:526 +#: src/protocol.c:486 #, c-format msgid "Got bad METAKEY from %s (%s)" msgstr "Kreeg ongeldige METAKEY van %s (%s)" -#: src/protocol.c:536 +#: src/protocol.c:496 #, c-format msgid "Intruder: wrong meta key length from %s (%s)" msgstr "Indringer: verkeerde lengte voor meta sleutel van %s (%s)" -#: src/protocol.c:564 +#: src/protocol.c:524 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Meta sleutel ontvangen (niet versleuteld): %s" -#: src/protocol.c:604 +#: src/protocol.c:553 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:620 +#: src/protocol.c:568 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:705 +#: src/protocol.c:650 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" -#: src/protocol.c:713 +#: src/protocol.c:658 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:721 +#: src/protocol.c:666 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" -#: src/protocol.c:729 +#: src/protocol.c:674 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:739 +#: src/protocol.c:684 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg ADD_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:787 +#: src/protocol.c:732 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" -#: src/protocol.c:795 +#: src/protocol.c:740 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:803 +#: src/protocol.c:748 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:813 +#: src/protocol.c:758 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:823 +#: src/protocol.c:768 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg DEL_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:864 +#: src/protocol.c:809 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:872 +#: src/protocol.c:817 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:881 +#: src/protocol.c:826 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:898 +#: src/protocol.c:843 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:906 +#: src/protocol.c:851 #, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe verbinding" -#: src/protocol.c:957 +#: src/protocol.c:902 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:966 +#: src/protocol.c:911 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:974 +#: src/protocol.c:919 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:984 +#: src/protocol.c:929 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:993 +#: src/protocol.c:938 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:1032 +#: src/protocol.c:977 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:1039 +#: src/protocol.c:984 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:1062 +#: src/protocol.c:1007 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:1069 +#: src/protocol.c:1014 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:1146 +#: src/protocol.c:1091 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:1153 +#: src/protocol.c:1098 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -761,12 +747,12 @@ msgstr "" "Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1182 +#: src/protocol.c:1127 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:1189 +#: src/protocol.c:1134 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -775,7 +761,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1206 +#: src/protocol.c:1151 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -783,12 +769,12 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1242 +#: src/protocol.c:1187 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:1249 +#: src/protocol.c:1194 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -797,13 +783,13 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1260 +#: src/protocol.c:1205 #, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "" "Kreeg ongeldige ADD_KEY van %s (%s) herkomst %s: ongeldige sleutellengte" -#: src/protocol.c:1271 +#: src/protocol.c:1216 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -811,12 +797,12 @@ msgid "" msgstr "" "Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1316 +#: src/protocol.c:1261 #, c-format msgid "Got bad PACKET from %s (%s)" msgstr "Kreeg ongeldig PAKKET van %s (%s)" -#: src/protocol.c:1337 +#: src/protocol.c:1282 #, c-format msgid "Error during reception of PACKET from %s (%s): %m" msgstr "Fout bij het ontvangen van PAKKET van %s (%s)" @@ -965,13 +951,118 @@ msgstr "Onherstelbare fout" msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:385 +#: src/process.c:338 src/tincd.c:385 msgid "Not restarting." msgstr "Geen herstart." -#~ msgid "" -#~ "Appending key to existing contents.\n" -#~ "Make sure only one key is stored in the file." -#~ msgstr "" -#~ "Sleutel wordt toegevoegd aan bestaande inhoud.\n" -#~ "Let er op dat er slechts één sleutel in het bestand is.\n" +#: src/process.c:60 +#, c-format +msgid "Memory exhausted (couldn't allocate %d bytes), exiting." +msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." + +#: src/process.c:88 +#, c-format +msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" +msgstr "" +"Totaal aantal bytes geschreven: tap %d, socket %d; bytes read: tap %d, " +"socket %d" + +#: src/process.c:91 +msgid "Terminating" +msgstr "Beëindigen" + +#: src/process.c:107 +#, c-format +msgid "A tincd is already running for net `%s' with pid %d.\n" +msgstr "Een tincd draait al voor net `%s' met pid %d.\n" + +#: src/process.c:110 +#, c-format +msgid "A tincd is already running with pid %d.\n" +msgstr "Een tincd draait al met pid %d.\n" + +#: src/process.c:131 +#, c-format +msgid "No other tincd is running for net `%s'.\n" +msgstr "Geen andere tincd draait voor net `%s'.\n" + +#: src/process.c:133 +msgid "No other tincd is running.\n" +msgstr "Geen andere tincd draait.\n" + +#: src/process.c:140 +msgid "Removing stale lock file.\n" +msgstr "Verwijdering oud vergrendelingsbestand.\n" + +#: src/process.c:167 +#, c-format +msgid "Couldn't detach from terminal: %m" +msgstr "Kon niet ontkoppelen van terminal: %m" + +#: src/process.c:180 +#, c-format +msgid "tincd %s (%s %s) starting, debug level %d" +msgstr "tincd %s (%s %s) start, debug niveau %d" + +#: src/process.c:183 +#, c-format +msgid "tincd %s starting" +msgstr "tincd %s wordt gestart" + +#: src/process.c:247 +#, c-format +msgid "Executing script %s" +msgstr "Uitvoeren script %s" + +#: src/process.c:255 +#, c-format +msgid "Process %d (%s) exited with non-zero status %d" +msgstr "Proces %d (%s) beëindigde met status %d" + +#: src/process.c:263 +#, c-format +msgid "Process %d (%s) was killed by signal %d (%s)" +msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" + +#: src/process.c:269 +#, c-format +msgid "Process %d (%s) terminated abnormally" +msgstr "Proces %d (%s) abnormaal beëindigd" + +#: src/process.c:294 +msgid "Got TERM signal" +msgstr "Kreeg TERM signaal" + +#: src/process.c:303 +msgid "Got QUIT signal" +msgstr "Kreeg QUIT signaal" + +#: src/process.c:310 +msgid "Got another SEGV signal: not restarting" +msgstr "Kreeg nog een SEGV signaal: geen herstart" + +#: src/process.c:319 +msgid "Got SEGV signal" +msgstr "Kreeg SEGV signaal" + +#: src/process.c:324 +msgid "Trying to re-execute in 5 seconds..." +msgstr "Poging tot herstarten over 5 seconden..." + +#: src/process.c:347 +msgid "Got HUP signal" +msgstr "Kreeg HUP signaal" + +#: src/process.c:355 +msgid "Got INT signal, exiting" +msgstr "Kreeg INT signaal, beëindigen" + +#: src/process.c:374 +#, c-format +msgid "Got unexpected signal %d (%s)" +msgstr "Kreeg onverwacht signaal %d (%s)" + +#: src/process.c:419 +#, c-format +msgid "Installing signal handler for signal %d (%s) failed: %m\n" +msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %m\n" From 34b7a876c3583f7a34585cff6a694bc9e35cdc87 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 26 Feb 2001 11:37:20 +0000 Subject: [PATCH 353/923] - Make sure METAKEY is smaller than the modulus of the RSA key - Get symmetric key from the least significant bytes of the RSA message --- src/protocol.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index a61e87bc..bdb78c2b 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.81 2001/02/25 19:09:43 guus Exp $ + $Id: protocol.c,v 1.28.4.82 2001/02/26 11:37:20 guus Exp $ */ #include "config.h" @@ -439,8 +439,8 @@ cp RAND_bytes(cl->cipher_outkey, len); - cl->cipher_outkey[0] &= 0x7F; /* FIXME: Somehow if the first byte is more than 0xD0 or something like that, decryption fails... */ - + cl->cipher_outkey[0] &= 0x0F; /* Make sure that the random data is smaller than the modulus of the RSA key */ + if(debug_lvl >= DEBUG_SCARY_THINGS) { bin2hex(cl->cipher_outkey, buffer, len); @@ -469,7 +469,9 @@ cp /* Further outgoing requests are encrypted with the key we just generated */ - EVP_EncryptInit(cl->cipher_outctx, EVP_bf_cfb(), cl->cipher_outkey, cl->cipher_outkey + EVP_bf_cfb()->key_len); + EVP_EncryptInit(cl->cipher_outctx, EVP_bf_cfb(), + cl->cipher_outkey + len - EVP_bf_cfb()->key_len, + cl->cipher_outkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len); cl->status.encryptout = 1; cp @@ -526,7 +528,9 @@ cp /* All incoming requests will now be encrypted. */ - EVP_DecryptInit(cl->cipher_inctx, EVP_bf_cfb(), cl->cipher_inkey, cl->cipher_inkey + EVP_bf_cfb()->key_len); + EVP_DecryptInit(cl->cipher_inctx, EVP_bf_cfb(), + cl->cipher_inkey + len - EVP_bf_cfb()->key_len, + cl->cipher_inkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len); cl->status.decryptin = 1; From 24fa68585923d2b52718390f3f38d1aaacef12f0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 27 Feb 2001 15:33:39 +0000 Subject: [PATCH 354/923] Don't forget to reconnect if outgoing connection fails during authentication. --- src/net.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/net.c b/src/net.c index de1ac58c..ea2bb01d 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.97 2001/02/25 19:09:41 guus Exp $ + $Id: net.c,v 1.35.4.98 2001/02/27 15:33:39 guus Exp $ */ #include "config.h" @@ -1217,8 +1217,9 @@ cp /* Check if this was our outgoing connection */ - if(cl->status.outgoing && cl->status.active) + if(cl->status.outgoing) { + cl->status.outgoing = 0; signal(SIGALRM, sigalrm_handler); seconds_till_retry = 5; alarm(seconds_till_retry); From fb4ba9b265666d9949b03209a3ff52ff1263226b Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 27 Feb 2001 16:15:14 +0000 Subject: [PATCH 355/923] Authentication done --- TODO | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/TODO b/TODO index 6800c038..e502d6e4 100644 --- a/TODO +++ b/TODO @@ -9,6 +9,7 @@ Goals for 1.0 release: * Use efficient tree algorithms instead of linked lists (done) * Reenable queues for delayed packets (done) * Merge documentation files (SECURITY, INSTALL, PROTOCOL) into tinc.texi +* Different authentication scheme (done) Goals for future releases: @@ -19,5 +20,5 @@ Goals for future releases: * Windowing, chaffing, scattering, background noise * ABC protocol (superscalabilty) * Proxy ARP -* Eazy setup scripts (graphical?) +* Easy setup scripts (graphical?) * Threading From 173d606514d82fc5ae7895a178238d0abcaf6606 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 27 Feb 2001 16:17:04 +0000 Subject: [PATCH 356/923] - Fixed Interface option (untested) - Removed error handling for non-critical socket options - Added TCP_NODELAY and IPTOS_LOWDELAY options for meta sockets. --- src/net.c | 62 ++++++++++++++++++++++++++----------------------------- 1 file changed, 29 insertions(+), 33 deletions(-) diff --git a/src/net.c b/src/net.c index ea2bb01d..f4de67f2 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.98 2001/02/27 15:33:39 guus Exp $ + $Id: net.c,v 1.35.4.99 2001/02/27 16:17:04 guus Exp $ */ #include "config.h" @@ -26,6 +26,8 @@ #include #include #include +#include +#include #include #include #include @@ -365,7 +367,7 @@ int setup_listen_meta_socket(int port) { int nfd, flags; struct sockaddr_in a; - const int one = 1; + int option; config_t const *cfg; cp if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) @@ -374,22 +376,6 @@ cp return -1; } - if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "setsockopt"); - return -1; - } - - if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &one, sizeof(one))) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "setsockopt"); - return -1; - } - flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { @@ -399,9 +385,19 @@ cp return -1; } + /* Optimize TCP settings */ + + option = 1; + setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); + setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); + setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); + + option = IPTOS_LOWDELAY; + setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); + if((cfg = get_config_val(config, config_interface))) { - if(setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, cfg->data.ptr, strlen(cfg->data.ptr))) + if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, cfg->data.ptr, strlen(cfg->data.ptr))) { close(nfd); syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr); @@ -453,13 +449,7 @@ cp return -1; } - if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "setsockopt"); - return -1; - } + setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) @@ -493,6 +483,7 @@ int setup_outgoing_meta_socket(connection_t *cl) int flags; struct sockaddr_in a; config_t const *cfg; + int option; cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname); @@ -522,6 +513,17 @@ cp syslog(LOG_ERR, _("System call `%s' failed: %m"), "bind"); return -1; } + + /* Optimize TCP settings */ + + option = 1; + setsockopt(cl->meta_socket, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); + setsockopt(cl->meta_socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); + + option = IPTOS_LOWDELAY; + setsockopt(cl->meta_socket, SOL_IP, IP_TOS, &option, sizeof(option)); + + /* Connect */ a.sin_family = AF_INET; a.sin_port = htons(cl->port); @@ -989,13 +991,7 @@ cp return -1; } - if(setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one))) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "setsockopt"); - return -1; - } + setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) From 4fa12eb85d72f039df5004abc201f01f5573c2e4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 27 Feb 2001 16:37:31 +0000 Subject: [PATCH 357/923] Removed lots of compiler warnings. --- src/conf.h | 3 +- src/net.c | 72 +------------------- src/net.h | 3 +- src/protocol.c | 174 +++++++++++++++++++++++++------------------------ src/tincd.c | 4 +- 5 files changed, 95 insertions(+), 161 deletions(-) diff --git a/src/conf.h b/src/conf.h index 5223864f..d1fb609a 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.22 2001/01/13 16:36:21 guus Exp $ + $Id: conf.h,v 1.6.4.23 2001/02/27 16:37:24 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -100,5 +100,6 @@ extern const config_t *get_config_val(config_t *, which_t type); extern void clear_config(); extern int read_server_config(void); extern FILE *ask_and_safe_open(const char*, const char*, const char *); +extern int is_safe_path(const char *); #endif /* __TINC_CONF_H__ */ diff --git a/src/net.c b/src/net.c index f4de67f2..5c59c6fa 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.99 2001/02/27 16:17:04 guus Exp $ + $Id: net.c,v 1.35.4.100 2001/02/27 16:37:25 guus Exp $ */ #include "config.h" @@ -971,76 +971,6 @@ cp return; } -/* - create a data (udp) socket - OBSOLETED: use only one listening socket for compatibility with non-Linux operating systems -*/ -int setup_vpn_connection(connection_t *cl) -{ - int nfd, flags; - struct sockaddr_in a; - const int one = 1; -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Opening UDP socket to %s"), cl->hostname); - - nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); - if(nfd == -1) - { - syslog(LOG_ERR, _("Creating UDP socket failed: %m")); - return -1; - } - - setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); - - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "fcntl"); - return -1; - } - - memset(&a, 0, sizeof(a)); - a.sin_family = AF_INET; - a.sin_port = htons(myself->port); - a.sin_addr.s_addr = htonl(INADDR_ANY); - - if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), myself->port); - return -1; - } - - a.sin_family = AF_INET; - a.sin_port = htons(cl->port); - a.sin_addr.s_addr = htonl(cl->address); - - if(connect(nfd, (struct sockaddr *)&a, sizeof(a)) == -1) - { - close(nfd); - syslog(LOG_ERR, _("Connecting to %s port %d failed: %m"), - cl->hostname, cl->port); - return -1; - } - - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) - { - close(nfd); - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, nfd, - cl->name, cl->hostname); - return -1; - } - - cl->socket = nfd; - cl->status.dataopen = 1; -cp - return 0; -} - /* handle an incoming tcp connect call and open a connection to it. diff --git a/src/net.h b/src/net.h index f3357248..18b54726 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.27 2001/01/07 20:19:31 guus Exp $ + $Id: net.h,v 1.9.4.28 2001/02/27 16:37:28 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -117,7 +117,6 @@ extern int receive_packet(connection_t *, vpn_packet_t *); extern int setup_network_connections(void); extern void close_network_connections(void); extern void main_loop(void); -extern int setup_vpn_connection(connection_t *); extern void terminate_connection(connection_t *); extern void flush_queue(connection_t *); diff --git a/src/protocol.c b/src/protocol.c index bdb78c2b..a193933b 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.82 2001/02/26 11:37:20 guus Exp $ + $Id: protocol.c,v 1.28.4.83 2001/02/27 16:37:28 guus Exp $ */ #include "config.h" @@ -271,6 +271,88 @@ cp return send_metakey(cl); } +int ack_h(connection_t *cl) +{ + config_t const *cfg; + connection_t *old, *p; + subnet_t *subnet; + avl_node_t *node, *node2; +cp + /* Okay, before we active the connection, we check if there is another entry + in the connection list with the same name. If so, it presumably is an + old connection that has timed out but we don't know it yet. + */ + + while((old = lookup_id(cl->name))) + { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), + cl->name, old->hostname, cl->hostname); + + terminate_connection(old); + } + + /* Activate this connection */ + + cl->allow_request = ALL; + cl->status.active = 1; + cl->nexthop = cl; + cl->cipher_pkttype = EVP_bf_cbc(); + cl->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); + +cp + /* Check some options */ + + if((cfg = get_config_val(cl->config, config_indirectdata))) + { + if(cfg->data.val == stupid_true) + cl->options |= OPTION_INDIRECT; + } + + if((cfg = get_config_val(cl->config, config_tcponly))) + { + if(cfg->data.val == stupid_true) + cl->options |= OPTION_TCPONLY; + } + + /* Send him our subnets */ + + for(node = myself->subnet_tree->head; node; node = node->next) + { + subnet = (subnet_t *)node->data; + send_add_subnet(cl, subnet); + } + /* And send him all the hosts and their subnets we know... */ + + for(node = connection_tree->head; node; node = node->next) + { + p = (connection_t *)node->data; + + if(p != cl && p->status.active) + { + /* Notify others of this connection */ + + if(p->status.meta) + send_add_host(p, cl); + + /* Notify new connection of everything we know */ + + send_add_host(cl, p); + + for(node2 = p->subnet_tree->head; node2; node2 = node2->next) + { + subnet = (subnet_t *)node2->data; + send_add_subnet(cl, subnet); + } + } + } +cp + return 0; +} + int send_challenge(connection_t *cl) { char *buffer; @@ -539,88 +621,6 @@ cp return send_challenge(cl); } -int ack_h(connection_t *cl) -{ - config_t const *cfg; - connection_t *old, *p; - subnet_t *subnet; - avl_node_t *node, *node2; -cp - /* Okay, before we active the connection, we check if there is another entry - in the connection list with the same name. If so, it presumably is an - old connection that has timed out but we don't know it yet. - */ - - while((old = lookup_id(cl->name))) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), - cl->name, old->hostname, cl->hostname); - - terminate_connection(old); - } - - /* Activate this connection */ - - cl->allow_request = ALL; - cl->status.active = 1; - cl->nexthop = cl; - cl->cipher_pkttype = EVP_bf_cbc(); - cl->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); - -cp - /* Check some options */ - - if((cfg = get_config_val(cl->config, config_indirectdata))) - { - if(cfg->data.val == stupid_true) - cl->options |= OPTION_INDIRECT; - } - - if((cfg = get_config_val(cl->config, config_tcponly))) - { - if(cfg->data.val == stupid_true) - cl->options |= OPTION_TCPONLY; - } - - /* Send him our subnets */ - - for(node = myself->subnet_tree->head; node; node = node->next) - { - subnet = (subnet_t *)node->data; - send_add_subnet(cl, subnet); - } - /* And send him all the hosts and their subnets we know... */ - - for(node = connection_tree->head; node; node = node->next) - { - p = (connection_t *)node->data; - - if(p != cl && p->status.active) - { - /* Notify others of this connection */ - - if(p->status.meta) - send_add_host(p, cl); - - /* Notify new connection of everything we know */ - - send_add_host(cl, p); - - for(node2 = p->subnet_tree->head; node2; node2 = node2->next) - { - subnet = (subnet_t *)node2->data; - send_add_subnet(cl, subnet); - } - } - } -cp - return 0; -} - /* Address and subnet information exchange */ int send_add_subnet(connection_t *cl, subnet_t *subnet) @@ -798,6 +798,8 @@ cp if(!(cl->options & OPTION_INDIRECT)) return send_request(cl, "%d %s %lx:%d %lx", ADD_HOST, other->name, other->address, other->port, other->options); + else + return 0; } int add_host_h(connection_t *cl) @@ -808,7 +810,7 @@ int add_host_h(connection_t *cl) cp new = new_connection(); - if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%d %lx", name, &new->address, &new->port, &new->options) != 4) + if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%hd %lx", name, &new->address, &new->port, &new->options) != 4) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->name, cl->hostname); return -1; @@ -890,6 +892,8 @@ cp if(!(cl->options & OPTION_INDIRECT)) return send_request(cl, "%d %s %lx:%d %lx", DEL_HOST, other->name, other->address, other->port, other->options); + else + return 0; } int del_host_h(connection_t *cl) @@ -901,7 +905,7 @@ int del_host_h(connection_t *cl) connection_t *old, *p; avl_node_t *node; cp - if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%d %lx", name, &address, &port, &options) != 4) + if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%hd %lx", name, &address, &port, &options) != 4) { syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), cl->name, cl->hostname); diff --git a/src/tincd.c b/src/tincd.c index 57482247..0495779a 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.43 2001/02/25 14:51:42 guus Exp $ + $Id: tincd.c,v 1.10.4.44 2001/02/27 16:37:31 guus Exp $ */ #include "config.h" @@ -246,7 +246,7 @@ int keygen(int bits) if(config && (cfg = get_config_val(config, config_name))) asprintf(&filename, "%s/hosts/%s", confbase, cfg->data.ptr); else - asprintf(&filename, "%s/rsa_key.priv"); + asprintf(&filename, "%s/rsa_key.priv", confbase); if((f = ask_and_safe_open(filename, _("public RSA key"), "a")) == NULL) return -1; From 099cc867c1a0831add7f1b4046f22ad6bfa5a1ef Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 27 Feb 2001 16:50:29 +0000 Subject: [PATCH 358/923] Removed compiler warning. --- lib/avl_tree.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/avl_tree.c b/lib/avl_tree.c index 9b7a06c1..a07f123f 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.6 2001/02/20 21:53:18 wsl Exp $ + $Id: avl_tree.c,v 1.1.2.7 2001/02/27 16:50:29 guus Exp $ */ #include @@ -430,7 +430,7 @@ avl_node_t *avl_insert(avl_tree_t *tree, void *data) new->data = data; avl_insert_after(tree, closest, new); break; - case 0: + default: return NULL; } } From 125c4978812cffa5154ce5378a276f43f78417d8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 1 Mar 2001 21:32:04 +0000 Subject: [PATCH 359/923] Various small fixes. --- src/net.c | 22 +++++++++++++++------- src/process.c | 6 +++--- src/process.h | 4 +++- src/tincd.c | 10 +++------- 4 files changed, 24 insertions(+), 18 deletions(-) diff --git a/src/net.c b/src/net.c index 5c59c6fa..106549e0 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.100 2001/02/27 16:37:25 guus Exp $ + $Id: net.c,v 1.35.4.101 2001/03/01 21:32:01 guus Exp $ */ #include "config.h" @@ -84,6 +84,7 @@ #include "process.h" #include "protocol.h" #include "subnet.h" +#include "process.h" #include "system.h" @@ -929,11 +930,17 @@ cp cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */ } - signal(SIGALRM, sigalrm_handler); - upstreamcfg = config; - seconds_till_retry = MAXTIMEOUT; - syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); - alarm(seconds_till_retry); + if(do_detach) + { + signal(SIGALRM, sigalrm_handler); + upstreamcfg = config; + seconds_till_retry = MAXTIMEOUT; + syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); + alarm(seconds_till_retry); + } + else + return -1; + cp return 0; } @@ -949,6 +956,7 @@ cp for(node = connection_tree->head; node; node = node->next) { p = (connection_t *)node->data; + p->status.outgoing = 0; p->status.active = 0; terminate_connection(p); } @@ -1349,7 +1357,7 @@ cp if(read_server_config()) { syslog(LOG_ERR, _("Unable to reread configuration file, exiting")); - exit(0); + exit(1); } sleep(5); diff --git a/src/process.c b/src/process.c index 6158fbab..35793a27 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.20 2001/01/07 17:09:02 guus Exp $ + $Id: process.c,v 1.1.2.21 2001/03/01 21:32:04 guus Exp $ */ #include "config.h" @@ -221,7 +221,7 @@ cp /* No return on success */ if(errno != ENOENT) /* Ignore if the file does not exist */ - exit(-1); /* Some error while trying execl(). */ + exit(1); /* Some error while trying execl(). */ else exit(0); } @@ -309,7 +309,7 @@ sigsegv_square(int a, siginfo_t *info, void *b) { syslog(LOG_ERR, _("Got another SEGV signal: not restarting")); cp_trace(); - exit(0); + exit(1); } RETSIGTYPE diff --git a/src/process.h b/src/process.h index ed834f0c..9fb13c7c 100644 --- a/src/process.h +++ b/src/process.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.7 2001/01/07 17:09:02 guus Exp $ + $Id: process.h,v 1.1.2.8 2001/03/01 21:32:04 guus Exp $ */ #ifndef __TINC_PROCESS_H__ @@ -25,6 +25,8 @@ #include "config.h" +extern int do_detach; + extern void setup_signals(void); extern int execute_script(const char *); extern int detach(void); diff --git a/src/tincd.c b/src/tincd.c index 0495779a..318f7594 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.44 2001/02/27 16:37:31 guus Exp $ + $Id: tincd.c,v 1.10.4.45 2001/03/01 21:32:04 guus Exp $ */ #include "config.h" @@ -88,9 +88,6 @@ static int show_version; /* If nonzero, it will attempt to kill a running tincd and exit. */ static int kill_tincd = 0; -/* If zero, don't detach from the terminal. */ -extern int do_detach; - /* If nonzero, generate public/private keypair for this host/net. */ static int generate_keys = 0; @@ -356,7 +353,7 @@ cp exit(kill_other()); if(read_server_config()) - return 1; + exit(1); cp if(detach()) exit(0); @@ -383,8 +380,7 @@ cp else { syslog(LOG_ERR, _("Not restarting.")); - exit(0); + exit(1); } } } - From d2a54597e029f9d4f7bd29837be1be33909d78b1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 2 Mar 2001 11:25:56 +0000 Subject: [PATCH 360/923] Added explaination of our key exchange using RSA encryption. --- src/protocol.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index a193933b..97b51b43 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.83 2001/02/27 16:37:28 guus Exp $ + $Id: protocol.c,v 1.28.4.84 2001/03/02 11:25:56 guus Exp $ */ #include "config.h" @@ -521,7 +521,17 @@ cp RAND_bytes(cl->cipher_outkey, len); - cl->cipher_outkey[0] &= 0x0F; /* Make sure that the random data is smaller than the modulus of the RSA key */ + /* The message we send must be smaller than the modulus of the RSA key. + By definition, for a key of k bits, the following formula holds: + + 2^(k-1) <= modulus < 2^(k) + + Where ^ means "to the power of", not "xor". + This means that to be sure, we must choose our message < 2^(k-1). + This can be done by setting the most significant bit to zero. + */ + + cl->cipher_outkey[0] &= 0x7F; if(debug_lvl >= DEBUG_SCARY_THINGS) { @@ -530,9 +540,14 @@ cp syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer); } - /* Encrypt the random data */ + /* Encrypt the random data - if(RSA_public_encrypt(len, cl->cipher_outkey, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */ + We do not use one of the PKCS padding schemes here. + This is allowed, because we encrypt a totally random string + with a length equal to that of the modulus of the RSA key. + */ + + if(RSA_public_encrypt(len, cl->cipher_outkey, buffer, cl->rsa_key, RSA_NO_PADDING) != len) { syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), cl->name, cl->hostname); free(buffer); From 34f9e6cf2d6d2b81eb63f9f28963b447a2157740 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 4 Mar 2001 13:59:32 +0000 Subject: [PATCH 361/923] - route.c is now used to determine destination - flags are removed, since they were not used at all. Use options instead. - indirectdata works now, tcponly almost... - made functions that don't return useful information void --- src/Makefile.am | 6 +- src/connection.c | 10 +- src/connection.h | 3 +- src/net.c | 240 ++++++++++++++++++++++------------------------- src/net.h | 12 +-- src/protocol.c | 18 ++-- src/route.c | 89 ++++++++++-------- src/route.h | 7 +- 8 files changed, 187 insertions(+), 198 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 1f6b44bc..73b40de9 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,15 +1,15 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.12 2001/02/11 11:50:09 guus Exp $ +# $Id: Makefile.am,v 1.4.4.13 2001/03/04 13:59:25 guus Exp $ sbin_PROGRAMS = tincd tincd_SOURCES = conf.c connection.c meta.c net.c netutl.c process.c \ - protocol.c subnet.c tincd.c + protocol.c route.c subnet.c tincd.c INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl noinst_HEADERS = conf.h connection.h meta.h net.h netutl.h process.h \ - protocol.h subnet.h + protocol.h route.h subnet.h LIBS = @LIBS@ @INTLLIBS@ diff --git a/src/connection.c b/src/connection.c index 1e34329c..c1acfeab 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.9 2001/01/07 17:08:56 guus Exp $ + $Id: connection.c,v 1.1.2.10 2001/03/04 13:59:25 guus Exp $ */ #include "config.h" @@ -190,15 +190,15 @@ void dump_connection_list(void) cp syslog(LOG_DEBUG, _("Connection list:")); - syslog(LOG_DEBUG, _(" %s at %s port %hd flags %d sockets %d, %d status %04x"), - myself->name, myself->hostname, myself->port, myself->flags, + syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld sockets %d, %d status %04x"), + myself->name, myself->hostname, myself->port, myself->options, myself->socket, myself->meta_socket, myself->status); for(node = connection_tree->head; node; node = node->next) { cl = (connection_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s port %hd flags %d sockets %d, %d status %04x"), - cl->name, cl->hostname, cl->port, cl->flags, + syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld sockets %d, %d status %04x"), + cl->name, cl->hostname, cl->port, cl->options, cl->socket, cl->meta_socket, cl->status); } diff --git a/src/connection.h b/src/connection.h index eef63382..5d2d3be4 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.7 2001/01/07 20:19:29 guus Exp $ + $Id: connection.h,v 1.1.2.8 2001/03/04 13:59:25 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -70,7 +70,6 @@ typedef struct connection_t { short unsigned int port; /* port number for UDP traffic */ long int options; /* options turned on for this connection */ - int flags; /* his flags */ int socket; /* our udp vpn socket */ int meta_socket; /* our tcp meta socket */ status_bits_t status; /* status info */ diff --git a/src/net.c b/src/net.c index 106549e0..4ef654de 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.101 2001/03/01 21:32:01 guus Exp $ + $Id: net.c,v 1.35.4.102 2001/03/04 13:59:25 guus Exp $ */ #include "config.h" @@ -85,6 +85,7 @@ #include "protocol.h" #include "subnet.h" #include "process.h" +#include "route.h" #include "system.h" @@ -103,34 +104,43 @@ int keyexpires = 0; char *unknown = NULL; -subnet_t mymac; - -int xsend(connection_t *cl, vpn_packet_t *inpkt) +void send_udppacket(connection_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; int outlen, outpad; EVP_CIPHER_CTX ctx; struct sockaddr_in to; socklen_t tolen = sizeof(to); + vpn_packet_t *copy; cp - outpkt.len = inpkt->len; - + if(!cl->status.validkey) + { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), + cl->name, cl->hostname); + + /* Since packet is on the stack of handle_tap_input(), + we have to make a copy of it first. */ + + copy = xmalloc(sizeof(vpn_packet_t)); + memcpy(copy, inpkt, sizeof(vpn_packet_t)); + + list_insert_tail(cl->queue, copy); + + if(!cl->status.waitingforkey) + send_req_key(myself, cl); + return; + } + /* Encrypt the packet. */ - + + outpkt.len = inpkt->len; + EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad); outlen += outpad + 2; -/* Bypass - outlen = outpkt.len + 2; - memcpy(&outpkt, inpkt, outlen); -*/ - - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), - outlen, cl->name, cl->hostname); - total_socket_out += outlen; to.sin_family = AF_INET; @@ -141,13 +151,22 @@ cp { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->name, cl->hostname); - return -1; + return; } cp - return 0; } -int xrecv(connection_t *cl, vpn_packet_t *inpkt) +void receive_packet(connection_t *cl, vpn_packet_t *packet) +{ +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, cl->name, cl->hostname); + + route_incoming(cl, packet); +cp +} + +void receive_udppacket(connection_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; int outlen, outpad; @@ -162,24 +181,17 @@ cp EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad); outlen += outpad; -/* Bypass - outlen = outpkt.len+2; - memcpy(&outpkt, inpkt, outlen); -*/ + receive_packet(cl, &outpkt); cp - return receive_packet(cl, &outpkt); } -int receive_packet(connection_t *cl, vpn_packet_t *packet) +void accept_packet(vpn_packet_t *packet) { +cp if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Writing packet of %d bytes to tap device"), + syslog(LOG_DEBUG, _("Writing packet of %d bytes to tap device"), packet->len); - /* Fix mac address */ - - memcpy(packet->data, mymac.net.mac.address.x, 6); - if(taptype == TAP_TYPE_TUNTAP) { if(write(tap_fd, packet->data, packet->len) < 0) @@ -195,40 +207,26 @@ int receive_packet(connection_t *cl, vpn_packet_t *packet) total_tap_out += packet->len + 2; } cp - return 0; } /* send a packet to the given vpn ip. */ -int send_packet(ip_t to, vpn_packet_t *packet) +void send_packet(connection_t *cl, vpn_packet_t *packet) { - connection_t *cl; - subnet_t *subnet; - vpn_packet_t *copy; cp - if((subnet = lookup_subnet_ipv4(&to)) == NULL) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_NOTICE, _("Trying to look up %d.%d.%d.%d in connection list failed!"), - IP_ADDR_V(to)); - } + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), + packet->len, cl->name, cl->hostname); - return -1; - } - - cl = subnet->owner; - if(cl == myself) { if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_NOTICE, _("Packet with destination %d.%d.%d.%d is looping back to us!"), - IP_ADDR_V(to)); + syslog(LOG_NOTICE, _("Packet is looping back to us!")); } - return -1; + return; } if(!cl->status.active) @@ -237,34 +235,18 @@ cp syslog(LOG_INFO, _("%s (%s) is not active, dropping packet"), cl->name, cl->hostname); - return 0; + return; } - if(!cl->status.validkey) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), - cl->name, cl->hostname); - - /* Since packet is on the stack of handle_tap_input(), - we have to make a copy of it first. */ - - copy = xmalloc(sizeof(vpn_packet_t)); - memcpy(copy, packet, sizeof(vpn_packet_t)); - - list_insert_tail(cl->queue, copy); - - if(!cl->status.waitingforkey) - send_req_key(myself, cl); /* Keys should be sent to the host running the tincd */ - return 0; - } - - /* Check if it has to go via UDP or TCP... */ + /* Check if it has to go via TCP or UDP... */ cp - if(cl->options & OPTION_TCPONLY) - return send_tcppacket(cl, packet); + if((cl->options | myself->options) & OPTION_TCPONLY) + { + if(send_tcppacket(cl, packet)) + terminate_connection(cl); + } else - return xsend(cl, packet); + send_udppacket(cl, packet); } void flush_queue(connection_t *cl) @@ -273,11 +255,11 @@ void flush_queue(connection_t *cl) cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("Flushing queue for %s (%s)"), cl->name, cl->hostname); - + for(node = cl->queue->head; node; node = next) { next = node->next; - xsend(cl, (vpn_packet_t *)node->data); + send_udppacket(cl, (vpn_packet_t *)node->data); list_delete_node(cl->queue, node); } cp @@ -297,7 +279,7 @@ int setup_tap_fd(void) # endif #endif -cp +cp if((cfg = get_config_val(config, config_tapdevice))) tapfname = cfg->data.ptr; else @@ -328,7 +310,7 @@ cp taptype = TAP_TYPE_ETHERTAP; /* Set default MAC address for ethertap devices */ - + mymac.type = SUBNET_MAC; mymac.net.mac.address.x[0] = 0xfe; mymac.net.mac.address.x[1] = 0xfd; @@ -387,7 +369,7 @@ cp } /* Optimize TCP settings */ - + option = 1; setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); @@ -395,7 +377,7 @@ cp option = IPTOS_LOWDELAY; setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); - + if((cfg = get_config_val(config, config_interface))) { if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, cfg->data.ptr, strlen(cfg->data.ptr))) @@ -409,7 +391,7 @@ cp memset(&a, 0, sizeof(a)); a.sin_family = AF_INET; a.sin_port = htons(port); - + if((cfg = get_config_val(config, config_interfaceip))) a.sin_addr.s_addr = htonl(cfg->data.ip->address); else @@ -516,16 +498,16 @@ cp } /* Optimize TCP settings */ - + option = 1; setsockopt(cl->meta_socket, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); setsockopt(cl->meta_socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); option = IPTOS_LOWDELAY; setsockopt(cl->meta_socket, SOL_IP, IP_TOS, &option, sizeof(option)); - + /* Connect */ - + a.sin_family = AF_INET; a.sin_port = htons(cl->port); a.sin_addr.s_addr = htonl(cl->address); @@ -572,21 +554,21 @@ cp ncn = new_connection(); asprintf(&ncn->name, "%s", name); - + if(read_host_config(ncn)) { syslog(LOG_ERR, _("Error reading host configuration file for %s"), ncn->name); free_connection(ncn); return -1; } - + if(!(cfg = get_config_val(ncn->config, config_address))) { syslog(LOG_ERR, _("No address specified for %s"), ncn->name); free_connection(ncn); return -1; } - + if(!(h = gethostbyname(cfg->data.ptr))) { syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr); @@ -596,7 +578,7 @@ cp ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0]))); ncn->hostname = hostlookup(htonl(ncn->address)); - + if(setup_outgoing_meta_socket(ncn) < 0) { syslog(LOG_ERR, _("Could not set up a meta connection to %s"), @@ -660,10 +642,10 @@ cp } else return -1; - } + } /* Else, check if a harnessed public key is in the config file */ - + asprintf(&fname, "%s/hosts/%s", confbase, cl->name); if((fp = fopen(fname, "r"))) { @@ -713,7 +695,7 @@ cp cfg->data.ptr); return -1; } - } + } else { syslog(LOG_ERR, _("No private key for tinc daemon specified!")); @@ -735,7 +717,7 @@ cp myself = new_connection(); asprintf(&myself->hostname, "MYSELF"); - myself->flags = 0; + myself->options = 0; myself->protocol_version = PROT_CURRENT; if(!(cfg = get_config_val(config, config_name))) /* Not acceptable */ @@ -763,7 +745,7 @@ cp if(read_rsa_public_key(myself)) return -1; -cp +cp /* if(RSA_check_key(myself->rsa_key) != 1) @@ -779,11 +761,11 @@ cp if((cfg = get_config_val(myself->config, config_indirectdata))) if(cfg->data.val == stupid_true) - myself->flags |= EXPORTINDIRECTDATA; + myself->options |= OPTION_INDIRECT; if((cfg = get_config_val(myself->config, config_tcponly))) if(cfg->data.val == stupid_true) - myself->flags |= TCPONLY; + myself->options |= OPTION_TCPONLY; /* Read in all the subnets specified in the host configuration file */ @@ -793,18 +775,18 @@ cp net->type = SUBNET_IPV4; net->net.ipv4.address = cfg->data.ip->address; net->net.ipv4.mask = cfg->data.ip->mask; - + /* Teach newbies what subnets are... */ - + if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address) { syslog(LOG_ERR, _("Network address and subnet mask do not match!")); return -1; - } - + } + subnet_add(myself, net); } - + if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening TCP socket!")); @@ -830,11 +812,11 @@ cp keylifetime = 3600; else keylifetime = cfg->data.val; - + keyexpires = time(NULL) + keylifetime; cp /* Check some options */ - + if((cfg = get_config_val(config, config_indirectdata))) { if(cfg->data.val == stupid_true) @@ -846,6 +828,10 @@ cp if(cfg->data.val == stupid_true) myself->options |= OPTION_TCPONLY; } + + if(myself->options & OPTION_TCPONLY) + myself->options |= OPTION_INDIRECT; + /* Activate ourselves */ myself->status.active = 1; @@ -914,7 +900,7 @@ cp /* Run tinc-up script to further initialize the tap interface */ execute_script("tinc-up"); - + if(setup_myself() < 0) return -1; @@ -929,7 +915,7 @@ cp return 0; cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */ } - + if(do_detach) { signal(SIGALRM, sigalrm_handler); @@ -1008,7 +994,7 @@ cp p->buffer = xmalloc(MAXBUFSIZE); p->buflen = 0; p->last_ping_time = time(NULL); - + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection from %s port %d"), p->hostname, htons(ci.sin_port)); @@ -1047,7 +1033,7 @@ cp udp socket and write it to the ethertap device after being decrypted */ -int handle_incoming_vpn_data(void) +void handle_incoming_vpn_data(void) { vpn_packet_t pkt; int x, l = sizeof(x); @@ -1060,36 +1046,30 @@ cp { syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), __FILE__, __LINE__, myself->socket); - return -1; + return; } if(x) { syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); - return -1; + return; } if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); - return -1; + return; } cl = lookup_connection(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); - + if(!cl) { syslog(LOG_WARNING, _("Received UDP packets on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); - return 0; - } - - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), lenin, - cl->name, cl->hostname); + return; } + receive_udppacket(cl, &pkt); cp - return xrecv(cl, &pkt); } /* @@ -1108,9 +1088,9 @@ cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), cl->name, cl->hostname); - + cl->status.remove = 1; - + if(cl->socket) close(cl->socket); if(cl->status.meta) @@ -1118,7 +1098,7 @@ cp if(cl->status.meta) { - + /* Find all connections that were lost because they were behind cl (the connection that was dropped). */ @@ -1150,7 +1130,7 @@ cp } /* Check if this was our outgoing connection */ - + if(cl->status.outgoing) { cl->status.outgoing = 0; @@ -1232,7 +1212,7 @@ cp } connection_add(ncn); - + send_id(ncn); cp return 0; @@ -1263,9 +1243,9 @@ cp { terminate_connection(p); return; - } + } } - + if(FD_ISSET(myself->meta_socket, f)) handle_new_meta_connection(); cp @@ -1279,7 +1259,7 @@ void handle_tap_input(void) { vpn_packet_t vp; int lenin; -cp +cp if(taptype == TAP_TYPE_TUNTAP) { if((lenin = read(tap_fd, vp.data, MTU)) <= 0) @@ -1313,7 +1293,7 @@ cp syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len); } - send_packet(ntohl(*((unsigned long*)(&vp.data[30]))), &vp); + route_outgoing(&vp); cp } @@ -1361,10 +1341,10 @@ cp } sleep(5); - + if(setup_network_connections()) return; - + continue; } @@ -1383,7 +1363,7 @@ cp { if(debug_lvl >= DEBUG_STATUS) syslog(LOG_INFO, _("Regenerating symmetric key")); - + RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); send_key_changed(myself, NULL); keyexpires = time(NULL) + keylifetime; diff --git a/src/net.h b/src/net.h index 18b54726..3028300c 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.28 2001/02/27 16:37:28 guus Exp $ + $Id: net.h,v 1.9.4.29 2001/03/04 13:59:28 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -47,11 +47,6 @@ #define MAXBUFSIZE 4096 /* Probably way too much, but it must fit every possible request. */ -/* flags */ -#define INDIRECTDATA 0x0001 /* Used to indicate that this host has to be reached indirect */ -#define EXPORTINDIRECTDATA 0x0002 /* Used to indicate uplink that it has to tell others to do INDIRECTDATA */ -#define TCPONLY 0x0004 /* Tells sender to send packets over TCP instead of UDP (for firewalls) */ - /* tap types */ #define TAP_TYPE_ETHERTAP 0 #define TAP_TYPE_TUNTAP 1 @@ -112,8 +107,9 @@ extern char *status_text[10]; extern int str2opt(const char *); extern char *opt2str(int); -extern int send_packet(ip_t, vpn_packet_t *); -extern int receive_packet(connection_t *, vpn_packet_t *); +extern void send_packet(connection_t *, vpn_packet_t *); +extern void receive_packet(connection_t *, vpn_packet_t *); +extern void accept_packet(vpn_packet_t *); extern int setup_network_connections(void); extern void close_network_connections(void); extern void main_loop(void); diff --git a/src/protocol.c b/src/protocol.c index 97b51b43..6da4025a 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.84 2001/03/02 11:25:56 guus Exp $ + $Id: protocol.c,v 1.28.4.85 2001/03/04 13:59:28 guus Exp $ */ #include "config.h" @@ -119,7 +119,7 @@ int receive_request(connection_t *cl) cp if(sscanf(cl->buffer, "%d", &request) == 1) { - if((request < 0) || (request > 255) || (request_handlers[request] == NULL)) + if((request < 0) || (request >= LAST) || (request_handlers[request] == NULL)) { syslog(LOG_ERR, _("Unknown request from %s (%s)"), cl->name, cl->hostname); @@ -1264,7 +1264,7 @@ cp int send_tcppacket(connection_t *cl, vpn_packet_t *packet) { int x; - +cp x = send_request(cl->nexthop, "%d %hd", PACKET, packet->len); if(x) @@ -1278,8 +1278,8 @@ int tcppacket_h(connection_t *cl) vpn_packet_t packet; char *p; int todo, x; - - if(sscanf(cl->buffer, "%*d %hd", packet.len) != 1) +cp + if(sscanf(cl->buffer, "%*d %hd", &packet.len) != 1) { syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"), cl->name, cl->hostname); return -1; @@ -1289,7 +1289,7 @@ int tcppacket_h(connection_t *cl) p = packet.data; todo = packet.len; - + while(todo) { x = read(cl->meta_socket, p, todo); @@ -1299,7 +1299,7 @@ int tcppacket_h(connection_t *cl) if(x==0) syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), cl->name, cl->hostname); else - if(errno==EINTR) + if(errno==EINTR || errno==EAGAIN) /* FIXME: select() or poll() or reimplement this evil hack */ continue; else syslog(LOG_ERR, _("Error during reception of PACKET from %s (%s): %m"), cl->name, cl->hostname); @@ -1311,7 +1311,9 @@ int tcppacket_h(connection_t *cl) p += x; } - return receive_packet(cl, &packet); + receive_packet(cl, &packet); +cp + return 0; } /* Jumptable for the request handlers */ diff --git a/src/route.c b/src/route.c index 43fe523c..c93379be 100644 --- a/src/route.c +++ b/src/route.c @@ -17,11 +17,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.6 2001/01/07 17:09:06 guus Exp $ + $Id: route.c,v 1.1.2.7 2001/03/04 13:59:32 guus Exp $ */ #include "config.h" +#include #include #include #include @@ -34,15 +35,15 @@ #include "system.h" int routing_mode = RMODE_ROUTER; +subnet_t mymac; void learn_mac(connection_t *source, mac_t *address) { - connection_t *old; subnet_t *subnet; cp - old = lookup_subnet_mac(address)->owner; + subnet = lookup_subnet_mac(address); - if(!old) + if(!subnet) { subnet = new_subnet(); subnet->type = SUBNET_MAC; @@ -50,23 +51,22 @@ cp memcpy(&subnet->net.mac.address, address, sizeof(mac_t)); subnet_add(source, subnet); - if(DEBUG_LVL >= DEBUG_TRAFFIC) + if(debug_lvl >= DEBUG_TRAFFIC) { syslog(LOG_DEBUG, _("Learned new MAC address %x:%x:%x:%x:%x:%x from %s (%s)"), - address->address.x[0], - address->address.x[1], - address->address.x[2], - address->address.x[3], - address->address.x[4], - address->address.x[5], - cl->name, cl->hostname); + address->x[0], + address->x[1], + address->x[2], + address->x[3], + address->x[4], + address->x[5], + source->name, source->hostname); } } } connection_t *route_mac(connection_t *source, vpn_packet_t *packet) { - connection_t *oldsrc, *dst; subnet_t *subnet; cp /* Learn source address */ @@ -75,39 +75,47 @@ cp /* Lookup destination address */ - dst = lookup_subnet_mac((mac_t *)(&packet->data[6]))->owner; + subnet = lookup_subnet_mac((mac_t *)(&packet->data[6])); - if(!dst) - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: unknown destination address %x:%x:%x:%x:%x:%x"), - packet->data[6], - packet->data[7], - packet->data[8], - packet->data[9], - packet->data[10], - packet->data[11]); - } + if(!subnet) + { + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_WARNING, _("Cannot route packet: unknown destination address %x:%x:%x:%x:%x:%x"), + packet->data[6], + packet->data[7], + packet->data[8], + packet->data[9], + packet->data[10], + packet->data[11]); + } + return NULL; + } cp - return dst; + return subnet->owner; } connection_t *route_ipv4(vpn_packet_t *packet) { ipv4_t dest; - connection_t *cl; + subnet_t *subnet; cp dest = ntohl(*((unsigned long*)(&packet->data[30]))); - cl = lookup_subnet_ipv4(&dest)->owner; - if(!cl) - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: unknown destination address %d.%d.%d.%d"), - packet->data[30], packet->data[31], packet->data[32], packet->data[33]); - } + subnet = lookup_subnet_ipv4(&dest); + + if(!subnet) + { + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_WARNING, _("Cannot route packet: unknown destination address %d.%d.%d.%d"), + packet->data[30], packet->data[31], packet->data[32], packet->data[33]); + } + + return NULL; + } cp - return cl; + return subnet->owner; } connection_t *route_ipv6(vpn_packet_t *packet) @@ -124,7 +132,7 @@ cp void route_outgoing(vpn_packet_t *packet) { unsigned short int type; - avl_tree_t *node; + avl_node_t *node; connection_t *cl; cp /* FIXME: multicast? */ @@ -148,11 +156,12 @@ cp } return; } - send_packet(cl, packet); + if(cl) + send_packet(cl, packet); break; case RMODE_SWITCH: - cl = route_mac(packet); + cl = route_mac(myself, packet); if(cl) send_packet(cl, packet); break; @@ -173,8 +182,10 @@ void route_incoming(connection_t *source, vpn_packet_t *packet) switch(routing_mode) { case RMODE_SWITCH: - learn_mac(source, &packet->data[0]); + learn_mac(source, (mac_t *)(&packet->data[0])); break; + case RMODE_ROUTER: + memcpy(packet->data, mymac.net.mac.address.x, 6); } accept_packet(packet); diff --git a/src/route.h b/src/route.h index e7316cb1..4eafc3b9 100644 --- a/src/route.h +++ b/src/route.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.h,v 1.1.2.2 2001/01/07 17:09:06 guus Exp $ + $Id: route.h,v 1.1.2.3 2001/03/04 13:59:32 guus Exp $ */ #ifndef __TINC_ROUTE_H__ @@ -31,8 +31,9 @@ enum }; extern int routing_mode; +extern subnet_t mymac; -extern connection_t *route_incoming(connection_t *, vpn_packet_t *); -extern connection_t *route_outgoing(connection_t *, vpn_packet_t *); +extern void route_incoming(connection_t *, vpn_packet_t *); +extern void route_outgoing(vpn_packet_t *); #endif /* __TINC_ROUTE_H__ */ From 9d5c9bf6ba74e4e8bbd12b97fdda6c665155fec6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 4 Mar 2001 13:59:53 +0000 Subject: [PATCH 362/923] Updated translation. --- po/POTFILES.in | 1 + po/es.po | 488 +++++++++++++++++++++++++------------------------ po/nl.po | 474 +++++++++++++++++++++++------------------------ 3 files changed, 492 insertions(+), 471 deletions(-) diff --git a/po/POTFILES.in b/po/POTFILES.in index a60c42c9..75d43e6e 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -14,3 +14,4 @@ src/protocol.c src/subnet.c src/tincd.c src/process.c +src/route.c diff --git a/po/es.po b/po/es.po index 83b66195..ac664692 100644 --- a/po/es.po +++ b/po/es.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2001-02-25 20:22+0100\n" +"POT-Creation-Date: 2001-03-04 14:33+0100\n" "PO-Revision-Date: 2000-11-26 15:20+0000\n" "Last-Translator: Enrique Zanardi \n" "Language-Team: Spanish \n" @@ -103,7 +103,7 @@ msgstr "Conexi #: src/connection.c:193 src/connection.c:200 #, c-format -msgid " %s at %s port %hd flags %d sockets %d, %d status %04x" +msgid " %s at %s port %hd options %ld sockets %d, %d status %04x" msgstr "" #: src/connection.c:205 @@ -121,7 +121,7 @@ msgstr "Enviando paquete de %d bytes a %s (%s)" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/meta.c:100 src/net.c:1037 +#: src/meta.c:100 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Esto es un `bug': %s:%d: %d:%m %s (%s)" @@ -131,7 +131,7 @@ msgstr "Esto es un `bug': %s:%d: %d:%m %s (%s)" msgid "Metadata socket error for %s (%s): %s" msgstr "Error en el `socket' de datos salientes para %s (%s): %s" -#: src/meta.c:123 src/protocol.c:1277 +#: src/meta.c:123 src/protocol.c:1300 #, fuzzy, c-format msgid "Connection closed by %s (%s)" msgstr "Cerrando conexión con %s (%s)" @@ -151,323 +151,301 @@ msgstr "Petici msgid "Metadata read buffer overflow for %s (%s)" msgstr "Desbordamiento del bufer de salida mientras enviaba %s a %s (%s)" -#: src/net.c:128 -#, c-format -msgid "Sending packet of %d bytes to %s (%s)" -msgstr "Enviando paquete de %d bytes a %s (%s)" - -#: src/net.c:139 -#, c-format -msgid "Error sending packet to %s (%s): %m" -msgstr "Error enviando paquete a %s (%s): %m" - -#: src/net.c:173 -#, fuzzy, c-format -msgid "Writing packet of %d bytes to tap device" -msgstr "Enviando paquete de %d bytes a %s (%s)" - -#: src/net.c:183 -#, fuzzy, c-format -msgid "Can't write to tun/tap device: %m" -msgstr "No puedo escribir en el dispositivo tap: %m" - -#: src/net.c:190 -#, fuzzy, c-format -msgid "Can't write to ethertap device: %m" -msgstr "No puedo escribir en el dispositivo tap: %m" - -#: src/net.c:211 -#, c-format -msgid "Trying to look up %d.%d.%d.%d in connection list failed!" -msgstr "¡Error intentando buscar %d.%d.%d.%d en la lista de conexiones!" - -#: src/net.c:224 -#, c-format -msgid "Packet with destination %d.%d.%d.%d is looping back to us!" -msgstr "" - -#: src/net.c:234 -#, fuzzy, c-format -msgid "%s (%s) is not active, dropping packet" -msgstr "%s (%s) no está listo, poniendo el paquete en cola" - -#: src/net.c:243 +#: src/net.c:119 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "No conozco ninguna clave válida para %s (%s) aún, pongo el paquete en cola" -#: src/net.c:272 +#: src/net.c:152 +#, c-format +msgid "Error sending packet to %s (%s): %m" +msgstr "Error enviando paquete a %s (%s): %m" + +#: src/net.c:163 +#, fuzzy, c-format +msgid "Received packet of %d bytes from %s (%s)" +msgstr "Enviando paquete de %d bytes a %s (%s)" + +#: src/net.c:192 +#, fuzzy, c-format +msgid "Writing packet of %d bytes to tap device" +msgstr "Enviando paquete de %d bytes a %s (%s)" + +#: src/net.c:198 +#, fuzzy, c-format +msgid "Can't write to tun/tap device: %m" +msgstr "No puedo escribir en el dispositivo tap: %m" + +#: src/net.c:205 +#, fuzzy, c-format +msgid "Can't write to ethertap device: %m" +msgstr "No puedo escribir en el dispositivo tap: %m" + +#: src/net.c:219 +#, c-format +msgid "Sending packet of %d bytes to %s (%s)" +msgstr "Enviando paquete de %d bytes a %s (%s)" + +#: src/net.c:226 +msgid "Packet is looping back to us!" +msgstr "" + +#: src/net.c:235 +#, fuzzy, c-format +msgid "%s (%s) is not active, dropping packet" +msgstr "%s (%s) no está listo, poniendo el paquete en cola" + +#: src/net.c:257 #, fuzzy, c-format msgid "Flushing queue for %s (%s)" msgstr "Vaciando la cola de envíos para %s (%s)" -#: src/net.c:319 +#: src/net.c:304 #, c-format msgid "Could not open %s: %m" msgstr "No pude abrir %s: %m" -#: src/net.c:348 +#: src/net.c:333 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s es un dispositivo tun/tap del nuevo estilo" -#: src/net.c:373 +#: src/net.c:358 #, c-format msgid "Creating metasocket failed: %m" msgstr "Fallo al crear el metasocket: %m" -#: src/net.c:380 src/net.c:388 src/net.c:397 src/net.c:431 src/net.c:459 -#: src/net.c:468 src/net.c:522 src/net.c:995 src/net.c:1004 src/net.c:1062 +#: src/net.c:366 src/net.c:410 src/net.c:441 src/net.c:496 src/net.c:982 #: src/process.c:239 src/process.c:275 #, c-format msgid "System call `%s' failed: %m" msgstr "" -#: src/net.c:407 +#: src/net.c:386 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "No puedo enlazar (bind) el `socket' de escucha a la interfaz %s: %m" -#: src/net.c:424 +#: src/net.c:403 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "No puedo enlazar (bind) al puerto %hd/tcp: %m" -#: src/net.c:452 +#: src/net.c:431 #, c-format msgid "Creating socket failed: %m" msgstr "Error al crear el `socket': %m" -#: src/net.c:481 src/net.c:1017 +#: src/net.c:454 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "No puedo enlazar (bind) al puerto %hd/udp: %m" -#: src/net.c:498 +#: src/net.c:472 #, c-format msgid "Trying to connect to %s" msgstr "Intentando conectar con %s" -#: src/net.c:508 +#: src/net.c:482 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Error al crear el `socket' para %s puerto %d: %m" -#: src/net.c:533 +#: src/net.c:518 #, c-format msgid "%s port %hd: %m" msgstr "%s puerto %hd: %m" -#: src/net.c:541 +#: src/net.c:526 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl() para %s puerto %d: %m" -#: src/net.c:547 +#: src/net.c:532 #, c-format msgid "Connected to %s port %hd" msgstr "Conectado a %s puerto %hd" -#: src/net.c:566 +#: src/net.c:551 msgid "Invalid name for outgoing connection" msgstr "Nombre no válido para conexión saliente" -#: src/net.c:575 +#: src/net.c:560 #, c-format msgid "Error reading host configuration file for %s" msgstr "Error leyendo el fichero de configuración del `host' para %s" -#: src/net.c:582 +#: src/net.c:567 #, c-format msgid "No address specified for %s" msgstr "No se especificó dirección para %s" -#: src/net.c:589 +#: src/net.c:574 #, c-format msgid "Error looking up `%s': %m" msgstr "Error buscando `%s': %m" -#: src/net.c:599 +#: src/net.c:584 #, c-format msgid "Could not set up a meta connection to %s" msgstr "No he podido configurar una meta conexión a %s" -#: src/net.c:644 +#: src/net.c:629 #, fuzzy, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/net.c:652 +#: src/net.c:637 #, fuzzy, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Error recibiendo paquete: %m" #. Nothing worked. -#: src/net.c:678 +#: src/net.c:663 #, c-format msgid "No public key for %s specified!" msgstr "" -#: src/net.c:701 +#: src/net.c:686 #, fuzzy, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Error enviando paquete a %s (%s): %m" -#: src/net.c:709 +#: src/net.c:694 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "" -#: src/net.c:716 +#: src/net.c:701 #, fuzzy msgid "No private key for tinc daemon specified!" msgstr "¡Se requiere un nombre para el demonio tinc!" -#: src/net.c:740 +#: src/net.c:725 msgid "Name for tinc daemon required!" msgstr "¡Se requiere un nombre para el demonio tinc!" -#: src/net.c:748 +#: src/net.c:733 msgid "Invalid name for myself!" msgstr "¡Nombre no válido para mí!" -#: src/net.c:757 +#: src/net.c:742 msgid "Cannot open host configuration file for myself!" msgstr "¡No puedo abrir el fichero de configuración de `host' para mí!" -#: src/net.c:798 +#: src/net.c:783 msgid "Network address and subnet mask do not match!" msgstr "" -#: src/net.c:807 +#: src/net.c:792 #, fuzzy msgid "Unable to set up a listening TCP socket!" msgstr "¡No puedo configurar un `socket' a la escucha!" -#: src/net.c:813 +#: src/net.c:798 #, fuzzy msgid "Unable to set up a listening UDP socket!" msgstr "¡No puedo configurar un `socket' a la escucha!" -#: src/net.c:850 +#: src/net.c:839 #, c-format msgid "Ready: listening on port %hd" msgstr "Listo: escuchando en el puerto %hd" -#: src/net.c:882 +#: src/net.c:871 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Sigo sin poder conectar con el otro, lo reintentaré en %d segundos." -#: src/net.c:933 +#: src/net.c:924 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Intento re-establecer la conexión saliente en %d segundos" -#: src/net.c:983 -#, c-format -msgid "Opening UDP socket to %s" -msgstr "Abriendo `socket' UDP a %s" - -#: src/net.c:988 -#, c-format -msgid "Creating UDP socket failed: %m" -msgstr "Error al crear el `socket' UDP: %m" - -#: src/net.c:1028 -#, c-format -msgid "Connecting to %s port %d failed: %m" -msgstr "Error al conectar a %s puerto %d: %m" - -#: src/net.c:1079 +#: src/net.c:999 #, c-format msgid "Connection from %s port %d" msgstr "Conexión desde %s puerto %d" -#: src/net.c:1127 +#: src/net.c:1047 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Esto es un `bug': %s:%d: %d:%m" -#: src/net.c:1133 +#: src/net.c:1053 #, c-format msgid "Incoming data socket error: %s" msgstr "Error en el `socket' de recepción de datos: %s" -#: src/net.c:1139 +#: src/net.c:1059 #, c-format msgid "Receiving packet failed: %m" msgstr "Error recibiendo paquete: %m" -#: src/net.c:1147 +#: src/net.c:1067 #, c-format msgid "Received UDP packets on port %hd from unknown source %x:%hd" msgstr "" -#: src/net.c:1153 -#, fuzzy, c-format -msgid "Received packet of %d bytes from %s (%s)" -msgstr "Enviando paquete de %d bytes a %s (%s)" - -#: src/net.c:1175 +#: src/net.c:1089 #, c-format msgid "Closing connection with %s (%s)" msgstr "Cerrando conexión con %s (%s)" -#: src/net.c:1225 +#: src/net.c:1140 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Intento re-establecer la conexión saliente en 5 segundos." -#: src/net.c:1260 +#: src/net.c:1175 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) no respondió al PING" -#: src/net.c:1287 +#: src/net.c:1202 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Error al aceptar una nueva conexión: %m" -#: src/net.c:1295 +#: src/net.c:1210 msgid "Closed attempted connection" msgstr "Se ha cerrado la conexión que se intentaba realizar." -#: src/net.c:1352 +#: src/net.c:1267 #, fuzzy, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1361 +#: src/net.c:1276 #, fuzzy, c-format msgid "Error while reading from ethertap device: %m" msgstr "Error leyendo del dispositivo tap: %m" -#: src/net.c:1372 +#: src/net.c:1287 msgid "Received short packet from tap device" msgstr "" -#: src/net.c:1378 +#: src/net.c:1293 #, c-format msgid "Read packet of length %d from tap device" msgstr "" -#: src/net.c:1410 +#: src/net.c:1325 #, c-format msgid "Error while waiting for input: %m" msgstr "Error esperando entrada: %m" -#: src/net.c:1417 +#: src/net.c:1332 #, fuzzy msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." -#: src/net.c:1424 +#: src/net.c:1339 #, fuzzy msgid "Unable to reread configuration file, exiting" msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." -#: src/net.c:1450 +#: src/net.c:1365 #, fuzzy msgid "Regenerating symmetric key" msgstr "Generando claves de %d bits" @@ -537,218 +515,218 @@ msgstr "La m msgid "Uplink %s (%s) is already in our connection list" msgstr "El enlace %s (%s) ya está en nuestra lista de conexiones." -#: src/protocol.c:318 -#, c-format -msgid "Got bad CHALLENGE from %s (%s)" -msgstr "Recibí CHALLENGE incorrecta desde %s (%s)" - -#: src/protocol.c:328 -#, c-format -msgid "Intruder: wrong challenge length from %s (%s)" -msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" - -#: src/protocol.c:354 -#, c-format -msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" -msgstr "Intento enviar CHAL_REPLY a %s (%s) sin un CHALLENGE válido" - -#: src/protocol.c:380 -#, c-format -msgid "Got bad CHAL_REPLY from %s (%s)" -msgstr "Recibí CHAL_REPLY incorrecta desde %s (%s)" - -#: src/protocol.c:388 -#, c-format -msgid "Intruder: wrong challenge reply length from %s (%s)" -msgstr "Intruso: longitud de respuesta de desafío incorrecta desde %s (%s)" - -#: src/protocol.c:404 -#, c-format -msgid "Intruder: wrong challenge reply from %s (%s)" -msgstr "Intruso: respuesta de desafío incorrecta desde %s (%s)" - -#: src/protocol.c:409 -#, c-format -msgid "Expected challenge reply: %s" -msgstr "" - -#: src/protocol.c:448 -#, c-format -msgid "Generated random meta key (unencrypted): %s" -msgstr "" - -#: src/protocol.c:455 src/protocol.c:516 -#, fuzzy, c-format -msgid "Error during encryption of meta key for %s (%s)" -msgstr "Error enviando paquete a %s (%s): %m" - -#: src/protocol.c:486 -#, fuzzy, c-format -msgid "Got bad METAKEY from %s (%s)" -msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" - -#: src/protocol.c:496 -#, fuzzy, c-format -msgid "Intruder: wrong meta key length from %s (%s)" -msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" - -#: src/protocol.c:524 -#, c-format -msgid "Received random meta key (unencrypted): %s" -msgstr "" - -#: src/protocol.c:553 +#: src/protocol.c:289 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Eliminando el registro viejo para %s en %s en favor de la nueva conexión " "desde %s" -#: src/protocol.c:568 +#: src/protocol.c:304 #, c-format msgid "Connection with %s (%s) activated" msgstr "Activada la conexión con %s (%s)." -#: src/protocol.c:650 +#: src/protocol.c:400 +#, c-format +msgid "Got bad CHALLENGE from %s (%s)" +msgstr "Recibí CHALLENGE incorrecta desde %s (%s)" + +#: src/protocol.c:410 +#, c-format +msgid "Intruder: wrong challenge length from %s (%s)" +msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" + +#: src/protocol.c:436 +#, c-format +msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" +msgstr "Intento enviar CHAL_REPLY a %s (%s) sin un CHALLENGE válido" + +#: src/protocol.c:462 +#, c-format +msgid "Got bad CHAL_REPLY from %s (%s)" +msgstr "Recibí CHAL_REPLY incorrecta desde %s (%s)" + +#: src/protocol.c:470 +#, c-format +msgid "Intruder: wrong challenge reply length from %s (%s)" +msgstr "Intruso: longitud de respuesta de desafío incorrecta desde %s (%s)" + +#: src/protocol.c:486 +#, c-format +msgid "Intruder: wrong challenge reply from %s (%s)" +msgstr "Intruso: respuesta de desafío incorrecta desde %s (%s)" + +#: src/protocol.c:491 +#, c-format +msgid "Expected challenge reply: %s" +msgstr "" + +#: src/protocol.c:540 +#, c-format +msgid "Generated random meta key (unencrypted): %s" +msgstr "" + +#: src/protocol.c:552 src/protocol.c:615 +#, fuzzy, c-format +msgid "Error during encryption of meta key for %s (%s)" +msgstr "Error enviando paquete a %s (%s): %m" + +#: src/protocol.c:585 +#, fuzzy, c-format +msgid "Got bad METAKEY from %s (%s)" +msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" + +#: src/protocol.c:595 +#, fuzzy, c-format +msgid "Intruder: wrong meta key length from %s (%s)" +msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" + +#: src/protocol.c:623 +#, c-format +msgid "Received random meta key (unencrypted): %s" +msgstr "" + +#: src/protocol.c:669 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s)" -#: src/protocol.c:658 +#: src/protocol.c:677 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "" "Recibí ADD_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:666 +#: src/protocol.c:685 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s): cadena de subred no válida" -#: src/protocol.c:674 +#: src/protocol.c:693 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "" "Aviso: recibí ADD_SUBNET desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:684 +#: src/protocol.c:703 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Recibí ADD_SUBNET para %s desde %s (%s) que no está en nuestra lista de " "conexiones" -#: src/protocol.c:732 +#: src/protocol.c:751 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s)" -#: src/protocol.c:740 +#: src/protocol.c:759 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "" "Recibí DEL_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:748 +#: src/protocol.c:767 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s): cadena de subred no válida" -#: src/protocol.c:758 +#: src/protocol.c:777 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "" "Aviso: recibí DEL_SUBNET desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:768 +#: src/protocol.c:787 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Recibí DEL_SUBNET para %s desde %s (%s) que no está en nuestra lista de " "conexiones" -#: src/protocol.c:809 +#: src/protocol.c:830 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Recibí ADD_HOST incorrecta desde %s (%s)" -#: src/protocol.c:817 +#: src/protocol.c:838 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "" "Recibí ADD_HOST incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:826 +#: src/protocol.c:847 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Aviso: recibí ADD_HOST desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:843 +#: src/protocol.c:864 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Recibí un ADD_HOST duplicado desde %s (%s) para %s (%s)" -#: src/protocol.c:851 +#: src/protocol.c:872 #, fuzzy, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Eliminando el registro viejo para %s en %s en favor de la nueva conexión " "desde %s" -#: src/protocol.c:902 +#: src/protocol.c:925 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Recibí DEL_HOST incorrecta desde %s (%s)" -#: src/protocol.c:911 +#: src/protocol.c:934 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "" "Recibí DEL_HOST incorrecta desde %s (%s): nombre de identidad no válido" -#: src/protocol.c:919 +#: src/protocol.c:942 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Aviso: recibí DEL_HOST desde %s (%s) para nosotros mismos, reiniciando" -#: src/protocol.c:929 +#: src/protocol.c:952 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Recibí DEL_HOST desde %s (%s) para %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:938 +#: src/protocol.c:961 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Recibí DEL_HOST desde %s (%s) para %s que no concuerda" -#: src/protocol.c:977 +#: src/protocol.c:1000 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Recibí STATUS incorrecta desde %s (%s)" -#: src/protocol.c:984 +#: src/protocol.c:1007 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Mensaje de status desde %s (%s): %s: %s" -#: src/protocol.c:1007 +#: src/protocol.c:1030 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Recibí ERROR incorrecta desde %s (%s)" -#: src/protocol.c:1014 +#: src/protocol.c:1037 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Mensaje de error desde %s (%s): %s: %s" -#: src/protocol.c:1091 +#: src/protocol.c:1114 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Recibí KEY_CHANGED incorrecto desde %s (%s)" -#: src/protocol.c:1098 +#: src/protocol.c:1121 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -757,12 +735,12 @@ msgstr "" "Recibí KEY_CHANGED desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1127 +#: src/protocol.c:1150 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1134 +#: src/protocol.c:1157 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -771,7 +749,7 @@ msgstr "" "Recibí REQ_KEY desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1151 +#: src/protocol.c:1174 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -780,12 +758,12 @@ msgstr "" "Recibí REQ_KEY desde %s (%s) destino %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1187 +#: src/protocol.c:1210 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Recibí ANS_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1194 +#: src/protocol.c:1217 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -794,12 +772,12 @@ msgstr "" "Recibí ANS_KEY desde %s (%s) origen %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1205 +#: src/protocol.c:1228 #, fuzzy, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "Recibí ANS_KEY incorrecta desde %s (%s) origen %s: clave no válida" -#: src/protocol.c:1216 +#: src/protocol.c:1239 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -808,12 +786,12 @@ msgstr "" "Recibí ANS_KEY desde %s (%s) destino %s que no está en nuestra lista de " "conexiones" -#: src/protocol.c:1261 +#: src/protocol.c:1284 #, fuzzy, c-format msgid "Got bad PACKET from %s (%s)" msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" -#: src/protocol.c:1282 +#: src/protocol.c:1305 #, fuzzy, c-format msgid "Error during reception of PACKET from %s (%s): %m" msgstr "Error enviando paquete a %s (%s): %m" @@ -824,7 +802,7 @@ msgid "subnet_compare() was called with unknown subnet type %d, restarting!" msgstr "" #. Do some intl stuff right now -#: src/subnet.c:251 src/tincd.c:313 +#: src/subnet.c:251 src/tincd.c:310 msgid "unknown" msgstr "desconocido" @@ -836,12 +814,12 @@ msgstr "" msgid "End of subnet list." msgstr "" -#: src/tincd.c:119 +#: src/tincd.c:116 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Pruebe `%s --help' para más información.\n" -#: src/tincd.c:122 +#: src/tincd.c:119 #, c-format msgid "" "Usage: %s [option]...\n" @@ -850,7 +828,7 @@ msgstr "" "Modo de empleo: %s [opción]...\n" "\n" -#: src/tincd.c:123 +#: src/tincd.c:120 #, fuzzy msgid "" " -c, --config=DIR Read configuration options from DIR.\n" @@ -866,7 +844,7 @@ msgstr "" " -n, --net=NOMBREDERED Conecta a la red NOMBREDERED.\n" " -t, --timeout=TIMEOUT Segundos a esperar antes de dar un timeout.\n" -#: src/tincd.c:128 +#: src/tincd.c:125 #, fuzzy msgid "" " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" @@ -878,55 +856,55 @@ msgstr "" " --version Muestra información de la versión y termina.\n" "\n" -#: src/tincd.c:131 +#: src/tincd.c:128 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "Comunicar `bugs' a tinc@nl.linux.org.\n" -#: src/tincd.c:174 +#: src/tincd.c:171 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" msgstr "" -#: src/tincd.c:235 +#: src/tincd.c:232 #, c-format msgid "Generating %d bits keys:\n" msgstr "Generando claves de %d bits:\n" -#: src/tincd.c:240 +#: src/tincd.c:237 msgid "Error during key generation!" msgstr "" -#: src/tincd.c:244 +#: src/tincd.c:241 msgid "Done.\n" msgstr "Hecho.\n" -#: src/tincd.c:251 +#: src/tincd.c:248 #, fuzzy msgid "public RSA key" msgstr "Clave pública: %s\n" -#: src/tincd.c:255 src/tincd.c:266 +#: src/tincd.c:252 src/tincd.c:263 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" msgstr "" -#: src/tincd.c:262 +#: src/tincd.c:259 #, fuzzy msgid "private RSA key" msgstr "Clave privada: %s\n" -#: src/tincd.c:287 +#: src/tincd.c:284 msgid "Both netname and configuration directory given, using the latter..." msgstr "" -#: src/tincd.c:320 +#: src/tincd.c:317 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versión %s (compilado %s %s, protocolo %d)\n" -#: src/tincd.c:321 +#: src/tincd.c:318 #, fuzzy msgid "" "Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" @@ -943,22 +921,22 @@ msgstr "" "y puede ser redistribuido bajo ciertas condiciones;\n" "vea el fichero COPYING para los detalles.\n" -#: src/tincd.c:335 +#: src/tincd.c:332 #, fuzzy msgid "You must be root to run this program.\n" msgstr "" "Usted debe ser el superusuario para ejecutar este programa. Lo siento.\n" -#: src/tincd.c:375 +#: src/tincd.c:372 msgid "Unrecoverable error" msgstr "Error irrecuperable" -#: src/tincd.c:380 +#: src/tincd.c:377 #, c-format msgid "Restarting in %d seconds!" msgstr "¡Reiniciando en %d segundos!" -#: src/process.c:338 src/tincd.c:385 +#: src/process.c:338 src/tincd.c:382 #, fuzzy msgid "Not restarting." msgstr "¡Aayyy! No reinicio." @@ -1077,6 +1055,46 @@ msgstr "Recib msgid "Installing signal handler for signal %d (%s) failed: %m\n" msgstr "" +#: src/route.c:56 +#, c-format +msgid "Learned new MAC address %x:%x:%x:%x:%x:%x from %s (%s)" +msgstr "" + +#: src/route.c:84 +#, c-format +msgid "Cannot route packet: unknown destination address %x:%x:%x:%x:%x:%x" +msgstr "" + +#: src/route.c:111 +#, c-format +msgid "Cannot route packet: unknown destination address %d.%d.%d.%d" +msgstr "" + +#: src/route.c:126 +msgid "Cannot route packet: IPv6 routing not yet implemented" +msgstr "" + +#: src/route.c:155 +#, c-format +msgid "Cannot route packet: unknown type %hx" +msgstr "" + +#, fuzzy +#~ msgid "Got packet of %d bytes from %s (%s)" +#~ msgstr "Enviando paquete de %d bytes a %s (%s)" + +#~ msgid "Trying to look up %d.%d.%d.%d in connection list failed!" +#~ msgstr "¡Error intentando buscar %d.%d.%d.%d en la lista de conexiones!" + +#~ msgid "Opening UDP socket to %s" +#~ msgstr "Abriendo `socket' UDP a %s" + +#~ msgid "Creating UDP socket failed: %m" +#~ msgstr "Error al crear el `socket' UDP: %m" + +#~ msgid "Connecting to %s port %d failed: %m" +#~ msgstr "Error al conectar a %s puerto %d: %m" + #, fuzzy #~ msgid "Error during encryption of challenge for %s (%s)" #~ msgstr "Error leyendo el fichero de configuración del `host' para %s" diff --git a/po/nl.po b/po/nl.po index 5addbdbb..614cc980 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0pre4\n" -"POT-Creation-Date: 2001-02-25 20:22+0100\n" +"POT-Creation-Date: 2001-03-04 14:33+0100\n" "PO-Revision-Date: 2000-05-31 20:14+02:00\n" "Last-Translator: Ivo Timmermans \n" "Language-Team: Dutch \n" @@ -107,8 +107,8 @@ msgstr "Verbindingslijst:" #: src/connection.c:193 src/connection.c:200 #, c-format -msgid " %s at %s port %hd flags %d sockets %d, %d status %04x" -msgstr " %s op %s poort %hd vlaggen %d sockets %d, %d status %04x" +msgid " %s at %s port %hd options %ld sockets %d, %d status %04x" +msgstr " %s op %s poort %hd opties %d sockets %d, %d status %04x" #: src/connection.c:205 msgid "End of connection list." @@ -124,7 +124,7 @@ msgstr "Verzenden van %d bytes metadata naar %s (%s): %s" msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:100 src/net.c:1037 +#: src/meta.c:100 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" @@ -134,7 +134,7 @@ msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s): %s" -#: src/meta.c:123 src/protocol.c:1277 +#: src/meta.c:123 src/protocol.c:1300 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" @@ -154,319 +154,297 @@ msgstr "Kreeg verzoek van %s (%s): %s" msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:128 -#, c-format -msgid "Sending packet of %d bytes to %s (%s)" -msgstr "Verzending pakket van %d bytes naar %s (%s)" - -#: src/net.c:139 -#, c-format -msgid "Error sending packet to %s (%s): %m" -msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" - -#: src/net.c:173 -#, c-format -msgid "Writing packet of %d bytes to tap device" -msgstr "Verzending pakket van %d bytes naar tap-apparaat" - -#: src/net.c:183 -#, c-format -msgid "Can't write to tun/tap device: %m" -msgstr "Kan niet naar tun/tap apparaat schrijven: %m" - -#: src/net.c:190 -#, c-format -msgid "Can't write to ethertap device: %m" -msgstr "Kan niet naar ethertap apparaat schrijven: %m" - -#: src/net.c:211 -#, c-format -msgid "Trying to look up %d.%d.%d.%d in connection list failed!" -msgstr "Poging tot opzoeken %d.%d.%d.%d in verbindingslijst mislukte!" - -#: src/net.c:224 -#, c-format -msgid "Packet with destination %d.%d.%d.%d is looping back to us!" -msgstr "Pakket met doeladres %d.%d.%d.%d komt terug naar ons!" - -#: src/net.c:234 -#, c-format -msgid "%s (%s) is not active, dropping packet" -msgstr "%s (%s) is niet actief, pakket wordt genegeerd" - -#: src/net.c:243 +#: src/net.c:119 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net.c:272 +#: src/net.c:152 +#, c-format +msgid "Error sending packet to %s (%s): %m" +msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" + +#: src/net.c:163 +#, c-format +msgid "Received packet of %d bytes from %s (%s)" +msgstr "Ontvangst pakket van %d bytes van %s (%s)" + +#: src/net.c:192 +#, c-format +msgid "Writing packet of %d bytes to tap device" +msgstr "Verzending pakket van %d bytes naar tap-apparaat" + +#: src/net.c:198 +#, c-format +msgid "Can't write to tun/tap device: %m" +msgstr "Kan niet naar tun/tap apparaat schrijven: %m" + +#: src/net.c:205 +#, c-format +msgid "Can't write to ethertap device: %m" +msgstr "Kan niet naar ethertap apparaat schrijven: %m" + +#: src/net.c:219 +#, c-format +msgid "Sending packet of %d bytes to %s (%s)" +msgstr "Verzending pakket van %d bytes naar %s (%s)" + +#: src/net.c:226 +msgid "Packet is looping back to us!" +msgstr "Pakket komt terug naar ons!" + +#: src/net.c:235 +#, c-format +msgid "%s (%s) is not active, dropping packet" +msgstr "%s (%s) is niet actief, pakket wordt genegeerd" + +#: src/net.c:257 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net.c:319 +#: src/net.c:304 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" -#: src/net.c:348 +#: src/net.c:333 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s is een nieuwe stijl tun/tap apparaat" -#: src/net.c:373 +#: src/net.c:358 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:380 src/net.c:388 src/net.c:397 src/net.c:431 src/net.c:459 -#: src/net.c:468 src/net.c:522 src/net.c:995 src/net.c:1004 src/net.c:1062 +#: src/net.c:366 src/net.c:410 src/net.c:441 src/net.c:496 src/net.c:982 #: src/process.c:239 src/process.c:275 #, c-format msgid "System call `%s' failed: %m" msgstr "Systeemaanroep `%s' mislukte: %m" -#: src/net.c:407 +#: src/net.c:386 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:424 +#: src/net.c:403 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:452 +#: src/net.c:431 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:481 src/net.c:1017 +#: src/net.c:454 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:498 +#: src/net.c:472 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:508 +#: src/net.c:482 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:533 +#: src/net.c:518 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:541 +#: src/net.c:526 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:547 +#: src/net.c:532 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:566 +#: src/net.c:551 msgid "Invalid name for outgoing connection" msgstr "Ongelige naam voor uitgaande verbinding" -#: src/net.c:575 +#: src/net.c:560 #, c-format msgid "Error reading host configuration file for %s" msgstr "Fout tijdens lezen host configuratie bestand voor %s" -#: src/net.c:582 +#: src/net.c:567 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:589 +#: src/net.c:574 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:599 +#: src/net.c:584 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:644 +#: src/net.c:629 #, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %m" -#: src/net.c:652 +#: src/net.c:637 #, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %m" #. Nothing worked. -#: src/net.c:678 +#: src/net.c:663 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net.c:701 +#: src/net.c:686 #, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" -#: src/net.c:709 +#: src/net.c:694 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" # -#: src/net.c:716 +#: src/net.c:701 msgid "No private key for tinc daemon specified!" msgstr "Geen privé sleutel voor tinc daemon gespecificeerd!" -#: src/net.c:740 +#: src/net.c:725 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:748 +#: src/net.c:733 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:757 +#: src/net.c:742 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:798 +#: src/net.c:783 msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" -#: src/net.c:807 +#: src/net.c:792 msgid "Unable to set up a listening TCP socket!" msgstr "Kon geen TCP luistersocket aanmaken!" -#: src/net.c:813 +#: src/net.c:798 msgid "Unable to set up a listening UDP socket!" msgstr "Kon geen UDP luistersocket aanmaken!" -#: src/net.c:850 +#: src/net.c:839 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:882 +#: src/net.c:871 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:933 +#: src/net.c:924 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:983 -#, c-format -msgid "Opening UDP socket to %s" -msgstr "Bezig met openen UDP socket naar %s" - -#: src/net.c:988 -#, c-format -msgid "Creating UDP socket failed: %m" -msgstr "Aanmaak UDP socket mislukte: %m" - -#: src/net.c:1028 -#, c-format -msgid "Connecting to %s port %d failed: %m" -msgstr "Verbinding naar %s poort %d mislukt: %m" - -#: src/net.c:1079 +#: src/net.c:999 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1127 +#: src/net.c:1047 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1133 +#: src/net.c:1053 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1139 +#: src/net.c:1059 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1147 +#: src/net.c:1067 #, c-format msgid "Received UDP packets on port %hd from unknown source %x:%hd" msgstr "Ontvangst UDP pakket op poort %hd van onbekende oorsprong %x:%hd" -#: src/net.c:1153 -#, c-format -msgid "Received packet of %d bytes from %s (%s)" -msgstr "Ontvangst pakket van %d bytes van %s (%s)" - -#: src/net.c:1175 +#: src/net.c:1089 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1225 +#: src/net.c:1140 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:1260 +#: src/net.c:1175 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1287 +#: src/net.c:1202 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1295 +#: src/net.c:1210 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1352 +#: src/net.c:1267 #, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1361 +#: src/net.c:1276 #, c-format msgid "Error while reading from ethertap device: %m" msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1372 +#: src/net.c:1287 msgid "Received short packet from tap device" msgstr "Kort pakket ontvangen van tap apparaat" -#: src/net.c:1378 +#: src/net.c:1293 #, c-format msgid "Read packet of length %d from tap device" msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1410 +#: src/net.c:1325 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1417 +#: src/net.c:1332 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1424 +#: src/net.c:1339 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1450 +#: src/net.c:1365 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" @@ -535,210 +513,210 @@ msgstr "Ander %s heeft een onbekende identiteit (%s)" msgid "Uplink %s (%s) is already in our connection list" msgstr "%s (%s) staat al in onze verbindingslijst" -#: src/protocol.c:318 -#, c-format -msgid "Got bad CHALLENGE from %s (%s)" -msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" - -#: src/protocol.c:328 -#, c-format -msgid "Intruder: wrong challenge length from %s (%s)" -msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" - -#: src/protocol.c:354 -#, c-format -msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" -msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" - -#: src/protocol.c:380 -#, c-format -msgid "Got bad CHAL_REPLY from %s (%s)" -msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" - -#: src/protocol.c:388 -#, c-format -msgid "Intruder: wrong challenge reply length from %s (%s)" -msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" - -#: src/protocol.c:404 -#, c-format -msgid "Intruder: wrong challenge reply from %s (%s)" -msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" - -#: src/protocol.c:409 -#, c-format -msgid "Expected challenge reply: %s" -msgstr "Verwacht antwoord op uitdaging: %s" - -#: src/protocol.c:448 -#, c-format -msgid "Generated random meta key (unencrypted): %s" -msgstr "Meta sleutel gegenereerd (niet versleuteld): %s" - -#: src/protocol.c:455 src/protocol.c:516 -#, c-format -msgid "Error during encryption of meta key for %s (%s)" -msgstr "Fout tijdens versleuteling van meta sleutel voor %s (%s)" - -#: src/protocol.c:486 -#, c-format -msgid "Got bad METAKEY from %s (%s)" -msgstr "Kreeg ongeldige METAKEY van %s (%s)" - -#: src/protocol.c:496 -#, c-format -msgid "Intruder: wrong meta key length from %s (%s)" -msgstr "Indringer: verkeerde lengte voor meta sleutel van %s (%s)" - -#: src/protocol.c:524 -#, c-format -msgid "Received random meta key (unencrypted): %s" -msgstr "Meta sleutel ontvangen (niet versleuteld): %s" - -#: src/protocol.c:553 +#: src/protocol.c:289 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:568 +#: src/protocol.c:304 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:650 +#: src/protocol.c:400 +#, c-format +msgid "Got bad CHALLENGE from %s (%s)" +msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" + +#: src/protocol.c:410 +#, c-format +msgid "Intruder: wrong challenge length from %s (%s)" +msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" + +#: src/protocol.c:436 +#, c-format +msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" +msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" + +#: src/protocol.c:462 +#, c-format +msgid "Got bad CHAL_REPLY from %s (%s)" +msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" + +#: src/protocol.c:470 +#, c-format +msgid "Intruder: wrong challenge reply length from %s (%s)" +msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" + +#: src/protocol.c:486 +#, c-format +msgid "Intruder: wrong challenge reply from %s (%s)" +msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" + +#: src/protocol.c:491 +#, c-format +msgid "Expected challenge reply: %s" +msgstr "Verwacht antwoord op uitdaging: %s" + +#: src/protocol.c:540 +#, c-format +msgid "Generated random meta key (unencrypted): %s" +msgstr "Meta sleutel gegenereerd (niet versleuteld): %s" + +#: src/protocol.c:552 src/protocol.c:615 +#, c-format +msgid "Error during encryption of meta key for %s (%s)" +msgstr "Fout tijdens versleuteling van meta sleutel voor %s (%s)" + +#: src/protocol.c:585 +#, c-format +msgid "Got bad METAKEY from %s (%s)" +msgstr "Kreeg ongeldige METAKEY van %s (%s)" + +#: src/protocol.c:595 +#, c-format +msgid "Intruder: wrong meta key length from %s (%s)" +msgstr "Indringer: verkeerde lengte voor meta sleutel van %s (%s)" + +#: src/protocol.c:623 +#, c-format +msgid "Received random meta key (unencrypted): %s" +msgstr "Meta sleutel ontvangen (niet versleuteld): %s" + +#: src/protocol.c:669 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" -#: src/protocol.c:658 +#: src/protocol.c:677 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:666 +#: src/protocol.c:685 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" -#: src/protocol.c:674 +#: src/protocol.c:693 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:684 +#: src/protocol.c:703 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg ADD_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:732 +#: src/protocol.c:751 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" -#: src/protocol.c:740 +#: src/protocol.c:759 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:748 +#: src/protocol.c:767 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:758 +#: src/protocol.c:777 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:768 +#: src/protocol.c:787 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg DEL_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:809 +#: src/protocol.c:830 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:817 +#: src/protocol.c:838 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:826 +#: src/protocol.c:847 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:843 +#: src/protocol.c:864 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:851 +#: src/protocol.c:872 #, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe verbinding" -#: src/protocol.c:902 +#: src/protocol.c:925 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:911 +#: src/protocol.c:934 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:919 +#: src/protocol.c:942 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:929 +#: src/protocol.c:952 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:938 +#: src/protocol.c:961 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:977 +#: src/protocol.c:1000 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:984 +#: src/protocol.c:1007 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:1007 +#: src/protocol.c:1030 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:1014 +#: src/protocol.c:1037 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:1091 +#: src/protocol.c:1114 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:1098 +#: src/protocol.c:1121 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -747,12 +725,12 @@ msgstr "" "Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1127 +#: src/protocol.c:1150 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:1134 +#: src/protocol.c:1157 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -761,7 +739,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1151 +#: src/protocol.c:1174 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -769,12 +747,12 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1187 +#: src/protocol.c:1210 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:1194 +#: src/protocol.c:1217 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -783,13 +761,13 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1205 +#: src/protocol.c:1228 #, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "" "Kreeg ongeldige ADD_KEY van %s (%s) herkomst %s: ongeldige sleutellengte" -#: src/protocol.c:1216 +#: src/protocol.c:1239 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -797,12 +775,12 @@ msgid "" msgstr "" "Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1261 +#: src/protocol.c:1284 #, c-format msgid "Got bad PACKET from %s (%s)" msgstr "Kreeg ongeldig PAKKET van %s (%s)" -#: src/protocol.c:1282 +#: src/protocol.c:1305 #, c-format msgid "Error during reception of PACKET from %s (%s): %m" msgstr "Fout bij het ontvangen van PAKKET van %s (%s)" @@ -815,7 +793,7 @@ msgstr "" "starten" #. Do some intl stuff right now -#: src/subnet.c:251 src/tincd.c:313 +#: src/subnet.c:251 src/tincd.c:310 msgid "unknown" msgstr "onbekend" @@ -827,12 +805,12 @@ msgstr "Subnet lijst:" msgid "End of subnet list." msgstr "Einde van subnet lijst." -#: src/tincd.c:119 +#: src/tincd.c:116 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:122 +#: src/tincd.c:119 #, c-format msgid "" "Usage: %s [option]...\n" @@ -841,7 +819,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:123 +#: src/tincd.c:120 msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" @@ -856,7 +834,7 @@ msgstr "" "beëindig.\n" " -n, --net=NETNAAM Verbind met net NETNAAM.\n" -#: src/tincd.c:128 +#: src/tincd.c:125 msgid "" " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" " --help Display this help and exit.\n" @@ -868,13 +846,13 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:131 +#: src/tincd.c:128 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:174 +#: src/tincd.c:171 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" @@ -882,24 +860,24 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:235 +#: src/tincd.c:232 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:240 +#: src/tincd.c:237 msgid "Error during key generation!" msgstr "Fout tijdens genereren sleutel!" -#: src/tincd.c:244 +#: src/tincd.c:241 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:251 +#: src/tincd.c:248 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:255 src/tincd.c:266 +#: src/tincd.c:252 src/tincd.c:263 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -907,21 +885,21 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:262 +#: src/tincd.c:259 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:287 +#: src/tincd.c:284 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:320 +#: src/tincd.c:317 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:321 +#: src/tincd.c:318 msgid "" "Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -938,20 +916,20 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:335 +#: src/tincd.c:332 msgid "You must be root to run this program.\n" msgstr "Je moet systeembeheerder zijn om dit programma te kunnen draaien.\n" -#: src/tincd.c:375 +#: src/tincd.c:372 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:380 +#: src/tincd.c:377 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/process.c:338 src/tincd.c:385 +#: src/process.c:338 src/tincd.c:382 msgid "Not restarting." msgstr "Geen herstart." @@ -1066,3 +1044,27 @@ msgstr "Kreeg onverwacht signaal %d (%s)" #, c-format msgid "Installing signal handler for signal %d (%s) failed: %m\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %m\n" + +#: src/route.c:56 +#, c-format +msgid "Learned new MAC address %x:%x:%x:%x:%x:%x from %s (%s)" +msgstr "Nieuw MAC address %x:%x:%x:%x:%x:%x geleerd van %s (%s)" + +#: src/route.c:84 +#, c-format +msgid "Cannot route packet: unknown destination address %x:%x:%x:%x:%x:%x" +msgstr "Kan pakket niet routeren: onbekend doeladres %x:%x:%x:%x:%x:%x" + +#: src/route.c:111 +#, c-format +msgid "Cannot route packet: unknown destination address %d.%d.%d.%d" +msgstr "Kan pakket niet routeren: onbekend doeladres %d.%d.%d.%d" + +#: src/route.c:126 +msgid "Cannot route packet: IPv6 routing not yet implemented" +msgstr "Kan pakket niet routeren: IPv6 routering nog niet geïmplementeerd" + +#: src/route.c:155 +#, c-format +msgid "Cannot route packet: unknown type %hx" +msgstr "Kan pakket niet routeren: onbekend type %hx" From f4887b981f109fc4264f50170b2d12c4033bf5e9 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 4 Mar 2001 14:00:24 +0000 Subject: [PATCH 363/923] Added a description of what is going on in net.c and route.c, and how packets flow through tinc. --- doc/NETWORKING | 83 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 doc/NETWORKING diff --git a/doc/NETWORKING b/doc/NETWORKING new file mode 100644 index 00000000..66b03eda --- /dev/null +++ b/doc/NETWORKING @@ -0,0 +1,83 @@ +This is the network infrastructure documentation for tinc, a Virtual Private +Network daemon. + + Copyright 2001 Guus Sliepen + + Permission is granted to make and distribute verbatim copies of + this documentation provided the copyright notice and this + permission notice are preserved on all copies. + + Permission is granted to copy and distribute modified versions of + this documentation under the conditions for verbatim copying, + provided that the entire resulting derived work is distributed + under the terms of a permission notice identical to this one. + + $Id: NETWORKING,v 1.1.2.1 2001/03/04 14:00:24 guus Exp $ + +1. Packet flow +============== + +There are two directions for packets. There are packets received from the tap +device that have to be sent out to other tinc daemon, and there are packets +that are received from other tinc daemons which have to be send to the tap +device. The first direction will be called the outgoing direction, while the +latter will be called the incoming direction. + +1.1 Outgoing flow +----------------- + + handle_tap_input() + | + | + V + route_outgoing() + | + | + V + send_packet() ---- + / \ / \ + / \ | queue + V V V / +send_tcppacket() send_udppacket()-- + +Packets are read from the tap device by handle_tap_input(). The packets will be +marked as coming from ourself, and are then handled by route_outgoing(). This +function will determine the destination tinc daemon this packet has to be sent +to, and in the future it may also determine if this packet has to be broadcast +or multicast. route_outgoing() will call send_packet() (in case of +broad/multicast several times). send_packet() will check the destination +connection_t entry to see if it is a valid destination, and whether it has to +be sent via TCP or UDP. It will then either call send_tcppacket() or +send_udppacket(). Since a different key is used for UDP packets, which might +not be available at that time, send_udppacket() might put the packet in a queue +and send a REQ_KEY to the destination tinc daemon. If the key has been retrieved, +the packet will be fed to send_udppacket() again. + +1.2 Incoming flow +----------------- + + handle_vpn_input() + | + | + V +tcppacket_h() receive_udppacket() + \ / + \ / + V V + receive_packet() + | + | + V + route_incoming() + | + | + V + accept_packet() + +Packets from other tinc daemons can be received by tcppacket_h(), for TCP +packets, and receive_udppacket() via handle_vpn_input() for UDP packets. +receive_packet() actually does not have to do much, except logging and calling +route_incoming(), but it's there for symmetry with the scheme for the outgoing +flow. route_incoming() will change the MAC header of the packet if necessary to +let the kernel accept the packet after it has been sent to the tap device by +accept_packet(). From f1a082823c48d00171b814f7e14e07e6dd4632fb Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 12 Mar 2001 23:58:19 +0000 Subject: [PATCH 364/923] Fixed a race condition triggered by receive_meta() and the new authentication scheme. --- src/meta.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/src/meta.c b/src/meta.c index f9b18ca3..ecf875c7 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.15 2001/02/25 11:09:29 guus Exp $ + $Id: meta.c,v 1.1.2.16 2001/03/12 23:58:19 guus Exp $ */ #include "config.h" @@ -94,6 +94,7 @@ int receive_meta(connection_t *cl) int lenin = 0; char inbuf[MAXBUFSIZE]; char *bufp; + int decrypted = 0; cp if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { @@ -108,12 +109,7 @@ cp return -1; } - if(cl->status.decryptin) - bufp = inbuf; - else - bufp = cl->buffer + cl->buflen; - - lenin = read(cl->meta_socket, bufp, MAXBUFSIZE - cl->buflen); + lenin = read(cl->meta_socket, cl->buffer + cl->buflen, MAXBUFSIZE - cl->buflen); if(lenin<=0) { @@ -133,16 +129,18 @@ cp return -1; } - if(cl->status.decryptin) - { - EVP_DecryptUpdate(cl->cipher_inctx, cl->buffer + cl->buflen, &lenin, inbuf, lenin); - } - oldlen = cl->buflen; cl->buflen += lenin; - for(;;) + while(lenin) { + if(cl->status.decryptin && !decrypted) + { + EVP_DecryptUpdate(cl->cipher_inctx, inbuf, &lenin, cl->buffer + oldlen, lenin); + memcpy(cl->buffer + oldlen, inbuf, lenin); + decrypted = 1; + } + cl->reqlen = 0; for(i = oldlen; i < cl->buflen; i++) @@ -165,6 +163,7 @@ cp return -1; cl->buflen -= cl->reqlen; + lenin -= cl->reqlen; memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen); oldlen = 0; } From b413257e10ae0645da43583dd8f84a1f74df5bd7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 13 Mar 2001 09:55:14 +0000 Subject: [PATCH 365/923] Fixed bug in setup_signals() that would make tinc die when unexpected signals were caught. --- src/process.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/src/process.c b/src/process.c index 35793a27..d618427d 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.21 2001/03/01 21:32:04 guus Exp $ + $Id: process.c,v 1.1.2.22 2001/03/13 09:55:14 guus Exp $ */ #include "config.h" @@ -375,6 +375,16 @@ unexpected_signal_handler(int a, siginfo_t *info, void *b) cp_trace(); } +RETSIGTYPE +ignore_signal_handler(int a, siginfo_t *info, void *b) +{ + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + syslog(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); + cp_trace(); + } +} + struct { int signal; void (*handler)(int, siginfo_t *, void *); @@ -383,11 +393,12 @@ struct { { SIGTERM, sigterm_handler }, { SIGQUIT, sigquit_handler }, { SIGSEGV, sigsegv_handler }, - { SIGPIPE, NULL }, + { SIGPIPE, ignore_signal_handler }, { SIGINT, sigint_handler }, { SIGUSR1, sigusr1_handler }, { SIGUSR2, sigusr2_handler }, - { SIGCHLD, NULL }, + { SIGCHLD, ignore_signal_handler }, + { SIGALRM, ignore_signal_handler }, { 0, NULL } }; @@ -407,7 +418,7 @@ setup_signals(void) for(i = 0; i < NSIG; i++) { act.sa_sigaction = unexpected_signal_handler; - sigaction(sighandlers[i].signal, &act, NULL); + sigaction(i, &act, NULL); } /* Then, for each known signal that we want to catch, assign a From c426e981eeaed3fa4801221720ee8f74d40e9223 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 13 Mar 2001 21:32:24 +0000 Subject: [PATCH 366/923] Ignore alarm signals if we do not need to respond to them. --- src/net.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/net.c b/src/net.c index 4ef654de..3a587491 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.102 2001/03/04 13:59:25 guus Exp $ + $Id: net.c,v 1.35.4.103 2001/03/13 21:32:24 guus Exp $ */ #include "config.h" @@ -849,9 +849,12 @@ cp cfg = get_config_val(upstreamcfg, config_connectto); if(!cfg && upstreamcfg == config) - /* No upstream IP given, we're listen only. */ - return; - + { + /* No upstream IP given, we're listen only. */ + signal(SIGALRM, SIG_IGN); + return; + } + while(cfg) { upstreamcfg = cfg->next; From 156ec676525ed789364b7a77926dd0717d0cf5d7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 13 Mar 2001 21:33:31 +0000 Subject: [PATCH 367/923] Check indirectdata option before forwarding certain requests. --- src/protocol.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 6da4025a..625c7094 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.85 2001/03/04 13:59:28 guus Exp $ + $Id: protocol.c,v 1.28.4.86 2001/03/13 21:33:31 guus Exp $ */ #include "config.h" @@ -325,6 +325,7 @@ cp subnet = (subnet_t *)node->data; send_add_subnet(cl, subnet); } + /* And send him all the hosts and their subnets we know... */ for(node = connection_tree->head; node; node = node->next) @@ -644,7 +645,7 @@ int send_add_subnet(connection_t *cl, subnet_t *subnet) char *netstr; char *owner; cp - if(cl->options & OPTION_INDIRECT) + if((cl->options | myself->options | subnet->owner->options) & OPTION_INDIRECT) owner = myself->name; else owner = subnet->owner->name; @@ -810,7 +811,7 @@ cp int send_add_host(connection_t *cl, connection_t *other) { cp - if(!(cl->options & OPTION_INDIRECT)) + if(!((cl->options | myself->options | other->options) & OPTION_INDIRECT)) return send_request(cl, "%d %s %lx:%d %lx", ADD_HOST, other->name, other->address, other->port, other->options); else @@ -904,7 +905,7 @@ cp int send_del_host(connection_t *cl, connection_t *other) { cp - if(!(cl->options & OPTION_INDIRECT)) + if(!((cl->options | myself->options) & OPTION_INDIRECT)) return send_request(cl, "%d %s %lx:%d %lx", DEL_HOST, other->name, other->address, other->port, other->options); else @@ -1126,7 +1127,8 @@ cp from->status.validkey = 0; from->status.waitingforkey = 0; - send_key_changed(from, cl); + if(!(from->options | cl->options | myself->options) & OPTION_INDIRECT) + send_key_changed(from, cl); cp return 0; } From 80b4a851a6b62cbbf503c2225f93305966f058c0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 13 Apr 2001 10:30:04 +0000 Subject: [PATCH 368/923] Depend on new ssl package and install alias for universal TUN/TAP module. --- debian/control | 2 +- debian/tinc.modules | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/debian/control b/debian/control index d08a1d6e..82d7df0d 100644 --- a/debian/control +++ b/debian/control @@ -3,7 +3,7 @@ Section: non-US/main Priority: optional Maintainer: Ivo Timmermans Standards-Version: 3.0.1 -Build-Depends: libc6-dev, libssl096-dev, autoconf (>= 2.12), +Build-Depends: libssl-dev, autoconf (>= 2.12), automake, debhelper, gettext Package: tinc diff --git a/debian/tinc.modules b/debian/tinc.modules index 198e92ad..7086e405 100644 --- a/debian/tinc.modules +++ b/debian/tinc.modules @@ -9,3 +9,5 @@ options tap0 -o tap0 -x unit=0 options tap1 -o tap1 -x unit=1 options tap2 -o tap2 -x unit=2 options tap3 -o tap3 -x unit=3 + +alias char-major-10-200 tun From a26081467c197cc6b26a0c36c4508361b242fc85 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 4 May 2001 18:45:02 +0000 Subject: [PATCH 369/923] Correctly cycle through ConnectTo variables. --- TODO | 3 ++- src/net.c | 10 ++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/TODO b/TODO index e502d6e4..bacd12c3 100644 --- a/TODO +++ b/TODO @@ -3,6 +3,7 @@ TODO LIST Goals for 1.0 release: * Check Solaris port +* Check FreeBSD port again * Check different linux architectures (x86, alpha and sparc32 done) * Store private key in a separate file (done, 1 dec 2000) * Sanity checks on configuration directory (mostly done) @@ -10,7 +11,7 @@ Goals for 1.0 release: * Reenable queues for delayed packets (done) * Merge documentation files (SECURITY, INSTALL, PROTOCOL) into tinc.texi * Different authentication scheme (done) - +* Add randomness to packet headers and PING/PONG requests Goals for future releases: diff --git a/src/net.c b/src/net.c index 3a587491..ce1d5e92 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.103 2001/03/13 21:32:24 guus Exp $ + $Id: net.c,v 1.35.4.104 2001/05/04 18:45:02 guus Exp $ */ #include "config.h" @@ -848,12 +848,18 @@ sigalrm_handler(int a) cp cfg = get_config_val(upstreamcfg, config_connectto); - if(!cfg && upstreamcfg == config) + if(!cfg) + if(upstreamcfg == config) { /* No upstream IP given, we're listen only. */ signal(SIGALRM, SIG_IGN); return; } + else + { + /* We previously tried all the ConnectTo lines. Now wrap back to the first. */ + cfg = get_config_val(config, config_connectto); + } while(cfg) { From e4f3d93ec62871d1ae11b460627aef0da1b23cd2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 7 May 2001 19:08:46 +0000 Subject: [PATCH 370/923] - s/ip_t/ipv4_t/g - Add "salt" to the beginning of UDP packets. Replaces length field which is not useful anyway. --- ABOUT-NLS | 268 ++++++++++++++++++++++++++++++------------------- src/net.c | 26 +++-- src/net.h | 10 +- src/netutl.c | 4 +- src/protocol.c | 4 +- 5 files changed, 188 insertions(+), 124 deletions(-) diff --git a/ABOUT-NLS b/ABOUT-NLS index 28d38c76..d5621349 100644 --- a/ABOUT-NLS +++ b/ABOUT-NLS @@ -8,7 +8,7 @@ A few packages already provide translations for their messages. If you found this `ABOUT-NLS' file inside a distribution, you may assume that the distributed package does use GNU `gettext' internally, -itself available at your nearest GNU archive site. But you do *not* +itself available at your nearest GNU archive site. But you do _not_ need to install GNU `gettext' prior to configuring, installing or using this package with messages translated. @@ -22,8 +22,8 @@ related to internationalization, you should tell about the version of `gettext' which is used. The information can be found in the `intl/VERSION' file, in internationalized packages. -One advise in advance -===================== +Quick configuration advice +========================== If you want to exploit the full power of internationalization, you should configure it using @@ -34,13 +34,14 @@ to force usage of internationalizing routines provided within this package, despite the existence of internationalizing capabilities in the operating system where this package is being installed. So far, only the `gettext' implementation in the GNU C library version 2 provides as -many features (such as locale alias or message inheritance) as the -implementation here. It is also not possible to offer this additional -functionality on top of a `catgets' implementation. Future versions of -GNU `gettext' will very likely convey even more functionality. So it -might be a good idea to change to GNU `gettext' as soon as possible. +many features (such as locale alias, message inheritance, automatic +charset conversion or plural form handling) as the implementation here. +It is also not possible to offer this additional functionality on top +of a `catgets' implementation. Future versions of GNU `gettext' will +very likely convey even more functionality. So it might be a good idea +to change to GNU `gettext' as soon as possible. - So you need not provide this option if you are using GNU libc 2 or + So you need _not_ provide this option if you are using GNU libc 2 or you have installed a recent copy of the GNU gettext package with the included `libintl'. @@ -53,23 +54,20 @@ Most such packages use GNU `gettext'. Other packages have their own ways to internationalization, predating GNU `gettext'. By default, this package will be installed to allow translation of -messages. It will automatically detect whether the system provides -usable `catgets' (if using this is selected by the installer) or -`gettext' functions. If neither is available, the GNU `gettext' own +messages. It will automatically detect whether the system already +provides the GNU `gettext' functions. If not, the GNU `gettext' own library will be used. This library is wholly contained within this package, usually in the `intl/' subdirectory, so prior installation of -the GNU `gettext' package is *not* required. Installers may use +the GNU `gettext' package is _not_ required. Installers may use special options at configuration time for changing the default behaviour. The commands: ./configure --with-included-gettext - ./configure --with-catgets ./configure --disable-nls -will respectively bypass any pre-existing `catgets' or `gettext' to use -the internationalizing routines provided within this package, enable -the use of the `catgets' functions (if found on the locale system), or -else, *totally* disable translation of messages. +will respectively bypass any pre-existing `gettext' to use the +internationalizing routines provided within this package, or else, +_totally_ disable translation of messages. When you already have GNU `gettext' installed on your system and run configure without an option for your new package, `configure' will @@ -83,18 +81,10 @@ package is more recent, you should use to prevent auto-detection. - By default the configuration process will not test for the `catgets' -function and therefore they will not be used. The reasons are already -given above: the emulation on top of `catgets' cannot provide all the -extensions provided by the GNU `gettext' library. If you nevertheless -want to use the `catgets' functions use - - ./configure --with-catgets - -to enable the test for `catgets' (this causes no harm if `catgets' is -not available on your system). If you really select this option we -would like to hear about the reasons because we cannot think of any -good one ourself. + The configuration process will not test for the `catgets' function +and therefore it will not be used. The reason is that even an +emulation of `gettext' on top of `catgets' could not provide all the +extensions of the GNU `gettext' library. Internationalized packages have usually many `po/LL.po' files, where LL gives an ISO 639 two-letter code identifying the language. Unless @@ -110,22 +100,35 @@ Using This Package As a user, if your language has been installed for this package, you only have to set the `LANG' environment variable to the appropriate -ISO 639 `LL' two-letter code prior to using the programs in the -package. For example, let's suppose that you speak German. At the -shell prompt, merely execute `setenv LANG de' (in `csh'), -`export LANG; LANG=de' (in `sh') or `export LANG=de' (in `bash'). This -can be done from your `.login' or `.profile' file, once and for all. +`LL_CC' combination. Here `LL' is an ISO 639 two-letter language code, +and `CC' is an ISO 3166 two-letter country code. For example, let's +suppose that you speak German and live in Germany. At the shell +prompt, merely execute `setenv LANG de_DE' (in `csh'), +`export LANG; LANG=de_DE' (in `sh') or `export LANG=de_DE' (in `bash'). +This can be done from your `.login' or `.profile' file, once and for +all. - An operating system might already offer message localization for -many of its programs, while other programs have been installed locally -with the full capabilities of GNU `gettext'. Just using `gettext' -extended syntax for `LANG' would break proper localization of already -available operating system programs. In this case, users should set -both `LANGUAGE' and `LANG' variables in their environment, as programs -using GNU `gettext' give preference to `LANGUAGE'. For example, some -Swedish users would rather read translations in German than English for -when Swedish is not available. This is easily accomplished by setting -`LANGUAGE' to `sv:de' while leaving `LANG' to `sv'. + You might think that the country code specification is redundant. +But in fact, some languages have dialects in different countries. For +example, `de_AT' is used for Austria, and `pt_BR' for Brazil. The +country code serves to distinguish the dialects. + + Not all programs have translations for all languages. By default, an +English message is shown in place of a nonexistent translation. If you +understand other languages, you can set up a priority list of languages. +This is done through a different environment variable, called +`LANGUAGE'. GNU `gettext' gives preference to `LANGUAGE' over `LANG' +for the purpose of message handling, but you still need to have `LANG' +set to the primary language; this is required by other parts of the +system libraries. For example, some Swedish users who would rather +read translations in German than English for when Swedish is not +available, set `LANGUAGE' to `sv:de' while leaving `LANG' to `sv_SE'. + + In the `LANGUAGE' environment variable, but not in the `LANG' +environment variable, `LL_CC' combinations can be abbreviated as `LL' +to denote the language's main dialect. For example, `de' is equivalent +to `de_DE' (German as spoken in Germany), and `pt' to `pt_PT' +(Portuguese as spoken in Portugal) in this context. Translating Teams ================= @@ -133,33 +136,21 @@ Translating Teams For the Free Translation Project to be a success, we need interested people who like their own language and write it well, and who are also able to synergize with other translators speaking the same language. -Each translation team has its own mailing list, courtesy of Linux -International. You may reach your translation team at the address -`LL@li.org', replacing LL by the two-letter ISO 639 code for your -language. Language codes are *not* the same as the country codes given -in ISO 3166. The following translation teams exist, as of December -1997: +Each translation team has its own mailing list. The up-to-date list of +teams can be found at the Free Translation Project's homepage, +`http://www.iro.umontreal.ca/contrib/po/HTML/', in the "National teams" +area. - Chinese `zh', Czech `cs', Danish `da', Dutch `nl', English `en', - Esperanto `eo', Finnish `fi', French `fr', German `de', Hungarian - `hu', Irish `ga', Italian `it', Indonesian `id', Japanese `ja', - Korean `ko', Latin `la', Norwegian `no', Persian `fa', Polish - `pl', Portuguese `pt', Russian `ru', Slovenian `sl', Spanish `es', - Swedish `sv', and Turkish `tr'. - -For example, you may reach the Chinese translation team by writing to -`zh@li.org'. - - If you'd like to volunteer to *work* at translating messages, you + If you'd like to volunteer to _work_ at translating messages, you should become a member of the translating team for your own language. -The subscribing address is *not* the same as the list itself, it has +The subscribing address is _not_ the same as the list itself, it has `-request' appended. For example, speakers of Swedish can send a message to `sv-request@li.org', having this message body: subscribe Keep in mind that team members are expected to participate -*actively* in translations, or at solving translational difficulties, +_actively_ in translations, or at solving translational difficulties, rather than merely lurking around. If your team does not exist yet and you want to start one, or if you are unsure about what to do or how to get started, please write to `translation@iro.umontreal.ca' to reach the @@ -173,42 +164,98 @@ Available Packages ================== Languages are not equally supported in all packages. The following -matrix shows the current state of internationalization, as of December -1997. The matrix shows, in regard of each package, for which languages -PO files have been submitted to translation coordination. +matrix shows the current state of internationalization, as of July +2000. The matrix shows, in regard of each package, for which languages +PO files have been submitted to translation coordination, with a +translation percentage of at least 50%. - Ready PO files cs da de en es fi fr it ja ko nl no pl pt ru sl sv - .----------------------------------------------------. - bash | [] [] [] | 3 - bison | [] [] [] | 3 - clisp | [] [] [] [] | 4 - cpio | [] [] [] [] [] [] | 6 - diffutils | [] [] [] [] [] | 5 - enscript | [] [] [] [] [] [] | 6 - fileutils | [] [] [] [] [] [] [] [] [] [] | 10 - findutils | [] [] [] [] [] [] [] [] [] | 9 - flex | [] [] [] [] | 4 - gcal | [] [] [] [] [] | 5 - gettext | [] [] [] [] [] [] [] [] [] [] [] | 12 - grep | [] [] [] [] [] [] [] [] [] [] | 10 - hello | [] [] [] [] [] [] [] [] [] [] [] | 11 - id-utils | [] [] [] | 3 - indent | [] [] [] [] [] | 5 - libc | [] [] [] [] [] [] [] | 7 - m4 | [] [] [] [] [] [] | 6 - make | [] [] [] [] [] [] | 6 - music | [] [] | 2 - ptx | [] [] [] [] [] [] [] [] | 8 - recode | [] [] [] [] [] [] [] [] [] | 9 - sh-utils | [] [] [] [] [] [] [] [] | 8 - sharutils | [] [] [] [] [] [] | 6 - tar | [] [] [] [] [] [] [] [] [] [] [] | 11 - texinfo | [] [] [] | 3 - textutils | [] [] [] [] [] [] [] [] [] | 9 - wdiff | [] [] [] [] [] [] [] [] | 8 - `----------------------------------------------------' - 17 languages cs da de en es fi fr it ja ko nl no pl pt ru sl sv - 27 packages 6 4 25 1 18 1 26 2 1 12 20 9 19 7 4 7 17 179 + Ready PO files bg cs da de el en eo es et fi fr gl hr id it + .----------------------------------------------. + a2ps | [] [] | + bash | [] [] [] | + bison | [] [] [] [] | + clisp | [] [] [] [] | + cpio | [] [] [] | + diffutils | [] [] [] [] [] | + enscript | [] [] | + error | [] | + fileutils | [] [] [] [] [] [] [] [] | + findutils | [] [] [] [] [] [] | + flex | [] [] | + gcal | | + gcc | | + gettext | [] [] [] [] [] [] [] [] [] | + gnupg | [] [] [] [] | + grep | [] [] [] [] [] [] [] [] [] [] | + hello | [] [] [] [] [] [] [] | + id-utils | [] | + indent | [] [] [] [] [] | + libc | [] [] [] [] [] [] [] [] | + lilypond | | + lynx | [] [] [] | + m4 | [] [] [] [] [] [] | + make | [] [] [] [] | + music | [] | + parted | [] [] | + ptx | [] [] [] [] [] [] [] | + python | | + recode | [] [] [] [] [] [] [] | + sed | [] [] [] [] [] [] [] | + sh-utils | [] [] [] [] [] [] [] [] [] | + sharutils | [] [] [] [] [] [] | + tar | [] [] [] [] [] [] [] | + texinfo | [] [] [] [] | + textutils | [] [] [] [] [] [] [] | + util-linux | | + wdiff | [] [] [] [] [] | + wget | [] [] [] [] [] [] [] [] | + `----------------------------------------------' + bg cs da de el en eo es et fi fr gl hr id it + 1 14 15 28 11 1 4 19 12 1 30 16 0 3 12 + + ja ko lv nl no pl pt pt_BR ru sk sl sv zh + .-------------------------------------------. + a2ps | [] [] [] | 5 + bash | | 3 + bison | [] [] [] | 7 + clisp | [] | 5 + cpio | [] [] [] [] [] | 8 + diffutils | [] [] [] | 8 + enscript | [] [] | 4 + error | | 1 + fileutils | [] [] [] [] [] [] [] [] [] | 17 + findutils | [] [] [] [] [] [] | 12 + flex | [] [] [] | 5 + gcal | | 0 + gcc | [] | 1 + gettext | [] [] [] [] [] [] [] [] [] | 18 + gnupg | [] [] [] | 7 + grep | [] [] [] [] [] [] [] | 17 + hello | [] [] [] [] [] [] [] [] | 15 + id-utils | [] [] [] | 4 + indent | [] [] [] [] [] | 10 + libc | [] [] [] [] [] [] [] [] | 16 + lilypond | [] [] | 2 + lynx | [] [] [] [] | 7 + m4 | [] [] [] [] [] | 11 + make | [] [] [] [] [] | 9 + music | [] | 2 + parted | [] [] [] [] | 6 + ptx | [] [] [] [] [] [] | 13 + python | | 0 + recode | [] [] [] | 10 + sed | [] [] [] [] [] [] [] | 14 + sh-utils | [] [] [] [] [] [] [] [] [] [] | 19 + sharutils | [] [] [] [] | 10 + tar | [] [] [] [] [] [] [] [] | 15 + texinfo | [] [] | 6 + textutils | [] [] [] [] [] [] [] [] | 15 + util-linux | [] | 1 + wdiff | [] [] [] [] [] | 10 + wget | [] [] [] [] [] [] [] [] [] | 17 + `-------------------------------------------' + 28 teams ja ko lv nl no pl pt pt_BR ru sk sl sv zh + 38 domains 20 8 0 25 6 18 1 16 27 9 10 20 3 330 Some counters in the preceding matrix are higher than the number of visible blocks let us expect. This is because a few extra PO files are @@ -221,6 +268,25 @@ distributed as such by its maintainer. There might be an observable lag between the mere existence a PO file and its wide availability in a distribution. - If December 1997 seems to be old, you may fetch a more recent copy -of this `ABOUT-NLS' file on most GNU archive sites. + If July 2000 seems to be old, you may fetch a more recent copy of +this `ABOUT-NLS' file on most GNU archive sites. The most up-to-date +matrix with full percentage details can be found at +`http://www.iro.umontreal.ca/contrib/po/HTML/matrix.html'. + +Using `gettext' in new packages +=============================== + + If you are writing a freely available program and want to +internationalize it you are welcome to use GNU `gettext' in your +package. Of course the GNU Public License applies to your sources from +then if you include `gettext' directly in your distribution on but +since you are writing free software anyway this is no restriction. + + Once the sources are change appropriately and the setup can handle to +use of `gettext' the only thing missing are the translations. The Free +Translation Project is also available for packages which are not +developed inside the GNU project. Therefore the information given above +applies also for every other Free Software Project. Contact +`translation@iro.umontreal.ca' to make the `.pot' files available to +the translation teams. diff --git a/src/net.c b/src/net.c index ce1d5e92..c3f89ca5 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.104 2001/05/04 18:45:02 guus Exp $ + $Id: net.c,v 1.35.4.105 2001/05/07 19:08:43 guus Exp $ */ #include "config.h" @@ -134,12 +134,12 @@ cp /* Encrypt the packet. */ - outpkt.len = inpkt->len; + RAND_bytes(inpkt->salt, sizeof(inpkt->salt)); EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); - EVP_EncryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len); - EVP_EncryptFinal(&ctx, outpkt.data + outlen, &outpad); - outlen += outpad + 2; + EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt)); + EVP_EncryptFinal(&ctx, outpkt.salt + outlen, &outpad); + outlen += outpad; total_socket_out += outlen; @@ -147,7 +147,7 @@ cp to.sin_addr.s_addr = htonl(cl->address); to.sin_port = htons(cl->port); - if((sendto(myself->socket, (char *) &(outpkt.len), outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) + if((sendto(myself->socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), cl->name, cl->hostname); @@ -172,14 +172,13 @@ void receive_udppacket(connection_t *cl, vpn_packet_t *inpkt) int outlen, outpad; EVP_CIPHER_CTX ctx; cp - outpkt.len = inpkt->len; - /* Decrypt the packet */ EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len); - EVP_DecryptUpdate(&ctx, outpkt.data, &outlen, inpkt->data, inpkt->len + 8); - EVP_DecryptFinal(&ctx, outpkt.data + outlen, &outpad); + EVP_DecryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len); + EVP_DecryptFinal(&ctx, outpkt.salt + outlen, &outpad); outlen += outpad; + outpkt.len = outlen - sizeof(outpkt.salt); receive_packet(cl, &outpkt); cp @@ -576,7 +575,7 @@ cp return -1; } - ncn->address = ntohl(*((ip_t*)(h->h_addr_list[0]))); + ncn->address = ntohl(*((ipv4_t*)(h->h_addr_list[0]))); ncn->hostname = hostlookup(htonl(ncn->address)); if(setup_outgoing_meta_socket(ncn) < 0) @@ -806,7 +805,7 @@ cp myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len; myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength); - RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); + RAND_pseudo_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); if(!(cfg = get_config_val(config, config_keyexpire))) keylifetime = 3600; @@ -1046,7 +1045,6 @@ void handle_incoming_vpn_data(void) { vpn_packet_t pkt; int x, l = sizeof(x); - int lenin; struct sockaddr_in from; socklen_t fromlen = sizeof(from); connection_t *cl; @@ -1063,7 +1061,7 @@ cp return; } - if((lenin = recvfrom(myself->socket, (char *) &(pkt.len), MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0) + if((pkt.len = recvfrom(myself->socket, (char *) pkt.salt, MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); return; diff --git a/src/net.h b/src/net.h index 3028300c..6323b2ae 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.29 2001/03/04 13:59:28 guus Exp $ + $Id: net.h,v 1.9.4.30 2001/05/07 19:08:46 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -27,8 +27,9 @@ #include "config.h" -#define MAXSIZE 1700 /* should be a bit more than the MTU for the tapdevice */ +#define MAXSIZE 1700 /* should be a bit more than the MTU for the tapdevice */ #define MTU 1600 +#define SALTLEN 2 /* to spice things up for the NSA... */ #define MAC_ADDR_S "%02x:%02x:%02x:%02x:%02x:%02x" #define MAC_ADDR_V(x) ((unsigned char*)&(x))[0],((unsigned char*)&(x))[1], \ @@ -58,8 +59,6 @@ typedef struct mac_t typedef unsigned long ipv4_t; -typedef ipv4_t ip_t; /* alias for ipv4_t */ - typedef struct ipv6_t { unsigned short x[8]; @@ -70,7 +69,8 @@ typedef unsigned short port_t; typedef short length_t; typedef struct vpn_packet_t { - length_t len; /* the actual number of bytes in the `data' field */ + length_t len; /* the actual number of bytes in the `data' field */ + unsigned char salt[SALTLEN]; /* two bytes of randomness */ unsigned char data[MAXSIZE]; } vpn_packet_t; diff --git a/src/netutl.c b/src/netutl.c index e9f74d08..562b105d 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.18 2001/01/07 17:09:02 guus Exp $ + $Id: netutl.c,v 1.12.4.19 2001/05/07 19:08:46 guus Exp $ */ #include "config.h" @@ -106,7 +106,7 @@ cp } ip = xmalloc(sizeof(*ip)); - ip->address = ntohl(*((ip_t*)(h->h_addr_list[0]))); + ip->address = ntohl(*((ipv4_t*)(h->h_addr_list[0]))); ip->mask = masker ? ~((1 << (32 - masker)) - 1) : 0; cp diff --git a/src/protocol.c b/src/protocol.c index 625c7094..cd63ad0b 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.86 2001/03/13 21:33:31 guus Exp $ + $Id: protocol.c,v 1.28.4.87 2001/05/07 19:08:46 guus Exp $ */ #include "config.h" @@ -915,7 +915,7 @@ cp int del_host_h(connection_t *cl) { char name[MAX_STRING_SIZE]; - ip_t address; + ipv4_t address; port_t port; long int options; connection_t *old, *p; From 6f7f8659a2048fd6d616f4286ccdd0e661084493 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 19 May 2001 15:50:51 +0000 Subject: [PATCH 371/923] - Make sure correct information is supplied for both old kernels (with ethertap) and for new kernels (with TUN/TAP driver). - Revised example configuration and made it conform to latest (CVS) version of tinc. --- doc/tinc.texi | 421 +++++++++++++++++++++++++------------------------- 1 file changed, 211 insertions(+), 210 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 20cd221b..7b7b1c44 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.14 2001/01/18 13:00:57 zarq Exp $ +@c $Id: tinc.texi,v 1.8.4.15 2001/05/19 15:50:51 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -17,7 +17,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.14 2001/01/18 13:00:57 zarq Exp $ +$Id: tinc.texi,v 1.8.4.15 2001/05/19 15:50:51 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -42,7 +42,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.14 2001/01/18 13:00:57 zarq Exp $ +$Id: tinc.texi,v 1.8.4.15 2001/05/19 15:50:51 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -182,6 +182,7 @@ tinc will run on them as well. Without this driver, tinc will most likely compile and run, but it will not be able to send or receive data packets. +The official release only truly supports Linux. For an up to date list of supported platforms, please check the list on our website: @uref{http://tinc.nl.linux.org/platforms.html}. @@ -197,16 +198,15 @@ and arbitrary word length. So in theory it should run on other processors that Linux runs on. It has already been verified to run on alpha and sparc processors as well. -tinc uses the ethertap device that is provided in the standard kernel -since version 2.1.60, so anything above that (2.2.x, 2.3.x, and 2.4.0) -kernel version is able to support tinc. +tinc uses the ethertap device or the universal TUN/TAP driver. The former is provided in the standard kernel +from version 2.1.60 up to 2.3.x, but has been replaced in favour of the TUN/TAP driver in kernel versions 2.4.0 and later. @c ================================================================== @subsection FreeBSD tinc on FreeBSD relies on the universial TUN/TAP driver for its data -acquisition from the kernel. Therefore, tinc suports the same platforms +acquisition from the kernel. Therefore, tinc works on the same platforms as this driver. These are: FreeBSD 3.x, 4.x, 5.x. @@ -214,7 +214,7 @@ as this driver. These are: FreeBSD 3.x, 4.x, 5.x. @subsection Solaris tinc on Solaris relies on the universial TUN/TAP driver for its data -acquisition from the kernel. Therefore, tinc suports the same platforms +acquisition from the kernel. Therefore, tinc works on the same platforms as this driver. These are: Solaris, 2.1.x. @@ -248,13 +248,14 @@ support tinc. @node Configuring the kernel, Libraries, Installing tinc - preparations, Installing tinc - preparations @section Configuring the kernel -If you are running Linux, chances are good that your kernel already -supports all the devices that tinc needs for proper operation. For -example, the standard kernel from Redhat Linux already has support for -ethertap and netlink compiled in. Debian users can use the modconf -utility to select the modules. If your Linux distribution supports this -method of selecting devices, look out for something called `ethertap', -and `netlink_dev'. You need both these devices. +If you are running Linux, chances are good that your kernel already supports +all the devices that tinc needs for proper operation. For example, the +standard kernel from Redhat Linux already has support for ethertap and netlink +compiled in. Debian users can use the modconf utility to select the modules. +If your Linux distribution supports this method of selecting devices, look out +for something called `ethertap', and `netlink_dev' if it is using a kernel +version prior to 2.4.0. In that case you will need both these devices. If you +are using kernel 2.4.0 or later, you need to select `tun'. If you can install these devices in a similar manner, you may skip this section. @@ -270,69 +271,67 @@ section. @node Configuration of the Linux kernel, Configuration of the FreeBSD kernel, Configuring the kernel, Configuring the kernel @subsection Configuring the Linux kernel -Since this particular implementation only runs on 2.1 or higher Linux -kernels, you should grab one (2.2 is current at this time). A 2.0 port -is not really possible, unless someone tells me someone ported the -ethertap and netlink devices back to 2.0. +First of all, a kernel version of 2.1.60 or higher is @emph{required}. If you are unfamiliar with the process of configuring and compiling a new kernel, you should read the @uref{http://howto.linuxberg.com/LDP/HOWTO/Kernel-HOWTO.html, Kernel HOWTO} first. Do that now! -Here are the options you have to turn on when configuring a new -kernel. +Here are the options you have to turn on when configuring a new kernel. -For kernel 2.2.x: +For kernels 2.1.60 up to 2.4.0: @example Code maturity level options [*] Prompt for development and/or incomplete code/drivers Networking options [*] Kernel/User netlink socket -<*> Netlink device emulation + Netlink device emulation Network device support -<*> Ethertap network tap + Ethertap network tap @end example -Note that if you want to run more than one instance of tinc or other -programs that use the ethertap, you have to compile the ethertap driver -as a module. +If you want to run more than one instance of tinc or other programs that use +the ethertap, you have to compile the ethertap driver as a module, otherwise +you can also choose to compile it directly into the kernel. -For kernel 2.3.x and 2.4.x: +If you decide to build any of these as dynamic kernel modules, it's a good idea +to add these lines to @file{/etc/modules.conf}: @example -Code maturity level options -[*] Prompt for development and/or incomplete code/drivers -Networking options -[*] Kernel/User netlink socket -<*> Netlink device emulation -Network device support -<*> Universal TUN/TAP device driver support -@end example - - -Any other options not mentioned here are not relevant to tinc. If you -decide to build any of these as dynamic kernel modules, it's a good idea -to add these lines to @file{/etc/modules.conf}. - -@example -alias tap0 ethertap alias char-major-36 netlink_dev +alias tap0 ethertap +options tap0 -o tap0 unit=0 +alias tap1 ethertap +options tap1 -o tap1 unit=1 @end example -If you have a 2.4-pre kernel, you can choose both the TUN/TAP driver and -the `Ethertap network tap' device. This latter is marked obsolete, -because the universal TUN/TAP driver is a newer implementation that is -supposed to be used in favour of ethertap. For tinc, it doesn't really -matter which one you choose; based on the device file name, tinc will make -the right choice about what protocol to use. However, chances are that -although you can choose the obsolote ethertap driver, it will not function -at all. The TUN/TAP driver is the safe choice. +Add more alias/options lines if necessary. -Finally, after having set up other options, build the kernel and boot -it. Unfortunately it's not possible to insert these modules in a -running kernel. +For kernels 2.4.0 and higher: + +@example +Code maturity level options +[*] Prompt for development and/or incomplete code/drivers +Network device support + Universal TUN/TAP device driver support +@end example + +It's not necessary to compile this driver as a module, even if you are going to +run more than one instance of tinc. + +If you have an early 2.4 kernel, you can choose both the TUN/TAP driver and the +`Ethertap network tap' device. This latter is marked obsolete, and chances are +that it won't even function correctly anymore. Make sure you select the +universal TUN/TAP driver. + +If you decide to build the TUN/TAP driver as a kernel module, add these lines +to @file{/etc/modules.conf}: + +@example +alias char-major-10-200 tun +@end example @c ================================================================== @@ -379,9 +378,7 @@ having installed it, configure will give you an error message, and stop. @cindex OpenSSL For all cryptography-related functions, tinc uses the functions provided -by the OpenSSL library. We recommend using version 0.9.5 or 0.9.6 of -this library. Other versions may also work, but we can guarantee -nothing. +by the OpenSSL library. If this library is not installed, you wil get an error when configuring tinc for build. Support for running tinc without having OpenSSL @@ -496,22 +493,8 @@ may read/write to this file. You'd want this, because otherwise eavesdropping would become a bit too easy. This does, however, imply that you'd have to run tincd as root. -If you use the universal TUN/TAP driver, you have to create the -following device files (unless they already exist): - -@example -mknod -m 600 /dev/... c .. .. -chown 0.0 /dev/... -@end example - -If you want to have more devices, the device numbers will be .. .. ... - -If you use Linux, and you run the new 2.4 kernel using the devfs -filesystem, then the tap device will be automatically generated as -@file{/dev/netlink/tap0}. - -If you use Linux and have kernel 2.2.x, you have to make the ethertap -devices: +If you use Linux and have a kernel version prior to 2.4.0, you have to make the +ethertap devices: @example mknod -m 600 /dev/tap0 c 36 16 @@ -520,6 +503,18 @@ chown 0.0 /dev/tap0 Any further ethertap devices have minor device number 16 through 31. +If you use the universal TUN/TAP driver, you have to create the +following device files (unless they already exist): + +@example +mknod -m 600 /dev/tun c 10 200 +chown 0.0 /dev/tun +@end example + +If you use Linux, and you run the new 2.4 kernel using the devfs filesystem, +then the TUN/TAP device will probably be automatically generated as +@file{/dev/net/tun}. + @c ================================================================== @node Other files, , Device files, System files @@ -534,10 +529,6 @@ symbolic name. For example: myvpn 10.0.0.0 @end example -This has nothing to do with the MyVPNIP configuration variable that will be -discussed later, it is only to make the output of the route command more -legible. - @subsubheading @file{/etc/services} You may add this line to @file{/etc/services}. The effect is that you @@ -555,7 +546,7 @@ tinc 655/udp TINC @node Interfaces, , System files, Installing tinc - installation @section Interfaces -Before you can start transmitting data over the tinc tunnel, you must +Before you can start transmitting data over the tinc tunnel, tinc must set up the ethertap network devices. First, decide which IP addresses you want to have associated with these @@ -563,35 +554,45 @@ devices, and what network mask they must have. You also need these numbers when you are going to configure tinc itself. @xref{Configuring tinc}. -It doesn't matter much which part you do first, setting up the network -devices or configure tinc. But they both have to be done before you try -to start a tincd. +tinc will open an ethertap device or TUN/TAP device, which will also +create a network interface called `tap0', `tap1' etc. if you are using +the ethertap driver, or a network interface with the same name as NETNAME +if you are using the universal TUN/TAP driver. -The actual setup of the ethertap device is quite simple, just repeat -after me: +You can configure that device by putting ordinary ifconfig, route, and other commands +to a script named @file{/etc/tinc/NETNAME/tinc-up}. When tinc starts, this script +will be executed. When tinc exits, it will execute the script named +@file{/etc/tinc/NETNAME/tinc-down}, but normally you don't need to create that script. + +An example @file{tinc-up} script when using the TUN/TAP driver: @example -ifconfig tap@emph{n} hw ether fe:fd:00:00:00:00 +ifconfig $NETNAME hw ether fe:fd:00:00:00:00 +ifconfig $NETNAME @emph{xx}.@emph{xx}.@emph{xx}.@emph{xx} netmask @emph{mask} +ifconfig $NETNAME -arp @end example @cindex MAC address @cindex hardware address -@strong{Note:} Since version 1.0pre3, all interface addresses are set to -this address, whereas previous versions required the MAC to match the -actual IP address. +The first line sets up the MAC address of the network interface. +Due to the nature of how ethernet and tinc work, it has to be set to fe:fd:00:00:00:00. +(tinc versions prior to 1.0pre3 required that the MAC address matched the IP address.) +You can use the environment variable $NETNAME to get the name of the interface. +If you are using the ethertap driver however, you need to replace it with tap@emph{n}, +corresponding to the device file name. @cindex ifconfig -To activate the device, you have to assign an IP address to it. To set -an IP address @emph{IP} with network mask @emph{mask}, do the following: - -@example -ifconfig tap@emph{n} @emph{xx}.@emph{xx}.@emph{xx}.@emph{xx} netmask @emph{mask} -@end example - +The next line gives the interface an IP address and a netmask. +The kernel will also automatically add a route to this interface, so normally you don't need +to add route commands to the @file{tinc-up} script. +The kernel will also bring the interface up after this command. @cindex netmask The netmask is the mask of the @emph{entire} VPN network, not just your -own subnet. It is the same netmask you will have to specify with the -VpnMask configuration variable. +own subnet. + +@cindex arp +The last line tells the kernel not to use ARP on that interface. +Again this has to do with how ethernet and tinc work. Don't forget to add this line. @c @@ -735,22 +736,6 @@ impossible to crack a single key. Listen on local port port. The computer connecting to this daemon should use this number as the argument for his ConnectPort. -@item MyOwnVPNIP = (required) -The local address is the number that the daemon will propagate to -other daemons on the network when it is identifying itself. Hence this -will be the file name of the passphrase file that the other end expects -to find the passphrase in. - -The local address is the IP address of the tap device, not the real IP -address of the host running tincd. Due to changes in recent kernels, it -is also necessary that you make the ethernet (also known as MAC) address -equal to the IP address (see the example). - -maskbits is the number of bits set to 1 in the netmask part. - -@item MyVirtualIP = -This is an alias for MyOwnVPNIP. - @item @strong{Name = } This is a symbolic name for this connection. It can be anything @@ -760,30 +745,17 @@ probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. -@item @strong{PrivateKey = } +@item PrivateKey = (obsolete) This is the RSA private key for tinc. However, for safety reasons it is advised to store private keys of any kind in separate files. This prevents accidental eavesdropping if you are editting the configuration file. -@item PrivateKeyFile = +@item @strong{PrivateKeyFile = } (recommended) This is the full path name of the RSA private key file that was generated by ``tincd --generate-keys''. It must be a full path, not a relative directory. -@item PublicKey = -This is the full path name of the RSA public key file that was generated -by ``tincd --generate-keys''. It must be a full path, not a relative -directory. (NOTE: In version 1.0pre3, this variable was used to give -the key inline. This is no longer supported.) - -@item Subnet = -This is the subnet range of all IP addresses that will be accepted by -the host that defines it. Please be careful that no two subnets -overlap. Every host @strong{must} have a different range of IP -addresses that it can handle, otherwise you will see messages like -`packet comes back to us'. - -@item TapDevice = (/dev/tap0) +@item @strong{TapDevice = } (/dev/tap0) The ethertap device to use. Note that you can only use one device per daemon. The info pages of the tinc package contain more information about configuring an ethertap device for Linux. @@ -794,11 +766,6 @@ connection instead of a UDP connection. This is especially useful for those who want to run a tinc daemon from behind a masquerading firewall, or if UDP packet routing is disabled somehow. This is experimental code, try this at your own risk. - -@item VpnMask = (optional) -The mask that defines the scope of the entire VPN. This option is not used -by the tinc daemon itself, but can be used by startup scripts to configure -the ethertap devices correctly. @end table @@ -812,7 +779,7 @@ This variable is only required if you want to connect to this host. It must resolve to the external IP address where the host can be reached, not the one that is internal to the VPN. -@item IndirectData = (no) +@item IndirectData = (no, experimental) This option specifies whether other tinc daemons besides the one you specified with ConnectTo can make a direct connection to you. This is especially useful if you are behind a firewall and it is impossible to @@ -825,15 +792,18 @@ port port. port may be given in decimal (default), octal (when preceded by a single zero) o hexadecimal (prefixed with 0x). port is the port number for both the UDP and the TCP (meta) connections. -@item PublicKey = +@item PublicKey = (obsolete) This is the RSA public key for this host. -@item PublicKeyFile = +@item PublicKeyFile = (obsolete) This is the full path name of the RSA public key file that was generated by ``tincd --generate-keys''. It must be a full path, not a relative directory. -Note that exactly @strong{one of the above two options} must be specified +From version 1.0pre4 on tinc will store the public key directly into the +host configuration file in PEM format, the above two options then are not +necessary. Either the PEM format is used, or exactly +@strong{one of the above two options} must be specified in each host configuration file, if you want to be able to establish a connection with that host. @@ -849,12 +819,12 @@ example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes /22. This conforms to standard CIDR notation as described in @uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519} -@item TCPonly = (no) +@item TCPonly = (no, experimental) If this variable is set to yes, then the packets are tunnelled over a TCP connection instead of a UDP connection. This is especially useful for those who want to run a tinc daemon from behind a masquerading -firewall, or if UDP packet routing is disabled somehow. @emph{This is -experimental code, try this at your own risk. It may not work at all.} +firewall, or if UDP packet routing is disabled somehow. This is +experimental code, try this at your own risk. It may not work at all. @end table @@ -883,7 +853,7 @@ location, the department, or the name of one of your boss' pets. It can be anything, as long as all these names are unique across the entire VPN. -@item PrivateKey +@item PrivateKeyFile Fill in the full pathname to the file that contains the private RSA key. @item ConnectTo @@ -898,12 +868,15 @@ until someone connects to it. Then you should create a file with the name you gave yourself in tinc.conf (the `Name' parameter), located in @file{/etc/tinc/vpn-name/hosts/}. In this file, which we call the -`@emph{host configuration file}', only one variable is required: +`@emph{host configuration file}', the public key must be present +and one variable is required: @table @samp @item Subnet The IP range that this host accepts as being `local'. All packets with a destination address that is within this subnet will be sent to us. +Actually it is not stricly required, but you need it to send packets to +other tinc daemons. @end table @@ -911,17 +884,14 @@ a destination address that is within this subnet will be sent to us. Now for all hosts that you want to create a direct connection to, -- you connect to them or they connect to you -- you get a copy of their host -configuration file and their public RSA key. +configuration file. -For each host configuration file, you add two variables: +If it is not already present, make sure you add this variable: @table @samp @item Address Enter the IP address or DNS hostname for this host. This is only needed if you connect to this host. - -@item PublicKey -Put the full pathname to this hosts public RSA key here. @end table When you did this, you should be ready to create your first connection. @@ -935,7 +905,7 @@ there. If you get an error, you can check @ref{Error messages}. @cindex example -Imagine the following situation. An A-based company wants to connect +Imagine the following situation. Branch A of our example `company' wants to connect three branch offices in B, C and D using the internet. All four offices have a 24/7 connection to the internet. @@ -959,142 +929,173 @@ In this example, it is assumed that eth0 is the interface that points to the inner (physical) LAN of the office, although this could also be the same as the interface that leads to the internet. The configuration of the real interface is also shown as a comment, to give you an idea of -how these example host is set up. +how these example host is set up. All branches use the netname `company' +for this particular VPN. -@subsubheading For A +@subsubheading For Branch A -@emph{A} would be configured like this: +@emph{BranchA} would be configured like this: + +In @file{/etc/tinc/company/tinc-up}: @example -#ifconfig eth0 10.1.54.1 netmask 255.255.0.0 broadcast 10.1.255.255 +# Real interface of internal network: +# ifconfig eth0 10.1.54.1 netmask 255.255.0.0 broadcast 10.1.255.255 + ifconfig tap0 hw ether fe:fd:00:00:00:00 ifconfig tap0 10.1.54.1 netmask 255.0.0.0 +ifconfig tap0 -arp @end example -and in /etc/tinc/tinc.conf: +and in @file{/etc/tinc/company/tinc.conf}: @example -Name = A -PrivateKey = /etc/tinc/A.priv -VpnMask = 255.0.0.0 +Name = BranchA +PrivateKey = /etc/tinc/company/rsa_key.priv +TapDevice = /dev/tap0 @end example -On all hosts, /etc/tinc/hosts/A contains: +On all hosts, /etc/tinc/company/hosts/BranchA contains: @example Subnet = 10.1.0.0/16 Address = 1.2.3.4 -PublicKey = /etc/tinc/hosts/A.pub + +-----BEGIN RSA PUBLIC KEY----- +... +-----END RSA PUBLIC KEY----- @end example -@subsubheading For B +@subsubheading For Branch B + +In @file{/etc/tinc/company/tinc-up}: @example -#ifconfig eth0 10.2.43.8 netmask 255.255.0.0 broadcast 10.2.255.255 +# Real interface of internal network: +# ifconfig eth0 10.2.43.8 netmask 255.255.0.0 broadcast 10.2.255.255 + ifconfig tap0 hw ether fe:fd:00:00:00:00 ifconfig tap0 10.2.1.12 netmask 255.0.0.0 +ifconfig tap0 -arp @end example -and in /etc/tinc/tinc.conf: +and in @file{/etc/tinc/company/tinc.conf}: @example -Name = B -ConnectTo = A -PrivateKey = /etc/tinc/B.priv -VpnMask = 255.0.0.0 +Name = BranchB +ConnectTo = BranchA +PrivateKey = /etc/tinc/company/rsa_key.priv @end example Note here that the internal address (on eth0) doesn't have to be the same as on the tap0 device. Also, ConnectTo is given so that no-one can connect to this node. -On all hosts, /etc/tinc/hosts/B: +On all hosts, in @file{/etc/tinc/company/hosts/BranchB}: @example Subnet = 10.2.0.0/16 Address = 2.3.4.5 -PublicKey = /etc/tinc/hosts/B.pub + +-----BEGIN RSA PUBLIC KEY----- +... +-----END RSA PUBLIC KEY----- @end example -@subsubheading For C +@subsubheading For Branch C + +In @file{/etc/tinc/company/tinc-up}: @example -#ifconfig eth0 10.3.69.254 netmask 255.255.0.0 broadcast 10.3.255.255 -ifconfig tap0 hw ether fe:fd:00:00:00:00 -ifconfig tap0 10.3.69.254 netmask 255.0.0.0 +# Real interface of internal network: +# ifconfig eth0 10.3.69.254 netmask 255.255.0.0 broadcast 10.3.255.255 + +ifconfig tap1 hw ether fe:fd:00:00:00:00 +ifconfig tap1 10.3.69.254 netmask 255.0.0.0 +ifconfig tap1 -arp @end example -and in /etc/tinc/A/tinc.conf: +and in @file{/etc/tinc/company/tinc.conf}: @example -Name = C -ConnectTo = A +Name = BranchC +ConnectTo = BranchA TapDevice = /dev/tap1 -VpnMask = 255.0.0.0 @end example C already has another daemon that runs on port 655, so they have to -reserve another port for tinc. It can connect to other tinc daemons on -the regular port though, so no ConnectPort variable is needed. They -also use the netname to distinguish between the two. tinc is started -with `tincd -n A'. +reserve another port for tinc. It knows the portnumber it has to listen on +from it's own host configuration file. -On all hosts, /etc/tinc/hosts/C: +On all hosts, in @file{/etc/tinc/company/hosts/BranchC}: @example +Address = 3.4.5.6 Subnet = 10.3.0.0/16 Port = 2000 -PublicKey = /etc/tinc/hosts/C.pub + +-----BEGIN RSA PUBLIC KEY----- +... +-----END RSA PUBLIC KEY----- @end example -@subsubheading For D +@subsubheading For Branch D + +In @file{/etc/tinc/company/tinc-up}: @example -#ifconfig tap0 10.4.3.32 netmask 255.255.0.0 broadcast 10.4.255.255 +# Real interface of internal network: +# ifconfig tap0 10.4.3.32 netmask 255.255.0.0 broadcast 10.4.255.255 + ifconfig tap0 hw ether fe:fd:0a:04:03:20 ifconfig tap0 10.4.3.32 netmask 255.0.0.0 +ifconfig tap0 -arp @end example -and in /etc/tinc/tinc.conf: +and in @file{/etc/tinc/company/tinc.conf}: @example -MyVirtualIP = 10.4.3.32/16 -ConnectTo = 3.4.5.6 -ConnectPort = 2000 -VpnMask=255.0.0.0 +Name = BranchD +ConnectTo = BranchC +PrivateKeyFile = /etc/tinc/company/rsa_key.priv @end example D will be connecting to C, which has a tincd running for this network on -port 2000. Hence they need to put in a ConnectPort, but it doesn't need -to have a different ListenPort. +port 2000. It knows the port number from the host configuration file. + +On all hosts, in @file{/etc/tinc/company/hosts/BranchD}: + +@example +Subnet = 10.4.0.0/16 +Address = 4.5.6.7 + +-----BEGIN RSA PUBLIC KEY----- +... +-----END RSA PUBLIC KEY----- +@end example @subsubheading Key files -A, B, C and D all have generate a public key with tincd -K, the output is -stored in /etc/tinc/hosts/X.pub (where X is A, B or D), except for C, -who stored it in /etc/tinc/A/hosts/C.pub. +A, B, C and D all have generated a public/private keypair with the following command: -A stores a copy of B's public key in /etc/tinc/hosts/B.pub +@example +tincd -n company -K +@end example -A stores a copy of C's public key in /etc/tinc/hosts/C.pub - -B stores a copy of A's public key in /etc/tinc/hosts/A.pub - -C stores a copy of A's public key in /etc/tinc/A/hosts/A.pub - -C stores a copy of D's public key in /etc/tinc/A/hosts/D.pub - -D stores a copy of C's public key in /etc/tinc/hosts/C.pub +The private key is stored in @file{/etc/tinc/company/rsa_key.priv}, +the public key is put into the host configuration file in the @file{/etc/tinc/company/hosts/} directory. +During key generation, tinc automatically guesses the right filenames based on the -n option and +the Name directive in the @file{tinc.conf} file (if it is available). @subsubheading Starting -A has to start their tincd first. Then come B and C, where C has to -provide the option `-n A', because they have more than one tinc -network. Finally, D's tincd is started. - +After each branch has finished configuration and they have distributed +the host configuration files amongst them, they can start their tinc daemons. +They don't necessarily have to wait for the other branches to have started +their daemons, tinc will try connecting until they are available. @c ================================================================== @@ -1207,11 +1208,11 @@ only, so keep an eye on it! @table @strong @item Could not open /dev/tap0: No such device @table @bullet -@item You forgot to insmod netlink_dev.o +@item You forgot to insmod netlink_dev.o or ethertap.o @item You forgot to compile `Netlink device emulation' in the kernel @end table -@item Can't write to tun/tap device: No such device +@item Can't write to /dev/net/tun: No such device @table @bullet @item You forgot to insmod tun.o @item You forgot to compile `Universal TUN/TAP driver' in the kernel From 3360c6270bcc19a8b3d81da185266fc33b5c5421 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 24 May 2001 20:24:12 +0000 Subject: [PATCH 372/923] More revisions to the documentation: - Removed cruft - Reordered some sections to make it more logical for the beginner - Added small examples and hints about configuration files --- doc/tinc.texi | 728 +++++++++++++++++++++++++++----------------------- 1 file changed, 393 insertions(+), 335 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 7b7b1c44..74951c92 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.15 2001/05/19 15:50:51 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.16 2001/05/24 20:24:12 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -17,7 +17,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.15 2001/05/19 15:50:51 guus Exp $ +$Id: tinc.texi,v 1.8.4.16 2001/05/24 20:24:12 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -42,7 +42,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.15 2001/05/19 15:50:51 guus Exp $ +$Id: tinc.texi,v 1.8.4.16 2001/05/24 20:24:12 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -60,12 +60,12 @@ permission notice identical to this one. @menu * Introduction:: Introduction -* Installing tinc - preparations:: -* Installing tinc - installation:: -* Configuring tinc:: -* Running tinc:: -* Technical information:: -* About us:: +* Preparations:: +* Installation:: +* Configuration:: +* Running tinc:: +* Technical information:: +* About us:: * Concept Index:: All used terms explained @end menu @@ -73,7 +73,7 @@ permission notice identical to this one. @contents @c ================================================================== -@node Introduction, Installing tinc - preparations, Top, Top +@node Introduction, Preparations, Top, Top @chapter Introduction @cindex tinc @@ -83,8 +83,7 @@ Internet. Because the tunnel appears to the IP level network code as a normal network device, there is no need to adapt any existing software. - -This tunneling allows VPN sites to share information with each other +The encrypted tunnels allows VPN sites to share information with each other over the Internet without exposing any information to others. This document is the manual for tinc. Included are chapters on how to @@ -94,7 +93,7 @@ process of tinc itself. @menu * VPNs:: Virtual Private Networks in general * tinc:: about tinc -* Supported platforms:: +* Supported platforms:: @end menu @c ================================================================== @@ -107,49 +106,42 @@ by a few elected computers that participate. This goal is achievable in more than just one way. @cindex private -Private networks can consist of a single stand-alone ethernet LAN. Or +Private networks can consist of a single stand-alone Ethernet LAN. Or even two computers hooked up using a null-modem cable. In these cases, it is obvious that the network is @emph{private}, no one can access it from the -outside. But if your computers are linked to the internet, the network +outside. But if your computers are linked to the Internet, the network is not private anymore, unless one uses firewalls to block all private traffic. But then, there is no way to send private data to trusted -computers on the other end of the internet. +computers on the other end of the Internet. @cindex virtual This problem can be solved by using @emph{virtual} networks. Virtual networks can live on top of other networks, but they use encapsulation to keep using their private address space so they do not interfere with -each other. Mostly, virtual networks appear like a singe LAN, even though +the Internet. Mostly, virtual networks appear like a singe LAN, even though they can span the entire world. But virtual networks can't be secured by using firewalls, because the traffic that flows through it has to go -through the internet, where other people can look at it. +through the Internet, where other people can look at it. + +As is the case with either type of VPN, anybody could eavesdrop. Or +worse, alter data. Hence it's probably advisable to encrypt the data +that flows over the network. When one introduces encryption, we can form a true VPN. Other people may see encrypted traffic, but if they don't know how to decipher it (they need to know the key for that), they cannot read the information that flows through the VPN. This is what tinc was made for. -@cindex virtual -tinc uses normal IP datagrams to encapsulate data that goes over the VPN -network link. In this case it's also clear that the network is -@emph{virtual}, because no direct network link has to exist between to -participants. - -As is the case with either type of VPN, anybody could eavesdrop. Or -worse, alter data. Hence it's probably advisable to encrypt the data -that flows over the network. - @c ================================================================== @node tinc, Supported platforms, VPNs, Introduction @section tinc @cindex vpnd -@cindex ethertap I really don't quite remember what got us started, but it must have been Guus' idea. He wrote a simple implementation (about 50 lines of C) that -used the @emph{ethertap} device that Linux knows of since somewhere +used the ethertap device that Linux knows of since somewhere about kernel 2.1.60. It didn't work immediately and he improved it a bit. At this stage, the project was still simply called @samp{vpnd}. @@ -161,6 +153,15 @@ both the receiving and sending end, it has become largely runtime-configurable---in short, it has become a full-fledged professional package. +@cindex Traditional VPNs +@cindex scalability +tinc also allows more than two sites to connect to eachother and form a single VPN. +Traditionally VPNs are created by making tunnels, which only have two endpoints. +Larger VPNs with more sites are created by adding more tunnels. +tinc takes another approach: only endpoints are specified, +the software itself will take care of creating the tunnels. +This allows for easier configuration and improved scalability. + A lot can---and will be---changed. We have a number of things that we would like to see in the future releases of tinc. Not everything will be available in the near future. Our first objective is to make tinc work perfectly as @@ -174,6 +175,7 @@ available too. @node Supported platforms, , tinc, Introduction @section Supported platforms +@cindex platforms tinc has been verified to work under Linux, FreeBSD and Solaris, with various hardware architectures. These are the three platforms that are supported by the universial TUN/TAP device driver, so if @@ -182,6 +184,7 @@ tinc will run on them as well. Without this driver, tinc will most likely compile and run, but it will not be able to send or receive data packets. +@cindex release The official release only truly supports Linux. For an up to date list of supported platforms, please check the list on our website: @@ -191,6 +194,7 @@ our website: @c ================================================================== @subsection Linux +@cindex Linux tinc was first written for Linux running on an intel x86 processor, so this is the best supported platform. The protocol however, and actually anything about tinc, has been rewritten to support random byte ordering @@ -205,16 +209,18 @@ from version 2.1.60 up to 2.3.x, but has been replaced in favour of the TUN/TAP @c ================================================================== @subsection FreeBSD +@cindex FreeBSD tinc on FreeBSD relies on the universial TUN/TAP driver for its data -acquisition from the kernel. Therefore, tinc works on the same platforms +acquisition from the kernel. Therefore, tinc will work on the same platforms as this driver. These are: FreeBSD 3.x, 4.x, 5.x. @c ================================================================== @subsection Solaris +@cindex Solaris tinc on Solaris relies on the universial TUN/TAP driver for its data -acquisition from the kernel. Therefore, tinc works on the same platforms +acquisition from the kernel. Therefore, tinc will work on the same platforms as this driver. These are: Solaris, 2.1.x. @@ -232,22 +238,27 @@ as this driver. These are: Solaris, 2.1.x. @c @c ================================================================== -@node Installing tinc - preparations, Installing tinc - installation, Introduction, Top -@chapter Installing tinc: preparations +@node Preparations, Installation, Introduction, Top +@chapter Preparations This chapter contains information on how to prepare your system to support tinc. @menu -* Configuring the kernel:: -* Libraries:: +* Configuring the kernel:: +* Libraries:: @end menu @c ================================================================== -@node Configuring the kernel, Libraries, Installing tinc - preparations, Installing tinc - preparations +@node Configuring the kernel, Libraries, Preparations, Preparations @section Configuring the kernel +@cindex RedHat +@cindex Debian +@cindex netlink_dev +@cindex tun +@cindex ethertap If you are running Linux, chances are good that your kernel already supports all the devices that tinc needs for proper operation. For example, the standard kernel from Redhat Linux already has support for ethertap and netlink @@ -257,30 +268,25 @@ for something called `ethertap', and `netlink_dev' if it is using a kernel version prior to 2.4.0. In that case you will need both these devices. If you are using kernel 2.4.0 or later, you need to select `tun'. -If you can install these devices in a similar manner, you may skip this -section. +@cindex Kernel-HOWTO +If you can install these devices in a similar manner, you may skip this section. +Otherwise, you will have to recompile the kernel in order to turn on the required features. +If you are unfamiliar with the process of configuring and compiling a new kernel, +you should read the @uref{http://howto.linuxberg.com/LDP/HOWTO/Kernel-HOWTO.html, Kernel HOWTO} first. @menu -* Configuration of the Linux kernel:: -* Configuration of the FreeBSD kernel:: -* Configuration of the Solaris kernel:: +* Configuration of Linux kernels 2.1.60 up to 2.4.0:: +* Configuration of Linux kernels 2.4.0 and higher:: +* Configuration of FreeBSD kernels:: +* Configuration of Solaris kernels:: @end menu @c ================================================================== -@node Configuration of the Linux kernel, Configuration of the FreeBSD kernel, Configuring the kernel, Configuring the kernel -@subsection Configuring the Linux kernel +@node Configuration of Linux kernels 2.1.60 up to 2.4.0, Configuration of Linux kernels 2.4.0 and higher, Configuring the kernel, Configuring the kernel +@subsection Configuration of Linux kernels 2.1.60 up to 2.4.0 -First of all, a kernel version of 2.1.60 or higher is @emph{required}. - -If you are unfamiliar with the process of configuring and compiling a -new kernel, you should read the -@uref{http://howto.linuxberg.com/LDP/HOWTO/Kernel-HOWTO.html, Kernel -HOWTO} first. Do that now! - -Here are the options you have to turn on when configuring a new kernel. - -For kernels 2.1.60 up to 2.4.0: +Here are the options you have to turn on when configuring a new kernel: @example Code maturity level options @@ -305,11 +311,19 @@ alias tap0 ethertap options tap0 -o tap0 unit=0 alias tap1 ethertap options tap1 -o tap1 unit=1 +... +alias tap@emph{N} ethertap +options tap@emph{N} -o tap@emph{N} unit=@emph{N} @end example -Add more alias/options lines if necessary. +Add as much alias/options lines as necessary. -For kernels 2.4.0 and higher: + +@c ================================================================== +@node Configuration of Linux kernels 2.4.0 and higher, Configuration of FreeBSD kernels, Configuration of Linux kernels 2.1.60 up to 2.4.0, Configuring the kernel +@subsection Configuration of Linux kernels 2.4.0 and higher + +Here are the options you have to turn on when configuring a new kernel: @example Code maturity level options @@ -335,8 +349,8 @@ alias char-major-10-200 tun @c ================================================================== -@node Configuration of the FreeBSD kernel, Configuration of the Solaris kernel, Configuration of the Linux kernel, Configuring the kernel -@subsection Configuring the FreeBSD kernel +@node Configuration of FreeBSD kernels, Configuration of Solaris kernels, Configuration of Linux kernels 2.4.0 and higher, Configuring the kernel +@subsection Configuration of FreeBSD kernels This section will contain information on how to configure your FreeBSD kernel to support the universal TUN/TAP device. For 5.0 and 4.1 @@ -348,8 +362,8 @@ Unfortunately somebody still has to write the text. @c ================================================================== -@node Configuration of the Solaris kernel, , Configuration of the FreeBSD kernel, Configuring the kernel -@subsection Configuring the Solaris kernel +@node Configuration of Solaris kernels, , Configuration of FreeBSD kernels, Configuring the kernel +@subsection Configuration of Solaris kernels This section will contain information on how to configure your Solaris kernel to support the universal TUN/TAP device. You need to install @@ -359,16 +373,17 @@ Unfortunately somebody still has to write the text. @c ================================================================== -@node Libraries, , Configuring the kernel, Installing tinc - preparations +@node Libraries, , Configuring the kernel, Preparations @section Libraries @cindex requirements +@cindex libraries Before you can configure or build tinc, you need to have the OpenSSL library installed on your system. If you try to configure tinc without having installed it, configure will give you an error message, and stop. @menu -* OpenSSL:: +* OpenSSL:: @end menu @@ -409,6 +424,7 @@ to let configure know where they are, by passing configure one of the @subsubheading License +@cindex license Since the license under which OpenSSL is distributed is not directly compatible with the terms of the GNU GPL @uref{http://www.openssl.org/support/faq.html#LEGAL2}, therefore we @@ -432,8 +448,8 @@ all other requirements of the GPL are met. @c @c ================================================================== -@node Installing tinc - installation, Configuring tinc, Installing tinc - preparations, Top -@chapter Installing tinc: installation +@node Installation, Configuration, Preparations, Top +@chapter Installation If you use Redhat or Debian, you may want to install one of the precompiled packages for your system. These packages are equipped with @@ -449,35 +465,38 @@ md5sum before continuing. tinc comes in a convenient autoconf/automake package, which you can just treat the same as any other package. Which is just untar it, type `configure' and then `make'. - More detailed instructions are in the file @file{INSTALL}, which is included in the source distribution. @menu -* Building tinc:: -* System files:: -* Interfaces:: +* Building and installing tinc:: +* System files:: @end menu @c ================================================================== -@node Building tinc, System files, Installing tinc - installation, Installing tinc - installation -@section Building tinc +@node Building and installing tinc, System files, Installation, Installation +@section Building and installing tinc -Detailed instructions on configuring the source and building tinc can be -found in the file called @file{INSTALL}. +Detailed instructions on configuring the source, building tinc and installing tinc +can be found in the file called @file{INSTALL}. + +@cindex binary package +If you happen to have a binary package for tinc for your distribution, +you can use the package management tools of that distribution to install tinc. +The documentation that comes along with your distribution will tell you how to do that. @c ================================================================== -@node System files, Interfaces, Building tinc, Installing tinc - installation +@node System files, , Building and installing tinc, Installation @section System files Before you can run tinc, you must make sure you have all the needed files on your system. @menu -* Device files:: -* Other files:: +* Device files:: +* Other files:: @end menu @@ -485,6 +504,7 @@ files on your system. @node Device files, Other files, System files, System files @subsection Device files +@cindex device files First, you'll need the special device file(s) that form the interface between the kernel and the daemon. @@ -531,6 +551,7 @@ myvpn 10.0.0.0 @subsubheading @file{/etc/services} +@cindex port numbers You may add this line to @file{/etc/services}. The effect is that you may supply a @samp{tinc} as a valid port number to some programs. The number 655 is registered with the IANA. @@ -542,59 +563,6 @@ tinc 655/udp TINC @end example -@c ================================================================== -@node Interfaces, , System files, Installing tinc - installation -@section Interfaces - -Before you can start transmitting data over the tinc tunnel, tinc must -set up the ethertap network devices. - -First, decide which IP addresses you want to have associated with these -devices, and what network mask they must have. You also need these -numbers when you are going to configure tinc itself. @xref{Configuring -tinc}. - -tinc will open an ethertap device or TUN/TAP device, which will also -create a network interface called `tap0', `tap1' etc. if you are using -the ethertap driver, or a network interface with the same name as NETNAME -if you are using the universal TUN/TAP driver. - -You can configure that device by putting ordinary ifconfig, route, and other commands -to a script named @file{/etc/tinc/NETNAME/tinc-up}. When tinc starts, this script -will be executed. When tinc exits, it will execute the script named -@file{/etc/tinc/NETNAME/tinc-down}, but normally you don't need to create that script. - -An example @file{tinc-up} script when using the TUN/TAP driver: - -@example -ifconfig $NETNAME hw ether fe:fd:00:00:00:00 -ifconfig $NETNAME @emph{xx}.@emph{xx}.@emph{xx}.@emph{xx} netmask @emph{mask} -ifconfig $NETNAME -arp -@end example - -@cindex MAC address -@cindex hardware address -The first line sets up the MAC address of the network interface. -Due to the nature of how ethernet and tinc work, it has to be set to fe:fd:00:00:00:00. -(tinc versions prior to 1.0pre3 required that the MAC address matched the IP address.) -You can use the environment variable $NETNAME to get the name of the interface. -If you are using the ethertap driver however, you need to replace it with tap@emph{n}, -corresponding to the device file name. - -@cindex ifconfig -The next line gives the interface an IP address and a netmask. -The kernel will also automatically add a route to this interface, so normally you don't need -to add route commands to the @file{tinc-up} script. -The kernel will also bring the interface up after this command. -@cindex netmask -The netmask is the mask of the @emph{entire} VPN network, not just your -own subnet. - -@cindex arp -The last line tells the kernel not to use ARP on that interface. -Again this has to do with how ethernet and tinc work. Don't forget to add this line. - - @c @c @c @@ -607,39 +575,72 @@ Again this has to do with how ethernet and tinc work. Don't forget to add this l @c ================================================================== -@node Configuring tinc, Running tinc, Installing tinc - installation, Top -@chapter Configuring tinc +@node Configuration, Running tinc, Installation, Top +@chapter Configuration @menu -* Multiple networks:: -* How connections work:: -* Configuration file:: -* Example:: +* Configuration introduction:: +* Multiple networks:: +* How connections work:: +* Configuration files:: +* Generating keypairs:: +* Network interfaces:: +* Example configuration:: @end menu @c ================================================================== -@node Multiple networks, How connections work, Configuring tinc, Configuring tinc +@node Configuration introduction, Multiple networks, Configuration, Configuration +@section Configuration introduction + +@cindex Network Administrators Guide +Before actually starting to configure tinc and editing files, +make sure you have read this entire section so you know what to expect. +Then, make it clear to yourself how you want to organize your VPN: +What are the nodes (computers running tinc)? +What IP addresses/subnets do they have? +What is the network mask of the entire VPN? +Do you need special firewall rules? +Do you have to set up masquerading or forwarding rules? +These questions can only be answered by yourself, +you will not find the answers in this documentation. +Make sure you have an adequate understanding of networks in general. +A good resource on networking is the +@uref{http://www.linuxdoc.org/LDP/nag2/, Linux Network Administrators Guide}. + +If you have everything clearly pictured in your mind, +proceed in the following order: +First, generate the configuration files (tinc.conf, your host configuration file, tinc-up and perhaps tinc-down). +Then generate the keypairs. +Finally, distribute the host configuration files. +These steps are described in the subsections below. + + +@c ================================================================== +@node Multiple networks, How connections work, Configuration introduction, Configuration @section Multiple networks -@c from the manpage +@cindex multiple networks +@cindex netname +In order to allow you to run more than one tinc daemon on one computer, +for instance if your computer is part of more than one VPN, +you can assign a ``netname'' to your VPN. +It is not required if you only run one tinc daemon, +it doesn't even have to be the same on all the sites of your VPN, +but it is recommended that you choose one anyway. -It is perfectly OK for you to run more than one tinc daemon. -However, in its default form, you will soon notice that you can't use -two different configuration files without the -c option. - -We have thought of another way of dealing with this: network names. This -means that you call tincd with the -n argument, which will assign a name -to this daemon. +We will asume you use a netname throughout this document. +This means that you call tincd with the -n argument, +which will assign a netname to this daemon. The effect of this is that the daemon will set its configuration -``root'' to /etc/tinc/nn/, where nn is your argument to the -n -option. You'll notice that it appears in syslog as ``tinc.nn''. +``root'' to /etc/tinc/netname/, where netname is your argument to the -n +option. You'll notice that it appears in syslog as ``tinc.netname''. However, it is not strictly necessary that you call tinc with the -n option. In this case, the network name would just be empty, and it will be used as such. tinc now looks for files in /etc/tinc/, instead of -/etc/tinc/nn/; the configuration file should be /etc/tinc/tinc.conf, -and the passphrases are now expected to be in /etc/tinc/passphrases/. +/etc/tinc/netname/; the configuration file should be /etc/tinc/tinc.conf, +and the host configuration files are now expected to be in /etc/tinc/hosts/. But it is highly recommended that you use this feature of tinc, because it will be so much clearer whom your daemon talks to. Hence, we will @@ -647,24 +648,39 @@ assume that you use it. @c ================================================================== -@node How connections work, Configuration file, Multiple networks, Configuring tinc +@node How connections work, Configuration files, Multiple networks, Configuration @section How connections work -Before going on, first a bit on how tinc sees connections. +When tinc starts up, it parses the command-line options and then +reads in the configuration file. +If it sees a `ConnectTo' value pointing to another tinc daemon in the file, +it will try to connect to that other one. +Whether this succeeds or not and whether `ConnectTo' is specified or not, +tinc will listen for incoming connection from other deamons. +If you did specify a `ConnectTo' value and the other side is not responding, +tinc will keep retrying. +This means that once started, tinc will stay running until you tell it to stop, +and failures to connect to other tinc daemons will not stop your tinc daemon +for trying again later. +This means you don't have to intervene if there are any network problems. -When tinc starts up, it reads in the configuration file and parses the -command-line options. If it sees a `ConnectTo' value in the file, it -will try to connect to it, on the given port. If this fails, tinc exits. +@cindex client +@cindex server +There is no real distinction between a server and a client in tinc. +If you wish, you can view a tinc daemon without a `ConnectTo' value as a server, +and one which does specify such a value as a client. +It does not matter if two tinc daemons have a `ConnectTo' value pointing to eachother however. @c ================================================================== -@node Configuration file, Example, How connections work, Configuring tinc -@section Configuration file +@node Configuration files, Generating keypairs, How connections work, Configuration +@section Configuration files The actual configuration of the daemon is done in the file -@file{/etc/tinc/nn/tinc.conf}. +@file{/etc/tinc/netname/tinc.conf} and at least one other file in the directory +@file{/etc/tinc/netname/hosts/}. -This file consists of comments (lines started with a #) or assignments +These file consists of comments (lines started with a #) or assignments in the form of @example @@ -681,18 +697,19 @@ The default value is given between parentheses; required directives are given in @strong{bold}. @menu -* Main configuration variables:: -* Host configuration variables:: -* How to configure:: +* Main configuration variables:: +* Host configuration variables:: +* How to configure:: @end menu @c ================================================================== -@node Main configuration variables, Host configuration variables, Configuration file, Configuration file +@node Main configuration variables, Host configuration variables, Configuration files, Configuration files @subsection Main configuration variables @table @asis @item @strong{ConnectTo = } +@cindex ConnectTo Specifies which host to connect to on startup. Multiple ConnectTo variables may be specified, if connecting to the first one fails then tinc will try the next one, and so on. It is possible to specify @@ -704,6 +721,7 @@ value for ConnectPort is given, tinc won't connect at all, and will instead just listen for incoming connections. @item Hostnames = (no) +@cindex Hostnames This option selects whether IP addresses (both real and on the VPN) should be resolved. Since DNS lookups are blocking, it might affect tinc's efficiency, even stopping the daemon for a few seconds everytime @@ -713,12 +731,14 @@ This does not affect resolving hostnames to IP addresses from the configuration file. @item Interface = +@cindex Interface If you have more than one network interface in your computer, tinc will by default listen on all of them for incoming connections. It is possible to bind tinc to a single interface like eth0 or ppp0 with this variable. @item InterfaceIP = +@cindex InterfaceIP If your computer has more than one IP address on a single interface (for example if you are running virtual hosts), tinc will by default listen on all of them for incoming connections. It is possible to bind tinc to @@ -727,40 +747,48 @@ on several interfaces at the same time though, if they share the same IP address. @item KeyExpire = (3600) +@cindex KeyExpire This option controls the time the encryption keys used to encrypt the data are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, even though it is thought to be nearly impossible to crack a single key. @item ListenPort = (655) +@cindex ListenPort Listen on local port port. The computer connecting to this daemon should use this number as the argument for his ConnectPort. @item @strong{Name = } -This is a symbolic name for this connection. It can be anything +@cindex Name +This is a symbolic name for this connection. It can be anything @item PingTimeout = (5) +@cindex PingTimeout The number of seconds of inactivity that tinc will wait before sending a probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. @item PrivateKey = (obsolete) +@cindex PrivateKey This is the RSA private key for tinc. However, for safety reasons it is advised to store private keys of any kind in separate files. This prevents accidental eavesdropping if you are editting the configuration file. @item @strong{PrivateKeyFile = } (recommended) +@cindex PrivateKeyFile This is the full path name of the RSA private key file that was generated by ``tincd --generate-keys''. It must be a full path, not a relative directory. @item @strong{TapDevice = } (/dev/tap0) +@cindex TapDevice The ethertap device to use. Note that you can only use one device per daemon. The info pages of the tinc package contain more information about configuring an ethertap device for Linux. @item TCPonly = (no, experimental) +@cindex TCPonly If this variable is set to yes, then the packets are tunnelled over a TCP connection instead of a UDP connection. This is especially useful for those who want to run a tinc daemon from behind a masquerading firewall, or if @@ -770,16 +798,18 @@ try this at your own risk. @c ================================================================== -@node Host configuration variables, How to configure, Main configuration variables, Configuration file +@node Host configuration variables, How to configure, Main configuration variables, Configuration files @subsection Host configuration variables @table @asis @item @strong{Address = } +@cindex Address This variable is only required if you want to connect to this host. It must resolve to the external IP address where the host can be reached, not the one that is internal to the VPN. @item IndirectData = (no, experimental) +@cindex IndirectData This option specifies whether other tinc daemons besides the one you specified with ConnectTo can make a direct connection to you. This is especially useful if you are behind a firewall and it is impossible to @@ -787,19 +817,23 @@ make a connection from the outside to your tinc daemon. Otherwise, it is best to leave this option out or set it to no. @item Port = (655) +@cindex Port Connect to the upstream host (given with the ConnectTo directive) on port port. port may be given in decimal (default), octal (when preceded by a single zero) o hexadecimal (prefixed with 0x). port is the port number for both the UDP and the TCP (meta) connections. @item PublicKey = (obsolete) +@cindex PublicKey This is the RSA public key for this host. @item PublicKeyFile = (obsolete) +@cindex PublicKeyFile This is the full path name of the RSA public key file that was generated by ``tincd --generate-keys''. It must be a full path, not a relative directory. +@cindex PEM format From version 1.0pre4 on tinc will store the public key directly into the host configuration file in PEM format, the above two options then are not necessary. Either the PEM format is used, or exactly @@ -808,18 +842,21 @@ in each host configuration file, if you want to be able to establish a connection with that host. @item Subnet = +@cindex Subnet This is the subnet range of all IP addresses that will be accepted by the host that defines it. The range must be contained in the IP address range of the tap device, not the real IP address of the host running tincd. +@cindex CIDR notation maskbits is the number of bits set to 1 in the netmask part; for example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes /22. This conforms to standard CIDR notation as described in @uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519} @item TCPonly = (no, experimental) +@cindex TCPonly If this variable is set to yes, then the packets are tunnelled over a TCP connection instead of a UDP connection. This is especially useful for those who want to run a tinc daemon from behind a masquerading @@ -829,85 +866,118 @@ experimental code, try this at your own risk. It may not work at all. @c ================================================================== -@node How to configure, , Host configuration variables, Configuration file +@node How to configure, , Host configuration variables, Configuration files @subsection How to configure -@subsubheading Step 1. Creating the key files +@subsubheading Step 1. Creating the main configuration file -For each host, you have to create a pair of RSA keys. One key is your -private key, which is only known to you. The other one is the public -key, which you should copy to all hosts wanting to authenticate to you. +The main configuration file will be called @file{/etc/tinc/netname/tinc.conf}. +Adapt the following example to create a basic configuration file: +@example +Name = @emph{yourname} +TapDevice = @emph{/dev/tap0} +PrivateKeyFile = /etc/tinc/@emph{netname}/rsa_key.priv +@end example -@subsubheading Step 2. Configuring each host +Then, if you know to which other tinc daemon(s) yours is going to connect, +add `ConnectTo' values. -For every host in the VPN, you have to create two files. First there is -the main configuration file, @file{/etc/tinc/vpn-name/tinc.conf}. In -this file there should at least be three directives: +@subsubheading Step 2. Creating your host configuration file -@table @samp -@item Name -You should fill in the name of this host (or rather, the name of this -leaf of the VPN). It can be called after the hostname, the physical -location, the department, or the name of one of your boss' pets. It can -be anything, as long as all these names are unique across the entire -VPN. +If you added a line containing `Name = yourname' in the main configuarion file, +you will need to create a host configuration file @file{/etc/tinc/netname/hosts/yourname}. +Adapt the following example to create a host configuration file: -@item PrivateKeyFile -Fill in the full pathname to the file that contains the private RSA key. +@example +Address = @emph{your.real.hostname.org} +Subnet = @emph{192.168.1.0/24} +@end example -@item ConnectTo -This is the name of the host that you want to connect to (not a DNS -name, rather the name that is given with the Name parameter in that -hosts tinc.conf). This is the upstream connection. If your computer is -a central node, you might want to leave this out to make it stay idle -until someone connects to it. -@end table - -@cindex host configuration file -Then you should create a file with the name you gave yourself in -tinc.conf (the `Name' parameter), located in -@file{/etc/tinc/vpn-name/hosts/}. In this file, which we call the -`@emph{host configuration file}', the public key must be present -and one variable is required: - -@table @samp -@item Subnet -The IP range that this host accepts as being `local'. All packets with -a destination address that is within this subnet will be sent to us. -Actually it is not stricly required, but you need it to send packets to -other tinc daemons. -@end table - - -@subsubheading Step 3. Bringing it all together - -Now for all hosts that you want to create a direct connection to, -- you -connect to them or they connect to you -- you get a copy of their host -configuration file. - -If it is not already present, make sure you add this variable: - -@table @samp -@item Address -Enter the IP address or DNS hostname for this host. This is only needed -if you connect to this host. -@end table - -When you did this, you should be ready to create your first connection. -Pay attention to the system log, most errors will only be visible -there. If you get an error, you can check @ref{Error messages}. +You can also use an IP address instead of a hostname. +The `Subnet' specifies the address range that is local for @emph{your part of the VPN only}. +If you have multiple address ranges you can specify more than one `Subnet'. +You might also need to add a `Port' if you want your tinc daemon to run on a different port number than the default (655). @c ================================================================== -@node Example, , Configuration file, Configuring tinc -@section Example +@node Generating keypairs, Network interfaces, Configuration files, Configuration +@section Generating keypairs + +@cindex key generation +Now that you have already created the main configuration file and your host configuration file, +you can easily create a public/private keypair by entering the following command: + +@example +tincd -n @emph{netname} -K +@end example + +tinc will generate a public and a private key and ask you where to put them. +Just press enter to accept the defaults. + + +@c ================================================================== +@node Network interfaces, Example configuration, Generating keypairs, Configuration +@section Network interfaces + +Before tinc can start transmitting data over the tunnel, it must +set up the ethertap network devices. + +First, decide which IP addresses you want to have associated with these +devices, and what network mask they must have. + +tinc will open an ethertap device or TUN/TAP device, which will also +create a network interface called `tap0', or `tap1', and so on if you are using +the ethertap driver, or a network interface with the same name as netname +if you are using the universal TUN/TAP driver. + +@cindex tinc-up +You can configure that device by putting ordinary ifconfig, route, and other commands +to a script named @file{/etc/tinc/netname/tinc-up}. When tinc starts, this script +will be executed. When tinc exits, it will execute the script named +@file{/etc/tinc/netname/tinc-down}, but normally you don't need to create that script. + +An example @file{tinc-up} script when using the TUN/TAP driver: + +@example +#!/bin/sh +ifconfig $NETNAME hw ether fe:fd:00:00:00:00 +ifconfig $NETNAME @emph{xx}.@emph{xx}.@emph{xx}.@emph{xx} netmask @emph{mask} +ifconfig $NETNAME -arp +@end example + +@cindex MAC address +@cindex hardware address +The first line sets up the MAC address of the network interface. +Due to the nature of how Ethernet and tinc work, it has to be set to fe:fd:00:00:00:00. +(tinc versions prior to 1.0pre3 required that the MAC address matched the IP address.) +You can use the environment variable $NETNAME to get the name of the interface. +If you are using the ethertap driver however, you need to replace it with tap@emph{N}, +corresponding to the device file name. + +@cindex ifconfig +The next line gives the interface an IP address and a netmask. +The kernel will also automatically add a route to this interface, so normally you don't need +to add route commands to the @file{tinc-up} script. +The kernel will also bring the interface up after this command. +@cindex netmask +The netmask is the mask of the @emph{entire} VPN network, not just your +own subnet. + +@cindex arp +The last line tells the kernel not to use ARP on that interface. +Again this has to do with how Ethernet and tinc work. Don't forget to add this line. + + +@c ================================================================== +@node Example configuration, , Network interfaces, Configuration +@section Example configuration @cindex example Imagine the following situation. Branch A of our example `company' wants to connect -three branch offices in B, C and D using the internet. All four offices -have a 24/7 connection to the internet. +three branch offices in B, C and D using the Internet. All four offices +have a 24/7 connection to the Internet. A is going to serve as the center of the network. B and C will connect to A, and D will connect to C. Each office will be assigned their own IP @@ -927,7 +997,7 @@ need to run tincd, but it must do a port forwarding of TCP&UDP on port In this example, it is assumed that eth0 is the interface that points to the inner (physical) LAN of the office, although this could also be the -same as the interface that leads to the internet. The configuration of +same as the interface that leads to the Internet. The configuration of the real interface is also shown as a comment, to give you an idea of how these example host is set up. All branches use the netname `company' for this particular VPN. @@ -961,6 +1031,11 @@ On all hosts, /etc/tinc/company/hosts/BranchA contains: Subnet = 10.1.0.0/16 Address = 1.2.3.4 +Note that the IP addresses of eth0 and tap0 are the same. +This is quite possible, if you make sure that the netmasks of the interfaces are different. +It is in fact recommended to give give both real internal network interfaces and tap interfaces the same IP address, +since that will make things a lot easier to remember and set up. + -----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY----- @@ -1048,11 +1123,11 @@ In @file{/etc/tinc/company/tinc-up}: @example # Real interface of internal network: -# ifconfig tap0 10.4.3.32 netmask 255.255.0.0 broadcast 10.4.255.255 +# ifconfig eth0 10.4.3.32 netmask 255.255.0.0 broadcast 10.4.255.255 -ifconfig tap0 hw ether fe:fd:0a:04:03:20 -ifconfig tap0 10.4.3.32 netmask 255.0.0.0 -ifconfig tap0 -arp +ifconfig company hw ether fe:fd:0a:04:03:20 +ifconfig company 10.4.3.32 netmask 255.0.0.0 +ifconfig company -arp @end example and in @file{/etc/tinc/company/tinc.conf}: @@ -1060,11 +1135,15 @@ and in @file{/etc/tinc/company/tinc.conf}: @example Name = BranchD ConnectTo = BranchC +TapDevice = /dev/net/tun PrivateKeyFile = /etc/tinc/company/rsa_key.priv @end example D will be connecting to C, which has a tincd running for this network on port 2000. It knows the port number from the host configuration file. +Also note that since D uses the TUN/TAP driver, the network interface +will not be called `tun' or `tap0' or something like that, but will +have the same name as netname. On all hosts, in @file{/etc/tinc/company/hosts/BranchD}: @@ -1099,50 +1178,28 @@ their daemons, tinc will try connecting until they are available. @c ================================================================== -@node Running tinc, Technical information, Configuring tinc, Top +@node Running tinc, Technical information, Configuration, Top @chapter Running tinc -Running tinc isn't just as easy as typing `tincd' and hoping everything -will just work out the way you wanted. Instead, the use of tinc is a -project that involves trust relations and more than one computer. +If everything else is done, you can start tinc by typing the following command: + +@example +tincd -n @emph{netname} +@end example + +@cindex daemon +tinc will detach from the terminal and continue to run in the background like a good daemon. +If there are any problems however you can try to increase the debug level +and look in the syslog to find out what the problems are. @menu -* Managing keys:: -* Runtime options:: -* Error messages:: +* Runtime options:: +* Error messages:: @end menu @c ================================================================== -@node Managing keys, Runtime options, Running tinc, Running tinc -@section Managing keys - -Before attempting to start tinc, you have to create public/private keypairs. -When tinc tries to make a connection, it exchanges some sensitive -data. Before doing so, it likes to know if the other end is -trustworthy. - -To do this, both ends must have some knowledge about the other. In the -case of tinc this is the public keys. - -To generate a public/private keypair, run `tincd -n vpn-name -K'. - is optional, you can use it to specify the length of the keys. -The length of the public/private keypairs -should be at least 1024 for reasonable security (reasonable being good enough -to keep the NSA busy for a few weeks). - -Every computer that wants to participate in the VPN should do this. The -public keyfile should get the name of each tinc daemon and an extension .pub, -and it should be stored in the hosts directory. - -When every computer has his own keys and configuration files, the files in the -hosts directory should be exchanged with each other computer that it wants to -talk to directly. Since only public keys are involved, you can safely do this -via email, telnet or ftp, or even putting the contents on a public billboard. - - -@c ================================================================== -@node Runtime options, Error messages, Managing keys, Running tinc +@node Runtime options, Error messages, , Running tinc @section Runtime options Besides the settings in the configuration file, tinc also accepts some @@ -1158,8 +1215,9 @@ generated automatically, so may be more up-to-date. @table @samp @item -c, --config=PATH Read configuration options from the directory PATH. The default is -@file{/etc/tinc/nn/}. +@file{/etc/tinc/netname/}. +@cindex debug level @item -d Increase debug level. The higher it gets, the more gets logged. Everything goes via syslog. @@ -1207,19 +1265,22 @@ only, so keep an eye on it! @table @strong @item Could not open /dev/tap0: No such device -@table @bullet -@item You forgot to insmod netlink_dev.o or ethertap.o -@item You forgot to compile `Netlink device emulation' in the kernel -@end table + +@itemize +@item You forgot to `modprobe netlink_dev' or `modprobe ethertap'. +@item You forgot to compile `Netlink device emulation' in the kernel. +@end itemize @item Can't write to /dev/net/tun: No such device -@table @bullet -@item You forgot to insmod tun.o -@item You forgot to compile `Universal TUN/TAP driver' in the kernel -@end table + +@itemize +@item You forgot to `modprobe tun'. +@item You forgot to compile `Universal TUN/TAP driver' in the kernel. +@end itemize @item Packet with destination 1.2.3.4 is looping back to us! -@table @bullet + +@itemize @item Something is not configured right. Packets are being sent out to the tap device, but according to the Subnet directives in your host configuration file, those packets should go to your own host. Most common mistake is that @@ -1228,29 +1289,46 @@ just as large as the netmask of the tap device. The latter should in almost all cases be larger. Rethink your configuration. Note that you will only see this message if you specified a debug level of 5 or higher! -@end table +@item Chances are that a `Subnet = ...' line in the host configuration file of this tinc daemon is wrong. +Change it to a subnet that is accepted locally by another interface, +or if that is not the case, try changing the prefix length into /32. +@end itemize + +@item Network doesn't work, syslog shows only packets of length 46 + +@cindex arp +@example +Jan 1 12:00:00 host tinc.net[1234]: Read packet of length 46 from tap device +Jan 1 12:00:00 host tinc.net[1234]: Trying to look up 0.0.192.168 in connection list failed! +@end example +@itemize +@item Add the `ifconfig $NETNAME -arp' to tinc-up. +@end itemize @item Network address and subnet mask do not match! -@table @bullet -@item The Subnet field must contain a network address -If you only want to use one IP address, set the netmask to /32. -@end table + +@itemize +@item The Subnet field must contain a @emph{network} address. +@item If you only want to use one IP address, set the netmask to /32. +@end itemize @item This is a bug: net.c:253: 24: Some error -@table @bullet -@item This is something that should not have happened + +@itemize +@item This is something that should not have happened. Please report this, and tell us exactly what went wrong before you got this message. In normal operation, these errors should not occur. -@end table +@end itemize @item Error reading RSA key file `rsa_key.priv': No such file or directory -@table @bullet -@item You must specify the complete pathname + +@itemize +@item You must specify the complete pathname. Specifying a relative path does not make sense here. tinc changes its directory to / when starting (to avoid keeping a mount point busy); and even if we built in a default directory to look for these files, the key files are bound to be in a different directory. -@end table +@end itemize @end table @@ -1260,8 +1338,8 @@ files are bound to be in a different directory. @menu -* The Connection:: -* Security:: +* The Connection:: +* Security:: @end menu @@ -1274,8 +1352,8 @@ tinc is a daemon that takes VPN data and transmit that to another host computer over the existing Internet infrastructure. @menu -* Protocol Preview:: -* The Meta-connection:: +* Protocol Preview:: +* The Meta-connection:: @end menu @@ -1289,14 +1367,15 @@ The data itself is read from a character device file, the so-called @emph{ethertap} device. This device is associated with a network interface. Any data sent to this interface can be read from the device, and any data written to the device gets sent from the interface. Data to -and from the device is formatted as if it were a normal ethernet card, +and from the device is formatted as if it were a normal Ethernet card, so a frame is preceded by two MAC addresses and a @emph{frame type} field. -So when tinc reads an ethernet frame from the device, it determines its +So when tinc reads an Ethernet frame from the device, it determines its type. Right now, tinc can only handle Internet Protocol version 4 (IPv4) frames, because it needs IP headers for routing. Plans to support other protocols and switching instead of routing are being made. +(Some code for IPv6 routing and switching is already present but nonfunctional.) When tinc knows which type of frame it has read, it can also read the source and destination address from it. @@ -1305,6 +1384,7 @@ Now it is time that the frame gets encrypted. Currently the only encryption algorithm available is blowfish. @cindex encapsulating +@cindex UDP When the encryption is ready, time has come to actually transport the packet to the destination computer. We do this by sending the packet over an UDP connection to the destination host. This is called @@ -1328,8 +1408,9 @@ set the MAC address of your tap interface to that address. Having only an UDP connection available is not enough. Though suitable for transmitting data, we want to be able to reliably send other -information, such as routing and encryption information to somebody. +information, such as routing and session key information to somebody. +@cindex TCP TCP is a better alternative, because it already contains protection against information being lost, unlike UDP. @@ -1350,18 +1431,18 @@ The reason we don't use TCP for both protocols is that UDP is much better for encapsulation, even while it is less reliable. The real problem is that when TCP would be used to encapsulate a TCP stream that's on the private network, for every packet sent there would be -three ACK's sent instead of just one. Furthermore, if there would be +three ACKs sent instead of just one. Furthermore, if there would be a timeout, both TCP streams would sense the timeout, and both would -start resending packets. +start re-sending packets. @c ================================================================== @node Security, , The Connection, Technical information @section About tinc's encryption and other security-related issues. -@cindex tinc +@cindex TINC @cindex Cabal tinc got its name from ``TINC,'' short for @emph{There Is No Cabal}; the -alleged Cabal was/is an organization that was said to keep an eye on the +alleged Cabal was/is an organisation that was said to keep an eye on the entire Internet. As this is exactly what you @emph{don't} want, we named the tinc project after TINC. @@ -1369,40 +1450,16 @@ the tinc project after TINC. But in order to be ``immune'' to eavesdropping, you'll have to encrypt your data. Because tinc is a @emph{Secure} VPN (SVPN) daemon, it does exactly that: encrypt. +tinc uses blowfish encryption in CBC mode and a small amount of salt +at the beginning of each packet to make sure eavesdroppers cannot get +any information at all from the packets they can intercept. -This chapter is a mixture of ideas, reasoning and explanation, please -don't take it too serious. - -@menu -* Key Types:: -@end menu - -@c ================================================================== -@node Key Types, , Security, Security -@subsection Key Types -@c FIXME: check if I'm not talking nonsense - -There are several types of encryption keys. Tinc uses two of them, -symmetric private keypairs and public/private keypairs. - -Public/private keypairs are used in public key cryptography. It enables -someone to send out a public key with which other people can encrypt their -data. The encrypted data now can only be decrypted by the person who has -the private key that matches the public key. So, a public key only allows -@emph{other} people to send encrypted messages to you. This is very useful -in setting up private communications channels. Just send out your public key -and other people can talk to you in a secure way. But how can you know -the other person is who she says she is? This is done by sending out an -encrypted challenge that only the person with the right private key can decode -an respond to. - -However, encryption with public/private keys is very slow. Symmetric key cryptography -is orders of magnitudes faster, but it is very hard to safely exchange the symmetric -keys, since they should be kept private. - -The idea is to use public/private cryptography for authentication, and for -exchanging symmetric keys in a safe way. After that, all communications are encrypted -with the symmetric cipher. +@cindex authentication +Another important part is the authentication done prior to allowing other +tinc daemons to connect. This is done by a challenge/response handshake +involving RSA encryption. +The details of the authentication can be found in a file called @file{doc/SECURITY2} +in the source of tinc. @c ================================================================== @@ -1411,8 +1468,8 @@ with the symmetric cipher. @menu -* Contact Information:: -* Authors:: +* Contact Information:: +* Authors:: @end menu @@ -1420,9 +1477,11 @@ with the symmetric cipher. @node Contact Information, Authors, About us, About us @section Contact information -tinc's main page is at @url{http://tinc.nl.linux.org/}, +@cindex website +tinc's website is at @url{http://tinc.nl.linux.org/}, this server is located in the Netherlands. +@cindex IRC We have an IRC channel on the Open Projects IRC network. Connect to @uref{http://openprojects.nu/services/irc.html, irc.openprojects.net}, and join channel #tinc. @@ -1462,4 +1521,3 @@ the source distribution. @c ================================================================== @contents @bye - From 4493b0650bd487990ca9d2802496ad0ee7c06247 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 24 May 2001 20:40:13 +0000 Subject: [PATCH 373/923] Changed URL from kernelnotes.org to linuxdoc.org. --- doc/tinc.conf.5 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 9ba15fc8..8f0dc896 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -195,7 +195,7 @@ tap device. .TP \fBhttp://tinc.nl.linux.org/\fR .TP -\fBhttp://www.kernelnotes.org/guides/NAG/\fR +\fBhttp://www.linuxdoc.org/LDP/nag2/\fR .PP The full documentation for .B tinc From d1b597758eab68bb80d97855f25cb6dda55eeb0b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 24 May 2001 21:29:09 +0000 Subject: [PATCH 374/923] Add randomness to PING/PONG packets to prevent crypto attacks on quiet tunnels. --- src/protocol.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index cd63ad0b..e3e7e390 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.87 2001/05/07 19:08:46 guus Exp $ + $Id: protocol.c,v 1.28.4.88 2001/05/24 21:29:09 guus Exp $ */ #include "config.h" @@ -1060,11 +1060,14 @@ cp int send_ping(connection_t *cl) { + char salt[SALTLEN*2+1]; cp cl->status.pinged = 1; cl->last_ping_time = time(NULL); + RAND_bytes(salt, SALTLEN); + bin2hex(salt, salt, SALTLEN); cp - return send_request(cl, "%d", PING); + return send_request(cl, "%d %s", PING, salt); } int ping_h(connection_t *cl) @@ -1075,8 +1078,12 @@ cp int send_pong(connection_t *cl) { + char salt[SALTLEN*2+1]; cp - return send_request(cl, "%d", PONG); + RAND_bytes(salt, SALTLEN); + bin2hex(salt, salt, SALTLEN); +cp + return send_request(cl, "%d %s", PONG, salt); } int pong_h(connection_t *cl) From 58893f0875369aafff8481825af271683c975a2a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 24 May 2001 21:30:36 +0000 Subject: [PATCH 375/923] Since this is incompatible with some earlier versions, PROT_CURRENT is increased. --- src/protocol.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/protocol.h b/src/protocol.h index 54cf67e5..c202f5c2 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.20 2001/02/25 19:09:45 guus Exp $ + $Id: protocol.h,v 1.5.4.21 2001/05/24 21:30:36 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -30,7 +30,7 @@ incompatible version have different protocols. */ -#define PROT_CURRENT 9 +#define PROT_CURRENT 10 /* Request numbers */ From 1a248fd5bd5aa24fa0f6a2c395f05dd569f0898d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 24 May 2001 21:32:30 +0000 Subject: [PATCH 376/923] All features for 1.0 are implemented now, we just have to check the FreeBSD and Solaris ports and merge some docs. --- TODO | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TODO b/TODO index bacd12c3..0a30f2cf 100644 --- a/TODO +++ b/TODO @@ -11,7 +11,7 @@ Goals for 1.0 release: * Reenable queues for delayed packets (done) * Merge documentation files (SECURITY, INSTALL, PROTOCOL) into tinc.texi * Different authentication scheme (done) -* Add randomness to packet headers and PING/PONG requests +* Add randomness to packet headers and PING/PONG requests (done) Goals for future releases: From bfc5d6014e3c1563f7b6a2f10698e9ba23ba3e96 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 24 May 2001 21:52:26 +0000 Subject: [PATCH 377/923] Only send key_changed if it was previously requested. --- src/protocol.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index e3e7e390..be3b5d1c 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.88 2001/05/24 21:29:09 guus Exp $ + $Id: protocol.c,v 1.28.4.89 2001/05/24 21:52:26 guus Exp $ */ #include "config.h" @@ -68,6 +68,8 @@ #include "system.h" +int mykeyused = 0; + int check_id(char *id) { int i; @@ -1101,13 +1103,21 @@ int send_key_changed(connection_t *from, connection_t *cl) connection_t *p; avl_node_t *node; cp - for(node = connection_tree->head; node; node = node->next) + /* Only send this message if some other daemon requested our key previously. + This reduces unnecessary key_changed broadcasts. + */ + + if(mykeyused) { - p = (connection_t *)node->data; - if(p != cl && p->status.meta && p->status.active) - if(!(p->options & OPTION_INDIRECT) || from == myself) - send_request(p, "%d %s", KEY_CHANGED, from->name); - } + for(node = connection_tree->head; node; node = node->next) + { + p = (connection_t *)node->data; + if(p != cl && p->status.meta && p->status.active) + if(!(p->options & OPTION_INDIRECT) || from == myself) + send_request(p, "%d %s", KEY_CHANGED, from->name); + } + mykeyused = 0; + } cp return 0; } @@ -1170,11 +1180,12 @@ cp /* Check if this key request is for us */ - if(!strcmp(to_id, myself->name)) + if(!strcmp(to_id, myself->name)) /* Yes, send our own key back */ { bin2hex(myself->cipher_pktkey, pktkey, myself->cipher_pktkeylength); pktkey[myself->cipher_pktkeylength*2] = '\0'; send_ans_key(myself, from, pktkey); + mykeyused = 1; } else { From 4dee76522e177dcb4af5d6d844a5f3b74070e4b7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 25 May 2001 08:36:11 +0000 Subject: [PATCH 378/923] Small fixes: - Fix compiler warnings (one was a real (but harmless) bug) - Don't send PING packets if there is UDP traffic - Correctly terminate strings containing salt for PING/PONG packets --- src/meta.c | 3 +-- src/net.c | 14 +++++++++----- src/protocol.c | 4 +++- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/src/meta.c b/src/meta.c index ecf875c7..87cb415d 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.16 2001/03/12 23:58:19 guus Exp $ + $Id: meta.c,v 1.1.2.17 2001/05/25 08:36:11 guus Exp $ */ #include "config.h" @@ -93,7 +93,6 @@ int receive_meta(connection_t *cl) int oldlen, i; int lenin = 0; char inbuf[MAXBUFSIZE]; - char *bufp; int decrypted = 0; cp if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) diff --git a/src/net.c b/src/net.c index c3f89ca5..68080fde 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.105 2001/05/07 19:08:43 guus Exp $ + $Id: net.c,v 1.35.4.106 2001/05/25 08:36:11 guus Exp $ */ #include "config.h" @@ -848,11 +848,13 @@ cp cfg = get_config_val(upstreamcfg, config_connectto); if(!cfg) - if(upstreamcfg == config) { - /* No upstream IP given, we're listen only. */ - signal(SIGALRM, SIG_IGN); - return; + if(upstreamcfg == config) + { + /* No upstream IP given, we're listen only. */ + signal(SIGALRM, SIG_IGN); + return; + } } else { @@ -1075,6 +1077,8 @@ cp return; } + cl->last_ping_time = time(NULL); + receive_udppacket(cl, &pkt); cp } diff --git a/src/protocol.c b/src/protocol.c index be3b5d1c..52300632 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.89 2001/05/24 21:52:26 guus Exp $ + $Id: protocol.c,v 1.28.4.90 2001/05/25 08:36:11 guus Exp $ */ #include "config.h" @@ -1068,6 +1068,7 @@ cp cl->last_ping_time = time(NULL); RAND_bytes(salt, SALTLEN); bin2hex(salt, salt, SALTLEN); + salt[SALTLEN*2] = '\0'; cp return send_request(cl, "%d %s", PING, salt); } @@ -1084,6 +1085,7 @@ int send_pong(connection_t *cl) cp RAND_bytes(salt, SALTLEN); bin2hex(salt, salt, SALTLEN); + salt[SALTLEN*2] = '\0'; cp return send_request(cl, "%d %s", PONG, salt); } From 6e09c2a99c8ac3c1391f4f2eee16d6c235c10e90 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 25 May 2001 10:06:13 +0000 Subject: [PATCH 379/923] Small corrections to the manuals. --- doc/tinc.conf.5 | 94 +++++++++++++++++++++++++++++++++---------------- doc/tinc.texi | 54 ++++++++++++++-------------- doc/tincd.8 | 20 +++++------ 3 files changed, 99 insertions(+), 69 deletions(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 8f0dc896..46bc0cfe 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -15,14 +15,14 @@ names. This means that you call \fBtincd\fR with the \fI-n\fR argument, which will assign a name to this daemon. The effect of this is that the daemon will set its configuration -``root'' to \fI/etc/tinc/\fBnn\fI/\fR, where \fBnn\fR is your argument +``root'' to \fI/etc/tinc/\fBnetname\fI/\fR, where \fBnetname\fR is your argument to the \fI-n\fR option. You'll notice that it appears in syslog as -``tincd.\fBnn\fR''. +``tincd.\fBnetname\fR''. However, it is not strictly necessary that you call tinc with the -n option. In this case, the network name would just be empty, and it will be used as such. tinc now looks for files in \fI/etc/tinc/\fR, -instead of \fI/etc/tinc/\fBnn\fI/\fR; the configuration file should be +instead of \fI/etc/tinc/\fBnetname\fI/\fR; the configuration file should be \fI/etc/tinc/tinc.conf\fR, and the passphrases are now expected to be in \fI/etc/tinc/passphrases/\fR. @@ -34,7 +34,7 @@ we will assume that you use it. Each tinc daemon should have a name that is unique in the network which it will be part of. The name will be used by other tinc daemons for identification. The name has to be declared in the -\fI/etc/tinc/\fBnn\fI/tinc.conf\fR file. +\fI/etc/tinc/\fBnetname\fI/tinc.conf\fR file. To make things easy, choose something that will give unique and easy to rememebr names to your tinc daemon(s). @@ -42,16 +42,16 @@ You could try things like hostnames, owner surnames or location names. .PP .SH "PUBLIC/PRIVATE KEYS" You should use \fBtincd --generate-keys\fR to generate public/private -keypairs. It will generate two keys. The line containing the private -key should be completely copied to \fI/etc/tinc/\fBnn\fI/tinc.conf\fR -\-\- where \fBnn\fR stands for the network (See under \fBNETWORKS\fR) -above. The line containing the public key should be completely copied -to \fI/etc/tinc/\fBnn\fI/hosts/\fBname\fR \-\- where \fBname\fR stands -for the name of the tinc daemon (See \fBNAMES\fR). +keypairs. It will generate two keys. The private +key should be stored in a separate file \fI/etc/tinc/\fBnetname\fI/rsa_key.priv\fR +\-\- where \fBnetname\fR stands for the network (See under \fBNETWORKS\fR) +above. The public key should be stored in +the host configuration file \fI/etc/tinc/\fBnetname\fI/hosts/\fBname\fR \-\- where \fBname\fR stands +for the name of the local tinc daemon (See \fBNAMES\fR). .PP .SH "SERVER CONFIGURATION" The server configuration of the daemon is done in the file -\fI/etc/tinc/\fBnn\fI/tinc.conf\fR. +\fI/etc/tinc/\fBnetname\fI/tinc.conf\fR. This file consists of comments (lines started with a \fB#\fR) or assignments in the form of @@ -67,16 +67,16 @@ readability. If you leave it out, remember to replace it with at least one space character. .PP Here are all valid variables, listed in alphabetical order. The default -value, required or optional is given between parentheses. +value is given between parentheses. .TP -\fBConnectTo\fR = <\fIname\fR> (optional) +\fBConnectTo\fR = <\fIname\fR> Specifies which host to connect to on startup. Multiple \fBConnectTo\fR variables may be specified, if connecting to the first one fails then tinc will try the next one, and so on. The names should be known to this tinc daemon (i.e., there should be a host configuration file for the name on the ConnectTo line). -If you don't specify a host with \fBConnectTo\fR, tinc won't connect at all, +If you don't specify a host with \fBConnectTo\fR, tinc won't try to connect to other daemons at all, and will instead just listen for incoming connections. .TP \fBHostnames\fR = <\fIyes|no\fR> (no) @@ -88,33 +88,47 @@ a lookup if your DNS server is not responding. This does not affect resolving hostnames to IP addresses from the host configuration files. .TP +\fBInterface\fR = <\fIdevice\fR> +If you have more than one network interface in your computer, tinc will +by default listen on all of them for incoming connections. It is +possible to bind tinc to a single interface like eth0 or ppp0 with this +variable. +.TP +\fBInterfaceIP\fR = <\fIlocal address\fR> +If your computer has more than one IP address on a single interface (for +example if you are running virtual hosts), tinc will by default listen +on all of them for incoming connections. It is possible to bind tinc to +a single IP address with this variable. It is still possible to listen +on several interfaces at the same time though, if they share the same IP +address. +.TP \fBKeyExpire\fR = <\fIseconds\fR> (3600) This option controls the time the encryption keys used to encrypt the data are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, even though it is thought to be nearly impossible to crack a single key. .TP -\fBName\fR = <\fIname\fR> (required) +\fBName\fR = <\fIname\fR> [required] This is the name which identifies this tinc daemon. It must be unique for the virtual private network this daemon will connect to. .TP -\fBPingTimeout\fR = <\fIseconds\fR> (5) +\fBPingTimeout\fR = <\fIseconds\fR> (60) The number of seconds of inactivity that tinc will wait before sending a probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. .TP -\fBPrivateKey\fR = <\fIkey\fR> +\fBPrivateKey\fR = <\fIkey\fR> [obsolete] The private RSA key of this tinc daemon. It will allow this tinc daemon to authenticate itself to other daemons. .TP -\fBPrivateKeyFile\fR = <\fIfilename\fR> +\fBPrivateKeyFile\fR = <\fIfilename\fR> [recommended] The file in which the private RSA key of this tinc daemon resides. Note that there must be exactly one of \fBPrivateKey\fR or \fBPrivateKeyFile\fR specified in the configuration file. .TP -\fBTapDevice\fR = <\fIdevice\fR> (/dev/tap0) +\fBTapDevice\fR = <\fIdevice\fR> (/dev/tap0 or /dev/net/tun) The ethertap or tun/tap device to use. tinc will automatically detect what kind of tapdevice it is. Note that you can only use one device per @@ -134,24 +148,34 @@ tinc daemon. Since host configuration files only contain public keys, no secrets are revealed by sending out this information. .PP .TP -\fBAddress\fR = <\fIIP address\fR> (required) +\fBAddress\fR = <\fIIP address\fR> [recommended] The real address or hostname of this tinc daemon. .TP +\fBIndirectData\fR = <\fIyes\fR|\fIno\fR> (no) [experimental] +This option specifies whether other tinc daemons besides the one you +specified with ConnectTo can make a direct connection to you. This is +especially useful if you are behind a firewall and it is impossible to +make a connection from the outside to your tinc daemon. Otherwise, it +is best to leave this option out or set it to no. +.TP \fBPort\fR = <\fIport number\fR> (655) The port on which this tinc daemon is listening for incoming connections. .TP -\fBPublicKey\fR = <\fIkey\fR> +\fBPublicKey\fR = <\fIkey\fR> [obsolete] The public RSA key of this tinc daemon. It will be used to cryptographically verify it's identity and to set up a secure connection. .TP -\fBPublicKeyFile\fR = <\fIfilename\fR> +\fBPublicKeyFile\fR = <\fIfilename\fR> [obsolete] The file in which the public RSA key of this tinc daemon resides. -Note that there must be exactly one of \fBPublicKey\fR or \fBPublicKeyFile\fR -specified in each host configuration file, if you want to be able to establish -a connection with that host. +From version 1.0pre4 on tinc will store the public key directly into the +host configuration file in PEM format, the above two options then are not +necessary. Either the PEM format is used, or exactly +one of the above two options must be specified +in each host configuration file, if you want to be able to establish a +connection with that host. .TP -\fBSubnet\fR = <\fIaddress/masklength\fR> (optional) +\fBSubnet\fR = <\fIaddress/masklength\fR> The subnet which this tinc daemon will serve. tinc tries to look up which other daemon it should send a packet to by searching the appropiate subnet. If the packet matches a subnet, it will be sent to the daemon who has this subnet in his @@ -165,19 +189,27 @@ The subnets must be in a form like \fI192.168.1.0/24\fR, where 192.168.1.0 is th network address and 24 is the number of bits set in the netmask. Note that subnets like \fI192.168.1.1/24\fR are invalid! Read a networking howto/FAQ/guide if you don't understand this. +.TP +\fBTCPonly\fR = <\fIyes\fR|\fIno\fR> (no) [experimental] +If this variable is set to yes, then the packets are tunnelled over a +TCP connection instead of a UDP connection. This is especially useful +for those who want to run a tinc daemon from behind a masquerading +firewall, or if UDP packet routing is disabled somehow. This is +experimental code, try this at your own risk. It may not work at all. +Setting this options also implicitly sets IndirectData. .SH "FILES" .TP \fI/etc/tinc/\fR The top directory for configuration files. .TP -\fI/etc/tinc/\fBnn\fI/tinc.conf\fR +\fI/etc/tinc/\fBnetname\fI/tinc.conf\fR The default name of the server configuration file for net -\fBnn\fR. +\fBnetname\fR. .TP -\fI/etc/tinc/\fBnn\fI/hosts/\fR +\fI/etc/tinc/\fBnetname\fI/hosts/\fR Host configuration files are kept in this directory. .TP -\fI/etc/tinc/\fBnn\fI/tinc-up\fR +\fI/etc/tinc/\fBnetname\fI/tinc-up\fR If an executable file with this name exists, it will be executed right after the tinc daemon has connected to the tap device. It can be used to ifconfig the network interface. @@ -185,7 +217,7 @@ be used to ifconfig the network interface. If the tapdevice is a tun/tap device, the evironment variable \fB$IFNAME\fR will be set to the name of the network interface. .TP -\fI/etc/tinc/\fBnn\fI/tinc-down\fR +\fI/etc/tinc/\fBnetname\fI/tinc-down\fR If an executable file with this name exists, it will be executed right before the tinc daemon is going to close it's connection to the tap device. diff --git a/doc/tinc.texi b/doc/tinc.texi index 74951c92..c3c4a78d 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.16 2001/05/24 20:24:12 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.17 2001/05/25 10:06:13 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -17,7 +17,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.16 2001/05/24 20:24:12 guus Exp $ +$Id: tinc.texi,v 1.8.4.17 2001/05/25 10:06:13 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -42,7 +42,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.16 2001/05/24 20:24:12 guus Exp $ +$Id: tinc.texi,v 1.8.4.17 2001/05/25 10:06:13 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -519,12 +519,17 @@ ethertap devices: @example mknod -m 600 /dev/tap0 c 36 16 chown 0.0 /dev/tap0 +mknod -m 600 /dev/tap1 c 36 17 +chown 0.0 /dev/tap0 +... +mknod -m 600 /dev/tap@emph{N} c 36 @emph{N+16} +chown 0.0 /dev/tap@emph{N} @end example -Any further ethertap devices have minor device number 16 through 31. +There is a maximum of 16 ethertap devices. If you use the universal TUN/TAP driver, you have to create the -following device files (unless they already exist): +following device file (unless it already exist): @example mknod -m 600 /dev/tun c 10 200 @@ -535,6 +540,9 @@ If you use Linux, and you run the new 2.4 kernel using the devfs filesystem, then the TUN/TAP device will probably be automatically generated as @file{/dev/net/tun}. +Unlike the ethertap device, you do not need multiple device files if +you are planning to run multiple tinc daemons. + @c ================================================================== @node Other files, , Device files, System files @@ -693,8 +701,9 @@ in the `=' sign, but doing so improves readability. If you leave it out, remember to replace it with at least one space character. In this section all valid variables are listed in alphabetical order. -The default value is given between parentheses; required directives are -given in @strong{bold}. +The default value is given between parentheses, +other comments are between square brackets and +required directives are given in @strong{bold}. @menu * Main configuration variables:: @@ -753,47 +762,35 @@ are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, even though it is thought to be nearly impossible to crack a single key. -@item ListenPort = (655) -@cindex ListenPort -Listen on local port port. The computer connecting to this daemon should -use this number as the argument for his ConnectPort. - @item @strong{Name = } @cindex Name This is a symbolic name for this connection. It can be anything -@item PingTimeout = (5) +@item PingTimeout = (60) @cindex PingTimeout The number of seconds of inactivity that tinc will wait before sending a probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. -@item PrivateKey = (obsolete) +@item PrivateKey = [obsolete] @cindex PrivateKey This is the RSA private key for tinc. However, for safety reasons it is advised to store private keys of any kind in separate files. This prevents accidental eavesdropping if you are editting the configuration file. -@item @strong{PrivateKeyFile = } (recommended) +@item @strong{PrivateKeyFile = } [recommended] @cindex PrivateKeyFile This is the full path name of the RSA private key file that was generated by ``tincd --generate-keys''. It must be a full path, not a relative directory. -@item @strong{TapDevice = } (/dev/tap0) +@item @strong{TapDevice = } (/dev/tap0 or /dev/net/tun) @cindex TapDevice The ethertap device to use. Note that you can only use one device per daemon. The info pages of the tinc package contain more information about configuring an ethertap device for Linux. -@item TCPonly = (no, experimental) -@cindex TCPonly -If this variable is set to yes, then the packets are tunnelled over a TCP -connection instead of a UDP connection. This is especially useful for those -who want to run a tinc daemon from behind a masquerading firewall, or if -UDP packet routing is disabled somehow. This is experimental code, -try this at your own risk. @end table @@ -802,13 +799,13 @@ try this at your own risk. @subsection Host configuration variables @table @asis -@item @strong{Address = } +@item @strong{Address = } [recommended] @cindex Address This variable is only required if you want to connect to this host. It must resolve to the external IP address where the host can be reached, not the one that is internal to the VPN. -@item IndirectData = (no, experimental) +@item IndirectData = (no) [experimental] @cindex IndirectData This option specifies whether other tinc daemons besides the one you specified with ConnectTo can make a direct connection to you. This is @@ -823,11 +820,11 @@ port port. port may be given in decimal (default), octal (when preceded by a single zero) o hexadecimal (prefixed with 0x). port is the port number for both the UDP and the TCP (meta) connections. -@item PublicKey = (obsolete) +@item PublicKey = [obsolete] @cindex PublicKey This is the RSA public key for this host. -@item PublicKeyFile = (obsolete) +@item PublicKeyFile = [obsolete] @cindex PublicKeyFile This is the full path name of the RSA public key file that was generated by ``tincd --generate-keys''. It must be a full path, not a relative @@ -855,13 +852,14 @@ example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes /22. This conforms to standard CIDR notation as described in @uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519} -@item TCPonly = (no, experimental) +@item TCPonly = (no) [experimental] @cindex TCPonly If this variable is set to yes, then the packets are tunnelled over a TCP connection instead of a UDP connection. This is especially useful for those who want to run a tinc daemon from behind a masquerading firewall, or if UDP packet routing is disabled somehow. This is experimental code, try this at your own risk. It may not work at all. +Setting this options also implicitly sets IndirectData. @end table diff --git a/doc/tincd.8 b/doc/tincd.8 index 1dbe280a..138d8116 100644 --- a/doc/tincd.8 +++ b/doc/tincd.8 @@ -33,8 +33,8 @@ Increase debug level (see below). \fB\-k\fR, \fB\-\-kill\fR Attempt to kill a running tincd and exit. .TP -\fB\-n\fR, \fB\-\-net\fR=\fINETNAME\fR -Connect to net NETNAME. +\fB\-n\fR, \fB\-\-net\fR=\fInetname\fR +Connect to net `netname'. .TP \fB\-K\fR, \fB\-\-generate-keys\fR[=\fIBITS]\fR Generate public/private RSA keypair and exit. If BITS is omitted, @@ -93,26 +93,26 @@ This will log all network traffic over the virtual private network. .PP .SH "FILES" .TP -\fI/etc/tinc//tinc.conf\fR +\fI/etc/tinc/\fBnetname\fI/tinc.conf\fR The configuration file for tincd. .TP -\fI/etc/tinc//tinc-up\fR +\fI/etc/tinc/\fBnetname\fI/tinc-up\fR Script which is executed as soon as a tap device has been allocated. Purpose is to further configure that device. .TP -\fI/etc/tinc//tinc-down\fR +\fI/etc/tinc/\fBnetname\fI/tinc-down\fR Script which is executed when tinc quits. Purpose is to shut down the tap device. .TP -\fI/etc/tinc//hosts/*\fR +\fI/etc/tinc/\fBnetname\fI/hosts/*\fR The directory containing the host configuration files used to authenticate other tinc daemons. +.TP +\fI/var/run/tinc.\fBnetname\fI.pid\fR +The PID of the currently running tincd is stored in this file. .PP .SH "BUGS" -Maintaining a connection list on each tinc daemon that can connect and disconnect at any -moment, and making sure that all connections satisfy the tree property isn't easy. Although -we have done a lot to make sure tinc is sturdy and foolproof, it might happen that -some connection lists get corrupted. +The TCPonly and IndirectData options may not work correctly. .PP \fBThe cryptography in tinc is not well tested yet. Use it at your own risk!\fR .PP From a5e2ae6b2b2e1629cf05bb2a57df75f13c0f120a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 25 May 2001 10:08:11 +0000 Subject: [PATCH 380/923] With recent kernels the tun device file is located in /dev/net. --- src/net.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/net.c b/src/net.c index 68080fde..33416b32 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.106 2001/05/25 08:36:11 guus Exp $ + $Id: net.c,v 1.35.4.107 2001/05/25 10:08:11 guus Exp $ */ #include "config.h" @@ -285,7 +285,7 @@ cp { #ifdef HAVE_LINUX # ifdef HAVE_TUNTAP - tapfname = "/dev/misc/net/tun"; + tapfname = "/dev/net/tun"; # else tapfname = "/dev/tap0"; # endif @@ -1151,7 +1151,7 @@ cp syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds")); } - /* Inactivate */ + /* Deactivate */ cl->status.active = 0; cp From fcf869cd4250a240ea8d443f70fa373e4fbacf07 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 25 May 2001 11:54:28 +0000 Subject: [PATCH 381/923] TCPonly now works (in a relatively clean way too). --- src/connection.h | 4 +- src/meta.c | 67 +++++++++++++++++++++--------- src/net.c | 17 ++++++-- src/net.h | 3 +- src/protocol.c | 103 ++++++++++++++++------------------------------- src/route.c | 7 ++-- 6 files changed, 104 insertions(+), 97 deletions(-) diff --git a/src/connection.h b/src/connection.h index 5d2d3be4..f46d35b8 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.8 2001/03/04 13:59:25 guus Exp $ + $Id: connection.h,v 1.1.2.9 2001/05/25 11:54:28 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -85,7 +85,7 @@ typedef struct connection_t { char *buffer; /* metadata input buffer */ int buflen; /* bytes read into buffer */ - int reqlen; /* length of first request in buffer */ + int tcplen; /* length of incoming TCPpacket */ int allow_request; /* defined if there's only one request possible */ time_t last_ping_time; /* last time we saw some activity from the other end */ diff --git a/src/meta.c b/src/meta.c index 87cb415d..3fadb0d4 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.17 2001/05/25 08:36:11 guus Exp $ + $Id: meta.c,v 1.1.2.18 2001/05/25 11:54:28 guus Exp $ */ #include "config.h" @@ -45,15 +45,13 @@ int send_meta(connection_t *cl, char *buffer, int length) { - char outbuf[MAXBUFSIZE]; char *bufp; int outlen; + char outbuf[MAXBUFSIZE]; cp if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s): %s"), length, - cl->name, cl->hostname, buffer); - - buffer[length-1]='\n'; + syslog(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s)"), length, + cl->name, cl->hostname); if(cl->status.encryptout) { @@ -91,9 +89,9 @@ int receive_meta(connection_t *cl) { int x, l = sizeof(x); int oldlen, i; - int lenin = 0; - char inbuf[MAXBUFSIZE]; + int lenin, reqlen; int decrypted = 0; + char inbuf[MAXBUFSIZE]; cp if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { @@ -108,6 +106,15 @@ cp return -1; } + /* Strategy: + - Read as much as possible from the TCP socket in one go. + - Decrypt it. + - Check if a full request is in the input buffer. + - If yes, process request and remove it from the buffer, + then check again. + - If not, keep stuff in buffer and exit. + */ + lenin = read(cl->meta_socket, cl->buffer + cl->buflen, MAXBUFSIZE - cl->buflen); if(lenin<=0) @@ -133,6 +140,8 @@ cp while(lenin) { + /* Decrypt */ + if(cl->status.decryptin && !decrypted) { EVP_DecryptUpdate(cl->cipher_inctx, inbuf, &lenin, cl->buffer + oldlen, lenin); @@ -140,31 +149,51 @@ cp decrypted = 1; } - cl->reqlen = 0; + /* Are we receiving a TCPpacket? */ + + if(cl->tcplen) + { + if(cl->tcplen <= cl->buflen) + { + receive_tcppacket(cl, cl->buffer, cl->tcplen); + + cl->buflen -= cl->tcplen; + lenin -= cl->tcplen; + memmove(cl->buffer, cl->buffer + cl->tcplen, cl->buflen); + oldlen = 0; + cl->tcplen = 0; + continue; + } + else + { + break; + } + } + + /* Otherwise we are waiting for a request */ + + reqlen = 0; for(i = oldlen; i < cl->buflen; i++) { if(cl->buffer[i] == '\n') { - cl->buffer[i] = 0; /* replace end-of-line by end-of-string so we can use sscanf */ - cl->reqlen = i + 1; + cl->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ + reqlen = i + 1; break; } } - if(cl->reqlen) + if(reqlen) { - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Got request from %s (%s): %s"), - cl->name, cl->hostname, cl->buffer); - if(receive_request(cl)) return -1; - cl->buflen -= cl->reqlen; - lenin -= cl->reqlen; - memmove(cl->buffer, cl->buffer + cl->reqlen, cl->buflen); + cl->buflen -= reqlen; + lenin -= reqlen; + memmove(cl->buffer, cl->buffer + reqlen, cl->buflen); oldlen = 0; + continue; } else { diff --git a/src/net.c b/src/net.c index 33416b32..4db639ce 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.107 2001/05/25 10:08:11 guus Exp $ + $Id: net.c,v 1.35.4.108 2001/05/25 11:54:28 guus Exp $ */ #include "config.h" @@ -184,6 +184,17 @@ cp cp } +void receive_tcppacket(connection_t *cl, char *buffer, int len) +{ + vpn_packet_t outpkt; +cp + outpkt.len = len; + memcpy(outpkt.data, buffer, len); + + receive_packet(cl, &outpkt); +cp +} + void accept_packet(vpn_packet_t *packet) { cp @@ -203,7 +214,7 @@ cp if(write(tap_fd, packet->data - 2, packet->len + 2) < 0) syslog(LOG_ERR, _("Can't write to ethertap device: %m")); else - total_tap_out += packet->len + 2; + total_tap_out += packet->len; } cp } @@ -1290,7 +1301,7 @@ cp vp.len = lenin - 2; } - total_tap_in += lenin; + total_tap_in += vp.len; if(lenin < 32) { diff --git a/src/net.h b/src/net.h index 6323b2ae..ba17331c 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.30 2001/05/07 19:08:46 guus Exp $ + $Id: net.h,v 1.9.4.31 2001/05/25 11:54:28 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -109,6 +109,7 @@ extern int str2opt(const char *); extern char *opt2str(int); extern void send_packet(connection_t *, vpn_packet_t *); extern void receive_packet(connection_t *, vpn_packet_t *); +extern void receive_tcppacket(connection_t *, char *, int); extern void accept_packet(vpn_packet_t *); extern int setup_network_connections(void); extern void close_network_connections(void); diff --git a/src/protocol.c b/src/protocol.c index 52300632..bf54c6a5 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.90 2001/05/25 08:36:11 guus Exp $ + $Id: protocol.c,v 1.28.4.91 2001/05/25 11:54:28 guus Exp $ */ #include "config.h" @@ -106,11 +106,15 @@ cp return -1; } - len++; - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname); + { + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], cl->name, cl->hostname, buffer); + else + syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname); + } + buffer[len++] = '\n'; cp return send_meta(cl, buffer, len); } @@ -118,20 +122,31 @@ cp int receive_request(connection_t *cl) { int request; -cp +cp if(sscanf(cl->buffer, "%d", &request) == 1) { if((request < 0) || (request >= LAST) || (request_handlers[request] == NULL)) { - syslog(LOG_ERR, _("Unknown request from %s (%s)"), - cl->name, cl->hostname); + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Unknown request from %s (%s): %s"), + cl->name, cl->hostname, cl->buffer); + else + syslog(LOG_ERR, _("Unknown request from %s (%s)"), + cl->name, cl->hostname); + return -1; } else { if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_DEBUG, _("Got %s from %s (%s)"), - request_name[request], cl->name, cl->hostname); + { + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Got %s from %s (%s): %s"), + request_name[request], cl->name, cl->hostname, cl->buffer); + else + syslog(LOG_DEBUG, _("Got %s from %s (%s)"), + request_name[request], cl->name, cl->hostname); + } } if((cl->allow_request != ALL) && (cl->allow_request != request)) @@ -158,34 +173,8 @@ cp return 0; } -/* Connection protocol: - - Client Server - send_id(u) - send_challenge(R) - send_chal_reply(H) - send_id(u) - send_challenge(R) - send_chal_reply(H) - --------------------------------------- - send_metakey(R) - send_metakey(R) - --------------------------------------- - send_ack(u) - send_ack(u) - --------------------------------------- - Other requests(E)... - - (u) Unencrypted, - (R) RSA, - (H) SHA1, - (E) Encrypted with symmetric cipher. - - Part of the challenge is directly used to set the symmetric cipher - key and the initial vector. Since a man-in-the-middle cannot - decrypt the RSA challenges, this means that he cannot get or forge - the key for the symmetric cipher. -*/ +/* The authentication protocol is described in detail in doc/SECURITY2, + the rest will be described in doc/PROTOCOL. */ int send_id(connection_t *cl) { @@ -1287,53 +1276,29 @@ int send_tcppacket(connection_t *cl, vpn_packet_t *packet) { int x; cp + /* Evil hack. */ + x = send_request(cl->nexthop, "%d %hd", PACKET, packet->len); if(x) return x; - - return send_meta(cl->nexthop, packet->data, packet->len); +cp + return send_meta(cl, packet->data, packet->len); } int tcppacket_h(connection_t *cl) { - vpn_packet_t packet; - char *p; - int todo, x; + short int len; cp - if(sscanf(cl->buffer, "%*d %hd", &packet.len) != 1) + if(sscanf(cl->buffer, "%*d %hd", &len) != 1) { syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"), cl->name, cl->hostname); return -1; } - /* Evil hack. */ + /* Set reqlen to len, this will tell receive_meta() that a tcppacket is coming. */ - p = packet.data; - todo = packet.len; - - while(todo) - { - x = read(cl->meta_socket, p, todo); - - if(x<=0) - { - if(x==0) - syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), cl->name, cl->hostname); - else - if(errno==EINTR || errno==EAGAIN) /* FIXME: select() or poll() or reimplement this evil hack */ - continue; - else - syslog(LOG_ERR, _("Error during reception of PACKET from %s (%s): %m"), cl->name, cl->hostname); - - return -1; - } - - todo -= x; - p += x; - } - - receive_packet(cl, &packet); + cl->tcplen = len; cp return 0; } diff --git a/src/route.c b/src/route.c index c93379be..3264d560 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.7 2001/03/04 13:59:32 guus Exp $ + $Id: route.c,v 1.1.2.8 2001/05/25 11:54:28 guus Exp $ */ #include "config.h" @@ -181,11 +181,12 @@ void route_incoming(connection_t *source, vpn_packet_t *packet) { switch(routing_mode) { + case RMODE_ROUTER: + memcpy(packet->data, mymac.net.mac.address.x, 6); + break; case RMODE_SWITCH: learn_mac(source, (mac_t *)(&packet->data[0])); break; - case RMODE_ROUTER: - memcpy(packet->data, mymac.net.mac.address.x, 6); } accept_packet(packet); From f0c64a3dac3b0469ea05fa5d44a1e7bdbfa64900 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 25 May 2001 12:45:37 +0000 Subject: [PATCH 382/923] Merged PROTOCOL, NETWORK and SECURITY2 with the texinfo manual. --- doc/tinc.texi | 268 ++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 250 insertions(+), 18 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index c3c4a78d..eadb1510 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.17 2001/05/25 10:06:13 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.18 2001/05/25 12:45:37 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -17,7 +17,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.17 2001/05/25 10:06:13 guus Exp $ +$Id: tinc.texi,v 1.8.4.18 2001/05/25 12:45:37 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -42,7 +42,7 @@ Copyright @copyright{} 1998-2001 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.17 2001/05/25 10:06:13 guus Exp $ +$Id: tinc.texi,v 1.8.4.18 2001/05/25 12:45:37 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -1336,28 +1336,29 @@ files are bound to be in a different directory. @menu -* The Connection:: +* The connection:: +* The meta-protocol:: * Security:: @end menu @c ================================================================== -@node The Connection, Security, Technical information, Technical information -@section The basic philosophy of the way tinc works -@cindex connection +@node The connection, The meta-protocol, Technical information, Technical information +@section The connection +@cindex connection tinc is a daemon that takes VPN data and transmit that to another host computer over the existing Internet infrastructure. @menu -* Protocol Preview:: -* The Meta-connection:: +* The UDP tunnel:: +* The meta-connection:: @end menu @c ================================================================== -@node Protocol Preview, The Meta-connection, The Connection, The Connection -@subsection A preview of the way the tinc works +@node The UDP tunnel, The meta-connection, The connection, The connection +@subsection The UDP tunnel @cindex ethertap @cindex frame type @@ -1401,7 +1402,7 @@ set the MAC address of your tap interface to that address. @c ================================================================== -@node The Meta-connection, , Protocol Preview, The Connection +@node The meta-connection, , The UDP tunnel, The connection @subsection The meta-connection Having only an UDP connection available is not enough. Though suitable @@ -1433,8 +1434,105 @@ three ACKs sent instead of just one. Furthermore, if there would be a timeout, both TCP streams would sense the timeout, and both would start re-sending packets. + @c ================================================================== -@node Security, , The Connection, Technical information +@node The meta-protocol, Security, The connection, Technical information +@section The meta-protocol + +The meta protocol is used to tie all tinc daemons together, and +exchange information about which tinc daemon serves which virtual +subnet. + +The meta protocol consists of requests that can be sent to the other +side. Each request has a unique number and several parameters. All +requests are represented in the standard ASCII character set. It is +possible to use tools such as telnet or netcat to connect to a tinc +daemon and to read and write requests by hand, provided that one +understands the numeric codes sent. + +The authentication scheme is described in @ref{Authentication protocol}. After a +succesful authentication, the server and the client will exchange all the +information about other tinc daemons and subnets they know of, so that both +sides (and all the other tinc daemons behind them) have their information +synchronised. + +@cindex ADD_HOST +@cindex ADD_SUBNET +@example +daemon message +-------------------------------------------------------------------------- +origin ADD_HOST daemon a329e18c:655 0 + | | +--> options + | +---------> real address:port + +-------------------> name of new tinc daemon +origin ADD_SUBNET daemon 1,0a010100/ffffff00 + | | | +--> netmask + | | +----------> vpn IPv4 network address + | +----------------> subnet type (1=IPv4) + +--------------------> owner of this subnet +-------------------------------------------------------------------------- +@end example + +@cindex DEL_HOST +@cindex DEL_SUBNET +In case daemons leave the VPN, DEL_HOST and DEL_SUBNET messages with exactly +the same syntax are sent to inform the other daemons of the departure. + +The keys used to encrypt VPN packets are not sent out directly. This is +because it would generate a lot of traffic on VPNs with many daemons, and +chances are that not every tinc daemon will ever send a packet to every +other daemon. Instead, if a daemon needs a key it sends a request for it +via the meta connection of the nearest hop in the direction of the +destination. If any hop on the way has already learned the key, it will +act as a proxy and forward it's copy back to the requestor. + +@cindex REQ_KEY +@cindex ANS_KEY +@cindex KEY_CHANGED +@example +daemon message +-------------------------------------------------------------------------- +daemon REQ_KEY origin destination + | +--> name of the tinc daemon it wants the key from + +----------> name of the daemon that wants the key +daemon ANS_KEY origin destination e4ae0b0a82d6e0078179b5290c62c7d0 + | | \______________________________/ + | | +--> 128 bits key + | +--> name of the daemon that wants the key + +----------> name of the daemon that uses this key +daemon KEY_CHANGED origin + +--> daemon that has changed it's packet key +-------------------------------------------------------------------------- +@end example + +There is also a mechanism to check if hosts are still alive. Since network +failures or a crash can cause a daemon to be killed without properly +shutting down the TCP connection, this is necessary to keep an up to date +connection list. PINGs are sent at regular intervals, except when there +is also some other traffic. A little bit of salt (random data) is added +with each PING and PONG message, to make sure that long sequences of PING/PONG +messages without any other traffic won't result in known plaintext. + +@cindex PING +@cindex PONG +@example +daemon message +-------------------------------------------------------------------------- +origin PING 9e76 + \__/ + +--> 2 bytes of salt (random data) +dest. PONG 3b8d + \__/ + +--> 2 bytes of salt (random data) +-------------------------------------------------------------------------- +@end example + +This basically covers what is sent over the meta connection by +tinc. + + +@c ================================================================== +@node Security, , The meta-protocol, Technical information @section About tinc's encryption and other security-related issues. @cindex TINC @@ -1452,12 +1550,146 @@ tinc uses blowfish encryption in CBC mode and a small amount of salt at the beginning of each packet to make sure eavesdroppers cannot get any information at all from the packets they can intercept. +@menu +* Authentication protocol:: +* Encryption of network packets:: +@end menu + + +@c ================================================================== +@node Authentication protocol, Encryption of network packets, Security, Security +@subsection Authentication protocol + @cindex authentication -Another important part is the authentication done prior to allowing other -tinc daemons to connect. This is done by a challenge/response handshake -involving RSA encryption. -The details of the authentication can be found in a file called @file{doc/SECURITY2} -in the source of tinc. +A new scheme for authentication in tinc has been devised, which offers some +improvements over the protocol used in 1.0pre2 and 1.0pre3. Explanation is +below. + +@example +daemon message +-------------------------------------------------------------------------- +client + +server + +client ID client 10 0 + | | +-> options + | +---> version + +--------> name of tinc daemon + +server ID server 10 0 + | | +-> options + | +---> version + +--------> name of tinc daemon + +client META_KEY 5f0823a93e35b69e...7086ec7866ce582b + \_________________________________/ + +-> RSAKEYLEN bits totally random string S1, + encrypted with server's public RSA key + +server META_KEY 6ab9c1640388f8f0...45d1a07f8a672630 + \_________________________________/ + +-> RSAKEYLEN bits totally random string S2, + encrypted with client's public RSA key + +From now on: + - the client will encrypt outgoing traffic using S1 + - the server will encrypt outgoing traffic using S2 + +client CHALLENGE da02add1817c1920989ba6ae2a49cecbda0 + \_________________________________/ + +-> CHALLEN bits totally random string H1 + +server CHALLENGE 57fb4b2ccd70d6bb35a64c142f47e61d57f + \_________________________________/ + +-> CHALLEN bits totally random string H2 + +client CHAL_REPLY 816a86 + +-> 160 bits SHA1 of H2 + +server CHAL_REPLY 928ffe + +-> 160 bits SHA1 of H1 +-------------------------------------------------------------------------- +@end example + +This new scheme has several improvements, both in efficiency and security. + +First of all, the server sends exactly the same kind of messages over the wire +as the client. The previous versions of tinc first authenticated the client, +and then the server. This scheme even allows both sides to send their messages +simultaneously, there is no need to wait for the other to send something first. +This means that any calculations that need to be done upon sending or receiving +a message can also be done in parallel. This is especially important when doing +RSA encryption/decryption. Given that these calculations are the main part of +the CPU time spent for the authentication, speed is improved by a factor 2. + +Second, only one RSA encrypted message is sent instead of two. This reduces the +amount of information attackers can see (and thus use for a cryptographic +attack). It also improves speed by a factor two, making the total speedup a +factor 4. + +Third, and most important: +The symmetric cipher keys are exchanged first, the challenge is done +afterwards. In the previous authentication scheme, because a man-in-the-middle +could pass the challenge/chal_reply phase (by just copying the messages between +the two real tinc daemons), but no information was exchanged that was really +needed to read the rest of the messages, the challenge/chal_reply phase was of +no real use. The man-in-the-middle was only stopped by the fact that only after +the ACK messages were encrypted with the symmetric cipher. Potentially, it +could even send it's own symmetric key to the server (if it knew the server's +public key) and read some of the metadata the server would send it (it was +impossible for the mitm to read actual network packets though). The new scheme +however prevents this. + +This new scheme makes sure that first of all, symmetric keys are exchanged. The +rest of the messages are then encrypted with the symmetric cipher. Then, each +side can only read received messages if they have their private key. The +challenge is there to let the other side know that the private key is really +known, because a challenge reply can only be sent back if the challenge is +decrypted correctly, and that can only be done with knowledge of the private +key. + +Fourth: the first thing that is send via the symmetric cipher encrypted +connection is a totally random string, so that there is no known plaintext (for +an attacker) in the beginning of the encrypted stream. + + +@c ================================================================== +@node Encryption of network packets, , Authentication protocol, Security +@subsection Encryption of network packet +@cindex encryption + +A data packet can only be sent if the encryption key is known to both +parties, and the connection is activated. If the encryption key is not +known, a request is sent to the destination using the meta connection +to retreive it. The packet is stored in a queue while waiting for the +key to arrive. + +@cindex UDP +The UDP packet containing the network packet from the VPN has the following layout: + +@example +... | IP header | UDP header | salt | VPN packet | UDP trailer + \___________________/ + | + V + Encrypted with symmetric cipher +@end example + +So, the entire UDP payload is encrypted using a symmetric cipher (blowfish in CBC mode). +2 bytes of salt (random data) are added in front of the actual VPN packet, +so that two VPN packets with (almost) the same content do not seem to be +the same for eavesdroppers. +2 bytes of salt may not seem much, but you can encrypt 65536 identical packets +now without an attacker being able to see that they were identical. +Given a MTU of 1500 this means 96 Megabyte of data. + +There is no @emph{extra} provision against replay attacks or alteration of packets. +However, the VPN packets, normally UDP or TCP packets themselves, contain +checksums and sequence numbers. +Since those checksums and sequence numbers are encrypted, +they automatically become @emph{cryptographically secure}. +The kernel will handle any checksum errors and duplicate packets. @c ================================================================== From e12d41f39d8dd1cd30058d08effd2e5b66cdd4fd Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 25 May 2001 13:24:34 +0000 Subject: [PATCH 383/923] Documents are merged. Now we only need to check the ports and the TCPonly and IndirectData options. --- TODO | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/TODO b/TODO index 0a30f2cf..226e2713 100644 --- a/TODO +++ b/TODO @@ -4,12 +4,14 @@ Goals for 1.0 release: * Check Solaris port * Check FreeBSD port again +* Check TCPonly and IndirectData + * Check different linux architectures (x86, alpha and sparc32 done) * Store private key in a separate file (done, 1 dec 2000) * Sanity checks on configuration directory (mostly done) * Use efficient tree algorithms instead of linked lists (done) * Reenable queues for delayed packets (done) -* Merge documentation files (SECURITY, INSTALL, PROTOCOL) into tinc.texi +* Merge documentation files (SECURITY, INSTALL, PROTOCOL) into tinc.texi (done) * Different authentication scheme (done) * Add randomness to packet headers and PING/PONG requests (done) From 8d307c2fbf2c20eb53909f74c81e03db838fb55e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 25 May 2001 18:57:37 +0000 Subject: [PATCH 384/923] Fix sample configuration to show keys in PEM format and correct tapdevice. --- doc/SECURITY | 151 ------------------------------ doc/sample-config/hosts/alpha | 6 +- doc/sample-config/hosts/alpha.key | 1 - doc/sample-config/hosts/beta | 6 +- doc/sample-config/hosts/beta.key | 1 - doc/sample-config/tinc-down | 2 +- doc/sample-config/tinc-up | 4 +- 7 files changed, 11 insertions(+), 160 deletions(-) delete mode 100644 doc/SECURITY delete mode 100644 doc/sample-config/hosts/alpha.key delete mode 100644 doc/sample-config/hosts/beta.key diff --git a/doc/SECURITY b/doc/SECURITY deleted file mode 100644 index 670135c7..00000000 --- a/doc/SECURITY +++ /dev/null @@ -1,151 +0,0 @@ -This is the security documentation for tinc, a Virtual Private Network daemon. - - Copyright 2000,2001 Guus Sliepen , - 2000,2001 Ivo Timmmermans - - Permission is granted to make and distribute verbatim copies of - this documentation provided the copyright notice and this - permission notice are preserved on all copies. - - Permission is granted to copy and distribute modified versions of - this documentation under the conditions for verbatim copying, - provided that the entire resulting derived work is distributed - under the terms of a permission notice identical to this one. - - $Id: SECURITY,v 1.1.2.4 2001/01/07 17:08:03 guus Exp $ - - -1. Authentication ------------------- - -The authentication protocol (see protocol.c for the up-to-date version) is: - - Client Server - send_id(u) - send_challenge(R) - send_chal_reply(H) - send_id(u) - send_challenge(R) - send_chal_reply(H) - send_metakey(R) - send_metakey(R) - send_ack(u) - send_ack(u) - --------------------------------------- - Other requests(E)... - - (u) Unencrypted, - (R) RSA, - (H) SHA1, - (E) Encrypted with symmetric cipher. - -See section 4 for a detailed example version of the authentication. - -Authentication in tinc will be done in a way that is very similar to the way -the SSH (Secure SHell) authentication protocol works. It is based on public -key cryptography. - -Every tinc host has its own public/private key pair. Suppose there are two -tinc hosts, A and B. If A and B trust each other, they store a copy of -eachothers public key (in the same way passphrases were stored in versions -of tinc <= 1.0pre2). They know these public keys beforehand, and the origin -of the public keys has to be known for sure. - -To make sure that when a connection is made from A to B that B knows A is -really who he claims to be, B encrypts a totally random string of bytes with -A's public key. B also calculates the hash value from the unencrypted random -string. B then sends the encrypted string to A. A then has to decrypt the -string, calculate the hash value from that string and send it back to B. Since -only he who possesses A's private key can decrypt this string, only he can send -back the correct hash value. So, if B receives the same hash value he -calculated himself, he knows for sure A is A. - -Both SSH and tinc use RSA for the public key cryptography. SSH uses MD5 as a -secure hash algorithm, tinc uses SHA1. The reason for our choice of SHA1 is -the fact that SHA1 is 160 bits instead of 128 (MD5), which makes brute force -attacks harder. Also, the OpenSSL documentation recommends SHA1. - -2. Key exchange ----------------- - -The rest of the meta connection in tinc will be encrypted with a symmetric -block cipher, since RSA is not really suited for this. When a connection is -made, both sides have to agree on a key for this block cipher. To make sure -that this key exchange is also done securely, and no man-in-the-middle attack -is possible, RSA would be the best choice for exchanging keys. - -3. Symmetric cipher --------------------- - -Since the generalized encryption functions of OpenSSL are used, any symmetric -cipher that is available in OpenSSL could possibly be used. The default however -will be Blowfish. Blowfish is widely in use and still has not been cracked -today (as far as we know). It also is one of the faster ciphers available. - -4. Detailed "example" of communication ---------------------------------------- - -Tinc uses a peer-to-peer protocol, but during the authentication phase we will -make a distinction between a server (a tinc daemon listening for incoming -connections) and a client (a tinc daemon that is trying to connect to the tinc -daemon playing server). - -The message strings here are kept short for clarity. The real length of the -exchanged messages is indicated. The capital words ID, CHALLENGE, CHAL_REPLY, -META_KEY and ACK are in reality replaced by the numbers 0, 1, 2, 3 and 4 -respectively. - -daemon message --------------------------------------------------------------------------- -server -client -server -client ID client 8 0 - | | +-> options - | +---> version - +-------> name of tinc daemon -server CHALLENGE 57fb4b2ccd70d6bb35a64c142f47e61d - \______________________________/ - +-> KEYLENGTH bits totally random string, encrypted - with client's public RSA key -client CHAL_REPLY 191e23 - +-> 160 bits SHA1 value of the complete decrypted - CHALLENGE sent by the server -server ID server 8 0 - | | +-> options - | +---> version - +-------> name of tinc daemon -client CHALLENGE da02add1817c1920989ba6ae2a49cecb - \______________________________/ - +-> KEYLENGTH bits totally random string, encrypted - with server's public RSA key -server CHAL_REPLY 2bdeed - +-> 160 bits SHA1 value of the complete decrypted - CHALLENGE sent by the client -client META_KEY 5f0823a93e35b69e7086ec7866ce582b - \______________________________/ - +-> KEYLENGTH bits totally random string, encrypted - with server's public RSA key -server META_KEY 6ab9c1640388f8f045d1a07f8a672630 - \______________________________/ - +-> KEYLENGTH bits totally random string, encrypted - with client's public RSA key -client ACK -server ACK --------------------------------------------------------------------------- - -When the server receives the ACK from the client, it should prepare itself -for the fact that any subsequent data will be encrypted with the key the server -sent itself in the META_KEY. Ofcourse, this key is taken from the decrypted -version of that META_KEY, so that we will know for sure only the real client -can send us messages. The same goes for the client when it receives an ACK. - -5. Encryption of VPN packets ------------------------------ - -The VPN packets are also encrypted, but with a different key than the one used -for the meta connection. The reason is that VPN packets can also come from -other clients which do not have a meta connection with server. Each tinc daemon -propagates (on request) a separate key for packets that it receives. This key -is a random string, generated on the fly. Since it is exchanged using the meta -connection, this key itself will be encrypted. diff --git a/doc/sample-config/hosts/alpha b/doc/sample-config/hosts/alpha index 95315e1f..0f5e56a9 100644 --- a/doc/sample-config/hosts/alpha +++ b/doc/sample-config/hosts/alpha @@ -9,5 +9,7 @@ Port = 655 # Subnet on the virtual private network that is local for this host. Subnet = 192.168.1.0/24 -# The file in which the public key for this host is stored. Required. -PublicKeyFile = /etc/tinc/example/hosts/alpha.key +# The public key generated by `tincd -n example -K' is stored here +-----BEGIN RSA PUBLIC KEY----- +... +-----END RSA PUBLIC KEY----- diff --git a/doc/sample-config/hosts/alpha.key b/doc/sample-config/hosts/alpha.key deleted file mode 100644 index ac135363..00000000 --- a/doc/sample-config/hosts/alpha.key +++ /dev/null @@ -1 +0,0 @@ -# Generate this file with `tincd -n example -K` diff --git a/doc/sample-config/hosts/beta b/doc/sample-config/hosts/beta index 9e357b22..6f70d4f7 100644 --- a/doc/sample-config/hosts/beta +++ b/doc/sample-config/hosts/beta @@ -10,5 +10,7 @@ Port = 6500 # Subnet on the virtual private network that is local for this host. Subnet = 192.168.2.0/24 -# The file in which the public key for this host is stored. Required. -PublicKeyFile = /etc/tinc/example/hosts/beta.key +# The public key generated by `tincd -n example -K' is stored here +-----BEGIN RSA PUBLIC KEY----- +... +-----END RSA PUBLIC KEY----- diff --git a/doc/sample-config/hosts/beta.key b/doc/sample-config/hosts/beta.key deleted file mode 100644 index 4470b704..00000000 --- a/doc/sample-config/hosts/beta.key +++ /dev/null @@ -1 +0,0 @@ -# This file has not been generated by this host, but by beta. diff --git a/doc/sample-config/tinc-down b/doc/sample-config/tinc-down index 9f3b499d..12749919 100644 --- a/doc/sample-config/tinc-down +++ b/doc/sample-config/tinc-down @@ -4,4 +4,4 @@ # need to do anything; once tinc quits the tap device is already # removed by the kernel. -ifconfig tap0 down +ifconfig tap1 down diff --git a/doc/sample-config/tinc-up b/doc/sample-config/tinc-up index 98df7638..f515e51d 100644 --- a/doc/sample-config/tinc-up +++ b/doc/sample-config/tinc-up @@ -6,9 +6,9 @@ # but for the universal tun/tap device use $NETNAME. # Set hardware ethernet address (required!) -ifconfig tap0 hw ether fe:fd:0:0:0:0 +ifconfig tap1 hw ether fe:fd:0:0:0:0 # Give it the right ip and netmask. Remember, the subnet of the # tap device must be larger than that of the individual Subnets # as defined in the host configuration file! -ifconfig tap0 192.168.1.1 netmask 255.255.0.0 -arp +ifconfig tap1 192.168.1.1 netmask 255.255.0.0 -arp From 20c2b62b1802390c0f5a1757641a0a1cea8103a8 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 26 May 2001 09:34:11 +0000 Subject: [PATCH 385/923] New make target: `make release' --- Makefile.am | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index bda83a25..bc25c2c9 100644 --- a/Makefile.am +++ b/Makefile.am @@ -14,7 +14,6 @@ CVS_CREATED = configure aclocal.m4 config.h.in config.guess \ po/tinc.pot src/.libs intl ChangeLog: - rm -f ChangeLog cvs2cl -U cvsusers --fsf cvs-clean: maintainer-clean @@ -30,3 +29,10 @@ rpm: dist cp redhat/tinc.spec /usr/src/redhat/SOURCES/ cd /usr/src/redhat/SOURCES/ rpm -bi tinc.spec + +release: + rm -f ChangeLog + $(MAKE) ChangeLog + echo "Please edit the NEWS file now..." + /usr/bin/editor NEWS + $(MAKE) dist From 514f8f579d5c0608aee8ca4a43d7414ecee5c11c Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 26 May 2001 09:35:00 +0000 Subject: [PATCH 386/923] Changed version number to 1.0-cvs --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index e55dc9e0..40a4308f 100644 --- a/configure.in +++ b/configure.in @@ -1,9 +1,9 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.30 2001/01/17 01:31:56 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.31 2001/05/26 09:35:00 zarq Exp $ AC_INIT(src/tincd.c) -AM_INIT_AUTOMAKE(tinc, 1.0pre4) +AM_INIT_AUTOMAKE(tinc, 1.0-cvs) AM_CONFIG_HEADER(config.h) dnl Include the macros from the m4/ directory From 4e959ee40542733e647c36831c1fc87ed8098233 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sat, 26 May 2001 09:35:28 +0000 Subject: [PATCH 387/923] Don't distribute autogen.sh in a release --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index bc25c2c9..3046ad0c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,7 +6,7 @@ SUBDIRS = m4 intl lib src doc po redhat debian ACLOCAL_AMFLAGS = -EXTRA_DIST = system.h ABOUT-NLS COPYING.README autogen.sh +EXTRA_DIST = system.h ABOUT-NLS COPYING.README CVS_CREATED = configure aclocal.m4 config.h.in config.guess \ config.sub install-sh ltconfig ltmain.sh missing mkinstalldirs \ From 65247c063b36a76dd68156fe17b017c7460d982f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 28 May 2001 08:21:43 +0000 Subject: [PATCH 388/923] Small fixes to allow correct compilation under FreeBSD (tested with 4.3) --- src/net.c | 13 +++++++++---- src/route.c | 8 ++++++-- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/src/net.c b/src/net.c index 4db639ce..b0d3cd1e 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.108 2001/05/25 11:54:28 guus Exp $ + $Id: net.c,v 1.35.4.109 2001/05/28 08:21:43 guus Exp $ */ #include "config.h" @@ -26,8 +26,10 @@ #include #include #include -#include -#include +#ifndef HAVE_FREEBSD + #include + #include +#endif #include #include #include @@ -383,6 +385,7 @@ cp option = 1; setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); +#ifndef HAVE_FREEBSD setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); option = IPTOS_LOWDELAY; @@ -397,6 +400,7 @@ cp return -1; } } +#endif memset(&a, 0, sizeof(a)); a.sin_family = AF_INET; @@ -511,11 +515,12 @@ cp option = 1; setsockopt(cl->meta_socket, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); +#ifndef HAVE_FREEBSD setsockopt(cl->meta_socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); option = IPTOS_LOWDELAY; setsockopt(cl->meta_socket, SOL_IP, IP_TOS, &option, sizeof(option)); - +#endif /* Connect */ a.sin_family = AF_INET; diff --git a/src/route.c b/src/route.c index 3264d560..1b6336dc 100644 --- a/src/route.c +++ b/src/route.c @@ -17,12 +17,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.8 2001/05/25 11:54:28 guus Exp $ + $Id: route.c,v 1.1.2.9 2001/05/28 08:21:43 guus Exp $ */ #include "config.h" -#include +#ifdef HAVE_FREEBSD + #include +#else + #include +#endif #include #include #include From 7db1b999c82611d6c68a5d79b4754db19669d5c6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 28 May 2001 08:56:57 +0000 Subject: [PATCH 389/923] Make sure Solaris is happy too. --- src/net.c | 8 ++++---- src/tincd.c | 8 ++++++-- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/src/net.c b/src/net.c index b0d3cd1e..2c08dcf2 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.109 2001/05/28 08:21:43 guus Exp $ + $Id: net.c,v 1.35.4.110 2001/05/28 08:56:57 guus Exp $ */ #include "config.h" @@ -26,7 +26,7 @@ #include #include #include -#ifndef HAVE_FREEBSD +#ifdef HAVE_LINUX #include #include #endif @@ -385,7 +385,7 @@ cp option = 1; setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); -#ifndef HAVE_FREEBSD +#ifdef HAVE_LINUX setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); option = IPTOS_LOWDELAY; @@ -515,7 +515,7 @@ cp option = 1; setsockopt(cl->meta_socket, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); -#ifndef HAVE_FREEBSD +#ifdef HAVE_LINUX setsockopt(cl->meta_socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); option = IPTOS_LOWDELAY; diff --git a/src/tincd.c b/src/tincd.c index 318f7594..94f792cd 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.45 2001/03/01 21:32:04 guus Exp $ + $Id: tincd.c,v 1.10.4.46 2001/05/28 08:56:57 guus Exp $ */ #include "config.h" @@ -333,7 +333,11 @@ main(int argc, char **argv, char **envp) return 1; } - openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ +#ifdef HAVE_SOLARIS + openlog("tinc", LOG_CONS, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ +#else + openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ +#endif g_argv = argv; From 0a3c8cefd4a154948799baaaa246cf0eba050eff Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 1 Jun 2001 08:02:09 +0000 Subject: [PATCH 390/923] Fix subnet_lookup() for overlapping subnets. Needs rethinking. --- src/subnet.c | 41 ++++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/src/subnet.c b/src/subnet.c index a08e2de7..51b1cd7a 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.18 2001/01/07 20:19:08 guus Exp $ + $Id: subnet.c,v 1.1.2.19 2001/06/01 08:02:09 guus Exp $ */ #include "config.h" @@ -57,16 +57,12 @@ cp int subnet_compare_ipv4(subnet_t *a, subnet_t *b) { cp - /* If the subnet of a falls within the range of subnet b, - then we consider a smaller then b. - Otherwise, the addresses alone (and not the subnet masks) will be compared. - */ + /* We compare as if a subnet is a number that equals (address << 32 + netmask). */ - if(a->net.ipv4.mask > b->net.ipv4.mask) - if((a->net.ipv4.address & b->net.ipv4.mask) == b->net.ipv4.address) - return -1; - - return a->net.ipv4.address - b->net.ipv4.address; + if(a->net.ipv4.address == b->net.ipv4.address) + return a->net.ipv4.mask - b->net.ipv4.mask; + else + return a->net.ipv4.address - b->net.ipv4.address; } int subnet_compare_ipv6(subnet_t *a, subnet_t *b) @@ -276,14 +272,29 @@ cp subnet.net.ipv4.address = *address; subnet.net.ipv4.mask = 0xFFFFFFFF; - p = (subnet_t *)avl_search_closest_greater(subnet_tree, &subnet); + do + { + /* Go find subnet */ + + p = (subnet_t *)avl_search_closest_smaller(subnet_tree, &subnet); /* Check if the found subnet REALLY matches */ cp - if(p && ((*address & p->net.ipv4.mask) == p->net.ipv4.address)) - return p; - else - return NULL; + if(p) + { + if ((*address & p->net.ipv4.mask) == p->net.ipv4.address) + break; + else + { + /* Otherwise, see if there is a bigger enclosing subnet */ + + subnet.net.ipv4.mask = p->net.ipv4.mask << 1; + subnet.net.ipv4.address &= subnet.net.ipv4.mask; + } + } + } while (p); + + return p; } subnet_t *lookup_subnet_ipv6(ipv6_t *address) From 428482d86f860d1fb09de722c1b6576ec2eef1ce Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 4 Jun 2001 11:14:35 +0000 Subject: [PATCH 391/923] Added proxy-arp support. No more ifconfig -arp needed. Works like a charm under FreeBSD now :). --- src/route.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 75 insertions(+), 3 deletions(-) diff --git a/src/route.c b/src/route.c index 1b6336dc..3d488874 100644 --- a/src/route.c +++ b/src/route.c @@ -17,21 +17,25 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.9 2001/05/28 08:21:43 guus Exp $ + $Id: route.c,v 1.1.2.10 2001/06/04 11:14:35 guus Exp $ */ #include "config.h" #ifdef HAVE_FREEBSD #include -#else - #include #endif +#include +#include +#include +#include #include #include #include #include "net.h" +#include "net/ethernet.h" +#include "netinet/if_ether.h" #include "connection.h" #include "subnet.h" #include "route.h" @@ -133,6 +137,71 @@ cp return NULL; } +void route_arp(vpn_packet_t *packet) +{ + struct ether_arp *arp; + subnet_t *subnet; + unsigned char ipbuf[4]; + ipv4_t dest; +cp + /* This routine generates replies to ARP requests. + You don't need to set NOARP flag on the interface anymore (which is broken on FreeBSD). + Most of the code here is taken from choparp.c by Takamichi Tateoka (tree@mma.club.uec.ac.jp) + */ + + arp = (struct ether_arp *)(packet->data + 14); + + /* Check if this is a valid ARP request */ + + if(ntohs(arp->arp_hrd) != ARPHRD_ETHER || + ntohs(arp->arp_pro) != ETHERTYPE_IP || + (int) (arp->arp_hln) != ETHER_ADDR_LEN || + (int) (arp->arp_pln) != 4 || + ntohs(arp->arp_op) != ARPOP_REQUEST ) + { + if(debug_lvl > DEBUG_TRAFFIC) + { + syslog(LOG_WARNING, _("Cannot route packet: received unknown type ARP request")); + } + return; + } + + /* Check if the IP address exists on the VPN */ + + dest = ntohl(*((unsigned long*)(arp->arp_tpa))); + subnet = lookup_subnet_ipv4(&dest); + + if(!subnet) + { + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_WARNING, _("Cannot route packet: ARP request for unknown address %d.%d.%d.%d"), + arp->arp_tpa[0], arp->arp_tpa[1], arp->arp_tpa[2], arp->arp_tpa[3]); + } + + return; + } + + /* Check if it is for our own subnet */ + + if(subnet->owner == myself) + return; /* silently ignore */ + + memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ + packet->data[ETHER_ADDR_LEN*2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ + + memcpy(ipbuf, arp->arp_tpa, 4); /* save protocol addr */ + memcpy(arp->arp_tpa, arp->arp_spa, 4); /* swap destination and source protocol address */ + memcpy(arp->arp_spa, ipbuf, 4); /* ... */ + + memcpy(arp->arp_tha, arp->arp_sha, 10); /* set target hard/proto addr */ + memcpy(arp->arp_sha, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* add fake source hard addr */ + arp->arp_op = htons(ARPOP_REPLY); + + accept_packet(packet); +cp +} + void route_outgoing(vpn_packet_t *packet) { unsigned short int type; @@ -153,6 +222,9 @@ cp case 0x86DD: cl = route_ipv6(packet); break; + case 0x0806: + route_arp(packet); + return; default: if(debug_lvl >= DEBUG_TRAFFIC) { From 4f9dad0972ac0f665a1b6050b059bd52f93e6221 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 5 Jun 2001 16:09:55 +0000 Subject: [PATCH 392/923] - tinc can now act as a switch or a hub too (as opposed to a router only) - cleaner initialisation of "UNKNOWN" and "MYSELF" names --- src/connection.c | 4 ++-- src/net.c | 28 +++++++++++++++++++++++----- src/net.h | 5 ++--- src/protocol.c | 5 ++++- src/route.c | 46 ++++++++++++++++++---------------------------- src/subnet.c | 4 ++-- src/tincd.c | 6 +----- 7 files changed, 52 insertions(+), 46 deletions(-) diff --git a/src/connection.c b/src/connection.c index c1acfeab..453a25ee 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.10 2001/03/04 13:59:25 guus Exp $ + $Id: connection.c,v 1.1.2.11 2001/06/05 16:09:55 guus Exp $ */ #include "config.h" @@ -88,7 +88,7 @@ void free_connection(connection_t *p) cp if(p->queue) list_delete_list(p->queue); - if(p->name && p->name!=unknown) + if(p->name) free(p->name); if(p->hostname) free(p->hostname); diff --git a/src/net.c b/src/net.c index 2c08dcf2..266dbab7 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.110 2001/05/28 08:56:57 guus Exp $ + $Id: net.c,v 1.35.4.111 2001/06/05 16:09:55 guus Exp $ */ #include "config.h" @@ -104,8 +104,6 @@ static int seconds_till_retry; int keylifetime = 0; int keyexpires = 0; -char *unknown = NULL; - void send_udppacket(connection_t *cl, vpn_packet_t *inpkt) { vpn_packet_t outpkt; @@ -261,6 +259,26 @@ cp send_udppacket(cl, packet); } +/* Broadcast a packet to all active connections */ + +void broadcast_packet(connection_t *from, vpn_packet_t *packet) +{ + avl_node_t *node; + connection_t *cl; +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), + packet->len, from->name, from->hostname); + + for(node = connection_tree->head; node; node = node->next) + { + cl = (connection_t *)node->data; + if(cl->status.meta && cl != from) + send_packet(cl, packet); + } +cp +} + void flush_queue(connection_t *cl) { list_node_t *node, *next; @@ -731,7 +749,7 @@ int setup_myself(void) cp myself = new_connection(); - asprintf(&myself->hostname, "MYSELF"); + asprintf(&myself->hostname, _("MYSELF")); myself->options = 0; myself->protocol_version = PROT_CURRENT; @@ -1011,7 +1029,7 @@ cp return NULL; } - p->name = unknown; + asprintf(&p->name, _("UNKNOWN")); p->address = ntohl(ci.sin_addr.s_addr); p->hostname = hostlookup(ci.sin_addr.s_addr); p->port = htons(ci.sin_port); /* This one will be overwritten later */ diff --git a/src/net.h b/src/net.h index ba17331c..c56abd85 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.31 2001/05/25 11:54:28 guus Exp $ + $Id: net.h,v 1.9.4.32 2001/06/05 16:09:55 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -98,8 +98,6 @@ extern int total_tap_out; extern int total_socket_in; extern int total_socket_out; -extern char *unknown; - extern char *request_name[256]; extern char *status_text[10]; @@ -111,6 +109,7 @@ extern void send_packet(connection_t *, vpn_packet_t *); extern void receive_packet(connection_t *, vpn_packet_t *); extern void receive_tcppacket(connection_t *, char *, int); extern void accept_packet(vpn_packet_t *); +extern void broadcast_packet(connection_t *, vpn_packet_t *); extern int setup_network_connections(void); extern void close_network_connections(void); extern void main_loop(void); diff --git a/src/protocol.c b/src/protocol.c index bf54c6a5..cf5cd677 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.91 2001/05/25 11:54:28 guus Exp $ + $Id: protocol.c,v 1.28.4.92 2001/06/05 16:09:55 guus Exp $ */ #include "config.h" @@ -214,6 +214,9 @@ cp /* Copy string to cl */ + if(cl->name) + free(cl->name); + cl->name = xstrdup(name); /* Load information about peer */ diff --git a/src/route.c b/src/route.c index 3d488874..2c3cc0d0 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.10 2001/06/04 11:14:35 guus Exp $ + $Id: route.c,v 1.1.2.11 2001/06/05 16:09:55 guus Exp $ */ #include "config.h" @@ -79,28 +79,16 @@ connection_t *route_mac(connection_t *source, vpn_packet_t *packet) cp /* Learn source address */ - learn_mac(source, (mac_t *)(&packet->data[0])); + learn_mac(source, (mac_t *)(&packet->data[6])); /* Lookup destination address */ - subnet = lookup_subnet_mac((mac_t *)(&packet->data[6])); + subnet = lookup_subnet_mac((mac_t *)(&packet->data[0])); - if(!subnet) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: unknown destination address %x:%x:%x:%x:%x:%x"), - packet->data[6], - packet->data[7], - packet->data[8], - packet->data[9], - packet->data[10], - packet->data[11]); - } - return NULL; - } -cp - return subnet->owner; + if(subnet) + return subnet->owner; + else + return NULL; } connection_t *route_ipv4(vpn_packet_t *packet) @@ -205,7 +193,6 @@ cp void route_outgoing(vpn_packet_t *packet) { unsigned short int type; - avl_node_t *node; connection_t *cl; cp /* FIXME: multicast? */ @@ -240,15 +227,12 @@ cp cl = route_mac(myself, packet); if(cl) send_packet(cl, packet); + else + broadcast_packet(myself, packet); break; case RMODE_HUB: - for(node = connection_tree->head; node; node = node->next) - { - cl = (connection_t *)node->data; - if(cl->status.active) - send_packet(cl, packet); - } + broadcast_packet(myself, packet); break; } } @@ -258,10 +242,16 @@ void route_incoming(connection_t *source, vpn_packet_t *packet) switch(routing_mode) { case RMODE_ROUTER: - memcpy(packet->data, mymac.net.mac.address.x, 6); + memcpy(packet->data, mymac.net.mac.address.x, 6); /* Override destination address to make the kernel accept it */ break; case RMODE_SWITCH: - learn_mac(source, (mac_t *)(&packet->data[0])); + if((packet->data[0] & packet->data[1]) == 0xFF) /* Broadcast? */ + broadcast_packet(source, packet); /* If yes, spread it on */ + else + learn_mac(source, (mac_t *)(&packet->data[6])); + break; + case RMODE_HUB: + broadcast_packet(source,packet); /* Spread it on */ break; } diff --git a/src/subnet.c b/src/subnet.c index 51b1cd7a..28357c88 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.19 2001/06/01 08:02:09 guus Exp $ + $Id: subnet.c,v 1.1.2.20 2001/06/05 16:09:55 guus Exp $ */ #include "config.h" @@ -244,7 +244,7 @@ cp subnet->net.ipv6.mask.x[7]); break; default: - asprintf(&netstr, _("unknown")); + asprintf(&netstr, _("unknown subnet type")); } cp return netstr; diff --git a/src/tincd.c b/src/tincd.c index 94f792cd..d9512240 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.46 2001/05/28 08:56:57 guus Exp $ + $Id: tincd.c,v 1.10.4.47 2001/06/05 16:09:55 guus Exp $ */ #include "config.h" @@ -305,10 +305,6 @@ main(int argc, char **argv, char **envp) bindtextdomain (PACKAGE, LOCALEDIR); textdomain (PACKAGE); - /* Do some intl stuff right now */ - - unknown = _("unknown"); - environment = envp; parse_options(argc, argv, envp); From 92924e8482f000eb33130ce9feadc08450ff349d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 5 Jun 2001 16:13:41 +0000 Subject: [PATCH 393/923] Changed some stuff to allow correct generation of po/Makefile after a make cvs-clean. --- Makefile.am | 2 +- configure.in | 15 +++++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/Makefile.am b/Makefile.am index 3046ad0c..95475938 100644 --- a/Makefile.am +++ b/Makefile.am @@ -10,7 +10,7 @@ EXTRA_DIST = system.h ABOUT-NLS COPYING.README CVS_CREATED = configure aclocal.m4 config.h.in config.guess \ config.sub install-sh ltconfig ltmain.sh missing mkinstalldirs \ - stamp-h.in m4/Makefile.am ChangeLog po/Makefile.in.in \ + stamp-h.in m4/Makefile.am ChangeLog po/Makefile.in \ po/tinc.pot src/.libs intl ChangeLog: diff --git a/configure.in b/configure.in index 40a4308f..00f17082 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.31 2001/05/26 09:35:00 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.32 2001/06/05 16:13:41 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -93,6 +93,13 @@ AC_ARG_ENABLE(tracing, AC_SUBST(INCLUDES) -AC_OUTPUT([Makefile src/Makefile -doc/Makefile doc/es/Makefile intl/Makefile lib/Makefile -m4/Makefile po/Makefile.in redhat/Makefile debian/Makefile]) +AC_OUTPUT(Makefile +src/Makefile +doc/Makefile +doc/es/Makefile +intl/Makefile +lib/Makefile +m4/Makefile +po/Makefile.in +redhat/Makefile +debian/Makefile) From 7a736d47b264065371f35cd9da64485d798cbc80 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 5 Jun 2001 16:15:48 +0000 Subject: [PATCH 394/923] Updated dutch translation. --- po/nl.po | 349 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 185 insertions(+), 164 deletions(-) diff --git a/po/nl.po b/po/nl.po index 614cc980..91b7ae34 100644 --- a/po/nl.po +++ b/po/nl.po @@ -4,10 +4,10 @@ # Guus Sliepen , 2000,2001. msgid "" msgstr "" -"Project-Id-Version: tinc 1.0pre4\n" -"POT-Creation-Date: 2001-03-04 14:33+0100\n" -"PO-Revision-Date: 2000-05-31 20:14+02:00\n" -"Last-Translator: Ivo Timmermans \n" +"Project-Id-Version: tinc 1.0-cvs\n" +"POT-Creation-Date: 2001-06-05 17:52+0200\n" +"PO-Revision-Date: 2001-06-05 17:54+0200\n" +"Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" @@ -22,8 +22,8 @@ msgstr "Kan configuratie bestand %s niet openen: %m" #, c-format msgid "Invalid variable name `%s' on line %d while reading config file %s" msgstr "" -"Ongeldige variabelenaam `%s' op regel %d tijdens lezen configuratie bestand " -"%s" +"Ongeldige variabelenaam `%s' op regel %d tijdens lezen configuratie bestand %" +"s" #: src/conf.c:286 #, c-format @@ -116,40 +116,35 @@ msgstr "Einde van verbindingslijst." #: src/meta.c:53 #, c-format -msgid "Sending %d bytes of metadata to %s (%s): %s" -msgstr "Verzenden van %d bytes metadata naar %s (%s): %s" +msgid "Sending %d bytes of metadata to %s (%s)" +msgstr "Verzenden van %d bytes metadata naar %s (%s)" -#: src/meta.c:69 +#: src/meta.c:67 #, c-format msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:100 +#: src/meta.c:98 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" -#: src/meta.c:106 +#: src/meta.c:104 #, c-format msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s): %s" -#: src/meta.c:123 src/protocol.c:1300 +#: src/meta.c:125 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:130 +#: src/meta.c:132 #, c-format msgid "Metadata socket read error for %s (%s): %m" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %m" -#: src/meta.c:161 -#, c-format -msgid "Got request from %s (%s): %s" -msgstr "Kreeg verzoek van %s (%s): %s" - -#: src/meta.c:179 +#: src/meta.c:206 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" @@ -170,281 +165,294 @@ msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net.c:192 +#: src/net.c:202 #, c-format msgid "Writing packet of %d bytes to tap device" msgstr "Verzending pakket van %d bytes naar tap-apparaat" -#: src/net.c:198 +#: src/net.c:208 #, c-format msgid "Can't write to tun/tap device: %m" msgstr "Kan niet naar tun/tap apparaat schrijven: %m" -#: src/net.c:205 +#: src/net.c:215 #, c-format msgid "Can't write to ethertap device: %m" msgstr "Kan niet naar ethertap apparaat schrijven: %m" -#: src/net.c:219 +#: src/net.c:229 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net.c:226 +#: src/net.c:236 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net.c:235 +#: src/net.c:245 #, c-format msgid "%s (%s) is not active, dropping packet" msgstr "%s (%s) is niet actief, pakket wordt genegeerd" -#: src/net.c:257 +#: src/net.c:270 +#, c-format +msgid "Broadcasting packet of %d bytes from %s (%s)" +msgstr "Verspreiding pakket van %d bytes van %s (%s)" + +#: src/net.c:287 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net.c:304 +#: src/net.c:334 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" -#: src/net.c:333 +#: src/net.c:363 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s is een nieuwe stijl tun/tap apparaat" -#: src/net.c:358 +#: src/net.c:388 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:366 src/net.c:410 src/net.c:441 src/net.c:496 src/net.c:982 +#: src/net.c:396 src/net.c:442 src/net.c:473 src/net.c:528 src/net.c:1026 #: src/process.c:239 src/process.c:275 #, c-format msgid "System call `%s' failed: %m" msgstr "Systeemaanroep `%s' mislukte: %m" -#: src/net.c:386 +#: src/net.c:417 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:403 +#: src/net.c:435 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:431 +#: src/net.c:463 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:454 +#: src/net.c:486 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:472 +#: src/net.c:504 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:482 +#: src/net.c:514 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:518 +#: src/net.c:551 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:526 +#: src/net.c:559 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:532 +#: src/net.c:565 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:551 +#: src/net.c:584 msgid "Invalid name for outgoing connection" msgstr "Ongelige naam voor uitgaande verbinding" -#: src/net.c:560 +#: src/net.c:593 #, c-format msgid "Error reading host configuration file for %s" msgstr "Fout tijdens lezen host configuratie bestand voor %s" -#: src/net.c:567 +#: src/net.c:600 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:574 +#: src/net.c:607 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:584 +#: src/net.c:617 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:629 +#: src/net.c:662 #, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %m" -#: src/net.c:637 +#: src/net.c:670 #, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %m" #. Nothing worked. -#: src/net.c:663 +#: src/net.c:696 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net.c:686 +#: src/net.c:719 #, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" -#: src/net.c:694 +#: src/net.c:727 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" # -#: src/net.c:701 +#: src/net.c:734 msgid "No private key for tinc daemon specified!" msgstr "Geen privé sleutel voor tinc daemon gespecificeerd!" -#: src/net.c:725 +#: src/net.c:752 +msgid "MYSELF" +msgstr "MIJZELF" + +#: src/net.c:758 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:733 +#: src/net.c:766 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:742 +#: src/net.c:775 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:783 +#: src/net.c:816 msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" -#: src/net.c:792 +#: src/net.c:825 msgid "Unable to set up a listening TCP socket!" msgstr "Kon geen TCP luistersocket aanmaken!" -#: src/net.c:798 +#: src/net.c:831 msgid "Unable to set up a listening UDP socket!" msgstr "Kon geen UDP luistersocket aanmaken!" -#: src/net.c:839 +#: src/net.c:872 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:871 +#: src/net.c:915 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:924 +#: src/net.c:968 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:999 +#: src/net.c:1032 +msgid "UNKNOWN" +msgstr "ONBEKEND" + +#: src/net.c:1043 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1047 +#: src/net.c:1090 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1053 +#: src/net.c:1096 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1059 +#: src/net.c:1102 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1067 +#: src/net.c:1110 #, c-format msgid "Received UDP packets on port %hd from unknown source %x:%hd" msgstr "Ontvangst UDP pakket op poort %hd van onbekende oorsprong %x:%hd" -#: src/net.c:1089 +#: src/net.c:1134 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1140 +#: src/net.c:1185 msgid "Trying to re-establish outgoing connection in 5 seconds" msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" -#: src/net.c:1175 +#: src/net.c:1220 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1202 +#: src/net.c:1247 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1210 +#: src/net.c:1255 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1267 +#: src/net.c:1312 #, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1276 +#: src/net.c:1321 #, c-format msgid "Error while reading from ethertap device: %m" msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1287 +#: src/net.c:1332 msgid "Received short packet from tap device" msgstr "Kort pakket ontvangen van tap apparaat" -#: src/net.c:1293 +#: src/net.c:1338 #, c-format msgid "Read packet of length %d from tap device" msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1325 +#: src/net.c:1370 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1332 +#: src/net.c:1377 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1339 +#: src/net.c:1384 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1365 +#: src/net.c:1410 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" @@ -453,270 +461,285 @@ msgstr "Hergenereren symmetrische sleutel" msgid "Error looking up `%s': %s\n" msgstr "Fout bij het opzoeken van `%s': %s\n" -#: src/protocol.c:103 +#: src/protocol.c:105 #, c-format msgid "Output buffer overflow while sending %s to %s (%s)" msgstr "Uitvoer buffer overvol tijdens zenden %s naar %s (%s)" -#: src/protocol.c:110 +#: src/protocol.c:112 +#, c-format +msgid "Sending %s to %s (%s): %s" +msgstr "Verzending %s naar %s (%s): %s" + +#: src/protocol.c:114 #, c-format msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:124 +#: src/protocol.c:131 +#, c-format +msgid "Unknown request from %s (%s): %s" +msgstr "Onbekend verzoek van %s (%s): %s" + +#: src/protocol.c:134 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:131 +#: src/protocol.c:144 +#, c-format +msgid "Got %s from %s (%s): %s" +msgstr "Kreeg %s van %s (%s): %s" + +#: src/protocol.c:147 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:137 +#: src/protocol.c:154 #, c-format msgid "Unauthorized request from %s (%s)" msgstr "Niet toegestaan verzoek van %s (%s)" -#: src/protocol.c:144 +#: src/protocol.c:161 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:151 +#: src/protocol.c:168 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:203 +#: src/protocol.c:194 #, c-format msgid "Got bad ID from %s" msgstr "Kreeg ongeldige ID van %s" -#: src/protocol.c:211 +#: src/protocol.c:202 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:220 +#: src/protocol.c:211 #, c-format msgid "Peer %s uses invalid identity name" msgstr "Ander %s gebruikt een ongeldige identiteitsnaam" -#: src/protocol.c:232 +#: src/protocol.c:226 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft een onbekende identiteit (%s)" -#: src/protocol.c:246 +#: src/protocol.c:240 #, c-format msgid "Uplink %s (%s) is already in our connection list" msgstr "%s (%s) staat al in onze verbindingslijst" -#: src/protocol.c:289 +#: src/protocol.c:283 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:304 +#: src/protocol.c:298 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:400 +#: src/protocol.c:395 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" -#: src/protocol.c:410 +#: src/protocol.c:405 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" -#: src/protocol.c:436 +#: src/protocol.c:431 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" -#: src/protocol.c:462 +#: src/protocol.c:457 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" -#: src/protocol.c:470 +#: src/protocol.c:465 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" -#: src/protocol.c:486 +#: src/protocol.c:481 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" -#: src/protocol.c:491 +#: src/protocol.c:486 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwacht antwoord op uitdaging: %s" -#: src/protocol.c:540 +#: src/protocol.c:535 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "Meta sleutel gegenereerd (niet versleuteld): %s" -#: src/protocol.c:552 src/protocol.c:615 +#: src/protocol.c:547 src/protocol.c:610 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleuteling van meta sleutel voor %s (%s)" -#: src/protocol.c:585 +#: src/protocol.c:580 #, c-format msgid "Got bad METAKEY from %s (%s)" msgstr "Kreeg ongeldige METAKEY van %s (%s)" -#: src/protocol.c:595 +#: src/protocol.c:590 #, c-format msgid "Intruder: wrong meta key length from %s (%s)" msgstr "Indringer: verkeerde lengte voor meta sleutel van %s (%s)" -#: src/protocol.c:623 +#: src/protocol.c:618 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Meta sleutel ontvangen (niet versleuteld): %s" -#: src/protocol.c:669 +#: src/protocol.c:664 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" -#: src/protocol.c:677 +#: src/protocol.c:672 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:685 +#: src/protocol.c:680 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" -#: src/protocol.c:693 +#: src/protocol.c:688 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:703 +#: src/protocol.c:698 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg ADD_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:751 +#: src/protocol.c:746 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" -#: src/protocol.c:759 +#: src/protocol.c:754 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:767 +#: src/protocol.c:762 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:777 +#: src/protocol.c:772 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:787 +#: src/protocol.c:782 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg DEL_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:830 +#: src/protocol.c:825 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:838 +#: src/protocol.c:833 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:847 +#: src/protocol.c:842 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:864 +#: src/protocol.c:859 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:872 +#: src/protocol.c:867 #, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe verbinding" -#: src/protocol.c:925 +#: src/protocol.c:920 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:934 +#: src/protocol.c:929 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:942 +#: src/protocol.c:937 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:952 +#: src/protocol.c:947 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:961 +#: src/protocol.c:956 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:1000 +#: src/protocol.c:995 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:1007 +#: src/protocol.c:1002 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:1030 +#: src/protocol.c:1025 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:1037 +#: src/protocol.c:1032 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:1114 +#: src/protocol.c:1126 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:1121 +#: src/protocol.c:1133 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -725,12 +748,12 @@ msgstr "" "Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1150 +#: src/protocol.c:1163 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:1157 +#: src/protocol.c:1170 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -739,7 +762,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1174 +#: src/protocol.c:1188 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -747,12 +770,12 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1210 +#: src/protocol.c:1224 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:1217 +#: src/protocol.c:1231 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -761,13 +784,13 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1228 +#: src/protocol.c:1242 #, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "" "Kreeg ongeldige ADD_KEY van %s (%s) herkomst %s: ongeldige sleutellengte" -#: src/protocol.c:1239 +#: src/protocol.c:1253 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -775,33 +798,27 @@ msgid "" msgstr "" "Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1284 +#: src/protocol.c:1298 #, c-format msgid "Got bad PACKET from %s (%s)" msgstr "Kreeg ongeldig PAKKET van %s (%s)" -#: src/protocol.c:1305 -#, c-format -msgid "Error during reception of PACKET from %s (%s): %m" -msgstr "Fout bij het ontvangen van PAKKET van %s (%s)" - -#: src/subnet.c:108 +#: src/subnet.c:104 #, c-format msgid "subnet_compare() was called with unknown subnet type %d, restarting!" msgstr "" "subnet_compare() werd aangeroepen met onbekend subnet type %d, opnieuw " "starten" -#. Do some intl stuff right now -#: src/subnet.c:251 src/tincd.c:310 -msgid "unknown" -msgstr "onbekend" +#: src/subnet.c:247 +msgid "unknown subnet type" +msgstr "onbekend subnet type" -#: src/subnet.c:314 +#: src/subnet.c:325 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:322 +#: src/subnet.c:333 msgid "End of subnet list." msgstr "Einde van subnet lijst." @@ -894,12 +911,12 @@ msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:317 +#: src/tincd.c:313 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:318 +#: src/tincd.c:314 msgid "" "Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -916,7 +933,7 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:332 +#: src/tincd.c:328 msgid "You must be root to run this program.\n" msgstr "Je moet systeembeheerder zijn om dit programma te kunnen draaien.\n" @@ -1035,36 +1052,40 @@ msgstr "Kreeg HUP signaal" msgid "Got INT signal, exiting" msgstr "Kreeg INT signaal, beëindigen" -#: src/process.c:374 +#: src/process.c:374 src/process.c:383 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:419 +#: src/process.c:430 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %m\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %m\n" -#: src/route.c:56 +#: src/route.c:64 #, c-format msgid "Learned new MAC address %x:%x:%x:%x:%x:%x from %s (%s)" -msgstr "Nieuw MAC address %x:%x:%x:%x:%x:%x geleerd van %s (%s)" +msgstr "Nieuw MAC adres %x:%x:%x:%x:%x:%x geleerd van %s (%s)" -#: src/route.c:84 -#, c-format -msgid "Cannot route packet: unknown destination address %x:%x:%x:%x:%x:%x" -msgstr "Kan pakket niet routeren: onbekend doeladres %x:%x:%x:%x:%x:%x" - -#: src/route.c:111 +#: src/route.c:107 #, c-format msgid "Cannot route packet: unknown destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend doeladres %d.%d.%d.%d" -#: src/route.c:126 +#: src/route.c:122 msgid "Cannot route packet: IPv6 routing not yet implemented" msgstr "Kan pakket niet routeren: IPv6 routering nog niet geïmplementeerd" -#: src/route.c:155 +#: src/route.c:152 +msgid "Cannot route packet: received unknown type ARP request" +msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" + +#: src/route.c:166 +#, c-format +msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" +msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" + +#: src/route.c:218 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" From fa376fbd4e5151ae43e86441a1e99073eeaf46a5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 5 Jun 2001 16:31:59 +0000 Subject: [PATCH 395/923] - This oneliner removes the need for ifconfig tap? hw ether fe:fd:0:0:0:0 --- src/route.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/route.c b/src/route.c index 2c3cc0d0..cb74832c 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.11 2001/06/05 16:09:55 guus Exp $ + $Id: route.c,v 1.1.2.12 2001/06/05 16:31:59 guus Exp $ */ #include "config.h" @@ -132,6 +132,10 @@ void route_arp(vpn_packet_t *packet) unsigned char ipbuf[4]; ipv4_t dest; cp + /* First, snatch the source address from the ARP packet */ + + memcpy(mymac.net.mac.address.x, packet->data + 6, 6); + /* This routine generates replies to ARP requests. You don't need to set NOARP flag on the interface anymore (which is broken on FreeBSD). Most of the code here is taken from choparp.c by Takamichi Tateoka (tree@mma.club.uec.ac.jp) From edd6734faa37d043b8a2cc75b125db3b1c2130fa Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 5 Jun 2001 18:07:14 +0000 Subject: [PATCH 396/923] Fix bug where lookup_subnet_ipv4() could go into an infinite loop. --- src/subnet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/subnet.c b/src/subnet.c index 28357c88..2e1a24af 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.20 2001/06/05 16:09:55 guus Exp $ + $Id: subnet.c,v 1.1.2.21 2001/06/05 18:07:14 guus Exp $ */ #include "config.h" @@ -289,7 +289,7 @@ cp /* Otherwise, see if there is a bigger enclosing subnet */ subnet.net.ipv4.mask = p->net.ipv4.mask << 1; - subnet.net.ipv4.address &= subnet.net.ipv4.mask; + subnet.net.ipv4.address = p->net.ipv4.address & subnet.net.ipv4.mask; } } } while (p); From 7bd7f5b4363f222340e5c058c243d31c576fba88 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 5 Jun 2001 19:39:54 +0000 Subject: [PATCH 397/923] You can now put an option "Mode" in tinc.conf, and choose from: - Mode = router (default, work like tinc has always worked) - Mode = switch (work like a switch) - Mode = hub (work like a hub, broadcasting everything) --- src/conf.c | 3 ++- src/conf.h | 3 ++- src/net.c | 68 ++++++++++++++++++++++++++++++++++-------------------- 3 files changed, 47 insertions(+), 27 deletions(-) diff --git a/src/conf.c b/src/conf.c index 93c0fa3f..0eaf0ca4 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.40 2001/01/17 01:30:05 zarq Exp $ + $Id: conf.c,v 1.9.4.41 2001/06/05 19:39:54 guus Exp $ */ #include "config.h" @@ -83,6 +83,7 @@ static internal_config_t hazahaza[] = { { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL }, { "Subnet", config_subnet, TYPE_IP }, /* Use IPv4 subnets only for now */ { "TCPonly", config_tcponly, TYPE_BOOL }, + { "Mode", config_mode, TYPE_NAME }, { NULL, 0, 0 } }; diff --git a/src/conf.h b/src/conf.h index d1fb609a..8f0c2b34 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.23 2001/02/27 16:37:24 guus Exp $ + $Id: conf.h,v 1.6.4.24 2001/06/05 19:39:54 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -55,6 +55,7 @@ typedef enum which_t { config_restrictport, config_indirectdata, config_tcponly, + config_mode, } which_t; typedef struct config_t { diff --git a/src/net.c b/src/net.c index 266dbab7..59ec5f94 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.111 2001/06/05 16:09:55 guus Exp $ + $Id: net.c,v 1.35.4.112 2001/06/05 19:39:54 guus Exp $ */ #include "config.h" @@ -792,14 +792,6 @@ cp else myself->port = cfg->data.val; - if((cfg = get_config_val(myself->config, config_indirectdata))) - if(cfg->data.val == stupid_true) - myself->options |= OPTION_INDIRECT; - - if((cfg = get_config_val(myself->config, config_tcponly))) - if(cfg->data.val == stupid_true) - myself->options |= OPTION_TCPONLY; - /* Read in all the subnets specified in the host configuration file */ for(next = myself->config; (cfg = get_config_val(next, config_subnet)); next = cfg->next) @@ -820,6 +812,48 @@ cp subnet_add(myself, net); } +cp + /* Check some options */ + + if((cfg = get_config_val(config, config_indirectdata))) + if(cfg->data.val == stupid_true) + myself->options |= OPTION_INDIRECT; + + if((cfg = get_config_val(config, config_tcponly))) + if(cfg->data.val == stupid_true) + myself->options |= OPTION_TCPONLY; + + if((cfg = get_config_val(myself->config, config_indirectdata))) + if(cfg->data.val == stupid_true) + myself->options |= OPTION_INDIRECT; + + if((cfg = get_config_val(myself->config, config_tcponly))) + if(cfg->data.val == stupid_true) + myself->options |= OPTION_TCPONLY; + + if(myself->options & OPTION_TCPONLY) + myself->options |= OPTION_INDIRECT; + + if((cfg = get_config_val(config, config_mode))) + { + if(!strcasecmp(cfg->data.ptr, "router")) + routing_mode = RMODE_ROUTER; + else if (!strcasecmp(cfg->data.ptr, "switch")) + routing_mode = RMODE_SWITCH; + else if (!strcasecmp(cfg->data.ptr, "hub")) + routing_mode = RMODE_HUB; + else + { + syslog(LOG_ERR, _("Invalid routing mode!")); + return -1; + } + } + else + routing_mode = RMODE_ROUTER; + +cp + /* Open sockets */ + if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening TCP socket!")); @@ -848,22 +882,6 @@ cp keyexpires = time(NULL) + keylifetime; cp - /* Check some options */ - - if((cfg = get_config_val(config, config_indirectdata))) - { - if(cfg->data.val == stupid_true) - myself->options |= OPTION_INDIRECT; - } - - if((cfg = get_config_val(config, config_tcponly))) - { - if(cfg->data.val == stupid_true) - myself->options |= OPTION_TCPONLY; - } - - if(myself->options & OPTION_TCPONLY) - myself->options |= OPTION_INDIRECT; /* Activate ourselves */ From 9cd9b0392388e24ade19a43206221081b61806e7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 5 Jun 2001 19:45:47 +0000 Subject: [PATCH 398/923] Add missing? counting of total_socket_in. --- src/net.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/net.c b/src/net.c index 59ec5f94..e255cdde 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.112 2001/06/05 19:39:54 guus Exp $ + $Id: net.c,v 1.35.4.113 2001/06/05 19:45:47 guus Exp $ */ #include "config.h" @@ -180,6 +180,8 @@ cp outlen += outpad; outpkt.len = outlen - sizeof(outpkt.salt); + total_socket_in += outlen; + receive_packet(cl, &outpkt); cp } From ce6c8e6d089abac81520c517185c6ef81b09f051 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 6 Jun 2001 19:11:16 +0000 Subject: [PATCH 399/923] Log and warn about duplicate subnet_add()'s for the same subnet. --- src/subnet.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/src/subnet.c b/src/subnet.c index 2e1a24af..537be117 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.21 2001/06/05 18:07:14 guus Exp $ + $Id: subnet.c,v 1.1.2.22 2001/06/06 19:11:16 guus Exp $ */ #include "config.h" @@ -127,7 +127,25 @@ void subnet_add(connection_t *cl, subnet_t *subnet) { cp subnet->owner = cl; - avl_insert(subnet_tree, subnet); + + while(!avl_insert(subnet_tree, subnet)) + { + subnet_t *old; + + old = (subnet_t *)avl_search(subnet_tree, subnet); + + if(debug_lvl >= DEBUG_PROTOCOL) + { + char *subnetstr; + subnetstr = net2str(subnet); + syslog(LOG_WARNING, _("Duplicate subnet %s for %s (%s), previous owner %s (%s)!"), + subnetstr, cl->name, cl->hostname, old->owner->name, old->owner->hostname); + free(subnetstr); + } + + subnet_del(old); + } + avl_insert(cl->subnet_tree, subnet); cp } From 96ef7becdd71fc63c3489e3696117c1f137eade5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 6 Jun 2001 19:12:38 +0000 Subject: [PATCH 400/923] Fixes to make switching work between hosts that have no meta-connection. --- src/route.c | 45 +++++++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/src/route.c b/src/route.c index cb74832c..fd18dfb8 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.12 2001/06/05 16:31:59 guus Exp $ + $Id: route.c,v 1.1.2.13 2001/06/06 19:12:38 guus Exp $ */ #include "config.h" @@ -33,53 +33,60 @@ #include #include +#include + #include "net.h" #include "net/ethernet.h" #include "netinet/if_ether.h" #include "connection.h" #include "subnet.h" #include "route.h" +#include "protocol.h" #include "system.h" int routing_mode = RMODE_ROUTER; subnet_t mymac; -void learn_mac(connection_t *source, mac_t *address) +void learn_mac(mac_t *address) { subnet_t *subnet; + avl_node_t *node; + connection_t *p; cp subnet = lookup_subnet_mac(address); + + /* If we don't know this MAC address yet, store it */ - if(!subnet) + if(!subnet || subnet->owner!=myself) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Learned new MAC address %hhx:%hhx:%hhx:%hhx:%hhx:%hhx"), + address->x[0], address->x[1], address->x[2], address->x[3], address->x[4], address->x[5]); + subnet = new_subnet(); subnet->type = SUBNET_MAC; -// subnet->lasttime = gettimeofday(); memcpy(&subnet->net.mac.address, address, sizeof(mac_t)); - subnet_add(source, subnet); + subnet_add(myself, subnet); - if(debug_lvl >= DEBUG_TRAFFIC) + /* And tell all other tinc daemons it's our MAC */ + + for(node = connection_tree->head; node; node = node->next) { - syslog(LOG_DEBUG, _("Learned new MAC address %x:%x:%x:%x:%x:%x from %s (%s)"), - address->x[0], - address->x[1], - address->x[2], - address->x[3], - address->x[4], - address->x[5], - source->name, source->hostname); + p = (connection_t *)node->data; + if(p->status.meta && p->status.active && p!= myself) + send_add_subnet(p, subnet); } } } -connection_t *route_mac(connection_t *source, vpn_packet_t *packet) +connection_t *route_mac(vpn_packet_t *packet) { subnet_t *subnet; cp /* Learn source address */ - learn_mac(source, (mac_t *)(&packet->data[6])); + learn_mac((mac_t *)(&packet->data[6])); /* Lookup destination address */ @@ -228,7 +235,7 @@ cp break; case RMODE_SWITCH: - cl = route_mac(myself, packet); + cl = route_mac(packet); if(cl) send_packet(cl, packet); else @@ -249,10 +256,8 @@ void route_incoming(connection_t *source, vpn_packet_t *packet) memcpy(packet->data, mymac.net.mac.address.x, 6); /* Override destination address to make the kernel accept it */ break; case RMODE_SWITCH: - if((packet->data[0] & packet->data[1]) == 0xFF) /* Broadcast? */ + if(packet->data[0] & 0x01) /* Broadcast? */ broadcast_packet(source, packet); /* If yes, spread it on */ - else - learn_mac(source, (mac_t *)(&packet->data[6])); break; case RMODE_HUB: broadcast_packet(source,packet); /* Spread it on */ From 053e78654097cf353aa59b4d34e608726edd5dad Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 7 Jun 2001 07:48:11 +0000 Subject: [PATCH 401/923] Save configure cache more often. --- configure.in | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/configure.in b/configure.in index 00f17082..c69392bf 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.32 2001/06/05 16:13:41 guus Exp $ +dnl $Id: configure.in,v 1.13.2.33 2001/06/07 07:48:11 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -45,6 +45,8 @@ case $host_os in ;; esac +AC_CACHE_SAVE + dnl Checks for libraries. dnl Checks for header files. @@ -80,6 +82,7 @@ AC_CHECK_FUNC(gethostbyname, [], [ AC_CHECK_LIB(nsl, gethostbyname) ]) +AC_CACHE_SAVE dnl These are defined in files in m4/ tinc_TUNTAP From c5c02a0861bf540e07fe64704cb97aae29c4cacf Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 7 Jun 2001 07:51:04 +0000 Subject: [PATCH 402/923] Changed drastically because it didn't work correctly: - Don't cache the --with-openssl-* option arguments - Only search for openssl/*.h, the openssl include files include other files only from an openssl/ directory too - Set CPPFLAGS before AC_CHECK_HEADERS --- m4/openssl.m4 | 89 ++++++++++++--------------------------------------- 1 file changed, 20 insertions(+), 69 deletions(-) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 2d24258c..bf5ce9fc 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -1,80 +1,31 @@ dnl Check to find the OpenSSL headers/libraries - AC_DEFUN(tinc_OPENSSL, [ - AC_ARG_WITH(openssl, - [ --with-openssl=DIR OpenSSL library and headers prefix], - [openssl_lib="$withval/lib" - openssl_include="$withval/include"] + tinc_ac_save_CPPFLAGS="$CPPFLAGS" + + AC_ARG_WITH(openssl-include, + [ --with-openssl-include=DIR OpenSSL headers directory (without trailing /openssl)], + [openssl_include="$withval" + CFLAGS="$CFLAGS -I$withval" + CPPFLAGS="$CPPFLAGS -I$withval"] ) - AC_CACHE_CHECK([for openssl headers], tinc_cv_openssl_include, - [ - AC_ARG_WITH(openssl-include, - [ --with-openssl-include=DIR OpenSSL headers directory], - [tinc_cv_openssl_include="$withval"], - [if test "x$openssl_include" = "x" ; then - tinc_cv_openssl_include="none given" - else - tinc_cv_openssl_include=$openssl_include - fi] - ) - ]) - AC_CACHE_CHECK([for openssl libraries], tinc_cv_openssl_lib, - [ - AC_ARG_WITH(openssl-lib, - [ --with-openssl-lib=DIR OpenSSL library directory], - [tinc_cv_openssl_lib="$withval"], - [if test "x$openssl_lib" = "x" ; then - tinc_cv_openssl_lib="none given" - else - tinc_cv_openssl_lib=$openssl_lib - fi] - ) - ]) -if test "$tinc_cv_openssl_lib" != "none given" ; then - LIBS="$LIBS -L$tinc_cv_openssl_lib" -fi -if test "$tinc_cv_openssl_include" != "none given" ; then - CFLAGS="$CFLAGS -I$tinc_cv_openssl_include" -fi + AC_ARG_WITH(openssl-lib, + [ --with-openssl-lib=DIR OpenSSL library directory], + [openssl_lib="$withval" + LIBS="$LIBS -L$withval"] + ) -osi=found -AC_CHECK_HEADERS(evp.h rsa.h rand.h err.h sha.h pem.h, -[], [osi=none; break]) - -if test "$osi" = "none" ; then - osi=found AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h, - [], [osi=none; break]) -fi + [], + [AC_MSG_ERROR("OpenSSL header files not found."); break] + ) + CPPFLAGS="$tinc_ac_save_CPPFLAGS" -libcrypto=none - -if test "$osi" = "found" ; then - AC_CHECK_LIB(crypto, SHA1_version, [ - libcrypto=yes - ]) -fi - -if test $libcrypto = none; then -cat < Date: Fri, 8 Jun 2001 18:02:10 +0000 Subject: [PATCH 403/923] Only reset seconds_till_retry when we activate the outgoing connection. --- src/net.c | 7 +++---- src/net.h | 4 +++- src/protocol.c | 4 +++- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/net.c b/src/net.c index e255cdde..4f399907 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.113 2001/06/05 19:45:47 guus Exp $ + $Id: net.c,v 1.35.4.114 2001/06/08 18:02:10 guus Exp $ */ #include "config.h" @@ -99,7 +99,7 @@ int total_socket_in = 0; int total_socket_out = 0; config_t *upstreamcfg; -static int seconds_till_retry; +int seconds_till_retry = 5; int keylifetime = 0; int keyexpires = 0; @@ -1200,9 +1200,8 @@ cp { cl->status.outgoing = 0; signal(SIGALRM, sigalrm_handler); - seconds_till_retry = 5; alarm(seconds_till_retry); - syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in 5 seconds")); + syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); } /* Deactivate */ diff --git a/src/net.h b/src/net.h index c56abd85..75d59df2 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.32 2001/06/05 16:09:55 guus Exp $ + $Id: net.h,v 1.9.4.33 2001/06/08 18:02:10 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -98,6 +98,8 @@ extern int total_tap_out; extern int total_socket_in; extern int total_socket_out; +extern int seconds_till_retry; + extern char *request_name[256]; extern char *status_text[10]; diff --git a/src/protocol.c b/src/protocol.c index cf5cd677..de932512 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.92 2001/06/05 16:09:55 guus Exp $ + $Id: protocol.c,v 1.28.4.93 2001/06/08 18:02:10 guus Exp $ */ #include "config.h" @@ -297,6 +297,8 @@ cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); + if(cl->status.outgoing) + seconds_till_retry = 5; /* Reset retry timeout */ cp /* Check some options */ From 9a0a50cd3cf2570b39e00edf1a92123acbac41b4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 9 Jun 2001 10:00:34 +0000 Subject: [PATCH 404/923] Woops - big bug in send_key_changed fixed. --- src/protocol.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index de932512..17eb3bdf 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.93 2001/06/08 18:02:10 guus Exp $ + $Id: protocol.c,v 1.28.4.94 2001/06/09 10:00:34 guus Exp $ */ #include "config.h" @@ -1103,17 +1103,16 @@ cp This reduces unnecessary key_changed broadcasts. */ - if(mykeyused) + if(from==myself && !mykeyused) + return 0; + + for(node = connection_tree->head; node; node = node->next) { - for(node = connection_tree->head; node; node = node->next) - { - p = (connection_t *)node->data; - if(p != cl && p->status.meta && p->status.active) - if(!(p->options & OPTION_INDIRECT) || from == myself) - send_request(p, "%d %s", KEY_CHANGED, from->name); - } - mykeyused = 0; - } + p = (connection_t *)node->data; + if(p != cl && p->status.meta && p->status.active) + if(!(p->options & OPTION_INDIRECT) || from == myself) + send_request(p, "%d %s", KEY_CHANGED, from->name); + } cp return 0; } From 353a9230bb70b70028f2dc6c651a28e30b13dc63 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 20 Jun 2001 21:32:40 +0000 Subject: [PATCH 405/923] Don't include the debian/ dir in a release --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 95475938..63602fc8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2,7 +2,7 @@ AUTOMAKE_OPTIONS = gnu -SUBDIRS = m4 intl lib src doc po redhat debian +SUBDIRS = m4 intl lib src doc po redhat ACLOCAL_AMFLAGS = From 04ec0b82ab9c6a2662300a9257a5aff1c4dd56e7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 21 Jun 2001 16:16:32 +0000 Subject: [PATCH 406/923] - Solaris compile fixes - Set mymac to broadcast MAC so that ifconfig hw ether <...> is really not needed anymore. - Forwarding of indirect packets when in switch mode (because the kernel will not do it for us then). --- src/net.c | 17 ++++++++++------- src/route.c | 35 +++++++++++++++++++++++++++-------- 2 files changed, 37 insertions(+), 15 deletions(-) diff --git a/src/net.c b/src/net.c index 4f399907..9c1dd3b8 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.114 2001/06/08 18:02:10 guus Exp $ + $Id: net.c,v 1.35.4.115 2001/06/21 16:16:31 guus Exp $ */ #include "config.h" @@ -69,9 +69,12 @@ # include #endif +#warning oi1 #ifdef HAVE_TUNTAP +#warning oi2 #include LINUX_IF_TUN_H #endif +#warning oi3 #include #include @@ -344,12 +347,12 @@ cp /* Set default MAC address for ethertap devices */ mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; + mymac.net.mac.address.x[0] = 0xff; + mymac.net.mac.address.x[1] = 0xff; + mymac.net.mac.address.x[2] = 0xff; + mymac.net.mac.address.x[3] = 0xff; + mymac.net.mac.address.x[4] = 0xff; + mymac.net.mac.address.x[5] = 0xff; #ifdef HAVE_LINUX #ifdef HAVE_TUNTAP diff --git a/src/route.c b/src/route.c index fd18dfb8..bd1c1367 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.13 2001/06/06 19:12:38 guus Exp $ + $Id: route.c,v 1.1.2.14 2001/06/21 16:16:32 guus Exp $ */ #include "config.h" @@ -27,7 +27,12 @@ #endif #include #include -#include +#ifdef HAVE_SOLARIS + #include + #define ETHER_ADDR_LEN 6 +#else + #include +#endif #include #include #include @@ -36,8 +41,6 @@ #include #include "net.h" -#include "net/ethernet.h" -#include "netinet/if_ether.h" #include "connection.h" #include "subnet.h" #include "route.h" @@ -254,15 +257,31 @@ void route_incoming(connection_t *source, vpn_packet_t *packet) { case RMODE_ROUTER: memcpy(packet->data, mymac.net.mac.address.x, 6); /* Override destination address to make the kernel accept it */ + accept_packet(packet); break; case RMODE_SWITCH: - if(packet->data[0] & 0x01) /* Broadcast? */ - broadcast_packet(source, packet); /* If yes, spread it on */ + { + subnet_t *subnet; + + subnet = lookup_subnet_mac((mac_t *)(&packet->data[0])); + + if(subnet) + { + if(subnet->owner == myself) + accept_packet(packet); + else + send_packet(subnet->owner, packet); + } + else + { + broadcast_packet(source, packet); + accept_packet(packet); + } + } break; case RMODE_HUB: broadcast_packet(source,packet); /* Spread it on */ + accept_packet(packet); break; } - - accept_packet(packet); } From b1e97ece9c495ac67e54b8c2675b1eacc645eb1c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 21 Jun 2001 16:37:05 +0000 Subject: [PATCH 407/923] Check for and add -ldl. --- m4/openssl.m4 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index bf5ce9fc..5d91a789 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -28,4 +28,9 @@ AC_DEFUN(tinc_OPENSSL, [LIBS="$LIBS -lcrypto"], [AC_MSG_ERROR("OpenSSL libraries not found.")] ) + + AC_CHECK_LIB(dl, dlopen, + [LIBS="$LIBS -ldl"], + [AC_MSG_ERROR("OpenSSL depends on libdl.")] + ) ]) From 9e96840da810437c45af1c4b139578f7d74d65db Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 21 Jun 2001 16:37:47 +0000 Subject: [PATCH 408/923] Remove #warnings I used for debugging stuff. --- src/net.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/net.c b/src/net.c index 9c1dd3b8..62dce9bd 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.115 2001/06/21 16:16:31 guus Exp $ + $Id: net.c,v 1.35.4.116 2001/06/21 16:37:47 guus Exp $ */ #include "config.h" @@ -69,12 +69,9 @@ # include #endif -#warning oi1 #ifdef HAVE_TUNTAP -#warning oi2 #include LINUX_IF_TUN_H #endif -#warning oi3 #include #include From 7fc068fe5421f7ec556b0b7db6f814e18b3326a4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 21 Jun 2001 18:28:52 +0000 Subject: [PATCH 409/923] Reinstated search for if_tun.h in kernel source tree, because apparently /usr/include/linux does not always have the same contents as the include files from the currently running kernel. --- m4/tuntap.m4 | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/m4/tuntap.m4 b/m4/tuntap.m4 index 2c1ee35c..7da8e46a 100644 --- a/m4/tuntap.m4 +++ b/m4/tuntap.m4 @@ -2,12 +2,26 @@ dnl Check to find out whether the running kernel has support for TUN/TAP AC_DEFUN(tinc_TUNTAP, [ +AC_ARG_WITH(kernel, + [ --with-kernel=dir give the directory with kernel sources] + [ (default: /usr/src/linux)], + kerneldir="$withval", + kerneldir="/usr/src/linux" +) + AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, -[ AC_TRY_COMPILE([#include ], - [int a = IFF_TAP], - if_tun_h="linux/if_tun.h", - if_tun_h="no") - if test $if_tun_h = no; then +[ + AC_TRY_COMPILE([#include "$kerneldir/include/linux/if_tun.h"], + [int a = IFF_TAP;], + if_tun_h="\"$kerneldir/include/linux/if_tun.h\"", + [AC_TRY_COMPILE([#include ], + [int a = IFF_TAP;], + if_tun_h="", + if_tun_h="no" + )] + ) + + if test $if_tun_h = no; then tinc_cv_linux_if_tun_h=none else tinc_cv_linux_if_tun_h=$if_tun_h @@ -16,7 +30,7 @@ AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, if test $tinc_cv_linux_if_tun_h != none; then AC_DEFINE(HAVE_TUNTAP) - AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, "$tinc_cv_linux_if_tun_h") + AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, $tinc_cv_linux_if_tun_h) AC_SUBST(LINUX_IF_TUN_H) fi AC_SUBST(HAVE_TUNTAP) From 3503ba995012f658f087a196dad0cb9fd45eff3b Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Tue, 26 Jun 2001 22:00:57 +0000 Subject: [PATCH 410/923] Small fix to make it compile again --- m4/tuntap.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/m4/tuntap.m4 b/m4/tuntap.m4 index 7da8e46a..147c6794 100644 --- a/m4/tuntap.m4 +++ b/m4/tuntap.m4 @@ -24,7 +24,7 @@ AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, if test $if_tun_h = no; then tinc_cv_linux_if_tun_h=none else - tinc_cv_linux_if_tun_h=$if_tun_h + tinc_cv_linux_if_tun_h="$if_tun_h" fi ]) From 333be8fbb8790237577761e580126a6d757a46e4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 29 Jun 2001 10:23:46 +0000 Subject: [PATCH 411/923] Spanish translation removed. Nobody maintains it, and it is severely outdated. --- po/es.po | 1223 ------------------------------------------------------ 1 file changed, 1223 deletions(-) delete mode 100644 po/es.po diff --git a/po/es.po b/po/es.po deleted file mode 100644 index ac664692..00000000 --- a/po/es.po +++ /dev/null @@ -1,1223 +0,0 @@ -# Spanish messages for tinc -# Copyright (C) 1999, 2000 Free Software Foundation, Inc. -# Ivo Timmermans , 1999, 2000. -# -msgid "" -msgstr "" -"Project-Id-Version: tinc 1.0pre3\n" -"POT-Creation-Date: 2001-03-04 14:33+0100\n" -"PO-Revision-Date: 2000-11-26 15:20+0000\n" -"Last-Translator: Enrique Zanardi \n" -"Language-Team: Spanish \n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=iso-8859-1\n" -"Content-Transfer-Encoding: 8bit\n" - -#: src/conf.c:238 -#, fuzzy, c-format -msgid "Cannot open config file %s: %m" -msgstr "¡No puedo abrir el fichero de configuración de `host' para mí!" - -#: src/conf.c:279 -#, fuzzy, c-format -msgid "Invalid variable name `%s' on line %d while reading config file %s" -msgstr "" -"Nombre de variable no válido en la linea %d del fichero de configuración %s" - -#: src/conf.c:286 -#, fuzzy, c-format -msgid "No value for variable `%s' on line %d while reading config file %s" -msgstr "" -"No hay valor para la variable en la linea %d del fichero de configuración %s" - -#: src/conf.c:294 -#, fuzzy, c-format -msgid "Invalid value for variable `%s' on line %d while reading config file %s" -msgstr "" -"Valor no válido para la variable en la linea %d del fichero de configuración " -"%s" - -#: src/conf.c:323 -#, c-format -msgid "Failed to read `%s': %m" -msgstr "" - -#: src/conf.c:384 -#, c-format -msgid "`%s' is not an absolute path" -msgstr "" - -#: src/conf.c:400 src/conf.c:433 -#, fuzzy, c-format -msgid "Couldn't stat `%s': %m" -msgstr "No pude abrir %s: %m" - -#: src/conf.c:407 src/conf.c:443 -#, c-format -msgid "`%s' is owned by UID %d instead of %d" -msgstr "" - -#: src/conf.c:414 src/conf.c:450 -#, c-format -msgid "Warning: `%s' is a symlink" -msgstr "" - -#: src/conf.c:419 src/conf.c:455 -#, c-format -msgid "Unable to read symbolic link `%s': %m" -msgstr "" - -#. Accessible by others -#: src/conf.c:466 -#, c-format -msgid "`%s' has unsecure permissions" -msgstr "" - -#. Ask for a file and/or directory name. -#: src/conf.c:491 -#, c-format -msgid "Please enter a file to save %s to [%s]: " -msgstr "" - -#: src/conf.c:497 -#, fuzzy, c-format -msgid "Error while reading stdin: %m\n" -msgstr "Error leyendo del dispositivo tap: %m" - -#: src/conf.c:523 -#, fuzzy, c-format -msgid "Error opening file `%s': %m\n" -msgstr "Error buscando `%s': %m" - -#: src/conf.c:533 -#, c-format -msgid "" -"The file `%s' (or any of the leading directories) has unsafe permissions.\n" -"I will not create or overwrite this file.\n" -msgstr "" - -#: src/connection.c:191 -#, fuzzy -msgid "Connection list:" -msgstr "Conexión desde %s puerto %d" - -#: src/connection.c:193 src/connection.c:200 -#, c-format -msgid " %s at %s port %hd options %ld sockets %d, %d status %04x" -msgstr "" - -#: src/connection.c:205 -#, fuzzy -msgid "End of connection list." -msgstr "Intentando conectar con %s" - -#: src/meta.c:53 -#, fuzzy, c-format -msgid "Sending %d bytes of metadata to %s (%s): %s" -msgstr "Enviando paquete de %d bytes a %s (%s)" - -#: src/meta.c:69 -#, fuzzy, c-format -msgid "Sending meta data to %s (%s) failed: %m" -msgstr "Error enviando paquete a %s (%s): %m" - -#: src/meta.c:100 -#, c-format -msgid "This is a bug: %s:%d: %d:%m %s (%s)" -msgstr "Esto es un `bug': %s:%d: %d:%m %s (%s)" - -#: src/meta.c:106 -#, fuzzy, c-format -msgid "Metadata socket error for %s (%s): %s" -msgstr "Error en el `socket' de datos salientes para %s (%s): %s" - -#: src/meta.c:123 src/protocol.c:1300 -#, fuzzy, c-format -msgid "Connection closed by %s (%s)" -msgstr "Cerrando conexión con %s (%s)" - -#: src/meta.c:130 -#, fuzzy, c-format -msgid "Metadata socket read error for %s (%s): %m" -msgstr "Error en el `socket' de datos salientes para %s (%s): %s" - -#: src/meta.c:161 -#, fuzzy, c-format -msgid "Got request from %s (%s): %s" -msgstr "Petición desconocida desde %s (%s)" - -#: src/meta.c:179 -#, fuzzy, c-format -msgid "Metadata read buffer overflow for %s (%s)" -msgstr "Desbordamiento del bufer de salida mientras enviaba %s a %s (%s)" - -#: src/net.c:119 -#, c-format -msgid "No valid key known yet for %s (%s), queueing packet" -msgstr "" -"No conozco ninguna clave válida para %s (%s) aún, pongo el paquete en cola" - -#: src/net.c:152 -#, c-format -msgid "Error sending packet to %s (%s): %m" -msgstr "Error enviando paquete a %s (%s): %m" - -#: src/net.c:163 -#, fuzzy, c-format -msgid "Received packet of %d bytes from %s (%s)" -msgstr "Enviando paquete de %d bytes a %s (%s)" - -#: src/net.c:192 -#, fuzzy, c-format -msgid "Writing packet of %d bytes to tap device" -msgstr "Enviando paquete de %d bytes a %s (%s)" - -#: src/net.c:198 -#, fuzzy, c-format -msgid "Can't write to tun/tap device: %m" -msgstr "No puedo escribir en el dispositivo tap: %m" - -#: src/net.c:205 -#, fuzzy, c-format -msgid "Can't write to ethertap device: %m" -msgstr "No puedo escribir en el dispositivo tap: %m" - -#: src/net.c:219 -#, c-format -msgid "Sending packet of %d bytes to %s (%s)" -msgstr "Enviando paquete de %d bytes a %s (%s)" - -#: src/net.c:226 -msgid "Packet is looping back to us!" -msgstr "" - -#: src/net.c:235 -#, fuzzy, c-format -msgid "%s (%s) is not active, dropping packet" -msgstr "%s (%s) no está listo, poniendo el paquete en cola" - -#: src/net.c:257 -#, fuzzy, c-format -msgid "Flushing queue for %s (%s)" -msgstr "Vaciando la cola de envíos para %s (%s)" - -#: src/net.c:304 -#, c-format -msgid "Could not open %s: %m" -msgstr "No pude abrir %s: %m" - -#: src/net.c:333 -#, c-format -msgid "%s is a new style tun/tap device" -msgstr "%s es un dispositivo tun/tap del nuevo estilo" - -#: src/net.c:358 -#, c-format -msgid "Creating metasocket failed: %m" -msgstr "Fallo al crear el metasocket: %m" - -#: src/net.c:366 src/net.c:410 src/net.c:441 src/net.c:496 src/net.c:982 -#: src/process.c:239 src/process.c:275 -#, c-format -msgid "System call `%s' failed: %m" -msgstr "" - -#: src/net.c:386 -#, c-format -msgid "Unable to bind listen socket to interface %s: %m" -msgstr "No puedo enlazar (bind) el `socket' de escucha a la interfaz %s: %m" - -#: src/net.c:403 -#, c-format -msgid "Can't bind to port %hd/tcp: %m" -msgstr "No puedo enlazar (bind) al puerto %hd/tcp: %m" - -#: src/net.c:431 -#, c-format -msgid "Creating socket failed: %m" -msgstr "Error al crear el `socket': %m" - -#: src/net.c:454 -#, c-format -msgid "Can't bind to port %hd/udp: %m" -msgstr "No puedo enlazar (bind) al puerto %hd/udp: %m" - -#: src/net.c:472 -#, c-format -msgid "Trying to connect to %s" -msgstr "Intentando conectar con %s" - -#: src/net.c:482 -#, c-format -msgid "Creating socket for %s port %d failed: %m" -msgstr "Error al crear el `socket' para %s puerto %d: %m" - -#: src/net.c:518 -#, c-format -msgid "%s port %hd: %m" -msgstr "%s puerto %hd: %m" - -#: src/net.c:526 -#, c-format -msgid "fcntl for %s port %d: %m" -msgstr "fcntl() para %s puerto %d: %m" - -#: src/net.c:532 -#, c-format -msgid "Connected to %s port %hd" -msgstr "Conectado a %s puerto %hd" - -#: src/net.c:551 -msgid "Invalid name for outgoing connection" -msgstr "Nombre no válido para conexión saliente" - -#: src/net.c:560 -#, c-format -msgid "Error reading host configuration file for %s" -msgstr "Error leyendo el fichero de configuración del `host' para %s" - -#: src/net.c:567 -#, c-format -msgid "No address specified for %s" -msgstr "No se especificó dirección para %s" - -#: src/net.c:574 -#, c-format -msgid "Error looking up `%s': %m" -msgstr "Error buscando `%s': %m" - -#: src/net.c:584 -#, c-format -msgid "Could not set up a meta connection to %s" -msgstr "No he podido configurar una meta conexión a %s" - -#: src/net.c:629 -#, fuzzy, c-format -msgid "Error reading RSA public key file `%s': %m" -msgstr "Error enviando paquete a %s (%s): %m" - -#: src/net.c:637 -#, fuzzy, c-format -msgid "Reading RSA public key file `%s' failed: %m" -msgstr "Error recibiendo paquete: %m" - -#. Nothing worked. -#: src/net.c:663 -#, c-format -msgid "No public key for %s specified!" -msgstr "" - -#: src/net.c:686 -#, fuzzy, c-format -msgid "Error reading RSA private key file `%s': %m" -msgstr "Error enviando paquete a %s (%s): %m" - -#: src/net.c:694 -#, c-format -msgid "Reading RSA private key file `%s' failed: %m" -msgstr "" - -#: src/net.c:701 -#, fuzzy -msgid "No private key for tinc daemon specified!" -msgstr "¡Se requiere un nombre para el demonio tinc!" - -#: src/net.c:725 -msgid "Name for tinc daemon required!" -msgstr "¡Se requiere un nombre para el demonio tinc!" - -#: src/net.c:733 -msgid "Invalid name for myself!" -msgstr "¡Nombre no válido para mí!" - -#: src/net.c:742 -msgid "Cannot open host configuration file for myself!" -msgstr "¡No puedo abrir el fichero de configuración de `host' para mí!" - -#: src/net.c:783 -msgid "Network address and subnet mask do not match!" -msgstr "" - -#: src/net.c:792 -#, fuzzy -msgid "Unable to set up a listening TCP socket!" -msgstr "¡No puedo configurar un `socket' a la escucha!" - -#: src/net.c:798 -#, fuzzy -msgid "Unable to set up a listening UDP socket!" -msgstr "¡No puedo configurar un `socket' a la escucha!" - -#: src/net.c:839 -#, c-format -msgid "Ready: listening on port %hd" -msgstr "Listo: escuchando en el puerto %hd" - -#: src/net.c:871 -#, c-format -msgid "Still failed to connect to other, will retry in %d seconds" -msgstr "Sigo sin poder conectar con el otro, lo reintentaré en %d segundos." - -#: src/net.c:924 -#, c-format -msgid "Trying to re-establish outgoing connection in %d seconds" -msgstr "Intento re-establecer la conexión saliente en %d segundos" - -#: src/net.c:999 -#, c-format -msgid "Connection from %s port %d" -msgstr "Conexión desde %s puerto %d" - -#: src/net.c:1047 -#, c-format -msgid "This is a bug: %s:%d: %d:%m" -msgstr "Esto es un `bug': %s:%d: %d:%m" - -#: src/net.c:1053 -#, c-format -msgid "Incoming data socket error: %s" -msgstr "Error en el `socket' de recepción de datos: %s" - -#: src/net.c:1059 -#, c-format -msgid "Receiving packet failed: %m" -msgstr "Error recibiendo paquete: %m" - -#: src/net.c:1067 -#, c-format -msgid "Received UDP packets on port %hd from unknown source %x:%hd" -msgstr "" - -#: src/net.c:1089 -#, c-format -msgid "Closing connection with %s (%s)" -msgstr "Cerrando conexión con %s (%s)" - -#: src/net.c:1140 -msgid "Trying to re-establish outgoing connection in 5 seconds" -msgstr "Intento re-establecer la conexión saliente en 5 segundos." - -#: src/net.c:1175 -#, c-format -msgid "%s (%s) didn't respond to PING" -msgstr "%s (%s) no respondió al PING" - -#: src/net.c:1202 -#, c-format -msgid "Accepting a new connection failed: %m" -msgstr "Error al aceptar una nueva conexión: %m" - -#: src/net.c:1210 -msgid "Closed attempted connection" -msgstr "Se ha cerrado la conexión que se intentaba realizar." - -#: src/net.c:1267 -#, fuzzy, c-format -msgid "Error while reading from tun/tap device: %m" -msgstr "Error leyendo del dispositivo tap: %m" - -#: src/net.c:1276 -#, fuzzy, c-format -msgid "Error while reading from ethertap device: %m" -msgstr "Error leyendo del dispositivo tap: %m" - -#: src/net.c:1287 -msgid "Received short packet from tap device" -msgstr "" - -#: src/net.c:1293 -#, c-format -msgid "Read packet of length %d from tap device" -msgstr "" - -#: src/net.c:1325 -#, c-format -msgid "Error while waiting for input: %m" -msgstr "Error esperando entrada: %m" - -#: src/net.c:1332 -#, fuzzy -msgid "Rereading configuration file and restarting in 5 seconds" -msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." - -#: src/net.c:1339 -#, fuzzy -msgid "Unable to reread configuration file, exiting" -msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." - -#: src/net.c:1365 -#, fuzzy -msgid "Regenerating symmetric key" -msgstr "Generando claves de %d bits" - -#: src/netutl.c:95 -#, c-format -msgid "Error looking up `%s': %s\n" -msgstr "Error buscando `%s': %s\n" - -#: src/protocol.c:103 -#, c-format -msgid "Output buffer overflow while sending %s to %s (%s)" -msgstr "Desbordamiento del bufer de salida mientras enviaba %s a %s (%s)" - -#: src/protocol.c:110 -#, c-format -msgid "Sending %s to %s (%s)" -msgstr "Enviando %s a %s (%s)" - -#: src/protocol.c:124 -#, c-format -msgid "Unknown request from %s (%s)" -msgstr "Petición desconocida desde %s (%s)" - -#: src/protocol.c:131 -#, c-format -msgid "Got %s from %s (%s)" -msgstr "He recibido %s desde %s (%s)" - -#: src/protocol.c:137 -#, fuzzy, c-format -msgid "Unauthorized request from %s (%s)" -msgstr "Petición desconocida desde %s (%s)" - -#: src/protocol.c:144 -#, c-format -msgid "Error while processing %s from %s (%s)" -msgstr "Error al procesar %s desde %s (%s)" - -#: src/protocol.c:151 -#, c-format -msgid "Bogus data received from %s (%s)" -msgstr "Se han recibido datos sin sentido desde %s (%s)." - -#: src/protocol.c:203 -#, c-format -msgid "Got bad ID from %s" -msgstr "Recibí una ID incorrecta desde %s" - -#: src/protocol.c:211 -#, c-format -msgid "Peer %s (%s) uses incompatible version %d" -msgstr "La máquina remota %s (%s) usa una versión (%d) incompatible." - -#: src/protocol.c:220 -#, c-format -msgid "Peer %s uses invalid identity name" -msgstr "La máquina remota %s usa un nombre de identidad no válido" - -#: src/protocol.c:232 -#, c-format -msgid "Peer %s had unknown identity (%s)" -msgstr "La máquina remota %s tiene una identidad desconocida (%s)" - -#: src/protocol.c:246 -#, c-format -msgid "Uplink %s (%s) is already in our connection list" -msgstr "El enlace %s (%s) ya está en nuestra lista de conexiones." - -#: src/protocol.c:289 -#, c-format -msgid "Removing old entry for %s at %s in favour of new connection from %s" -msgstr "" -"Eliminando el registro viejo para %s en %s en favor de la nueva conexión " -"desde %s" - -#: src/protocol.c:304 -#, c-format -msgid "Connection with %s (%s) activated" -msgstr "Activada la conexión con %s (%s)." - -#: src/protocol.c:400 -#, c-format -msgid "Got bad CHALLENGE from %s (%s)" -msgstr "Recibí CHALLENGE incorrecta desde %s (%s)" - -#: src/protocol.c:410 -#, c-format -msgid "Intruder: wrong challenge length from %s (%s)" -msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" - -#: src/protocol.c:436 -#, c-format -msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" -msgstr "Intento enviar CHAL_REPLY a %s (%s) sin un CHALLENGE válido" - -#: src/protocol.c:462 -#, c-format -msgid "Got bad CHAL_REPLY from %s (%s)" -msgstr "Recibí CHAL_REPLY incorrecta desde %s (%s)" - -#: src/protocol.c:470 -#, c-format -msgid "Intruder: wrong challenge reply length from %s (%s)" -msgstr "Intruso: longitud de respuesta de desafío incorrecta desde %s (%s)" - -#: src/protocol.c:486 -#, c-format -msgid "Intruder: wrong challenge reply from %s (%s)" -msgstr "Intruso: respuesta de desafío incorrecta desde %s (%s)" - -#: src/protocol.c:491 -#, c-format -msgid "Expected challenge reply: %s" -msgstr "" - -#: src/protocol.c:540 -#, c-format -msgid "Generated random meta key (unencrypted): %s" -msgstr "" - -#: src/protocol.c:552 src/protocol.c:615 -#, fuzzy, c-format -msgid "Error during encryption of meta key for %s (%s)" -msgstr "Error enviando paquete a %s (%s): %m" - -#: src/protocol.c:585 -#, fuzzy, c-format -msgid "Got bad METAKEY from %s (%s)" -msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" - -#: src/protocol.c:595 -#, fuzzy, c-format -msgid "Intruder: wrong meta key length from %s (%s)" -msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" - -#: src/protocol.c:623 -#, c-format -msgid "Received random meta key (unencrypted): %s" -msgstr "" - -#: src/protocol.c:669 -#, c-format -msgid "Got bad ADD_SUBNET from %s (%s)" -msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s)" - -#: src/protocol.c:677 -#, c-format -msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" -msgstr "" -"Recibí ADD_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" - -#: src/protocol.c:685 -#, c-format -msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" -msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s): cadena de subred no válida" - -#: src/protocol.c:693 -#, c-format -msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" -msgstr "" -"Aviso: recibí ADD_SUBNET desde %s (%s) para nosotros mismos, reiniciando" - -#: src/protocol.c:703 -#, c-format -msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" -msgstr "" -"Recibí ADD_SUBNET para %s desde %s (%s) que no está en nuestra lista de " -"conexiones" - -#: src/protocol.c:751 -#, c-format -msgid "Got bad DEL_SUBNET from %s (%s)" -msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s)" - -#: src/protocol.c:759 -#, c-format -msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" -msgstr "" -"Recibí DEL_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" - -#: src/protocol.c:767 -#, c-format -msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" -msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s): cadena de subred no válida" - -#: src/protocol.c:777 -#, c-format -msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" -msgstr "" -"Aviso: recibí DEL_SUBNET desde %s (%s) para nosotros mismos, reiniciando" - -#: src/protocol.c:787 -#, c-format -msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" -msgstr "" -"Recibí DEL_SUBNET para %s desde %s (%s) que no está en nuestra lista de " -"conexiones" - -#: src/protocol.c:830 -#, c-format -msgid "Got bad ADD_HOST from %s (%s)" -msgstr "Recibí ADD_HOST incorrecta desde %s (%s)" - -#: src/protocol.c:838 -#, c-format -msgid "Got bad ADD_HOST from %s (%s): invalid identity name" -msgstr "" -"Recibí ADD_HOST incorrecta desde %s (%s): nombre de identidad no válido" - -#: src/protocol.c:847 -#, c-format -msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" -msgstr "Aviso: recibí ADD_HOST desde %s (%s) para nosotros mismos, reiniciando" - -#: src/protocol.c:864 -#, c-format -msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" -msgstr "Recibí un ADD_HOST duplicado desde %s (%s) para %s (%s)" - -#: src/protocol.c:872 -#, fuzzy, c-format -msgid "Removing old entry for %s (%s) in favour of new connection" -msgstr "" -"Eliminando el registro viejo para %s en %s en favor de la nueva conexión " -"desde %s" - -#: src/protocol.c:925 -#, c-format -msgid "Got bad DEL_HOST from %s (%s)" -msgstr "Recibí DEL_HOST incorrecta desde %s (%s)" - -#: src/protocol.c:934 -#, c-format -msgid "Got bad DEL_HOST from %s (%s): invalid identity name" -msgstr "" -"Recibí DEL_HOST incorrecta desde %s (%s): nombre de identidad no válido" - -#: src/protocol.c:942 -#, c-format -msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" -msgstr "Aviso: recibí DEL_HOST desde %s (%s) para nosotros mismos, reiniciando" - -#: src/protocol.c:952 -#, c-format -msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" -msgstr "" -"Recibí DEL_HOST desde %s (%s) para %s que no está en nuestra lista de " -"conexiones" - -#: src/protocol.c:961 -#, c-format -msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" -msgstr "Recibí DEL_HOST desde %s (%s) para %s que no concuerda" - -#: src/protocol.c:1000 -#, c-format -msgid "Got bad STATUS from %s (%s)" -msgstr "Recibí STATUS incorrecta desde %s (%s)" - -#: src/protocol.c:1007 -#, c-format -msgid "Status message from %s (%s): %s: %s" -msgstr "Mensaje de status desde %s (%s): %s: %s" - -#: src/protocol.c:1030 -#, c-format -msgid "Got bad ERROR from %s (%s)" -msgstr "Recibí ERROR incorrecta desde %s (%s)" - -#: src/protocol.c:1037 -#, c-format -msgid "Error message from %s (%s): %s: %s" -msgstr "Mensaje de error desde %s (%s): %s: %s" - -#: src/protocol.c:1114 -#, c-format -msgid "Got bad KEY_CHANGED from %s (%s)" -msgstr "Recibí KEY_CHANGED incorrecto desde %s (%s)" - -#: src/protocol.c:1121 -#, c-format -msgid "" -"Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " -"connection list" -msgstr "" -"Recibí KEY_CHANGED desde %s (%s) origen %s que no está en nuestra lista de " -"conexiones" - -#: src/protocol.c:1150 -#, c-format -msgid "Got bad REQ_KEY from %s (%s)" -msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" - -#: src/protocol.c:1157 -#, c-format -msgid "" -"Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " -"list" -msgstr "" -"Recibí REQ_KEY desde %s (%s) origen %s que no está en nuestra lista de " -"conexiones" - -#: src/protocol.c:1174 -#, c-format -msgid "" -"Got REQ_KEY from %s (%s) destination %s which does not exist in our " -"connection list" -msgstr "" -"Recibí REQ_KEY desde %s (%s) destino %s que no está en nuestra lista de " -"conexiones" - -#: src/protocol.c:1210 -#, c-format -msgid "Got bad ANS_KEY from %s (%s)" -msgstr "Recibí ANS_KEY incorrecta desde %s (%s)" - -#: src/protocol.c:1217 -#, c-format -msgid "" -"Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " -"list" -msgstr "" -"Recibí ANS_KEY desde %s (%s) origen %s que no está en nuestra lista de " -"conexiones" - -#: src/protocol.c:1228 -#, fuzzy, c-format -msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" -msgstr "Recibí ANS_KEY incorrecta desde %s (%s) origen %s: clave no válida" - -#: src/protocol.c:1239 -#, c-format -msgid "" -"Got ANS_KEY from %s (%s) destination %s which does not exist in our " -"connection list" -msgstr "" -"Recibí ANS_KEY desde %s (%s) destino %s que no está en nuestra lista de " -"conexiones" - -#: src/protocol.c:1284 -#, fuzzy, c-format -msgid "Got bad PACKET from %s (%s)" -msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" - -#: src/protocol.c:1305 -#, fuzzy, c-format -msgid "Error during reception of PACKET from %s (%s): %m" -msgstr "Error enviando paquete a %s (%s): %m" - -#: src/subnet.c:108 -#, c-format -msgid "subnet_compare() was called with unknown subnet type %d, restarting!" -msgstr "" - -#. Do some intl stuff right now -#: src/subnet.c:251 src/tincd.c:310 -msgid "unknown" -msgstr "desconocido" - -#: src/subnet.c:314 -msgid "Subnet list:" -msgstr "" - -#: src/subnet.c:322 -msgid "End of subnet list." -msgstr "" - -#: src/tincd.c:116 -#, c-format -msgid "Try `%s --help' for more information.\n" -msgstr "Pruebe `%s --help' para más información.\n" - -#: src/tincd.c:119 -#, c-format -msgid "" -"Usage: %s [option]...\n" -"\n" -msgstr "" -"Modo de empleo: %s [opción]...\n" -"\n" - -#: src/tincd.c:120 -#, fuzzy -msgid "" -" -c, --config=DIR Read configuration options from DIR.\n" -" -D, --no-detach Don't fork and detach.\n" -" -d Increase debug level.\n" -" -k, --kill Attempt to kill a running tincd and exit.\n" -" -n, --net=NETNAME Connect to net NETNAME.\n" -msgstr "" -" -c, --config=DIR Lee opciones de configuración del directorio DIR.\n" -" -D, --no-detach No hagas fork() y liberes la terminal.\n" -" -d Aumenta el nivel de depuración.\n" -" -k, --kill Intenta eliminar un tincd en ejecución y termina.\n" -" -n, --net=NOMBREDERED Conecta a la red NOMBREDERED.\n" -" -t, --timeout=TIMEOUT Segundos a esperar antes de dar un timeout.\n" - -#: src/tincd.c:125 -#, fuzzy -msgid "" -" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" -" --help Display this help and exit.\n" -" --version Output version information and exit.\n" -"\n" -msgstr "" -" --help Muestra esta ayuda y termina.\n" -" --version Muestra información de la versión y termina.\n" -"\n" - -#: src/tincd.c:128 -msgid "Report bugs to tinc@nl.linux.org.\n" -msgstr "Comunicar `bugs' a tinc@nl.linux.org.\n" - -#: src/tincd.c:171 -#, c-format -msgid "" -"Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" -msgstr "" - -#: src/tincd.c:232 -#, c-format -msgid "Generating %d bits keys:\n" -msgstr "Generando claves de %d bits:\n" - -#: src/tincd.c:237 -msgid "Error during key generation!" -msgstr "" - -#: src/tincd.c:241 -msgid "Done.\n" -msgstr "Hecho.\n" - -#: src/tincd.c:248 -#, fuzzy -msgid "public RSA key" -msgstr "Clave pública: %s\n" - -#: src/tincd.c:252 src/tincd.c:263 -msgid "" -"Appending key to existing contents.\n" -"Make sure only one key is stored in the file.\n" -msgstr "" - -#: src/tincd.c:259 -#, fuzzy -msgid "private RSA key" -msgstr "Clave privada: %s\n" - -#: src/tincd.c:284 -msgid "Both netname and configuration directory given, using the latter..." -msgstr "" - -#: src/tincd.c:317 -#, c-format -msgid "%s version %s (built %s %s, protocol %d)\n" -msgstr "%s versión %s (compilado %s %s, protocolo %d)\n" - -#: src/tincd.c:318 -#, fuzzy -msgid "" -"Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" -"See the AUTHORS file for a complete list.\n" -"\n" -"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" -"and you are welcome to redistribute it under certain conditions;\n" -"see the file COPYING for details.\n" -msgstr "" -"Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen y otros,\n" -"vea el fichero AUTHORS para una lista completa.\n" -"\n" -"tinc viene SIN NINGUNA GARANTÍA. Esto es software libre,\n" -"y puede ser redistribuido bajo ciertas condiciones;\n" -"vea el fichero COPYING para los detalles.\n" - -#: src/tincd.c:332 -#, fuzzy -msgid "You must be root to run this program.\n" -msgstr "" -"Usted debe ser el superusuario para ejecutar este programa. Lo siento.\n" - -#: src/tincd.c:372 -msgid "Unrecoverable error" -msgstr "Error irrecuperable" - -#: src/tincd.c:377 -#, c-format -msgid "Restarting in %d seconds!" -msgstr "¡Reiniciando en %d segundos!" - -#: src/process.c:338 src/tincd.c:382 -#, fuzzy -msgid "Not restarting." -msgstr "¡Aayyy! No reinicio." - -#: src/process.c:60 -#, fuzzy, c-format -msgid "Memory exhausted (couldn't allocate %d bytes), exiting." -msgstr "" -"Memoria agotada (la última es %s:%d) (no pude asignar %d bytes), terminando." - -#: src/process.c:88 -#, c-format -msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" -msgstr "" -"Total de bytes escritos: tap %d, socket %d; bytes leidos: tap %d, socket %d." - -#: src/process.c:91 -msgid "Terminating" -msgstr "Terminando" - -#: src/process.c:107 -#, c-format -msgid "A tincd is already running for net `%s' with pid %d.\n" -msgstr "" -"Un tincd está actualmente en ejecución para la red `%s' con el pid %d.\n" - -#: src/process.c:110 -#, c-format -msgid "A tincd is already running with pid %d.\n" -msgstr "Un tincd está actualmente en ejecución con el pid %d.\n" - -#: src/process.c:131 -#, c-format -msgid "No other tincd is running for net `%s'.\n" -msgstr "No hay ningún otro tincd en ejecución para la red `%s'.\n" - -#: src/process.c:133 -msgid "No other tincd is running.\n" -msgstr "No hay ningún otro tincd en ejecución.\n" - -#: src/process.c:140 -msgid "Removing stale lock file.\n" -msgstr "Borrando fichero de bloqueo en desuso.\n" - -#: src/process.c:167 -#, c-format -msgid "Couldn't detach from terminal: %m" -msgstr "" - -#: src/process.c:180 -#, c-format -msgid "tincd %s (%s %s) starting, debug level %d" -msgstr "tincd %s (%s %s) comenzando, nivel de depuración %d." - -#: src/process.c:183 -#, c-format -msgid "tincd %s starting" -msgstr "tincd %s comenzando" - -#: src/process.c:247 -#, c-format -msgid "Executing script %s" -msgstr "" - -#: src/process.c:255 -#, c-format -msgid "Process %d (%s) exited with non-zero status %d" -msgstr "" - -#: src/process.c:263 -#, c-format -msgid "Process %d (%s) was killed by signal %d (%s)" -msgstr "" - -#: src/process.c:269 -#, c-format -msgid "Process %d (%s) terminated abnormally" -msgstr "" - -#: src/process.c:294 -msgid "Got TERM signal" -msgstr "Recibí la señal TERM" - -#: src/process.c:303 -msgid "Got QUIT signal" -msgstr "Recibí la señal QUIT" - -#: src/process.c:310 -msgid "Got another SEGV signal: not restarting" -msgstr "Recibí otra señal SEGV: no reinicio" - -#: src/process.c:319 -msgid "Got SEGV signal" -msgstr "Recibí la señal SEGV" - -#: src/process.c:324 -msgid "Trying to re-execute in 5 seconds..." -msgstr "Intento re-ejecutar en 5 segundos." - -#: src/process.c:347 -#, fuzzy -msgid "Got HUP signal" -msgstr "Recibí la señal QUIT" - -#: src/process.c:355 -msgid "Got INT signal, exiting" -msgstr "Recibí la señal INT, saliendo" - -#: src/process.c:374 -#, c-format -msgid "Got unexpected signal %d (%s)" -msgstr "Recibí una señal inesperada %d (%s)." - -#: src/process.c:419 -#, c-format -msgid "Installing signal handler for signal %d (%s) failed: %m\n" -msgstr "" - -#: src/route.c:56 -#, c-format -msgid "Learned new MAC address %x:%x:%x:%x:%x:%x from %s (%s)" -msgstr "" - -#: src/route.c:84 -#, c-format -msgid "Cannot route packet: unknown destination address %x:%x:%x:%x:%x:%x" -msgstr "" - -#: src/route.c:111 -#, c-format -msgid "Cannot route packet: unknown destination address %d.%d.%d.%d" -msgstr "" - -#: src/route.c:126 -msgid "Cannot route packet: IPv6 routing not yet implemented" -msgstr "" - -#: src/route.c:155 -#, c-format -msgid "Cannot route packet: unknown type %hx" -msgstr "" - -#, fuzzy -#~ msgid "Got packet of %d bytes from %s (%s)" -#~ msgstr "Enviando paquete de %d bytes a %s (%s)" - -#~ msgid "Trying to look up %d.%d.%d.%d in connection list failed!" -#~ msgstr "¡Error intentando buscar %d.%d.%d.%d en la lista de conexiones!" - -#~ msgid "Opening UDP socket to %s" -#~ msgstr "Abriendo `socket' UDP a %s" - -#~ msgid "Creating UDP socket failed: %m" -#~ msgstr "Error al crear el `socket' UDP: %m" - -#~ msgid "Connecting to %s port %d failed: %m" -#~ msgstr "Error al conectar a %s puerto %d: %m" - -#, fuzzy -#~ msgid "Error during encryption of challenge for %s (%s)" -#~ msgstr "Error leyendo el fichero de configuración del `host' para %s" - -#~ msgid "Queue flushed" -#~ msgstr "Cola vaciada" - -#~ msgid "Flushing receive queue for %s (%s)" -#~ msgstr "Vaciando la cola de recepción para %s (%s)" - -#~ msgid "%s: option `%s' is ambiguous\n" -#~ msgstr "%s: la opción `%s' es ambigua\n" - -#~ msgid "%s: option `--%s' doesn't allow an argument\n" -#~ msgstr "%s: la opción `--%s' no lleva parámetros\n" - -#~ msgid "%s: option `%c%s' doesn't allow an argument\n" -#~ msgstr "%s: la opción `%c%s' no lleva parámetros\n" - -#~ msgid "%s: option `%s' requires an argument\n" -#~ msgstr "%s: la opción `%s' requiere un parámetro\n" - -#~ msgid "%s: unrecognized option `--%s'\n" -#~ msgstr "%s: opción desconocida `--%s'\n" - -#~ msgid "%s: unrecognized option `%c%s'\n" -#~ msgstr "%s: opción desconocida `%c%s'\n" - -#~ msgid "%s: illegal option -- %c\n" -#~ msgstr "%s: opción ilegal -- %c\n" - -#~ msgid "%s: invalid option -- %c\n" -#~ msgstr "%s: opción no válida --%c\n" - -#~ msgid "%s: option requires an argument -- %c\n" -#~ msgstr "%s: la opción requiere un parámetro -- %c\n" - -#~ msgid "%s: option `-W %s' is ambiguous\n" -#~ msgstr "%s: la opción `-W %s' es ambigua\n" - -#~ msgid "%s: option `-W %s' doesn't allow an argument\n" -#~ msgstr "%s: la opción `-W %s' no lleva parámetros\n" - -#~ msgid "List callback[delete] failed for %08lx - freeing anyway" -#~ msgstr "" -#~ "El callback[delete] de la lista falló para %08lx - liberándolo de todos modos" - -#~ msgid "Memory exhausted" -#~ msgstr "Memoria agotada" - -#~ msgid "Line %d too long while reading config file %s" -#~ msgstr "La línea %d es demasiado larga en el fichero de configuración %s" - -#~ msgid "Illegal passphrase in %s; size would be %d" -#~ msgstr "Frase ilegal en %s; el tamaño debe ser %d" - -#~ msgid "Opening /dev/urandom failed: %m" -#~ msgstr "Fallo al abrir /dev/urandom: %m" - -#~ msgid "Encryption key set to %s" -#~ msgstr "Clave de cifrado definida como %s" - -#~ msgid "Usage: %s bits\n" -#~ msgstr "Modo de empleo: %s bits\n" - -#~ msgid "Illegal number: %s\n" -#~ msgstr "Número ilegal: %s\n" - -#~ msgid "Receiving packet of %d bytes" -#~ msgstr "Recibido paquete de %d bytes" - -#~ msgid "Could not open UDP connection to %s (%s)" -#~ msgstr "No pude abrir una conexión UDP a %s (%s)" - -#~ msgid "tun/tap device will be left unconfigured" -#~ msgstr "el dispositivo tun/tap se dejará sin configurar" - -#~ msgid "setsockopt: %m" -#~ msgstr "setsockopt(): %m" - -#~ msgid "fcntl: %m" -#~ msgstr "fcntl(): %m" - -#~ msgid "listen: %m" -#~ msgstr "listen(): %m" - -#~ msgid "Unable to set up an incoming vpn data socket!" -#~ msgstr "¡No puedo configurar un `socket' para recibir datos de la vpn!" - -#~ msgid "Error: getpeername: %m" -#~ msgstr "Error: getpeername(): %m" - -#~ msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" -#~ msgstr "Trama ethernet no-IP %04x desde %02x:%02x:%02x:%02x:%02x:%02x" - -#~ msgid "Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x" -#~ msgstr "Ignorando paquete corto desde %02x:%02x:%02x:%02x:%02x:%02x" - -#~ msgid "Warning: got ADD_HOST from %s (%s) from ourself, restarting" -#~ msgstr "" -#~ "Aviso: recibí ADD_HOST desde %s (%s) de nosotros mismos, reiniciando" - -#~ msgid "" -#~ "Got ADD_HOST from %s (%s) with origin %s which is not in our connection list" -#~ msgstr "" -#~ "Recibí ADD_HOST desde %s (%s) con origen %s que no está en nuestra lista de " -#~ "conexiones" - -#~ msgid "Removing old entry for %s (%s)" -#~ msgstr "Eliminando el registro viejo para %s (%s)" - -#~ msgid "Warning: got DEL_HOST from %s (%s) from ourself, restarting" -#~ msgstr "" -#~ "Aviso: recibí DEL_HOST desde %s (%s) de nosotros mismos, reiniciando" - -#~ msgid "" -#~ "Got DEL_HOST from %s (%s) with origin %s which is not in our connection list" -#~ msgstr "" -#~ "Recibí DEL_HOST desde %s (%s) con origen %s que no está en nuestra lista de " -#~ "conexiones" - -#~ msgid "Invalid timeout value `%s'.\n" -#~ msgstr "Valor de timeout `%s' no válido.\n" - -#~ msgid "Got USR2 signal, forcing new key generation" -#~ msgstr "Recibí la señal USR2, forzando generación de nueva clave" From 77f635e871060f63c3e62fcf879d184326c690a4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 29 Jun 2001 10:27:33 +0000 Subject: [PATCH 412/923] ABOUT-NLS is created by autogen.sh. --- ABOUT-NLS | 292 ---------------------------------------------------- Makefile.am | 4 +- 2 files changed, 2 insertions(+), 294 deletions(-) delete mode 100644 ABOUT-NLS diff --git a/ABOUT-NLS b/ABOUT-NLS deleted file mode 100644 index d5621349..00000000 --- a/ABOUT-NLS +++ /dev/null @@ -1,292 +0,0 @@ -Notes on the Free Translation Project -************************************* - - Free software is going international! The Free Translation Project -is a way to get maintainers of free software, translators, and users all -together, so that will gradually become able to speak many languages. -A few packages already provide translations for their messages. - - If you found this `ABOUT-NLS' file inside a distribution, you may -assume that the distributed package does use GNU `gettext' internally, -itself available at your nearest GNU archive site. But you do _not_ -need to install GNU `gettext' prior to configuring, installing or using -this package with messages translated. - - Installers will find here some useful hints. These notes also -explain how users should proceed for getting the programs to use the -available translations. They tell how people wanting to contribute and -work at translations should contact the appropriate team. - - When reporting bugs in the `intl/' directory or bugs which may be -related to internationalization, you should tell about the version of -`gettext' which is used. The information can be found in the -`intl/VERSION' file, in internationalized packages. - -Quick configuration advice -========================== - - If you want to exploit the full power of internationalization, you -should configure it using - - ./configure --with-included-gettext - -to force usage of internationalizing routines provided within this -package, despite the existence of internationalizing capabilities in the -operating system where this package is being installed. So far, only -the `gettext' implementation in the GNU C library version 2 provides as -many features (such as locale alias, message inheritance, automatic -charset conversion or plural form handling) as the implementation here. -It is also not possible to offer this additional functionality on top -of a `catgets' implementation. Future versions of GNU `gettext' will -very likely convey even more functionality. So it might be a good idea -to change to GNU `gettext' as soon as possible. - - So you need _not_ provide this option if you are using GNU libc 2 or -you have installed a recent copy of the GNU gettext package with the -included `libintl'. - -INSTALL Matters -=============== - - Some packages are "localizable" when properly installed; the -programs they contain can be made to speak your own native language. -Most such packages use GNU `gettext'. Other packages have their own -ways to internationalization, predating GNU `gettext'. - - By default, this package will be installed to allow translation of -messages. It will automatically detect whether the system already -provides the GNU `gettext' functions. If not, the GNU `gettext' own -library will be used. This library is wholly contained within this -package, usually in the `intl/' subdirectory, so prior installation of -the GNU `gettext' package is _not_ required. Installers may use -special options at configuration time for changing the default -behaviour. The commands: - - ./configure --with-included-gettext - ./configure --disable-nls - -will respectively bypass any pre-existing `gettext' to use the -internationalizing routines provided within this package, or else, -_totally_ disable translation of messages. - - When you already have GNU `gettext' installed on your system and run -configure without an option for your new package, `configure' will -probably detect the previously built and installed `libintl.a' file and -will decide to use this. This might be not what is desirable. You -should use the more recent version of the GNU `gettext' library. I.e. -if the file `intl/VERSION' shows that the library which comes with this -package is more recent, you should use - - ./configure --with-included-gettext - -to prevent auto-detection. - - The configuration process will not test for the `catgets' function -and therefore it will not be used. The reason is that even an -emulation of `gettext' on top of `catgets' could not provide all the -extensions of the GNU `gettext' library. - - Internationalized packages have usually many `po/LL.po' files, where -LL gives an ISO 639 two-letter code identifying the language. Unless -translations have been forbidden at `configure' time by using the -`--disable-nls' switch, all available translations are installed -together with the package. However, the environment variable `LINGUAS' -may be set, prior to configuration, to limit the installed set. -`LINGUAS' should then contain a space separated list of two-letter -codes, stating which languages are allowed. - -Using This Package -================== - - As a user, if your language has been installed for this package, you -only have to set the `LANG' environment variable to the appropriate -`LL_CC' combination. Here `LL' is an ISO 639 two-letter language code, -and `CC' is an ISO 3166 two-letter country code. For example, let's -suppose that you speak German and live in Germany. At the shell -prompt, merely execute `setenv LANG de_DE' (in `csh'), -`export LANG; LANG=de_DE' (in `sh') or `export LANG=de_DE' (in `bash'). -This can be done from your `.login' or `.profile' file, once and for -all. - - You might think that the country code specification is redundant. -But in fact, some languages have dialects in different countries. For -example, `de_AT' is used for Austria, and `pt_BR' for Brazil. The -country code serves to distinguish the dialects. - - Not all programs have translations for all languages. By default, an -English message is shown in place of a nonexistent translation. If you -understand other languages, you can set up a priority list of languages. -This is done through a different environment variable, called -`LANGUAGE'. GNU `gettext' gives preference to `LANGUAGE' over `LANG' -for the purpose of message handling, but you still need to have `LANG' -set to the primary language; this is required by other parts of the -system libraries. For example, some Swedish users who would rather -read translations in German than English for when Swedish is not -available, set `LANGUAGE' to `sv:de' while leaving `LANG' to `sv_SE'. - - In the `LANGUAGE' environment variable, but not in the `LANG' -environment variable, `LL_CC' combinations can be abbreviated as `LL' -to denote the language's main dialect. For example, `de' is equivalent -to `de_DE' (German as spoken in Germany), and `pt' to `pt_PT' -(Portuguese as spoken in Portugal) in this context. - -Translating Teams -================= - - For the Free Translation Project to be a success, we need interested -people who like their own language and write it well, and who are also -able to synergize with other translators speaking the same language. -Each translation team has its own mailing list. The up-to-date list of -teams can be found at the Free Translation Project's homepage, -`http://www.iro.umontreal.ca/contrib/po/HTML/', in the "National teams" -area. - - If you'd like to volunteer to _work_ at translating messages, you -should become a member of the translating team for your own language. -The subscribing address is _not_ the same as the list itself, it has -`-request' appended. For example, speakers of Swedish can send a -message to `sv-request@li.org', having this message body: - - subscribe - - Keep in mind that team members are expected to participate -_actively_ in translations, or at solving translational difficulties, -rather than merely lurking around. If your team does not exist yet and -you want to start one, or if you are unsure about what to do or how to -get started, please write to `translation@iro.umontreal.ca' to reach the -coordinator for all translator teams. - - The English team is special. It works at improving and uniformizing -the terminology in use. Proven linguistic skill are praised more than -programming skill, here. - -Available Packages -================== - - Languages are not equally supported in all packages. The following -matrix shows the current state of internationalization, as of July -2000. The matrix shows, in regard of each package, for which languages -PO files have been submitted to translation coordination, with a -translation percentage of at least 50%. - - Ready PO files bg cs da de el en eo es et fi fr gl hr id it - .----------------------------------------------. - a2ps | [] [] | - bash | [] [] [] | - bison | [] [] [] [] | - clisp | [] [] [] [] | - cpio | [] [] [] | - diffutils | [] [] [] [] [] | - enscript | [] [] | - error | [] | - fileutils | [] [] [] [] [] [] [] [] | - findutils | [] [] [] [] [] [] | - flex | [] [] | - gcal | | - gcc | | - gettext | [] [] [] [] [] [] [] [] [] | - gnupg | [] [] [] [] | - grep | [] [] [] [] [] [] [] [] [] [] | - hello | [] [] [] [] [] [] [] | - id-utils | [] | - indent | [] [] [] [] [] | - libc | [] [] [] [] [] [] [] [] | - lilypond | | - lynx | [] [] [] | - m4 | [] [] [] [] [] [] | - make | [] [] [] [] | - music | [] | - parted | [] [] | - ptx | [] [] [] [] [] [] [] | - python | | - recode | [] [] [] [] [] [] [] | - sed | [] [] [] [] [] [] [] | - sh-utils | [] [] [] [] [] [] [] [] [] | - sharutils | [] [] [] [] [] [] | - tar | [] [] [] [] [] [] [] | - texinfo | [] [] [] [] | - textutils | [] [] [] [] [] [] [] | - util-linux | | - wdiff | [] [] [] [] [] | - wget | [] [] [] [] [] [] [] [] | - `----------------------------------------------' - bg cs da de el en eo es et fi fr gl hr id it - 1 14 15 28 11 1 4 19 12 1 30 16 0 3 12 - - ja ko lv nl no pl pt pt_BR ru sk sl sv zh - .-------------------------------------------. - a2ps | [] [] [] | 5 - bash | | 3 - bison | [] [] [] | 7 - clisp | [] | 5 - cpio | [] [] [] [] [] | 8 - diffutils | [] [] [] | 8 - enscript | [] [] | 4 - error | | 1 - fileutils | [] [] [] [] [] [] [] [] [] | 17 - findutils | [] [] [] [] [] [] | 12 - flex | [] [] [] | 5 - gcal | | 0 - gcc | [] | 1 - gettext | [] [] [] [] [] [] [] [] [] | 18 - gnupg | [] [] [] | 7 - grep | [] [] [] [] [] [] [] | 17 - hello | [] [] [] [] [] [] [] [] | 15 - id-utils | [] [] [] | 4 - indent | [] [] [] [] [] | 10 - libc | [] [] [] [] [] [] [] [] | 16 - lilypond | [] [] | 2 - lynx | [] [] [] [] | 7 - m4 | [] [] [] [] [] | 11 - make | [] [] [] [] [] | 9 - music | [] | 2 - parted | [] [] [] [] | 6 - ptx | [] [] [] [] [] [] | 13 - python | | 0 - recode | [] [] [] | 10 - sed | [] [] [] [] [] [] [] | 14 - sh-utils | [] [] [] [] [] [] [] [] [] [] | 19 - sharutils | [] [] [] [] | 10 - tar | [] [] [] [] [] [] [] [] | 15 - texinfo | [] [] | 6 - textutils | [] [] [] [] [] [] [] [] | 15 - util-linux | [] | 1 - wdiff | [] [] [] [] [] | 10 - wget | [] [] [] [] [] [] [] [] [] | 17 - `-------------------------------------------' - 28 teams ja ko lv nl no pl pt pt_BR ru sk sl sv zh - 38 domains 20 8 0 25 6 18 1 16 27 9 10 20 3 330 - - Some counters in the preceding matrix are higher than the number of -visible blocks let us expect. This is because a few extra PO files are -used for implementing regional variants of languages, or language -dialects. - - For a PO file in the matrix above to be effective, the package to -which it applies should also have been internationalized and -distributed as such by its maintainer. There might be an observable -lag between the mere existence a PO file and its wide availability in a -distribution. - - If July 2000 seems to be old, you may fetch a more recent copy of -this `ABOUT-NLS' file on most GNU archive sites. The most up-to-date -matrix with full percentage details can be found at -`http://www.iro.umontreal.ca/contrib/po/HTML/matrix.html'. - -Using `gettext' in new packages -=============================== - - If you are writing a freely available program and want to -internationalize it you are welcome to use GNU `gettext' in your -package. Of course the GNU Public License applies to your sources from -then if you include `gettext' directly in your distribution on but -since you are writing free software anyway this is no restriction. - - Once the sources are change appropriately and the setup can handle to -use of `gettext' the only thing missing are the translations. The Free -Translation Project is also available for packages which are not -developed inside the GNU project. Therefore the information given above -applies also for every other Free Software Project. Contact -`translation@iro.umontreal.ca' to make the `.pot' files available to -the translation teams. - diff --git a/Makefile.am b/Makefile.am index 63602fc8..1e019643 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,9 +6,9 @@ SUBDIRS = m4 intl lib src doc po redhat ACLOCAL_AMFLAGS = -EXTRA_DIST = system.h ABOUT-NLS COPYING.README +EXTRA_DIST = system.h COPYING.README -CVS_CREATED = configure aclocal.m4 config.h.in config.guess \ +CVS_CREATED = ABOUT-NLS configure aclocal.m4 config.h.in config.guess \ config.sub install-sh ltconfig ltmain.sh missing mkinstalldirs \ stamp-h.in m4/Makefile.am ChangeLog po/Makefile.in \ po/tinc.pot src/.libs intl From 6666acd0012c82c0bb4d1abae87332cec3dda77a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 29 Jun 2001 10:27:57 +0000 Subject: [PATCH 413/923] Don't build Spanish translation. --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index c69392bf..1ca2f79b 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.33 2001/06/07 07:48:11 guus Exp $ +dnl $Id: configure.in,v 1.13.2.34 2001/06/29 10:27:57 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -14,7 +14,7 @@ AM_ACLOCAL_INCLUDE(m4) # in the latter don't make it into the configure-time tests. AC_DEFINE([_GNU_SOURCE], [__USE_BSD]) -ALL_LINGUAS="es nl" +ALL_LINGUAS="nl" dnl Checks for programs. AC_PROG_CC From 5d3450357482176ce92ed4832ec944519d197744 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 29 Jun 2001 10:30:18 +0000 Subject: [PATCH 414/923] Execute tinc-down BEFORE tap device is closed. This is a. more symmetric (tinc-up is started after tap device is opened) and b. is needed for tun/tap device, where the interface does not exist anymore after the device file is closed. --- src/net.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/net.c b/src/net.c index 62dce9bd..2e84a724 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.116 2001/06/21 16:37:47 guus Exp $ + $Id: net.c,v 1.35.4.117 2001/06/29 10:30:18 guus Exp $ */ #include "config.h" @@ -1019,11 +1019,10 @@ cp myself = NULL; } - close(tap_fd); - - /* Execute tinc-down script right after shutting down the interface */ execute_script("tinc-down"); + close(tap_fd); + destroy_connection_tree(); cp return; From 67c16924c10b25d37957843a69d993b934dd1776 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 29 Jun 2001 11:03:27 +0000 Subject: [PATCH 415/923] es.po revived. --- po/es.po | 1223 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1223 insertions(+) create mode 100644 po/es.po diff --git a/po/es.po b/po/es.po new file mode 100644 index 00000000..ac664692 --- /dev/null +++ b/po/es.po @@ -0,0 +1,1223 @@ +# Spanish messages for tinc +# Copyright (C) 1999, 2000 Free Software Foundation, Inc. +# Ivo Timmermans , 1999, 2000. +# +msgid "" +msgstr "" +"Project-Id-Version: tinc 1.0pre3\n" +"POT-Creation-Date: 2001-03-04 14:33+0100\n" +"PO-Revision-Date: 2000-11-26 15:20+0000\n" +"Last-Translator: Enrique Zanardi \n" +"Language-Team: Spanish \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" + +#: src/conf.c:238 +#, fuzzy, c-format +msgid "Cannot open config file %s: %m" +msgstr "¡No puedo abrir el fichero de configuración de `host' para mí!" + +#: src/conf.c:279 +#, fuzzy, c-format +msgid "Invalid variable name `%s' on line %d while reading config file %s" +msgstr "" +"Nombre de variable no válido en la linea %d del fichero de configuración %s" + +#: src/conf.c:286 +#, fuzzy, c-format +msgid "No value for variable `%s' on line %d while reading config file %s" +msgstr "" +"No hay valor para la variable en la linea %d del fichero de configuración %s" + +#: src/conf.c:294 +#, fuzzy, c-format +msgid "Invalid value for variable `%s' on line %d while reading config file %s" +msgstr "" +"Valor no válido para la variable en la linea %d del fichero de configuración " +"%s" + +#: src/conf.c:323 +#, c-format +msgid "Failed to read `%s': %m" +msgstr "" + +#: src/conf.c:384 +#, c-format +msgid "`%s' is not an absolute path" +msgstr "" + +#: src/conf.c:400 src/conf.c:433 +#, fuzzy, c-format +msgid "Couldn't stat `%s': %m" +msgstr "No pude abrir %s: %m" + +#: src/conf.c:407 src/conf.c:443 +#, c-format +msgid "`%s' is owned by UID %d instead of %d" +msgstr "" + +#: src/conf.c:414 src/conf.c:450 +#, c-format +msgid "Warning: `%s' is a symlink" +msgstr "" + +#: src/conf.c:419 src/conf.c:455 +#, c-format +msgid "Unable to read symbolic link `%s': %m" +msgstr "" + +#. Accessible by others +#: src/conf.c:466 +#, c-format +msgid "`%s' has unsecure permissions" +msgstr "" + +#. Ask for a file and/or directory name. +#: src/conf.c:491 +#, c-format +msgid "Please enter a file to save %s to [%s]: " +msgstr "" + +#: src/conf.c:497 +#, fuzzy, c-format +msgid "Error while reading stdin: %m\n" +msgstr "Error leyendo del dispositivo tap: %m" + +#: src/conf.c:523 +#, fuzzy, c-format +msgid "Error opening file `%s': %m\n" +msgstr "Error buscando `%s': %m" + +#: src/conf.c:533 +#, c-format +msgid "" +"The file `%s' (or any of the leading directories) has unsafe permissions.\n" +"I will not create or overwrite this file.\n" +msgstr "" + +#: src/connection.c:191 +#, fuzzy +msgid "Connection list:" +msgstr "Conexión desde %s puerto %d" + +#: src/connection.c:193 src/connection.c:200 +#, c-format +msgid " %s at %s port %hd options %ld sockets %d, %d status %04x" +msgstr "" + +#: src/connection.c:205 +#, fuzzy +msgid "End of connection list." +msgstr "Intentando conectar con %s" + +#: src/meta.c:53 +#, fuzzy, c-format +msgid "Sending %d bytes of metadata to %s (%s): %s" +msgstr "Enviando paquete de %d bytes a %s (%s)" + +#: src/meta.c:69 +#, fuzzy, c-format +msgid "Sending meta data to %s (%s) failed: %m" +msgstr "Error enviando paquete a %s (%s): %m" + +#: src/meta.c:100 +#, c-format +msgid "This is a bug: %s:%d: %d:%m %s (%s)" +msgstr "Esto es un `bug': %s:%d: %d:%m %s (%s)" + +#: src/meta.c:106 +#, fuzzy, c-format +msgid "Metadata socket error for %s (%s): %s" +msgstr "Error en el `socket' de datos salientes para %s (%s): %s" + +#: src/meta.c:123 src/protocol.c:1300 +#, fuzzy, c-format +msgid "Connection closed by %s (%s)" +msgstr "Cerrando conexión con %s (%s)" + +#: src/meta.c:130 +#, fuzzy, c-format +msgid "Metadata socket read error for %s (%s): %m" +msgstr "Error en el `socket' de datos salientes para %s (%s): %s" + +#: src/meta.c:161 +#, fuzzy, c-format +msgid "Got request from %s (%s): %s" +msgstr "Petición desconocida desde %s (%s)" + +#: src/meta.c:179 +#, fuzzy, c-format +msgid "Metadata read buffer overflow for %s (%s)" +msgstr "Desbordamiento del bufer de salida mientras enviaba %s a %s (%s)" + +#: src/net.c:119 +#, c-format +msgid "No valid key known yet for %s (%s), queueing packet" +msgstr "" +"No conozco ninguna clave válida para %s (%s) aún, pongo el paquete en cola" + +#: src/net.c:152 +#, c-format +msgid "Error sending packet to %s (%s): %m" +msgstr "Error enviando paquete a %s (%s): %m" + +#: src/net.c:163 +#, fuzzy, c-format +msgid "Received packet of %d bytes from %s (%s)" +msgstr "Enviando paquete de %d bytes a %s (%s)" + +#: src/net.c:192 +#, fuzzy, c-format +msgid "Writing packet of %d bytes to tap device" +msgstr "Enviando paquete de %d bytes a %s (%s)" + +#: src/net.c:198 +#, fuzzy, c-format +msgid "Can't write to tun/tap device: %m" +msgstr "No puedo escribir en el dispositivo tap: %m" + +#: src/net.c:205 +#, fuzzy, c-format +msgid "Can't write to ethertap device: %m" +msgstr "No puedo escribir en el dispositivo tap: %m" + +#: src/net.c:219 +#, c-format +msgid "Sending packet of %d bytes to %s (%s)" +msgstr "Enviando paquete de %d bytes a %s (%s)" + +#: src/net.c:226 +msgid "Packet is looping back to us!" +msgstr "" + +#: src/net.c:235 +#, fuzzy, c-format +msgid "%s (%s) is not active, dropping packet" +msgstr "%s (%s) no está listo, poniendo el paquete en cola" + +#: src/net.c:257 +#, fuzzy, c-format +msgid "Flushing queue for %s (%s)" +msgstr "Vaciando la cola de envíos para %s (%s)" + +#: src/net.c:304 +#, c-format +msgid "Could not open %s: %m" +msgstr "No pude abrir %s: %m" + +#: src/net.c:333 +#, c-format +msgid "%s is a new style tun/tap device" +msgstr "%s es un dispositivo tun/tap del nuevo estilo" + +#: src/net.c:358 +#, c-format +msgid "Creating metasocket failed: %m" +msgstr "Fallo al crear el metasocket: %m" + +#: src/net.c:366 src/net.c:410 src/net.c:441 src/net.c:496 src/net.c:982 +#: src/process.c:239 src/process.c:275 +#, c-format +msgid "System call `%s' failed: %m" +msgstr "" + +#: src/net.c:386 +#, c-format +msgid "Unable to bind listen socket to interface %s: %m" +msgstr "No puedo enlazar (bind) el `socket' de escucha a la interfaz %s: %m" + +#: src/net.c:403 +#, c-format +msgid "Can't bind to port %hd/tcp: %m" +msgstr "No puedo enlazar (bind) al puerto %hd/tcp: %m" + +#: src/net.c:431 +#, c-format +msgid "Creating socket failed: %m" +msgstr "Error al crear el `socket': %m" + +#: src/net.c:454 +#, c-format +msgid "Can't bind to port %hd/udp: %m" +msgstr "No puedo enlazar (bind) al puerto %hd/udp: %m" + +#: src/net.c:472 +#, c-format +msgid "Trying to connect to %s" +msgstr "Intentando conectar con %s" + +#: src/net.c:482 +#, c-format +msgid "Creating socket for %s port %d failed: %m" +msgstr "Error al crear el `socket' para %s puerto %d: %m" + +#: src/net.c:518 +#, c-format +msgid "%s port %hd: %m" +msgstr "%s puerto %hd: %m" + +#: src/net.c:526 +#, c-format +msgid "fcntl for %s port %d: %m" +msgstr "fcntl() para %s puerto %d: %m" + +#: src/net.c:532 +#, c-format +msgid "Connected to %s port %hd" +msgstr "Conectado a %s puerto %hd" + +#: src/net.c:551 +msgid "Invalid name for outgoing connection" +msgstr "Nombre no válido para conexión saliente" + +#: src/net.c:560 +#, c-format +msgid "Error reading host configuration file for %s" +msgstr "Error leyendo el fichero de configuración del `host' para %s" + +#: src/net.c:567 +#, c-format +msgid "No address specified for %s" +msgstr "No se especificó dirección para %s" + +#: src/net.c:574 +#, c-format +msgid "Error looking up `%s': %m" +msgstr "Error buscando `%s': %m" + +#: src/net.c:584 +#, c-format +msgid "Could not set up a meta connection to %s" +msgstr "No he podido configurar una meta conexión a %s" + +#: src/net.c:629 +#, fuzzy, c-format +msgid "Error reading RSA public key file `%s': %m" +msgstr "Error enviando paquete a %s (%s): %m" + +#: src/net.c:637 +#, fuzzy, c-format +msgid "Reading RSA public key file `%s' failed: %m" +msgstr "Error recibiendo paquete: %m" + +#. Nothing worked. +#: src/net.c:663 +#, c-format +msgid "No public key for %s specified!" +msgstr "" + +#: src/net.c:686 +#, fuzzy, c-format +msgid "Error reading RSA private key file `%s': %m" +msgstr "Error enviando paquete a %s (%s): %m" + +#: src/net.c:694 +#, c-format +msgid "Reading RSA private key file `%s' failed: %m" +msgstr "" + +#: src/net.c:701 +#, fuzzy +msgid "No private key for tinc daemon specified!" +msgstr "¡Se requiere un nombre para el demonio tinc!" + +#: src/net.c:725 +msgid "Name for tinc daemon required!" +msgstr "¡Se requiere un nombre para el demonio tinc!" + +#: src/net.c:733 +msgid "Invalid name for myself!" +msgstr "¡Nombre no válido para mí!" + +#: src/net.c:742 +msgid "Cannot open host configuration file for myself!" +msgstr "¡No puedo abrir el fichero de configuración de `host' para mí!" + +#: src/net.c:783 +msgid "Network address and subnet mask do not match!" +msgstr "" + +#: src/net.c:792 +#, fuzzy +msgid "Unable to set up a listening TCP socket!" +msgstr "¡No puedo configurar un `socket' a la escucha!" + +#: src/net.c:798 +#, fuzzy +msgid "Unable to set up a listening UDP socket!" +msgstr "¡No puedo configurar un `socket' a la escucha!" + +#: src/net.c:839 +#, c-format +msgid "Ready: listening on port %hd" +msgstr "Listo: escuchando en el puerto %hd" + +#: src/net.c:871 +#, c-format +msgid "Still failed to connect to other, will retry in %d seconds" +msgstr "Sigo sin poder conectar con el otro, lo reintentaré en %d segundos." + +#: src/net.c:924 +#, c-format +msgid "Trying to re-establish outgoing connection in %d seconds" +msgstr "Intento re-establecer la conexión saliente en %d segundos" + +#: src/net.c:999 +#, c-format +msgid "Connection from %s port %d" +msgstr "Conexión desde %s puerto %d" + +#: src/net.c:1047 +#, c-format +msgid "This is a bug: %s:%d: %d:%m" +msgstr "Esto es un `bug': %s:%d: %d:%m" + +#: src/net.c:1053 +#, c-format +msgid "Incoming data socket error: %s" +msgstr "Error en el `socket' de recepción de datos: %s" + +#: src/net.c:1059 +#, c-format +msgid "Receiving packet failed: %m" +msgstr "Error recibiendo paquete: %m" + +#: src/net.c:1067 +#, c-format +msgid "Received UDP packets on port %hd from unknown source %x:%hd" +msgstr "" + +#: src/net.c:1089 +#, c-format +msgid "Closing connection with %s (%s)" +msgstr "Cerrando conexión con %s (%s)" + +#: src/net.c:1140 +msgid "Trying to re-establish outgoing connection in 5 seconds" +msgstr "Intento re-establecer la conexión saliente en 5 segundos." + +#: src/net.c:1175 +#, c-format +msgid "%s (%s) didn't respond to PING" +msgstr "%s (%s) no respondió al PING" + +#: src/net.c:1202 +#, c-format +msgid "Accepting a new connection failed: %m" +msgstr "Error al aceptar una nueva conexión: %m" + +#: src/net.c:1210 +msgid "Closed attempted connection" +msgstr "Se ha cerrado la conexión que se intentaba realizar." + +#: src/net.c:1267 +#, fuzzy, c-format +msgid "Error while reading from tun/tap device: %m" +msgstr "Error leyendo del dispositivo tap: %m" + +#: src/net.c:1276 +#, fuzzy, c-format +msgid "Error while reading from ethertap device: %m" +msgstr "Error leyendo del dispositivo tap: %m" + +#: src/net.c:1287 +msgid "Received short packet from tap device" +msgstr "" + +#: src/net.c:1293 +#, c-format +msgid "Read packet of length %d from tap device" +msgstr "" + +#: src/net.c:1325 +#, c-format +msgid "Error while waiting for input: %m" +msgstr "Error esperando entrada: %m" + +#: src/net.c:1332 +#, fuzzy +msgid "Rereading configuration file and restarting in 5 seconds" +msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." + +#: src/net.c:1339 +#, fuzzy +msgid "Unable to reread configuration file, exiting" +msgstr "Recibí la señal HUP, voy a releer la configuración y reiniciaré." + +#: src/net.c:1365 +#, fuzzy +msgid "Regenerating symmetric key" +msgstr "Generando claves de %d bits" + +#: src/netutl.c:95 +#, c-format +msgid "Error looking up `%s': %s\n" +msgstr "Error buscando `%s': %s\n" + +#: src/protocol.c:103 +#, c-format +msgid "Output buffer overflow while sending %s to %s (%s)" +msgstr "Desbordamiento del bufer de salida mientras enviaba %s a %s (%s)" + +#: src/protocol.c:110 +#, c-format +msgid "Sending %s to %s (%s)" +msgstr "Enviando %s a %s (%s)" + +#: src/protocol.c:124 +#, c-format +msgid "Unknown request from %s (%s)" +msgstr "Petición desconocida desde %s (%s)" + +#: src/protocol.c:131 +#, c-format +msgid "Got %s from %s (%s)" +msgstr "He recibido %s desde %s (%s)" + +#: src/protocol.c:137 +#, fuzzy, c-format +msgid "Unauthorized request from %s (%s)" +msgstr "Petición desconocida desde %s (%s)" + +#: src/protocol.c:144 +#, c-format +msgid "Error while processing %s from %s (%s)" +msgstr "Error al procesar %s desde %s (%s)" + +#: src/protocol.c:151 +#, c-format +msgid "Bogus data received from %s (%s)" +msgstr "Se han recibido datos sin sentido desde %s (%s)." + +#: src/protocol.c:203 +#, c-format +msgid "Got bad ID from %s" +msgstr "Recibí una ID incorrecta desde %s" + +#: src/protocol.c:211 +#, c-format +msgid "Peer %s (%s) uses incompatible version %d" +msgstr "La máquina remota %s (%s) usa una versión (%d) incompatible." + +#: src/protocol.c:220 +#, c-format +msgid "Peer %s uses invalid identity name" +msgstr "La máquina remota %s usa un nombre de identidad no válido" + +#: src/protocol.c:232 +#, c-format +msgid "Peer %s had unknown identity (%s)" +msgstr "La máquina remota %s tiene una identidad desconocida (%s)" + +#: src/protocol.c:246 +#, c-format +msgid "Uplink %s (%s) is already in our connection list" +msgstr "El enlace %s (%s) ya está en nuestra lista de conexiones." + +#: src/protocol.c:289 +#, c-format +msgid "Removing old entry for %s at %s in favour of new connection from %s" +msgstr "" +"Eliminando el registro viejo para %s en %s en favor de la nueva conexión " +"desde %s" + +#: src/protocol.c:304 +#, c-format +msgid "Connection with %s (%s) activated" +msgstr "Activada la conexión con %s (%s)." + +#: src/protocol.c:400 +#, c-format +msgid "Got bad CHALLENGE from %s (%s)" +msgstr "Recibí CHALLENGE incorrecta desde %s (%s)" + +#: src/protocol.c:410 +#, c-format +msgid "Intruder: wrong challenge length from %s (%s)" +msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" + +#: src/protocol.c:436 +#, c-format +msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" +msgstr "Intento enviar CHAL_REPLY a %s (%s) sin un CHALLENGE válido" + +#: src/protocol.c:462 +#, c-format +msgid "Got bad CHAL_REPLY from %s (%s)" +msgstr "Recibí CHAL_REPLY incorrecta desde %s (%s)" + +#: src/protocol.c:470 +#, c-format +msgid "Intruder: wrong challenge reply length from %s (%s)" +msgstr "Intruso: longitud de respuesta de desafío incorrecta desde %s (%s)" + +#: src/protocol.c:486 +#, c-format +msgid "Intruder: wrong challenge reply from %s (%s)" +msgstr "Intruso: respuesta de desafío incorrecta desde %s (%s)" + +#: src/protocol.c:491 +#, c-format +msgid "Expected challenge reply: %s" +msgstr "" + +#: src/protocol.c:540 +#, c-format +msgid "Generated random meta key (unencrypted): %s" +msgstr "" + +#: src/protocol.c:552 src/protocol.c:615 +#, fuzzy, c-format +msgid "Error during encryption of meta key for %s (%s)" +msgstr "Error enviando paquete a %s (%s): %m" + +#: src/protocol.c:585 +#, fuzzy, c-format +msgid "Got bad METAKEY from %s (%s)" +msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" + +#: src/protocol.c:595 +#, fuzzy, c-format +msgid "Intruder: wrong meta key length from %s (%s)" +msgstr "Intruso: longitud de desafío incorrecta desde %s (%s)" + +#: src/protocol.c:623 +#, c-format +msgid "Received random meta key (unencrypted): %s" +msgstr "" + +#: src/protocol.c:669 +#, c-format +msgid "Got bad ADD_SUBNET from %s (%s)" +msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s)" + +#: src/protocol.c:677 +#, c-format +msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" +msgstr "" +"Recibí ADD_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" + +#: src/protocol.c:685 +#, c-format +msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" +msgstr "Recibí ADD_SUBNET incorrecta desde %s (%s): cadena de subred no válida" + +#: src/protocol.c:693 +#, c-format +msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" +msgstr "" +"Aviso: recibí ADD_SUBNET desde %s (%s) para nosotros mismos, reiniciando" + +#: src/protocol.c:703 +#, c-format +msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" +msgstr "" +"Recibí ADD_SUBNET para %s desde %s (%s) que no está en nuestra lista de " +"conexiones" + +#: src/protocol.c:751 +#, c-format +msgid "Got bad DEL_SUBNET from %s (%s)" +msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s)" + +#: src/protocol.c:759 +#, c-format +msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" +msgstr "" +"Recibí DEL_SUBNET incorrecta desde %s (%s): nombre de identidad no válido" + +#: src/protocol.c:767 +#, c-format +msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" +msgstr "Recibí DEL_SUBNET incorrecta desde %s (%s): cadena de subred no válida" + +#: src/protocol.c:777 +#, c-format +msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" +msgstr "" +"Aviso: recibí DEL_SUBNET desde %s (%s) para nosotros mismos, reiniciando" + +#: src/protocol.c:787 +#, c-format +msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" +msgstr "" +"Recibí DEL_SUBNET para %s desde %s (%s) que no está en nuestra lista de " +"conexiones" + +#: src/protocol.c:830 +#, c-format +msgid "Got bad ADD_HOST from %s (%s)" +msgstr "Recibí ADD_HOST incorrecta desde %s (%s)" + +#: src/protocol.c:838 +#, c-format +msgid "Got bad ADD_HOST from %s (%s): invalid identity name" +msgstr "" +"Recibí ADD_HOST incorrecta desde %s (%s): nombre de identidad no válido" + +#: src/protocol.c:847 +#, c-format +msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" +msgstr "Aviso: recibí ADD_HOST desde %s (%s) para nosotros mismos, reiniciando" + +#: src/protocol.c:864 +#, c-format +msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" +msgstr "Recibí un ADD_HOST duplicado desde %s (%s) para %s (%s)" + +#: src/protocol.c:872 +#, fuzzy, c-format +msgid "Removing old entry for %s (%s) in favour of new connection" +msgstr "" +"Eliminando el registro viejo para %s en %s en favor de la nueva conexión " +"desde %s" + +#: src/protocol.c:925 +#, c-format +msgid "Got bad DEL_HOST from %s (%s)" +msgstr "Recibí DEL_HOST incorrecta desde %s (%s)" + +#: src/protocol.c:934 +#, c-format +msgid "Got bad DEL_HOST from %s (%s): invalid identity name" +msgstr "" +"Recibí DEL_HOST incorrecta desde %s (%s): nombre de identidad no válido" + +#: src/protocol.c:942 +#, c-format +msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" +msgstr "Aviso: recibí DEL_HOST desde %s (%s) para nosotros mismos, reiniciando" + +#: src/protocol.c:952 +#, c-format +msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" +msgstr "" +"Recibí DEL_HOST desde %s (%s) para %s que no está en nuestra lista de " +"conexiones" + +#: src/protocol.c:961 +#, c-format +msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" +msgstr "Recibí DEL_HOST desde %s (%s) para %s que no concuerda" + +#: src/protocol.c:1000 +#, c-format +msgid "Got bad STATUS from %s (%s)" +msgstr "Recibí STATUS incorrecta desde %s (%s)" + +#: src/protocol.c:1007 +#, c-format +msgid "Status message from %s (%s): %s: %s" +msgstr "Mensaje de status desde %s (%s): %s: %s" + +#: src/protocol.c:1030 +#, c-format +msgid "Got bad ERROR from %s (%s)" +msgstr "Recibí ERROR incorrecta desde %s (%s)" + +#: src/protocol.c:1037 +#, c-format +msgid "Error message from %s (%s): %s: %s" +msgstr "Mensaje de error desde %s (%s): %s: %s" + +#: src/protocol.c:1114 +#, c-format +msgid "Got bad KEY_CHANGED from %s (%s)" +msgstr "Recibí KEY_CHANGED incorrecto desde %s (%s)" + +#: src/protocol.c:1121 +#, c-format +msgid "" +"Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " +"connection list" +msgstr "" +"Recibí KEY_CHANGED desde %s (%s) origen %s que no está en nuestra lista de " +"conexiones" + +#: src/protocol.c:1150 +#, c-format +msgid "Got bad REQ_KEY from %s (%s)" +msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" + +#: src/protocol.c:1157 +#, c-format +msgid "" +"Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " +"list" +msgstr "" +"Recibí REQ_KEY desde %s (%s) origen %s que no está en nuestra lista de " +"conexiones" + +#: src/protocol.c:1174 +#, c-format +msgid "" +"Got REQ_KEY from %s (%s) destination %s which does not exist in our " +"connection list" +msgstr "" +"Recibí REQ_KEY desde %s (%s) destino %s que no está en nuestra lista de " +"conexiones" + +#: src/protocol.c:1210 +#, c-format +msgid "Got bad ANS_KEY from %s (%s)" +msgstr "Recibí ANS_KEY incorrecta desde %s (%s)" + +#: src/protocol.c:1217 +#, c-format +msgid "" +"Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " +"list" +msgstr "" +"Recibí ANS_KEY desde %s (%s) origen %s que no está en nuestra lista de " +"conexiones" + +#: src/protocol.c:1228 +#, fuzzy, c-format +msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" +msgstr "Recibí ANS_KEY incorrecta desde %s (%s) origen %s: clave no válida" + +#: src/protocol.c:1239 +#, c-format +msgid "" +"Got ANS_KEY from %s (%s) destination %s which does not exist in our " +"connection list" +msgstr "" +"Recibí ANS_KEY desde %s (%s) destino %s que no está en nuestra lista de " +"conexiones" + +#: src/protocol.c:1284 +#, fuzzy, c-format +msgid "Got bad PACKET from %s (%s)" +msgstr "Recibí REQ_KEY incorrecta desde %s (%s)" + +#: src/protocol.c:1305 +#, fuzzy, c-format +msgid "Error during reception of PACKET from %s (%s): %m" +msgstr "Error enviando paquete a %s (%s): %m" + +#: src/subnet.c:108 +#, c-format +msgid "subnet_compare() was called with unknown subnet type %d, restarting!" +msgstr "" + +#. Do some intl stuff right now +#: src/subnet.c:251 src/tincd.c:310 +msgid "unknown" +msgstr "desconocido" + +#: src/subnet.c:314 +msgid "Subnet list:" +msgstr "" + +#: src/subnet.c:322 +msgid "End of subnet list." +msgstr "" + +#: src/tincd.c:116 +#, c-format +msgid "Try `%s --help' for more information.\n" +msgstr "Pruebe `%s --help' para más información.\n" + +#: src/tincd.c:119 +#, c-format +msgid "" +"Usage: %s [option]...\n" +"\n" +msgstr "" +"Modo de empleo: %s [opción]...\n" +"\n" + +#: src/tincd.c:120 +#, fuzzy +msgid "" +" -c, --config=DIR Read configuration options from DIR.\n" +" -D, --no-detach Don't fork and detach.\n" +" -d Increase debug level.\n" +" -k, --kill Attempt to kill a running tincd and exit.\n" +" -n, --net=NETNAME Connect to net NETNAME.\n" +msgstr "" +" -c, --config=DIR Lee opciones de configuración del directorio DIR.\n" +" -D, --no-detach No hagas fork() y liberes la terminal.\n" +" -d Aumenta el nivel de depuración.\n" +" -k, --kill Intenta eliminar un tincd en ejecución y termina.\n" +" -n, --net=NOMBREDERED Conecta a la red NOMBREDERED.\n" +" -t, --timeout=TIMEOUT Segundos a esperar antes de dar un timeout.\n" + +#: src/tincd.c:125 +#, fuzzy +msgid "" +" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" +" --help Display this help and exit.\n" +" --version Output version information and exit.\n" +"\n" +msgstr "" +" --help Muestra esta ayuda y termina.\n" +" --version Muestra información de la versión y termina.\n" +"\n" + +#: src/tincd.c:128 +msgid "Report bugs to tinc@nl.linux.org.\n" +msgstr "Comunicar `bugs' a tinc@nl.linux.org.\n" + +#: src/tincd.c:171 +#, c-format +msgid "" +"Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" +msgstr "" + +#: src/tincd.c:232 +#, c-format +msgid "Generating %d bits keys:\n" +msgstr "Generando claves de %d bits:\n" + +#: src/tincd.c:237 +msgid "Error during key generation!" +msgstr "" + +#: src/tincd.c:241 +msgid "Done.\n" +msgstr "Hecho.\n" + +#: src/tincd.c:248 +#, fuzzy +msgid "public RSA key" +msgstr "Clave pública: %s\n" + +#: src/tincd.c:252 src/tincd.c:263 +msgid "" +"Appending key to existing contents.\n" +"Make sure only one key is stored in the file.\n" +msgstr "" + +#: src/tincd.c:259 +#, fuzzy +msgid "private RSA key" +msgstr "Clave privada: %s\n" + +#: src/tincd.c:284 +msgid "Both netname and configuration directory given, using the latter..." +msgstr "" + +#: src/tincd.c:317 +#, c-format +msgid "%s version %s (built %s %s, protocol %d)\n" +msgstr "%s versión %s (compilado %s %s, protocolo %d)\n" + +#: src/tincd.c:318 +#, fuzzy +msgid "" +"Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" +"See the AUTHORS file for a complete list.\n" +"\n" +"tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" +"and you are welcome to redistribute it under certain conditions;\n" +"see the file COPYING for details.\n" +msgstr "" +"Copyright (C) 1998,1999,2000 Ivo Timmermans, Guus Sliepen y otros,\n" +"vea el fichero AUTHORS para una lista completa.\n" +"\n" +"tinc viene SIN NINGUNA GARANTÍA. Esto es software libre,\n" +"y puede ser redistribuido bajo ciertas condiciones;\n" +"vea el fichero COPYING para los detalles.\n" + +#: src/tincd.c:332 +#, fuzzy +msgid "You must be root to run this program.\n" +msgstr "" +"Usted debe ser el superusuario para ejecutar este programa. Lo siento.\n" + +#: src/tincd.c:372 +msgid "Unrecoverable error" +msgstr "Error irrecuperable" + +#: src/tincd.c:377 +#, c-format +msgid "Restarting in %d seconds!" +msgstr "¡Reiniciando en %d segundos!" + +#: src/process.c:338 src/tincd.c:382 +#, fuzzy +msgid "Not restarting." +msgstr "¡Aayyy! No reinicio." + +#: src/process.c:60 +#, fuzzy, c-format +msgid "Memory exhausted (couldn't allocate %d bytes), exiting." +msgstr "" +"Memoria agotada (la última es %s:%d) (no pude asignar %d bytes), terminando." + +#: src/process.c:88 +#, c-format +msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" +msgstr "" +"Total de bytes escritos: tap %d, socket %d; bytes leidos: tap %d, socket %d." + +#: src/process.c:91 +msgid "Terminating" +msgstr "Terminando" + +#: src/process.c:107 +#, c-format +msgid "A tincd is already running for net `%s' with pid %d.\n" +msgstr "" +"Un tincd está actualmente en ejecución para la red `%s' con el pid %d.\n" + +#: src/process.c:110 +#, c-format +msgid "A tincd is already running with pid %d.\n" +msgstr "Un tincd está actualmente en ejecución con el pid %d.\n" + +#: src/process.c:131 +#, c-format +msgid "No other tincd is running for net `%s'.\n" +msgstr "No hay ningún otro tincd en ejecución para la red `%s'.\n" + +#: src/process.c:133 +msgid "No other tincd is running.\n" +msgstr "No hay ningún otro tincd en ejecución.\n" + +#: src/process.c:140 +msgid "Removing stale lock file.\n" +msgstr "Borrando fichero de bloqueo en desuso.\n" + +#: src/process.c:167 +#, c-format +msgid "Couldn't detach from terminal: %m" +msgstr "" + +#: src/process.c:180 +#, c-format +msgid "tincd %s (%s %s) starting, debug level %d" +msgstr "tincd %s (%s %s) comenzando, nivel de depuración %d." + +#: src/process.c:183 +#, c-format +msgid "tincd %s starting" +msgstr "tincd %s comenzando" + +#: src/process.c:247 +#, c-format +msgid "Executing script %s" +msgstr "" + +#: src/process.c:255 +#, c-format +msgid "Process %d (%s) exited with non-zero status %d" +msgstr "" + +#: src/process.c:263 +#, c-format +msgid "Process %d (%s) was killed by signal %d (%s)" +msgstr "" + +#: src/process.c:269 +#, c-format +msgid "Process %d (%s) terminated abnormally" +msgstr "" + +#: src/process.c:294 +msgid "Got TERM signal" +msgstr "Recibí la señal TERM" + +#: src/process.c:303 +msgid "Got QUIT signal" +msgstr "Recibí la señal QUIT" + +#: src/process.c:310 +msgid "Got another SEGV signal: not restarting" +msgstr "Recibí otra señal SEGV: no reinicio" + +#: src/process.c:319 +msgid "Got SEGV signal" +msgstr "Recibí la señal SEGV" + +#: src/process.c:324 +msgid "Trying to re-execute in 5 seconds..." +msgstr "Intento re-ejecutar en 5 segundos." + +#: src/process.c:347 +#, fuzzy +msgid "Got HUP signal" +msgstr "Recibí la señal QUIT" + +#: src/process.c:355 +msgid "Got INT signal, exiting" +msgstr "Recibí la señal INT, saliendo" + +#: src/process.c:374 +#, c-format +msgid "Got unexpected signal %d (%s)" +msgstr "Recibí una señal inesperada %d (%s)." + +#: src/process.c:419 +#, c-format +msgid "Installing signal handler for signal %d (%s) failed: %m\n" +msgstr "" + +#: src/route.c:56 +#, c-format +msgid "Learned new MAC address %x:%x:%x:%x:%x:%x from %s (%s)" +msgstr "" + +#: src/route.c:84 +#, c-format +msgid "Cannot route packet: unknown destination address %x:%x:%x:%x:%x:%x" +msgstr "" + +#: src/route.c:111 +#, c-format +msgid "Cannot route packet: unknown destination address %d.%d.%d.%d" +msgstr "" + +#: src/route.c:126 +msgid "Cannot route packet: IPv6 routing not yet implemented" +msgstr "" + +#: src/route.c:155 +#, c-format +msgid "Cannot route packet: unknown type %hx" +msgstr "" + +#, fuzzy +#~ msgid "Got packet of %d bytes from %s (%s)" +#~ msgstr "Enviando paquete de %d bytes a %s (%s)" + +#~ msgid "Trying to look up %d.%d.%d.%d in connection list failed!" +#~ msgstr "¡Error intentando buscar %d.%d.%d.%d en la lista de conexiones!" + +#~ msgid "Opening UDP socket to %s" +#~ msgstr "Abriendo `socket' UDP a %s" + +#~ msgid "Creating UDP socket failed: %m" +#~ msgstr "Error al crear el `socket' UDP: %m" + +#~ msgid "Connecting to %s port %d failed: %m" +#~ msgstr "Error al conectar a %s puerto %d: %m" + +#, fuzzy +#~ msgid "Error during encryption of challenge for %s (%s)" +#~ msgstr "Error leyendo el fichero de configuración del `host' para %s" + +#~ msgid "Queue flushed" +#~ msgstr "Cola vaciada" + +#~ msgid "Flushing receive queue for %s (%s)" +#~ msgstr "Vaciando la cola de recepción para %s (%s)" + +#~ msgid "%s: option `%s' is ambiguous\n" +#~ msgstr "%s: la opción `%s' es ambigua\n" + +#~ msgid "%s: option `--%s' doesn't allow an argument\n" +#~ msgstr "%s: la opción `--%s' no lleva parámetros\n" + +#~ msgid "%s: option `%c%s' doesn't allow an argument\n" +#~ msgstr "%s: la opción `%c%s' no lleva parámetros\n" + +#~ msgid "%s: option `%s' requires an argument\n" +#~ msgstr "%s: la opción `%s' requiere un parámetro\n" + +#~ msgid "%s: unrecognized option `--%s'\n" +#~ msgstr "%s: opción desconocida `--%s'\n" + +#~ msgid "%s: unrecognized option `%c%s'\n" +#~ msgstr "%s: opción desconocida `%c%s'\n" + +#~ msgid "%s: illegal option -- %c\n" +#~ msgstr "%s: opción ilegal -- %c\n" + +#~ msgid "%s: invalid option -- %c\n" +#~ msgstr "%s: opción no válida --%c\n" + +#~ msgid "%s: option requires an argument -- %c\n" +#~ msgstr "%s: la opción requiere un parámetro -- %c\n" + +#~ msgid "%s: option `-W %s' is ambiguous\n" +#~ msgstr "%s: la opción `-W %s' es ambigua\n" + +#~ msgid "%s: option `-W %s' doesn't allow an argument\n" +#~ msgstr "%s: la opción `-W %s' no lleva parámetros\n" + +#~ msgid "List callback[delete] failed for %08lx - freeing anyway" +#~ msgstr "" +#~ "El callback[delete] de la lista falló para %08lx - liberándolo de todos modos" + +#~ msgid "Memory exhausted" +#~ msgstr "Memoria agotada" + +#~ msgid "Line %d too long while reading config file %s" +#~ msgstr "La línea %d es demasiado larga en el fichero de configuración %s" + +#~ msgid "Illegal passphrase in %s; size would be %d" +#~ msgstr "Frase ilegal en %s; el tamaño debe ser %d" + +#~ msgid "Opening /dev/urandom failed: %m" +#~ msgstr "Fallo al abrir /dev/urandom: %m" + +#~ msgid "Encryption key set to %s" +#~ msgstr "Clave de cifrado definida como %s" + +#~ msgid "Usage: %s bits\n" +#~ msgstr "Modo de empleo: %s bits\n" + +#~ msgid "Illegal number: %s\n" +#~ msgstr "Número ilegal: %s\n" + +#~ msgid "Receiving packet of %d bytes" +#~ msgstr "Recibido paquete de %d bytes" + +#~ msgid "Could not open UDP connection to %s (%s)" +#~ msgstr "No pude abrir una conexión UDP a %s (%s)" + +#~ msgid "tun/tap device will be left unconfigured" +#~ msgstr "el dispositivo tun/tap se dejará sin configurar" + +#~ msgid "setsockopt: %m" +#~ msgstr "setsockopt(): %m" + +#~ msgid "fcntl: %m" +#~ msgstr "fcntl(): %m" + +#~ msgid "listen: %m" +#~ msgstr "listen(): %m" + +#~ msgid "Unable to set up an incoming vpn data socket!" +#~ msgstr "¡No puedo configurar un `socket' para recibir datos de la vpn!" + +#~ msgid "Error: getpeername: %m" +#~ msgstr "Error: getpeername(): %m" + +#~ msgid "Non-IP ethernet frame %04x from %02x:%02x:%02x:%02x:%02x:%02x" +#~ msgstr "Trama ethernet no-IP %04x desde %02x:%02x:%02x:%02x:%02x:%02x" + +#~ msgid "Dropping short packet from %02x:%02x:%02x:%02x:%02x:%02x" +#~ msgstr "Ignorando paquete corto desde %02x:%02x:%02x:%02x:%02x:%02x" + +#~ msgid "Warning: got ADD_HOST from %s (%s) from ourself, restarting" +#~ msgstr "" +#~ "Aviso: recibí ADD_HOST desde %s (%s) de nosotros mismos, reiniciando" + +#~ msgid "" +#~ "Got ADD_HOST from %s (%s) with origin %s which is not in our connection list" +#~ msgstr "" +#~ "Recibí ADD_HOST desde %s (%s) con origen %s que no está en nuestra lista de " +#~ "conexiones" + +#~ msgid "Removing old entry for %s (%s)" +#~ msgstr "Eliminando el registro viejo para %s (%s)" + +#~ msgid "Warning: got DEL_HOST from %s (%s) from ourself, restarting" +#~ msgstr "" +#~ "Aviso: recibí DEL_HOST desde %s (%s) de nosotros mismos, reiniciando" + +#~ msgid "" +#~ "Got DEL_HOST from %s (%s) with origin %s which is not in our connection list" +#~ msgstr "" +#~ "Recibí DEL_HOST desde %s (%s) con origen %s que no está en nuestra lista de " +#~ "conexiones" + +#~ msgid "Invalid timeout value `%s'.\n" +#~ msgstr "Valor de timeout `%s' no válido.\n" + +#~ msgid "Got USR2 signal, forcing new key generation" +#~ msgstr "Recibí la señal USR2, forzando generación de nueva clave" From 0d3bd912acdb00dc0a8015e337f981c942aa21bc Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 29 Jun 2001 11:09:13 +0000 Subject: [PATCH 416/923] Also remove po/Makefile.in.in, which is generated by autogen.sh. --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index 1e019643..c8cc84cd 100644 --- a/Makefile.am +++ b/Makefile.am @@ -10,7 +10,7 @@ EXTRA_DIST = system.h COPYING.README CVS_CREATED = ABOUT-NLS configure aclocal.m4 config.h.in config.guess \ config.sub install-sh ltconfig ltmain.sh missing mkinstalldirs \ - stamp-h.in m4/Makefile.am ChangeLog po/Makefile.in \ + stamp-h.in m4/Makefile.am ChangeLog po/Makefile.in.in \ po/tinc.pot src/.libs intl ChangeLog: From 402b85c48284a06fbfc56aca102b33be3a4260b0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 29 Jun 2001 13:09:32 +0000 Subject: [PATCH 417/923] Log error if two hosts connect with same IP/port tuple. --- src/protocol.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 17eb3bdf..8d87de16 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.94 2001/06/09 10:00:34 guus Exp $ + $Id: protocol.c,v 1.28.4.95 2001/06/29 13:09:32 guus Exp $ */ #include "config.h" @@ -253,8 +253,14 @@ cp node = avl_unlink(connection_tree, cl); cl->port = port; - avl_insert_node(connection_tree, node); - + if(!avl_insert_node(connection_tree, node)) + { + old = avl_search_node(connection_tree, node)->data; + syslog(LOG_ERR, _("%s is listening on %s:%s, which is already in use by %s!"), + cl->name, cl->hostname, cl->port, old->name); + return -1; + } + /* Read in the public key, so that we can send a metakey */ if(read_rsa_public_key(cl)) From c9591bd1de1abcfe10459bd8c8cdd81a7b441ec0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 29 Jun 2001 13:09:55 +0000 Subject: [PATCH 418/923] Fix gcc 3.0 warnings. --- src/connection.c | 3 ++- src/subnet.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/connection.c b/src/connection.c index 453a25ee..8164cb4b 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,13 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.11 2001/06/05 16:09:55 guus Exp $ + $Id: connection.c,v 1.1.2.12 2001/06/29 13:09:55 guus Exp $ */ #include "config.h" #include #include +#include #include #include diff --git a/src/subnet.c b/src/subnet.c index 537be117..ade47657 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,13 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.22 2001/06/06 19:11:16 guus Exp $ + $Id: subnet.c,v 1.1.2.23 2001/06/29 13:09:55 guus Exp $ */ #include "config.h" #include #include +#include #include "conf.h" #include "net.h" From 9391efe4e88077723840a7c085388ba2765ca17c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 29 Jun 2001 14:15:46 +0000 Subject: [PATCH 419/923] Check for dlopen in standard libraries first (needed for DEC OSF). --- m4/openssl.m4 | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 5d91a789..d9f8e163 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -29,8 +29,11 @@ AC_DEFUN(tinc_OPENSSL, [AC_MSG_ERROR("OpenSSL libraries not found.")] ) - AC_CHECK_LIB(dl, dlopen, - [LIBS="$LIBS -ldl"], - [AC_MSG_ERROR("OpenSSL depends on libdl.")] + AC_CHECK_FUNC(dlopen, + [], + AC_CHECK_LIB(dl, dlopen, + [LIBS="$LIBS -ldl"], + [AC_MSG_ERROR("OpenSSL depends on libdl.")] + ) ) ]) From 343c8fb6388ffd4f5c41cebd666aa8a045b20bdd Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 29 Jun 2001 15:32:26 +0000 Subject: [PATCH 420/923] It appears that autogen.sh doesn't like es.po if it isn't mentioned in the makefile/configure scripts. --- po/nl.po | 300 ++++++++++++++++++++++++--------------------- po/{ => old}/es.po | 0 2 files changed, 157 insertions(+), 143 deletions(-) rename po/{ => old}/es.po (100%) diff --git a/po/nl.po b/po/nl.po index 91b7ae34..67ef69d5 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2001-06-05 17:52+0200\n" +"POT-Creation-Date: 2001-06-29 15:38+0200\n" "PO-Revision-Date: 2001-06-05 17:54+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -13,85 +13,85 @@ msgstr "" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: src/conf.c:238 +#: src/conf.c:239 #, c-format msgid "Cannot open config file %s: %m" msgstr "Kan configuratie bestand %s niet openen: %m" -#: src/conf.c:279 +#: src/conf.c:280 #, c-format msgid "Invalid variable name `%s' on line %d while reading config file %s" msgstr "" "Ongeldige variabelenaam `%s' op regel %d tijdens lezen configuratie bestand %" "s" -#: src/conf.c:286 +#: src/conf.c:287 #, c-format msgid "No value for variable `%s' on line %d while reading config file %s" msgstr "" "Geen waarde voor variabele `%s' op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/conf.c:294 +#: src/conf.c:295 #, c-format msgid "Invalid value for variable `%s' on line %d while reading config file %s" msgstr "" "Ongeldige waarde voor variabele `%s' op regel %d tijdens lezen van " "configuratie bestand %s" -#: src/conf.c:323 +#: src/conf.c:324 #, c-format msgid "Failed to read `%s': %m" msgstr "Lezen van `%s' mislukte: %m" -#: src/conf.c:384 +#: src/conf.c:385 #, c-format msgid "`%s' is not an absolute path" msgstr "`%s' is geen absoluut pad" -#: src/conf.c:400 src/conf.c:433 +#: src/conf.c:401 src/conf.c:434 #, c-format msgid "Couldn't stat `%s': %m" msgstr "Kon `%s' niet statten: %m" -#: src/conf.c:407 src/conf.c:443 +#: src/conf.c:408 src/conf.c:444 #, c-format msgid "`%s' is owned by UID %d instead of %d" msgstr "`%s' is eigendom van UID %d in plaats van %d" -#: src/conf.c:414 src/conf.c:450 +#: src/conf.c:415 src/conf.c:451 #, c-format msgid "Warning: `%s' is a symlink" msgstr "Waarschuwing: `%s' is een symbolische link" -#: src/conf.c:419 src/conf.c:455 +#: src/conf.c:420 src/conf.c:456 #, c-format msgid "Unable to read symbolic link `%s': %m" msgstr "Kan symbolische link `%s' niet lezen: %m" #. Accessible by others -#: src/conf.c:466 +#: src/conf.c:467 #, c-format msgid "`%s' has unsecure permissions" msgstr "`%s' heeft onveilige permissies" #. Ask for a file and/or directory name. -#: src/conf.c:491 +#: src/conf.c:492 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "Geef een bestand om de %s naar de schrijven [%s]: " -#: src/conf.c:497 +#: src/conf.c:498 #, c-format msgid "Error while reading stdin: %m\n" msgstr "Fout tijdens lezen van standaardinvoer: %m\n" -#: src/conf.c:523 +#: src/conf.c:524 #, c-format msgid "Error opening file `%s': %m\n" msgstr "Fout bij het openen van het bestand `%s': %m\n" -#: src/conf.c:533 +#: src/conf.c:534 #, c-format msgid "" "The file `%s' (or any of the leading directories) has unsafe permissions.\n" @@ -101,16 +101,16 @@ msgstr "" "bescherming.\n" "Ik maak of overschrijf dit bestand niet.\n" -#: src/connection.c:191 +#: src/connection.c:192 msgid "Connection list:" msgstr "Verbindingslijst:" -#: src/connection.c:193 src/connection.c:200 +#: src/connection.c:194 src/connection.c:201 #, c-format msgid " %s at %s port %hd options %ld sockets %d, %d status %04x" msgstr " %s op %s poort %hd opties %d sockets %d, %d status %04x" -#: src/connection.c:205 +#: src/connection.c:206 msgid "End of connection list." msgstr "Einde van verbindingslijst." @@ -165,294 +165,295 @@ msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net.c:202 +#: src/net.c:204 #, c-format msgid "Writing packet of %d bytes to tap device" msgstr "Verzending pakket van %d bytes naar tap-apparaat" -#: src/net.c:208 +#: src/net.c:210 #, c-format msgid "Can't write to tun/tap device: %m" msgstr "Kan niet naar tun/tap apparaat schrijven: %m" -#: src/net.c:215 +#: src/net.c:217 #, c-format msgid "Can't write to ethertap device: %m" msgstr "Kan niet naar ethertap apparaat schrijven: %m" -#: src/net.c:229 +#: src/net.c:231 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net.c:236 +#: src/net.c:238 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net.c:245 +#: src/net.c:247 #, c-format msgid "%s (%s) is not active, dropping packet" msgstr "%s (%s) is niet actief, pakket wordt genegeerd" -#: src/net.c:270 +#: src/net.c:272 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net.c:287 +#: src/net.c:289 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net.c:334 +#: src/net.c:336 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" -#: src/net.c:363 +#: src/net.c:365 #, c-format msgid "%s is a new style tun/tap device" msgstr "%s is een nieuwe stijl tun/tap apparaat" -#: src/net.c:388 +#: src/net.c:390 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:396 src/net.c:442 src/net.c:473 src/net.c:528 src/net.c:1026 +#: src/net.c:398 src/net.c:444 src/net.c:475 src/net.c:530 src/net.c:1045 #: src/process.c:239 src/process.c:275 #, c-format msgid "System call `%s' failed: %m" msgstr "Systeemaanroep `%s' mislukte: %m" -#: src/net.c:417 +#: src/net.c:419 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:435 +#: src/net.c:437 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:463 +#: src/net.c:465 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:486 +#: src/net.c:488 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:504 +#: src/net.c:506 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:514 +#: src/net.c:516 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:551 +#: src/net.c:553 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:559 +#: src/net.c:561 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:565 +#: src/net.c:567 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:584 +#: src/net.c:586 msgid "Invalid name for outgoing connection" msgstr "Ongelige naam voor uitgaande verbinding" -#: src/net.c:593 +#: src/net.c:595 #, c-format msgid "Error reading host configuration file for %s" msgstr "Fout tijdens lezen host configuratie bestand voor %s" -#: src/net.c:600 +#: src/net.c:602 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:607 +#: src/net.c:609 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:617 +#: src/net.c:619 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:662 +#: src/net.c:664 #, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %m" -#: src/net.c:670 +#: src/net.c:672 #, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %m" #. Nothing worked. -#: src/net.c:696 +#: src/net.c:698 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net.c:719 +#: src/net.c:721 #, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" -#: src/net.c:727 +#: src/net.c:729 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" # -#: src/net.c:734 +#: src/net.c:736 msgid "No private key for tinc daemon specified!" msgstr "Geen privé sleutel voor tinc daemon gespecificeerd!" -#: src/net.c:752 +#: src/net.c:754 msgid "MYSELF" msgstr "MIJZELF" -#: src/net.c:758 +#: src/net.c:760 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:766 +#: src/net.c:768 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:775 +#: src/net.c:777 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:816 +#: src/net.c:810 msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" -#: src/net.c:825 +#: src/net.c:849 +#, fuzzy +msgid "Invalid routing mode!" +msgstr "Ongelige naam voor uitgaande verbinding" + +#: src/net.c:861 msgid "Unable to set up a listening TCP socket!" msgstr "Kon geen TCP luistersocket aanmaken!" -#: src/net.c:831 +#: src/net.c:867 msgid "Unable to set up a listening UDP socket!" msgstr "Kon geen UDP luistersocket aanmaken!" -#: src/net.c:872 +#: src/net.c:892 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:915 +#: src/net.c:935 #, c-format msgid "Still failed to connect to other, will retry in %d seconds" msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" -#: src/net.c:968 +#: src/net.c:988 src/net.c:1203 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:1032 +#: src/net.c:1051 msgid "UNKNOWN" msgstr "ONBEKEND" -#: src/net.c:1043 +#: src/net.c:1062 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1090 +#: src/net.c:1109 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1096 +#: src/net.c:1115 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1102 +#: src/net.c:1121 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1110 +#: src/net.c:1129 #, c-format msgid "Received UDP packets on port %hd from unknown source %x:%hd" msgstr "Ontvangst UDP pakket op poort %hd van onbekende oorsprong %x:%hd" -#: src/net.c:1134 +#: src/net.c:1153 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1185 -msgid "Trying to re-establish outgoing connection in 5 seconds" -msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" - -#: src/net.c:1220 +#: src/net.c:1238 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1247 +#: src/net.c:1265 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1255 +#: src/net.c:1273 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1312 +#: src/net.c:1330 #, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1321 +#: src/net.c:1339 #, c-format msgid "Error while reading from ethertap device: %m" msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1332 +#: src/net.c:1350 msgid "Received short packet from tap device" msgstr "Kort pakket ontvangen van tap apparaat" -#: src/net.c:1338 +#: src/net.c:1356 #, c-format msgid "Read packet of length %d from tap device" msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1370 +#: src/net.c:1388 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1377 +#: src/net.c:1395 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1384 +#: src/net.c:1402 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1410 +#: src/net.c:1428 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" @@ -536,210 +537,215 @@ msgstr "Ander %s heeft een onbekende identiteit (%s)" msgid "Uplink %s (%s) is already in our connection list" msgstr "%s (%s) staat al in onze verbindingslijst" -#: src/protocol.c:283 +#: src/protocol.c:259 +#, c-format +msgid "%s is listening on %s:%s, which is already in use by %s!" +msgstr "" + +#: src/protocol.c:289 #, c-format msgid "Removing old entry for %s at %s in favour of new connection from %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:298 +#: src/protocol.c:304 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:395 +#: src/protocol.c:403 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" -#: src/protocol.c:405 +#: src/protocol.c:413 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" -#: src/protocol.c:431 +#: src/protocol.c:439 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" -#: src/protocol.c:457 +#: src/protocol.c:465 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" -#: src/protocol.c:465 +#: src/protocol.c:473 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" -#: src/protocol.c:481 +#: src/protocol.c:489 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" -#: src/protocol.c:486 +#: src/protocol.c:494 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwacht antwoord op uitdaging: %s" -#: src/protocol.c:535 +#: src/protocol.c:543 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "Meta sleutel gegenereerd (niet versleuteld): %s" -#: src/protocol.c:547 src/protocol.c:610 +#: src/protocol.c:555 src/protocol.c:618 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleuteling van meta sleutel voor %s (%s)" -#: src/protocol.c:580 +#: src/protocol.c:588 #, c-format msgid "Got bad METAKEY from %s (%s)" msgstr "Kreeg ongeldige METAKEY van %s (%s)" -#: src/protocol.c:590 +#: src/protocol.c:598 #, c-format msgid "Intruder: wrong meta key length from %s (%s)" msgstr "Indringer: verkeerde lengte voor meta sleutel van %s (%s)" -#: src/protocol.c:618 +#: src/protocol.c:626 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Meta sleutel ontvangen (niet versleuteld): %s" -#: src/protocol.c:664 +#: src/protocol.c:672 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" -#: src/protocol.c:672 +#: src/protocol.c:680 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:680 +#: src/protocol.c:688 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" -#: src/protocol.c:688 +#: src/protocol.c:696 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:698 +#: src/protocol.c:706 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg ADD_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:746 +#: src/protocol.c:754 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" -#: src/protocol.c:754 +#: src/protocol.c:762 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:762 +#: src/protocol.c:770 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:772 +#: src/protocol.c:780 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:782 +#: src/protocol.c:790 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg DEL_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:825 +#: src/protocol.c:833 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:833 +#: src/protocol.c:841 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:842 +#: src/protocol.c:850 #, c-format msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:859 +#: src/protocol.c:867 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:867 +#: src/protocol.c:875 #, c-format msgid "Removing old entry for %s (%s) in favour of new connection" msgstr "" "Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe verbinding" -#: src/protocol.c:920 +#: src/protocol.c:928 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:929 +#: src/protocol.c:937 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:937 +#: src/protocol.c:945 #, c-format msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" -#: src/protocol.c:947 +#: src/protocol.c:955 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:956 +#: src/protocol.c:964 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:995 +#: src/protocol.c:1003 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:1002 +#: src/protocol.c:1010 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:1025 +#: src/protocol.c:1033 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:1032 +#: src/protocol.c:1040 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:1126 +#: src/protocol.c:1133 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:1133 +#: src/protocol.c:1140 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -748,12 +754,12 @@ msgstr "" "Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1163 +#: src/protocol.c:1170 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:1170 +#: src/protocol.c:1177 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -762,7 +768,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1188 +#: src/protocol.c:1195 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -770,12 +776,12 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1224 +#: src/protocol.c:1231 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:1231 +#: src/protocol.c:1238 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -784,13 +790,13 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1242 +#: src/protocol.c:1249 #, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "" "Kreeg ongeldige ADD_KEY van %s (%s) herkomst %s: ongeldige sleutellengte" -#: src/protocol.c:1253 +#: src/protocol.c:1260 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -798,27 +804,32 @@ msgid "" msgstr "" "Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1298 +#: src/protocol.c:1305 #, c-format msgid "Got bad PACKET from %s (%s)" msgstr "Kreeg ongeldig PAKKET van %s (%s)" -#: src/subnet.c:104 +#: src/subnet.c:105 #, c-format msgid "subnet_compare() was called with unknown subnet type %d, restarting!" msgstr "" "subnet_compare() werd aangeroepen met onbekend subnet type %d, opnieuw " "starten" -#: src/subnet.c:247 +#: src/subnet.c:142 +#, fuzzy, c-format +msgid "Duplicate subnet %s for %s (%s), previous owner %s (%s)!" +msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" + +#: src/subnet.c:266 msgid "unknown subnet type" msgstr "onbekend subnet type" -#: src/subnet.c:325 +#: src/subnet.c:344 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:333 +#: src/subnet.c:352 msgid "End of subnet list." msgstr "Einde van subnet lijst." @@ -1062,30 +1073,33 @@ msgstr "Kreeg onverwacht signaal %d (%s)" msgid "Installing signal handler for signal %d (%s) failed: %m\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %m\n" -#: src/route.c:64 -#, c-format -msgid "Learned new MAC address %x:%x:%x:%x:%x:%x from %s (%s)" +#: src/route.c:67 +#, fuzzy, c-format +msgid "Learned new MAC address %hhx:%hhx:%hhx:%hhx:%hhx:%hhx" msgstr "Nieuw MAC adres %x:%x:%x:%x:%x:%x geleerd van %s (%s)" -#: src/route.c:107 +#: src/route.c:117 #, c-format msgid "Cannot route packet: unknown destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend doeladres %d.%d.%d.%d" -#: src/route.c:122 +#: src/route.c:132 msgid "Cannot route packet: IPv6 routing not yet implemented" msgstr "Kan pakket niet routeren: IPv6 routering nog niet geïmplementeerd" -#: src/route.c:152 +#: src/route.c:166 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:166 +#: src/route.c:180 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:218 +#: src/route.c:232 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" + +#~ msgid "Trying to re-establish outgoing connection in 5 seconds" +#~ msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" diff --git a/po/es.po b/po/old/es.po similarity index 100% rename from po/es.po rename to po/old/es.po From 748dabdbe93f7439ed7eddf491a556279250e7ac Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 29 Jun 2001 15:33:18 +0000 Subject: [PATCH 421/923] Update of RedHat build scripts. --- Makefile.am | 5 +- redhat/tinc | 174 ----------------------------------------------- redhat/tinc.spec | 46 ++++--------- 3 files changed, 14 insertions(+), 211 deletions(-) diff --git a/Makefile.am b/Makefile.am index c8cc84cd..85c2c186 100644 --- a/Makefile.am +++ b/Makefile.am @@ -17,7 +17,7 @@ ChangeLog: cvs2cl -U cvsusers --fsf cvs-clean: maintainer-clean - for f in $(CVS_CREATED) `find -name Makefile.in` ; do\ + for f in $(CVS_CREATED) `find -name Makefile.in` tinc-$(VERSION).tar.gz; do\ rm -Rf "$$f"; \ done @@ -27,8 +27,7 @@ deb: rpm: dist cp $(distdir).tar.gz /usr/src/redhat/SOURCES/ cp redhat/tinc.spec /usr/src/redhat/SOURCES/ - cd /usr/src/redhat/SOURCES/ - rpm -bi tinc.spec + cd /usr/src/redhat/SOURCES/ && rpm -bb tinc.spec release: rm -f ChangeLog diff --git a/redhat/tinc b/redhat/tinc index d3a34dd7..9fce4174 100644 --- a/redhat/tinc +++ b/redhat/tinc @@ -39,18 +39,6 @@ if [ ! -x $TINCD ]; then exit fi -# Check if ip-route is installed -if [ ! -f /sbin/ip ]; then - echo "**tinc: ip-route utilities not installed!" >&2 - exit -fi - -# Check the kernel -if ! ip addr &> /dev/null; then - echo "**tinc: kernel not configured for use with ip-route!" >&2 - exit -fi - # Check the configuration directory if [ ! -d $TCONF ]; then echo "**tinc: configuration directory ($TCONF) not found!" >&2 @@ -67,166 +55,15 @@ fi NETS="$(sed -e 's/#.*//; s/[[:space:]]//g; /^$/ d' $NETSFILE)" -############################################################################## -# prefix_to_mask Converts prefix length to netmask -# eg. 17 -> 255.255.128.0 -# $1 ... prefix - -prefix_to_mask () { - _MSK=""; _len="$1" - for _dot in "." "." "." " "; do - if [ ${_len} -ge 8 ]; then - _fld=8 - else - _fld="${_len}" - fi - - _MSK="${_MSK}$((255 & (255 << (8 - _fld))))${_dot}" - _len=$((_len - _fld)) - done - - echo ${_MSK} -} - - -############################################################################## -# mask_to_prefix Converts netmask to prefix length -# eg. 255.255.192.0 -> 18 -# $1 ... netmask - -mask_to_prefix () { - _LEN=0; _msk="$1" - for _tmp in 1 2 3 4; do - _fld=${_msk%%.*} - _msk=${_msk#*.} - - while [ ${_fld} -ne 0 ]; do - _fld=$(((_fld << 1) & 255)) - _LEN=$((_LEN + 1)) - done - done - - echo ${_LEN} -} - - -############################################################################## -# vpn_load () Loads VPN configuration -# -# $1 ... VPN to load - -vpn_load () { - CFG="$TCONF/$1/tinc.conf" - [ -f $CFG ] || { MSG="$CFG does not exist!"; return 1; } - - # load TINCD config - DEV="$(grep -i -e '^[[:space:]]*TapDevice' $CFG | sed 's/[[:space:]]//g; s/^.*=//g')" - VPN="$(grep -i -e '^[[:space:]]*(MyOwnVPNIP|MyVirtualIP)' -E $CFG | sed 's/[[:space:]]//g; s/^.*=//g')" - IFM="$(grep -i -e '^[[:space:]]*VPNMask' $CFG | sed 's/[[:space:]]//g; s/^.*=//g')" - - # TapDevice syntax validation - [ -z "$DEV" ] && \ - { MSG="TapDevice required!"; return 1; } - [ $(echo $DEV | wc -l) -gt 1 ] && \ - { MSG="multiple TapDevice entries not allowed!"; return 1; } - echo $DEV | grep -q -x -E '/dev/tap[[:digit:]]+' || - { MSG="TapDevice should be in form /dev/tapX!"; return 1; } - - # MyOwnVPNIP/MyVirtualIP syntax validation - [ -z "$VPN" ] && \ - { MSG="MyOwnVPNIP/MyVirtualIP required!"; return 1; } - [ $(echo $VPN | wc -l) -gt 1 ] && \ - { MSG="multiple MyOwnVPNIP/MyVirtualIP entries not allowed!"; return 1; } - echo $VPN | grep -q -x -E \ - '([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}/[[:digit:]]{1,2}' || \ - { MSG="badly formed MyOwnVPNIP/MyVirtualIP address $VPN!"; return 1; } - - # VPNMask syntax validation - [ $(echo $IFM | wc -l) -gt 1 ] && \ - { MSG="multiple VPNMask entries not allowed!"; return 1; } - - - # device & IP address extraction - TAP=${DEV##*/} - NUM=${TAP#tap} - ADR=${VPN%%/*} - - # netmask is calculated from MyVirtualIP netmask prefix length, except when - # VPNMask is specified, in which case it is used instead of default prefix - - # VPNMask not specified - if [ -z "$IFM" ]; then - LEN=${VPN##*/} - MSK=$(prefix_to_mask $LEN) - - # VPNMask is prefix length, convert it to netmask for MSK - elif echo $IFM | grep -q -x -E '[[:digit:]]{1,2}'; then - VPN="$ADR/$IFM" - MSK=$(prefix_to_mask $IFM) - - # VPNMask is netmask, convert it to prefix length for VPN - elif echo $IFM | grep -q -x -E '([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}'; then - VPN="$ADR/$(mask_to_prefix $IFM)" - MSK="$IFM" - - else - MSG="badly formed interface netmask (VPNMask=$IFM)!" - return 1 - fi - - - # Network & broadcast addresses - BRD=$(ipcalc --broadcast $ADR $MSK | cut -d"=" -f2) - NET=$(ipcalc --network $ADR $MSK | cut -d"=" -f2) - - # MAC address - MAC=$(printf "fe:fd:%0.2x:%0.2x:%0.2x:%0.2x" $(echo $ADR | { IFS=. ; read a b c d; echo $a $b $c $d; })) - - # debugging - # echo >&2 - # echo "VPN $VPN TAP $TAP NUM $NUM MAC $MAC IFM $IFM" >&2 - # echo "ADR $ADR MSK $MSK NET $NET BRD $BRD" >&2 - - return 0 -} - - ############################################################################## # vpn_start () starts specified VPN # # $1 ... VPN to start vpn_start () { - MSG=""; ERR="" - vpn_load $1 || return 1 - - # create device file - if [ ! -c $DEV ]; then - [ -e $DEV ] && rm -f $DEV - mknod --mode=0600 $DEV c 36 $((16 + NUM)) - fi - - # load device module - ERR="$(insmod ethertap -o "ethertap$NUM" unit="$NUM" 2>&1 1> /dev/null)" || - { MSG="could not insmod ethertap as unit $NUM!"; return 2; } - - # configure the interface - ERR="$(ip link set $TAP address $MAC 2>&1)" || - { MSG="could not set address for device $TAP!"; return 3; } - - ERR="$(ip link set $TAP up 2>&1)" || - { MSG="could not bring up device $TAP!"; return 3; } - - ERR="$(ip addr add $VPN brd $BRD dev $TAP 2>&1)" || - { MSG="could not set IP address for device $TAP!"; return 3; } - # start tincd $TINCD --net="$1" $DEBUG || \ { MSG="could not start daemon for network $1"; return 3; } - - # setup custom static routes - /etc/sysconfig/network-scripts/ifup-routes $TAP - return 0 } # vpn_start @@ -237,9 +74,6 @@ vpn_start () { # $1 ... VPN to stop vpn_stop () { - MSG=""; ERR="" - vpn_load $1 || return 1 - # kill the tincd daemon PID="$TPIDS/tinc.$1.pid" if [ -f $PID ]; then @@ -257,14 +91,6 @@ vpn_stop () { # remove stale PID file [ -f $PID ] && rm -f $PID fi - - # bring the interface down - ip addr flush dev $TAP &> /dev/null - ip link set $TAP down &> /dev/null - - # remove ethertap module - rmmod "ethertap$NUM" &> /dev/null - return 0 } # vpn_stop diff --git a/redhat/tinc.spec b/redhat/tinc.spec index e5dfb76f..b7357d93 100644 --- a/redhat/tinc.spec +++ b/redhat/tinc.spec @@ -1,13 +1,14 @@ Summary: tinc Virtual Private Network daemon Name: tinc -Version: 1.0pre3 -Release: 1 +Version: 1.0 +Release: cvs Copyright: GPL Group: System Environment/Daemons URL: http://tinc.nl.linux.org/ -Source0: %{name}-%{version}.tar.gz -Buildroot: /var/tmp/%{name}-%{version}-%{release} -Requires: iproute +Source0: %{name}-%{version}-%{release}.tar.gz +Buildroot: /var/tmp/%{name} +#-%{version}-%{release} +#Requires: iproute # for building the package the following is required: # /usr/bin/texi2html /usr/bin/patch @@ -27,10 +28,10 @@ See http://tinc.nl.linux.org/ %prep -%setup -q -n %{name}-%{version} +%setup -q -n %{name}-%{version}-%{release} %build -./configure --prefix=/usr --sysconfdir=/etc +./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var make /usr/bin/texi2html doc/tinc.texi @@ -42,29 +43,8 @@ gzip $RPM_BUILD_ROOT/usr/info/tinc.info mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d/ cp redhat/tinc $RPM_BUILD_ROOT/etc/rc.d/init.d/ -ME=my.vpn.ip.number -PEER=peer.vpn.ip.number -PEEREAL=peer.real.ip.number - -umask 077 -mkdir -p $RPM_BUILD_ROOT/etc/tinc/$PEER/passphrases -cat <$RPM_BUILD_ROOT/etc/tinc/$PEER/tinc.conf -# Sample tinc configuration. -# Insert your own ip numbers instead of the placeholders, -# and be sure to use your own passphrases. -# See man tinc.conf(5) tincd(8) genauth(8), info tinc and -# /usr/doc/%{name}-%{version}/tinc.conf.sample -TapDevice = /dev/tap0 -ConnectTo = $PEEREAL -MyVirtualIP = $ME/32 -AllowConnect = no -END -cat <$RPM_BUILD_ROOT/etc/tinc/$PEER/passphrases/local -1024 c1da5b633b428d783fec96ac89bb6bd4ed97ac673942706ba2240cde977158b7cd5f4055b7db70a7365d1f8df6a1a7c9dbb73f4e2bf8484fc14aee68d0f950e2bce82dd2a6386f040546a61e77cd1c25265ce03182e4e2c9a00ae0ea2f1f89ac04a10f7b67312187b5d2d74618803974ba6f053116b1460bc194c652dc28c84a -END -cat <$RPM_BUILD_ROOT/etc/tinc/$PEER/passphrases/$PEER -1024 9dff58799827c3ae73699d9d4029cf80ee4cfd3a8408495cdb68c78dec602c46f362aedeea80928384254bc7d0bfbf9756c0783b5ec9943161863530a8861947147d124286e8c46fd98af988c96ba65c63acefc01f6c03b6b8f7d9897acb02c083adb7416ee5ccbc19610a8b9ade2599d8f66e94c715f2e1a15054a78a3f3260 -END +mkdir -p $RPM_BUILD_ROOT/etc/tinc/ +touch $RPM_BUILD_ROOT/etc/tinc/nets.boot %clean rm -rf $RPM_BUILD_ROOT @@ -92,6 +72,7 @@ grep -q '^alias tap0' /etc/conf.modules || cat >> /etc/conf.modules << END # tinc uses ethertap/netlink alias tap0 ethertap alias char-major-36 netlink_dev +alias char-major-10-200 tun END /sbin/install-info /usr/info/tinc.info.gz /usr/info/dir @@ -101,13 +82,10 @@ END %postun %files -%doc AUTHORS ChangeLog NEWS README THANKS *.html doc/tinc.conf.sample +%doc AUTHORS ChangeLog NEWS README THANKS *.html %config /etc/tinc/ %attr(0755,root,root) /etc/rc.d/init.d/tinc -/usr/sbin/genauth /usr/sbin/tincd -/usr/lib/tinc/ /usr/man/man5/tinc.conf.5 -/usr/man/man8/genauth.8 /usr/man/man8/tincd.8 /usr/info/tinc.info.gz From a111593a082ff1df26f54168ab00f83ab3a1ab49 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 29 Jun 2001 15:38:40 +0000 Subject: [PATCH 422/923] Dutch translation updated. --- po/nl.po | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/po/nl.po b/po/nl.po index 67ef69d5..87ab70f0 100644 --- a/po/nl.po +++ b/po/nl.po @@ -346,9 +346,8 @@ msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" #: src/net.c:849 -#, fuzzy msgid "Invalid routing mode!" -msgstr "Ongelige naam voor uitgaande verbinding" +msgstr "Ongelige routing modus!" #: src/net.c:861 msgid "Unable to set up a listening TCP socket!" @@ -540,7 +539,7 @@ msgstr "%s (%s) staat al in onze verbindingslijst" #: src/protocol.c:259 #, c-format msgid "%s is listening on %s:%s, which is already in use by %s!" -msgstr "" +msgstr "%s luistert op %s:%s, wat al in gebruik is door %s!" #: src/protocol.c:289 #, c-format @@ -817,9 +816,9 @@ msgstr "" "starten" #: src/subnet.c:142 -#, fuzzy, c-format +#, c-format msgid "Duplicate subnet %s for %s (%s), previous owner %s (%s)!" -msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" +msgstr "Duplicaat subnet %s voor %s (%s), vorige eigenaar %s (%s)!" #: src/subnet.c:266 msgid "unknown subnet type" @@ -1074,9 +1073,9 @@ msgid "Installing signal handler for signal %d (%s) failed: %m\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %m\n" #: src/route.c:67 -#, fuzzy, c-format +#, c-format msgid "Learned new MAC address %hhx:%hhx:%hhx:%hhx:%hhx:%hhx" -msgstr "Nieuw MAC adres %x:%x:%x:%x:%x:%x geleerd van %s (%s)" +msgstr "Nieuw MAC adres %hhx:%hhx:%hhx:%hhx:%hhx:%hhx geleerd" #: src/route.c:117 #, c-format @@ -1100,6 +1099,3 @@ msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" - -#~ msgid "Trying to re-establish outgoing connection in 5 seconds" -#~ msgstr "Poging tot herstellen van uitgaande verbinding over 5 seconden" From 33d6de0cd5c05cbf37211924a45e4231fec3a416 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 1 Jul 2001 09:06:17 +0000 Subject: [PATCH 423/923] More items marked as done. --- TODO | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/TODO b/TODO index 226e2713..5dd5ecae 100644 --- a/TODO +++ b/TODO @@ -3,7 +3,7 @@ TODO LIST Goals for 1.0 release: * Check Solaris port -* Check FreeBSD port again +* Check FreeBSD port again (done) * Check TCPonly and IndirectData * Check different linux architectures (x86, alpha and sparc32 done) @@ -18,10 +18,10 @@ Goals for 1.0 release: Goals for future releases: * Compression -* Routing by MAC/switching (allows for more than only IPv4) -* Broadcast/multicast +* Routing by MAC/switching (allows for more than only IPv4) (done) +* Broadcast/multicast (done) * Windowing, chaffing, scattering, background noise * ABC protocol (superscalabilty) -* Proxy ARP +* Proxy ARP (done) * Easy setup scripts (graphical?) * Threading From 6365d0627b9b1e9a31371ec891db0d2cfb4d6ed4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 1 Jul 2001 09:21:01 +0000 Subject: [PATCH 424/923] Fix printf format bug. --- po/nl.po | 18 +++++++++--------- src/protocol.c | 4 ++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/po/nl.po b/po/nl.po index 87ab70f0..6607c310 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2001-06-29 15:38+0200\n" +"POT-Creation-Date: 2001-07-01 11:19+0200\n" "PO-Revision-Date: 2001-06-05 17:54+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -538,8 +538,8 @@ msgstr "%s (%s) staat al in onze verbindingslijst" #: src/protocol.c:259 #, c-format -msgid "%s is listening on %s:%s, which is already in use by %s!" -msgstr "%s luistert op %s:%s, wat al in gebruik is door %s!" +msgid "%s is listening on %s:%hd, which is already in use by %s!" +msgstr "%s luistert op %s:%hd, wat al in gebruik is door %s!" #: src/protocol.c:289 #, c-format @@ -1072,30 +1072,30 @@ msgstr "Kreeg onverwacht signaal %d (%s)" msgid "Installing signal handler for signal %d (%s) failed: %m\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %m\n" -#: src/route.c:67 +#: src/route.c:68 #, c-format msgid "Learned new MAC address %hhx:%hhx:%hhx:%hhx:%hhx:%hhx" msgstr "Nieuw MAC adres %hhx:%hhx:%hhx:%hhx:%hhx:%hhx geleerd" -#: src/route.c:117 +#: src/route.c:118 #, c-format msgid "Cannot route packet: unknown destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend doeladres %d.%d.%d.%d" -#: src/route.c:132 +#: src/route.c:133 msgid "Cannot route packet: IPv6 routing not yet implemented" msgstr "Kan pakket niet routeren: IPv6 routering nog niet geïmplementeerd" -#: src/route.c:166 +#: src/route.c:167 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:180 +#: src/route.c:181 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:232 +#: src/route.c:233 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" diff --git a/src/protocol.c b/src/protocol.c index 8d87de16..a8860fb2 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.95 2001/06/29 13:09:32 guus Exp $ + $Id: protocol.c,v 1.28.4.96 2001/07/01 09:21:01 guus Exp $ */ #include "config.h" @@ -256,7 +256,7 @@ cp if(!avl_insert_node(connection_tree, node)) { old = avl_search_node(connection_tree, node)->data; - syslog(LOG_ERR, _("%s is listening on %s:%s, which is already in use by %s!"), + syslog(LOG_ERR, _("%s is listening on %s:%hd, which is already in use by %s!"), cl->name, cl->hostname, cl->port, old->name); return -1; } From 9645cabc8e8364ed4df187fab8065b0991afa6af Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 1 Jul 2001 09:21:14 +0000 Subject: [PATCH 425/923] Fix compiler warning. --- src/route.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/route.c b/src/route.c index bd1c1367..9a555de4 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.14 2001/06/21 16:16:32 guus Exp $ + $Id: route.c,v 1.1.2.15 2001/07/01 09:21:14 guus Exp $ */ #include "config.h" @@ -37,6 +37,7 @@ #include #include #include +#include #include From 6bd93e4c064578b545cb6dcaa28fffb229c929ff Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 1 Jul 2001 21:42:13 +0000 Subject: [PATCH 426/923] Check for all potential duplicate entries in the id tree. --- src/protocol.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index a8860fb2..aab22660 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.96 2001/07/01 09:21:01 guus Exp $ + $Id: protocol.c,v 1.28.4.97 2001/07/01 21:42:13 guus Exp $ */ #include "config.h" @@ -227,22 +227,22 @@ cp return -1; } - /* First check if the host we connected to is already in our + /* First check if the host is already in our connection list. If so, we are probably making a loop, which is not desirable. */ - if(cl->status.outgoing) + if((old = lookup_id(cl->name))) { - if((old = lookup_id(cl->name))) + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("%s (%s) is already in our connection list"), cl->name, cl->hostname); + if(cl->status.outgoing) { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Uplink %s (%s) is already in our connection list"), cl->name, cl->hostname); cl->status.outgoing = 0; old->status.outgoing = 1; - terminate_connection(cl); - return 0; } + terminate_connection(cl); + return 0; } /* Now we can add the name to the id tree */ From 1e2bdc2b6d28c76c63fc9fd36169b90fa0994388 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Jul 2001 08:41:36 +0000 Subject: [PATCH 427/923] - Always use instead of just - Check if RAND_pseudo_bytes() exists, otherwise just use RAND_bytes() --- m4/openssl.m4 | 2 ++ src/meta.c | 8 ++------ src/net.c | 47 +++++++++++++++-------------------------------- src/protocol.c | 27 ++++++++------------------- src/tincd.c | 30 ++++-------------------------- 5 files changed, 31 insertions(+), 83 deletions(-) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index d9f8e163..2ef9c378 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -29,6 +29,8 @@ AC_DEFUN(tinc_OPENSSL, [AC_MSG_ERROR("OpenSSL libraries not found.")] ) + AC_CHECK_FUNCS(RAND_pseudo_bytes) + AC_CHECK_FUNC(dlopen, [], AC_CHECK_LIB(dl, dlopen, diff --git a/src/meta.c b/src/meta.c index 3fadb0d4..4f51e2a5 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.18 2001/05/25 11:54:28 guus Exp $ + $Id: meta.c,v 1.1.2.19 2001/07/04 08:41:36 guus Exp $ */ #include "config.h" @@ -32,11 +32,7 @@ /* This line must be below the rest for FreeBSD */ #include -#ifdef HAVE_OPENSSL_EVP_H -# include -#else -# include -#endif +#include #include "net.h" #include "connection.h" diff --git a/src/net.c b/src/net.c index 2e84a724..309079b8 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.117 2001/06/29 10:30:18 guus Exp $ + $Id: net.c,v 1.35.4.118 2001/07/04 08:41:36 guus Exp $ */ #include "config.h" @@ -45,28 +45,12 @@ #include #include -#ifdef HAVE_OPENSSL_RAND_H -# include -#else -# include -#endif +#include +#include +#include -#ifdef HAVE_OPENSSL_EVP_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_ERR_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_PEM_H -# include -#else -# include +#ifndef HAVE_RAND_PSEUDO_BYTES +#define RAND_pseudo_bytes RAND_bytes #endif #ifdef HAVE_TUNTAP @@ -134,7 +118,7 @@ cp /* Encrypt the packet. */ - RAND_bytes(inpkt->salt, sizeof(inpkt->salt)); + RAND_pseudo_bytes(inpkt->salt, sizeof(inpkt->salt)); EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt)); @@ -344,12 +328,12 @@ cp /* Set default MAC address for ethertap devices */ mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xff; - mymac.net.mac.address.x[1] = 0xff; - mymac.net.mac.address.x[2] = 0xff; - mymac.net.mac.address.x[3] = 0xff; - mymac.net.mac.address.x[4] = 0xff; - mymac.net.mac.address.x[5] = 0xff; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; #ifdef HAVE_LINUX #ifdef HAVE_TUNTAP @@ -366,8 +350,7 @@ cp taptype = TAP_TYPE_TUNTAP; } #endif -#endif -#ifdef HAVE_FREEBSD +#else taptype = TAP_TYPE_TUNTAP; #endif cp @@ -1427,7 +1410,7 @@ cp if(debug_lvl >= DEBUG_STATUS) syslog(LOG_INFO, _("Regenerating symmetric key")); - RAND_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); + RAND_pseudo_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); send_key_changed(myself, NULL); keyexpires = time(NULL) + keylifetime; } diff --git a/src/protocol.c b/src/protocol.c index aab22660..ef601802 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.97 2001/07/01 21:42:13 guus Exp $ + $Id: protocol.c,v 1.28.4.98 2001/07/04 08:41:36 guus Exp $ */ #include "config.h" @@ -40,25 +40,14 @@ #include -#ifdef HAVE_OPENSSL_SHA_H -# include -#else -# include -#endif +#include +#include +#include -#ifdef HAVE_OPENSSL_RAND_H -# include -#else -# include +#ifndef HAVE_RAND_PSEUDO_BYTES +#define RAND_pseudo_bytes RAND_bytes #endif -#ifdef HAVE_OPENSSL_EVP_H -# include -#else -# include -#endif - - #include "conf.h" #include "net.h" #include "netutl.h" @@ -1066,7 +1055,7 @@ int send_ping(connection_t *cl) cp cl->status.pinged = 1; cl->last_ping_time = time(NULL); - RAND_bytes(salt, SALTLEN); + RAND_pseudo_bytes(salt, SALTLEN); bin2hex(salt, salt, SALTLEN); salt[SALTLEN*2] = '\0'; cp @@ -1083,7 +1072,7 @@ int send_pong(connection_t *cl) { char salt[SALTLEN*2+1]; cp - RAND_bytes(salt, SALTLEN); + RAND_pseudo_bytes(salt, SALTLEN); bin2hex(salt, salt, SALTLEN); salt[SALTLEN*2] = '\0'; cp diff --git a/src/tincd.c b/src/tincd.c index d9512240..b9a95722 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.47 2001/06/05 16:09:55 guus Exp $ + $Id: tincd.c,v 1.10.4.48 2001/07/04 08:41:36 guus Exp $ */ #include "config.h" @@ -38,31 +38,9 @@ # include #endif -#ifdef HAVE_OPENSSL_RAND_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_RSA_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_ERR_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_PEM_H -# include -#else -# include -#endif - - +#include +#include +#include #include #include From 5dc4ade0b9c127a3c144d9c59894bf13527fe060 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Jul 2001 08:43:32 +0000 Subject: [PATCH 428/923] Don't load table of verbose OpenSSL errormessages. --- src/tincd.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/tincd.c b/src/tincd.c index b9a95722..f9cd82ff 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.48 2001/07/04 08:41:36 guus Exp $ + $Id: tincd.c,v 1.10.4.49 2001/07/04 08:43:32 guus Exp $ */ #include "config.h" @@ -336,9 +336,6 @@ cp if(detach()) exit(0); cp - if(debug_lvl >= DEBUG_ERROR) - ERR_load_crypto_strings(); - for(;;) { if(!setup_network_connections()) From b3074590b184c141419cf4926820dc0d78380535 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 15 Jul 2001 14:21:12 +0000 Subject: [PATCH 429/923] Correct inclusion of standard if_tun.h header file. --- m4/tuntap.m4 | 8 +++++--- src/net.c | 12 ++++++++++-- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/m4/tuntap.m4 b/m4/tuntap.m4 index 147c6794..0bee1ce3 100644 --- a/m4/tuntap.m4 +++ b/m4/tuntap.m4 @@ -16,7 +16,7 @@ AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, if_tun_h="\"$kerneldir/include/linux/if_tun.h\"", [AC_TRY_COMPILE([#include ], [int a = IFF_TAP;], - if_tun_h="", + if_tun_h="default", if_tun_h="no" )] ) @@ -30,8 +30,10 @@ AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, if test $tinc_cv_linux_if_tun_h != none; then AC_DEFINE(HAVE_TUNTAP) - AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, $tinc_cv_linux_if_tun_h) - AC_SUBST(LINUX_IF_TUN_H) + if test $tinc_cv_linux_if_tun_h != default; then + AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, $tinc_cv_linux_if_tun_h) + fi fi +AC_SUBST(LINUX_IF_TUN_H) AC_SUBST(HAVE_TUNTAP) ]) diff --git a/src/net.c b/src/net.c index 309079b8..4c5956e8 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.118 2001/07/04 08:41:36 guus Exp $ + $Id: net.c,v 1.35.4.119 2001/07/15 14:21:12 guus Exp $ */ #include "config.h" @@ -54,7 +54,15 @@ #endif #ifdef HAVE_TUNTAP -#include LINUX_IF_TUN_H + #ifdef HAVE_LINUX + #ifdef LINUX_IF_TUN_H + #include LINUX_IF_TUN_H + #else + #include + #endif + #else + #include + #endif #endif #include From 319e0cb48eb00565a11c85b901f54141f8160334 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 15 Jul 2001 18:07:31 +0000 Subject: [PATCH 430/923] Split connection list into two lists: - one list to handle all incoming/outgoing TCP connections - another list to handle all UDP connections This will prevent race conditions. --- src/connection.c | 22 +++++++++++-- src/connection.h | 7 +++-- src/net.c | 4 +-- src/protocol.c | 80 +++++++++++++++++++++++------------------------- 4 files changed, 64 insertions(+), 49 deletions(-) diff --git a/src/connection.c b/src/connection.c index 8164cb4b..c09ca94a 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.12 2001/06/29 13:09:55 guus Exp $ + $Id: connection.c,v 1.1.2.13 2001/07/15 18:07:31 guus Exp $ */ #include "config.h" @@ -42,6 +42,7 @@ /* Root of the connection list */ avl_tree_t *connection_tree; +avl_tree_t *active_tree; avl_tree_t *id_tree; /* Pointer to connection describing myself */ @@ -51,6 +52,11 @@ connection_t *myself = NULL; /* Initialization and callbacks */ int connection_compare(connection_t *a, connection_t *b) +{ + return a->meta_socket - b->meta_socket; +} + +int active_compare(connection_t *a, connection_t *b) { ipv4_t result; @@ -69,6 +75,7 @@ int id_compare(connection_t *a, connection_t *b) void init_connections(void) { connection_tree = avl_alloc_tree((avl_compare_t)connection_compare, (avl_action_t)free_connection); + active_tree = avl_alloc_tree((avl_compare_t)active_compare, NULL); id_tree = avl_alloc_tree((avl_compare_t)id_compare, NULL); } @@ -130,6 +137,7 @@ void destroy_connection_tree(void) { cp avl_delete_tree(id_tree); + avl_delete_tree(active_tree); avl_delete_tree(connection_tree); cp } @@ -143,6 +151,13 @@ cp cp } +void active_add(connection_t *cl) +{ +cp + avl_insert(active_tree, cl); +cp +} + void id_add(connection_t *cl) { cp @@ -154,20 +169,21 @@ void connection_del(connection_t *cl) { cp avl_delete(id_tree, cl); + avl_delete(active_tree, cl); avl_delete(connection_tree, cl); cp } /* Lookup functions */ -connection_t *lookup_connection(ipv4_t address, short unsigned int port) +connection_t *lookup_active(ipv4_t address, short unsigned int port) { connection_t cl; cp cl.address = address; cl.port = port; - return avl_search(connection_tree, &cl); + return avl_search(active_tree, &cl); } connection_t *lookup_id(char *name) diff --git a/src/connection.h b/src/connection.h index f46d35b8..4532eb49 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.9 2001/05/25 11:54:28 guus Exp $ + $Id: connection.h,v 1.1.2.10 2001/07/15 18:07:31 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -65,6 +65,7 @@ typedef struct status_bits_t { typedef struct connection_t { char *name; /* name of this connection */ ipv4_t address; /* his real (internet) ip */ + short unsigned int meta_port; /* port number of meta connection */ char *hostname; /* the hostname of its real ip */ int protocol_version; /* used protocol */ short unsigned int port; /* port number for UDP traffic */ @@ -103,16 +104,18 @@ typedef struct connection_t { } connection_t; extern avl_tree_t *connection_tree; +extern avl_tree_t *active_tree; extern connection_t *myself; extern void init_connections(void); extern connection_t *new_connection(void); extern void free_connection(connection_t *); extern void id_add(connection_t *); +extern void active_add(connection_t *); extern void connection_add(connection_t *); extern void connection_del(connection_t *); extern connection_t *lookup_id(char *); -extern connection_t *lookup_connection(ipv4_t, short unsigned int); +extern connection_t *lookup_active(ipv4_t, short unsigned int); extern void dump_connection_list(void); extern int read_host_config(connection_t *); extern void destroy_connection_tree(void); diff --git a/src/net.c b/src/net.c index 4c5956e8..8a0b7a2b 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.119 2001/07/15 14:21:12 guus Exp $ + $Id: net.c,v 1.35.4.120 2001/07/15 18:07:31 guus Exp $ */ #include "config.h" @@ -1113,7 +1113,7 @@ cp return; } - cl = lookup_connection(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + cl = lookup_active(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); if(!cl) { diff --git a/src/protocol.c b/src/protocol.c index ef601802..8d9a551c 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.98 2001/07/04 08:41:36 guus Exp $ + $Id: protocol.c,v 1.28.4.99 2001/07/15 18:07:31 guus Exp $ */ #include "config.h" @@ -174,11 +174,9 @@ cp int id_h(connection_t *cl) { connection_t *old; - unsigned short int port; char name[MAX_STRING_SIZE]; - avl_node_t *node; cp - if(sscanf(cl->buffer, "%*d "MAX_STRING" %d %lx %hd", name, &cl->protocol_version, &cl->options, &port) != 4) + if(sscanf(cl->buffer, "%*d "MAX_STRING" %d %lx %hd", name, &cl->protocol_version, &cl->options, &cl->port) != 4) { syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname); return -1; @@ -208,6 +206,17 @@ cp cl->name = xstrdup(name); + /* Make sure we don't make an outgoing connection to a host that is already in our connection list */ + + if(cl->status.outgoing) + if((old = lookup_id(cl->name))) + { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("We are already connected to %s."), cl->name); + old->status.outgoing = 1; + return -1; + } + /* Load information about peer */ if(read_host_config(cl)) @@ -216,40 +225,6 @@ cp return -1; } - /* First check if the host is already in our - connection list. If so, we are probably making a loop, which - is not desirable. - */ - - if((old = lookup_id(cl->name))) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("%s (%s) is already in our connection list"), cl->name, cl->hostname); - if(cl->status.outgoing) - { - cl->status.outgoing = 0; - old->status.outgoing = 1; - } - terminate_connection(cl); - return 0; - } - - /* Now we can add the name to the id tree */ - - id_add(cl); - - /* And uhr... cl->port just changed so we have to unlink it from the connection tree and re-insert... */ - - node = avl_unlink(connection_tree, cl); - cl->port = port; - if(!avl_insert_node(connection_tree, node)) - { - old = avl_search_node(connection_tree, node)->data; - syslog(LOG_ERR, _("%s is listening on %s:%hd, which is already in use by %s!"), - cl->name, cl->hostname, cl->port, old->name); - return -1; - } - /* Read in the public key, so that we can send a metakey */ if(read_rsa_public_key(cl)) @@ -272,15 +247,34 @@ cp old connection that has timed out but we don't know it yet. */ - while((old = lookup_id(cl->name))) + if((old = lookup_id(cl->name))) { if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Removing old entry for %s at %s in favour of new connection from %s"), - cl->name, old->hostname, cl->hostname); - + syslog(LOG_NOTICE, _("Removing old connection for %s at %s in favour of new connection from %s"), + cl->name, old->hostname, cl->hostname); + if(old->status.outgoing) + { + cl->status.outgoing = 1; + old->status.outgoing = 0; + } terminate_connection(old); + return 0; } + + /* Now we can add the name to the id tree */ + + id_add(cl); + /* Also check if no other tinc daemon uses the same IP and port for UDP traffic */ + + old = avl_search(active_tree, cl); + if(old) + { + syslog(LOG_ERR, _("%s is listening on %s:%hd, which is already in use by %s!"), + cl->name, cl->hostname, cl->port, old->name); + return -1; + } + /* Activate this connection */ cl->allow_request = ALL; @@ -289,6 +283,8 @@ cp cl->cipher_pkttype = EVP_bf_cbc(); cl->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; + active_add(cl); + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); From 5e2ded68bfc7b3a1bfa600c1ce46144eb50e57a2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 19 Jul 2001 12:29:40 +0000 Subject: [PATCH 431/923] Correctly use the active_tree. --- src/net.c | 14 ++++++++++++-- src/protocol.c | 26 +++++++------------------- 2 files changed, 19 insertions(+), 21 deletions(-) diff --git a/src/net.c b/src/net.c index 8a0b7a2b..9048d507 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.120 2001/07/15 18:07:31 guus Exp $ + $Id: net.c,v 1.35.4.121 2001/07/19 12:29:40 guus Exp $ */ #include "config.h" @@ -568,7 +568,7 @@ cp */ int setup_outgoing_connection(char *name) { - connection_t *ncn; + connection_t *ncn, *old; struct hostent *h; config_t const *cfg; cp @@ -578,6 +578,16 @@ cp return -1; } + /* Make sure we don't make an outgoing connection to a host that is already in our connection list */ + + if((old = lookup_id(name))) + { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("We are already connected to %s."), name); + old->status.outgoing = 1; + return 0; + } + ncn = new_connection(); asprintf(&ncn->name, "%s", name); diff --git a/src/protocol.c b/src/protocol.c index 8d9a551c..f0bf1802 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.99 2001/07/15 18:07:31 guus Exp $ + $Id: protocol.c,v 1.28.4.100 2001/07/19 12:29:40 guus Exp $ */ #include "config.h" @@ -173,7 +173,6 @@ cp int id_h(connection_t *cl) { - connection_t *old; char name[MAX_STRING_SIZE]; cp if(sscanf(cl->buffer, "%*d "MAX_STRING" %d %lx %hd", name, &cl->protocol_version, &cl->options, &cl->port) != 4) @@ -206,17 +205,6 @@ cp cl->name = xstrdup(name); - /* Make sure we don't make an outgoing connection to a host that is already in our connection list */ - - if(cl->status.outgoing) - if((old = lookup_id(cl->name))) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("We are already connected to %s."), cl->name); - old->status.outgoing = 1; - return -1; - } - /* Load information about peer */ if(read_host_config(cl)) @@ -315,7 +303,7 @@ cp /* And send him all the hosts and their subnets we know... */ - for(node = connection_tree->head; node; node = node->next) + for(node = active_tree->head; node; node = node->next) { p = (connection_t *)node->data; @@ -336,7 +324,7 @@ cp send_add_subnet(cl, subnet); } } - } + } cp return 0; } @@ -850,7 +838,7 @@ cp { if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), - old->name, old->hostname, name, new->hostname); + old->name, old->hostname, cl->name, cl->hostname); free_connection(new); return 0; } @@ -864,10 +852,10 @@ cp } } - /* Hook it up into the connection */ + /* Hook it up into the active tree */ new->name = xstrdup(name); - connection_add(new); + active_add(new); id_add(new); /* Tell the rest about the new host */ @@ -938,7 +926,7 @@ cp if(!(old = lookup_id(name))) { syslog(LOG_ERR, _("Got DEL_HOST from %s (%s) for %s which is not in our connection list"), - name, cl->name, cl->hostname); + cl->name, cl->hostname, name); return -1; } From 37ed4265fa73d4c06c74362514d78c92029b2f05 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 20 Jul 2001 13:54:19 +0000 Subject: [PATCH 432/923] Remove all unnecessary status.meta and status.active checks. --- src/meta.c | 4 ++-- src/net.c | 29 +++++++++++++---------------- src/protocol.c | 14 +++++++------- src/route.c | 4 ++-- src/tincd.c | 4 ++-- 5 files changed, 26 insertions(+), 29 deletions(-) diff --git a/src/meta.c b/src/meta.c index 4f51e2a5..e4ebb426 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.19 2001/07/04 08:41:36 guus Exp $ + $Id: meta.c,v 1.1.2.20 2001/07/20 13:54:19 guus Exp $ */ #include "config.h" @@ -75,7 +75,7 @@ cp for(node = connection_tree->head; node; node = node->next) { p = (connection_t *)node->data; - if(p != cl && p->status.meta && p->status.active) + if(p != cl && p->status.active) send_meta(p, buffer, length); } cp diff --git a/src/net.c b/src/net.c index 9048d507..dc2d65d0 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.121 2001/07/19 12:29:40 guus Exp $ + $Id: net.c,v 1.35.4.122 2001/07/20 13:54:19 guus Exp $ */ #include "config.h" @@ -253,7 +253,7 @@ cp send_udppacket(cl, packet); } -/* Broadcast a packet to all active connections */ +/* Broadcast a packet to all active direct connections */ void broadcast_packet(connection_t *from, vpn_packet_t *packet) { @@ -267,7 +267,7 @@ cp for(node = connection_tree->head; node; node = node->next) { cl = (connection_t *)node->data; - if(cl->status.meta && cl != from) + if(cl->status.active && cl != from) send_packet(cl, packet); } cp @@ -1083,8 +1083,7 @@ cp for(node = connection_tree->head; node; node = node->next) { p = (connection_t *)node->data; - if(p->status.meta) - FD_SET(p->meta_socket, fs); + FD_SET(p->meta_socket, fs); } FD_SET(myself->meta_socket, fs); @@ -1163,11 +1162,10 @@ cp if(cl->status.meta) { - /* Find all connections that were lost because they were behind cl (the connection that was dropped). */ - for(node = connection_tree->head; node; node = node->next) + for(node = active_tree->head; node; node = node->next) { p = (connection_t *)node->data; if(p->nexthop == cl && p != cl) @@ -1180,7 +1178,7 @@ cp for(node = connection_tree->head; node; node = node->next) { p = (connection_t *)node->data; - if(p->status.meta && p->status.active && p != cl) + if(p->status.active && p != cl) send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */ } } @@ -1229,7 +1227,7 @@ cp for(node = connection_tree->head; node; node = node->next) { cl = (connection_t *)node->data; - if(cl->status.active && cl->status.meta) + if(cl->status.active) { if(cl->last_ping_time + timeout < now) { @@ -1301,13 +1299,12 @@ cp if(p->status.remove) return; - if(p->status.meta) - if(FD_ISSET(p->meta_socket, f)) - if(receive_meta(p) < 0) - { - terminate_connection(p); - return; - } + if(FD_ISSET(p->meta_socket, f)) + if(receive_meta(p) < 0) + { + terminate_connection(p); + return; + } } if(FD_ISSET(myself->meta_socket, f)) diff --git a/src/protocol.c b/src/protocol.c index f0bf1802..29282a1c 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.100 2001/07/19 12:29:40 guus Exp $ + $Id: protocol.c,v 1.28.4.101 2001/07/20 13:54:19 guus Exp $ */ #include "config.h" @@ -307,7 +307,7 @@ cp { p = (connection_t *)node->data; - if(p != cl && p->status.active) + if(p != cl) { /* Notify others of this connection */ @@ -690,7 +690,7 @@ cp for(node = connection_tree->head; node; node = node->next) { p = (connection_t *)node->data; - if(p->status.meta && p->status.active && p!= cl) + if(p->status.active && p!= cl) send_add_subnet(p, subnet); } cp @@ -774,7 +774,7 @@ cp for(node = connection_tree->head; node; node = node->next) { p = (connection_t *)node->data; - if(p->status.meta && p->status.active && p!= cl) + if(p->status.active && p!= cl) send_del_subnet(p, subnet); } cp @@ -863,7 +863,7 @@ cp for(node = connection_tree->head; node; node = node->next) { p = (connection_t *)node->data; - if(p->status.meta && p->status.active && p!=cl) + if(p->status.active && p!=cl) send_add_host(p, new); } @@ -948,7 +948,7 @@ cp for(node = connection_tree->head; node; node = node->next) { p = (connection_t *)node->data; - if(p->status.meta && p->status.active && p!=cl) + if(p->status.active && p!=cl) send_del_host(p, old); } cp @@ -1088,7 +1088,7 @@ cp for(node = connection_tree->head; node; node = node->next) { p = (connection_t *)node->data; - if(p != cl && p->status.meta && p->status.active) + if(p != cl && p->status.active) if(!(p->options & OPTION_INDIRECT) || from == myself) send_request(p, "%d %s", KEY_CHANGED, from->name); } diff --git a/src/route.c b/src/route.c index 9a555de4..5bf0b55b 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.15 2001/07/01 09:21:14 guus Exp $ + $Id: route.c,v 1.1.2.16 2001/07/20 13:54:19 guus Exp $ */ #include "config.h" @@ -78,7 +78,7 @@ cp for(node = connection_tree->head; node; node = node->next) { p = (connection_t *)node->data; - if(p->status.meta && p->status.active && p!= myself) + if(p->status.active && p!= myself) send_add_subnet(p, subnet); } } diff --git a/src/tincd.c b/src/tincd.c index f9cd82ff..75788d6f 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.49 2001/07/04 08:43:32 guus Exp $ + $Id: tincd.c,v 1.10.4.50 2001/07/20 13:54:19 guus Exp $ */ #include "config.h" @@ -212,7 +212,7 @@ int keygen(int bits) if(!rsa_key) { - fprintf(stderr, _("Error during key generation!")); + fprintf(stderr, _("Error during key generation!\n")); return -1; } else From 12f6b80429bc05a828051d72cc46f173e4657180 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 20 Jul 2001 20:25:10 +0000 Subject: [PATCH 433/923] Added purge_tree for connection_t's which are no longer in the connection, active or id trees, but which may still be referenced. This tree is flushed when it is safe, this replaces purge_connection_tree(). Also lots of bugfixes related to the new trees. --- src/connection.c | 105 +++++++++++++++++++++++++++++++---------------- src/connection.h | 8 ++-- src/net.c | 60 +++++++++++++-------------- src/protocol.c | 14 ++----- src/route.c | 4 +- 5 files changed, 109 insertions(+), 82 deletions(-) diff --git a/src/connection.c b/src/connection.c index c09ca94a..fa2f81d7 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.13 2001/07/15 18:07:31 guus Exp $ + $Id: connection.c,v 1.1.2.14 2001/07/20 20:25:10 guus Exp $ */ #include "config.h" @@ -41,9 +41,10 @@ /* Root of the connection list */ -avl_tree_t *connection_tree; -avl_tree_t *active_tree; -avl_tree_t *id_tree; +avl_tree_t *connection_tree; /* Meta connections */ +avl_tree_t *active_tree; /* Activated hosts, sorted by address and port */ +avl_tree_t *id_tree; /* Activated hosts, sorted by name */ +avl_tree_t *prune_tree; /* connection_t structures which have to be freed */ /* Pointer to connection describing myself */ @@ -72,11 +73,22 @@ int id_compare(connection_t *a, connection_t *b) return strcmp(a->name, b->name); } +int prune_compare(connection_t *a, connection_t *b) +{ + if(a < b) + return -1; + else if(a > b) + return 1; + else + return 0; +} + void init_connections(void) { - connection_tree = avl_alloc_tree((avl_compare_t)connection_compare, (avl_action_t)free_connection); + connection_tree = avl_alloc_tree((avl_compare_t)connection_compare, NULL); active_tree = avl_alloc_tree((avl_compare_t)active_compare, NULL); id_tree = avl_alloc_tree((avl_compare_t)id_compare, NULL); + prune_tree = avl_alloc_tree((avl_compare_t)prune_compare, (avl_action_t)free_connection); } /* Creation and deletion of connection elements */ @@ -113,36 +125,19 @@ cp } /* - remove all marked connections + Free all trees. */ -void prune_connection_tree(void) -{ - avl_node_t *node, *next; - connection_t *cl; -cp - for(node = connection_tree->head; node; node = next) - { - next = node->next; - cl = (connection_t *)node->data; - if(cl->status.remove) - connection_del(cl); - } -cp -} - -/* - free all elements of connection -*/ -void destroy_connection_tree(void) +void destroy_trees(void) { cp avl_delete_tree(id_tree); avl_delete_tree(active_tree); avl_delete_tree(connection_tree); + avl_delete_tree(prune_tree); cp } -/* Linked list management */ +/* Connection management */ void connection_add(connection_t *cl) { @@ -151,10 +146,34 @@ cp cp } +void connection_del(connection_t *cl) +{ +cp + active_del(cl); + + if(cl->status.meta) + avl_delete(connection_tree, cl); +cp +} + void active_add(connection_t *cl) { cp avl_insert(active_tree, cl); + avl_insert(id_tree, cl); + cl->status.active = 1; +cp +} + +void active_del(connection_t *cl) +{ +cp + if(cl->status.active) + { + avl_delete(id_tree, cl); + avl_delete(active_tree, cl); + cl->status.active = 0; + } cp } @@ -165,12 +184,22 @@ cp cp } -void connection_del(connection_t *cl) +void prune_add(connection_t *cl) { cp - avl_delete(id_tree, cl); - avl_delete(active_tree, cl); - avl_delete(connection_tree, cl); + avl_insert(prune_tree, cl); +cp +} + +void prune_flush(void) +{ + avl_node_t *node, *next; +cp + for(node = prune_tree->head; node; node = next) + { + next = node->next; + avl_delete_node(prune_tree, node); + } cp } @@ -192,7 +221,7 @@ connection_t *lookup_id(char *name) cp cl.name = name; p = avl_search(id_tree, &cl); - if(p && p->status.active) + if(p) return p; else return NULL; @@ -207,10 +236,6 @@ void dump_connection_list(void) cp syslog(LOG_DEBUG, _("Connection list:")); - syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld sockets %d, %d status %04x"), - myself->name, myself->hostname, myself->port, myself->options, - myself->socket, myself->meta_socket, myself->status); - for(node = connection_tree->head; node; node = node->next) { cl = (connection_t *)node->data; @@ -219,6 +244,16 @@ cp cl->socket, cl->meta_socket, cl->status); } + syslog(LOG_DEBUG, _("Known hosts:")); + + for(node = id_tree->head; node; node = node->next) + { + cl = (connection_t *)node->data; + syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld sockets %d, %d status %04x"), + cl->name, cl->hostname, cl->port, cl->options, + cl->socket, cl->meta_socket, cl->status); + } + syslog(LOG_DEBUG, _("End of connection list.")); cp } diff --git a/src/connection.h b/src/connection.h index 4532eb49..fb7d2797 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.10 2001/07/15 18:07:31 guus Exp $ + $Id: connection.h,v 1.1.2.11 2001/07/20 20:25:10 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -112,13 +112,15 @@ extern connection_t *new_connection(void); extern void free_connection(connection_t *); extern void id_add(connection_t *); extern void active_add(connection_t *); +extern void active_del(connection_t *); extern void connection_add(connection_t *); extern void connection_del(connection_t *); +extern void prune_add(connection_t *); +extern void prune_flush(void); extern connection_t *lookup_id(char *); extern connection_t *lookup_active(ipv4_t, short unsigned int); extern void dump_connection_list(void); extern int read_host_config(connection_t *); -extern void destroy_connection_tree(void); -extern void prune_connection_tree(void); +extern void destroy_trees(void); #endif /* __TINC_CONNECTION_H__ */ diff --git a/src/net.c b/src/net.c index dc2d65d0..00fbdc5a 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.122 2001/07/20 13:54:19 guus Exp $ + $Id: net.c,v 1.35.4.123 2001/07/20 20:25:10 guus Exp $ */ #include "config.h" @@ -885,10 +885,10 @@ cp keyexpires = time(NULL) + keylifetime; cp - - /* Activate ourselves */ + /* Done */ myself->status.active = 1; + id_add(myself); syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port); cp @@ -1001,30 +1001,24 @@ cp */ void close_network_connections(void) { - avl_node_t *node; + avl_node_t *node, *next; connection_t *p; cp - for(node = connection_tree->head; node; node = node->next) + for(node = connection_tree->head; node; node = next) { + next = node->next; p = (connection_t *)node->data; p->status.outgoing = 0; - p->status.active = 0; terminate_connection(p); } - if(myself) - if(myself->status.active) - { - close(myself->meta_socket); - free_connection(myself); - myself = NULL; - } + terminate_connection(myself); + + destroy_trees(); execute_script("tinc-down"); close(tap_fd); - - destroy_connection_tree(); cp return; } @@ -1137,8 +1131,11 @@ cp } /* - terminate a connection and notify the other - end before closing the sockets + Terminate a connection: + - Close the sockets + - Remove associated hosts and subnets + - Deactivate the host + - Since it might still be referenced, put it on the prune list. */ void terminate_connection(connection_t *cl) { @@ -1148,25 +1145,26 @@ void terminate_connection(connection_t *cl) cp if(cl->status.remove) return; - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), - cl->name, cl->hostname); - - cl->status.remove = 1; + else + cl->status.remove = 1; if(cl->socket) close(cl->socket); - if(cl->status.meta) - close(cl->meta_socket); if(cl->status.meta) { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), + cl->name, cl->hostname); + + close(cl->meta_socket); + /* Find all connections that were lost because they were behind cl (the connection that was dropped). */ - for(node = active_tree->head; node; node = node->next) + for(node = active_tree->head; node; node = next) { + next = node->next; p = (connection_t *)node->data; if(p->nexthop == cl && p != cl) terminate_connection(p); @@ -1201,11 +1199,11 @@ cp alarm(seconds_till_retry); syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); } - - /* Deactivate */ - - cl->status.active = 0; cp + /* Schedule it for pruning */ + + prune_add(cl); + connection_del(cl); } /* @@ -1376,7 +1374,7 @@ cp tv.tv_sec = timeout; tv.tv_usec = 0; - prune_connection_tree(); + prune_flush(); build_fdset(&fset); if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) diff --git a/src/protocol.c b/src/protocol.c index 29282a1c..d0dd9f78 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.101 2001/07/20 13:54:19 guus Exp $ + $Id: protocol.c,v 1.28.4.102 2001/07/20 20:25:10 guus Exp $ */ #include "config.h" @@ -249,10 +249,6 @@ cp return 0; } - /* Now we can add the name to the id tree */ - - id_add(cl); - /* Also check if no other tinc daemon uses the same IP and port for UDP traffic */ old = avl_search(active_tree, cl); @@ -266,7 +262,6 @@ cp /* Activate this connection */ cl->allow_request = ALL; - cl->status.active = 1; cl->nexthop = cl; cl->cipher_pkttype = EVP_bf_cbc(); cl->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; @@ -856,7 +851,6 @@ cp new->name = xstrdup(name); active_add(new); - id_add(new); /* Tell the rest about the new host */ @@ -870,7 +864,6 @@ cp /* Fill in rest of connection structure */ new->nexthop = cl; - new->status.active = 1; new->cipher_pkttype = EVP_bf_cbc(); new->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; cp @@ -921,7 +914,7 @@ cp return 0; } - /* Check if the new host already exists in the connnection list */ + /* Check if the deleted host already exists in the connnection list */ if(!(old = lookup_id(name))) { @@ -940,10 +933,9 @@ cp /* Ok, since EVERYTHING seems to check out all right, delete it */ - old->status.active = 0; terminate_connection(old); - /* Tell the rest about the new host */ + /* Tell the rest about the deleted host */ for(node = connection_tree->head; node; node = node->next) { diff --git a/src/route.c b/src/route.c index 5bf0b55b..a143082d 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.16 2001/07/20 13:54:19 guus Exp $ + $Id: route.c,v 1.1.2.17 2001/07/20 20:25:10 guus Exp $ */ #include "config.h" @@ -78,7 +78,7 @@ cp for(node = connection_tree->head; node; node = node->next) { p = (connection_t *)node->data; - if(p->status.active && p!= myself) + if(p->status.active) send_add_subnet(p, subnet); } } From acb853205d6d582d919c59879393b301ad4f4fde Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 21 Jul 2001 15:34:18 +0000 Subject: [PATCH 434/923] Updated terminate_connection() so you can choose if DEL_HOSTs should be sent or not. --- src/connection.c | 3 +-- src/net.c | 59 ++++++++++++++++++++++++++---------------------- src/net.h | 4 ++-- src/protocol.c | 14 ++++++------ 4 files changed, 42 insertions(+), 38 deletions(-) diff --git a/src/connection.c b/src/connection.c index fa2f81d7..29034f5a 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.14 2001/07/20 20:25:10 guus Exp $ + $Id: connection.c,v 1.1.2.15 2001/07/21 15:34:18 guus Exp $ */ #include "config.h" @@ -172,7 +172,6 @@ cp { avl_delete(id_tree, cl); avl_delete(active_tree, cl); - cl->status.active = 0; } cp } diff --git a/src/net.c b/src/net.c index 00fbdc5a..f0e80b79 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.123 2001/07/20 20:25:10 guus Exp $ + $Id: net.c,v 1.35.4.124 2001/07/21 15:34:18 guus Exp $ */ #include "config.h" @@ -247,7 +247,7 @@ cp if((cl->options | myself->options) & OPTION_TCPONLY) { if(send_tcppacket(cl, packet)) - terminate_connection(cl); + terminate_connection(cl, 1); } else send_udppacket(cl, packet); @@ -1009,10 +1009,10 @@ cp next = node->next; p = (connection_t *)node->data; p->status.outgoing = 0; - terminate_connection(p); + terminate_connection(p, 0); } - terminate_connection(myself); + terminate_connection(myself, 0); destroy_trees(); @@ -1136,8 +1136,9 @@ cp - Remove associated hosts and subnets - Deactivate the host - Since it might still be referenced, put it on the prune list. + - If report == 1, then send DEL_HOST messages to the other tinc daemons. */ -void terminate_connection(connection_t *cl) +void terminate_connection(connection_t *cl, int report) { connection_t *p; subnet_t *subnet; @@ -1151,6 +1152,8 @@ cp if(cl->socket) close(cl->socket); + connection_del(cl); + if(cl->status.meta) { if(debug_lvl >= DEBUG_CONNECTIONS) @@ -1159,28 +1162,31 @@ cp close(cl->meta_socket); - /* Find all connections that were lost because they were behind cl - (the connection that was dropped). */ - - for(node = active_tree->head; node; node = next) - { - next = node->next; - p = (connection_t *)node->data; - if(p->nexthop == cl && p != cl) - terminate_connection(p); - } - - /* Inform others of termination if it was still active */ - if(cl->status.active) - for(node = connection_tree->head; node; node = node->next) - { - p = (connection_t *)node->data; - if(p->status.active && p != cl) - send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */ - } + { + /* Find all connections that were lost because they were behind cl + (the connection that was dropped). */ + + for(node = active_tree->head; node; node = next) + { + next = node->next; + p = (connection_t *)node->data; + if(p->nexthop == cl) + terminate_connection(p, report); + } + } } + /* Inform others of termination if needed */ + + if(report) + for(node = connection_tree->head; node; node = node->next) + { + p = (connection_t *)node->data; + if(p->status.active) + send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */ + } + /* Remove the associated subnets */ for(node = cl->subnet_tree->head; node; node = next) @@ -1203,7 +1209,6 @@ cp /* Schedule it for pruning */ prune_add(cl); - connection_del(cl); } /* @@ -1235,7 +1240,7 @@ cp syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), cl->name, cl->hostname); cl->status.timeout = 1; - terminate_connection(cl); + terminate_connection(cl, 1); } else { @@ -1300,7 +1305,7 @@ cp if(FD_ISSET(p->meta_socket, f)) if(receive_meta(p) < 0) { - terminate_connection(p); + terminate_connection(p, 1); return; } } diff --git a/src/net.h b/src/net.h index 75d59df2..7c178416 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.33 2001/06/08 18:02:10 guus Exp $ + $Id: net.h,v 1.9.4.34 2001/07/21 15:34:18 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -115,7 +115,7 @@ extern void broadcast_packet(connection_t *, vpn_packet_t *); extern int setup_network_connections(void); extern void close_network_connections(void); extern void main_loop(void); -extern void terminate_connection(connection_t *); +extern void terminate_connection(connection_t *, int); extern void flush_queue(connection_t *); #include diff --git a/src/protocol.c b/src/protocol.c index d0dd9f78..10046d17 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.102 2001/07/20 20:25:10 guus Exp $ + $Id: protocol.c,v 1.28.4.103 2001/07/21 15:34:18 guus Exp $ */ #include "config.h" @@ -245,7 +245,7 @@ cp cl->status.outgoing = 1; old->status.outgoing = 0; } - terminate_connection(old); + terminate_connection(old, 0); return 0; } @@ -829,7 +829,7 @@ cp if((old = lookup_id(name))) { - if((new->address == old->address) && (new->port == old->port)) + if((new->address == old->address) && (new->port == old->port) && (cl == old->nexthop)) { if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), @@ -843,7 +843,7 @@ cp syslog(LOG_NOTICE, _("Removing old entry for %s (%s) in favour of new connection"), old->name, old->hostname); - terminate_connection(old); + terminate_connection(old, 0); } } @@ -933,7 +933,7 @@ cp /* Ok, since EVERYTHING seems to check out all right, delete it */ - terminate_connection(old); + terminate_connection(old, 0); /* Tell the rest about the deleted host */ @@ -1006,7 +1006,7 @@ cp cl->name, cl->hostname, strerror(err), errorstring); } - terminate_connection(cl); + terminate_connection(cl, 1); cp return 0; } @@ -1020,7 +1020,7 @@ cp int termreq_h(connection_t *cl) { cp - terminate_connection(cl); + terminate_connection(cl, 1); cp return 0; } From 533ee1206fb6433a1f0e616db999b3655addfaf2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 21 Jul 2001 15:46:34 +0000 Subject: [PATCH 435/923] Always close all sockets in terminate_connection(). --- src/net.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/net.c b/src/net.c index f0e80b79..9bdc4b3a 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.124 2001/07/21 15:34:18 guus Exp $ + $Id: net.c,v 1.35.4.125 2001/07/21 15:46:34 guus Exp $ */ #include "config.h" @@ -1151,6 +1151,8 @@ cp if(cl->socket) close(cl->socket); + if(cl->meta_socket) + close(cl->meta_socket); connection_del(cl); @@ -1160,8 +1162,6 @@ cp syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), cl->name, cl->hostname); - close(cl->meta_socket); - if(cl->status.active) { /* Find all connections that were lost because they were behind cl From fcbe215d64d7e2f3b159fff6422d750417877ac4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 21 Jul 2001 20:21:25 +0000 Subject: [PATCH 436/923] Woohoo! tinc now compiles, runs and actually *works* on Solaris! Tested on a SparcStation 20MP running Solaris 7. (Thanks, jiggel!) --- src/net.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++--- src/route.c | 13 ++++++--- 2 files changed, 83 insertions(+), 8 deletions(-) diff --git a/src/net.c b/src/net.c index 9bdc4b3a..8352ac54 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.125 2001/07/21 15:46:34 guus Exp $ + $Id: net.c,v 1.35.4.126 2001/07/21 20:21:25 guus Exp $ */ #include "config.h" @@ -65,6 +65,12 @@ #endif #endif +#ifdef HAVE_SOLARIS + #include + #include + #include +#endif + #include #include #include @@ -196,6 +202,12 @@ cp syslog(LOG_DEBUG, _("Writing packet of %d bytes to tap device"), packet->len); +#ifdef HAVE_SOLARIS + if(write(tap_fd, packet->data + 14, packet->len - 14) < 0) + syslog(LOG_ERR, _("Can't write to tun device: %m")); + else + total_tap_out += packet->len; +#else if(taptype == TAP_TYPE_TUNTAP) { if(write(tap_fd, packet->data, packet->len) < 0) @@ -210,6 +222,7 @@ cp else total_tap_out += packet->len; } +#endif cp } @@ -302,6 +315,11 @@ int setup_tap_fd(void) struct ifreq ifr; # endif #endif +#ifdef HAVE_SOLARIS + int ip_fd = -1, if_fd = -1; + int ppa; + char *ptr; +#endif cp if((cfg = get_config_val(config, config_tapdevice))) @@ -331,8 +349,6 @@ cp cp tap_fd = nfd; - taptype = TAP_TYPE_ETHERTAP; - /* Set default MAC address for ethertap devices */ mymac.type = SUBNET_MAC; @@ -344,6 +360,7 @@ cp mymac.net.mac.address.x[5] = 0x00; #ifdef HAVE_LINUX + taptype = TAP_TYPE_ETHERTAP; #ifdef HAVE_TUNTAP /* Ok now check if this is an old ethertap or a new tun/tap thingie */ memset(&ifr, 0, sizeof(ifr)); @@ -358,9 +375,49 @@ cp taptype = TAP_TYPE_TUNTAP; } #endif -#else +#endif +#ifdef HAVE_FREEBSD taptype = TAP_TYPE_TUNTAP; #endif +#ifdef HAVE_SOLARIS + ppa = 0; + + ptr = tapfname; + while(*ptr && !isdigit((int)*ptr)) ptr++; + ppa = atoi(ptr); + + if( (ip_fd = open("/dev/ip", O_RDWR, 0)) < 0){ + syslog(LOG_ERR, _("Could not open /dev/ip: %m")); + return -1; + } + + /* Assign a new PPA and get its unit number. */ + if( (ppa = ioctl(nfd, TUNNEWPPA, ppa)) < 0){ + syslog(LOG_ERR, _("Can't assign new interface: %m")); + return -1; + } + + if( (if_fd = open(tapfname, O_RDWR, 0)) < 0){ + syslog(LOG_ERR, _("Could not open %s twice: %m"), tapfname); + return -1; + } + + if(ioctl(if_fd, I_PUSH, "ip") < 0){ + syslog(LOG_ERR, _("Can't push IP module: %m")); + return -1; + } + + /* Assign ppa according to the unit number returned by tun device */ + if(ioctl(if_fd, IF_UNITSEL, (char *)&ppa) < 0){ + syslog(LOG_ERR, _("Can't set PPA %d: %m"), ppa); + return -1; + } + if(ioctl(ip_fd, I_LINK, if_fd) < 0){ + syslog(LOG_ERR, _("Can't link TUN device to IP: %m")); + return -1; + } +#endif + cp return 0; } @@ -1324,6 +1381,18 @@ void handle_tap_input(void) vpn_packet_t vp; int lenin; cp +#ifdef HAVE_SOLARIS + if((lenin = read(tap_fd, vp.data + 14, MTU)) <= 0) + { + syslog(LOG_ERR, _("Error while reading from tun device: %m")); + return; + } + memcpy(vp.data, mymac.net.mac.address.x, 6); + memcpy(vp.data + 6, mymac.net.mac.address.x, 6); + vp.data[12] = 0x08; + vp.data[13] = 0x00; + vp.len = lenin + 14; +#else if(taptype == TAP_TYPE_TUNTAP) { if((lenin = read(tap_fd, vp.data, MTU)) <= 0) @@ -1342,6 +1411,7 @@ cp } vp.len = lenin - 2; } +#endif total_tap_in += vp.len; diff --git a/src/route.c b/src/route.c index a143082d..dc91940a 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.17 2001/07/20 20:25:10 guus Exp $ + $Id: route.c,v 1.1.2.18 2001/07/21 20:21:25 guus Exp $ */ #include "config.h" @@ -28,7 +28,7 @@ #include #include #ifdef HAVE_SOLARIS - #include + #include #define ETHER_ADDR_LEN 6 #else #include @@ -107,10 +107,15 @@ connection_t *route_ipv4(vpn_packet_t *packet) ipv4_t dest; subnet_t *subnet; cp +#ifdef HAVE_SOLARIS + /* The other form gives bus errors on a SparcStation 20. */ + dest = ((packet->data[30] * 0x100 + packet->data[31]) * 0x100 + packet->data[32]) * 0x100 + packet->data[33]; +#else dest = ntohl(*((unsigned long*)(&packet->data[30]))); - +#endif +cp subnet = lookup_subnet_ipv4(&dest); - +cp if(!subnet) { if(debug_lvl >= DEBUG_TRAFFIC) From c1a98cd37ea20f6020487b2a5586e6de432398e7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 22 Jul 2001 14:04:38 +0000 Subject: [PATCH 437/923] Started writing a document about how daemons connect to each other. --- doc/CONNECTIVITY | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 doc/CONNECTIVITY diff --git a/doc/CONNECTIVITY b/doc/CONNECTIVITY new file mode 100644 index 00000000..f504f25f --- /dev/null +++ b/doc/CONNECTIVITY @@ -0,0 +1,47 @@ +This document describes how nodes in a VPN find and connect to eachother and +maintain a stable network. + + Copyright 2001 Guus Sliepen + + Permission is granted to make and distribute verbatim copies of + this documentation provided the copyright notice and this + permission notice are preserved on all copies. + + Permission is granted to copy and distribute modified versions of + this documentation under the conditions for verbatim copying, + provided that the entire resulting derived work is distributed + under the terms of a permission notice identical to this one. + + $Id: CONNECTIVITY,v 1.1.2.1 2001/07/22 14:04:38 guus Exp $ + +1. Problem +========== + +We have a set of nodes (A, B, C, ...) that are part of the same VPN. They need +to connect to eachother and form a single graph that satisfies the tree +property. + +There is the possibility that loops are formed, the offending connections must +be eliminated. + +Suppose we start with two smaller graphs that want to form a single larger +graph. Both graphs consist of three nodes: + + A-----B-----C + + + + D-----E-----F + +It is very well possible that A wants to connect to D, and F wants to connect +to C, both at the same time. The following loop will occur: + + A-----B-----C + | ^ + | | + v | + D-----E-----F + +The situation described here is totally symmetric, there is no preference to +one connection over the other. The problem of resolving the loop, maintaining +consistency and stability is therefore not a trivial one. From 71b9041f484128219f81cbf4f22a4e11388f879d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 22 Jul 2001 14:46:11 +0000 Subject: [PATCH 438/923] Described problem in more detail. --- doc/CONNECTIVITY | 95 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 94 insertions(+), 1 deletion(-) diff --git a/doc/CONNECTIVITY b/doc/CONNECTIVITY index f504f25f..2a893ff7 100644 --- a/doc/CONNECTIVITY +++ b/doc/CONNECTIVITY @@ -12,7 +12,7 @@ maintain a stable network. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: CONNECTIVITY,v 1.1.2.1 2001/07/22 14:04:38 guus Exp $ + $Id: CONNECTIVITY,v 1.1.2.2 2001/07/22 14:46:11 guus Exp $ 1. Problem ========== @@ -45,3 +45,96 @@ to C, both at the same time. The following loop will occur: The situation described here is totally symmetric, there is no preference to one connection over the other. The problem of resolving the loop, maintaining consistency and stability is therefore not a trivial one. + +What happens when A---D and C---F are connected to eachother? They exchange +lists of known hosts. A knows of B and C, and D knows of E and F. The protocol +defines ADD_HOST messages, from now on we will say that "node X sends and +ADD_HOST(Y) to Z". + +There are two possible scenarios: either both A---D and C---F finish +authentication at the same time, or A---D finishes first, so that ADD_HOST +messages will reach C and F before they finish authentication. + +1.1 A---D finishes first +------------------------ + +After A---D authentication finishes the following actions are taken: + + 1 A sends ADD_HOST(B) to D + A sends ADD_HOST(C) to D + D sends ADD_HOST(E) to A + D sends ADD_HOST(F) to A + + 2 A receives ADD_HOST(E) from D: + A sends ADD_HOST(E) to B + A receives ADD_HOST(F) from D: + A sends ADD_HOST(F) to B + D receives ADD_HOST(B) from A: + D sends ADD_HOST(B) to E + D receives ADD_HOST(C) from A: + D sends ADD_HOST(C) to E + + 3 B receives ADD_HOST(E) from A: + B sends ADD_HOST(E) to C + B receives ADD_HOST(F) from A: + B sends ADD_HOST(F) to C + E receives ADD_HOST(B) from D: + E sends ADD_HOST(B) to F + E receives ADD_HOST(C) from D: + E sends ADD_HOST(C) to F + + 4 C receives ADD_HOST(E) from B. + C receives ADD_HOST(F) from B. + F receives ADD_HOST(B) from E. + F receives ADD_HOST(C) from E. + +Then C---F authentication finishes, the following actions are taken: + + 1 C notes that F is already known: + Connection is closed. + F notes that C is already known: + Connection is closed. + +1.2 Both A---D and C---F finish at the same time. +------------------------------------------------- + + 1 A sends ADD_HOST(B) to D + A sends ADD_HOST(C) to D + D sends ADD_HOST(E) to A + D sends ADD_HOST(F) to A + + C sends ADD_HOST(A) to F + C sends ADD_HOST(B) to F + F sends ADD_HOST(D) to C + F sends ADD_HOST(E) to C + + 2 A receives ADD_HOST(E) from D: + A sends ADD_HOST(E) to B + A receives ADD_HOST(F) from D: + A sends ADD_HOST(F) to B + D receives ADD_HOST(B) from A: + D sends ADD_HOST(B) to E + D receives ADD_HOST(C) from A: + D sends ADD_HOST(C) to E + + C receives ADD_HOST(D) from F: + A sends ADD_HOST(D) to B + C receives ADD_HOST(E) from F: + A sends ADD_HOST(E) to B + F receives ADD_HOST(A) from C: + D sends ADD_HOST(A) to E + F receives ADD_HOST(B) from C: + D sends ADD_HOST(B) to E + + 3 B receives ADD_HOST(E) from A: + B sends ADD_HOST(E) to C + B receives ADD_HOST(F) from A: + B sends ADD_HOST(F) to C + E receives ADD_HOST(A) from D: + E sends ADD_HOST(A) to F + E receives ADD_HOST(B) from D: + E sends ADD_HOST(B) to F + + B receives ADD_HOST(E) from C, and notes that is is already known: + + From d7b4de0e73baf664964f6daaf63526606b6a890b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 22 Jul 2001 14:58:18 +0000 Subject: [PATCH 439/923] Small update. --- doc/CONNECTIVITY | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/doc/CONNECTIVITY b/doc/CONNECTIVITY index 2a893ff7..884df43b 100644 --- a/doc/CONNECTIVITY +++ b/doc/CONNECTIVITY @@ -12,7 +12,7 @@ maintain a stable network. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: CONNECTIVITY,v 1.1.2.2 2001/07/22 14:46:11 guus Exp $ + $Id: CONNECTIVITY,v 1.1.2.3 2001/07/22 14:58:18 guus Exp $ 1. Problem ========== @@ -137,4 +137,18 @@ Then C---F authentication finishes, the following actions are taken: B receives ADD_HOST(E) from C, and notes that is is already known: + B receives ADD_HOST(F) from C, and notes that is is already known: + + E receives ADD_HOST(A) from F, and notes that is is already known: + + E receives ADD_HOST(B) from F, and notes that is is already known: + + 4 A receives ADD_HOST(E) from B, and notes that it is already known: + + A receives ADD_HOST(F) from B, and notes that it is already known: + + F receives ADD_HOST(A) from E, and notes that it is already known: + + F receives ADD_HOST(B) from E, and notes that it is already known: + From 995ab86fce506e9fabcf5a9ead7d43b30f12ab09 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 22 Jul 2001 15:25:13 +0000 Subject: [PATCH 440/923] Correctie. --- doc/CONNECTIVITY | 77 +++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 69 insertions(+), 8 deletions(-) diff --git a/doc/CONNECTIVITY b/doc/CONNECTIVITY index 884df43b..96636ae7 100644 --- a/doc/CONNECTIVITY +++ b/doc/CONNECTIVITY @@ -12,7 +12,7 @@ maintain a stable network. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: CONNECTIVITY,v 1.1.2.3 2001/07/22 14:58:18 guus Exp $ + $Id: CONNECTIVITY,v 1.1.2.4 2001/07/22 15:25:13 guus Exp $ 1. Problem ========== @@ -65,26 +65,34 @@ After A---D authentication finishes the following actions are taken: D sends ADD_HOST(E) to A D sends ADD_HOST(F) to A - 2 A receives ADD_HOST(E) from D: + 2 A sends ADD_HOST(D) to B + A receives ADD_HOST(E) from D: A sends ADD_HOST(E) to B A receives ADD_HOST(F) from D: A sends ADD_HOST(F) to B + D sends ADD_HOST(A) to E D receives ADD_HOST(B) from A: D sends ADD_HOST(B) to E D receives ADD_HOST(C) from A: D sends ADD_HOST(C) to E - 3 B receives ADD_HOST(E) from A: + 3 B receives ADD_HOST(D) from A, + B sends ADD_HOST(D) to C + B receives ADD_HOST(E) from A: B sends ADD_HOST(E) to C B receives ADD_HOST(F) from A: B sends ADD_HOST(F) to C + E receives ADD_HOST(A) from D: + E sends ADD_HOST(A) to F E receives ADD_HOST(B) from D: E sends ADD_HOST(B) to F E receives ADD_HOST(C) from D: E sends ADD_HOST(C) to F - 4 C receives ADD_HOST(E) from B. + 4 C receives ADD_HOST(D) from B. + C receives ADD_HOST(E) from B. C receives ADD_HOST(F) from B. + F receives ADD_HOST(A) from E. F receives ADD_HOST(B) from E. F receives ADD_HOST(C) from E. @@ -108,25 +116,31 @@ Then C---F authentication finishes, the following actions are taken: F sends ADD_HOST(D) to C F sends ADD_HOST(E) to C - 2 A receives ADD_HOST(E) from D: + 2 A sends ADD_HOST(D) to B + A receives ADD_HOST(E) from D: A sends ADD_HOST(E) to B A receives ADD_HOST(F) from D: A sends ADD_HOST(F) to B + D sends ADD_HOST(A) to E D receives ADD_HOST(B) from A: D sends ADD_HOST(B) to E D receives ADD_HOST(C) from A: D sends ADD_HOST(C) to E + C sends ADD_HOST(F) to B C receives ADD_HOST(D) from F: A sends ADD_HOST(D) to B C receives ADD_HOST(E) from F: A sends ADD_HOST(E) to B + F sends ADD_HOSTS(C) to E F receives ADD_HOST(A) from C: D sends ADD_HOST(A) to E F receives ADD_HOST(B) from C: D sends ADD_HOST(B) to E - 3 B receives ADD_HOST(E) from A: + 3 B receives ADD_HOST(D) from A, + B sends ADD_HOST(D) to C + B receives ADD_HOST(E) from A: B sends ADD_HOST(E) to C B receives ADD_HOST(F) from A: B sends ADD_HOST(F) to C @@ -134,17 +148,25 @@ Then C---F authentication finishes, the following actions are taken: E sends ADD_HOST(A) to F E receives ADD_HOST(B) from D: E sends ADD_HOST(B) to F + E receives ADD_HOST(C) from D: + E sends ADD_HOST(C) to F + B receives ADD_HOST(F) from C, and notes that is is already known: + + B receives ADD_HOST(D) from C, and notes that is is already known: + B receives ADD_HOST(E) from C, and notes that is is already known: - B receives ADD_HOST(F) from C, and notes that is is already known: + E receives ADD_HOST(C) from F, and notes that is is already known: E receives ADD_HOST(A) from F, and notes that is is already known: E receives ADD_HOST(B) from F, and notes that is is already known: - 4 A receives ADD_HOST(E) from B, and notes that it is already known: + 4 A receives ADD_HOST(D) from B, and notes that it is already known: + + A receives ADD_HOST(E) from B, and notes that it is already known: A receives ADD_HOST(F) from B, and notes that it is already known: @@ -152,3 +174,42 @@ Then C---F authentication finishes, the following actions are taken: F receives ADD_HOST(B) from E, and notes that it is already known: + F receives ADD_HOST(B) from E, and notes that it is already known: + + + ... + +1.2.1 Augmenting ADD_HOST +------------------------- + +A solution would be to augment ADD_HOST with an extra parameter, for example +the host which told us about the new host. From A's point of view, D told it +about itself, E and F. So, A would send out ADD_HOST(D, D) to B, and +ADD_HOST(E,D) and ADD_HOST(F,D). Lets review what happens at point 3 in the +preceding example: + + 3 B receives ADD_HOST(D,D) from A, + B sends ADD_HOST(D,D) to C + B receives ADD_HOST(E,D) from A: + B sends ADD_HOST(E,D) to C + B receives ADD_HOST(F,D) from A: + B sends ADD_HOST(F,D) to C + E receives ADD_HOST(A,A) from D: + E sends ADD_HOST(A,A) to F + E receives ADD_HOST(B,A) from D: + E sends ADD_HOST(B,A) to F + E receives ADD_HOST(C,A) from D: + E sends ADD_HOST(C,A) to F + + B receives ADD_HOST(F,F) from C, and notes that F is already known: + + B receives ADD_HOST(D,F) from C, and notes that D is already known: + + B receives ADD_HOST(E,F) from C, and notes that E is already known: + + E receives ADD_HOST(C,C) from F, and notes that C is already known: + + E receives ADD_HOST(A,C) from F, and notes that A is already known: + + E receives ADD_HOST(B,C) from F, and notes that B is already known: + From 5333cada0dfc4dfc3be728e6c78d8d42dc2ace52 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 22 Jul 2001 17:41:52 +0000 Subject: [PATCH 441/923] Written down a possible solution. --- doc/CONNECTIVITY | 54 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 18 deletions(-) diff --git a/doc/CONNECTIVITY b/doc/CONNECTIVITY index 96636ae7..8ccc0de6 100644 --- a/doc/CONNECTIVITY +++ b/doc/CONNECTIVITY @@ -12,7 +12,7 @@ maintain a stable network. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: CONNECTIVITY,v 1.1.2.4 2001/07/22 15:25:13 guus Exp $ + $Id: CONNECTIVITY,v 1.1.2.5 2001/07/22 17:41:52 guus Exp $ 1. Problem ========== @@ -182,34 +182,52 @@ Then C---F authentication finishes, the following actions are taken: 1.2.1 Augmenting ADD_HOST ------------------------- -A solution would be to augment ADD_HOST with an extra parameter, for example -the host which told us about the new host. From A's point of view, D told it -about itself, E and F. So, A would send out ADD_HOST(D, D) to B, and -ADD_HOST(E,D) and ADD_HOST(F,D). Lets review what happens at point 3 in the -preceding example: +A solution would be to augment ADD_HOST with an extra parameter, the nexthop of +the added host: - 3 B receives ADD_HOST(D,D) from A, - B sends ADD_HOST(D,D) to C + 3 B receives ADD_HOST(D,A) from A, + B sends ADD_HOST(D,A) to C B receives ADD_HOST(E,D) from A: B sends ADD_HOST(E,D) to C - B receives ADD_HOST(F,D) from A: - B sends ADD_HOST(F,D) to C - E receives ADD_HOST(A,A) from D: - E sends ADD_HOST(A,A) to F + B receives ADD_HOST(F,E) from A: + B sends ADD_HOST(F,E) to C + E receives ADD_HOST(A,D) from D: + E sends ADD_HOST(A,D) to F E receives ADD_HOST(B,A) from D: E sends ADD_HOST(B,A) to F - E receives ADD_HOST(C,A) from D: - E sends ADD_HOST(C,A) to F + E receives ADD_HOST(C,B) from D: + E sends ADD_HOST(C,B) to F - B receives ADD_HOST(F,F) from C, and notes that F is already known: + B receives ADD_HOST(F,C) from C, and notes that F is already known: - B receives ADD_HOST(D,F) from C, and notes that D is already known: + B receives ADD_HOST(D,E) from C, and notes that D is already known: B receives ADD_HOST(E,F) from C, and notes that E is already known: - E receives ADD_HOST(C,C) from F, and notes that C is already known: + E receives ADD_HOST(C,F) from F, and notes that C is already known: - E receives ADD_HOST(A,C) from F, and notes that A is already known: + E receives ADD_HOST(A,B) from F, and notes that A is already known: E receives ADD_HOST(B,C) from F, and notes that B is already known: + +So, B and E have to make a choice. Which ADD_HOST is going to win? Fortunately, +since the ADD_HOST messages are augmented, they have an extra piece of +information they can use to decide in a deterministic way which one is going to +win. For example, B got ADD_HOST(F,E) and ADD_HOST(F,C). Since "E" > "C", it +could let ADD_HOST(F,E) win. + + B receives ADD_HOST(F,C) from C, and notes that F is already known: + since "C" < "E", B ignores ADD_HOST(F,E) + B sends ADD_HOST(F,C) to A + ... + E receives ADD_HOST(C,F) from F, and notes that C is already known: + since "F" > "B", E removes the ADD_HOST(C,B) in favour of the new one + E sends ADD_HOST(C,F) to D + + 4 A receives ADD_HOST(F,E) from B, and notes that F is already known: + since "E" < "D", A ignores ADD_HOST(F,D). + ... + D receives ADD_HOST(C,F) from E, and notes that C is already known: + since "F" > "B", D removes the ADD_HOST(C,B), + closes the connection with C, in favour of the new one. From 3cd238f4e338f257ff61d58a9979b54344ee462f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 23 Jul 2001 22:06:22 +0000 Subject: [PATCH 442/923] Discuss how sending ADD_EDGEs would be better than sending ADD_HOSTs. --- doc/CONNECTIVITY | 98 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 97 insertions(+), 1 deletion(-) diff --git a/doc/CONNECTIVITY b/doc/CONNECTIVITY index 8ccc0de6..f9976250 100644 --- a/doc/CONNECTIVITY +++ b/doc/CONNECTIVITY @@ -12,7 +12,7 @@ maintain a stable network. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: CONNECTIVITY,v 1.1.2.5 2001/07/22 17:41:52 guus Exp $ + $Id: CONNECTIVITY,v 1.1.2.6 2001/07/23 22:06:22 guus Exp $ 1. Problem ========== @@ -231,3 +231,99 @@ could let ADD_HOST(F,E) win. D receives ADD_HOST(C,F) from E, and notes that C is already known: since "F" > "B", D removes the ADD_HOST(C,B), closes the connection with C, in favour of the new one. + +Ok, time to forget this crap. + +1.2.2 +----- + +The problem with the current ADD/DEL_HOST technique is that each host only +knows the general direction in which to send packets for the other hosts. It +really doesn't know much about the true topology of the network, only about +it's direct neighbours. With so little information each host cannot make a +certain decision which it knows for sure all the others will decide too. + +Let's do something totally different. Instead of notifying every host of the +addition of a new host, which is represented by a vertex in a graph, lets send +out notifications of new connections, which are the edges in a graph. This is +rather cheap, since our graphs are (almost) spanning trees, there is +approximately one edge for each vertex in the graph, so we don't need to send +more messages. Furthermore, an edge is characterized by two vertices, so we +only send a fixed amount of extra information. The size/complexity of the +problem therefore does not increase much. + +What is the advantage of notifying each vertex of new edges instead of new +vertices? Well, all the vertices now know exactly which connections are made +between each host. This was not known with the former schemes. + +Ok back to our problem: + + A-----B-----C + + + + D-----E-----F + +Edges are undirected, and are characterised by the vertices it connects, sorted +alphabetically, so the edges in the two graphs are: + +(A,B), (B,C), (D,E) and (E,F). + +So again we have that A wants to connect to D, and F wants to connect to C, +both at the same time. The following loop will occur: + + A-----B-----C + | ^ + | | + v | + D-----E-----F + +Instead of sending ADD_HOSTs, lets assume the hosts send ADD_EDGEs. So, after +making the connections: + + 1 A sends ADD_EDGE(A,D) to B + A sends ADD_EDGE(A,B) to D + A sends ADD_EDGE(B,C) to D + D sends ADD_EDGE(A,D) to E + D sends ADD_EDGE(D,E) to A + D sends ADD_EDGE(E,F) to A + + C sends ADD_EDGE(C,F) to B + C sends ADD_EDGE(A,B) to F + C sends ADD_EDGE(B,C) to F + F sends ADD_EDGE(C,F) to E + F sends ADD_EDGE(D,E) to C + F sends ADD_EDGE(E,F) to C + + 2 B receives ADD_EDGE(A,D) from A: + B sends ADD_EDGE(A,D) to C + B receives ADD_EDGE(D,E) from A: + B sends ADD_EDGE(D,E) to C + B receives ADD_EDGE(E,F) from A: + B sends ADD_EDGE(E,F) to C + ... + + B receives ADD_EDGE(C,F) from C, notes that both C and F are already known, + but that the edge (C,F) was not known, so a loop has been created: + + +Ok, how to resolve the loop? Remeber, we want to do that in such a way that it +is consistent with the way all the other hosts resolve the loop. Here is the +things B does when it notices that a loop is going to be formed: + + B performs a Breadth First Search from the first element of the list of all + known hosts sorted alfabetically, in this case A, and thereby finds a + spanning tree. (This might later be changed into a minimum spanning tree + alhorithm, but the key point here is that all hosts do this with exactly the + same starting parameters.) All known edges that are not in the spanning tree + are marked inactive. + +An edge marked inactive does not mean anything, unless this edge is connected +to B itself. In that case, B will stop sending messages over that edge. B might +consider closing this edge, but this is not really needed. Keeping it means no +DEL_EDGE has to be sent for it, and if another edge is removed (which will +quite certainly split the graph if it's a spanning tree), this edge might be +reactivated, without the need of sending a new ADD_EDGE for it. On the other +hand, we mustn't keep to many inactive edges, because we want to keep the +number of known edges linear to the number of hosts (otherwise the size of the +problem will grow quadratically). From cbd03caece25d45015a4526b94b04a34ab87b0f2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 24 Jul 2001 08:51:36 +0000 Subject: [PATCH 443/923] More on edges. --- doc/CONNECTIVITY | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/doc/CONNECTIVITY b/doc/CONNECTIVITY index f9976250..3ced6ffb 100644 --- a/doc/CONNECTIVITY +++ b/doc/CONNECTIVITY @@ -12,7 +12,7 @@ maintain a stable network. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: CONNECTIVITY,v 1.1.2.6 2001/07/23 22:06:22 guus Exp $ + $Id: CONNECTIVITY,v 1.1.2.7 2001/07/24 08:51:36 guus Exp $ 1. Problem ========== @@ -327,3 +327,28 @@ reactivated, without the need of sending a new ADD_EDGE for it. On the other hand, we mustn't keep to many inactive edges, because we want to keep the number of known edges linear to the number of hosts (otherwise the size of the problem will grow quadratically). + +So, since B didn't deactivate one of it's own edges, it forwards the +ADD_EDGE(C,F) to A, which also does a BFS, and so on, until it reaches F. F of +course also does a BFS, notes that is is one of it's own edges. It deactivates +the edge (C,F), and consequently will not forward the ADD_EDGE(C,F) to C +anymore. In the mean time, C got messages from B which will make C do the same. + +Ok, suppose a DEL_EDGE was sent, and it means an inactive edge has to be +reactivated. The vertices connected by that edge must exchange their entire +knowledge of edges again, because in the mean time other messages could have +been sent, which were not properly forwarded. Take this example: + + X C-----D + | | | + | | | + v | | + A-----B- - -E + +The edge (B,E) is inactive. X is trying to make a new connection with A. A +sends an ADD_EDGE(A,X) to B, which forwards it to C. At that time, the +connection between C and D goes down, so C sends a DEL_EDGE(C,D) to B, and D +sends a DEL_EDGE(C,D) to E. If we just allow (B,E) to be reactivated again +without anything else, then E and D will never have received the ADD_EDGE(A,X). +So, B and E have to exchange edges again, and propagate them to the hosts they +already know. From 44e9d6a2872fac55f7eb701ba576ed9f39a22e08 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 24 Jul 2001 20:03:40 +0000 Subject: [PATCH 444/923] Don't use %m in fprintf(). --- src/conf.c | 9 +++++---- src/process.c | 8 ++++---- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/conf.c b/src/conf.c index 0eaf0ca4..01c3fcd9 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.41 2001/06/05 19:39:54 guus Exp $ + $Id: conf.c,v 1.9.4.42 2001/07/24 20:03:40 guus Exp $ */ #include "config.h" @@ -35,6 +35,7 @@ #include #include #include +#include #include #include /* for cp */ @@ -495,7 +496,7 @@ FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode if((fn = readline(stdin, NULL, NULL)) == NULL) { - fprintf(stderr, _("Error while reading stdin: %m\n")); + fprintf(stderr, _("Error while reading stdin: %s\n"), strerror(errno)); return NULL; } @@ -521,8 +522,8 @@ FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode /* Open it first to keep the inode busy */ if((r = fopen(fn, mode)) == NULL) { - fprintf(stderr, _("Error opening file `%s': %m\n"), - fn); + fprintf(stderr, _("Error opening file `%s': %s\n"), + fn, strerror(errno)); free(fn); return NULL; } diff --git a/src/process.c b/src/process.c index d618427d..bf3d6b74 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.22 2001/03/13 09:55:14 guus Exp $ + $Id: process.c,v 1.1.2.23 2001/07/24 20:03:40 guus Exp $ */ #include "config.h" @@ -164,7 +164,7 @@ cp { if(daemon(0, 0) < 0) { - fprintf(stderr, _("Couldn't detach from terminal: %m")); + fprintf(stderr, _("Couldn't detach from terminal: %s"), strerror(errno)); return -1; } @@ -427,7 +427,7 @@ setup_signals(void) { act.sa_sigaction = sighandlers[i].handler; if(sigaction(sighandlers[i].signal, &act, NULL) < 0) - fprintf(stderr, _("Installing signal handler for signal %d (%s) failed: %m\n"), - sighandlers[i].signal, strsignal(sighandlers[i].signal)); + fprintf(stderr, _("Installing signal handler for signal %d (%s) failed: %s\n"), + sighandlers[i].signal, strsignal(sighandlers[i].signal), strerror(errno)); } } From 43923d2b106bfbe9300cc8e364cf098444cd649e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 24 Jul 2001 20:04:22 +0000 Subject: [PATCH 445/923] Write public key to rsa_key.pub instead of rsa_key.priv (if not host configuration file is found). --- src/tincd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tincd.c b/src/tincd.c index 75788d6f..04ff4d0b 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.50 2001/07/20 13:54:19 guus Exp $ + $Id: tincd.c,v 1.10.4.51 2001/07/24 20:04:22 guus Exp $ */ #include "config.h" @@ -221,7 +221,7 @@ int keygen(int bits) if(config && (cfg = get_config_val(config, config_name))) asprintf(&filename, "%s/hosts/%s", confbase, cfg->data.ptr); else - asprintf(&filename, "%s/rsa_key.priv", confbase); + asprintf(&filename, "%s/rsa_key.pub", confbase); if((f = ask_and_safe_open(filename, _("public RSA key"), "a")) == NULL) return -1; From 7e86cf91e3399905e19882bcf2d5677d7986aca5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 24 Jul 2001 20:13:42 +0000 Subject: [PATCH 446/923] The val variable in a config_t is never used as a long. --- src/conf.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/conf.h b/src/conf.h index 8f0c2b34..9ce97647 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.24 2001/06/05 19:39:54 guus Exp $ + $Id: conf.h,v 1.6.4.25 2001/07/24 20:13:42 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -63,7 +63,7 @@ typedef struct config_t { which_t which; int argtype; union data { - unsigned long val; + long val; char *ptr; ip_mask_t *ip; struct config_t *next; /* For nested configs! */ From 30d22474ccc8da9a5685a90e0b2304ec627475af Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 24 Jul 2001 20:14:30 +0000 Subject: [PATCH 447/923] Explicitly log which type of tunnel device is used. --- src/net.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/net.c b/src/net.c index 8352ac54..7403a423 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.126 2001/07/21 20:21:25 guus Exp $ + $Id: net.c,v 1.35.4.127 2001/07/24 20:14:30 guus Exp $ */ #include "config.h" @@ -204,7 +204,7 @@ cp #ifdef HAVE_SOLARIS if(write(tap_fd, packet->data + 14, packet->len - 14) < 0) - syslog(LOG_ERR, _("Can't write to tun device: %m")); + syslog(LOG_ERR, _("Can't write to tun/tap device: %m")); else total_tap_out += packet->len; #else @@ -360,7 +360,6 @@ cp mymac.net.mac.address.x[5] = 0x00; #ifdef HAVE_LINUX - taptype = TAP_TYPE_ETHERTAP; #ifdef HAVE_TUNTAP /* Ok now check if this is an old ethertap or a new tun/tap thingie */ memset(&ifr, 0, sizeof(ifr)); @@ -371,12 +370,18 @@ cp cp if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr)) { - syslog(LOG_INFO, _("%s is a new style tun/tap device"), tapfname); + syslog(LOG_INFO, _("%s is a tun/tap device"), tapfname); taptype = TAP_TYPE_TUNTAP; } + else #endif + { + syslog(LOG_INFO, _("%s is an ethertap device"), tapfname); + taptype = TAP_TYPE_ETHERTAP; + } #endif #ifdef HAVE_FREEBSD + syslog(LOG_INFO, _("%s is a tun/tap device"), tapfname); taptype = TAP_TYPE_TUNTAP; #endif #ifdef HAVE_SOLARIS @@ -412,10 +417,13 @@ cp syslog(LOG_ERR, _("Can't set PPA %d: %m"), ppa); return -1; } + if(ioctl(ip_fd, I_LINK, if_fd) < 0){ syslog(LOG_ERR, _("Can't link TUN device to IP: %m")); return -1; } + + syslog(LOG_INFO, _("%s is a tun/tap device"), tapfname); #endif cp From e1184ad15d6b2e7d58bdcb4489026dd0a35b4e5f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 17 Aug 2001 18:14:04 +0000 Subject: [PATCH 448/923] Don't send DEL_HOSTs when !status.meta --- src/net.c | 4 ++-- src/protocol.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/net.c b/src/net.c index 7403a423..507621a2 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.127 2001/07/24 20:14:30 guus Exp $ + $Id: net.c,v 1.35.4.128 2001/08/17 18:14:03 guus Exp $ */ #include "config.h" @@ -1370,7 +1370,7 @@ cp if(FD_ISSET(p->meta_socket, f)) if(receive_meta(p) < 0) { - terminate_connection(p, 1); + terminate_connection(p, p->status.meta); return; } } diff --git a/src/protocol.c b/src/protocol.c index 10046d17..7c9a3a81 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.103 2001/07/21 15:34:18 guus Exp $ + $Id: protocol.c,v 1.28.4.104 2001/08/17 18:14:04 guus Exp $ */ #include "config.h" @@ -1006,7 +1006,7 @@ cp cl->name, cl->hostname, strerror(err), errorstring); } - terminate_connection(cl, 1); + terminate_connection(cl, cl->status.meta); cp return 0; } @@ -1020,7 +1020,7 @@ cp int termreq_h(connection_t *cl) { cp - terminate_connection(cl, 1); + terminate_connection(cl, cl->status.meta); cp return 0; } From 8b5e4211304aaa5d39bc95f04398bd5ecaa887d8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 28 Aug 2001 20:52:39 +0000 Subject: [PATCH 449/923] Fix signed comparison bug in lookup_subnet_ipv4(). --- src/subnet.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/subnet.c b/src/subnet.c index ade47657..cb9cbb75 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.23 2001/06/29 13:09:55 guus Exp $ + $Id: subnet.c,v 1.1.2.24 2001/08/28 20:52:39 guus Exp $ */ #include "config.h" @@ -61,9 +61,23 @@ cp /* We compare as if a subnet is a number that equals (address << 32 + netmask). */ if(a->net.ipv4.address == b->net.ipv4.address) - return a->net.ipv4.mask - b->net.ipv4.mask; + { + if(a->net.ipv4.mask < b->net.ipv4.mask) + return -1; + else if(a->net.ipv4.mask > b->net.ipv4.mask) + return 1; + else + return 0; + } else - return a->net.ipv4.address - b->net.ipv4.address; + { + if(a->net.ipv4.address < b->net.ipv4.address) + return -1; + else if(a->net.ipv4.address > b->net.ipv4.address) + return 1; + else + return 0; + } } int subnet_compare_ipv6(subnet_t *a, subnet_t *b) From ef1facc60709e9474197aa3fde9d517dfd96dc87 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 1 Sep 2001 12:02:39 +0000 Subject: [PATCH 450/923] Remove IndirectData support for now, new implementation will be added later. --- src/protocol.c | 38 ++++++++++++-------------------------- 1 file changed, 12 insertions(+), 26 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 7c9a3a81..1d39a83f 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.104 2001/08/17 18:14:04 guus Exp $ + $Id: protocol.c,v 1.28.4.105 2001/09/01 12:02:39 guus Exp $ */ #include "config.h" @@ -238,8 +238,8 @@ cp if((old = lookup_id(cl->name))) { if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Removing old connection for %s at %s in favour of new connection from %s"), - cl->name, old->hostname, cl->hostname); + syslog(LOG_NOTICE, _("Removing old connection for %s at %s in favour of new connection at %s"), + old->name, old->hostname, cl->hostname); if(old->status.outgoing) { cl->status.outgoing = 1; @@ -615,10 +615,7 @@ int send_add_subnet(connection_t *cl, subnet_t *subnet) char *netstr; char *owner; cp - if((cl->options | myself->options | subnet->owner->options) & OPTION_INDIRECT) - owner = myself->name; - else - owner = subnet->owner->name; + owner = subnet->owner->name; x = send_request(cl, "%d %s %s", ADD_SUBNET, owner, netstr = net2str(subnet)); @@ -698,10 +695,7 @@ int send_del_subnet(connection_t *cl, subnet_t *subnet) char *netstr; char *owner; cp - if(cl->options & OPTION_INDIRECT) - owner = myself->name; - else - owner = subnet->owner->name; + owner = subnet->owner->name; x = send_request(cl, "%d %s %s", DEL_SUBNET, owner, netstr = net2str(subnet)); free(netstr); @@ -781,11 +775,8 @@ cp int send_add_host(connection_t *cl, connection_t *other) { cp - if(!((cl->options | myself->options | other->options) & OPTION_INDIRECT)) - return send_request(cl, "%d %s %lx:%d %lx", ADD_HOST, + return send_request(cl, "%d %s %lx:%d %lx", ADD_HOST, other->name, other->address, other->port, other->options); - else - return 0; } int add_host_h(connection_t *cl) @@ -829,7 +820,7 @@ cp if((old = lookup_id(name))) { - if((new->address == old->address) && (new->port == old->port) && (cl == old->nexthop)) + if((new->address == old->address) && (new->port == old->port) && (cl->nexthop == old->nexthop)) { if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), @@ -840,8 +831,8 @@ cp else { if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Removing old entry for %s (%s) in favour of new connection"), - old->name, old->hostname); + syslog(LOG_NOTICE, _("Removing old entry for %s (%s) from %s in favour of new connection from %s"), + old->name, old->hostname, old->nexthop->name, cl->nexthop->name); terminate_connection(old, 0); } @@ -873,11 +864,8 @@ cp int send_del_host(connection_t *cl, connection_t *other) { cp - if(!((cl->options | myself->options) & OPTION_INDIRECT)) - return send_request(cl, "%d %s %lx:%d %lx", DEL_HOST, + return send_request(cl, "%d %s %lx:%d %lx", DEL_HOST, other->name, other->address, other->port, other->options); - else - return 0; } int del_host_h(connection_t *cl) @@ -1081,8 +1069,7 @@ cp { p = (connection_t *)node->data; if(p != cl && p->status.active) - if(!(p->options & OPTION_INDIRECT) || from == myself) - send_request(p, "%d %s", KEY_CHANGED, from->name); + send_request(p, "%d %s", KEY_CHANGED, from->name); } cp return 0; @@ -1110,8 +1097,7 @@ cp from->status.validkey = 0; from->status.waitingforkey = 0; - if(!(from->options | cl->options | myself->options) & OPTION_INDIRECT) - send_key_changed(from, cl); + send_key_changed(from, cl); cp return 0; } From 8ed27d40f358581d021319cc26313c9f6ddf9a71 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 1 Sep 2001 12:36:06 +0000 Subject: [PATCH 451/923] Revised reconnection mechanism, always try out all ConnectTo lines. --- src/net.c | 99 ++++++++++++++++++++++--------------------------------- 1 file changed, 39 insertions(+), 60 deletions(-) diff --git a/src/net.c b/src/net.c index 507621a2..71839915 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.128 2001/08/17 18:14:03 guus Exp $ + $Id: net.c,v 1.35.4.129 2001/09/01 12:36:06 guus Exp $ */ #include "config.h" @@ -96,7 +96,6 @@ int total_tap_out = 0; int total_socket_in = 0; int total_socket_out = 0; -config_t *upstreamcfg; int seconds_till_retry = 5; int keylifetime = 0; @@ -647,9 +646,13 @@ cp if((old = lookup_id(name))) { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("We are already connected to %s."), name); - old->status.outgoing = 1; + if(!old->status.outgoing) + { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("We are already connected to %s."), name); + + old->status.outgoing = 1; + } return 0; } @@ -960,47 +963,44 @@ cp return 0; } +void randomized_alarm(int seconds) +{ + unsigned char r; + RAND_pseudo_bytes(&r, 1); + alarm((seconds * (int)r) / 128 + 1); +} + RETSIGTYPE -sigalrm_handler(int a) +try_outgoing_connections(int a) { config_t const *cfg; + int retry = 0; cp - cfg = get_config_val(upstreamcfg, config_connectto); + cfg = get_config_val(config, config_connectto); - if(!cfg) + while(cfg) { - if(upstreamcfg == config) - { - /* No upstream IP given, we're listen only. */ - signal(SIGALRM, SIG_IGN); - return; - } + if(setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ + retry = 1; + cfg = get_config_val(cfg, config_connectto); /* Or else we try the next ConnectTo line */ + } + + if(retry) + { + seconds_till_retry += 5; + if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */ + seconds_till_retry = MAXTIMEOUT; + + syslog(LOG_ERR, _("Failed to setup all outgoing connections, will retry in %d seconds"), + seconds_till_retry); + + /* Randomize timeout to avoid global synchronisation effects */ + randomized_alarm(seconds_till_retry); } else { - /* We previously tried all the ConnectTo lines. Now wrap back to the first. */ - cfg = get_config_val(config, config_connectto); + seconds_till_retry = 5; } - - while(cfg) - { - upstreamcfg = cfg->next; - if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ - { - signal(SIGALRM, SIG_IGN); - return; - } - cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */ - } - - signal(SIGALRM, sigalrm_handler); - upstreamcfg = config; - seconds_till_retry += 5; - if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */ - seconds_till_retry = MAXTIMEOUT; - syslog(LOG_ERR, _("Still failed to connect to other, will retry in %d seconds"), - seconds_till_retry); - alarm(seconds_till_retry); cp } @@ -1034,29 +1034,8 @@ cp if(setup_myself() < 0) return -1; - if(!(cfg = get_config_val(config, config_connectto))) - /* No upstream IP given, we're listen only. */ - return 0; - - while(cfg) - { - upstreamcfg = cfg->next; - if(!setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ - return 0; - cfg = get_config_val(upstreamcfg, config_connectto); /* Or else we try the next ConnectTo line */ - } - - if(do_detach) - { - signal(SIGALRM, sigalrm_handler); - upstreamcfg = config; - seconds_till_retry = MAXTIMEOUT; - syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); - alarm(seconds_till_retry); - } - else - return -1; - + signal(SIGALRM, try_outgoing_connections); + alarm(5); cp return 0; } @@ -1266,7 +1245,7 @@ cp if(cl->status.outgoing) { cl->status.outgoing = 0; - signal(SIGALRM, sigalrm_handler); + signal(SIGALRM, try_outgoing_connections); alarm(seconds_till_retry); syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); } From 68e23b1c9e69b2a218b3be821ad1ba3b3b6a64f2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 1 Sep 2001 12:36:53 +0000 Subject: [PATCH 452/923] Optional signal number for -k option. --- src/process.c | 6 +++--- src/process.h | 4 ++-- src/tincd.c | 17 +++++++++-------- 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/src/process.c b/src/process.c index bf3d6b74..37b3186e 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.23 2001/07/24 20:03:40 guus Exp $ + $Id: process.c,v 1.1.2.24 2001/09/01 12:36:53 guus Exp $ */ #include "config.h" @@ -121,7 +121,7 @@ cp /* kill older tincd for this net */ -int kill_other(void) +int kill_other(int signal) { int pid; cp @@ -136,7 +136,7 @@ cp errno = 0; /* No error, sometimes errno is only changed on error */ /* ESRCH is returned when no process with that pid is found */ - if(kill(pid, SIGTERM) && errno == ESRCH) + if(kill(pid, signal) && errno == ESRCH) fprintf(stderr, _("Removing stale lock file.\n")); remove_pid(pidfilename); cp diff --git a/src/process.h b/src/process.h index 9fb13c7c..fe7466ed 100644 --- a/src/process.h +++ b/src/process.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.8 2001/03/01 21:32:04 guus Exp $ + $Id: process.h,v 1.1.2.9 2001/09/01 12:36:53 guus Exp $ */ #ifndef __TINC_PROCESS_H__ @@ -30,7 +30,7 @@ extern int do_detach; extern void setup_signals(void); extern int execute_script(const char *); extern int detach(void); -extern int kill_other(void); +extern int kill_other(int); extern void cleanup_and_exit(int); #endif /* __TINC_PROCESS_H__ */ diff --git a/src/tincd.c b/src/tincd.c index 04ff4d0b..8eeef1d3 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.51 2001/07/24 20:04:22 guus Exp $ + $Id: tincd.c,v 1.10.4.52 2001/09/01 12:36:53 guus Exp $ */ #include "config.h" @@ -78,12 +78,13 @@ char **environment; /* A pointer to the environment on static struct option const long_options[] = { { "config", required_argument, NULL, 'c' }, - { "kill", no_argument, NULL, 'k' }, + { "kill", optional_argument, NULL, 'k' }, { "net", required_argument, NULL, 'n' }, { "help", no_argument, &show_help, 1 }, { "version", no_argument, &show_version, 1 }, { "no-detach", no_argument, &do_detach, 0 }, { "generate-keys", optional_argument, NULL, 'K'}, + { "debug", optional_argument, NULL, 'd'}, { NULL, 0, NULL, 0 } }; @@ -97,8 +98,8 @@ usage(int status) printf(_("Usage: %s [option]...\n\n"), program_name); printf(_(" -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" - " -d Increase debug level.\n" - " -k, --kill Attempt to kill a running tincd and exit.\n" + " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" + " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" " -n, --net=NETNAME Connect to net NETNAME.\n")); printf(_(" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" " --help Display this help and exit.\n" @@ -114,7 +115,7 @@ parse_options(int argc, char **argv, char **envp) int r; int option_index = 0; - while((r = getopt_long(argc, argv, "c:Ddkn:K::", long_options, &option_index)) != EOF) + while((r = getopt_long(argc, argv, "c:Dd::k::n:K::", long_options, &option_index)) != EOF) { switch(r) { @@ -134,7 +135,7 @@ parse_options(int argc, char **argv, char **envp) debug_lvl++; break; case 'k': /* kill old tincds */ - kill_tincd = 1; + kill_tincd = optarg?atoi(optarg):SIGTERM; break; case 'n': /* net name given */ netname = xmalloc(strlen(optarg)+1); @@ -214,7 +215,7 @@ int keygen(int bits) { fprintf(stderr, _("Error during key generation!\n")); return -1; - } + } else fprintf(stderr, _("Done.\n")); @@ -328,7 +329,7 @@ cp } if(kill_tincd) - exit(kill_other()); + exit(kill_other(kill_tincd)); if(read_server_config()) exit(1); From a54ec980e047d13ecff7f1f337aa2665072febfd Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 1 Sep 2001 12:46:49 +0000 Subject: [PATCH 453/923] config_t* is a const parameter in get_config_val(). --- src/conf.c | 4 ++-- src/conf.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/conf.c b/src/conf.c index 01c3fcd9..cf999cbe 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.42 2001/07/24 20:03:40 guus Exp $ + $Id: conf.c,v 1.9.4.43 2001/09/01 12:46:49 guus Exp $ */ #include "config.h" @@ -333,7 +333,7 @@ cp /* Look up the value of the config option type */ -const config_t *get_config_val(config_t *p, which_t type) +const config_t *get_config_val(config_t const *p, which_t type) { cp for(; p != NULL; p = p->next) diff --git a/src/conf.h b/src/conf.h index 9ce97647..de93f72e 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.25 2001/07/24 20:13:42 guus Exp $ + $Id: conf.h,v 1.6.4.26 2001/09/01 12:46:49 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -97,7 +97,7 @@ extern char *netname; extern config_t *add_config_val(config_t **, int, char *); extern int read_config_file(config_t **, const char *); -extern const config_t *get_config_val(config_t *, which_t type); +extern const config_t *get_config_val(config_t const *, which_t type); extern void clear_config(); extern int read_server_config(void); extern FILE *ask_and_safe_open(const char*, const char*, const char *); From 950c934e0bda28e5952d699d6008ee783d81982b Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Wed, 5 Sep 2001 18:38:09 +0000 Subject: [PATCH 454/923] Killing tincd with SIGINT causes it to toggle between the current debug level and level 5. Useful to debug a running tincd. --- src/process.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/src/process.c b/src/process.c index 37b3186e..f395496f 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.24 2001/09/01 12:36:53 guus Exp $ + $Id: process.c,v 1.1.2.25 2001/09/05 18:38:09 zarq Exp $ */ #include "config.h" @@ -55,6 +55,8 @@ extern char **g_argv; sigset_t emptysigset; +static int saved_debug_lvl = 0; + void memory_full(int size) { syslog(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exiting."), size); @@ -351,9 +353,20 @@ sighup_handler(int a, siginfo_t *info, void *b) RETSIGTYPE sigint_handler(int a, siginfo_t *info, void *b) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got INT signal, exiting")); - cleanup_and_exit(0); + if(saved_debug_lvl) + { + syslog(LOG_NOTICE, _("Reverting to old debug level (%d)"), + saved_debug_lvl); + debug_lvl = saved_debug_lvl; + saved_debug_lvl = 0; + } + else + { + syslog(LOG_NOTICE, _("Temporarily setting debug level to 5. Kill me with SIGINT again to go back to level %d."), + debug_lvl); + saved_debug_lvl = debug_lvl; + debug_lvl = 5; + } } RETSIGTYPE From 154733927af0b27cdadb83f03b845301ce8bfbfd Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 24 Sep 2001 13:31:15 +0000 Subject: [PATCH 455/923] - Try old TUN/TAP ioctl() request if the one from if_tun.h fails. - Be more verbose about the kind of tap device used. --- src/net.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/src/net.c b/src/net.c index 71839915..d25cec75 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.129 2001/09/01 12:36:06 guus Exp $ + $Id: net.c,v 1.35.4.130 2001/09/24 13:31:15 guus Exp $ */ #include "config.h" @@ -369,18 +369,25 @@ cp cp if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr)) { - syslog(LOG_INFO, _("%s is a tun/tap device"), tapfname); + syslog(LOG_INFO, _("%s is a Linux tun/tap device"), tapfname); taptype = TAP_TYPE_TUNTAP; } else + if (!ioctl(tap_fd, (('T'<< 8) | 202), (void *) &ifr)) + { + syslog(LOG_INFO, _("%s is a Linux tun/tap device"), tapfname); + syslog(LOG_WARNING, _("Old ioctl() request used")); + taptype = TAP_TYPE_TUNTAP; + } + else #endif - { - syslog(LOG_INFO, _("%s is an ethertap device"), tapfname); - taptype = TAP_TYPE_ETHERTAP; - } + { + syslog(LOG_INFO, _("%s is a Linux ethertap device"), tapfname); + taptype = TAP_TYPE_ETHERTAP; + } #endif #ifdef HAVE_FREEBSD - syslog(LOG_INFO, _("%s is a tun/tap device"), tapfname); + syslog(LOG_INFO, _("%s is a FreeBSD tap device"), tapfname); taptype = TAP_TYPE_TUNTAP; #endif #ifdef HAVE_SOLARIS @@ -422,7 +429,7 @@ cp return -1; } - syslog(LOG_INFO, _("%s is a tun/tap device"), tapfname); + syslog(LOG_INFO, _("%s is a Solaris tun device"), tapfname); #endif cp From 24a2c7e51a0b080c4bdb55f697b3f0458ebc3fb1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 24 Sep 2001 14:12:00 +0000 Subject: [PATCH 456/923] Not only keep track of nexthop, but also of lastbutonehop. If destination cl wants indirectdata, send it to the lastbutonehop instead, unless it too has requested so, and so on. --- src/connection.h | 3 ++- src/net.c | 28 ++++++++++++++++++------- src/protocol.c | 53 +++++++++++++++++++++++++++++++++--------------- src/protocol.h | 4 ++-- 4 files changed, 62 insertions(+), 26 deletions(-) diff --git a/src/connection.h b/src/connection.h index fb7d2797..5d34cd21 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.11 2001/07/20 20:25:10 guus Exp $ + $Id: connection.h,v 1.1.2.12 2001/09/24 14:11:59 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -97,6 +97,7 @@ typedef struct connection_t { char *hischallenge; /* challenge we sent to him */ struct connection_t *nexthop; /* nearest meta-hop in this direction */ + struct connection_t *lastbutonehop; /* meta-hop closest to him */ avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this connection */ diff --git a/src/net.c b/src/net.c index d25cec75..7a2a8e7f 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.130 2001/09/24 13:31:15 guus Exp $ + $Id: net.c,v 1.35.4.131 2001/09/24 14:12:00 guus Exp $ */ #include "config.h" @@ -230,6 +230,7 @@ cp */ void send_packet(connection_t *cl, vpn_packet_t *packet) { + connection_t *hop; cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), @@ -254,15 +255,28 @@ cp return; } - /* Check if it has to go via TCP or UDP... */ -cp - if((cl->options | myself->options) & OPTION_TCPONLY) + if(myself->options & OPTION_TCPONLY) { - if(send_tcppacket(cl, packet)) - terminate_connection(cl, 1); + if(send_tcppacket(cl->nexthop, packet)) + terminate_connection(cl->nexthop, 1); } else - send_udppacket(cl, packet); + { + if(myself->options & OPTION_INDIRECT) + send_udppacket(cl->nexthop, packet); + else + { + hop = cl; + + while(hop->options & OPTION_INDIRECT) + if(hop->lastbutonehop == myself) + break; + else + hop = hop->lastbutonehop; + + send_udppacket(hop, packet); + } + } } /* Broadcast a packet to all active direct connections */ diff --git a/src/protocol.c b/src/protocol.c index 1d39a83f..e9ee9665 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.105 2001/09/01 12:02:39 guus Exp $ + $Id: protocol.c,v 1.28.4.106 2001/09/24 14:12:00 guus Exp $ */ #include "config.h" @@ -263,6 +263,7 @@ cp cl->allow_request = ALL; cl->nexthop = cl; + cl->lastbutonehop = myself; cl->cipher_pkttype = EVP_bf_cbc(); cl->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; @@ -775,19 +776,19 @@ cp int send_add_host(connection_t *cl, connection_t *other) { cp - return send_request(cl, "%d %s %lx:%d %lx", ADD_HOST, - other->name, other->address, other->port, other->options); + return send_request(cl, "%d %s %lx:%d %lx %s", ADD_HOST, + other->name, other->address, other->port, other->options, other->lastbutonehop->name); } int add_host_h(connection_t *cl) { connection_t *old, *new, *p; - char name[MAX_STRING_SIZE]; + char name[MAX_STRING_SIZE], lastbutone[MAX_STRING_SIZE]; avl_node_t *node; cp new = new_connection(); - if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%hd %lx", name, &new->address, &new->port, &new->options) != 4) + if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%hd %lx "MAX_STRING, name, &new->address, &new->port, &new->options, lastbutone) != 5) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->name, cl->hostname); return -1; @@ -802,20 +803,35 @@ cp return -1; } + if(check_id(lastbutone)) + { + syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid lastbutone name"), cl->name, cl->hostname); + free_connection(new); + return -1; + } + /* Check if somebody tries to add ourself */ if(!strcmp(name, myself->name)) { - syslog(LOG_ERR, _("Warning: got ADD_HOST from %s (%s) for ourself, restarting"), cl->name, cl->hostname); - sighup = 1; + syslog(LOG_ERR, _("Got ADD_HOST from %s (%s) for ourself!"), cl->name, cl->hostname); free_connection(new); - return 0; + return -1; } /* Fill in more of the new connection structure */ new->hostname = hostlookup(htonl(new->address)); + new->lastbutonehop = lookup_id(lastbutone); + + if(!new->lastbutonehop) + { + syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): unknown lastbutone"), cl->name, cl->hostname); + free_connection(new); + return -1; + } + /* Check if the new host already exists in the connnection list */ if((old = lookup_id(name))) @@ -864,20 +880,20 @@ cp int send_del_host(connection_t *cl, connection_t *other) { cp - return send_request(cl, "%d %s %lx:%d %lx", DEL_HOST, - other->name, other->address, other->port, other->options); + return send_request(cl, "%d %s %lx:%d %lx %s", DEL_HOST, + other->name, other->address, other->port, other->options, other->lastbutonehop->name); } int del_host_h(connection_t *cl) { - char name[MAX_STRING_SIZE]; + char name[MAX_STRING_SIZE], lastbutone[MAX_STRING_SIZE]; ipv4_t address; port_t port; long int options; connection_t *old, *p; avl_node_t *node; cp - if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%hd %lx", name, &address, &port, &options) != 4) + if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%hd %lx "MAX_STRING, name, &address, &port, &options, lastbutone) != 5) { syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), cl->name, cl->hostname); @@ -892,14 +908,19 @@ cp return -1; } + if(check_id(lastbutone)) + { + syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s): invalid lastbutone name"), cl->name, cl->hostname); + return -1; + } + /* Check if somebody tries to delete ourself */ if(!strcmp(name, myself->name)) { - syslog(LOG_ERR, _("Warning: got DEL_HOST from %s (%s) for ourself, restarting"), + syslog(LOG_ERR, _("Got DEL_HOST from %s (%s) for ourself!"), cl->name, cl->hostname); - sighup = 1; - return 0; + return -1; } /* Check if the deleted host already exists in the connnection list */ @@ -913,7 +934,7 @@ cp /* Check if the rest matches */ - if(address!=old->address || port!=old->port || options!=old->options || cl!=old->nexthop) + if(address!=old->address || port!=old->port || options!=old->options || cl!=old->nexthop || strcmp(lastbutone, old->lastbutonehop->name)) { syslog(LOG_WARNING, _("Got DEL_HOST from %s (%s) for %s which doesn't match"), cl->name, cl->hostname, old->name); return 0; diff --git a/src/protocol.h b/src/protocol.h index c202f5c2..0d163868 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.21 2001/05/24 21:30:36 guus Exp $ + $Id: protocol.h,v 1.5.4.22 2001/09/24 14:12:00 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -30,7 +30,7 @@ incompatible version have different protocols. */ -#define PROT_CURRENT 10 +#define PROT_CURRENT 11 /* Request numbers */ From 4d3de3b6a9b55bc783c649ff33e5415b0c7b5f25 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 24 Sep 2001 14:16:29 +0000 Subject: [PATCH 457/923] Show next- and lastbutonehop when dumping connectionlist to syslog. --- src/connection.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/connection.c b/src/connection.c index 29034f5a..946ea5c3 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.15 2001/07/21 15:34:18 guus Exp $ + $Id: connection.c,v 1.1.2.16 2001/09/24 14:16:29 guus Exp $ */ #include "config.h" @@ -248,9 +248,9 @@ cp for(node = id_tree->head; node; node = node->next) { cl = (connection_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld sockets %d, %d status %04x"), + syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld sockets %d, %d status %04x nexthop %s lastbutonehop %s"), cl->name, cl->hostname, cl->port, cl->options, - cl->socket, cl->meta_socket, cl->status); + cl->socket, cl->meta_socket, cl->status, cl->nexthop->name, cl->lastbutonehop->name); } syslog(LOG_DEBUG, _("End of connection list.")); From ec100a58b44e412a3d2606e5213af9ec5f30235b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 25 Sep 2001 13:35:45 +0000 Subject: [PATCH 458/923] Try next connectto instead of the same over and over. --- src/net.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/net.c b/src/net.c index 7a2a8e7f..d268fb8d 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.131 2001/09/24 14:12:00 guus Exp $ + $Id: net.c,v 1.35.4.132 2001/09/25 13:35:45 guus Exp $ */ #include "config.h" @@ -1003,7 +1003,7 @@ cp { if(setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ retry = 1; - cfg = get_config_val(cfg, config_connectto); /* Or else we try the next ConnectTo line */ + cfg = get_config_val(cfg->next, config_connectto); /* Or else we try the next ConnectTo line */ } if(retry) From 18d1233c40a5705e9123edd6f4c6764a5178003b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 25 Sep 2001 13:39:11 +0000 Subject: [PATCH 459/923] Fill in next- and lastbutonehop for myself. --- src/net.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/net.c b/src/net.c index d268fb8d..e086d786 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.132 2001/09/25 13:35:45 guus Exp $ + $Id: net.c,v 1.35.4.133 2001/09/25 13:39:11 guus Exp $ */ #include "config.h" @@ -976,6 +976,8 @@ cp cp /* Done */ + myself->nexthop = myself; + myself->lastbutonehop = myself; myself->status.active = 1; id_add(myself); From 21027b1d5702c331b1ebb262bb149c75be1f24b1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 8 Oct 2001 11:47:55 +0000 Subject: [PATCH 460/923] - Renamed lastbutonehop to prevhop. - Added connection_t *via to connection_t, this keeps record of where to send UDP packets to. --- src/connection.c | 6 +++--- src/connection.h | 7 ++++--- src/net.c | 39 +++++++++++++++++---------------------- src/protocol.c | 42 ++++++++++++++++++++++++++---------------- 4 files changed, 50 insertions(+), 44 deletions(-) diff --git a/src/connection.c b/src/connection.c index 946ea5c3..186a60b1 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.16 2001/09/24 14:16:29 guus Exp $ + $Id: connection.c,v 1.1.2.17 2001/10/08 11:47:55 guus Exp $ */ #include "config.h" @@ -248,9 +248,9 @@ cp for(node = id_tree->head; node; node = node->next) { cl = (connection_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld sockets %d, %d status %04x nexthop %s lastbutonehop %s"), + syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld sockets %d, %d status %04x nexthop %s prevhop %s via %s"), cl->name, cl->hostname, cl->port, cl->options, - cl->socket, cl->meta_socket, cl->status, cl->nexthop->name, cl->lastbutonehop->name); + cl->socket, cl->meta_socket, cl->status, cl->nexthop->name, cl->prevhop->name, cl->via->name); } syslog(LOG_DEBUG, _("End of connection list.")); diff --git a/src/connection.h b/src/connection.h index 5d34cd21..a75769bb 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.12 2001/09/24 14:11:59 guus Exp $ + $Id: connection.h,v 1.1.2.13 2001/10/08 11:47:55 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -96,8 +96,9 @@ typedef struct connection_t { char *mychallenge; /* challenge we received from him */ char *hischallenge; /* challenge we sent to him */ - struct connection_t *nexthop; /* nearest meta-hop in this direction */ - struct connection_t *lastbutonehop; /* meta-hop closest to him */ + struct connection_t *nexthop; /* nearest meta-hop from us to him */ + struct connection_t *prevhop; /* nearest meta-hop from him to us */ + struct connection_t *via; /* next hop for UDP packets */ avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this connection */ diff --git a/src/net.c b/src/net.c index e086d786..fbefa8ca 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.133 2001/09/25 13:39:11 guus Exp $ + $Id: net.c,v 1.35.4.134 2001/10/08 11:47:55 guus Exp $ */ #include "config.h" @@ -230,7 +230,7 @@ cp */ void send_packet(connection_t *cl, vpn_packet_t *packet) { - connection_t *hop; + connection_t *via; cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), @@ -255,28 +255,22 @@ cp return; } - if(myself->options & OPTION_TCPONLY) + if(cl->via == myself) + via = cl->nexthop; + else + via = cl->via; + + if(via != cl && debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), + cl->name, via->name, via->hostname); + + if((myself->options | via->options) & OPTION_TCPONLY) { - if(send_tcppacket(cl->nexthop, packet)) - terminate_connection(cl->nexthop, 1); + if(send_tcppacket(via, packet)) + terminate_connection(via, 1); } else - { - if(myself->options & OPTION_INDIRECT) - send_udppacket(cl->nexthop, packet); - else - { - hop = cl; - - while(hop->options & OPTION_INDIRECT) - if(hop->lastbutonehop == myself) - break; - else - hop = hop->lastbutonehop; - - send_udppacket(hop, packet); - } - } + send_udppacket(via, packet); } /* Broadcast a packet to all active direct connections */ @@ -977,7 +971,8 @@ cp /* Done */ myself->nexthop = myself; - myself->lastbutonehop = myself; + myself->prevhop = myself; + myself->via = myself; myself->status.active = 1; id_add(myself); diff --git a/src/protocol.c b/src/protocol.c index e9ee9665..5409fbdb 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.106 2001/09/24 14:12:00 guus Exp $ + $Id: protocol.c,v 1.28.4.107 2001/10/08 11:47:55 guus Exp $ */ #include "config.h" @@ -263,7 +263,7 @@ cp cl->allow_request = ALL; cl->nexthop = cl; - cl->lastbutonehop = myself; + cl->prevhop = myself; cl->cipher_pkttype = EVP_bf_cbc(); cl->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; @@ -289,6 +289,11 @@ cp cl->options |= OPTION_TCPONLY; } + if((myself->options | cl->options) & OPTION_INDIRECT) + cl->via = myself; + else + cl->via = cl; + /* Send him our subnets */ for(node = myself->subnet_tree->head; node; node = node->next) @@ -777,18 +782,18 @@ int send_add_host(connection_t *cl, connection_t *other) { cp return send_request(cl, "%d %s %lx:%d %lx %s", ADD_HOST, - other->name, other->address, other->port, other->options, other->lastbutonehop->name); + other->name, other->address, other->port, other->options, other->prevhop->name); } int add_host_h(connection_t *cl) { connection_t *old, *new, *p; - char name[MAX_STRING_SIZE], lastbutone[MAX_STRING_SIZE]; + char name[MAX_STRING_SIZE], prevhop[MAX_STRING_SIZE]; avl_node_t *node; cp new = new_connection(); - if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%hd %lx "MAX_STRING, name, &new->address, &new->port, &new->options, lastbutone) != 5) + if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%hd %lx "MAX_STRING, name, &new->address, &new->port, &new->options, prevhop) != 5) { syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->name, cl->hostname); return -1; @@ -803,9 +808,9 @@ cp return -1; } - if(check_id(lastbutone)) + if(check_id(prevhop)) { - syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid lastbutone name"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid prevhop name"), cl->name, cl->hostname); free_connection(new); return -1; } @@ -823,11 +828,11 @@ cp new->hostname = hostlookup(htonl(new->address)); - new->lastbutonehop = lookup_id(lastbutone); + new->prevhop = lookup_id(prevhop); - if(!new->lastbutonehop) + if(!new->prevhop) { - syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): unknown lastbutone"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): unknown prevhop"), cl->name, cl->hostname); free_connection(new); return -1; } @@ -873,6 +878,11 @@ cp new->nexthop = cl; new->cipher_pkttype = EVP_bf_cbc(); new->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; + + if(new->options & OPTION_INDIRECT || new->prevhop->via != new->prevhop) + new->via = new->prevhop->via; + else + new->via = new; cp return 0; } @@ -881,19 +891,19 @@ int send_del_host(connection_t *cl, connection_t *other) { cp return send_request(cl, "%d %s %lx:%d %lx %s", DEL_HOST, - other->name, other->address, other->port, other->options, other->lastbutonehop->name); + other->name, other->address, other->port, other->options, other->prevhop->name); } int del_host_h(connection_t *cl) { - char name[MAX_STRING_SIZE], lastbutone[MAX_STRING_SIZE]; + char name[MAX_STRING_SIZE], prevhop[MAX_STRING_SIZE]; ipv4_t address; port_t port; long int options; connection_t *old, *p; avl_node_t *node; cp - if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%hd %lx "MAX_STRING, name, &address, &port, &options, lastbutone) != 5) + if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%hd %lx "MAX_STRING, name, &address, &port, &options, prevhop) != 5) { syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), cl->name, cl->hostname); @@ -908,9 +918,9 @@ cp return -1; } - if(check_id(lastbutone)) + if(check_id(prevhop)) { - syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s): invalid lastbutone name"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s): invalid prevhop name"), cl->name, cl->hostname); return -1; } @@ -934,7 +944,7 @@ cp /* Check if the rest matches */ - if(address!=old->address || port!=old->port || options!=old->options || cl!=old->nexthop || strcmp(lastbutone, old->lastbutonehop->name)) + if(address!=old->address || port!=old->port || options!=old->options || cl!=old->nexthop || strcmp(prevhop, old->prevhop->name)) { syslog(LOG_WARNING, _("Got DEL_HOST from %s (%s) for %s which doesn't match"), cl->name, cl->hostname, old->name); return 0; From ce9fd32c04adf83cbaf668ee42a29575ba256002 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 8 Oct 2001 11:59:08 +0000 Subject: [PATCH 461/923] Fix bug where tinc would crash because of a portscan or a connection from a tinc daemon with a different version. --- src/net.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/net.c b/src/net.c index fbefa8ca..91eb513e 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.134 2001/10/08 11:47:55 guus Exp $ + $Id: net.c,v 1.35.4.135 2001/10/08 11:59:08 guus Exp $ */ #include "config.h" @@ -1367,7 +1367,7 @@ cp if(FD_ISSET(p->meta_socket, f)) if(receive_meta(p) < 0) { - terminate_connection(p, p->status.meta); + terminate_connection(p, p->status.active); return; } } From 1ef90a87fd9fd53c25a43455ffaac5274a63dc08 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 8 Oct 2001 13:37:30 +0000 Subject: [PATCH 462/923] - Use ping timeout mechanism to close connections that don't authenticate in time. - Fix potential segmentation fault in check_dead_connections(). --- src/net.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/net.c b/src/net.c index 91eb513e..e96ae51a 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.135 2001/10/08 11:59:08 guus Exp $ + $Id: net.c,v 1.35.4.136 2001/10/08 13:37:30 guus Exp $ */ #include "config.h" @@ -1284,17 +1284,18 @@ cp void check_dead_connections(void) { time_t now; - avl_node_t *node; + avl_node_t *node, *next; connection_t *cl; cp now = time(NULL); - for(node = connection_tree->head; node; node = node->next) + for(node = connection_tree->head; node; node = next) { + next = node->next; cl = (connection_t *)node->data; - if(cl->status.active) + if(cl->last_ping_time + timeout < now) { - if(cl->last_ping_time + timeout < now) + if(cl->status.active) { if(cl->status.pinged) { @@ -1309,6 +1310,13 @@ cp send_ping(cl); } } + else + { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_WARNING, _("Timeout from %s (%s) during authentication"), + cl->name, cl->hostname); + terminate_connection(cl, 0); + } } } cp From fcc3ded75fe9f831aeb8678ee5e3926bf4168906 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 8 Oct 2001 15:37:14 +0000 Subject: [PATCH 463/923] Fix bug when dropping an old connection in favour of a new one from the same host. --- src/protocol.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 5409fbdb..492f2893 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.107 2001/10/08 11:47:55 guus Exp $ + $Id: protocol.c,v 1.28.4.108 2001/10/08 15:37:14 guus Exp $ */ #include "config.h" @@ -245,8 +245,8 @@ cp cl->status.outgoing = 1; old->status.outgoing = 0; } + terminate_connection(old, 0); - return 0; } /* Also check if no other tinc daemon uses the same IP and port for UDP traffic */ From 5926c82b9a29031a8c619432869d1549b51b62a0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 8 Oct 2001 15:47:30 +0000 Subject: [PATCH 464/923] Updated dutch translation. --- po/nl.po | 614 +++++++++++++++++++++++++++++++++---------------------- 1 file changed, 367 insertions(+), 247 deletions(-) diff --git a/po/nl.po b/po/nl.po index 6607c310..7ede015f 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,93 +5,93 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2001-07-01 11:19+0200\n" -"PO-Revision-Date: 2001-06-05 17:54+0200\n" +"POT-Creation-Date: 2001-10-08 17:37+0200\n" +"PO-Revision-Date: 2001-10-08 17:37+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: src/conf.c:239 +#: src/conf.c:240 #, c-format msgid "Cannot open config file %s: %m" msgstr "Kan configuratie bestand %s niet openen: %m" -#: src/conf.c:280 +#: src/conf.c:281 #, c-format msgid "Invalid variable name `%s' on line %d while reading config file %s" msgstr "" "Ongeldige variabelenaam `%s' op regel %d tijdens lezen configuratie bestand %" "s" -#: src/conf.c:287 +#: src/conf.c:288 #, c-format msgid "No value for variable `%s' on line %d while reading config file %s" msgstr "" "Geen waarde voor variabele `%s' op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/conf.c:295 +#: src/conf.c:296 #, c-format msgid "Invalid value for variable `%s' on line %d while reading config file %s" msgstr "" "Ongeldige waarde voor variabele `%s' op regel %d tijdens lezen van " "configuratie bestand %s" -#: src/conf.c:324 +#: src/conf.c:325 #, c-format msgid "Failed to read `%s': %m" msgstr "Lezen van `%s' mislukte: %m" -#: src/conf.c:385 +#: src/conf.c:386 #, c-format msgid "`%s' is not an absolute path" msgstr "`%s' is geen absoluut pad" -#: src/conf.c:401 src/conf.c:434 +#: src/conf.c:402 src/conf.c:435 #, c-format msgid "Couldn't stat `%s': %m" msgstr "Kon `%s' niet statten: %m" -#: src/conf.c:408 src/conf.c:444 +#: src/conf.c:409 src/conf.c:445 #, c-format msgid "`%s' is owned by UID %d instead of %d" msgstr "`%s' is eigendom van UID %d in plaats van %d" -#: src/conf.c:415 src/conf.c:451 +#: src/conf.c:416 src/conf.c:452 #, c-format msgid "Warning: `%s' is a symlink" msgstr "Waarschuwing: `%s' is een symbolische link" -#: src/conf.c:420 src/conf.c:456 +#: src/conf.c:421 src/conf.c:457 #, c-format msgid "Unable to read symbolic link `%s': %m" msgstr "Kan symbolische link `%s' niet lezen: %m" #. Accessible by others -#: src/conf.c:467 +#: src/conf.c:468 #, c-format msgid "`%s' has unsecure permissions" msgstr "`%s' heeft onveilige permissies" #. Ask for a file and/or directory name. -#: src/conf.c:492 +#: src/conf.c:493 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "Geef een bestand om de %s naar de schrijven [%s]: " -#: src/conf.c:498 +#: src/conf.c:499 #, c-format -msgid "Error while reading stdin: %m\n" -msgstr "Fout tijdens lezen van standaardinvoer: %m\n" +msgid "Error while reading stdin: %s\n" +msgstr "Fout tijdens lezen van standaardinvoer: %s\n" -#: src/conf.c:524 +#: src/conf.c:525 #, c-format -msgid "Error opening file `%s': %m\n" -msgstr "Fout bij het openen van het bestand `%s': %m\n" +msgid "Error opening file `%s': %s\n" +msgstr "Fout bij het openen van het bestand `%s': %s\n" -#: src/conf.c:534 +#: src/conf.c:535 #, c-format msgid "" "The file `%s' (or any of the leading directories) has unsafe permissions.\n" @@ -101,358 +101,442 @@ msgstr "" "bescherming.\n" "Ik maak of overschrijf dit bestand niet.\n" -#: src/connection.c:192 +#: src/connection.c:236 msgid "Connection list:" msgstr "Verbindingslijst:" -#: src/connection.c:194 src/connection.c:201 +#: src/connection.c:241 #, c-format msgid " %s at %s port %hd options %ld sockets %d, %d status %04x" msgstr " %s op %s poort %hd opties %d sockets %d, %d status %04x" -#: src/connection.c:206 +#: src/connection.c:246 +msgid "Known hosts:" +msgstr "Bekende hosts:" + +#: src/connection.c:251 +#, c-format +msgid "" +" %s at %s port %hd options %ld sockets %d, %d status %04x nexthop %s prevhop " +"%s via %s" +msgstr "" +" %s op %s poort %hd opties %d sockets %d, %d status %04x nexthop %s prevhop %" +"s via %s" + +#: src/connection.c:256 msgid "End of connection list." msgstr "Einde van verbindingslijst." -#: src/meta.c:53 +#: src/meta.c:49 #, c-format msgid "Sending %d bytes of metadata to %s (%s)" msgstr "Verzenden van %d bytes metadata naar %s (%s)" -#: src/meta.c:67 +#: src/meta.c:63 #, c-format msgid "Sending meta data to %s (%s) failed: %m" msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" -#: src/meta.c:98 +#: src/meta.c:94 #, c-format msgid "This is a bug: %s:%d: %d:%m %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" -#: src/meta.c:104 +#: src/meta.c:100 #, c-format msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s): %s" -#: src/meta.c:125 +#: src/meta.c:121 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:132 +#: src/meta.c:128 #, c-format msgid "Metadata socket read error for %s (%s): %m" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %m" -#: src/meta.c:206 +#: src/meta.c:202 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:119 +#: src/net.c:116 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net.c:152 +#: src/net.c:149 #, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" -#: src/net.c:163 +#: src/net.c:160 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net.c:204 +#: src/net.c:201 #, c-format msgid "Writing packet of %d bytes to tap device" msgstr "Verzending pakket van %d bytes naar tap-apparaat" -#: src/net.c:210 +#: src/net.c:206 src/net.c:213 #, c-format msgid "Can't write to tun/tap device: %m" msgstr "Kan niet naar tun/tap apparaat schrijven: %m" -#: src/net.c:217 +#: src/net.c:220 #, c-format msgid "Can't write to ethertap device: %m" msgstr "Kan niet naar ethertap apparaat schrijven: %m" -#: src/net.c:231 +#: src/net.c:236 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net.c:238 +#: src/net.c:243 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net.c:247 +#: src/net.c:252 #, c-format msgid "%s (%s) is not active, dropping packet" msgstr "%s (%s) is niet actief, pakket wordt genegeerd" -#: src/net.c:272 +#: src/net.c:264 +#, c-format +msgid "Sending packet to %s via %s (%s)" +msgstr "Verzending pakket naar %s via %s (%s)" + +#: src/net.c:284 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net.c:289 +#: src/net.c:301 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net.c:336 +#: src/net.c:353 #, c-format msgid "Could not open %s: %m" msgstr "Kon %s niet openen: %m" -#: src/net.c:365 +#: src/net.c:380 src/net.c:386 #, c-format -msgid "%s is a new style tun/tap device" -msgstr "%s is een nieuwe stijl tun/tap apparaat" +msgid "%s is a Linux tun/tap device" +msgstr "%s is een Linux tun/tap apparaat" -#: src/net.c:390 +#: src/net.c:387 +msgid "Old ioctl() request used" +msgstr "Oud ioctl() verzoek gebruikt" + +#: src/net.c:393 +#, c-format +msgid "%s is a Linux ethertap device" +msgstr "%s is een Linux ethertap apparaat" + +#: src/net.c:398 +#, c-format +msgid "%s is a FreeBSD tap device" +msgstr "%s is een FreeBSD tap apparaat" + +#: src/net.c:409 +#, c-format +msgid "Could not open /dev/ip: %m" +msgstr "Kon /dev/ip niet openen: %m" + +#: src/net.c:415 +#, c-format +msgid "Can't assign new interface: %m" +msgstr "Kan nieuwe interface niet toekennen: %m" + +#: src/net.c:420 +#, c-format +msgid "Could not open %s twice: %m" +msgstr "Kon %s niet tweemaal openen: %m" + +#: src/net.c:425 +#, c-format +msgid "Can't push IP module: %m" +msgstr "Kan IP module niet toevoegen: %m" + +#: src/net.c:431 +#, c-format +msgid "Can't set PPA %d: %m" +msgstr "Kan PPA %d niet instellen: %m" + +#: src/net.c:436 +#, c-format +msgid "Can't link TUN device to IP: %m" +msgstr "Kan TUN device niet aan IP verbinden: %m" + +#: src/net.c:440 +#, c-format +msgid "%s is a Solaris tun device" +msgstr "%s is een Solaris tun apparaat" + +#: src/net.c:460 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:398 src/net.c:444 src/net.c:475 src/net.c:530 src/net.c:1045 -#: src/process.c:239 src/process.c:275 +#: src/net.c:468 src/net.c:514 src/net.c:545 src/net.c:600 src/net.c:1102 +#: src/process.c:241 src/process.c:277 #, c-format msgid "System call `%s' failed: %m" msgstr "Systeemaanroep `%s' mislukte: %m" -#: src/net.c:419 +#: src/net.c:489 #, c-format msgid "Unable to bind listen socket to interface %s: %m" msgstr "Kon luistersocket niet binden aan interface %s: %m" -#: src/net.c:437 +#: src/net.c:507 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:465 +#: src/net.c:535 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:488 +#: src/net.c:558 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:506 +#: src/net.c:576 #, c-format msgid "Trying to connect to %s" msgstr "Poging tot verbinding met %s" -#: src/net.c:516 +#: src/net.c:586 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:553 +#: src/net.c:623 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:561 +#: src/net.c:631 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:567 +#: src/net.c:637 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:586 +#: src/net.c:656 msgid "Invalid name for outgoing connection" msgstr "Ongelige naam voor uitgaande verbinding" -#: src/net.c:595 +#: src/net.c:667 +#, c-format +msgid "We are already connected to %s." +msgstr "We zijn al verbonden met %s." + +#: src/net.c:679 #, c-format msgid "Error reading host configuration file for %s" msgstr "Fout tijdens lezen host configuratie bestand voor %s" -#: src/net.c:602 +#: src/net.c:686 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:609 +#: src/net.c:693 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:619 +#: src/net.c:703 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net.c:664 +#: src/net.c:748 #, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %m" -#: src/net.c:672 +#: src/net.c:756 #, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %m" #. Nothing worked. -#: src/net.c:698 +#: src/net.c:782 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net.c:721 +#: src/net.c:805 #, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" -#: src/net.c:729 +#: src/net.c:813 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" # -#: src/net.c:736 +#: src/net.c:820 msgid "No private key for tinc daemon specified!" msgstr "Geen privé sleutel voor tinc daemon gespecificeerd!" -#: src/net.c:754 +#: src/net.c:838 msgid "MYSELF" msgstr "MIJZELF" -#: src/net.c:760 +#: src/net.c:844 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:768 +#: src/net.c:852 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:777 +#: src/net.c:861 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:810 +#: src/net.c:894 msgid "Network address and subnet mask do not match!" msgstr "Netwerk adres en subnet masker komen niet overeen!" -#: src/net.c:849 +#: src/net.c:933 msgid "Invalid routing mode!" msgstr "Ongelige routing modus!" -#: src/net.c:861 +#: src/net.c:945 msgid "Unable to set up a listening TCP socket!" msgstr "Kon geen TCP luistersocket aanmaken!" -#: src/net.c:867 +#: src/net.c:951 msgid "Unable to set up a listening UDP socket!" msgstr "Kon geen UDP luistersocket aanmaken!" -#: src/net.c:892 +#: src/net.c:979 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:935 +#: src/net.c:1012 #, c-format -msgid "Still failed to connect to other, will retry in %d seconds" -msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" +msgid "Failed to setup all outgoing connections, will retry in %d seconds" +msgstr "" +"Poging tot maken van alle uitgaande verbinding faalde, nieuwe poging over %d " +"seconden" -#: src/net.c:988 src/net.c:1203 -#, c-format -msgid "Trying to re-establish outgoing connection in %d seconds" -msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" - -#: src/net.c:1051 +#: src/net.c:1108 msgid "UNKNOWN" msgstr "ONBEKEND" -#: src/net.c:1062 +#: src/net.c:1119 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1109 +#: src/net.c:1165 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1115 +#: src/net.c:1171 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1121 +#: src/net.c:1177 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1129 +#: src/net.c:1185 #, c-format msgid "Received UDP packets on port %hd from unknown source %x:%hd" msgstr "Ontvangst UDP pakket op poort %hd van onbekende oorsprong %x:%hd" -#: src/net.c:1153 +#: src/net.c:1224 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1238 +#: src/net.c:1268 +#, c-format +msgid "Trying to re-establish outgoing connection in %d seconds" +msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" + +#: src/net.c:1303 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1265 +#: src/net.c:1316 +#, c-format +msgid "Timeout from %s (%s) during authentication" +msgstr "Timeout van %s (%s) tijdens authenticatie" + +#: src/net.c:1337 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1273 +#: src/net.c:1345 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1330 +#: src/net.c:1400 +#, c-format +msgid "Error while reading from tun device: %m" +msgstr "Fout tijdens lezen van tun apparaat: %m" + +#: src/net.c:1413 #, c-format msgid "Error while reading from tun/tap device: %m" msgstr "Fout tijdens lezen van tun/tap apparaat: %m" -#: src/net.c:1339 +#: src/net.c:1422 #, c-format msgid "Error while reading from ethertap device: %m" msgstr "Fout tijdens lezen van ethertap apparaat: %m" -#: src/net.c:1350 +#: src/net.c:1434 msgid "Received short packet from tap device" msgstr "Kort pakket ontvangen van tap apparaat" -#: src/net.c:1356 +#: src/net.c:1440 #, c-format msgid "Read packet of length %d from tap device" msgstr "Pakket gelezen van lengte %d van tap apparaat" -#: src/net.c:1388 +#: src/net.c:1472 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1395 +#: src/net.c:1479 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1402 +#: src/net.c:1486 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1428 +#: src/net.c:1512 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" @@ -461,290 +545,302 @@ msgstr "Hergenereren symmetrische sleutel" msgid "Error looking up `%s': %s\n" msgstr "Fout bij het opzoeken van `%s': %s\n" -#: src/protocol.c:105 +#: src/protocol.c:94 #, c-format msgid "Output buffer overflow while sending %s to %s (%s)" msgstr "Uitvoer buffer overvol tijdens zenden %s naar %s (%s)" -#: src/protocol.c:112 +#: src/protocol.c:101 #, c-format msgid "Sending %s to %s (%s): %s" msgstr "Verzending %s naar %s (%s): %s" -#: src/protocol.c:114 +#: src/protocol.c:103 #, c-format msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:131 +#: src/protocol.c:120 #, c-format msgid "Unknown request from %s (%s): %s" msgstr "Onbekend verzoek van %s (%s): %s" -#: src/protocol.c:134 +#: src/protocol.c:123 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:144 +#: src/protocol.c:133 #, c-format msgid "Got %s from %s (%s): %s" msgstr "Kreeg %s van %s (%s): %s" -#: src/protocol.c:147 +#: src/protocol.c:136 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:154 +#: src/protocol.c:143 #, c-format msgid "Unauthorized request from %s (%s)" msgstr "Niet toegestaan verzoek van %s (%s)" -#: src/protocol.c:161 +#: src/protocol.c:150 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:168 +#: src/protocol.c:157 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:194 +#: src/protocol.c:180 #, c-format msgid "Got bad ID from %s" msgstr "Kreeg ongeldige ID van %s" -#: src/protocol.c:202 +#: src/protocol.c:188 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt een niet-compatibel protocol versie %d" -#: src/protocol.c:211 +#: src/protocol.c:197 #, c-format msgid "Peer %s uses invalid identity name" msgstr "Ander %s gebruikt een ongeldige identiteitsnaam" -#: src/protocol.c:226 +#: src/protocol.c:212 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft een onbekende identiteit (%s)" -#: src/protocol.c:240 +#: src/protocol.c:241 #, c-format -msgid "Uplink %s (%s) is already in our connection list" -msgstr "%s (%s) staat al in onze verbindingslijst" - -#: src/protocol.c:259 -#, c-format -msgid "%s is listening on %s:%hd, which is already in use by %s!" -msgstr "%s luistert op %s:%hd, wat al in gebruik is door %s!" - -#: src/protocol.c:289 -#, c-format -msgid "Removing old entry for %s at %s in favour of new connection from %s" +msgid "Removing old connection for %s at %s in favour of new connection at %s" msgstr "" "Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " "van %s" -#: src/protocol.c:304 +#: src/protocol.c:257 +#, c-format +msgid "%s is listening on %s:%hd, which is already in use by %s!" +msgstr "%s luistert op %s:%hd, wat al in gebruik is door %s!" + +#: src/protocol.c:273 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:403 +#: src/protocol.c:377 #, c-format msgid "Got bad CHALLENGE from %s (%s)" msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" -#: src/protocol.c:413 +#: src/protocol.c:387 #, c-format msgid "Intruder: wrong challenge length from %s (%s)" msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" -#: src/protocol.c:439 +#: src/protocol.c:413 #, c-format msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" -#: src/protocol.c:465 +#: src/protocol.c:439 #, c-format msgid "Got bad CHAL_REPLY from %s (%s)" msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" -#: src/protocol.c:473 +#: src/protocol.c:447 #, c-format msgid "Intruder: wrong challenge reply length from %s (%s)" msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" -#: src/protocol.c:489 +#: src/protocol.c:463 #, c-format msgid "Intruder: wrong challenge reply from %s (%s)" msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" -#: src/protocol.c:494 +#: src/protocol.c:468 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwacht antwoord op uitdaging: %s" -#: src/protocol.c:543 +#: src/protocol.c:517 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "Meta sleutel gegenereerd (niet versleuteld): %s" -#: src/protocol.c:555 src/protocol.c:618 +#: src/protocol.c:529 src/protocol.c:592 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleuteling van meta sleutel voor %s (%s)" -#: src/protocol.c:588 +#: src/protocol.c:562 #, c-format msgid "Got bad METAKEY from %s (%s)" msgstr "Kreeg ongeldige METAKEY van %s (%s)" -#: src/protocol.c:598 +#: src/protocol.c:572 #, c-format msgid "Intruder: wrong meta key length from %s (%s)" msgstr "Indringer: verkeerde lengte voor meta sleutel van %s (%s)" -#: src/protocol.c:626 +#: src/protocol.c:600 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Meta sleutel ontvangen (niet versleuteld): %s" -#: src/protocol.c:672 +#: src/protocol.c:643 #, c-format msgid "Got bad ADD_SUBNET from %s (%s)" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" -#: src/protocol.c:680 +#: src/protocol.c:651 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:688 +#: src/protocol.c:659 #, c-format msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" -#: src/protocol.c:696 +#: src/protocol.c:667 #, c-format msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:706 +#: src/protocol.c:677 #, c-format msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg ADD_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:754 +#: src/protocol.c:722 #, c-format msgid "Got bad DEL_SUBNET from %s (%s)" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" -#: src/protocol.c:762 +#: src/protocol.c:730 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:770 +#: src/protocol.c:738 #, c-format msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:780 +#: src/protocol.c:748 #, c-format msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" -#: src/protocol.c:790 +#: src/protocol.c:758 #, c-format msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" msgstr "" "Kreeg DEL_SUBNET voor %s van %s (%s) die niet voorkomt in onze " "verbindingslijst" -#: src/protocol.c:833 +#: src/protocol.c:798 #, c-format msgid "Got bad ADD_HOST from %s (%s)" msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" -#: src/protocol.c:841 +#: src/protocol.c:806 #, c-format msgid "Got bad ADD_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:850 +#: src/protocol.c:813 #, c-format -msgid "Warning: got ADD_HOST from %s (%s) for ourself, restarting" -msgstr "Waarschuwing: kreeg ADD_HOST van %s (%s) voor onszelf, herstart" +msgid "Got bad ADD_HOST from %s (%s): invalid prevhop name" +msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige prevhop naam" -#: src/protocol.c:867 +#: src/protocol.c:822 +#, c-format +msgid "Got ADD_HOST from %s (%s) for ourself!" +msgstr "Kreeg ADD_HOST van %s (%s) voor onszelf!" + +#: src/protocol.c:835 +#, c-format +msgid "Got bad ADD_HOST from %s (%s): unknown prevhop" +msgstr "Kreeg ongeldige ADD_HOST van %s (%s): onbekende prevhop" + +#: src/protocol.c:847 #, c-format msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" -#: src/protocol.c:875 +#: src/protocol.c:855 #, c-format -msgid "Removing old entry for %s (%s) in favour of new connection" +msgid "" +"Removing old entry for %s (%s) from %s in favour of new connection from %s" msgstr "" -"Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe verbinding" +"Verwijdering oude verbinding voor %s (%s) van %s in voordeel van nieuwe " +"verbinding van %s" -#: src/protocol.c:928 +#: src/protocol.c:908 #, c-format msgid "Got bad DEL_HOST from %s (%s)" msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" -#: src/protocol.c:937 +#: src/protocol.c:917 #, c-format msgid "Got bad DEL_HOST from %s (%s): invalid identity name" msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" -#: src/protocol.c:945 +#: src/protocol.c:923 #, c-format -msgid "Warning: got DEL_HOST from %s (%s) for ourself, restarting" -msgstr "Waarschuwing: kreeg DEL_HOST van %s (%s) voor onszelf, herstart" +msgid "Got bad DEL_HOST from %s (%s): invalid prevhop name" +msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige prevhop naam" -#: src/protocol.c:955 +#: src/protocol.c:931 +#, c-format +msgid "Got DEL_HOST from %s (%s) for ourself!" +msgstr "Kreeg DEL_HOST van %s (%s) voor onszelf!" + +#: src/protocol.c:940 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" msgstr "" "Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:964 +#: src/protocol.c:949 #, c-format msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" -#: src/protocol.c:1003 +#: src/protocol.c:987 #, c-format msgid "Got bad STATUS from %s (%s)" msgstr "Kreeg ongeldige STATUS van %s (%s)" -#: src/protocol.c:1010 +#: src/protocol.c:994 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Ontving statusbericht van %s (%s): %s: %s" -#: src/protocol.c:1033 +#: src/protocol.c:1017 #, c-format msgid "Got bad ERROR from %s (%s)" msgstr "Kreeg ongeldige ERROR van %s (%s)" -#: src/protocol.c:1040 +#: src/protocol.c:1024 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Ontving foutmelding van %s (%s): %s: %s" -#: src/protocol.c:1133 +#: src/protocol.c:1116 #, c-format msgid "Got bad KEY_CHANGED from %s (%s)" msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" -#: src/protocol.c:1140 +#: src/protocol.c:1123 #, c-format msgid "" "Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " @@ -753,12 +849,12 @@ msgstr "" "Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1170 +#: src/protocol.c:1152 #, c-format msgid "Got bad REQ_KEY from %s (%s)" msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" -#: src/protocol.c:1177 +#: src/protocol.c:1159 #, c-format msgid "" "Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " @@ -767,7 +863,7 @@ msgstr "" "Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1195 +#: src/protocol.c:1177 #, c-format msgid "" "Got REQ_KEY from %s (%s) destination %s which does not exist in our " @@ -775,12 +871,12 @@ msgid "" msgstr "" "Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1231 +#: src/protocol.c:1213 #, c-format msgid "Got bad ANS_KEY from %s (%s)" msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" -#: src/protocol.c:1238 +#: src/protocol.c:1220 #, c-format msgid "" "Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " @@ -789,13 +885,13 @@ msgstr "" "Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " "voorkomt" -#: src/protocol.c:1249 +#: src/protocol.c:1231 #, c-format msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" msgstr "" "Kreeg ongeldige ADD_KEY van %s (%s) herkomst %s: ongeldige sleutellengte" -#: src/protocol.c:1260 +#: src/protocol.c:1242 #, c-format msgid "" "Got ANS_KEY from %s (%s) destination %s which does not exist in our " @@ -803,41 +899,41 @@ msgid "" msgstr "" "Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" -#: src/protocol.c:1305 +#: src/protocol.c:1287 #, c-format msgid "Got bad PACKET from %s (%s)" msgstr "Kreeg ongeldig PAKKET van %s (%s)" -#: src/subnet.c:105 +#: src/subnet.c:119 #, c-format msgid "subnet_compare() was called with unknown subnet type %d, restarting!" msgstr "" "subnet_compare() werd aangeroepen met onbekend subnet type %d, opnieuw " "starten" -#: src/subnet.c:142 +#: src/subnet.c:156 #, c-format msgid "Duplicate subnet %s for %s (%s), previous owner %s (%s)!" msgstr "Duplicaat subnet %s voor %s (%s), vorige eigenaar %s (%s)!" -#: src/subnet.c:266 +#: src/subnet.c:280 msgid "unknown subnet type" msgstr "onbekend subnet type" -#: src/subnet.c:344 +#: src/subnet.c:358 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:352 +#: src/subnet.c:366 msgid "End of subnet list." msgstr "Einde van subnet lijst." -#: src/tincd.c:116 +#: src/tincd.c:95 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:119 +#: src/tincd.c:98 #, c-format msgid "" "Usage: %s [option]...\n" @@ -846,22 +942,22 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:120 +#: src/tincd.c:99 msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" -" -d Increase debug level.\n" -" -k, --kill Attempt to kill a running tincd and exit.\n" +" -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" +" -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" " -n, --net=NETNAME Connect to net NETNAME.\n" msgstr "" " -c, --config=MAP Lees configuratie uit MAP.\n" " -D, --no-detach Start geen nieuw proces.\n" " -d Verhoog debugniveau.\n" -" -k, --kill Poging tot doden van lopende tincd en " +" -k, --kill[=SIGNAAL] Poging tot zenden signaal naar lopende tincd en " "beëindig.\n" " -n, --net=NETNAAM Verbind met net NETNAAM.\n" -#: src/tincd.c:125 +#: src/tincd.c:104 msgid "" " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" " --help Display this help and exit.\n" @@ -873,13 +969,13 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:128 +#: src/tincd.c:107 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:171 +#: src/tincd.c:150 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" @@ -887,24 +983,24 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:232 +#: src/tincd.c:211 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:237 -msgid "Error during key generation!" -msgstr "Fout tijdens genereren sleutel!" +#: src/tincd.c:216 +msgid "Error during key generation!\n" +msgstr "Fout tijdens genereren sleutel!\n" -#: src/tincd.c:241 +#: src/tincd.c:220 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:248 +#: src/tincd.c:227 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:252 src/tincd.c:263 +#: src/tincd.c:231 src/tincd.c:242 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -912,21 +1008,21 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:259 +#: src/tincd.c:238 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:284 +#: src/tincd.c:263 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:313 +#: src/tincd.c:292 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:314 +#: src/tincd.c:293 msgid "" "Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -943,159 +1039,183 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:328 +#: src/tincd.c:307 msgid "You must be root to run this program.\n" msgstr "Je moet systeembeheerder zijn om dit programma te kunnen draaien.\n" -#: src/tincd.c:372 +#: src/tincd.c:348 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:377 +#: src/tincd.c:353 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/process.c:338 src/tincd.c:382 +#: src/process.c:340 src/tincd.c:358 msgid "Not restarting." msgstr "Geen herstart." -#: src/process.c:60 +#: src/process.c:62 #, c-format msgid "Memory exhausted (couldn't allocate %d bytes), exiting." msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." -#: src/process.c:88 +#: src/process.c:90 #, c-format msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" msgstr "" "Totaal aantal bytes geschreven: tap %d, socket %d; bytes read: tap %d, " "socket %d" -#: src/process.c:91 +#: src/process.c:93 msgid "Terminating" msgstr "Beëindigen" -#: src/process.c:107 +#: src/process.c:109 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd draait al voor net `%s' met pid %d.\n" -#: src/process.c:110 +#: src/process.c:112 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met pid %d.\n" -#: src/process.c:131 +#: src/process.c:133 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:133 +#: src/process.c:135 msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:140 +#: src/process.c:142 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:167 +#: src/process.c:169 #, c-format -msgid "Couldn't detach from terminal: %m" -msgstr "Kon niet ontkoppelen van terminal: %m" +msgid "Couldn't detach from terminal: %s" +msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:180 +#: src/process.c:182 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:183 +#: src/process.c:185 #, c-format msgid "tincd %s starting" msgstr "tincd %s wordt gestart" -#: src/process.c:247 +#: src/process.c:249 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:255 +#: src/process.c:257 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:263 +#: src/process.c:265 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:269 +#: src/process.c:271 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:294 +#: src/process.c:296 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:303 +#: src/process.c:305 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:310 +#: src/process.c:312 msgid "Got another SEGV signal: not restarting" msgstr "Kreeg nog een SEGV signaal: geen herstart" -#: src/process.c:319 +#: src/process.c:321 msgid "Got SEGV signal" msgstr "Kreeg SEGV signaal" -#: src/process.c:324 +#: src/process.c:326 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:347 +#: src/process.c:349 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:355 -msgid "Got INT signal, exiting" -msgstr "Kreeg INT signaal, beëindigen" +#: src/process.c:358 +#, c-format +msgid "Reverting to old debug level (%d)" +msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:374 src/process.c:383 +#: src/process.c:365 +#, c-format +msgid "" +"Temporarily setting debug level to 5. Kill me with SIGINT again to go back " +"to level %d." +msgstr "" +"Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " +"%d te herstellen." + +#: src/process.c:387 src/process.c:396 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:430 +#: src/process.c:443 #, c-format -msgid "Installing signal handler for signal %d (%s) failed: %m\n" -msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %m\n" +msgid "Installing signal handler for signal %d (%s) failed: %s\n" +msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" #: src/route.c:68 #, c-format msgid "Learned new MAC address %hhx:%hhx:%hhx:%hhx:%hhx:%hhx" msgstr "Nieuw MAC adres %hhx:%hhx:%hhx:%hhx:%hhx:%hhx geleerd" -#: src/route.c:118 +#: src/route.c:123 #, c-format msgid "Cannot route packet: unknown destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend doeladres %d.%d.%d.%d" -#: src/route.c:133 +#: src/route.c:138 msgid "Cannot route packet: IPv6 routing not yet implemented" msgstr "Kan pakket niet routeren: IPv6 routering nog niet geïmplementeerd" -#: src/route.c:167 +#: src/route.c:172 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:181 +#: src/route.c:186 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:233 +#: src/route.c:238 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" + +#~ msgid "Still failed to connect to other, will retry in %d seconds" +#~ msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" + +#~ msgid "Uplink %s (%s) is already in our connection list" +#~ msgstr "%s (%s) staat al in onze verbindingslijst" + +#~ msgid "Removing old entry for %s (%s) in favour of new connection" +#~ msgstr "" +#~ "Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe " +#~ "verbinding" + +#~ msgid "Got INT signal, exiting" +#~ msgstr "Kreeg INT signaal, beëindigen" From 49a2cd806c73cff1ab6a712a996c7f7d4e1f32c0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 9 Oct 2001 19:30:30 +0000 Subject: [PATCH 465/923] Started implementing doc/CONNECTIVITY. --- src/node.h | 47 +++++++++++++++++++++++++++++++++++++++++++++++ src/vertex.h | 41 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) create mode 100644 src/node.h create mode 100644 src/vertex.h diff --git a/src/node.h b/src/node.h new file mode 100644 index 00000000..815b793f --- /dev/null +++ b/src/node.h @@ -0,0 +1,47 @@ +/* + node.h -- header for node.c + Copyright (C) 2001 Guus Sliepen , + 2001 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: node.h,v 1.1.2.1 2001/10/09 19:30:30 guus Exp $ +*/ + +typedef struct node_t { + char *name; /* name of this connection */ + int protocol_version; /* used protocol */ + long int options; /* options turned on for this connection */ + + ipv4_t address; /* his real (internet) ip to send UDP packets to */ + short unsigned int port; /* port number of UDP connection */ + char *hostname; /* the hostname of its real ip */ + + status_bits_t status; /* status info */ + + EVP_CIPHER *cipher_pkttype; /* Cipher type for UDP packets */ + char *cipher_pktkey; /* Cipher key and iv */ + int cipher_pktkeylength; /* Cipher key and iv length*/ + + list_t *queue; /* Queue for packets awaiting to be encrypted */ + + struct node_t *nexthop; /* nearest meta-hop from us to him */ + struct node_t *prevhop; /* nearest meta-hop from him to us */ + struct node_t *via; /* next hop for UDP packets */ + + avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */ + + struct config_t *config; /* Pointer to configuration tree belonging to this node */ +} node_t; diff --git a/src/vertex.h b/src/vertex.h new file mode 100644 index 00000000..b5504d56 --- /dev/null +++ b/src/vertex.h @@ -0,0 +1,41 @@ +/* + vertex.h -- header for vertex.c + Copyright (C) 2001 Guus Sliepen , + 2001 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: vertex.h,v 1.1.2.1 2001/10/09 19:30:30 guus Exp $ +*/ + +typedef struct vertex_t { + struct halfconnection_t *from; + struct halfconnection_t *to; + long int options; /* options turned on for this connection */ +} vertex_t; + +typedef struct halfconnection_t { + struct node_t *node; + + ipv4_t address; /* his real (internet) ip to send UDP packets to */ + short unsigned int port; /* port number of UDP connection */ + char *hostname; /* the hostname of its real ip */ + + RSA *rsa_key; + EVP_CIPHER_CTX *ctx; + char *metakey; + char *pktkey; + char *challenge; +} halfconnection_t; From f22b9417510cca258785f8958c8dfed90e26d81b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 9 Oct 2001 19:37:10 +0000 Subject: [PATCH 466/923] Small corrections. --- src/node.h | 8 ++++---- src/vertex.h | 21 ++++++++++++--------- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/src/node.h b/src/node.h index 815b793f..f96c56e3 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.1 2001/10/09 19:30:30 guus Exp $ + $Id: node.h,v 1.1.2.2 2001/10/09 19:37:10 guus Exp $ */ typedef struct node_t { @@ -31,9 +31,9 @@ typedef struct node_t { status_bits_t status; /* status info */ - EVP_CIPHER *cipher_pkttype; /* Cipher type for UDP packets */ - char *cipher_pktkey; /* Cipher key and iv */ - int cipher_pktkeylength; /* Cipher key and iv length*/ + EVP_CIPHER *cipher; /* Cipher type for UDP packets */ + char *key; /* Cipher key and iv */ + int keylength; /* Cipher key and iv length*/ list_t *queue; /* Queue for packets awaiting to be encrypted */ diff --git a/src/vertex.h b/src/vertex.h index b5504d56..7425756d 100644 --- a/src/vertex.h +++ b/src/vertex.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: vertex.h,v 1.1.2.1 2001/10/09 19:30:30 guus Exp $ + $Id: vertex.h,v 1.1.2.2 2001/10/09 19:37:10 guus Exp $ */ typedef struct vertex_t { @@ -29,13 +29,16 @@ typedef struct vertex_t { typedef struct halfconnection_t { struct node_t *node; - ipv4_t address; /* his real (internet) ip to send UDP packets to */ - short unsigned int port; /* port number of UDP connection */ - char *hostname; /* the hostname of its real ip */ + ipv4_t address; /* real (internet) ip on this end of the meta connection */ + short unsigned int port; /* port number of this end of the meta connection */ + char *hostname; /* the hostname of real ip */ - RSA *rsa_key; - EVP_CIPHER_CTX *ctx; - char *metakey; - char *pktkey; - char *challenge; + /* Following bits only used when this is a connection with ourself. */ + + RSA *rsa_key; /* RSA key used for authentication */ + EVP_CIPHER *cipher; /* Cipher type for meta protocol */ + EVP_CIPHER_CTX *ctx; /* Cipher state for meta protocol */ + char *key; /* Cipher key + iv */ + int keylength; /* Cipher keylength */ + char *challenge; /* Challenge sent to this end */ } halfconnection_t; From 75e1ae3a287642ca4281792c94ecd07332f39c08 Mon Sep 17 00:00:00 2001 From: Wessel Dankers Date: Tue, 9 Oct 2001 19:41:56 +0000 Subject: [PATCH 467/923] make is not always GNU make. --- autogen.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/autogen.sh b/autogen.sh index 344fbfa0..c0083be9 100644 --- a/autogen.sh +++ b/autogen.sh @@ -4,6 +4,8 @@ DIE=0 +alias make=${MAKE:-make} + srcdir="`/bin/pwd`" (autoconf --version) < /dev/null > /dev/null 2>&1 || { From ec0c16b9b63f361b11a757ee1641d562e4811f93 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 10 Oct 2001 08:49:47 +0000 Subject: [PATCH 468/923] Further implementation of doc/CONNECTIVITY. connection.[ch] is now split into a node, vertex and connection part. --- src/connection.h | 68 +++++++--------------- src/node.c | 109 ++++++++++++++++++++++++++++++++++++ src/node.h | 12 +++- src/vertex.c | 143 +++++++++++++++++++++++++++++++++++++++++++++++ src/vertex.h | 33 ++++++----- 5 files changed, 304 insertions(+), 61 deletions(-) create mode 100644 src/node.c create mode 100644 src/vertex.c diff --git a/src/connection.h b/src/connection.h index a75769bb..c60562c2 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.13 2001/10/08 11:47:55 guus Exp $ + $Id: connection.h,v 1.1.2.14 2001/10/10 08:49:47 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -43,6 +43,9 @@ #include "net.h" #include "conf.h" +#include "node.h" +#include "vertex.h" + typedef struct status_bits_t { int pinged:1; /* sent ping */ int meta:1; /* meta connection exists */ @@ -63,66 +66,37 @@ typedef struct status_bits_t { #define OPTION_TCPONLY 0x0002 typedef struct connection_t { - char *name; /* name of this connection */ ipv4_t address; /* his real (internet) ip */ - short unsigned int meta_port; /* port number of meta connection */ + short unsigned int port; /* port number of meta connection */ char *hostname; /* the hostname of its real ip */ int protocol_version; /* used protocol */ - short unsigned int port; /* port number for UDP traffic */ - long int options; /* options turned on for this connection */ - int socket; /* our udp vpn socket */ - int meta_socket; /* our tcp meta socket */ + int socket; /* socket used for this connection */ status_bits_t status; /* status info */ - RSA *rsa_key; /* the public/private key */ - EVP_CIPHER_CTX *cipher_inctx; /* Context of encrypted meta data that will come from him to us */ - EVP_CIPHER_CTX *cipher_outctx; /* Context of encrypted meta data that will be sent from us to him */ - char *cipher_inkey; /* His symmetric meta key */ - char *cipher_outkey; /* Our symmetric meta key */ - EVP_CIPHER *cipher_pkttype; /* Cipher type for encrypted vpn packets */ - char *cipher_pktkey; /* Cipher key and iv */ - int cipher_pktkeylength; /* Cipher key and iv length*/ + struct node_t *node; /* node associated with the other end */ + struct vertex_t *vertex; /* vertex associated with this connection */ + + RSA *rsa_key; /* his public/private key */ + EVP_CIPHER *incipher; /* Cipher he will use to send data to us */ + EVP_CIPHER *outcipher; /* Cipher we will use to send data to him */ + EVP_CIPHER_CTX *inctx; /* Context of encrypted meta data that will come from him to us */ + EVP_CIPHER_CTX *outctx; /* Context of encrypted meta data that will be sent from us to him */ + char *inkey; /* His symmetric meta key + iv */ + char *outkey; /* Our symmetric meta key + iv */ + int inkeylength; /* Length of his key + iv */ + int outkeylength; /* Length of our key + iv */ + char *mychallenge; /* challenge we received from him */ + char *hischallenge; /* challenge we sent to him */ char *buffer; /* metadata input buffer */ int buflen; /* bytes read into buffer */ int tcplen; /* length of incoming TCPpacket */ int allow_request; /* defined if there's only one request possible */ - time_t last_ping_time; /* last time we saw some activity from the other end */ - - list_t *queue; /* Queue for packets awaiting to be encrypted */ - - char *mychallenge; /* challenge we received from him */ - char *hischallenge; /* challenge we sent to him */ - - struct connection_t *nexthop; /* nearest meta-hop from us to him */ - struct connection_t *prevhop; /* nearest meta-hop from him to us */ - struct connection_t *via; /* next hop for UDP packets */ - - avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this connection */ - - struct config_t *config; /* Pointer to configuration tree belonging to this host */ + time_t last_ping_time; /* last time we saw some activity from the other end */ } connection_t; extern avl_tree_t *connection_tree; -extern avl_tree_t *active_tree; -extern connection_t *myself; - -extern void init_connections(void); -extern connection_t *new_connection(void); -extern void free_connection(connection_t *); -extern void id_add(connection_t *); -extern void active_add(connection_t *); -extern void active_del(connection_t *); -extern void connection_add(connection_t *); -extern void connection_del(connection_t *); -extern void prune_add(connection_t *); -extern void prune_flush(void); -extern connection_t *lookup_id(char *); -extern connection_t *lookup_active(ipv4_t, short unsigned int); -extern void dump_connection_list(void); -extern int read_host_config(connection_t *); -extern void destroy_trees(void); #endif /* __TINC_CONNECTION_H__ */ diff --git a/src/node.c b/src/node.c new file mode 100644 index 00000000..d2553625 --- /dev/null +++ b/src/node.c @@ -0,0 +1,109 @@ +/* + node.c -- node tree management + Copyright (C) 2001 Guus Sliepen , + 2001 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: node.c,v 1.1.2.1 2001/10/10 08:49:47 guus Exp $ +*/ + +avl_tree_t *node_tree; /* Known nodes, sorted by name */ + +int node_compare(connection_t *a, connection_t *b) +{ + return strcmp(a->name, b->name); +} + +void init_nodes(void) +{ +cp + node_tree = avl_alloc_tree((avl_compare_t)node_compare, NULL); +cp +} + +void exit_nodes(void) +{ +cp + avl_delete_tree(node_tree); +cp +} + +node_t *new_node(void) +{ + node_t *n = (node_t *)xmalloc_and_zero(sizeof(*n)); +cp + n->subnet_tree = avl_alloc_tree((avl_compare_t)subnet_compare, NULL); + n->queue = list_alloc((list_action_t)free); +cp + return n; +} + +void free_node(node_t *n) +{ +cp + if(n->queue) + list_delete_list(n->queue); + if(n->name) + free(n->name); + if(n->hostname) + free(n->hostname); + if(n->key) + free(n->key); + if(n->config) + clear_config(&n->config); + free(n); +cp +} + +node_t *lookup_node(char *name) +{ + node_t n; +cp + n.name = name; + return avl_search(node_tree, &n); +} + + +int read_host_config(nodet *n) +{ + char *fname; + int x; +cp + asprintf(&fname, "%s/hosts/%s", confbase, n->name); + x = read_config_file(&n->config, fname); + free(fname); +cp + return x; +} + +void dump_nodes(void) +{ + avl_node_t *node; + node_t *n; +cp + syslog(LOG_DEBUG, _("Nodes:")); + + for(node = node_tree->head; node; node = node->next) + { + n = (connection_t *)node->data; + syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld sockets %d, %d status %04x"), + n->name, n->hostname, n->port, n->options, + n->socket, n->meta_socket, n->status); + } + + syslog(LOG_DEBUG, _("End of nodes.")); +cp +} diff --git a/src/node.h b/src/node.h index f96c56e3..e6b28d29 100644 --- a/src/node.h +++ b/src/node.h @@ -17,9 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.2 2001/10/09 19:37:10 guus Exp $ + $Id: node.h,v 1.1.2.3 2001/10/10 08:49:47 guus Exp $ */ +#ifndef __TINC_NODE_H__ +#define __TINC_NODE_H__ + +#include + typedef struct node_t { char *name; /* name of this connection */ int protocol_version; /* used protocol */ @@ -45,3 +50,8 @@ typedef struct node_t { struct config_t *config; /* Pointer to configuration tree belonging to this node */ } node_t; + +struct node_t *myself; +extern avl_tree_t *node_tree; + +#endif /* __TINC_NODE_H__ */ diff --git a/src/vertex.c b/src/vertex.c new file mode 100644 index 00000000..54da8720 --- /dev/null +++ b/src/vertex.c @@ -0,0 +1,143 @@ +/* + vertex.c -- vertex tree management + Copyright (C) 2000,2001 Guus Sliepen , + 2000,2001 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: vertex.c,v 1.1.2.1 2001/10/10 08:49:47 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include + +#include +#include + +#include "net.h" /* Don't ask. */ +#include "netutl.h" +#include "config.h" +#include "conf.h" +#include +#include "subnet.h" + +#include "xalloc.h" +#include "system.h" + +avl_tree_t *vertex_tree; /* Tree with all known vertices (replaces active_tree) */ +avl_tree_t *connection_tree; /* Tree with all meta connections with ourself */ + +int connection_compare(connection_t *a, connection_t *b) +{ + return a->meta_socket - b->meta_socket; +} + +int vertex_compare(vertex_t *a, vertex_t *b) +{ + int result; + + result = strcmp(a->from->name, b->from->name); + + if(result) + return result; + else + return strcmp(a->to->name, b->to->name); +} + +/* Evil vertex_compare() from a parallel universe ;) + +int vertex_compare(vertex_t *a, vertex_t *b) +{ + int result; + + return (result = strcmp(a->from->name, b->from->name)) || (result = strcmp(a->to->name, b->to->name)), result; +} + +*/ + +void init_vertices(void) +{ +cp + vertex_tree = avl_alloc_tree((avl_compare_t)vertex_compare, NULL); +cp +} + +void exit_vertices(void) +{ +cp + avl_delete_tree(vertex_tree); +cp +} + +/* Creation and deletion of connection elements */ + +vertex_t *new_vertex(void) +{ +cp + vertex_t *v = (vertex_t *)xmalloc_and_zero(sizeof(*v)); +cp + return v; +} + +void free_vertex(vertex_t *v) +{ +cp + if(v->from.hostname) + free(v->from.hostname) + if(v->to.hostname) + free(v->to.hostname) + + free(v); +cp +} + +vertex_t *lookup_vertex(node_t *from, node_t *to) +{ + vertex_t v, *result; +cp + v.from.node = from; + v.to.node = to; + + result = avl_search(vertex_tree, &v); + + if(result) + return result; +cp + v.from.node = to; + v.to.node = from; + + return avl_search(vertex_tree, &v); +} + +void dump_vertices(void) +{ + avl_node_t *node; + vertex_t *v; +cp + syslog(LOG_DEBUG, _("Vertices:")); + + for(node = vertex_tree->head; node; node = node->next) + { + v = (vertex_t *)node->data; + syslog(LOG_DEBUG, _(" %s - %s options %ld"), + v->from.node->name, v->to.node->name, v->options); + } + + syslog(LOG_DEBUG, _("End of vertices.")); +cp +} diff --git a/src/vertex.h b/src/vertex.h index 7425756d..9490f481 100644 --- a/src/vertex.h +++ b/src/vertex.h @@ -17,28 +17,35 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: vertex.h,v 1.1.2.2 2001/10/09 19:37:10 guus Exp $ + $Id: vertex.h,v 1.1.2.3 2001/10/10 08:49:47 guus Exp $ */ +#ifndef __TINC_VERTEX_H__ +#define __TINC_VERTEX_H__ + +#include + +#include "node.h" +#include "connection.h" + typedef struct vertex_t { - struct halfconnection_t *from; - struct halfconnection_t *to; + struct halfconnection_t from; + struct halfconnection_t to; + long int options; /* options turned on for this connection */ + int metric; /* weight of this vertex */ + + struct connection_t *connection; /* connection associated with this vertex, if available */ } vertex_t; typedef struct halfconnection_t { - struct node_t *node; + struct node_t *node; /* node associated with this end of the connection */ ipv4_t address; /* real (internet) ip on this end of the meta connection */ short unsigned int port; /* port number of this end of the meta connection */ char *hostname; /* the hostname of real ip */ - - /* Following bits only used when this is a connection with ourself. */ - - RSA *rsa_key; /* RSA key used for authentication */ - EVP_CIPHER *cipher; /* Cipher type for meta protocol */ - EVP_CIPHER_CTX *ctx; /* Cipher state for meta protocol */ - char *key; /* Cipher key + iv */ - int keylength; /* Cipher keylength */ - char *challenge; /* Challenge sent to this end */ } halfconnection_t; + +extern avl_tree_t *vertex_tree; /* Tree with all known vertices (replaces active_tree) */ + +#endif /* __TINC_VERTEX_H__ */ From 5904806dc80830d4eddca857a41db2fc25598201 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 10 Oct 2001 09:42:29 +0000 Subject: [PATCH 469/923] Removed everything from connection.c that has already been moved to node.c and vertex.c. --- src/connection.c | 225 +++++++++-------------------------------------- src/connection.h | 4 +- 2 files changed, 44 insertions(+), 185 deletions(-) diff --git a/src/connection.c b/src/connection.c index 186a60b1..f01b2e7a 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.17 2001/10/08 11:47:55 guus Exp $ + $Id: connection.c,v 1.1.2.18 2001/10/10 09:42:29 guus Exp $ */ #include "config.h" @@ -39,232 +39,91 @@ #include "xalloc.h" #include "system.h" -/* Root of the connection list */ - avl_tree_t *connection_tree; /* Meta connections */ -avl_tree_t *active_tree; /* Activated hosts, sorted by address and port */ -avl_tree_t *id_tree; /* Activated hosts, sorted by name */ -avl_tree_t *prune_tree; /* connection_t structures which have to be freed */ - -/* Pointer to connection describing myself */ - -connection_t *myself = NULL; - -/* Initialization and callbacks */ int connection_compare(connection_t *a, connection_t *b) { - return a->meta_socket - b->meta_socket; -} - -int active_compare(connection_t *a, connection_t *b) -{ - ipv4_t result; - - result = a->address - b->address; - if(result) - return result; - else - return a->port - b->port; -} - -int id_compare(connection_t *a, connection_t *b) -{ - return strcmp(a->name, b->name); -} - -int prune_compare(connection_t *a, connection_t *b) -{ - if(a < b) - return -1; - else if(a > b) - return 1; - else - return 0; + return a->socket - b->socket; } void init_connections(void) { +cp connection_tree = avl_alloc_tree((avl_compare_t)connection_compare, NULL); - active_tree = avl_alloc_tree((avl_compare_t)active_compare, NULL); - id_tree = avl_alloc_tree((avl_compare_t)id_compare, NULL); - prune_tree = avl_alloc_tree((avl_compare_t)prune_compare, (avl_action_t)free_connection); +cp } -/* Creation and deletion of connection elements */ +void exit_connection(void) +{ +cp + avl_delete_tree(connection_tree); +cp +} connection_t *new_connection(void) { - connection_t *p = (connection_t *)xmalloc_and_zero(sizeof(*p)); cp - p->subnet_tree = avl_alloc_tree((avl_compare_t)subnet_compare, NULL); - p->queue = list_alloc((list_action_t)free); -cp - return p; + return (connection_t *)xmalloc_and_zero(sizeof(*c)); } -void free_connection(connection_t *p) +void free_connection(connection_t *c) { cp - if(p->queue) - list_delete_list(p->queue); - if(p->name) - free(p->name); - if(p->hostname) - free(p->hostname); - if(p->rsa_key) - RSA_free(p->rsa_key); - if(p->cipher_pktkey) - free(p->cipher_pktkey); - if(p->buffer) - free(p->buffer); - if(p->config) - clear_config(&p->config); - free(p); + if(c->hostname) + free(c->hostname); + if(c->rsa_key) + RSA_free(c->rsa_key); + if(c->inpktkey) + free(c->inpktkey); + if(c->outpktkey) + free(c->outpktkey); + if(c->mychallenge) + free(c->mychallenge); + if(c->hischallenge) + free(c->hischallenge); + free(c); cp } -/* - Free all trees. -*/ -void destroy_trees(void) +void connection_add(connection_t *c) { cp - avl_delete_tree(id_tree); - avl_delete_tree(active_tree); - avl_delete_tree(connection_tree); - avl_delete_tree(prune_tree); + avl_insert(connection_tree, c); cp } -/* Connection management */ - -void connection_add(connection_t *cl) +void connection_del(connection_t *c) { cp - avl_insert(connection_tree, cl); + avl_delete(connection_tree, c); cp } -void connection_del(connection_t *cl) +connection_t *lookup_connection(ipv4_t address, short unsigned int port) { + connection_t c; cp - active_del(cl); + c.address = address; + c.port = port; - if(cl->status.meta) - avl_delete(connection_tree, cl); -cp + return avl_search(connection_tree, &c); } -void active_add(connection_t *cl) -{ -cp - avl_insert(active_tree, cl); - avl_insert(id_tree, cl); - cl->status.active = 1; -cp -} - -void active_del(connection_t *cl) -{ -cp - if(cl->status.active) - { - avl_delete(id_tree, cl); - avl_delete(active_tree, cl); - } -cp -} - -void id_add(connection_t *cl) -{ -cp - avl_insert(id_tree, cl); -cp -} - -void prune_add(connection_t *cl) -{ -cp - avl_insert(prune_tree, cl); -cp -} - -void prune_flush(void) -{ - avl_node_t *node, *next; -cp - for(node = prune_tree->head; node; node = next) - { - next = node->next; - avl_delete_node(prune_tree, node); - } -cp -} - -/* Lookup functions */ - -connection_t *lookup_active(ipv4_t address, short unsigned int port) -{ - connection_t cl; -cp - cl.address = address; - cl.port = port; - - return avl_search(active_tree, &cl); -} - -connection_t *lookup_id(char *name) -{ - connection_t cl, *p; -cp - cl.name = name; - p = avl_search(id_tree, &cl); - if(p) - return p; - else - return NULL; -} - -/* Debugging */ - -void dump_connection_list(void) +void dump_connections(void) { avl_node_t *node; - connection_t *cl; + connection_t *c; cp - syslog(LOG_DEBUG, _("Connection list:")); + syslog(LOG_DEBUG, _("Connections:")); for(node = connection_tree->head; node; node = node->next) { - cl = (connection_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld sockets %d, %d status %04x"), - cl->name, cl->hostname, cl->port, cl->options, - cl->socket, cl->meta_socket, cl->status); + c = (connection_t *)node->data; + syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld socket %d status %04x"), + c->node->name, c->hostname, c->port, c->options, + cl->socket, c->status); } - syslog(LOG_DEBUG, _("Known hosts:")); - - for(node = id_tree->head; node; node = node->next) - { - cl = (connection_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld sockets %d, %d status %04x nexthop %s prevhop %s via %s"), - cl->name, cl->hostname, cl->port, cl->options, - cl->socket, cl->meta_socket, cl->status, cl->nexthop->name, cl->prevhop->name, cl->via->name); - } - - syslog(LOG_DEBUG, _("End of connection list.")); + syslog(LOG_DEBUG, _("End of connections.")); cp } - -int read_host_config(connection_t *cl) -{ - char *fname; - int x; -cp - asprintf(&fname, "%s/hosts/%s", confbase, cl->name); - x = read_config_file(&cl->config, fname); - free(fname); -cp - return x; -} diff --git a/src/connection.h b/src/connection.h index c60562c2..9d38263a 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.14 2001/10/10 08:49:47 guus Exp $ + $Id: connection.h,v 1.1.2.15 2001/10/10 09:42:29 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -89,7 +89,7 @@ typedef struct connection_t { char *mychallenge; /* challenge we received from him */ char *hischallenge; /* challenge we sent to him */ - char *buffer; /* metadata input buffer */ + char buffer[MAXBUFSIZE]; /* metadata input buffer */ int buflen; /* bytes read into buffer */ int tcplen; /* length of incoming TCPpacket */ int allow_request; /* defined if there's only one request possible */ From ea607d2d9292d3969f9d164b432dc64a33c2dade Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 10 Oct 2001 20:34:27 +0000 Subject: [PATCH 470/923] Revamp configuration handling: - Store everything in AVL trees (fast lookup) - No need for hazahaza anymore - Parse values when needed - This simplifies a lot of config variable lookups. --- src/conf.c | 325 +++++++++++++++++++++++++++++------------------------ src/conf.h | 86 ++++---------- 2 files changed, 199 insertions(+), 212 deletions(-) diff --git a/src/conf.c b/src/conf.c index cf999cbe..1ac01c31 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.43 2001/09/01 12:46:49 guus Exp $ + $Id: conf.c,v 1.9.4.44 2001/10/10 20:34:27 guus Exp $ */ #include "config.h" @@ -39,13 +39,15 @@ #include #include /* for cp */ +#include #include "conf.h" #include "netutl.h" /* for strtoip */ #include "system.h" -config_t *config = NULL; +avl_tree_t *config_tree; + int debug_lvl = 0; int timeout = 0; /* seconds before timeout */ char *confbase = NULL; /* directory in which all config files are */ @@ -54,90 +56,168 @@ char *netname = NULL; /* name of the vpn network */ /* Will be set if HUP signal is received. It will be processed when it is safe. */ int sighup = 0; -/* - These are all the possible configurable values -*/ -static internal_config_t hazahaza[] = { -/* Main configuration file keywords */ - { "ConnectTo", config_connectto, TYPE_NAME }, - { "Hostnames", config_hostnames, TYPE_BOOL }, - { "Interface", config_interface, TYPE_NAME }, - { "InterfaceIP", config_interfaceip, TYPE_IP }, - { "KeyExpire", config_keyexpire, TYPE_INT }, - { "MyVirtualIP", config_dummy, TYPE_IP }, - { "MyOwnVPNIP", config_dummy, TYPE_IP }, - { "Name", config_name, TYPE_NAME }, - { "PingTimeout", config_pingtimeout, TYPE_INT }, - { "PrivateKey", config_privatekey, TYPE_NAME }, - { "PrivateKeyFile", config_privatekeyfile, TYPE_NAME }, - { "TapDevice", config_tapdevice, TYPE_NAME }, - { "VpnMask", config_dummy, TYPE_IP }, -/* Host configuration file keywords */ - { "Address", config_address, TYPE_NAME }, - { "IndirectData", config_indirectdata, TYPE_BOOL }, - { "Port", config_port, TYPE_INT }, - { "PublicKey", config_publickey, TYPE_NAME }, - { "PublicKeyFile", config_publickeyfile, TYPE_NAME }, - { "RestrictAddress", config_restrictaddress, TYPE_BOOL }, - { "RestrictHosts", config_restricthosts, TYPE_BOOL }, - { "RestrictPort", config_restrictport, TYPE_BOOL }, - { "RestrictSubnets", config_restrictsubnets, TYPE_BOOL }, - { "Subnet", config_subnet, TYPE_IP }, /* Use IPv4 subnets only for now */ - { "TCPonly", config_tcponly, TYPE_BOOL }, - { "Mode", config_mode, TYPE_NAME }, - { NULL, 0, 0 } -}; - -/* - Add given value to the list of configs cfg -*/ -config_t * -add_config_val(config_t **cfg, int argtype, char *val) +int config_compare(config_t *a, config_t *b) { - config_t *p; - char *q; -cp - p = (config_t*)xmalloc(sizeof(*p)); - p->data.val = 0; + int result; + + result = strcmp(a->variable, b->variable); + + if(result) + return result; - switch(argtype) - { - case TYPE_INT: - p->data.val = strtol(val, &q, 0); - if(q && *q) - p->data.val = 0; - break; - case TYPE_NAME: - p->data.ptr = xmalloc(strlen(val) + 1); - strcpy(p->data.ptr, val); - break; - case TYPE_IP: - p->data.ip = strtoip(val); - break; - case TYPE_BOOL: - if(!strcasecmp("yes", val)) - p->data.val = stupid_true; - else if(!strcasecmp("no", val)) - p->data.val = stupid_false; - else - p->data.val = 0; - } - - p->argtype = argtype; - - if(p->data.val) - { - p->next = *cfg; - *cfg = p; -cp - return p; - } + result = a->line - b->line; + + if(result) + return result; else - { - free(p); + return strcmp(a->file, b->file); +} + +void init_configuration(avl_tree_t **config_tree) +{ cp - return NULL; + *config_tree = avl_alloc_tree((avl_compare_t)config_compare, (avl_action_t)free_config); +cp +} + +void exit_configuration(avl_tree_t **config_tree) +{ +cp + avl_delete_tree(*config_tree); + *config_tree = NULL; +cp +} + +config_t *new_config(void) +{ + config_t *cfg; +cp + cfg = (config_t *)xmalloc_and_zero(sizeof(*cfg)); + + return cfg; +} + +void free_config(config_t *cfg) +{ +cp + if(cfg->variable) + free(cfg->variable); + if(cfg->value) + free(cfg->value); + if(cfg->file) + free(cfg->file); + free(cfg); +cp +} + +void config_add(avl_tree_t *config_tree, config_t *cfg) +{ +cp + avl_insert(config_tree, cfg); +cp +} + +config_t *lookup_config(avl_tree_t *config_tree, char *variable) +{ + config_t cfg, *found; +cp + cfg.variable = variable; + cfg.file = ""; + cfg.line = 0; + + found = avl_search_closest_greater(config_tree, &cfg); + + if(!strcmp(found->variable, variable)) + return found; + else + return NULL; +} + +config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg) +{ + avl_node_t *node; + config_t *found; +cp + node = avl_search_node(config_tree, cfg); + + if(node) + { + if(node->next) + { + found = (config_t *)node->next->data; + if(!strcmp(found->variable, cfg->variable)) + return found; + } } + + return NULL; +} + +int get_config_bool(config_t *cfg, int *result) +{ +cp + if(!cfg) + return 0; + + if(!strcasecmp(cfg->value, "yes")) + { + *result = 1; + return 1; + } + else if(!strcasecmp(cfg->value, "np")) + { + *result = 0; + return 1; + } + + syslog(LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"), + cfg->value, cfg->file, cfg->line); + + return 0; +} + +int get_config_int(config_t *cfg, int *result) +{ +cp + if(!cfg) + return 0; + + if(sscanf(cfg->value, "%d", result) == 1) + return 1; + + syslog(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), + cfg->value, cfg->file, cfg->line); + return 0; +} + +int get_config_string(config_t *cfg, char **result) +{ +cp + if(!cfg) + return 0; + + *result = cfg->value; + return 1; +} + +int get_config_ip(config_t *cfg, ip_mask_t **result) +{ + ip_mask_t *ip; +cp + if(!cfg) + return 0; + + ip = strtoip(cfg->value); + + if(ip) + { + *result = ip; + return 1; + } + + syslog(LOG_ERR, _("IP address expected for configuration variable %s in %s line %d"), + cfg->value, cfg->file, cfg->line); + return 0; } /* @@ -224,13 +304,13 @@ char *readline(FILE *fp, char **buf, size_t *buflen) Parse a configuration file and put the results in the configuration tree starting at *base. */ -int read_config_file(config_t **base, const char *fname) +int read_config_file(avl_tree_t *config_tree, const char *fname) { int err = -2; /* Parse error */ FILE *fp; char *buffer, *line; - char *p, *q; - int i, lineno = 0, ignore = 0; + char *variable, *value; + int lineno = 0, ignore = 0; config_t *cfg; size_t bufsize; @@ -246,7 +326,6 @@ cp for(;;) { - if((line = readline(fp, &buffer, &bufsize)) == NULL) { err = -1; @@ -261,49 +340,34 @@ cp lineno++; - if((p = strtok(line, "\t =")) == NULL) + if((variable = strtok(line, "\t =")) == NULL) continue; /* no tokens on this line */ - if(p[0] == '#') + if(variable[0] == '#') continue; /* comment: ignore */ - if(!strcmp(p, "-----BEGIN")) + if(!strcmp(variable, "-----BEGIN")) ignore = 1; - if(ignore == 0) + if(!ignore) { - for(i = 0; hazahaza[i].name != NULL; i++) - if(!strcasecmp(hazahaza[i].name, p)) - break; - - if(!hazahaza[i].name) - { - syslog(LOG_ERR, _("Invalid variable name `%s' on line %d while reading config file %s"), - p, lineno, fname); - break; - } - - if(((q = strtok(NULL, "\t\n\r =")) == NULL) || q[0] == '#') + if(((value = strtok(NULL, "\t\n\r =")) == NULL) || value[0] == '#') { syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), - hazahaza[i].name, lineno, fname); + variable, lineno, fname); break; } - cfg = add_config_val(base, hazahaza[i].argtype, q); - if(cfg == NULL) - { - syslog(LOG_ERR, _("Invalid value for variable `%s' on line %d while reading config file %s"), - hazahaza[i].name, lineno, fname); - break; - } + cfg = new_config(); + cfg->variable = xstrdup(variable); + cfg->value = xstrdup(value); + cfg->file = xstrdup(fname); + cfg->line = lineno; - cfg->which = hazahaza[i].which; - if(!config) - config = cfg; + config_add(config_tree, cfg); } - if(!strcmp(p, "-----END")) + if(!strcmp(variable, "-----END")) ignore = 0; } @@ -319,7 +383,7 @@ int read_server_config() int x; cp asprintf(&fname, "%s/tinc.conf", confbase); - x = read_config_file(&config, fname); + x = read_config_file(config_tree, fname); if(x == -1) /* System error: complain */ { syslog(LOG_ERR, _("Failed to read `%s': %m"), @@ -330,39 +394,6 @@ cp return x; } -/* - Look up the value of the config option type -*/ -const config_t *get_config_val(config_t const *p, which_t type) -{ -cp - for(; p != NULL; p = p->next) - if(p->which == type) - break; -cp - return p; -} - -/* - Remove the complete configuration tree. -*/ -void clear_config(config_t **base) -{ - config_t *p, *next; -cp - for(p = *base; p != NULL; p = next) - { - next = p->next; - if(p->data.ptr && (p->argtype == TYPE_NAME)) - { - free(p->data.ptr); - } - free(p); - } - *base = NULL; -cp -} - int isadir(const char* f) { struct stat s; diff --git a/src/conf.h b/src/conf.h index de93f72e..ca32a489 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,88 +17,44 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.26 2001/09/01 12:46:49 guus Exp $ + $Id: conf.h,v 1.6.4.27 2001/10/10 20:34:27 guus Exp $ */ #ifndef __TINC_CONF_H__ #define __TINC_CONF_H__ +#include #include "net.h" -#define MAXTIMEOUT 900 /* Maximum timeout value for retries. Should this be a configuration option? */ - -typedef struct ip_mask_t { - ipv4_t address; - ipv4_t mask; -} ip_mask_t; - -typedef enum which_t { - config_dummy = 0, - config_name = 1, - config_connectto, - config_pingtimeout, - config_tapdevice, - config_privatekey, - config_privatekeyfile, - config_keyexpire, - config_hostnames, - config_interface, - config_interfaceip, - config_address, - config_port, - config_publickey, - config_publickeyfile, - config_subnet, - config_restricthosts, - config_restrictsubnets, - config_restrictaddress, - config_restrictport, - config_indirectdata, - config_tcponly, - config_mode, -} which_t; - typedef struct config_t { - struct config_t *next; - which_t which; - int argtype; - union data { - long val; - char *ptr; - ip_mask_t *ip; - struct config_t *next; /* For nested configs! */ - } data; + char *variable; + char *value; + char *file; + int line; } config_t; -typedef struct internal_config_t { - char *name; - enum which_t which; - int argtype; -} internal_config_t; +extern avl_tree_t *config_tree; -enum { - stupid_false = 1, - stupid_true -}; - -enum { - TYPE_NAME = 1, - TYPE_INT, - TYPE_IP, - TYPE_BOOL -}; - -extern config_t *config; extern int debug_lvl; extern int timeout; +extern int maxtimeout; extern int sighup; extern char *confbase; extern char *netname; -extern config_t *add_config_val(config_t **, int, char *); -extern int read_config_file(config_t **, const char *); -extern const config_t *get_config_val(config_t const *, which_t type); -extern void clear_config(); +extern void init_configuration(avl_tree_t **); +extern void exit_configuration(avl_tree_t **); +extern config_t *new_config(void); +extern void free_config(config_t *); +extern void config_add(avl_tree_t *, config_t *); +extern config_t *config_lookup(avl_tree_t *, char *); +extern config_t *config_lookup_next(avl_tree_t *, config_t *); +extern int get_config_bool(config_t *, int *); +extern int get_config_int(config_t *, int *); +extern int get_config_string(config_t *, char **); +extern int get_config_ip(config_t *, ip_mask_t **); + +extern int read_config_file(avl_tree_t *, const char *); extern int read_server_config(void); extern FILE *ask_and_safe_open(const char*, const char*, const char *); extern int is_safe_path(const char *); From 0bbace18e96cd6fc32dfa23ffd55f73ff96e8c6f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 10 Oct 2001 20:35:10 +0000 Subject: [PATCH 471/923] More updates to new node/vertex/connection combo. --- src/connection.c | 14 +++++++------- src/connection.h | 3 ++- src/node.h | 4 +--- src/vertex.h | 18 +++++++++--------- 4 files changed, 19 insertions(+), 20 deletions(-) diff --git a/src/connection.c b/src/connection.c index f01b2e7a..d606e9c3 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.18 2001/10/10 09:42:29 guus Exp $ + $Id: connection.c,v 1.1.2.19 2001/10/10 20:35:10 guus Exp $ */ #include "config.h" @@ -63,7 +63,7 @@ cp connection_t *new_connection(void) { cp - return (connection_t *)xmalloc_and_zero(sizeof(*c)); + return (connection_t *)xmalloc_and_zero(sizeof(connection_t)); } void free_connection(connection_t *c) @@ -73,10 +73,10 @@ cp free(c->hostname); if(c->rsa_key) RSA_free(c->rsa_key); - if(c->inpktkey) - free(c->inpktkey); - if(c->outpktkey) - free(c->outpktkey); + if(c->inkey) + free(c->inkey); + if(c->outkey) + free(c->outkey); if(c->mychallenge) free(c->mychallenge); if(c->hischallenge) @@ -121,7 +121,7 @@ cp c = (connection_t *)node->data; syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld socket %d status %04x"), c->node->name, c->hostname, c->port, c->options, - cl->socket, c->status); + c->socket, c->status); } syslog(LOG_DEBUG, _("End of connections.")); diff --git a/src/connection.h b/src/connection.h index 9d38263a..9a35461f 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.15 2001/10/10 09:42:29 guus Exp $ + $Id: connection.h,v 1.1.2.16 2001/10/10 20:35:10 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -72,6 +72,7 @@ typedef struct connection_t { int protocol_version; /* used protocol */ int socket; /* socket used for this connection */ + long int options; /* options for this connection */ status_bits_t status; /* status info */ struct node_t *node; /* node associated with the other end */ diff --git a/src/node.h b/src/node.h index e6b28d29..16bdb7c0 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.3 2001/10/10 08:49:47 guus Exp $ + $Id: node.h,v 1.1.2.4 2001/10/10 20:35:10 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -34,8 +34,6 @@ typedef struct node_t { short unsigned int port; /* port number of UDP connection */ char *hostname; /* the hostname of its real ip */ - status_bits_t status; /* status info */ - EVP_CIPHER *cipher; /* Cipher type for UDP packets */ char *key; /* Cipher key and iv */ int keylength; /* Cipher key and iv length*/ diff --git a/src/vertex.h b/src/vertex.h index 9490f481..9b1ef2b9 100644 --- a/src/vertex.h +++ b/src/vertex.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: vertex.h,v 1.1.2.3 2001/10/10 08:49:47 guus Exp $ + $Id: vertex.h,v 1.1.2.4 2001/10/10 20:35:10 guus Exp $ */ #ifndef __TINC_VERTEX_H__ @@ -28,6 +28,14 @@ #include "node.h" #include "connection.h" +typedef struct halfconnection_t { + struct node_t *node; /* node associated with this end of the connection */ + + ipv4_t address; /* real (internet) ip on this end of the meta connection */ + short unsigned int port; /* port number of this end of the meta connection */ + char *hostname; /* the hostname of real ip */ +} halfconnection_t; + typedef struct vertex_t { struct halfconnection_t from; struct halfconnection_t to; @@ -38,14 +46,6 @@ typedef struct vertex_t { struct connection_t *connection; /* connection associated with this vertex, if available */ } vertex_t; -typedef struct halfconnection_t { - struct node_t *node; /* node associated with this end of the connection */ - - ipv4_t address; /* real (internet) ip on this end of the meta connection */ - short unsigned int port; /* port number of this end of the meta connection */ - char *hostname; /* the hostname of real ip */ -} halfconnection_t; - extern avl_tree_t *vertex_tree; /* Tree with all known vertices (replaces active_tree) */ #endif /* __TINC_VERTEX_H__ */ From ec34f25228d7a0007ce6bcb1e97f263868e9129d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 12 Oct 2001 15:16:03 +0000 Subject: [PATCH 472/923] - Split tap device stuff out of net.[ch] - Each OS gets it's own device.c to get rid of evil #ifdefs. - Cleaned up Linux ethertap and tun/tap handling. --- src/device.h | 32 ++++++++ src/linux/device.c | 179 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 211 insertions(+) create mode 100644 src/device.h create mode 100644 src/linux/device.c diff --git a/src/device.h b/src/device.h new file mode 100644 index 00000000..a8b65ccb --- /dev/null +++ b/src/device.h @@ -0,0 +1,32 @@ +/* + net.h -- generic header for device.c + Copyright (C) 2001 Ivo Timmermans + 2001 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.h,v 1.1.2.1 2001/10/12 15:16:03 guus Exp $ +*/ + +#ifndef __TINC_DEVICE_H__ +#define __TINC_DEVICE_H__ + +extern void setup_device(void); +extern void close_device(void); +extern vpn_packet_t *read_packet(void); +extern void write_packet(vpn_packet_t *); +extern void dump_device_stats(void); + +#endif __TINC_DEVICE_H__ diff --git a/src/linux/device.c b/src/linux/device.c new file mode 100644 index 00000000..a3bc2bb3 --- /dev/null +++ b/src/linux/device.c @@ -0,0 +1,179 @@ +/* + device.c -- Interaction with Linux ethertap and tun/tap device + Copyright (C) 2001 Ivo Timmermans , + 2001 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.1.2.1 2001/10/12 15:16:03 guus Exp $ +*/ + +#ifdef HAVE_TUNTAP + #ifdef LINUX_IF_TUN_H + #include LINUX_IF_TUN_H + #else + #include + #endif + #define DEFAULT_DEVICE "/dev/misc/net/tun" +#else + #define DEFAULT_DEVICE "/dev/tap0" +#endif + +#define DEVICE_TYPE_ETHERTAP 0 +#define DEVICE_TYPE_TUNTAP 1 + +int device_fd = -1; +int device_type; +char *device_fname; +char *device_info; + +int device_total_in = 0; +int device_total_out = 0; + +/* + open the local ethertap device +*/ +int setup_device(void) +{ + struct ifreq ifr; + +cp + if(!get_config_string(lookup_config(config_tree, "Device"), &device_fname))) + device_fname = DEFAULT_DEVICE; + +cp + if((device_fd = open(device_fname, O_RDWR | O_NONBLOCK)) < 0) + { + syslog(LOG_ERR, _("Could not open %s: %m"), device_fname); + return -1; + } +cp + device_fd = device_fd; + + /* Set default MAC address for ethertap devices */ + + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; + +#ifdef HAVE_TUNTAP + /* Ok now check if this is an old ethertap or a new tun/tap thingie */ + + memset(&ifr, 0, sizeof(ifr)); +cp + ifr.ifr_flags = IFF_TAP | IFF_NO_PI; + if (netname) + strncpy(ifr.ifr_name, netname, IFNAMSIZ); +cp + if (!ioctl(device_fd, TUNSETIFF, (void *) &ifr)) + { + device_info = _("Linux tun/tap device"); + device_type = DEVICE_TYPE_TUNTAP; + } + else + if (!ioctl(device_fd, (('T'<< 8) | 202), (void *) &ifr)) + { + syslog(LOG_WARNING, _("Old ioctl() request was needed for %s"), device_fname); + device_type = TAP_TYPE_TUNTAP; + device_info = _("Linux tun/tap device"); + } + else +#endif + { + device_info = _("Linux ethertap device"); + device_type = TAP_TYPE_ETHERTAP; + } + + syslog(LOG_INFO, _("%s is a %s"), device_fname, device_info); +cp + return 0; +} + +/* + read, encrypt and send data that is + available through the ethertap device +*/ +int read_packet(vpn_packet_t *packet) +{ + int lenin; +cp + if(device_type == DEVICE_TYPE_TUNTAP) + { + if((lenin = read(device_fd, packet->data, MTU)) <= 0) + { + syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device_fname); + return -1; + } + + packet->len = lenin; + } + else /* ethertap */ + { + struct iovec vector[2] = {{packet->len, 2}, {packet->data, MTU}}; + + if((lenin = readv(device_fd, vector, 2)) <= 0) + { + syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device_fname); + return -1; + } + + packet->len = lenin - 2; + } +#endif + + device_total_in += packet->len; + + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), device_info, packet.len); + } + + return 0; +cp +} + +int write_packet(vpn_packet_t *packet) +{ +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + if(device_type == DEVICE_TYPE_TUNTAP) + { + if(write(device_fd, packet->data, packet->len) < 0) + { + syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, packet.len); + return -1; + } + } + else/* ethertap */ + { + struct iovec vector[2] = {{packet->len, 2}, {packet->data, MTU}}; + + if(writev(device_fd, vector, 2) < 0) + { + syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, packet.len); + return -1; + } + } + + device_total_out += packet->len; +cp +} From 623c7ee0308aede8eada552d6ae33710ae24d176 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 12 Oct 2001 15:22:59 +0000 Subject: [PATCH 473/923] Added FreeBSD tap device handling. --- src/freebsd/device.c | 111 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 src/freebsd/device.c diff --git a/src/freebsd/device.c b/src/freebsd/device.c new file mode 100644 index 00000000..b11bab93 --- /dev/null +++ b/src/freebsd/device.c @@ -0,0 +1,111 @@ +/* + device.c -- Interaction with FreeBSD tap device + Copyright (C) 2001 Ivo Timmermans , + 2001 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.1.2.1 2001/10/12 15:22:59 guus Exp $ +*/ + +#define DEFAULT_DEVICE "/dev/tap0" + +int device_fd = -1; +int device_type; +char *device_fname; +char *device_info; + +int device_total_in = 0; +int device_total_out = 0; + +* + open the local ethertap device +*/ +int setup_device(void) +{ + struct ifreq ifr; + +cp + if(!get_config_string(lookup_config(config_tree, "Device"), &device_fname))) + device_fname = DEFAULT_DEVICE; + +cp + if((device_fd = open(device_fname, O_RDWR | O_NONBLOCK)) < 0) + { + syslog(LOG_ERR, _("Could not open %s: %m"), device_fname); + return -1; + } +cp + device_fd = device_fd; + + /* Set default MAC address for ethertap devices */ + + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; + + device_info = _("FreeBSD tap device"); + + syslog(LOG_INFO, _("%s is a %s"), device_fname, device_info); +cp + return 0; +} + +/* + read, encrypt and send data that is + available through the ethertap device +*/ +int read_packet(vpn_packet_t *packet) +{ + int lenin; +cp + if((lenin = read(device_fd, packet->data, MTU)) <= 0) + { + syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device_fname); + return -1; + } + + packet->len = lenin; + + device_total_in += packet->len; + + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), + packet->len, device_info); + + return 0; +cp +} + +int write_packet(vpn_packet_t *packet) +{ +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + if(write(device_fd, packet->data, packet->len) < 0) + { + syslog(LOG_ERR, _("Error while writing to %s %s: %m"), device_info, device_fname); + return -1; + } + + device_total_out += packet->len; +cp +} From 6014c7e6374089bfccea7467c2c7f4b23fefa265 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 12 Oct 2001 15:33:21 +0000 Subject: [PATCH 474/923] Solaris tun device handling cleaned up a bit and added. --- src/solaris/device.c | 165 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 165 insertions(+) create mode 100644 src/solaris/device.c diff --git a/src/solaris/device.c b/src/solaris/device.c new file mode 100644 index 00000000..725dad64 --- /dev/null +++ b/src/solaris/device.c @@ -0,0 +1,165 @@ +/* + device.c -- Interaction with Solaris tun device + Copyright (C) 2001 Ivo Timmermans , + 2001 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.1.2.1 2001/10/12 15:33:21 guus Exp $ +*/ + +#include +#include +#include + +#define DEFAULT_DEVICE "/dev/tun" + +int device_fd = -1; +int device_type; +char *device_fname; +char *device_info; + +int device_total_in = 0; +int device_total_out = 0; + +int setup_device(void) +{ + int ip_fd = -1, if_fd = -1; + int ppa; + char *ptr; + +cp + if(!get_config_string(lookup_config(config_tree, "Device"), &device_fname))) + device_fname = DEFAULT_DEVICE; + +cp + if((device_fd = open(device_fname, O_RDWR | O_NONBLOCK)) < 0) + { + syslog(LOG_ERR, _("Could not open %s: %m"), device_fname); + return -1; + } +cp + ppa = 0; + + ptr = fname; + while(*ptr && !isdigit((int)*ptr)) ptr++; + ppa = atoi(ptr); + + if( (ip_fd = open("/dev/ip", O_RDWR, 0)) < 0){ + syslog(LOG_ERR, _("Could not open /dev/ip: %m")); + return -1; + } + + /* Assign a new PPA and get its unit number. */ + if( (ppa = ioctl(fd, TUNNEWPPA, ppa)) < 0){ + syslog(LOG_ERR, _("Can't assign new interface: %m")); + return -1; + } + + if( (if_fd = open(fname, O_RDWR, 0)) < 0){ + syslog(LOG_ERR, _("Could not open %s twice: %m"), fname); + return -1; + } + + if(ioctl(if_fd, I_PUSH, "ip") < 0){ + syslog(LOG_ERR, _("Can't push IP module: %m")); + return -1; + } + + /* Assign ppa according to the unit number returned by tun device */ + if(ioctl(if_fd, IF_UNITSEL, (char *)&ppa) < 0){ + syslog(LOG_ERR, _("Can't set PPA %d: %m"), ppa); + return -1; + } + + if(ioctl(ip_fd, I_LINK, if_fd) < 0){ + syslog(LOG_ERR, _("Can't link TUN device to IP: %m")); + return -1; + } + + device_info = _("Solaris tun device"); + + /* Set default MAC address for ethertap devices */ + + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; + + syslog(LOG_INFO, _("%s is a %s"), device_fname, device_info); +cp + return 0; +} + +#ifdef HAVE_SOLARIS + if((lenin = read(tap_fd, vp.data + 14, MTU)) <= 0) + { + syslog(LOG_ERR, _("Error while reading from tun device: %m")); + return; + } + memcpy(vp.data, mymac.net.mac.address.x, 6); + memcpy(vp.data + 6, mymac.net.mac.address.x, 6); + vp.data[12] = 0x08; + vp.data[13] = 0x00; + vp.len = lenin + 14; +#else + +int read_packet(vpn_packet_t *packet) +{ + int lenin; +cp + if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) + { + syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device_fname); + return -1; + } + + memcpy(vp->data, mymac.net.mac.address.x, 6); + memcpy(vp->data + 6, mymac.net.mac.address.x, 6); + vp->data[12] = 0x08; + vp->data[13] = 0x00; + + packet->len = lenin + 14; + + device_total_in += packet->len; + + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), device_info, packet.len); + } + + return 0; +cp +} + +int write_packet(vpn_packet_t *packet) +{ +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + if(write(device_fd, packet->data + 14, packet->len - 14) < 0) + { + syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, packet.len); + return -1; + } + + device_total_out += packet->len; +cp +} From 0c6321a67f92981d3adbaf4f5c2b9867c7968964 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 12 Oct 2001 15:38:35 +0000 Subject: [PATCH 475/923] Forgot to remove some old #ifdef stuff. --- src/solaris/device.c | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/src/solaris/device.c b/src/solaris/device.c index 725dad64..6f2d868e 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.1 2001/10/12 15:33:21 guus Exp $ + $Id: device.c,v 1.1.2.2 2001/10/12 15:38:35 guus Exp $ */ #include @@ -106,19 +106,6 @@ cp return 0; } -#ifdef HAVE_SOLARIS - if((lenin = read(tap_fd, vp.data + 14, MTU)) <= 0) - { - syslog(LOG_ERR, _("Error while reading from tun device: %m")); - return; - } - memcpy(vp.data, mymac.net.mac.address.x, 6); - memcpy(vp.data + 6, mymac.net.mac.address.x, 6); - vp.data[12] = 0x08; - vp.data[13] = 0x00; - vp.len = lenin + 14; -#else - int read_packet(vpn_packet_t *packet) { int lenin; From ad61c20f42d2bee5cc7976bec4370cf4747b42c3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 12 Oct 2001 15:49:11 +0000 Subject: [PATCH 476/923] Added OpenBSD tun device handling. Untested though. --- src/openbsd/device.c | 113 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 src/openbsd/device.c diff --git a/src/openbsd/device.c b/src/openbsd/device.c new file mode 100644 index 00000000..badb459b --- /dev/null +++ b/src/openbsd/device.c @@ -0,0 +1,113 @@ +/* + device.c -- Interaction with OpenBSD tun device + Copyright (C) 2001 Ivo Timmermans , + 2001 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.1.2.1 2001/10/12 15:49:11 guus Exp $ +*/ + +#define DEFAULT_DEVICE "/dev/tun0" + +#define DEVICE_TYPE_ETHERTAP 0 +#define DEVICE_TYPE_TUNTAP 1 + +int device_fd = -1; +int device_type; +char *device_fname; +char *device_info; + +int device_total_in = 0; +int device_total_out = 0; + +/* + open the local ethertap device +*/ +int setup_device(void) +{ + if(!get_config_string(lookup_config(config_tree, "Device"), &device_fname))) + device_fname = DEFAULT_DEVICE; + +cp + if((device_fd = open(device_fname, O_RDWR | O_NONBLOCK)) < 0) + { + syslog(LOG_ERR, _("Could not open %s: %m"), device_fname); + return -1; + } +cp + /* Set default MAC address for ethertap devices */ + + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; + + device_info = _("OpenBSD tun device"); + + syslog(LOG_INFO, _("%s is a %s"), device_fname, device_info); +cp + return 0; +} + +int read_packet(vpn_packet_t *packet) +{ + int lenin; + u_int32_t type; +cp + struct iovec vector[2] = {{&type, sizeof(type)}, {packet->data, MTU}}; + + if((lenin = readv(device_fd, vector, 2)) <= 0) + { + syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device_fname); + return -1; + } + + packet->len = lenin - sizeof(type); + + device_total_in += packet->len; + + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), device_info, packet.len); + } + + return 0; +cp +} + +int write_packet(vpn_packet_t *packet) +{ + u_int32_t type = htonl(AF_INET); +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + + struct iovec vector[2] = {{&type, sizeof(type)}, {packet->data, MTU}}; + + if(writev(device_fd, vector, 2) < 0) + { + syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, packet.len); + return -1; + } + + device_total_out += packet->len; +cp +} From 26e517dd37e995fe9db518f7ebeff023fc73ff1b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 12 Oct 2001 15:52:03 +0000 Subject: [PATCH 477/923] Forgot the tun specific stuff. --- src/openbsd/device.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/openbsd/device.c b/src/openbsd/device.c index badb459b..45840010 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.1 2001/10/12 15:49:11 guus Exp $ + $Id: device.c,v 1.1.2.2 2001/10/12 15:52:03 guus Exp $ */ #define DEFAULT_DEVICE "/dev/tun0" @@ -70,7 +70,7 @@ int read_packet(vpn_packet_t *packet) int lenin; u_int32_t type; cp - struct iovec vector[2] = {{&type, sizeof(type)}, {packet->data, MTU}}; + struct iovec vector[2] = {{&type, sizeof(type)}, {packet->data + 14, MTU - 14}}; if((lenin = readv(device_fd, vector, 2)) <= 0) { @@ -78,7 +78,12 @@ cp return -1; } - packet->len = lenin - sizeof(type); + memcpy(vp->data, mymac.net.mac.address.x, 6); + memcpy(vp->data + 6, mymac.net.mac.address.x, 6); + vp->data[12] = 0x08; + vp->data[13] = 0x00; + + packet->len = lenin + 10; device_total_in += packet->len; @@ -100,7 +105,7 @@ cp packet->len, device_info); - struct iovec vector[2] = {{&type, sizeof(type)}, {packet->data, MTU}}; + struct iovec vector[2] = {{&type, sizeof(type)}, {packet->data + 14, packet->len - 14}}; if(writev(device_fd, vector, 2) < 0) { From 1935c44a1e8ab7c31c836f90215e3c5b5f8dd776 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 13 Oct 2001 13:53:07 +0000 Subject: [PATCH 478/923] Support new files (node/vertex/device.[ch]) and OpenBSD. --- acconfig.h | 3 +++ configure.in | 9 ++++++++- src/Makefile.am | 10 +++++----- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/acconfig.h b/acconfig.h index 7bb8efe1..aa078c92 100644 --- a/acconfig.h +++ b/acconfig.h @@ -50,6 +50,9 @@ /* FreeBSD */ #undef HAVE_FREEBSD +/* OpenBSD */ +#undef HAVE_OPENBSD + /* Solaris */ #undef HAVE_SOLARIS diff --git a/configure.in b/configure.in index 1ca2f79b..c0db8d59 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.34 2001/06/29 10:27:57 guus Exp $ +dnl $Id: configure.in,v 1.13.2.35 2001/10/13 13:53:07 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -36,12 +36,19 @@ AC_CANONICAL_HOST case $host_os in *linux*) AC_DEFINE(HAVE_LINUX) + [ ln -sf linux/device.c src/device.c ] ;; *freebsd*) AC_DEFINE(HAVE_FREEBSD) + [ ln -sf freebsd/device.c src/device.c ] ;; *solaris*) AC_DEFINE(HAVE_SOLARIS) + [ ln -sf solaris/device.c src/device.c ] + ;; + *openbsd*) + AC_DEFINE(HAVE_OPENBSD) + [ ln -sf openbsd/device.c src/device.c ] ;; esac diff --git a/src/Makefile.am b/src/Makefile.am index 73b40de9..862f7329 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,15 +1,15 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.13 2001/03/04 13:59:25 guus Exp $ +# $Id: Makefile.am,v 1.4.4.14 2001/10/13 13:53:07 guus Exp $ sbin_PROGRAMS = tincd -tincd_SOURCES = conf.c connection.c meta.c net.c netutl.c process.c \ - protocol.c route.c subnet.c tincd.c +tincd_SOURCES = conf.c connection.c device.c meta.c net.c netutl.c node.c process.c \ + protocol.c route.c subnet.c tincd.c vertex.c INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl -noinst_HEADERS = conf.h connection.h meta.h net.h netutl.h process.h \ - protocol.h route.h subnet.h +noinst_HEADERS = conf.h connection.h device.h meta.h net.h netutl.h node.h process.h \ + protocol.h route.h subnet.h vertex.h LIBS = @LIBS@ @INTLLIBS@ From 82e383710980534d38bb9a8ef22f20677cd85861 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 27 Oct 2001 12:13:17 +0000 Subject: [PATCH 479/923] Big bad commit: - Transition to new node/vertex/connection structures - Use new configuration handling everywhere - Linux tun/tap device handling cleanup - Start of IPv6 support in route.c It compiles, but it won't link. --- src/conf.c | 55 +- src/conf.h | 12 +- src/connection.c | 18 +- src/connection.h | 34 +- src/device.h | 10 +- src/linux/device.c | 43 +- src/meta.c | 82 +-- src/net.c | 1081 ++++++++++++++------------------------ src/net.h | 44 +- src/netutl.c | 10 +- src/netutl.h | 3 +- src/node.c | 70 ++- src/node.h | 39 +- src/process.c | 6 +- src/protocol.c | 1226 ++++++++++++++++++++++---------------------- src/protocol.h | 25 +- src/route.c | 55 +- src/route.h | 5 +- src/subnet.c | 99 ++-- src/subnet.h | 17 +- src/tincd.c | 14 +- src/vertex.c | 33 +- src/vertex.h | 17 +- 23 files changed, 1402 insertions(+), 1596 deletions(-) diff --git a/src/conf.c b/src/conf.c index 1ac01c31..bd546c6b 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.44 2001/10/10 20:34:27 guus Exp $ + $Id: conf.c,v 1.9.4.45 2001/10/27 12:13:17 guus Exp $ */ #include "config.h" @@ -220,6 +220,59 @@ cp return 0; } +int get_config_port(config_t *cfg, port_t *result) +{ +cp + if(!cfg) + return 0; + + if(sscanf(cfg->value, "%hu", result) == 1) + return 1; + + syslog(LOG_ERR, _("Port number expected for configuration variable %s in %s line %d"), + cfg->value, cfg->file, cfg->line); + return 0; +} + +int get_config_subnet(config_t *cfg, subnet_t **result) +{ + ip_mask_t *ip; + subnet_t *subnet; +cp + if(!cfg) + return 0; + + ip = strtoip(cfg->value); + + if(!ip) + { + syslog(LOG_ERR, _("IP address expected for configuration variable %s in %s line %d"), + cfg->value, cfg->file, cfg->line); + return 0; + } + + /* Teach newbies what subnets are... */ + + if((subnet->net.ipv4.address & subnet->net.ipv4.mask) != subnet->net.ipv4.address) + { + syslog(LOG_ERR, _("Network address and subnet mask for configuration variable %s in %s line %d"), + cfg->value, cfg->file, cfg->line); + free(ip); + return -1; + } + + subnet = new_subnet(); + subnet->type = SUBNET_IPV4; + subnet->net.ipv4.address = ip->address; + subnet->net.ipv4.mask = ip->mask; + + free(ip); + + *result = subnet; + + return 1; +} + /* Read exactly one line and strip the trailing newline if any. If the file was on EOF, return NULL. Otherwise, return all the data in a diff --git a/src/conf.h b/src/conf.h index ca32a489..9136efa7 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.27 2001/10/10 20:34:27 guus Exp $ + $Id: conf.h,v 1.6.4.28 2001/10/27 12:13:17 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -25,6 +25,7 @@ #include #include "net.h" +#include "subnet.h" typedef struct config_t { char *variable; @@ -47,12 +48,15 @@ extern void exit_configuration(avl_tree_t **); extern config_t *new_config(void); extern void free_config(config_t *); extern void config_add(avl_tree_t *, config_t *); -extern config_t *config_lookup(avl_tree_t *, char *); -extern config_t *config_lookup_next(avl_tree_t *, config_t *); +extern config_t *lookup_config(avl_tree_t *, char *); +extern config_t *lookup_config_next(avl_tree_t *, config_t *); extern int get_config_bool(config_t *, int *); extern int get_config_int(config_t *, int *); +extern int get_config_port(config_t *, port_t *); extern int get_config_string(config_t *, char **); -extern int get_config_ip(config_t *, ip_mask_t **); +extern int get_config_ip(config_t *, struct ip_mask_t **); +struct subnet_t; /* Needed for next line. */ +extern int get_config_subnet(config_t *, struct subnet_t **); extern int read_config_file(avl_tree_t *, const char *); extern int read_server_config(void); diff --git a/src/connection.c b/src/connection.c index d606e9c3..a86faa9c 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.19 2001/10/10 20:35:10 guus Exp $ + $Id: connection.c,v 1.1.2.20 2001/10/27 12:13:17 guus Exp $ */ #include "config.h" @@ -71,8 +71,6 @@ void free_connection(connection_t *c) cp if(c->hostname) free(c->hostname); - if(c->rsa_key) - RSA_free(c->rsa_key); if(c->inkey) free(c->inkey); if(c->outkey) @@ -120,10 +118,22 @@ cp { c = (connection_t *)node->data; syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld socket %d status %04x"), - c->node->name, c->hostname, c->port, c->options, + c->name, c->hostname, c->port, c->options, c->socket, c->status); } syslog(LOG_DEBUG, _("End of connections.")); cp } + +int read_connection_config(connection_t *c) +{ + char *fname; + int x; +cp + asprintf(&fname, "%s/hosts/%s", confbase, c->name); + x = read_config_file(c->config_tree, fname); + free(fname); +cp + return x; +} diff --git a/src/connection.h b/src/connection.h index 9a35461f..b32e329c 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.16 2001/10/10 20:35:10 guus Exp $ + $Id: connection.h,v 1.1.2.17 2001/10/27 12:13:17 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -26,8 +26,6 @@ #include #include -#include "config.h" - #ifdef HAVE_OPENSSL_EVP_H # include #else @@ -46,26 +44,24 @@ #include "node.h" #include "vertex.h" -typedef struct status_bits_t { +#define OPTION_INDIRECT 0x0001 +#define OPTION_TCPONLY 0x0002 + +typedef struct connection_status_t { int pinged:1; /* sent ping */ - int meta:1; /* meta connection exists */ int active:1; /* 1 if active.. */ int outgoing:1; /* I myself asked for this conn */ int termreq:1; /* the termination of this connection was requested */ int remove:1; /* Set to 1 if you want this connection removed */ int timeout:1; /* 1 if gotten timeout */ - int validkey:1; /* 1 if we currently have a valid key for him */ - int waitingforkey:1; /* 1 if we already sent out a request */ - int dataopen:1; /* 1 if we have a valid UDP connection open */ int encryptout:1; /* 1 if we can encrypt outgoing traffic */ int decryptin:1; /* 1 if we have to decrypt incoming traffic */ int unused:18; -} status_bits_t; - -#define OPTION_INDIRECT 0x0001 -#define OPTION_TCPONLY 0x0002 +} connection_status_t; typedef struct connection_t { + char *name; /* name he claims to have */ + ipv4_t address; /* his real (internet) ip */ short unsigned int port; /* port number of meta connection */ char *hostname; /* the hostname of its real ip */ @@ -73,7 +69,7 @@ typedef struct connection_t { int socket; /* socket used for this connection */ long int options; /* options for this connection */ - status_bits_t status; /* status info */ + struct connection_status_t status; /* status info */ struct node_t *node; /* node associated with the other end */ struct vertex_t *vertex; /* vertex associated with this connection */ @@ -96,8 +92,20 @@ typedef struct connection_t { int allow_request; /* defined if there's only one request possible */ time_t last_ping_time; /* last time we saw some activity from the other end */ + + avl_tree_t *config_tree; /* Pointer to configuration tree belonging to him */ } connection_t; extern avl_tree_t *connection_tree; +extern void init_connections(void); +extern void exit_connection(void); +extern connection_t *new_connection(void); +extern void free_connection(connection_t *); +extern void connection_add(connection_t *); +extern void connection_del(connection_t *); +extern connection_t *lookup_connection(ipv4_t, short unsigned int); +extern void dump_connections(void); +extern int read_connection_config(connection_t *); + #endif /* __TINC_CONNECTION_H__ */ diff --git a/src/device.h b/src/device.h index a8b65ccb..dded47ad 100644 --- a/src/device.h +++ b/src/device.h @@ -17,16 +17,18 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.h,v 1.1.2.1 2001/10/12 15:16:03 guus Exp $ + $Id: device.h,v 1.1.2.2 2001/10/27 12:13:17 guus Exp $ */ #ifndef __TINC_DEVICE_H__ #define __TINC_DEVICE_H__ -extern void setup_device(void); +extern int device_fd; + +extern int setup_device(void); extern void close_device(void); extern vpn_packet_t *read_packet(void); -extern void write_packet(vpn_packet_t *); +extern int write_packet(vpn_packet_t *); extern void dump_device_stats(void); -#endif __TINC_DEVICE_H__ +#endif /* __TINC_DEVICE_H__ */ diff --git a/src/linux/device.c b/src/linux/device.c index a3bc2bb3..c82a820e 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,9 +17,21 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.1 2001/10/12 15:16:03 guus Exp $ + $Id: device.c,v 1.1.2.2 2001/10/27 12:13:17 guus Exp $ */ +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + #ifdef HAVE_TUNTAP #ifdef LINUX_IF_TUN_H #include LINUX_IF_TUN_H @@ -31,6 +43,13 @@ #define DEFAULT_DEVICE "/dev/tap0" #endif +#include +#include "conf.h" +#include "net.h" +#include "subnet.h" + +#include "system.h" + #define DEVICE_TYPE_ETHERTAP 0 #define DEVICE_TYPE_TUNTAP 1 @@ -42,6 +61,8 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; +subnet_t mymac; + /* open the local ethertap device */ @@ -50,7 +71,7 @@ int setup_device(void) struct ifreq ifr; cp - if(!get_config_string(lookup_config(config_tree, "Device"), &device_fname))) + if(!get_config_string(lookup_config(config_tree, "Device"), &device_fname)) device_fname = DEFAULT_DEVICE; cp @@ -60,8 +81,6 @@ cp return -1; } cp - device_fd = device_fd; - /* Set default MAC address for ethertap devices */ mymac.type = SUBNET_MAC; @@ -90,14 +109,14 @@ cp if (!ioctl(device_fd, (('T'<< 8) | 202), (void *) &ifr)) { syslog(LOG_WARNING, _("Old ioctl() request was needed for %s"), device_fname); - device_type = TAP_TYPE_TUNTAP; + device_type = DEVICE_TYPE_TUNTAP; device_info = _("Linux tun/tap device"); } else #endif { device_info = _("Linux ethertap device"); - device_type = TAP_TYPE_ETHERTAP; + device_type = DEVICE_TYPE_ETHERTAP; } syslog(LOG_INFO, _("%s is a %s"), device_fname, device_info); @@ -125,7 +144,7 @@ cp } else /* ethertap */ { - struct iovec vector[2] = {{packet->len, 2}, {packet->data, MTU}}; + struct iovec vector[2] = {{&packet->len, 2}, {packet->data, MTU}}; if((lenin = readv(device_fd, vector, 2)) <= 0) { @@ -135,13 +154,12 @@ cp packet->len = lenin - 2; } -#endif device_total_in += packet->len; if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), device_info, packet.len); + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); } return 0; @@ -159,21 +177,22 @@ cp { if(write(device_fd, packet->data, packet->len) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, packet.len); + syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, device_fname); return -1; } } else/* ethertap */ { - struct iovec vector[2] = {{packet->len, 2}, {packet->data, MTU}}; + struct iovec vector[2] = {{&packet->len, 2}, {packet->data, MTU}}; if(writev(device_fd, vector, 2) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, packet.len); + syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, device_fname); return -1; } } device_total_out += packet->len; cp + return 0; } diff --git a/src/meta.c b/src/meta.c index e4ebb426..786d56af 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.20 2001/07/20 13:54:19 guus Exp $ + $Id: meta.c,v 1.1.2.21 2001/10/27 12:13:17 guus Exp $ */ #include "config.h" @@ -39,7 +39,7 @@ #include "system.h" #include "protocol.h" -int send_meta(connection_t *cl, char *buffer, int length) +int send_meta(connection_t *c, char *buffer, int length) { char *bufp; int outlen; @@ -47,41 +47,41 @@ int send_meta(connection_t *cl, char *buffer, int length) cp if(debug_lvl >= DEBUG_META) syslog(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s)"), length, - cl->name, cl->hostname); + c->name, c->hostname); - if(cl->status.encryptout) + if(c->status.encryptout) { - EVP_EncryptUpdate(cl->cipher_outctx, outbuf, &outlen, buffer, length); + EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length); bufp = outbuf; length = outlen; } else bufp = buffer; - if(write(cl->meta_socket, bufp, length) < 0) + if(write(c->socket, bufp, length) < 0) { - syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %m"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %m"), c->name, c->hostname); return -1; } cp return 0; } -void broadcast_meta(connection_t *cl, char *buffer, int length) +void broadcast_meta(connection_t *from, char *buffer, int length) { avl_node_t *node; - connection_t *p; + connection_t *c; cp for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)node->data; - if(p != cl && p->status.active) - send_meta(p, buffer, length); + c = (connection_t *)node->data; + if(c != from && c->status.active) + send_meta(c, buffer, length); } cp } -int receive_meta(connection_t *cl) +int receive_meta(connection_t *c) { int x, l = sizeof(x); int oldlen, i; @@ -89,16 +89,16 @@ int receive_meta(connection_t *cl) int decrypted = 0; char inbuf[MAXBUFSIZE]; cp - if(getsockopt(cl->meta_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) + if(getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, cl->meta_socket, - cl->name, cl->hostname); + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, c->socket, + c->name, c->hostname); return -1; } if(x) { syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), - cl->name, cl->hostname, strerror(x)); + c->name, c->hostname, strerror(x)); return -1; } @@ -111,7 +111,7 @@ cp - If not, keep stuff in buffer and exit. */ - lenin = read(cl->meta_socket, cl->buffer + cl->buflen, MAXBUFSIZE - cl->buflen); + lenin = read(c->socket, c->buffer + c->buflen, MAXBUFSIZE - c->buflen); if(lenin<=0) { @@ -119,45 +119,45 @@ cp { if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), - cl->name, cl->hostname); + c->name, c->hostname); } else if(errno==EINTR) return 0; else syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"), - cl->name, cl->hostname); + c->name, c->hostname); return -1; } - oldlen = cl->buflen; - cl->buflen += lenin; + oldlen = c->buflen; + c->buflen += lenin; while(lenin) { /* Decrypt */ - if(cl->status.decryptin && !decrypted) + if(c->status.decryptin && !decrypted) { - EVP_DecryptUpdate(cl->cipher_inctx, inbuf, &lenin, cl->buffer + oldlen, lenin); - memcpy(cl->buffer + oldlen, inbuf, lenin); + EVP_DecryptUpdate(c->inctx, inbuf, &lenin, c->buffer + oldlen, lenin); + memcpy(c->buffer + oldlen, inbuf, lenin); decrypted = 1; } /* Are we receiving a TCPpacket? */ - if(cl->tcplen) + if(c->tcplen) { - if(cl->tcplen <= cl->buflen) + if(c->tcplen <= c->buflen) { - receive_tcppacket(cl, cl->buffer, cl->tcplen); + receive_tcppacket(c, c->buffer, c->tcplen); - cl->buflen -= cl->tcplen; - lenin -= cl->tcplen; - memmove(cl->buffer, cl->buffer + cl->tcplen, cl->buflen); + c->buflen -= c->tcplen; + lenin -= c->tcplen; + memmove(c->buffer, c->buffer + c->tcplen, c->buflen); oldlen = 0; - cl->tcplen = 0; + c->tcplen = 0; continue; } else @@ -170,11 +170,11 @@ cp reqlen = 0; - for(i = oldlen; i < cl->buflen; i++) + for(i = oldlen; i < c->buflen; i++) { - if(cl->buffer[i] == '\n') + if(c->buffer[i] == '\n') { - cl->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ + c->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ reqlen = i + 1; break; } @@ -182,12 +182,12 @@ cp if(reqlen) { - if(receive_request(cl)) + if(receive_request(c)) return -1; - cl->buflen -= reqlen; + c->buflen -= reqlen; lenin -= reqlen; - memmove(cl->buffer, cl->buffer + reqlen, cl->buflen); + memmove(c->buffer, c->buffer + reqlen, c->buflen); oldlen = 0; continue; } @@ -197,14 +197,14 @@ cp } } - if(cl->buflen >= MAXBUFSIZE) + if(c->buflen >= MAXBUFSIZE) { syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), - cl->name, cl->hostname); + c->name, c->hostname); return -1; } - cl->last_ping_time = time(NULL); + c->last_ping_time = time(NULL); cp return 0; } diff --git a/src/net.c b/src/net.c index e96ae51a..c0c8e66f 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.136 2001/10/08 13:37:30 guus Exp $ + $Id: net.c,v 1.35.4.137 2001/10/27 12:13:17 guus Exp $ */ #include "config.h" @@ -53,24 +53,6 @@ #define RAND_pseudo_bytes RAND_bytes #endif -#ifdef HAVE_TUNTAP - #ifdef HAVE_LINUX - #ifdef LINUX_IF_TUN_H - #include LINUX_IF_TUN_H - #else - #include - #endif - #else - #include - #endif -#endif - -#ifdef HAVE_SOLARIS - #include - #include - #include -#endif - #include #include #include @@ -86,22 +68,59 @@ #include "subnet.h" #include "process.h" #include "route.h" +#include "device.h" #include "system.h" -int tap_fd = -1; -int taptype = TAP_TYPE_ETHERTAP; -int total_tap_in = 0; -int total_tap_out = 0; -int total_socket_in = 0; -int total_socket_out = 0; - int seconds_till_retry = 5; +int tcp_socket = -1; +int udp_socket = -1; int keylifetime = 0; int keyexpires = 0; -void send_udppacket(connection_t *cl, vpn_packet_t *inpkt) +/* VPN packet I/O */ + +void receive_udppacket(node_t *n, vpn_packet_t *inpkt) +{ + vpn_packet_t outpkt; + int outlen, outpad; + EVP_CIPHER_CTX ctx; +cp + /* Decrypt the packet */ + + EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len); + EVP_DecryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len); + EVP_DecryptFinal(&ctx, outpkt.salt + outlen, &outpad); + outlen += outpad; + outpkt.len = outlen - sizeof(outpkt.salt); + + receive_packet(n, &outpkt); +cp +} + +void receive_tcppacket(connection_t *c, char *buffer, int len) +{ + vpn_packet_t outpkt; +cp + outpkt.len = len; + memcpy(outpkt.data, buffer, len); + + receive_packet(c->node, &outpkt); +cp +} + +void receive_packet(node_t *n, vpn_packet_t *packet) +{ +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, n->name, n->hostname); + + route_incoming(n, packet); +cp +} + +void send_udppacket(node_t *n, vpn_packet_t *inpkt) { vpn_packet_t outpkt; int outlen, outpad; @@ -110,11 +129,11 @@ void send_udppacket(connection_t *cl, vpn_packet_t *inpkt) socklen_t tolen = sizeof(to); vpn_packet_t *copy; cp - if(!cl->status.validkey) + if(!n->status.validkey) { if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), - cl->name, cl->hostname); + n->name, n->hostname); /* Since packet is on the stack of handle_tap_input(), we have to make a copy of it first. */ @@ -122,10 +141,10 @@ cp copy = xmalloc(sizeof(vpn_packet_t)); memcpy(copy, inpkt, sizeof(vpn_packet_t)); - list_insert_tail(cl->queue, copy); + list_insert_tail(n->queue, copy); - if(!cl->status.waitingforkey) - send_req_key(myself, cl); + if(!n->status.waitingforkey) + send_req_key(n->nexthop->connection, myself, n); return; } @@ -133,110 +152,35 @@ cp RAND_pseudo_bytes(inpkt->salt, sizeof(inpkt->salt)); - EVP_EncryptInit(&ctx, cl->cipher_pkttype, cl->cipher_pktkey, cl->cipher_pktkey + cl->cipher_pkttype->key_len); + EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt)); EVP_EncryptFinal(&ctx, outpkt.salt + outlen, &outpad); outlen += outpad; - total_socket_out += outlen; - to.sin_family = AF_INET; - to.sin_addr.s_addr = htonl(cl->address); - to.sin_port = htons(cl->port); + to.sin_addr.s_addr = htonl(n->address); + to.sin_port = htons(n->port); - if((sendto(myself->socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) + if((sendto(socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), - cl->name, cl->hostname); + n->name, n->hostname); return; } cp } -void receive_packet(connection_t *cl, vpn_packet_t *packet) -{ -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, cl->name, cl->hostname); - - route_incoming(cl, packet); -cp -} - -void receive_udppacket(connection_t *cl, vpn_packet_t *inpkt) -{ - vpn_packet_t outpkt; - int outlen, outpad; - EVP_CIPHER_CTX ctx; -cp - /* Decrypt the packet */ - - EVP_DecryptInit(&ctx, myself->cipher_pkttype, myself->cipher_pktkey, myself->cipher_pktkey + myself->cipher_pkttype->key_len); - EVP_DecryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len); - EVP_DecryptFinal(&ctx, outpkt.salt + outlen, &outpad); - outlen += outpad; - outpkt.len = outlen - sizeof(outpkt.salt); - - total_socket_in += outlen; - - receive_packet(cl, &outpkt); -cp -} - -void receive_tcppacket(connection_t *cl, char *buffer, int len) -{ - vpn_packet_t outpkt; -cp - outpkt.len = len; - memcpy(outpkt.data, buffer, len); - - receive_packet(cl, &outpkt); -cp -} - -void accept_packet(vpn_packet_t *packet) -{ -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to tap device"), - packet->len); - -#ifdef HAVE_SOLARIS - if(write(tap_fd, packet->data + 14, packet->len - 14) < 0) - syslog(LOG_ERR, _("Can't write to tun/tap device: %m")); - else - total_tap_out += packet->len; -#else - if(taptype == TAP_TYPE_TUNTAP) - { - if(write(tap_fd, packet->data, packet->len) < 0) - syslog(LOG_ERR, _("Can't write to tun/tap device: %m")); - else - total_tap_out += packet->len; - } - else /* ethertap */ - { - if(write(tap_fd, packet->data - 2, packet->len + 2) < 0) - syslog(LOG_ERR, _("Can't write to ethertap device: %m")); - else - total_tap_out += packet->len; - } -#endif -cp -} - /* send a packet to the given vpn ip. */ -void send_packet(connection_t *cl, vpn_packet_t *packet) +void send_packet(node_t *n, vpn_packet_t *packet) { - connection_t *via; cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), - packet->len, cl->name, cl->hostname); + packet->len, n->name, n->hostname); - if(cl == myself) + if(n == myself) { if(debug_lvl >= DEBUG_TRAFFIC) { @@ -246,39 +190,40 @@ cp return; } - if(!cl->status.active) + if(!n->status.active) { if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("%s (%s) is not active, dropping packet"), - cl->name, cl->hostname); + n->name, n->hostname); return; } - - if(cl->via == myself) - via = cl->nexthop; +/* FIXME + if(n->via == myself) + via = n->nexthop; else - via = cl->via; + via = n->via; - if(via != cl && debug_lvl >= DEBUG_TRAFFIC) + if(via != n && debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), - cl->name, via->name, via->hostname); + n->name, via->name, via->hostname); if((myself->options | via->options) & OPTION_TCPONLY) { - if(send_tcppacket(via, packet)) - terminate_connection(via, 1); + if(send_tcppacket(via->connection, packet)) + terminate_connection(via->connection, 1); } else send_udppacket(via, packet); +*/ } /* Broadcast a packet to all active direct connections */ -void broadcast_packet(connection_t *from, vpn_packet_t *packet) +void broadcast_packet(node_t *from, vpn_packet_t *packet) { avl_node_t *node; - connection_t *cl; + connection_t *c; cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), @@ -286,174 +231,39 @@ cp for(node = connection_tree->head; node; node = node->next) { - cl = (connection_t *)node->data; - if(cl->status.active && cl != from) - send_packet(cl, packet); + c = (connection_t *)node->data; + if(c->status.active && c != from->nexthop->connection) + send_packet(c->node, packet); } cp } -void flush_queue(connection_t *cl) +void flush_queue(node_t *n) { list_node_t *node, *next; cp if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Flushing queue for %s (%s)"), cl->name, cl->hostname); + syslog(LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); - for(node = cl->queue->head; node; node = next) + for(node = n->queue->head; node; node = next) { next = node->next; - send_udppacket(cl, (vpn_packet_t *)node->data); - list_delete_node(cl->queue, node); + send_udppacket(n, (vpn_packet_t *)node->data); + list_delete_node(n->queue, node); } cp } -/* - open the local ethertap device -*/ -int setup_tap_fd(void) -{ - int nfd; - const char *tapfname; - config_t const *cfg; -#ifdef HAVE_LINUX -# ifdef HAVE_TUNTAP - struct ifreq ifr; -# endif -#endif -#ifdef HAVE_SOLARIS - int ip_fd = -1, if_fd = -1; - int ppa; - char *ptr; -#endif +/* Setup sockets */ -cp - if((cfg = get_config_val(config, config_tapdevice))) - tapfname = cfg->data.ptr; - else - { -#ifdef HAVE_LINUX -# ifdef HAVE_TUNTAP - tapfname = "/dev/net/tun"; -# else - tapfname = "/dev/tap0"; -# endif -#endif -#ifdef HAVE_FREEBSD - tapfname = "/dev/tap0"; -#endif -#ifdef HAVE_SOLARIS - tapfname = "/dev/tun"; -#endif - } -cp - if((nfd = open(tapfname, O_RDWR | O_NONBLOCK)) < 0) - { - syslog(LOG_ERR, _("Could not open %s: %m"), tapfname); - return -1; - } -cp - tap_fd = nfd; - - /* Set default MAC address for ethertap devices */ - - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; - -#ifdef HAVE_LINUX - #ifdef HAVE_TUNTAP - /* Ok now check if this is an old ethertap or a new tun/tap thingie */ - memset(&ifr, 0, sizeof(ifr)); -cp - ifr.ifr_flags = IFF_TAP | IFF_NO_PI; - if (netname) - strncpy(ifr.ifr_name, netname, IFNAMSIZ); -cp - if (!ioctl(tap_fd, TUNSETIFF, (void *) &ifr)) - { - syslog(LOG_INFO, _("%s is a Linux tun/tap device"), tapfname); - taptype = TAP_TYPE_TUNTAP; - } - else - if (!ioctl(tap_fd, (('T'<< 8) | 202), (void *) &ifr)) - { - syslog(LOG_INFO, _("%s is a Linux tun/tap device"), tapfname); - syslog(LOG_WARNING, _("Old ioctl() request used")); - taptype = TAP_TYPE_TUNTAP; - } - else - #endif - { - syslog(LOG_INFO, _("%s is a Linux ethertap device"), tapfname); - taptype = TAP_TYPE_ETHERTAP; - } -#endif -#ifdef HAVE_FREEBSD - syslog(LOG_INFO, _("%s is a FreeBSD tap device"), tapfname); - taptype = TAP_TYPE_TUNTAP; -#endif -#ifdef HAVE_SOLARIS - ppa = 0; - - ptr = tapfname; - while(*ptr && !isdigit((int)*ptr)) ptr++; - ppa = atoi(ptr); - - if( (ip_fd = open("/dev/ip", O_RDWR, 0)) < 0){ - syslog(LOG_ERR, _("Could not open /dev/ip: %m")); - return -1; - } - - /* Assign a new PPA and get its unit number. */ - if( (ppa = ioctl(nfd, TUNNEWPPA, ppa)) < 0){ - syslog(LOG_ERR, _("Can't assign new interface: %m")); - return -1; - } - - if( (if_fd = open(tapfname, O_RDWR, 0)) < 0){ - syslog(LOG_ERR, _("Could not open %s twice: %m"), tapfname); - return -1; - } - - if(ioctl(if_fd, I_PUSH, "ip") < 0){ - syslog(LOG_ERR, _("Can't push IP module: %m")); - return -1; - } - - /* Assign ppa according to the unit number returned by tun device */ - if(ioctl(if_fd, IF_UNITSEL, (char *)&ppa) < 0){ - syslog(LOG_ERR, _("Can't set PPA %d: %m"), ppa); - return -1; - } - - if(ioctl(ip_fd, I_LINK, if_fd) < 0){ - syslog(LOG_ERR, _("Can't link TUN device to IP: %m")); - return -1; - } - - syslog(LOG_INFO, _("%s is a Solaris tun device"), tapfname); -#endif - -cp - return 0; -} - -/* - set up the socket that we listen on for incoming - (tcp) connections -*/ -int setup_listen_meta_socket(int port) +int setup_listen_socket(int port) { int nfd, flags; struct sockaddr_in a; int option; - config_t const *cfg; + char *interface; + char *address; + ip_mask_t *ipmask; cp if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { @@ -481,25 +291,29 @@ cp option = IPTOS_LOWDELAY; setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); - if((cfg = get_config_val(config, config_interface))) - { - if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, cfg->data.ptr, strlen(cfg->data.ptr))) - { - close(nfd); - syslog(LOG_ERR, _("Unable to bind listen socket to interface %s: %m"), cfg->data.ptr); - return -1; - } - } + if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) + if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface))) + { + close(nfd); + syslog(LOG_ERR, _("Can't bind to interface %s: %m"), interface); + return -1; + } #endif memset(&a, 0, sizeof(a)); a.sin_family = AF_INET; + a.sin_addr.s_addr = htonl(INADDR_ANY); a.sin_port = htons(port); - if((cfg = get_config_val(config, config_interfaceip))) - a.sin_addr.s_addr = htonl(cfg->data.ip->address); - else - a.sin_addr.s_addr = htonl(INADDR_ANY); + if(get_config_string(lookup_config(config_tree, "BindToAddress"), &address)) + { + ipmask = strtoip(address); + if(ipmask) + { + a.sin_addr.s_addr = htonl(ipmask->address); + free(ipmask); + } + } if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) { @@ -519,10 +333,6 @@ cp return nfd; } -/* - setup the socket for incoming encrypted - data (the udp part) -*/ int setup_vpn_in_socket(int port) { int nfd, flags; @@ -562,199 +372,171 @@ cp return nfd; } -/* - setup an outgoing meta (tcp) socket -*/ -int setup_outgoing_meta_socket(connection_t *cl) +int setup_outgoing_socket(connection_t *c) { int flags; struct sockaddr_in a; - config_t const *cfg; int option; cp if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Trying to connect to %s"), cl->hostname); + syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); - if((cfg = get_config_val(cl->config, config_port)) == NULL) - cl->port = 655; - else - cl->port = cfg->data.val; + c->socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - cl->meta_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - if(cl->meta_socket == -1) + if(c->socket == -1) { syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"), - cl->hostname, cl->port); + c->hostname, c->port); return -1; } - /* Bind first to get a fix on our source port */ + /* Bind first to get a fix on our source port??? a.sin_family = AF_INET; a.sin_port = htons(0); a.sin_addr.s_addr = htonl(INADDR_ANY); - if(bind(cl->meta_socket, (struct sockaddr *)&a, sizeof(struct sockaddr))) + if(bind(c->socket, (struct sockaddr *)&a, sizeof(struct sockaddr))) { - close(cl->meta_socket); + close(c->socket); syslog(LOG_ERR, _("System call `%s' failed: %m"), "bind"); return -1; } - /* Optimize TCP settings */ + */ + + /* Optimize TCP settings? option = 1; - setsockopt(cl->meta_socket, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); + setsockopt(c->socket, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); #ifdef HAVE_LINUX - setsockopt(cl->meta_socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); + setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); option = IPTOS_LOWDELAY; - setsockopt(cl->meta_socket, SOL_IP, IP_TOS, &option, sizeof(option)); + setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); #endif + + */ + /* Connect */ a.sin_family = AF_INET; - a.sin_port = htons(cl->port); - a.sin_addr.s_addr = htonl(cl->address); + a.sin_port = htons(c->port); + a.sin_addr.s_addr = htonl(c->address); - if(connect(cl->meta_socket, (struct sockaddr *)&a, sizeof(a)) == -1) + if(connect(c->socket, (struct sockaddr *)&a, sizeof(a)) == -1) { - close(cl->meta_socket); - syslog(LOG_ERR, _("%s port %hd: %m"), cl->hostname, cl->port); + close(c->socket); + syslog(LOG_ERR, _("%s port %hd: %m"), c->hostname, c->port); return -1; } - flags = fcntl(cl->meta_socket, F_GETFL); - if(fcntl(cl->meta_socket, F_SETFL, flags | O_NONBLOCK) < 0) + flags = fcntl(c->socket, F_GETFL); + + if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) { - close(cl->meta_socket); + close(c->socket); syslog(LOG_ERR, _("fcntl for %s port %d: %m"), - cl->hostname, cl->port); + c->hostname, c->port); return -1; } if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_INFO, _("Connected to %s port %hd"), - cl->hostname, cl->port); - - cl->status.meta = 1; + c->hostname, c->port); cp return 0; } -/* - Setup an outgoing meta connection. -*/ int setup_outgoing_connection(char *name) { - connection_t *ncn, *old; + connection_t *c; struct hostent *h; - config_t const *cfg; cp - if(check_id(name)) + c = new_connection(); + c->name = xstrdup(name); + + read_connection_config(c); + + if(!get_config_string(lookup_config(c->config_tree, "Address"), &c->hostname)) { - syslog(LOG_ERR, _("Invalid name for outgoing connection")); + syslog(LOG_ERR, _("No address specified for %s"), c->name); + free_connection(c); return -1; } - /* Make sure we don't make an outgoing connection to a host that is already in our connection list */ - - if((old = lookup_id(name))) + if(!get_config_port(lookup_config(c->config_tree, "Port"), &c->port)) { - if(!old->status.outgoing) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("We are already connected to %s."), name); - - old->status.outgoing = 1; - } - return 0; - } - - ncn = new_connection(); - asprintf(&ncn->name, "%s", name); - - if(read_host_config(ncn)) - { - syslog(LOG_ERR, _("Error reading host configuration file for %s"), ncn->name); - free_connection(ncn); + syslog(LOG_ERR, _("No port specified for %s"), c->name); + free_connection(c); return -1; } - if(!(cfg = get_config_val(ncn->config, config_address))) + if(!(h = gethostbyname(c->hostname))) { - syslog(LOG_ERR, _("No address specified for %s"), ncn->name); - free_connection(ncn); + syslog(LOG_ERR, _("Error looking up `%s': %m"), c->hostname); + free_connection(c); return -1; } - if(!(h = gethostbyname(cfg->data.ptr))) + c->address = ntohl(*((ipv4_t*)(h->h_addr_list[0]))); + c->hostname = hostlookup(htonl(c->address)); + + if(setup_outgoing_socket(c) < 0) { - syslog(LOG_ERR, _("Error looking up `%s': %m"), cfg->data.ptr); - free_connection(ncn); + syslog(LOG_ERR, _("Could not set up a meta connection to %s (%s)"), + c->name, c->hostname); + free_connection(c); return -1; } - ncn->address = ntohl(*((ipv4_t*)(h->h_addr_list[0]))); - ncn->hostname = hostlookup(htonl(ncn->address)); + c->status.outgoing = 1; + c->last_ping_time = time(NULL); - if(setup_outgoing_meta_socket(ncn) < 0) - { - syslog(LOG_ERR, _("Could not set up a meta connection to %s"), - ncn->hostname); - free_connection(ncn); - return -1; - } + connection_add(c); - ncn->status.outgoing = 1; - ncn->buffer = xmalloc(MAXBUFSIZE); - ncn->buflen = 0; - ncn->last_ping_time = time(NULL); - - connection_add(ncn); - - send_id(ncn); + send_id(c); cp return 0; } -int read_rsa_public_key(connection_t *cl) +int read_rsa_public_key(connection_t *c) { - config_t const *cfg; FILE *fp; char *fname; + char *key; void *result; cp - if(!cl->rsa_key) - cl->rsa_key = RSA_new(); + if(!c->rsa_key) + c->rsa_key = RSA_new(); /* First, check for simple PublicKey statement */ - if((cfg = get_config_val(cl->config, config_publickey))) + if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) { - BN_hex2bn(&cl->rsa_key->n, cfg->data.ptr); - BN_hex2bn(&cl->rsa_key->e, "FFFF"); + BN_hex2bn(&c->rsa_key->n, key); + BN_hex2bn(&c->rsa_key->e, "FFFF"); return 0; } /* Else, check for PublicKeyFile statement and read it */ - if((cfg = get_config_val(cl->config, config_publickeyfile))) + if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) { - if(is_safe_path(cfg->data.ptr)) + if(is_safe_path(fname)) { - if((fp = fopen(cfg->data.ptr, "r")) == NULL) + if((fp = fopen(fname, "r")) == NULL) { syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"), - cfg->data.ptr); + fname); return -1; } - result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL); + result = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); fclose(fp); if(!result) { syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %m"), - cfg->data.ptr); + fname); return -1; } return 0; @@ -765,53 +547,55 @@ cp /* Else, check if a harnessed public key is in the config file */ - asprintf(&fname, "%s/hosts/%s", confbase, cl->name); + result = NULL; + + asprintf(&fname, "%s/hosts/%s", confbase, c->name); if((fp = fopen(fname, "r"))) { - result = PEM_read_RSAPublicKey(fp, &cl->rsa_key, NULL, NULL); + result = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); fclose(fp); free(fname); - if(result) - return 0; } free(fname); - /* Nothing worked. */ - - syslog(LOG_ERR, _("No public key for %s specified!"), cl->name); -cp - return -1; + if(result) + return 0; + else + { + syslog(LOG_ERR, _("No public key for %s specified!"), c->name); + return -1; + } } int read_rsa_private_key(void) { - config_t const *cfg; FILE *fp; void *result; + char *fname, *key; cp - if(!myself->rsa_key) - myself->rsa_key = RSA_new(); + if(!myself->connection->rsa_key) + myself->connection->rsa_key = RSA_new(); - if((cfg = get_config_val(config, config_privatekey))) + if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { - BN_hex2bn(&myself->rsa_key->d, cfg->data.ptr); - BN_hex2bn(&myself->rsa_key->e, "FFFF"); + BN_hex2bn(&myself->connection->rsa_key->d, key); + BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); } - else if((cfg = get_config_val(config, config_privatekeyfile))) + else if(get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) { - if((fp = fopen(cfg->data.ptr, "r")) == NULL) + if((fp = fopen(fname, "r")) == NULL) { syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"), - cfg->data.ptr); + fname); return -1; } - result = PEM_read_RSAPrivateKey(fp, &myself->rsa_key, NULL, NULL); + result = PEM_read_RSAPrivateKey(fp, &myself->connection->rsa_key, NULL, NULL); fclose(fp); if(!result) { syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), - cfg->data.ptr); + fname); return -1; } } @@ -825,108 +609,107 @@ cp } /* - Configure connection_t myself and set up the local sockets (listen only) + Configure node_t myself and set up the local sockets (listen only) */ int setup_myself(void) { - config_t const *cfg; - config_t *next; - subnet_t *net; + config_t *cfg; + subnet_t *subnet; + char *name, *mode; + int choice; cp - myself = new_connection(); + myself = new_node(); + myself->connection = new_connection(); asprintf(&myself->hostname, _("MYSELF")); - myself->options = 0; - myself->protocol_version = PROT_CURRENT; + asprintf(&myself->connection->hostname, _("MYSELF")); - if(!(cfg = get_config_val(config, config_name))) /* Not acceptable */ + myself->connection->options = 0; + myself->connection->protocol_version = PROT_CURRENT; + + if(!get_config_string(lookup_config(config_tree, "Name"), &name)) /* Not acceptable */ { syslog(LOG_ERR, _("Name for tinc daemon required!")); return -1; } - else - asprintf(&myself->name, "%s", (char*)cfg->data.val); - if(check_id(myself->name)) + if(check_id(name)) { syslog(LOG_ERR, _("Invalid name for myself!")); + free(name); return -1; } + + myself->name = name; + myself->connection->name = xstrdup(name); + cp if(read_rsa_private_key()) return -1; - if(read_host_config(myself)) + if(read_connection_config(myself->connection)) { syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); return -1; } - if(read_rsa_public_key(myself)) + if(read_rsa_public_key(myself->connection)) return -1; cp /* - if(RSA_check_key(myself->rsa_key) != 1) + if(RSA_check_key(rsa_key) != 1) { syslog(LOG_ERR, _("Invalid public/private keypair!")); return -1; } */ - if(!(cfg = get_config_val(myself->config, config_port))) + if(!get_config_port(lookup_config(myself->connection->config_tree, "Port"), &myself->connection->port)) myself->port = 655; - else - myself->port = cfg->data.val; /* Read in all the subnets specified in the host configuration file */ - for(next = myself->config; (cfg = get_config_val(next, config_subnet)); next = cfg->next) + cfg = lookup_config(myself->connection->config_tree, "Subnet"); + + while(cfg) { - net = new_subnet(); - net->type = SUBNET_IPV4; - net->net.ipv4.address = cfg->data.ip->address; - net->net.ipv4.mask = cfg->data.ip->mask; + if(!get_config_subnet(cfg, &subnet)) + return -1; - /* Teach newbies what subnets are... */ + subnet_add(myself, subnet); - if((net->net.ipv4.address & net->net.ipv4.mask) != net->net.ipv4.address) - { - syslog(LOG_ERR, _("Network address and subnet mask do not match!")); - return -1; - } - - subnet_add(myself, net); + cfg = lookup_config_next(myself->connection->config_tree, cfg); } cp /* Check some options */ - if((cfg = get_config_val(config, config_indirectdata))) - if(cfg->data.val == stupid_true) + if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice)) + if(choice) myself->options |= OPTION_INDIRECT; - if((cfg = get_config_val(config, config_tcponly))) - if(cfg->data.val == stupid_true) + if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice)) + if(choice) myself->options |= OPTION_TCPONLY; - if((cfg = get_config_val(myself->config, config_indirectdata))) - if(cfg->data.val == stupid_true) + if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice)) + if(choice) myself->options |= OPTION_INDIRECT; - if((cfg = get_config_val(myself->config, config_tcponly))) - if(cfg->data.val == stupid_true) + if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice)) + if(choice) myself->options |= OPTION_TCPONLY; if(myself->options & OPTION_TCPONLY) myself->options |= OPTION_INDIRECT; - if((cfg = get_config_val(config, config_mode))) + if(get_config_string(lookup_config(myself->connection->config_tree, "Mode"), &mode)) { - if(!strcasecmp(cfg->data.ptr, "router")) + if(!strcasecmp(mode, "router")) routing_mode = RMODE_ROUTER; - else if (!strcasecmp(cfg->data.ptr, "switch")) + else if (!strcasecmp(mode, "switch")) routing_mode = RMODE_SWITCH; - else if (!strcasecmp(cfg->data.ptr, "hub")) + else if (!strcasecmp(mode, "hub")) routing_mode = RMODE_HUB; else { @@ -940,13 +723,13 @@ cp cp /* Open sockets */ - if((myself->meta_socket = setup_listen_meta_socket(myself->port)) < 0) + if((tcp_socket = setup_listen_socket(myself->port)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening TCP socket!")); return -1; } - if((myself->socket = setup_vpn_in_socket(myself->port)) < 0) + if((udp_socket = setup_vpn_in_socket(myself->port)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening UDP socket!")); return -1; @@ -954,96 +737,50 @@ cp cp /* Generate packet encryption key */ - myself->cipher_pkttype = EVP_bf_cbc(); + myself->cipher = EVP_bf_cbc(); - myself->cipher_pktkeylength = myself->cipher_pkttype->key_len + myself->cipher_pkttype->iv_len; + myself->keylength = myself->cipher->key_len + myself->cipher->iv_len; - myself->cipher_pktkey = (char *)xmalloc(myself->cipher_pktkeylength); - RAND_pseudo_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); + myself->key = (char *)xmalloc(myself->keylength); + RAND_pseudo_bytes(myself->key, myself->keylength); - if(!(cfg = get_config_val(config, config_keyexpire))) + if(!get_config_int(lookup_config(myself->connection->config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; - else - keylifetime = cfg->data.val; keyexpires = time(NULL) + keylifetime; cp /* Done */ myself->nexthop = myself; - myself->prevhop = myself; myself->via = myself; myself->status.active = 1; - id_add(myself); + node_add(myself); syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port); cp return 0; } -void randomized_alarm(int seconds) -{ - unsigned char r; - RAND_pseudo_bytes(&r, 1); - alarm((seconds * (int)r) / 128 + 1); -} - -RETSIGTYPE -try_outgoing_connections(int a) -{ - config_t const *cfg; - int retry = 0; -cp - cfg = get_config_val(config, config_connectto); - - while(cfg) - { - if(setup_outgoing_connection(cfg->data.ptr)) /* function returns 0 when there are no problems */ - retry = 1; - cfg = get_config_val(cfg->next, config_connectto); /* Or else we try the next ConnectTo line */ - } - - if(retry) - { - seconds_till_retry += 5; - if(seconds_till_retry > MAXTIMEOUT) /* Don't wait more than MAXTIMEOUT seconds. */ - seconds_till_retry = MAXTIMEOUT; - - syslog(LOG_ERR, _("Failed to setup all outgoing connections, will retry in %d seconds"), - seconds_till_retry); - - /* Randomize timeout to avoid global synchronisation effects */ - randomized_alarm(seconds_till_retry); - } - else - { - seconds_till_retry = 5; - } -cp -} - /* setup all initial network connections */ int setup_network_connections(void) { - config_t const *cfg; cp init_connections(); init_subnets(); - if((cfg = get_config_val(config, config_pingtimeout)) == NULL) - timeout = 60; - else + if(get_config_int(lookup_config(myself->connection->config_tree, "PingTimeout"), &timeout)) { - timeout = cfg->data.val; if(timeout < 1) { timeout = 86400; } - } + } + else + timeout = 60; - if(setup_tap_fd() < 0) + if(setup_device() < 0) return -1; /* Run tinc-up script to further initialize the tap interface */ @@ -1064,23 +801,23 @@ cp void close_network_connections(void) { avl_node_t *node, *next; - connection_t *p; + connection_t *c; cp for(node = connection_tree->head; node; node = next) { next = node->next; - p = (connection_t *)node->data; - p->status.outgoing = 0; - terminate_connection(p, 0); + c = (connection_t *)node->data; + c->status.outgoing = 0; + terminate_connection(c, 0); } - terminate_connection(myself, 0); +// terminate_connection(myself, 0); - destroy_trees(); +// destroy_trees(); execute_script("tinc-down"); - close(tap_fd); + close_device(); cp return; } @@ -1091,11 +828,11 @@ cp */ connection_t *create_new_connection(int sfd) { - connection_t *p; + connection_t *c; struct sockaddr_in ci; int len = sizeof(ci); cp - p = new_connection(); + c = new_connection(); if(getpeername(sfd, (struct sockaddr *) &ci, (socklen_t *) &len) < 0) { @@ -1105,23 +842,19 @@ cp return NULL; } - asprintf(&p->name, _("UNKNOWN")); - p->address = ntohl(ci.sin_addr.s_addr); - p->hostname = hostlookup(ci.sin_addr.s_addr); - p->port = htons(ci.sin_port); /* This one will be overwritten later */ - p->meta_socket = sfd; - p->status.meta = 1; - p->buffer = xmalloc(MAXBUFSIZE); - p->buflen = 0; - p->last_ping_time = time(NULL); + c->address = ntohl(ci.sin_addr.s_addr); + c->hostname = hostlookup(ci.sin_addr.s_addr); + c->port = htons(ci.sin_port); /* This one will be overwritten later */ + c->socket = sfd; + c->last_ping_time = time(NULL); if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection from %s port %d"), - p->hostname, htons(ci.sin_port)); + c->hostname, htons(ci.sin_port)); - p->allow_request = ID; + c->allow_request = ID; cp - return p; + return c; } /* @@ -1130,20 +863,19 @@ cp void build_fdset(fd_set *fs) { avl_node_t *node; - connection_t *p; + connection_t *c; cp FD_ZERO(fs); - FD_SET(myself->socket, fs); - for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)node->data; - FD_SET(p->meta_socket, fs); + c = (connection_t *)node->data; + FD_SET(c->socket, fs); } - FD_SET(myself->meta_socket, fs); - FD_SET(tap_fd, fs); + FD_SET(tcp_socket, fs); + FD_SET(udp_socket, fs); + FD_SET(device_fd, fs); cp } @@ -1158,12 +890,12 @@ void handle_incoming_vpn_data(void) int x, l = sizeof(x); struct sockaddr_in from; socklen_t fromlen = sizeof(from); - connection_t *cl; + node_t *n; cp - if(getsockopt(myself->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) + if(getsockopt(udp_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), - __FILE__, __LINE__, myself->socket); + __FILE__, __LINE__, udp_socket); return; } if(x) @@ -1172,23 +904,24 @@ cp return; } - if((pkt.len = recvfrom(myself->socket, (char *) pkt.salt, MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0) + if((pkt.len = recvfrom(udp_socket, (char *) pkt.salt, MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); return; } - cl = lookup_active(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + n = lookup_node_udp(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); - if(!cl) + if(!n) { syslog(LOG_WARNING, _("Received UDP packets on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); return; } - - cl->last_ping_time = time(NULL); - - receive_udppacket(cl, &pkt); +/* + if(n->connection) + n->connection->last_ping_time = time(NULL); +*/ + receive_udppacket(n, &pkt); cp } @@ -1200,77 +933,9 @@ cp - Since it might still be referenced, put it on the prune list. - If report == 1, then send DEL_HOST messages to the other tinc daemons. */ -void terminate_connection(connection_t *cl, int report) +void terminate_connection(connection_t *c, int report) { - connection_t *p; - subnet_t *subnet; - avl_node_t *node, *next; -cp - if(cl->status.remove) - return; - else - cl->status.remove = 1; - - if(cl->socket) - close(cl->socket); - if(cl->meta_socket) - close(cl->meta_socket); - - connection_del(cl); - - if(cl->status.meta) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), - cl->name, cl->hostname); - - if(cl->status.active) - { - /* Find all connections that were lost because they were behind cl - (the connection that was dropped). */ - - for(node = active_tree->head; node; node = next) - { - next = node->next; - p = (connection_t *)node->data; - if(p->nexthop == cl) - terminate_connection(p, report); - } - } - } - - /* Inform others of termination if needed */ - - if(report) - for(node = connection_tree->head; node; node = node->next) - { - p = (connection_t *)node->data; - if(p->status.active) - send_del_host(p, cl); /* Sounds like recursion, but p does not have a meta connection :) */ - } - - /* Remove the associated subnets */ - - for(node = cl->subnet_tree->head; node; node = next) - { - next = node->next; - subnet = (subnet_t *)node->data; - subnet_del(subnet); - } - - /* Check if this was our outgoing connection */ - - if(cl->status.outgoing) - { - cl->status.outgoing = 0; - signal(SIGALRM, try_outgoing_connections); - alarm(seconds_till_retry); - syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); - } -cp - /* Schedule it for pruning */ - - prune_add(cl); + /* Needs a serious rewrite. */ } /* @@ -1285,37 +950,37 @@ void check_dead_connections(void) { time_t now; avl_node_t *node, *next; - connection_t *cl; + connection_t *c; cp now = time(NULL); for(node = connection_tree->head; node; node = next) { next = node->next; - cl = (connection_t *)node->data; - if(cl->last_ping_time + timeout < now) + c = (connection_t *)node->data; + if(c->last_ping_time + timeout < now) { - if(cl->status.active) + if(c->status.active) { - if(cl->status.pinged) + if(c->status.pinged) { if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), - cl->name, cl->hostname); - cl->status.timeout = 1; - terminate_connection(cl, 1); + c->name, c->hostname); + c->status.timeout = 1; + terminate_connection(c, 1); } else { - send_ping(cl); + send_ping(c); } } else { if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_WARNING, _("Timeout from %s (%s) during authentication"), - cl->name, cl->hostname); - terminate_connection(cl, 0); + c->name, c->hostname); + terminate_connection(c, 0); } } } @@ -1328,122 +993,125 @@ cp */ int handle_new_meta_connection() { - connection_t *ncn; + connection_t *new; struct sockaddr client; - int nfd, len = sizeof(client); + int fd, len = sizeof(client); cp - if((nfd = accept(myself->meta_socket, &client, &len)) < 0) + if((fd = accept(tcp_socket, &client, &len)) < 0) { syslog(LOG_ERR, _("Accepting a new connection failed: %m")); return -1; } - if(!(ncn = create_new_connection(nfd))) + if(!(new = create_new_connection(fd))) { - shutdown(nfd, 2); - close(nfd); + shutdown(fd, 2); + close(fd); syslog(LOG_NOTICE, _("Closed attempted connection")); return 0; } - connection_add(ncn); + connection_add(new); - send_id(ncn); + send_id(new); cp return 0; } +void randomized_alarm(int seconds) +{ + unsigned char r; + RAND_pseudo_bytes(&r, 1); + alarm((seconds * (int)r) / 128 + 1); +} + +/* This function is severely fucked up. + We want to redesign it so the following rules apply: + + - Try all ConnectTo's in a row: + - if a connect() fails, try next one immediately, + - if it works, wait 5 seconds or so. + - If none of them were succesful, increase delay and retry. + - If all were succesful, don't try anymore. +*/ + +RETSIGTYPE +try_outgoing_connections(int a) +{ + static config_t *cfg = NULL; + static int retry = 0; + char *name; + int maxtimeout = 900; +cp + if(!cfg) + cfg = lookup_config(config_tree, "ConnectTo"); + + if(!cfg) + return; + + while(cfg) + { + get_config_string(cfg, &name); + cfg = lookup_config_next(config_tree, cfg); /* Next time skip to next ConnectTo line */ + + if(!setup_outgoing_connection(name)) /* function returns 0 when there are no problems */ + retry = 1; + + } + + get_config_int(lookup_config(config_tree, "MaxTimeout"), &maxtimeout); + + if(retry) + { + seconds_till_retry += 5; + if(seconds_till_retry > maxtimeout) /* Don't wait more than MAXTIMEOUT seconds. */ + seconds_till_retry = maxtimeout; + + syslog(LOG_ERR, _("Failed to setup all outgoing connections, will retry in %d seconds"), + seconds_till_retry); + + /* Randomize timeout to avoid global synchronisation effects */ + randomized_alarm(seconds_till_retry); + } + else + { + seconds_till_retry = 5; + } +cp +} + /* check all connections to see if anything happened on their sockets */ void check_network_activity(fd_set *f) { - connection_t *p; + connection_t *c; avl_node_t *node; cp - if(FD_ISSET(myself->socket, f)) + if(FD_ISSET(udp_socket, f)) handle_incoming_vpn_data(); for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)node->data; + c = (connection_t *)node->data; - if(p->status.remove) + if(c->status.remove) return; - if(FD_ISSET(p->meta_socket, f)) - if(receive_meta(p) < 0) + if(FD_ISSET(c->socket, f)) + if(receive_meta(c) < 0) { - terminate_connection(p, p->status.active); + terminate_connection(c, c->status.active); return; } } - if(FD_ISSET(myself->meta_socket, f)) + if(FD_ISSET(tcp_socket, f)) handle_new_meta_connection(); cp } -/* - read, encrypt and send data that is - available through the ethertap device -*/ -void handle_tap_input(void) -{ - vpn_packet_t vp; - int lenin; -cp -#ifdef HAVE_SOLARIS - if((lenin = read(tap_fd, vp.data + 14, MTU)) <= 0) - { - syslog(LOG_ERR, _("Error while reading from tun device: %m")); - return; - } - memcpy(vp.data, mymac.net.mac.address.x, 6); - memcpy(vp.data + 6, mymac.net.mac.address.x, 6); - vp.data[12] = 0x08; - vp.data[13] = 0x00; - vp.len = lenin + 14; -#else - if(taptype == TAP_TYPE_TUNTAP) - { - if((lenin = read(tap_fd, vp.data, MTU)) <= 0) - { - syslog(LOG_ERR, _("Error while reading from tun/tap device: %m")); - return; - } - vp.len = lenin; - } - else /* ethertap */ - { - if((lenin = read(tap_fd, vp.data - 2, MTU)) <= 0) - { - syslog(LOG_ERR, _("Error while reading from ethertap device: %m")); - return; - } - vp.len = lenin - 2; - } -#endif - - total_tap_in += vp.len; - - if(lenin < 32) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_WARNING, _("Received short packet from tap device")); - return; - } - - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_DEBUG, _("Read packet of length %d from tap device"), vp.len); - } - - route_outgoing(&vp); -cp -} - /* this is where it all happens... */ @@ -1462,7 +1130,6 @@ cp tv.tv_sec = timeout; tv.tv_usec = 0; - prune_flush(); build_fdset(&fset); if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) @@ -1479,7 +1146,7 @@ cp syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds")); sighup = 0; close_network_connections(); - clear_config(&config); + exit_configuration(&config_tree); if(read_server_config()) { @@ -1511,8 +1178,8 @@ cp if(debug_lvl >= DEBUG_STATUS) syslog(LOG_INFO, _("Regenerating symmetric key")); - RAND_pseudo_bytes(myself->cipher_pktkey, myself->cipher_pktkeylength); - send_key_changed(myself, NULL); + RAND_pseudo_bytes(myself->key, myself->keylength); + send_key_changed(myself->connection, myself); keyexpires = time(NULL) + keylifetime; } } @@ -1522,7 +1189,7 @@ cp check_network_activity(&fset); /* local tap data */ - if(FD_ISSET(tap_fd, &fset)) + if(FD_ISSET(device_fd, &fset)) handle_tap_input(); } } diff --git a/src/net.h b/src/net.h index 7c178416..eb7ad7ea 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.34 2001/07/21 15:34:18 guus Exp $ + $Id: net.h,v 1.9.4.35 2001/10/27 12:13:17 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -59,6 +59,11 @@ typedef struct mac_t typedef unsigned long ipv4_t; +typedef struct ip_mask_t { + ipv4_t address; + ipv4_t mask; +} ip_mask_t; + typedef struct ipv6_t { unsigned short x[8]; @@ -85,19 +90,6 @@ typedef struct packet_queue_t { queue_element_t *tail; } packet_queue_t; -typedef struct enc_key_t { - int length; - char *key; - time_t expiry; -} enc_key_t; - -extern int tap_fd; - -extern int total_tap_in; -extern int total_tap_out; -extern int total_socket_in; -extern int total_socket_out; - extern int seconds_till_retry; extern char *request_name[256]; @@ -105,26 +97,16 @@ extern char *status_text[10]; #include "connection.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ -extern int str2opt(const char *); -extern char *opt2str(int); -extern void send_packet(connection_t *, vpn_packet_t *); -extern void receive_packet(connection_t *, vpn_packet_t *); -extern void receive_tcppacket(connection_t *, char *, int); -extern void accept_packet(vpn_packet_t *); -extern void broadcast_packet(connection_t *, vpn_packet_t *); +extern void send_packet(struct node_t *, vpn_packet_t *); +extern void receive_packet(struct node_t *, vpn_packet_t *); +extern void receive_tcppacket(struct connection_t *, char *, int); +extern void broadcast_packet(struct node_t *, vpn_packet_t *); extern int setup_network_connections(void); extern void close_network_connections(void); extern void main_loop(void); extern void terminate_connection(connection_t *, int); -extern void flush_queue(connection_t *); - -#include -#ifdef HAVE_OPENSSL_RSA_H -# include -#else -# include -#endif - -extern int read_rsa_public_key(connection_t *); +extern void flush_queue(struct node_t *); +extern int read_rsa_public_key(struct connection_t *); +extern RETSIGTYPE try_outgoing_connections(int); #endif /* __TINC_NET_H__ */ diff --git a/src/netutl.c b/src/netutl.c index 562b105d..e869e348 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.19 2001/05/07 19:08:46 guus Exp $ + $Id: netutl.c,v 1.12.4.20 2001/10/27 12:13:17 guus Exp $ */ #include "config.h" @@ -46,15 +46,11 @@ char *hostlookup(unsigned long addr) char *name; struct hostent *host = NULL; struct in_addr in; - config_t const *cfg; - int lookup_hostname; + int lookup_hostname = 0; cp in.s_addr = addr; - lookup_hostname = 0; - if((cfg = get_config_val(config, config_hostnames)) != NULL) - if(cfg->data.val == stupid_true) - lookup_hostname = 1; + get_config_int(lookup_config(config_tree, "Hostnames"), &lookup_hostname); if(lookup_hostname) host = gethostbyaddr((char *)&in, sizeof(in), AF_INET); diff --git a/src/netutl.h b/src/netutl.h index bcc84c88..3f6d009f 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -17,14 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.6 2001/01/07 17:09:02 guus Exp $ + $Id: netutl.h,v 1.2.4.7 2001/10/27 12:13:17 guus Exp $ */ #ifndef __TINC_NETUTL_H__ #define __TINC_NETUTL_H__ #include "net.h" -#include "conf.h" extern char *hostlookup(unsigned long); extern ip_mask_t *strtoip(char*); diff --git a/src/node.c b/src/node.c index d2553625..53e520e9 100644 --- a/src/node.c +++ b/src/node.c @@ -17,20 +17,45 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.1 2001/10/10 08:49:47 guus Exp $ + $Id: node.c,v 1.1.2.2 2001/10/27 12:13:17 guus Exp $ */ -avl_tree_t *node_tree; /* Known nodes, sorted by name */ +#include "config.h" -int node_compare(connection_t *a, connection_t *b) +#include +#include + +#include +#include "node.h" +#include "net.h" +#include +#include + +#include "system.h" + +avl_tree_t *node_tree; /* Known nodes, sorted by name */ +avl_tree_t *node_udp_tree; /* Known nodes, sorted by address and port */ + +int node_compare(node_t *a, node_t *b) { return strcmp(a->name, b->name); } +int node_udp_compare(connection_t *a, connection_t *b) +{ + if(a->address < b->address) + return -1; + else if (a->address > b->address) + return 1; + else + return a->port - b->port; +} + void init_nodes(void) { cp node_tree = avl_alloc_tree((avl_compare_t)node_compare, NULL); + node_udp_tree = avl_alloc_tree((avl_compare_t)node_udp_compare, NULL); cp } @@ -38,6 +63,7 @@ void exit_nodes(void) { cp avl_delete_tree(node_tree); + avl_delete_tree(node_udp_tree); cp } @@ -62,12 +88,26 @@ cp free(n->hostname); if(n->key) free(n->key); - if(n->config) - clear_config(&n->config); free(n); cp } +void node_add(node_t *n) +{ +cp + avl_insert(node_tree, n); + avl_insert(node_udp_tree, n); +cp +} + +void node_del(node_t *n) +{ +cp + avl_delete(node_tree, n); + avl_delete(node_udp_tree, n); +cp +} + node_t *lookup_node(char *name) { node_t n; @@ -76,17 +116,13 @@ cp return avl_search(node_tree, &n); } - -int read_host_config(nodet *n) +node_t *lookup_node_udp(ipv4_t address, port_t port) { - char *fname; - int x; + node_t n; cp - asprintf(&fname, "%s/hosts/%s", confbase, n->name); - x = read_config_file(&n->config, fname); - free(fname); -cp - return x; + n.address = address; + n.port = port; + return avl_search(node_udp_tree, &n); } void dump_nodes(void) @@ -98,10 +134,10 @@ cp for(node = node_tree->head; node; node = node->next) { - n = (connection_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld sockets %d, %d status %04x"), + n = (node_t *)node->data; + syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld status %04x"), n->name, n->hostname, n->port, n->options, - n->socket, n->meta_socket, n->status); + n->status); } syslog(LOG_DEBUG, _("End of nodes.")); diff --git a/src/node.h b/src/node.h index 16bdb7c0..9f2a35a7 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.4 2001/10/10 20:35:10 guus Exp $ + $Id: node.h,v 1.1.2.5 2001/10/27 12:13:17 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -25,31 +25,52 @@ #include +#include "subnet.h" +#include "connection.h" + +typedef struct node_status_t { + int active:1; /* 1 if active.. */ + int validkey:1; /* 1 if we currently have a valid key for him */ + int waitingforkey:1; /* 1 if we already sent out a request */ + int unused:29; +} node_status_t; + typedef struct node_t { - char *name; /* name of this connection */ - int protocol_version; /* used protocol */ - long int options; /* options turned on for this connection */ + char *name; /* name of this node */ + long int options; /* options turned on for this node */ ipv4_t address; /* his real (internet) ip to send UDP packets to */ short unsigned int port; /* port number of UDP connection */ char *hostname; /* the hostname of its real ip */ + struct node_status_t status; + EVP_CIPHER *cipher; /* Cipher type for UDP packets */ char *key; /* Cipher key and iv */ int keylength; /* Cipher key and iv length*/ - list_t *queue; /* Queue for packets awaiting to be encrypted */ + list_t *queue; /* Queue for packets awaiting to be encrypted */ - struct node_t *nexthop; /* nearest meta-hop from us to him */ - struct node_t *prevhop; /* nearest meta-hop from him to us */ + struct node_t *nexthop; /* nearest node from us to him */ struct node_t *via; /* next hop for UDP packets */ avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */ - struct config_t *config; /* Pointer to configuration tree belonging to this node */ + struct connection_t *connection; /* Connection associated with this node (if a direct connection exists) */ } node_t; -struct node_t *myself; +extern struct node_t *myself; extern avl_tree_t *node_tree; +extern void init_nodes(void); +extern void exit_nodes(void); +extern node_t *new_node(void); +extern void free_node(node_t *n); +extern void node_add(node_t *n); +extern void node_del(node_t *n); +extern node_t *lookup_node(char *); +extern node_t *lookup_node_udp(ipv4_t, port_t); +extern void dump_nodes(void); + + #endif /* __TINC_NODE_H__ */ diff --git a/src/process.c b/src/process.c index f395496f..9acb5fdd 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.25 2001/09/05 18:38:09 zarq Exp $ + $Id: process.c,v 1.1.2.26 2001/10/27 12:13:17 guus Exp $ */ #include "config.h" @@ -42,6 +42,7 @@ #include "conf.h" #include "process.h" #include "subnet.h" +#include "device.h" #include "connection.h" #include "system.h" @@ -87,8 +88,7 @@ cp close_network_connections(); if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_INFO, _("Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d"), - total_tap_out, total_socket_out, total_tap_in, total_socket_in); + dump_device_stats(); syslog(LOG_NOTICE, _("Terminating")); diff --git a/src/protocol.c b/src/protocol.c index 492f2893..f275f3e2 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.108 2001/10/08 15:37:14 guus Exp $ + $Id: protocol.c,v 1.28.4.109 2001/10/27 12:13:17 guus Exp $ */ #include "config.h" @@ -54,6 +54,8 @@ #include "protocol.h" #include "meta.h" #include "connection.h" +#include "node.h" +#include "vertex.h" #include "system.h" @@ -73,7 +75,7 @@ int check_id(char *id) /* Generic request routines - takes care of logging and error detection as well */ -int send_request(connection_t *cl, const char *format, ...) +int send_request(connection_t *c, const char *format, ...) { va_list args; char buffer[MAXBUFSIZE]; @@ -91,37 +93,37 @@ cp if(len < 0 || len > MAXBUFSIZE-1) { - syslog(LOG_ERR, _("Output buffer overflow while sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname); + syslog(LOG_ERR, _("Output buffer overflow while sending %s to %s (%s)"), request_name[request], c->name, c->hostname); return -1; } if(debug_lvl >= DEBUG_PROTOCOL) { if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], cl->name, cl->hostname, buffer); + syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], c->name, c->hostname, buffer); else - syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], cl->name, cl->hostname); + syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], c->name, c->hostname); } buffer[len++] = '\n'; cp - return send_meta(cl, buffer, len); + return send_meta(c, buffer, len); } -int receive_request(connection_t *cl) +int receive_request(connection_t *c) { int request; cp - if(sscanf(cl->buffer, "%d", &request) == 1) + if(sscanf(c->buffer, "%d", &request) == 1) { if((request < 0) || (request >= LAST) || (request_handlers[request] == NULL)) { if(debug_lvl >= DEBUG_META) syslog(LOG_DEBUG, _("Unknown request from %s (%s): %s"), - cl->name, cl->hostname, cl->buffer); + c->name, c->hostname, c->buffer); else syslog(LOG_ERR, _("Unknown request from %s (%s)"), - cl->name, cl->hostname); + c->name, c->hostname); return -1; } @@ -131,31 +133,31 @@ cp { if(debug_lvl >= DEBUG_META) syslog(LOG_DEBUG, _("Got %s from %s (%s): %s"), - request_name[request], cl->name, cl->hostname, cl->buffer); + request_name[request], c->name, c->hostname, c->buffer); else syslog(LOG_DEBUG, _("Got %s from %s (%s)"), - request_name[request], cl->name, cl->hostname); + request_name[request], c->name, c->hostname); } } - if((cl->allow_request != ALL) && (cl->allow_request != request)) + if((c->allow_request != ALL) && (c->allow_request != request)) { - syslog(LOG_ERR, _("Unauthorized request from %s (%s)"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Unauthorized request from %s (%s)"), c->name, c->hostname); return -1; } - if(request_handlers[request](cl)) + if(request_handlers[request](c)) /* Something went wrong. Probably scriptkiddies. Terminate. */ { syslog(LOG_ERR, _("Error while processing %s from %s (%s)"), - request_name[request], cl->name, cl->hostname); + request_name[request], c->name, c->hostname); return -1; } } else { syslog(LOG_ERR, _("Bogus data received from %s (%s)"), - cl->name, cl->hostname); + c->name, c->hostname); return -1; } cp @@ -165,338 +167,91 @@ cp /* The authentication protocol is described in detail in doc/SECURITY2, the rest will be described in doc/PROTOCOL. */ -int send_id(connection_t *cl) +int send_id(connection_t *c) { cp - return send_request(cl, "%d %s %d %lx %hd", ID, myself->name, myself->protocol_version, myself->options, myself->port); + return send_request(c, "%d %s %d", ID, myself->connection->name, myself->connection->protocol_version); } -int id_h(connection_t *cl) +int id_h(connection_t *c) { char name[MAX_STRING_SIZE]; cp - if(sscanf(cl->buffer, "%*d "MAX_STRING" %d %lx %hd", name, &cl->protocol_version, &cl->options, &cl->port) != 4) + if(sscanf(c->buffer, "%*d "MAX_STRING" %d", name, &c->protocol_version) != 2) { - syslog(LOG_ERR, _("Got bad ID from %s"), cl->hostname); + syslog(LOG_ERR, _("Got bad %s from %s"), "ID", c->hostname); return -1; } - /* Check if version matches */ - - if(cl->protocol_version != myself->protocol_version) - { - syslog(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), - cl->name, cl->hostname, cl->protocol_version); - return -1; - } - /* Check if identity is a valid name */ if(check_id(name)) { - syslog(LOG_ERR, _("Peer %s uses invalid identity name"), cl->hostname); - return -1; - } - - /* Copy string to cl */ - - if(cl->name) - free(cl->name); - - cl->name = xstrdup(name); - - /* Load information about peer */ - - if(read_host_config(cl)) - { - syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), cl->hostname, cl->name); + syslog(LOG_ERR, _("Peer %s uses invalid identity name"), c->hostname); return -1; } - /* Read in the public key, so that we can send a metakey */ - - if(read_rsa_public_key(cl)) - return -1; - - cl->allow_request = METAKEY; -cp - return send_metakey(cl); -} - -int ack_h(connection_t *cl) -{ - config_t const *cfg; - connection_t *old, *p; - subnet_t *subnet; - avl_node_t *node, *node2; -cp - /* Okay, before we active the connection, we check if there is another entry - in the connection list with the same name. If so, it presumably is an - old connection that has timed out but we don't know it yet. - */ - - if((old = lookup_id(cl->name))) + /* If we set c->name in advance, make sure we are connected to the right host */ + + if(c->name) { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Removing old connection for %s at %s in favour of new connection at %s"), - old->name, old->hostname, cl->hostname); - if(old->status.outgoing) + if(strcmp(c->name, name)) { - cl->status.outgoing = 1; - old->status.outgoing = 0; + syslog(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, c->name); + return -1; } - - terminate_connection(old, 0); } - - /* Also check if no other tinc daemon uses the same IP and port for UDP traffic */ - - old = avl_search(active_tree, cl); - if(old) - { - syslog(LOG_ERR, _("%s is listening on %s:%hd, which is already in use by %s!"), - cl->name, cl->hostname, cl->port, old->name); - return -1; - } - - /* Activate this connection */ - - cl->allow_request = ALL; - cl->nexthop = cl; - cl->prevhop = myself; - cl->cipher_pkttype = EVP_bf_cbc(); - cl->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; - - active_add(cl); - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), cl->name, cl->hostname); - - if(cl->status.outgoing) - seconds_till_retry = 5; /* Reset retry timeout */ -cp - /* Check some options */ - - if((cfg = get_config_val(cl->config, config_indirectdata))) - { - if(cfg->data.val == stupid_true) - cl->options |= OPTION_INDIRECT; - } - - if((cfg = get_config_val(cl->config, config_tcponly))) - { - if(cfg->data.val == stupid_true) - cl->options |= OPTION_TCPONLY; - } - - if((myself->options | cl->options) & OPTION_INDIRECT) - cl->via = myself; else - cl->via = cl; + c->name = xstrdup(name); - /* Send him our subnets */ - - for(node = myself->subnet_tree->head; node; node = node->next) + /* Check if version matches */ + + if(c->protocol_version != myself->connection->protocol_version) { - subnet = (subnet_t *)node->data; - send_add_subnet(cl, subnet); + syslog(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), + c->name, c->hostname, c->protocol_version); + return -1; } - - /* And send him all the hosts and their subnets we know... */ - for(node = active_tree->head; node; node = node->next) + if(!c->config_tree) { - p = (connection_t *)node->data; - - if(p != cl) + if(read_connection_config(c)) { - /* Notify others of this connection */ + syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name); + return -1; + } - if(p->status.meta) - send_add_host(p, cl); - - /* Notify new connection of everything we know */ - - send_add_host(cl, p); - - for(node2 = p->subnet_tree->head; node2; node2 = node2->next) - { - subnet = (subnet_t *)node2->data; - send_add_subnet(cl, subnet); - } + if(read_rsa_public_key(c)) + { + return -1; } } + + c->allow_request = METAKEY; cp - return 0; + return send_metakey(c); } -int send_challenge(connection_t *cl) +int send_metakey(connection_t *c) { char *buffer; int len, x; cp - /* CHECKME: what is most reasonable value for len? */ - - len = RSA_size(cl->rsa_key); - - /* Allocate buffers for the challenge */ - - buffer = xmalloc(len*2+1); - - if(cl->hischallenge) - free(cl->hischallenge); - - cl->hischallenge = xmalloc(len); -cp - /* Copy random data to the buffer */ - - RAND_bytes(cl->hischallenge, len); - -cp - /* Convert to hex */ - - bin2hex(cl->hischallenge, buffer, len); - buffer[len*2] = '\0'; - -cp - /* Send the challenge */ - - x = send_request(cl, "%d %s", CHALLENGE, buffer); - free(buffer); -cp - return x; -} - -int challenge_h(connection_t *cl) -{ - char buffer[MAX_STRING_SIZE]; - int len; -cp - if(sscanf(cl->buffer, "%*d "MAX_STRING, buffer) != 1) - { - syslog(LOG_ERR, _("Got bad CHALLENGE from %s (%s)"), cl->name, cl->hostname); - return -1; - } - - len = RSA_size(myself->rsa_key); - - /* Check if the length of the challenge is all right */ - - if(strlen(buffer) != len*2) - { - syslog(LOG_ERR, _("Intruder: wrong challenge length from %s (%s)"), cl->name, cl->hostname); - return -1; - } - - /* Allocate buffers for the challenge */ - - if(!cl->mychallenge) - cl->mychallenge = xmalloc(len); - - /* Convert the challenge from hexadecimal back to binary */ - - hex2bin(buffer,cl->mychallenge,len); - - cl->allow_request = CHAL_REPLY; - - /* Rest is done by send_chal_reply() */ -cp - return send_chal_reply(cl); -} - -int send_chal_reply(connection_t *cl) -{ - char hash[SHA_DIGEST_LENGTH*2+1]; -cp - if(!cl->mychallenge) - { - syslog(LOG_ERR, _("Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE"), cl->name, cl->hostname); - return -1; - } - - /* Calculate the hash from the challenge we received */ - - SHA1(cl->mychallenge, RSA_size(myself->rsa_key), hash); - - /* Convert the hash to a hexadecimal formatted string */ - - bin2hex(hash,hash,SHA_DIGEST_LENGTH); - hash[SHA_DIGEST_LENGTH*2] = '\0'; - - /* Send the reply */ - -cp - return send_request(cl, "%d %s", CHAL_REPLY, hash); -} - -int chal_reply_h(connection_t *cl) -{ - char hishash[MAX_STRING_SIZE]; - char myhash[SHA_DIGEST_LENGTH]; -cp - if(sscanf(cl->buffer, "%*d "MAX_STRING, hishash) != 1) - { - syslog(LOG_ERR, _("Got bad CHAL_REPLY from %s (%s)"), cl->name, cl->hostname); - return -1; - } - - /* Check if the length of the hash is all right */ - - if(strlen(hishash) != SHA_DIGEST_LENGTH*2) - { - syslog(LOG_ERR, _("Intruder: wrong challenge reply length from %s (%s)"), cl->name, cl->hostname); - return -1; - } - - /* Convert the hash to binary format */ - - hex2bin(hishash, hishash, SHA_DIGEST_LENGTH); - - /* Calculate the hash from the challenge we sent */ - - SHA1(cl->hischallenge, RSA_size(cl->rsa_key), myhash); - - /* Verify the incoming hash with the calculated hash */ - - if(memcmp(hishash, myhash, SHA_DIGEST_LENGTH)) - { - syslog(LOG_ERR, _("Intruder: wrong challenge reply from %s (%s)"), cl->name, cl->hostname); - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); - hishash[SHA_DIGEST_LENGTH*2] = '\0'; - syslog(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); - } - return -1; - } - - /* Identity has now been positively verified. - ack_h() handles the rest from now on. - */ -cp - return ack_h(cl); -} - -int send_metakey(connection_t *cl) -{ - char *buffer; - int len, x; -cp - len = RSA_size(cl->rsa_key); + len = RSA_size(c->rsa_key); /* Allocate buffers for the meta key */ buffer = xmalloc(len*2+1); - if(!cl->cipher_outkey) - cl->cipher_outkey = xmalloc(len); + if(!c->outkey) + c->outkey = xmalloc(len); - if(!cl->cipher_outctx) - cl->cipher_outctx = xmalloc(sizeof(*cl->cipher_outctx)); + if(!c->outctx) + c->outctx = xmalloc(sizeof(*c->outctx)); cp /* Copy random data to the buffer */ - RAND_bytes(cl->cipher_outkey, len); + RAND_bytes(c->outkey, len); /* The message we send must be smaller than the modulus of the RSA key. By definition, for a key of k bits, the following formula holds: @@ -508,11 +263,11 @@ cp This can be done by setting the most significant bit to zero. */ - cl->cipher_outkey[0] &= 0x7F; + c->outkey[0] &= 0x7F; if(debug_lvl >= DEBUG_SCARY_THINGS) { - bin2hex(cl->cipher_outkey, buffer, len); + bin2hex(c->outkey, buffer, len); buffer[len*2] = '\0'; syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer); } @@ -524,9 +279,9 @@ cp with a length equal to that of the modulus of the RSA key. */ - if(RSA_public_encrypt(len, cl->cipher_outkey, buffer, cl->rsa_key, RSA_NO_PADDING) != len) + if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) { - syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); free(buffer); return -1; } @@ -538,48 +293,48 @@ cp /* Send the meta key */ - x = send_request(cl, "%d %s", METAKEY, buffer); + x = send_request(c, "%d %s", METAKEY, buffer); free(buffer); /* Further outgoing requests are encrypted with the key we just generated */ - EVP_EncryptInit(cl->cipher_outctx, EVP_bf_cfb(), - cl->cipher_outkey + len - EVP_bf_cfb()->key_len, - cl->cipher_outkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len); + EVP_EncryptInit(c->outctx, EVP_bf_cfb(), + c->outkey + len - EVP_bf_cfb()->key_len, + c->outkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len); - cl->status.encryptout = 1; + c->status.encryptout = 1; cp return x; } -int metakey_h(connection_t *cl) +int metakey_h(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len; cp - if(sscanf(cl->buffer, "%*d "MAX_STRING, buffer) != 1) + if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1) { - syslog(LOG_ERR, _("Got bad METAKEY from %s (%s)"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Got bad METAKEY from %s (%s)"), c->name, c->hostname); return -1; } - len = RSA_size(myself->rsa_key); + len = RSA_size(myself->connection->rsa_key); /* Check if the length of the meta key is all right */ if(strlen(buffer) != len*2) { - syslog(LOG_ERR, _("Intruder: wrong meta key length from %s (%s)"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Intruder: wrong meta key length from %s (%s)"), c->name, c->hostname); return -1; } /* Allocate buffers for the meta key */ - if(!cl->cipher_inkey) - cl->cipher_inkey = xmalloc(len); + if(!c->inkey) + c->inkey = xmalloc(len); - if(!cl->cipher_inctx) - cl->cipher_inctx = xmalloc(sizeof(*cl->cipher_inctx)); + if(!c->inctx) + c->inctx = xmalloc(sizeof(*c->inctx)); /* Convert the challenge from hexadecimal back to binary */ @@ -587,139 +342,336 @@ cp /* Decrypt the meta key */ - if(RSA_private_decrypt(len, buffer, cl->cipher_inkey, myself->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ + if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ { - syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); return -1; } if(debug_lvl >= DEBUG_SCARY_THINGS) { - bin2hex(cl->cipher_inkey, buffer, len); + bin2hex(c->inkey, buffer, len); buffer[len*2] = '\0'; syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); } /* All incoming requests will now be encrypted. */ - EVP_DecryptInit(cl->cipher_inctx, EVP_bf_cfb(), - cl->cipher_inkey + len - EVP_bf_cfb()->key_len, - cl->cipher_inkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len); + EVP_DecryptInit(c->inctx, EVP_bf_cfb(), + c->inkey + len - EVP_bf_cfb()->key_len, + c->inkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len); - cl->status.decryptin = 1; + c->status.decryptin = 1; - cl->allow_request = CHALLENGE; + c->allow_request = CHALLENGE; cp - return send_challenge(cl); + return send_challenge(c); } -/* Address and subnet information exchange */ - -int send_add_subnet(connection_t *cl, subnet_t *subnet) +int send_challenge(connection_t *c) { - int x; - char *netstr; - char *owner; + char *buffer; + int len, x; cp - owner = subnet->owner->name; + /* CHECKME: what is most reasonable value for len? */ - x = send_request(cl, "%d %s %s", ADD_SUBNET, - owner, netstr = net2str(subnet)); - free(netstr); + len = RSA_size(c->rsa_key); + + /* Allocate buffers for the challenge */ + + buffer = xmalloc(len*2+1); + + if(c->hischallenge) + free(c->hischallenge); + + c->hischallenge = xmalloc(len); +cp + /* Copy random data to the buffer */ + + RAND_bytes(c->hischallenge, len); + +cp + /* Convert to hex */ + + bin2hex(c->hischallenge, buffer, len); + buffer[len*2] = '\0'; + +cp + /* Send the challenge */ + + x = send_request(c, "%d %s", CHALLENGE, buffer); + free(buffer); cp return x; } -int add_subnet_h(connection_t *cl) +int challenge_h(connection_t *c) { - char subnetstr[MAX_STRING_SIZE]; - char name[MAX_STRING_SIZE]; - connection_t *owner, *p; - subnet_t *subnet; - avl_node_t *node; + char buffer[MAX_STRING_SIZE]; + int len; cp - if(sscanf(cl->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) + if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1) { - syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s)"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Got bad CHALLENGE from %s (%s)"), c->name, c->hostname); + return -1; + } + + len = RSA_size(myself->connection->rsa_key); + + /* Check if the length of the challenge is all right */ + + if(strlen(buffer) != len*2) + { + syslog(LOG_ERR, _("Intruder: wrong challenge length from %s (%s)"), c->name, c->hostname); return -1; } - /* Check if owner name is a valid */ + /* Allocate buffers for the challenge */ - if(check_id(name)) + if(!c->mychallenge) + c->mychallenge = xmalloc(len); + + /* Convert the challenge from hexadecimal back to binary */ + + hex2bin(buffer,c->mychallenge,len); + + c->allow_request = CHAL_REPLY; + + /* Rest is done by send_chal_reply() */ +cp + return send_chal_reply(c); +} + +int send_chal_reply(connection_t *c) +{ + char hash[SHA_DIGEST_LENGTH*2+1]; +cp + if(!c->mychallenge) { - syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE"), c->name, c->hostname); + return -1; + } + + /* Calculate the hash from the challenge we received */ + + SHA1(c->mychallenge, RSA_size(myself->connection->rsa_key), hash); + + /* Convert the hash to a hexadecimal formatted string */ + + bin2hex(hash,hash,SHA_DIGEST_LENGTH); + hash[SHA_DIGEST_LENGTH*2] = '\0'; + + /* Send the reply */ + +cp + return send_request(c, "%d %s", CHAL_REPLY, hash); +} + +int chal_reply_h(connection_t *c) +{ + char hishash[MAX_STRING_SIZE]; + char myhash[SHA_DIGEST_LENGTH]; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING, hishash) != 1) + { + syslog(LOG_ERR, _("Got bad CHAL_REPLY from %s (%s)"), c->name, c->hostname); + return -1; + } + + /* Check if the length of the hash is all right */ + + if(strlen(hishash) != SHA_DIGEST_LENGTH*2) + { + syslog(LOG_ERR, _("Intruder: wrong challenge reply length from %s (%s)"), c->name, c->hostname); return -1; } - /* Check if subnet string is valid */ + /* Convert the hash to binary format */ - if(!(subnet = str2net(subnetstr))) + hex2bin(hishash, hishash, SHA_DIGEST_LENGTH); + + /* Calculate the hash from the challenge we sent */ + + SHA1(c->hischallenge, RSA_size(c->rsa_key), myhash); + + /* Verify the incoming hash with the calculated hash */ + + if(memcmp(hishash, myhash, SHA_DIGEST_LENGTH)) { - syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Intruder: wrong challenge reply from %s (%s)"), c->name, c->hostname); + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); + hishash[SHA_DIGEST_LENGTH*2] = '\0'; + syslog(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); + } return -1; } - /* Check if somebody tries to add a subnet of ourself */ + /* Identity has now been positively verified. + Send an acknowledgement with the rest of the information needed. + */ - if(!strcmp(name, myself->name)) + c->allow_request = ACK; +cp + return send_ack(c); +} + +int send_ack(connection_t *c) +{ + /* ACK message contains rest of the information the other end needs + to create node_t and vertex_t structures. */ +cp + return send_request(c, "%d %d", ACK, myself->port); +} + +int ack_h(connection_t *c) +{ + port_t port; + node_t *n; + subnet_t *s; + avl_node_t *node, *node2; +cp + if(sscanf(c->buffer, "%*d %hd", &port) != 1) { - syslog(LOG_ERR, _("Warning: got ADD_SUBNET from %s (%s) for ourself, restarting"), - cl->name, cl->hostname); - sighup = 1; - return 0; + syslog(LOG_ERR, _("Got bad %s from %s"), "ACK", c->hostname); + return -1; } - /* Check if the owner of the new subnet is in the connection list */ + /* Check if we already have a node_t for him */ - if(!(owner = lookup_id(name))) - { - syslog(LOG_ERR, _("Got ADD_SUBNET for %s from %s (%s) which is not in our connection list"), - name, cl->name, cl->hostname); - return -1; - } - - /* If everything is correct, add the subnet to the list of the owner */ - - subnet_add(owner, subnet); - - /* Tell the rest */ + n = lookup_node(c->name); - for(node = connection_tree->head; node; node = node->next) + if(!n) { - p = (connection_t *)node->data; - if(p->status.active && p!= cl) - send_add_subnet(p, subnet); + n = new_node(); + n->name = xstrdup(c->name); + n->hostname = xstrdup(c->hostname); + n->port = port; + + /* FIXME: Also check if no other tinc daemon uses the same IP and port for UDP traffic */ + + node_add(n); + } + else + { + if(n->connection) + { + /* Oh dear, we already have a connection to this node. */ + syslog(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); + terminate_connection(n->connection, 0); + } + + /* FIXME: check if information in existing node matches that of the other end of this connection */ + } + + n->connection = c; + c->node = n; + + /* Check some options + + if((cfg = get_config_val(c->config, config_indirectdata))) + { + if(cfg->data.val == stupid_true) + c->options |= OPTION_INDIRECT; + } + + if((cfg = get_config_val(c->config, config_tcponly))) + { + if(cfg->data.val == stupid_true) + c->options |= OPTION_TCPONLY; + } + + if((myself->options | c->options) & OPTION_INDIRECT) + c->via = myself; + else + c->via = c; + + */ + + /* Create a vertex_t for this connection */ + + c->vertex = new_vertex(); + + c->vertex->from = myself; + c->vertex->to = n; + c->vertex->metric = 1; + c->vertex->connection = c; + + vertex_add(c->vertex); + + /* Activate this connection */ + + c->allow_request = ALL; + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); + +cp + /* Send him our subnets */ + + for(node = myself->subnet_tree->head; node; node = node->next) + { + s = (subnet_t *)node->data; + send_add_subnet(c, s); + } + + /* And send him all known nodes and their subnets */ + + for(node = node_tree->head; node; node = node->next) + { + n = (node_t *)node->data; + + if(n != c->node) + { + /* Notify others of this connection */ + + if(n->connection) + send_add_node(n->connection, c->node); + + /* Notify new connection of everything we know */ + + send_add_node(c, n); + + for(node2 = c->node->subnet_tree->head; node2; node2 = node2->next) + { + s = (subnet_t *)node2->data; + send_add_subnet(c, s); + } + } } cp return 0; } -int send_del_subnet(connection_t *cl, subnet_t *subnet) + + +/* Address and subnet information exchange */ + +int send_add_subnet(connection_t *c, subnet_t *subnet) { int x; char *netstr; - char *owner; cp - owner = subnet->owner->name; - - x = send_request(cl, "%d %s %s", DEL_SUBNET, owner, netstr = net2str(subnet)); + x = send_request(c, "%d %s %s", ADD_SUBNET, + subnet->owner->name, netstr = net2str(subnet)); free(netstr); cp return x; } -int del_subnet_h(connection_t *cl) +int add_subnet_h(connection_t *c) { char subnetstr[MAX_STRING_SIZE]; char name[MAX_STRING_SIZE]; - connection_t *owner, *p; - subnet_t *subnet; + node_t *owner; + connection_t *other; + subnet_t *s; avl_node_t *node; cp - if(sscanf(cl->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 3) + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) { - syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s)"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s)"), c->name, c->hostname); return -1; } @@ -727,50 +679,114 @@ cp if(check_id(name)) { - syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid identity name"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid identity name"), c->name, c->hostname); return -1; } /* Check if subnet string is valid */ - if(!(subnet = str2net(subnetstr))) + if(!(s = str2net(subnetstr))) { - syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid subnet string"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid subnet string"), c->name, c->hostname); return -1; } - free(subnetstr); - - /* Check if somebody tries to add a subnet of ourself */ - - if(!strcmp(name, myself->name)) - { - syslog(LOG_ERR, _("Warning: got DEL_SUBNET from %s (%s) for ourself, restarting"), - cl->name, cl->hostname); - sighup = 1; - return 0; - } - /* Check if the owner of the new subnet is in the connection list */ - if(!(owner = lookup_id(name))) + if(!(owner = lookup_node(name))) { - syslog(LOG_ERR, _("Got DEL_SUBNET for %s from %s (%s) which is not in our connection list"), - name, cl->name, cl->hostname); + syslog(LOG_ERR, _("Got ADD_SUBNET for %s from %s (%s) which is not in our connection list"), + name, c->name, c->hostname); return -1; } - /* If everything is correct, delete the subnet from the list of the owner */ + /* If everything is correct, add the subnet to the list of the owner */ - subnet_del(subnet); + subnet_add(owner, s); /* Tell the rest */ for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)node->data; - if(p->status.active && p!= cl) - send_del_subnet(p, subnet); + other = (connection_t *)node->data; + if(other->status.active && other != c) + send_add_subnet(other, s); + } +cp + return 0; +} + +int send_del_subnet(connection_t *c, subnet_t *s) +{ + int x; + char *netstr; +cp + x = send_request(c, "%d %s %s", DEL_SUBNET, s->owner->name, netstr = net2str(s)); + free(netstr); +cp + return x; +} + +int del_subnet_h(connection_t *c) +{ + char subnetstr[MAX_STRING_SIZE]; + char name[MAX_STRING_SIZE]; + node_t *owner; + connection_t *other; + subnet_t *s, *find; + avl_node_t *node; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 3) + { + syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s)"), c->name, c->hostname); + return -1; + } + + /* Check if owner name is a valid */ + + if(check_id(name)) + { + syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid identity name"), c->name, c->hostname); + return -1; + } + + /* Check if subnet string is valid */ + + if(!(s = str2net(subnetstr))) + { + syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid subnet string"), c->name, c->hostname); + return -1; + } + + /* Check if the owner of the new subnet is in the connection list */ + + if(!(owner = lookup_node(name))) + { + syslog(LOG_ERR, _("Got DEL_SUBNET for %s from %s (%s) which is not in our connection list"), + name, c->name, c->hostname); + return -1; + } + + /* If everything is correct, delete the subnet from the list of the owner */ + + find = lookup_subnet(owner, s); + + if(!find) + { + syslog(LOG_ERR, _("Got DEL_SUBNET for %s from %s (%s) which does not appear in his subnet tree"), + name, c->name, c->hostname); + return -1; + } + + subnet_del(owner, s); + + /* Tell the rest */ + + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + if(other->status.active && other != c) + send_del_subnet(other, s); } cp return 0; @@ -778,24 +794,25 @@ cp /* New and closed connections notification */ -int send_add_host(connection_t *cl, connection_t *other) +int send_add_node(connection_t *c, node_t *n) { cp - return send_request(cl, "%d %s %lx:%d %lx %s", ADD_HOST, - other->name, other->address, other->port, other->options, other->prevhop->name); + return send_request(c, "%d %s %lx:%d", ADD_NODE, + n->name, n->address, n->port); } -int add_host_h(connection_t *cl) +int add_node_h(connection_t *c) { - connection_t *old, *new, *p; - char name[MAX_STRING_SIZE], prevhop[MAX_STRING_SIZE]; + connection_t *other; + node_t *n; + char name[MAX_STRING_SIZE]; + ipv4_t address; + port_t port; avl_node_t *node; cp - new = new_connection(); - - if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%hd %lx "MAX_STRING, name, &new->address, &new->port, &new->options, prevhop) != 5) + if(sscanf(c->buffer, "%*d "MAX_STRING" %lx:%hd", name, &address, &port) != 3) { - syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s)"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Got bad ADD_NODE from %s (%s)"), c->name, c->hostname); return -1; } @@ -803,15 +820,7 @@ cp if(check_id(name)) { - syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid identity name"), cl->name, cl->hostname); - free_connection(new); - return -1; - } - - if(check_id(prevhop)) - { - syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): invalid prevhop name"), cl->name, cl->hostname); - free_connection(new); + syslog(LOG_ERR, _("Got bad ADD_NODE from %s (%s): invalid identity name"), c->name, c->hostname); return -1; } @@ -819,94 +828,60 @@ cp if(!strcmp(name, myself->name)) { - syslog(LOG_ERR, _("Got ADD_HOST from %s (%s) for ourself!"), cl->name, cl->hostname); - free_connection(new); + syslog(LOG_ERR, _("Got ADD_NODE from %s (%s) for ourself!"), c->name, c->hostname); return -1; } - /* Fill in more of the new connection structure */ - - new->hostname = hostlookup(htonl(new->address)); - - new->prevhop = lookup_id(prevhop); + /* Check if node already exists */ - if(!new->prevhop) + n = lookup_node(name); + + if(n) { - syslog(LOG_ERR, _("Got bad ADD_HOST from %s (%s): unknown prevhop"), cl->name, cl->hostname); - free_connection(new); - return -1; + /* Check if it matches */ + } + else + { + n = new_node(); + n->name = xstrdup(name); + n->address = address; + n->port = port; + node_add(n); } - /* Check if the new host already exists in the connnection list */ - - if((old = lookup_id(name))) - { - if((new->address == old->address) && (new->port == old->port) && (cl->nexthop == old->nexthop)) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Got duplicate ADD_HOST for %s (%s) from %s (%s)"), - old->name, old->hostname, cl->name, cl->hostname); - free_connection(new); - return 0; - } - else - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Removing old entry for %s (%s) from %s in favour of new connection from %s"), - old->name, old->hostname, old->nexthop->name, cl->nexthop->name); - - terminate_connection(old, 0); - } - } - - /* Hook it up into the active tree */ - - new->name = xstrdup(name); - active_add(new); - - /* Tell the rest about the new host */ + /* Tell the rest about the new node */ for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)node->data; - if(p->status.active && p!=cl) - send_add_host(p, new); + other = (connection_t *)node->data; + if(other->status.active && other !=c) + send_add_node(other, n); } - /* Fill in rest of connection structure */ - - new->nexthop = cl; - new->cipher_pkttype = EVP_bf_cbc(); - new->cipher_pktkeylength = cl->cipher_pkttype->key_len + cl->cipher_pkttype->iv_len; - - if(new->options & OPTION_INDIRECT || new->prevhop->via != new->prevhop) - new->via = new->prevhop->via; - else - new->via = new; cp return 0; } -int send_del_host(connection_t *cl, connection_t *other) +int send_del_node(connection_t *c, node_t *n) { cp - return send_request(cl, "%d %s %lx:%d %lx %s", DEL_HOST, - other->name, other->address, other->port, other->options, other->prevhop->name); + return send_request(c, "%d %s %lx:%d", DEL_NODE, + n->name, n->address, n->port); } -int del_host_h(connection_t *cl) +int del_node_h(connection_t *c) { - char name[MAX_STRING_SIZE], prevhop[MAX_STRING_SIZE]; + node_t *n; + char name[MAX_STRING_SIZE]; ipv4_t address; port_t port; - long int options; - connection_t *old, *p; + connection_t *other; avl_node_t *node; cp - if(sscanf(cl->buffer, "%*d "MAX_STRING" %lx:%hd %lx "MAX_STRING, name, &address, &port, &options, prevhop) != 5) + if(sscanf(c->buffer, "%*d "MAX_STRING" %lx:%hd", name, &address, &port) != 3) { - syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s)"), - cl->name, cl->hostname); + syslog(LOG_ERR, _("Got bad DEL_NODE from %s (%s)"), + c->name, c->hostname); return -1; } @@ -914,13 +889,7 @@ cp if(check_id(name)) { - syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s): invalid identity name"), cl->name, cl->hostname); - return -1; - } - - if(check_id(prevhop)) - { - syslog(LOG_ERR, _("Got bad DEL_HOST from %s (%s): invalid prevhop name"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Got bad DEL_NODE from %s (%s): invalid identity name"), c->name, c->hostname); return -1; } @@ -928,142 +897,143 @@ cp if(!strcmp(name, myself->name)) { - syslog(LOG_ERR, _("Got DEL_HOST from %s (%s) for ourself!"), - cl->name, cl->hostname); + syslog(LOG_ERR, _("Got DEL_NODE from %s (%s) for ourself!"), + c->name, c->hostname); return -1; } - /* Check if the deleted host already exists in the connnection list */ + /* Check if the deleted host exists */ - if(!(old = lookup_id(name))) + n = lookup_node(name); + + if(!n) { - syslog(LOG_ERR, _("Got DEL_HOST from %s (%s) for %s which is not in our connection list"), - cl->name, cl->hostname, name); - return -1; + syslog(LOG_WARNING, _("Got DEL_NODE from %s (%s) for %s which does not exist"), c->name, c->hostname, n->name); + return 0; } /* Check if the rest matches */ - if(address!=old->address || port!=old->port || options!=old->options || cl!=old->nexthop || strcmp(prevhop, old->prevhop->name)) + if(address != n->address || port != n->port) { - syslog(LOG_WARNING, _("Got DEL_HOST from %s (%s) for %s which doesn't match"), cl->name, cl->hostname, old->name); + syslog(LOG_WARNING, _("Got DEL_NODE from %s (%s) for %s which doesn't match"), c->name, c->hostname, n->name); return 0; } - /* Ok, since EVERYTHING seems to check out all right, delete it */ - - terminate_connection(old, 0); - - /* Tell the rest about the deleted host */ + /* Tell the rest about the deleted node */ for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)node->data; - if(p->status.active && p!=cl) - send_del_host(p, old); + other = (connection_t *)node->data; + if(other->status.active && other != c) + send_del_node(other, n); } + + /* Delete the node */ + + node_del(n); cp return 0; } /* Status and error notification routines */ -int send_status(connection_t *cl, int statusno, char *statusstring) +int send_status(connection_t *c, int statusno, char *statusstring) { cp if(!statusstring) statusstring = status_text[statusno]; cp - return send_request(cl, "%d %d %s", STATUS, statusno, statusstring); + return send_request(c, "%d %d %s", STATUS, statusno, statusstring); } -int status_h(connection_t *cl) +int status_h(connection_t *c) { int statusno; char statusstring[MAX_STRING_SIZE]; cp - if(sscanf(cl->buffer, "%*d %d "MAX_STRING, &statusno, statusstring) != 2) + if(sscanf(c->buffer, "%*d %d "MAX_STRING, &statusno, statusstring) != 2) { syslog(LOG_ERR, _("Got bad STATUS from %s (%s)"), - cl->name, cl->hostname); + c->name, c->hostname); return -1; } if(debug_lvl >= DEBUG_STATUS) { syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), - cl->name, cl->hostname, status_text[statusno], statusstring); + c->name, c->hostname, status_text[statusno], statusstring); } cp return 0; } -int send_error(connection_t *cl, int err, char *errstring) +int send_error(connection_t *c, int err, char *errstring) { cp if(!errstring) errstring = strerror(err); - return send_request(cl, "%d %d %s", ERROR, err, errstring); + return send_request(c, "%d %d %s", ERROR, err, errstring); } -int error_h(connection_t *cl) +int error_h(connection_t *c) { int err; char errorstring[MAX_STRING_SIZE]; cp - if(sscanf(cl->buffer, "%*d %d "MAX_STRING, &err, errorstring) != 2) + if(sscanf(c->buffer, "%*d %d "MAX_STRING, &err, errorstring) != 2) { syslog(LOG_ERR, _("Got bad ERROR from %s (%s)"), - cl->name, cl->hostname); + c->name, c->hostname); return -1; } if(debug_lvl >= DEBUG_ERROR) { syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), - cl->name, cl->hostname, strerror(err), errorstring); + c->name, c->hostname, strerror(err), errorstring); } - terminate_connection(cl, cl->status.meta); + terminate_connection(c, c->status.active); cp return 0; } -int send_termreq(connection_t *cl) +int send_termreq(connection_t *c) { cp - return send_request(cl, "%d", TERMREQ); + return send_request(c, "%d", TERMREQ); } -int termreq_h(connection_t *cl) +int termreq_h(connection_t *c) { cp - terminate_connection(cl, cl->status.meta); + terminate_connection(c, c->status.active); cp return 0; } -int send_ping(connection_t *cl) +int send_ping(connection_t *c) { char salt[SALTLEN*2+1]; cp - cl->status.pinged = 1; - cl->last_ping_time = time(NULL); + c->status.pinged = 1; + c->last_ping_time = time(NULL); RAND_pseudo_bytes(salt, SALTLEN); bin2hex(salt, salt, SALTLEN); salt[SALTLEN*2] = '\0'; cp - return send_request(cl, "%d %s", PING, salt); + return send_request(c, "%d %s", PING, salt); } -int ping_h(connection_t *cl) +int ping_h(connection_t *c) { cp - return send_pong(cl); + return send_pong(c); } -int send_pong(connection_t *cl) +int send_pong(connection_t *c) { char salt[SALTLEN*2+1]; cp @@ -1071,190 +1041,201 @@ cp bin2hex(salt, salt, SALTLEN); salt[SALTLEN*2] = '\0'; cp - return send_request(cl, "%d %s", PONG, salt); + return send_request(c, "%d %s", PONG, salt); } -int pong_h(connection_t *cl) +int pong_h(connection_t *c) { cp - cl->status.pinged = 0; + c->status.pinged = 0; cp return 0; } /* Key exchange */ -int send_key_changed(connection_t *from, connection_t *cl) +int send_key_changed(connection_t *c, node_t *n) { - connection_t *p; + connection_t *other; avl_node_t *node; cp /* Only send this message if some other daemon requested our key previously. This reduces unnecessary key_changed broadcasts. */ - if(from==myself && !mykeyused) + if(n == myself && !mykeyused) return 0; for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)node->data; - if(p != cl && p->status.active) - send_request(p, "%d %s", KEY_CHANGED, from->name); + other = (connection_t *)node->data; + if(other != c && other->status.active) + send_request(other, "%d %s", KEY_CHANGED, n->name); } cp return 0; } -int key_changed_h(connection_t *cl) +int key_changed_h(connection_t *c) { - char from_id[MAX_STRING_SIZE]; - connection_t *from; + char name[MAX_STRING_SIZE]; + node_t *n; cp - if(sscanf(cl->buffer, "%*d "MAX_STRING, from_id) != 1) + if(sscanf(c->buffer, "%*d "MAX_STRING, name) != 1) { syslog(LOG_ERR, _("Got bad KEY_CHANGED from %s (%s)"), - cl->name, cl->hostname); + c->name, c->hostname); return -1; } - if(!(from = lookup_id(from_id))) + n = lookup_node(name); + + if(!n) { - syslog(LOG_ERR, _("Got KEY_CHANGED from %s (%s) origin %s which does not exist in our connection list"), - cl->name, cl->hostname, from_id); + syslog(LOG_ERR, _("Got KEY_CHANGED from %s (%s) origin %s which does not exist"), + c->name, c->hostname, name); return -1; } - from->status.validkey = 0; - from->status.waitingforkey = 0; + n->status.validkey = 0; + n->status.waitingforkey = 0; - send_key_changed(from, cl); + send_key_changed(c, n); cp return 0; } -int send_req_key(connection_t *from, connection_t *to) +int send_req_key(connection_t *c, node_t *from, node_t *to) { cp - return send_request(to->nexthop, "%d %s %s", REQ_KEY, + return send_request(c, "%d %s %s", REQ_KEY, from->name, to->name); } -int req_key_h(connection_t *cl) +int req_key_h(connection_t *c) { - char from_id[MAX_STRING_SIZE]; - char to_id[MAX_STRING_SIZE]; - connection_t *from, *to; - char pktkey[129]; + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + node_t *from, *to; + char key[MAX_STRING_SIZE]; cp - if(sscanf(cl->buffer, "%*d "MAX_STRING" "MAX_STRING, from_id, to_id) != 2) + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, from_name, to_name) != 2) { syslog(LOG_ERR, _("Got bad REQ_KEY from %s (%s)"), - cl->name, cl->hostname); + c->name, c->hostname); return -1; } - if(!(from = lookup_id(from_id))) + from = lookup_node(from_name); + + if(!from) { syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) origin %s which does not exist in our connection list"), - cl->name, cl->hostname, from_id); + c->name, c->hostname, from_name); + return -1; + } + + to = lookup_node(to_name); + + if(!to) + { + syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) destination %s which does not exist in our connection list"), + c->name, c->hostname, to_name); return -1; } /* Check if this key request is for us */ - if(!strcmp(to_id, myself->name)) /* Yes, send our own key back */ + if(to == myself) /* Yes, send our own key back */ { - bin2hex(myself->cipher_pktkey, pktkey, myself->cipher_pktkeylength); - pktkey[myself->cipher_pktkeylength*2] = '\0'; - send_ans_key(myself, from, pktkey); + bin2hex(myself->key, key, myself->keylength); + key[myself->keylength * 2] = '\0'; + send_ans_key(c, myself, from, key); mykeyused = 1; } else { - if(!(to = lookup_id(to_id))) - { - syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) destination %s which does not exist in our connection list"), - cl->name, cl->hostname, to_id); - return -1; - } - if(to->status.validkey) /* Proxy keys */ { - bin2hex(to->cipher_pktkey, pktkey, to->cipher_pktkeylength); - pktkey[to->cipher_pktkeylength*2] = '\0'; - send_ans_key(to, from, pktkey); + bin2hex(to->key, key, to->keylength); + key[to->keylength * 2] = '\0'; + send_ans_key(c, to, from, key); } else - send_req_key(from, to); + send_req_key(to->nexthop->connection, from, to); } cp return 0; } -int send_ans_key(connection_t *from, connection_t *to, char *pktkey) +int send_ans_key(connection_t *c, node_t *from, node_t *to, char *key) { cp - return send_request(to->nexthop, "%d %s %s %s", ANS_KEY, - from->name, to->name, pktkey); + return send_request(c, "%d %s %s %s", ANS_KEY, + from->name, to->name, key); } -int ans_key_h(connection_t *cl) +int ans_key_h(connection_t *c) { - char from_id[MAX_STRING_SIZE]; - char to_id[MAX_STRING_SIZE]; - char pktkey[MAX_STRING_SIZE]; + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + char key[MAX_STRING_SIZE]; int keylength; - connection_t *from, *to; + node_t *from, *to; cp - if(sscanf(cl->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING, from_id, to_id, pktkey) != 3) + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING, from_name, to_name, key) != 3) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s)"), - cl->name, cl->hostname); + c->name, c->hostname); return -1; } - if(!(from = lookup_id(from_id))) + from = lookup_node(from_name); + + if(!from) { syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) origin %s which does not exist in our connection list"), - cl->name, cl->hostname, from_id); + c->name, c->hostname, from_name); + return -1; + } + + to = lookup_node(to_name); + + if(!to) + { + syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) destination %s which does not exist in our connection list"), + c->name, c->hostname, to_name); return -1; } /* Check correctness of packet key */ - keylength = strlen(pktkey); + keylength = strlen(key); - if(keylength != from->cipher_pktkeylength*2) + if(keylength != from->keylength * 2) { syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key length"), - cl->name, cl->hostname, from->name); + c->name, c->hostname, from->name); return -1; } /* Forward it if necessary */ - if(strcmp(to_id, myself->name)) + if(to != myself) { - if(!(to = lookup_id(to_id))) - { - syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) destination %s which does not exist in our connection list"), - cl->name, cl->hostname, to_id); - return -1; - } - send_ans_key(from, to, pktkey); + send_ans_key(to->nexthop->connection, from, to, key); } /* Update our copy of the origin's packet key */ - if(from->cipher_pktkey) - free(from->cipher_pktkey); + if(from->key) + free(from->key); - from->cipher_pktkey = xstrdup(pktkey); + from->key = xstrdup(key); keylength /= 2; - hex2bin(from->cipher_pktkey, from->cipher_pktkey, keylength); - from->cipher_pktkey[keylength] = '\0'; + hex2bin(from->key, from->key, keylength); + from->key[keylength] = '\0'; from->status.validkey = 1; from->status.waitingforkey = 0; @@ -1264,33 +1245,33 @@ cp return 0; } -int send_tcppacket(connection_t *cl, vpn_packet_t *packet) +int send_tcppacket(connection_t *c, vpn_packet_t *packet) { int x; cp /* Evil hack. */ - x = send_request(cl->nexthop, "%d %hd", PACKET, packet->len); + x = send_request(c, "%d %hd", PACKET, packet->len); if(x) return x; cp - return send_meta(cl, packet->data, packet->len); + return send_meta(c, packet->data, packet->len); } -int tcppacket_h(connection_t *cl) +int tcppacket_h(connection_t *c) { short int len; cp - if(sscanf(cl->buffer, "%*d %hd", &len) != 1) + if(sscanf(c->buffer, "%*d %hd", &len) != 1) { - syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"), cl->name, cl->hostname); + syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"), c->name, c->hostname); return -1; } /* Set reqlen to len, this will tell receive_meta() that a tcppacket is coming. */ - cl->tcplen = len; + c->tcplen = len; cp return 0; } @@ -1298,10 +1279,10 @@ cp /* Jumptable for the request handlers */ int (*request_handlers[])(connection_t*) = { - id_h, metakey_h, challenge_h, chal_reply_h, + id_h, metakey_h, challenge_h, chal_reply_h, ack_h, status_h, error_h, termreq_h, ping_h, pong_h, - add_host_h, del_host_h, + add_node_h, del_node_h, add_subnet_h, del_subnet_h, key_changed_h, req_key_h, ans_key_h, tcppacket_h, @@ -1310,11 +1291,12 @@ int (*request_handlers[])(connection_t*) = { /* Request names */ char (*request_name[]) = { - "ID", "METAKEY", "CHALLENGE", "CHAL_REPLY", + "ID", "METAKEY", "CHALLENGE", "CHAL_REPLY", "ACK", "STATUS", "ERROR", "TERMREQ", "PING", "PONG", - "ADD_HOST", "DEL_HOST", + "ADD_NODE", "DEL_NODE", "ADD_SUBNET", "DEL_SUBNET", + "ADD_VERTEX", "DEL_VERTEX", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", "PACKET", }; diff --git a/src/protocol.h b/src/protocol.h index 0d163868..64e17ad0 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,13 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.22 2001/09/24 14:12:00 guus Exp $ + $Id: protocol.h,v 1.5.4.23 2001/10/27 12:13:17 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ #define __TINC_PROTOCOL_H__ #include "net.h" +#include "node.h" #include "subnet.h" /* Protocol version. Different versions are incompatible, @@ -36,11 +37,12 @@ enum { ALL = -1, /* Guardian for allow_request */ - ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, + ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, ACK, STATUS, ERROR, TERMREQ, - PING, PONG, - ADD_HOST, DEL_HOST, + PING, PONG, + ADD_NODE, DEL_NODE, ADD_SUBNET, DEL_SUBNET, + ADD_VERTEX, DEL_VERTEX, KEY_CHANGED, REQ_KEY, ANS_KEY, PACKET, LAST /* Guardian for the highest request number */ @@ -54,21 +56,24 @@ enum { extern int (*request_handlers[])(connection_t*); extern int send_id(connection_t*); +extern int send_metakey(connection_t*); extern int send_challenge(connection_t*); extern int send_chal_reply(connection_t*); -extern int send_metakey(connection_t*); +extern int send_ack(connection_t*); extern int send_status(connection_t*, int, char*); extern int send_error(connection_t*, int, char*); extern int send_termreq(connection_t*); extern int send_ping(connection_t*); extern int send_pong(connection_t*); -extern int send_add_host(connection_t*, connection_t*); -extern int send_del_host(connection_t*, connection_t*); +extern int send_add_node(connection_t*, node_t*); +extern int send_del_node(connection_t*, node_t*); extern int send_add_subnet(connection_t*, subnet_t*); extern int send_del_subnet(connection_t*, subnet_t*); -extern int send_key_changed(connection_t*, connection_t*); -extern int send_req_key(connection_t*, connection_t*); -extern int send_ans_key(connection_t*, connection_t*, char*); +extern int send_add_vertex(connection_t*, node_t*); +extern int send_del_vertex(connection_t*, node_t*); +extern int send_key_changed(connection_t*, node_t*); +extern int send_req_key(connection_t*, node_t*, node_t*); +extern int send_ans_key(connection_t*, node_t*, node_t*, char*); extern int send_tcppacket(connection_t *, vpn_packet_t *); /* Old functions */ diff --git a/src/route.c b/src/route.c index dc91940a..c8de7a57 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.18 2001/07/21 20:21:25 guus Exp $ + $Id: route.c,v 1.1.2.19 2001/10/27 12:13:17 guus Exp $ */ #include "config.h" @@ -56,7 +56,7 @@ void learn_mac(mac_t *address) { subnet_t *subnet; avl_node_t *node; - connection_t *p; + connection_t *c; cp subnet = lookup_subnet_mac(address); @@ -77,14 +77,14 @@ cp for(node = connection_tree->head; node; node = node->next) { - p = (connection_t *)node->data; - if(p->status.active) - send_add_subnet(p, subnet); + c = (connection_t *)node->data; + if(c->status.active) + send_add_subnet(c, subnet); } } } -connection_t *route_mac(vpn_packet_t *packet) +node_t *route_mac(vpn_packet_t *packet) { subnet_t *subnet; cp @@ -102,7 +102,7 @@ cp return NULL; } -connection_t *route_ipv4(vpn_packet_t *packet) +node_t *route_ipv4(vpn_packet_t *packet) { ipv4_t dest; subnet_t *subnet; @@ -130,15 +130,26 @@ cp return subnet->owner; } -connection_t *route_ipv6(vpn_packet_t *packet) +node_t *route_ipv6(vpn_packet_t *packet) { + ipv6_t dest; + subnet_t *subnet; cp - if(debug_lvl > DEBUG_NOTHING) + memcpy(&dest, &packet->data[30], sizeof(ipv6_t)); + + subnet = lookup_subnet_ipv6(&dest); +cp + if(!subnet) { - syslog(LOG_WARNING, _("Cannot route packet: IPv6 routing not yet implemented")); - } + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address")); + } + + return NULL; + } cp - return NULL; + return subnet->owner; } void route_arp(vpn_packet_t *packet) @@ -213,7 +224,7 @@ cp void route_outgoing(vpn_packet_t *packet) { unsigned short int type; - connection_t *cl; + node_t *n; cp /* FIXME: multicast? */ @@ -224,10 +235,10 @@ cp switch(type) { case 0x0800: - cl = route_ipv4(packet); + n = route_ipv4(packet); break; case 0x86DD: - cl = route_ipv6(packet); + n = route_ipv6(packet); break; case 0x0806: route_arp(packet); @@ -239,14 +250,14 @@ cp } return; } - if(cl) - send_packet(cl, packet); + if(n) + send_packet(n, packet); break; case RMODE_SWITCH: - cl = route_mac(packet); - if(cl) - send_packet(cl, packet); + n = route_mac(packet); + if(n) + send_packet(n, packet); else broadcast_packet(myself, packet); break; @@ -257,7 +268,7 @@ cp } } -void route_incoming(connection_t *source, vpn_packet_t *packet) +void route_incoming(node_t *source, vpn_packet_t *packet) { switch(routing_mode) { @@ -286,7 +297,7 @@ void route_incoming(connection_t *source, vpn_packet_t *packet) } break; case RMODE_HUB: - broadcast_packet(source,packet); /* Spread it on */ + broadcast_packet(source, packet); /* Spread it on */ accept_packet(packet); break; } diff --git a/src/route.h b/src/route.h index 4eafc3b9..4423e724 100644 --- a/src/route.h +++ b/src/route.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.h,v 1.1.2.3 2001/03/04 13:59:32 guus Exp $ + $Id: route.h,v 1.1.2.4 2001/10/27 12:13:17 guus Exp $ */ #ifndef __TINC_ROUTE_H__ @@ -31,9 +31,8 @@ enum }; extern int routing_mode; -extern subnet_t mymac; -extern void route_incoming(connection_t *, vpn_packet_t *); +extern void route_incoming(node_t *, vpn_packet_t *); extern void route_outgoing(vpn_packet_t *); #endif /* __TINC_ROUTE_H__ */ diff --git a/src/subnet.c b/src/subnet.c index cb9cbb75..48ac45e2 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.24 2001/08/28 20:52:39 guus Exp $ + $Id: subnet.c,v 1.1.2.25 2001/10/27 12:13:17 guus Exp $ */ #include "config.h" @@ -28,7 +28,7 @@ #include "conf.h" #include "net.h" -#include "connection.h" +#include "node.h" #include "subnet.h" #include "system.h" @@ -51,8 +51,14 @@ cp int subnet_compare_mac(subnet_t *a, subnet_t *b) { + int result; cp - return memcmp(&a->net.mac.address, &b->net.mac.address, sizeof(mac_t)); + result = memcmp(&a->net.mac.address, &b->net.mac.address, sizeof(mac_t)); + + if(result) + return result; + + return strcmp(a->owner->name, b->owner->name); } int subnet_compare_ipv4(subnet_t *a, subnet_t *b) @@ -60,43 +66,36 @@ int subnet_compare_ipv4(subnet_t *a, subnet_t *b) cp /* We compare as if a subnet is a number that equals (address << 32 + netmask). */ - if(a->net.ipv4.address == b->net.ipv4.address) - { - if(a->net.ipv4.mask < b->net.ipv4.mask) - return -1; - else if(a->net.ipv4.mask > b->net.ipv4.mask) - return 1; - else - return 0; - } - else - { - if(a->net.ipv4.address < b->net.ipv4.address) - return -1; - else if(a->net.ipv4.address > b->net.ipv4.address) - return 1; - else - return 0; - } + if(a->net.ipv4.address < b->net.ipv4.address) + return -1; + else if(a->net.ipv4.address > b->net.ipv4.address) + return 1; + + if(a->net.ipv4.mask < b->net.ipv4.mask) + return -1; + else if(a->net.ipv4.mask > b->net.ipv4.mask) + return 1; + + return strcmp(a->owner->name, b->owner->name); } int subnet_compare_ipv6(subnet_t *a, subnet_t *b) { + int result; cp /* Same as ipv4 case, but with nasty 128 bit addresses */ - if(memcmp(&a->net.ipv6.mask, &b->net.ipv6.mask, sizeof(ipv6_t)) > 0) - if((a->net.ipv6.address.x[0] & b->net.ipv6.mask.x[0]) == b->net.ipv6.address.x[0] && - (a->net.ipv6.address.x[1] & b->net.ipv6.mask.x[1]) == b->net.ipv6.address.x[1] && - (a->net.ipv6.address.x[2] & b->net.ipv6.mask.x[2]) == b->net.ipv6.address.x[2] && - (a->net.ipv6.address.x[3] & b->net.ipv6.mask.x[3]) == b->net.ipv6.address.x[3] && - (a->net.ipv6.address.x[4] & b->net.ipv6.mask.x[4]) == b->net.ipv6.address.x[4] && - (a->net.ipv6.address.x[5] & b->net.ipv6.mask.x[5]) == b->net.ipv6.address.x[5] && - (a->net.ipv6.address.x[6] & b->net.ipv6.mask.x[6]) == b->net.ipv6.address.x[6] && - (a->net.ipv6.address.x[7] & b->net.ipv6.mask.x[7]) == b->net.ipv6.address.x[7]) - return -1; + result = memcmp(a->net.ipv6.address.x, b->net.ipv6.address.x, sizeof(ipv6_t)); - return memcmp(&a->net.ipv6.address, &b->net.ipv6.address, sizeof(ipv6_t)); + if(result) + return result; + + result = memcmp(a->net.ipv6.mask.x, b->net.ipv6.mask.x, sizeof(ipv6_t)); + + if(result) + return result; + + return strcmp(a->owner->name, b->owner->name); } int subnet_compare(subnet_t *a, subnet_t *b) @@ -138,37 +137,21 @@ cp /* Linked list management */ -void subnet_add(connection_t *cl, subnet_t *subnet) +void subnet_add(node_t *n, subnet_t *subnet) { cp - subnet->owner = cl; + subnet->owner = n; - while(!avl_insert(subnet_tree, subnet)) - { - subnet_t *old; - - old = (subnet_t *)avl_search(subnet_tree, subnet); - - if(debug_lvl >= DEBUG_PROTOCOL) - { - char *subnetstr; - subnetstr = net2str(subnet); - syslog(LOG_WARNING, _("Duplicate subnet %s for %s (%s), previous owner %s (%s)!"), - subnetstr, cl->name, cl->hostname, old->owner->name, old->owner->hostname); - free(subnetstr); - } - - subnet_del(old); - } - - avl_insert(cl->subnet_tree, subnet); + avl_insert(subnet_tree, subnet); +cp + avl_insert(n->subnet_tree, subnet); cp } -void subnet_del(subnet_t *subnet) +void subnet_del(node_t *n, subnet_t *subnet) { cp - avl_delete(subnet->owner->subnet_tree, subnet); + avl_delete(n->subnet_tree, subnet); cp avl_delete(subnet_tree, subnet); cp @@ -285,6 +268,12 @@ cp /* Subnet lookup routines */ +subnet_t *lookup_subnet(node_t *owner, subnet_t *subnet) +{ +cp + return avl_search(owner->subnet_tree, subnet); +} + subnet_t *lookup_subnet_mac(mac_t *address) { subnet_t subnet, *p; diff --git a/src/subnet.h b/src/subnet.h index 2659386e..59693019 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.10 2001/01/08 21:32:30 guus Exp $ + $Id: subnet.h,v 1.1.2.11 2001/10/27 12:13:17 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -50,9 +50,11 @@ typedef struct subnet_ipv6_t ipv6_t mask; } subnet_ipv6_t; +#include "node.h" + typedef struct subnet_t { - struct connection_t *owner; /* the owner of this subnet */ - struct connection_t *uplink; /* the uplink which we should send packets to for this subnet */ + struct node_t *owner; /* the owner of this subnet */ + struct node_t *uplink; /* the uplink which we should send packets to for this subnet */ int type; /* subnet type (IPv4? IPv6? MAC? something even weirder?) */ @@ -65,18 +67,17 @@ typedef struct subnet_t { subnet_ipv6_t ipv6; } net; -} subnet_t; - -#include "connection.h" +} subnet_t; extern subnet_t *new_subnet(void); extern void free_subnet(subnet_t *); extern void init_subnets(void); -extern void subnet_add(struct connection_t *, subnet_t *); -extern void subnet_del(subnet_t *); +extern void subnet_add(struct node_t *, subnet_t *); +extern void subnet_del(struct node_t *, subnet_t *); extern char *net2str(subnet_t *); extern subnet_t *str2net(char *); extern int subnet_compare(subnet_t *, subnet_t *); +extern subnet_t *lookup_subnet(struct node_t *, subnet_t *); extern subnet_t *lookup_subnet_mac(mac_t *); extern subnet_t *lookup_subnet_ipv4(ipv4_t *); extern subnet_t *lookup_subnet_ipv6(ipv6_t *); diff --git a/src/tincd.c b/src/tincd.c index 8eeef1d3..b790d7a1 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.52 2001/09/01 12:36:53 guus Exp $ + $Id: tincd.c,v 1.10.4.53 2001/10/27 12:13:17 guus Exp $ */ #include "config.h" @@ -205,7 +205,7 @@ int keygen(int bits) { RSA *rsa_key; FILE *f; - config_t const *cfg; + char *name = NULL; char *filename; fprintf(stderr, _("Generating %d bits keys:\n"), bits); @@ -219,8 +219,10 @@ int keygen(int bits) else fprintf(stderr, _("Done.\n")); - if(config && (cfg = get_config_val(config, config_name))) - asprintf(&filename, "%s/hosts/%s", confbase, cfg->data.ptr); + get_config_string(lookup_config(config_tree, "Name"), &name); + + if(name) + asprintf(&filename, "%s/hosts/%s", confbase, name); else asprintf(&filename, "%s/rsa_key.pub", confbase); @@ -350,8 +352,8 @@ cp if(do_detach) { - syslog(LOG_NOTICE, _("Restarting in %d seconds!"), MAXTIMEOUT); - sleep(MAXTIMEOUT); + syslog(LOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout); + sleep(maxtimeout); } else { diff --git a/src/vertex.c b/src/vertex.c index 54da8720..4f0b5d6e 100644 --- a/src/vertex.c +++ b/src/vertex.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: vertex.c,v 1.1.2.1 2001/10/10 08:49:47 guus Exp $ + $Id: vertex.c,v 1.1.2.2 2001/10/27 12:13:17 guus Exp $ */ #include "config.h" @@ -44,7 +44,7 @@ avl_tree_t *connection_tree; /* Tree with all meta connections with ourself * int connection_compare(connection_t *a, connection_t *b) { - return a->meta_socket - b->meta_socket; + return a->socket - b->socket; } int vertex_compare(vertex_t *a, vertex_t *b) @@ -97,29 +97,38 @@ cp void free_vertex(vertex_t *v) { cp - if(v->from.hostname) - free(v->from.hostname) - if(v->to.hostname) - free(v->to.hostname) - free(v); cp } +void vertex_add(vertex_t *v) +{ +cp + avl_insert(vertex_tree, v); +cp +} + +void vertex_del(vertex_t *v) +{ +cp + avl_delete(vertex_tree, v); +cp +} + vertex_t *lookup_vertex(node_t *from, node_t *to) { vertex_t v, *result; cp - v.from.node = from; - v.to.node = to; + v.from = from; + v.to = to; result = avl_search(vertex_tree, &v); if(result) return result; cp - v.from.node = to; - v.to.node = from; + v.from = to; + v.to = from; return avl_search(vertex_tree, &v); } @@ -135,7 +144,7 @@ cp { v = (vertex_t *)node->data; syslog(LOG_DEBUG, _(" %s - %s options %ld"), - v->from.node->name, v->to.node->name, v->options); + v->from->name, v->to->name, v->options); } syslog(LOG_DEBUG, _("End of vertices.")); diff --git a/src/vertex.h b/src/vertex.h index 9b1ef2b9..b967a2ed 100644 --- a/src/vertex.h +++ b/src/vertex.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: vertex.h,v 1.1.2.4 2001/10/10 20:35:10 guus Exp $ + $Id: vertex.h,v 1.1.2.5 2001/10/27 12:13:17 guus Exp $ */ #ifndef __TINC_VERTEX_H__ @@ -28,6 +28,8 @@ #include "node.h" #include "connection.h" +/* I don't know if halfconnection_t is useful... */ + typedef struct halfconnection_t { struct node_t *node; /* node associated with this end of the connection */ @@ -37,8 +39,8 @@ typedef struct halfconnection_t { } halfconnection_t; typedef struct vertex_t { - struct halfconnection_t from; - struct halfconnection_t to; + struct node_t *from; + struct node_t *to; long int options; /* options turned on for this connection */ int metric; /* weight of this vertex */ @@ -48,4 +50,13 @@ typedef struct vertex_t { extern avl_tree_t *vertex_tree; /* Tree with all known vertices (replaces active_tree) */ +extern void init_vertices(void); +extern void exit_vertices(void); +extern vertex_t *new_vertex(void); +extern void free_vertex(vertex_t *); +extern void vertex_add(vertex_t *); +extern void vertex_del(vertex_t *); +extern vertex_t *lookup_vertex(struct node_t *, struct node_t *); +extern void dump_vertices(void); + #endif /* __TINC_VERTEX_H__ */ From ac066bb057dcb187bf91670793ba5e6ca456e052 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 27 Oct 2001 13:13:35 +0000 Subject: [PATCH 480/923] Make sure everything links. --- src/device.h | 4 ++-- src/linux/device.c | 17 ++++++++++++++++- src/net.c | 15 +++++++++++---- src/net.h | 3 ++- src/node.c | 4 +++- src/process.c | 9 ++++++--- src/route.c | 13 +++++++------ src/subnet.c | 4 ++-- src/subnet.h | 4 ++-- src/vertex.c | 8 +------- 10 files changed, 52 insertions(+), 29 deletions(-) diff --git a/src/device.h b/src/device.h index dded47ad..c2c28a13 100644 --- a/src/device.h +++ b/src/device.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.h,v 1.1.2.2 2001/10/27 12:13:17 guus Exp $ + $Id: device.h,v 1.1.2.3 2001/10/27 13:13:35 guus Exp $ */ #ifndef __TINC_DEVICE_H__ @@ -27,7 +27,7 @@ extern int device_fd; extern int setup_device(void); extern void close_device(void); -extern vpn_packet_t *read_packet(void); +extern int read_packet(vpn_packet_t *); extern int write_packet(vpn_packet_t *); extern void dump_device_stats(void); diff --git a/src/linux/device.c b/src/linux/device.c index c82a820e..1cb43077 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.2 2001/10/27 12:13:17 guus Exp $ + $Id: device.c,v 1.1.2.3 2001/10/27 13:13:35 guus Exp $ */ #include "config.h" @@ -124,6 +124,12 @@ cp return 0; } +void close_device(void) +{ +cp + close(device_fd); +} + /* read, encrypt and send data that is available through the ethertap device @@ -196,3 +202,12 @@ cp cp return 0; } + +void dump_device_stats(void) +{ +cp + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device_fname); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp +} diff --git a/src/net.c b/src/net.c index c0c8e66f..fe9eed78 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.137 2001/10/27 12:13:17 guus Exp $ + $Id: net.c,v 1.35.4.138 2001/10/27 13:13:35 guus Exp $ */ #include "config.h" @@ -72,7 +72,9 @@ #include "system.h" +int maxtimeout = 900; int seconds_till_retry = 5; + int tcp_socket = -1; int udp_socket = -1; @@ -161,7 +163,7 @@ cp to.sin_addr.s_addr = htonl(n->address); to.sin_port = htons(n->port); - if((sendto(socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) + if((sendto(udp_socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), n->name, n->hostname); @@ -1041,7 +1043,6 @@ try_outgoing_connections(int a) static config_t *cfg = NULL; static int retry = 0; char *name; - int maxtimeout = 900; cp if(!cfg) cfg = lookup_config(config_tree, "ConnectTo"); @@ -1122,6 +1123,7 @@ void main_loop(void) int r; time_t last_ping_check; int t; + vpn_packet_t packet; cp last_ping_check = time(NULL); @@ -1190,7 +1192,12 @@ cp /* local tap data */ if(FD_ISSET(device_fd, &fset)) - handle_tap_input(); + { + if(read_packet(&packet)) + route_outgoing(&packet); + else + return; + } } } cp diff --git a/src/net.h b/src/net.h index eb7ad7ea..e5daed9e 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.35 2001/10/27 12:13:17 guus Exp $ + $Id: net.h,v 1.9.4.36 2001/10/27 13:13:35 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -90,6 +90,7 @@ typedef struct packet_queue_t { queue_element_t *tail; } packet_queue_t; +extern int maxtimeout; extern int seconds_till_retry; extern char *request_name[256]; diff --git a/src/node.c b/src/node.c index 53e520e9..3776d184 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.2 2001/10/27 12:13:17 guus Exp $ + $Id: node.c,v 1.1.2.3 2001/10/27 13:13:35 guus Exp $ */ #include "config.h" @@ -36,6 +36,8 @@ avl_tree_t *node_tree; /* Known nodes, sorted by name */ avl_tree_t *node_udp_tree; /* Known nodes, sorted by address and port */ +node_t *myself; + int node_compare(node_t *a, node_t *b) { return strcmp(a->name, b->name); diff --git a/src/process.c b/src/process.c index 9acb5fdd..d971a0f2 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.26 2001/10/27 12:13:17 guus Exp $ + $Id: process.c,v 1.1.2.27 2001/10/27 13:13:35 guus Exp $ */ #include "config.h" @@ -372,13 +372,16 @@ sigint_handler(int a, siginfo_t *info, void *b) RETSIGTYPE sigusr1_handler(int a, siginfo_t *info, void *b) { - dump_connection_list(); + dump_connections(); } RETSIGTYPE sigusr2_handler(int a, siginfo_t *info, void *b) { - dump_subnet_list(); + dump_device_stats(); + dump_nodes(); + dump_vertices(); + dump_subnets(); } RETSIGTYPE diff --git a/src/route.c b/src/route.c index c8de7a57..170f509e 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.19 2001/10/27 12:13:17 guus Exp $ + $Id: route.c,v 1.1.2.20 2001/10/27 13:13:35 guus Exp $ */ #include "config.h" @@ -46,6 +46,7 @@ #include "subnet.h" #include "route.h" #include "protocol.h" +#include "device.h" #include "system.h" @@ -217,7 +218,7 @@ cp memcpy(arp->arp_sha, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* add fake source hard addr */ arp->arp_op = htons(ARPOP_REPLY); - accept_packet(packet); + write_packet(packet); cp } @@ -274,7 +275,7 @@ void route_incoming(node_t *source, vpn_packet_t *packet) { case RMODE_ROUTER: memcpy(packet->data, mymac.net.mac.address.x, 6); /* Override destination address to make the kernel accept it */ - accept_packet(packet); + write_packet(packet); break; case RMODE_SWITCH: { @@ -285,20 +286,20 @@ void route_incoming(node_t *source, vpn_packet_t *packet) if(subnet) { if(subnet->owner == myself) - accept_packet(packet); + write_packet(packet); else send_packet(subnet->owner, packet); } else { broadcast_packet(source, packet); - accept_packet(packet); + write_packet(packet); } } break; case RMODE_HUB: broadcast_packet(source, packet); /* Spread it on */ - accept_packet(packet); + write_packet(packet); break; } } diff --git a/src/subnet.c b/src/subnet.c index 48ac45e2..fff384ff 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.25 2001/10/27 12:13:17 guus Exp $ + $Id: subnet.c,v 1.1.2.26 2001/10/27 13:13:35 guus Exp $ */ #include "config.h" @@ -338,7 +338,7 @@ cp return p; } -void dump_subnet_list(void) +void dump_subnets(void) { char *netstr; subnet_t *subnet; diff --git a/src/subnet.h b/src/subnet.h index 59693019..50cfefd7 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.11 2001/10/27 12:13:17 guus Exp $ + $Id: subnet.h,v 1.1.2.12 2001/10/27 13:13:35 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -81,6 +81,6 @@ extern subnet_t *lookup_subnet(struct node_t *, subnet_t *); extern subnet_t *lookup_subnet_mac(mac_t *); extern subnet_t *lookup_subnet_ipv4(ipv4_t *); extern subnet_t *lookup_subnet_ipv6(ipv6_t *); -extern void dump_subnet_list(void); +extern void dump_subnets(void); #endif /* __TINC_SUBNET_H__ */ diff --git a/src/vertex.c b/src/vertex.c index 4f0b5d6e..9e72f9e7 100644 --- a/src/vertex.c +++ b/src/vertex.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: vertex.c,v 1.1.2.2 2001/10/27 12:13:17 guus Exp $ + $Id: vertex.c,v 1.1.2.3 2001/10/27 13:13:35 guus Exp $ */ #include "config.h" @@ -40,12 +40,6 @@ #include "system.h" avl_tree_t *vertex_tree; /* Tree with all known vertices (replaces active_tree) */ -avl_tree_t *connection_tree; /* Tree with all meta connections with ourself */ - -int connection_compare(connection_t *a, connection_t *b) -{ - return a->socket - b->socket; -} int vertex_compare(vertex_t *a, vertex_t *b) { From b98d9787fdde54f33dcdb376e1e018cd418aff8d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 27 Oct 2001 15:19:13 +0000 Subject: [PATCH 481/923] Various small fixes to make tinc runnable again. --- src/conf.c | 17 ++++++++++------- src/connection.c | 8 ++++++-- src/net.c | 13 ++++++++----- src/process.c | 5 ++++- src/tincd.c | 3 ++- 5 files changed, 30 insertions(+), 16 deletions(-) diff --git a/src/conf.c b/src/conf.c index bd546c6b..c4fe101e 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.45 2001/10/27 12:13:17 guus Exp $ + $Id: conf.c,v 1.9.4.46 2001/10/27 15:19:13 guus Exp $ */ #include "config.h" @@ -126,11 +126,14 @@ cp cfg.line = 0; found = avl_search_closest_greater(config_tree, &cfg); - - if(!strcmp(found->variable, variable)) - return found; - else + + if(!found) return NULL; + + if(strcmp(found->variable, variable)) + return NULL; + + return found; } config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg) @@ -253,12 +256,12 @@ cp /* Teach newbies what subnets are... */ - if((subnet->net.ipv4.address & subnet->net.ipv4.mask) != subnet->net.ipv4.address) + if((ip->address & ip->mask) != ip->address) { syslog(LOG_ERR, _("Network address and subnet mask for configuration variable %s in %s line %d"), cfg->value, cfg->file, cfg->line); free(ip); - return -1; + return 0; } subnet = new_subnet(); diff --git a/src/connection.c b/src/connection.c index a86faa9c..ccc41252 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.20 2001/10/27 12:13:17 guus Exp $ + $Id: connection.c,v 1.1.2.21 2001/10/27 15:19:13 guus Exp $ */ #include "config.h" @@ -62,8 +62,12 @@ cp connection_t *new_connection(void) { + connection_t *c; cp - return (connection_t *)xmalloc_and_zero(sizeof(connection_t)); + c = (connection_t *)xmalloc_and_zero(sizeof(connection_t)); + init_configuration(&c->config_tree); +cp + return c; } void free_connection(connection_t *c) diff --git a/src/net.c b/src/net.c index fe9eed78..50f4acb4 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.138 2001/10/27 13:13:35 guus Exp $ + $Id: net.c,v 1.35.4.139 2001/10/27 15:19:13 guus Exp $ */ #include "config.h" @@ -666,9 +666,11 @@ cp return -1; } */ - if(!get_config_port(lookup_config(myself->connection->config_tree, "Port"), &myself->connection->port)) + if(!get_config_port(lookup_config(myself->connection->config_tree, "Port"), &myself->port)) myself->port = 655; + myself->connection->port = myself->port; + /* Read in all the subnets specified in the host configuration file */ cfg = lookup_config(myself->connection->config_tree, "Subnet"); @@ -705,7 +707,7 @@ cp if(myself->options & OPTION_TCPONLY) myself->options |= OPTION_INDIRECT; - if(get_config_string(lookup_config(myself->connection->config_tree, "Mode"), &mode)) + if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) { if(!strcasecmp(mode, "router")) routing_mode = RMODE_ROUTER; @@ -746,7 +748,7 @@ cp myself->key = (char *)xmalloc(myself->keylength); RAND_pseudo_bytes(myself->key, myself->keylength); - if(!get_config_int(lookup_config(myself->connection->config_tree, "KeyExpire"), &keylifetime)) + if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; keyexpires = time(NULL) + keylifetime; @@ -771,8 +773,9 @@ int setup_network_connections(void) cp init_connections(); init_subnets(); + init_nodes(); - if(get_config_int(lookup_config(myself->connection->config_tree, "PingTimeout"), &timeout)) + if(get_config_int(lookup_config(config_tree, "PingTimeout"), &timeout)) { if(timeout < 1) { diff --git a/src/process.c b/src/process.c index d971a0f2..86153b5a 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.27 2001/10/27 13:13:35 guus Exp $ + $Id: process.c,v 1.1.2.28 2001/10/27 15:19:13 guus Exp $ */ #include "config.h" @@ -437,6 +437,9 @@ setup_signals(void) sigaction(i, &act, NULL); } + if(!do_detach) + sighandlers[3].handler = SIG_DFL; + /* Then, for each known signal that we want to catch, assign a handler to the signal, with error checking this time. */ for(i = 0; sighandlers[i].signal; i++) diff --git a/src/tincd.c b/src/tincd.c index b790d7a1..2943d0bf 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.53 2001/10/27 12:13:17 guus Exp $ + $Id: tincd.c,v 1.10.4.54 2001/10/27 15:19:13 guus Exp $ */ #include "config.h" @@ -319,6 +319,7 @@ main(int argc, char **argv, char **envp) g_argv = argv; make_names(); + init_configuration(&config_tree); /* Slllluuuuuuurrrrp! */ cp From 94497336efc1cc60561575e74d420e9e8e8c657e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 28 Oct 2001 08:41:19 +0000 Subject: [PATCH 482/923] What was I thinking? s/vertex/edge/g. --- src/Makefile.am | 6 +- src/conf.h | 3 +- src/connection.c | 3 +- src/connection.h | 6 +- src/{vertex.c => edge.c} | 44 ++--- src/{vertex.h => edge.h} | 30 ++-- src/net.c | 9 +- src/protocol.c | 339 +++++++++++++++++++++++++++++---------- src/protocol.h | 8 +- src/tincd.c | 14 +- 10 files changed, 321 insertions(+), 141 deletions(-) rename src/{vertex.c => edge.c} (68%) rename src/{vertex.h => edge.h} (72%) diff --git a/src/Makefile.am b/src/Makefile.am index 862f7329..9a181093 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,15 +1,15 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.14 2001/10/13 13:53:07 guus Exp $ +# $Id: Makefile.am,v 1.4.4.15 2001/10/28 08:41:19 guus Exp $ sbin_PROGRAMS = tincd tincd_SOURCES = conf.c connection.c device.c meta.c net.c netutl.c node.c process.c \ - protocol.c route.c subnet.c tincd.c vertex.c + protocol.c route.c subnet.c tincd.c edge.c INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl noinst_HEADERS = conf.h connection.h device.h meta.h net.h netutl.h node.h process.h \ - protocol.h route.h subnet.h vertex.h + protocol.h route.h subnet.h edge.h LIBS = @LIBS@ @INTLLIBS@ diff --git a/src/conf.h b/src/conf.h index 9136efa7..bf3df704 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.28 2001/10/27 12:13:17 guus Exp $ + $Id: conf.h,v 1.6.4.29 2001/10/28 08:41:19 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -40,6 +40,7 @@ extern int debug_lvl; extern int timeout; extern int maxtimeout; extern int sighup; +extern int bypass_security; extern char *confbase; extern char *netname; diff --git a/src/connection.c b/src/connection.c index ccc41252..8fb96112 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.21 2001/10/27 15:19:13 guus Exp $ + $Id: connection.c,v 1.1.2.22 2001/10/28 08:41:19 guus Exp $ */ #include "config.h" @@ -65,7 +65,6 @@ connection_t *new_connection(void) connection_t *c; cp c = (connection_t *)xmalloc_and_zero(sizeof(connection_t)); - init_configuration(&c->config_tree); cp return c; } diff --git a/src/connection.h b/src/connection.h index b32e329c..40548042 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.17 2001/10/27 12:13:17 guus Exp $ + $Id: connection.h,v 1.1.2.18 2001/10/28 08:41:19 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -42,7 +42,7 @@ #include "conf.h" #include "node.h" -#include "vertex.h" +#include "edge.h" #define OPTION_INDIRECT 0x0001 #define OPTION_TCPONLY 0x0002 @@ -72,7 +72,7 @@ typedef struct connection_t { struct connection_status_t status; /* status info */ struct node_t *node; /* node associated with the other end */ - struct vertex_t *vertex; /* vertex associated with this connection */ + struct edge_t *edge; /* edge associated with this connection */ RSA *rsa_key; /* his public/private key */ EVP_CIPHER *incipher; /* Cipher he will use to send data to us */ diff --git a/src/vertex.c b/src/edge.c similarity index 68% rename from src/vertex.c rename to src/edge.c index 9e72f9e7..24c67c36 100644 --- a/src/vertex.c +++ b/src/edge.c @@ -1,5 +1,5 @@ /* - vertex.c -- vertex tree management + edge.c -- edge tree management Copyright (C) 2000,2001 Guus Sliepen , 2000,2001 Ivo Timmermans @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: vertex.c,v 1.1.2.3 2001/10/27 13:13:35 guus Exp $ + $Id: edge.c,v 1.1.2.1 2001/10/28 08:41:19 guus Exp $ */ #include "config.h" @@ -39,9 +39,9 @@ #include "xalloc.h" #include "system.h" -avl_tree_t *vertex_tree; /* Tree with all known vertices (replaces active_tree) */ +avl_tree_t *edge_tree; /* Tree with all known vertices (replaces active_tree) */ -int vertex_compare(vertex_t *a, vertex_t *b) +int edge_compare(edge_t *a, edge_t *b) { int result; @@ -53,9 +53,9 @@ int vertex_compare(vertex_t *a, vertex_t *b) return strcmp(a->to->name, b->to->name); } -/* Evil vertex_compare() from a parallel universe ;) +/* Evil edge_compare() from a parallel universe ;) -int vertex_compare(vertex_t *a, vertex_t *b) +int edge_compare(edge_t *a, edge_t *b) { int result; @@ -67,56 +67,56 @@ int vertex_compare(vertex_t *a, vertex_t *b) void init_vertices(void) { cp - vertex_tree = avl_alloc_tree((avl_compare_t)vertex_compare, NULL); + edge_tree = avl_alloc_tree((avl_compare_t)edge_compare, NULL); cp } void exit_vertices(void) { cp - avl_delete_tree(vertex_tree); + avl_delete_tree(edge_tree); cp } /* Creation and deletion of connection elements */ -vertex_t *new_vertex(void) +edge_t *new_edge(void) { cp - vertex_t *v = (vertex_t *)xmalloc_and_zero(sizeof(*v)); + edge_t *v = (edge_t *)xmalloc_and_zero(sizeof(*v)); cp return v; } -void free_vertex(vertex_t *v) +void free_edge(edge_t *v) { cp free(v); cp } -void vertex_add(vertex_t *v) +void edge_add(edge_t *v) { cp - avl_insert(vertex_tree, v); + avl_insert(edge_tree, v); cp } -void vertex_del(vertex_t *v) +void edge_del(edge_t *v) { cp - avl_delete(vertex_tree, v); + avl_delete(edge_tree, v); cp } -vertex_t *lookup_vertex(node_t *from, node_t *to) +edge_t *lookup_edge(node_t *from, node_t *to) { - vertex_t v, *result; + edge_t v, *result; cp v.from = from; v.to = to; - result = avl_search(vertex_tree, &v); + result = avl_search(edge_tree, &v); if(result) return result; @@ -124,19 +124,19 @@ cp v.from = to; v.to = from; - return avl_search(vertex_tree, &v); + return avl_search(edge_tree, &v); } void dump_vertices(void) { avl_node_t *node; - vertex_t *v; + edge_t *v; cp syslog(LOG_DEBUG, _("Vertices:")); - for(node = vertex_tree->head; node; node = node->next) + for(node = edge_tree->head; node; node = node->next) { - v = (vertex_t *)node->data; + v = (edge_t *)node->data; syslog(LOG_DEBUG, _(" %s - %s options %ld"), v->from->name, v->to->name, v->options); } diff --git a/src/vertex.h b/src/edge.h similarity index 72% rename from src/vertex.h rename to src/edge.h index b967a2ed..c2212cc7 100644 --- a/src/vertex.h +++ b/src/edge.h @@ -1,5 +1,5 @@ /* - vertex.h -- header for vertex.c + edge.h -- header for edge.c Copyright (C) 2001 Guus Sliepen , 2001 Ivo Timmermans @@ -17,11 +17,11 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: vertex.h,v 1.1.2.5 2001/10/27 12:13:17 guus Exp $ + $Id: edge.h,v 1.1.2.1 2001/10/28 08:41:19 guus Exp $ */ -#ifndef __TINC_VERTEX_H__ -#define __TINC_VERTEX_H__ +#ifndef __TINC_EDGE_H__ +#define __TINC_EDGE_H__ #include @@ -38,25 +38,25 @@ typedef struct halfconnection_t { char *hostname; /* the hostname of real ip */ } halfconnection_t; -typedef struct vertex_t { +typedef struct edge_t { struct node_t *from; struct node_t *to; long int options; /* options turned on for this connection */ - int metric; /* weight of this vertex */ + int metric; /* weight of this edge */ - struct connection_t *connection; /* connection associated with this vertex, if available */ -} vertex_t; + struct connection_t *connection; /* connection associated with this edge, if available */ +} edge_t; -extern avl_tree_t *vertex_tree; /* Tree with all known vertices (replaces active_tree) */ +extern avl_tree_t *edge_tree; /* Tree with all known vertices (replaces active_tree) */ extern void init_vertices(void); extern void exit_vertices(void); -extern vertex_t *new_vertex(void); -extern void free_vertex(vertex_t *); -extern void vertex_add(vertex_t *); -extern void vertex_del(vertex_t *); -extern vertex_t *lookup_vertex(struct node_t *, struct node_t *); +extern edge_t *new_edge(void); +extern void free_edge(edge_t *); +extern void edge_add(edge_t *); +extern void edge_del(edge_t *); +extern edge_t *lookup_edge(struct node_t *, struct node_t *); extern void dump_vertices(void); -#endif /* __TINC_VERTEX_H__ */ +#endif /* __TINC_EDGE_H__ */ diff --git a/src/net.c b/src/net.c index 50f4acb4..35d9563c 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.139 2001/10/27 15:19:13 guus Exp $ + $Id: net.c,v 1.35.4.140 2001/10/28 08:41:19 guus Exp $ */ #include "config.h" @@ -458,6 +458,7 @@ cp c = new_connection(); c->name = xstrdup(name); + init_configuration(&c->config_tree); read_connection_config(c); if(!get_config_string(lookup_config(c->config_tree, "Address"), &c->hostname)) @@ -622,6 +623,7 @@ int setup_myself(void) cp myself = new_node(); myself->connection = new_connection(); + init_configuration(&myself->connection->config_tree); asprintf(&myself->hostname, _("MYSELF")); asprintf(&myself->connection->hostname, _("MYSELF")); @@ -774,6 +776,7 @@ cp init_connections(); init_subnets(); init_nodes(); + init_vertices(); if(get_config_int(lookup_config(config_tree, "PingTimeout"), &timeout)) { @@ -1197,9 +1200,9 @@ cp if(FD_ISSET(device_fd, &fset)) { if(read_packet(&packet)) - route_outgoing(&packet); - else return; + else + route_outgoing(&packet); } } } diff --git a/src/protocol.c b/src/protocol.c index f275f3e2..d1bb524f 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.109 2001/10/27 12:13:17 guus Exp $ + $Id: protocol.c,v 1.28.4.110 2001/10/28 08:41:19 guus Exp $ */ #include "config.h" @@ -55,7 +55,7 @@ #include "meta.h" #include "connection.h" #include "node.h" -#include "vertex.h" +#include "edge.h" #include "system.h" @@ -176,10 +176,11 @@ cp int id_h(connection_t *c) { char name[MAX_STRING_SIZE]; +int bla; cp if(sscanf(c->buffer, "%*d "MAX_STRING" %d", name, &c->protocol_version) != 2) { - syslog(LOG_ERR, _("Got bad %s from %s"), "ID", c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, c->hostname); return -1; } @@ -187,7 +188,7 @@ cp if(check_id(name)) { - syslog(LOG_ERR, _("Peer %s uses invalid identity name"), c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, c->hostname, "invalid name"); return -1; } @@ -213,9 +214,19 @@ cp return -1; } + if(bypass_security) + { + if(!c->config_tree) + init_configuration(&c->config_tree); + c->allow_request = ACK; + return send_ack(c); + } + if(!c->config_tree) { - if(read_connection_config(c)) + init_configuration(&c->config_tree); + + if((bla = read_connection_config(c))) { syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name); return -1; @@ -314,7 +325,7 @@ int metakey_h(connection_t *c) cp if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1) { - syslog(LOG_ERR, _("Got bad METAKEY from %s (%s)"), c->name, c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); return -1; } @@ -324,7 +335,7 @@ cp if(strlen(buffer) != len*2) { - syslog(LOG_ERR, _("Intruder: wrong meta key length from %s (%s)"), c->name, c->hostname); + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); return -1; } @@ -412,7 +423,7 @@ int challenge_h(connection_t *c) cp if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1) { - syslog(LOG_ERR, _("Got bad CHALLENGE from %s (%s)"), c->name, c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, c->hostname); return -1; } @@ -422,7 +433,7 @@ cp if(strlen(buffer) != len*2) { - syslog(LOG_ERR, _("Intruder: wrong challenge length from %s (%s)"), c->name, c->hostname); + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong challenge length"); return -1; } @@ -446,12 +457,6 @@ int send_chal_reply(connection_t *c) { char hash[SHA_DIGEST_LENGTH*2+1]; cp - if(!c->mychallenge) - { - syslog(LOG_ERR, _("Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE"), c->name, c->hostname); - return -1; - } - /* Calculate the hash from the challenge we received */ SHA1(c->mychallenge, RSA_size(myself->connection->rsa_key), hash); @@ -474,7 +479,7 @@ int chal_reply_h(connection_t *c) cp if(sscanf(c->buffer, "%*d "MAX_STRING, hishash) != 1) { - syslog(LOG_ERR, _("Got bad CHAL_REPLY from %s (%s)"), c->name, c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, c->hostname); return -1; } @@ -482,7 +487,7 @@ cp if(strlen(hishash) != SHA_DIGEST_LENGTH*2) { - syslog(LOG_ERR, _("Intruder: wrong challenge reply length from %s (%s)"), c->name, c->hostname); + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply length")); return -1; } @@ -498,7 +503,7 @@ cp if(memcmp(hishash, myhash, SHA_DIGEST_LENGTH)) { - syslog(LOG_ERR, _("Intruder: wrong challenge reply from %s (%s)"), c->name, c->hostname); + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply")); if(debug_lvl >= DEBUG_SCARY_THINGS) { bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); @@ -520,7 +525,7 @@ cp int send_ack(connection_t *c) { /* ACK message contains rest of the information the other end needs - to create node_t and vertex_t structures. */ + to create node_t and edge_t structures. */ cp return send_request(c, "%d %d", ACK, myself->port); } @@ -534,7 +539,7 @@ int ack_h(connection_t *c) cp if(sscanf(c->buffer, "%*d %hd", &port) != 1) { - syslog(LOG_ERR, _("Got bad %s from %s"), "ACK", c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); return -1; } @@ -589,20 +594,21 @@ cp */ - /* Create a vertex_t for this connection */ + /* Create a edge_t for this connection */ - c->vertex = new_vertex(); + c->edge = new_edge(); - c->vertex->from = myself; - c->vertex->to = n; - c->vertex->metric = 1; - c->vertex->connection = c; + c->edge->from = myself; + c->edge->to = n; + c->edge->metric = 1; + c->edge->connection = c; - vertex_add(c->vertex); + edge_add(c->edge); /* Activate this connection */ c->allow_request = ALL; + c->status.active = 1; if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); @@ -621,23 +627,23 @@ cp for(node = node_tree->head; node; node = node->next) { n = (node_t *)node->data; - - if(n != c->node) + + if(n == c->node || n == myself) + continue; + + /* Notify others of this connection */ + + if(n->connection) + send_add_node(n->connection, c->node); + + /* Notify new connection of everything we know */ + + send_add_node(c, n); + + for(node2 = c->node->subnet_tree->head; node2; node2 = node2->next) { - /* Notify others of this connection */ - - if(n->connection) - send_add_node(n->connection, c->node); - - /* Notify new connection of everything we know */ - - send_add_node(c, n); - - for(node2 = c->node->subnet_tree->head; node2; node2 = node2->next) - { - s = (subnet_t *)node2->data; - send_add_subnet(c, s); - } + s = (subnet_t *)node2->data; + send_add_subnet(c, s); } } cp @@ -671,7 +677,7 @@ int add_subnet_h(connection_t *c) cp if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) { - syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s)"), c->name, c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_SUBNET", c->name, c->hostname); return -1; } @@ -679,7 +685,7 @@ cp if(check_id(name)) { - syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid identity name"), c->name, c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid name")); return -1; } @@ -687,7 +693,7 @@ cp if(!(s = str2net(subnetstr))) { - syslog(LOG_ERR, _("Got bad ADD_SUBNET from %s (%s): invalid subnet string"), c->name, c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid subnet string")); return -1; } @@ -695,7 +701,7 @@ cp if(!(owner = lookup_node(name))) { - syslog(LOG_ERR, _("Got ADD_SUBNET for %s from %s (%s) which is not in our connection list"), + syslog(LOG_ERR, _("Got ADD_SUBNET from %s (%s) for %s which is not in our connection list"), name, c->name, c->hostname); return -1; } @@ -738,7 +744,7 @@ int del_subnet_h(connection_t *c) cp if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 3) { - syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s)"), c->name, c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_SUBNET", c->name, c->hostname); return -1; } @@ -746,7 +752,7 @@ cp if(check_id(name)) { - syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid identity name"), c->name, c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid name")); return -1; } @@ -754,7 +760,7 @@ cp if(!(s = str2net(subnetstr))) { - syslog(LOG_ERR, _("Got bad DEL_SUBNET from %s (%s): invalid subnet string"), c->name, c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid subnet string")); return -1; } @@ -762,8 +768,8 @@ cp if(!(owner = lookup_node(name))) { - syslog(LOG_ERR, _("Got DEL_SUBNET for %s from %s (%s) which is not in our connection list"), - name, c->name, c->hostname); + syslog(LOG_ERR, _("Got %s from %s (%s) for %s which is not in our connection list"), + "DEL_SUBNET", c->name, c->hostname, name); return -1; } @@ -773,8 +779,8 @@ cp if(!find) { - syslog(LOG_ERR, _("Got DEL_SUBNET for %s from %s (%s) which does not appear in his subnet tree"), - name, c->name, c->hostname); + syslog(LOG_ERR, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), + "DEL_SUBNET", c->name, c->hostname, name); return -1; } @@ -812,7 +818,7 @@ int add_node_h(connection_t *c) cp if(sscanf(c->buffer, "%*d "MAX_STRING" %lx:%hd", name, &address, &port) != 3) { - syslog(LOG_ERR, _("Got bad ADD_NODE from %s (%s)"), c->name, c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_NODE", c->name, c->hostname); return -1; } @@ -820,18 +826,10 @@ cp if(check_id(name)) { - syslog(LOG_ERR, _("Got bad ADD_NODE from %s (%s): invalid identity name"), c->name, c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_NODE", c->name, c->hostname, _("invalid name")); return -1; } - /* Check if somebody tries to add ourself */ - - if(!strcmp(name, myself->name)) - { - syslog(LOG_ERR, _("Got ADD_NODE from %s (%s) for ourself!"), c->name, c->hostname); - return -1; - } - /* Check if node already exists */ n = lookup_node(name); @@ -880,7 +878,7 @@ int del_node_h(connection_t *c) cp if(sscanf(c->buffer, "%*d "MAX_STRING" %lx:%hd", name, &address, &port) != 3) { - syslog(LOG_ERR, _("Got bad DEL_NODE from %s (%s)"), + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_NODE", c->name, c->hostname); return -1; } @@ -889,7 +887,7 @@ cp if(check_id(name)) { - syslog(LOG_ERR, _("Got bad DEL_NODE from %s (%s): invalid identity name"), c->name, c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_NODE", c->name, c->hostname, _("invalid name")); return -1; } @@ -897,7 +895,7 @@ cp if(!strcmp(name, myself->name)) { - syslog(LOG_ERR, _("Got DEL_NODE from %s (%s) for ourself!"), + syslog(LOG_ERR, _("Got %s from %s (%s) for ourself!"), "DEL_NODE", c->name, c->hostname); return -1; } @@ -908,7 +906,7 @@ cp if(!n) { - syslog(LOG_WARNING, _("Got DEL_NODE from %s (%s) for %s which does not exist"), c->name, c->hostname, n->name); + syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which does not exist"), "DEL_NODE", c->name, c->hostname, n->name); return 0; } @@ -916,7 +914,7 @@ cp if(address != n->address || port != n->port) { - syslog(LOG_WARNING, _("Got DEL_NODE from %s (%s) for %s which doesn't match"), c->name, c->hostname, n->name); + syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which doesn't match"), "DEL_NODE", c->name, c->hostname, n->name); return 0; } @@ -936,6 +934,180 @@ cp return 0; } +/* Vertices */ + +int send_add_edge(connection_t *c, edge_t *v) +{ +cp + return send_request(c, "%d %s %s %lx", ADD_NODE, + v->from->name, v->to->name, v->options); +} + +int add_edge_h(connection_t *c) +{ + connection_t *other; + edge_t *v; + node_t *from, *to; + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + long int options; + avl_node_t *node; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %lx", from_name, to_name, &options) != 3) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, c->hostname); + return -1; + } + + /* Check if names are valid */ + + if(check_id(from_name)) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); + return -1; + } + + if(check_id(to_name)) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); + return -1; + } + + /* Lookup nodes */ + + from = lookup_node(from_name); + + if(!from) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("unknown node")); + return -1; + } + + to = lookup_node(to_name); + + if(!to) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("unknown node")); + return -1; + } + + /* Check if node already exists */ + + v = lookup_edge(from, to); + + if(v) + { + /* Check if it matches */ + } + else + { + v = new_edge(); + v->from = from; + v->to = to; + v->options = options; + edge_add(v); + } + + /* Tell the rest about the new edge */ + + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + if(other->status.active && other != c) + send_add_edge(other, v); + } + +cp + return 0; +} + +int send_del_edge(connection_t *c, edge_t *v) +{ +cp + return send_request(c, "%d %s %s %lx", DEL_EDGE, + v->from->name, v->to->name, v->options); +} + +int del_edge_h(connection_t *c) +{ + edge_t *v; + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + node_t *from, *to; + long int options; + connection_t *other; + avl_node_t *node; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %lx", from_name, to_name, &options) != 3) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", + c->name, c->hostname); + return -1; + } + + /* Check if names are valid */ + + if(check_id(from_name)) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); + return -1; + } + + if(check_id(to_name)) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); + return -1; + } + + /* Lookup nodes */ + + from = lookup_node(from_name); + + if(!from) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("unknown node")); + return -1; + } + + to = lookup_node(to_name); + + if(!to) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("unknown node")); + return -1; + } + + /* Check if edge exists */ + + v = lookup_edge(from, to); + + if(v) + { + /* Check if it matches */ + } + else + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("unknown edge")); + return -1; + } + + /* Tell the rest about the deleted edge */ + + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + if(other->status.active && other != c) + send_del_edge(other, v); + } + + /* Delete the edge */ + + edge_del(v); +cp + return 0; +} + + /* Status and error notification routines */ int send_status(connection_t *c, int statusno, char *statusstring) @@ -954,7 +1126,7 @@ int status_h(connection_t *c) cp if(sscanf(c->buffer, "%*d %d "MAX_STRING, &statusno, statusstring) != 2) { - syslog(LOG_ERR, _("Got bad STATUS from %s (%s)"), + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "STATUS", c->name, c->hostname); return -1; } @@ -984,7 +1156,7 @@ int error_h(connection_t *c) cp if(sscanf(c->buffer, "%*d %d "MAX_STRING, &err, errorstring) != 2) { - syslog(LOG_ERR, _("Got bad ERROR from %s (%s)"), + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ERROR", c->name, c->hostname); return -1; } @@ -1083,7 +1255,7 @@ int key_changed_h(connection_t *c) cp if(sscanf(c->buffer, "%*d "MAX_STRING, name) != 1) { - syslog(LOG_ERR, _("Got bad KEY_CHANGED from %s (%s)"), + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", c->name, c->hostname); return -1; } @@ -1092,7 +1264,7 @@ cp if(!n) { - syslog(LOG_ERR, _("Got KEY_CHANGED from %s (%s) origin %s which does not exist"), + syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), "KEY_CHANGED", c->name, c->hostname, name); return -1; } @@ -1121,7 +1293,7 @@ int req_key_h(connection_t *c) cp if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, from_name, to_name) != 2) { - syslog(LOG_ERR, _("Got bad REQ_KEY from %s (%s)"), + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", c->name, c->hostname); return -1; } @@ -1130,7 +1302,7 @@ cp if(!from) { - syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) origin %s which does not exist in our connection list"), + syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "REQ_KEY", c->name, c->hostname, from_name); return -1; } @@ -1139,7 +1311,7 @@ cp if(!to) { - syslog(LOG_ERR, _("Got REQ_KEY from %s (%s) destination %s which does not exist in our connection list"), + syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "REQ_KEY", c->name, c->hostname, to_name); return -1; } @@ -1186,7 +1358,7 @@ int ans_key_h(connection_t *c) cp if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING, from_name, to_name, key) != 3) { - syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s)"), + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", c->name, c->hostname); return -1; } @@ -1195,7 +1367,7 @@ cp if(!from) { - syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) origin %s which does not exist in our connection list"), + syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "ANS_KEY", c->name, c->hostname, from_name); return -1; } @@ -1204,7 +1376,7 @@ cp if(!to) { - syslog(LOG_ERR, _("Got ANS_KEY from %s (%s) destination %s which does not exist in our connection list"), + syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "ANS_KEY", c->name, c->hostname, to_name); return -1; } @@ -1215,8 +1387,8 @@ cp if(keylength != from->keylength * 2) { - syslog(LOG_ERR, _("Got bad ANS_KEY from %s (%s) origin %s: invalid key length"), - c->name, c->hostname, from->name); + syslog(LOG_ERR, _("Got bad %s from %s (%s) origin %s: %s"), "ANS_KEY", + c->name, c->hostname, from->name, _("invalid key length")); return -1; } @@ -1265,7 +1437,7 @@ int tcppacket_h(connection_t *c) cp if(sscanf(c->buffer, "%*d %hd", &len) != 1) { - syslog(LOG_ERR, _("Got bad PACKET from %s (%s)"), c->name, c->hostname); + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "PACKET", c->name, c->hostname); return -1; } @@ -1284,6 +1456,7 @@ int (*request_handlers[])(connection_t*) = { ping_h, pong_h, add_node_h, del_node_h, add_subnet_h, del_subnet_h, + add_edge_h, del_edge_h, key_changed_h, req_key_h, ans_key_h, tcppacket_h, }; @@ -1296,7 +1469,7 @@ char (*request_name[]) = { "PING", "PONG", "ADD_NODE", "DEL_NODE", "ADD_SUBNET", "DEL_SUBNET", - "ADD_VERTEX", "DEL_VERTEX", + "ADD_EDGE", "DEL_EDGE", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", "PACKET", }; diff --git a/src/protocol.h b/src/protocol.h index 64e17ad0..5fc30f38 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.23 2001/10/27 12:13:17 guus Exp $ + $Id: protocol.h,v 1.5.4.24 2001/10/28 08:41:19 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -42,7 +42,7 @@ enum { PING, PONG, ADD_NODE, DEL_NODE, ADD_SUBNET, DEL_SUBNET, - ADD_VERTEX, DEL_VERTEX, + ADD_EDGE, DEL_EDGE, KEY_CHANGED, REQ_KEY, ANS_KEY, PACKET, LAST /* Guardian for the highest request number */ @@ -69,8 +69,8 @@ extern int send_add_node(connection_t*, node_t*); extern int send_del_node(connection_t*, node_t*); extern int send_add_subnet(connection_t*, subnet_t*); extern int send_del_subnet(connection_t*, subnet_t*); -extern int send_add_vertex(connection_t*, node_t*); -extern int send_del_vertex(connection_t*, node_t*); +extern int send_add_edge(connection_t*, edge_t*); +extern int send_del_edge(connection_t*, edge_t*); extern int send_key_changed(connection_t*, node_t*); extern int send_req_key(connection_t*, node_t*, node_t*); extern int send_ans_key(connection_t*, node_t*, node_t*, char*); diff --git a/src/tincd.c b/src/tincd.c index 2943d0bf..0ccbdee6 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.54 2001/10/27 15:19:13 guus Exp $ + $Id: tincd.c,v 1.10.4.55 2001/10/28 08:41:19 guus Exp $ */ #include "config.h" @@ -58,16 +58,19 @@ char *program_name; /* If nonzero, display usage information and exit. */ -static int show_help; +int show_help; /* If nonzero, print the version on standard output and exit. */ -static int show_version; +int show_version; /* If nonzero, it will attempt to kill a running tincd and exit. */ -static int kill_tincd = 0; +int kill_tincd = 0; /* If nonzero, generate public/private keypair for this host/net. */ -static int generate_keys = 0; +int generate_keys = 0; + +/* If nonzero, use null ciphers and skip all key exchanges. */ +int bypass_security = 0; char *identname; /* program name for syslog */ char *pidfilename; /* pid file location */ @@ -85,6 +88,7 @@ static struct option const long_options[] = { "no-detach", no_argument, &do_detach, 0 }, { "generate-keys", optional_argument, NULL, 'K'}, { "debug", optional_argument, NULL, 'd'}, + { "bypass-security", no_argument, &bypass_security, 1 }, { NULL, 0, NULL, 0 } }; From 66067cc9c1347fb2de35660d531fdd4be8aede6a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 28 Oct 2001 10:16:18 +0000 Subject: [PATCH 483/923] - More s/vertex/edge/g - Implementation of Kruskal's minimum spanning tree algorithm. --- src/Makefile.am | 10 ++--- src/connection.h | 5 ++- src/edge.c | 69 +++++++++++++++++++++-------- src/edge.h | 15 ++++--- src/graph.c | 111 +++++++++++++++++++++++++++++++++++++++++++++++ src/net.c | 4 +- src/node.h | 5 ++- src/process.c | 4 +- src/protocol.c | 42 +++++++++--------- 9 files changed, 206 insertions(+), 59 deletions(-) create mode 100644 src/graph.c diff --git a/src/Makefile.am b/src/Makefile.am index 9a181093..c74433d4 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,15 +1,15 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.15 2001/10/28 08:41:19 guus Exp $ +# $Id: Makefile.am,v 1.4.4.16 2001/10/28 10:16:18 guus Exp $ sbin_PROGRAMS = tincd -tincd_SOURCES = conf.c connection.c device.c meta.c net.c netutl.c node.c process.c \ - protocol.c route.c subnet.c tincd.c edge.c +tincd_SOURCES = conf.c connection.c device.c edge.c graph.c meta.c net.c netutl.c node.c process.c \ + protocol.c route.c subnet.c tincd.c INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl -noinst_HEADERS = conf.h connection.h device.h meta.h net.h netutl.h node.h process.h \ - protocol.h route.h subnet.h edge.h +noinst_HEADERS = conf.h connection.h device.h edge.h meta.h net.h netutl.h node.h process.h \ + protocol.h route.h subnet.h LIBS = @LIBS@ @INTLLIBS@ diff --git a/src/connection.h b/src/connection.h index 40548042..9f2bf275 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.18 2001/10/28 08:41:19 guus Exp $ + $Id: connection.h,v 1.1.2.19 2001/10/28 10:16:18 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -56,7 +56,8 @@ typedef struct connection_status_t { int timeout:1; /* 1 if gotten timeout */ int encryptout:1; /* 1 if we can encrypt outgoing traffic */ int decryptin:1; /* 1 if we have to decrypt incoming traffic */ - int unused:18; + int mst:1; /* 1 if this connection is part of a minimum spanning tree */ + int unused:17; } connection_status_t; typedef struct connection_t { diff --git a/src/edge.c b/src/edge.c index 24c67c36..aee1be0f 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.1 2001/10/28 08:41:19 guus Exp $ + $Id: edge.c,v 1.1.2.2 2001/10/28 10:16:18 guus Exp $ */ #include "config.h" @@ -39,7 +39,8 @@ #include "xalloc.h" #include "system.h" -avl_tree_t *edge_tree; /* Tree with all known vertices (replaces active_tree) */ +avl_tree_t *edge_tree; /* Tree with all known edges (replaces active_tree) */ +avl_tree_t *edge_weight_tree; /* Tree with all edges, sorted on weight */ int edge_compare(edge_t *a, edge_t *b) { @@ -64,14 +65,44 @@ int edge_compare(edge_t *a, edge_t *b) */ -void init_vertices(void) +int edge_weight_compare(edge_t *a, edge_t *b) +{ + int result; + char *name_a1, *name_a2, *name_b1, *name_b2; + + + result = a->weight - b->weight; + + if(result) + return result; + + if(strcmp(a->from->name, a->to->name) < 0) + name_a1 = a->from->name, name_a2 = a->to->name; + else + name_a1 = a->to->name, name_a2 = a->from->name; + + if(strcmp(b->from->name, b->to->name) < 0) + name_b1 = b->from->name, name_b2 = b->to->name; + else + name_b1 = b->to->name, name_b2 = b->from->name; + + result = strcmp(name_a1, name_b1); + + if(result) + return result; + else + return strcmp(name_a2, name_b2); +} + +void init_edges(void) { cp edge_tree = avl_alloc_tree((avl_compare_t)edge_compare, NULL); + edge_weight_tree = avl_alloc_tree((avl_compare_t)edge_weight_compare, NULL); cp } -void exit_vertices(void) +void exit_edges(void) { cp avl_delete_tree(edge_tree); @@ -83,29 +114,31 @@ cp edge_t *new_edge(void) { cp - edge_t *v = (edge_t *)xmalloc_and_zero(sizeof(*v)); + edge_t *e = (edge_t *)xmalloc_and_zero(sizeof(*e)); cp - return v; + return e; } -void free_edge(edge_t *v) +void free_edge(edge_t *e) { cp - free(v); + free(e); cp } -void edge_add(edge_t *v) +void edge_add(edge_t *e) { cp - avl_insert(edge_tree, v); + avl_insert(edge_tree, e); + avl_insert(edge_weight_tree, e); cp } -void edge_del(edge_t *v) +void edge_del(edge_t *e) { cp - avl_delete(edge_tree, v); + avl_delete(edge_tree, e); + avl_delete(edge_weight_tree, e); cp } @@ -127,20 +160,20 @@ cp return avl_search(edge_tree, &v); } -void dump_vertices(void) +void dump_edges(void) { avl_node_t *node; - edge_t *v; + edge_t *e; cp - syslog(LOG_DEBUG, _("Vertices:")); + syslog(LOG_DEBUG, _("Edges:")); for(node = edge_tree->head; node; node = node->next) { - v = (edge_t *)node->data; + e = (edge_t *)node->data; syslog(LOG_DEBUG, _(" %s - %s options %ld"), - v->from->name, v->to->name, v->options); + e->from->name, e->to->name, e->options); } - syslog(LOG_DEBUG, _("End of vertices.")); + syslog(LOG_DEBUG, _("End of edges.")); cp } diff --git a/src/edge.h b/src/edge.h index c2212cc7..3bd475e6 100644 --- a/src/edge.h +++ b/src/edge.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.1 2001/10/28 08:41:19 guus Exp $ + $Id: edge.h,v 1.1.2.2 2001/10/28 10:16:18 guus Exp $ */ #ifndef __TINC_EDGE_H__ @@ -42,21 +42,22 @@ typedef struct edge_t { struct node_t *from; struct node_t *to; - long int options; /* options turned on for this connection */ - int metric; /* weight of this edge */ + long int options; /* options turned on for this edge */ + int weight; /* weight of this edge */ struct connection_t *connection; /* connection associated with this edge, if available */ } edge_t; -extern avl_tree_t *edge_tree; /* Tree with all known vertices (replaces active_tree) */ +extern avl_tree_t *edge_tree; /* Tree with all known edges (replaces active_tree) */ +extern avl_tree_t *edge_weight_tree; /* Tree with all known edges sorted on weight */ -extern void init_vertices(void); -extern void exit_vertices(void); +extern void init_edges(void); +extern void exit_edges(void); extern edge_t *new_edge(void); extern void free_edge(edge_t *); extern void edge_add(edge_t *); extern void edge_del(edge_t *); extern edge_t *lookup_edge(struct node_t *, struct node_t *); -extern void dump_vertices(void); +extern void dump_edges(void); #endif /* __TINC_EDGE_H__ */ diff --git a/src/graph.c b/src/graph.c new file mode 100644 index 00000000..50695e4a --- /dev/null +++ b/src/graph.c @@ -0,0 +1,111 @@ +/* + graph.c -- graph algorithms + Copyright (C) 2001 Guus Sliepen , + 2001 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: graph.c,v 1.1.2.1 2001/10/28 10:16:18 guus Exp $ +*/ + +/* We need to generate two trees from the graph: + + 1. A minimum spanning tree for broadcasts, + 2. A single-source shortest path tree for unicasts. + + Actually, the first one alone would suffice but would make unicast packets + take longer routes than necessary. + + For the MST algorithm we can choose from Prim's or Kruskal's. I personally + favour Kruskal's, because we make an extra AVL tree of edges sorted on + weights (metric). That tree only has to be updated when an edge is added or + removed, and during the MST algorithm we just have go linearly through that + tree, adding safe edges until #edges = #nodes - 1. + + For the SSSP algorithm Dijkstra's seems to be a nice choice. +*/ + +#include +#include "config.h" + +#include "node.h" +#include "edge.h" +#include "connection.h" + +#include "system.h" + +/* Implementation of Kruskal's algorithm. + Running time: O(V) + Please note that sorting on weight is already done by add_vertex(). +*/ + +void kruskal(void) +{ + avl_node_t *node; + edge_t *e; + node_t *n; + connection_t *c; + int nodes; + int safe_edges = 0; + + syslog(LOG_DEBUG, _("Running Kruskal's algorithm:")); + + /* Clear MST status on nodes */ + + for(node = node_tree->head; node; node = node->next) + { + n = (node_t *)node->data; + n->status.mst = 0; + node++; + } + + /* Clear MST status on connections */ + + for(node = connection_tree->head; node; node = node->next) + { + c = (edge_t *)node->data; + c->status.mst = 0; + } + + /* Add safe edges */ + + for(node = edge_weight_tree->head; node; node = node->next) + { +// Algorithm should work without this: +// if(safe_edges = nodes - 1) +// break; + + e = (edge_t *)node->data; + + if(e->from->status.mst && e->to->status.mst) + continue; + + e->from->status.mst = 1; + e->to->status.mst = 1; + if(e->connection) + e->connection->status.mst = 1; + + safe_edges++; + + syslog(LOG_DEBUG, _("Adding safe edge %s - %s weight %d"), e->from->name, e->to->name, e->weight); + } + + syslog(LOG_DEBUG, _("Done.")); + + if(safe_edges != nodes - 1) + { + syslog(LOG_ERR, _("Implementation of Kruskal's algorithm is screwed: %d nodes, found %d safe edges"), nodes, safe_edges); + } +} diff --git a/src/net.c b/src/net.c index 35d9563c..0e7dcc9d 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.140 2001/10/28 08:41:19 guus Exp $ + $Id: net.c,v 1.35.4.141 2001/10/28 10:16:18 guus Exp $ */ #include "config.h" @@ -776,7 +776,7 @@ cp init_connections(); init_subnets(); init_nodes(); - init_vertices(); + init_edges(); if(get_config_int(lookup_config(config_tree, "PingTimeout"), &timeout)) { diff --git a/src/node.h b/src/node.h index 9f2a35a7..b7c77e63 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.5 2001/10/27 12:13:17 guus Exp $ + $Id: node.h,v 1.1.2.6 2001/10/28 10:16:18 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -32,7 +32,8 @@ typedef struct node_status_t { int active:1; /* 1 if active.. */ int validkey:1; /* 1 if we currently have a valid key for him */ int waitingforkey:1; /* 1 if we already sent out a request */ - int unused:29; + int mst:1; /* 1 if this node has been visited by the MST algorithm */ + int unused:28; } node_status_t; typedef struct node_t { diff --git a/src/process.c b/src/process.c index 86153b5a..525836b8 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.28 2001/10/27 15:19:13 guus Exp $ + $Id: process.c,v 1.1.2.29 2001/10/28 10:16:18 guus Exp $ */ #include "config.h" @@ -380,7 +380,7 @@ sigusr2_handler(int a, siginfo_t *info, void *b) { dump_device_stats(); dump_nodes(); - dump_vertices(); + dump_edges(); dump_subnets(); } diff --git a/src/protocol.c b/src/protocol.c index d1bb524f..2771405c 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.110 2001/10/28 08:41:19 guus Exp $ + $Id: protocol.c,v 1.28.4.111 2001/10/28 10:16:18 guus Exp $ */ #include "config.h" @@ -600,7 +600,7 @@ cp c->edge->from = myself; c->edge->to = n; - c->edge->metric = 1; + c->edge->weight = 1; c->edge->connection = c; edge_add(c->edge); @@ -934,19 +934,19 @@ cp return 0; } -/* Vertices */ +/* Edges */ -int send_add_edge(connection_t *c, edge_t *v) +int send_add_edge(connection_t *c, edge_t *e) { cp return send_request(c, "%d %s %s %lx", ADD_NODE, - v->from->name, v->to->name, v->options); + e->from->name, e->to->name, e->options); } int add_edge_h(connection_t *c) { connection_t *other; - edge_t *v; + edge_t *e; node_t *from, *to; char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; @@ -993,19 +993,19 @@ cp /* Check if node already exists */ - v = lookup_edge(from, to); + e = lookup_edge(from, to); - if(v) + if(e) { /* Check if it matches */ } else { - v = new_edge(); - v->from = from; - v->to = to; - v->options = options; - edge_add(v); + e = new_edge(); + e->from = from; + e->to = to; + e->options = options; + edge_add(e); } /* Tell the rest about the new edge */ @@ -1014,23 +1014,23 @@ cp { other = (connection_t *)node->data; if(other->status.active && other != c) - send_add_edge(other, v); + send_add_edge(other, e); } cp return 0; } -int send_del_edge(connection_t *c, edge_t *v) +int send_del_edge(connection_t *c, edge_t *e) { cp return send_request(c, "%d %s %s %lx", DEL_EDGE, - v->from->name, v->to->name, v->options); + e->from->name, e->to->name, e->options); } int del_edge_h(connection_t *c) { - edge_t *v; + edge_t *e; char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; node_t *from, *to; @@ -1079,9 +1079,9 @@ cp /* Check if edge exists */ - v = lookup_edge(from, to); + e = lookup_edge(from, to); - if(v) + if(e) { /* Check if it matches */ } @@ -1097,12 +1097,12 @@ cp { other = (connection_t *)node->data; if(other->status.active && other != c) - send_del_edge(other, v); + send_del_edge(other, e); } /* Delete the edge */ - edge_del(v); + edge_del(e); cp return 0; } From b6298e2c082035b8238ea08673ced15d0fb7b89a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 28 Oct 2001 22:42:49 +0000 Subject: [PATCH 484/923] - More changes needed for Kruskal's algorithm - Implemented a breadth-first search algorithm as a cheap substitution for a single-source shortest path algorithm. --- src/connection.c | 8 +++- src/connection.h | 6 ++- src/edge.c | 43 +++++++++++++++---- src/edge.h | 4 +- src/graph.c | 105 +++++++++++++++++++++++++++++++++++++++++------ src/node.c | 9 +++- src/node.h | 8 ++-- src/protocol.c | 16 ++++++-- src/subnet.c | 39 ++++++++++++++---- src/subnet.h | 6 ++- 10 files changed, 200 insertions(+), 44 deletions(-) diff --git a/src/connection.c b/src/connection.c index 8fb96112..1bad1182 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.22 2001/10/28 08:41:19 guus Exp $ + $Id: connection.c,v 1.1.2.23 2001/10/28 22:42:49 guus Exp $ */ #include "config.h" @@ -25,6 +25,7 @@ #include #include #include +#include #include #include @@ -65,6 +66,11 @@ connection_t *new_connection(void) connection_t *c; cp c = (connection_t *)xmalloc_and_zero(sizeof(connection_t)); + + if(!c) + return NULL; + + gettimeofday(&c->start, NULL); cp return c; } diff --git a/src/connection.h b/src/connection.h index 9f2bf275..5307147a 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,12 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.19 2001/10/28 10:16:18 guus Exp $ + $Id: connection.h,v 1.1.2.20 2001/10/28 22:42:49 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ #define __TINC_CONNECTION_H__ +#include + #include #include @@ -71,6 +73,8 @@ typedef struct connection_t { int socket; /* socket used for this connection */ long int options; /* options for this connection */ struct connection_status_t status; /* status info */ + int estimated_weight; /* estimation for the weight of the edge for this connection */ + struct timeval start; /* time this connection was started, used for above estimation */ struct node_t *node; /* node associated with the other end */ struct edge_t *edge; /* edge associated with this connection */ diff --git a/src/edge.c b/src/edge.c index aee1be0f..92abbb3c 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.2 2001/10/28 10:16:18 guus Exp $ + $Id: edge.c,v 1.1.2.3 2001/10/28 22:42:49 guus Exp $ */ #include "config.h" @@ -65,17 +65,11 @@ int edge_compare(edge_t *a, edge_t *b) */ -int edge_weight_compare(edge_t *a, edge_t *b) +int edge_name_compare(edge_t *a, edge_t *b) { int result; char *name_a1, *name_a2, *name_b1, *name_b2; - - result = a->weight - b->weight; - - if(result) - return result; - if(strcmp(a->from->name, a->to->name) < 0) name_a1 = a->from->name, name_a2 = a->to->name; else @@ -94,6 +88,18 @@ int edge_weight_compare(edge_t *a, edge_t *b) return strcmp(name_a2, name_b2); } +int edge_weight_compare(edge_t *a, edge_t *b) +{ + int result; + + result = a->weight - b->weight; + + if(result) + return result; + else + return edge_name_compare(a, b); +} + void init_edges(void) { cp @@ -102,6 +108,20 @@ cp cp } +avl_tree_t *new_edge_tree(void) +{ +cp + edge_tree = avl_alloc_tree((avl_compare_t)edge_name_compare, NULL); +cp +} + +void free_edge_tree(avl_tree_t *edge_tree) +{ +cp + avl_delete_tree(edge_tree); +cp +} + void exit_edges(void) { cp @@ -113,8 +133,9 @@ cp edge_t *new_edge(void) { + edge_t *e; cp - edge_t *e = (edge_t *)xmalloc_and_zero(sizeof(*e)); + e = (edge_t *)xmalloc_and_zero(sizeof(*e)); cp return e; } @@ -131,6 +152,8 @@ void edge_add(edge_t *e) cp avl_insert(edge_tree, e); avl_insert(edge_weight_tree, e); + avl_insert(e->from->edge_tree, e); + avl_insert(e->to->edge_tree, e); cp } @@ -139,6 +162,8 @@ void edge_del(edge_t *e) cp avl_delete(edge_tree, e); avl_delete(edge_weight_tree, e); + avl_delete(e->from->edge_tree, e); + avl_delete(e->to->edge_tree, e); cp } diff --git a/src/edge.h b/src/edge.h index 3bd475e6..4fff3878 100644 --- a/src/edge.h +++ b/src/edge.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.2 2001/10/28 10:16:18 guus Exp $ + $Id: edge.h,v 1.1.2.3 2001/10/28 22:42:49 guus Exp $ */ #ifndef __TINC_EDGE_H__ @@ -55,6 +55,8 @@ extern void init_edges(void); extern void exit_edges(void); extern edge_t *new_edge(void); extern void free_edge(edge_t *); +extern avl_tree_t *new_edge_tree(void); +extern void free_edge_tree(avl_tree_t *); extern void edge_add(edge_t *); extern void edge_del(edge_t *); extern edge_t *lookup_edge(struct node_t *, struct node_t *); diff --git a/src/graph.c b/src/graph.c index 50695e4a..c7ca8af1 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.1 2001/10/28 10:16:18 guus Exp $ + $Id: graph.c,v 1.1.2.2 2001/10/28 22:42:49 guus Exp $ */ /* We need to generate two trees from the graph: @@ -34,12 +34,15 @@ removed, and during the MST algorithm we just have go linearly through that tree, adding safe edges until #edges = #nodes - 1. - For the SSSP algorithm Dijkstra's seems to be a nice choice. + For the SSSP algorithm Dijkstra's seems to be a nice choice. Currently a + simple breadth-first search is presented here. */ #include #include "config.h" +#include + #include "node.h" #include "edge.h" #include "connection.h" @@ -47,35 +50,35 @@ #include "system.h" /* Implementation of Kruskal's algorithm. - Running time: O(V) - Please note that sorting on weight is already done by add_vertex(). + Running time: O(E) + Please note that sorting on weight is already done by add_edge(). */ -void kruskal(void) +void mst_kruskal(void) { avl_node_t *node; edge_t *e; node_t *n; connection_t *c; - int nodes; + int nodes = 0; int safe_edges = 0; syslog(LOG_DEBUG, _("Running Kruskal's algorithm:")); - /* Clear MST status on nodes */ + /* Clear visited status on nodes */ for(node = node_tree->head; node; node = node->next) { n = (node_t *)node->data; - n->status.mst = 0; - node++; + n->status.visited = 0; + nodes++; } /* Clear MST status on connections */ for(node = connection_tree->head; node; node = node->next) { - c = (edge_t *)node->data; + c = (connection_t *)node->data; c->status.mst = 0; } @@ -89,11 +92,11 @@ void kruskal(void) e = (edge_t *)node->data; - if(e->from->status.mst && e->to->status.mst) + if(e->from->status.visited && e->to->status.visited) continue; - e->from->status.mst = 1; - e->to->status.mst = 1; + e->from->status.visited = 1; + e->to->status.visited = 1; if(e->connection) e->connection->status.mst = 1; @@ -109,3 +112,79 @@ void kruskal(void) syslog(LOG_ERR, _("Implementation of Kruskal's algorithm is screwed: %d nodes, found %d safe edges"), nodes, safe_edges); } } + +/* Implementation of a simple breadth-first search algorithm. + Running time: O(E) +*/ + +void sssp_bfs(void) +{ + avl_node_t *node, *from, *next, *to; + edge_t *e; + node_t *n, *check; + int nodes = 0; + int visited = 0; + avl_tree_t *todo_tree; + + syslog(LOG_DEBUG, _("Running BFS algorithm:")); + + todo_tree = avl_alloc_tree(NULL, NULL); + + /* Clear visited status on nodes */ + + for(node = node_tree->head; node; node = node->next) + { + n = (node_t *)node->data; + n->status.visited = 0; + nodes++; + } + + /* Begin with myself */ + + myself->status.visited = 1; + myself->nexthop = myself; + myself->via = myself; + node = avl_alloc_node(); + node->data = myself; + avl_insert_top(todo_tree, node); + visited++; + + /* Loop while todo_tree is filled */ + + while(todo_tree->head) + { + for(from = todo_tree->head; from; from = next) + { + next = from->next; + n = (node_t *)from->data; + + for(to = n->edge_tree->head; to; to = to->next) + { + e = (edge_t *)to->data; + + if(e->from == n) + check = e->to; + else + check = e->from; + + if(!check->status.visited) + { + check->status.visited = 1; + check->nexthop = (n->nexthop == myself)?n:n->nexthop; + check->via = check; /* FIXME: only if !(e->options & INDIRECT), otherwise use n->via */ + avl_insert_before(todo_tree, todo_tree->head, to); + visited++; + } + } + + avl_delete_node(todo_tree, from); + } + } + + syslog(LOG_DEBUG, _("Done.")); + + if(visited != nodes) + { + syslog(LOG_ERR, _("Implementation of BFS algorithm is screwed: %d nodes, visited %d"), nodes, visited); + } +} diff --git a/src/node.c b/src/node.c index 3776d184..f50d365f 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.3 2001/10/27 13:13:35 guus Exp $ + $Id: node.c,v 1.1.2.4 2001/10/28 22:42:49 guus Exp $ */ #include "config.h" @@ -73,7 +73,8 @@ node_t *new_node(void) { node_t *n = (node_t *)xmalloc_and_zero(sizeof(*n)); cp - n->subnet_tree = avl_alloc_tree((avl_compare_t)subnet_compare, NULL); + n->subnet_tree = new_subnet_tree(); + n->edge_tree = new_edge_tree(); n->queue = list_alloc((list_action_t)free); cp return n; @@ -90,6 +91,10 @@ cp free(n->hostname); if(n->key) free(n->key); + if(n->subnet_tree) + free_subnet_tree(n->subnet_tree); + if(n->edge_tree) + free_edge_tree(n->edge_tree); free(n); cp } diff --git a/src/node.h b/src/node.h index b7c77e63..cc81b3b4 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.6 2001/10/28 10:16:18 guus Exp $ + $Id: node.h,v 1.1.2.7 2001/10/28 22:42:49 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -32,7 +32,7 @@ typedef struct node_status_t { int active:1; /* 1 if active.. */ int validkey:1; /* 1 if we currently have a valid key for him */ int waitingforkey:1; /* 1 if we already sent out a request */ - int mst:1; /* 1 if this node has been visited by the MST algorithm */ + int visited:1; /* 1 if this node has been visited by one of the graph algorithms */ int unused:28; } node_status_t; @@ -50,13 +50,15 @@ typedef struct node_t { char *key; /* Cipher key and iv */ int keylength; /* Cipher key and iv length*/ - list_t *queue; /* Queue for packets awaiting to be encrypted */ + list_t *queue; /* Queue for packets awaiting to be encrypted */ struct node_t *nexthop; /* nearest node from us to him */ struct node_t *via; /* next hop for UDP packets */ avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */ + avl_tree_t *edge_tree; /* Edges with this node as one of the endpoints */ + struct connection_t *connection; /* Connection associated with this node (if a direct connection exists) */ } node_t; diff --git a/src/protocol.c b/src/protocol.c index 2771405c..63b10b1e 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.111 2001/10/28 10:16:18 guus Exp $ + $Id: protocol.c,v 1.28.4.112 2001/10/28 22:42:49 guus Exp $ */ #include "config.h" @@ -526,18 +526,26 @@ int send_ack(connection_t *c) { /* ACK message contains rest of the information the other end needs to create node_t and edge_t structures. */ + + struct timeval now; + + /* Estimate weight */ + + gettimeofday(&now, NULL); + c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; cp - return send_request(c, "%d %d", ACK, myself->port); + return send_request(c, "%d %hd %d", ACK, myself->port, c->estimated_weight); } int ack_h(connection_t *c) { port_t port; + int weight; node_t *n; subnet_t *s; avl_node_t *node, *node2; cp - if(sscanf(c->buffer, "%*d %hd", &port) != 1) + if(sscanf(c->buffer, "%*d %hd %d", &port, &weight) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); return -1; @@ -600,7 +608,7 @@ cp c->edge->from = myself; c->edge->to = n; - c->edge->weight = 1; + c->edge->weight = (weight + c->estimated_weight) / 2; c->edge->connection = c; edge_add(c->edge); diff --git a/src/subnet.c b/src/subnet.c index fff384ff..99d97bcd 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.26 2001/10/27 13:13:35 guus Exp $ + $Id: subnet.c,v 1.1.2.27 2001/10/28 22:42:49 guus Exp $ */ #include "config.h" @@ -40,13 +40,6 @@ avl_tree_t *subnet_tree; -void init_subnets(void) -{ -cp - subnet_tree = avl_alloc_tree((avl_compare_t)subnet_compare, (avl_action_t)free_subnet); -cp -} - /* Subnet comparison */ int subnet_compare_mac(subnet_t *a, subnet_t *b) @@ -121,6 +114,36 @@ cp } } +/* Initialising trees */ + +void init_subnets(void) +{ +cp + subnet_tree = avl_alloc_tree((avl_compare_t)subnet_compare, (avl_action_t)free_subnet); +cp +} + +void exit_subnets(void) +{ +cp + avl_delete_tree(subnet_tree); +cp +} + +avl_tree_t *new_subnet_tree(void) +{ +cp + return avl_alloc_tree((avl_compare_t)subnet_compare, NULL); +cp +} + +void free_subnet_tree(avl_tree_t *subnet_tree) +{ +cp + avl_delete_tree(subnet_tree); +cp +} + /* Allocating and freeing space for subnets */ subnet_t *new_subnet(void) diff --git a/src/subnet.h b/src/subnet.h index 50cfefd7..d1dd9651 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.12 2001/10/27 13:13:35 guus Exp $ + $Id: subnet.h,v 1.1.2.13 2001/10/28 22:42:49 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -72,11 +72,13 @@ typedef struct subnet_t { extern subnet_t *new_subnet(void); extern void free_subnet(subnet_t *); extern void init_subnets(void); +extern void exit_subnets(void); +extern avl_tree_t *new_subnet_tree(void); +extern void free_subnet_tree(avl_tree_t *); extern void subnet_add(struct node_t *, subnet_t *); extern void subnet_del(struct node_t *, subnet_t *); extern char *net2str(subnet_t *); extern subnet_t *str2net(char *); -extern int subnet_compare(subnet_t *, subnet_t *); extern subnet_t *lookup_subnet(struct node_t *, subnet_t *); extern subnet_t *lookup_subnet_mac(mac_t *); extern subnet_t *lookup_subnet_ipv4(ipv4_t *); From cc9473d8c6467e9eaa82fe8a639d8edba232ee76 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 29 Oct 2001 13:14:57 +0000 Subject: [PATCH 485/923] Working version of Kruskal's algorithm. The running time is very bad though. --- src/graph.c | 46 ++++++++++++++++++++++++++++++++-------------- src/graph.h | 25 +++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 14 deletions(-) create mode 100644 src/graph.h diff --git a/src/graph.c b/src/graph.c index c7ca8af1..7b8880dc 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,17 +17,17 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.2 2001/10/28 22:42:49 guus Exp $ + $Id: graph.c,v 1.1.2.3 2001/10/29 13:14:57 guus Exp $ */ /* We need to generate two trees from the graph: 1. A minimum spanning tree for broadcasts, 2. A single-source shortest path tree for unicasts. - + Actually, the first one alone would suffice but would make unicast packets take longer routes than necessary. - + For the MST algorithm we can choose from Prim's or Kruskal's. I personally favour Kruskal's, because we make an extra AVL tree of edges sorted on weights (metric). That tree only has to be updated when an edge is added or @@ -40,6 +40,7 @@ #include #include "config.h" +#include #include @@ -50,7 +51,7 @@ #include "system.h" /* Implementation of Kruskal's algorithm. - Running time: O(E) + Running time: O(EN) Please note that sorting on weight is already done by add_edge(). */ @@ -62,7 +63,8 @@ void mst_kruskal(void) connection_t *c; int nodes = 0; int safe_edges = 0; - + int skipped; + syslog(LOG_DEBUG, _("Running Kruskal's algorithm:")); /* Clear visited status on nodes */ @@ -74,6 +76,10 @@ void mst_kruskal(void) nodes++; } + /* Starting point */ + + ((edge_t *)edge_weight_tree->head->data)->from->status.visited = 1; + /* Clear MST status on connections */ for(node = connection_tree->head; node; node = node->next) @@ -84,25 +90,32 @@ void mst_kruskal(void) /* Add safe edges */ - for(node = edge_weight_tree->head; node; node = node->next) + while(safe_edges < nodes - 1) + for(skipped = 0, node = edge_weight_tree->head; node; node = node->next) { // Algorithm should work without this: // if(safe_edges = nodes - 1) // break; e = (edge_t *)node->data; - - if(e->from->status.visited && e->to->status.visited) - continue; + + if(e->from->status.visited == e->to->status.visited) + { + skipped = 1; + continue; + } e->from->status.visited = 1; e->to->status.visited = 1; if(e->connection) e->connection->status.mst = 1; - safe_edges++; + safe_edges++; syslog(LOG_DEBUG, _("Adding safe edge %s - %s weight %d"), e->from->name, e->to->name, e->weight); + + if(skipped) + break; } syslog(LOG_DEBUG, _("Done.")); @@ -125,7 +138,7 @@ void sssp_bfs(void) int nodes = 0; int visited = 0; avl_tree_t *todo_tree; - + syslog(LOG_DEBUG, _("Running BFS algorithm:")); todo_tree = avl_alloc_tree(NULL, NULL); @@ -157,7 +170,7 @@ void sssp_bfs(void) { next = from->next; n = (node_t *)from->data; - + for(to = n->edge_tree->head; to; to = to->next) { e = (edge_t *)to->data; @@ -170,10 +183,13 @@ void sssp_bfs(void) if(!check->status.visited) { check->status.visited = 1; - check->nexthop = (n->nexthop == myself)?n:n->nexthop; + check->nexthop = (n->nexthop == myself) ? n : n->nexthop; check->via = check; /* FIXME: only if !(e->options & INDIRECT), otherwise use n->via */ - avl_insert_before(todo_tree, todo_tree->head, to); + node = avl_alloc_node(); + node->data = check; + avl_insert_before(todo_tree, from, node); visited++; + syslog(LOG_DEBUG, _("Node %s nexthop %s via %s"), check->name, check->nexthop->name, check->via->name); } } @@ -183,6 +199,8 @@ void sssp_bfs(void) syslog(LOG_DEBUG, _("Done.")); + avl_free_tree(todo_tree); + if(visited != nodes) { syslog(LOG_ERR, _("Implementation of BFS algorithm is screwed: %d nodes, visited %d"), nodes, visited); diff --git a/src/graph.h b/src/graph.h new file mode 100644 index 00000000..c69fc98b --- /dev/null +++ b/src/graph.h @@ -0,0 +1,25 @@ +/* + graph.h -- header for graph.c + Copyright (C) 2001 Guus Sliepen , + 2001 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: graph.h,v 1.1.2.1 2001/10/29 13:14:57 guus Exp $ +*/ + +extern void mst_kruskal(void); +extern void mst_prim(void); +extern void sssp_bfs(void); From 87ad5c97a9a73a65050ad7adce34503f856d8665 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 30 Oct 2001 12:59:12 +0000 Subject: [PATCH 486/923] Various fixes, tinc is now somewhat capable of actually working again. --- src/Makefile.am | 4 ++-- src/edge.c | 8 +++---- src/graph.c | 38 ++++-------------------------- src/net.c | 33 +++++++------------------- src/node.c | 8 +++---- src/protocol.c | 62 ++++++++++++++++++++++++++++++++++++++++--------- src/subnet.c | 16 ++++--------- 7 files changed, 80 insertions(+), 89 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index c74433d4..8f5d21d2 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.16 2001/10/28 10:16:18 guus Exp $ +# $Id: Makefile.am,v 1.4.4.17 2001/10/30 12:59:12 guus Exp $ sbin_PROGRAMS = tincd @@ -8,7 +8,7 @@ tincd_SOURCES = conf.c connection.c device.c edge.c graph.c meta.c net.c netutl. INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl -noinst_HEADERS = conf.h connection.h device.h edge.h meta.h net.h netutl.h node.h process.h \ +noinst_HEADERS = conf.h connection.h device.h edge.h graph.h meta.h net.h netutl.h node.h process.h \ protocol.h route.h subnet.h LIBS = @LIBS@ @INTLLIBS@ diff --git a/src/edge.c b/src/edge.c index 92abbb3c..451bb084 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.3 2001/10/28 22:42:49 guus Exp $ + $Id: edge.c,v 1.1.2.4 2001/10/30 12:59:12 guus Exp $ */ #include "config.h" @@ -111,7 +111,7 @@ cp avl_tree_t *new_edge_tree(void) { cp - edge_tree = avl_alloc_tree((avl_compare_t)edge_name_compare, NULL); + return avl_alloc_tree((avl_compare_t)edge_name_compare, NULL); cp } @@ -195,8 +195,8 @@ cp for(node = edge_tree->head; node; node = node->next) { e = (edge_t *)node->data; - syslog(LOG_DEBUG, _(" %s - %s options %ld"), - e->from->name, e->to->name, e->options); + syslog(LOG_DEBUG, _(" %s - %s options %ld weight %d"), + e->from->name, e->to->name, e->options, e->weight); } syslog(LOG_DEBUG, _("End of edges.")); diff --git a/src/graph.c b/src/graph.c index 7b8880dc..53cf6a99 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.3 2001/10/29 13:14:57 guus Exp $ + $Id: graph.c,v 1.1.2.4 2001/10/30 12:59:12 guus Exp $ */ /* We need to generate two trees from the graph: @@ -32,7 +32,9 @@ favour Kruskal's, because we make an extra AVL tree of edges sorted on weights (metric). That tree only has to be updated when an edge is added or removed, and during the MST algorithm we just have go linearly through that - tree, adding safe edges until #edges = #nodes - 1. + tree, adding safe edges until #edges = #nodes - 1. The implementation here + however is not so fast, because I tried to avoid having to make a forest and + merge trees. For the SSSP algorithm Dijkstra's seems to be a nice choice. Currently a simple breadth-first search is presented here. @@ -65,8 +67,6 @@ void mst_kruskal(void) int safe_edges = 0; int skipped; - syslog(LOG_DEBUG, _("Running Kruskal's algorithm:")); - /* Clear visited status on nodes */ for(node = node_tree->head; node; node = node->next) @@ -93,10 +93,6 @@ void mst_kruskal(void) while(safe_edges < nodes - 1) for(skipped = 0, node = edge_weight_tree->head; node; node = node->next) { -// Algorithm should work without this: -// if(safe_edges = nodes - 1) -// break; - e = (edge_t *)node->data; if(e->from->status.visited == e->to->status.visited) @@ -112,18 +108,9 @@ void mst_kruskal(void) safe_edges++; - syslog(LOG_DEBUG, _("Adding safe edge %s - %s weight %d"), e->from->name, e->to->name, e->weight); - if(skipped) break; } - - syslog(LOG_DEBUG, _("Done.")); - - if(safe_edges != nodes - 1) - { - syslog(LOG_ERR, _("Implementation of Kruskal's algorithm is screwed: %d nodes, found %d safe edges"), nodes, safe_edges); - } } /* Implementation of a simple breadth-first search algorithm. @@ -135,12 +122,8 @@ void sssp_bfs(void) avl_node_t *node, *from, *next, *to; edge_t *e; node_t *n, *check; - int nodes = 0; - int visited = 0; avl_tree_t *todo_tree; - syslog(LOG_DEBUG, _("Running BFS algorithm:")); - todo_tree = avl_alloc_tree(NULL, NULL); /* Clear visited status on nodes */ @@ -149,7 +132,6 @@ void sssp_bfs(void) { n = (node_t *)node->data; n->status.visited = 0; - nodes++; } /* Begin with myself */ @@ -160,7 +142,6 @@ void sssp_bfs(void) node = avl_alloc_node(); node->data = myself; avl_insert_top(todo_tree, node); - visited++; /* Loop while todo_tree is filled */ @@ -183,13 +164,11 @@ void sssp_bfs(void) if(!check->status.visited) { check->status.visited = 1; - check->nexthop = (n->nexthop == myself) ? n : n->nexthop; + check->nexthop = (n->nexthop == myself) ? check : n->nexthop; check->via = check; /* FIXME: only if !(e->options & INDIRECT), otherwise use n->via */ node = avl_alloc_node(); node->data = check; avl_insert_before(todo_tree, from, node); - visited++; - syslog(LOG_DEBUG, _("Node %s nexthop %s via %s"), check->name, check->nexthop->name, check->via->name); } } @@ -197,12 +176,5 @@ void sssp_bfs(void) } } - syslog(LOG_DEBUG, _("Done.")); - avl_free_tree(todo_tree); - - if(visited != nodes) - { - syslog(LOG_ERR, _("Implementation of BFS algorithm is screwed: %d nodes, visited %d"), nodes, visited); - } } diff --git a/src/net.c b/src/net.c index 0e7dcc9d..1e37a798 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.141 2001/10/28 10:16:18 guus Exp $ + $Id: net.c,v 1.35.4.142 2001/10/30 12:59:12 guus Exp $ */ #include "config.h" @@ -192,32 +192,17 @@ cp return; } - if(!n->status.active) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("%s (%s) is not active, dropping packet"), - n->name, n->hostname); - - return; - } -/* FIXME - if(n->via == myself) - via = n->nexthop; - else - via = n->via; - - if(via != n && debug_lvl >= DEBUG_TRAFFIC) + if(n->via != n && debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), - n->name, via->name, via->hostname); + n->name, n->via->name, n->via->hostname); - if((myself->options | via->options) & OPTION_TCPONLY) + if((myself->options | n->via->options) & OPTION_TCPONLY) { - if(send_tcppacket(via->connection, packet)) - terminate_connection(via->connection, 1); + if(send_tcppacket(n->via->connection, packet)) + terminate_connection(n->via->connection, 1); } else - send_udppacket(via, packet); -*/ + send_udppacket(n->via, packet); } /* Broadcast a packet to all active direct connections */ @@ -922,7 +907,7 @@ cp if(!n) { - syslog(LOG_WARNING, _("Received UDP packets on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + syslog(LOG_WARNING, _("Received UDP packet on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); return; } /* @@ -1061,7 +1046,7 @@ cp get_config_string(cfg, &name); cfg = lookup_config_next(config_tree, cfg); /* Next time skip to next ConnectTo line */ - if(!setup_outgoing_connection(name)) /* function returns 0 when there are no problems */ + if(setup_outgoing_connection(name)) /* function returns 0 when there are no problems */ retry = 1; } diff --git a/src/node.c b/src/node.c index f50d365f..95a1d4f7 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.4 2001/10/28 22:42:49 guus Exp $ + $Id: node.c,v 1.1.2.5 2001/10/30 12:59:12 guus Exp $ */ #include "config.h" @@ -43,7 +43,7 @@ int node_compare(node_t *a, node_t *b) return strcmp(a->name, b->name); } -int node_udp_compare(connection_t *a, connection_t *b) +int node_udp_compare(node_t *a, node_t *b) { if(a->address < b->address) return -1; @@ -142,9 +142,9 @@ cp for(node = node_tree->head; node; node = node->next) { n = (node_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld status %04x"), + syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld status %04x nexthop %s via %s"), n->name, n->hostname, n->port, n->options, - n->status); + n->status, n->nexthop->name, n->via->name); } syslog(LOG_DEBUG, _("End of nodes.")); diff --git a/src/protocol.c b/src/protocol.c index 63b10b1e..2744592e 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.112 2001/10/28 22:42:49 guus Exp $ + $Id: protocol.c,v 1.28.4.113 2001/10/30 12:59:12 guus Exp $ */ #include "config.h" @@ -56,6 +56,7 @@ #include "connection.h" #include "node.h" #include "edge.h" +#include "graph.h" #include "system.h" @@ -543,6 +544,8 @@ int ack_h(connection_t *c) int weight; node_t *n; subnet_t *s; + edge_t *e; + connection_t *other; avl_node_t *node, *node2; cp if(sscanf(c->buffer, "%*d %hd %d", &port, &weight) != 2) @@ -559,6 +562,7 @@ cp { n = new_node(); n->name = xstrdup(c->name); + n->address = c->address; n->hostname = xstrdup(c->hostname); n->port = port; @@ -617,6 +621,8 @@ cp c->allow_request = ALL; c->status.active = 1; + c->node->cipher = EVP_bf_cbc(); + c->node->keylength = c->node->cipher->key_len + c->node->cipher->iv_len; if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); @@ -639,13 +645,6 @@ cp if(n == c->node || n == myself) continue; - /* Notify others of this connection */ - - if(n->connection) - send_add_node(n->connection, c->node); - - /* Notify new connection of everything we know */ - send_add_node(c, n); for(node2 = c->node->subnet_tree->head; node2; node2 = node2->next) @@ -654,6 +653,36 @@ cp send_add_subnet(c, s); } } + + /* Send all known edges */ + + for(node = edge_tree->head; node; node = node->next) + { + e = (edge_t *)node->data; + + if(e == c->edge) + continue; + + send_add_edge(c, e); + } + + /* Notify others of this connection */ + + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + + if(other == c) + continue; + + send_add_node(other, c->node); + send_add_edge(other, c->edge); + } + + /* Run MST and SSSP algorithms */ + + mst_kruskal(); + sssp_bfs(); cp return 0; } @@ -947,8 +976,8 @@ cp int send_add_edge(connection_t *c, edge_t *e) { cp - return send_request(c, "%d %s %s %lx", ADD_NODE, - e->from->name, e->to->name, e->options); + return send_request(c, "%d %s %s %lx %d", ADD_NODE, + e->from->name, e->to->name, e->options, e->weight); } int add_edge_h(connection_t *c) @@ -959,9 +988,10 @@ int add_edge_h(connection_t *c) char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; long int options; + int weight; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %lx", from_name, to_name, &options) != 3) + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %lx %d", from_name, to_name, &options, &weight) != 4) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, c->hostname); return -1; @@ -1013,6 +1043,7 @@ cp e->from = from; e->to = to; e->options = options; + e->weight = weight; edge_add(e); } @@ -1025,6 +1056,10 @@ cp send_add_edge(other, e); } + /* Run MST before or after we tell the rest? */ + + mst_kruskal(); + sssp_bfs(); cp return 0; } @@ -1111,6 +1146,11 @@ cp /* Delete the edge */ edge_del(e); + + /* Run MST before or after we tell the rest? */ + + mst_kruskal(); + sssp_bfs(); cp return 0; } diff --git a/src/subnet.c b/src/subnet.c index 99d97bcd..1b7bc386 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.27 2001/10/28 22:42:49 guus Exp $ + $Id: subnet.c,v 1.1.2.28 2001/10/30 12:59:12 guus Exp $ */ #include "config.h" @@ -44,14 +44,8 @@ avl_tree_t *subnet_tree; int subnet_compare_mac(subnet_t *a, subnet_t *b) { - int result; cp - result = memcmp(&a->net.mac.address, &b->net.mac.address, sizeof(mac_t)); - - if(result) - return result; - - return strcmp(a->owner->name, b->owner->name); + return memcmp(&a->net.mac.address, &b->net.mac.address, sizeof(mac_t)); } int subnet_compare_ipv4(subnet_t *a, subnet_t *b) @@ -69,7 +63,7 @@ cp else if(a->net.ipv4.mask > b->net.ipv4.mask) return 1; - return strcmp(a->owner->name, b->owner->name); + return 0; } int subnet_compare_ipv6(subnet_t *a, subnet_t *b) @@ -88,7 +82,7 @@ cp if(result) return result; - return strcmp(a->owner->name, b->owner->name); + return 0; } int subnet_compare(subnet_t *a, subnet_t *b) @@ -158,7 +152,7 @@ cp free(subnet); } -/* Linked list management */ +/* Adding and removing subnets */ void subnet_add(node_t *n, subnet_t *subnet) { From 2165931c62f0433fd97bd3ac6aefea3627218946 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 30 Oct 2001 16:34:32 +0000 Subject: [PATCH 487/923] More updates to protocol handlers and reimplemented terminate_connection(). --- src/connection.c | 4 +-- src/connection.h | 4 +-- src/net.c | 87 +++++++++++++++++++++++++++++++++++++++++++----- src/protocol.c | 50 ++++++++++++++++++++++------ 4 files changed, 122 insertions(+), 23 deletions(-) diff --git a/src/connection.c b/src/connection.c index 1bad1182..4ee9a1b9 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.23 2001/10/28 22:42:49 guus Exp $ + $Id: connection.c,v 1.1.2.24 2001/10/30 16:34:32 guus Exp $ */ #include "config.h" @@ -54,7 +54,7 @@ cp cp } -void exit_connection(void) +void exit_connections(void) { cp avl_delete_tree(connection_tree); diff --git a/src/connection.h b/src/connection.h index 5307147a..8ab81288 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.20 2001/10/28 22:42:49 guus Exp $ + $Id: connection.h,v 1.1.2.21 2001/10/30 16:34:32 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -104,7 +104,7 @@ typedef struct connection_t { extern avl_tree_t *connection_tree; extern void init_connections(void); -extern void exit_connection(void); +extern void exit_connections(void); extern connection_t *new_connection(void); extern void free_connection(connection_t *); extern void connection_add(connection_t *); diff --git a/src/net.c b/src/net.c index 1e37a798..1895bc18 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.142 2001/10/30 12:59:12 guus Exp $ + $Id: net.c,v 1.35.4.143 2001/10/30 16:34:32 guus Exp $ */ #include "config.h" @@ -81,6 +81,8 @@ int udp_socket = -1; int keylifetime = 0; int keyexpires = 0; +int do_prune = 0; + /* VPN packet I/O */ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) @@ -363,7 +365,6 @@ int setup_outgoing_socket(connection_t *c) { int flags; struct sockaddr_in a; - int option; cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); @@ -804,9 +805,13 @@ cp terminate_connection(c, 0); } -// terminate_connection(myself, 0); + terminate_connection(myself->connection, 0); // destroy_trees(); + exit_edges(); + exit_subnets(); + exit_nodes(); + exit_connections(); execute_script("tinc-down"); @@ -920,15 +925,59 @@ cp /* Terminate a connection: - - Close the sockets - - Remove associated hosts and subnets + - Close the socket + - Remove associated edge and tell other connections about it if report = 1 + - Check if we need to retry making an outgoing connection - Deactivate the host - - Since it might still be referenced, put it on the prune list. - - If report == 1, then send DEL_HOST messages to the other tinc daemons. */ void terminate_connection(connection_t *c, int report) { - /* Needs a serious rewrite. */ + avl_node_t *node; + connection_t *other; +cp + if(c->status.remove) + return; + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), + c->name, c->hostname); + + c->status.remove = 1; + + if(c->socket) + close(c->socket); + + if(c->edge) + { + if(report) + { + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + if(other->status.active && other != c) + send_del_edge(other, c->edge); + } + } + + edge_del(c->edge); + } + + /* Check if this was our outgoing connection */ + + if(c->status.outgoing) + { + c->status.outgoing = 0; + signal(SIGALRM, try_outgoing_connections); + alarm(seconds_till_retry); + syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); + } + + /* Deactivate */ + + c->status.active = 0; + c->node->connection = NULL; + do_prune = 1; +cp } /* @@ -1104,6 +1153,22 @@ cp cp } +void prune_connections(void) +{ + connection_t *c; + avl_node_t *node, *next; +cp + for(node = connection_tree->head; node; node = next) + { + next = node->next; + c = (connection_t *)node->data; + + if(c->status.remove) + connection_del(c); + } +cp +} + /* this is where it all happens... */ @@ -1123,6 +1188,12 @@ cp tv.tv_sec = timeout; tv.tv_usec = 0; + if(do_prune) + { + prune_connections(); + do_prune = 0; + } + build_fdset(&fset); if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) diff --git a/src/protocol.c b/src/protocol.c index 2744592e..c8c41d9f 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.113 2001/10/30 12:59:12 guus Exp $ + $Id: protocol.c,v 1.28.4.114 2001/10/30 16:34:32 guus Exp $ */ #include "config.h" @@ -606,7 +606,7 @@ cp */ - /* Create a edge_t for this connection */ + /* Create an edge_t for this connection */ c->edge = new_edge(); @@ -874,6 +874,11 @@ cp if(n) { /* Check if it matches */ + + if(n->address != address || n->port != port) + syslog(LOG_DEBUG, _("Got %s from %s (%s) for %s which does not match existing entry"), "ADD_NODE", c->name, c->hostname, n->name); + + return 0; } else { @@ -907,11 +912,12 @@ cp int del_node_h(connection_t *c) { node_t *n; + edge_t *e; char name[MAX_STRING_SIZE]; ipv4_t address; port_t port; connection_t *other; - avl_node_t *node; + avl_node_t *node, *next; cp if(sscanf(c->buffer, "%*d "MAX_STRING" %lx:%hd", name, &address, &port) != 3) { @@ -951,8 +957,7 @@ cp if(address != n->address || port != n->port) { - syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which doesn't match"), "DEL_NODE", c->name, c->hostname, n->name); - return 0; + syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which does not match existing entry"), "DEL_NODE", c->name, c->hostname, n->name); } /* Tell the rest about the deleted node */ @@ -964,9 +969,21 @@ cp send_del_node(other, n); } + /* Delete all edges associated with the node */ + + for(node = n->edge_tree->head; node; node = next) + { + next = node->next; + e = (edge_t *)node->data; + edge_del(e); + } + /* Delete the node */ node_del(n); + + mst_kruskal(); + sssp_bfs(); cp return 0; } @@ -1029,13 +1046,19 @@ cp return -1; } - /* Check if node already exists */ + /* Check if edge already exists */ e = lookup_edge(from, to); if(e) { - /* Check if it matches */ + if(e->weight != weight || e->options != options) + { + syslog(LOG_ERR, _("Got %s from %s (%s) which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); + return -1; + } + + return 0; } else { @@ -1067,8 +1090,8 @@ cp int send_del_edge(connection_t *c, edge_t *e) { cp - return send_request(c, "%d %s %s %lx", DEL_EDGE, - e->from->name, e->to->name, e->options); + return send_request(c, "%d %s %s %lx %d", DEL_EDGE, + e->from->name, e->to->name, e->options, e->weight); } int del_edge_h(connection_t *c) @@ -1078,10 +1101,11 @@ int del_edge_h(connection_t *c) char to_name[MAX_STRING_SIZE]; node_t *from, *to; long int options; + int weight; connection_t *other; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %lx", from_name, to_name, &options) != 3) + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %lx %d", from_name, to_name, &options, &weight) != 4) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", c->name, c->hostname); @@ -1126,7 +1150,11 @@ cp if(e) { - /* Check if it matches */ + if(e->weight != weight || e->options != options) + { + syslog(LOG_ERR, _("Got %s from %s (%s) which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); + return -1; + } } else { From c0a3f67a5d66088aaf526f1461986f9e86d5dd1f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 31 Oct 2001 12:50:24 +0000 Subject: [PATCH 488/923] - Small fixes to graph algorithms - More control over tap device, ability to set interface name to something other than the netname. - Export NETNAME, DEVICE and INTERFACE environment variables to scripts. --- src/device.h | 4 +++- src/graph.c | 29 ++++++++++++++++++++++------- src/graph.h | 5 ++--- src/linux/device.c | 40 ++++++++++++++++++++++++---------------- src/net.c | 5 +++-- src/node.c | 19 ++++++++++++++++++- src/process.c | 23 ++++++++++++++++++----- src/protocol.c | 22 ++++++---------------- 8 files changed, 96 insertions(+), 51 deletions(-) diff --git a/src/device.h b/src/device.h index c2c28a13..05dcaaa6 100644 --- a/src/device.h +++ b/src/device.h @@ -17,13 +17,15 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.h,v 1.1.2.3 2001/10/27 13:13:35 guus Exp $ + $Id: device.h,v 1.1.2.4 2001/10/31 12:50:24 guus Exp $ */ #ifndef __TINC_DEVICE_H__ #define __TINC_DEVICE_H__ extern int device_fd; +extern char *device; +extern char *interface; extern int setup_device(void); extern void close_device(void); diff --git a/src/graph.c b/src/graph.c index 53cf6a99..aa1ec72a 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.4 2001/10/30 12:59:12 guus Exp $ + $Id: graph.c,v 1.1.2.5 2001/10/31 12:50:24 guus Exp $ */ /* We need to generate two trees from the graph: @@ -59,7 +59,7 @@ void mst_kruskal(void) { - avl_node_t *node; + avl_node_t *node, *next; edge_t *e; node_t *n; connection_t *c; @@ -90,9 +90,9 @@ void mst_kruskal(void) /* Add safe edges */ - while(safe_edges < nodes - 1) - for(skipped = 0, node = edge_weight_tree->head; node; node = node->next) + for(skipped = 0, node = edge_weight_tree->head; node; node = next) { + next = node->next; e = (edge_t *)node->data; if(e->from->status.visited == e->to->status.visited) @@ -109,7 +109,10 @@ void mst_kruskal(void) safe_edges++; if(skipped) - break; + { + next = edge_weight_tree->head; + continue; + } } } @@ -117,7 +120,7 @@ void mst_kruskal(void) Running time: O(E) */ -void sssp_bfs(void) +void sssp_bfs(int prune) { avl_node_t *node, *from, *next, *to; edge_t *e; @@ -165,7 +168,7 @@ void sssp_bfs(void) { check->status.visited = 1; check->nexthop = (n->nexthop == myself) ? check : n->nexthop; - check->via = check; /* FIXME: only if !(e->options & INDIRECT), otherwise use n->via */ + check->via = (e->options & OPTION_INDIRECT || n->via != n) ? n->via : check; node = avl_alloc_node(); node->data = check; avl_insert_before(todo_tree, from, node); @@ -177,4 +180,16 @@ void sssp_bfs(void) } avl_free_tree(todo_tree); + + /* Nodes we haven't visited are unreachable, prune them. */ + + if(prune) + for(node = node_tree->head; node; node = next) + { + next = node->next; + n = (node_t *)node->data; + + if(n->status.visited == 0) + node_del(n); + } } diff --git a/src/graph.h b/src/graph.h index c69fc98b..bd6cc3f8 100644 --- a/src/graph.h +++ b/src/graph.h @@ -17,9 +17,8 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.h,v 1.1.2.1 2001/10/29 13:14:57 guus Exp $ + $Id: graph.h,v 1.1.2.2 2001/10/31 12:50:24 guus Exp $ */ extern void mst_kruskal(void); -extern void mst_prim(void); -extern void sssp_bfs(void); +extern void sssp_bfs(int); diff --git a/src/linux/device.c b/src/linux/device.c index 1cb43077..02d7a7a5 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.3 2001/10/27 13:13:35 guus Exp $ + $Id: device.c,v 1.1.2.4 2001/10/31 12:50:24 guus Exp $ */ #include "config.h" @@ -55,7 +55,9 @@ int device_fd = -1; int device_type; -char *device_fname; +char *device; +char *interface; +char ifrname[IFNAMSIZ]; char *device_info; int device_total_in = 0; @@ -71,13 +73,15 @@ int setup_device(void) struct ifreq ifr; cp - if(!get_config_string(lookup_config(config_tree, "Device"), &device_fname)) - device_fname = DEFAULT_DEVICE; + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + interface = netname; cp - if((device_fd = open(device_fname, O_RDWR | O_NONBLOCK)) < 0) + if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %m"), device_fname); + syslog(LOG_ERR, _("Could not open %s: %m"), device); return -1; } cp @@ -97,20 +101,24 @@ cp memset(&ifr, 0, sizeof(ifr)); cp ifr.ifr_flags = IFF_TAP | IFF_NO_PI; - if (netname) - strncpy(ifr.ifr_name, netname, IFNAMSIZ); + if (interface) + strncpy(ifr.ifr_name, interface, IFNAMSIZ); cp if (!ioctl(device_fd, TUNSETIFF, (void *) &ifr)) { - device_info = _("Linux tun/tap device"); + device_info = _("Linux tun/tap device"); device_type = DEVICE_TYPE_TUNTAP; + strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); + interface = ifrname; } else if (!ioctl(device_fd, (('T'<< 8) | 202), (void *) &ifr)) { - syslog(LOG_WARNING, _("Old ioctl() request was needed for %s"), device_fname); + syslog(LOG_WARNING, _("Old ioctl() request was needed for %s"), device); device_type = DEVICE_TYPE_TUNTAP; device_info = _("Linux tun/tap device"); + strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); + interface = ifrname; } else #endif @@ -119,7 +127,7 @@ cp device_type = DEVICE_TYPE_ETHERTAP; } - syslog(LOG_INFO, _("%s is a %s"), device_fname, device_info); + syslog(LOG_INFO, _("%s is a %s"), device, device_info); cp return 0; } @@ -142,7 +150,7 @@ cp { if((lenin = read(device_fd, packet->data, MTU)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device_fname); + syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device); return -1; } @@ -154,7 +162,7 @@ cp if((lenin = readv(device_fd, vector, 2)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device_fname); + syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device); return -1; } @@ -183,7 +191,7 @@ cp { if(write(device_fd, packet->data, packet->len) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, device_fname); + syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, device); return -1; } } @@ -193,7 +201,7 @@ cp if(writev(device_fd, vector, 2) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, device_fname); + syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, device); return -1; } } @@ -206,7 +214,7 @@ cp void dump_device_stats(void) { cp - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device_fname); + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); cp diff --git a/src/net.c b/src/net.c index 1895bc18..230f2baa 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.143 2001/10/30 16:34:32 guus Exp $ + $Id: net.c,v 1.35.4.144 2001/10/31 12:50:24 guus Exp $ */ #include "config.h" @@ -975,7 +975,8 @@ cp /* Deactivate */ c->status.active = 0; - c->node->connection = NULL; + if(c->node) + c->node->connection = NULL; do_prune = 1; cp } diff --git a/src/node.c b/src/node.c index 95a1d4f7..9a518382 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.5 2001/10/30 12:59:12 guus Exp $ + $Id: node.c,v 1.1.2.6 2001/10/31 12:50:24 guus Exp $ */ #include "config.h" @@ -109,6 +109,23 @@ cp void node_del(node_t *n) { + avl_node_t *node, *next; + edge_t *e; + subnet_t *s; +cp + for(node = n->subnet_tree->head; node; node = next) + { + next = node->next; + s = (subnet_t *)node->data; + subnet_del(n, s); + } + + for(node = n->subnet_tree->head; node; node = next) + { + next = node->next; + e = (edge_t *)node->data; + edge_del(e); + } cp avl_delete(node_tree, n); avl_delete(node_udp_tree, n); diff --git a/src/process.c b/src/process.c index 525836b8..7373a70c 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.29 2001/10/28 10:16:18 guus Exp $ + $Id: process.c,v 1.1.2.30 2001/10/31 12:50:24 guus Exp $ */ #include "config.h" @@ -44,6 +44,7 @@ #include "subnet.h" #include "device.h" #include "connection.h" +#include "device.h" #include "system.h" @@ -199,17 +200,29 @@ void _execute_script(const char *name) char *scriptname; char *s; cp +#ifdef HAVE_UNSETENV + unsetenv("NETNAME"); + unsetenv("DEVICE"); + unsetenv("INTERFACE"); +#endif + if(netname) { asprintf(&s, "NETNAME=%s", netname); putenv(s); /* Don't free s! see man 3 putenv */ } -#ifdef HAVE_UNSETENV - else + + if(device) { - unsetenv("NETNAME"); + asprintf(&s, "DEVICE=%s", device); + putenv(s); /* Don't free s! see man 3 putenv */ + } + + if(interface) + { + asprintf(&s, "INTERFACE=%s", interface); + putenv(s); /* Don't free s! see man 3 putenv */ } -#endif chdir("/"); diff --git a/src/protocol.c b/src/protocol.c index c8c41d9f..7540e473 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.114 2001/10/30 16:34:32 guus Exp $ + $Id: protocol.c,v 1.28.4.115 2001/10/31 12:50:24 guus Exp $ */ #include "config.h" @@ -682,7 +682,7 @@ cp /* Run MST and SSSP algorithms */ mst_kruskal(); - sssp_bfs(); + sssp_bfs(0); cp return 0; } @@ -912,12 +912,11 @@ cp int del_node_h(connection_t *c) { node_t *n; - edge_t *e; char name[MAX_STRING_SIZE]; ipv4_t address; port_t port; connection_t *other; - avl_node_t *node, *next; + avl_node_t *node; cp if(sscanf(c->buffer, "%*d "MAX_STRING" %lx:%hd", name, &address, &port) != 3) { @@ -969,21 +968,12 @@ cp send_del_node(other, n); } - /* Delete all edges associated with the node */ - - for(node = n->edge_tree->head; node; node = next) - { - next = node->next; - e = (edge_t *)node->data; - edge_del(e); - } - /* Delete the node */ node_del(n); mst_kruskal(); - sssp_bfs(); + sssp_bfs(0); cp return 0; } @@ -1082,7 +1072,7 @@ cp /* Run MST before or after we tell the rest? */ mst_kruskal(); - sssp_bfs(); + sssp_bfs(0); cp return 0; } @@ -1178,7 +1168,7 @@ cp /* Run MST before or after we tell the rest? */ mst_kruskal(); - sssp_bfs(); + sssp_bfs(1); cp return 0; } From 54b756f7dfb71c5622b7738fd449e126da959864 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 31 Oct 2001 20:02:06 +0000 Subject: [PATCH 489/923] Don't forget to read public RSA key when making an outgoing connection. --- src/protocol.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 7540e473..6cb80379 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.115 2001/10/31 12:50:24 guus Exp $ + $Id: protocol.c,v 1.28.4.116 2001/10/31 20:02:06 guus Exp $ */ #include "config.h" @@ -232,11 +232,11 @@ cp syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name); return -1; } + } - if(read_rsa_public_key(c)) - { - return -1; - } + if(read_rsa_public_key(c)) + { + return -1; } c->allow_request = METAKEY; From 6d333ad680465c26953ad4c8ca9140e27da868c5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 31 Oct 2001 20:07:17 +0000 Subject: [PATCH 490/923] Show cfg->variable instead of cfg->value when complaining about wrong type. --- src/conf.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/conf.c b/src/conf.c index c4fe101e..b1eb4756 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.46 2001/10/27 15:19:13 guus Exp $ + $Id: conf.c,v 1.9.4.47 2001/10/31 20:07:17 guus Exp $ */ #include "config.h" @@ -174,7 +174,7 @@ cp } syslog(LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"), - cfg->value, cfg->file, cfg->line); + cfg->variable, cfg->file, cfg->line); return 0; } @@ -189,7 +189,7 @@ cp return 1; syslog(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), - cfg->value, cfg->file, cfg->line); + cfg->variable, cfg->file, cfg->line); return 0; } @@ -219,7 +219,7 @@ cp } syslog(LOG_ERR, _("IP address expected for configuration variable %s in %s line %d"), - cfg->value, cfg->file, cfg->line); + cfg->variable, cfg->file, cfg->line); return 0; } @@ -233,7 +233,7 @@ cp return 1; syslog(LOG_ERR, _("Port number expected for configuration variable %s in %s line %d"), - cfg->value, cfg->file, cfg->line); + cfg->variable, cfg->file, cfg->line); return 0; } @@ -250,7 +250,7 @@ cp if(!ip) { syslog(LOG_ERR, _("IP address expected for configuration variable %s in %s line %d"), - cfg->value, cfg->file, cfg->line); + cfg->variable, cfg->file, cfg->line); return 0; } @@ -259,7 +259,7 @@ cp if((ip->address & ip->mask) != ip->address) { syslog(LOG_ERR, _("Network address and subnet mask for configuration variable %s in %s line %d"), - cfg->value, cfg->file, cfg->line); + cfg->variable, cfg->file, cfg->line); free(ip); return 0; } From ffb88ff6410f33de92db108bd1e0c3a915368214 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 31 Oct 2001 20:22:52 +0000 Subject: [PATCH 491/923] Avoid connecting to another node twice, and check name of outgoing connections. --- src/net.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/src/net.c b/src/net.c index 230f2baa..8c3f9a08 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.144 2001/10/31 12:50:24 guus Exp $ + $Id: net.c,v 1.35.4.145 2001/10/31 20:22:52 guus Exp $ */ #include "config.h" @@ -439,8 +439,19 @@ cp int setup_outgoing_connection(char *name) { connection_t *c; + node_t *n; struct hostent *h; cp + n = lookup_node(name); + + if(n) + if(n->connection) + { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_INFO, _("Already connected to %s"), name); + return 0; + } + c = new_connection(); c->name = xstrdup(name); @@ -1096,6 +1107,12 @@ cp get_config_string(cfg, &name); cfg = lookup_config_next(config_tree, cfg); /* Next time skip to next ConnectTo line */ + if(check_id(name)) + { + syslog(LOG_ERR, _("Invalid name for outgoing connection in %s line %d"), cfg->file, cfg->line); + continue; + } + if(setup_outgoing_connection(name)) /* function returns 0 when there are no problems */ retry = 1; From 8e74c5bee48f2ef363193044d5309a65e91c70d8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 31 Oct 2001 20:37:54 +0000 Subject: [PATCH 492/923] Some very small fixes --- src/netutl.c | 4 ++-- src/process.c | 5 +++-- src/protocol.c | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/netutl.c b/src/netutl.c index e869e348..2d264a84 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.20 2001/10/27 12:13:17 guus Exp $ + $Id: netutl.c,v 1.12.4.21 2001/10/31 20:37:54 guus Exp $ */ #include "config.h" @@ -50,7 +50,7 @@ char *hostlookup(unsigned long addr) cp in.s_addr = addr; - get_config_int(lookup_config(config_tree, "Hostnames"), &lookup_hostname); + get_config_bool(lookup_config(config_tree, "Hostnames"), &lookup_hostname); if(lookup_hostname) host = gethostbyaddr((char *)&in, sizeof(in), AF_INET); diff --git a/src/process.c b/src/process.c index 7373a70c..7c8d31f6 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.30 2001/10/31 12:50:24 guus Exp $ + $Id: process.c,v 1.1.2.31 2001/10/31 20:37:54 guus Exp $ */ #include "config.h" @@ -409,7 +409,7 @@ ignore_signal_handler(int a, siginfo_t *info, void *b) { if(debug_lvl >= DEBUG_SCARY_THINGS) { - syslog(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); + syslog(LOG_DEBUG, _("Ignored signal %d (%s)"), a, strsignal(a)); cp_trace(); } } @@ -450,6 +450,7 @@ setup_signals(void) sigaction(i, &act, NULL); } + /* If we didn't detach, allow coredumps */ if(!do_detach) sighandlers[3].handler = SIG_DFL; diff --git a/src/protocol.c b/src/protocol.c index 6cb80379..ef2a1826 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.116 2001/10/31 20:02:06 guus Exp $ + $Id: protocol.c,v 1.28.4.117 2001/10/31 20:37:54 guus Exp $ */ #include "config.h" @@ -983,7 +983,7 @@ cp int send_add_edge(connection_t *c, edge_t *e) { cp - return send_request(c, "%d %s %s %lx %d", ADD_NODE, + return send_request(c, "%d %s %s %lx %d", ADD_EDGE, e->from->name, e->to->name, e->options, e->weight); } From 8910cbd67e13450e93816ecafa0cc5be5e4c2378 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 3 Nov 2001 21:21:04 +0000 Subject: [PATCH 493/923] Use PEM functions as suggested by OpenSSL docs. --- src/net.c | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/src/net.c b/src/net.c index 8c3f9a08..384e878b 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.145 2001/10/31 20:22:52 guus Exp $ + $Id: net.c,v 1.35.4.146 2001/11/03 21:21:04 guus Exp $ */ #include "config.h" @@ -505,7 +505,6 @@ int read_rsa_public_key(connection_t *c) FILE *fp; char *fname; char *key; - void *result; cp if(!c->rsa_key) c->rsa_key = RSA_new(); @@ -531,9 +530,9 @@ cp fname); return -1; } - result = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); + c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); fclose(fp); - if(!result) + if(!c->rsa_key) { syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %m"), fname); @@ -547,19 +546,16 @@ cp /* Else, check if a harnessed public key is in the config file */ - result = NULL; - asprintf(&fname, "%s/hosts/%s", confbase, c->name); if((fp = fopen(fname, "r"))) { - result = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); + c->rsa_key = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL); fclose(fp); - free(fname); } free(fname); - if(result) + if(c->rsa_key) return 0; else { @@ -571,14 +567,11 @@ cp int read_rsa_private_key(void) { FILE *fp; - void *result; char *fname, *key; cp - if(!myself->connection->rsa_key) - myself->connection->rsa_key = RSA_new(); - if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { + myself->connection->rsa_key = RSA_new(); BN_hex2bn(&myself->connection->rsa_key->d, key); BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); } @@ -590,9 +583,9 @@ cp fname); return -1; } - result = PEM_read_RSAPrivateKey(fp, &myself->connection->rsa_key, NULL, NULL); + myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); fclose(fp); - if(!result) + if(!myself->connection->rsa_key) { syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), fname); @@ -853,13 +846,13 @@ cp c->address = ntohl(ci.sin_addr.s_addr); c->hostname = hostlookup(ci.sin_addr.s_addr); - c->port = htons(ci.sin_port); /* This one will be overwritten later */ + c->port = htons(ci.sin_port); c->socket = sfd; c->last_ping_time = time(NULL); if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection from %s port %d"), - c->hostname, htons(ci.sin_port)); + c->hostname, c->port); c->allow_request = ID; cp From e5047d2835f0828a9c334cc3d928c2322abfefb7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 3 Nov 2001 21:22:02 +0000 Subject: [PATCH 494/923] Several bugfixes. --- src/protocol.c | 77 ++++++++++++++++++++++++++------------------------ 1 file changed, 40 insertions(+), 37 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index ef2a1826..36de405d 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.117 2001/10/31 20:37:54 guus Exp $ + $Id: protocol.c,v 1.28.4.118 2001/11/03 21:22:02 guus Exp $ */ #include "config.h" @@ -246,15 +246,13 @@ cp int send_metakey(connection_t *c) { - char *buffer; + char buffer[MAX_STRING_SIZE]; int len, x; cp len = RSA_size(c->rsa_key); /* Allocate buffers for the meta key */ - buffer = xmalloc(len*2+1); - if(!c->outkey) c->outkey = xmalloc(len); @@ -290,11 +288,10 @@ cp This is allowed, because we encrypt a totally random string with a length equal to that of the modulus of the RSA key. */ - + if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) { syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); - free(buffer); return -1; } cp @@ -306,7 +303,6 @@ cp /* Send the meta key */ x = send_request(c, "%d %s", METAKEY, buffer); - free(buffer); /* Further outgoing requests are encrypted with the key we just generated */ @@ -329,7 +325,7 @@ cp syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); return -1; } - +cp len = RSA_size(myself->connection->rsa_key); /* Check if the length of the meta key is all right */ @@ -341,7 +337,7 @@ cp } /* Allocate buffers for the meta key */ - +cp if(!c->inkey) c->inkey = xmalloc(len); @@ -349,11 +345,11 @@ cp c->inctx = xmalloc(sizeof(*c->inctx)); /* Convert the challenge from hexadecimal back to binary */ - +cp hex2bin(buffer,buffer,len); /* Decrypt the meta key */ - +cp if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ { syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); @@ -368,7 +364,7 @@ cp } /* All incoming requests will now be encrypted. */ - +cp EVP_DecryptInit(c->inctx, EVP_bf_cfb(), c->inkey + len - EVP_bf_cfb()->key_len, c->inkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len); @@ -382,7 +378,7 @@ cp int send_challenge(connection_t *c) { - char *buffer; + char buffer[MAX_STRING_SIZE]; int len, x; cp /* CHECKME: what is most reasonable value for len? */ @@ -391,12 +387,8 @@ cp /* Allocate buffers for the challenge */ - buffer = xmalloc(len*2+1); - - if(c->hischallenge) - free(c->hischallenge); - - c->hischallenge = xmalloc(len); + if(!c->hischallenge) + c->hischallenge = xmalloc(len); cp /* Copy random data to the buffer */ @@ -412,7 +404,6 @@ cp /* Send the challenge */ x = send_request(c, "%d %s", CHALLENGE, buffer); - free(buffer); cp return x; } @@ -672,11 +663,11 @@ cp { other = (connection_t *)node->data; - if(other == c) - continue; - - send_add_node(other, c->node); - send_add_edge(other, c->edge); + if(other->status.active && other != c) + { + send_add_node(other, c->node); + send_add_edge(other, c->edge); + } } /* Run MST and SSSP algorithms */ @@ -736,13 +727,23 @@ cp /* Check if the owner of the new subnet is in the connection list */ - if(!(owner = lookup_node(name))) + owner = lookup_node(name); + + if(!node) { syslog(LOG_ERR, _("Got ADD_SUBNET from %s (%s) for %s which is not in our connection list"), - name, c->name, c->hostname); + c->name, c->hostname, name); return -1; } + /* Check if we already know this subnet */ + + if(lookup_subnet(owner, s)) + { + free_subnet(s); + return 0; + } + /* If everything is correct, add the subnet to the list of the owner */ subnet_add(owner, s); @@ -793,14 +794,6 @@ cp return -1; } - /* Check if subnet string is valid */ - - if(!(s = str2net(subnetstr))) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid subnet string")); - return -1; - } - /* Check if the owner of the new subnet is in the connection list */ if(!(owner = lookup_node(name))) @@ -810,10 +803,20 @@ cp return -1; } + /* Check if subnet string is valid */ + + if(!(s = str2net(subnetstr))) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid subnet string")); + return -1; + } + /* If everything is correct, delete the subnet from the list of the owner */ find = lookup_subnet(owner, s); + free_subnet(s); + if(!find) { syslog(LOG_ERR, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), @@ -821,7 +824,7 @@ cp return -1; } - subnet_del(owner, s); + subnet_del(owner, find); /* Tell the rest */ @@ -1307,7 +1310,7 @@ cp for(node = connection_tree->head; node; node = node->next) { other = (connection_t *)node->data; - if(other != c && other->status.active) + if(other->status.active && other != c) send_request(other, "%d %s", KEY_CHANGED, n->name); } cp From cf0e133e191cb40954bf5b6ee0a579442fe4b60b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 3 Nov 2001 22:53:02 +0000 Subject: [PATCH 495/923] *** empty log message *** --- src/net.c | 4 ++-- src/process.c | 7 +++++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/net.c b/src/net.c index 384e878b..b7d340f4 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.146 2001/11/03 21:21:04 guus Exp $ + $Id: net.c,v 1.35.4.147 2001/11/03 22:53:01 guus Exp $ */ #include "config.h" @@ -549,7 +549,7 @@ cp asprintf(&fname, "%s/hosts/%s", confbase, c->name); if((fp = fopen(fname, "r"))) { - c->rsa_key = PEM_read_RSAPublicKey(fp, NULL, NULL, NULL); + c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); fclose(fp); } diff --git a/src/process.c b/src/process.c index 7c8d31f6..8ca8733f 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.31 2001/10/31 20:37:54 guus Exp $ + $Id: process.c,v 1.1.2.32 2001/11/03 22:53:02 guus Exp $ */ #include "config.h" @@ -446,7 +446,10 @@ setup_signals(void) ignored. */ for(i = 0; i < NSIG; i++) { - act.sa_sigaction = unexpected_signal_handler; + if(!do_detach) + act.sa_sigaction = SIG_DFL; + else + act.sa_sigaction = unexpected_signal_handler; sigaction(i, &act, NULL); } From ede6671c1354eeab86936efda32f6cdb3b3fd8d5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 4 Nov 2001 23:29:50 +0000 Subject: [PATCH 496/923] Be liberal in what you accept: allow unknown edges to be deleted. --- src/protocol.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 36de405d..cbc311e4 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.118 2001/11/03 21:22:02 guus Exp $ + $Id: protocol.c,v 1.28.4.119 2001/11/04 23:29:50 guus Exp $ */ #include "config.h" @@ -1126,7 +1126,7 @@ cp if(!from) { syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("unknown node")); - return -1; + return 0; } to = lookup_node(to_name); @@ -1134,7 +1134,7 @@ cp if(!to) { syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("unknown node")); - return -1; + return 0; } /* Check if edge exists */ @@ -1152,7 +1152,7 @@ cp else { syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("unknown edge")); - return -1; + return 0; } /* Tell the rest about the deleted edge */ From b2d5002ff1ccd44fbf3a94e4c41909ab6141f3bb Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 4 Nov 2001 23:48:27 +0000 Subject: [PATCH 497/923] Correctly check if subnet owner exists. --- src/protocol.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index cbc311e4..32bca999 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.119 2001/11/04 23:29:50 guus Exp $ + $Id: protocol.c,v 1.28.4.120 2001/11/04 23:48:27 guus Exp $ */ #include "config.h" @@ -729,7 +729,7 @@ cp owner = lookup_node(name); - if(!node) + if(!owner) { syslog(LOG_ERR, _("Got ADD_SUBNET from %s (%s) for %s which is not in our connection list"), c->name, c->hostname, name); From 25a804c94ef0dbc4e5582ea6d8459d5f9a3fe06c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 5 Nov 2001 19:06:07 +0000 Subject: [PATCH 498/923] Various fixes needed for Solaris. --- lib/dropin.c | 32 +++++++++++++++++- lib/dropin.h | 6 +++- lib/utils.c | 30 +---------------- src/solaris/device.c | 80 +++++++++++++++++++++++++++++++++----------- 4 files changed, 97 insertions(+), 51 deletions(-) diff --git a/lib/dropin.c b/lib/dropin.c index 9de5c2c5..c26a357c 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.4 2001/02/06 10:12:51 guus Exp $ + $Id: dropin.c,v 1.1.2.5 2001/11/05 19:06:07 guus Exp $ */ #include "config.h" @@ -27,6 +27,7 @@ #include #include #include +#include #include @@ -136,3 +137,32 @@ char *get_current_dir_name(void) return buf; } #endif + +#ifndef HAVE_ASPRINTF +int asprintf(char **buf, const char *fmt, ...) +{ + int status; + va_list ap; + int len; + + len = 4096; + *buf = xmalloc(len); + + va_start(ap, fmt); + status = vsnprintf (*buf, len, fmt, ap); + va_end (ap); + + if(status >= 0) + *buf = xrealloc(*buf, status); + + if(status > len-1) + { + len = status; + va_start(ap, fmt); + status = vsnprintf (*buf, len, fmt, ap); + va_end (ap); + } + + return status; +} +#endif diff --git a/lib/dropin.h b/lib/dropin.h index 9874ca6d..23567b17 100644 --- a/lib/dropin.h +++ b/lib/dropin.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.h,v 1.1.2.3 2001/01/07 17:08:49 guus Exp $ + $Id: dropin.h,v 1.1.2.4 2001/11/05 19:06:07 guus Exp $ */ #ifndef __DROPIN_H__ @@ -31,4 +31,8 @@ extern int daemon(int, int); extern char* get_current_dir_name(void); #endif +#ifndef HAVE_ASPRINTF +extern int asprintf(char **, const char *, ...); +#endif + #endif /* __DROPIN_H__ */ diff --git a/lib/utils.c b/lib/utils.c index 26d3b498..fc9141f1 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include "config.h" @@ -86,32 +87,3 @@ void cp_trace() ); } #endif - -#ifndef HAVE_ASPRINTF -int asprintf(char **buf, const char *fmt, ...) -{ - int status; - va_list ap; - int len; - - len = 4096; - *buf = xmalloc(len); - - va_start(ap, fmt); - status = vsnprintf (*buf, len, fmt, ap); - va_end (ap); - - if(status >= 0) - *buf = xrealloc(*buf, status); - - if(status > len-1) - { - len = status; - va_start(ap, fmt); - status = vsnprintf (*buf, len, fmt, ap); - va_end (ap); - } - - return status; -} -#endif diff --git a/src/solaris/device.c b/src/solaris/device.c index 6f2d868e..57b6829a 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -17,23 +17,47 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.2 2001/10/12 15:38:35 guus Exp $ + $Id: device.c,v 1.1.2.3 2001/11/05 19:06:07 guus Exp $ */ -#include + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include #include +#include #include #define DEFAULT_DEVICE "/dev/tun" +#include +#include "conf.h" +#include "net.h" +#include "subnet.h" + +#include "system.h" + int device_fd = -1; int device_type; -char *device_fname; -char *device_info; +char *device = NULL; +char *interface = NULL; +char ifrname[IFNAMSIZ]; +char *device_info = NULL; int device_total_in = 0; int device_total_out = 0; +subnet_t mymac; + int setup_device(void) { int ip_fd = -1, if_fd = -1; @@ -41,19 +65,19 @@ int setup_device(void) char *ptr; cp - if(!get_config_string(lookup_config(config_tree, "Device"), &device_fname))) - device_fname = DEFAULT_DEVICE; + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; cp - if((device_fd = open(device_fname, O_RDWR | O_NONBLOCK)) < 0) + if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %m"), device_fname); + syslog(LOG_ERR, _("Could not open %s: %m"), device); return -1; } cp ppa = 0; - ptr = fname; + ptr = device; while(*ptr && !isdigit((int)*ptr)) ptr++; ppa = atoi(ptr); @@ -63,13 +87,13 @@ cp } /* Assign a new PPA and get its unit number. */ - if( (ppa = ioctl(fd, TUNNEWPPA, ppa)) < 0){ + if( (ppa = ioctl(device_fd, TUNNEWPPA, ppa)) < 0){ syslog(LOG_ERR, _("Can't assign new interface: %m")); return -1; } - if( (if_fd = open(fname, O_RDWR, 0)) < 0){ - syslog(LOG_ERR, _("Could not open %s twice: %m"), fname); + if( (if_fd = open(device, O_RDWR, 0)) < 0){ + syslog(LOG_ERR, _("Could not open %s twice: %m"), device); return -1; } @@ -101,25 +125,31 @@ cp mymac.net.mac.address.x[4] = 0x00; mymac.net.mac.address.x[5] = 0x00; - syslog(LOG_INFO, _("%s is a %s"), device_fname, device_info); + syslog(LOG_INFO, _("%s is a %s"), device, device_info); cp return 0; } +void close_device(void) +{ +cp + close(device_fd); +} + int read_packet(vpn_packet_t *packet) { int lenin; cp if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device_fname); + syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device); return -1; } - memcpy(vp->data, mymac.net.mac.address.x, 6); - memcpy(vp->data + 6, mymac.net.mac.address.x, 6); - vp->data[12] = 0x08; - vp->data[13] = 0x00; + memcpy(packet->data, mymac.net.mac.address.x, 6); + memcpy(packet->data + 6, mymac.net.mac.address.x, 6); + packet->data[12] = 0x08; + packet->data[13] = 0x00; packet->len = lenin + 14; @@ -127,7 +157,7 @@ cp if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), device_info, packet.len); + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), device_info, packet->len); } return 0; @@ -143,10 +173,20 @@ cp if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, packet.len); + syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, packet->len); return -1; } device_total_out += packet->len; +cp + return 0; +} + +void dump_device_stats(void) +{ +cp + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); cp } From e06415e3d9d08cd33c5983a2c49c4101377160c2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 5 Nov 2001 19:09:08 +0000 Subject: [PATCH 499/923] More fixes for Solaris. --- lib/dropin.c | 5 ++++- lib/utils.c | 2 -- src/net.c | 11 ++++++++--- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/lib/dropin.c b/lib/dropin.c index c26a357c..8e8f3e76 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.5 2001/11/05 19:06:07 guus Exp $ + $Id: dropin.c,v 1.1.2.6 2001/11/05 19:09:08 guus Exp $ */ #include "config.h" @@ -28,6 +28,7 @@ #include #include #include +#include #include @@ -97,6 +98,8 @@ int daemon(int nochdir, int noclose) dup2(fd, 2); } } + + return 0; } #endif diff --git a/lib/utils.c b/lib/utils.c index fc9141f1..d79532b2 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -21,8 +21,6 @@ #include #include #include -#include -#include #include "config.h" diff --git a/src/net.c b/src/net.c index b7d340f4..320c684f 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.147 2001/11/03 22:53:01 guus Exp $ + $Id: net.c,v 1.35.4.148 2001/11/05 19:09:08 guus Exp $ */ #include "config.h" @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -250,9 +251,11 @@ int setup_listen_socket(int port) int nfd, flags; struct sockaddr_in a; int option; - char *interface; char *address; ip_mask_t *ipmask; +#ifdef HAVE_LINUX + char *interface; +#endif cp if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { @@ -811,7 +814,9 @@ cp terminate_connection(myself->connection, 0); -// destroy_trees(); + close(udp_socket); + close(tcp_socket); + exit_edges(); exit_subnets(); exit_nodes(); From ae11e7c3d71893c5200b12682839538a52df37b8 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 15 Nov 2001 23:05:34 +0000 Subject: [PATCH 500/923] Check for getaddrinfo --- configure.in | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index c0db8d59..437b1684 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.35 2001/10/13 13:53:07 guus Exp $ +dnl $Id: configure.in,v 1.13.2.36 2001/11/15 23:05:34 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -73,7 +73,8 @@ AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL AC_CHECK_FUNCS([ftime socket select strtol strerror flock unsetenv \ -asprintf putenv strdup fcloseall daemon strsignal get_current_dir_name]) +asprintf putenv strdup fcloseall daemon strsignal get_current_dir_name \ +getaddrinfo]) jm_FUNC_MALLOC jm_FUNC_REALLOC From 18269cfbe831902b97a6171ba0346fd323583e48 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 15 Nov 2001 23:26:27 +0000 Subject: [PATCH 501/923] Check for getnameinfo, gai_strerror, freeaddrinfo --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 437b1684..899c19af 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.36 2001/11/15 23:05:34 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.37 2001/11/15 23:26:27 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -74,7 +74,7 @@ AC_FUNC_ALLOCA AC_TYPE_SIGNAL AC_CHECK_FUNCS([ftime socket select strtol strerror flock unsetenv \ asprintf putenv strdup fcloseall daemon strsignal get_current_dir_name \ -getaddrinfo]) +getaddrinfo getnameinfo gai_strerror freeaddrinfo]) jm_FUNC_MALLOC jm_FUNC_REALLOC From b16bf68a6dc27b364cb76156a7be0208594f1e94 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 15 Nov 2001 23:28:58 +0000 Subject: [PATCH 502/923] Credit OpenSSH --- AUTHORS | 1 + 1 file changed, 1 insertion(+) diff --git a/AUTHORS b/AUTHORS index 4721984f..710cc83b 100644 --- a/AUTHORS +++ b/AUTHORS @@ -5,6 +5,7 @@ Ivo Timmermans These files are from other sources: * lib/pidfile.h and lib/pidfile.c are by Martin Schulze, taken from the syslog 1.3 sources. + * lib/dropin.c has various parts taken from OpenSSH. Also some of the macro files in the directory m4, and their accompanying files in lib, were taken from GNU fileutils. From 93cd0e33defba46f8e51d9a98a94599ceb0d521c Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 15 Nov 2001 23:49:46 +0000 Subject: [PATCH 503/923] Check for struct addrinfo --- configure.in | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/configure.in b/configure.in index 899c19af..57511319 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.37 2001/11/15 23:26:27 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.38 2001/11/15 23:49:46 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -68,6 +68,21 @@ AC_TYPE_SIZE_T AC_HEADER_TIME AC_STRUCT_TM +AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ + AC_TRY_COMPILE( + [ +#include +#include +#include + ], + [ struct addrinfo s; s.ai_flags = 0; ], + [ ac_cv_have_struct_addrinfo="yes" ], + [ ac_cv_have_struct_addrinfo="no" ] + )]) +if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then + AC_DEFINE(HAVE_STRUCT_ADDRINFO) +fi + dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA From 72395f989cb44132d7c756c91b3a6d8ba63517e5 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 00:13:08 +0000 Subject: [PATCH 504/923] Deprecated get_config_ip and get_config_port --- src/conf.c | 36 +----------------------------------- 1 file changed, 1 insertion(+), 35 deletions(-) diff --git a/src/conf.c b/src/conf.c index b1eb4756..951b24a6 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.47 2001/10/31 20:07:17 guus Exp $ + $Id: conf.c,v 1.9.4.48 2001/11/16 00:13:08 zarq Exp $ */ #include "config.h" @@ -203,40 +203,6 @@ cp return 1; } -int get_config_ip(config_t *cfg, ip_mask_t **result) -{ - ip_mask_t *ip; -cp - if(!cfg) - return 0; - - ip = strtoip(cfg->value); - - if(ip) - { - *result = ip; - return 1; - } - - syslog(LOG_ERR, _("IP address expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; -} - -int get_config_port(config_t *cfg, port_t *result) -{ -cp - if(!cfg) - return 0; - - if(sscanf(cfg->value, "%hu", result) == 1) - return 1; - - syslog(LOG_ERR, _("Port number expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; -} - int get_config_subnet(config_t *cfg, subnet_t **result) { ip_mask_t *ip; From 51b72b75f254c956b62be9dfca642145b199415f Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 00:23:28 +0000 Subject: [PATCH 505/923] Use struct addrinfo in connection_t to hold all host data such as IP address and port --- src/connection.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/connection.h b/src/connection.h index 8ab81288..2a3a6b17 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.21 2001/10/30 16:34:32 guus Exp $ + $Id: connection.h,v 1.1.2.22 2001/11/16 00:23:28 zarq Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -65,8 +65,8 @@ typedef struct connection_status_t { typedef struct connection_t { char *name; /* name he claims to have */ - ipv4_t address; /* his real (internet) ip */ - short unsigned int port; /* port number of meta connection */ + struct addrinfo *address; /* his real (internet) ip */ + char *port; /* port number of meta connection */ char *hostname; /* the hostname of its real ip */ int protocol_version; /* used protocol */ @@ -77,7 +77,7 @@ typedef struct connection_t { struct timeval start; /* time this connection was started, used for above estimation */ struct node_t *node; /* node associated with the other end */ - struct edge_t *edge; /* edge associated with this connection */ + struct edge_t *edge; /* edge associated with this connection */ RSA *rsa_key; /* his public/private key */ EVP_CIPHER *incipher; /* Cipher he will use to send data to us */ From 74e1299fb58025f7506c7e2608c353a76f98d8df Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 12:01:48 +0000 Subject: [PATCH 506/923] Changed prototype for lookup_connection to use struct addrinfo --- src/connection.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/connection.h b/src/connection.h index 2a3a6b17..349fd971 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.22 2001/11/16 00:23:28 zarq Exp $ + $Id: connection.h,v 1.1.2.23 2001/11/16 12:01:48 zarq Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -46,6 +46,9 @@ #include "node.h" #include "edge.h" +#include +#include + #define OPTION_INDIRECT 0x0001 #define OPTION_TCPONLY 0x0002 @@ -109,7 +112,7 @@ extern connection_t *new_connection(void); extern void free_connection(connection_t *); extern void connection_add(connection_t *); extern void connection_del(connection_t *); -extern connection_t *lookup_connection(ipv4_t, short unsigned int); +extern connection_t *lookup_connection(struct addrinfo *); extern void dump_connections(void); extern int read_connection_config(connection_t *); From 3ef15f2554d1819d6c7d2573dac6039f2e76b638 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 12:02:17 +0000 Subject: [PATCH 507/923] Changed lookup_connection to use struct addrinfo --- src/connection.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/connection.c b/src/connection.c index 4ee9a1b9..83227cff 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.24 2001/10/30 16:34:32 guus Exp $ + $Id: connection.c,v 1.1.2.25 2001/11/16 12:02:17 zarq Exp $ */ #include "config.h" @@ -106,12 +106,11 @@ cp cp } -connection_t *lookup_connection(ipv4_t address, short unsigned int port) +connection_t *lookup_connection(struct addrinfo *address) { connection_t c; cp c.address = address; - c.port = port; return avl_search(connection_tree, &c); } From fb6dc0b0890ebae2471e00e7a3e1d86c1fc3d646 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 12:08:38 +0000 Subject: [PATCH 508/923] Removed definitions of ipv4_t, ipv6_t, port_t --- src/net.h | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/src/net.h b/src/net.h index e5daed9e..6b2c6b4d 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.36 2001/10/27 13:13:35 guus Exp $ + $Id: net.h,v 1.9.4.37 2001/11/16 12:08:38 zarq Exp $ */ #ifndef __TINC_NET_H__ @@ -57,20 +57,6 @@ typedef struct mac_t unsigned char x[6]; } mac_t; -typedef unsigned long ipv4_t; - -typedef struct ip_mask_t { - ipv4_t address; - ipv4_t mask; -} ip_mask_t; - -typedef struct ipv6_t -{ - unsigned short x[8]; -} ipv6_t; - -typedef unsigned short port_t; - typedef short length_t; typedef struct vpn_packet_t { From f1b20b3ded5b360e426e094cf79df3bf97f350b4 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 12:10:54 +0000 Subject: [PATCH 509/923] Obsoleted all IP types in favor of struct addrinfo --- src/subnet.h | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/src/subnet.h b/src/subnet.h index d1dd9651..45e9cc12 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.13 2001/10/28 22:42:49 guus Exp $ + $Id: subnet.h,v 1.1.2.14 2001/11/16 12:10:54 zarq Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -28,8 +28,7 @@ enum { SUBNET_MAC = 0, - SUBNET_IPV4, - SUBNET_IPV6, + SUBNET_IP, SUBNET_TYPES /* Guardian */ }; @@ -38,17 +37,11 @@ typedef struct subnet_mac_t mac_t address; } subnet_mac_t; -typedef struct subnet_ipv4_t +typedef struct subnet_ip_t { - ipv4_t address; - ipv4_t mask; -} subnet_ipv4_t; - -typedef struct subnet_ipv6_t -{ - ipv6_t address; - ipv6_t mask; -} subnet_ipv6_t; + struct addrinfo *address; + struct addrinfo *mask; +} subnet_ip_t; #include "node.h" @@ -63,8 +56,7 @@ typedef struct subnet_t { union net { subnet_mac_t mac; - subnet_ipv4_t ipv4; - subnet_ipv6_t ipv6; + subnet_ip_t ip; } net; } subnet_t; @@ -81,8 +73,7 @@ extern char *net2str(subnet_t *); extern subnet_t *str2net(char *); extern subnet_t *lookup_subnet(struct node_t *, subnet_t *); extern subnet_t *lookup_subnet_mac(mac_t *); -extern subnet_t *lookup_subnet_ipv4(ipv4_t *); -extern subnet_t *lookup_subnet_ipv6(ipv6_t *); +extern subnet_t *lookup_subnet_ip(struct addrinfo *); extern void dump_subnets(void); #endif /* __TINC_SUBNET_H__ */ From 31db57bb4a00f5ca3743b89f8bb2fbd39919bf28 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 12:13:34 +0000 Subject: [PATCH 510/923] Changed to use struct addrinfo where needed. --- src/edge.h | 5 ++--- src/node.h | 7 +++---- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/src/edge.h b/src/edge.h index 4fff3878..0de989ad 100644 --- a/src/edge.h +++ b/src/edge.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.3 2001/10/28 22:42:49 guus Exp $ + $Id: edge.h,v 1.1.2.4 2001/11/16 12:13:34 zarq Exp $ */ #ifndef __TINC_EDGE_H__ @@ -33,8 +33,7 @@ typedef struct halfconnection_t { struct node_t *node; /* node associated with this end of the connection */ - ipv4_t address; /* real (internet) ip on this end of the meta connection */ - short unsigned int port; /* port number of this end of the meta connection */ + struct addrinfo *address; /* real (internet) ip on this end of the meta connection */ char *hostname; /* the hostname of real ip */ } halfconnection_t; diff --git a/src/node.h b/src/node.h index cc81b3b4..92a33b24 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.7 2001/10/28 22:42:49 guus Exp $ + $Id: node.h,v 1.1.2.8 2001/11/16 12:12:56 zarq Exp $ */ #ifndef __TINC_NODE_H__ @@ -40,8 +40,7 @@ typedef struct node_t { char *name; /* name of this node */ long int options; /* options turned on for this node */ - ipv4_t address; /* his real (internet) ip to send UDP packets to */ - short unsigned int port; /* port number of UDP connection */ + struct addrinfo *address; /* his real (internet) ip to send UDP packets to */ char *hostname; /* the hostname of its real ip */ struct node_status_t status; @@ -72,7 +71,7 @@ extern void free_node(node_t *n); extern void node_add(node_t *n); extern void node_del(node_t *n); extern node_t *lookup_node(char *); -extern node_t *lookup_node_udp(ipv4_t, port_t); +extern node_t *lookup_node_udp(struct addrinfo *); extern void dump_nodes(void); From f95e6ca8f6976d7a15f4623e25c85e1c7f82c04b Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 12:14:20 +0000 Subject: [PATCH 511/923] get_config_{ip,port} removed. --- src/conf.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/conf.h b/src/conf.h index bf3df704..0d3d6645 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.29 2001/10/28 08:41:19 guus Exp $ + $Id: conf.h,v 1.6.4.30 2001/11/16 12:14:20 zarq Exp $ */ #ifndef __TINC_CONF_H__ @@ -53,9 +53,7 @@ extern config_t *lookup_config(avl_tree_t *, char *); extern config_t *lookup_config_next(avl_tree_t *, config_t *); extern int get_config_bool(config_t *, int *); extern int get_config_int(config_t *, int *); -extern int get_config_port(config_t *, port_t *); extern int get_config_string(config_t *, char **); -extern int get_config_ip(config_t *, struct ip_mask_t **); struct subnet_t; /* Needed for next line. */ extern int get_config_subnet(config_t *, struct subnet_t **); From 331d9402e892b4baa9cadbbb364073ae10b58d99 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 12:16:28 +0000 Subject: [PATCH 512/923] Don't compile/link netutl.c. --- src/Makefile.am | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 8f5d21d2..59f6f5e7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,14 +1,14 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.17 2001/10/30 12:59:12 guus Exp $ +# $Id: Makefile.am,v 1.4.4.18 2001/11/16 12:16:28 zarq Exp $ sbin_PROGRAMS = tincd -tincd_SOURCES = conf.c connection.c device.c edge.c graph.c meta.c net.c netutl.c node.c process.c \ +tincd_SOURCES = conf.c connection.c device.c edge.c graph.c meta.c net.c node.c process.c \ protocol.c route.c subnet.c tincd.c INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl -noinst_HEADERS = conf.h connection.h device.h edge.h graph.h meta.h net.h netutl.h node.h process.h \ +noinst_HEADERS = conf.h connection.h device.h edge.h graph.h meta.h net.h node.h process.h \ protocol.h route.h subnet.h LIBS = @LIBS@ @INTLLIBS@ From a79252af4383b8cd71cf0d13f1ae040d518517bf Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 12:21:22 +0000 Subject: [PATCH 513/923] Obsoleted. --- src/netutl.c | 111 --------------------------------------------------- src/netutl.h | 31 -------------- 2 files changed, 142 deletions(-) delete mode 100644 src/netutl.c delete mode 100644 src/netutl.h diff --git a/src/netutl.c b/src/netutl.c deleted file mode 100644 index 2d264a84..00000000 --- a/src/netutl.c +++ /dev/null @@ -1,111 +0,0 @@ -/* - netutl.c -- some supporting network utility code - Copyright (C) 1998-2001 Ivo Timmermans - 2000,2001 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: netutl.c,v 1.12.4.21 2001/10/31 20:37:54 guus Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#include "errno.h" -#include "conf.h" -#include "net.h" -#include "netutl.h" - -#include "system.h" - -char *hostlookup(unsigned long addr) -{ - char *name; - struct hostent *host = NULL; - struct in_addr in; - int lookup_hostname = 0; -cp - in.s_addr = addr; - - get_config_bool(lookup_config(config_tree, "Hostnames"), &lookup_hostname); - - if(lookup_hostname) - host = gethostbyaddr((char *)&in, sizeof(in), AF_INET); - - if(!lookup_hostname || !host) - { - asprintf(&name, "%s", inet_ntoa(in)); - } - else - { - asprintf(&name, "%s", host->h_name); - } -cp - return name; -} - -/* - Turn a string into an IP addy with netmask - return NULL on failure -*/ -ip_mask_t *strtoip(char *str) -{ - ip_mask_t *ip; - int masker; - char *q, *p; - struct hostent *h; -cp - p = str; - if((q = strchr(p, '/'))) - { - *q = '\0'; - q++; /* q now points to netmask part, or NULL if no mask */ - } - - if(!(h = gethostbyname(p))) - { - if(debug_lvl >= DEBUG_ERROR) - syslog(LOG_WARNING, _("Error looking up `%s': %s\n"), p, strerror(errno)); - - return NULL; - } - - masker = 0; - if(q) - { - masker = strtol(q, &p, 10); - if(q == p || (*p)) - return NULL; - } - - ip = xmalloc(sizeof(*ip)); - ip->address = ntohl(*((ipv4_t*)(h->h_addr_list[0]))); - - ip->mask = masker ? ~((1 << (32 - masker)) - 1) : 0; -cp - return ip; -} - diff --git a/src/netutl.h b/src/netutl.h deleted file mode 100644 index 3f6d009f..00000000 --- a/src/netutl.h +++ /dev/null @@ -1,31 +0,0 @@ -/* - netutl.h -- header file for netutl.c - Copyright (C) 1998-2001 Ivo Timmermans - 2000,2001 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: netutl.h,v 1.2.4.7 2001/10/27 12:13:17 guus Exp $ -*/ - -#ifndef __TINC_NETUTL_H__ -#define __TINC_NETUTL_H__ - -#include "net.h" - -extern char *hostlookup(unsigned long); -extern ip_mask_t *strtoip(char*); - -#endif /* __TINC_NETUTL_H__ */ From 6cf744e4b29cfe3b135b6553851816802ba3d8a8 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 12:22:02 +0000 Subject: [PATCH 514/923] Don't include netutl.h. --- src/conf.c | 3 +-- src/connection.c | 3 +-- src/edge.c | 3 +-- src/net.c | 53 +++++++++++++++++++++++++++--------------------- 4 files changed, 33 insertions(+), 29 deletions(-) diff --git a/src/conf.c b/src/conf.c index 951b24a6..eb13c426 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.48 2001/11/16 00:13:08 zarq Exp $ + $Id: conf.c,v 1.9.4.49 2001/11/16 12:17:03 zarq Exp $ */ #include "config.h" @@ -42,7 +42,6 @@ #include #include "conf.h" -#include "netutl.h" /* for strtoip */ #include "system.h" diff --git a/src/connection.c b/src/connection.c index 83227cff..f7f65005 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.25 2001/11/16 12:02:17 zarq Exp $ + $Id: connection.c,v 1.1.2.26 2001/11/16 12:20:44 zarq Exp $ */ #include "config.h" @@ -31,7 +31,6 @@ #include #include "net.h" /* Don't ask. */ -#include "netutl.h" #include "config.h" #include "conf.h" #include diff --git a/src/edge.c b/src/edge.c index 451bb084..b9ecd8ef 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.4 2001/10/30 12:59:12 guus Exp $ + $Id: edge.c,v 1.1.2.5 2001/11/16 12:21:49 zarq Exp $ */ #include "config.h" @@ -30,7 +30,6 @@ #include #include "net.h" /* Don't ask. */ -#include "netutl.h" #include "config.h" #include "conf.h" #include diff --git a/src/net.c b/src/net.c index 320c684f..0397ba58 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.148 2001/11/05 19:09:08 guus Exp $ + $Id: net.c,v 1.35.4.149 2001/11/16 12:22:02 zarq Exp $ */ #include "config.h" @@ -63,7 +63,6 @@ #include "connection.h" #include "meta.h" #include "net.h" -#include "netutl.h" #include "process.h" #include "protocol.h" #include "subnet.h" @@ -411,14 +410,10 @@ cp /* Connect */ - a.sin_family = AF_INET; - a.sin_port = htons(c->port); - a.sin_addr.s_addr = htonl(c->address); - - if(connect(c->socket, (struct sockaddr *)&a, sizeof(a)) == -1) + if(connect(c->socket, c->address->ai_addr, c->address->ai_addrlen) == -1) { close(c->socket); - syslog(LOG_ERR, _("%s port %hd: %m"), c->hostname, c->port); + syslog(LOG_ERR, _("%s port %s: %m"), c->hostname, c->port); return -1; } @@ -427,13 +422,13 @@ cp if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) { close(c->socket); - syslog(LOG_ERR, _("fcntl for %s port %d: %m"), + syslog(LOG_ERR, _("fcntl for %s port %s: %m"), c->hostname, c->port); return -1; } if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Connected to %s port %hd"), + syslog(LOG_INFO, _("Connected to %s port %s"), c->hostname, c->port); cp return 0; @@ -443,7 +438,9 @@ int setup_outgoing_connection(char *name) { connection_t *c; node_t *n; - struct hostent *h; + struct addrinfo *ai, *aitop, hints; + int r, ipv6preferred; + cp n = lookup_node(name); @@ -468,27 +465,37 @@ cp return -1; } - if(!get_config_port(lookup_config(c->config_tree, "Port"), &c->port)) + if(!get_config_string(lookup_config(c->config_tree, "Port"), &c->port)) { syslog(LOG_ERR, _("No port specified for %s"), c->name); free_connection(c); return -1; } - if(!(h = gethostbyname(c->hostname))) + hints.ai_socktype = SOCK_STREAM; + hints.ai_family = AF_INET; + if(get_config_bool(lookup_config(c->config_tree, "IPv6Preferred"), &ipv6preferred)) { - syslog(LOG_ERR, _("Error looking up `%s': %m"), c->hostname); - free_connection(c); + if(ipv6preferred) + hints.ai_family = PF_UNSPEC; + } + + if((r = getaddrinfo(c->hostname, c->port, &hints, &aitop)) != 0) + { + syslog(LOG_ERR, _("Looking up %s failed: %s\n"), + c->hostname, gai_strerror(r)); return -1; } - c->address = ntohl(*((ipv4_t*)(h->h_addr_list[0]))); - c->hostname = hostlookup(htonl(c->address)); - - if(setup_outgoing_socket(c) < 0) + for(ai = aitop; ai != NULL; ai = ai->ai_next) { - syslog(LOG_ERR, _("Could not set up a meta connection to %s (%s)"), - c->name, c->hostname); + if(setup_outgoing_socket(c) < 0) + continue; + } + + if(ai == NULL) + { + /* No connection alternative succeeded */ free_connection(c); return -1; } @@ -1103,7 +1110,6 @@ cp while(cfg) { get_config_string(cfg, &name); - cfg = lookup_config_next(config_tree, cfg); /* Next time skip to next ConnectTo line */ if(check_id(name)) { @@ -1114,6 +1120,7 @@ cp if(setup_outgoing_connection(name)) /* function returns 0 when there are no problems */ retry = 1; + cfg = lookup_config_next(config._tree, cfg); /* Next time skip to next ConnectTo line */ } get_config_int(lookup_config(config_tree, "MaxTimeout"), &maxtimeout); @@ -1124,7 +1131,7 @@ cp if(seconds_till_retry > maxtimeout) /* Don't wait more than MAXTIMEOUT seconds. */ seconds_till_retry = maxtimeout; - syslog(LOG_ERR, _("Failed to setup all outgoing connections, will retry in %d seconds"), + syslog(LOG_ERR, _("Failed to setup any outgoing connection, will retry in %d seconds"), seconds_till_retry); /* Randomize timeout to avoid global synchronisation effects */ From 251f87c842b62cf770129d8a953fb06ef5d0e466 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 15:56:44 +0000 Subject: [PATCH 515/923] (re)added port to struct node_t --- src/node.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/node.h b/src/node.h index 92a33b24..83305ce3 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.8 2001/11/16 12:12:56 zarq Exp $ + $Id: node.h,v 1.1.2.9 2001/11/16 15:56:44 zarq Exp $ */ #ifndef __TINC_NODE_H__ @@ -41,6 +41,7 @@ typedef struct node_t { long int options; /* options turned on for this node */ struct addrinfo *address; /* his real (internet) ip to send UDP packets to */ + char *port; /* string representation of the port number */ char *hostname; /* the hostname of its real ip */ struct node_status_t status; From aabe59f6305cdd46220e95d8927a1636d4b4819d Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 16:16:33 +0000 Subject: [PATCH 516/923] Added HAVE_STRUCT_ADDRINFO --- acconfig.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/acconfig.h b/acconfig.h index aa078c92..9e9f886b 100644 --- a/acconfig.h +++ b/acconfig.h @@ -67,3 +67,6 @@ /* Define to 1 if checkpoint tracing is enabled */ #undef ENABLE_TRACING + +/* Define to 1 if you have struct addrinfo */ +#undef HAVE_STRUCT_ADDRINFO From 2ec5b5f8621d9fb91181ab155084daa1bb2d1a54 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 17:37:08 +0000 Subject: [PATCH 517/923] Added dropin replacements for get*info and helper functions. --- lib/dropin.c | 187 ++++++++++++++++++++++++++++++++++++++++++++++++++- lib/dropin.h | 51 +++++++++++++- 2 files changed, 236 insertions(+), 2 deletions(-) diff --git a/lib/dropin.c b/lib/dropin.c index 8e8f3e76..04ddac04 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.6 2001/11/05 19:09:08 guus Exp $ + $Id: dropin.c,v 1.1.2.7 2001/11/16 17:36:56 zarq Exp $ */ #include "config.h" @@ -169,3 +169,188 @@ int asprintf(char **buf, const char *fmt, ...) return status; } #endif + + +/* + * fake library for ssh + * + * This file is included in getaddrinfo.c and getnameinfo.c. + * See getaddrinfo.c and getnameinfo.c. + */ + +/* $Id: dropin.c,v 1.1.2.7 2001/11/16 17:36:56 zarq Exp $ */ + +/* for old netdb.h */ +#ifndef EAI_NODATA +#define EAI_NODATA 1 +#define EAI_MEMORY 2 +#endif + +/* + * fake library for ssh + * + * This file includes getaddrinfo(), freeaddrinfo() and gai_strerror(). + * These funtions are defined in rfc2133. + * + * But these functions are not implemented correctly. The minimum subset + * is implemented for ssh use only. For exapmle, this routine assumes + * that ai_family is AF_INET. Don't use it for another purpose. + */ + +#ifndef HAVE_GAI_STRERROR +char *gai_strerror(int ecode) +{ + switch (ecode) { + case EAI_NODATA: + return "no address associated with hostname."; + case EAI_MEMORY: + return "memory allocation failure."; + default: + return "unknown error."; + } +} +#endif /* !HAVE_GAI_STRERROR */ + +#ifndef HAVE_FREEADDRINFO +void freeaddrinfo(struct addrinfo *ai) +{ + struct addrinfo *next; + + do { + next = ai->ai_next; + free(ai); + } while (NULL != (ai = next)); +} +#endif /* !HAVE_FREEADDRINFO */ + +#ifndef HAVE_GETADDRINFO +static struct addrinfo *malloc_ai(int port, u_long addr) +{ + struct addrinfo *ai; + + ai = malloc(sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); + if (ai == NULL) + return(NULL); + + memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); + + ai->ai_addr = (struct sockaddr *)(ai + 1); + /* XXX -- ssh doesn't use sa_len */ + ai->ai_addrlen = sizeof(struct sockaddr_in); + ai->ai_addr->sa_family = ai->ai_family = AF_INET; + + ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; + ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; + + return(ai); +} + +int getaddrinfo(const char *hostname, const char *servname, + const struct addrinfo *hints, struct addrinfo **res) +{ + struct addrinfo *cur, *prev = NULL; + struct hostent *hp; + struct in_addr in; + int i, port; + + if (servname) + port = htons(atoi(servname)); + else + port = 0; + + if (hints && hints->ai_flags & AI_PASSIVE) { + if (NULL != (*res = malloc_ai(port, htonl(0x00000000)))) + return 0; + else + return EAI_MEMORY; + } + + if (!hostname) { + if (NULL != (*res = malloc_ai(port, htonl(0x7f000001)))) + return 0; + else + return EAI_MEMORY; + } + + if (inet_aton(hostname, &in)) { + if (NULL != (*res = malloc_ai(port, in.s_addr))) + return 0; + else + return EAI_MEMORY; + } + + hp = gethostbyname(hostname); + if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { + for (i = 0; hp->h_addr_list[i]; i++) { + cur = malloc_ai(port, ((struct in_addr *)hp->h_addr_list[i])->s_addr); + if (cur == NULL) { + if (*res) + freeaddrinfo(*res); + return EAI_MEMORY; + } + + if (prev) + prev->ai_next = cur; + else + *res = cur; + + prev = cur; + } + return 0; + } + + return EAI_NODATA; +} +#endif /* !HAVE_GETADDRINFO */ + + +/* + * fake library for ssh + * + * This file includes getnameinfo(). + * These funtions are defined in rfc2133. + * + * But these functions are not implemented correctly. The minimum subset + * is implemented for ssh use only. For exapmle, this routine assumes + * that ai_family is AF_INET. Don't use it for another purpose. + */ + +#ifndef HAVE_GETNAMEINFO +int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, + size_t hostlen, char *serv, size_t servlen, int flags) +{ + struct sockaddr_in *sin = (struct sockaddr_in *)sa; + struct hostent *hp; + char tmpserv[16]; + + if (serv) { + snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port)); + if (strlen(tmpserv) >= servlen) + return EAI_MEMORY; + else + strcpy(serv, tmpserv); + } + + if (host) { + if (flags & NI_NUMERICHOST) { + if (strlen(inet_ntoa(sin->sin_addr)) >= hostlen) + return EAI_MEMORY; + + strcpy(host, inet_ntoa(sin->sin_addr)); + return 0; + } else { + hp = gethostbyaddr((char *)&sin->sin_addr, + sizeof(struct in_addr), AF_INET); + if (hp == NULL) + return EAI_NODATA; + + if (strlen(hp->h_name) >= hostlen) + return EAI_MEMORY; + + strcpy(host, hp->h_name); + return 0; + } + } + return 0; +} +#endif /* !HAVE_GETNAMEINFO */ diff --git a/lib/dropin.h b/lib/dropin.h index 23567b17..09e650e0 100644 --- a/lib/dropin.h +++ b/lib/dropin.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.h,v 1.1.2.4 2001/11/05 19:06:07 guus Exp $ + $Id: dropin.h,v 1.1.2.5 2001/11/16 17:37:08 zarq Exp $ */ #ifndef __DROPIN_H__ @@ -35,4 +35,53 @@ extern char* get_current_dir_name(void); extern int asprintf(char **, const char *, ...); #endif +#ifndef HAVE_STRUCT_ADDRINFO +struct addrinfo { + int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ + int ai_family; /* PF_xxx */ + int ai_socktype; /* SOCK_xxx */ + int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ + size_t ai_addrlen; /* length of ai_addr */ + char *ai_canonname; /* canonical name for hostname */ + struct sockaddr *ai_addr; /* binary address */ + struct addrinfo *ai_next; /* next structure in linked list */ +}; +#endif /* !HAVE_STRUCT_ADDRINFO */ + +#ifndef HAVE_GETADDRINFO +int getaddrinfo(const char *hostname, const char *servname, + const struct addrinfo *hints, struct addrinfo **res); +#endif /* !HAVE_GETADDRINFO */ + +#ifndef HAVE_GAI_STRERROR +char *gai_strerror(int ecode); +#endif /* !HAVE_GAI_STRERROR */ + +#ifndef HAVE_FREEADDRINFO +void freeaddrinfo(struct addrinfo *ai); +#endif /* !HAVE_FREEADDRINFO */ + +#ifndef HAVE_GETNAMEINFO +int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, + size_t hostlen, char *serv, size_t servlen, int flags); +#endif /* !HAVE_GETNAMEINFO */ + +#ifndef NI_MAXSERV +# define NI_MAXSERV 32 +#endif /* !NI_MAXSERV */ +#ifndef NI_MAXHOST +# define NI_MAXHOST 1025 +#endif /* !NI_MAXHOST */ + +#ifndef AI_PASSIVE +# define AI_PASSIVE 1 +# define AI_CANONNAME 2 +#endif + +#ifndef NI_NUMERICHOST +# define NI_NUMERICHOST 2 +# define NI_NAMEREQD 4 +# define NI_NUMERICSERV 8 +#endif + #endif /* __DROPIN_H__ */ From 836766d4c5bc47682ab69c57337157c879517670 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 17:38:39 +0000 Subject: [PATCH 518/923] First part of rewriting things to use struct addrinfo. --- src/net.c | 273 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 187 insertions(+), 86 deletions(-) diff --git a/src/net.c b/src/net.c index 0397ba58..8406a79a 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.149 2001/11/16 12:22:02 zarq Exp $ + $Id: net.c,v 1.35.4.150 2001/11/16 17:38:39 zarq Exp $ */ #include "config.h" @@ -85,6 +85,38 @@ int do_prune = 0; /* VPN packet I/O */ +char *hostlookup(struct sockaddr *addr, int numericonly) +{ + char *name; + struct hostent *host = NULL; + struct in_addr in; + config_t const *cfg; + int flags = 0; + +cp + if(numericonly + || ((cfg = get_config_val(config, resolve_dns)) == NULL + || cfg->data.val != stupid_true)) + flags |= NI_NUMERICHOST; + + hostname = xmalloc(NI_MAXHOST); + + if((r = getnameinfo(addr, sizeof(*addr), &hostname, NI_MAXHOST, NULL, 0, flags)) != 0) + { + free(hostname); + if(flags & NI_NUMERICHOST) + { + syslog(LOG_ERR, _("Address conversion failed: %s"), + gai_strerror(r)); + return NULL; + } + else + return hostlookup(addr, 1); + } +cp + return hostname; +} + void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { vpn_packet_t outpkt; @@ -160,12 +192,8 @@ cp EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt)); EVP_EncryptFinal(&ctx, outpkt.salt + outlen, &outpad); outlen += outpad; - - to.sin_family = AF_INET; - to.sin_addr.s_addr = htonl(n->address); - to.sin_port = htons(n->port); - - if((sendto(udp_socket, (char *) outpkt.salt, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) + + if((sendto(udp_socket, (char *) outpkt.salt, outlen, 0, n->address->ai_addr, n->address->ai_addrlen)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), n->name, n->hostname); @@ -245,118 +273,191 @@ cp /* Setup sockets */ -int setup_listen_socket(int port) +int setup_listen_socket(node_t *n) { int nfd, flags; - struct sockaddr_in a; int option; char *address; - ip_mask_t *ipmask; + int r; + struct addrinfo hints, *ai, *aitop; + int ipv6preferred; #ifdef HAVE_LINUX char *interface; #endif + cp - if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) + + if(!get_config_string(lookup_config(config_tree, "BindToAddress"), &address)) { - syslog(LOG_ERR, _("Creating metasocket failed: %m")); + address = NULL; + } + + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + hints.ai_family = AF_INET; + if(get_config_bool(lookup_config(config_tree, "IPv6Preferred"), &ipv6preferred)) + { + if(ipv6preferred) + hints.ai_family = PF_UNSPEC; + } + if((r = getaddrinfo(address, n->port, &hints, &aitop)) != 0) + { + syslog(LOG_ERR, _("Looking up `%s' failed: %s\n"), + address, gai_strerror(r)); return -1; } - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) + /* Try to create a listening socket for all alternatives we got from + getaddrinfo. */ + for(ai = aitop; ai != NULL; ai = ai->ai_next) { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "fcntl"); - return -1; - } - - /* Optimize TCP settings */ - - option = 1; - setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); - setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); + if((nfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol)) < 0) + { + syslog(LOG_ERR, _("Creating metasocket failed: %m")); + continue; + } + + flags = fcntl(nfd, F_GETFL); + if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) + { + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fcntl"); + continue; + } + + /* Optimize TCP settings */ + + option = 1; + setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); + setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); #ifdef HAVE_LINUX - setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); - - option = IPTOS_LOWDELAY; - setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); - - if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) - if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to interface %s: %m"), interface); - return -1; - } + setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); + + option = IPTOS_LOWDELAY; + setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); + + if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) + if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface))) + { + close(nfd); + syslog(LOG_ERR, _("Can't bind to interface %s: %m"), interface); + continue; + } #endif - memset(&a, 0, sizeof(a)); - a.sin_family = AF_INET; - a.sin_addr.s_addr = htonl(INADDR_ANY); - a.sin_port = htons(port); + if(bind(nfd, ai->ai_addr, ai->ai_addrlen)) + { + close(nfd); + syslog(LOG_ERR, _("Can't bind to %s port %d/tcp: %m"), + ai->ai_canonname, n->port); + continue; + } + + if(listen(nfd, 3)) + { + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "listen"); + continue; + } - if(get_config_string(lookup_config(config_tree, "BindToAddress"), &address)) - { - ipmask = strtoip(address); - if(ipmask) - { - a.sin_addr.s_addr = htonl(ipmask->address); - free(ipmask); - } + break; /* We have successfully bound to a socket */ } - if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) + if(ai == NULL) /* None of the alternatives succeeded */ { - close(nfd); - syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port); - return -1; - } - - if(listen(nfd, 3)) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "listen"); + syslog(LOG_ERR, _("Failed to open a listening socket.")); return -1; } cp return nfd; } -int setup_vpn_in_socket(int port) +int setup_vpn_in_socket(node_t *n) { - int nfd, flags; - struct sockaddr_in a; const int one = 1; + int nfd, flags; + int option; + char *address; + int r; + struct addrinfo hints, *ai, *aitop; + int ipv6preferred; +#ifdef HAVE_LINUX + char *interface; +#endif + cp - if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) + + if(!get_config_string(lookup_config(config_tree, "BindToAddress"), &address)) { - close(nfd); - syslog(LOG_ERR, _("Creating socket failed: %m")); + address = NULL; + } + + hints.ai_socktype = SOCK_DGRAM; + hints.ai_protocol = IPPROTO_UDP; + hints.ai_family = AF_INET; + if(get_config_bool(lookup_config(config_tree, "IPv6Preferred"), &ipv6preferred)) + { + if(ipv6preferred) + hints.ai_family = PF_UNSPEC; + } + if((r = getaddrinfo(address, n->port, &hints, &aitop)) != 0) + { + syslog(LOG_ERR, _("Looking up `%s' failed: %s\n"), + address, gai_strerror(r)); return -1; } setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) + /* Try to create a listening socket for all alternatives we got from + getaddrinfo. */ + for(ai = aitop; ai != NULL; ai = ai->ai_next) { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "fcntl"); - return -1; + if((nfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol)) < 0) + { + syslog(LOG_ERR, _("Creating metasocket failed: %m")); + continue; + } + + flags = fcntl(nfd, F_GETFL); + if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) + { + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fcntl"); + continue; + } + + /* Optimize UDP settings */ + + option = 1; + setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); +#ifdef HAVE_LINUX + if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) + if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface))) + { + close(nfd); + syslog(LOG_ERR, _("Can't bind to interface %s: %m"), interface); + continue; + } +#endif + + if(bind(nfd, ai->ai_addr, ai->ai_addrlen)) + { + close(nfd); + syslog(LOG_ERR, _("Can't bind to %s port %d/tcp: %m"), + ai->ai_canonname, n->port); + continue; + } + + break; /* We have successfully bound to a socket */ } - memset(&a, 0, sizeof(a)); - a.sin_family = AF_INET; - a.sin_port = htons(port); - a.sin_addr.s_addr = htonl(INADDR_ANY); - - if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) + if(ai == NULL) /* None of the alternatives succeeded */ { - close(nfd); - syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port); + syslog(LOG_ERR, _("Failed to open a listening socket.")); return -1; } cp @@ -668,8 +769,8 @@ cp return -1; } */ - if(!get_config_port(lookup_config(myself->connection->config_tree, "Port"), &myself->port)) - myself->port = 655; + if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myself->port)) + myself->port = "655"; myself->connection->port = myself->port; @@ -729,13 +830,13 @@ cp cp /* Open sockets */ - if((tcp_socket = setup_listen_socket(myself->port)) < 0) + if((tcp_socket = setup_listen_socket(myself)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening TCP socket!")); return -1; } - if((udp_socket = setup_vpn_in_socket(myself->port)) < 0) + if((udp_socket = setup_vpn_in_socket(myself)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening UDP socket!")); return -1; @@ -856,9 +957,9 @@ cp return NULL; } - c->address = ntohl(ci.sin_addr.s_addr); + asprintf(&(c->address), " = ntohl(ci.sin_addr.s_addr); c->hostname = hostlookup(ci.sin_addr.s_addr); - c->port = htons(ci.sin_port); + asprintf(&(c->port), "%d", htons(ci.sin_port)); c->socket = sfd; c->last_ping_time = time(NULL); From ccda709f8243949a3c0ffcc6133d8d8fc5125f2e Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 17:39:38 +0000 Subject: [PATCH 519/923] lookup_node_udp changed. --- src/node.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/node.c b/src/node.c index 9a518382..ba795ba9 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.6 2001/10/31 12:50:24 guus Exp $ + $Id: node.c,v 1.1.2.7 2001/11/16 17:39:38 zarq Exp $ */ #include "config.h" @@ -140,12 +140,11 @@ cp return avl_search(node_tree, &n); } -node_t *lookup_node_udp(ipv4_t address, port_t port) +node_t *lookup_node_udp(struct addrinfo *address) { node_t n; cp n.address = address; - n.port = port; return avl_search(node_udp_tree, &n); } @@ -159,7 +158,7 @@ cp for(node = node_tree->head; node; node = node->next) { n = (node_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld status %04x nexthop %s via %s"), + syslog(LOG_DEBUG, _(" %s at %s port %s options %ld status %04x nexthop %s via %s"), n->name, n->hostname, n->port, n->options, n->status, n->nexthop->name, n->via->name); } From a4938b22e7502579ce44cac42410111db11256eb Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 17:39:59 +0000 Subject: [PATCH 520/923] Don't include netutl.h. --- src/protocol.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 32bca999..36e10c40 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.120 2001/11/04 23:48:27 guus Exp $ + $Id: protocol.c,v 1.28.4.121 2001/11/16 17:39:59 zarq Exp $ */ #include "config.h" @@ -50,7 +50,6 @@ #include "conf.h" #include "net.h" -#include "netutl.h" #include "protocol.h" #include "meta.h" #include "connection.h" @@ -531,7 +530,6 @@ cp int ack_h(connection_t *c) { - port_t port; int weight; node_t *n; subnet_t *s; From 9b2b3747340173590b8f6f5fbdd060b42985f026 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 17:40:50 +0000 Subject: [PATCH 521/923] route_ipv4 and route_ipv6 replaced by route_ip. --- src/route.c | 35 ++++++++++------------------------- 1 file changed, 10 insertions(+), 25 deletions(-) diff --git a/src/route.c b/src/route.c index 170f509e..8df8128a 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.20 2001/10/27 13:13:35 guus Exp $ + $Id: route.c,v 1.1.2.21 2001/11/16 17:40:50 zarq Exp $ */ #include "config.h" @@ -103,26 +103,10 @@ cp return NULL; } -node_t *route_ipv4(vpn_packet_t *packet) -{ - ipv4_t dest; - subnet_t *subnet; -cp -#ifdef HAVE_SOLARIS - /* The other form gives bus errors on a SparcStation 20. */ - dest = ((packet->data[30] * 0x100 + packet->data[31]) * 0x100 + packet->data[32]) * 0x100 + packet->data[33]; -#else - dest = ntohl(*((unsigned long*)(&packet->data[30]))); -#endif -cp - subnet = lookup_subnet_ipv4(&dest); -cp if(!subnet) { if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_WARNING, _("Cannot route packet: unknown destination address %d.%d.%d.%d"), - packet->data[30], packet->data[31], packet->data[32], packet->data[33]); } return NULL; @@ -131,20 +115,21 @@ cp return subnet->owner; } -node_t *route_ipv6(vpn_packet_t *packet) +node_t *route_ip(vpn_packet_t *packet) { - ipv6_t dest; + struct addrinfo *dest; subnet_t *subnet; cp - memcpy(&dest, &packet->data[30], sizeof(ipv6_t)); +#warning FIXME + memcpy(&dest, &packet->data[30], 0); - subnet = lookup_subnet_ipv6(&dest); + subnet = lookup_subnet_ip(&dest); cp if(!subnet) { if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address")); + syslog(LOG_WARNING, _("Cannot route packet: unknown IP destination address")); } return NULL; @@ -158,7 +143,7 @@ void route_arp(vpn_packet_t *packet) struct ether_arp *arp; subnet_t *subnet; unsigned char ipbuf[4]; - ipv4_t dest; + struct addrinfo *dest; cp /* First, snatch the source address from the ARP packet */ @@ -187,9 +172,9 @@ cp } /* Check if the IP address exists on the VPN */ - +#warning FIXME dest = ntohl(*((unsigned long*)(arp->arp_tpa))); - subnet = lookup_subnet_ipv4(&dest); + subnet = lookup_subnet_ip(&dest); if(!subnet) { From bf664c054fdabc30679367a752a27bb769655e4d Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 22:31:15 +0000 Subject: [PATCH 522/923] get_config_subnet needs to be fixed. --- src/conf.c | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/src/conf.c b/src/conf.c index eb13c426..1b3b3a1b 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.49 2001/11/16 12:17:03 zarq Exp $ + $Id: conf.c,v 1.9.4.50 2001/11/16 22:31:15 zarq Exp $ */ #include "config.h" @@ -204,39 +204,39 @@ cp int get_config_subnet(config_t *cfg, subnet_t **result) { - ip_mask_t *ip; subnet_t *subnet; cp if(!cfg) return 0; - ip = strtoip(cfg->value); +#warning FIXME +/* ip = strtoip(cfg->value); */ - if(!ip) - { - syslog(LOG_ERR, _("IP address expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; - } +/* if(!ip) */ +/* { */ +/* syslog(LOG_ERR, _("IP address expected for configuration variable %s in %s line %d"), */ +/* cfg->variable, cfg->file, cfg->line); */ +/* return 0; */ +/* } */ /* Teach newbies what subnets are... */ - if((ip->address & ip->mask) != ip->address) - { - syslog(LOG_ERR, _("Network address and subnet mask for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - free(ip); - return 0; - } +/* if((ip->address & ip->mask) != ip->address) */ +/* { */ +/* syslog(LOG_ERR, _("Network address and subnet mask for configuration variable %s in %s line %d"), */ +/* cfg->variable, cfg->file, cfg->line); */ +/* free(ip); */ +/* return 0; */ +/* } */ - subnet = new_subnet(); - subnet->type = SUBNET_IPV4; - subnet->net.ipv4.address = ip->address; - subnet->net.ipv4.mask = ip->mask; +/* subnet = new_subnet(); */ +/* subnet->type = SUBNET_IP; */ +/* subnet->net.ip.address = ip->address; */ +/* subnet->net.ip.mask = ip->mask; */ - free(ip); +/* free(ip); */ - *result = subnet; +/* *result = subnet; */ return 1; } From a59bbc72317c9cd97243a9cbf49db01ff249eb1e Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 22:31:41 +0000 Subject: [PATCH 523/923] Fixed silly typo: "np" instead of "no" --- src/conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/conf.c b/src/conf.c index 1b3b3a1b..3be2e33e 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.50 2001/11/16 22:31:15 zarq Exp $ + $Id: conf.c,v 1.9.4.51 2001/11/16 22:31:41 zarq Exp $ */ #include "config.h" @@ -166,7 +166,7 @@ cp *result = 1; return 1; } - else if(!strcasecmp(cfg->value, "np")) + else if(!strcasecmp(cfg->value, "no")) { *result = 0; return 1; From 4f47da5b87ef7da608c7e44026122f3d95deb2eb Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 22:40:26 +0000 Subject: [PATCH 524/923] Don't include netutl.h. --- src/tincd.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/tincd.c b/src/tincd.c index 0ccbdee6..f4ecebff 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.55 2001/10/28 08:41:19 guus Exp $ + $Id: tincd.c,v 1.10.4.56 2001/11/16 22:40:26 zarq Exp $ */ #include "config.h" @@ -47,7 +47,6 @@ #include "conf.h" #include "net.h" -#include "netutl.h" #include "process.h" #include "protocol.h" #include "subnet.h" From c2752b961c9262386b940c2c053b9909bee22859 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 16 Nov 2001 22:41:38 +0000 Subject: [PATCH 525/923] Conversion to struct addrinfo is almost complete for this file. --- src/net.c | 44 +++++++++++++++++++++++--------------------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/src/net.c b/src/net.c index 8406a79a..c7b612c7 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.150 2001/11/16 17:38:39 zarq Exp $ + $Id: net.c,v 1.35.4.151 2001/11/16 22:41:38 zarq Exp $ */ #include "config.h" @@ -87,21 +87,19 @@ int do_prune = 0; char *hostlookup(struct sockaddr *addr, int numericonly) { - char *name; - struct hostent *host = NULL; - struct in_addr in; - config_t const *cfg; + char *hostname; int flags = 0; + int r; cp if(numericonly - || ((cfg = get_config_val(config, resolve_dns)) == NULL - || cfg->data.val != stupid_true)) + || (get_config_bool(lookup_config(config_tree, "ResolveDNS"), &r) + || !r )) flags |= NI_NUMERICHOST; hostname = xmalloc(NI_MAXHOST); - if((r = getnameinfo(addr, sizeof(*addr), &hostname, NI_MAXHOST, NULL, 0, flags)) != 0) + if((r = getnameinfo(addr, sizeof(*addr), hostname, NI_MAXHOST, NULL, 0, flags)) != 0) { free(hostname); if(flags & NI_NUMERICHOST) @@ -161,8 +159,6 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) vpn_packet_t outpkt; int outlen, outpad; EVP_CIPHER_CTX ctx; - struct sockaddr_in to; - socklen_t tolen = sizeof(to); vpn_packet_t *copy; cp if(!n->status.validkey) @@ -349,7 +345,7 @@ cp if(bind(nfd, ai->ai_addr, ai->ai_addrlen)) { close(nfd); - syslog(LOG_ERR, _("Can't bind to %s port %d/tcp: %m"), + syslog(LOG_ERR, _("Can't bind to %s port %s/tcp: %m"), ai->ai_canonname, n->port); continue; } @@ -447,7 +443,7 @@ cp if(bind(nfd, ai->ai_addr, ai->ai_addrlen)) { close(nfd); - syslog(LOG_ERR, _("Can't bind to %s port %d/tcp: %m"), + syslog(LOG_ERR, _("Can't bind to %s port %s/tcp: %m"), ai->ai_canonname, n->port); continue; } @@ -467,7 +463,6 @@ cp int setup_outgoing_socket(connection_t *c) { int flags; - struct sockaddr_in a; cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); @@ -476,7 +471,7 @@ cp if(c->socket == -1) { - syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"), + syslog(LOG_ERR, _("Creating socket for %s port %s failed: %m"), c->hostname, c->port); return -1; } @@ -863,7 +858,7 @@ cp myself->status.active = 1; node_add(myself); - syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port); + syslog(LOG_NOTICE, _("Ready: listening on port %s"), myself->port); cp return 0; } @@ -957,14 +952,21 @@ cp return NULL; } - asprintf(&(c->address), " = ntohl(ci.sin_addr.s_addr); - c->hostname = hostlookup(ci.sin_addr.s_addr); + c->address = sockaddr_to_addrinfo(ci); + + c->hostname = xmalloc(INET6_ADDRSTRLEN); + if((inet_ntop(ci.sin_family, &(ci.sin_addr), c->hostname, INET6_ADDRSTRLEN)) == NULL) + { + syslog(LOG_ERR, _("Couldn't convert address to string: %m")); + free(c->hostname); + return NULL; + } asprintf(&(c->port), "%d", htons(ci.sin_port)); c->socket = sfd; c->last_ping_time = time(NULL); if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection from %s port %d"), + syslog(LOG_NOTICE, _("Connection from %s port %s"), c->hostname, c->port); c->allow_request = ID; @@ -1025,11 +1027,11 @@ cp return; } - n = lookup_node_udp(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + n = lookup_node_udp(sockaddr_to_addrinfo(&from)); if(!n) { - syslog(LOG_WARNING, _("Received UDP packet on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + syslog(LOG_WARNING, _("Received UDP packet on port %s from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); return; } /* @@ -1221,7 +1223,7 @@ cp if(setup_outgoing_connection(name)) /* function returns 0 when there are no problems */ retry = 1; - cfg = lookup_config_next(config._tree, cfg); /* Next time skip to next ConnectTo line */ + cfg = lookup_config_next(config_tree, cfg); /* Next time skip to next ConnectTo line */ } get_config_int(lookup_config(config_tree, "MaxTimeout"), &maxtimeout); From f0aa9641e82fb6e09c1e485366d14dddaa7f7c36 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 10 Feb 2002 21:57:54 +0000 Subject: [PATCH 526/923] Merging of the entire pre5 branch. --- AUTHORS | 1 - Makefile.am | 2 +- NEWS | 23 +- README | 48 +- THANKS | 1 + TODO | 26 +- acconfig.h | 5 +- configure.in | 33 +- debian/.cvsignore | 2 - debian/Makefile.am | 3 - debian/README.Debian | 10 - debian/changelog | 68 -- debian/conffiles | 5 - debian/control | 20 - debian/copyright | 63 -- debian/dirs | 2 - debian/doc-base.tinc | 10 - debian/docs | 3 - debian/info | 1 - debian/init.d | 66 -- debian/po-Makefile.in.in.diff | 32 - debian/postinst | 70 -- debian/rules | 78 -- debian/tinc.modules | 13 - doc/CONNECTIVITY | 4 +- doc/NETWORKING | 4 +- doc/PROTOCOL | 66 +- doc/SECURITY2 | 30 +- doc/sample-config/tinc-down | 5 +- doc/sample-config/tinc-up | 9 +- doc/sample-config/tinc.conf | 6 +- doc/tinc.conf.5 | 528 +++++++------ doc/tinc.texi | 470 ++++++----- doc/tincd.8 | 287 +++---- lib/avl_tree.c | 11 +- lib/dropin.c | 187 +---- lib/dropin.h | 51 +- m4/openssl.m4 | 8 + po/POTFILES.in | 12 + po/nl.po | 1147 +++++++++++++-------------- redhat/Makefile.am | 1 - src/Makefile.am | 11 +- src/conf.c | 86 +- src/conf.h | 11 +- src/connection.c | 10 +- src/connection.h | 21 +- src/device.h | 6 +- src/edge.c | 52 +- src/edge.h | 16 +- src/freebsd/device.c | 68 +- src/graph.c | 108 ++- src/graph.h | 9 +- src/linux/device.c | 17 +- src/meta.c | 6 +- src/meta.h | 6 +- src/net.c | 766 ++++++++++-------- src/net.h | 60 +- src/node.c | 25 +- src/node.h | 25 +- src/openbsd/device.c | 83 +- src/process.c | 35 +- src/process.h | 6 +- src/protocol.c | 1392 +-------------------------------- src/protocol.h | 81 +- src/route.c | 52 +- src/route.h | 6 +- src/solaris/device.c | 8 +- src/subnet.c | 209 +++-- src/subnet.h | 28 +- src/tincd.c | 17 +- 70 files changed, 2575 insertions(+), 4056 deletions(-) delete mode 100644 debian/.cvsignore delete mode 100644 debian/Makefile.am delete mode 100644 debian/README.Debian delete mode 100644 debian/changelog delete mode 100644 debian/conffiles delete mode 100644 debian/control delete mode 100644 debian/copyright delete mode 100644 debian/dirs delete mode 100644 debian/doc-base.tinc delete mode 100644 debian/docs delete mode 100644 debian/info delete mode 100644 debian/init.d delete mode 100644 debian/po-Makefile.in.in.diff delete mode 100644 debian/postinst delete mode 100644 debian/rules delete mode 100644 debian/tinc.modules delete mode 100644 redhat/Makefile.am diff --git a/AUTHORS b/AUTHORS index 710cc83b..4721984f 100644 --- a/AUTHORS +++ b/AUTHORS @@ -5,7 +5,6 @@ Ivo Timmermans These files are from other sources: * lib/pidfile.h and lib/pidfile.c are by Martin Schulze, taken from the syslog 1.3 sources. - * lib/dropin.c has various parts taken from OpenSSH. Also some of the macro files in the directory m4, and their accompanying files in lib, were taken from GNU fileutils. diff --git a/Makefile.am b/Makefile.am index 85c2c186..bbfa0141 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2,7 +2,7 @@ AUTOMAKE_OPTIONS = gnu -SUBDIRS = m4 intl lib src doc po redhat +SUBDIRS = m4 intl lib src doc po ACLOCAL_AMFLAGS = diff --git a/NEWS b/NEWS index d7282fa7..45b68e70 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,25 @@ -version 1.0pre4 Jan 17 2000 +version 1.0pre5 Feb 9 2002 + +* Security enhancements: + + * Added sequence number and optional message authentication code to + the packets. + + * Configurable encryption cipher and digest algorithms. + +* More robust handling of dis- and reconnects. + +* Added a "switch" and a "hub" mode to allow bridging setups. + +* Preliminary support for routing of IPv6 packets. + +* Supports Linux, FreeBSD, OpenBSD and Solaris. + + +It looks like this might be the last release before 1.0. + + +version 1.0pre4 Jan 17 2001 * Updated documentation; the documentation now reflects the configuration as it is. diff --git a/README b/README index 70d76f54..818a8d0d 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ -This is the README file for tinc version 1.0pre4. Installation +This is the README file for tinc version 1.0pre5. Installation instructions may be found in the INSTALL file. -tinc is Copyright (C) 1998-2001 by: +tinc is Copyright (C) 1998-2002 by: Ivo Timmermans , Guus Sliepen , @@ -18,12 +18,16 @@ your option) any later version. See the file COPYING for more details. Security statement ------------------ -In august 2000, we discovered the existence of a security hole in all -versions of tinc up to and including 1.0pre2. This had to do with the -way we exchanged keys. Since then, we have been working on a new -authentication scheme to make tinc as secure as possible. The current -version uses the OpenSSL library and does authentication in much the -same way as the SSH protocol does. +In August 2000, we discovered the existence of a security hole in all versions +of tinc up to and including 1.0pre2. This had to do with the way we exchanged +keys. Since then, we have been working on a new authentication scheme to make +tinc as secure as possible. The current version uses the OpenSSL library and +uses strong authentication with RSA keys. + +On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc +1.0pre4. Due to a lack of sequence numbers and a message authentication code +for each packet, an attacker could possibly disrupt certain network services or +launch a denial of service attack by replaying intercepted packets. Cryptography is a hard thing to get right. We cannot make any guarantees. Time, review and feedback are the only things that can @@ -31,6 +35,14 @@ prove the security of any cryptographic product. If you wish to review tinc or give us feedback, you are stronly encouraged to do so. +Changes to configuration file format +------------------------------------ + +Some configuration variables have different names now. Most notably "TapDevice" +should be changed into "Device", and "Device" should be changed into +"BindToDevice". + + Requirements ------------ @@ -41,6 +53,9 @@ this library is not installed on you system, configure will fail. The manual in doc/tinc.texi contains more detailed information on how to install this library. +In order to compile tinc, you will also need autoconf, automake, GNU make, m4 +and gettext. + Features -------- @@ -68,3 +83,20 @@ This version supports multiple subnets at once. They are also sorted on subnet mask size. This means that it is possible to have overlapping subnets on the VPN, as long as their subnet mask sizes differ. + +Since pre5, tinc can operate in several routing modes. The default mode, +"router", works exactly like the older version, and uses Subnet lines to +determine the destination of packets. The other two modes, "switch" and "hub", +allow the tinc daemons to work together like a single network switch or hub. +This is useful for bridging networks. + +The algorithms used for encryption and generating message authentication codes +can now be changed in the configuration files. All cipher and digest algorithms +supported by OpenSSL can be used. Useful ciphers are "blowfish" (default), +"bf-ofb", "des", "des3", etcetera. Useful digests are "sha1" (default), "md5", +etcetera. + +Preliminary support for routing IPv6 packets has been added. Just add Subnet +lines with IPv6 addresses (without using :: abbreviations) and use ifconfig to +give the virtual network interface corresponding IPv6 addresses. +Autoconfiguration will not work in router mode. diff --git a/THANKS b/THANKS index ed275bfc..0c50cf62 100644 --- a/THANKS +++ b/THANKS @@ -16,6 +16,7 @@ We would like to thank * Matias Carrasco (for the Spanish translation of the manual) * Jamie Briggs (for finding a lot of socket leaks) * Armijn Hemel (for being our very own PR manager) + * Jerome Etienne (for a thorough security analysis of tinc) for their help, support and ideas. Thank you guys! diff --git a/TODO b/TODO index 5dd5ecae..c0f2ee3f 100644 --- a/TODO +++ b/TODO @@ -1,27 +1,5 @@ TODO LIST -Goals for 1.0 release: +1.0: -* Check Solaris port -* Check FreeBSD port again (done) -* Check TCPonly and IndirectData - -* Check different linux architectures (x86, alpha and sparc32 done) -* Store private key in a separate file (done, 1 dec 2000) -* Sanity checks on configuration directory (mostly done) -* Use efficient tree algorithms instead of linked lists (done) -* Reenable queues for delayed packets (done) -* Merge documentation files (SECURITY, INSTALL, PROTOCOL) into tinc.texi (done) -* Different authentication scheme (done) -* Add randomness to packet headers and PING/PONG requests (done) - -Goals for future releases: - -* Compression -* Routing by MAC/switching (allows for more than only IPv4) (done) -* Broadcast/multicast (done) -* Windowing, chaffing, scattering, background noise -* ABC protocol (superscalabilty) -* Proxy ARP (done) -* Easy setup scripts (graphical?) -* Threading +* A nice, secure and stable release diff --git a/acconfig.h b/acconfig.h index 9e9f886b..fd502bfc 100644 --- a/acconfig.h +++ b/acconfig.h @@ -36,7 +36,6 @@ /* Define to 1 if you have the stpcpy function. */ #undef HAVE_STPCPY - /* For getopt */ #if HAVE_STDLIB_H # define getopt system_getopt @@ -68,5 +67,5 @@ /* Define to 1 if checkpoint tracing is enabled */ #undef ENABLE_TRACING -/* Define to 1 if you have struct addrinfo */ -#undef HAVE_STRUCT_ADDRINFO +/* Define to enable use of old SSLeay_add_all_algorithms() function */ +#undef HAVE_SSLEAY_ADD_ALL_ALGORITHMS diff --git a/configure.in b/configure.in index 57511319..df0f2bcc 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.38 2001/11/15 23:49:46 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.39 2002/02/10 21:57:51 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -36,19 +36,19 @@ AC_CANONICAL_HOST case $host_os in *linux*) AC_DEFINE(HAVE_LINUX) - [ ln -sf linux/device.c src/device.c ] + [ rm -f src/device.c; ln -sf linux/device.c src/device.c ] ;; *freebsd*) AC_DEFINE(HAVE_FREEBSD) - [ ln -sf freebsd/device.c src/device.c ] + [ rm -f src/device.c; ln -sf freebsd/device.c src/device.c ] ;; *solaris*) AC_DEFINE(HAVE_SOLARIS) - [ ln -sf solaris/device.c src/device.c ] + [ rm -f src/device.c; ln -sf solaris/device.c src/device.c ] ;; *openbsd*) AC_DEFINE(HAVE_OPENBSD) - [ ln -sf openbsd/device.c src/device.c ] + [ rm -f src/device.c; ln -sf openbsd/device.c src/device.c ] ;; esac @@ -68,28 +68,12 @@ AC_TYPE_SIZE_T AC_HEADER_TIME AC_STRUCT_TM -AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [ - AC_TRY_COMPILE( - [ -#include -#include -#include - ], - [ struct addrinfo s; s.ai_flags = 0; ], - [ ac_cv_have_struct_addrinfo="yes" ], - [ ac_cv_have_struct_addrinfo="no" ] - )]) -if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then - AC_DEFINE(HAVE_STRUCT_ADDRINFO) -fi - dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL AC_CHECK_FUNCS([ftime socket select strtol strerror flock unsetenv \ -asprintf putenv strdup fcloseall daemon strsignal get_current_dir_name \ -getaddrinfo getnameinfo gai_strerror freeaddrinfo]) +asprintf putenv strdup fcloseall daemon strsignal get_current_dir_name]) jm_FUNC_MALLOC jm_FUNC_REALLOC @@ -127,5 +111,6 @@ intl/Makefile lib/Makefile m4/Makefile po/Makefile.in -redhat/Makefile -debian/Makefile) +po/POTFILES +po/Makefile +) diff --git a/debian/.cvsignore b/debian/.cvsignore deleted file mode 100644 index 35de1541..00000000 --- a/debian/.cvsignore +++ /dev/null @@ -1,2 +0,0 @@ -Makefile Makefile.in tmp postinst.debhelper postrm.debhelper -preinst.debhelper prerm.debhelper substvars files diff --git a/debian/Makefile.am b/debian/Makefile.am deleted file mode 100644 index 0ed7907e..00000000 --- a/debian/Makefile.am +++ /dev/null @@ -1,3 +0,0 @@ -EXTRA_DIST = README.Debian changelog conffiles control copyright dirs \ - docs info init.d postinst rules doc-base.tinc tinc-up tinc-down \ - tinc.modules diff --git a/debian/README.Debian b/debian/README.Debian deleted file mode 100644 index 5a4c224f..00000000 --- a/debian/README.Debian +++ /dev/null @@ -1,10 +0,0 @@ -tinc for Debian ----------------------- - -The manual for tinc is also available as info pages, type `info tinc' -to read it. - -The system startup script for tinc, /etc/init.d/tinc, uses the file -/etc/tinc/nets.boot to find out which networks have to be started. - - -- Ivo Timmermans , Wed, 31 May 2000, 19:56:05 +0200 diff --git a/debian/changelog b/debian/changelog deleted file mode 100644 index 20a39cd5..00000000 --- a/debian/changelog +++ /dev/null @@ -1,68 +0,0 @@ -tinc (1.0pre4-1) unstable; urgency=low - - * New upstream version. - - -- Ivo Timmermans Wed, 17 Jan 2001 02:42:49 +0100 - -tinc (1.0pre3-2) unstable; urgency=low - - * Set architecture to any (Closes: #80451). - * Added tinc.modules with some useful module aliases. - - -- Ivo Timmermans Sat, 13 Jan 2001 16:10:57 +0100 - -tinc (1.0pre3-1) unstable; urgency=low - - * New upstream version (1.0pre3) (Closes: #71274). - * Better Depends and Build-Depends lines. - * Dropped dependencies on libgmp, added libssl. - * doc-base.tinc: New file. - * Deleted the file shlibs, as there on longer is a libblowfish. - * Patch po/Makefile.in.in from po-Makefile.in.in.diff if necessary. - * Use dh_perl to get accurate perl dependencies. - - -- Ivo Timmermans Thu, 9 Nov 2000 21:58:40 +0100 - -tinc (1.0pre2-1.1) unstable; urgency=low - - * NMU at Ivo's request as his application is being processed, and his - sponsor is based in the US. - - -- J.H.M. Dassen (Ray) Wed, 28 Jun 2000 21:52:30 +0200 - -tinc (1.0pre2-1) unstable; urgency=low - - * postinst creates a file /etc/tinc/nets.boot, containing all networks - to be started upon system startup; - * init.d script starts all networks from that list. - * postinst script creates tap devices. - - -- Ivo Timmermans Tue, 16 May 2000 00:06:25 +0200 - -tinc (1.0pre1-0.4) unstable; urgency=low - - * postinst script. - - -- Ivo Timmermans Mon, 15 May 2000 19:22:05 +0200 - -tinc (1.0pre1-0.3) unstable; urgency=low - - * system startup script. - - -- Ivo Timmermans Sun, 14 May 2000 22:58:02 +0200 - -tinc (1.0pre1-0.2) unstable; urgency=low - - * Included the blowfish license. - - -- Ivo Timmermans Fri, 21 Apr 2000 17:07:50 +0200 - -tinc (1.0pre1-0.1) unstable; urgency=low - - * Initial Release. - - -- Ivo Timmermans Fri, 21 Apr 2000 17:07:50 +0200 - -Local variables: -mode: debian-changelog -End: diff --git a/debian/conffiles b/debian/conffiles deleted file mode 100644 index e0faa785..00000000 --- a/debian/conffiles +++ /dev/null @@ -1,5 +0,0 @@ -/etc/tinc/example/tinc.conf -/etc/tinc/example/tinc-down -/etc/tinc/example/tinc-up -/etc/modutils/tinc -/etc/init.d/tinc diff --git a/debian/control b/debian/control deleted file mode 100644 index 82d7df0d..00000000 --- a/debian/control +++ /dev/null @@ -1,20 +0,0 @@ -Source: tinc -Section: non-US/main -Priority: optional -Maintainer: Ivo Timmermans -Standards-Version: 3.0.1 -Build-Depends: libssl-dev, autoconf (>= 2.12), - automake, debhelper, gettext - -Package: tinc -Architecture: all -Depends: ${shlibs:Depends}, ${perl:Depends} -Description: Virtual Private Network daemon - tinc is a daemon with which you can create a virtual private network - (VPN). One daemon can handle multiple connections, so you can - create an entire (moderately sized) VPN with only one daemon per - participating computer. - . - You need to have two kernel modules installed, on a Debian system - they should already be there. If they are not, the manual will - explain you how to do that. diff --git a/debian/copyright b/debian/copyright deleted file mode 100644 index 7652f535..00000000 --- a/debian/copyright +++ /dev/null @@ -1,63 +0,0 @@ -This package was debianized by Ivo Timmermans on -Fri, 21 Apr 2000 17:07:50 +0200. - -It was downloaded from http://tinc.nl.linux.org/ - -Upstream Author(s): - Ivo Timmermans - Guus Sliepen - -Copyright: GPL version 2. On Debian GNU/Linux systems, the complete -text of the GNU General Public License can be found in -/usr/share/common-licenses/GPL. - -The blowfish library is from the libssl package by Eric Young. The -copyright notice for this library follows. - ----------------------------------------------------------------------- -Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au) -All rights reserved. - -This package is an Blowfish implementation written -by Eric Young (eay@mincom.oz.au). - -This library is free for commercial and non-commercial use as long as -the following conditions are aheared to. The following conditions -apply to all code found in this distribution. - -Copyright remains Eric Young's, and as such any Copyright notices in -the code are not to be removed. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - This product includes software developed by Eric Young (eay@mincom.oz.au) - -THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -The license and distribution terms for any publically available version or -derivative of this code cannot be changed. i.e. this code cannot simply be -copied and put under another distrubution license -[including the GNU Public License.] - -The reason behind this being stated in this direct manner is past -experience in code simply being copied and the attribution removed -from it and then being distributed as part of other packages. This -implementation was a non-trivial and unpaid effort. diff --git a/debian/dirs b/debian/dirs deleted file mode 100644 index 3c032175..00000000 --- a/debian/dirs +++ /dev/null @@ -1,2 +0,0 @@ -etc/tinc -etc/tinc/example diff --git a/debian/doc-base.tinc b/debian/doc-base.tinc deleted file mode 100644 index 6f28d1f6..00000000 --- a/debian/doc-base.tinc +++ /dev/null @@ -1,10 +0,0 @@ -Document: tinc -Title: tinc Manual -Author: Ivo Timmermans, Guus Sliepen -Abstract: This manual describes how to set up a Virtual Private - Network with tinc. -Section: net - -Format: HTML -Files: /usr/share/doc/tinc/tinc*.html -Index: /usr/share/doc/tinc/tinc_toc.html diff --git a/debian/docs b/debian/docs deleted file mode 100644 index 9bdd99cb..00000000 --- a/debian/docs +++ /dev/null @@ -1,3 +0,0 @@ -INSTALL -NEWS -README diff --git a/debian/info b/debian/info deleted file mode 100644 index 5468d6c9..00000000 --- a/debian/info +++ /dev/null @@ -1 +0,0 @@ -doc/tinc.info diff --git a/debian/init.d b/debian/init.d deleted file mode 100644 index e3c55ed8..00000000 --- a/debian/init.d +++ /dev/null @@ -1,66 +0,0 @@ -#! /bin/sh -# -# System startup script for tinc -# $Id: init.d,v 1.14.2.4 2000/12/05 09:03:41 zarq Exp $ -# -# Based on Lubomir Bulej's Redhat init script. -# -# Create a file $NETSFILE (/etc/tinc/nets.boot), and put all the names of -# the networks in there. These names must be valid directory names under -# $TCONF (/etc/tinc). Lines starting with a # will be ignored in this -# file. -# - -DAEMON="/usr/sbin/tincd" -NAME="tinc" -DESC="tinc daemons" -TCONF="/etc/tinc" -EXTRA="" -NETSFILE="$TCONF/nets.boot" -NETS="" - -test -f $DAEMON || exit 0 - -find_nets () { - if [ ! -f $NETSFILE ] ; then - echo "Please create $NETSFILE." - exit 0 - fi - NETS="`egrep '^[ ]*[a-zA-Z0-9_]+[ ]*$' $NETSFILE`" -} - -case "$1" in - start) - find_nets - echo -n "Starting $DESC:" - for n in $NETS ; do - echo -n " $n" - $DAEMON -n $n $EXTRA - done - echo "." - ;; - stop) - find_nets - echo -n "Stopping $DESC:" - for n in $NETS ; do - echo -n " $n" - $DAEMON -n $n $EXTRA -k - done - echo "." - ;; - restart|force-reload) - find_nets - echo -n "Restarting $DESC:" - for n in $NETS ; do - echo -n " $n" - $DAEMON -n $n $EXTRA -k - sleep 1 - $DAEMON -n $n $EXTRA - done - echo "." - ;; - *) - echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload}" - exit 1 - ;; -esac diff --git a/debian/po-Makefile.in.in.diff b/debian/po-Makefile.in.in.diff deleted file mode 100644 index b33223af..00000000 --- a/debian/po-Makefile.in.in.diff +++ /dev/null @@ -1,32 +0,0 @@ ---- Makefile.in.in.orig Thu Nov 2 20:02:58 2000 -+++ Makefile.in.in Thu Nov 2 23:25:42 2000 -@@ -24,6 +24,8 @@ - gettextsrcdir = $(prefix)/share/gettext/po - subdir = po - -+DESTDIR = -+ - INSTALL = @INSTALL@ - INSTALL_DATA = @INSTALL_DATA@ - MKINSTALLDIRS = $(top_srcdir)/@MKINSTALLDIRS@ -@@ -111,16 +113,16 @@ - install-data-no: all - install-data-yes: all - if test -r "$(MKINSTALLDIRS)"; then \ -- $(MKINSTALLDIRS) $(datadir); \ -+ $(MKINSTALLDIRS) $(DESTDIR)$(datadir); \ - else \ -- $(SHELL) $(top_srcdir)/mkinstalldirs $(datadir); \ -+ $(SHELL) $(top_srcdir)/mkinstalldirs $(DESTDIR)$(datadir); \ - fi - @catalogs='$(CATALOGS)'; \ - for cat in $$catalogs; do \ - cat=`basename $$cat`; \ - case "$$cat" in \ -- *.gmo) destdir=$(gnulocaledir);; \ -- *) destdir=$(localedir);; \ -+ *.gmo) destdir=$(DESTDIR)$(gnulocaledir);; \ -+ *) destdir=$(DESTDIR)$(localedir);; \ - esac; \ - lang=`echo $$cat | sed 's/\$(CATOBJEXT)$$//'`; \ - dir=$$destdir/$$lang/LC_MESSAGES; \ diff --git a/debian/postinst b/debian/postinst deleted file mode 100644 index b7d022bc..00000000 --- a/debian/postinst +++ /dev/null @@ -1,70 +0,0 @@ -#! /bin/sh -# postinst script for tinc -# -# $Id: postinst,v 1.6.4.1 2000/12/05 09:04:32 zarq Exp $ -# -# see: dh_installdeb(1) - -TCONF="/etc/tinc" -NETSFILE="$TCONF/nets.boot" - -set -e - -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see /usr/doc/packaging-manual/ -# -# quoting from the policy: -# Any necessary prompting should almost always be confined to the -# post-installation script, and should be protected with a conditional -# so that unnecessary prompting doesn't happen if a package's -# installation fails and the `postinst' is called with `abort-upgrade', -# `abort-remove' or `abort-deconfigure'. - -case "$1" in - configure) - if [ ! -e /dev/.devfs ] ; then - devices_exist=1 - for d in 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ; do - test -e /dev/tap$d || devices_exist=0 - done - if [ $devices_exist -eq 0 ] ; then - cd /dev && ./MAKEDEV netlink || true - fi - fi - - if [ ! -e $NETSFILE ] ; then - echo "## This file contains all names of the networks to be started on system startup." > $NETSFILE - fi - - if fgrep -q PublicKey `find /etc/tinc -type f` ; then - echo "If you are upgrading from version 1.0pre3, make sure you" - echo "regenerate the host keys. For more information, refer to" - echo "/usr/share/doc/tinc/UPGRADING.txt." - fi - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 0 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 - - diff --git a/debian/rules b/debian/rules deleted file mode 100644 index c07a0540..00000000 --- a/debian/rules +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/make -f -# Sample debian/rules that uses debhelper. -# GNU copyright 1997 to 1999 by Joey Hess. - -# Uncomment this to turn on verbose mode. -#export DH_VERBOSE=1 - -# This is the debhelper compatability version to use. -export DH_COMPAT=1 - -build: build-stamp -build-stamp: - dh_testdir - -# # If the Makefile.in.in file in po/ already contains DESTDIR support, skip the patching. - cd `pwd`/po ; ( \ - if ! grep DESTDIR Makefile.in.in > /dev/null ; then \ - patch -Ns -p0 < `pwd`/../debian/po-Makefile.in.in.diff || true ;\ - fi ;\ - ) - - env CFLAGS='-O2 -Wall' ./autogen.sh --prefix=/usr --mandir=\$${prefix}/share/man \ - --infodir=\$${prefix}/share/info --sysconfdir=/etc --localstatedir=/var - - $(MAKE) - - touch build-stamp - -clean: - dh_testdir - dh_testroot - rm -f build-stamp - - -$(MAKE) cvs-clean - - dh_clean - -install: build - dh_testdir - dh_testroot - dh_clean -k - dh_installdirs - - $(MAKE) install DESTDIR=`pwd`/debian/tmp - mkdir -p `pwd`/debian/tmp/etc/tinc - cp -a doc/sample-config.tar.gz `pwd`/debian/tmp/etc/tinc/example - cd `pwd`/debian/tmp/etc/tinc/example && tar xzf sample-config.tar.gz && rm sample-config.tar.gz - ln -s /usr/share/doc/tinc/README.Debian `pwd`/debian/tmp/etc/tinc/example/README - - -# Build architecture-independent files here. -binary-indep: build install -# We have nothing to do by default. - -# Build architecture-dependent files here. -binary-arch: build install - dh_testdir - dh_testroot - dh_installdocs - dh_installexamples - dh_installinit - dh_installmanpages - dh_installmodules - dh_installinfo - dh_installchangelogs ChangeLog - dh_link - dh_strip - dh_compress - dh_fixperms - dh_installdeb - dh_perl - dh_shlibdeps - dh_gencontrol - dh_md5sums - dh_builddeb - -binary: binary-indep binary-arch -.PHONY: build clean binary-indep binary-arch binary install diff --git a/debian/tinc.modules b/debian/tinc.modules deleted file mode 100644 index 7086e405..00000000 --- a/debian/tinc.modules +++ /dev/null @@ -1,13 +0,0 @@ -alias char-major-36 netlink_dev - -alias tap0 ethertap -alias tap1 ethertap -alias tap2 ethertap -alias tap3 ethertap - -options tap0 -o tap0 -x unit=0 -options tap1 -o tap1 -x unit=1 -options tap2 -o tap2 -x unit=2 -options tap3 -o tap3 -x unit=3 - -alias char-major-10-200 tun diff --git a/doc/CONNECTIVITY b/doc/CONNECTIVITY index 3ced6ffb..4a2aeea9 100644 --- a/doc/CONNECTIVITY +++ b/doc/CONNECTIVITY @@ -1,7 +1,7 @@ This document describes how nodes in a VPN find and connect to eachother and maintain a stable network. - Copyright 2001 Guus Sliepen + Copyright 2001-2002 Guus Sliepen Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this @@ -12,7 +12,7 @@ maintain a stable network. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: CONNECTIVITY,v 1.1.2.7 2001/07/24 08:51:36 guus Exp $ + $Id: CONNECTIVITY,v 1.1.2.8 2002/02/10 21:57:51 guus Exp $ 1. Problem ========== diff --git a/doc/NETWORKING b/doc/NETWORKING index 66b03eda..89a2e686 100644 --- a/doc/NETWORKING +++ b/doc/NETWORKING @@ -1,7 +1,7 @@ This is the network infrastructure documentation for tinc, a Virtual Private Network daemon. - Copyright 2001 Guus Sliepen + Copyright 2001-2002 Guus Sliepen Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this @@ -12,7 +12,7 @@ Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: NETWORKING,v 1.1.2.1 2001/03/04 14:00:24 guus Exp $ + $Id: NETWORKING,v 1.1.2.2 2002/02/10 21:57:51 guus Exp $ 1. Packet flow ============== diff --git a/doc/PROTOCOL b/doc/PROTOCOL index 3ceff075..61e2c77b 100644 --- a/doc/PROTOCOL +++ b/doc/PROTOCOL @@ -1,7 +1,7 @@ This is the protocol documentation for tinc, a Virtual Private Network daemon. - Copyright 2000,2001 Guus Sliepen , - 2000,2001 Ivo Timmmermans + Copyright 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmmermans Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this @@ -12,7 +12,7 @@ This is the protocol documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: PROTOCOL,v 1.1.2.4 2001/01/07 17:08:02 guus Exp $ + $Id: PROTOCOL,v 1.1.2.5 2002/02/10 21:57:51 guus Exp $ 1. Protocols used in tinc @@ -33,17 +33,19 @@ can be found in various UNIX flavours. Normal packets are sent without any state information, so the layout is pretty basic. -A data packet can only be sent if the encryption key is known to both -parties, and the connection is activated. If the encryption key is not -known, a request is sent to the destination using the meta connection -to retreive it. +A data packet can only be sent if the encryption key, cipher and digest are +known to both parties, and the connection is activated. If the encryption key +is not known, a request is sent to the destination using the meta connection to +retreive it. - 0 1 2 3 -| LEN | DATA : \ -: DATA . } encrypted -. : / - . +0 1 2 3 4 5 6 7 ... 97 98 99 100 +| seqno | data | MAC | +\____________________________________/\_______________/ + | | + encrypted using symmetric cipher digest +The sequence number prevents replay attacks, the message authentication code +prevents altered packets from being accepted. 3. Meta protocol ---------------- @@ -59,7 +61,7 @@ possible to use tools such as telnet or netcat to connect to a tinc daemon and to read and write requests by hand, provided that one understands the numeric codes sent. -The authentication scheme is described in the SECURITY file. After a +The authentication scheme is described in the SECURITY2 file. After a succesful authentication, the server and the client will exchange all the information about other tinc daemons and subnets they know of, so that both sides (and all the other tinc daemons behind them) have their information @@ -67,19 +69,23 @@ synchronised. daemon message -------------------------------------------------------------------------- -origin ADD_HOST daemon a329e18c:655 0 - | | +--> options - | +---------> real address:port - +-------------------> name of new tinc daemon -origin ADD_SUBNET daemon 1,0a010100/ffffff00 - | | | +--> netmask - | | +----------> vpn IPv4 network address - | +----------------> subnet type (1=IPv4) - +--------------------> owner of this subnet +origin ADD_EDGE node1 12.23.34.45 655 node2 21.32.43.54 655 222 0 + | | | \___________________/ | +-> options + | | | | +----> weight + | | | +----------------> see below + | | +--> UDP port + | +----------> real address + +------------------> name of node on one side of the edge + +origin ADD_SUBNET node 192.168.1.0/24 + | | +--> masklength + | +--------> IPv4 network address + +------------------> owner of this subnet -------------------------------------------------------------------------- -In case daemons leave the VPN, DEL_HOST and DEL_SUBNET messages with exactly -the same syntax are sent to inform the other daemons of the departure. +In case a connection between two daemons is closed or broken, DEL_EDGE messages +are sent to inform the other daemons of that fact. Each daemon will calculate a +new route to the the daemons, or mark them unreachable if there isn't any. The keys used to encrypt VPN packets are not sent out directly. This is because it would generate a lot of traffic on VPNs with many daemons, and @@ -87,18 +93,22 @@ chances are that not every tinc daemon will ever send a packet to every other daemon. Instead, if a daemon needs a key it sends a request for it via the meta connection of the nearest hop in the direction of the destination. If any hop on the way has already learned the key, it will -act as a proxy and forward it's copy back to the requestor. +act as a proxy and forward its copy back to the requestor. daemon message -------------------------------------------------------------------------- daemon REQ_KEY origin destination | +--> name of the tinc daemon it wants the key from +----------> name of the daemon that wants the key -daemon ANS_KEY origin destination e4ae0b0a82d6e0078179b5290c62c7d0 - | | \______________________________/ - | | +--> 128 bits key + +daemon ANS_KEY origin destination 4ae0b0a82d6e0078 91 64 4 + | | \______________/ | | +--> MAC length + | | | | +-----> digest algorithm + | | | +--------> cipher algorithm + | | +--> 128 bits key | +--> name of the daemon that wants the key +----------> name of the daemon that uses this key + daemon KEY_CHANGED origin +--> daemon that has changed it's packet key -------------------------------------------------------------------------- diff --git a/doc/SECURITY2 b/doc/SECURITY2 index 3922f3fa..4276a018 100644 --- a/doc/SECURITY2 +++ b/doc/SECURITY2 @@ -1,7 +1,7 @@ This is the security documentation for tinc, a Virtual Private Network daemon. - Copyright 2001 Guus Sliepen , - 2001 Wessel Dankers + Copyright 2001-2002 Guus Sliepen , + 2001-2002 Wessel Dankers Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this @@ -12,7 +12,7 @@ This is the security documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: SECURITY2,v 1.1.2.1 2001/02/13 09:54:29 guus Exp $ + $Id: SECURITY2,v 1.1.2.2 2002/02/10 21:57:51 guus Exp $ Proposed new authentication scheme ---------------------------------- @@ -27,13 +27,11 @@ client server -client ID client 9 0 - | | +-> options +client ID client 12 | +---> version +-------> name of tinc daemon -server ID server 9 0 - | | +-> options +server ID server 12 | +---> version +-------> name of tinc daemon @@ -64,6 +62,21 @@ client CHAL_REPLY 816a86 server CHAL_REPLY 928ffe +-> 160 bits SHA1 of H1 + +After the correct challenge replies are recieved, both ends have proved +their identity. Further information is exchanged. + +client ACK 655 12.23.34.45 123 0 + | | | +-> options + | | +----> estimated weight + | +------------> IP address of server as seen by client + +--------------------> UDP port of client + +server ACK 655 21.32.43.54 321 0 + | | | +-> options + | | +----> estimated weight + | +------------> IP address of client as seen by server + +--------------------> UDP port of server -------------------------------------------------------------------------- This new scheme has several improvements, both in efficiency and security. @@ -107,9 +120,6 @@ Fourth: the first thing that is send via the symmetric cipher encrypted connection is a totally random string, so that there is no known plaintext (for an attacker) in the beginning of the encrypted stream. - -An explicit ACK is no longer needed, the CHAL_REPLY serves as an ACK. - Some things to be discussed: - What should CHALLEN be? Same as RSAKEYLEN? 256 bits? More/less? diff --git a/doc/sample-config/tinc-down b/doc/sample-config/tinc-down index 12749919..65b049e2 100644 --- a/doc/sample-config/tinc-down +++ b/doc/sample-config/tinc-down @@ -1,7 +1,4 @@ #!/bin/sh # This file closes down the tap device. -# Note that if you use the universal tun/tap driver, you don't -# need to do anything; once tinc quits the tap device is already -# removed by the kernel. -ifconfig tap1 down +ifconfig $INTERFACE down diff --git a/doc/sample-config/tinc-up b/doc/sample-config/tinc-up index f515e51d..8f05c4a5 100644 --- a/doc/sample-config/tinc-up +++ b/doc/sample-config/tinc-up @@ -2,13 +2,14 @@ # This file sets up the tap device. # It gives you the freedom to do anything you want with it. # Use the correct name for the tap device: -# For ethertap this is tap0, tap1, tap2 etcetera, -# but for the universal tun/tap device use $NETNAME. +# For the Linux tun/tap device $INTERFACE is set to the right name, +# but for ethertap and FreeBSD this is tap0, tap1, tap2 etcetera, +# for Solaris and OpenBSD it is tun0, tun1, etcetera. # Set hardware ethernet address (required!) -ifconfig tap1 hw ether fe:fd:0:0:0:0 +ifconfig $INTERFACE hw ether fe:fd:0:0:0:0 # Give it the right ip and netmask. Remember, the subnet of the # tap device must be larger than that of the individual Subnets # as defined in the host configuration file! -ifconfig tap1 192.168.1.1 netmask 255.255.0.0 -arp +ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0 -arp diff --git a/doc/sample-config/tinc.conf b/doc/sample-config/tinc.conf index ea5216ea..f5f0aa63 100644 --- a/doc/sample-config/tinc.conf +++ b/doc/sample-config/tinc.conf @@ -16,8 +16,10 @@ Name = alpha ConnectTo = beta # The tap device tinc will use. Required. -# Default is /dev/tap0 -TapDevice = /dev/tap1 +# Default is /dev/tap0 for ethertap or FreeBSD, +# /dev/tun0 for Solaris and OpenBSD, +# and /dev/misc/net/tun for Linux tun/tap device. +Device = /dev/misc/net/tun # The file in which the private key for this host is stored. Required. PrivateKeyFile = /etc/tinc/example/rsa_key.priv diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 46bc0cfe..547c75f1 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -1,246 +1,322 @@ -.TH TINC 5 "Jan 2001" "tinc version 1.0pre4" "FSF" -.SH NAME -tinc.conf \- tinc daemon configuration -.SH "DESCRIPTION" -The files in the \fI/etc/tinc\fR directory contain runtime and -security information for the \fBtincd\fR(8) daemon. -.PP -.SH "NETWORKS" -It is perfectly ok for you to run more than one tinc daemon. However, -in its default form, you will soon notice that you can't use two -different configuration files without the \fI-c\fR option. - -We have thought of another way of dealing with this: network -names. This means that you call \fBtincd\fR with the \fI-n\fR argument, -which will assign a name to this daemon. - -The effect of this is that the daemon will set its configuration -``root'' to \fI/etc/tinc/\fBnetname\fI/\fR, where \fBnetname\fR is your argument -to the \fI-n\fR option. You'll notice that it appears in syslog as -``tincd.\fBnetname\fR''. - -However, it is not strictly necessary that you call tinc with the -n -option. In this case, the network name would just be empty, and it -will be used as such. tinc now looks for files in \fI/etc/tinc/\fR, -instead of \fI/etc/tinc/\fBnetname\fI/\fR; the configuration file should be -\fI/etc/tinc/tinc.conf\fR, and the passphrases are now expected to be -in \fI/etc/tinc/passphrases/\fR. - -But it is highly recommended that you use this feature of tinc, -because it will be so much clearer whom your daemon talks to. Hence, -we will assume that you use it. -.PP -.SH "NAMES" -Each tinc daemon should have a name that is unique in the network which -it will be part of. The name will be used by other tinc daemons for -identification. The name has to be declared in the -\fI/etc/tinc/\fBnetname\fI/tinc.conf\fR file. - -To make things easy, choose something that will give unique and easy -to rememebr names to your tinc daemon(s). +.Dd 2002-02-06 +.Dt TINC.CONF 5 +.\" Manual page created by: +.\" Ivo Timmermans +.\" Guus Sliepen +.Sh NAME +.Nm tinc.conf +.Nd tinc daemon configuration +.Sh DESCRIPTION +The files in the +.Pa /etc/tinc/ +directory contain runtime and security information for the tinc daemon. +.Sh NETWORKS +It is perfectly ok for you to run more than one tinc daemon. +However, in its default form, +you will soon notice that you can't use two different configuration files without the +.Fl c +option. +.Pp +We have thought of another way of dealing with this: network names. +This means that you call +.Nm +with the +.Fl n +option, which will assign a name to this daemon. +.Pp +The effect of this is that the daemon will set its configuration root to +.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa / , +where +.Ar NETNAME +is your argument to the +.Fl n +option. +You'll notice that messages appear in syslog as coming from +.Nm tincd. Ns Ar NETNAME . +.Pp +However, it is not strictly necessary that you call tinc with the +.Fl n +option. +In this case, the network name would just be empty, +and it will be used as such. +.Nm tinc +now looks for files in +.Pa /etc/tinc/ , +instead of +.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa / ; +the configuration file should be +.Pa /etc/tinc/tinc.conf , +and the host configuration files are now expected to be in +.Pa /etc/tinc/hosts/ . +.Pp +But it is highly recommended that you use this feature of +.Nm tinc , +because it will be so much clearer whom your daemon talks to. +Hence, we will assume that you use it. +.Sh NAMES +Each tinc daemon should have a name that is unique in the network which it will be part of. +The name will be used by other tinc daemons for identification. +The name has to be declared in the +.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf +file. +.Pp +To make things easy, +choose something that will give unique and easy to remember names to your tinc daemon(s). You could try things like hostnames, owner surnames or location names. -.PP -.SH "PUBLIC/PRIVATE KEYS" -You should use \fBtincd --generate-keys\fR to generate public/private -keypairs. It will generate two keys. The private -key should be stored in a separate file \fI/etc/tinc/\fBnetname\fI/rsa_key.priv\fR -\-\- where \fBnetname\fR stands for the network (See under \fBNETWORKS\fR) -above. The public key should be stored in -the host configuration file \fI/etc/tinc/\fBnetname\fI/hosts/\fBname\fR \-\- where \fBname\fR stands -for the name of the local tinc daemon (See \fBNAMES\fR). -.PP -.SH "SERVER CONFIGURATION" +.Sh PUBLIC/PRIVATE KEYS +You should use +.Ic tincd -K +to generate public/private keypairs. +It will generate two keys. +The private key should be stored in a separate file +.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /rsa_key.priv +\-\- where +.Ar NETNAME +stands for the network (see +.Sx NETWORKS ) +above. +The public key should be stored in the host configuration file +.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Va NAME +\-\- where +.Va NAME +stands for the name of the local tinc daemon (see +.Sx NAMES ) . +.Sh SERVER CONFIGURATION The server configuration of the daemon is done in the file -\fI/etc/tinc/\fBnetname\fI/tinc.conf\fR. - -This file consists of comments (lines started with a \fB#\fR) or -assignments in the form of -.PP -.Vb 1 -\& \fIVariable \fB= \fIValue\fR. -.Ve -.PP +.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf . +This file consists of comments (lines started with a +.Li # ) +or assignments in the form of: +.Pp +.Va Variable Li = Ar Value . +.Pp The variable names are case insensitive, and any spaces, tabs, -newlines and carriage returns are ignored. \fINote\fR: it is not -required that you put in the \fB=\fR sign, but doing so improves -readability. If you leave it out, remember to replace it with at least -one space character. -.PP -Here are all valid variables, listed in alphabetical order. The default -value is given between parentheses. -.TP -\fBConnectTo\fR = <\fIname\fR> -Specifies which host to connect to on startup. Multiple \fBConnectTo\fR variables -may be specified, if connecting to the first one fails then tinc will try -the next one, and so on. The names should be known to this tinc daemon -(i.e., there should be a host configuration file for the name on the ConnectTo +newlines and carriage returns are ignored. +Note: it is not required that you put in the +.Li = +sign, but doing so improves readability. +If you leave it out, remember to replace it with at least one space character. +.Pp +Here are all valid variables, listed in alphabetical order. +The default value is given between parentheses. +.Bl -tag -width indent +.It Va BindToInterface Li = Ar interface Bq experimental +If your computer has more than one network interface, +.Nm tinc +will by default listen on all of them for incoming connections. +It is possible to bind only to a single interface with this variable. +.Pp +This option may not work on all platforms. +.It Va BindToIP Li = Ar address Bq experimental +If your computer has more than one IP address on a single interface +(for example if you are running virtual hosts), +.Nm tinc +will by default listen on all of them for incoming connections. +It is possible to bind only to a single IP address with this variable. +It is still possible to listen on several interfaces at the same time though, +if they share the same IP address. +.Pp +This option may not work on all platforms. +.It Va ConnectTo Li = Ar name +Specifies which other tinc daemon to connect to on startup. +Multiple +.Va ConnectTo +variables may be specified; +if connecting to the first one fails then tinc will try the next one, and so on. +The names should be known to this tinc daemon +(i.e., there should be a host configuration file for the name on the +.Va ConnectTo line). - -If you don't specify a host with \fBConnectTo\fR, tinc won't try to connect to other daemons at all, +.Pp +If you don't specify a host with +.Va ConnectTo , +.Nm tinc +won't try to connect to other daemons at all, and will instead just listen for incoming connections. -.TP -\fBHostnames\fR = <\fIyes|no\fR> (no) +.It Va Device Li = Ar device Po /dev/tap0 or /dev/misc/net/tun Pc +The virtual network device to use. +.Nm tinc +will automatically detect what kind of device it is. +Note that you can only use one device per daemon. +The info pages of the tinc package contain more information +about configuring the virtual network device. +.It Va Hostnames Li = yes | no Pq no This option selects whether IP addresses (both real and on the VPN) should be resolved. Since DNS lookups are blocking, it might affect tinc's -efficiency, even stopping the daemon for a few seconds everytime it does +efficiency, even stopping the daemon for a few seconds every time it does a lookup if your DNS server is not responding. - +.Pp This does not affect resolving hostnames to IP addresses from the host configuration files. -.TP -\fBInterface\fR = <\fIdevice\fR> -If you have more than one network interface in your computer, tinc will -by default listen on all of them for incoming connections. It is -possible to bind tinc to a single interface like eth0 or ppp0 with this -variable. -.TP -\fBInterfaceIP\fR = <\fIlocal address\fR> -If your computer has more than one IP address on a single interface (for -example if you are running virtual hosts), tinc will by default listen -on all of them for incoming connections. It is possible to bind tinc to -a single IP address with this variable. It is still possible to listen -on several interfaces at the same time though, if they share the same IP -address. -.TP -\fBKeyExpire\fR = <\fIseconds\fR> (3600) -This option controls the time the encryption keys used to encrypt the data -are valid. It is common practice to change keys at regular intervals to -make it even harder for crackers, even though it is thought to be nearly -impossible to crack a single key. -.TP -\fBName\fR = <\fIname\fR> [required] -This is the name which identifies this tinc daemon. It must be unique for -the virtual private network this daemon will connect to. -.TP -\fBPingTimeout\fR = <\fIseconds\fR> (60) -The number of seconds of inactivity that tinc will wait before sending a -probe to the other end. If that other end doesn't answer within that -same amount of seconds, the connection is terminated, and the others -will be notified of this. -.TP -\fBPrivateKey\fR = <\fIkey\fR> [obsolete] -The private RSA key of this tinc daemon. It will allow this tinc daemon to -authenticate itself to other daemons. -.TP -\fBPrivateKeyFile\fR = <\fIfilename\fR> [recommended] +.It Va Interface Li = Ar interface +Defines the name of the interface corresponding to the virtual network device. +Depending on the operating system and the type of device this may or may not actually set the name. +Currently this option only affects the Linux tun/tap device. +.It Va KeyExpire Li = Ar period Pq 3600 +This option controls the period the encryption keys used to encrypt the data are valid. +It is common practice to change keys at regular intervals to make it even harder for crackers, +even though it is thought to be nearly impossible to crack a single key. +.It Va MaxTimeout Li = Ar period Pq 900 +This is the maximum delay before trying to reconnect to other tinc daemons. +.It Va Mode Li = router | switch | hub Pq router +This option selects the way packets are routed to other daemons. +.Bl -tag -width indent +.It router +In this mode +.Va Subnet +variables in the host configuration files will be used to form a routing table. +Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode. +.It switch +In this mode the MAC addresses of the packets on the VPN will be used to +dynamically create a routing table just like a network switch does. +Unicast, multicast and broadcast packets of every Ethernet protocol are supported in this mode +at the cost of frequent broadcast ARP requests and routing table updates. +.It hub +In this mode every packet will be broadcast to the other daemons. +.El +.It Va Name Li = Ar name Bq required +This is the name which identifies this tinc daemon. +It must be unique for the virtual private network this daemon will connect to. +.It Va PingTimeout Li = Ar period Pq 60 +The number of seconds of inactivity that +.Nm tinc +will wait before sending a probe to the other end. +If that other end doesn't answer within that same amount of time, +the connection is terminated, +and the others will be notified of this. +.It Va PrivateKey Li = Ar key Bq obsolete +The private RSA key of this tinc daemon. +It will allow this tinc daemon to authenticate itself to other daemons. +.It Va PrivateKeyFile Li = Ar filename Bq recommended The file in which the private RSA key of this tinc daemon resides. - -Note that there must be exactly one of \fBPrivateKey\fR or \fBPrivateKeyFile\fR +Note that there must be exactly one of +.Va PrivateKey +or +.Va PrivateKeyFile specified in the configuration file. -.TP -\fBTapDevice\fR = <\fIdevice\fR> (/dev/tap0 or /dev/net/tun) -The ethertap or tun/tap device to use. tinc will automatically detect what -kind of tapdevice it is. -Note that you can only use one device per -daemon. The info pages of the tinc package contain more information -about configuring an ethertap device for Linux. -.PP -.SH "HOST CONFIGURATION FILES" -The host configuration files contain all information needed to establish a -connection to those hosts. A host configuration file is also required for the -local tinc daemon, it will use it to read in it's listen port, public key and -subnets. - -The idea is that these files are ``portable''. You can safely mail your own host -configuration file to someone else. That other person can then copy it to his -own hosts directory, and now his tinc daemon will be able to connect to your -tinc daemon. Since host configuration files only contain public keys, no secrets -are revealed by sending out this information. -.PP -.TP -\fBAddress\fR = <\fIIP address\fR> [recommended] -The real address or hostname of this tinc daemon. -.TP -\fBIndirectData\fR = <\fIyes\fR|\fIno\fR> (no) [experimental] -This option specifies whether other tinc daemons besides the one you -specified with ConnectTo can make a direct connection to you. This is -especially useful if you are behind a firewall and it is impossible to -make a connection from the outside to your tinc daemon. Otherwise, it -is best to leave this option out or set it to no. -.TP -\fBPort\fR = <\fIport number\fR> (655) -The port on which this tinc daemon is listening for incoming connections. -.TP -\fBPublicKey\fR = <\fIkey\fR> [obsolete] -The public RSA key of this tinc daemon. It will be used to cryptographically -verify it's identity and to set up a secure connection. -.TP -\fBPublicKeyFile\fR = <\fIfilename\fR> [obsolete] +.El +.Sh HOST CONFIGURATION FILES +The host configuration files contain all information needed +to establish a connection to those hosts. +A host configuration file is also required for the local tinc daemon, +it will use it to read in it's listen port, public key and subnets. +.Pp +The idea is that these files are portable. +You can safely mail your own host configuration file to someone else. +That other person can then copy it to his own hosts directory, +and now his tinc daemon will be able to connect to your tinc daemon. +Since host configuration files only contain public keys, +no secrets are revealed by sending out this information. +.Bl -tag -width indent +.It Va Address Li = Ar address Bq recommended +The IP address or hostname of this tinc daemon on the real network. +.It Va Cipher Li = Ar cipher Pq blowfish +The symmetric cipher algorithm used to encrypt UDP packets. +Any cipher supported by OpenSSL is recognised. +Furthermore, specifying +.Qq none +will turn off packet encryption. +.It Va Digest Li = Ar digest Pq sha1 +The digest algorithm used to authenticate UDP packets. +Any digest supported by OpenSSL is recognised. +Furthermore, specifying +.Qq none +will turn off packet authentication. +.It Va IndirectData Li = yes | no Po no Pc Bq experimental +This option specifies whether other tinc daemons besides the one you specified with +.Va ConnectTo +can make a direct connection to you. +This is especially useful if you are behind a firewall +and it is impossible to make a connection from the outside to your tinc daemon. +Otherwise, it is best to leave this option out or set it to no. +.It Va MACLength Li = Ar length Pq 4 +The length of the message authentication code used to authenticate UDP packets. +Can be anything from +.Qq 0 +up to the length of the digest produced by the digest algorithm. +.It Va Port Li = Ar port Pq 655 +The port number on which this tinc daemon is listening for incoming connections. +.It Va PublicKey Li = Ar key Bq obsolete +The public RSA key of this tinc daemon. +It will be used to cryptographically verify it's identity and to set up a secure connection. +.It Va PublicKeyFile Li = Ar filename Bq obsolete The file in which the public RSA key of this tinc daemon resides. - -From version 1.0pre4 on tinc will store the public key directly into the -host configuration file in PEM format, the above two options then are not -necessary. Either the PEM format is used, or exactly -one of the above two options must be specified -in each host configuration file, if you want to be able to establish a -connection with that host. -.TP -\fBSubnet\fR = <\fIaddress/masklength\fR> -The subnet which this tinc daemon will serve. tinc tries to look up which other -daemon it should send a packet to by searching the appropiate subnet. If the -packet matches a subnet, it will be sent to the daemon who has this subnet in his -host configuration file. Multiple subnet lines can be specified. - -At the moment, this directive is only used in the host configuration file of -the local tinc daemon itself. In upcoming versions of tinc, it will be possible to -restrict other hosts in which subnets they server. - -The subnets must be in a form like \fI192.168.1.0/24\fR, where 192.168.1.0 is the -network address and 24 is the number of bits set in the netmask. Note that subnets -like \fI192.168.1.1/24\fR are invalid! Read a networking howto/FAQ/guide if you -don't understand this. -.TP -\fBTCPonly\fR = <\fIyes\fR|\fIno\fR> (no) [experimental] -If this variable is set to yes, then the packets are tunnelled over a -TCP connection instead of a UDP connection. This is especially useful -for those who want to run a tinc daemon from behind a masquerading -firewall, or if UDP packet routing is disabled somehow. This is -experimental code, try this at your own risk. It may not work at all. +.Pp +From version 1.0pre4 on +.Nm tinc +will store the public key directly into the host configuration file in PEM format, +the above two options then are not necessary. +Either the PEM format is used, or exactly one of the above two options must be specified +in each host configuration file, +if you want to be able to establish a connection with that host. +.It Va Subnet Li = Ar address Ns Op Li / Ns Ar masklength +The subnet which this tinc daemon will serve. +.Nm tinc +tries to look up which other daemon it should send a packet to by searching the appropriate subnet. +If the packet matches a subnet, +it will be sent to the daemon who has this subnet in his host configuration file. +Multiple subnet lines can be specified. +.Pp +Subnets can either be single MAC, IPv4 or IPv6 addresses, +in which case a subnet consisting of only that single address is assumed, +or they can be a IPv4 or IPv6 network address with a masklength. +For example, IPv4 subnets must be in a form like 192.168.1.0/24, +where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask. +Note that subnets like 192.168.1.1/24 are invalid! +Read a networking HOWTO/FAQ/guide if you don't understand this. +.It Va TCPOnly Li = yes | no Po no Pc Bq experimental +If this variable is set to yes, +then the packets are tunnelled over the TCP connection instead of a UDP connection. +This is especially useful for those who want to run a tinc daemon +from behind a masquerading firewall, +or if UDP packet routing is disabled somehow. +This is experimental code, try this at your own risk. +It may not work at all. Setting this options also implicitly sets IndirectData. -.SH "FILES" -.TP -\fI/etc/tinc/\fR +.El +.Sh FILES +.Bl -tag -width indent +.It Pa /etc/tinc/ The top directory for configuration files. -.TP -\fI/etc/tinc/\fBnetname\fI/tinc.conf\fR +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf The default name of the server configuration file for net -\fBnetname\fR. -.TP -\fI/etc/tinc/\fBnetname\fI/hosts/\fR +.Ar NETNAME . +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Host configuration files are kept in this directory. -.TP -\fI/etc/tinc/\fBnetname\fI/tinc-up\fR -If an executable file with this name exists, it will be executed -right after the tinc daemon has connected to the tap device. It can -be used to ifconfig the network interface. - -If the tapdevice is a tun/tap device, the evironment variable -\fB$IFNAME\fR will be set to the name of the network interface. -.TP -\fI/etc/tinc/\fBnetname\fI/tinc-down\fR -If an executable file with this name exists, it will be executed -right before the tinc daemon is going to close it's connection to the -tap device. -.PP -.SH "SEE ALSO" -\fBtincd\fR(8) -.TP -\fBhttp://tinc.nl.linux.org/\fR -.TP -\fBhttp://www.linuxdoc.org/LDP/nag2/\fR -.PP +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-up +If an executable file with this name exists, +it will be executed right after the tinc daemon has connected to the virtual network device. +It can be used to set up the corresponding network interface. +.Pp +The environment variable +.Ev NETNAME +will be passed to the executable. +If specified with the +.Va Interface +configuration variable, +or if the virtual network device is a Linux tun/tap device, +the environment variable +.Ev INTERFACE +will be set to the name of the network interface. +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down +If an executable file with this name exists, +it will be executed right before the tinc daemon is going to close +its connection to the virtual network device. +The same environment variables will be passed as mentioned above. +.El +.Sh SEE ALSO +.Xr tincd 8 , +.Pa http://tinc.nl.linux.org/ , +.Pa http://www.linuxdoc.org/LDP/nag2/ . +.Pp The full documentation for -.B tinc -is maintained as a Texinfo manual. If the -.B info -and -.B tinc -programs are properly installed at your site, the command -.IP -.B info tinc -.PP +.Nm tinc +is maintained as a Texinfo manual. +If the info and tinc programs are properly installed at your site, the command +.Ic info tinc should give you access to the complete manual. -.PP -tinc comes with ABSOLUTELY NO WARRANTY. This is free software, -and you are welcome to redistribute it under certain conditions; +.Pp +.Nm tinc +comes with ABSOLUTELY NO WARRANTY. +This is free software, and you are welcome to redistribute it under certain conditions; see the file COPYING for details. diff --git a/doc/tinc.texi b/doc/tinc.texi index eadb1510..ca399d5b 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.18 2001/05/25 12:45:37 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.19 2002/02/10 21:57:51 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -7,17 +7,18 @@ @c %**end of header @ifinfo +@dircategory Networking tools @direntry * tinc: (tinc). The tinc Manual. @end direntry This is the info manual for tinc, a Virtual Private Network daemon. -Copyright @copyright{} 1998-2001 Ivo Timmermans +Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.18 2001/05/25 12:45:37 guus Exp $ +$Id: tinc.texi,v 1.8.4.19 2002/02/10 21:57:51 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -38,11 +39,11 @@ permission notice identical to this one. @page @vskip 0pt plus 1filll @cindex copyright -Copyright @copyright{} 1998-2001 Ivo Timmermans +Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.18 2001/05/25 12:45:37 guus Exp $ +$Id: tinc.texi,v 1.8.4.19 2002/02/10 21:57:51 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -176,16 +177,14 @@ available too. @section Supported platforms @cindex platforms -tinc has been verified to work under Linux, FreeBSD and Solaris, with -various hardware architectures. These are the three platforms -that are supported by the universial TUN/TAP device driver, so if -support for other operating systems is added to this driver, perhaps -tinc will run on them as well. Without this driver, tinc will most +tinc has been verified to work under Linux, FreeBSD, OpenBSD and Solaris, with +various hardware architectures. These are some of the platforms +that are supported by the universal tun/tap device driver or other virtual network device drivers. +Without such a driver, tinc will most likely compile and run, but it will not be able to send or receive data packets. @cindex release -The official release only truly supports Linux. For an up to date list of supported platforms, please check the list on our website: @uref{http://tinc.nl.linux.org/platforms.html}. @@ -202,24 +201,32 @@ and arbitrary word length. So in theory it should run on other processors that Linux runs on. It has already been verified to run on alpha and sparc processors as well. -tinc uses the ethertap device or the universal TUN/TAP driver. The former is provided in the standard kernel -from version 2.1.60 up to 2.3.x, but has been replaced in favour of the TUN/TAP driver in kernel versions 2.4.0 and later. +tinc uses the ethertap device or the universal tun/tap driver. The former is provided in the standard kernel +from version 2.1.60 up to 2.3.x, but has been replaced in favour of the tun/tap driver in kernel versions 2.4.0 and later. @c ================================================================== @subsection FreeBSD @cindex FreeBSD -tinc on FreeBSD relies on the universial TUN/TAP driver for its data +tinc on FreeBSD relies on the universal tun/tap driver for its data acquisition from the kernel. Therefore, tinc will work on the same platforms as this driver. These are: FreeBSD 3.x, 4.x, 5.x. +@c ================================================================== +@subsection OpenBSD + +@cindex OpenBSD +tinc on OpenBSD relies on the tun driver for its data +acquisition from the kernel. It has been verified to work under at least OpenBSD 2.9. + + @c ================================================================== @subsection Solaris @cindex Solaris -tinc on Solaris relies on the universial TUN/TAP driver for its data +tinc on Solaris relies on the universal tun/tap driver for its data acquisition from the kernel. Therefore, tinc will work on the same platforms as this driver. These are: Solaris, 2.1.x. @@ -278,6 +285,7 @@ you should read the @uref{http://howto.linuxberg.com/LDP/HOWTO/Kernel-HOWTO.html * Configuration of Linux kernels 2.1.60 up to 2.4.0:: * Configuration of Linux kernels 2.4.0 and higher:: * Configuration of FreeBSD kernels:: +* Configuration of OpenBSD kernels:: * Configuration of Solaris kernels:: @end menu @@ -329,18 +337,18 @@ Here are the options you have to turn on when configuring a new kernel: Code maturity level options [*] Prompt for development and/or incomplete code/drivers Network device support - Universal TUN/TAP device driver support + Universal tun/tap device driver support @end example It's not necessary to compile this driver as a module, even if you are going to run more than one instance of tinc. -If you have an early 2.4 kernel, you can choose both the TUN/TAP driver and the +If you have an early 2.4 kernel, you can choose both the tun/tap driver and the `Ethertap network tap' device. This latter is marked obsolete, and chances are that it won't even function correctly anymore. Make sure you select the -universal TUN/TAP driver. +universal tun/tap driver. -If you decide to build the TUN/TAP driver as a kernel module, add these lines +If you decide to build the tun/tap driver as a kernel module, add these lines to @file{/etc/modules.conf}: @example @@ -349,24 +357,35 @@ alias char-major-10-200 tun @c ================================================================== -@node Configuration of FreeBSD kernels, Configuration of Solaris kernels, Configuration of Linux kernels 2.4.0 and higher, Configuring the kernel +@node Configuration of FreeBSD kernels, Configuration of OpenBSD kernels, Configuration of Linux kernels 2.4.0 and higher, Configuring the kernel @subsection Configuration of FreeBSD kernels This section will contain information on how to configure your FreeBSD -kernel to support the universal TUN/TAP device. For 5.0 and 4.1 -systems, this is included in the kernel configuration, for earlier -systems (4.0 and 3.x), you need to install the universal TUN/TAP driver +kernel to support the universal tun/tap device. For 4.1 and higher +versions, this is included in the default kernel configuration, for earlier +systems (4.0 and earlier), you need to install the universal tun/tap driver yourself. Unfortunately somebody still has to write the text. @c ================================================================== -@node Configuration of Solaris kernels, , Configuration of FreeBSD kernels, Configuring the kernel +@node Configuration of OpenBSD kernels, Configuration of Solaris kernels, Configuration of FreeBSD kernels, Configuring the kernel +@subsection Configuration of OpenBSD kernels + +This section will contain information on how to configure your OpenBSD +kernel to support the tun device. For 2.9 and 3.0 systems, +this is included in the default kernel configuration. + +Unfortunately somebody still has to write the text. + + +@c ================================================================== +@node Configuration of Solaris kernels, , Configuration of OpenBSD kernels, Configuring the kernel @subsection Configuration of Solaris kernels This section will contain information on how to configure your Solaris -kernel to support the universal TUN/TAP device. You need to install +kernel to support the universal tun/tap device. You need to install this driver yourself. Unfortunately somebody still has to write the text. @@ -451,11 +470,11 @@ all other requirements of the GPL are met. @node Installation, Configuration, Preparations, Top @chapter Installation -If you use Redhat or Debian, you may want to install one of the +If you use Debian, you may want to install one of the precompiled packages for your system. These packages are equipped with system startup scripts and sample configurations. -If you don't run either of these systems, or you want to compile tinc +If you cannot use one of the precompiled packages, or you want to compile tinc for yourself, you can use the source. The source is distributed under the GNU General Public License (GPL). Download the source from the @uref{http://tinc.nl.linux.org/download.html, download page}, which has @@ -528,7 +547,7 @@ chown 0.0 /dev/tap@emph{N} There is a maximum of 16 ethertap devices. -If you use the universal TUN/TAP driver, you have to create the +If you use the universal tun/tap driver, you have to create the following device file (unless it already exist): @example @@ -537,8 +556,8 @@ chown 0.0 /dev/tun @end example If you use Linux, and you run the new 2.4 kernel using the devfs filesystem, -then the TUN/TAP device will probably be automatically generated as -@file{/dev/net/tun}. +then the tun/tap device will probably be automatically generated as +@file{/dev/misc/net/tun}. Unlike the ethertap device, you do not need multiple device files if you are planning to run multiple tinc daemons. @@ -617,7 +636,7 @@ A good resource on networking is the If you have everything clearly pictured in your mind, proceed in the following order: -First, generate the configuration files (tinc.conf, your host configuration file, tinc-up and perhaps tinc-down). +First, generate the configuration files (@file{tinc.conf}, your host configuration file, @file{tinc-up} and perhaps @file{tinc-down}). Then generate the keypairs. Finally, distribute the host configuration files. These steps are described in the subsections below. @@ -717,8 +736,28 @@ required directives are given in @strong{bold}. @subsection Main configuration variables @table @asis -@item @strong{ConnectTo = } +@cindex BindToInterface +@item BindToInterface = +If you have more than one network interface in your computer, tinc will +by default listen on all of them for incoming connections. It is +possible to bind tinc to a single interface like eth0 or ppp0 with this +variable. + +This option may not work on all platforms. + +@cindex BindToIP +@item BindToIP =

    +If your computer has more than one IP address on a single interface (for +example if you are running virtual hosts), tinc will by default listen +on all of them for incoming connections. It is possible to bind tinc to +a single IP address with this variable. It is still possible to listen +on several interfaces at the same time though, if they share the same IP +address. + +This option may not work on all platforms. + @cindex ConnectTo +@item @strong{ConnectTo = } Specifies which host to connect to on startup. Multiple ConnectTo variables may be specified, if connecting to the first one fails then tinc will try the next one, and so on. It is possible to specify @@ -729,8 +768,13 @@ If you don't specify a host with ConnectTo, regardless of whether a value for ConnectPort is given, tinc won't connect at all, and will instead just listen for incoming connections. -@item Hostnames = (no) +@cindex Device +@item @strong{Device = } (/dev/tap0 or /dev/misc/net/tun) +The virtual network device to use. Note that you can only use one device per +daemon. See also @ref{Device files}. + @cindex Hostnames +@item Hostnames = (no) This option selects whether IP addresses (both real and on the VPN) should be resolved. Since DNS lookups are blocking, it might affect tinc's efficiency, even stopping the daemon for a few seconds everytime @@ -739,57 +783,68 @@ it does a lookup if your DNS server is not responding. This does not affect resolving hostnames to IP addresses from the configuration file. -@item Interface = @cindex Interface -If you have more than one network interface in your computer, tinc will -by default listen on all of them for incoming connections. It is -possible to bind tinc to a single interface like eth0 or ppp0 with this -variable. +@item Interface = +Defines the name of the interface corresponding to the virtual network device. +Depending on the operating system and the type of device this may or may not actually set the name. +Currently this option only affects the Linux tun/tap device. -@item InterfaceIP = -@cindex InterfaceIP -If your computer has more than one IP address on a single interface (for -example if you are running virtual hosts), tinc will by default listen -on all of them for incoming connections. It is possible to bind tinc to -a single IP address with this variable. It is still possible to listen -on several interfaces at the same time though, if they share the same IP -address. +@cindex Mode +@item Mode = (router) +This option selects the way packets are routed to other daemons. + +@table @asis +@cindex router +@item router +In this mode Subnet +variables in the host configuration files will be used to form a routing table. +Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode. + +@cindex switch +@item switch +In this mode the MAC addresses of the packets on the VPN will be used to +dynamically create a routing table just like a network switch does. +Unicast, multicast and broadcast packets of every ethernet protocol are supported in this mode +at the cost of frequent broadcast ARP requests and routing table updates. + +@cindex hub +@item hub +In this mode every packet will be broadcast to the other daemons. +@end table -@item KeyExpire = (3600) @cindex KeyExpire +@item KeyExpire = (3600) This option controls the time the encryption keys used to encrypt the data are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, even though it is thought to be nearly impossible to crack a single key. -@item @strong{Name = } @cindex Name +@item @strong{Name = } This is a symbolic name for this connection. It can be anything -@item PingTimeout = (60) @cindex PingTimeout +@item PingTimeout = (60) The number of seconds of inactivity that tinc will wait before sending a probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. -@item PrivateKey = [obsolete] @cindex PrivateKey +@item PrivateKey = [obsolete] This is the RSA private key for tinc. However, for safety reasons it is advised to store private keys of any kind in separate files. This prevents accidental eavesdropping if you are editting the configuration file. -@item @strong{PrivateKeyFile = } [recommended] @cindex PrivateKeyFile +@item @strong{PrivateKeyFile = } [recommended] This is the full path name of the RSA private key file that was generated by ``tincd --generate-keys''. It must be a full path, not a relative directory. -@item @strong{TapDevice = } (/dev/tap0 or /dev/net/tun) -@cindex TapDevice -The ethertap device to use. Note that you can only use one device per -daemon. The info pages of the tinc package contain more information -about configuring an ethertap device for Linux. +Note that there must be exactly one of PrivateKey +or PrivateKeyFile +specified in the configuration file. @end table @@ -799,33 +854,50 @@ about configuring an ethertap device for Linux. @subsection Host configuration variables @table @asis -@item @strong{Address = } [recommended] @cindex Address +@item @strong{Address = } [recommended] This variable is only required if you want to connect to this host. It must resolve to the external IP address where the host can be reached, not the one that is internal to the VPN. -@item IndirectData = (no) [experimental] +@cindex Cipher +@item Cipher = (blowfish) +The symmetric cipher algorithm used to encrypt UDP packets. +Any cipher supported by OpenSSL is recognized. + +@cindex Digest +@item Digest = (sha1) +The digest algorithm used to authenticate UDP packets. +Any digest supported by OpenSSL is recognized. +Furthermore, specifying "none" will turn off packet authentication. + @cindex IndirectData +@item IndirectData = (no) [experimental] This option specifies whether other tinc daemons besides the one you specified with ConnectTo can make a direct connection to you. This is especially useful if you are behind a firewall and it is impossible to make a connection from the outside to your tinc daemon. Otherwise, it is best to leave this option out or set it to no. -@item Port = (655) +@cindex MACLength +@item MACLength = (4) +The length of the message authentication code used to authenticate UDP packets. +Can be anything from 0 +up to the length of the digest produced by the digest algorithm. + @cindex Port +@item Port = (655) Connect to the upstream host (given with the ConnectTo directive) on port port. port may be given in decimal (default), octal (when preceded by a single zero) o hexadecimal (prefixed with 0x). port is the port number for both the UDP and the TCP (meta) connections. -@item PublicKey = [obsolete] @cindex PublicKey +@item PublicKey = [obsolete] This is the RSA public key for this host. -@item PublicKeyFile = [obsolete] @cindex PublicKeyFile +@item PublicKeyFile = [obsolete] This is the full path name of the RSA public key file that was generated by ``tincd --generate-keys''. It must be a full path, not a relative directory. @@ -838,22 +910,29 @@ necessary. Either the PEM format is used, or exactly in each host configuration file, if you want to be able to establish a connection with that host. -@item Subnet = @cindex Subnet -This is the subnet range of all IP addresses that will be accepted by -the host that defines it. +@item Subnet = +The subnet which this tinc daemon will serve. +tinc tries to look up which other daemon it should send a packet to by searching the appropiate subnet. +If the packet matches a subnet, +it will be sent to the daemon who has this subnet in his host configuration file. +Multiple subnet lines can be specified for each daemon. -The range must be contained in the IP address range of the tap device, -not the real IP address of the host running tincd. +Subnets can either be single MAC, IPv4 or IPv6 addresses, +in which case a subnet consisting of only that single address is assumed, +or they can be a IPv4 or IPv6 network address with a masklength. +For example, IPv4 subnets must be in a form like 192.168.1.0/24, +where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask. +Note that subnets like 192.168.1.1/24 are invalid! @cindex CIDR notation -maskbits is the number of bits set to 1 in the netmask part; for +masklength is the number of bits set to 1 in the netmask part; for example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes /22. This conforms to standard CIDR notation as described in @uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519} -@item TCPonly = (no) [experimental] @cindex TCPonly +@item TCPonly = (no) [experimental] If this variable is set to yes, then the packets are tunnelled over a TCP connection instead of a UDP connection. This is especially useful for those who want to run a tinc daemon from behind a masquerading @@ -874,7 +953,7 @@ Adapt the following example to create a basic configuration file: @example Name = @emph{yourname} -TapDevice = @emph{/dev/tap0} +Device = @emph{/dev/tap0} PrivateKeyFile = /etc/tinc/@emph{netname}/rsa_key.priv @end example @@ -919,37 +998,39 @@ Just press enter to accept the defaults. @section Network interfaces Before tinc can start transmitting data over the tunnel, it must -set up the ethertap network devices. +set up the virtual network interface. First, decide which IP addresses you want to have associated with these devices, and what network mask they must have. -tinc will open an ethertap device or TUN/TAP device, which will also -create a network interface called `tap0', or `tap1', and so on if you are using -the ethertap driver, or a network interface with the same name as netname -if you are using the universal TUN/TAP driver. +tinc will open a virtual network device (@file{/dev/tun}, @file{/dev/tap0} or similar), +which will also create a network interface called something like `tun0', `tap0', or, +if you are using the Linux tun/tap driver, the network interface will by default have the same name as the netname. @cindex tinc-up -You can configure that device by putting ordinary ifconfig, route, and other commands +You can configure the network interface by putting ordinary ifconfig, route, and other commands to a script named @file{/etc/tinc/netname/tinc-up}. When tinc starts, this script will be executed. When tinc exits, it will execute the script named @file{/etc/tinc/netname/tinc-down}, but normally you don't need to create that script. -An example @file{tinc-up} script when using the TUN/TAP driver: +An example @file{tinc-up} script: @example #!/bin/sh -ifconfig $NETNAME hw ether fe:fd:00:00:00:00 -ifconfig $NETNAME @emph{xx}.@emph{xx}.@emph{xx}.@emph{xx} netmask @emph{mask} -ifconfig $NETNAME -arp +ifconfig $INTERFACE hw ether fe:fd:0:0:0:0 +ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0 +ifconfig $INTERFACE -arp @end example @cindex MAC address @cindex hardware address The first line sets up the MAC address of the network interface. -Due to the nature of how Ethernet and tinc work, it has to be set to fe:fd:00:00:00:00. -(tinc versions prior to 1.0pre3 required that the MAC address matched the IP address.) -You can use the environment variable $NETNAME to get the name of the interface. +Due to the nature of how Ethernet and tinc work, it has to be set to fe:fd:0:0:0:0 +for tinc to work in it's normal mode. +If you configured tinc to work in `switch' or `hub' mode, the hardware address should instead +be set to a unique address instead of fe:fd:0:0:0:0. + +You can use the environment variable $INTERFACE to get the name of the interface. If you are using the ethertap driver however, you need to replace it with tap@emph{N}, corresponding to the device file name. @@ -964,7 +1045,8 @@ own subnet. @cindex arp The last line tells the kernel not to use ARP on that interface. -Again this has to do with how Ethernet and tinc work. Don't forget to add this line. +Again this has to do with how Ethernet and tinc work. +Use this option only if you are running tinc under Linux and are using tinc's normal routing mode. @c ================================================================== @@ -1010,7 +1092,7 @@ In @file{/etc/tinc/company/tinc-up}: # Real interface of internal network: # ifconfig eth0 10.1.54.1 netmask 255.255.0.0 broadcast 10.1.255.255 -ifconfig tap0 hw ether fe:fd:00:00:00:00 +ifconfig tap0 hw ether fe:fd:0:0:0:0 ifconfig tap0 10.1.54.1 netmask 255.0.0.0 ifconfig tap0 -arp @end example @@ -1020,7 +1102,7 @@ and in @file{/etc/tinc/company/tinc.conf}: @example Name = BranchA PrivateKey = /etc/tinc/company/rsa_key.priv -TapDevice = /dev/tap0 +Device = /dev/tap0 @end example On all hosts, /etc/tinc/company/hosts/BranchA contains: @@ -1048,7 +1130,7 @@ In @file{/etc/tinc/company/tinc-up}: # Real interface of internal network: # ifconfig eth0 10.2.43.8 netmask 255.255.0.0 broadcast 10.2.255.255 -ifconfig tap0 hw ether fe:fd:00:00:00:00 +ifconfig tap0 hw ether fe:fd:0:0:0:0 ifconfig tap0 10.2.1.12 netmask 255.0.0.0 ifconfig tap0 -arp @end example @@ -1085,7 +1167,7 @@ In @file{/etc/tinc/company/tinc-up}: # Real interface of internal network: # ifconfig eth0 10.3.69.254 netmask 255.255.0.0 broadcast 10.3.255.255 -ifconfig tap1 hw ether fe:fd:00:00:00:00 +ifconfig tap1 hw ether fe:fd:0:0:0:0 ifconfig tap1 10.3.69.254 netmask 255.0.0.0 ifconfig tap1 -arp @end example @@ -1095,7 +1177,7 @@ and in @file{/etc/tinc/company/tinc.conf}: @example Name = BranchC ConnectTo = BranchA -TapDevice = /dev/tap1 +Device = /dev/tap1 @end example C already has another daemon that runs on port 655, so they have to @@ -1133,13 +1215,13 @@ and in @file{/etc/tinc/company/tinc.conf}: @example Name = BranchD ConnectTo = BranchC -TapDevice = /dev/net/tun +Device = /dev/misc/net/tun PrivateKeyFile = /etc/tinc/company/rsa_key.priv @end example D will be connecting to C, which has a tincd running for this network on port 2000. It knows the port number from the host configuration file. -Also note that since D uses the TUN/TAP driver, the network interface +Also note that since D uses the tun/tap driver, the network interface will not be called `tun' or `tap0' or something like that, but will have the same name as netname. @@ -1211,33 +1293,19 @@ generated automatically, so may be more up-to-date. @cindex options @c from the manpage @table @samp +@item --bypass-security +Disables encryption and authentication. +Only useful for debugging. + @item -c, --config=PATH Read configuration options from the directory PATH. The default is @file{/etc/tinc/netname/}. @cindex debug level -@item -d -Increase debug level. The higher it gets, the more gets +@item -d, --debug=LEVEL +Set debug level to LEVEL. The higher the debug level, the more gets logged. Everything goes via syslog. -0 is the default, only some basic information connection attempts get -logged. Setting it to 1 will log a bit more, still not very -disturbing. With two -d's tincd will log protocol information, which can -get pretty noisy. Three or more -d's will output every single packet -that goes out or comes in, which probably generates more data than the -packets themselves. - -@item -k, --kill -Attempt to kill a running tincd and exit. A TERM signal (15) gets sent -to the daemon that his its PID in /var/run/tinc.pid. - -Because it kills only one tinc daemon, you should use -n here if you -started it that way. It will then read the PID from -@file{/var/run/tinc.NETNAME.pid}. - -@item -n, --net=NETNAME -Connect to net NETNAME. @xref{Multiple networks}. - @item -K, --generate-keys[=BITS] Generate public/private keypair of BITS length. If BITS is not specified, 1024 is the default. tinc will ask where you want to store the files, @@ -1247,6 +1315,18 @@ in combination with -K). After that, tinc will quit. @item --help Display a short reminder of these runtime options and terminate. +@item -k, --kill +Attempt to kill a running tincd and exit. A TERM signal (15) gets sent +to the daemon that his its PID in @file{/var/run/tinc.NETNAME.pid}. +Use it in conjunction with the -n option to make sure you kill the right tinc daemon. + +@item -n, --net=NETNAME +Connect to net NETNAME. @xref{Multiple networks}. + +@item -D, --no-detach +Don't fork and detach. +This will also disable the automatic restart mechanism for fatal errors. + @item --version Output version information and exit. @@ -1269,7 +1349,7 @@ only, so keep an eye on it! @item You forgot to compile `Netlink device emulation' in the kernel. @end itemize -@item Can't write to /dev/net/tun: No such device +@item Can't write to /dev/misc/net/tun: No such device @itemize @item You forgot to `modprobe tun'. @@ -1280,10 +1360,10 @@ only, so keep an eye on it! @itemize @item Something is not configured right. Packets are being sent out to the -tap device, but according to the Subnet directives in your host configuration +virtual network device, but according to the Subnet directives in your host configuration file, those packets should go to your own host. Most common mistake is that you have a Subnet line in your host configuration file with a netmask which is -just as large as the netmask of the tap device. The latter should in almost all +just as large as the netmask of the virtual network interface. The latter should in almost all cases be larger. Rethink your configuration. Note that you will only see this message if you specified a debug level of 5 or higher! @@ -1300,7 +1380,7 @@ Jan 1 12:00:00 host tinc.net[1234]: Read packet of length 46 from tap device Jan 1 12:00:00 host tinc.net[1234]: Trying to look up 0.0.192.168 in connection list failed! @end example @itemize -@item Add the `ifconfig $NETNAME -arp' to tinc-up. +@item Add the `ifconfig $INTERFACE -arp' to tinc-up. @end itemize @item Network address and subnet mask do not match! @@ -1360,10 +1440,10 @@ computer over the existing Internet infrastructure. @node The UDP tunnel, The meta-connection, The connection, The connection @subsection The UDP tunnel -@cindex ethertap +@cindex virtual network device @cindex frame type The data itself is read from a character device file, the so-called -@emph{ethertap} device. This device is associated with a network +@emph{virtual network device}. This device is associated with a network interface. Any data sent to this interface can be read from the device, and any data written to the device gets sent from the interface. Data to and from the device is formatted as if it were a normal Ethernet card, @@ -1371,32 +1451,35 @@ so a frame is preceded by two MAC addresses and a @emph{frame type} field. So when tinc reads an Ethernet frame from the device, it determines its -type. Right now, tinc can only handle Internet Protocol version 4 (IPv4) -frames, because it needs IP headers for routing. -Plans to support other protocols and switching instead of routing are being made. -(Some code for IPv6 routing and switching is already present but nonfunctional.) -When tinc knows -which type of frame it has read, it can also read the source and -destination address from it. +type. When tinc is in it's default routing mode, it can handle IPv4 and IPv6 +packets. Depending on the Subnet lines, it will send the packets off to their destination. +In the `switch' and `hub' mode, tinc will use broadcasts and MAC address discovery +to deduce the destination of the packets. +Since the latter modes only depend on the link layer information, +any protocol that runs over Ethernet is supported (for instance IPX and Appletalk). -Now it is time that the frame gets encrypted. Currently the only -encryption algorithm available is blowfish. +After the destination has been determined, a sequence number will be added to the packet. +The packet will then be encrypted and a message authentication +code will be appended. @cindex encapsulating @cindex UDP -When the encryption is ready, time has come to actually transport the +When that is done, time has come to actually transport the packet to the destination computer. We do this by sending the packet over an UDP connection to the destination host. This is called @emph{encapsulating}, the VPN packet (though now encrypted) is encapsulated in another IP datagram. When the destination receives this packet, the same thing happens, only -in reverse. So it does a decrypt on the contents of the UDP datagram, -and it writes the decrypted information to its own ethertap device. +in reverse. So it checks the message authentication code, decrypts the contents of the UDP datagram, +checks the sequence number +and writes the decrypted information to its own virtual network device. To let the kernel on the receiving end accept the packet, the destination MAC -address must match that of the tap interface. Because of the routing nature -of tinc, ARP is not possible. tinc solves this by always overwriting the +address must match that of the virtual network interface. +If tinc is in it's default routing mode, ARP does not work, so the correct destination MAC cannot be set +by the sending daemons. +tinc solves this by always overwriting the destination MAC address with fe:fd:0:0:0:0. That is also the reason why you must set the MAC address of your tap interface to that address. @@ -1451,32 +1534,35 @@ daemon and to read and write requests by hand, provided that one understands the numeric codes sent. The authentication scheme is described in @ref{Authentication protocol}. After a -succesful authentication, the server and the client will exchange all the +successful authentication, the server and the client will exchange all the information about other tinc daemons and subnets they know of, so that both sides (and all the other tinc daemons behind them) have their information synchronised. -@cindex ADD_HOST +@cindex ADD_EDGE @cindex ADD_SUBNET @example daemon message -------------------------------------------------------------------------- -origin ADD_HOST daemon a329e18c:655 0 - | | +--> options - | +---------> real address:port - +-------------------> name of new tinc daemon -origin ADD_SUBNET daemon 1,0a010100/ffffff00 - | | | +--> netmask - | | +----------> vpn IPv4 network address - | +----------------> subnet type (1=IPv4) - +--------------------> owner of this subnet +origin ADD_EDGE node1 12.23.34.45 655 node2 21.32.43.54 655 222 0 + | | | \___________________/ | +-> options + | | | | +----> weight + | | | +----------------> see below + | | +--> UDP port + | +----------> real address + +------------------> name of node on one side of the edge + +origin ADD_SUBNET node 192.168.1.0/24 + | | +--> masklength + | +--------> IPv4 network address + +------------------> owner of this subnet -------------------------------------------------------------------------- @end example -@cindex DEL_HOST -@cindex DEL_SUBNET -In case daemons leave the VPN, DEL_HOST and DEL_SUBNET messages with exactly -the same syntax are sent to inform the other daemons of the departure. +@cindex DEL_EDGE +In case a connection between two daemons is closed or broken, DEL_EDGE messages +are sent to inform the other daemons of that fact. Each daemon will calculate a +new route to the the daemons, or mark them unreachable if there isn't any. The keys used to encrypt VPN packets are not sent out directly. This is because it would generate a lot of traffic on VPNs with many daemons, and @@ -1484,7 +1570,7 @@ chances are that not every tinc daemon will ever send a packet to every other daemon. Instead, if a daemon needs a key it sends a request for it via the meta connection of the nearest hop in the direction of the destination. If any hop on the way has already learned the key, it will -act as a proxy and forward it's copy back to the requestor. +act as a proxy and forward its copy back to the requester. @cindex REQ_KEY @cindex ANS_KEY @@ -1495,11 +1581,15 @@ daemon message daemon REQ_KEY origin destination | +--> name of the tinc daemon it wants the key from +----------> name of the daemon that wants the key -daemon ANS_KEY origin destination e4ae0b0a82d6e0078179b5290c62c7d0 - | | \______________________________/ - | | +--> 128 bits key + +daemon ANS_KEY origin destination 4ae0b0a82d6e0078 91 64 4 + | | \______________/ | | +--> MAC length + | | | | +-----> digest algorithm + | | | +--------> cipher algorithm + | | +--> 128 bits key | +--> name of the daemon that wants the key +----------> name of the daemon that uses this key + daemon KEY_CHANGED origin +--> daemon that has changed it's packet key -------------------------------------------------------------------------- @@ -1518,12 +1608,8 @@ messages without any other traffic won't result in known plaintext. @example daemon message -------------------------------------------------------------------------- -origin PING 9e76 - \__/ - +--> 2 bytes of salt (random data) -dest. PONG 3b8d - \__/ - +--> 2 bytes of salt (random data) +origin PING +dest. PONG -------------------------------------------------------------------------- @end example @@ -1546,9 +1632,8 @@ the tinc project after TINC. But in order to be ``immune'' to eavesdropping, you'll have to encrypt your data. Because tinc is a @emph{Secure} VPN (SVPN) daemon, it does exactly that: encrypt. -tinc uses blowfish encryption in CBC mode and a small amount of salt -at the beginning of each packet to make sure eavesdroppers cannot get -any information at all from the packets they can intercept. +tinc uses blowfish encryption in CBC mode, sequence numbers and message authentication codes +to make sure eavesdroppers cannot get and cannot change any information at all from the packets they can intercept. @menu * Authentication protocol:: @@ -1565,6 +1650,11 @@ A new scheme for authentication in tinc has been devised, which offers some improvements over the protocol used in 1.0pre2 and 1.0pre3. Explanation is below. +@cindex ID +@cindex META_KEY +@cindex CHALLENGE +@cindex CHAL_REPLY +@cindex ACK @example daemon message -------------------------------------------------------------------------- @@ -1572,15 +1662,13 @@ client server -client ID client 10 0 - | | +-> options - | +---> version - +--------> name of tinc daemon +client ID client 12 + | +---> version + +-------> name of tinc daemon -server ID server 10 0 - | | +-> options - | +---> version - +--------> name of tinc daemon +server ID server 12 + | +---> version + +-------> name of tinc daemon client META_KEY 5f0823a93e35b69e...7086ec7866ce582b \_________________________________/ @@ -1593,8 +1681,8 @@ server META_KEY 6ab9c1640388f8f0...45d1a07f8a672630 encrypted with client's public RSA key From now on: - - the client will encrypt outgoing traffic using S1 - - the server will encrypt outgoing traffic using S2 + - the client will symmetrically encrypt outgoing traffic using S1 + - the server will symmetrically encrypt outgoing traffic using S2 client CHALLENGE da02add1817c1920989ba6ae2a49cecbda0 \_________________________________/ @@ -1609,6 +1697,21 @@ client CHAL_REPLY 816a86 server CHAL_REPLY 928ffe +-> 160 bits SHA1 of H1 + +After the correct challenge replies are received, both ends have proved +their identity. Further information is exchanged. + +client ACK 655 12.23.34.45 123 0 + | | | +-> options + | | +----> estimated weight + | +------------> IP address of server as seen by client + +--------------------> UDP port of client + +server ACK 655 21.32.43.54 321 0 + | | | +-> options + | | +----> estimated weight + | +------------> IP address of client as seen by server + +--------------------> UDP port of server -------------------------------------------------------------------------- @end example @@ -1662,35 +1765,26 @@ an attacker) in the beginning of the encrypted stream. A data packet can only be sent if the encryption key is known to both parties, and the connection is activated. If the encryption key is not known, a request is sent to the destination using the meta connection -to retreive it. The packet is stored in a queue while waiting for the +to retrieve it. The packet is stored in a queue while waiting for the key to arrive. @cindex UDP The UDP packet containing the network packet from the VPN has the following layout: @example -... | IP header | UDP header | salt | VPN packet | UDP trailer - \___________________/ - | - V +... | IP header | UDP header | seqno | VPN packet | MAC | UDP trailer + \___________________/\_____/ + | | + V +---> digest algorithm Encrypted with symmetric cipher @end example -So, the entire UDP payload is encrypted using a symmetric cipher (blowfish in CBC mode). -2 bytes of salt (random data) are added in front of the actual VPN packet, -so that two VPN packets with (almost) the same content do not seem to be -the same for eavesdroppers. -2 bytes of salt may not seem much, but you can encrypt 65536 identical packets -now without an attacker being able to see that they were identical. -Given a MTU of 1500 this means 96 Megabyte of data. - -There is no @emph{extra} provision against replay attacks or alteration of packets. -However, the VPN packets, normally UDP or TCP packets themselves, contain -checksums and sequence numbers. -Since those checksums and sequence numbers are encrypted, -they automatically become @emph{cryptographically secure}. -The kernel will handle any checksum errors and duplicate packets. - +So, the entire VPN packet is encrypted using a symmetric cipher. A 32 bits +sequence number is added in front of the actual VPN packet, to act as a unique +IV for each packet and to prevent replay attacks. A message authentication code +is added to the UDP packet to prevent alteration of packets. By default the +first 4 bytes of the digest are used for this, but this can be changed using +the MACLength configuration variable. @c ================================================================== @node About us, Concept Index, Technical information, Top diff --git a/doc/tincd.8 b/doc/tincd.8 index 138d8116..6c476105 100644 --- a/doc/tincd.8 +++ b/doc/tincd.8 @@ -1,153 +1,170 @@ -.TH TINCD 8 "Jan 2001" "tinc version 1.0pre4" "FSF" -.SH NAME -tincd \- tinc VPN daemon -.SH SYNOPSIS -.B tincd -[\fIoption\fR]... -.SH DESCRIPTION -.PP - -This is the daemon of tinc, a secure virtual private -network (VPN) project. When started, tincd will read -it's configuration file to determine what virtual subnets -it has to serve and to what other tinc daemons it should connect. -It will connect to the ethertap or tun/tap device and set up a socket -for incoming connections. -Optionally a script will be executed to further configure the tap device. -If that succeeds, it will detach from the controlling terminal and -continue in the background, accepting and setting up connections to other -tinc daemons that are part of the virtual private network. - -.SH OPTIONS -.TP -\fB\-c\fR, \fB\-\-config\fR=\fIDIR\fR -Read configuration options from DIR. -.TP -\fB\-D\fR, \fB\-\-no\-detach\fR -Don't fork and detach. This will also disable the automatic -restart mechanism for fatal errors. -.TP -\fB\-d\fR -Increase debug level (see below). -.TP -\fB\-k\fR, \fB\-\-kill\fR -Attempt to kill a running tincd and exit. -.TP -\fB\-n\fR, \fB\-\-net\fR=\fInetname\fR -Connect to net `netname'. -.TP -\fB\-K\fR, \fB\-\-generate-keys\fR[=\fIBITS]\fR -Generate public/private RSA keypair and exit. If BITS is omitted, -the default length will be 1024 bits. -.TP -\fB\-\-help\fR +.Dd 2002-02-07 +.Dt TINCD 8 +.\" Manual page created by: +.\" Ivo Timmermans +.\" Guus Sliepen +.Sh NAME +.Nm tincd +.Nd tinc VPN daemon +.Sh SYNOPSIS +.Nm +.Op Fl cdDkKn +.Op Fl -bypass-security +.Op Fl -config Ns = Ns Ar DIR +.Op Fl -debug Ns = Ns Ar LEVEL +.Op Fl -generate-keys Ns Op = Ns Ar BITS +.Op Fl -help +.Op Fl -kill Ns = Ns Ar SIGNAL +.Op Fl -net Ns = Ns Ar NETNAME +.Op Fl -no-detach +.Op Fl -version +.Sh DESCRIPTION +This is the daemon of tinc, a secure virtual private network (VPN) project. +When started, +.Nm +will read it's configuration file to determine what virtual subnets it has to serve +and to what other tinc daemons it should connect. +It will connect to the ethertap or tun/tap device +and set up a socket for incoming connections. +Optionally a script will be executed to further configure the virtual device. +If that succeeds, +it will detach from the controlling terminal and continue in the background, +accepting and setting up connections to other tinc daemons +that are part of the virtual private network. +.Sh OPTIONS +.Bl -tag -width indent +.It Fl -bypass-security +Disables encryption and authentication. +Only useful for debugging. +.It Fl c, -config Ns = Ns Ar DIR +Read configuration options from +.Ar DIR . +.It Fl d, -debug Ns Op = Ns Ar LEVEL +Increase debug level or set it to +.Ar LEVEL +(see below). +.It Fl K, -generate-keys Ns Op = Ns Ar BITS +Generate public/private RSA keypair and exit. +If +.Ar BITS +is omitted, the default length will be 1024 bits. +.It Fl -help Display short list of options. -.TP -\fB\-\-version\fR +.It Fl k, -kill Ns Op = Ns Ar SIGNAL +Attempt to kill a running +.Nm +(optionally with the specified +.Ar SIGNAL +instead of SIGQUIT) and exit. +.It Fl n, -net Ns = Ns Ar NETNAME +Connect to net +.Ar NETNAME . +.It Fl D, -no-detach +Don't fork and detach. +This will also disable the automatic restart mechanism for fatal errors. +.It Fl -version Output version information and exit. -.PP -.SH "SIGNALS" -.TP -\fBHUP\fR +.El +.Sh SIGNALS +.Bl -tag -width indent +.It ALRM +Forces +.Nm +to try to connect to all uplinks immediately. +Usually +.Nm +attempts to do this itself, +but increases the time it waits between the attempts each time it failed, +and if +.Nm +didn't succeed to connect to an uplink the first time after it started, +it defaults to the maximum time of 15 minutes. +.It HUP Closes all connections, rereads the configuration file and restarts the daemon. -.TP -\fBINT\fR -Closes all connections and quits. -.TP -\fBUSR1\fR +.It INT +Temporarily increases debug level to 5. +Send this signal again to revert to the original level. +.It USR1 Dumps the connection list to syslog. -.TP -\fBUSR2\fR -Dumps the subnet list to syslog. -.TP -\fBALRM\fR -Forces tincd to try to connect to an uplink immediately. Usually tincd attempts -to do this itself, but increases the time it waits between the attempts each time -it failed, and if tincd didn't succeed to connect to an uplink the first time after -it started, it defaults to the maximum time of 15 minutes. -.PP -.SH "DEBUG LEVELS" -The tinc daemon can send a lot of messages to the syslog. The more \fB\-d\fR options are -given to tincd, the more messages it will log. Each level inherits all messages of the -previous level: -.TP -\fIno debug options\fR -This will log a message indicating tincd has started along with a version number. +.It USR2 +Dumps virtual network device statistics, all known nodes, edges and subnets to syslog. +.It WINCH +Purges all information remembered about unreachable nodes. +.El +.Sh DEBUG LEVELS +The tinc daemon can send a lot of messages to the syslog. +The higher the debug level, +the more messages it will log. +Each level inherits all messages of the previous level: +.Bl -tag -width indent +.It 0 +This will log a message indicating +.Nm +has started along with a version number. It will also any serious error. -.TP -\fB\-d\fR +.It 1 This will log all connections that are made with other tinc daemons. -.TP -\fB\-dd\fR +.It 2 This will log status and error messages from other tinc daemons. -.TP -\fB\-ddd\fR +.It 3 This will log all requests that are exchanged with other tinc daemons. These include authentication, key exchange and connection list updates. -.TP -\fB\-dddd\fR +.It 4 This will log a copy of everything received on the meta socket. -.TP -\fB\-ddddd\fR +.It 5 This will log all network traffic over the virtual private network. -.PP -.SH "FILES" -.TP -\fI/etc/tinc/\fBnetname\fI/tinc.conf\fR -The configuration file for tincd. -.TP -\fI/etc/tinc/\fBnetname\fI/tinc-up\fR -Script which is executed as soon as a tap device has been allocated. +.El +.Sh FILES +.Bl -tag -width indent +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf +The configuration file for +.Nm . +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-up +Script which is executed as soon as the virtual network device has been allocated. Purpose is to further configure that device. -.TP -\fI/etc/tinc/\fBnetname\fI/tinc-down\fR -Script which is executed when tinc quits. -Purpose is to shut down the tap device. -.TP -\fI/etc/tinc/\fBnetname\fI/hosts/*\fR +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down +Script which is executed when +.Nm +exits. +Purpose is to cleanly shut down the virtual network device before it will be deallocated. +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/* The directory containing the host configuration files used to authenticate other tinc daemons. -.TP -\fI/var/run/tinc.\fBnetname\fI.pid\fR -The PID of the currently running tincd is stored in this file. -.PP -.SH "BUGS" -The TCPonly and IndirectData options may not work correctly. -.PP -\fBThe cryptography in tinc is not well tested yet. Use it at your own risk!\fR -.PP -If you find any bugs, report them to tinc@nl.linux.org. -.PP -.SH "TODO" -A lot, especially security auditting. -.PP -.SH "SEE ALSO" -\fBtinc.conf\fR(5) -.TP -\fBhttp://tinc.nl.linux.org/\fR -.TP -\fBhttp://www.cabal.org/\fR -.PP -The full documentation for -.B tinc -is maintained as a Texinfo manual. If the -.B info +.It Pa /var/run/tinc. Ns Ar NETNAME Ns Pa .pid +The PID of the currently running +.Nm +is stored in this file. +.El +.Sh BUGS +The +.Va BindToInterface , +.Va BindToIP , +.Va IndirectData and -.B tinc -programs are properly installed at your site, the command -.IP -.B info tinc -.PP +.Va TCPOnly +options may not work correctly. +.Pp +.Sy The cryptography in tinc is not well tested yet. Use it at your own risk! +.Pp +If you find any bugs, report them to tinc@nl.linux.org. +.Sh TODO +A lot, especially security auditing. +.Sh SEE ALSO +.Xr tinc.conf 5 , +.Pa http://tinc.nl.linux.org/ , +.Pa http://www.cabal.org/ . +.Pp +The full documentation for tinc is maintained as a Texinfo manual. +If the info and tinc programs are properly installed at your site, +the command +.Ic info tinc should give you access to the complete manual. -.PP -tinc comes with ABSOLUTELY NO WARRANTY. This is free software, -and you are welcome to redistribute it under certain conditions; +.Pp +tinc comes with ABSOLUTELY NO WARRANTY. +This is free software, and you are welcome to redistribute it under certain conditions; see the file COPYING for details. -.SH "AUTHORS" -.na -.nf -Ivo Timmermans -Guus Sliepen - +.Sh AUTHORS +.An "Ivo Timmermans" Aq itimmermans@bigfoot.com +.An "Guus Sliepen" Aq guus@sliepen.warande.net +.Pp And thanks to many others for their contributions to tinc! -.PP diff --git a/lib/avl_tree.c b/lib/avl_tree.c index a07f123f..a4f00518 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.7 2001/02/27 16:50:29 guus Exp $ + $Id: avl_tree.c,v 1.1.2.8 2002/02/10 21:57:51 guus Exp $ */ #include @@ -597,6 +597,15 @@ void avl_unlink_node(avl_tree_t *tree, avl_node_t *node) } avl_rebalance(tree, balnode); + + node->next = node->prev = node->parent = node->left = node->right = NULL; + +#ifdef AVL_COUNT + node->count = 0; +#endif +#ifdef AVL_DEPTH + node->depth = 0; +#endif } void avl_delete_node(avl_tree_t *tree, avl_node_t *node) diff --git a/lib/dropin.c b/lib/dropin.c index 04ddac04..66aaa316 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.7 2001/11/16 17:36:56 zarq Exp $ + $Id: dropin.c,v 1.1.2.8 2002/02/10 21:57:51 guus Exp $ */ #include "config.h" @@ -169,188 +169,3 @@ int asprintf(char **buf, const char *fmt, ...) return status; } #endif - - -/* - * fake library for ssh - * - * This file is included in getaddrinfo.c and getnameinfo.c. - * See getaddrinfo.c and getnameinfo.c. - */ - -/* $Id: dropin.c,v 1.1.2.7 2001/11/16 17:36:56 zarq Exp $ */ - -/* for old netdb.h */ -#ifndef EAI_NODATA -#define EAI_NODATA 1 -#define EAI_MEMORY 2 -#endif - -/* - * fake library for ssh - * - * This file includes getaddrinfo(), freeaddrinfo() and gai_strerror(). - * These funtions are defined in rfc2133. - * - * But these functions are not implemented correctly. The minimum subset - * is implemented for ssh use only. For exapmle, this routine assumes - * that ai_family is AF_INET. Don't use it for another purpose. - */ - -#ifndef HAVE_GAI_STRERROR -char *gai_strerror(int ecode) -{ - switch (ecode) { - case EAI_NODATA: - return "no address associated with hostname."; - case EAI_MEMORY: - return "memory allocation failure."; - default: - return "unknown error."; - } -} -#endif /* !HAVE_GAI_STRERROR */ - -#ifndef HAVE_FREEADDRINFO -void freeaddrinfo(struct addrinfo *ai) -{ - struct addrinfo *next; - - do { - next = ai->ai_next; - free(ai); - } while (NULL != (ai = next)); -} -#endif /* !HAVE_FREEADDRINFO */ - -#ifndef HAVE_GETADDRINFO -static struct addrinfo *malloc_ai(int port, u_long addr) -{ - struct addrinfo *ai; - - ai = malloc(sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); - if (ai == NULL) - return(NULL); - - memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); - - ai->ai_addr = (struct sockaddr *)(ai + 1); - /* XXX -- ssh doesn't use sa_len */ - ai->ai_addrlen = sizeof(struct sockaddr_in); - ai->ai_addr->sa_family = ai->ai_family = AF_INET; - - ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; - ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; - - return(ai); -} - -int getaddrinfo(const char *hostname, const char *servname, - const struct addrinfo *hints, struct addrinfo **res) -{ - struct addrinfo *cur, *prev = NULL; - struct hostent *hp; - struct in_addr in; - int i, port; - - if (servname) - port = htons(atoi(servname)); - else - port = 0; - - if (hints && hints->ai_flags & AI_PASSIVE) { - if (NULL != (*res = malloc_ai(port, htonl(0x00000000)))) - return 0; - else - return EAI_MEMORY; - } - - if (!hostname) { - if (NULL != (*res = malloc_ai(port, htonl(0x7f000001)))) - return 0; - else - return EAI_MEMORY; - } - - if (inet_aton(hostname, &in)) { - if (NULL != (*res = malloc_ai(port, in.s_addr))) - return 0; - else - return EAI_MEMORY; - } - - hp = gethostbyname(hostname); - if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { - for (i = 0; hp->h_addr_list[i]; i++) { - cur = malloc_ai(port, ((struct in_addr *)hp->h_addr_list[i])->s_addr); - if (cur == NULL) { - if (*res) - freeaddrinfo(*res); - return EAI_MEMORY; - } - - if (prev) - prev->ai_next = cur; - else - *res = cur; - - prev = cur; - } - return 0; - } - - return EAI_NODATA; -} -#endif /* !HAVE_GETADDRINFO */ - - -/* - * fake library for ssh - * - * This file includes getnameinfo(). - * These funtions are defined in rfc2133. - * - * But these functions are not implemented correctly. The minimum subset - * is implemented for ssh use only. For exapmle, this routine assumes - * that ai_family is AF_INET. Don't use it for another purpose. - */ - -#ifndef HAVE_GETNAMEINFO -int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, - size_t hostlen, char *serv, size_t servlen, int flags) -{ - struct sockaddr_in *sin = (struct sockaddr_in *)sa; - struct hostent *hp; - char tmpserv[16]; - - if (serv) { - snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port)); - if (strlen(tmpserv) >= servlen) - return EAI_MEMORY; - else - strcpy(serv, tmpserv); - } - - if (host) { - if (flags & NI_NUMERICHOST) { - if (strlen(inet_ntoa(sin->sin_addr)) >= hostlen) - return EAI_MEMORY; - - strcpy(host, inet_ntoa(sin->sin_addr)); - return 0; - } else { - hp = gethostbyaddr((char *)&sin->sin_addr, - sizeof(struct in_addr), AF_INET); - if (hp == NULL) - return EAI_NODATA; - - if (strlen(hp->h_name) >= hostlen) - return EAI_MEMORY; - - strcpy(host, hp->h_name); - return 0; - } - } - return 0; -} -#endif /* !HAVE_GETNAMEINFO */ diff --git a/lib/dropin.h b/lib/dropin.h index 09e650e0..ad66d99d 100644 --- a/lib/dropin.h +++ b/lib/dropin.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.h,v 1.1.2.5 2001/11/16 17:37:08 zarq Exp $ + $Id: dropin.h,v 1.1.2.6 2002/02/10 21:57:51 guus Exp $ */ #ifndef __DROPIN_H__ @@ -35,53 +35,4 @@ extern char* get_current_dir_name(void); extern int asprintf(char **, const char *, ...); #endif -#ifndef HAVE_STRUCT_ADDRINFO -struct addrinfo { - int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ - int ai_family; /* PF_xxx */ - int ai_socktype; /* SOCK_xxx */ - int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ - size_t ai_addrlen; /* length of ai_addr */ - char *ai_canonname; /* canonical name for hostname */ - struct sockaddr *ai_addr; /* binary address */ - struct addrinfo *ai_next; /* next structure in linked list */ -}; -#endif /* !HAVE_STRUCT_ADDRINFO */ - -#ifndef HAVE_GETADDRINFO -int getaddrinfo(const char *hostname, const char *servname, - const struct addrinfo *hints, struct addrinfo **res); -#endif /* !HAVE_GETADDRINFO */ - -#ifndef HAVE_GAI_STRERROR -char *gai_strerror(int ecode); -#endif /* !HAVE_GAI_STRERROR */ - -#ifndef HAVE_FREEADDRINFO -void freeaddrinfo(struct addrinfo *ai); -#endif /* !HAVE_FREEADDRINFO */ - -#ifndef HAVE_GETNAMEINFO -int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, - size_t hostlen, char *serv, size_t servlen, int flags); -#endif /* !HAVE_GETNAMEINFO */ - -#ifndef NI_MAXSERV -# define NI_MAXSERV 32 -#endif /* !NI_MAXSERV */ -#ifndef NI_MAXHOST -# define NI_MAXHOST 1025 -#endif /* !NI_MAXHOST */ - -#ifndef AI_PASSIVE -# define AI_PASSIVE 1 -# define AI_CANONNAME 2 -#endif - -#ifndef NI_NUMERICHOST -# define NI_NUMERICHOST 2 -# define NI_NAMEREQD 4 -# define NI_NUMERICSERV 8 -#endif - #endif /* __DROPIN_H__ */ diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 2ef9c378..e5c09395 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -31,6 +31,14 @@ AC_DEFUN(tinc_OPENSSL, AC_CHECK_FUNCS(RAND_pseudo_bytes) + AC_CHECK_FUNC(OpenSSL_add_all_algorithms, + [], + AC_CHECK_FUNC(SSLeay_add_all_algorithms, + [AC_DEFINE(HAVE_SSLEAY_ADD_ALL_ALGORITHMS)], + [AC_MSG_ERROR("Missing required OpenSSL functionality!")] + ) + ) + AC_CHECK_FUNC(dlopen, [], AC_CHECK_LIB(dl, dlopen, diff --git a/po/POTFILES.in b/po/POTFILES.in index 75d43e6e..05a12012 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -11,7 +11,19 @@ src/meta.c src/net.c src/netutl.c src/protocol.c +src/protocol_auth.c +src/protocol_edge.c +src/protocol_key.c +src/protocol_misc.c +src/protocol_subnet.c src/subnet.c src/tincd.c src/process.c src/route.c +src/node.c +src/edge.c +src/graph.c +src/linux/device.c +src/freebsd/device.c +src/openbsd/device.c +src/solaris/device.c diff --git a/po/nl.po b/po/nl.po index 7ede015f..64895bf6 100644 --- a/po/nl.po +++ b/po/nl.po @@ -1,97 +1,118 @@ # Dutch messages for tinc # Copyright (C) 1999-2001 Ivo Timmermans, Guus Sliepen. -# Ivo Timmermans , 1999-2001. -# Guus Sliepen , 2000,2001. +# Ivo Timmermans , 1999-2002. +# Guus Sliepen , 2000-2002. msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2001-10-08 17:37+0200\n" -"PO-Revision-Date: 2001-10-08 17:37+0200\n" +"POT-Creation-Date: 2002-02-09 21:32+0100\n" +"PO-Revision-Date: 2002-02-09 17:20+0100\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: src/conf.c:240 +#: src/conf.c:173 +#, c-format +msgid "\"yes\" or \"no\" expected for configuration variable %s in %s line %d" +msgstr "" +"\"ja\" of \"nee\" verwacht voor configuratievariabele %s in %s regel %d" + +#: src/conf.c:188 +#, c-format +msgid "Integer expected for configuration variable %s in %s line %d" +msgstr "Geheel getal verwacht voor configuratievariabele %s in %s regel %d" + +#: src/conf.c:219 +#, c-format +msgid "IP address expected for configuration variable %s in %s line %d" +msgstr "IP adres verwacht voor configuratievariabele %s in %s regel %d" + +#: src/conf.c:233 +#, c-format +msgid "Port number expected for configuration variable %s in %s line %d" +msgstr "Poortnummer verwacht voor configuratievariabele %s in %s regel %d" + +#: src/conf.c:249 +#, c-format +msgid "Subnet expected for configuration variable %s in %s line %d" +msgstr "Subnet verwacht voor configuratievariabele %s in %s regel %d" + +#: src/conf.c:259 +#, c-format +msgid "" +"Network address and mask length do not match for configuration variable %s " +"in %s line %d" +msgstr "" +"Netwerk adres en maskerlengte komen niet overeen bij configuratievariabele %" +"s in %s regel %d" + +#: src/conf.c:367 #, c-format msgid "Cannot open config file %s: %m" msgstr "Kan configuratie bestand %s niet openen: %m" -#: src/conf.c:281 -#, c-format -msgid "Invalid variable name `%s' on line %d while reading config file %s" -msgstr "" -"Ongeldige variabelenaam `%s' op regel %d tijdens lezen configuratie bestand %" -"s" - -#: src/conf.c:288 +#: src/conf.c:403 #, c-format msgid "No value for variable `%s' on line %d while reading config file %s" msgstr "" "Geen waarde voor variabele `%s' op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/conf.c:296 -#, c-format -msgid "Invalid value for variable `%s' on line %d while reading config file %s" -msgstr "" -"Ongeldige waarde voor variabele `%s' op regel %d tijdens lezen van " -"configuratie bestand %s" - -#: src/conf.c:325 +#: src/conf.c:436 #, c-format msgid "Failed to read `%s': %m" msgstr "Lezen van `%s' mislukte: %m" -#: src/conf.c:386 +#: src/conf.c:464 #, c-format msgid "`%s' is not an absolute path" msgstr "`%s' is geen absoluut pad" -#: src/conf.c:402 src/conf.c:435 +#: src/conf.c:480 src/conf.c:513 #, c-format msgid "Couldn't stat `%s': %m" msgstr "Kon `%s' niet statten: %m" -#: src/conf.c:409 src/conf.c:445 +#: src/conf.c:487 src/conf.c:523 #, c-format msgid "`%s' is owned by UID %d instead of %d" msgstr "`%s' is eigendom van UID %d in plaats van %d" -#: src/conf.c:416 src/conf.c:452 +#: src/conf.c:494 src/conf.c:530 #, c-format msgid "Warning: `%s' is a symlink" msgstr "Waarschuwing: `%s' is een symbolische link" -#: src/conf.c:421 src/conf.c:457 +#: src/conf.c:499 src/conf.c:535 #, c-format msgid "Unable to read symbolic link `%s': %m" msgstr "Kan symbolische link `%s' niet lezen: %m" #. Accessible by others -#: src/conf.c:468 +#: src/conf.c:546 #, c-format msgid "`%s' has unsecure permissions" msgstr "`%s' heeft onveilige permissies" #. Ask for a file and/or directory name. -#: src/conf.c:493 +#: src/conf.c:571 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "Geef een bestand om de %s naar de schrijven [%s]: " -#: src/conf.c:499 +#: src/conf.c:577 #, c-format msgid "Error while reading stdin: %s\n" msgstr "Fout tijdens lezen van standaardinvoer: %s\n" -#: src/conf.c:525 +#: src/conf.c:603 #, c-format msgid "Error opening file `%s': %s\n" msgstr "Fout bij het openen van het bestand `%s': %s\n" -#: src/conf.c:535 +#: src/conf.c:613 #, c-format msgid "" "The file `%s' (or any of the leading directories) has unsafe permissions.\n" @@ -101,31 +122,18 @@ msgstr "" "bescherming.\n" "Ik maak of overschrijf dit bestand niet.\n" -#: src/connection.c:236 -msgid "Connection list:" -msgstr "Verbindingslijst:" +#: src/connection.c:124 +msgid "Connections:" +msgstr "Verbindingen:" -#: src/connection.c:241 +#: src/connection.c:129 #, c-format -msgid " %s at %s port %hd options %ld sockets %d, %d status %04x" -msgstr " %s op %s poort %hd opties %d sockets %d, %d status %04x" +msgid " %s at %s port %hd options %ld socket %d status %04x" +msgstr " %s op %s poort %hd opties %d socket %d status %04x" -#: src/connection.c:246 -msgid "Known hosts:" -msgstr "Bekende hosts:" - -#: src/connection.c:251 -#, c-format -msgid "" -" %s at %s port %hd options %ld sockets %d, %d status %04x nexthop %s prevhop " -"%s via %s" -msgstr "" -" %s op %s poort %hd opties %d sockets %d, %d status %04x nexthop %s prevhop %" -"s via %s" - -#: src/connection.c:256 -msgid "End of connection list." -msgstr "Einde van verbindingslijst." +#: src/connection.c:134 +msgid "End of connections." +msgstr "Einde van verbindingen." #: src/meta.c:49 #, c-format @@ -162,50 +170,45 @@ msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %m" msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:116 +#: src/net.c:111 +#, c-format +msgid "Got unauthenticated packet from %s (%s)" +msgstr "Kreeg niet-geauthenticeerd pakket van %s (%s)" + +#: src/net.c:134 +#, c-format +msgid "Got late or replayed packet from %s (%s), seqno %d" +msgstr "Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d" + +#: src/net.c:162 +#, c-format +msgid "Received packet of %d bytes from %s (%s)" +msgstr "Ontvangst pakket van %d bytes van %s (%s)" + +#: src/net.c:180 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net.c:149 +#: src/net.c:225 #, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" -#: src/net.c:160 -#, c-format -msgid "Received packet of %d bytes from %s (%s)" -msgstr "Ontvangst pakket van %d bytes van %s (%s)" - -#: src/net.c:201 -#, c-format -msgid "Writing packet of %d bytes to tap device" -msgstr "Verzending pakket van %d bytes naar tap-apparaat" - -#: src/net.c:206 src/net.c:213 -#, c-format -msgid "Can't write to tun/tap device: %m" -msgstr "Kan niet naar tun/tap apparaat schrijven: %m" - -#: src/net.c:220 -#, c-format -msgid "Can't write to ethertap device: %m" -msgstr "Kan niet naar ethertap apparaat schrijven: %m" - -#: src/net.c:236 +#: src/net.c:240 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net.c:243 +#: src/net.c:247 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net.c:252 +#: src/net.c:256 #, c-format -msgid "%s (%s) is not active, dropping packet" -msgstr "%s (%s) is niet actief, pakket wordt genegeerd" +msgid "Node %s (%s) is not reachable" +msgstr "Node %s (%s) is niet bereikbaar" #: src/net.c:264 #, c-format @@ -222,718 +225,505 @@ msgstr "Verspreiding pakket van %d bytes van %s (%s)" msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net.c:353 -#, c-format -msgid "Could not open %s: %m" -msgstr "Kon %s niet openen: %m" - -#: src/net.c:380 src/net.c:386 -#, c-format -msgid "%s is a Linux tun/tap device" -msgstr "%s is een Linux tun/tap apparaat" - -#: src/net.c:387 -msgid "Old ioctl() request used" -msgstr "Oud ioctl() verzoek gebruikt" - -#: src/net.c:393 -#, c-format -msgid "%s is a Linux ethertap device" -msgstr "%s is een Linux ethertap apparaat" - -#: src/net.c:398 -#, c-format -msgid "%s is a FreeBSD tap device" -msgstr "%s is een FreeBSD tap apparaat" - -#: src/net.c:409 -#, c-format -msgid "Could not open /dev/ip: %m" -msgstr "Kon /dev/ip niet openen: %m" - -#: src/net.c:415 -#, c-format -msgid "Can't assign new interface: %m" -msgstr "Kan nieuwe interface niet toekennen: %m" - -#: src/net.c:420 -#, c-format -msgid "Could not open %s twice: %m" -msgstr "Kon %s niet tweemaal openen: %m" - -#: src/net.c:425 -#, c-format -msgid "Can't push IP module: %m" -msgstr "Kan IP module niet toevoegen: %m" - -#: src/net.c:431 -#, c-format -msgid "Can't set PPA %d: %m" -msgstr "Kan PPA %d niet instellen: %m" - -#: src/net.c:436 -#, c-format -msgid "Can't link TUN device to IP: %m" -msgstr "Kan TUN device niet aan IP verbinden: %m" - -#: src/net.c:440 -#, c-format -msgid "%s is a Solaris tun device" -msgstr "%s is een Solaris tun apparaat" - -#: src/net.c:460 +#: src/net.c:326 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:468 src/net.c:514 src/net.c:545 src/net.c:600 src/net.c:1102 -#: src/process.c:241 src/process.c:277 +#: src/net.c:334 src/net.c:380 src/net.c:407 src/net.c:987 src/process.c:258 +#: src/process.c:294 #, c-format msgid "System call `%s' failed: %m" msgstr "Systeemaanroep `%s' mislukte: %m" -#: src/net.c:489 +#: src/net.c:354 #, c-format -msgid "Unable to bind listen socket to interface %s: %m" -msgstr "Kon luistersocket niet binden aan interface %s: %m" +msgid "Can't bind to interface %s: %m" +msgstr "Kan niet aan interface %s binden: %m" -#: src/net.c:507 +#: src/net.c:373 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:535 +#: src/net.c:397 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:558 +#: src/net.c:420 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:576 +#: src/net.c:442 #, c-format -msgid "Trying to connect to %s" -msgstr "Poging tot verbinding met %s" +msgid "Trying to re-establish outgoing connection in %d seconds" +msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:586 +#: src/net.c:452 +#, c-format +msgid "Trying to connect to %s (%s)" +msgstr "Poging tot verbinden met %s (%s)" + +#: src/net.c:458 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:623 +#: src/net.c:500 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:631 +#: src/net.c:509 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:637 +#: src/net.c:515 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:656 -msgid "Invalid name for outgoing connection" -msgstr "Ongelige naam voor uitgaande verbinding" - -#: src/net.c:667 +#: src/net.c:533 #, c-format -msgid "We are already connected to %s." -msgstr "We zijn al verbonden met %s." +msgid "Already connected to %s" +msgstr "Reeds verbonden met %s" -#: src/net.c:679 -#, c-format -msgid "Error reading host configuration file for %s" -msgstr "Fout tijdens lezen host configuratie bestand voor %s" - -#: src/net.c:686 +#: src/net.c:546 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:693 +#: src/net.c:558 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:703 +#: src/net.c:569 #, c-format -msgid "Could not set up a meta connection to %s" -msgstr "Kon geen metaverbinding aangaan met %s" +msgid "Could not set up a meta connection to %s (%s)" +msgstr "Kon geen metaverbinding aangaan met %s (%s)" -#: src/net.c:748 +#: src/net.c:610 #, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %m" -#: src/net.c:756 +#: src/net.c:618 #, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %m" -#. Nothing worked. -#: src/net.c:782 +#: src/net.c:643 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net.c:805 +#: src/net.c:663 #, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" -#: src/net.c:813 +#: src/net.c:671 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" # -#: src/net.c:820 +#: src/net.c:678 msgid "No private key for tinc daemon specified!" msgstr "Geen privé sleutel voor tinc daemon gespecificeerd!" -#: src/net.c:838 +#: src/net.c:699 src/net.c:700 msgid "MYSELF" msgstr "MIJZELF" -#: src/net.c:844 +#: src/net.c:707 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:852 +#: src/net.c:713 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:861 +#: src/net.c:727 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:894 -msgid "Network address and subnet mask do not match!" -msgstr "Netwerk adres en subnet masker komen niet overeen!" - -#: src/net.c:933 +#: src/net.c:793 msgid "Invalid routing mode!" msgstr "Ongelige routing modus!" -#: src/net.c:945 +#: src/net.c:805 msgid "Unable to set up a listening TCP socket!" msgstr "Kon geen TCP luistersocket aanmaken!" -#: src/net.c:951 +#: src/net.c:811 msgid "Unable to set up a listening UDP socket!" msgstr "Kon geen UDP luistersocket aanmaken!" -#: src/net.c:979 +#: src/net.c:827 +msgid "Unrecognized cipher type!" +msgstr "Onbekend cipher type!" + +#: src/net.c:860 +msgid "Unrecognized digest type!" +msgstr "Onbekend digest type!" + +#: src/net.c:874 +msgid "MAC length exceeds size of digest!" +msgstr "MAC lengte is groter dan dat van digest!" + +#: src/net.c:879 +msgid "Bogus MAC length!" +msgstr "Onzinnige MAC lengte!" + +#: src/net.c:896 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:1012 -#, c-format -msgid "Failed to setup all outgoing connections, will retry in %d seconds" -msgstr "" -"Poging tot maken van alle uitgaande verbinding faalde, nieuwe poging over %d " -"seconden" - -#: src/net.c:1108 -msgid "UNKNOWN" -msgstr "ONBEKEND" - -#: src/net.c:1119 +#: src/net.c:1000 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1165 +#: src/net.c:1045 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1171 +#: src/net.c:1051 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1177 +#: src/net.c:1057 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1185 +#: src/net.c:1065 #, c-format -msgid "Received UDP packets on port %hd from unknown source %x:%hd" +msgid "Received UDP packet on port %hd from unknown source %x:%hd" msgstr "Ontvangst UDP pakket op poort %hd van onbekende oorsprong %x:%hd" -#: src/net.c:1224 +#: src/net.c:1088 +msgid "Purging unreachable nodes" +msgstr "Verwijderen onbereikbare nodes" + +#: src/net.c:1098 +#, c-format +msgid "Purging node %s (%s)" +msgstr "Verwijdering node %s (%s)" + +#: src/net.c:1152 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1268 -#, c-format -msgid "Trying to re-establish outgoing connection in %d seconds" -msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" - -#: src/net.c:1303 +#: src/net.c:1223 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1316 +#: src/net.c:1236 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:1337 +#: src/net.c:1257 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1345 +#: src/net.c:1265 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1400 +#: src/net.c:1288 #, c-format -msgid "Error while reading from tun device: %m" -msgstr "Fout tijdens lezen van tun apparaat: %m" +msgid "Invalid name for outgoing connection in %s line %d" +msgstr "Ongelige naam voor uitgaande verbinding in %s regel %d" -#: src/net.c:1413 -#, c-format -msgid "Error while reading from tun/tap device: %m" -msgstr "Fout tijdens lezen van tun/tap apparaat: %m" - -#: src/net.c:1422 -#, c-format -msgid "Error while reading from ethertap device: %m" -msgstr "Fout tijdens lezen van ethertap apparaat: %m" - -#: src/net.c:1434 -msgid "Received short packet from tap device" -msgstr "Kort pakket ontvangen van tap apparaat" - -#: src/net.c:1440 -#, c-format -msgid "Read packet of length %d from tap device" -msgstr "Pakket gelezen van lengte %d van tap apparaat" - -#: src/net.c:1472 +#: src/net.c:1384 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1479 +#: src/net.c:1391 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1486 +#: src/net.c:1398 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1512 +#: src/net.c:1430 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/netutl.c:95 +#: src/net.c:1440 +msgid "Flushing event queue" +msgstr "Legen taakrij" + +#: src/netutl.c:84 #, c-format msgid "Error looking up `%s': %s\n" msgstr "Fout bij het opzoeken van `%s': %s\n" -#: src/protocol.c:94 +#: src/protocol.c:75 #, c-format msgid "Output buffer overflow while sending %s to %s (%s)" msgstr "Uitvoer buffer overvol tijdens zenden %s naar %s (%s)" -#: src/protocol.c:101 +#: src/protocol.c:82 #, c-format msgid "Sending %s to %s (%s): %s" msgstr "Verzending %s naar %s (%s): %s" -#: src/protocol.c:103 +#: src/protocol.c:84 #, c-format msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:120 +#: src/protocol.c:101 #, c-format msgid "Unknown request from %s (%s): %s" msgstr "Onbekend verzoek van %s (%s): %s" -#: src/protocol.c:123 +#: src/protocol.c:104 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:133 +#: src/protocol.c:114 #, c-format msgid "Got %s from %s (%s): %s" msgstr "Kreeg %s van %s (%s): %s" -#: src/protocol.c:136 +#: src/protocol.c:117 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:143 +#: src/protocol.c:124 #, c-format msgid "Unauthorized request from %s (%s)" msgstr "Niet toegestaan verzoek van %s (%s)" -#: src/protocol.c:150 +#: src/protocol.c:131 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:157 +#: src/protocol.c:138 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:180 +#: src/protocol_auth.c:69 src/protocol_auth.c:218 src/protocol_auth.c:311 +#: src/protocol_auth.c:367 src/protocol_auth.c:475 src/protocol_edge.c:85 +#: src/protocol_edge.c:215 src/protocol_key.c:78 src/protocol_key.c:116 +#: src/protocol_key.c:184 src/protocol_misc.c:61 src/protocol_misc.c:91 +#: src/protocol_misc.c:172 src/protocol_subnet.c:71 src/protocol_subnet.c:160 #, c-format -msgid "Got bad ID from %s" -msgstr "Kreeg ongeldige ID van %s" +msgid "Got bad %s from %s (%s)" +msgstr "Kreeg verkeerde %s van %s (%s)" -#: src/protocol.c:188 +#: src/protocol_auth.c:77 src/protocol_edge.c:93 src/protocol_edge.c:99 +#: src/protocol_edge.c:224 src/protocol_edge.c:230 src/protocol_subnet.c:79 +#: src/protocol_subnet.c:87 src/protocol_subnet.c:168 +#: src/protocol_subnet.c:186 +#, c-format +msgid "Got bad %s from %s (%s): %s" +msgstr "Kreeg verkeerde %s van %s (%s): %s" + +#: src/protocol_auth.c:87 +#, c-format +msgid "Peer %s is %s instead of %s" +msgstr "Ander %s is %s in plaats van %s" + +#: src/protocol_auth.c:98 #, c-format msgid "Peer %s (%s) uses incompatible version %d" -msgstr "Ander %s (%s) gebruikt een niet-compatibel protocol versie %d" +msgstr "Ander %s (%s) gebruikt incompatibele versie %d" -#: src/protocol.c:197 -#, c-format -msgid "Peer %s uses invalid identity name" -msgstr "Ander %s gebruikt een ongeldige identiteitsnaam" - -#: src/protocol.c:212 +#: src/protocol_auth.c:117 #, c-format msgid "Peer %s had unknown identity (%s)" -msgstr "Ander %s heeft een onbekende identiteit (%s)" +msgstr "Ander %s heeft onbekende identiteit (%s)" -#: src/protocol.c:241 +#: src/protocol_auth.c:175 #, c-format -msgid "Removing old connection for %s at %s in favour of new connection at %s" -msgstr "" -"Verwijdering oude verbinding voor %s op %s in voordeel van nieuwe verbinding " -"van %s" +msgid "Generated random meta key (unencrypted): %s" +msgstr "Willekeurige meta sleutel aangemaakt (niet versleuteld): %s" -#: src/protocol.c:257 +#: src/protocol_auth.c:187 src/protocol_auth.c:248 #, c-format -msgid "%s is listening on %s:%hd, which is already in use by %s!" -msgstr "%s luistert op %s:%hd, wat al in gebruik is door %s!" +msgid "Error during encryption of meta key for %s (%s)" +msgstr "Fout tijdens versleutelen van meta key voor %s (%s)" -#: src/protocol.c:273 +#: src/protocol_auth.c:228 src/protocol_auth.c:321 src/protocol_auth.c:375 +#: src/protocol_auth.c:391 +#, c-format +msgid "Possible intruder %s (%s): %s" +msgstr "Mogelijke indringer %s (%s): %s" + +#: src/protocol_auth.c:256 +#, c-format +msgid "Received random meta key (unencrypted): %s" +msgstr "Ontving willekeurige meta key (niet versleuteld): %s" + +#: src/protocol_auth.c:375 +msgid "wrong challenge reply length" +msgstr "verkeerde lengte antwoord op uitdaging" + +#: src/protocol_auth.c:391 +msgid "wrong challenge reply" +msgstr "verkeerd antwoord op uitdaging" + +#: src/protocol_auth.c:396 +#, c-format +msgid "Expected challenge reply: %s" +msgstr "Verwachtte antwoord op uitdaging: %s" + +#: src/protocol_auth.c:501 +#, c-format +msgid "Established a second connection with %s (%s), closing old connection" +msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" + +#: src/protocol_auth.c:534 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol.c:377 -#, c-format -msgid "Got bad CHALLENGE from %s (%s)" -msgstr "Kreeg ongeldige CHALLENGE van %s (%s)" +#: src/protocol_edge.c:93 src/protocol_edge.c:99 src/protocol_edge.c:224 +#: src/protocol_edge.c:230 src/protocol_subnet.c:79 src/protocol_subnet.c:168 +msgid "invalid name" +msgstr "ongelige naam" -#: src/protocol.c:387 +#: src/protocol_edge.c:142 #, c-format -msgid "Intruder: wrong challenge length from %s (%s)" -msgstr "Indringer: verkeerde lengte voor uitdaging van %s (%s)" - -#: src/protocol.c:413 -#, c-format -msgid "Trying to send CHAL_REPLY to %s (%s) without a valid CHALLENGE" -msgstr "Poging tot zenden CHAL_REPLY naar %s (%s) zonder een geldige CHALLENGE" - -#: src/protocol.c:439 -#, c-format -msgid "Got bad CHAL_REPLY from %s (%s)" -msgstr "Kreeg ongeldige CHAL_REPLY van %s (%s)" - -#: src/protocol.c:447 -#, c-format -msgid "Intruder: wrong challenge reply length from %s (%s)" -msgstr "Indringer: verkeerde lengte van antwoord op uitdaging van %s (%s)" - -#: src/protocol.c:463 -#, c-format -msgid "Intruder: wrong challenge reply from %s (%s)" -msgstr "Indringer: verkeerd antwoord op de uitdaging van %s (%s)" - -#: src/protocol.c:468 -#, c-format -msgid "Expected challenge reply: %s" -msgstr "Verwacht antwoord op uitdaging: %s" - -#: src/protocol.c:517 -#, c-format -msgid "Generated random meta key (unencrypted): %s" -msgstr "Meta sleutel gegenereerd (niet versleuteld): %s" - -#: src/protocol.c:529 src/protocol.c:592 -#, c-format -msgid "Error during encryption of meta key for %s (%s)" -msgstr "Fout tijdens versleuteling van meta sleutel voor %s (%s)" - -#: src/protocol.c:562 -#, c-format -msgid "Got bad METAKEY from %s (%s)" -msgstr "Kreeg ongeldige METAKEY van %s (%s)" - -#: src/protocol.c:572 -#, c-format -msgid "Intruder: wrong meta key length from %s (%s)" -msgstr "Indringer: verkeerde lengte voor meta sleutel van %s (%s)" - -#: src/protocol.c:600 -#, c-format -msgid "Received random meta key (unencrypted): %s" -msgstr "Meta sleutel ontvangen (niet versleuteld): %s" - -#: src/protocol.c:643 -#, c-format -msgid "Got bad ADD_SUBNET from %s (%s)" -msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s)" - -#: src/protocol.c:651 -#, c-format -msgid "Got bad ADD_SUBNET from %s (%s): invalid identity name" -msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldige identiteitsnaam" - -#: src/protocol.c:659 -#, c-format -msgid "Got bad ADD_SUBNET from %s (%s): invalid subnet string" -msgstr "Kreeg ongeldige ADD_SUBNET van %s (%s): ongeldig subnet" - -#: src/protocol.c:667 -#, c-format -msgid "Warning: got ADD_SUBNET from %s (%s) for ourself, restarting" -msgstr "Waarschuwing: kreeg ADD_SUBNET van %s (%s) voor onszelf, herstart" - -#: src/protocol.c:677 -#, c-format -msgid "Got ADD_SUBNET for %s from %s (%s) which is not in our connection list" +msgid "Got %s from %s (%s) for ourself which does not match existing entry" msgstr "" -"Kreeg ADD_SUBNET voor %s van %s (%s) die niet voorkomt in onze " -"verbindingslijst" +"Kreeg %s van %s (%s) voor onszelf welke niet overeenkomt met reeds bekende" -#: src/protocol.c:722 +#: src/protocol_edge.c:149 #, c-format -msgid "Got bad DEL_SUBNET from %s (%s)" -msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s)" +msgid "Got %s from %s (%s) which does not match existing entry" +msgstr "Kreeg %s van %s (%s) welke niet overeenkomt met reeds bekende" -#: src/protocol.c:730 +#: src/protocol_edge.c:159 #, c-format -msgid "Got bad DEL_SUBNET from %s (%s): invalid identity name" -msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" +msgid "Got %s from %s (%s) for ourself which does not exist" +msgstr "Kreeg %s van %s (%s) voor onszelf welke niet bestaat" -#: src/protocol.c:738 +#: src/protocol_edge.c:241 src/protocol_edge.c:250 src/protocol_edge.c:261 #, c-format -msgid "Got bad DEL_SUBNET from %s (%s): invalid subnet string" -msgstr "Kreeg ongeldige DEL_SUBNET van %s (%s): ongeldige identiteitsnaam" +msgid "Got %s from %s (%s) which does not appear in the edge tree" +msgstr "Kreeg %s van %s (%s) welke niet voorkomt in de edge tree" -#: src/protocol.c:748 +#: src/protocol_edge.c:268 src/protocol_subnet.c:115 src/protocol_subnet.c:211 #, c-format -msgid "Warning: got DEL_SUBNET from %s (%s) for ourself, restarting" -msgstr "Waarschuwing: kreeg DEL_SUBNET van %s (%s) voor onszelf, herstart" +msgid "Got %s from %s (%s) for ourself" +msgstr "Kreeg %s van %s (%s) voor onszelf" -#: src/protocol.c:758 +#: src/protocol_key.c:87 #, c-format -msgid "Got DEL_SUBNET for %s from %s (%s) which is not in our connection list" -msgstr "" -"Kreeg DEL_SUBNET voor %s van %s (%s) die niet voorkomt in onze " -"verbindingslijst" +msgid "Got %s from %s (%s) origin %s which does not exist" +msgstr "Kreeg %s van %s (%s) herkomst %s welke niet bestaat" -#: src/protocol.c:798 -#, c-format -msgid "Got bad ADD_HOST from %s (%s)" -msgstr "Kreeg ongeldige ADD_HOST van %s (%s)" - -#: src/protocol.c:806 -#, c-format -msgid "Got bad ADD_HOST from %s (%s): invalid identity name" -msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige identiteitsnaam" - -#: src/protocol.c:813 -#, c-format -msgid "Got bad ADD_HOST from %s (%s): invalid prevhop name" -msgstr "Kreeg ongeldige ADD_HOST van %s (%s): ongeldige prevhop naam" - -#: src/protocol.c:822 -#, c-format -msgid "Got ADD_HOST from %s (%s) for ourself!" -msgstr "Kreeg ADD_HOST van %s (%s) voor onszelf!" - -#: src/protocol.c:835 -#, c-format -msgid "Got bad ADD_HOST from %s (%s): unknown prevhop" -msgstr "Kreeg ongeldige ADD_HOST van %s (%s): onbekende prevhop" - -#: src/protocol.c:847 -#, c-format -msgid "Got duplicate ADD_HOST for %s (%s) from %s (%s)" -msgstr "Kreeg een tweede ADD_HOST voor %s (%s) van %s (%s)" - -#: src/protocol.c:855 +#: src/protocol_key.c:125 src/protocol_key.c:193 #, c-format msgid "" -"Removing old entry for %s (%s) from %s in favour of new connection from %s" +"Got %s from %s (%s) origin %s which does not exist in our connection list" msgstr "" -"Verwijdering oude verbinding voor %s (%s) van %s in voordeel van nieuwe " -"verbinding van %s" +"Kreeg %s van %s (%s) herkomst %s welke niet voorkomt in de verbindingslijst" -#: src/protocol.c:908 +#: src/protocol_key.c:134 src/protocol_key.c:202 #, c-format -msgid "Got bad DEL_HOST from %s (%s)" -msgstr "Kreeg ongeldige DEL_HOST van %s (%s)" - -#: src/protocol.c:917 -#, c-format -msgid "Got bad DEL_HOST from %s (%s): invalid identity name" -msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige identiteitsnaam" - -#: src/protocol.c:923 -#, c-format -msgid "Got bad DEL_HOST from %s (%s): invalid prevhop name" -msgstr "Kreeg ongeldige DEL_HOST van %s (%s): ongeldige prevhop naam" - -#: src/protocol.c:931 -#, c-format -msgid "Got DEL_HOST from %s (%s) for ourself!" -msgstr "Kreeg DEL_HOST van %s (%s) voor onszelf!" - -#: src/protocol.c:940 -#, c-format -msgid "Got DEL_HOST from %s (%s) for %s which is not in our connection list" +msgid "" +"Got %s from %s (%s) destination %s which does not exist in our connection " +"list" msgstr "" -"Kreeg DEL_HOST van %s (%s) voor %s die niet in onze verbindingslijst voorkomt" +"Kreeg %s van %s (%s) doel %s welke niet voorkomt in de verbindingslijst" -#: src/protocol.c:949 +#: src/protocol_key.c:234 #, c-format -msgid "Got DEL_HOST from %s (%s) for %s which doesn't match" -msgstr "Kreeg DEL_HOST van %s (%s) voor %s wat niet overeenkomt" +msgid "Node %s (%s) uses unknown cipher!" +msgstr "Node %s (%s) gebruikt onbekende cipher!" -#: src/protocol.c:987 +#: src/protocol_key.c:239 #, c-format -msgid "Got bad STATUS from %s (%s)" -msgstr "Kreeg ongeldige STATUS van %s (%s)" +msgid "Node %s (%s) uses wrong keylength!" +msgstr "Node %s (%s) gebruikt verkeerde lengte sleutel!" -#: src/protocol.c:994 +#: src/protocol_key.c:253 +#, c-format +msgid "Node %s (%s) uses unknown digest!" +msgstr "Node %s (%s) gebruikt onbekende digest!" + +#: src/protocol_key.c:259 +#, c-format +msgid "Node %s (%s) uses bogus MAC length!" +msgstr "Node %s (%s) gebruikt onzinnige MAC lengte!" + +#: src/protocol_misc.c:68 #, c-format msgid "Status message from %s (%s): %s: %s" -msgstr "Ontving statusbericht van %s (%s): %s: %s" +msgstr "Statusmelding van %s (%s): %s: %s" -#: src/protocol.c:1017 -#, c-format -msgid "Got bad ERROR from %s (%s)" -msgstr "Kreeg ongeldige ERROR van %s (%s)" - -#: src/protocol.c:1024 +#: src/protocol_misc.c:98 #, c-format msgid "Error message from %s (%s): %s: %s" -msgstr "Ontving foutmelding van %s (%s): %s: %s" +msgstr "Foutmelding van %s (%s): %s: %s" -#: src/protocol.c:1116 -#, c-format -msgid "Got bad KEY_CHANGED from %s (%s)" -msgstr "Kreeg ongeldige KEY_CHANGED van %s (%s)" +#: src/protocol_subnet.c:87 src/protocol_subnet.c:186 +msgid "invalid subnet string" +msgstr "ongeldige subnet string" -#: src/protocol.c:1123 +#: src/protocol_subnet.c:177 #, c-format -msgid "" -"Got KEY_CHANGED from %s (%s) origin %s which does not exist in our " -"connection list" +msgid "Got %s from %s (%s) for %s which is not in our node tree" +msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in de node boom" + +#: src/protocol_subnet.c:201 +#, c-format +msgid "Got %s from %s (%s) for %s which does not appear in his subnet tree" +msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in zijn subnet boom" + +#: src/subnet.c:109 +#, c-format +msgid "subnet_compare() was called with unknown subnet type %d, exitting!" msgstr "" -"Kreeg KEY_CHANGED van %s (%s) herkomst %s die niet in onze verbindingslijst " -"voorkomt" +"subnet_compare() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/protocol.c:1152 -#, c-format -msgid "Got bad REQ_KEY from %s (%s)" -msgstr "Kreeg ongeldige REQ_KEY van %s (%s)" - -#: src/protocol.c:1159 -#, c-format -msgid "" -"Got REQ_KEY from %s (%s) origin %s which does not exist in our connection " -"list" -msgstr "" -"Kreeg REQ_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " -"voorkomt" - -#: src/protocol.c:1177 -#, c-format -msgid "" -"Got REQ_KEY from %s (%s) destination %s which does not exist in our " -"connection list" -msgstr "" -"Kreeg REQ_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" - -#: src/protocol.c:1213 -#, c-format -msgid "Got bad ANS_KEY from %s (%s)" -msgstr "Kreeg ongeldige ANS_KEY van %s (%s)" - -#: src/protocol.c:1220 -#, c-format -msgid "" -"Got ANS_KEY from %s (%s) origin %s which does not exist in our connection " -"list" -msgstr "" -"Kreeg ANS_KEY van %s (%s) herkomst %s die niet in onze verbindingslijst " -"voorkomt" - -#: src/protocol.c:1231 -#, c-format -msgid "Got bad ANS_KEY from %s (%s) origin %s: invalid key length" -msgstr "" -"Kreeg ongeldige ADD_KEY van %s (%s) herkomst %s: ongeldige sleutellengte" - -#: src/protocol.c:1242 -#, c-format -msgid "" -"Got ANS_KEY from %s (%s) destination %s which does not exist in our " -"connection list" -msgstr "" -"Kreeg ANS_KEY van %s (%s) doel %s die niet in onze verbindingslijst voorkomt" - -#: src/protocol.c:1287 -#, c-format -msgid "Got bad PACKET from %s (%s)" -msgstr "Kreeg ongeldig PAKKET van %s (%s)" - -#: src/subnet.c:119 -#, c-format -msgid "subnet_compare() was called with unknown subnet type %d, restarting!" -msgstr "" -"subnet_compare() werd aangeroepen met onbekend subnet type %d, opnieuw " -"starten" - -#: src/subnet.c:156 -#, c-format -msgid "Duplicate subnet %s for %s (%s), previous owner %s (%s)!" -msgstr "Duplicaat subnet %s voor %s (%s), vorige eigenaar %s (%s)!" - -#: src/subnet.c:280 +#: src/subnet.c:327 msgid "unknown subnet type" msgstr "onbekend subnet type" -#: src/subnet.c:358 +#: src/subnet.c:411 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:366 +#: src/subnet.c:416 +#, c-format +msgid " %s owner %s" +msgstr " %s eigenaar %s" + +#: src/subnet.c:419 msgid "End of subnet list." msgstr "Einde van subnet lijst." -#: src/tincd.c:95 +#: src/tincd.c:100 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:98 +#: src/tincd.c:103 #, c-format msgid "" "Usage: %s [option]...\n" @@ -942,7 +732,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:99 +#: src/tincd.c:104 msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" @@ -952,12 +742,12 @@ msgid "" msgstr "" " -c, --config=MAP Lees configuratie uit MAP.\n" " -D, --no-detach Start geen nieuw proces.\n" -" -d Verhoog debugniveau.\n" +" -d, --debug[=NIVEAU] Verhoog debugniveau of stel het in op NIVEAU.\n" " -k, --kill[=SIGNAAL] Poging tot zenden signaal naar lopende tincd en " "beëindig.\n" " -n, --net=NETNAAM Verbind met net NETNAAM.\n" -#: src/tincd.c:104 +#: src/tincd.c:109 msgid "" " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" " --help Display this help and exit.\n" @@ -969,13 +759,13 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:107 +#: src/tincd.c:112 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:150 +#: src/tincd.c:155 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" @@ -983,24 +773,24 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:211 +#: src/tincd.c:216 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:216 +#: src/tincd.c:221 msgid "Error during key generation!\n" msgstr "Fout tijdens genereren sleutel!\n" -#: src/tincd.c:220 +#: src/tincd.c:225 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:227 +#: src/tincd.c:234 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:231 src/tincd.c:242 +#: src/tincd.c:238 src/tincd.c:249 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -1008,30 +798,30 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:238 +#: src/tincd.c:245 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:263 +#: src/tincd.c:270 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:292 +#: src/tincd.c:299 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:293 +#: src/tincd.c:300 msgid "" -"Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" +"Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" "\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" "and you are welcome to redistribute it under certain conditions;\n" "see the file COPYING for details.\n" msgstr "" -"Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen en anderen.\n" +"Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen en anderen.\n" "Zie het bestand AUTHORS voor een volledige lijst.\n" "\n" "tinc wordt gedistribueerd ZONDER ENIGE GARANTIE. Dit is vrije " @@ -1039,127 +829,120 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:307 +#: src/tincd.c:314 msgid "You must be root to run this program.\n" msgstr "Je moet systeembeheerder zijn om dit programma te kunnen draaien.\n" -#: src/tincd.c:348 +#: src/tincd.c:363 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:353 +#: src/tincd.c:368 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/process.c:340 src/tincd.c:358 +#: src/process.c:358 src/tincd.c:373 msgid "Not restarting." msgstr "Geen herstart." -#: src/process.c:62 +#: src/process.c:68 #, c-format msgid "Memory exhausted (couldn't allocate %d bytes), exiting." msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." -#: src/process.c:90 -#, c-format -msgid "Total bytes written: tap %d, socket %d; bytes read: tap %d, socket %d" -msgstr "" -"Totaal aantal bytes geschreven: tap %d, socket %d; bytes read: tap %d, " -"socket %d" - -#: src/process.c:93 +#: src/process.c:98 msgid "Terminating" msgstr "Beëindigen" -#: src/process.c:109 +#: src/process.c:114 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd draait al voor net `%s' met pid %d.\n" -#: src/process.c:112 +#: src/process.c:117 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met pid %d.\n" -#: src/process.c:133 +#: src/process.c:138 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:135 +#: src/process.c:140 msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:142 +#: src/process.c:147 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:169 +#: src/process.c:174 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:182 +#: src/process.c:187 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:185 +#: src/process.c:190 #, c-format msgid "tincd %s starting" msgstr "tincd %s wordt gestart" -#: src/process.c:249 +#: src/process.c:266 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:257 +#: src/process.c:274 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:265 +#: src/process.c:282 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:271 +#: src/process.c:288 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:296 +#: src/process.c:313 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:305 +#: src/process.c:322 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:312 +#: src/process.c:329 msgid "Got another SEGV signal: not restarting" msgstr "Kreeg nog een SEGV signaal: geen herstart" -#: src/process.c:321 +#: src/process.c:338 msgid "Got SEGV signal" msgstr "Kreeg SEGV signaal" -#: src/process.c:326 +#: src/process.c:343 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:349 +#: src/process.c:367 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:358 +#: src/process.c:376 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:365 +#: src/process.c:383 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1168,54 +951,216 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:387 src/process.c:396 +#: src/process.c:394 +msgid "Got ALRM signal" +msgstr "Kreeg ALRM signaal" + +#: src/process.c:423 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:443 +#: src/process.c:432 +#, c-format +msgid "Ignored signal %d (%s)" +msgstr "Signaal %d (%s) genegeerd" + +#: src/process.c:487 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:68 +#: src/route.c:69 #, c-format -msgid "Learned new MAC address %hhx:%hhx:%hhx:%hhx:%hhx:%hhx" -msgstr "Nieuw MAC adres %hhx:%hhx:%hhx:%hhx:%hhx:%hhx geleerd" +msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" +msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:123 +#: src/route.c:124 #, c-format msgid "Cannot route packet: unknown destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend doeladres %d.%d.%d.%d" -#: src/route.c:138 -msgid "Cannot route packet: IPv6 routing not yet implemented" -msgstr "Kan pakket niet routeren: IPv6 routering nog niet geïmplementeerd" +#: src/route.c:144 +#, c-format +msgid "" +"Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" +"hx:%hx:%hx" +msgstr "" +"Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" +"hx:%hx" -#: src/route.c:172 +#: src/route.c:189 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:186 +#: src/route.c:203 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:238 +#: src/route.c:255 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" -#~ msgid "Still failed to connect to other, will retry in %d seconds" -#~ msgstr "Wederom niet verbonden met de ander, nieuwe poging over %d seconden" +#: src/node.c:161 +msgid "Nodes:" +msgstr "Nodes:" -#~ msgid "Uplink %s (%s) is already in our connection list" -#~ msgstr "%s (%s) staat al in onze verbindingslijst" +#: src/node.c:166 +#, c-format +msgid "" +" %s at %s port %hd cipher %d digest %d maclength %d options %ld status %04x " +"nexthop %s via %s" +msgstr "" +" %s op %s poort %hd cipher %d digest %d maclengte %d opties %ld status %04x " +"nexthop %s via %s" -#~ msgid "Removing old entry for %s (%s) in favour of new connection" +#: src/node.c:171 +msgid "End of nodes." +msgstr "Einde van nodes." + +#: src/edge.c:194 +msgid "Edges:" +msgstr "Edges:" + +#: src/edge.c:201 +#, c-format +msgid " %s at %s port %hd - %s at %s port %hd options %ld weight %d" +msgstr " %s op %s poort %hd - %s op %s poort %hd opties %ld gewicht %d" + +#: src/edge.c:209 +msgid "End of edges." +msgstr "Einde van edges." + +#: src/graph.c:224 +#, c-format +msgid "Node %s (%s) became reachable" +msgstr "Node %s (%s) werd bereikbaar" + +#: src/graph.c:233 +#, c-format +msgid "Node %s (%s) became unreachable" +msgstr "Node %s (%s) is niet meer bereikbaar" + +#: src/freebsd/device.c:69 src/linux/device.c:84 src/openbsd/device.c:73 +#: src/solaris/device.c:74 +#, c-format +msgid "Could not open %s: %m" +msgstr "Kon `%s' niet openen: %m" + +#: src/linux/device.c:109 src/linux/device.c:119 +msgid "Linux tun/tap device" +msgstr "Linux tun/tap apparaat" + +#: src/linux/device.c:117 +#, c-format +msgid "Old ioctl() request was needed for %s" +msgstr "Oud ioctl() verzoek was nodig voor %s" + +#: src/linux/device.c:126 +msgid "Linux ethertap device" +msgstr "Linux ethertap apparaat" + +#: src/freebsd/device.c:86 src/linux/device.c:130 src/openbsd/device.c:89 +#: src/solaris/device.c:128 +#, c-format +msgid "%s is a %s" +msgstr "%s is een %s" + +#: src/freebsd/device.c:107 src/linux/device.c:153 src/linux/device.c:163 +#: src/openbsd/device.c:110 src/solaris/device.c:145 +#, c-format +msgid "Error while reading from %s %s: %m" +msgstr "Fout tijdens lezen van %s %s: %m" + +#: src/freebsd/device.c:116 src/linux/device.c:174 src/openbsd/device.c:125 +#: src/solaris/device.c:160 +#, c-format +msgid "Read packet of %d bytes from %s" +msgstr "Pakket van %d bytes gelezen van %s" + +#: src/freebsd/device.c:127 src/linux/device.c:185 src/openbsd/device.c:138 +#: src/solaris/device.c:171 +#, c-format +msgid "Writing packet of %d bytes to %s" +msgstr "Pakket van %d bytes geschreven naar %s" + +#: src/linux/device.c:192 src/linux/device.c:201 src/openbsd/device.c:148 +#: src/solaris/device.c:176 +#, c-format +msgid "Can't write to %s %s: %m" +msgstr "Kan niet schrijven naar %s %s: %m" + +#: src/freebsd/device.c:143 src/linux/device.c:214 src/openbsd/device.c:159 +#: src/solaris/device.c:188 +#, c-format +msgid "Statistics for %s %s:" +msgstr "Statistieken voor %s %s:" + +#: src/freebsd/device.c:144 src/linux/device.c:215 src/openbsd/device.c:160 +#: src/solaris/device.c:189 +#, c-format +msgid " total bytes in: %10d" +msgstr " totaal aantal bytes in: %10d" + +#: src/freebsd/device.c:145 src/linux/device.c:216 src/openbsd/device.c:161 +#: src/solaris/device.c:190 +#, c-format +msgid " total bytes out: %10d" +msgstr " totaal aantal bytes uit: %10d" + +#: src/freebsd/device.c:84 +msgid "FreeBSD tap device" +msgstr "FreeBSD tap apparaat" + +#: src/freebsd/device.c:132 +#, c-format +msgid "Error while writing to %s %s: %m" +msgstr "Fout tijdens schrijven naar %s %s: %m" + +#: src/openbsd/device.c:87 +msgid "OpenBSD tun device" +msgstr "OpenBSD tun apparaat" + +#: src/solaris/device.c:85 +#, c-format +msgid "Could not open /dev/ip: %m" +msgstr "Kon /dev/ip niet openen: %m" + +#: src/solaris/device.c:91 +#, c-format +msgid "Can't assign new interface: %m" +msgstr "Kan geen nieuwe interface toekennen: %m" + +#: src/solaris/device.c:96 +#, c-format +msgid "Could not open %s twice: %m" +msgstr "Kon `%s' niet twee keer openen: %m" + +#: src/solaris/device.c:101 +#, c-format +msgid "Can't push IP module: %m" +msgstr "Kan IP module niet invoegen: %m" + +#: src/solaris/device.c:107 +#, c-format +msgid "Can't set PPA %d: %m" +msgstr "Kon PPA %d niet instellen: %m" + +#: src/solaris/device.c:112 +#, c-format +msgid "Can't link TUN device to IP: %m" +msgstr "Kan TUN apparaat niet koppelen aan IP: %m" + +#: src/solaris/device.c:116 +msgid "Solaris tun device" +msgstr "Solaris tun apparaat" + +#~ msgid "No digest, MAC length ignored" +#~ msgstr "Geen digest, MAC lengte genegeerd" + +#~ msgid "Failed to setup all outgoing connections, will retry in %d seconds" #~ msgstr "" -#~ "Verwijdering oude verbinding voor %s (%s) in voordeel van nieuwe " -#~ "verbinding" - -#~ msgid "Got INT signal, exiting" -#~ msgstr "Kreeg INT signaal, beëindigen" +#~ "Poging tot maken van alle uitgaande verbinding faalde, nieuwe poging over " +#~ "%d seconden" diff --git a/redhat/Makefile.am b/redhat/Makefile.am deleted file mode 100644 index 1eaf7d6a..00000000 --- a/redhat/Makefile.am +++ /dev/null @@ -1 +0,0 @@ -EXTRA_DIST = tinc tinc.spec diff --git a/src/Makefile.am b/src/Makefile.am index 59f6f5e7..7ea85a15 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,14 +1,17 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.18 2001/11/16 12:16:28 zarq Exp $ +# $Id: Makefile.am,v 1.4.4.19 2002/02/10 21:57:52 guus Exp $ sbin_PROGRAMS = tincd -tincd_SOURCES = conf.c connection.c device.c edge.c graph.c meta.c net.c node.c process.c \ - protocol.c route.c subnet.c tincd.c +EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c + +tincd_SOURCES = conf.c connection.c device.c edge.c event.c graph.c meta.c net.c netutl.c node.c process.c \ + protocol.c protocol_auth.c protocol_edge.c protocol_misc.c protocol_key.c protocol_subnet.c \ + route.c subnet.c tincd.c INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl -noinst_HEADERS = conf.h connection.h device.h edge.h graph.h meta.h net.h node.h process.h \ +noinst_HEADERS = conf.h connection.h device.h edge.h event.h graph.h meta.h net.h netutl.h node.h process.h \ protocol.h route.h subnet.h LIBS = @LIBS@ @INTLLIBS@ diff --git a/src/conf.c b/src/conf.c index 3be2e33e..fc823720 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1,8 +1,8 @@ /* conf.c -- configuration code Copyright (C) 1998 Robert van der Meulen - 1998-2001 Ivo Timmermans - 2000,2001 Guus Sliepen + 1998-2002 Ivo Timmermans + 2000-2002 Guus Sliepen 2000 Cris van Pelt This program is free software; you can redistribute it and/or modify @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.51 2001/11/16 22:31:41 zarq Exp $ + $Id: conf.c,v 1.9.4.52 2002/02/10 21:57:53 guus Exp $ */ #include "config.h" @@ -42,19 +42,17 @@ #include #include "conf.h" +#include "netutl.h" /* for str2address */ #include "system.h" avl_tree_t *config_tree; int debug_lvl = 0; -int timeout = 0; /* seconds before timeout */ +int pingtimeout = 0; /* seconds before timeout */ char *confbase = NULL; /* directory in which all config files are */ char *netname = NULL; /* name of the vpn network */ -/* Will be set if HUP signal is received. It will be processed when it is safe. */ -int sighup = 0; - int config_compare(config_t *a, config_t *b) { int result; @@ -202,6 +200,41 @@ cp return 1; } +int get_config_address(config_t *cfg, ipv4_t **result) +{ + ipv4_t *ip; +cp + if(!cfg) + return 0; + + ip = xmalloc(sizeof(*ip)); + *ip = str2address(cfg->value); + + if(ip) + { + *result = ip; + return 1; + } + + syslog(LOG_ERR, _("IP address expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + return 0; +} + +int get_config_port(config_t *cfg, port_t *result) +{ +cp + if(!cfg) + return 0; + + if(sscanf(cfg->value, "%hu", result) == 1) + return 1; + + syslog(LOG_ERR, _("Port number expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + return 0; +} + int get_config_subnet(config_t *cfg, subnet_t **result) { subnet_t *subnet; @@ -209,34 +242,27 @@ cp if(!cfg) return 0; -#warning FIXME -/* ip = strtoip(cfg->value); */ + subnet = str2net(cfg->value); -/* if(!ip) */ -/* { */ -/* syslog(LOG_ERR, _("IP address expected for configuration variable %s in %s line %d"), */ -/* cfg->variable, cfg->file, cfg->line); */ -/* return 0; */ -/* } */ + if(!subnet) + { + syslog(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + return 0; + } /* Teach newbies what subnets are... */ -/* if((ip->address & ip->mask) != ip->address) */ -/* { */ -/* syslog(LOG_ERR, _("Network address and subnet mask for configuration variable %s in %s line %d"), */ -/* cfg->variable, cfg->file, cfg->line); */ -/* free(ip); */ -/* return 0; */ -/* } */ + if(subnet->type == SUBNET_IPV4) + if((subnet->net.ipv4.address & subnet->net.ipv4.mask) != subnet->net.ipv4.address) + { + syslog(LOG_ERR, _("Network address and mask length do not match for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + free(subnet); + return 0; + } -/* subnet = new_subnet(); */ -/* subnet->type = SUBNET_IP; */ -/* subnet->net.ip.address = ip->address; */ -/* subnet->net.ip.mask = ip->mask; */ - -/* free(ip); */ - -/* *result = subnet; */ + *result = subnet; return 1; } diff --git a/src/conf.h b/src/conf.h index 0d3d6645..a04d6687 100644 --- a/src/conf.h +++ b/src/conf.h @@ -1,7 +1,7 @@ /* conf.h -- header for conf.c - Copyright (C) 1998-2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.30 2001/11/16 12:14:20 zarq Exp $ + $Id: conf.h,v 1.6.4.31 2002/02/10 21:57:53 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -37,9 +37,8 @@ typedef struct config_t { extern avl_tree_t *config_tree; extern int debug_lvl; -extern int timeout; +extern int pingtimeout; extern int maxtimeout; -extern int sighup; extern int bypass_security; extern char *confbase; extern char *netname; @@ -53,7 +52,9 @@ extern config_t *lookup_config(avl_tree_t *, char *); extern config_t *lookup_config_next(avl_tree_t *, config_t *); extern int get_config_bool(config_t *, int *); extern int get_config_int(config_t *, int *); +extern int get_config_port(config_t *, port_t *); extern int get_config_string(config_t *, char **); +extern int get_config_address(config_t *, ipv4_t **); struct subnet_t; /* Needed for next line. */ extern int get_config_subnet(config_t *, struct subnet_t **); diff --git a/src/connection.c b/src/connection.c index f7f65005..815de4ba 100644 --- a/src/connection.c +++ b/src/connection.c @@ -1,7 +1,7 @@ /* connection.c -- connection list management - Copyright (C) 2000,2001 Guus Sliepen , - 2000,2001 Ivo Timmermans + Copyright (C) 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.26 2001/11/16 12:20:44 zarq Exp $ + $Id: connection.c,v 1.1.2.27 2002/02/10 21:57:53 guus Exp $ */ #include "config.h" @@ -31,6 +31,7 @@ #include #include "net.h" /* Don't ask. */ +#include "netutl.h" #include "config.h" #include "conf.h" #include @@ -105,11 +106,12 @@ cp cp } -connection_t *lookup_connection(struct addrinfo *address) +connection_t *lookup_connection(ipv4_t address, port_t port) { connection_t c; cp c.address = address; + c.port = port; return avl_search(connection_tree, &c); } diff --git a/src/connection.h b/src/connection.h index 349fd971..1689aee3 100644 --- a/src/connection.h +++ b/src/connection.h @@ -1,7 +1,7 @@ /* connection.h -- header for connection.c - Copyright (C) 2000,2001 Guus Sliepen , - 2000,2001 Ivo Timmermans + Copyright (C) 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.23 2001/11/16 12:01:48 zarq Exp $ + $Id: connection.h,v 1.1.2.24 2002/02/10 21:57:53 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -46,30 +46,26 @@ #include "node.h" #include "edge.h" -#include -#include - #define OPTION_INDIRECT 0x0001 #define OPTION_TCPONLY 0x0002 typedef struct connection_status_t { int pinged:1; /* sent ping */ int active:1; /* 1 if active.. */ - int outgoing:1; /* I myself asked for this conn */ int termreq:1; /* the termination of this connection was requested */ int remove:1; /* Set to 1 if you want this connection removed */ int timeout:1; /* 1 if gotten timeout */ int encryptout:1; /* 1 if we can encrypt outgoing traffic */ int decryptin:1; /* 1 if we have to decrypt incoming traffic */ int mst:1; /* 1 if this connection is part of a minimum spanning tree */ - int unused:17; + int unused:18; } connection_status_t; typedef struct connection_t { char *name; /* name he claims to have */ - struct addrinfo *address; /* his real (internet) ip */ - char *port; /* port number of meta connection */ + ipv4_t address; /* his real (internet) ip */ + port_t port; /* port number of meta connection */ char *hostname; /* the hostname of its real ip */ int protocol_version; /* used protocol */ @@ -78,9 +74,10 @@ typedef struct connection_t { struct connection_status_t status; /* status info */ int estimated_weight; /* estimation for the weight of the edge for this connection */ struct timeval start; /* time this connection was started, used for above estimation */ + struct outgoing_t *outgoing; /* used to keep track of outgoing connections */ struct node_t *node; /* node associated with the other end */ - struct edge_t *edge; /* edge associated with this connection */ + struct edge_t *edge; /* edge associated with this connection */ RSA *rsa_key; /* his public/private key */ EVP_CIPHER *incipher; /* Cipher he will use to send data to us */ @@ -112,7 +109,7 @@ extern connection_t *new_connection(void); extern void free_connection(connection_t *); extern void connection_add(connection_t *); extern void connection_del(connection_t *); -extern connection_t *lookup_connection(struct addrinfo *); +extern connection_t *lookup_connection(ipv4_t, short unsigned int); extern void dump_connections(void); extern int read_connection_config(connection_t *); diff --git a/src/device.h b/src/device.h index 05dcaaa6..3d3aa761 100644 --- a/src/device.h +++ b/src/device.h @@ -1,7 +1,7 @@ /* net.h -- generic header for device.c - Copyright (C) 2001 Ivo Timmermans - 2001 Guus Sliepen + Copyright (C) 2001-2002 Ivo Timmermans + 2001-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.h,v 1.1.2.4 2001/10/31 12:50:24 guus Exp $ + $Id: device.h,v 1.1.2.5 2002/02/10 21:57:54 guus Exp $ */ #ifndef __TINC_DEVICE_H__ diff --git a/src/edge.c b/src/edge.c index b9ecd8ef..1851f51f 100644 --- a/src/edge.c +++ b/src/edge.c @@ -1,7 +1,7 @@ /* edge.c -- edge tree management - Copyright (C) 2000,2001 Guus Sliepen , - 2000,2001 Ivo Timmermans + Copyright (C) 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.5 2001/11/16 12:21:49 zarq Exp $ + $Id: edge.c,v 1.1.2.6 2002/02/10 21:57:54 guus Exp $ */ #include "config.h" @@ -30,6 +30,7 @@ #include #include "net.h" /* Don't ask. */ +#include "netutl.h" #include "config.h" #include "conf.h" #include @@ -45,12 +46,12 @@ int edge_compare(edge_t *a, edge_t *b) { int result; - result = strcmp(a->from->name, b->from->name); + result = strcmp(a->from.node->name, b->from.node->name); if(result) return result; else - return strcmp(a->to->name, b->to->name); + return strcmp(a->to.node->name, b->to.node->name); } /* Evil edge_compare() from a parallel universe ;) @@ -59,7 +60,7 @@ int edge_compare(edge_t *a, edge_t *b) { int result; - return (result = strcmp(a->from->name, b->from->name)) || (result = strcmp(a->to->name, b->to->name)), result; + return (result = strcmp(a->from.node->name, b->from.node->name)) || (result = strcmp(a->to.node->name, b->to.node->name)), result; } */ @@ -69,15 +70,15 @@ int edge_name_compare(edge_t *a, edge_t *b) int result; char *name_a1, *name_a2, *name_b1, *name_b2; - if(strcmp(a->from->name, a->to->name) < 0) - name_a1 = a->from->name, name_a2 = a->to->name; + if(strcmp(a->from.node->name, a->to.node->name) < 0) + name_a1 = a->from.node->name, name_a2 = a->to.node->name; else - name_a1 = a->to->name, name_a2 = a->from->name; + name_a1 = a->to.node->name, name_a2 = a->from.node->name; - if(strcmp(b->from->name, b->to->name) < 0) - name_b1 = b->from->name, name_b2 = b->to->name; + if(strcmp(b->from.node->name, b->to.node->name) < 0) + name_b1 = b->from.node->name, name_b2 = b->to.node->name; else - name_b1 = b->to->name, name_b2 = b->from->name; + name_b1 = b->to.node->name, name_b2 = b->from.node->name; result = strcmp(name_a1, name_b1); @@ -151,8 +152,8 @@ void edge_add(edge_t *e) cp avl_insert(edge_tree, e); avl_insert(edge_weight_tree, e); - avl_insert(e->from->edge_tree, e); - avl_insert(e->to->edge_tree, e); + avl_insert(e->from.node->edge_tree, e); + avl_insert(e->to.node->edge_tree, e); cp } @@ -161,8 +162,8 @@ void edge_del(edge_t *e) cp avl_delete(edge_tree, e); avl_delete(edge_weight_tree, e); - avl_delete(e->from->edge_tree, e); - avl_delete(e->to->edge_tree, e); + avl_delete(e->from.node->edge_tree, e); + avl_delete(e->to.node->edge_tree, e); cp } @@ -170,16 +171,16 @@ edge_t *lookup_edge(node_t *from, node_t *to) { edge_t v, *result; cp - v.from = from; - v.to = to; + v.from.node = from; + v.to.node = to; result = avl_search(edge_tree, &v); if(result) return result; cp - v.from = to; - v.to = from; + v.from.node = to; + v.to.node = from; return avl_search(edge_tree, &v); } @@ -188,14 +189,21 @@ void dump_edges(void) { avl_node_t *node; edge_t *e; + char *from_address, *to_address; cp syslog(LOG_DEBUG, _("Edges:")); for(node = edge_tree->head; node; node = node->next) { e = (edge_t *)node->data; - syslog(LOG_DEBUG, _(" %s - %s options %ld weight %d"), - e->from->name, e->to->name, e->options, e->weight); + from_address = address2str(e->from.address); + to_address = address2str(e->to.address); + syslog(LOG_DEBUG, _(" %s at %s port %hd - %s at %s port %hd options %ld weight %d"), + e->from.node->name, from_address, e->from.port, + e->to.node->name, to_address, e->to.port, + e->options, e->weight); + free(from_address); + free(to_address); } syslog(LOG_DEBUG, _("End of edges.")); diff --git a/src/edge.h b/src/edge.h index 0de989ad..9a60af65 100644 --- a/src/edge.h +++ b/src/edge.h @@ -1,7 +1,7 @@ /* edge.h -- header for edge.c - Copyright (C) 2001 Guus Sliepen , - 2001 Ivo Timmermans + Copyright (C) 2001-2002 Guus Sliepen , + 2001-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.4 2001/11/16 12:13:34 zarq Exp $ + $Id: edge.h,v 1.1.2.5 2002/02/10 21:57:54 guus Exp $ */ #ifndef __TINC_EDGE_H__ @@ -28,18 +28,16 @@ #include "node.h" #include "connection.h" -/* I don't know if halfconnection_t is useful... */ - typedef struct halfconnection_t { struct node_t *node; /* node associated with this end of the connection */ - struct addrinfo *address; /* real (internet) ip on this end of the meta connection */ - char *hostname; /* the hostname of real ip */ + ipv4_t address; /* real (internet) ip on this end of the meta connection */ + port_t port; /* port number of this end of the meta connection */ } halfconnection_t; typedef struct edge_t { - struct node_t *from; - struct node_t *to; + struct halfconnection_t from; + struct halfconnection_t to; long int options; /* options turned on for this edge */ int weight; /* weight of this edge */ diff --git a/src/freebsd/device.c b/src/freebsd/device.c index b11bab93..492ba33d 100644 --- a/src/freebsd/device.c +++ b/src/freebsd/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with FreeBSD tap device - Copyright (C) 2001 Ivo Timmermans , - 2001 Guus Sliepen + Copyright (C) 2001-2002 Ivo Timmermans , + 2001-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,38 +17,59 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.1 2001/10/12 15:22:59 guus Exp $ + $Id: device.c,v 1.1.2.2 2002/02/10 21:57:54 guus Exp $ */ +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include "conf.h" +#include "net.h" +#include "subnet.h" + +#include "system.h" + #define DEFAULT_DEVICE "/dev/tap0" int device_fd = -1; int device_type; -char *device_fname; +char *device; +char *interface; char *device_info; - int device_total_in = 0; int device_total_out = 0; -* +extern subnet_t mymac; + +/* open the local ethertap device */ int setup_device(void) { - struct ifreq ifr; - cp - if(!get_config_string(lookup_config(config_tree, "Device"), &device_fname))) - device_fname = DEFAULT_DEVICE; + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + interface = netname; cp - if((device_fd = open(device_fname, O_RDWR | O_NONBLOCK)) < 0) + if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %m"), device_fname); + syslog(LOG_ERR, _("Could not open %s: %m"), device); return -1; } cp - device_fd = device_fd; /* Set default MAC address for ethertap devices */ @@ -62,11 +83,17 @@ cp device_info = _("FreeBSD tap device"); - syslog(LOG_INFO, _("%s is a %s"), device_fname, device_info); + syslog(LOG_INFO, _("%s is a %s"), device, device_info); cp return 0; } +void close_device(void) +{ +cp + close(device_fd); +} + /* read, encrypt and send data that is available through the ethertap device @@ -77,7 +104,7 @@ int read_packet(vpn_packet_t *packet) cp if((lenin = read(device_fd, packet->data, MTU)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device_fname); + syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device); return -1; } @@ -102,10 +129,19 @@ cp if(write(device_fd, packet->data, packet->len) < 0) { - syslog(LOG_ERR, _("Error while writing to %s %s: %m"), device_info, device_fname); + syslog(LOG_ERR, _("Error while writing to %s %s: %m"), device_info, device); return -1; } device_total_out += packet->len; cp } + +void dump_device_stats(void) +{ +cp + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp +} diff --git a/src/graph.c b/src/graph.c index aa1ec72a..0847b281 100644 --- a/src/graph.c +++ b/src/graph.c @@ -1,7 +1,7 @@ /* graph.c -- graph algorithms - Copyright (C) 2001 Guus Sliepen , - 2001 Ivo Timmermans + Copyright (C) 2001-2002 Guus Sliepen , + 2001-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.5 2001/10/31 12:50:24 guus Exp $ + $Id: graph.c,v 1.1.2.6 2002/02/10 21:57:54 guus Exp $ */ /* We need to generate two trees from the graph: @@ -38,14 +38,24 @@ For the SSSP algorithm Dijkstra's seems to be a nice choice. Currently a simple breadth-first search is presented here. + + The SSSP algorithm will also be used to determine whether nodes are directly, + indirectly or not reachable from the source. It will also set the correct + destination address and port of a node if possible. */ #include #include "config.h" #include +#if defined(HAVE_FREEBSD) || defined(HAVE_OPENBSD) + #include +#endif +#include #include +#include +#include "netutl.h" #include "node.h" #include "edge.h" #include "connection.h" @@ -67,6 +77,11 @@ void mst_kruskal(void) int safe_edges = 0; int skipped; + /* Do we have something to do at all? */ + + if(!edge_weight_tree->head) + return; + /* Clear visited status on nodes */ for(node = node_tree->head; node; node = node->next) @@ -78,7 +93,7 @@ void mst_kruskal(void) /* Starting point */ - ((edge_t *)edge_weight_tree->head->data)->from->status.visited = 1; + ((edge_t *)edge_weight_tree->head->data)->from.node->status.visited = 1; /* Clear MST status on connections */ @@ -95,14 +110,14 @@ void mst_kruskal(void) next = node->next; e = (edge_t *)node->data; - if(e->from->status.visited == e->to->status.visited) + if(e->from.node->status.visited == e->to.node->status.visited) { skipped = 1; continue; } - e->from->status.visited = 1; - e->to->status.visited = 1; + e->from.node->status.visited = 1; + e->to.node->status.visited = 1; if(e->connection) e->connection->status.mst = 1; @@ -120,11 +135,12 @@ void mst_kruskal(void) Running time: O(E) */ -void sssp_bfs(int prune) +void sssp_bfs(void) { avl_node_t *node, *from, *next, *to; edge_t *e; - node_t *n, *check; + node_t *n; + halfconnection_t to_hc, from_hc; avl_tree_t *todo_tree; todo_tree = avl_alloc_tree(NULL, NULL); @@ -150,46 +166,82 @@ void sssp_bfs(int prune) while(todo_tree->head) { - for(from = todo_tree->head; from; from = next) + for(from = todo_tree->head; from; from = next) /* "from" is the node from which we start */ { next = from->next; n = (node_t *)from->data; - for(to = n->edge_tree->head; to; to = to->next) + for(to = n->edge_tree->head; to; to = to->next) /* "to" is the edge connected to "from" */ { e = (edge_t *)to->data; - if(e->from == n) - check = e->to; + if(e->from.node == n) /* "from_hc" is the halfconnection with .node == from */ + to_hc = e->to, from_hc = e->from; else - check = e->from; + to_hc = e->from, from_hc = e->to; - if(!check->status.visited) + if(!to_hc.node->status.visited) { - check->status.visited = 1; - check->nexthop = (n->nexthop == myself) ? check : n->nexthop; - check->via = (e->options & OPTION_INDIRECT || n->via != n) ? n->via : check; + to_hc.node->status.visited = 1; + to_hc.node->nexthop = (n->nexthop == myself) ? to_hc.node : n->nexthop; + to_hc.node->via = (e->options & OPTION_INDIRECT || n->via != n) ? n->via : to_hc.node; + to_hc.node->options = e->options; + if(to_hc.node->address != to_hc.address || to_hc.node->port != to_hc.port) + { + node = avl_unlink(node_udp_tree, to_hc.node); + to_hc.node->address = to_hc.address; + to_hc.node->port = to_hc.port; + if(to_hc.node->hostname) + free(to_hc.node->hostname); + to_hc.node->hostname = hostlookup(htonl(to_hc.address)); + avl_insert_node(node_udp_tree, node); + } + to_hc.node->port = to_hc.port; node = avl_alloc_node(); - node->data = check; + node->data = to_hc.node; avl_insert_before(todo_tree, from, node); } } - avl_delete_node(todo_tree, from); + avl_delete_node(todo_tree, from); } } avl_free_tree(todo_tree); - /* Nodes we haven't visited are unreachable, prune them. */ + /* Check reachability status. */ - if(prune) - for(node = node_tree->head; node; node = next) + for(node = node_tree->head; node; node = next) + { + next = node->next; + n = (node_t *)node->data; + + if(n->status.visited) { - next = node->next; - n = (node_t *)node->data; - - if(n->status.visited == 0) - node_del(n); + if(!n->status.reachable) + { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Node %s (%s) became reachable"), n->name, n->hostname); + n->status.reachable = 1; + } } + else + { + if(n->status.reachable) + { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Node %s (%s) became unreachable"), n->name, n->hostname); + n->status.reachable = 0; + n->status.validkey = 0; + n->status.waitingforkey = 0; + n->sent_seqno = 0; + } + } + } +} + +void graph(void) +{ + mst_kruskal(); + sssp_bfs(); } diff --git a/src/graph.h b/src/graph.h index bd6cc3f8..3c8c0d5b 100644 --- a/src/graph.h +++ b/src/graph.h @@ -1,7 +1,7 @@ /* graph.h -- header for graph.c - Copyright (C) 2001 Guus Sliepen , - 2001 Ivo Timmermans + Copyright (C) 2001-2002 Guus Sliepen , + 2001-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,8 +17,9 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.h,v 1.1.2.2 2001/10/31 12:50:24 guus Exp $ + $Id: graph.h,v 1.1.2.3 2002/02/10 21:57:54 guus Exp $ */ +extern void graph(void); extern void mst_kruskal(void); -extern void sssp_bfs(int); +extern void sssp_bfs(void); diff --git a/src/linux/device.c b/src/linux/device.c index 02d7a7a5..a54647ec 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with Linux ethertap and tun/tap device - Copyright (C) 2001 Ivo Timmermans , - 2001 Guus Sliepen + Copyright (C) 2001-2002 Ivo Timmermans , + 2001-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.4 2001/10/31 12:50:24 guus Exp $ + $Id: device.c,v 1.1.2.5 2002/02/10 21:57:54 guus Exp $ */ #include "config.h" @@ -63,7 +63,7 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -subnet_t mymac; +extern subnet_t mymac; /* open the local ethertap device @@ -158,9 +158,7 @@ cp } else /* ethertap */ { - struct iovec vector[2] = {{&packet->len, 2}, {packet->data, MTU}}; - - if((lenin = readv(device_fd, vector, 2)) <= 0) + if((lenin = read(device_fd, packet->data - 2, MTU + 2)) <= 0) { syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device); return -1; @@ -197,9 +195,8 @@ cp } else/* ethertap */ { - struct iovec vector[2] = {{&packet->len, 2}, {packet->data, MTU}}; - - if(writev(device_fd, vector, 2) < 0) + *(short int *)(packet->data - 2) = packet->len; + if(write(device_fd, packet->data - 2, packet->len + 2) < 0) { syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, device); return -1; diff --git a/src/meta.c b/src/meta.c index 786d56af..73ffa69b 100644 --- a/src/meta.c +++ b/src/meta.c @@ -1,7 +1,7 @@ /* meta.c -- handle the meta communication - Copyright (C) 2000,2001 Guus Sliepen , - 2000,2001 Ivo Timmermans + Copyright (C) 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.21 2001/10/27 12:13:17 guus Exp $ + $Id: meta.c,v 1.1.2.22 2002/02/10 21:57:54 guus Exp $ */ #include "config.h" diff --git a/src/meta.h b/src/meta.h index e0823a82..d54573ef 100644 --- a/src/meta.h +++ b/src/meta.h @@ -1,7 +1,7 @@ /* meta.h -- header for meta.c - Copyright (C) 2000,2001 Guus Sliepen , - 2000,2001 Ivo Timmermans + Copyright (C) 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.h,v 1.1.2.5 2001/01/07 17:08:58 guus Exp $ + $Id: meta.h,v 1.1.2.6 2002/02/10 21:57:54 guus Exp $ */ #ifndef __TINC_META_H__ diff --git a/src/net.c b/src/net.c index c7b612c7..544bf635 100644 --- a/src/net.c +++ b/src/net.c @@ -1,7 +1,7 @@ /* net.c -- most of the network code - Copyright (C) 1998-2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.151 2001/11/16 22:41:38 zarq Exp $ + $Id: net.c,v 1.35.4.152 2002/02/10 21:57:54 guus Exp $ */ #include "config.h" @@ -49,6 +49,7 @@ #include #include #include +#include #ifndef HAVE_RAND_PSEUDO_BYTES #define RAND_pseudo_bytes RAND_bytes @@ -63,12 +64,15 @@ #include "connection.h" #include "meta.h" #include "net.h" +#include "netutl.h" #include "process.h" #include "protocol.h" #include "subnet.h" +#include "graph.h" #include "process.h" #include "route.h" #include "device.h" +#include "event.h" #include "system.h" @@ -82,52 +86,59 @@ int keylifetime = 0; int keyexpires = 0; int do_prune = 0; +int do_purge = 0; +int sighup = 0; +int sigalrm = 0; + +#define MAX_SEQNO 1073741824 /* VPN packet I/O */ -char *hostlookup(struct sockaddr *addr, int numericonly) -{ - char *hostname; - int flags = 0; - int r; - -cp - if(numericonly - || (get_config_bool(lookup_config(config_tree, "ResolveDNS"), &r) - || !r )) - flags |= NI_NUMERICHOST; - - hostname = xmalloc(NI_MAXHOST); - - if((r = getnameinfo(addr, sizeof(*addr), hostname, NI_MAXHOST, NULL, 0, flags)) != 0) - { - free(hostname); - if(flags & NI_NUMERICHOST) - { - syslog(LOG_ERR, _("Address conversion failed: %s"), - gai_strerror(r)); - return NULL; - } - else - return hostlookup(addr, 1); - } -cp - return hostname; -} - void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { vpn_packet_t outpkt; int outlen, outpad; EVP_CIPHER_CTX ctx; + char hmac[EVP_MAX_MD_SIZE]; cp + + if(myself->digest && myself->maclength) + { + inpkt->len -= myself->maclength; + HMAC(myself->digest, myself->key, myself->keylength, (char *)&inpkt->seqno, inpkt->len, hmac, NULL); + if(memcmp(hmac, (char *)&inpkt->seqno + inpkt->len, myself->maclength)) + { + syslog(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), n->name, n->hostname); + return; + } + } + /* Decrypt the packet */ - EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len); - EVP_DecryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len); - EVP_DecryptFinal(&ctx, outpkt.salt + outlen, &outpad); - outlen += outpad; - outpkt.len = outlen - sizeof(outpkt.salt); + if(myself->cipher) + { + EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len); + EVP_DecryptUpdate(&ctx, (char *)&outpkt.seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); + EVP_DecryptFinal(&ctx, (char *)&outpkt.seqno + outlen, &outpad); + outlen += outpad; + outpkt.len = outlen - sizeof(outpkt.seqno); + } + else + { + memcpy((char *)&outpkt.seqno, (char *)&inpkt->seqno, inpkt->len); + outpkt.len = inpkt->len - sizeof(outpkt.seqno); + } + + if (ntohl(outpkt.seqno) <= n->received_seqno) + { + syslog(LOG_DEBUG, _("Got late or replayed packet from %s (%s), seqno %d"), n->name, n->hostname, ntohl(*(unsigned int *)&outpkt.seqno)); + return; + } + + n->received_seqno = ntohl(outpkt.seqno); + + if(n->received_seqno > MAX_SEQNO) + keyexpires = 0; receive_packet(n, &outpkt); cp @@ -159,6 +170,8 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) vpn_packet_t outpkt; int outlen, outpad; EVP_CIPHER_CTX ctx; + struct sockaddr_in to; + socklen_t tolen = sizeof(to); vpn_packet_t *copy; cp if(!n->status.validkey) @@ -182,14 +195,32 @@ cp /* Encrypt the packet. */ - RAND_pseudo_bytes(inpkt->salt, sizeof(inpkt->salt)); + inpkt->seqno = htonl(++(n->sent_seqno)); - EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); - EVP_EncryptUpdate(&ctx, outpkt.salt, &outlen, inpkt->salt, inpkt->len + sizeof(inpkt->salt)); - EVP_EncryptFinal(&ctx, outpkt.salt + outlen, &outpad); - outlen += outpad; - - if((sendto(udp_socket, (char *) outpkt.salt, outlen, 0, n->address->ai_addr, n->address->ai_addrlen)) < 0) + if(n->cipher) + { + EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); + EVP_EncryptUpdate(&ctx, (char *)&outpkt.seqno, &outlen, (char *)&inpkt->seqno, inpkt->len + sizeof(inpkt->seqno)); + EVP_EncryptFinal(&ctx, (char *)&outpkt.seqno + outlen, &outpad); + outlen += outpad; + } + else + { + memcpy((char *)&outpkt.seqno, (char *)&inpkt->seqno, inpkt->len + sizeof(inpkt->seqno)); + outlen = inpkt->len + sizeof(inpkt->seqno); + } + + if(n->digest && n->maclength) + { + HMAC(n->digest, n->key, n->keylength, (char *)&outpkt.seqno, outlen, (char *)&outpkt.seqno + outlen, &outpad); + outlen += n->maclength; + } + + to.sin_family = AF_INET; + to.sin_addr.s_addr = htonl(n->address); + to.sin_port = htons(n->port); + + if((sendto(udp_socket, (char *)&outpkt.seqno, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), n->name, n->hostname); @@ -203,6 +234,7 @@ cp */ void send_packet(node_t *n, vpn_packet_t *packet) { + node_t *via; cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), @@ -217,21 +249,31 @@ cp return; } - - if(n->via != n && debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), - n->name, n->via->name, n->via->hostname); - - if((myself->options | n->via->options) & OPTION_TCPONLY) + + if(!n->status.reachable) { - if(send_tcppacket(n->via->connection, packet)) - terminate_connection(n->via->connection, 1); + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Node %s (%s) is not reachable"), + n->name, n->hostname); + return; + } + + via = (n->via == myself)?n->nexthop:n->via; + + if(via != n && debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), + n->name, via->name, n->via->hostname); + + if((myself->options | via->options) & OPTION_TCPONLY) + { + if(send_tcppacket(via->connection, packet)) + terminate_connection(via->connection, 1); } else - send_udppacket(n->via, packet); + send_udppacket(via, packet); } -/* Broadcast a packet to all active direct connections */ +/* Broadcast a packet using the minimum spanning tree */ void broadcast_packet(node_t *from, vpn_packet_t *packet) { @@ -245,7 +287,7 @@ cp for(node = connection_tree->head; node; node = node->next) { c = (connection_t *)node->data; - if(c->status.active && c != from->nexthop->connection) + if(c->status.active && c->status.mst && c != from->nexthop->connection) send_packet(c->node, packet); } cp @@ -269,200 +311,142 @@ cp /* Setup sockets */ -int setup_listen_socket(node_t *n) +int setup_listen_socket(port_t port) { int nfd, flags; + struct sockaddr_in a; int option; - char *address; - int r; - struct addrinfo hints, *ai, *aitop; - int ipv6preferred; + ipv4_t *address; #ifdef HAVE_LINUX char *interface; #endif - cp - - if(!get_config_string(lookup_config(config_tree, "BindToAddress"), &address)) + if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { - address = NULL; - } - - hints.ai_socktype = SOCK_STREAM; - hints.ai_protocol = IPPROTO_TCP; - hints.ai_family = AF_INET; - if(get_config_bool(lookup_config(config_tree, "IPv6Preferred"), &ipv6preferred)) - { - if(ipv6preferred) - hints.ai_family = PF_UNSPEC; - } - if((r = getaddrinfo(address, n->port, &hints, &aitop)) != 0) - { - syslog(LOG_ERR, _("Looking up `%s' failed: %s\n"), - address, gai_strerror(r)); + syslog(LOG_ERR, _("Creating metasocket failed: %m")); return -1; } - /* Try to create a listening socket for all alternatives we got from - getaddrinfo. */ - for(ai = aitop; ai != NULL; ai = ai->ai_next) + flags = fcntl(nfd, F_GETFL); + if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - if((nfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol)) < 0) - { - syslog(LOG_ERR, _("Creating metasocket failed: %m")); - continue; - } - - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "fcntl"); - continue; - } - - /* Optimize TCP settings */ - - option = 1; - setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); - setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); -#ifdef HAVE_LINUX - setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); - - option = IPTOS_LOWDELAY; - setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); - - if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) - if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to interface %s: %m"), interface); - continue; - } -#endif - - if(bind(nfd, ai->ai_addr, ai->ai_addrlen)) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to %s port %s/tcp: %m"), - ai->ai_canonname, n->port); - continue; - } - - if(listen(nfd, 3)) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "listen"); - continue; - } - - break; /* We have successfully bound to a socket */ + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fcntl"); + return -1; } - if(ai == NULL) /* None of the alternatives succeeded */ + /* Optimize TCP settings */ + + option = 1; + setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); + setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); +#ifdef HAVE_LINUX + setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); + + option = IPTOS_LOWDELAY; + setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); + + if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) + if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface))) + { + close(nfd); + syslog(LOG_ERR, _("Can't bind to interface %s: %m"), interface); + return -1; + } +#endif + + memset(&a, 0, sizeof(a)); + a.sin_family = AF_INET; + a.sin_addr.s_addr = htonl(INADDR_ANY); + a.sin_port = htons(port); + + if(get_config_address(lookup_config(config_tree, "BindToAddress"), &address)) { - syslog(LOG_ERR, _("Failed to open a listening socket.")); + a.sin_addr.s_addr = htonl(*address); + free(address); + } + + if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) + { + close(nfd); + syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port); + return -1; + } + + if(listen(nfd, 3)) + { + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "listen"); return -1; } cp return nfd; } -int setup_vpn_in_socket(node_t *n) +int setup_vpn_in_socket(port_t port) { - const int one = 1; int nfd, flags; - int option; - char *address; - int r; - struct addrinfo hints, *ai, *aitop; - int ipv6preferred; -#ifdef HAVE_LINUX - char *interface; -#endif - + struct sockaddr_in a; + const int one = 1; cp - - if(!get_config_string(lookup_config(config_tree, "BindToAddress"), &address)) + if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) { - address = NULL; - } - - hints.ai_socktype = SOCK_DGRAM; - hints.ai_protocol = IPPROTO_UDP; - hints.ai_family = AF_INET; - if(get_config_bool(lookup_config(config_tree, "IPv6Preferred"), &ipv6preferred)) - { - if(ipv6preferred) - hints.ai_family = PF_UNSPEC; - } - if((r = getaddrinfo(address, n->port, &hints, &aitop)) != 0) - { - syslog(LOG_ERR, _("Looking up `%s' failed: %s\n"), - address, gai_strerror(r)); + close(nfd); + syslog(LOG_ERR, _("Creating socket failed: %m")); return -1; } setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); - /* Try to create a listening socket for all alternatives we got from - getaddrinfo. */ - for(ai = aitop; ai != NULL; ai = ai->ai_next) + flags = fcntl(nfd, F_GETFL); + if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - if((nfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol)) < 0) - { - syslog(LOG_ERR, _("Creating metasocket failed: %m")); - continue; - } - - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "fcntl"); - continue; - } - - /* Optimize UDP settings */ - - option = 1; - setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); -#ifdef HAVE_LINUX - if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) - if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to interface %s: %m"), interface); - continue; - } -#endif - - if(bind(nfd, ai->ai_addr, ai->ai_addrlen)) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to %s port %s/tcp: %m"), - ai->ai_canonname, n->port); - continue; - } - - break; /* We have successfully bound to a socket */ + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %m"), + "fcntl"); + return -1; } - if(ai == NULL) /* None of the alternatives succeeded */ + memset(&a, 0, sizeof(a)); + a.sin_family = AF_INET; + a.sin_port = htons(port); + a.sin_addr.s_addr = htonl(INADDR_ANY); + + if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) { - syslog(LOG_ERR, _("Failed to open a listening socket.")); + close(nfd); + syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port); return -1; } cp return nfd; } +void retry_outgoing(outgoing_t *outgoing) +{ + event_t *event; +cp + outgoing->timeout += 5; + if(outgoing->timeout > maxtimeout) + outgoing->timeout = maxtimeout; + + event = new_event(); + event->handler = (event_handler_t)setup_outgoing_connection; + event->time = time(NULL) + outgoing->timeout; + event->data = outgoing; + event_add(event); + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), outgoing->timeout); +cp +} + int setup_outgoing_socket(connection_t *c) { int flags; + struct sockaddr_in a; cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); @@ -471,7 +455,7 @@ cp if(c->socket == -1) { - syslog(LOG_ERR, _("Creating socket for %s port %s failed: %m"), + syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"), c->hostname, c->port); return -1; } @@ -506,10 +490,14 @@ cp /* Connect */ - if(connect(c->socket, c->address->ai_addr, c->address->ai_addrlen) == -1) + a.sin_family = AF_INET; + a.sin_port = htons(c->port); + a.sin_addr.s_addr = htonl(c->address); + + if(connect(c->socket, (struct sockaddr *)&a, sizeof(a)) == -1) { close(c->socket); - syslog(LOG_ERR, _("%s port %s: %m"), c->hostname, c->port); + syslog(LOG_ERR, _("%s port %hd: %m"), c->hostname, c->port); return -1; } @@ -518,38 +506,37 @@ cp if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) { close(c->socket); - syslog(LOG_ERR, _("fcntl for %s port %s: %m"), + syslog(LOG_ERR, _("fcntl for %s port %d: %m"), c->hostname, c->port); return -1; } if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Connected to %s port %s"), + syslog(LOG_INFO, _("Connected to %s port %hd"), c->hostname, c->port); cp return 0; } -int setup_outgoing_connection(char *name) +void setup_outgoing_connection(outgoing_t *outgoing) { connection_t *c; node_t *n; - struct addrinfo *ai, *aitop, hints; - int r, ipv6preferred; - + struct hostent *h; cp - n = lookup_node(name); + n = lookup_node(outgoing->name); if(n) if(n->connection) { if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Already connected to %s"), name); - return 0; + syslog(LOG_INFO, _("Already connected to %s"), outgoing->name); + n->connection->outgoing = outgoing; + return; } c = new_connection(); - c->name = xstrdup(name); + c->name = xstrdup(outgoing->name); init_configuration(&c->config_tree); read_connection_config(c); @@ -558,52 +545,40 @@ cp { syslog(LOG_ERR, _("No address specified for %s"), c->name); free_connection(c); - return -1; + free(outgoing->name); + free(outgoing); + return; } - if(!get_config_string(lookup_config(c->config_tree, "Port"), &c->port)) + if(!get_config_port(lookup_config(c->config_tree, "Port"), &c->port)) + c->port = 655; + + if(!(h = gethostbyname(c->hostname))) { - syslog(LOG_ERR, _("No port specified for %s"), c->name); + syslog(LOG_ERR, _("Error looking up `%s': %m"), c->hostname); free_connection(c); - return -1; + retry_outgoing(outgoing); + return; } - hints.ai_socktype = SOCK_STREAM; - hints.ai_family = AF_INET; - if(get_config_bool(lookup_config(c->config_tree, "IPv6Preferred"), &ipv6preferred)) + c->address = ntohl(*((ipv4_t*)(h->h_addr_list[0]))); + c->hostname = hostlookup(htonl(c->address)); + + if(setup_outgoing_socket(c) < 0) { - if(ipv6preferred) - hints.ai_family = PF_UNSPEC; + syslog(LOG_ERR, _("Could not set up a meta connection to %s (%s)"), + c->name, c->hostname); + retry_outgoing(outgoing); + return; } - if((r = getaddrinfo(c->hostname, c->port, &hints, &aitop)) != 0) - { - syslog(LOG_ERR, _("Looking up %s failed: %s\n"), - c->hostname, gai_strerror(r)); - return -1; - } - - for(ai = aitop; ai != NULL; ai = ai->ai_next) - { - if(setup_outgoing_socket(c) < 0) - continue; - } - - if(ai == NULL) - { - /* No connection alternative succeeded */ - free_connection(c); - return -1; - } - - c->status.outgoing = 1; + c->outgoing = outgoing; c->last_ping_time = time(NULL); connection_add(c); send_id(c); cp - return 0; } int read_rsa_public_key(connection_t *c) @@ -714,7 +689,7 @@ int setup_myself(void) { config_t *cfg; subnet_t *subnet; - char *name, *mode; + char *name, *mode, *cipher, *digest; int choice; cp myself = new_node(); @@ -764,8 +739,8 @@ cp return -1; } */ - if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myself->port)) - myself->port = "655"; + if(!get_config_port(lookup_config(myself->connection->config_tree, "Port"), &myself->port)) + myself->port = 655; myself->connection->port = myself->port; @@ -825,13 +800,13 @@ cp cp /* Open sockets */ - if((tcp_socket = setup_listen_socket(myself)) < 0) + if((tcp_socket = setup_listen_socket(myself->port)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening TCP socket!")); return -1; } - if((udp_socket = setup_vpn_in_socket(myself)) < 0) + if((udp_socket = setup_vpn_in_socket(myself->port)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening UDP socket!")); return -1; @@ -839,9 +814,28 @@ cp cp /* Generate packet encryption key */ - myself->cipher = EVP_bf_cbc(); + if(get_config_string(lookup_config(myself->connection->config_tree, "Cipher"), &cipher)) + { + if(!strcasecmp(cipher, "none")) + { + myself->cipher = NULL; + } + else + { + if(!(myself->cipher = EVP_get_cipherbyname(cipher))) + { + syslog(LOG_ERR, _("Unrecognized cipher type!")); + return -1; + } + } + } + else + myself->cipher = EVP_bf_cbc(); - myself->keylength = myself->cipher->key_len + myself->cipher->iv_len; + if(myself->cipher) + myself->keylength = myself->cipher->key_len + myself->cipher->iv_len; + else + myself->keylength = 1; myself->key = (char *)xmalloc(myself->keylength); RAND_pseudo_bytes(myself->key, myself->keylength); @@ -850,6 +844,45 @@ cp keylifetime = 3600; keyexpires = time(NULL) + keylifetime; + + /* Check if we want to use message authentication codes... */ + + if(get_config_string(lookup_config(myself->connection->config_tree, "Digest"), &digest)) + { + if(!strcasecmp(digest, "none")) + { + myself->digest = NULL; + } + else + { + if(!(myself->digest = EVP_get_digestbyname(digest))) + { + syslog(LOG_ERR, _("Unrecognized digest type!")); + return -1; + } + } + } + else + myself->digest = EVP_sha1(); + + if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength)) + { + if(myself->digest) + { + if(myself->maclength > myself->digest->md_size) + { + syslog(LOG_ERR, _("MAC length exceeds size of digest!")); + return -1; + } + else if (myself->maclength < 0) + { + syslog(LOG_ERR, _("Bogus MAC length!")); + return -1; + } + } + } + else + myself->maclength = 4; cp /* Done */ @@ -858,7 +891,9 @@ cp myself->status.active = 1; node_add(myself); - syslog(LOG_NOTICE, _("Ready: listening on port %s"), myself->port); + graph(); + + syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port); cp return 0; } @@ -873,16 +908,17 @@ cp init_subnets(); init_nodes(); init_edges(); + init_events(); - if(get_config_int(lookup_config(config_tree, "PingTimeout"), &timeout)) + if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) { - if(timeout < 1) + if(pingtimeout < 1) { - timeout = 86400; + pingtimeout = 86400; } } else - timeout = 60; + pingtimeout = 60; if(setup_device() < 0) return -1; @@ -893,8 +929,7 @@ cp if(setup_myself() < 0) return -1; - signal(SIGALRM, try_outgoing_connections); - alarm(5); + try_outgoing_connections(); cp return 0; } @@ -911,15 +946,18 @@ cp { next = node->next; c = (connection_t *)node->data; - c->status.outgoing = 0; + if(c->outgoing) + free(c->outgoing->name), free(c->outgoing); terminate_connection(c, 0); } - terminate_connection(myself->connection, 0); + if(myself && myself->connection) + terminate_connection(myself->connection, 0); close(udp_socket); close(tcp_socket); + exit_events(); exit_edges(); exit_subnets(); exit_nodes(); @@ -952,21 +990,14 @@ cp return NULL; } - c->address = sockaddr_to_addrinfo(ci); - - c->hostname = xmalloc(INET6_ADDRSTRLEN); - if((inet_ntop(ci.sin_family, &(ci.sin_addr), c->hostname, INET6_ADDRSTRLEN)) == NULL) - { - syslog(LOG_ERR, _("Couldn't convert address to string: %m")); - free(c->hostname); - return NULL; - } - asprintf(&(c->port), "%d", htons(ci.sin_port)); + c->address = ntohl(ci.sin_addr.s_addr); + c->hostname = hostlookup(ci.sin_addr.s_addr); + c->port = htons(ci.sin_port); c->socket = sfd; c->last_ping_time = time(NULL); if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection from %s port %s"), + syslog(LOG_NOTICE, _("Connection from %s port %d"), c->hostname, c->port); c->allow_request = ID; @@ -1021,19 +1052,20 @@ cp return; } - if((pkt.len = recvfrom(udp_socket, (char *) pkt.salt, MTU, 0, (struct sockaddr *)&from, &fromlen)) <= 0) + if((pkt.len = recvfrom(udp_socket, (char *)&pkt.seqno, MAXSIZE, 0, (struct sockaddr *)&from, &fromlen)) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %m")); return; } - n = lookup_node_udp(sockaddr_to_addrinfo(&from)); + n = lookup_node_udp(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); if(!n) { - syslog(LOG_WARNING, _("Received UDP packet on port %s from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); + syslog(LOG_WARNING, _("Received UDP packet on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); return; } + /* if(n->connection) n->connection->last_ping_time = time(NULL); @@ -1042,6 +1074,65 @@ cp cp } +/* Purge edges and subnets of unreachable nodes. Use carefully. */ + +void purge(void) +{ + avl_node_t *nnode, *nnext, *enode, *enext, *snode, *snext, *cnode; + node_t *n; + edge_t *e; + subnet_t *s; + connection_t *c; +cp + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_DEBUG, _("Purging unreachable nodes")); + + for(nnode = node_tree->head; nnode; nnode = nnext) + { + nnext = nnode->next; + n = (node_t *)nnode->data; + + if(!n->status.reachable) + { + if(debug_lvl >= DEBUG_SCARY_THINGS) + syslog(LOG_DEBUG, _("Purging node %s (%s)"), n->name, n->hostname); + + for(snode = n->subnet_tree->head; snode; snode = snext) + { + snext = snode->next; + s = (subnet_t *)snode->data; + + for(cnode = connection_tree->head; cnode; cnode = cnode->next) + { + c = (connection_t *)cnode->data; + if(c->status.active) + send_del_subnet(c, s); + } + + subnet_del(n, s); + } + + for(enode = n->edge_tree->head; enode; enode = enext) + { + enext = enode->next; + e = (edge_t *)enode->data; + + for(cnode = connection_tree->head; cnode; cnode = cnode->next) + { + c = (connection_t *)cnode->data; + if(c->status.active) + send_del_edge(c, e); + } + + edge_del(e); + } + + node_del(n); + } + } +cp +} + /* Terminate a connection: - Close the socket @@ -1081,14 +1172,16 @@ cp edge_del(c->edge); } + /* Run MST and SSSP algorithms */ + + graph(); + /* Check if this was our outgoing connection */ - if(c->status.outgoing) + if(c->outgoing) { - c->status.outgoing = 0; - signal(SIGALRM, try_outgoing_connections); - alarm(seconds_till_retry); - syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), seconds_till_retry); + retry_outgoing(c->outgoing); + c->outgoing = NULL; } /* Deactivate */ @@ -1120,7 +1213,7 @@ cp { next = node->next; c = (connection_t *)node->data; - if(c->last_ping_time + timeout < now) + if(c->last_ping_time + pingtimeout < now) { if(c->status.active) { @@ -1180,71 +1273,27 @@ cp return 0; } -void randomized_alarm(int seconds) -{ - unsigned char r; - RAND_pseudo_bytes(&r, 1); - alarm((seconds * (int)r) / 128 + 1); -} - -/* This function is severely fucked up. - We want to redesign it so the following rules apply: - - - Try all ConnectTo's in a row: - - if a connect() fails, try next one immediately, - - if it works, wait 5 seconds or so. - - If none of them were succesful, increase delay and retry. - - If all were succesful, don't try anymore. -*/ - -RETSIGTYPE -try_outgoing_connections(int a) +void try_outgoing_connections(void) { static config_t *cfg = NULL; - static int retry = 0; char *name; + outgoing_t *outgoing; cp - if(!cfg) - cfg = lookup_config(config_tree, "ConnectTo"); - - if(!cfg) - return; - - while(cfg) + for(cfg = lookup_config(config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(config_tree, cfg)) { get_config_string(cfg, &name); if(check_id(name)) { syslog(LOG_ERR, _("Invalid name for outgoing connection in %s line %d"), cfg->file, cfg->line); + free(name); continue; } - if(setup_outgoing_connection(name)) /* function returns 0 when there are no problems */ - retry = 1; - - cfg = lookup_config_next(config_tree, cfg); /* Next time skip to next ConnectTo line */ + outgoing = xmalloc_and_zero(sizeof(*outgoing)); + outgoing->name = name; + setup_outgoing_connection(outgoing); } - - get_config_int(lookup_config(config_tree, "MaxTimeout"), &maxtimeout); - - if(retry) - { - seconds_till_retry += 5; - if(seconds_till_retry > maxtimeout) /* Don't wait more than MAXTIMEOUT seconds. */ - seconds_till_retry = maxtimeout; - - syslog(LOG_ERR, _("Failed to setup any outgoing connection, will retry in %d seconds"), - seconds_till_retry); - - /* Randomize timeout to avoid global synchronisation effects */ - randomized_alarm(seconds_till_retry); - } - else - { - seconds_till_retry = 5; - } -cp } /* @@ -1292,6 +1341,9 @@ cp if(c->status.remove) connection_del(c); } + + if(!connection_tree->head) + purge(); cp } @@ -1305,13 +1357,16 @@ void main_loop(void) int r; time_t last_ping_check; int t; + event_t *event; vpn_packet_t packet; cp last_ping_check = time(NULL); + srand(time(NULL)); + for(;;) { - tv.tv_sec = timeout; + tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */ tv.tv_usec = 0; if(do_prune) @@ -1324,7 +1379,7 @@ cp if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) { - if(errno != EINTR) /* because of alarm */ + if(errno != EINTR) /* because of a signal */ { syslog(LOG_ERR, _("Error while waiting for input: %m")); return; @@ -1352,11 +1407,17 @@ cp continue; } + if(do_purge) + { + purge(); + do_purge = 0; + } + t = time(NULL); /* Let's check if everybody is still alive */ - if(last_ping_check + timeout < t) + if(last_ping_check + pingtimeout < t) { check_dead_connections(); last_ping_check = time(NULL); @@ -1374,6 +1435,25 @@ cp } } + if(sigalrm) + { + syslog(LOG_INFO, _("Flushing event queue")); + + while(event_tree->head) + { + event = (event_t *)event_tree->head->data; + event->handler(event->data); + event_del(event); + } + sigalrm = 0; + } + + while((event = get_expired_event())) + { + event->handler(event->data); + free(event); + } + if(r > 0) { check_network_activity(&fset); @@ -1381,9 +1461,7 @@ cp /* local tap data */ if(FD_ISSET(device_fd, &fset)) { - if(read_packet(&packet)) - return; - else + if(!read_packet(&packet)) route_outgoing(&packet); } } diff --git a/src/net.h b/src/net.h index 6b2c6b4d..93ac391e 100644 --- a/src/net.h +++ b/src/net.h @@ -1,7 +1,7 @@ /* net.h -- header for net.c - Copyright (C) 1998-2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.37 2001/11/16 12:08:38 zarq Exp $ + $Id: net.h,v 1.9.4.38 2002/02/10 21:57:54 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -27,41 +27,35 @@ #include "config.h" -#define MAXSIZE 1700 /* should be a bit more than the MTU for the tapdevice */ -#define MTU 1600 -#define SALTLEN 2 /* to spice things up for the NSA... */ +#define MTU 1514 /* 1500 bytes payload + 14 bytes ethernet header */ +#define MAXSIZE 1600 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ -#define MAC_ADDR_S "%02x:%02x:%02x:%02x:%02x:%02x" -#define MAC_ADDR_V(x) ((unsigned char*)&(x))[0],((unsigned char*)&(x))[1], \ - ((unsigned char*)&(x))[2],((unsigned char*)&(x))[3], \ - ((unsigned char*)&(x))[4],((unsigned char*)&(x))[5] - -#define IP_ADDR_S "%d.%d.%d.%d" - -#ifdef WORDS_BIGENDIAN -# define IP_ADDR_V(x) ((unsigned char*)&(x))[0],((unsigned char*)&(x))[1], \ - ((unsigned char*)&(x))[2],((unsigned char*)&(x))[3] -#else -# define IP_ADDR_V(x) ((unsigned char*)&(x))[3],((unsigned char*)&(x))[2], \ - ((unsigned char*)&(x))[1],((unsigned char*)&(x))[0] -#endif - -#define MAXBUFSIZE 4096 /* Probably way too much, but it must fit every possible request. */ - -/* tap types */ -#define TAP_TYPE_ETHERTAP 0 -#define TAP_TYPE_TUNTAP 1 +#define MAXBUFSIZE 2048 /* Probably way too much, but it must fit every possible request. */ typedef struct mac_t { unsigned char x[6]; } mac_t; +typedef unsigned long ipv4_t; + +typedef struct ip_mask_t { + ipv4_t address; + ipv4_t mask; +} ip_mask_t; + +typedef struct ipv6_t +{ + unsigned short x[8]; +} ipv6_t; + +typedef unsigned short port_t; + typedef short length_t; typedef struct vpn_packet_t { length_t len; /* the actual number of bytes in the `data' field */ - unsigned char salt[SALTLEN]; /* two bytes of randomness */ + unsigned int seqno; /* 32 bits sequence number (network byte order of course) */ unsigned char data[MAXSIZE]; } vpn_packet_t; @@ -76,11 +70,16 @@ typedef struct packet_queue_t { queue_element_t *tail; } packet_queue_t; +typedef struct outgoing_t { + char *name; + int timeout; +} outgoing_t; + extern int maxtimeout; extern int seconds_till_retry; -extern char *request_name[256]; -extern char *status_text[10]; +extern char *request_name[]; +extern char *status_text[]; #include "connection.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ @@ -89,11 +88,12 @@ extern void receive_packet(struct node_t *, vpn_packet_t *); extern void receive_tcppacket(struct connection_t *, char *, int); extern void broadcast_packet(struct node_t *, vpn_packet_t *); extern int setup_network_connections(void); +extern void setup_outgoing_connection(struct outgoing_t *); +extern void try_outgoing_connections(void); extern void close_network_connections(void); extern void main_loop(void); extern void terminate_connection(connection_t *, int); extern void flush_queue(struct node_t *); extern int read_rsa_public_key(struct connection_t *); -extern RETSIGTYPE try_outgoing_connections(int); #endif /* __TINC_NET_H__ */ diff --git a/src/node.c b/src/node.c index ba795ba9..5307ea66 100644 --- a/src/node.c +++ b/src/node.c @@ -1,7 +1,7 @@ /* node.c -- node tree management - Copyright (C) 2001 Guus Sliepen , - 2001 Ivo Timmermans + Copyright (C) 2001-2002 Guus Sliepen , + 2001-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.7 2001/11/16 17:39:38 zarq Exp $ + $Id: node.c,v 1.1.2.8 2002/02/10 21:57:54 guus Exp $ */ #include "config.h" @@ -47,10 +47,13 @@ int node_udp_compare(node_t *a, node_t *b) { if(a->address < b->address) return -1; - else if (a->address > b->address) + if (a->address > b->address) return 1; - else - return a->port - b->port; + if (a->port < b->port) + return -1; + if (a->port > b->port) + return 1; + return (a->name && b->name)?strcmp(a->name, b->name):0; } void init_nodes(void) @@ -140,11 +143,13 @@ cp return avl_search(node_tree, &n); } -node_t *lookup_node_udp(struct addrinfo *address) +node_t *lookup_node_udp(ipv4_t address, port_t port) { node_t n; cp + n.name = NULL; n.address = address; + n.port = port; return avl_search(node_udp_tree, &n); } @@ -158,9 +163,9 @@ cp for(node = node_tree->head; node; node = node->next) { n = (node_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s port %s options %ld status %04x nexthop %s via %s"), - n->name, n->hostname, n->port, n->options, - n->status, n->nexthop->name, n->via->name); + syslog(LOG_DEBUG, _(" %s at %s port %hd cipher %d digest %d maclength %d options %ld status %04x nexthop %s via %s"), + n->name, n->hostname, n->port, n->cipher?n->cipher->nid:0, n->digest?n->digest->type:0, n->maclength, n->options, + n->status, n->nexthop?n->nexthop->name:"-", n->via?n->via->name:"-"); } syslog(LOG_DEBUG, _("End of nodes.")); diff --git a/src/node.h b/src/node.h index 83305ce3..6d281e62 100644 --- a/src/node.h +++ b/src/node.h @@ -1,7 +1,7 @@ /* node.h -- header for node.c - Copyright (C) 2001 Guus Sliepen , - 2001 Ivo Timmermans + Copyright (C) 2001-2002 Guus Sliepen , + 2001-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.9 2001/11/16 15:56:44 zarq Exp $ + $Id: node.h,v 1.1.2.10 2002/02/10 21:57:54 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -33,23 +33,27 @@ typedef struct node_status_t { int validkey:1; /* 1 if we currently have a valid key for him */ int waitingforkey:1; /* 1 if we already sent out a request */ int visited:1; /* 1 if this node has been visited by one of the graph algorithms */ - int unused:28; + int reachable:1; /* 1 if this node is reachable in the graph */ + int unused:27; } node_status_t; typedef struct node_t { char *name; /* name of this node */ long int options; /* options turned on for this node */ - struct addrinfo *address; /* his real (internet) ip to send UDP packets to */ - char *port; /* string representation of the port number */ + ipv4_t address; /* his real (internet) ip to send UDP packets to */ + port_t port; /* port number of UDP connection */ char *hostname; /* the hostname of its real ip */ struct node_status_t status; - EVP_CIPHER *cipher; /* Cipher type for UDP packets */ + const EVP_CIPHER *cipher; /* Cipher type for UDP packets */ char *key; /* Cipher key and iv */ int keylength; /* Cipher key and iv length*/ + const EVP_MD *digest; /* Digest type for MAC */ + int maclength; /* Length of MAC */ + list_t *queue; /* Queue for packets awaiting to be encrypted */ struct node_t *nexthop; /* nearest node from us to him */ @@ -60,10 +64,14 @@ typedef struct node_t { avl_tree_t *edge_tree; /* Edges with this node as one of the endpoints */ struct connection_t *connection; /* Connection associated with this node (if a direct connection exists) */ + + unsigned int sent_seqno; /* Sequence number last sent to this node */ + unsigned int received_seqno; /* Sequence number last received from this node */ } node_t; extern struct node_t *myself; extern avl_tree_t *node_tree; +extern avl_tree_t *node_udp_tree; extern void init_nodes(void); extern void exit_nodes(void); @@ -72,8 +80,7 @@ extern void free_node(node_t *n); extern void node_add(node_t *n); extern void node_del(node_t *n); extern node_t *lookup_node(char *); -extern node_t *lookup_node_udp(struct addrinfo *); +extern node_t *lookup_node_udp(ipv4_t, port_t); extern void dump_nodes(void); - #endif /* __TINC_NODE_H__ */ diff --git a/src/openbsd/device.c b/src/openbsd/device.c index 45840010..1fccd14f 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with OpenBSD tun device - Copyright (C) 2001 Ivo Timmermans , - 2001 Guus Sliepen + Copyright (C) 2001-2002 Ivo Timmermans , + 2001-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,9 +17,30 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.2 2001/10/12 15:52:03 guus Exp $ + $Id: device.c,v 1.1.2.3 2002/02/10 21:57:54 guus Exp $ */ +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include "conf.h" +#include "net.h" +#include "subnet.h" + +#include "system.h" + #define DEFAULT_DEVICE "/dev/tun0" #define DEVICE_TYPE_ETHERTAP 0 @@ -27,24 +48,29 @@ int device_fd = -1; int device_type; -char *device_fname; +char *device; +char *interface; char *device_info; int device_total_in = 0; int device_total_out = 0; +extern subnet_t mymac; + /* open the local ethertap device */ int setup_device(void) { - if(!get_config_string(lookup_config(config_tree, "Device"), &device_fname))) - device_fname = DEFAULT_DEVICE; + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + interface = netname; cp - if((device_fd = open(device_fname, O_RDWR | O_NONBLOCK)) < 0) + if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %m"), device_fname); + syslog(LOG_ERR, _("Could not open %s: %m"), device); return -1; } cp @@ -60,28 +86,35 @@ cp device_info = _("OpenBSD tun device"); - syslog(LOG_INFO, _("%s is a %s"), device_fname, device_info); + syslog(LOG_INFO, _("%s is a %s"), device, device_info); cp return 0; } +void close_device(void) +{ +cp + close(device_fd); +cp +} + int read_packet(vpn_packet_t *packet) { int lenin; u_int32_t type; -cp struct iovec vector[2] = {{&type, sizeof(type)}, {packet->data + 14, MTU - 14}}; +cp if((lenin = readv(device_fd, vector, 2)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device_fname); + syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device); return -1; } - memcpy(vp->data, mymac.net.mac.address.x, 6); - memcpy(vp->data + 6, mymac.net.mac.address.x, 6); - vp->data[12] = 0x08; - vp->data[13] = 0x00; + memcpy(packet->data, mymac.net.mac.address.x, 6); + memcpy(packet->data + 6, mymac.net.mac.address.x, 6); + packet->data[12] = 0x08; + packet->data[13] = 0x00; packet->len = lenin + 10; @@ -89,7 +122,7 @@ cp if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), device_info, packet.len); + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); } return 0; @@ -99,20 +132,32 @@ cp int write_packet(vpn_packet_t *packet) { u_int32_t type = htonl(AF_INET); + struct iovec vector[2]; cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); - - struct iovec vector[2] = {{&type, sizeof(type)}, {packet->data + 14, packet->len - 14}}; + vector[0].iov_base = &type; + vector[0].iov_len = sizeof(type); + vector[1].iov_base = packet->data + 14; + vector[1].iov_len = packet->len - 14; if(writev(device_fd, vector, 2) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, packet.len); + syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, device); return -1; } device_total_out += packet->len; cp } + +void dump_device_stats(void) +{ +cp + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp +} diff --git a/src/process.c b/src/process.c index 8ca8733f..cd1b96e6 100644 --- a/src/process.c +++ b/src/process.c @@ -1,7 +1,7 @@ /* process.c -- process management functions - Copyright (C) 1999-2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.32 2001/11/03 22:53:02 guus Exp $ + $Id: process.c,v 1.1.2.33 2002/02/10 21:57:54 guus Exp $ */ #include "config.h" @@ -59,6 +59,10 @@ sigset_t emptysigset; static int saved_debug_lvl = 0; +extern int sighup; +extern int sigalrm; +extern int do_purge; + void memory_full(int size) { syslog(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exiting."), size); @@ -342,6 +346,7 @@ sigsegv_handler(int a, siginfo_t *info, void *b) act.sa_mask = emptysigset; act.sa_flags = SA_SIGINFO; act.sa_sigaction = sigsegv_square; + sigaction(SIGSEGV, &act, NULL); close_network_connections(); sleep(5); @@ -351,7 +356,7 @@ sigsegv_handler(int a, siginfo_t *info, void *b) else { syslog(LOG_NOTICE, _("Not restarting.")); - exit(0); + exit(1); } } @@ -382,6 +387,14 @@ sigint_handler(int a, siginfo_t *info, void *b) } } +RETSIGTYPE +sigalrm_handler(int a, siginfo_t *info, void *b) +{ + if(debug_lvl > DEBUG_NOTHING) + syslog(LOG_NOTICE, _("Got ALRM signal")); + sigalrm = 1; +} + RETSIGTYPE sigusr1_handler(int a, siginfo_t *info, void *b) { @@ -397,6 +410,13 @@ sigusr2_handler(int a, siginfo_t *info, void *b) dump_subnets(); } +RETSIGTYPE +sigwinch_handler(int a, siginfo_t *info, void *b) +{ + extern int do_purge; + do_purge = 1; +} + RETSIGTYPE unexpected_signal_handler(int a, siginfo_t *info, void *b) { @@ -427,7 +447,8 @@ struct { { SIGUSR1, sigusr1_handler }, { SIGUSR2, sigusr2_handler }, { SIGCHLD, ignore_signal_handler }, - { SIGALRM, ignore_signal_handler }, + { SIGALRM, sigalrm_handler }, + { SIGWINCH, sigwinch_handler }, { 0, NULL } }; @@ -447,7 +468,7 @@ setup_signals(void) for(i = 0; i < NSIG; i++) { if(!do_detach) - act.sa_sigaction = SIG_DFL; + act.sa_sigaction = (void(*)(int, siginfo_t *, void *))SIG_DFL; else act.sa_sigaction = unexpected_signal_handler; sigaction(i, &act, NULL); @@ -455,7 +476,7 @@ setup_signals(void) /* If we didn't detach, allow coredumps */ if(!do_detach) - sighandlers[3].handler = SIG_DFL; + sighandlers[3].handler = (void(*)(int, siginfo_t *, void *))SIG_DFL; /* Then, for each known signal that we want to catch, assign a handler to the signal, with error checking this time. */ diff --git a/src/process.h b/src/process.h index fe7466ed..1289d2da 100644 --- a/src/process.h +++ b/src/process.h @@ -1,7 +1,7 @@ /* process.h -- header file for process.c - Copyright (C) 1999-2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.9 2001/09/01 12:36:53 guus Exp $ + $Id: process.h,v 1.1.2.10 2002/02/10 21:57:54 guus Exp $ */ #ifndef __TINC_PROCESS_H__ diff --git a/src/protocol.c b/src/protocol.c index 36e10c40..af8029d0 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -1,5 +1,5 @@ /* - protocol.c -- handle the meta-protocol + protocol.c -- handle the meta-protocol, basic functions Copyright (C) 1999-2001 Ivo Timmermans , 2000,2001 Guus Sliepen @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.121 2001/11/16 17:39:59 zarq Exp $ + $Id: protocol.c,v 1.28.4.122 2002/02/10 21:57:54 guus Exp $ */ #include "config.h" @@ -27,40 +27,19 @@ #include #include #include -#include -#include #include #include #include #include -#include -#include -#include - -#include - -#include -#include -#include - -#ifndef HAVE_RAND_PSEUDO_BYTES -#define RAND_pseudo_bytes RAND_bytes -#endif #include "conf.h" -#include "net.h" #include "protocol.h" #include "meta.h" #include "connection.h" -#include "node.h" -#include "edge.h" -#include "graph.h" #include "system.h" -int mykeyused = 0; - int check_id(char *id) { int i; @@ -164,1364 +143,13 @@ cp return 0; } -/* The authentication protocol is described in detail in doc/SECURITY2, - the rest will be described in doc/PROTOCOL. */ - -int send_id(connection_t *c) -{ -cp - return send_request(c, "%d %s %d", ID, myself->connection->name, myself->connection->protocol_version); -} - -int id_h(connection_t *c) -{ - char name[MAX_STRING_SIZE]; -int bla; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" %d", name, &c->protocol_version) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, c->hostname); - return -1; - } - - /* Check if identity is a valid name */ - - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, c->hostname, "invalid name"); - return -1; - } - - /* If we set c->name in advance, make sure we are connected to the right host */ - - if(c->name) - { - if(strcmp(c->name, name)) - { - syslog(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, c->name); - return -1; - } - } - else - c->name = xstrdup(name); - - /* Check if version matches */ - - if(c->protocol_version != myself->connection->protocol_version) - { - syslog(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), - c->name, c->hostname, c->protocol_version); - return -1; - } - - if(bypass_security) - { - if(!c->config_tree) - init_configuration(&c->config_tree); - c->allow_request = ACK; - return send_ack(c); - } - - if(!c->config_tree) - { - init_configuration(&c->config_tree); - - if((bla = read_connection_config(c))) - { - syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name); - return -1; - } - } - - if(read_rsa_public_key(c)) - { - return -1; - } - - c->allow_request = METAKEY; -cp - return send_metakey(c); -} - -int send_metakey(connection_t *c) -{ - char buffer[MAX_STRING_SIZE]; - int len, x; -cp - len = RSA_size(c->rsa_key); - - /* Allocate buffers for the meta key */ - - if(!c->outkey) - c->outkey = xmalloc(len); - - if(!c->outctx) - c->outctx = xmalloc(sizeof(*c->outctx)); -cp - /* Copy random data to the buffer */ - - RAND_bytes(c->outkey, len); - - /* The message we send must be smaller than the modulus of the RSA key. - By definition, for a key of k bits, the following formula holds: - - 2^(k-1) <= modulus < 2^(k) - - Where ^ means "to the power of", not "xor". - This means that to be sure, we must choose our message < 2^(k-1). - This can be done by setting the most significant bit to zero. - */ - - c->outkey[0] &= 0x7F; - - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(c->outkey, buffer, len); - buffer[len*2] = '\0'; - syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer); - } - - /* Encrypt the random data - - We do not use one of the PKCS padding schemes here. - This is allowed, because we encrypt a totally random string - with a length equal to that of the modulus of the RSA key. - */ - - if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) - { - syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); - return -1; - } -cp - /* Convert the encrypted random data to a hexadecimal formatted string */ - - bin2hex(buffer, buffer, len); - buffer[len*2] = '\0'; - - /* Send the meta key */ - - x = send_request(c, "%d %s", METAKEY, buffer); - - /* Further outgoing requests are encrypted with the key we just generated */ - - EVP_EncryptInit(c->outctx, EVP_bf_cfb(), - c->outkey + len - EVP_bf_cfb()->key_len, - c->outkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len); - - c->status.encryptout = 1; -cp - return x; -} - -int metakey_h(connection_t *c) -{ - char buffer[MAX_STRING_SIZE]; - int len; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); - return -1; - } -cp - len = RSA_size(myself->connection->rsa_key); - - /* Check if the length of the meta key is all right */ - - if(strlen(buffer) != len*2) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); - return -1; - } - - /* Allocate buffers for the meta key */ -cp - if(!c->inkey) - c->inkey = xmalloc(len); - - if(!c->inctx) - c->inctx = xmalloc(sizeof(*c->inctx)); - - /* Convert the challenge from hexadecimal back to binary */ -cp - hex2bin(buffer,buffer,len); - - /* Decrypt the meta key */ -cp - if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ - { - syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); - return -1; - } - - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(c->inkey, buffer, len); - buffer[len*2] = '\0'; - syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); - } - - /* All incoming requests will now be encrypted. */ -cp - EVP_DecryptInit(c->inctx, EVP_bf_cfb(), - c->inkey + len - EVP_bf_cfb()->key_len, - c->inkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len); - - c->status.decryptin = 1; - - c->allow_request = CHALLENGE; -cp - return send_challenge(c); -} - -int send_challenge(connection_t *c) -{ - char buffer[MAX_STRING_SIZE]; - int len, x; -cp - /* CHECKME: what is most reasonable value for len? */ - - len = RSA_size(c->rsa_key); - - /* Allocate buffers for the challenge */ - - if(!c->hischallenge) - c->hischallenge = xmalloc(len); -cp - /* Copy random data to the buffer */ - - RAND_bytes(c->hischallenge, len); - -cp - /* Convert to hex */ - - bin2hex(c->hischallenge, buffer, len); - buffer[len*2] = '\0'; - -cp - /* Send the challenge */ - - x = send_request(c, "%d %s", CHALLENGE, buffer); -cp - return x; -} - -int challenge_h(connection_t *c) -{ - char buffer[MAX_STRING_SIZE]; - int len; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, c->hostname); - return -1; - } - - len = RSA_size(myself->connection->rsa_key); - - /* Check if the length of the challenge is all right */ - - if(strlen(buffer) != len*2) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong challenge length"); - return -1; - } - - /* Allocate buffers for the challenge */ - - if(!c->mychallenge) - c->mychallenge = xmalloc(len); - - /* Convert the challenge from hexadecimal back to binary */ - - hex2bin(buffer,c->mychallenge,len); - - c->allow_request = CHAL_REPLY; - - /* Rest is done by send_chal_reply() */ -cp - return send_chal_reply(c); -} - -int send_chal_reply(connection_t *c) -{ - char hash[SHA_DIGEST_LENGTH*2+1]; -cp - /* Calculate the hash from the challenge we received */ - - SHA1(c->mychallenge, RSA_size(myself->connection->rsa_key), hash); - - /* Convert the hash to a hexadecimal formatted string */ - - bin2hex(hash,hash,SHA_DIGEST_LENGTH); - hash[SHA_DIGEST_LENGTH*2] = '\0'; - - /* Send the reply */ - -cp - return send_request(c, "%d %s", CHAL_REPLY, hash); -} - -int chal_reply_h(connection_t *c) -{ - char hishash[MAX_STRING_SIZE]; - char myhash[SHA_DIGEST_LENGTH]; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING, hishash) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, c->hostname); - return -1; - } - - /* Check if the length of the hash is all right */ - - if(strlen(hishash) != SHA_DIGEST_LENGTH*2) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply length")); - return -1; - } - - /* Convert the hash to binary format */ - - hex2bin(hishash, hishash, SHA_DIGEST_LENGTH); - - /* Calculate the hash from the challenge we sent */ - - SHA1(c->hischallenge, RSA_size(c->rsa_key), myhash); - - /* Verify the incoming hash with the calculated hash */ - - if(memcmp(hishash, myhash, SHA_DIGEST_LENGTH)) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply")); - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); - hishash[SHA_DIGEST_LENGTH*2] = '\0'; - syslog(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); - } - return -1; - } - - /* Identity has now been positively verified. - Send an acknowledgement with the rest of the information needed. - */ - - c->allow_request = ACK; -cp - return send_ack(c); -} - -int send_ack(connection_t *c) -{ - /* ACK message contains rest of the information the other end needs - to create node_t and edge_t structures. */ - - struct timeval now; - - /* Estimate weight */ - - gettimeofday(&now, NULL); - c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; -cp - return send_request(c, "%d %hd %d", ACK, myself->port, c->estimated_weight); -} - -int ack_h(connection_t *c) -{ - int weight; - node_t *n; - subnet_t *s; - edge_t *e; - connection_t *other; - avl_node_t *node, *node2; -cp - if(sscanf(c->buffer, "%*d %hd %d", &port, &weight) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); - return -1; - } - - /* Check if we already have a node_t for him */ - - n = lookup_node(c->name); - - if(!n) - { - n = new_node(); - n->name = xstrdup(c->name); - n->address = c->address; - n->hostname = xstrdup(c->hostname); - n->port = port; - - /* FIXME: Also check if no other tinc daemon uses the same IP and port for UDP traffic */ - - node_add(n); - } - else - { - if(n->connection) - { - /* Oh dear, we already have a connection to this node. */ - syslog(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); - terminate_connection(n->connection, 0); - } - - /* FIXME: check if information in existing node matches that of the other end of this connection */ - } - - n->connection = c; - c->node = n; - - /* Check some options - - if((cfg = get_config_val(c->config, config_indirectdata))) - { - if(cfg->data.val == stupid_true) - c->options |= OPTION_INDIRECT; - } - - if((cfg = get_config_val(c->config, config_tcponly))) - { - if(cfg->data.val == stupid_true) - c->options |= OPTION_TCPONLY; - } - - if((myself->options | c->options) & OPTION_INDIRECT) - c->via = myself; - else - c->via = c; - - */ - - /* Create an edge_t for this connection */ - - c->edge = new_edge(); - - c->edge->from = myself; - c->edge->to = n; - c->edge->weight = (weight + c->estimated_weight) / 2; - c->edge->connection = c; - - edge_add(c->edge); - - /* Activate this connection */ - - c->allow_request = ALL; - c->status.active = 1; - c->node->cipher = EVP_bf_cbc(); - c->node->keylength = c->node->cipher->key_len + c->node->cipher->iv_len; - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); - -cp - /* Send him our subnets */ - - for(node = myself->subnet_tree->head; node; node = node->next) - { - s = (subnet_t *)node->data; - send_add_subnet(c, s); - } - - /* And send him all known nodes and their subnets */ - - for(node = node_tree->head; node; node = node->next) - { - n = (node_t *)node->data; - - if(n == c->node || n == myself) - continue; - - send_add_node(c, n); - - for(node2 = c->node->subnet_tree->head; node2; node2 = node2->next) - { - s = (subnet_t *)node2->data; - send_add_subnet(c, s); - } - } - - /* Send all known edges */ - - for(node = edge_tree->head; node; node = node->next) - { - e = (edge_t *)node->data; - - if(e == c->edge) - continue; - - send_add_edge(c, e); - } - - /* Notify others of this connection */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - - if(other->status.active && other != c) - { - send_add_node(other, c->node); - send_add_edge(other, c->edge); - } - } - - /* Run MST and SSSP algorithms */ - - mst_kruskal(); - sssp_bfs(0); -cp - return 0; -} - - - -/* Address and subnet information exchange */ - -int send_add_subnet(connection_t *c, subnet_t *subnet) -{ - int x; - char *netstr; -cp - x = send_request(c, "%d %s %s", ADD_SUBNET, - subnet->owner->name, netstr = net2str(subnet)); - free(netstr); -cp - return x; -} - -int add_subnet_h(connection_t *c) -{ - char subnetstr[MAX_STRING_SIZE]; - char name[MAX_STRING_SIZE]; - node_t *owner; - connection_t *other; - subnet_t *s; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_SUBNET", c->name, c->hostname); - return -1; - } - - /* Check if owner name is a valid */ - - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid name")); - return -1; - } - - /* Check if subnet string is valid */ - - if(!(s = str2net(subnetstr))) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid subnet string")); - return -1; - } - - /* Check if the owner of the new subnet is in the connection list */ - - owner = lookup_node(name); - - if(!owner) - { - syslog(LOG_ERR, _("Got ADD_SUBNET from %s (%s) for %s which is not in our connection list"), - c->name, c->hostname, name); - return -1; - } - - /* Check if we already know this subnet */ - - if(lookup_subnet(owner, s)) - { - free_subnet(s); - return 0; - } - - /* If everything is correct, add the subnet to the list of the owner */ - - subnet_add(owner, s); - - /* Tell the rest */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_add_subnet(other, s); - } -cp - return 0; -} - -int send_del_subnet(connection_t *c, subnet_t *s) -{ - int x; - char *netstr; -cp - x = send_request(c, "%d %s %s", DEL_SUBNET, s->owner->name, netstr = net2str(s)); - free(netstr); -cp - return x; -} - -int del_subnet_h(connection_t *c) -{ - char subnetstr[MAX_STRING_SIZE]; - char name[MAX_STRING_SIZE]; - node_t *owner; - connection_t *other; - subnet_t *s, *find; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 3) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_SUBNET", c->name, c->hostname); - return -1; - } - - /* Check if owner name is a valid */ - - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid name")); - return -1; - } - - /* Check if the owner of the new subnet is in the connection list */ - - if(!(owner = lookup_node(name))) - { - syslog(LOG_ERR, _("Got %s from %s (%s) for %s which is not in our connection list"), - "DEL_SUBNET", c->name, c->hostname, name); - return -1; - } - - /* Check if subnet string is valid */ - - if(!(s = str2net(subnetstr))) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid subnet string")); - return -1; - } - - /* If everything is correct, delete the subnet from the list of the owner */ - - find = lookup_subnet(owner, s); - - free_subnet(s); - - if(!find) - { - syslog(LOG_ERR, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), - "DEL_SUBNET", c->name, c->hostname, name); - return -1; - } - - subnet_del(owner, find); - - /* Tell the rest */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_del_subnet(other, s); - } -cp - return 0; -} - -/* New and closed connections notification */ - -int send_add_node(connection_t *c, node_t *n) -{ -cp - return send_request(c, "%d %s %lx:%d", ADD_NODE, - n->name, n->address, n->port); -} - -int add_node_h(connection_t *c) -{ - connection_t *other; - node_t *n; - char name[MAX_STRING_SIZE]; - ipv4_t address; - port_t port; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" %lx:%hd", name, &address, &port) != 3) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_NODE", c->name, c->hostname); - return -1; - } - - /* Check if identity is a valid name */ - - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_NODE", c->name, c->hostname, _("invalid name")); - return -1; - } - - /* Check if node already exists */ - - n = lookup_node(name); - - if(n) - { - /* Check if it matches */ - - if(n->address != address || n->port != port) - syslog(LOG_DEBUG, _("Got %s from %s (%s) for %s which does not match existing entry"), "ADD_NODE", c->name, c->hostname, n->name); - - return 0; - } - else - { - n = new_node(); - n->name = xstrdup(name); - n->address = address; - n->port = port; - node_add(n); - } - - /* Tell the rest about the new node */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other !=c) - send_add_node(other, n); - } - -cp - return 0; -} - -int send_del_node(connection_t *c, node_t *n) -{ -cp - return send_request(c, "%d %s %lx:%d", DEL_NODE, - n->name, n->address, n->port); -} - -int del_node_h(connection_t *c) -{ - node_t *n; - char name[MAX_STRING_SIZE]; - ipv4_t address; - port_t port; - connection_t *other; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" %lx:%hd", name, &address, &port) != 3) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_NODE", - c->name, c->hostname); - return -1; - } - - /* Check if identity is a valid name */ - - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_NODE", c->name, c->hostname, _("invalid name")); - return -1; - } - - /* Check if somebody tries to delete ourself */ - - if(!strcmp(name, myself->name)) - { - syslog(LOG_ERR, _("Got %s from %s (%s) for ourself!"), "DEL_NODE", - c->name, c->hostname); - return -1; - } - - /* Check if the deleted host exists */ - - n = lookup_node(name); - - if(!n) - { - syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which does not exist"), "DEL_NODE", c->name, c->hostname, n->name); - return 0; - } - - /* Check if the rest matches */ - - if(address != n->address || port != n->port) - { - syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which does not match existing entry"), "DEL_NODE", c->name, c->hostname, n->name); - } - - /* Tell the rest about the deleted node */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_del_node(other, n); - } - - /* Delete the node */ - - node_del(n); - - mst_kruskal(); - sssp_bfs(0); -cp - return 0; -} - -/* Edges */ - -int send_add_edge(connection_t *c, edge_t *e) -{ -cp - return send_request(c, "%d %s %s %lx %d", ADD_EDGE, - e->from->name, e->to->name, e->options, e->weight); -} - -int add_edge_h(connection_t *c) -{ - connection_t *other; - edge_t *e; - node_t *from, *to; - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - long int options; - int weight; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %lx %d", from_name, to_name, &options, &weight) != 4) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, c->hostname); - return -1; - } - - /* Check if names are valid */ - - if(check_id(from_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } - - if(check_id(to_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } - - /* Lookup nodes */ - - from = lookup_node(from_name); - - if(!from) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("unknown node")); - return -1; - } - - to = lookup_node(to_name); - - if(!to) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("unknown node")); - return -1; - } - - /* Check if edge already exists */ - - e = lookup_edge(from, to); - - if(e) - { - if(e->weight != weight || e->options != options) - { - syslog(LOG_ERR, _("Got %s from %s (%s) which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); - return -1; - } - - return 0; - } - else - { - e = new_edge(); - e->from = from; - e->to = to; - e->options = options; - e->weight = weight; - edge_add(e); - } - - /* Tell the rest about the new edge */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_add_edge(other, e); - } - - /* Run MST before or after we tell the rest? */ - - mst_kruskal(); - sssp_bfs(0); -cp - return 0; -} - -int send_del_edge(connection_t *c, edge_t *e) -{ -cp - return send_request(c, "%d %s %s %lx %d", DEL_EDGE, - e->from->name, e->to->name, e->options, e->weight); -} - -int del_edge_h(connection_t *c) -{ - edge_t *e; - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - node_t *from, *to; - long int options; - int weight; - connection_t *other; - avl_node_t *node; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %lx %d", from_name, to_name, &options, &weight) != 4) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", - c->name, c->hostname); - return -1; - } - - /* Check if names are valid */ - - if(check_id(from_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } - - if(check_id(to_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } - - /* Lookup nodes */ - - from = lookup_node(from_name); - - if(!from) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("unknown node")); - return 0; - } - - to = lookup_node(to_name); - - if(!to) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("unknown node")); - return 0; - } - - /* Check if edge exists */ - - e = lookup_edge(from, to); - - if(e) - { - if(e->weight != weight || e->options != options) - { - syslog(LOG_ERR, _("Got %s from %s (%s) which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); - return -1; - } - } - else - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("unknown edge")); - return 0; - } - - /* Tell the rest about the deleted edge */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_del_edge(other, e); - } - - /* Delete the edge */ - - edge_del(e); - - /* Run MST before or after we tell the rest? */ - - mst_kruskal(); - sssp_bfs(1); -cp - return 0; -} - - -/* Status and error notification routines */ - -int send_status(connection_t *c, int statusno, char *statusstring) -{ -cp - if(!statusstring) - statusstring = status_text[statusno]; -cp - return send_request(c, "%d %d %s", STATUS, statusno, statusstring); -} - -int status_h(connection_t *c) -{ - int statusno; - char statusstring[MAX_STRING_SIZE]; -cp - if(sscanf(c->buffer, "%*d %d "MAX_STRING, &statusno, statusstring) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "STATUS", - c->name, c->hostname); - return -1; - } - - if(debug_lvl >= DEBUG_STATUS) - { - syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), - c->name, c->hostname, status_text[statusno], statusstring); - } - -cp - return 0; -} - -int send_error(connection_t *c, int err, char *errstring) -{ -cp - if(!errstring) - errstring = strerror(err); - return send_request(c, "%d %d %s", ERROR, err, errstring); -} - -int error_h(connection_t *c) -{ - int err; - char errorstring[MAX_STRING_SIZE]; -cp - if(sscanf(c->buffer, "%*d %d "MAX_STRING, &err, errorstring) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ERROR", - c->name, c->hostname); - return -1; - } - - if(debug_lvl >= DEBUG_ERROR) - { - syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), - c->name, c->hostname, strerror(err), errorstring); - } - - terminate_connection(c, c->status.active); -cp - return 0; -} - -int send_termreq(connection_t *c) -{ -cp - return send_request(c, "%d", TERMREQ); -} - -int termreq_h(connection_t *c) -{ -cp - terminate_connection(c, c->status.active); -cp - return 0; -} - -int send_ping(connection_t *c) -{ - char salt[SALTLEN*2+1]; -cp - c->status.pinged = 1; - c->last_ping_time = time(NULL); - RAND_pseudo_bytes(salt, SALTLEN); - bin2hex(salt, salt, SALTLEN); - salt[SALTLEN*2] = '\0'; -cp - return send_request(c, "%d %s", PING, salt); -} - -int ping_h(connection_t *c) -{ -cp - return send_pong(c); -} - -int send_pong(connection_t *c) -{ - char salt[SALTLEN*2+1]; -cp - RAND_pseudo_bytes(salt, SALTLEN); - bin2hex(salt, salt, SALTLEN); - salt[SALTLEN*2] = '\0'; -cp - return send_request(c, "%d %s", PONG, salt); -} - -int pong_h(connection_t *c) -{ -cp - c->status.pinged = 0; -cp - return 0; -} - -/* Key exchange */ - -int send_key_changed(connection_t *c, node_t *n) -{ - connection_t *other; - avl_node_t *node; -cp - /* Only send this message if some other daemon requested our key previously. - This reduces unnecessary key_changed broadcasts. - */ - - if(n == myself && !mykeyused) - return 0; - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%d %s", KEY_CHANGED, n->name); - } -cp - return 0; -} - -int key_changed_h(connection_t *c) -{ - char name[MAX_STRING_SIZE]; - node_t *n; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING, name) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", - c->name, c->hostname); - return -1; - } - - n = lookup_node(name); - - if(!n) - { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), "KEY_CHANGED", - c->name, c->hostname, name); - return -1; - } - - n->status.validkey = 0; - n->status.waitingforkey = 0; - - send_key_changed(c, n); -cp - return 0; -} - -int send_req_key(connection_t *c, node_t *from, node_t *to) -{ -cp - return send_request(c, "%d %s %s", REQ_KEY, - from->name, to->name); -} - -int req_key_h(connection_t *c) -{ - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - node_t *from, *to; - char key[MAX_STRING_SIZE]; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, from_name, to_name) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", - c->name, c->hostname); - return -1; - } - - from = lookup_node(from_name); - - if(!from) - { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "REQ_KEY", - c->name, c->hostname, from_name); - return -1; - } - - to = lookup_node(to_name); - - if(!to) - { - syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "REQ_KEY", - c->name, c->hostname, to_name); - return -1; - } - - /* Check if this key request is for us */ - - if(to == myself) /* Yes, send our own key back */ - { - bin2hex(myself->key, key, myself->keylength); - key[myself->keylength * 2] = '\0'; - send_ans_key(c, myself, from, key); - mykeyused = 1; - } - else - { - if(to->status.validkey) /* Proxy keys */ - { - bin2hex(to->key, key, to->keylength); - key[to->keylength * 2] = '\0'; - send_ans_key(c, to, from, key); - } - else - send_req_key(to->nexthop->connection, from, to); - } - -cp - return 0; -} - -int send_ans_key(connection_t *c, node_t *from, node_t *to, char *key) -{ -cp - return send_request(c, "%d %s %s %s", ANS_KEY, - from->name, to->name, key); -} - -int ans_key_h(connection_t *c) -{ - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - char key[MAX_STRING_SIZE]; - int keylength; - node_t *from, *to; -cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING, from_name, to_name, key) != 3) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", - c->name, c->hostname); - return -1; - } - - from = lookup_node(from_name); - - if(!from) - { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "ANS_KEY", - c->name, c->hostname, from_name); - return -1; - } - - to = lookup_node(to_name); - - if(!to) - { - syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "ANS_KEY", - c->name, c->hostname, to_name); - return -1; - } - - /* Check correctness of packet key */ - - keylength = strlen(key); - - if(keylength != from->keylength * 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s) origin %s: %s"), "ANS_KEY", - c->name, c->hostname, from->name, _("invalid key length")); - return -1; - } - - /* Forward it if necessary */ - - if(to != myself) - { - send_ans_key(to->nexthop->connection, from, to, key); - } - - /* Update our copy of the origin's packet key */ - - if(from->key) - free(from->key); - - from->key = xstrdup(key); - keylength /= 2; - hex2bin(from->key, from->key, keylength); - from->key[keylength] = '\0'; - - from->status.validkey = 1; - from->status.waitingforkey = 0; - - flush_queue(from); -cp - return 0; -} - -int send_tcppacket(connection_t *c, vpn_packet_t *packet) -{ - int x; -cp - /* Evil hack. */ - - x = send_request(c, "%d %hd", PACKET, packet->len); - - if(x) - return x; -cp - return send_meta(c, packet->data, packet->len); -} - -int tcppacket_h(connection_t *c) -{ - short int len; -cp - if(sscanf(c->buffer, "%*d %hd", &len) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "PACKET", c->name, c->hostname); - return -1; - } - - /* Set reqlen to len, this will tell receive_meta() that a tcppacket is coming. */ - - c->tcplen = len; -cp - return 0; -} - /* Jumptable for the request handlers */ int (*request_handlers[])(connection_t*) = { id_h, metakey_h, challenge_h, chal_reply_h, ack_h, status_h, error_h, termreq_h, ping_h, pong_h, - add_node_h, del_node_h, +// add_node_h, del_node_h, add_subnet_h, del_subnet_h, add_edge_h, del_edge_h, key_changed_h, req_key_h, ans_key_h, @@ -1534,21 +162,9 @@ char (*request_name[]) = { "ID", "METAKEY", "CHALLENGE", "CHAL_REPLY", "ACK", "STATUS", "ERROR", "TERMREQ", "PING", "PONG", - "ADD_NODE", "DEL_NODE", +// "ADD_NODE", "DEL_NODE", "ADD_SUBNET", "DEL_SUBNET", "ADD_EDGE", "DEL_EDGE", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", "PACKET", }; - -/* Status strings */ - -char (*status_text[]) = { - "Warning", -}; - -/* Error strings */ - -char (*error_text[]) = { - "Error", -}; diff --git a/src/protocol.h b/src/protocol.h index 5fc30f38..5528b98f 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.24 2001/10/28 08:41:19 guus Exp $ + $Id: protocol.h,v 1.5.4.25 2002/02/10 21:57:54 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -31,7 +31,7 @@ incompatible version have different protocols. */ -#define PROT_CURRENT 11 +#define PROT_CURRENT 12 /* Request numbers */ @@ -40,7 +40,7 @@ enum { ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, ACK, STATUS, ERROR, TERMREQ, PING, PONG, - ADD_NODE, DEL_NODE, +// ADD_NODE, DEL_NODE, ADD_SUBNET, DEL_SUBNET, ADD_EDGE, DEL_EDGE, KEY_CHANGED, REQ_KEY, ANS_KEY, @@ -53,33 +53,58 @@ enum { #define MAX_STRING_SIZE 1024 #define MAX_STRING "%1024s" -extern int (*request_handlers[])(connection_t*); +/* Basic functions */ -extern int send_id(connection_t*); -extern int send_metakey(connection_t*); -extern int send_challenge(connection_t*); -extern int send_chal_reply(connection_t*); -extern int send_ack(connection_t*); -extern int send_status(connection_t*, int, char*); -extern int send_error(connection_t*, int, char*); -extern int send_termreq(connection_t*); -extern int send_ping(connection_t*); -extern int send_pong(connection_t*); -extern int send_add_node(connection_t*, node_t*); -extern int send_del_node(connection_t*, node_t*); -extern int send_add_subnet(connection_t*, subnet_t*); -extern int send_del_subnet(connection_t*, subnet_t*); -extern int send_add_edge(connection_t*, edge_t*); -extern int send_del_edge(connection_t*, edge_t*); -extern int send_key_changed(connection_t*, node_t*); -extern int send_req_key(connection_t*, node_t*, node_t*); -extern int send_ans_key(connection_t*, node_t*, node_t*, char*); -extern int send_tcppacket(connection_t *, vpn_packet_t *); - -/* Old functions */ - -extern int notify_others(connection_t *, connection_t *, int (*function)(connection_t*, connection_t*)); +extern int send_request(connection_t*, const char*, ...); extern int receive_request(connection_t *); extern int check_id(char *); +/* Requests */ + +extern int send_id(connection_t *); +extern int send_metakey(connection_t *); +extern int send_challenge(connection_t *); +extern int send_chal_reply(connection_t *); +extern int send_ack(connection_t *); +extern int send_status(connection_t *, int, char *); +extern int send_error(connection_t *, int, char *); +extern int send_termreq(connection_t *); +extern int send_ping(connection_t *); +extern int send_pong(connection_t *); +// extern int send_add_node(connection_t *, node_t *); +// extern int send_del_node(connection_t *, node_t *); +extern int send_add_subnet(connection_t *, subnet_t *); +extern int send_del_subnet(connection_t *, subnet_t *); +extern int send_add_edge(connection_t *, edge_t *); +extern int send_del_edge(connection_t *, edge_t *); +extern int send_key_changed(connection_t *, node_t *); +extern int send_req_key(connection_t *, node_t *, node_t *); +extern int send_ans_key(connection_t *, node_t *, node_t *); +extern int send_tcppacket(connection_t *, vpn_packet_t *); + +/* Request handlers */ + +extern int (*request_handlers[])(connection_t *); + +extern int id_h(connection_t *); +extern int metakey_h(connection_t *); +extern int challenge_h(connection_t *); +extern int chal_reply_h(connection_t *); +extern int ack_h(connection_t *); +extern int status_h(connection_t *); +extern int error_h(connection_t *); +extern int termreq_h(connection_t *); +extern int ping_h(connection_t *); +extern int pong_h(connection_t *); +// extern int add_node_h(connection_t *); +// extern int del_node_h(connection_t *); +extern int add_subnet_h(connection_t *); +extern int del_subnet_h(connection_t *); +extern int add_edge_h(connection_t *); +extern int del_edge_h(connection_t *); +extern int key_changed_h(connection_t *); +extern int req_key_h(connection_t *); +extern int ans_key_h(connection_t *); +extern int tcppacket_h(connection_t *); + #endif /* __TINC_PROTOCOL_H__ */ diff --git a/src/route.c b/src/route.c index 8df8128a..0e16565b 100644 --- a/src/route.c +++ b/src/route.c @@ -1,7 +1,7 @@ /* route.c -- routing - Copyright (C) 2000,2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 2000-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,17 +17,17 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.21 2001/11/16 17:40:50 zarq Exp $ + $Id: route.c,v 1.1.2.22 2002/02/10 21:57:54 guus Exp $ */ #include "config.h" -#ifdef HAVE_FREEBSD +#if defined(HAVE_FREEBSD) || defined(HAVE_OPENBSD) #include #endif #include #include -#ifdef HAVE_SOLARIS +#if defined(HAVE_SOLARIS) || defined(HAVE_OPENBSD) #include #define ETHER_ADDR_LEN 6 #else @@ -66,7 +66,7 @@ cp if(!subnet || subnet->owner!=myself) { if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Learned new MAC address %hhx:%hhx:%hhx:%hhx:%hhx:%hhx"), + syslog(LOG_INFO, _("Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx"), address->x[0], address->x[1], address->x[2], address->x[3], address->x[4], address->x[5]); subnet = new_subnet(); @@ -103,10 +103,26 @@ cp return NULL; } +node_t *route_ipv4(vpn_packet_t *packet) +{ + ipv4_t dest; + subnet_t *subnet; +cp +#ifdef HAVE_SOLARIS + /* The other form gives bus errors on a SparcStation 20. */ + dest = ((packet->data[30] * 0x100 + packet->data[31]) * 0x100 + packet->data[32]) * 0x100 + packet->data[33]; +#else + dest = ntohl(*((unsigned long*)(&packet->data[30]))); +#endif +cp + subnet = lookup_subnet_ipv4(&dest); +cp if(!subnet) { if(debug_lvl >= DEBUG_TRAFFIC) { + syslog(LOG_WARNING, _("Cannot route packet: unknown destination address %d.%d.%d.%d"), + packet->data[30], packet->data[31], packet->data[32], packet->data[33]); } return NULL; @@ -115,21 +131,25 @@ cp return subnet->owner; } -node_t *route_ip(vpn_packet_t *packet) +node_t *route_ipv6(vpn_packet_t *packet) { - struct addrinfo *dest; subnet_t *subnet; cp -#warning FIXME - memcpy(&dest, &packet->data[30], 0); - - subnet = lookup_subnet_ip(&dest); + subnet = lookup_subnet_ipv6((ipv6_t *)&packet->data[38]); cp if(!subnet) { if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_WARNING, _("Cannot route packet: unknown IP destination address")); + syslog(LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), + ntohs(*(short unsigned int *)&packet->data[38]), + ntohs(*(short unsigned int *)&packet->data[40]), + ntohs(*(short unsigned int *)&packet->data[42]), + ntohs(*(short unsigned int *)&packet->data[44]), + ntohs(*(short unsigned int *)&packet->data[46]), + ntohs(*(short unsigned int *)&packet->data[48]), + ntohs(*(short unsigned int *)&packet->data[50]), + ntohs(*(short unsigned int *)&packet->data[52])); } return NULL; @@ -143,7 +163,7 @@ void route_arp(vpn_packet_t *packet) struct ether_arp *arp; subnet_t *subnet; unsigned char ipbuf[4]; - struct addrinfo *dest; + ipv4_t dest; cp /* First, snatch the source address from the ARP packet */ @@ -172,9 +192,9 @@ cp } /* Check if the IP address exists on the VPN */ -#warning FIXME + dest = ntohl(*((unsigned long*)(arp->arp_tpa))); - subnet = lookup_subnet_ip(&dest); + subnet = lookup_subnet_ipv4(&dest); if(!subnet) { diff --git a/src/route.h b/src/route.h index 4423e724..70aab89a 100644 --- a/src/route.h +++ b/src/route.h @@ -1,7 +1,7 @@ /* route.h -- header file for route.c - Copyright (C) 2000,2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 2000-2002 Ivo Timmermans + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.h,v 1.1.2.4 2001/10/27 12:13:17 guus Exp $ + $Id: route.h,v 1.1.2.5 2002/02/10 21:57:54 guus Exp $ */ #ifndef __TINC_ROUTE_H__ diff --git a/src/solaris/device.c b/src/solaris/device.c index 57b6829a..dcfd8c44 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with Solaris tun device - Copyright (C) 2001 Ivo Timmermans , - 2001 Guus Sliepen + Copyright (C) 2001-2002 Ivo Timmermans , + 2001-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.3 2001/11/05 19:06:07 guus Exp $ + $Id: device.c,v 1.1.2.4 2002/02/10 21:57:54 guus Exp $ */ @@ -157,7 +157,7 @@ cp if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), device_info, packet->len); + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); } return 0; diff --git a/src/subnet.c b/src/subnet.c index 1b7bc386..6745e2f4 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -1,7 +1,7 @@ /* subnet.c -- handle subnet lookups and lists - Copyright (C) 2000,2001 Guus Sliepen , - 2000,2001 Ivo Timmermans + Copyright (C) 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.28 2001/10/30 12:59:12 guus Exp $ + $Id: subnet.c,v 1.1.2.29 2002/02/10 21:57:54 guus Exp $ */ #include "config.h" @@ -25,6 +25,10 @@ #include #include #include +#include +#include +#include +#include #include "conf.h" #include "net.h" @@ -102,10 +106,12 @@ cp case SUBNET_IPV6: return subnet_compare_ipv6(a, b); default: - syslog(LOG_ERR, _("subnet_compare() was called with unknown subnet type %d, restarting!"), a->type); - sighup = 1; - return 0; + syslog(LOG_ERR, _("subnet_compare() was called with unknown subnet type %d, exitting!"), a->type); + cp_trace(); + exit(0); } + + return 0; } /* Initialising trees */ @@ -178,65 +184,108 @@ cp subnet_t *str2net(char *subnetstr) { - int type; + int i, l; subnet_t *subnet; -cp - if(sscanf(subnetstr, "%d,", &type) != 1) - return NULL; + unsigned short int x[6]; cp subnet = new_subnet(); cp - switch(type) + if(sscanf(subnetstr, "%hu.%hu.%hu.%hu/%d", + &x[0], + &x[1], + &x[2], + &x[3], + &subnet->net.ipv4.masklength) == 5) { - case SUBNET_MAC: - if(sscanf(subnetstr, "%d,%hhx:%hhx:%hhx:%hhx:%hhx:%hhx", &subnet->type, - &subnet->net.mac.address.x[0], - &subnet->net.mac.address.x[1], - &subnet->net.mac.address.x[2], - &subnet->net.mac.address.x[3], - &subnet->net.mac.address.x[4], - &subnet->net.mac.address.x[5]) != 7) - { - free_subnet(subnet); - return NULL; - } - break; - case SUBNET_IPV4: - if(sscanf(subnetstr, "%d,%lx/%lx", &subnet->type, &subnet->net.ipv4.address, &subnet->net.ipv4.mask) != 3) - { - free_subnet(subnet); - return NULL; - } - break; - case SUBNET_IPV6: - if(sscanf(subnetstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", &subnet->type, - &subnet->net.ipv6.address.x[0], - &subnet->net.ipv6.address.x[1], - &subnet->net.ipv6.address.x[2], - &subnet->net.ipv6.address.x[3], - &subnet->net.ipv6.address.x[4], - &subnet->net.ipv6.address.x[5], - &subnet->net.ipv6.address.x[6], - &subnet->net.ipv6.address.x[7], - &subnet->net.ipv6.mask.x[0], - &subnet->net.ipv6.mask.x[1], - &subnet->net.ipv6.mask.x[2], - &subnet->net.ipv6.mask.x[3], - &subnet->net.ipv6.mask.x[4], - &subnet->net.ipv6.mask.x[5], - &subnet->net.ipv6.mask.x[6], - &subnet->net.ipv6.mask.x[7]) != 17) - { - free_subnet(subnet); - return NULL; - } - break; - default: - free_subnet(subnet); - return NULL; + subnet->type = SUBNET_IPV4; + subnet->net.ipv4.address = (((((x[0] << 8) + x[1]) << 8) + x[2]) << 8) + x[3]; + subnet->net.ipv4.mask = ~((1 << (32 - subnet->net.ipv4.masklength)) - 1); + return subnet; } -cp - return subnet; + + if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", + &subnet->net.ipv6.address.x[0], + &subnet->net.ipv6.address.x[1], + &subnet->net.ipv6.address.x[2], + &subnet->net.ipv6.address.x[3], + &subnet->net.ipv6.address.x[4], + &subnet->net.ipv6.address.x[5], + &subnet->net.ipv6.address.x[6], + &subnet->net.ipv6.address.x[7], + &subnet->net.ipv6.masklength) == 9) + { + subnet->type = SUBNET_IPV6; + for(l = subnet->net.ipv6.masklength, i = 0; i < 8; l -= 16, i++) + { + subnet->net.ipv6.address.x[i] = htons(subnet->net.ipv6.address.x[i]); + if(l >= 16) + subnet->net.ipv6.mask.x[i] = 65535; + else if (l > 0) + subnet->net.ipv6.mask.x[i] = htons(65536 - (1 << l)); + else + subnet->net.ipv6.mask.x[i] = 0; + } + return subnet; + } + + if(sscanf(subnetstr, "%hu.%hu.%hu.%hu", + &x[0], + &x[1], + &x[2], + &x[3]) == 4) + { + subnet->type = SUBNET_IPV4; + subnet->net.ipv4.address = (((((x[0] << 8) + x[1]) << 8) + x[2]) << 8) + x[3]; + subnet->net.ipv4.mask = ~0; + subnet->net.ipv4.masklength = 32; + return subnet; + } + + if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", + &subnet->net.ipv6.address.x[0], + &subnet->net.ipv6.address.x[1], + &subnet->net.ipv6.address.x[2], + &subnet->net.ipv6.address.x[3], + &subnet->net.ipv6.address.x[4], + &subnet->net.ipv6.address.x[5], + &subnet->net.ipv6.address.x[6], + &subnet->net.ipv6.address.x[7]) == 8) + { + subnet->type = SUBNET_IPV6; + subnet->net.ipv6.masklength = 128; + for(l = subnet->net.ipv6.masklength, i = 0; i < 8; l -= 16, i++) + { + subnet->net.ipv6.address.x[i] = htons(subnet->net.ipv6.address.x[i]); + if(l >= 16) + subnet->net.ipv6.mask.x[i] = 65535; + else if (l > 0) + subnet->net.ipv6.mask.x[i] = htons(65536 - (1 << l)); + else + subnet->net.ipv6.mask.x[i] = 0; + } + return subnet; + } + + if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx", + &x[0], + &x[1], + &x[2], + &x[3], + &x[4], + &x[5]) == 6) + { + subnet->type = SUBNET_MAC; + subnet->net.mac.address.x[0] = x[0]; + subnet->net.mac.address.x[1] = x[1]; + subnet->net.mac.address.x[2] = x[2]; + subnet->net.mac.address.x[3] = x[3]; + subnet->net.mac.address.x[4] = x[4]; + subnet->net.mac.address.x[5] = x[5]; + return subnet; + } + + free(subnet); + return NULL; } char *net2str(subnet_t *subnet) @@ -246,7 +295,7 @@ cp switch(subnet->type) { case SUBNET_MAC: - asprintf(&netstr, "%d,%hhx:%hhx:%hhx:%hhx:%hhx:%hhx", subnet->type, + asprintf(&netstr, "%hx:%hx:%hx:%hx:%hx:%hx", subnet->net.mac.address.x[0], subnet->net.mac.address.x[1], subnet->net.mac.address.x[2], @@ -255,26 +304,24 @@ cp subnet->net.mac.address.x[5]); break; case SUBNET_IPV4: - asprintf(&netstr, "%d,%lx/%lx", subnet->type, subnet->net.ipv4.address, subnet->net.ipv4.mask); + asprintf(&netstr, "%hu.%hu.%hu.%hu/%d", + (unsigned short int)((subnet->net.ipv4.address >> 24) & 255), + (unsigned short int)((subnet->net.ipv4.address >> 16) & 255), + (unsigned short int)((subnet->net.ipv4.address >> 8) & 255), + (unsigned short int)(subnet->net.ipv4.address & 255), + subnet->net.ipv4.masklength); break; case SUBNET_IPV6: - asprintf(&netstr, "%d,%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", subnet->type, - subnet->net.ipv6.address.x[0], - subnet->net.ipv6.address.x[1], - subnet->net.ipv6.address.x[2], - subnet->net.ipv6.address.x[3], - subnet->net.ipv6.address.x[4], - subnet->net.ipv6.address.x[5], - subnet->net.ipv6.address.x[6], - subnet->net.ipv6.address.x[7], - subnet->net.ipv6.mask.x[0], - subnet->net.ipv6.mask.x[1], - subnet->net.ipv6.mask.x[2], - subnet->net.ipv6.mask.x[3], - subnet->net.ipv6.mask.x[4], - subnet->net.ipv6.mask.x[5], - subnet->net.ipv6.mask.x[6], - subnet->net.ipv6.mask.x[7]); + asprintf(&netstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", + ntohs(subnet->net.ipv6.address.x[0]), + ntohs(subnet->net.ipv6.address.x[1]), + ntohs(subnet->net.ipv6.address.x[2]), + ntohs(subnet->net.ipv6.address.x[3]), + ntohs(subnet->net.ipv6.address.x[4]), + ntohs(subnet->net.ipv6.address.x[5]), + ntohs(subnet->net.ipv6.address.x[6]), + ntohs(subnet->net.ipv6.address.x[7]), + subnet->net.ipv6.masklength); break; default: asprintf(&netstr, _("unknown subnet type")); @@ -342,8 +389,8 @@ subnet_t *lookup_subnet_ipv6(ipv6_t *address) int i; cp subnet.type = SUBNET_IPV6; - memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); - memset(&subnet.net.ipv6.mask, 0xFF, 16); + memcpy(subnet.net.ipv6.address.x, address, sizeof(ipv6_t)); + memset(subnet.net.ipv6.mask.x, 0xFF, 16); p = (subnet_t *)avl_search_closest_greater(subnet_tree, &subnet); @@ -366,7 +413,7 @@ cp { subnet = (subnet_t *)node->data; netstr = net2str(subnet); - syslog(LOG_DEBUG, " %s owner %s", netstr, subnet->owner->name); + syslog(LOG_DEBUG, _(" %s owner %s"), netstr, subnet->owner->name); free(netstr); } syslog(LOG_DEBUG, _("End of subnet list.")); diff --git a/src/subnet.h b/src/subnet.h index 45e9cc12..9657ad9c 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.14 2001/11/16 12:10:54 zarq Exp $ + $Id: subnet.h,v 1.1.2.15 2002/02/10 21:57:54 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -28,7 +28,8 @@ enum { SUBNET_MAC = 0, - SUBNET_IP, + SUBNET_IPV4, + SUBNET_IPV6, SUBNET_TYPES /* Guardian */ }; @@ -37,11 +38,19 @@ typedef struct subnet_mac_t mac_t address; } subnet_mac_t; -typedef struct subnet_ip_t +typedef struct subnet_ipv4_t { - struct addrinfo *address; - struct addrinfo *mask; -} subnet_ip_t; + ipv4_t address; + ipv4_t mask; + int masklength; +} subnet_ipv4_t; + +typedef struct subnet_ipv6_t +{ + ipv6_t address; + ipv6_t mask; + int masklength; +} subnet_ipv6_t; #include "node.h" @@ -56,9 +65,9 @@ typedef struct subnet_t { union net { subnet_mac_t mac; - subnet_ip_t ip; + subnet_ipv4_t ipv4; + subnet_ipv6_t ipv6; } net; - } subnet_t; extern subnet_t *new_subnet(void); @@ -73,7 +82,8 @@ extern char *net2str(subnet_t *); extern subnet_t *str2net(char *); extern subnet_t *lookup_subnet(struct node_t *, subnet_t *); extern subnet_t *lookup_subnet_mac(mac_t *); -extern subnet_t *lookup_subnet_ip(struct addrinfo *); +extern subnet_t *lookup_subnet_ipv4(ipv4_t *); +extern subnet_t *lookup_subnet_ipv6(ipv6_t *); extern void dump_subnets(void); #endif /* __TINC_SUBNET_H__ */ diff --git a/src/tincd.c b/src/tincd.c index f4ecebff..d9288bac 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -1,7 +1,7 @@ /* tincd.c -- the main file for tincd - Copyright (C) 1998-2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.56 2001/11/16 22:40:26 zarq Exp $ + $Id: tincd.c,v 1.10.4.57 2002/02/10 21:57:54 guus Exp $ */ #include "config.h" @@ -41,12 +41,14 @@ #include #include #include +#include #include #include #include "conf.h" #include "net.h" +#include "netutl.h" #include "process.h" #include "protocol.h" #include "subnet.h" @@ -295,7 +297,7 @@ main(int argc, char **argv, char **envp) if(show_version) { printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT); - printf(_("Copyright (C) 1998-2001 Ivo Timmermans, Guus Sliepen and others.\n" + printf(_("Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" "and you are welcome to redistribute it under certain conditions;\n" @@ -327,6 +329,13 @@ main(int argc, char **argv, char **envp) /* Slllluuuuuuurrrrp! */ cp RAND_load_file("/dev/urandom", 1024); + +#ifdef HAVE_SSLEAY_ADD_ALL_ALGORITHMS + SSLeay_add_all_algorithms(); +#else + OpenSSL_add_all_algorithms(); +#endif + cp if(generate_keys) { From 5bf4b88666ecafe190e8ed71d6c14c9de8d16e1f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 11 Feb 2002 10:05:58 +0000 Subject: [PATCH 527/923] Forgot to merge new files from pre5. --- src/event.c | 109 ++++++++ src/event.h | 48 ++++ src/protocol_auth.c | 561 ++++++++++++++++++++++++++++++++++++++++++ src/protocol_edge.c | 291 ++++++++++++++++++++++ src/protocol_key.c | 272 ++++++++++++++++++++ src/protocol_misc.c | 193 +++++++++++++++ src/protocol_subnet.c | 231 +++++++++++++++++ 7 files changed, 1705 insertions(+) create mode 100644 src/event.c create mode 100644 src/event.h create mode 100644 src/protocol_auth.c create mode 100644 src/protocol_edge.c create mode 100644 src/protocol_key.c create mode 100644 src/protocol_misc.c create mode 100644 src/protocol_subnet.c diff --git a/src/event.c b/src/event.c new file mode 100644 index 00000000..d11f91cc --- /dev/null +++ b/src/event.c @@ -0,0 +1,109 @@ +/* + event.c -- event queue + Copyright (C) 2002 Guus Sliepen , + 2002 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: event.c,v 1.1.4.1 2002/02/11 10:05:58 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include "event.h" + +#include "system.h" + +avl_tree_t *event_tree; + +int id; + +int event_compare(event_t *a, event_t *b) +{ + if(a->time > b->time) + return 1; + if(a->time < b->time) + return -1; + return a->id - b->id; +} + +void init_events(void) +{ +cp + event_tree = avl_alloc_tree((avl_compare_t)event_compare, NULL); +cp +} + +void exit_events(void) +{ +cp + avl_delete_tree(event_tree); +cp +} + +event_t *new_event(void) +{ + event_t *event; +cp + event = (event_t *)xmalloc_and_zero(sizeof(*event)); +cp + return event; +} + +void free_event(event_t *event) +{ +cp + free(event); +cp +} + +void event_add(event_t *event) +{ +cp + event->id = ++id; + avl_insert(event_tree, event); +cp +} + +void event_del(event_t *event) +{ +cp + avl_delete(event_tree, event); +cp +} + +event_t *get_expired_event(void) +{ + event_t *event; +cp + if(event_tree->head) + { + event = (event_t *)event_tree->head->data; + if(event->time < time(NULL)) + { + avl_delete(event_tree, event); + return event; + } + } +cp + return NULL; +} diff --git a/src/event.h b/src/event.h new file mode 100644 index 00000000..7a356126 --- /dev/null +++ b/src/event.h @@ -0,0 +1,48 @@ +/* + event.h -- header for event.c + Copyright (C) 2002 Guus Sliepen , + 2002 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: event.h,v 1.1.4.1 2002/02/11 10:05:58 guus Exp $ +*/ + +#ifndef __TINC_EVENT_H__ +#define __TINC_EVENT_H__ + +#include +#include + +avl_tree_t *event_tree; + +typedef void (*event_handler_t)(void *); + +typedef struct { + time_t time; + int id; + event_handler_t handler; + void *data; +} event_t; + +extern void init_events(void); +extern void exit_events(void); +extern event_t *new_event(void); +extern void free_event(event_t *); +extern void event_add(event_t *); +extern void event_del(event_t *); +extern event_t *get_expired_event(void); + +#endif /* __TINC_EVENT_H__ */ diff --git a/src/protocol_auth.c b/src/protocol_auth.c new file mode 100644 index 00000000..1fad4b78 --- /dev/null +++ b/src/protocol_auth.c @@ -0,0 +1,561 @@ +/* + protocol_auth.c -- handle the meta-protocol, authentication + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: protocol_auth.c,v 1.1.4.1 2002/02/11 10:05:58 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include +#include +#include + +#ifndef HAVE_RAND_PSEUDO_BYTES +#define RAND_pseudo_bytes RAND_bytes +#endif + +#include "conf.h" +#include "net.h" +#include "netutl.h" +#include "protocol.h" +#include "meta.h" +#include "connection.h" +#include "node.h" +#include "edge.h" +#include "graph.h" + +#include "system.h" + +int send_id(connection_t *c) +{ +cp + return send_request(c, "%d %s %d", ID, myself->connection->name, myself->connection->protocol_version); +} + +int id_h(connection_t *c) +{ + char name[MAX_STRING_SIZE]; + int bla; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING" %d", name, &c->protocol_version) != 2) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, c->hostname); + return -1; + } + + /* Check if identity is a valid name */ + + if(check_id(name)) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, c->hostname, "invalid name"); + return -1; + } + + /* If we set c->name in advance, make sure we are connected to the right host */ + + if(c->name) + { + if(strcmp(c->name, name)) + { + syslog(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, c->name); + return -1; + } + } + else + c->name = xstrdup(name); + + /* Check if version matches */ + + if(c->protocol_version != myself->connection->protocol_version) + { + syslog(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), + c->name, c->hostname, c->protocol_version); + return -1; + } + + if(bypass_security) + { + if(!c->config_tree) + init_configuration(&c->config_tree); + c->allow_request = ACK; + return send_ack(c); + } + + if(!c->config_tree) + { + init_configuration(&c->config_tree); + + if((bla = read_connection_config(c))) + { + syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name); + return -1; + } + } + + if(read_rsa_public_key(c)) + { + return -1; + } + + /* Check some options */ + + if((get_config_bool(lookup_config(c->config_tree, "IndirectData"), &bla) && bla) || myself->options & OPTION_INDIRECT) + c->options |= OPTION_INDIRECT; + + if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &bla) && bla) || myself->options & OPTION_TCPONLY) + c->options |= OPTION_TCPONLY | OPTION_INDIRECT; + + c->allow_request = METAKEY; +cp + return send_metakey(c); +} + +int send_metakey(connection_t *c) +{ + char buffer[MAX_STRING_SIZE]; + int len, x; +cp + len = RSA_size(c->rsa_key); + + /* Allocate buffers for the meta key */ + + if(!c->outkey) + c->outkey = xmalloc(len); + + if(!c->outctx) + c->outctx = xmalloc(sizeof(*c->outctx)); +cp + /* Copy random data to the buffer */ + + RAND_bytes(c->outkey, len); + + /* The message we send must be smaller than the modulus of the RSA key. + By definition, for a key of k bits, the following formula holds: + + 2^(k-1) <= modulus < 2^(k) + + Where ^ means "to the power of", not "xor". + This means that to be sure, we must choose our message < 2^(k-1). + This can be done by setting the most significant bit to zero. + */ + + c->outkey[0] &= 0x7F; + + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(c->outkey, buffer, len); + buffer[len*2] = '\0'; + syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer); + } + + /* Encrypt the random data + + We do not use one of the PKCS padding schemes here. + This is allowed, because we encrypt a totally random string + with a length equal to that of the modulus of the RSA key. + */ + + if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) + { + syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); + return -1; + } +cp + /* Convert the encrypted random data to a hexadecimal formatted string */ + + bin2hex(buffer, buffer, len); + buffer[len*2] = '\0'; + + /* Send the meta key */ + + x = send_request(c, "%d %s", METAKEY, buffer); + + /* Further outgoing requests are encrypted with the key we just generated */ + + EVP_EncryptInit(c->outctx, EVP_bf_cfb(), + c->outkey + len - EVP_bf_cfb()->key_len, + c->outkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len); + + c->status.encryptout = 1; +cp + return x; +} + +int metakey_h(connection_t *c) +{ + char buffer[MAX_STRING_SIZE]; + int len; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); + return -1; + } +cp + len = RSA_size(myself->connection->rsa_key); + + /* Check if the length of the meta key is all right */ + + if(strlen(buffer) != len*2) + { + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); + return -1; + } + + /* Allocate buffers for the meta key */ +cp + if(!c->inkey) + c->inkey = xmalloc(len); + + if(!c->inctx) + c->inctx = xmalloc(sizeof(*c->inctx)); + + /* Convert the challenge from hexadecimal back to binary */ +cp + hex2bin(buffer,buffer,len); + + /* Decrypt the meta key */ +cp + if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ + { + syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); + return -1; + } + + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(c->inkey, buffer, len); + buffer[len*2] = '\0'; + syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); + } + + /* All incoming requests will now be encrypted. */ +cp + EVP_DecryptInit(c->inctx, EVP_bf_cfb(), + c->inkey + len - EVP_bf_cfb()->key_len, + c->inkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len); + + c->status.decryptin = 1; + + c->allow_request = CHALLENGE; +cp + return send_challenge(c); +} + +int send_challenge(connection_t *c) +{ + char buffer[MAX_STRING_SIZE]; + int len, x; +cp + /* CHECKME: what is most reasonable value for len? */ + + len = RSA_size(c->rsa_key); + + /* Allocate buffers for the challenge */ + + if(!c->hischallenge) + c->hischallenge = xmalloc(len); +cp + /* Copy random data to the buffer */ + + RAND_bytes(c->hischallenge, len); + +cp + /* Convert to hex */ + + bin2hex(c->hischallenge, buffer, len); + buffer[len*2] = '\0'; + +cp + /* Send the challenge */ + + x = send_request(c, "%d %s", CHALLENGE, buffer); +cp + return x; +} + +int challenge_h(connection_t *c) +{ + char buffer[MAX_STRING_SIZE]; + int len; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, c->hostname); + return -1; + } + + len = RSA_size(myself->connection->rsa_key); + + /* Check if the length of the challenge is all right */ + + if(strlen(buffer) != len*2) + { + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong challenge length"); + return -1; + } + + /* Allocate buffers for the challenge */ + + if(!c->mychallenge) + c->mychallenge = xmalloc(len); + + /* Convert the challenge from hexadecimal back to binary */ + + hex2bin(buffer,c->mychallenge,len); + + c->allow_request = CHAL_REPLY; + + /* Rest is done by send_chal_reply() */ +cp + return send_chal_reply(c); +} + +int send_chal_reply(connection_t *c) +{ + char hash[SHA_DIGEST_LENGTH*2+1]; +cp + /* Calculate the hash from the challenge we received */ + + SHA1(c->mychallenge, RSA_size(myself->connection->rsa_key), hash); + + /* Convert the hash to a hexadecimal formatted string */ + + bin2hex(hash,hash,SHA_DIGEST_LENGTH); + hash[SHA_DIGEST_LENGTH*2] = '\0'; + + /* Send the reply */ + +cp + return send_request(c, "%d %s", CHAL_REPLY, hash); +} + +int chal_reply_h(connection_t *c) +{ + char hishash[MAX_STRING_SIZE]; + char myhash[SHA_DIGEST_LENGTH]; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING, hishash) != 1) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, c->hostname); + return -1; + } + + /* Check if the length of the hash is all right */ + + if(strlen(hishash) != SHA_DIGEST_LENGTH*2) + { + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply length")); + return -1; + } + + /* Convert the hash to binary format */ + + hex2bin(hishash, hishash, SHA_DIGEST_LENGTH); + + /* Calculate the hash from the challenge we sent */ + + SHA1(c->hischallenge, RSA_size(c->rsa_key), myhash); + + /* Verify the incoming hash with the calculated hash */ + + if(memcmp(hishash, myhash, SHA_DIGEST_LENGTH)) + { + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply")); + if(debug_lvl >= DEBUG_SCARY_THINGS) + { + bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); + hishash[SHA_DIGEST_LENGTH*2] = '\0'; + syslog(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); + } + return -1; + } + + /* Identity has now been positively verified. + Send an acknowledgement with the rest of the information needed. + */ + + c->allow_request = ACK; +cp + return send_ack(c); +} + +int send_ack(connection_t *c) +{ + /* ACK message contains rest of the information the other end needs + to create node_t and edge_t structures. */ + + int x; + char *addrstr; + struct timeval now; +cp + /* Estimate weight */ + + gettimeofday(&now, NULL); + c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; + addrstr = address2str(c->address); + x = send_request(c, "%d %hd %s %d %d", ACK, myself->port, addrstr, c->estimated_weight, c->options); + free(addrstr); +cp + return x; +} + +void send_everything(connection_t *c) +{ + avl_node_t *node, *node2; + node_t *n; + subnet_t *s; + edge_t *e; + + /* Send all known subnets */ + + for(node = node_tree->head; node; node = node->next) + { + n = (node_t *)node->data; + + for(node2 = n->subnet_tree->head; node2; node2 = node2->next) + { + s = (subnet_t *)node2->data; + send_add_subnet(c, s); + } + } + + /* Send all known edges */ + + for(node = edge_tree->head; node; node = node->next) + { + e = (edge_t *)node->data; + + if(e == c->edge) + continue; + + send_add_edge(c, e); + } +} + +int ack_h(connection_t *c) +{ + port_t hisport; + char addrstr[MAX_STRING_SIZE]; + int weight; + int options; + node_t *n; + connection_t *other; + avl_node_t *node; +cp + if(sscanf(c->buffer, "%*d %hd "MAX_STRING" %d %d", &hisport, addrstr, &weight, &options) != 4) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); + return -1; + } + + /* Check if we already have a node_t for him */ + + n = lookup_node(c->name); + + if(!n) + { + n = new_node(); + n->name = xstrdup(c->name); + n->address = c->address; + n->hostname = xstrdup(c->hostname); + n->port = hisport; + + /* FIXME: Also check if no other tinc daemon uses the same IP and port for UDP traffic */ + + node_add(n); + } + else + { + if(n->connection) + { + /* Oh dear, we already have a connection to this node. */ + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); + terminate_connection(n->connection, 0); + } + + /* FIXME: check if information in existing node matches that of the other end of this connection */ + } + + n->connection = c; + c->node = n; + c->options |= options; + + /* Create an edge_t for this connection */ + + c->edge = new_edge(); + + c->edge->from.node = myself; + c->edge->from.address = str2address(addrstr); + c->edge->from.port = myself->port; + c->edge->to.node = n; + c->edge->to.address = c->address; + c->edge->to.port = hisport; + c->edge->weight = (weight + c->estimated_weight) / 2; + c->edge->connection = c; + c->edge->options = c->options; + + edge_add(c->edge); + + /* Activate this connection */ + + c->allow_request = ALL; + c->status.active = 1; + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); + +cp + /* Send him everything we know */ + + send_everything(c); + + /* Notify others of this connection */ + + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + + if(other->status.active && other != c) + send_add_edge(other, c->edge); + } + + /* Run MST and SSSP algorithms */ + + graph(); + + /* Succesful connection, reset timeout if this is an outgoing connection. */ + + if(c->outgoing) + c->outgoing->timeout = 0; +cp + return 0; +} diff --git a/src/protocol_edge.c b/src/protocol_edge.c new file mode 100644 index 00000000..9c83199b --- /dev/null +++ b/src/protocol_edge.c @@ -0,0 +1,291 @@ +/* + protocol_edge.c -- handle the meta-protocol, edges + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: protocol_edge.c,v 1.1.4.1 2002/02/11 10:05:58 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "conf.h" +#include "net.h" +#include "netutl.h" +#include "protocol.h" +#include "meta.h" +#include "connection.h" +#include "node.h" +#include "edge.h" +#include "graph.h" + +#include "system.h" + +int send_add_edge(connection_t *c, edge_t *e) +{ + int x; + char *from_addrstr, *to_addrstr; +cp + from_addrstr = address2str(e->from.address); + to_addrstr = address2str(e->to.address); + x = send_request(c, "%d %s %s %hd %s %s %hd %lx %d", ADD_EDGE, + e->from.node->name, from_addrstr, e->from.port, + e->to.node->name, to_addrstr, e->to.port, + e->options, e->weight); + free(from_addrstr); + free(to_addrstr); +cp + return x; +} + +int add_edge_h(connection_t *c) +{ + connection_t *other; + edge_t *e; + node_t *from, *to; + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + char from_addrstr[MAX_STRING_SIZE]; + char to_addrstr[MAX_STRING_SIZE]; + ipv4_t from_address, to_address; + port_t from_port, to_port; + long int options; + int weight; + avl_node_t *node; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %hd "MAX_STRING" "MAX_STRING" %hd %lx %d", + from_name, from_addrstr, &from_port, + to_name, to_addrstr, &to_port, + &options, &weight) != 8) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, c->hostname); + return -1; + } + + /* Check if names are valid */ + + if(check_id(from_name)) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); + return -1; + } + + if(check_id(to_name)) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); + return -1; + } + + /* Lookup nodes */ + + from = lookup_node(from_name); + + if(!from) + { + from = new_node(); + from->name = xstrdup(from_name); + node_add(from); + } + + to = lookup_node(to_name); + + if(!to) + { + to = new_node(); + to->name = xstrdup(to_name); + node_add(to); + } + + /* Convert addresses */ + + from_address = str2address(from_addrstr); + to_address = str2address(to_addrstr); + + /* Check if edge already exists */ + + e = lookup_edge(from, to); + + if(e) + { + if(e->weight != weight || e->options != options + || ((e->from.node == from) && (e->from.address != from_address || e->from.port != from_port || e->to.address != to_address || e->to.port != to_port)) + || ((e->from.node == to) && (e->from.address != to_address || e->from.port != to_port || e->to.address != from_address || e->to.port != from_port)) + ) + { + if(from == myself || to == myself) + { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); + send_add_edge(c, e); + return 0; + } + else + { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); + edge_del(e); + } + } + else + return 0; + } + else if(from == myself || to == myself) + { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not exist"), "ADD_EDGE", c->name, c->hostname); + e = new_edge(); + e->from.node = from; + e->to.node = to; + send_del_edge(c, e); + free_edge(e); + return 0; + } + + + + e = new_edge(); + e->from.node = from; + e->from.address = from_address; + e->from.port = from_port; + e->to.node = to; + e->to.address = to_address; + e->to.port = to_port; + e->options = options; + e->weight = weight; + edge_add(e); + + /* Tell the rest about the new edge */ + + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + if(other->status.active && other != c) + send_add_edge(other, e); + } + + /* Run MST before or after we tell the rest? */ + + graph(); +cp + return 0; +} + +int send_del_edge(connection_t *c, edge_t *e) +{ +cp + return send_request(c, "%d %s %s", DEL_EDGE, + e->from.node->name, e->to.node->name); +} + +int del_edge_h(connection_t *c) +{ + edge_t *e; + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + node_t *from, *to; + connection_t *other; + avl_node_t *node; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING"", from_name, to_name) != 2) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", + c->name, c->hostname); + return -1; + } + + /* Check if names are valid */ + + if(check_id(from_name)) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); + return -1; + } + + if(check_id(to_name)) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); + return -1; + } + + /* Lookup nodes */ + + from = lookup_node(from_name); + + if(!from) + { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); + return 0; + } + + to = lookup_node(to_name); + + if(!to) + { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); + return 0; + } + + /* Check if edge exists */ + + e = lookup_edge(from, to); + + if(!e) + { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); + return 0; + } + + if(e->from.node == myself || e->to.node == myself) + { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_EDGE", c->name, c->hostname); + send_add_edge(c, e); /* Send back a correction */ + return 0; + } + + /* Tell the rest about the deleted edge */ + + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + if(other->status.active && other != c) + send_del_edge(other, e); + } + + /* Delete the edge */ + + edge_del(e); + + /* Run MST before or after we tell the rest? */ + + graph(); +cp + return 0; +} diff --git a/src/protocol_key.c b/src/protocol_key.c new file mode 100644 index 00000000..3c72c294 --- /dev/null +++ b/src/protocol_key.c @@ -0,0 +1,272 @@ +/* + protocol_key.c -- handle the meta-protocol, key exchange + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: protocol_key.c,v 1.1.4.1 2002/02/11 10:05:58 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "conf.h" +#include "net.h" +#include "netutl.h" +#include "protocol.h" +#include "meta.h" +#include "connection.h" +#include "node.h" +#include "edge.h" +\ +#include "system.h" + +int mykeyused = 0; + +int send_key_changed(connection_t *c, node_t *n) +{ + connection_t *other; + avl_node_t *node; +cp + /* Only send this message if some other daemon requested our key previously. + This reduces unnecessary key_changed broadcasts. + */ + + if(n == myself && !mykeyused) + return 0; + + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + if(other->status.active && other->status.mst && other != c) + send_request(other, "%d %s", KEY_CHANGED, n->name); + } +cp + return 0; +} + +int key_changed_h(connection_t *c) +{ + char name[MAX_STRING_SIZE]; + node_t *n; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING, name) != 1) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", + c->name, c->hostname); + return -1; + } + + n = lookup_node(name); + + if(!n) + { + syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), "KEY_CHANGED", + c->name, c->hostname, name); + return -1; + } + + n->status.validkey = 0; + n->status.waitingforkey = 0; + n->sent_seqno = 0; + + send_key_changed(c, n); +cp + return 0; +} + +int send_req_key(connection_t *c, node_t *from, node_t *to) +{ +cp + return send_request(c, "%d %s %s", REQ_KEY, + from->name, to->name); +} + +int req_key_h(connection_t *c) +{ + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + node_t *from, *to; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, from_name, to_name) != 2) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", + c->name, c->hostname); + return -1; + } + + from = lookup_node(from_name); + + if(!from) + { + syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "REQ_KEY", + c->name, c->hostname, from_name); + return -1; + } + + to = lookup_node(to_name); + + if(!to) + { + syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "REQ_KEY", + c->name, c->hostname, to_name); + return -1; + } + + /* Check if this key request is for us */ + + if(to == myself) /* Yes, send our own key back */ + { + mykeyused = 1; + from->received_seqno = 0; + send_ans_key(c, myself, from); + } + else + { +/* Proxy keys + if(to->status.validkey) + { + send_ans_key(c, to, from); + } + else +*/ + send_req_key(to->nexthop->connection, from, to); + } + +cp + return 0; +} + +int send_ans_key(connection_t *c, node_t *from, node_t *to) +{ + char key[MAX_STRING_SIZE]; +cp + bin2hex(from->key, key, from->keylength); + key[from->keylength * 2] = '\0'; +cp + return send_request(c, "%d %s %s %s %d %d %d", ANS_KEY, + from->name, to->name, key, from->cipher?from->cipher->nid:0, from->digest?from->digest->type:0, from->maclength); +} + +int ans_key_h(connection_t *c) +{ + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + char key[MAX_STRING_SIZE]; + int cipher, digest, maclength; + node_t *from, *to; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d", from_name, to_name, key, &cipher, &digest, &maclength) != 6) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", + c->name, c->hostname); + return -1; + } + + from = lookup_node(from_name); + + if(!from) + { + syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "ANS_KEY", + c->name, c->hostname, from_name); + return -1; + } + + to = lookup_node(to_name); + + if(!to) + { + syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "ANS_KEY", + c->name, c->hostname, to_name); + return -1; + } + + /* Forward it if necessary */ + + if(to != myself) + { + return send_request(to->nexthop->connection, c->buffer); + } + + /* Update our copy of the origin's packet key */ + + if(from->key) + free(from->key); + + from->key = xstrdup(key); + from->keylength = strlen(key) / 2; + hex2bin(from->key, from->key, from->keylength); + from->key[from->keylength] = '\0'; + + from->status.validkey = 1; + from->status.waitingforkey = 0; + + /* Check and lookup cipher and digest algorithms */ + + if(cipher) + { + from->cipher = EVP_get_cipherbynid(cipher); + if(!from->cipher) + { + syslog(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, from->hostname); + return -1; + } + if(from->keylength != from->cipher->key_len + from->cipher->iv_len) + { + syslog(LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name, from->hostname); + return -1; + } + } + else + { + from->cipher = NULL; + } + + if(digest) + { + from->digest = EVP_get_digestbynid(digest); + if(!from->digest) + { + syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, from->hostname); + return -1; + } + from->maclength = maclength; + if(from->maclength > from->digest->md_size || from->maclength < 0) + { + syslog(LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), from->name, from->hostname); + return -1; + } + } + else + { + from->digest = NULL; + from->maclength = maclength; + } + + flush_queue(from); +cp + return 0; +} diff --git a/src/protocol_misc.c b/src/protocol_misc.c new file mode 100644 index 00000000..5863f9e9 --- /dev/null +++ b/src/protocol_misc.c @@ -0,0 +1,193 @@ +/* + protocol_misc.c -- handle the meta-protocol, miscellaneous functions + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: protocol_misc.c,v 1.1.4.1 2002/02/11 10:05:58 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include + +#include "conf.h" +#include "net.h" +#include "netutl.h" +#include "protocol.h" +#include "meta.h" +#include "connection.h" + +#include "system.h" + +/* Status and error notification routines */ + +int send_status(connection_t *c, int statusno, char *statusstring) +{ +cp + if(!statusstring) + statusstring = status_text[statusno]; +cp + return send_request(c, "%d %d %s", STATUS, statusno, statusstring); +} + +int status_h(connection_t *c) +{ + int statusno; + char statusstring[MAX_STRING_SIZE]; +cp + if(sscanf(c->buffer, "%*d %d "MAX_STRING, &statusno, statusstring) != 2) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "STATUS", + c->name, c->hostname); + return -1; + } + + if(debug_lvl >= DEBUG_STATUS) + { + syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), + c->name, c->hostname, status_text[statusno], statusstring); + } + +cp + return 0; +} + +int send_error(connection_t *c, int err, char *errstring) +{ +cp + if(!errstring) + errstring = strerror(err); + return send_request(c, "%d %d %s", ERROR, err, errstring); +} + +int error_h(connection_t *c) +{ + int err; + char errorstring[MAX_STRING_SIZE]; +cp + if(sscanf(c->buffer, "%*d %d "MAX_STRING, &err, errorstring) != 2) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ERROR", + c->name, c->hostname); + return -1; + } + + if(debug_lvl >= DEBUG_ERROR) + { + syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), + c->name, c->hostname, strerror(err), errorstring); + } + + terminate_connection(c, c->status.active); +cp + return 0; +} + +int send_termreq(connection_t *c) +{ +cp + return send_request(c, "%d", TERMREQ); +} + +int termreq_h(connection_t *c) +{ +cp + terminate_connection(c, c->status.active); +cp + return 0; +} + +int send_ping(connection_t *c) +{ +cp + c->status.pinged = 1; + c->last_ping_time = time(NULL); +cp + return send_request(c, "%d", PING); +} + +int ping_h(connection_t *c) +{ +cp + return send_pong(c); +} + +int send_pong(connection_t *c) +{ +cp + return send_request(c, "%d", PONG); +} + +int pong_h(connection_t *c) +{ +cp + c->status.pinged = 0; +cp + return 0; +} + +/* Sending and receiving packets via TCP */ + +int send_tcppacket(connection_t *c, vpn_packet_t *packet) +{ + int x; +cp + /* Evil hack. */ + + x = send_request(c, "%d %hd", PACKET, packet->len); + + if(x) + return x; +cp + return send_meta(c, packet->data, packet->len); +} + +int tcppacket_h(connection_t *c) +{ + short int len; +cp + if(sscanf(c->buffer, "%*d %hd", &len) != 1) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "PACKET", c->name, c->hostname); + return -1; + } + + /* Set reqlen to len, this will tell receive_meta() that a tcppacket is coming. */ + + c->tcplen = len; +cp + return 0; +} + +/* Status strings */ + +char (*status_text[]) = { + "Warning", +}; + +/* Error strings */ + +char (*error_text[]) = { + "Error", +}; diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c new file mode 100644 index 00000000..fbb021d1 --- /dev/null +++ b/src/protocol_subnet.c @@ -0,0 +1,231 @@ +/* + protocol_subnet.c -- handle the meta-protocol, subnets + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: protocol_subnet.c,v 1.1.4.1 2002/02/11 10:05:58 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "conf.h" +#include "net.h" +#include "netutl.h" +#include "protocol.h" +#include "meta.h" +#include "connection.h" +#include "node.h" +#include "edge.h" +#include "graph.h" + +#include "system.h" + +int send_add_subnet(connection_t *c, subnet_t *subnet) +{ + int x; + char *netstr; +cp + x = send_request(c, "%d %s %s", ADD_SUBNET, + subnet->owner->name, netstr = net2str(subnet)); + free(netstr); +cp + return x; +} + +int add_subnet_h(connection_t *c) +{ + char subnetstr[MAX_STRING_SIZE]; + char name[MAX_STRING_SIZE]; + node_t *owner; + connection_t *other; + subnet_t *s; + avl_node_t *node; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_SUBNET", c->name, c->hostname); + return -1; + } + + /* Check if owner name is a valid */ + + if(check_id(name)) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid name")); + return -1; + } + + /* Check if subnet string is valid */ + + if(!(s = str2net(subnetstr))) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid subnet string")); + return -1; + } + + /* Check if the owner of the new subnet is in the connection list */ + + owner = lookup_node(name); + + if(!owner) + { + owner = new_node(); + owner->name = xstrdup(name); + node_add(owner); + } + + /* Check if we already know this subnet */ + + if(lookup_subnet(owner, s)) + { + free_subnet(s); + return 0; + } + + /* If we don't know this subnet, but we are the owner, retaliate with a DEL_SUBNET */ + + if(owner == myself) + { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "ADD_SUBNET", c->name, c->hostname); + s->owner = myself; + send_del_subnet(c, s); + return 0; + } + + /* If everything is correct, add the subnet to the list of the owner */ + + subnet_add(owner, s); + + /* Tell the rest */ + + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + if(other->status.active && other != c) + send_add_subnet(other, s); + } +cp + return 0; +} + +int send_del_subnet(connection_t *c, subnet_t *s) +{ + int x; + char *netstr; +cp + netstr = net2str(s); + x = send_request(c, "%d %s %s", DEL_SUBNET, s->owner->name, netstr); + free(netstr); +cp + return x; +} + +int del_subnet_h(connection_t *c) +{ + char subnetstr[MAX_STRING_SIZE]; + char name[MAX_STRING_SIZE]; + node_t *owner; + connection_t *other; + subnet_t *s, *find; + avl_node_t *node; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_SUBNET", c->name, c->hostname); + return -1; + } + + /* Check if owner name is a valid */ + + if(check_id(name)) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid name")); + return -1; + } + + /* Check if the owner of the new subnet is in the connection list */ + + if(!(owner = lookup_node(name))) + { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which is not in our node tree"), + "DEL_SUBNET", c->name, c->hostname, name); + return 0; + } + + /* Check if subnet string is valid */ + + if(!(s = str2net(subnetstr))) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid subnet string")); + return -1; + } + + /* If everything is correct, delete the subnet from the list of the owner */ + + s->owner = owner; + + find = lookup_subnet(owner, s); + + free_subnet(s); + + if(!find) + { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), + "DEL_SUBNET", c->name, c->hostname, name); + return 0; + } + + /* If we are the owner of this subnet, retaliate with an ADD_SUBNET */ + + if(owner == myself) + { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_SUBNET", c->name, c->hostname); + send_add_subnet(c, find); + return 0; + } + + /* Tell the rest */ + + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + if(other->status.active && other != c) + send_del_subnet(other, find); + } + + /* Finally, delete it. */ + + subnet_del(owner, find); + +cp + return 0; +} From 24cc2a9065a4e962fb05addac47322930099a4b5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 11 Feb 2002 10:16:18 +0000 Subject: [PATCH 528/923] Last bits of the merger. --- src/netutl.c | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++ src/netutl.h | 32 ++++++++++++++++ 2 files changed, 137 insertions(+) create mode 100644 src/netutl.c create mode 100644 src/netutl.h diff --git a/src/netutl.c b/src/netutl.c new file mode 100644 index 00000000..14ed5cef --- /dev/null +++ b/src/netutl.c @@ -0,0 +1,105 @@ +/* + netutl.c -- some supporting network utility code + Copyright (C) 1998-2002 Ivo Timmermans + 2000-2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: netutl.c,v 1.12.4.23 2002/02/11 10:16:18 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include "errno.h" +#include "conf.h" +#include "net.h" +#include "netutl.h" + +#include "system.h" + +char *hostlookup(unsigned long addr) +{ + char *name; + struct hostent *host = NULL; + struct in_addr in; + int lookup_hostname = 0; +cp + in.s_addr = addr; + + get_config_bool(lookup_config(config_tree, "Hostnames"), &lookup_hostname); + + if(lookup_hostname) + host = gethostbyaddr((char *)&in, sizeof(in), AF_INET); + + if(!lookup_hostname || !host) + { + asprintf(&name, "%s", inet_ntoa(in)); + } + else + { + asprintf(&name, "%s", host->h_name); + } +cp + return name; +} + +/* + Turn a string into an IP address + return NULL on failure + Should support IPv6 and other stuff in the future. +*/ +ipv4_t str2address(char *str) +{ + ipv4_t address; + struct hostent *h; +cp + if(!(h = gethostbyname(str))) + { + if(debug_lvl >= DEBUG_ERROR) + syslog(LOG_WARNING, _("Error looking up `%s': %s\n"), str, strerror(errno)); + + return 0; + } + + address = ntohl(*((ipv4_t*)(h->h_addr_list[0]))); +cp + return address; +} + +char *address2str(ipv4_t address) +{ + char *str; +cp + asprintf(&str, "%hu.%hu.%hu.%hu", + (unsigned short int)((address >> 24) & 255), + (unsigned short int)((address >> 16) & 255), + (unsigned short int)((address >> 8) & 255), + (unsigned short int)(address & 255)); +cp + return str; +} diff --git a/src/netutl.h b/src/netutl.h new file mode 100644 index 00000000..3d1584f6 --- /dev/null +++ b/src/netutl.h @@ -0,0 +1,32 @@ +/* + netutl.h -- header file for netutl.c + Copyright (C) 1998-2002 Ivo Timmermans + 2000-2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: netutl.h,v 1.2.4.9 2002/02/11 10:16:18 guus Exp $ +*/ + +#ifndef __TINC_NETUTL_H__ +#define __TINC_NETUTL_H__ + +#include "net.h" + +extern char *hostlookup(unsigned long); +extern ipv4_t str2address(char*); +extern char *address2str(ipv4_t); + +#endif /* __TINC_NETUTL_H__ */ From 1c34ba7fb8580949f3bd3a0d804747bbaea28e36 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 11 Feb 2002 12:33:01 +0000 Subject: [PATCH 529/923] Sensible defaults for $INTERFACE. --- src/freebsd/device.c | 4 ++-- src/linux/device.c | 6 +++++- src/openbsd/device.c | 4 ++-- src/solaris/device.c | 5 ++++- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/src/freebsd/device.c b/src/freebsd/device.c index 492ba33d..e75076a9 100644 --- a/src/freebsd/device.c +++ b/src/freebsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.2 2002/02/10 21:57:54 guus Exp $ + $Id: device.c,v 1.1.2.3 2002/02/11 12:33:01 guus Exp $ */ #include "config.h" @@ -62,7 +62,7 @@ cp device = DEFAULT_DEVICE; if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - interface = netname; + interface = rindex(device, '/')?rindex(device, '/')+1:device; cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { diff --git a/src/linux/device.c b/src/linux/device.c index a54647ec..88355caa 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.5 2002/02/10 21:57:54 guus Exp $ + $Id: device.c,v 1.1.2.6 2002/02/11 12:33:01 guus Exp $ */ #include "config.h" @@ -77,7 +77,11 @@ cp device = DEFAULT_DEVICE; if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) +#ifdef HAVE_TUNTAP interface = netname; +#else + interface = rindex(device, '/')?rindex(device, '/')+1:device; +#endif cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { diff --git a/src/openbsd/device.c b/src/openbsd/device.c index 1fccd14f..a24d2d0d 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.3 2002/02/10 21:57:54 guus Exp $ + $Id: device.c,v 1.1.2.4 2002/02/11 12:33:01 guus Exp $ */ #include "config.h" @@ -66,7 +66,7 @@ int setup_device(void) device = DEFAULT_DEVICE; if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - interface = netname; + interface = rindex(device, '/')?rindex(device, '/')+1:device; cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { diff --git a/src/solaris/device.c b/src/solaris/device.c index dcfd8c44..5aacf3e5 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.4 2002/02/10 21:57:54 guus Exp $ + $Id: device.c,v 1.1.2.5 2002/02/11 12:33:01 guus Exp $ */ @@ -113,6 +113,9 @@ cp return -1; } + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + asprintf(interface, "tun%d", ppa); + device_info = _("Solaris tun device"); /* Set default MAC address for ethertap devices */ From 1708997bc8ab55122f9de9cc8b81397d3a003ea9 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 11 Feb 2002 14:20:21 +0000 Subject: [PATCH 530/923] - If no PrivateKeyFile is specified, /etc/tinc/netname/rsa_key.priv is assumed. - Check RSA key before using it. --- src/net.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 46 insertions(+), 8 deletions(-) diff --git a/src/net.c b/src/net.c index 544bf635..71829534 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.152 2002/02/10 21:57:54 guus Exp $ + $Id: net.c,v 1.35.4.153 2002/02/11 14:20:21 guus Exp $ */ #include "config.h" @@ -596,6 +596,7 @@ cp { BN_hex2bn(&c->rsa_key->n, key); BN_hex2bn(&c->rsa_key->e, "FFFF"); + free(key); return 0; } @@ -609,8 +610,10 @@ cp { syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"), fname); + free(fname); return -1; } + free(fname); c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); fclose(fp); if(!c->rsa_key) @@ -622,7 +625,10 @@ cp return 0; } else - return -1; + { + free(fname); + return -1; + } } /* Else, check if a harnessed public key is in the config file */ @@ -655,15 +661,23 @@ cp myself->connection->rsa_key = RSA_new(); BN_hex2bn(&myself->connection->rsa_key->d, key); BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); + free(key); + return 0; } - else if(get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) + + if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) + asprintf(&fname, "%s/rsa_key.priv", confbase); + + if(is_safe_path(fname)) { if((fp = fopen(fname, "r")) == NULL) { syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"), fname); + free(fname); return -1; } + free(fname); myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); fclose(fp); if(!myself->connection->rsa_key) @@ -672,11 +686,36 @@ cp fname); return -1; } + return 0; + } + + free(fname); + return -1; +} + +int check_rsa_key(RSA *rsa_key) +{ + char *test1, *test2, *test3; +cp + if(rsa_key->p && rsa_key->q) + { + if(RSA_check_key(rsa_key) != 1) + return -1; } else { - syslog(LOG_ERR, _("No private key for tinc daemon specified!")); - return -1; + test1 = xmalloc(RSA_size(rsa_key)); + test2 = xmalloc(RSA_size(rsa_key)); + test3 = xmalloc(RSA_size(rsa_key)); + + if(RSA_public_encrypt(RSA_size(rsa_key), test1, test2, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) + return -1; + + if(RSA_private_decrypt(RSA_size(rsa_key), test2, test3, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) + return -1; + + if(memcmp(test1, test3, RSA_size(rsa_key))) + return -1; } cp return 0; @@ -732,13 +771,12 @@ cp return -1; cp -/* - if(RSA_check_key(rsa_key) != 1) + if(check_rsa_key(myself->connection->rsa_key)) { syslog(LOG_ERR, _("Invalid public/private keypair!")); return -1; } -*/ + if(!get_config_port(lookup_config(myself->connection->config_tree, "Port"), &myself->port)) myself->port = 655; From 94b171b3051b999e619ae19e1c9c29d356606788 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 11 Feb 2002 14:20:46 +0000 Subject: [PATCH 531/923] Small fix. --- src/solaris/device.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/solaris/device.c b/src/solaris/device.c index 5aacf3e5..cf0bb534 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.5 2002/02/11 12:33:01 guus Exp $ + $Id: device.c,v 1.1.2.6 2002/02/11 14:20:46 guus Exp $ */ @@ -114,7 +114,7 @@ cp } if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - asprintf(interface, "tun%d", ppa); + asprintf(&interface, "tun%d", ppa); device_info = _("Solaris tun device"); From d9a62c6354d1e2ad78ee8c610518ae9f9ab012d1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 11 Feb 2002 15:59:18 +0000 Subject: [PATCH 532/923] Added support for packet compression, thanks to Mark Glines. Add "Compression = " to the host config files, where level can be 0 (off), or any integer between 1 (fast) and 9 (best). --- THANKS | 1 + configure.in | 3 +- doc/tinc.conf.5 | 3 + doc/tinc.texi | 11 ++- m4/zlib.m4 | 31 +++++++ po/nl.po | 209 +++++++++++++++++++++++---------------------- src/net.c | 122 ++++++++++++++++++++------ src/node.c | 6 +- src/node.h | 4 +- src/protocol.h | 4 +- src/protocol_key.c | 12 +-- 11 files changed, 261 insertions(+), 145 deletions(-) create mode 100644 m4/zlib.m4 diff --git a/THANKS b/THANKS index 0c50cf62..e4cfd6d0 100644 --- a/THANKS +++ b/THANKS @@ -17,6 +17,7 @@ We would like to thank * Jamie Briggs (for finding a lot of socket leaks) * Armijn Hemel (for being our very own PR manager) * Jerome Etienne (for a thorough security analysis of tinc) + * Mark Glines (for his compression patch) for their help, support and ideas. Thank you guys! diff --git a/configure.in b/configure.in index df0f2bcc..ec76e6d6 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.39 2002/02/10 21:57:51 guus Exp $ +dnl $Id: configure.in,v 1.13.2.40 2002/02/11 15:59:18 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -94,6 +94,7 @@ AC_CACHE_SAVE dnl These are defined in files in m4/ tinc_TUNTAP tinc_OPENSSL +tinc_ZLIB dnl Check if checkpoint tracing has to be enabled AC_ARG_ENABLE(tracing, diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 547c75f1..642cc6b3 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -216,6 +216,9 @@ Any cipher supported by OpenSSL is recognised. Furthermore, specifying .Qq none will turn off packet encryption. +.It Va Compression Li = Ar level Pq 0 +This option sets the level of compression used for UDP packets. +Possible values are 0 (off), 1 (fast) and any integer up to 9 (best). .It Va Digest Li = Ar digest Pq sha1 The digest algorithm used to authenticate UDP packets. Any digest supported by OpenSSL is recognised. diff --git a/doc/tinc.texi b/doc/tinc.texi index ca399d5b..6bf9c1d1 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.19 2002/02/10 21:57:51 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.20 2002/02/11 15:59:18 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.19 2002/02/10 21:57:51 guus Exp $ +$Id: tinc.texi,v 1.8.4.20 2002/02/11 15:59:18 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.19 2002/02/10 21:57:51 guus Exp $ +$Id: tinc.texi,v 1.8.4.20 2002/02/11 15:59:18 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -865,6 +865,11 @@ not the one that is internal to the VPN. The symmetric cipher algorithm used to encrypt UDP packets. Any cipher supported by OpenSSL is recognized. +@cindex Compression +@item Compression = (0) +This option sets the level of compression used for UDP packets. +Possible values are 0 (off), 1 (fast) and any integer up to 9 (best). + @cindex Digest @item Digest = (sha1) The digest algorithm used to authenticate UDP packets. diff --git a/m4/zlib.m4 b/m4/zlib.m4 new file mode 100644 index 00000000..8407838a --- /dev/null +++ b/m4/zlib.m4 @@ -0,0 +1,31 @@ +dnl Check to find the zlib headers/libraries + +AC_DEFUN(tinc_ZLIB, +[ + tinc_ac_save_CPPFLAGS="$CPPFLAGS" + + AC_ARG_WITH(zlib-include, + [ --with-zlib-include=DIR zlib headers directory], + [zlib_include="$withval" + CFLAGS="$CFLAGS -I$withval" + CPPFLAGS="$CPPFLAGS -I$withval"] + ) + + AC_ARG_WITH(zlib-lib, + [ --with-zlib-lib=DIR zlib library directory], + [zlib_lib="$withval" + LIBS="$LIBS -L$withval"] + ) + + AC_CHECK_HEADERS(zlib.h, + [], + [AC_MSG_ERROR("zlib header files not found."); break] + ) + + CPPFLAGS="$tinc_ac_save_CPPFLAGS" + + AC_CHECK_LIB(z, compress2, + [LIBS="$LIBS -lz"], + [AC_MSG_ERROR("zlib libraries not found.")] + ) +]) diff --git a/po/nl.po b/po/nl.po index 64895bf6..776e36d1 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,8 +5,8 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-02-09 21:32+0100\n" -"PO-Revision-Date: 2002-02-09 17:20+0100\n" +"POT-Creation-Date: 2002-02-11 16:57+0100\n" +"PO-Revision-Date: 2002-02-11 16:57+0100\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" @@ -170,302 +170,315 @@ msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %m" msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:111 +#: src/net.c:118 #, c-format msgid "Got unauthenticated packet from %s (%s)" msgstr "Kreeg niet-geauthenticeerd pakket van %s (%s)" -#: src/net.c:134 +#: src/net.c:144 #, c-format msgid "Got late or replayed packet from %s (%s), seqno %d" msgstr "Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d" -#: src/net.c:162 +#: src/net.c:161 +#, c-format +msgid "Error while uncompressing packet from %s (%s)" +msgstr "Fout tijdens decomprimeren pakket van %s (%s)" + +#: src/net.c:188 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net.c:180 +#: src/net.c:210 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net.c:225 +#: src/net.c:235 +#, c-format +msgid "Error while compressing packet to %s (%s)" +msgstr "Fout tijdens comprimeren pakket naar %s (%s)" + +#: src/net.c:278 #, c-format msgid "Error sending packet to %s (%s): %m" msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" -#: src/net.c:240 +#: src/net.c:293 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net.c:247 +#: src/net.c:300 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net.c:256 +#: src/net.c:309 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net.c:264 +#: src/net.c:317 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net.c:284 +#: src/net.c:337 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net.c:301 +#: src/net.c:354 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net.c:326 +#: src/net.c:379 #, c-format msgid "Creating metasocket failed: %m" msgstr "Aanmaak van metasocket mislukt: %m" -#: src/net.c:334 src/net.c:380 src/net.c:407 src/net.c:987 src/process.c:258 +#: src/net.c:387 src/net.c:433 src/net.c:460 src/net.c:1091 src/process.c:258 #: src/process.c:294 #, c-format msgid "System call `%s' failed: %m" msgstr "Systeemaanroep `%s' mislukte: %m" -#: src/net.c:354 +#: src/net.c:407 #, c-format msgid "Can't bind to interface %s: %m" msgstr "Kan niet aan interface %s binden: %m" -#: src/net.c:373 +#: src/net.c:426 #, c-format msgid "Can't bind to port %hd/tcp: %m" msgstr "Kan niet aan poort %hd/tcp binden: %m" -#: src/net.c:397 +#: src/net.c:450 #, c-format msgid "Creating socket failed: %m" msgstr "Aanmaak socket mislukte: %m" -#: src/net.c:420 +#: src/net.c:473 #, c-format msgid "Can't bind to port %hd/udp: %m" msgstr "Kan niet aan poort %hd/udp binden: %m" -#: src/net.c:442 +#: src/net.c:495 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net.c:452 +#: src/net.c:505 #, c-format msgid "Trying to connect to %s (%s)" msgstr "Poging tot verbinden met %s (%s)" -#: src/net.c:458 +#: src/net.c:511 #, c-format msgid "Creating socket for %s port %d failed: %m" msgstr "Aanmaken socket voor %s poort %d mislukt: %m" -#: src/net.c:500 +#: src/net.c:553 #, c-format msgid "%s port %hd: %m" msgstr "%s poort %hd: %m" -#: src/net.c:509 +#: src/net.c:562 #, c-format msgid "fcntl for %s port %d: %m" msgstr "fcntl voor %s poort %d: %m" -#: src/net.c:515 +#: src/net.c:568 #, c-format msgid "Connected to %s port %hd" msgstr "Verbonden met %s poort %hd" -#: src/net.c:533 +#: src/net.c:586 #, c-format msgid "Already connected to %s" msgstr "Reeds verbonden met %s" -#: src/net.c:546 +#: src/net.c:599 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net.c:558 +#: src/net.c:611 #, c-format msgid "Error looking up `%s': %m" msgstr "Fout bij het opzoeken van `%s': %m" -#: src/net.c:569 +#: src/net.c:622 #, c-format msgid "Could not set up a meta connection to %s (%s)" msgstr "Kon geen metaverbinding aangaan met %s (%s)" -#: src/net.c:610 +#: src/net.c:664 #, c-format msgid "Error reading RSA public key file `%s': %m" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %m" -#: src/net.c:618 +#: src/net.c:674 #, c-format msgid "Reading RSA public key file `%s' failed: %m" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %m" -#: src/net.c:643 +#: src/net.c:702 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net.c:663 +#: src/net.c:728 #, c-format msgid "Error reading RSA private key file `%s': %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" -#: src/net.c:671 +#: src/net.c:738 #, c-format msgid "Reading RSA private key file `%s' failed: %m" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" -# -#: src/net.c:678 -msgid "No private key for tinc daemon specified!" -msgstr "Geen privé sleutel voor tinc daemon gespecificeerd!" - -#: src/net.c:699 src/net.c:700 +#: src/net.c:791 src/net.c:792 msgid "MYSELF" msgstr "MIJZELF" -#: src/net.c:707 +#: src/net.c:799 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net.c:713 +#: src/net.c:805 msgid "Invalid name for myself!" msgstr "Ongelige naam voor mijzelf!" -#: src/net.c:727 +#: src/net.c:819 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net.c:793 +#: src/net.c:829 +msgid "Invalid public/private keypair!" +msgstr "Ongeldig publiek/privé sleutelpaar!" + +#: src/net.c:884 msgid "Invalid routing mode!" msgstr "Ongelige routing modus!" -#: src/net.c:805 +#: src/net.c:896 msgid "Unable to set up a listening TCP socket!" msgstr "Kon geen TCP luistersocket aanmaken!" -#: src/net.c:811 +#: src/net.c:902 msgid "Unable to set up a listening UDP socket!" msgstr "Kon geen UDP luistersocket aanmaken!" -#: src/net.c:827 +#: src/net.c:918 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net.c:860 +#: src/net.c:951 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net.c:874 +#: src/net.c:965 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net.c:879 +#: src/net.c:970 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net.c:896 +#: src/net.c:984 +msgid "Bogus compression level!" +msgstr "Onzinnig compressieniveau!" + +#: src/net.c:1000 #, c-format msgid "Ready: listening on port %hd" msgstr "Gereed: luisterend op poort %hd" -#: src/net.c:1000 +#: src/net.c:1104 #, c-format msgid "Connection from %s port %d" msgstr "Verbinding van %s poort %d" -#: src/net.c:1045 +#: src/net.c:1149 #, c-format msgid "This is a bug: %s:%d: %d:%m" msgstr "Dit is een programmeerfout: %s:%d: %d:%m" -#: src/net.c:1051 +#: src/net.c:1155 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1057 +#: src/net.c:1161 #, c-format msgid "Receiving packet failed: %m" msgstr "Ontvangst pakket mislukt: %m" -#: src/net.c:1065 +#: src/net.c:1169 #, c-format msgid "Received UDP packet on port %hd from unknown source %x:%hd" msgstr "Ontvangst UDP pakket op poort %hd van onbekende oorsprong %x:%hd" -#: src/net.c:1088 +#: src/net.c:1192 msgid "Purging unreachable nodes" msgstr "Verwijderen onbereikbare nodes" -#: src/net.c:1098 +#: src/net.c:1202 #, c-format msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:1152 +#: src/net.c:1256 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:1223 +#: src/net.c:1327 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:1236 +#: src/net.c:1340 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:1257 +#: src/net.c:1361 #, c-format msgid "Accepting a new connection failed: %m" msgstr "Aanname van nieuwe verbinding is mislukt: %m" -#: src/net.c:1265 +#: src/net.c:1369 msgid "Closed attempted connection" msgstr "Aangenomen verbinding verbroken" -#: src/net.c:1288 +#: src/net.c:1392 #, c-format msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongelige naam voor uitgaande verbinding in %s regel %d" -#: src/net.c:1384 +#: src/net.c:1488 #, c-format msgid "Error while waiting for input: %m" msgstr "Fout tijdens wachten op invoer: %m" -#: src/net.c:1391 +#: src/net.c:1495 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:1398 +#: src/net.c:1502 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" -#: src/net.c:1430 +#: src/net.c:1534 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:1440 +#: src/net.c:1544 msgid "Flushing event queue" msgstr "Legen taakrij" @@ -1010,11 +1023,11 @@ msgstr "Nodes:" #: src/node.c:166 #, c-format msgid "" -" %s at %s port %hd cipher %d digest %d maclength %d options %ld status %04x " -"nexthop %s via %s" +" %s at %s port %hd cipher %d digest %d maclength %d compression %d options %" +"ld status %04x nexthop %s via %s" msgstr "" -" %s op %s poort %hd cipher %d digest %d maclengte %d opties %ld status %04x " -"nexthop %s via %s" +" %s op %s poort %hd cipher %d digest %d maclengte %d compressie %d opties %" +"ld status %04x nexthop %s via %s" #: src/node.c:171 msgid "End of nodes." @@ -1043,69 +1056,69 @@ msgstr "Node %s (%s) werd bereikbaar" msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" -#: src/freebsd/device.c:69 src/linux/device.c:84 src/openbsd/device.c:73 +#: src/freebsd/device.c:69 src/linux/device.c:88 src/openbsd/device.c:73 #: src/solaris/device.c:74 #, c-format msgid "Could not open %s: %m" msgstr "Kon `%s' niet openen: %m" -#: src/linux/device.c:109 src/linux/device.c:119 +#: src/linux/device.c:113 src/linux/device.c:123 msgid "Linux tun/tap device" msgstr "Linux tun/tap apparaat" -#: src/linux/device.c:117 +#: src/linux/device.c:121 #, c-format msgid "Old ioctl() request was needed for %s" msgstr "Oud ioctl() verzoek was nodig voor %s" -#: src/linux/device.c:126 +#: src/linux/device.c:130 msgid "Linux ethertap device" msgstr "Linux ethertap apparaat" -#: src/freebsd/device.c:86 src/linux/device.c:130 src/openbsd/device.c:89 -#: src/solaris/device.c:128 +#: src/freebsd/device.c:86 src/linux/device.c:134 src/openbsd/device.c:89 +#: src/solaris/device.c:131 #, c-format msgid "%s is a %s" msgstr "%s is een %s" -#: src/freebsd/device.c:107 src/linux/device.c:153 src/linux/device.c:163 -#: src/openbsd/device.c:110 src/solaris/device.c:145 +#: src/freebsd/device.c:107 src/linux/device.c:157 src/linux/device.c:167 +#: src/openbsd/device.c:110 src/solaris/device.c:148 #, c-format msgid "Error while reading from %s %s: %m" msgstr "Fout tijdens lezen van %s %s: %m" -#: src/freebsd/device.c:116 src/linux/device.c:174 src/openbsd/device.c:125 -#: src/solaris/device.c:160 +#: src/freebsd/device.c:116 src/linux/device.c:178 src/openbsd/device.c:125 +#: src/solaris/device.c:163 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" -#: src/freebsd/device.c:127 src/linux/device.c:185 src/openbsd/device.c:138 -#: src/solaris/device.c:171 +#: src/freebsd/device.c:127 src/linux/device.c:189 src/openbsd/device.c:138 +#: src/solaris/device.c:174 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" -#: src/linux/device.c:192 src/linux/device.c:201 src/openbsd/device.c:148 -#: src/solaris/device.c:176 +#: src/linux/device.c:196 src/linux/device.c:205 src/openbsd/device.c:148 +#: src/solaris/device.c:179 #, c-format msgid "Can't write to %s %s: %m" msgstr "Kan niet schrijven naar %s %s: %m" -#: src/freebsd/device.c:143 src/linux/device.c:214 src/openbsd/device.c:159 -#: src/solaris/device.c:188 +#: src/freebsd/device.c:143 src/linux/device.c:218 src/openbsd/device.c:159 +#: src/solaris/device.c:191 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" -#: src/freebsd/device.c:144 src/linux/device.c:215 src/openbsd/device.c:160 -#: src/solaris/device.c:189 +#: src/freebsd/device.c:144 src/linux/device.c:219 src/openbsd/device.c:160 +#: src/solaris/device.c:192 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" -#: src/freebsd/device.c:145 src/linux/device.c:216 src/openbsd/device.c:161 -#: src/solaris/device.c:190 +#: src/freebsd/device.c:145 src/linux/device.c:220 src/openbsd/device.c:161 +#: src/solaris/device.c:193 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" @@ -1153,14 +1166,6 @@ msgstr "Kon PPA %d niet instellen: %m" msgid "Can't link TUN device to IP: %m" msgstr "Kan TUN apparaat niet koppelen aan IP: %m" -#: src/solaris/device.c:116 +#: src/solaris/device.c:119 msgid "Solaris tun device" msgstr "Solaris tun apparaat" - -#~ msgid "No digest, MAC length ignored" -#~ msgstr "Geen digest, MAC lengte genegeerd" - -#~ msgid "Failed to setup all outgoing connections, will retry in %d seconds" -#~ msgstr "" -#~ "Poging tot maken van alle uitgaande verbinding faalde, nieuwe poging over " -#~ "%d seconden" diff --git a/src/net.c b/src/net.c index 71829534..c2170acd 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.153 2002/02/11 14:20:21 guus Exp $ + $Id: net.c,v 1.35.4.154 2002/02/11 15:59:18 guus Exp $ */ #include "config.h" @@ -55,6 +55,8 @@ #define RAND_pseudo_bytes RAND_bytes #endif +#include + #include #include #include @@ -96,11 +98,16 @@ int sigalrm = 0; void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { - vpn_packet_t outpkt; + vpn_packet_t pkt1, pkt2; + vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; + int nextpkt = 0; + vpn_packet_t *outpkt = pkt[0]; int outlen, outpad; + long int complen = MTU + 12; EVP_CIPHER_CTX ctx; char hmac[EVP_MAX_MD_SIZE]; cp + /* Check the message authentication code */ if(myself->digest && myself->maclength) { @@ -117,30 +124,49 @@ cp if(myself->cipher) { + outpkt = pkt[nextpkt++]; + EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len); - EVP_DecryptUpdate(&ctx, (char *)&outpkt.seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); - EVP_DecryptFinal(&ctx, (char *)&outpkt.seqno + outlen, &outpad); - outlen += outpad; - outpkt.len = outlen - sizeof(outpkt.seqno); - } - else - { - memcpy((char *)&outpkt.seqno, (char *)&inpkt->seqno, inpkt->len); - outpkt.len = inpkt->len - sizeof(outpkt.seqno); + EVP_DecryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); + EVP_DecryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad); + + outpkt->len = outlen + outpad; + inpkt = outpkt; } - if (ntohl(outpkt.seqno) <= n->received_seqno) + /* Check the sequence number */ + + inpkt->len -= sizeof(inpkt->seqno); + inpkt->seqno = ntohl(inpkt->seqno); + + if(inpkt->seqno <= n->received_seqno) { - syslog(LOG_DEBUG, _("Got late or replayed packet from %s (%s), seqno %d"), n->name, n->hostname, ntohl(*(unsigned int *)&outpkt.seqno)); + syslog(LOG_DEBUG, _("Got late or replayed packet from %s (%s), seqno %d"), n->name, n->hostname, inpkt->seqno); return; } - n->received_seqno = ntohl(outpkt.seqno); + n->received_seqno = inpkt->seqno; if(n->received_seqno > MAX_SEQNO) keyexpires = 0; - receive_packet(n, &outpkt); + /* Decompress the packet */ + + if(myself->compression) + { + outpkt = pkt[nextpkt++]; + + if(uncompress(outpkt->data, &complen, inpkt->data, inpkt->len) != Z_OK) + { + syslog(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), n->name, n->hostname); + return; + } + + outpkt->len = complen; + inpkt = outpkt; + } + + receive_packet(n, inpkt); cp } @@ -167,8 +193,12 @@ cp void send_udppacket(node_t *n, vpn_packet_t *inpkt) { - vpn_packet_t outpkt; + vpn_packet_t pkt1, pkt2; + vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; + int nextpkt = 0; + vpn_packet_t *outpkt; int outlen, outpad; + long int complen = MTU + 12; EVP_CIPHER_CTX ctx; struct sockaddr_in to; socklen_t tolen = sizeof(to); @@ -190,37 +220,60 @@ cp if(!n->status.waitingforkey) send_req_key(n->nexthop->connection, myself, n); + return; } - /* Encrypt the packet. */ + /* Compress the packet */ + + if(n->compression) + { + outpkt = pkt[nextpkt++]; + + if(compress2(outpkt->data, &complen, inpkt->data, inpkt->len, n->compression) != Z_OK) + { + syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname); + return; + } + + outpkt->len = complen; + inpkt = outpkt; + } + + /* Add sequence number */ inpkt->seqno = htonl(++(n->sent_seqno)); + inpkt->len += sizeof(inpkt->seqno); + + /* Encrypt the packet */ if(n->cipher) { + outpkt = pkt[nextpkt++]; + EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); - EVP_EncryptUpdate(&ctx, (char *)&outpkt.seqno, &outlen, (char *)&inpkt->seqno, inpkt->len + sizeof(inpkt->seqno)); - EVP_EncryptFinal(&ctx, (char *)&outpkt.seqno + outlen, &outpad); - outlen += outpad; - } - else - { - memcpy((char *)&outpkt.seqno, (char *)&inpkt->seqno, inpkt->len + sizeof(inpkt->seqno)); - outlen = inpkt->len + sizeof(inpkt->seqno); + EVP_EncryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); + EVP_EncryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad); + + outpkt->len = outlen + outpad; + inpkt = outpkt; } + /* Add the message authentication code */ + if(n->digest && n->maclength) { - HMAC(n->digest, n->key, n->keylength, (char *)&outpkt.seqno, outlen, (char *)&outpkt.seqno + outlen, &outpad); - outlen += n->maclength; + HMAC(n->digest, n->key, n->keylength, (char *)&inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len, &outlen); + inpkt->len += n->maclength; } + /* Send the packet */ + to.sin_family = AF_INET; to.sin_addr.s_addr = htonl(n->address); to.sin_port = htons(n->port); - if((sendto(udp_socket, (char *)&outpkt.seqno, outlen, 0, (const struct sockaddr *)&to, tolen)) < 0) + if((sendto(udp_socket, (char *)&inpkt->seqno, inpkt->len, 0, (const struct sockaddr *)&to, tolen)) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), n->name, n->hostname); @@ -921,6 +974,19 @@ cp } else myself->maclength = 4; + + /* Compression */ + + if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"), &myself->compression)) + { + if(myself->compression < 0 || myself->compression > 9) + { + syslog(LOG_ERR, _("Bogus compression level!")); + return -1; + } + } + else + myself->compression = 0; cp /* Done */ diff --git a/src/node.c b/src/node.c index 5307ea66..2abd7fbf 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.8 2002/02/10 21:57:54 guus Exp $ + $Id: node.c,v 1.1.2.9 2002/02/11 15:59:18 guus Exp $ */ #include "config.h" @@ -163,8 +163,8 @@ cp for(node = node_tree->head; node; node = node->next) { n = (node_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s port %hd cipher %d digest %d maclength %d options %ld status %04x nexthop %s via %s"), - n->name, n->hostname, n->port, n->cipher?n->cipher->nid:0, n->digest?n->digest->type:0, n->maclength, n->options, + syslog(LOG_DEBUG, _(" %s at %s port %hd cipher %d digest %d maclength %d compression %d options %ld status %04x nexthop %s via %s"), + n->name, n->hostname, n->port, n->cipher?n->cipher->nid:0, n->digest?n->digest->type:0, n->maclength, n->compression, n->options, n->status, n->nexthop?n->nexthop->name:"-", n->via?n->via->name:"-"); } diff --git a/src/node.h b/src/node.h index 6d281e62..b662ccd0 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.10 2002/02/10 21:57:54 guus Exp $ + $Id: node.h,v 1.1.2.11 2002/02/11 15:59:18 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -54,6 +54,8 @@ typedef struct node_t { const EVP_MD *digest; /* Digest type for MAC */ int maclength; /* Length of MAC */ + int compression; /* Compressionlevel, 0 = no compression */ + list_t *queue; /* Queue for packets awaiting to be encrypted */ struct node_t *nexthop; /* nearest node from us to him */ diff --git a/src/protocol.h b/src/protocol.h index 5528b98f..e1c8ca9a 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.25 2002/02/10 21:57:54 guus Exp $ + $Id: protocol.h,v 1.5.4.26 2002/02/11 15:59:18 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -31,7 +31,7 @@ incompatible version have different protocols. */ -#define PROT_CURRENT 12 +#define PROT_CURRENT 13 /* Request numbers */ diff --git a/src/protocol_key.c b/src/protocol_key.c index 3c72c294..621bb1b8 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.1 2002/02/11 10:05:58 guus Exp $ + $Id: protocol_key.c,v 1.1.4.2 2002/02/11 15:59:18 guus Exp $ */ #include "config.h" @@ -167,8 +167,8 @@ cp bin2hex(from->key, key, from->keylength); key[from->keylength * 2] = '\0'; cp - return send_request(c, "%d %s %s %s %d %d %d", ANS_KEY, - from->name, to->name, key, from->cipher?from->cipher->nid:0, from->digest?from->digest->type:0, from->maclength); + return send_request(c, "%d %s %s %s %d %d %d %d", ANS_KEY, + from->name, to->name, key, from->cipher?from->cipher->nid:0, from->digest?from->digest->type:0, from->maclength, from->compression); } int ans_key_h(connection_t *c) @@ -176,10 +176,10 @@ int ans_key_h(connection_t *c) char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; char key[MAX_STRING_SIZE]; - int cipher, digest, maclength; + int cipher, digest, maclength, compression; node_t *from, *to; cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d", from_name, to_name, key, &cipher, &digest, &maclength) != 6) + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d", from_name, to_name, key, &cipher, &digest, &maclength, &compression) != 7) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", c->name, c->hostname); @@ -265,6 +265,8 @@ cp from->digest = NULL; from->maclength = maclength; } + + from->compression = compression; flush_queue(from); cp From dd611fb4f91b9b17c20c458694d2765b22814c5f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 12 Feb 2002 14:29:00 +0000 Subject: [PATCH 533/923] Don't use sa_sigaction (which NetBSD doesn't like) at all if we don't use siginfo. --- src/process.c | 43 +++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/src/process.c b/src/process.c index cd1b96e6..4455b65f 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.33 2002/02/10 21:57:54 guus Exp $ + $Id: process.c,v 1.1.2.34 2002/02/12 14:29:00 guus Exp $ */ #include "config.h" @@ -307,7 +307,7 @@ cp */ RETSIGTYPE -sigterm_handler(int a, siginfo_t *info, void *b) +sigterm_handler(int a) { if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got TERM signal")); @@ -316,7 +316,7 @@ sigterm_handler(int a, siginfo_t *info, void *b) } RETSIGTYPE -sigquit_handler(int a, siginfo_t *info, void *b) +sigquit_handler(int a) { if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got QUIT signal")); @@ -324,7 +324,7 @@ sigquit_handler(int a, siginfo_t *info, void *b) } RETSIGTYPE -sigsegv_square(int a, siginfo_t *info, void *b) +sigsegv_square(int a) { syslog(LOG_ERR, _("Got another SEGV signal: not restarting")); cp_trace(); @@ -332,7 +332,7 @@ sigsegv_square(int a, siginfo_t *info, void *b) } RETSIGTYPE -sigsegv_handler(int a, siginfo_t *info, void *b) +sigsegv_handler(int a) { struct sigaction act; syslog(LOG_ERR, _("Got SEGV signal")); @@ -342,10 +342,9 @@ sigsegv_handler(int a, siginfo_t *info, void *b) { syslog(LOG_NOTICE, _("Trying to re-execute in 5 seconds...")); - act.sa_handler = NULL; + act.sa_handler = sigsegv_square; act.sa_mask = emptysigset; - act.sa_flags = SA_SIGINFO; - act.sa_sigaction = sigsegv_square; + act.sa_flags = 0; sigaction(SIGSEGV, &act, NULL); close_network_connections(); @@ -361,7 +360,7 @@ sigsegv_handler(int a, siginfo_t *info, void *b) } RETSIGTYPE -sighup_handler(int a, siginfo_t *info, void *b) +sighup_handler(int a) { if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got HUP signal")); @@ -369,7 +368,7 @@ sighup_handler(int a, siginfo_t *info, void *b) } RETSIGTYPE -sigint_handler(int a, siginfo_t *info, void *b) +sigint_handler(int a) { if(saved_debug_lvl) { @@ -388,7 +387,7 @@ sigint_handler(int a, siginfo_t *info, void *b) } RETSIGTYPE -sigalrm_handler(int a, siginfo_t *info, void *b) +sigalrm_handler(int a) { if(debug_lvl > DEBUG_NOTHING) syslog(LOG_NOTICE, _("Got ALRM signal")); @@ -396,13 +395,13 @@ sigalrm_handler(int a, siginfo_t *info, void *b) } RETSIGTYPE -sigusr1_handler(int a, siginfo_t *info, void *b) +sigusr1_handler(int a) { dump_connections(); } RETSIGTYPE -sigusr2_handler(int a, siginfo_t *info, void *b) +sigusr2_handler(int a) { dump_device_stats(); dump_nodes(); @@ -411,21 +410,21 @@ sigusr2_handler(int a, siginfo_t *info, void *b) } RETSIGTYPE -sigwinch_handler(int a, siginfo_t *info, void *b) +sigwinch_handler(int a) { extern int do_purge; do_purge = 1; } RETSIGTYPE -unexpected_signal_handler(int a, siginfo_t *info, void *b) +unexpected_signal_handler(int a) { syslog(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); cp_trace(); } RETSIGTYPE -ignore_signal_handler(int a, siginfo_t *info, void *b) +ignore_signal_handler(int a) { if(debug_lvl >= DEBUG_SCARY_THINGS) { @@ -436,7 +435,7 @@ ignore_signal_handler(int a, siginfo_t *info, void *b) struct { int signal; - void (*handler)(int, siginfo_t *, void *); + void (*handler)(int); } sighandlers[] = { { SIGHUP, sighup_handler }, { SIGTERM, sigterm_handler }, @@ -461,28 +460,28 @@ setup_signals(void) sigemptyset(&emptysigset); act.sa_handler = NULL; act.sa_mask = emptysigset; - act.sa_flags = SA_SIGINFO; + act.sa_flags = 0; /* Set a default signal handler for every signal, errors will be ignored. */ for(i = 0; i < NSIG; i++) { if(!do_detach) - act.sa_sigaction = (void(*)(int, siginfo_t *, void *))SIG_DFL; + act.sa_handler = SIG_DFL; else - act.sa_sigaction = unexpected_signal_handler; + act.sa_handler = unexpected_signal_handler; sigaction(i, &act, NULL); } /* If we didn't detach, allow coredumps */ if(!do_detach) - sighandlers[3].handler = (void(*)(int, siginfo_t *, void *))SIG_DFL; + sighandlers[3].handler = SIG_DFL; /* Then, for each known signal that we want to catch, assign a handler to the signal, with error checking this time. */ for(i = 0; sighandlers[i].signal; i++) { - act.sa_sigaction = sighandlers[i].handler; + act.sa_handler = sighandlers[i].handler; if(sigaction(sighandlers[i].signal, &act, NULL) < 0) fprintf(stderr, _("Installing signal handler for signal %d (%s) failed: %s\n"), sighandlers[i].signal, strsignal(sighandlers[i].signal), strerror(errno)); From f64b41a73b3b432aae17ba990414e0be2f61ce62 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 12 Feb 2002 14:36:45 +0000 Subject: [PATCH 534/923] Get rid of sys/signal.h. --- src/meta.c | 4 ++-- src/net.c | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/meta.c b/src/meta.c index 73ffa69b..e108ea1a 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.22 2002/02/10 21:57:54 guus Exp $ + $Id: meta.c,v 1.1.2.23 2002/02/12 14:36:45 guus Exp $ */ #include "config.h" @@ -26,10 +26,10 @@ #include #include -#include #include #include /* This line must be below the rest for FreeBSD */ +#include #include #include diff --git a/src/net.c b/src/net.c index c2170acd..3328863e 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.154 2002/02/11 15:59:18 guus Exp $ + $Id: net.c,v 1.35.4.155 2002/02/12 14:36:45 guus Exp $ */ #include "config.h" @@ -34,7 +34,6 @@ #include #include #include -#include #include #include #include From 2fb8a62edef7cb0988e44f92c3948cde6f34875e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 12 Feb 2002 14:40:12 +0000 Subject: [PATCH 535/923] Added device.c for NetBSD, actually a copy of the OpenBSD one. --- src/netbsd/device.c | 163 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 163 insertions(+) create mode 100644 src/netbsd/device.c diff --git a/src/netbsd/device.c b/src/netbsd/device.c new file mode 100644 index 00000000..ed8cb4e5 --- /dev/null +++ b/src/netbsd/device.c @@ -0,0 +1,163 @@ +/* + device.c -- Interaction with NetBSD tun device + Copyright (C) 2001-2002 Ivo Timmermans , + 2001-2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.1.2.1 2002/02/12 14:40:12 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include "conf.h" +#include "net.h" +#include "subnet.h" + +#include "system.h" + +#define DEFAULT_DEVICE "/dev/tun0" + +#define DEVICE_TYPE_ETHERTAP 0 +#define DEVICE_TYPE_TUNTAP 1 + +int device_fd = -1; +int device_type; +char *device; +char *interface; +char *device_info; + +int device_total_in = 0; +int device_total_out = 0; + +extern subnet_t mymac; + +/* + open the local ethertap device +*/ +int setup_device(void) +{ + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; + + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + interface = rindex(device, '/')?rindex(device, '/')+1:device; +cp + if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) + { + syslog(LOG_ERR, _("Could not open %s: %m"), device); + return -1; + } +cp + /* Set default MAC address for ethertap devices */ + + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; + + device_info = _("NetBSD tun device"); + + syslog(LOG_INFO, _("%s is a %s"), device, device_info); +cp + return 0; +} + +void close_device(void) +{ +cp + close(device_fd); +cp +} + +int read_packet(vpn_packet_t *packet) +{ + int lenin; + u_int32_t type; + struct iovec vector[2] = {{&type, sizeof(type)}, {packet->data + 14, MTU - 14}}; +cp + + if((lenin = readv(device_fd, vector, 2)) <= 0) + { + syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device); + return -1; + } + + memcpy(packet->data, mymac.net.mac.address.x, 6); + memcpy(packet->data + 6, mymac.net.mac.address.x, 6); + packet->data[12] = 0x08; + packet->data[13] = 0x00; + + packet->len = lenin + 10; + + device_total_in += packet->len; + + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); + } + + return 0; +cp +} + +int write_packet(vpn_packet_t *packet) +{ + u_int32_t type = htonl(AF_INET); + struct iovec vector[2]; +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + vector[0].iov_base = &type; + vector[0].iov_len = sizeof(type); + vector[1].iov_base = packet->data + 14; + vector[1].iov_len = packet->len - 14; + + if(writev(device_fd, vector, 2) < 0) + { + syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, device); + return -1; + } + + device_total_out += packet->len; +cp +} + +void dump_device_stats(void) +{ +cp + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp +} From fc674eaae14ed2e07abc0df1285b1bd70e0d27cc Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 12 Feb 2002 14:42:37 +0000 Subject: [PATCH 536/923] Add check for NetBSD. --- acconfig.h | 3 +++ configure.in | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/acconfig.h b/acconfig.h index fd502bfc..f13c3e4b 100644 --- a/acconfig.h +++ b/acconfig.h @@ -55,6 +55,9 @@ /* Solaris */ #undef HAVE_SOLARIS +/* NetBSD */ +#undef HAVE_NETBSD + /* Define to the location of the kernel sources */ #undef CONFIG_TINC_KERNELDIR diff --git a/configure.in b/configure.in index ec76e6d6..b3c036c9 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.40 2002/02/11 15:59:18 guus Exp $ +dnl $Id: configure.in,v 1.13.2.41 2002/02/12 14:42:37 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -50,6 +50,10 @@ case $host_os in AC_DEFINE(HAVE_OPENBSD) [ rm -f src/device.c; ln -sf openbsd/device.c src/device.c ] ;; + *netbsd*) + AC_DEFINE(HAVE_NETBSD) + [ rm -f src/device.c; ln -sf netbsd/device.c src/device.c ] + ;; esac AC_CACHE_SAVE From c2b9c06062d36bde859b630b99a08c7b7428e721 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 18 Feb 2002 16:25:19 +0000 Subject: [PATCH 537/923] - Non-blocking connect()s. - Socket handling revamped to use sockaddr_t. - tinc can now tunnel over IPv6. - Handle all addresses and subnets in network byte order. Only convert them when they need to be printed. - IPv6 subnets bigger than /128 now work. - Use %s and strerror(errno) instead of %m. --- doc/tinc.conf.5 | 6 + doc/tinc.texi | 12 +- po/POTFILES.in | 6 +- po/nl.po | 806 +++++++++++++------------ src/Makefile.am | 8 +- src/conf.c | 109 ++-- src/conf.h | 8 +- src/connection.c | 19 +- src/connection.h | 9 +- src/edge.c | 35 +- src/edge.h | 8 +- src/freebsd/device.c | 9 +- src/graph.c | 10 +- src/linux/device.c | 13 +- src/meta.c | 10 +- src/net.c | 1361 ++++-------------------------------------- src/net.h | 37 +- src/net_packet.c | 391 ++++++++++++ src/net_setup.c | 557 +++++++++++++++++ src/net_socket.c | 456 ++++++++++++++ src/netbsd/device.c | 9 +- src/netutl.c | 208 +++++-- src/netutl.h | 19 +- src/node.c | 28 +- src/node.h | 13 +- src/openbsd/device.c | 9 +- src/process.c | 7 +- src/protocol_auth.c | 40 +- src/protocol_edge.c | 67 ++- src/route.c | 18 +- src/solaris/device.c | 21 +- src/subnet.c | 192 +++--- src/subnet.h | 4 +- 33 files changed, 2487 insertions(+), 2018 deletions(-) create mode 100644 src/net_packet.c create mode 100644 src/net_setup.c create mode 100644 src/net_socket.c diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 642cc6b3..9a1ca75d 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -100,6 +100,12 @@ If you leave it out, remember to replace it with at least one space character. Here are all valid variables, listed in alphabetical order. The default value is given between parentheses. .Bl -tag -width indent +.It Va AddressFamily Li = ipv4 | ipv6 | any Pq ipv4 +This option affects the address family of listening and outgoing sockets. +If +.Qq any +is selected, then the listening sockets will be IPv6 sockets, +but on most platforms those will also accept IPv4 connections. .It Va BindToInterface Li = Ar interface Bq experimental If your computer has more than one network interface, .Nm tinc diff --git a/doc/tinc.texi b/doc/tinc.texi index 6bf9c1d1..d5ddbff0 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.20 2002/02/11 15:59:18 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.21 2002/02/18 16:25:15 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.20 2002/02/11 15:59:18 guus Exp $ +$Id: tinc.texi,v 1.8.4.21 2002/02/18 16:25:15 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.20 2002/02/11 15:59:18 guus Exp $ +$Id: tinc.texi,v 1.8.4.21 2002/02/18 16:25:15 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -736,6 +736,12 @@ required directives are given in @strong{bold}. @subsection Main configuration variables @table @asis +@cindex AddressFamily +@item AddressFamily = (ipv4) +This option affects the address family of listening and outgoing sockets. +If "any" is selected, then the listening sockets will be IPv6 sockets, +but on most platforms those will also accept IPv4 connections. + @cindex BindToInterface @item BindToInterface = If you have more than one network interface in your computer, tinc will diff --git a/po/POTFILES.in b/po/POTFILES.in index 05a12012..4e52a3ae 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -9,6 +9,9 @@ src/conf.c src/connection.c src/meta.c src/net.c +src/net_packet.c +src/net_setup.c +src/net_socket.c src/netutl.c src/protocol.c src/protocol_auth.c @@ -25,5 +28,6 @@ src/edge.c src/graph.c src/linux/device.c src/freebsd/device.c -src/openbsd/device.c src/solaris/device.c +src/netbsd/device.c +src/openbsd/device.c diff --git a/po/nl.po b/po/nl.po index 776e36d1..15b0de2e 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-02-11 16:57+0100\n" +"POT-Creation-Date: 2002-02-18 17:09+0100\n" "PO-Revision-Date: 2002-02-11 16:57+0100\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -24,22 +24,24 @@ msgstr "" msgid "Integer expected for configuration variable %s in %s line %d" msgstr "Geheel getal verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:219 +#: src/conf.c:218 #, c-format -msgid "IP address expected for configuration variable %s in %s line %d" -msgstr "IP adres verwacht voor configuratievariabele %s in %s regel %d" +msgid "" +"Hostname or IP address expected for configuration variable %s in %s line %d" +msgstr "" +"Hostnaam of IP adres verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:233 +#: src/conf.c:235 #, c-format msgid "Port number expected for configuration variable %s in %s line %d" msgstr "Poortnummer verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:249 +#: src/conf.c:251 #, c-format msgid "Subnet expected for configuration variable %s in %s line %d" msgstr "Subnet verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:259 +#: src/conf.c:261 #, c-format msgid "" "Network address and mask length do not match for configuration variable %s " @@ -48,71 +50,71 @@ msgstr "" "Netwerk adres en maskerlengte komen niet overeen bij configuratievariabele %" "s in %s regel %d" -#: src/conf.c:367 +#: src/conf.c:369 #, c-format -msgid "Cannot open config file %s: %m" -msgstr "Kan configuratie bestand %s niet openen: %m" +msgid "Cannot open config file %s: %s" +msgstr "Kan configuratie bestand %s niet openen: %s" -#: src/conf.c:403 +#: src/conf.c:405 #, c-format msgid "No value for variable `%s' on line %d while reading config file %s" msgstr "" "Geen waarde voor variabele `%s' op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/conf.c:436 +#: src/conf.c:438 #, c-format -msgid "Failed to read `%s': %m" -msgstr "Lezen van `%s' mislukte: %m" +msgid "Failed to read `%s': %s" +msgstr "Lezen van `%s' mislukte: %s" -#: src/conf.c:464 +#: src/conf.c:465 #, c-format msgid "`%s' is not an absolute path" msgstr "`%s' is geen absoluut pad" -#: src/conf.c:480 src/conf.c:513 +#: src/conf.c:481 src/conf.c:513 #, c-format -msgid "Couldn't stat `%s': %m" -msgstr "Kon `%s' niet statten: %m" +msgid "Couldn't stat `%s': %s" +msgstr "Kon `%s' niet statten: %s" -#: src/conf.c:487 src/conf.c:523 +#: src/conf.c:487 src/conf.c:522 #, c-format msgid "`%s' is owned by UID %d instead of %d" msgstr "`%s' is eigendom van UID %d in plaats van %d" -#: src/conf.c:494 src/conf.c:530 +#: src/conf.c:494 src/conf.c:529 #, c-format msgid "Warning: `%s' is a symlink" msgstr "Waarschuwing: `%s' is een symbolische link" -#: src/conf.c:499 src/conf.c:535 +#: src/conf.c:499 src/conf.c:534 #, c-format -msgid "Unable to read symbolic link `%s': %m" -msgstr "Kan symbolische link `%s' niet lezen: %m" +msgid "Unable to read symbolic link `%s': %s" +msgstr "Kan symbolische link `%s' niet lezen: %s" #. Accessible by others -#: src/conf.c:546 +#: src/conf.c:545 #, c-format msgid "`%s' has unsecure permissions" msgstr "`%s' heeft onveilige permissies" #. Ask for a file and/or directory name. -#: src/conf.c:571 +#: src/conf.c:570 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "Geef een bestand om de %s naar de schrijven [%s]: " -#: src/conf.c:577 +#: src/conf.c:576 #, c-format msgid "Error while reading stdin: %s\n" msgstr "Fout tijdens lezen van standaardinvoer: %s\n" -#: src/conf.c:603 +#: src/conf.c:602 #, c-format msgid "Error opening file `%s': %s\n" msgstr "Fout bij het openen van het bestand `%s': %s\n" -#: src/conf.c:613 +#: src/conf.c:612 #, c-format msgid "" "The file `%s' (or any of the leading directories) has unsafe permissions.\n" @@ -122,16 +124,16 @@ msgstr "" "bescherming.\n" "Ik maak of overschrijf dit bestand niet.\n" -#: src/connection.c:124 +#: src/connection.c:114 msgid "Connections:" msgstr "Verbindingen:" -#: src/connection.c:129 +#: src/connection.c:119 #, c-format -msgid " %s at %s port %hd options %ld socket %d status %04x" -msgstr " %s op %s poort %hd opties %d socket %d status %04x" +msgid " %s at %s options %ld socket %d status %04x" +msgstr " %s op %s opties %ld socket %d status %04x" -#: src/connection.c:134 +#: src/connection.c:123 msgid "End of connections." msgstr "Einde van verbindingen." @@ -142,13 +144,13 @@ msgstr "Verzenden van %d bytes metadata naar %s (%s)" #: src/meta.c:63 #, c-format -msgid "Sending meta data to %s (%s) failed: %m" -msgstr "Fout tijdens verzenden metadata naar %s (%s): %m" +msgid "Sending meta data to %s (%s) failed: %s" +msgstr "Fout tijdens verzenden metadata naar %s (%s): %s" #: src/meta.c:94 #, c-format -msgid "This is a bug: %s:%d: %d:%m %s (%s)" -msgstr "Dit is een programmeerfout: %s:%d: %d:%m %s (%s)" +msgid "This is a bug: %s:%d: %d:%s %s (%s)" +msgstr "Dit is een programmeerfout: %s:%d: %d:%s %s (%s)" #: src/meta.c:100 #, c-format @@ -162,330 +164,355 @@ msgstr "Verbinding be #: src/meta.c:128 #, c-format -msgid "Metadata socket read error for %s (%s): %m" -msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %m" +msgid "Metadata socket read error for %s (%s): %s" +msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" #: src/meta.c:202 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:118 +#: src/net.c:109 +msgid "Purging unreachable nodes" +msgstr "Verwijderen onbereikbare nodes" + +#: src/net.c:119 +#, c-format +msgid "Purging node %s (%s)" +msgstr "Verwijdering node %s (%s)" + +#: src/net.c:173 +#, c-format +msgid "Closing connection with %s (%s)" +msgstr "Beëindigen verbinding met %s (%s)" + +#: src/net.c:244 +#, c-format +msgid "%s (%s) didn't respond to PING" +msgstr "%s (%s) antwoordde niet op ping" + +#: src/net.c:257 +#, c-format +msgid "Timeout from %s (%s) during authentication" +msgstr "Timeout van %s (%s) tijdens authenticatie" + +#: src/net.c:305 +#, c-format +msgid "Error while connecting to %s (%s): %s" +msgstr "Fout tijdens schrijven naar %s (%s): %s" + +#: src/net.c:370 +#, c-format +msgid "Error while waiting for input: %s" +msgstr "Fout tijdens wachten op invoer: %s" + +#: src/net.c:404 +msgid "Regenerating symmetric key" +msgstr "Hergenereren symmetrische sleutel" + +#: src/net.c:421 +msgid "Flushing event queue" +msgstr "Legen taakrij" + +#: src/net.c:434 +msgid "Rereading configuration file and restarting in 5 seconds" +msgstr "Herlezen configuratiebestand en herstart in 5 seconden" + +#: src/net.c:441 +msgid "Unable to reread configuration file, exiting" +msgstr "Kan configuratiebestand niet herlezen, beëindigen" + +#: src/net_packet.c:106 #, c-format msgid "Got unauthenticated packet from %s (%s)" msgstr "Kreeg niet-geauthenticeerd pakket van %s (%s)" -#: src/net.c:144 +#: src/net_packet.c:132 #, c-format msgid "Got late or replayed packet from %s (%s), seqno %d" msgstr "Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d" -#: src/net.c:161 +#: src/net_packet.c:149 #, c-format msgid "Error while uncompressing packet from %s (%s)" msgstr "Fout tijdens decomprimeren pakket van %s (%s)" -#: src/net.c:188 +#: src/net_packet.c:176 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net.c:210 +#: src/net_packet.c:196 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net.c:235 +#: src/net_packet.c:221 #, c-format msgid "Error while compressing packet to %s (%s)" msgstr "Fout tijdens comprimeren pakket naar %s (%s)" -#: src/net.c:278 +#: src/net_packet.c:260 #, c-format -msgid "Error sending packet to %s (%s): %m" -msgstr "Fout tijdens verzenden pakket naar %s (%s): %m" +msgid "Error sending packet to %s (%s): %s" +msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net.c:293 +#: src/net_packet.c:275 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net.c:300 +#: src/net_packet.c:282 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net.c:309 +#: src/net_packet.c:291 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net.c:317 +#: src/net_packet.c:299 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net.c:337 +#: src/net_packet.c:319 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net.c:354 +#: src/net_packet.c:336 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net.c:379 +#: src/net_packet.c:358 #, c-format -msgid "Creating metasocket failed: %m" -msgstr "Aanmaak van metasocket mislukt: %m" +msgid "This is a bug: %s:%d: %d:%s" +msgstr "Dit is een programmeerfout: %s:%d: %d:%s" -#: src/net.c:387 src/net.c:433 src/net.c:460 src/net.c:1091 src/process.c:258 -#: src/process.c:294 -#, c-format -msgid "System call `%s' failed: %m" -msgstr "Systeemaanroep `%s' mislukte: %m" - -#: src/net.c:407 -#, c-format -msgid "Can't bind to interface %s: %m" -msgstr "Kan niet aan interface %s binden: %m" - -#: src/net.c:426 -#, c-format -msgid "Can't bind to port %hd/tcp: %m" -msgstr "Kan niet aan poort %hd/tcp binden: %m" - -#: src/net.c:450 -#, c-format -msgid "Creating socket failed: %m" -msgstr "Aanmaak socket mislukte: %m" - -#: src/net.c:473 -#, c-format -msgid "Can't bind to port %hd/udp: %m" -msgstr "Kan niet aan poort %hd/udp binden: %m" - -#: src/net.c:495 -#, c-format -msgid "Trying to re-establish outgoing connection in %d seconds" -msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" - -#: src/net.c:505 -#, c-format -msgid "Trying to connect to %s (%s)" -msgstr "Poging tot verbinden met %s (%s)" - -#: src/net.c:511 -#, c-format -msgid "Creating socket for %s port %d failed: %m" -msgstr "Aanmaken socket voor %s poort %d mislukt: %m" - -#: src/net.c:553 -#, c-format -msgid "%s port %hd: %m" -msgstr "%s poort %hd: %m" - -#: src/net.c:562 -#, c-format -msgid "fcntl for %s port %d: %m" -msgstr "fcntl voor %s poort %d: %m" - -#: src/net.c:568 -#, c-format -msgid "Connected to %s port %hd" -msgstr "Verbonden met %s poort %hd" - -#: src/net.c:586 -#, c-format -msgid "Already connected to %s" -msgstr "Reeds verbonden met %s" - -#: src/net.c:599 -#, c-format -msgid "No address specified for %s" -msgstr "Geen adres gespecificeerd voor %s" - -#: src/net.c:611 -#, c-format -msgid "Error looking up `%s': %m" -msgstr "Fout bij het opzoeken van `%s': %m" - -#: src/net.c:622 -#, c-format -msgid "Could not set up a meta connection to %s (%s)" -msgstr "Kon geen metaverbinding aangaan met %s (%s)" - -#: src/net.c:664 -#, c-format -msgid "Error reading RSA public key file `%s': %m" -msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %m" - -#: src/net.c:674 -#, c-format -msgid "Reading RSA public key file `%s' failed: %m" -msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %m" - -#: src/net.c:702 -#, c-format -msgid "No public key for %s specified!" -msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" - -#: src/net.c:728 -#, c-format -msgid "Error reading RSA private key file `%s': %m" -msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" - -#: src/net.c:738 -#, c-format -msgid "Reading RSA private key file `%s' failed: %m" -msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %m" - -#: src/net.c:791 src/net.c:792 -msgid "MYSELF" -msgstr "MIJZELF" - -#: src/net.c:799 -msgid "Name for tinc daemon required!" -msgstr "Naam voor tinc daemon verplicht!" - -#: src/net.c:805 -msgid "Invalid name for myself!" -msgstr "Ongelige naam voor mijzelf!" - -#: src/net.c:819 -msgid "Cannot open host configuration file for myself!" -msgstr "Kan host configuratie bestand voor mijzelf niet openen!" - -#: src/net.c:829 -msgid "Invalid public/private keypair!" -msgstr "Ongeldig publiek/privé sleutelpaar!" - -#: src/net.c:884 -msgid "Invalid routing mode!" -msgstr "Ongelige routing modus!" - -#: src/net.c:896 -msgid "Unable to set up a listening TCP socket!" -msgstr "Kon geen TCP luistersocket aanmaken!" - -#: src/net.c:902 -msgid "Unable to set up a listening UDP socket!" -msgstr "Kon geen UDP luistersocket aanmaken!" - -#: src/net.c:918 -msgid "Unrecognized cipher type!" -msgstr "Onbekend cipher type!" - -#: src/net.c:951 -msgid "Unrecognized digest type!" -msgstr "Onbekend digest type!" - -#: src/net.c:965 -msgid "MAC length exceeds size of digest!" -msgstr "MAC lengte is groter dan dat van digest!" - -#: src/net.c:970 -msgid "Bogus MAC length!" -msgstr "Onzinnige MAC lengte!" - -#: src/net.c:984 -msgid "Bogus compression level!" -msgstr "Onzinnig compressieniveau!" - -#: src/net.c:1000 -#, c-format -msgid "Ready: listening on port %hd" -msgstr "Gereed: luisterend op poort %hd" - -#: src/net.c:1104 -#, c-format -msgid "Connection from %s port %d" -msgstr "Verbinding van %s poort %d" - -#: src/net.c:1149 -#, c-format -msgid "This is a bug: %s:%d: %d:%m" -msgstr "Dit is een programmeerfout: %s:%d: %d:%m" - -#: src/net.c:1155 +#: src/net_packet.c:364 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net.c:1161 +#: src/net_packet.c:370 #, c-format -msgid "Receiving packet failed: %m" -msgstr "Ontvangst pakket mislukt: %m" +msgid "Receiving packet failed: %s" +msgstr "Ontvangst pakket mislukt: %s" -#: src/net.c:1169 +#: src/net_packet.c:379 #, c-format -msgid "Received UDP packet on port %hd from unknown source %x:%hd" -msgstr "Ontvangst UDP pakket op poort %hd van onbekende oorsprong %x:%hd" +msgid "Received UDP packet from unknown source %s" +msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" -#: src/net.c:1192 -msgid "Purging unreachable nodes" -msgstr "Verwijderen onbereikbare nodes" - -#: src/net.c:1202 +#: src/net_setup.c:102 #, c-format -msgid "Purging node %s (%s)" -msgstr "Verwijdering node %s (%s)" +msgid "Error reading RSA public key file `%s': %s" +msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %s" -#: src/net.c:1256 +#: src/net_setup.c:112 #, c-format -msgid "Closing connection with %s (%s)" -msgstr "Beëindigen verbinding met %s (%s)" +msgid "Reading RSA public key file `%s' failed: %s" +msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %s" -#: src/net.c:1327 +#: src/net_setup.c:140 #, c-format -msgid "%s (%s) didn't respond to PING" -msgstr "%s (%s) antwoordde niet op ping" +msgid "No public key for %s specified!" +msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net.c:1340 +#: src/net_setup.c:166 #, c-format -msgid "Timeout from %s (%s) during authentication" -msgstr "Timeout van %s (%s) tijdens authenticatie" +msgid "Error reading RSA private key file `%s': %s" +msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net.c:1361 +#: src/net_setup.c:176 #, c-format -msgid "Accepting a new connection failed: %m" -msgstr "Aanname van nieuwe verbinding is mislukt: %m" +msgid "Reading RSA private key file `%s' failed: %s" +msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net.c:1369 -msgid "Closed attempted connection" -msgstr "Aangenomen verbinding verbroken" +#: src/net_setup.c:230 src/net_setup.c:231 +msgid "MYSELF" +msgstr "MIJZELF" -#: src/net.c:1392 +#: src/net_setup.c:238 +msgid "Name for tinc daemon required!" +msgstr "Naam voor tinc daemon verplicht!" + +#: src/net_setup.c:244 +msgid "Invalid name for myself!" +msgstr "Ongeldige naam voor mijzelf!" + +#: src/net_setup.c:258 +msgid "Cannot open host configuration file for myself!" +msgstr "Kan host configuratie bestand voor mijzelf niet openen!" + +#: src/net_setup.c:268 +msgid "Invalid public/private keypair!" +msgstr "Ongeldig publiek/privé sleutelpaar!" + +#: src/net_setup.c:321 +msgid "Invalid routing mode!" +msgstr "Ongeldige routing modus!" + +#: src/net_setup.c:333 +msgid "Bogus maximum timeout!" +msgstr "Onzinnige maximum timeout!" + +#: src/net_setup.c:350 +msgid "Invalid address family!" +msgstr "Ongeldige adresfamilie!" + +#: src/net_setup.c:372 +msgid "Unrecognized cipher type!" +msgstr "Onbekend cipher type!" + +#: src/net_setup.c:405 +msgid "Unrecognized digest type!" +msgstr "Onbekend digest type!" + +#: src/net_setup.c:419 +msgid "MAC length exceeds size of digest!" +msgstr "MAC lengte is groter dan dat van digest!" + +#: src/net_setup.c:424 +msgid "Bogus MAC length!" +msgstr "Onzinnige MAC lengte!" + +#: src/net_setup.c:438 +msgid "Bogus compression level!" +msgstr "Onzinnig compressieniveau!" + +#: src/net_setup.c:464 src/net_socket.c:96 src/net_socket.c:131 +#: src/net_socket.c:157 src/process.c:258 src/process.c:293 +#, c-format +msgid "System call `%s' failed: %s" +msgstr "Systeemaanroep `%s' mislukte: %s" + +#: src/net_setup.c:470 +msgid "Unable to set up a listening TCP socket!" +msgstr "Kon geen TCP luistersocket aanmaken!" + +#: src/net_setup.c:476 +msgid "Unable to set up a listening UDP socket!" +msgstr "Kon geen UDP luistersocket aanmaken!" + +#: src/net_setup.c:482 +#, c-format +msgid "Ready: listening on port %s" +msgstr "Gereed: luisterend op poort %s" + +#: src/net_socket.c:88 +#, c-format +msgid "Creating metasocket failed: %s" +msgstr "Aanmaak van metasocket mislukt: %s" + +#: src/net_socket.c:114 src/net_socket.c:168 +#, c-format +msgid "Can't bind to interface %s: %s" +msgstr "Kan niet aan interface %s binden: %s" + +#: src/net_socket.c:123 +#, c-format +msgid "Can't bind to %s/tcp: %s" +msgstr "Kan niet aan %s/tcp binden: %s" + +#: src/net_socket.c:149 +#, c-format +msgid "Creating UDP socket failed: %s" +msgstr "Aanmaak UDP socket mislukte: %s" + +#: src/net_socket.c:177 +#, c-format +msgid "Can't bind to %s/udp: %s" +msgstr "Kan niet aan %s/udp binden: %s" + +#: src/net_socket.c:200 +#, c-format +msgid "Trying to re-establish outgoing connection in %d seconds" +msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" + +#: src/net_socket.c:209 src/net_socket.c:304 +#, c-format +msgid "Trying to connect to %s (%s)" +msgstr "Poging tot verbinden met %s (%s)" + +#: src/net_socket.c:215 src/net_socket.c:311 +#, c-format +msgid "Creating socket for %s failed: %s" +msgstr "Aanmaken socket voor %s mislukt: %s" + +#: src/net_socket.c:234 src/net_socket.c:350 +#, c-format +msgid "%s: %s" +msgstr "%s: %s" + +#: src/net_socket.c:239 src/net_socket.c:249 +#, c-format +msgid "Connected to %s (%s)" +msgstr "Verbonden met %s (%s)" + +#: src/net_socket.c:268 +#, c-format +msgid "Could not set up a meta connection to %s" +msgstr "Kon geen metaverbinding aangaan met %s" + +#: src/net_socket.c:332 +#, c-format +msgid "fcntl for %s: %s" +msgstr "fcntl voor %s: %s" + +#: src/net_socket.c:371 +#, c-format +msgid "Already connected to %s" +msgstr "Reeds verbonden met %s" + +#: src/net_socket.c:386 +#, c-format +msgid "No address specified for %s" +msgstr "Geen adres gespecificeerd voor %s" + +#: src/net_socket.c:413 +#, c-format +msgid "Accepting a new connection failed: %s" +msgstr "Aanname van nieuwe verbinding is mislukt: %s" + +#: src/net_socket.c:425 +#, c-format +msgid "Connection from %s" +msgstr "Verbinding van %s" + +#: src/net_socket.c:447 #, c-format msgid "Invalid name for outgoing connection in %s line %d" -msgstr "Ongelige naam voor uitgaande verbinding in %s regel %d" +msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" -#: src/net.c:1488 +#: src/netutl.c:65 src/netutl.c:88 #, c-format -msgid "Error while waiting for input: %m" -msgstr "Fout tijdens wachten op invoer: %m" +msgid "Error looking up %s port %s: %s\n" +msgstr "Fout bij het opzoeken van %s poort %s: %s\n" -#: src/net.c:1495 -msgid "Rereading configuration file and restarting in 5 seconds" -msgstr "Herlezen configuratiebestand en herstart in 5 seconden" - -#: src/net.c:1502 -msgid "Unable to reread configuration file, exiting" -msgstr "Kan configuratiebestand niet herlezen, beëindigen" - -#: src/net.c:1534 -msgid "Regenerating symmetric key" -msgstr "Hergenereren symmetrische sleutel" - -#: src/net.c:1544 -msgid "Flushing event queue" -msgstr "Legen taakrij" - -#: src/netutl.c:84 +#: src/netutl.c:108 #, c-format -msgid "Error looking up `%s': %s\n" -msgstr "Fout bij het opzoeken van `%s': %s\n" +msgid "Error while translating addresses: %s" +msgstr "Fout tijdens vertalen adressen: %s" + +#: src/netutl.c:128 +#, c-format +msgid "Error while looking up hostname: %s" +msgstr "Fout bij het opzoeken van hostnaam: %s" + +#: src/netutl.c:131 +#, c-format +msgid "%s port %s" +msgstr "%s poort %s" + +#: src/netutl.c:154 +#, c-format +msgid "sockaddrcmp() was called with unknown address family %d, exitting!" +msgstr "" +"sockaddrcmp() werd aangeroepen met onbekende adresfamilie %d, beëindigen!" #: src/protocol.c:75 #, c-format @@ -538,16 +565,16 @@ msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" #: src/protocol_auth.c:69 src/protocol_auth.c:218 src/protocol_auth.c:311 -#: src/protocol_auth.c:367 src/protocol_auth.c:475 src/protocol_edge.c:85 -#: src/protocol_edge.c:215 src/protocol_key.c:78 src/protocol_key.c:116 +#: src/protocol_auth.c:367 src/protocol_auth.c:478 src/protocol_edge.c:98 +#: src/protocol_edge.c:230 src/protocol_key.c:78 src/protocol_key.c:116 #: src/protocol_key.c:184 src/protocol_misc.c:61 src/protocol_misc.c:91 #: src/protocol_misc.c:172 src/protocol_subnet.c:71 src/protocol_subnet.c:160 #, c-format msgid "Got bad %s from %s (%s)" msgstr "Kreeg verkeerde %s van %s (%s)" -#: src/protocol_auth.c:77 src/protocol_edge.c:93 src/protocol_edge.c:99 -#: src/protocol_edge.c:224 src/protocol_edge.c:230 src/protocol_subnet.c:79 +#: src/protocol_auth.c:77 src/protocol_edge.c:106 src/protocol_edge.c:112 +#: src/protocol_edge.c:239 src/protocol_edge.c:245 src/protocol_subnet.c:79 #: src/protocol_subnet.c:87 src/protocol_subnet.c:168 #: src/protocol_subnet.c:186 #, c-format @@ -603,7 +630,7 @@ msgstr "verkeerd antwoord op uitdaging" msgid "Expected challenge reply: %s" msgstr "Verwachtte antwoord op uitdaging: %s" -#: src/protocol_auth.c:501 +#: src/protocol_auth.c:498 #, c-format msgid "Established a second connection with %s (%s), closing old connection" msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" @@ -613,33 +640,33 @@ msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol_edge.c:93 src/protocol_edge.c:99 src/protocol_edge.c:224 -#: src/protocol_edge.c:230 src/protocol_subnet.c:79 src/protocol_subnet.c:168 +#: src/protocol_edge.c:106 src/protocol_edge.c:112 src/protocol_edge.c:239 +#: src/protocol_edge.c:245 src/protocol_subnet.c:79 src/protocol_subnet.c:168 msgid "invalid name" -msgstr "ongelige naam" +msgstr "ongeldige naam" -#: src/protocol_edge.c:142 +#: src/protocol_edge.c:157 #, c-format msgid "Got %s from %s (%s) for ourself which does not match existing entry" msgstr "" "Kreeg %s van %s (%s) voor onszelf welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:149 +#: src/protocol_edge.c:164 #, c-format msgid "Got %s from %s (%s) which does not match existing entry" msgstr "Kreeg %s van %s (%s) welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:159 +#: src/protocol_edge.c:174 #, c-format msgid "Got %s from %s (%s) for ourself which does not exist" msgstr "Kreeg %s van %s (%s) voor onszelf welke niet bestaat" -#: src/protocol_edge.c:241 src/protocol_edge.c:250 src/protocol_edge.c:261 +#: src/protocol_edge.c:256 src/protocol_edge.c:265 src/protocol_edge.c:276 #, c-format msgid "Got %s from %s (%s) which does not appear in the edge tree" msgstr "Kreeg %s van %s (%s) welke niet voorkomt in de edge tree" -#: src/protocol_edge.c:268 src/protocol_subnet.c:115 src/protocol_subnet.c:211 +#: src/protocol_edge.c:283 src/protocol_subnet.c:115 src/protocol_subnet.c:211 #, c-format msgid "Got %s from %s (%s) for ourself" msgstr "Kreeg %s van %s (%s) voor onszelf" @@ -708,26 +735,27 @@ msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in de node boom" msgid "Got %s from %s (%s) for %s which does not appear in his subnet tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in zijn subnet boom" -#: src/subnet.c:109 +#: src/subnet.c:99 #, c-format msgid "subnet_compare() was called with unknown subnet type %d, exitting!" msgstr "" "subnet_compare() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:327 -msgid "unknown subnet type" -msgstr "onbekend subnet type" +#: src/subnet.c:274 +#, c-format +msgid "net2str() was called with unknown subnet type %d, exitting!" +msgstr "net2str() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:411 +#: src/subnet.c:381 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:416 +#: src/subnet.c:386 #, c-format msgid " %s owner %s" msgstr " %s eigenaar %s" -#: src/subnet.c:419 +#: src/subnet.c:389 msgid "End of subnet list." msgstr "Einde van subnet lijst." @@ -855,7 +883,7 @@ msgstr "Onherstelbare fout" msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/process.c:358 src/tincd.c:373 +#: src/process.c:356 src/tincd.c:373 msgid "Not restarting." msgstr "Geen herstart." @@ -906,56 +934,56 @@ msgstr "tincd %s (%s %s) start, debug niveau %d" msgid "tincd %s starting" msgstr "tincd %s wordt gestart" -#: src/process.c:266 +#: src/process.c:265 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:274 +#: src/process.c:273 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:282 +#: src/process.c:281 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:288 +#: src/process.c:287 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:313 +#: src/process.c:312 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:322 +#: src/process.c:321 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:329 +#: src/process.c:328 msgid "Got another SEGV signal: not restarting" msgstr "Kreeg nog een SEGV signaal: geen herstart" -#: src/process.c:338 +#: src/process.c:337 msgid "Got SEGV signal" msgstr "Kreeg SEGV signaal" -#: src/process.c:343 +#: src/process.c:342 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:367 +#: src/process.c:365 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:376 +#: src/process.c:374 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:383 +#: src/process.c:381 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -964,21 +992,21 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:394 +#: src/process.c:392 msgid "Got ALRM signal" msgstr "Kreeg ALRM signaal" -#: src/process.c:423 +#: src/process.c:421 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:432 +#: src/process.c:430 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:487 +#: src/process.c:485 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" @@ -988,12 +1016,12 @@ msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:124 +#: src/route.c:116 #, c-format -msgid "Cannot route packet: unknown destination address %d.%d.%d.%d" -msgstr "Kan pakket niet routeren: onbekend doeladres %d.%d.%d.%d" +msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" +msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:144 +#: src/route.c:136 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1002,16 +1030,16 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:189 +#: src/route.c:180 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:203 +#: src/route.c:193 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:255 +#: src/route.c:245 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" @@ -1023,149 +1051,153 @@ msgstr "Nodes:" #: src/node.c:166 #, c-format msgid "" -" %s at %s port %hd cipher %d digest %d maclength %d compression %d options %" -"ld status %04x nexthop %s via %s" +" %s at %s cipher %d digest %d maclength %d compression %d options %ld status " +"%04x nexthop %s via %s" msgstr "" -" %s op %s poort %hd cipher %d digest %d maclengte %d compressie %d opties %" -"ld status %04x nexthop %s via %s" +" %s op %s cipher %d digest %d maclengte %d compressie %d opties %ld status %" +"04x nexthop %s via %s" #: src/node.c:171 msgid "End of nodes." msgstr "Einde van nodes." -#: src/edge.c:194 +#: src/edge.c:195 msgid "Edges:" msgstr "Edges:" -#: src/edge.c:201 +#: src/edge.c:204 #, c-format -msgid " %s at %s port %hd - %s at %s port %hd options %ld weight %d" -msgstr " %s op %s poort %hd - %s op %s poort %hd opties %ld gewicht %d" +msgid " %s tcp at %s udp at %s - %s tcp at %s udp at %s options %ld weight %d" +msgstr " %s tcp op %s udp op %s - %s tcp op %s udp op %s opties %ld gewicht %d" -#: src/edge.c:209 +#: src/edge.c:214 msgid "End of edges." msgstr "Einde van edges." -#: src/graph.c:224 +#: src/graph.c:222 #, c-format msgid "Node %s (%s) became reachable" msgstr "Node %s (%s) werd bereikbaar" -#: src/graph.c:233 +#: src/graph.c:231 #, c-format msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" -#: src/freebsd/device.c:69 src/linux/device.c:88 src/openbsd/device.c:73 -#: src/solaris/device.c:74 +#: src/freebsd/device.c:70 src/linux/device.c:89 src/netbsd/device.c:74 +#: src/openbsd/device.c:74 src/solaris/device.c:75 #, c-format -msgid "Could not open %s: %m" -msgstr "Kon `%s' niet openen: %m" +msgid "Could not open %s: %s" +msgstr "Kon `%s' niet openen: %s" -#: src/linux/device.c:113 src/linux/device.c:123 +#: src/linux/device.c:114 src/linux/device.c:124 msgid "Linux tun/tap device" msgstr "Linux tun/tap apparaat" -#: src/linux/device.c:121 +#: src/linux/device.c:122 #, c-format msgid "Old ioctl() request was needed for %s" msgstr "Oud ioctl() verzoek was nodig voor %s" -#: src/linux/device.c:130 +#: src/linux/device.c:131 msgid "Linux ethertap device" msgstr "Linux ethertap apparaat" -#: src/freebsd/device.c:86 src/linux/device.c:134 src/openbsd/device.c:89 -#: src/solaris/device.c:131 +#: src/freebsd/device.c:87 src/linux/device.c:135 src/netbsd/device.c:90 +#: src/openbsd/device.c:90 src/solaris/device.c:132 #, c-format msgid "%s is a %s" msgstr "%s is een %s" -#: src/freebsd/device.c:107 src/linux/device.c:157 src/linux/device.c:167 -#: src/openbsd/device.c:110 src/solaris/device.c:148 +#: src/freebsd/device.c:108 src/linux/device.c:158 src/linux/device.c:168 +#: src/netbsd/device.c:111 src/openbsd/device.c:111 src/solaris/device.c:149 #, c-format -msgid "Error while reading from %s %s: %m" -msgstr "Fout tijdens lezen van %s %s: %m" +msgid "Error while reading from %s %s: %s" +msgstr "Fout tijdens lezen van %s %s: %s" -#: src/freebsd/device.c:116 src/linux/device.c:178 src/openbsd/device.c:125 -#: src/solaris/device.c:163 +#: src/freebsd/device.c:117 src/linux/device.c:179 src/netbsd/device.c:126 +#: src/openbsd/device.c:126 src/solaris/device.c:164 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" -#: src/freebsd/device.c:127 src/linux/device.c:189 src/openbsd/device.c:138 -#: src/solaris/device.c:174 +#: src/freebsd/device.c:128 src/linux/device.c:190 src/netbsd/device.c:139 +#: src/openbsd/device.c:139 src/solaris/device.c:175 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" -#: src/linux/device.c:196 src/linux/device.c:205 src/openbsd/device.c:148 -#: src/solaris/device.c:179 +#: src/linux/device.c:197 src/linux/device.c:206 src/netbsd/device.c:149 +#: src/openbsd/device.c:149 src/solaris/device.c:180 #, c-format -msgid "Can't write to %s %s: %m" -msgstr "Kan niet schrijven naar %s %s: %m" +msgid "Can't write to %s %s: %s" +msgstr "Kan niet schrijven naar %s %s: %s" -#: src/freebsd/device.c:143 src/linux/device.c:218 src/openbsd/device.c:159 -#: src/solaris/device.c:191 +#: src/freebsd/device.c:144 src/linux/device.c:219 src/netbsd/device.c:160 +#: src/openbsd/device.c:160 src/solaris/device.c:192 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" -#: src/freebsd/device.c:144 src/linux/device.c:219 src/openbsd/device.c:160 -#: src/solaris/device.c:192 +#: src/freebsd/device.c:145 src/linux/device.c:220 src/netbsd/device.c:161 +#: src/openbsd/device.c:161 src/solaris/device.c:193 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" -#: src/freebsd/device.c:145 src/linux/device.c:220 src/openbsd/device.c:161 -#: src/solaris/device.c:193 +#: src/freebsd/device.c:146 src/linux/device.c:221 src/netbsd/device.c:162 +#: src/openbsd/device.c:162 src/solaris/device.c:194 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" -#: src/freebsd/device.c:84 +#: src/freebsd/device.c:85 msgid "FreeBSD tap device" msgstr "FreeBSD tap apparaat" -#: src/freebsd/device.c:132 +#: src/freebsd/device.c:133 #, c-format -msgid "Error while writing to %s %s: %m" -msgstr "Fout tijdens schrijven naar %s %s: %m" +msgid "Error while writing to %s %s: %s" +msgstr "Fout tijdens schrijven naar %s %s: %s" -#: src/openbsd/device.c:87 -msgid "OpenBSD tun device" -msgstr "OpenBSD tun apparaat" - -#: src/solaris/device.c:85 +#: src/solaris/device.c:86 #, c-format -msgid "Could not open /dev/ip: %m" -msgstr "Kon /dev/ip niet openen: %m" +msgid "Could not open /dev/ip: %s" +msgstr "Kon /dev/ip niet openen: %s" -#: src/solaris/device.c:91 +#: src/solaris/device.c:92 #, c-format -msgid "Can't assign new interface: %m" -msgstr "Kan geen nieuwe interface toekennen: %m" +msgid "Can't assign new interface: %s" +msgstr "Kan geen nieuwe interface toekennen: %s" -#: src/solaris/device.c:96 +#: src/solaris/device.c:97 #, c-format -msgid "Could not open %s twice: %m" -msgstr "Kon `%s' niet twee keer openen: %m" +msgid "Could not open %s twice: %s" +msgstr "Kon `%s' niet twee keer openen: %s" -#: src/solaris/device.c:101 +#: src/solaris/device.c:102 #, c-format -msgid "Can't push IP module: %m" -msgstr "Kan IP module niet invoegen: %m" +msgid "Can't push IP module: %s" +msgstr "Kan IP module niet invoegen: %s" -#: src/solaris/device.c:107 +#: src/solaris/device.c:108 #, c-format -msgid "Can't set PPA %d: %m" -msgstr "Kon PPA %d niet instellen: %m" +msgid "Can't set PPA %d: %s" +msgstr "Kon PPA %d niet instellen: %s" -#: src/solaris/device.c:112 +#: src/solaris/device.c:113 #, c-format -msgid "Can't link TUN device to IP: %m" -msgstr "Kan TUN apparaat niet koppelen aan IP: %m" +msgid "Can't link TUN device to IP: %s" +msgstr "Kan TUN apparaat niet koppelen aan IP: %s" -#: src/solaris/device.c:119 +#: src/solaris/device.c:120 msgid "Solaris tun device" msgstr "Solaris tun apparaat" + +#: src/netbsd/device.c:88 +msgid "NetBSD tun device" +msgstr "NetBSD tun apparaat" + +#: src/openbsd/device.c:88 +msgid "OpenBSD tun device" +msgstr "OpenBSD tun apparaat" diff --git a/src/Makefile.am b/src/Makefile.am index 7ea85a15..d769071c 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,13 +1,13 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.19 2002/02/10 21:57:52 guus Exp $ +# $Id: Makefile.am,v 1.4.4.20 2002/02/18 16:25:16 guus Exp $ sbin_PROGRAMS = tincd EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c -tincd_SOURCES = conf.c connection.c device.c edge.c event.c graph.c meta.c net.c netutl.c node.c process.c \ - protocol.c protocol_auth.c protocol_edge.c protocol_misc.c protocol_key.c protocol_subnet.c \ - route.c subnet.c tincd.c +tincd_SOURCES = conf.c connection.c device.c edge.c event.c graph.c meta.c net.c net_packet.c net_setup.c \ + net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \ + protocol_key.c protocol_subnet.c route.c subnet.c tincd.c INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl diff --git a/src/conf.c b/src/conf.c index fc823720..3bf9b85f 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.52 2002/02/10 21:57:53 guus Exp $ + $Id: conf.c,v 1.9.4.53 2002/02/18 16:25:16 guus Exp $ */ #include "config.h" @@ -56,14 +56,14 @@ char *netname = NULL; /* name of the vpn network */ int config_compare(config_t *a, config_t *b) { int result; - - result = strcmp(a->variable, b->variable); - + + result = strcasecmp(a->variable, b->variable); + if(result) return result; result = a->line - b->line; - + if(result) return result; else @@ -90,7 +90,7 @@ config_t *new_config(void) config_t *cfg; cp cfg = (config_t *)xmalloc_and_zero(sizeof(*cfg)); - + return cfg; } @@ -126,7 +126,7 @@ cp if(!found) return NULL; - + if(strcmp(found->variable, variable)) return NULL; @@ -139,7 +139,7 @@ config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg) config_t *found; cp node = avl_search_node(config_tree, cfg); - + if(node) { if(node->next) @@ -149,10 +149,10 @@ cp return found; } } - + return NULL; } - + int get_config_bool(config_t *cfg, int *result) { cp @@ -184,7 +184,7 @@ cp if(sscanf(cfg->value, "%d", result) == 1) return 1; - + syslog(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); return 0; @@ -196,27 +196,26 @@ cp if(!cfg) return 0; - *result = cfg->value; + *result = xstrdup(cfg->value); return 1; } -int get_config_address(config_t *cfg, ipv4_t **result) +int get_config_address(config_t *cfg, struct addrinfo **result) { - ipv4_t *ip; + struct addrinfo *ai; cp if(!cfg) return 0; - ip = xmalloc(sizeof(*ip)); - *ip = str2address(cfg->value); + ai = str2addrinfo(cfg->value, NULL, 0); - if(ip) + if(ai) { - *result = ip; + *result = ai; return 1; } - syslog(LOG_ERR, _("IP address expected for configuration variable %s in %s line %d"), + syslog(LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); return 0; } @@ -228,8 +227,11 @@ cp return 0; if(sscanf(cfg->value, "%hu", result) == 1) - return 1; - + { + *result = htons(*result); + return 1; + } + syslog(LOG_ERR, _("Port number expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); return 0; @@ -250,20 +252,20 @@ cp cfg->variable, cfg->file, cfg->line); return 0; } - + /* Teach newbies what subnets are... */ - if(subnet->type == SUBNET_IPV4) - if((subnet->net.ipv4.address & subnet->net.ipv4.mask) != subnet->net.ipv4.address) - { - syslog(LOG_ERR, _("Network address and mask length do not match for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - free(subnet); - return 0; - } + if(((subnet->type == SUBNET_IPV4) && maskcheck((char *)&subnet->net.ipv4.address, subnet->net.ipv4.masklength, sizeof(ipv4_t))) + || ((subnet->type == SUBNET_IPV6) && maskcheck((char *)&subnet->net.ipv6.address, subnet->net.ipv6.masklength, sizeof(ipv6_t)))) + { + syslog(LOG_ERR, _("Network address and mask length do not match for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + free(subnet); + return 0; + } *result = subnet; - + return 1; } @@ -271,7 +273,7 @@ cp Read exactly one line and strip the trailing newline if any. If the file was on EOF, return NULL. Otherwise, return all the data in a dynamically allocated buffer. - + If line is non-NULL, it will be used as an initial buffer, to avoid unnecessary mallocing each time this function is called. If buf is given, and buf needs to be expanded, the var pointed to by buflen @@ -360,17 +362,17 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) int lineno = 0, ignore = 0; config_t *cfg; size_t bufsize; - + cp if((fp = fopen (fname, "r")) == NULL) { - syslog(LOG_ERR, _("Cannot open config file %s: %m"), fname); + syslog(LOG_ERR, _("Cannot open config file %s: %s"), fname, strerror(errno)); return -3; } bufsize = 100; buffer = xmalloc(bufsize); - + for(;;) { if((line = readline(fp, &buffer, &bufsize)) == NULL) @@ -395,7 +397,7 @@ cp if(!strcmp(variable, "-----BEGIN")) ignore = 1; - + if(!ignore) { if(((value = strtok(NULL, "\t\n\r =")) == NULL) || value[0] == '#') @@ -433,12 +435,11 @@ cp x = read_config_file(config_tree, fname); if(x == -1) /* System error: complain */ { - syslog(LOG_ERR, _("Failed to read `%s': %m"), - fname); + syslog(LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno)); } free(fname); cp - return x; + return x; } int isadir(const char* f) @@ -466,10 +467,10 @@ int is_safe_path(const char *file) } p = strrchr(file, '/'); - + if(p == file) /* It's in the root */ p++; - + x = *p; *p = '\0'; @@ -477,8 +478,7 @@ int is_safe_path(const char *file) check1: if(lstat(f, &s) < 0) { - syslog(LOG_ERR, _("Couldn't stat `%s': %m"), - f); + syslog(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); return 0; } @@ -496,25 +496,24 @@ check1: if(readlink(f, l, MAXBUFSIZE) < 0) { - syslog(LOG_ERR, _("Unable to read symbolic link `%s': %m"), f); + syslog(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, strerror(errno)); return 0; } - + f = l; goto check1; } *p = x; f = file; - + check2: if(lstat(f, &s) < 0 && errno != ENOENT) { - syslog(LOG_ERR, _("Couldn't stat `%s': %m"), - f); + syslog(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); return 0; } - + if(errno == ENOENT) return 1; @@ -532,10 +531,10 @@ check2: if(readlink(f, l, MAXBUFSIZE) < 0) { - syslog(LOG_ERR, _("Unable to read symbolic link `%s': %m"), f); + syslog(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, strerror(errno)); return 0; } - + f = l; goto check2; } @@ -547,7 +546,7 @@ check2: f); return 0; } - + return 1; } @@ -587,7 +586,7 @@ FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode { /* The directory is a relative path or a filename. */ char *p; - + directory = get_current_dir_name(); asprintf(&p, "%s/%s", directory, fn); free(fn); @@ -596,7 +595,7 @@ FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode } umask(0077); /* Disallow everything for group and other */ - + /* Open it first to keep the inode busy */ if((r = fopen(fn, mode)) == NULL) { @@ -605,7 +604,7 @@ FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode free(fn); return NULL; } - + /* Then check the file for nasty attacks */ if(!is_safe_path(fn)) /* Do not permit any directories that are readable or writeable by other users. */ diff --git a/src/conf.h b/src/conf.h index a04d6687..bf399ddb 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,12 +17,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.31 2002/02/10 21:57:53 guus Exp $ + $Id: conf.h,v 1.6.4.32 2002/02/18 16:25:16 guus Exp $ */ #ifndef __TINC_CONF_H__ #define __TINC_CONF_H__ +#include +#include +#include + #include #include "net.h" #include "subnet.h" @@ -54,7 +58,7 @@ extern int get_config_bool(config_t *, int *); extern int get_config_int(config_t *, int *); extern int get_config_port(config_t *, port_t *); extern int get_config_string(config_t *, char **); -extern int get_config_address(config_t *, ipv4_t **); +extern int get_config_address(config_t *, struct addrinfo **); struct subnet_t; /* Needed for next line. */ extern int get_config_subnet(config_t *, struct subnet_t **); diff --git a/src/connection.c b/src/connection.c index 815de4ba..8620e4af 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.27 2002/02/10 21:57:53 guus Exp $ + $Id: connection.c,v 1.1.2.28 2002/02/18 16:25:16 guus Exp $ */ #include "config.h" @@ -44,7 +44,7 @@ avl_tree_t *connection_tree; /* Meta connections */ int connection_compare(connection_t *a, connection_t *b) { - return a->socket - b->socket; + return a - b; } void init_connections(void) @@ -106,16 +106,6 @@ cp cp } -connection_t *lookup_connection(ipv4_t address, port_t port) -{ - connection_t c; -cp - c.address = address; - c.port = port; - - return avl_search(connection_tree, &c); -} - void dump_connections(void) { avl_node_t *node; @@ -126,9 +116,8 @@ cp for(node = connection_tree->head; node; node = node->next) { c = (connection_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s port %hd options %ld socket %d status %04x"), - c->name, c->hostname, c->port, c->options, - c->socket, c->status); + syslog(LOG_DEBUG, _(" %s at %s options %ld socket %d status %04x"), + c->name, c->hostname, c->options, c->socket, c->status); } syslog(LOG_DEBUG, _("End of connections.")); diff --git a/src/connection.h b/src/connection.h index 1689aee3..436f192a 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.24 2002/02/10 21:57:53 guus Exp $ + $Id: connection.h,v 1.1.2.25 2002/02/18 16:25:16 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -52,6 +52,7 @@ typedef struct connection_status_t { int pinged:1; /* sent ping */ int active:1; /* 1 if active.. */ + int connecting:1; /* 1 if we are waiting for a non-blocking connect() to finish */ int termreq:1; /* the termination of this connection was requested */ int remove:1; /* Set to 1 if you want this connection removed */ int timeout:1; /* 1 if gotten timeout */ @@ -64,8 +65,7 @@ typedef struct connection_status_t { typedef struct connection_t { char *name; /* name he claims to have */ - ipv4_t address; /* his real (internet) ip */ - port_t port; /* port number of meta connection */ + sockaddr_t address; /* his real (internet) ip */ char *hostname; /* the hostname of its real ip */ int protocol_version; /* used protocol */ @@ -77,7 +77,7 @@ typedef struct connection_t { struct outgoing_t *outgoing; /* used to keep track of outgoing connections */ struct node_t *node; /* node associated with the other end */ - struct edge_t *edge; /* edge associated with this connection */ + struct edge_t *edge; /* edge associated with this connection */ RSA *rsa_key; /* his public/private key */ EVP_CIPHER *incipher; /* Cipher he will use to send data to us */ @@ -109,7 +109,6 @@ extern connection_t *new_connection(void); extern void free_connection(connection_t *); extern void connection_add(connection_t *); extern void connection_del(connection_t *); -extern connection_t *lookup_connection(ipv4_t, short unsigned int); extern void dump_connections(void); extern int read_connection_config(connection_t *); diff --git a/src/edge.c b/src/edge.c index 1851f51f..b834879e 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.6 2002/02/10 21:57:54 guus Exp $ + $Id: edge.c,v 1.1.2.7 2002/02/18 16:25:16 guus Exp $ */ #include "config.h" @@ -47,7 +47,7 @@ int edge_compare(edge_t *a, edge_t *b) int result; result = strcmp(a->from.node->name, b->from.node->name); - + if(result) return result; else @@ -69,7 +69,7 @@ int edge_name_compare(edge_t *a, edge_t *b) { int result; char *name_a1, *name_a2, *name_b1, *name_b2; - + if(strcmp(a->from.node->name, a->to.node->name) < 0) name_a1 = a->from.node->name, name_a2 = a->to.node->name; else @@ -81,7 +81,7 @@ int edge_name_compare(edge_t *a, edge_t *b) name_b1 = b->to.node->name, name_b2 = b->from.node->name; result = strcmp(name_a1, name_b1); - + if(result) return result; else @@ -91,9 +91,9 @@ int edge_name_compare(edge_t *a, edge_t *b) int edge_weight_compare(edge_t *a, edge_t *b) { int result; - + result = a->weight - b->weight; - + if(result) return result; else @@ -189,23 +189,28 @@ void dump_edges(void) { avl_node_t *node; edge_t *e; - char *from_address, *to_address; + char *from_tcp, *from_udp; + char *to_tcp, *to_udp; cp syslog(LOG_DEBUG, _("Edges:")); for(node = edge_tree->head; node; node = node->next) { e = (edge_t *)node->data; - from_address = address2str(e->from.address); - to_address = address2str(e->to.address); - syslog(LOG_DEBUG, _(" %s at %s port %hd - %s at %s port %hd options %ld weight %d"), - e->from.node->name, from_address, e->from.port, - e->to.node->name, to_address, e->to.port, + from_tcp = sockaddr2hostname(&e->from.tcpaddress); + from_udp = sockaddr2hostname(&e->from.udpaddress); + to_tcp = sockaddr2hostname(&e->to.tcpaddress); + to_udp = sockaddr2hostname(&e->to.udpaddress); + syslog(LOG_DEBUG, _(" %s tcp at %s udp at %s - %s tcp at %s udp at %s options %ld weight %d"), + e->from.node->name, from_tcp, from_udp, + e->to.node->name, to_tcp, to_udp, e->options, e->weight); - free(from_address); - free(to_address); + free(from_tcp); + free(from_udp); + free(to_tcp); + free(to_udp); } - + syslog(LOG_DEBUG, _("End of edges.")); cp } diff --git a/src/edge.h b/src/edge.h index 9a60af65..e3fa078a 100644 --- a/src/edge.h +++ b/src/edge.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.5 2002/02/10 21:57:54 guus Exp $ + $Id: edge.h,v 1.1.2.6 2002/02/18 16:25:16 guus Exp $ */ #ifndef __TINC_EDGE_H__ @@ -25,14 +25,14 @@ #include +#include "net.h" #include "node.h" #include "connection.h" typedef struct halfconnection_t { struct node_t *node; /* node associated with this end of the connection */ - - ipv4_t address; /* real (internet) ip on this end of the meta connection */ - port_t port; /* port number of this end of the meta connection */ + sockaddr_t tcpaddress; /* real (internet) ip on this end of the meta connection */ + sockaddr_t udpaddress; /* real (internet) ip on this end of the vpn connection */ } halfconnection_t; typedef struct edge_t { diff --git a/src/freebsd/device.c b/src/freebsd/device.c index e75076a9..2f5f32e2 100644 --- a/src/freebsd/device.c +++ b/src/freebsd/device.c @@ -17,12 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.3 2002/02/11 12:33:01 guus Exp $ + $Id: device.c,v 1.1.2.4 2002/02/18 16:25:19 guus Exp $ */ #include "config.h" #include +#include #include #include #include @@ -66,7 +67,7 @@ cp cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %m"), device); + syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } cp @@ -104,7 +105,7 @@ int read_packet(vpn_packet_t *packet) cp if((lenin = read(device_fd, packet->data, MTU)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device); + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -129,7 +130,7 @@ cp if(write(device_fd, packet->data, packet->len) < 0) { - syslog(LOG_ERR, _("Error while writing to %s %s: %m"), device_info, device); + syslog(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, device, strerror(errno)); return -1; } diff --git a/src/graph.c b/src/graph.c index 0847b281..abc918d9 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.6 2002/02/10 21:57:54 guus Exp $ + $Id: graph.c,v 1.1.2.7 2002/02/18 16:25:16 guus Exp $ */ /* We need to generate two trees from the graph: @@ -186,17 +186,15 @@ void sssp_bfs(void) to_hc.node->nexthop = (n->nexthop == myself) ? to_hc.node : n->nexthop; to_hc.node->via = (e->options & OPTION_INDIRECT || n->via != n) ? n->via : to_hc.node; to_hc.node->options = e->options; - if(to_hc.node->address != to_hc.address || to_hc.node->port != to_hc.port) + if(sockaddrcmp(&to_hc.node->address, &to_hc.udpaddress)) { node = avl_unlink(node_udp_tree, to_hc.node); - to_hc.node->address = to_hc.address; - to_hc.node->port = to_hc.port; + to_hc.node->address = to_hc.udpaddress; if(to_hc.node->hostname) free(to_hc.node->hostname); - to_hc.node->hostname = hostlookup(htonl(to_hc.address)); + to_hc.node->hostname = sockaddr2hostname(&to_hc.udpaddress); avl_insert_node(node_udp_tree, node); } - to_hc.node->port = to_hc.port; node = avl_alloc_node(); node->data = to_hc.node; avl_insert_before(todo_tree, from, node); diff --git a/src/linux/device.c b/src/linux/device.c index 88355caa..450fcd1d 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,12 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.6 2002/02/11 12:33:01 guus Exp $ + $Id: device.c,v 1.1.2.7 2002/02/18 16:25:19 guus Exp $ */ #include "config.h" #include +#include #include #include #include @@ -85,7 +86,7 @@ cp cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %m"), device); + syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } cp @@ -154,7 +155,7 @@ cp { if((lenin = read(device_fd, packet->data, MTU)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device); + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -164,7 +165,7 @@ cp { if((lenin = read(device_fd, packet->data - 2, MTU + 2)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device); + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -193,7 +194,7 @@ cp { if(write(device_fd, packet->data, packet->len) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, device); + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } } @@ -202,7 +203,7 @@ cp *(short int *)(packet->data - 2) = packet->len; if(write(device_fd, packet->data - 2, packet->len + 2) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, device); + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } } diff --git a/src/meta.c b/src/meta.c index e108ea1a..f2326d11 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.23 2002/02/12 14:36:45 guus Exp $ + $Id: meta.c,v 1.1.2.24 2002/02/18 16:25:16 guus Exp $ */ #include "config.h" @@ -60,7 +60,7 @@ cp if(write(c->socket, bufp, length) < 0) { - syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %m"), c->name, c->hostname); + syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, c->hostname, strerror(errno)); return -1; } cp @@ -91,7 +91,7 @@ int receive_meta(connection_t *c) cp if(getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m %s (%s)"), __FILE__, __LINE__, c->socket, + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s %s (%s)"), __FILE__, __LINE__, c->socket, strerror(errno), c->name, c->hostname); return -1; } @@ -125,8 +125,8 @@ cp if(errno==EINTR) return 0; else - syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %m"), - c->name, c->hostname); + syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %s"), + c->name, c->hostname, strerror(errno)); return -1; } diff --git a/src/net.c b/src/net.c index 3328863e..bf58cf00 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.155 2002/02/12 14:36:45 guus Exp $ + $Id: net.c,v 1.35.4.156 2002/02/18 16:25:16 guus Exp $ */ #include "config.h" @@ -46,15 +46,6 @@ #include #include -#include -#include -#include - -#ifndef HAVE_RAND_PSEUDO_BYTES -#define RAND_pseudo_bytes RAND_bytes -#endif - -#include #include #include @@ -77,1037 +68,11 @@ #include "system.h" -int maxtimeout = 900; -int seconds_till_retry = 5; - -int tcp_socket = -1; -int udp_socket = -1; - -int keylifetime = 0; -int keyexpires = 0; - int do_prune = 0; int do_purge = 0; int sighup = 0; int sigalrm = 0; -#define MAX_SEQNO 1073741824 - -/* VPN packet I/O */ - -void receive_udppacket(node_t *n, vpn_packet_t *inpkt) -{ - vpn_packet_t pkt1, pkt2; - vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; - int nextpkt = 0; - vpn_packet_t *outpkt = pkt[0]; - int outlen, outpad; - long int complen = MTU + 12; - EVP_CIPHER_CTX ctx; - char hmac[EVP_MAX_MD_SIZE]; -cp - /* Check the message authentication code */ - - if(myself->digest && myself->maclength) - { - inpkt->len -= myself->maclength; - HMAC(myself->digest, myself->key, myself->keylength, (char *)&inpkt->seqno, inpkt->len, hmac, NULL); - if(memcmp(hmac, (char *)&inpkt->seqno + inpkt->len, myself->maclength)) - { - syslog(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), n->name, n->hostname); - return; - } - } - - /* Decrypt the packet */ - - if(myself->cipher) - { - outpkt = pkt[nextpkt++]; - - EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len); - EVP_DecryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); - EVP_DecryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad); - - outpkt->len = outlen + outpad; - inpkt = outpkt; - } - - /* Check the sequence number */ - - inpkt->len -= sizeof(inpkt->seqno); - inpkt->seqno = ntohl(inpkt->seqno); - - if(inpkt->seqno <= n->received_seqno) - { - syslog(LOG_DEBUG, _("Got late or replayed packet from %s (%s), seqno %d"), n->name, n->hostname, inpkt->seqno); - return; - } - - n->received_seqno = inpkt->seqno; - - if(n->received_seqno > MAX_SEQNO) - keyexpires = 0; - - /* Decompress the packet */ - - if(myself->compression) - { - outpkt = pkt[nextpkt++]; - - if(uncompress(outpkt->data, &complen, inpkt->data, inpkt->len) != Z_OK) - { - syslog(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), n->name, n->hostname); - return; - } - - outpkt->len = complen; - inpkt = outpkt; - } - - receive_packet(n, inpkt); -cp -} - -void receive_tcppacket(connection_t *c, char *buffer, int len) -{ - vpn_packet_t outpkt; -cp - outpkt.len = len; - memcpy(outpkt.data, buffer, len); - - receive_packet(c->node, &outpkt); -cp -} - -void receive_packet(node_t *n, vpn_packet_t *packet) -{ -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, n->name, n->hostname); - - route_incoming(n, packet); -cp -} - -void send_udppacket(node_t *n, vpn_packet_t *inpkt) -{ - vpn_packet_t pkt1, pkt2; - vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; - int nextpkt = 0; - vpn_packet_t *outpkt; - int outlen, outpad; - long int complen = MTU + 12; - EVP_CIPHER_CTX ctx; - struct sockaddr_in to; - socklen_t tolen = sizeof(to); - vpn_packet_t *copy; -cp - if(!n->status.validkey) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), - n->name, n->hostname); - - /* Since packet is on the stack of handle_tap_input(), - we have to make a copy of it first. */ - - copy = xmalloc(sizeof(vpn_packet_t)); - memcpy(copy, inpkt, sizeof(vpn_packet_t)); - - list_insert_tail(n->queue, copy); - - if(!n->status.waitingforkey) - send_req_key(n->nexthop->connection, myself, n); - - return; - } - - /* Compress the packet */ - - if(n->compression) - { - outpkt = pkt[nextpkt++]; - - if(compress2(outpkt->data, &complen, inpkt->data, inpkt->len, n->compression) != Z_OK) - { - syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname); - return; - } - - outpkt->len = complen; - inpkt = outpkt; - } - - /* Add sequence number */ - - inpkt->seqno = htonl(++(n->sent_seqno)); - inpkt->len += sizeof(inpkt->seqno); - - /* Encrypt the packet */ - - if(n->cipher) - { - outpkt = pkt[nextpkt++]; - - EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); - EVP_EncryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); - EVP_EncryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad); - - outpkt->len = outlen + outpad; - inpkt = outpkt; - } - - /* Add the message authentication code */ - - if(n->digest && n->maclength) - { - HMAC(n->digest, n->key, n->keylength, (char *)&inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len, &outlen); - inpkt->len += n->maclength; - } - - /* Send the packet */ - - to.sin_family = AF_INET; - to.sin_addr.s_addr = htonl(n->address); - to.sin_port = htons(n->port); - - if((sendto(udp_socket, (char *)&inpkt->seqno, inpkt->len, 0, (const struct sockaddr *)&to, tolen)) < 0) - { - syslog(LOG_ERR, _("Error sending packet to %s (%s): %m"), - n->name, n->hostname); - return; - } -cp -} - -/* - send a packet to the given vpn ip. -*/ -void send_packet(node_t *n, vpn_packet_t *packet) -{ - node_t *via; -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), - packet->len, n->name, n->hostname); - - if(n == myself) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_NOTICE, _("Packet is looping back to us!")); - } - - return; - } - - if(!n->status.reachable) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Node %s (%s) is not reachable"), - n->name, n->hostname); - return; - } - - via = (n->via == myself)?n->nexthop:n->via; - - if(via != n && debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), - n->name, via->name, n->via->hostname); - - if((myself->options | via->options) & OPTION_TCPONLY) - { - if(send_tcppacket(via->connection, packet)) - terminate_connection(via->connection, 1); - } - else - send_udppacket(via, packet); -} - -/* Broadcast a packet using the minimum spanning tree */ - -void broadcast_packet(node_t *from, vpn_packet_t *packet) -{ - avl_node_t *node; - connection_t *c; -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), - packet->len, from->name, from->hostname); - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - if(c->status.active && c->status.mst && c != from->nexthop->connection) - send_packet(c->node, packet); - } -cp -} - -void flush_queue(node_t *n) -{ - list_node_t *node, *next; -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); - - for(node = n->queue->head; node; node = next) - { - next = node->next; - send_udppacket(n, (vpn_packet_t *)node->data); - list_delete_node(n->queue, node); - } -cp -} - -/* Setup sockets */ - -int setup_listen_socket(port_t port) -{ - int nfd, flags; - struct sockaddr_in a; - int option; - ipv4_t *address; -#ifdef HAVE_LINUX - char *interface; -#endif -cp - if((nfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) - { - syslog(LOG_ERR, _("Creating metasocket failed: %m")); - return -1; - } - - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "fcntl"); - return -1; - } - - /* Optimize TCP settings */ - - option = 1; - setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); - setsockopt(nfd, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); -#ifdef HAVE_LINUX - setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); - - option = IPTOS_LOWDELAY; - setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); - - if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) - if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to interface %s: %m"), interface); - return -1; - } -#endif - - memset(&a, 0, sizeof(a)); - a.sin_family = AF_INET; - a.sin_addr.s_addr = htonl(INADDR_ANY); - a.sin_port = htons(port); - - if(get_config_address(lookup_config(config_tree, "BindToAddress"), &address)) - { - a.sin_addr.s_addr = htonl(*address); - free(address); - } - - if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to port %hd/tcp: %m"), port); - return -1; - } - - if(listen(nfd, 3)) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "listen"); - return -1; - } -cp - return nfd; -} - -int setup_vpn_in_socket(port_t port) -{ - int nfd, flags; - struct sockaddr_in a; - const int one = 1; -cp - if((nfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) - { - close(nfd); - syslog(LOG_ERR, _("Creating socket failed: %m")); - return -1; - } - - setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)); - - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "fcntl"); - return -1; - } - - memset(&a, 0, sizeof(a)); - a.sin_family = AF_INET; - a.sin_port = htons(port); - a.sin_addr.s_addr = htonl(INADDR_ANY); - - if(bind(nfd, (struct sockaddr *)&a, sizeof(struct sockaddr))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to port %hd/udp: %m"), port); - return -1; - } -cp - return nfd; -} - -void retry_outgoing(outgoing_t *outgoing) -{ - event_t *event; -cp - outgoing->timeout += 5; - if(outgoing->timeout > maxtimeout) - outgoing->timeout = maxtimeout; - - event = new_event(); - event->handler = (event_handler_t)setup_outgoing_connection; - event->time = time(NULL) + outgoing->timeout; - event->data = outgoing; - event_add(event); - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), outgoing->timeout); -cp -} - -int setup_outgoing_socket(connection_t *c) -{ - int flags; - struct sockaddr_in a; -cp - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); - - c->socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); - - if(c->socket == -1) - { - syslog(LOG_ERR, _("Creating socket for %s port %d failed: %m"), - c->hostname, c->port); - return -1; - } - - /* Bind first to get a fix on our source port??? - - a.sin_family = AF_INET; - a.sin_port = htons(0); - a.sin_addr.s_addr = htonl(INADDR_ANY); - - if(bind(c->socket, (struct sockaddr *)&a, sizeof(struct sockaddr))) - { - close(c->socket); - syslog(LOG_ERR, _("System call `%s' failed: %m"), "bind"); - return -1; - } - - */ - - /* Optimize TCP settings? - - option = 1; - setsockopt(c->socket, SOL_SOCKET, SO_KEEPALIVE, &option, sizeof(option)); -#ifdef HAVE_LINUX - setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); - - option = IPTOS_LOWDELAY; - setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); -#endif - - */ - - /* Connect */ - - a.sin_family = AF_INET; - a.sin_port = htons(c->port); - a.sin_addr.s_addr = htonl(c->address); - - if(connect(c->socket, (struct sockaddr *)&a, sizeof(a)) == -1) - { - close(c->socket); - syslog(LOG_ERR, _("%s port %hd: %m"), c->hostname, c->port); - return -1; - } - - flags = fcntl(c->socket, F_GETFL); - - if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) - { - close(c->socket); - syslog(LOG_ERR, _("fcntl for %s port %d: %m"), - c->hostname, c->port); - return -1; - } - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Connected to %s port %hd"), - c->hostname, c->port); -cp - return 0; -} - -void setup_outgoing_connection(outgoing_t *outgoing) -{ - connection_t *c; - node_t *n; - struct hostent *h; -cp - n = lookup_node(outgoing->name); - - if(n) - if(n->connection) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Already connected to %s"), outgoing->name); - n->connection->outgoing = outgoing; - return; - } - - c = new_connection(); - c->name = xstrdup(outgoing->name); - - init_configuration(&c->config_tree); - read_connection_config(c); - - if(!get_config_string(lookup_config(c->config_tree, "Address"), &c->hostname)) - { - syslog(LOG_ERR, _("No address specified for %s"), c->name); - free_connection(c); - free(outgoing->name); - free(outgoing); - return; - } - - if(!get_config_port(lookup_config(c->config_tree, "Port"), &c->port)) - c->port = 655; - - if(!(h = gethostbyname(c->hostname))) - { - syslog(LOG_ERR, _("Error looking up `%s': %m"), c->hostname); - free_connection(c); - retry_outgoing(outgoing); - return; - } - - c->address = ntohl(*((ipv4_t*)(h->h_addr_list[0]))); - c->hostname = hostlookup(htonl(c->address)); - - if(setup_outgoing_socket(c) < 0) - { - syslog(LOG_ERR, _("Could not set up a meta connection to %s (%s)"), - c->name, c->hostname); - retry_outgoing(outgoing); - return; - } - - c->outgoing = outgoing; - c->last_ping_time = time(NULL); - - connection_add(c); - - send_id(c); -cp -} - -int read_rsa_public_key(connection_t *c) -{ - FILE *fp; - char *fname; - char *key; -cp - if(!c->rsa_key) - c->rsa_key = RSA_new(); - - /* First, check for simple PublicKey statement */ - - if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) - { - BN_hex2bn(&c->rsa_key->n, key); - BN_hex2bn(&c->rsa_key->e, "FFFF"); - free(key); - return 0; - } - - /* Else, check for PublicKeyFile statement and read it */ - - if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) - { - if(is_safe_path(fname)) - { - if((fp = fopen(fname, "r")) == NULL) - { - syslog(LOG_ERR, _("Error reading RSA public key file `%s': %m"), - fname); - free(fname); - return -1; - } - free(fname); - c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); - fclose(fp); - if(!c->rsa_key) - { - syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %m"), - fname); - return -1; - } - return 0; - } - else - { - free(fname); - return -1; - } - } - - /* Else, check if a harnessed public key is in the config file */ - - asprintf(&fname, "%s/hosts/%s", confbase, c->name); - if((fp = fopen(fname, "r"))) - { - c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); - fclose(fp); - } - - free(fname); - - if(c->rsa_key) - return 0; - else - { - syslog(LOG_ERR, _("No public key for %s specified!"), c->name); - return -1; - } -} - -int read_rsa_private_key(void) -{ - FILE *fp; - char *fname, *key; -cp - if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) - { - myself->connection->rsa_key = RSA_new(); - BN_hex2bn(&myself->connection->rsa_key->d, key); - BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); - free(key); - return 0; - } - - if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) - asprintf(&fname, "%s/rsa_key.priv", confbase); - - if(is_safe_path(fname)) - { - if((fp = fopen(fname, "r")) == NULL) - { - syslog(LOG_ERR, _("Error reading RSA private key file `%s': %m"), - fname); - free(fname); - return -1; - } - free(fname); - myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); - fclose(fp); - if(!myself->connection->rsa_key) - { - syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %m"), - fname); - return -1; - } - return 0; - } - - free(fname); - return -1; -} - -int check_rsa_key(RSA *rsa_key) -{ - char *test1, *test2, *test3; -cp - if(rsa_key->p && rsa_key->q) - { - if(RSA_check_key(rsa_key) != 1) - return -1; - } - else - { - test1 = xmalloc(RSA_size(rsa_key)); - test2 = xmalloc(RSA_size(rsa_key)); - test3 = xmalloc(RSA_size(rsa_key)); - - if(RSA_public_encrypt(RSA_size(rsa_key), test1, test2, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) - return -1; - - if(RSA_private_decrypt(RSA_size(rsa_key), test2, test3, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) - return -1; - - if(memcmp(test1, test3, RSA_size(rsa_key))) - return -1; - } -cp - return 0; -} - -/* - Configure node_t myself and set up the local sockets (listen only) -*/ -int setup_myself(void) -{ - config_t *cfg; - subnet_t *subnet; - char *name, *mode, *cipher, *digest; - int choice; -cp - myself = new_node(); - myself->connection = new_connection(); - init_configuration(&myself->connection->config_tree); - - asprintf(&myself->hostname, _("MYSELF")); - asprintf(&myself->connection->hostname, _("MYSELF")); - - myself->connection->options = 0; - myself->connection->protocol_version = PROT_CURRENT; - - if(!get_config_string(lookup_config(config_tree, "Name"), &name)) /* Not acceptable */ - { - syslog(LOG_ERR, _("Name for tinc daemon required!")); - return -1; - } - - if(check_id(name)) - { - syslog(LOG_ERR, _("Invalid name for myself!")); - free(name); - return -1; - } - - myself->name = name; - myself->connection->name = xstrdup(name); - -cp - if(read_rsa_private_key()) - return -1; - - if(read_connection_config(myself->connection)) - { - syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); - return -1; - } - - if(read_rsa_public_key(myself->connection)) - return -1; -cp - - if(check_rsa_key(myself->connection->rsa_key)) - { - syslog(LOG_ERR, _("Invalid public/private keypair!")); - return -1; - } - - if(!get_config_port(lookup_config(myself->connection->config_tree, "Port"), &myself->port)) - myself->port = 655; - - myself->connection->port = myself->port; - -/* Read in all the subnets specified in the host configuration file */ - - cfg = lookup_config(myself->connection->config_tree, "Subnet"); - - while(cfg) - { - if(!get_config_subnet(cfg, &subnet)) - return -1; - - subnet_add(myself, subnet); - - cfg = lookup_config_next(myself->connection->config_tree, cfg); - } - -cp - /* Check some options */ - - if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice)) - if(choice) - myself->options |= OPTION_INDIRECT; - - if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice)) - if(choice) - myself->options |= OPTION_TCPONLY; - - if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice)) - if(choice) - myself->options |= OPTION_INDIRECT; - - if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice)) - if(choice) - myself->options |= OPTION_TCPONLY; - - if(myself->options & OPTION_TCPONLY) - myself->options |= OPTION_INDIRECT; - - if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) - { - if(!strcasecmp(mode, "router")) - routing_mode = RMODE_ROUTER; - else if (!strcasecmp(mode, "switch")) - routing_mode = RMODE_SWITCH; - else if (!strcasecmp(mode, "hub")) - routing_mode = RMODE_HUB; - else - { - syslog(LOG_ERR, _("Invalid routing mode!")); - return -1; - } - } - else - routing_mode = RMODE_ROUTER; - -cp - /* Open sockets */ - - if((tcp_socket = setup_listen_socket(myself->port)) < 0) - { - syslog(LOG_ERR, _("Unable to set up a listening TCP socket!")); - return -1; - } - - if((udp_socket = setup_vpn_in_socket(myself->port)) < 0) - { - syslog(LOG_ERR, _("Unable to set up a listening UDP socket!")); - return -1; - } -cp - /* Generate packet encryption key */ - - if(get_config_string(lookup_config(myself->connection->config_tree, "Cipher"), &cipher)) - { - if(!strcasecmp(cipher, "none")) - { - myself->cipher = NULL; - } - else - { - if(!(myself->cipher = EVP_get_cipherbyname(cipher))) - { - syslog(LOG_ERR, _("Unrecognized cipher type!")); - return -1; - } - } - } - else - myself->cipher = EVP_bf_cbc(); - - if(myself->cipher) - myself->keylength = myself->cipher->key_len + myself->cipher->iv_len; - else - myself->keylength = 1; - - myself->key = (char *)xmalloc(myself->keylength); - RAND_pseudo_bytes(myself->key, myself->keylength); - - if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) - keylifetime = 3600; - - keyexpires = time(NULL) + keylifetime; - - /* Check if we want to use message authentication codes... */ - - if(get_config_string(lookup_config(myself->connection->config_tree, "Digest"), &digest)) - { - if(!strcasecmp(digest, "none")) - { - myself->digest = NULL; - } - else - { - if(!(myself->digest = EVP_get_digestbyname(digest))) - { - syslog(LOG_ERR, _("Unrecognized digest type!")); - return -1; - } - } - } - else - myself->digest = EVP_sha1(); - - if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength)) - { - if(myself->digest) - { - if(myself->maclength > myself->digest->md_size) - { - syslog(LOG_ERR, _("MAC length exceeds size of digest!")); - return -1; - } - else if (myself->maclength < 0) - { - syslog(LOG_ERR, _("Bogus MAC length!")); - return -1; - } - } - } - else - myself->maclength = 4; - - /* Compression */ - - if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"), &myself->compression)) - { - if(myself->compression < 0 || myself->compression > 9) - { - syslog(LOG_ERR, _("Bogus compression level!")); - return -1; - } - } - else - myself->compression = 0; -cp - /* Done */ - - myself->nexthop = myself; - myself->via = myself; - myself->status.active = 1; - node_add(myself); - - graph(); - - syslog(LOG_NOTICE, _("Ready: listening on port %hd"), myself->port); -cp - return 0; -} - -/* - setup all initial network connections -*/ -int setup_network_connections(void) -{ -cp - init_connections(); - init_subnets(); - init_nodes(); - init_edges(); - init_events(); - - if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) - { - if(pingtimeout < 1) - { - pingtimeout = 86400; - } - } - else - pingtimeout = 60; - - if(setup_device() < 0) - return -1; - - /* Run tinc-up script to further initialize the tap interface */ - execute_script("tinc-up"); - - if(setup_myself() < 0) - return -1; - - try_outgoing_connections(); -cp - return 0; -} - -/* - close all open network connections -*/ -void close_network_connections(void) -{ - avl_node_t *node, *next; - connection_t *c; -cp - for(node = connection_tree->head; node; node = next) - { - next = node->next; - c = (connection_t *)node->data; - if(c->outgoing) - free(c->outgoing->name), free(c->outgoing); - terminate_connection(c, 0); - } - - if(myself && myself->connection) - terminate_connection(myself->connection, 0); - - close(udp_socket); - close(tcp_socket); - - exit_events(); - exit_edges(); - exit_subnets(); - exit_nodes(); - exit_connections(); - - execute_script("tinc-down"); - - close_device(); -cp - return; -} - -/* - handle an incoming tcp connect call and open - a connection to it. -*/ -connection_t *create_new_connection(int sfd) -{ - connection_t *c; - struct sockaddr_in ci; - int len = sizeof(ci); -cp - c = new_connection(); - - if(getpeername(sfd, (struct sockaddr *) &ci, (socklen_t *) &len) < 0) - { - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "getpeername"); - close(sfd); - return NULL; - } - - c->address = ntohl(ci.sin_addr.s_addr); - c->hostname = hostlookup(ci.sin_addr.s_addr); - c->port = htons(ci.sin_port); - c->socket = sfd; - c->last_ping_time = time(NULL); - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection from %s port %d"), - c->hostname, c->port); - - c->allow_request = ID; -cp - return c; -} - /* put all file descriptors in an fd_set array */ @@ -1130,53 +95,6 @@ cp cp } -/* - receive incoming data from the listening - udp socket and write it to the ethertap - device after being decrypted -*/ -void handle_incoming_vpn_data(void) -{ - vpn_packet_t pkt; - int x, l = sizeof(x); - struct sockaddr_in from; - socklen_t fromlen = sizeof(from); - node_t *n; -cp - if(getsockopt(udp_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) - { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%m"), - __FILE__, __LINE__, udp_socket); - return; - } - if(x) - { - syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); - return; - } - - if((pkt.len = recvfrom(udp_socket, (char *)&pkt.seqno, MAXSIZE, 0, (struct sockaddr *)&from, &fromlen)) <= 0) - { - syslog(LOG_ERR, _("Receiving packet failed: %m")); - return; - } - - n = lookup_node_udp(ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); - - if(!n) - { - syslog(LOG_WARNING, _("Received UDP packet on port %hd from unknown source %x:%hd"), myself->port, ntohl(from.sin_addr.s_addr), ntohs(from.sin_port)); - return; - } - -/* - if(n->connection) - n->connection->last_ping_time = time(NULL); -*/ - receive_udppacket(n, &pkt); -cp -} - /* Purge edges and subnets of unreachable nodes. Use carefully. */ void purge(void) @@ -1203,36 +121,36 @@ cp for(snode = n->subnet_tree->head; snode; snode = snext) { snext = snode->next; - s = (subnet_t *)snode->data; - - for(cnode = connection_tree->head; cnode; cnode = cnode->next) - { - c = (connection_t *)cnode->data; - if(c->status.active) - send_del_subnet(c, s); - } - - subnet_del(n, s); + s = (subnet_t *)snode->data; + + for(cnode = connection_tree->head; cnode; cnode = cnode->next) + { + c = (connection_t *)cnode->data; + if(c->status.active) + send_del_subnet(c, s); + } + + subnet_del(n, s); } - + for(enode = n->edge_tree->head; enode; enode = enext) { enext = enode->next; - e = (edge_t *)enode->data; - - for(cnode = connection_tree->head; cnode; cnode = cnode->next) - { - c = (connection_t *)cnode->data; - if(c->status.active) - send_del_edge(c, e); - } - - edge_del(e); + e = (edge_t *)enode->data; + + for(cnode = connection_tree->head; cnode; cnode = cnode->next) + { + c = (connection_t *)cnode->data; + if(c->status.active) + send_del_edge(c, e); + } + + edge_del(e); } node_del(n); } - } + } cp } @@ -1250,13 +168,13 @@ void terminate_connection(connection_t *c, int report) cp if(c->status.remove) return; - + if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), c->name, c->hostname); c->status.remove = 1; - + if(c->socket) close(c->socket); @@ -1276,7 +194,7 @@ cp } /* Run MST and SSSP algorithms */ - + graph(); /* Check if this was our outgoing connection */ @@ -1323,10 +241,10 @@ cp if(c->status.pinged) { if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), - c->name, c->hostname); - c->status.timeout = 1; - terminate_connection(c, 1); + syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), + c->name, c->hostname); + c->status.timeout = 1; + terminate_connection(c, 1); } else { @@ -1345,60 +263,6 @@ cp cp } -/* - accept a new tcp connect and create a - new connection -*/ -int handle_new_meta_connection() -{ - connection_t *new; - struct sockaddr client; - int fd, len = sizeof(client); -cp - if((fd = accept(tcp_socket, &client, &len)) < 0) - { - syslog(LOG_ERR, _("Accepting a new connection failed: %m")); - return -1; - } - - if(!(new = create_new_connection(fd))) - { - shutdown(fd, 2); - close(fd); - syslog(LOG_NOTICE, _("Closed attempted connection")); - return 0; - } - - connection_add(new); - - send_id(new); -cp - return 0; -} - -void try_outgoing_connections(void) -{ - static config_t *cfg = NULL; - char *name; - outgoing_t *outgoing; -cp - for(cfg = lookup_config(config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(config_tree, cfg)) - { - get_config_string(cfg, &name); - - if(check_id(name)) - { - syslog(LOG_ERR, _("Invalid name for outgoing connection in %s line %d"), cfg->file, cfg->line); - free(name); - continue; - } - - outgoing = xmalloc_and_zero(sizeof(*outgoing)); - outgoing->name = name; - setup_outgoing_connection(outgoing); - } -} - /* check all connections to see if anything happened on their sockets @@ -1407,7 +271,16 @@ void check_network_activity(fd_set *f) { connection_t *c; avl_node_t *node; + int result; + int len = sizeof(result); + vpn_packet_t packet; cp + if(FD_ISSET(device_fd, f)) + { + if(!read_packet(&packet)) + route_outgoing(&packet); + } + if(FD_ISSET(udp_socket, f)) handle_incoming_vpn_data(); @@ -1416,14 +289,31 @@ cp c = (connection_t *)node->data; if(c->status.remove) - return; + return; if(FD_ISSET(c->socket, f)) - if(receive_meta(c) < 0) - { - terminate_connection(c, c->status.active); - return; - } + { + if(c->status.connecting) + { + c->status.connecting = 0; + getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &result, &len); + if(!result) + finish_connecting(c); + else + { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_DEBUG, _("Error while connecting to %s (%s): %s"), c->name, c->hostname, strerror(result)); + close(c->socket); + do_outgoing_connection(c); + continue; + } + } + if(receive_meta(c) < 0) + { + terminate_connection(c, c->status.active); + return; + } + } } if(FD_ISSET(tcp_socket, f)) @@ -1442,9 +332,9 @@ cp c = (connection_t *)node->data; if(c->status.remove) - connection_del(c); + connection_del(c); } - + if(!connection_tree->head) purge(); cp @@ -1461,7 +351,6 @@ void main_loop(void) time_t last_ping_check; int t; event_t *event; - vpn_packet_t packet; cp last_ping_check = time(NULL); @@ -1472,23 +361,74 @@ cp tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */ tv.tv_usec = 0; + build_fdset(&fset); + + if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) + { + if(errno != EINTR) /* because of a signal */ + { + syslog(LOG_ERR, _("Error while waiting for input: %s"), strerror(errno)); + return; + } + } + + if(r > 0) + check_network_activity(&fset); + if(do_prune) { prune_connections(); do_prune = 0; } - build_fdset(&fset); - - if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) + if(do_purge) { - if(errno != EINTR) /* because of a signal */ + purge(); + do_purge = 0; + } + + t = time(NULL); + + /* Let's check if everybody is still alive */ + + if(last_ping_check + pingtimeout < t) + { + check_dead_connections(); + last_ping_check = time(NULL); + + /* Should we regenerate our key? */ + + if(keyexpires < t) { - syslog(LOG_ERR, _("Error while waiting for input: %m")); - return; + if(debug_lvl >= DEBUG_STATUS) + syslog(LOG_INFO, _("Regenerating symmetric key")); + + RAND_pseudo_bytes(myself->key, myself->keylength); + send_key_changed(myself->connection, myself); + keyexpires = time(NULL) + keylifetime; } } + + while((event = get_expired_event())) + { + event->handler(event->data); + free(event); + } + + if(sigalrm) + { + syslog(LOG_INFO, _("Flushing event queue")); + + while(event_tree->head) + { + event = (event_t *)event_tree->head->data; + event->handler(event->data); + event_del(event); + } + sigalrm = 0; + } + if(sighup) { syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds")); @@ -1509,65 +449,6 @@ cp continue; } - - if(do_purge) - { - purge(); - do_purge = 0; - } - - t = time(NULL); - - /* Let's check if everybody is still alive */ - - if(last_ping_check + pingtimeout < t) - { - check_dead_connections(); - last_ping_check = time(NULL); - - /* Should we regenerate our key? */ - - if(keyexpires < t) - { - if(debug_lvl >= DEBUG_STATUS) - syslog(LOG_INFO, _("Regenerating symmetric key")); - - RAND_pseudo_bytes(myself->key, myself->keylength); - send_key_changed(myself->connection, myself); - keyexpires = time(NULL) + keylifetime; - } - } - - if(sigalrm) - { - syslog(LOG_INFO, _("Flushing event queue")); - - while(event_tree->head) - { - event = (event_t *)event_tree->head->data; - event->handler(event->data); - event_del(event); - } - sigalrm = 0; - } - - while((event = get_expired_event())) - { - event->handler(event->data); - free(event); - } - - if(r > 0) - { - check_network_activity(&fset); - - /* local tap data */ - if(FD_ISSET(device_fd, &fset)) - { - if(!read_packet(&packet)) - route_outgoing(&packet); - } - } } cp } diff --git a/src/net.h b/src/net.h index 93ac391e..1100071a 100644 --- a/src/net.h +++ b/src/net.h @@ -17,12 +17,15 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.38 2002/02/10 21:57:54 guus Exp $ + $Id: net.h,v 1.9.4.39 2002/02/18 16:25:16 guus Exp $ */ #ifndef __TINC_NET_H__ #define __TINC_NET_H__ +#include +#include +#include #include #include "config.h" @@ -37,7 +40,10 @@ typedef struct mac_t unsigned char x[6]; } mac_t; -typedef unsigned long ipv4_t; +typedef struct ipv4_t +{ + unsigned char x[4]; +} ipv4_t; typedef struct ip_mask_t { ipv4_t address; @@ -53,6 +59,14 @@ typedef unsigned short port_t; typedef short length_t; +typedef union { + struct sockaddr sa; + struct sockaddr_in in; + struct sockaddr_in6 in6; +} sockaddr_t; + +#define SA_PORT(s) ((s.sa.sa_family==AF_INET)?s.in.sin_port:(s.sa.sa_family==AF_INET6)?s.in6.sin6_port:0) + typedef struct vpn_packet_t { length_t len; /* the actual number of bytes in the `data' field */ unsigned int seqno; /* 32 bits sequence number (network byte order of course) */ @@ -73,16 +87,35 @@ typedef struct packet_queue_t { typedef struct outgoing_t { char *name; int timeout; + struct config_t *cfg; + struct addrinfo *ai; + struct addrinfo *aip; } outgoing_t; extern int maxtimeout; extern int seconds_till_retry; +extern int addressfamily; extern char *request_name[]; extern char *status_text[]; #include "connection.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ +extern int tcp_socket; +extern int udp_socket; +extern int keyexpires; +extern int keylifetime; +extern int do_prune; +extern int do_purge; +extern char *myport; + +extern void retry_outgoing(outgoing_t *); +extern void handle_incoming_vpn_data(void); +extern void finish_connecting(connection_t *); +extern void do_outgoing_connection(connection_t *); +extern int handle_new_meta_connection(void); +extern int setup_listen_socket(sockaddr_t *); +extern int setup_vpn_in_socket(sockaddr_t *); extern void send_packet(struct node_t *, vpn_packet_t *); extern void receive_packet(struct node_t *, vpn_packet_t *); extern void receive_tcppacket(struct connection_t *, char *, int); diff --git a/src/net_packet.c b/src/net_packet.c new file mode 100644 index 00000000..5171a4f4 --- /dev/null +++ b/src/net_packet.c @@ -0,0 +1,391 @@ +/* + net_packet.c -- Handles in- and outgoing VPN packets + Copyright (C) 1998-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: net_packet.c,v 1.1.2.1 2002/02/18 16:25:16 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#ifdef HAVE_LINUX + #include + #include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +/* SunOS really wants sys/socket.h BEFORE net/if.h, + and FreeBSD wants these lines below the rest. */ +#include +#include +#include + +#include +#include +#include +#include + +#ifndef HAVE_RAND_PSEUDO_BYTES +#define RAND_pseudo_bytes RAND_bytes +#endif + +#include + +#include +#include +#include +#include + +#include "conf.h" +#include "connection.h" +#include "meta.h" +#include "net.h" +#include "netutl.h" +#include "process.h" +#include "protocol.h" +#include "subnet.h" +#include "graph.h" +#include "process.h" +#include "route.h" +#include "device.h" +#include "event.h" + +#include "system.h" + +int keylifetime = 0; +int keyexpires = 0; + +#define MAX_SEQNO 1073741824 + +/* VPN packet I/O */ + +void receive_udppacket(node_t *n, vpn_packet_t *inpkt) +{ + vpn_packet_t pkt1, pkt2; + vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; + int nextpkt = 0; + vpn_packet_t *outpkt = pkt[0]; + int outlen, outpad; + long int complen = MTU + 12; + EVP_CIPHER_CTX ctx; + char hmac[EVP_MAX_MD_SIZE]; +cp + /* Check the message authentication code */ + + if(myself->digest && myself->maclength) + { + inpkt->len -= myself->maclength; + HMAC(myself->digest, myself->key, myself->keylength, (char *)&inpkt->seqno, inpkt->len, hmac, NULL); + if(memcmp(hmac, (char *)&inpkt->seqno + inpkt->len, myself->maclength)) + { + syslog(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), n->name, n->hostname); + return; + } + } + + /* Decrypt the packet */ + + if(myself->cipher) + { + outpkt = pkt[nextpkt++]; + + EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len); + EVP_DecryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); + EVP_DecryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad); + + outpkt->len = outlen + outpad; + inpkt = outpkt; + } + + /* Check the sequence number */ + + inpkt->len -= sizeof(inpkt->seqno); + inpkt->seqno = ntohl(inpkt->seqno); + + if(inpkt->seqno <= n->received_seqno) + { + syslog(LOG_DEBUG, _("Got late or replayed packet from %s (%s), seqno %d"), n->name, n->hostname, inpkt->seqno); + return; + } + + n->received_seqno = inpkt->seqno; + + if(n->received_seqno > MAX_SEQNO) + keyexpires = 0; + + /* Decompress the packet */ + + if(myself->compression) + { + outpkt = pkt[nextpkt++]; + + if(uncompress(outpkt->data, &complen, inpkt->data, inpkt->len) != Z_OK) + { + syslog(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), n->name, n->hostname); + return; + } + + outpkt->len = complen; + inpkt = outpkt; + } + + receive_packet(n, inpkt); +cp +} + +void receive_tcppacket(connection_t *c, char *buffer, int len) +{ + vpn_packet_t outpkt; +cp + outpkt.len = len; + memcpy(outpkt.data, buffer, len); + + receive_packet(c->node, &outpkt); +cp +} + +void receive_packet(node_t *n, vpn_packet_t *packet) +{ +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, n->name, n->hostname); + + route_incoming(n, packet); +cp +} + +void send_udppacket(node_t *n, vpn_packet_t *inpkt) +{ + vpn_packet_t pkt1, pkt2; + vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; + int nextpkt = 0; + vpn_packet_t *outpkt; + int outlen, outpad; + long int complen = MTU + 12; + EVP_CIPHER_CTX ctx; + vpn_packet_t *copy; +cp + if(!n->status.validkey) + { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), + n->name, n->hostname); + + /* Since packet is on the stack of handle_tap_input(), + we have to make a copy of it first. */ + + copy = xmalloc(sizeof(vpn_packet_t)); + memcpy(copy, inpkt, sizeof(vpn_packet_t)); + + list_insert_tail(n->queue, copy); + + if(!n->status.waitingforkey) + send_req_key(n->nexthop->connection, myself, n); + + return; + } + + /* Compress the packet */ + + if(n->compression) + { + outpkt = pkt[nextpkt++]; + + if(compress2(outpkt->data, &complen, inpkt->data, inpkt->len, n->compression) != Z_OK) + { + syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname); + return; + } + + outpkt->len = complen; + inpkt = outpkt; + } + + /* Add sequence number */ + + inpkt->seqno = htonl(++(n->sent_seqno)); + inpkt->len += sizeof(inpkt->seqno); + + /* Encrypt the packet */ + + if(n->cipher) + { + outpkt = pkt[nextpkt++]; + + EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); + EVP_EncryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); + EVP_EncryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad); + + outpkt->len = outlen + outpad; + inpkt = outpkt; + } + + /* Add the message authentication code */ + + if(n->digest && n->maclength) + { + HMAC(n->digest, n->key, n->keylength, (char *)&inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len, &outlen); + inpkt->len += n->maclength; + } + + /* Send the packet */ + + if((sendto(udp_socket, (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), sizeof(sockaddr_t))) < 0) + { + syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"), + n->name, n->hostname, strerror(errno)); + return; + } +cp +} + +/* + send a packet to the given vpn ip. +*/ +void send_packet(node_t *n, vpn_packet_t *packet) +{ + node_t *via; +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), + packet->len, n->name, n->hostname); + + if(n == myself) + { + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_NOTICE, _("Packet is looping back to us!")); + } + + return; + } + + if(!n->status.reachable) + { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Node %s (%s) is not reachable"), + n->name, n->hostname); + return; + } + + via = (n->via == myself)?n->nexthop:n->via; + + if(via != n && debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), + n->name, via->name, n->via->hostname); + + if((myself->options | via->options) & OPTION_TCPONLY) + { + if(send_tcppacket(via->connection, packet)) + terminate_connection(via->connection, 1); + } + else + send_udppacket(via, packet); +} + +/* Broadcast a packet using the minimum spanning tree */ + +void broadcast_packet(node_t *from, vpn_packet_t *packet) +{ + avl_node_t *node; + connection_t *c; +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), + packet->len, from->name, from->hostname); + + for(node = connection_tree->head; node; node = node->next) + { + c = (connection_t *)node->data; + if(c->status.active && c->status.mst && c != from->nexthop->connection) + send_packet(c->node, packet); + } +cp +} + +void flush_queue(node_t *n) +{ + list_node_t *node, *next; +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); + + for(node = n->queue->head; node; node = next) + { + next = node->next; + send_udppacket(n, (vpn_packet_t *)node->data); + list_delete_node(n->queue, node); + } +cp +} + +void handle_incoming_vpn_data(void) +{ + vpn_packet_t pkt; + int x, l = sizeof(x); + char *hostname; + sockaddr_t from; + socklen_t fromlen = sizeof(from); + node_t *n; +cp + if(getsockopt(udp_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) + { + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s"), + __FILE__, __LINE__, udp_socket, strerror(errno)); + return; + } + if(x) + { + syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); + return; + } + + if((pkt.len = recvfrom(udp_socket, (char *)&pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen)) <= 0) + { + syslog(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); + return; + } + + n = lookup_node_udp(&from); + + if(!n) + { + hostname = sockaddr2hostname(&from); + syslog(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname); + free(hostname); + return; + } + +/* + if(n->connection) + n->connection->last_ping_time = time(NULL); +*/ + receive_udppacket(n, &pkt); +cp +} + diff --git a/src/net_setup.c b/src/net_setup.c new file mode 100644 index 00000000..1c5ff15a --- /dev/null +++ b/src/net_setup.c @@ -0,0 +1,557 @@ +/* + net_setup.c -- Setup. + Copyright (C) 1998-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: net_setup.c,v 1.1.2.1 2002/02/18 16:25:16 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#ifdef HAVE_LINUX + #include + #include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +/* SunOS really wants sys/socket.h BEFORE net/if.h, + and FreeBSD wants these lines below the rest. */ +#include +#include +#include + +#include +#include +#include + +#include +#include +#include +#include + +#include "conf.h" +#include "connection.h" +#include "meta.h" +#include "net.h" +#include "netutl.h" +#include "process.h" +#include "protocol.h" +#include "subnet.h" +#include "graph.h" +#include "process.h" +#include "route.h" +#include "device.h" +#include "event.h" + +#include "system.h" + +char *myport; + +int read_rsa_public_key(connection_t *c) +{ + FILE *fp; + char *fname; + char *key; +cp + if(!c->rsa_key) + c->rsa_key = RSA_new(); + + /* First, check for simple PublicKey statement */ + + if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) + { + BN_hex2bn(&c->rsa_key->n, key); + BN_hex2bn(&c->rsa_key->e, "FFFF"); + free(key); + return 0; + } + + /* Else, check for PublicKeyFile statement and read it */ + + if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) + { + if(is_safe_path(fname)) + { + if((fp = fopen(fname, "r")) == NULL) + { + syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), + fname, strerror(errno)); + free(fname); + return -1; + } + free(fname); + c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); + fclose(fp); + if(!c->rsa_key) + { + syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), + fname, strerror(errno)); + return -1; + } + return 0; + } + else + { + free(fname); + return -1; + } + } + + /* Else, check if a harnessed public key is in the config file */ + + asprintf(&fname, "%s/hosts/%s", confbase, c->name); + if((fp = fopen(fname, "r"))) + { + c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); + fclose(fp); + } + + free(fname); + + if(c->rsa_key) + return 0; + else + { + syslog(LOG_ERR, _("No public key for %s specified!"), c->name); + return -1; + } +} + +int read_rsa_private_key(void) +{ + FILE *fp; + char *fname, *key; +cp + if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) + { + myself->connection->rsa_key = RSA_new(); + BN_hex2bn(&myself->connection->rsa_key->d, key); + BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); + free(key); + return 0; + } + + if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) + asprintf(&fname, "%s/rsa_key.priv", confbase); + + if(is_safe_path(fname)) + { + if((fp = fopen(fname, "r")) == NULL) + { + syslog(LOG_ERR, _("Error reading RSA private key file `%s': %s"), + fname, strerror(errno)); + free(fname); + return -1; + } + free(fname); + myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); + fclose(fp); + if(!myself->connection->rsa_key) + { + syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), + fname, strerror(errno)); + return -1; + } + return 0; + } + + free(fname); + return -1; +} + +int check_rsa_key(RSA *rsa_key) +{ + char *test1, *test2, *test3; +cp + if(rsa_key->p && rsa_key->q) + { + if(RSA_check_key(rsa_key) != 1) + return -1; + } + else + { + test1 = xmalloc(RSA_size(rsa_key)); + test2 = xmalloc(RSA_size(rsa_key)); + test3 = xmalloc(RSA_size(rsa_key)); + + if(RSA_public_encrypt(RSA_size(rsa_key), test1, test2, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) + return -1; + + if(RSA_private_decrypt(RSA_size(rsa_key), test2, test3, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) + return -1; + + if(memcmp(test1, test3, RSA_size(rsa_key))) + return -1; + } +cp + return 0; +} + +/* + Configure node_t myself and set up the local sockets (listen only) +*/ +int setup_myself(void) +{ + config_t *cfg; + subnet_t *subnet; + char *name, *mode, *afname, *cipher, *digest; + struct addrinfo hint, *ai; + int choice; +cp + myself = new_node(); + myself->connection = new_connection(); + init_configuration(&myself->connection->config_tree); + + asprintf(&myself->hostname, _("MYSELF")); + asprintf(&myself->connection->hostname, _("MYSELF")); + + myself->connection->options = 0; + myself->connection->protocol_version = PROT_CURRENT; + + if(!get_config_string(lookup_config(config_tree, "Name"), &name)) /* Not acceptable */ + { + syslog(LOG_ERR, _("Name for tinc daemon required!")); + return -1; + } + + if(check_id(name)) + { + syslog(LOG_ERR, _("Invalid name for myself!")); + free(name); + return -1; + } + + myself->name = name; + myself->connection->name = xstrdup(name); + +cp + if(read_rsa_private_key()) + return -1; + + if(read_connection_config(myself->connection)) + { + syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); + return -1; + } + + if(read_rsa_public_key(myself->connection)) + return -1; +cp + + if(check_rsa_key(myself->connection->rsa_key)) + { + syslog(LOG_ERR, _("Invalid public/private keypair!")); + return -1; + } + + if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport)) + asprintf(&myport, "655"); + +/* Read in all the subnets specified in the host configuration file */ + + cfg = lookup_config(myself->connection->config_tree, "Subnet"); + + while(cfg) + { + if(!get_config_subnet(cfg, &subnet)) + return -1; + + subnet_add(myself, subnet); + + cfg = lookup_config_next(myself->connection->config_tree, cfg); + } + +cp + /* Check some options */ + + if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice)) + if(choice) + myself->options |= OPTION_INDIRECT; + + if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice)) + if(choice) + myself->options |= OPTION_TCPONLY; + + if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice)) + if(choice) + myself->options |= OPTION_INDIRECT; + + if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice)) + if(choice) + myself->options |= OPTION_TCPONLY; + + if(myself->options & OPTION_TCPONLY) + myself->options |= OPTION_INDIRECT; + + if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) + { + if(!strcasecmp(mode, "router")) + routing_mode = RMODE_ROUTER; + else if (!strcasecmp(mode, "switch")) + routing_mode = RMODE_SWITCH; + else if (!strcasecmp(mode, "hub")) + routing_mode = RMODE_HUB; + else + { + syslog(LOG_ERR, _("Invalid routing mode!")); + return -1; + } + free(mode); + } + else + routing_mode = RMODE_ROUTER; + + if(get_config_int(lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) + { + if(maxtimeout <= 0) + { + syslog(LOG_ERR, _("Bogus maximum timeout!")); + return -1; + } + } + else + maxtimeout = 900; + + if(get_config_string(lookup_config(config_tree, "AddressFamily"), &afname)) + { + if(!strcasecmp(afname, "IPv4")) + addressfamily = AF_INET; + else if (!strcasecmp(afname, "IPv6")) + addressfamily = AF_INET6; + else if (!strcasecmp(afname, "any")) + addressfamily = AF_UNSPEC; + else + { + syslog(LOG_ERR, _("Invalid address family!")); + return -1; + } + free(afname); + } + else + addressfamily = AF_INET; + + get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames); +cp + /* Generate packet encryption key */ + + if(get_config_string(lookup_config(myself->connection->config_tree, "Cipher"), &cipher)) + { + if(!strcasecmp(cipher, "none")) + { + myself->cipher = NULL; + } + else + { + if(!(myself->cipher = EVP_get_cipherbyname(cipher))) + { + syslog(LOG_ERR, _("Unrecognized cipher type!")); + return -1; + } + } + } + else + myself->cipher = EVP_bf_cbc(); + + if(myself->cipher) + myself->keylength = myself->cipher->key_len + myself->cipher->iv_len; + else + myself->keylength = 1; + + myself->key = (char *)xmalloc(myself->keylength); + RAND_pseudo_bytes(myself->key, myself->keylength); + + if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) + keylifetime = 3600; + + keyexpires = time(NULL) + keylifetime; + + /* Check if we want to use message authentication codes... */ + + if(get_config_string(lookup_config(myself->connection->config_tree, "Digest"), &digest)) + { + if(!strcasecmp(digest, "none")) + { + myself->digest = NULL; + } + else + { + if(!(myself->digest = EVP_get_digestbyname(digest))) + { + syslog(LOG_ERR, _("Unrecognized digest type!")); + return -1; + } + } + } + else + myself->digest = EVP_sha1(); + + if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength)) + { + if(myself->digest) + { + if(myself->maclength > myself->digest->md_size) + { + syslog(LOG_ERR, _("MAC length exceeds size of digest!")); + return -1; + } + else if (myself->maclength < 0) + { + syslog(LOG_ERR, _("Bogus MAC length!")); + return -1; + } + } + } + else + myself->maclength = 4; + + /* Compression */ + + if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"), &myself->compression)) + { + if(myself->compression < 0 || myself->compression > 9) + { + syslog(LOG_ERR, _("Bogus compression level!")); + return -1; + } + } + else + myself->compression = 0; +cp + /* Done */ + + myself->nexthop = myself; + myself->via = myself; + myself->status.active = 1; + node_add(myself); + + graph(); + +cp + /* Open sockets */ + + hint.ai_family = (addressfamily == AF_UNSPEC)?AF_INET6:addressfamily; + hint.ai_socktype = SOCK_STREAM; + hint.ai_protocol = IPPROTO_TCP; + hint.ai_flags = AI_PASSIVE; + + if(getaddrinfo(NULL, myport, &hint, &ai) || !ai) + { + syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", strerror(errno)); + return -1; + } + + if((tcp_socket = setup_listen_socket((sockaddr_t *)ai->ai_addr)) < 0) + { + syslog(LOG_ERR, _("Unable to set up a listening TCP socket!")); + return -1; + } + + if((udp_socket = setup_vpn_in_socket((sockaddr_t *)ai->ai_addr)) < 0) + { + syslog(LOG_ERR, _("Unable to set up a listening UDP socket!")); + return -1; + } + + freeaddrinfo(ai); + + syslog(LOG_NOTICE, _("Ready: listening on port %s"), myport); +cp + return 0; +} + +/* + setup all initial network connections +*/ +int setup_network_connections(void) +{ +cp + init_connections(); + init_subnets(); + init_nodes(); + init_edges(); + init_events(); + + if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) + { + if(pingtimeout < 1) + { + pingtimeout = 86400; + } + } + else + pingtimeout = 60; + + if(setup_device() < 0) + return -1; + + /* Run tinc-up script to further initialize the tap interface */ + execute_script("tinc-up"); + + if(setup_myself() < 0) + return -1; + + try_outgoing_connections(); +cp + return 0; +} + +/* + close all open network connections +*/ +void close_network_connections(void) +{ + avl_node_t *node, *next; + connection_t *c; +cp + for(node = connection_tree->head; node; node = next) + { + next = node->next; + c = (connection_t *)node->data; + if(c->outgoing) + free(c->outgoing->name), free(c->outgoing); + terminate_connection(c, 0); + } + + if(myself && myself->connection) + terminate_connection(myself->connection, 0); + + close(udp_socket); + close(tcp_socket); + + exit_events(); + exit_edges(); + exit_subnets(); + exit_nodes(); + exit_connections(); + + execute_script("tinc-down"); + + close_device(); +cp + return; +} diff --git a/src/net_socket.c b/src/net_socket.c new file mode 100644 index 00000000..93314fb6 --- /dev/null +++ b/src/net_socket.c @@ -0,0 +1,456 @@ +/* + net_socket.c -- Handle various kinds of sockets. + Copyright (C) 1998-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: net_socket.c,v 1.1.2.1 2002/02/18 16:25:16 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#ifdef HAVE_LINUX + #include + #include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +/* SunOS really wants sys/socket.h BEFORE net/if.h, + and FreeBSD wants these lines below the rest. */ +#include +#include +#include + +#include +#include +#include +#include + +#include "conf.h" +#include "connection.h" +#include "meta.h" +#include "net.h" +#include "netutl.h" +#include "process.h" +#include "protocol.h" +#include "subnet.h" +#include "graph.h" +#include "process.h" +#include "route.h" +#include "device.h" +#include "event.h" + +#include "system.h" + +int addressfamily = AF_INET; +int maxtimeout = 900; +int seconds_till_retry = 5; + +int tcp_socket = -1; +int udp_socket = -1; +/* Setup sockets */ + +int setup_listen_socket(sockaddr_t *sa) +{ + int nfd, flags; + char *addrstr; + int option; +#ifdef HAVE_LINUX + char *interface; +#endif +cp + if((nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP)) < 0) + { + syslog(LOG_ERR, _("Creating metasocket failed: %s"), strerror(errno)); + return -1; + } + + flags = fcntl(nfd, F_GETFL); + if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) + { + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", strerror(errno)); + return -1; + } + + /* Optimize TCP settings */ + + option = 1; + setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); +#ifdef HAVE_LINUX + setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); + + option = IPTOS_LOWDELAY; + setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); + + if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) + if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface))) + { + close(nfd); + syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); + return -1; + } +#endif + + if(bind(nfd, &sa->sa, sizeof(*sa))) + { + close(nfd); + addrstr = sockaddr2hostname(sa); + syslog(LOG_ERR, _("Can't bind to %s/tcp: %s"), addrstr, strerror(errno)); + free(addrstr); + return -1; + } + + if(listen(nfd, 3)) + { + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %s"), "listen", strerror(errno)); + return -1; + } +cp + return nfd; +} + +int setup_vpn_in_socket(sockaddr_t *sa) +{ + int nfd, flags; + char *addrstr; + int option; +#ifdef HAVE_LINUX + char *interface; +#endif +cp + if((nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) + { + syslog(LOG_ERR, _("Creating UDP socket failed: %s"), strerror(errno)); + return -1; + } + + flags = fcntl(nfd, F_GETFL); + if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) + { + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", strerror(errno)); + return -1; + } + + option = 1; + setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); +#ifdef HAVE_LINUX + if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) + if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface))) + { + close(nfd); + syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); + return -1; + } +#endif + + if(bind(nfd, &sa->sa, sizeof(*sa))) + { + close(nfd); + addrstr = sockaddr2hostname(sa); + syslog(LOG_ERR, _("Can't bind to %s/udp: %s"), addrstr, strerror(errno)); + free(addrstr); + return -1; + } +cp + return nfd; +} + +void retry_outgoing(outgoing_t *outgoing) +{ + event_t *event; +cp + outgoing->timeout += 5; + if(outgoing->timeout > maxtimeout) + outgoing->timeout = maxtimeout; + + event = new_event(); + event->handler = (event_handler_t)setup_outgoing_connection; + event->time = time(NULL) + outgoing->timeout; + event->data = outgoing; + event_add(event); + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), outgoing->timeout); +cp +} + +int setup_outgoing_socket(connection_t *c) +{ + int option; +cp + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); + + c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); + + if(c->socket == -1) + { + syslog(LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, strerror(errno)); + return -1; + } + + /* Optimize TCP settings */ + +#ifdef HAVE_LINUX + option = 1; + setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); + + option = IPTOS_LOWDELAY; + setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); +#endif + + /* Connect */ + + if(connect(c->socket, &c->address.sa, sizeof(c->address)) == -1) + { + close(c->socket); + syslog(LOG_ERR, _("%s: %s"), c->hostname, strerror(errno)); + return -1; + } + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); +cp + return 0; +} + + +void finish_connecting(connection_t *c) +{ +cp + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); + + c->last_ping_time = time(NULL); + + send_id(c); +cp +} + +void do_outgoing_connection(connection_t *c) +{ + char *address, *port; + int option, result, flags; +cp +begin: + if(!c->outgoing->ai) + { + if(!c->outgoing->cfg) + { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_ERR, _("Could not set up a meta connection to %s"), c->name); + c->status.remove = 1; + do_prune = 1; + retry_outgoing(c->outgoing); + return; + } + + get_config_string(c->outgoing->cfg, &address); + + if(!get_config_string(lookup_config(c->config_tree, "Port"), &port)) + asprintf(&port, "655"); + + c->outgoing->ai = str2addrinfo(address, port, SOCK_STREAM); + free(address); + free(port); + + c->outgoing->aip = c->outgoing->ai; + c->outgoing->cfg = lookup_config_next(c->config_tree, c->outgoing->cfg); + } + + if(!c->outgoing->aip) + { + freeaddrinfo(c->outgoing->ai); + c->outgoing->ai = NULL; + goto begin; + } + + memcpy(&c->address, c->outgoing->aip->ai_addr, c->outgoing->aip->ai_addrlen); + c->outgoing->aip = c->outgoing->aip->ai_next; + + if(c->hostname) + free(c->hostname); + + c->hostname = sockaddr2hostname(&c->address); + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); + + c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); + + if(c->socket == -1) + { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, strerror(errno)); + + goto begin; + } + + /* Optimize TCP settings */ + +#ifdef HAVE_LINUX + option = 1; + setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); + + option = IPTOS_LOWDELAY; + setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); +#endif + + /* Non-blocking */ + + flags = fcntl(c->socket, F_GETFL); + + if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) + { + syslog(LOG_ERR, _("fcntl for %s: %s"), c->hostname, strerror(errno)); + } + + /* Connect */ + + result = connect(c->socket, &c->address.sa, sizeof(c->address)); + + if(result == -1) + { + if(errno == EINPROGRESS) + { + c->status.connecting = 1; + return; + } + + close(c->socket); + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_ERR, _("%s: %s"), c->hostname, strerror(errno)); + + goto begin; + } + + finish_connecting(c); + return; +cp +} + +void setup_outgoing_connection(outgoing_t *outgoing) +{ + connection_t *c; + node_t *n; +cp + n = lookup_node(outgoing->name); + + if(n) + if(n->connection) + { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_INFO, _("Already connected to %s"), outgoing->name); + n->connection->outgoing = outgoing; + return; + } + + c = new_connection(); + c->name = xstrdup(outgoing->name); + + init_configuration(&c->config_tree); + read_connection_config(c); + + outgoing->cfg = lookup_config(c->config_tree, "Address"); + + if(!outgoing->cfg) + { + syslog(LOG_ERR, _("No address specified for %s"), c->name); + free_connection(c); + free(outgoing->name); + free(outgoing); + return; + } + + c->outgoing = outgoing; + c->last_ping_time = time(NULL); + + connection_add(c); + + do_outgoing_connection(c); +} + +/* + accept a new tcp connect and create a + new connection +*/ +int handle_new_meta_connection() +{ + connection_t *c; + sockaddr_t sa; + int fd, len = sizeof(sa); +cp + if((fd = accept(tcp_socket, &sa.sa, &len)) < 0) + { + syslog(LOG_ERR, _("Accepting a new connection failed: %s"), strerror(errno)); + return -1; + } + + c = new_connection(); + + c->address = sa; + c->hostname = sockaddr2hostname(&sa); + c->socket = fd; + c->last_ping_time = time(NULL); + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Connection from %s"), c->hostname); + + connection_add(c); + + c->allow_request = ID; + send_id(c); +cp + return 0; +} + +void try_outgoing_connections(void) +{ + static config_t *cfg = NULL; + char *name; + outgoing_t *outgoing; +cp + for(cfg = lookup_config(config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(config_tree, cfg)) + { + get_config_string(cfg, &name); + + if(check_id(name)) + { + syslog(LOG_ERR, _("Invalid name for outgoing connection in %s line %d"), cfg->file, cfg->line); + free(name); + continue; + } + + outgoing = xmalloc_and_zero(sizeof(*outgoing)); + outgoing->name = name; + setup_outgoing_connection(outgoing); + } +} diff --git a/src/netbsd/device.c b/src/netbsd/device.c index ed8cb4e5..a8c01f53 100644 --- a/src/netbsd/device.c +++ b/src/netbsd/device.c @@ -17,12 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.1 2002/02/12 14:40:12 guus Exp $ + $Id: device.c,v 1.1.2.2 2002/02/18 16:25:19 guus Exp $ */ #include "config.h" #include +#include #include #include #include @@ -70,7 +71,7 @@ int setup_device(void) cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %m"), device); + syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } cp @@ -107,7 +108,7 @@ cp if((lenin = readv(device_fd, vector, 2)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device); + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -145,7 +146,7 @@ cp if(writev(device_fd, vector, 2) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, device); + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } diff --git a/src/netutl.c b/src/netutl.c index 14ed5cef..2ad30fc6 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.23 2002/02/11 10:16:18 guus Exp $ + $Id: netutl.c,v 1.12.4.24 2002/02/18 16:25:16 guus Exp $ */ #include "config.h" @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -42,64 +43,183 @@ #include "system.h" -char *hostlookup(unsigned long addr) -{ - char *name; - struct hostent *host = NULL; - struct in_addr in; - int lookup_hostname = 0; -cp - in.s_addr = addr; - - get_config_bool(lookup_config(config_tree, "Hostnames"), &lookup_hostname); - - if(lookup_hostname) - host = gethostbyaddr((char *)&in, sizeof(in), AF_INET); - - if(!lookup_hostname || !host) - { - asprintf(&name, "%s", inet_ntoa(in)); - } - else - { - asprintf(&name, "%s", host->h_name); - } -cp - return name; -} +int hostnames = 0; /* - Turn a string into an IP address - return NULL on failure - Should support IPv6 and other stuff in the future. + Turn a string into a struct addrinfo. + Return NULL on failure. */ -ipv4_t str2address(char *str) +struct addrinfo *str2addrinfo(char *address, char *service, int socktype) { - ipv4_t address; - struct hostent *h; + struct addrinfo hint, *ai; + int err; cp - if(!(h = gethostbyname(str))) + memset(&hint, 0, sizeof(hint)); + + hint.ai_family = addressfamily; + hint.ai_socktype = socktype; + + if((err = getaddrinfo(address, service, &hint, &ai))) { if(debug_lvl >= DEBUG_ERROR) - syslog(LOG_WARNING, _("Error looking up `%s': %s\n"), str, strerror(errno)); - - return 0; + syslog(LOG_WARNING, _("Error looking up %s port %s: %s\n"), address, service, gai_strerror(err)); + cp_trace(); + return NULL; } - address = ntohl(*((ipv4_t*)(h->h_addr_list[0]))); cp - return address; + return ai; } -char *address2str(ipv4_t address) +sockaddr_t str2sockaddr(char *address, char *port) +{ + struct addrinfo hint, *ai; + sockaddr_t result; + int err; +cp + memset(&hint, 0, sizeof(hint)); + + hint.ai_family = AF_UNSPEC; + hint.ai_flags = AI_NUMERICHOST; + hint.ai_socktype = SOCK_STREAM; + + if((err = getaddrinfo(address, port, &hint, &ai) || !ai)) + { + syslog(LOG_ERR, _("Error looking up %s port %s: %s\n"), address, port, gai_strerror(err)); + cp_trace(); + raise(SIGFPE); + exit(0); + } + + result = *(sockaddr_t *)ai->ai_addr; + freeaddrinfo(ai); +cp + return result; +} + +void sockaddr2str(sockaddr_t *sa, char **addrstr, char **portstr) +{ + char address[NI_MAXHOST]; + char port[NI_MAXSERV]; + int err; +cp + if((err = getnameinfo((struct sockaddr *)sa, sizeof(sockaddr_t), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST|NI_NUMERICSERV))) + { + syslog(LOG_ERR, _("Error while translating addresses: %s"), gai_strerror(err)); + cp_trace(); + raise(SIGFPE); + exit(0); + } + + *addrstr = xstrdup(address); + *portstr = xstrdup(port); +cp +} + +char *sockaddr2hostname(sockaddr_t *sa) { char *str; + char address[NI_MAXHOST] = "unknown"; + char port[NI_MAXSERV] = "unknown"; + int err; cp - asprintf(&str, "%hu.%hu.%hu.%hu", - (unsigned short int)((address >> 24) & 255), - (unsigned short int)((address >> 16) & 255), - (unsigned short int)((address >> 8) & 255), - (unsigned short int)(address & 255)); + if((err = getnameinfo((struct sockaddr *)sa, sizeof(sockaddr_t), address, sizeof(address), port, sizeof(port), hostnames?0:(NI_NUMERICHOST|NI_NUMERICSERV)))) + { + syslog(LOG_ERR, _("Error while looking up hostname: %s"), gai_strerror(err)); + } + + asprintf(&str, _("%s port %s"), address, port); cp return str; } + +int sockaddrcmp(sockaddr_t *a, sockaddr_t *b) +{ + int result; +cp + result = a->sa.sa_family - b->sa.sa_family; + + if(result) + return result; + + switch(a->sa.sa_family) + { + case AF_UNSPEC: + return 0; + case AF_INET: + return memcmp(&a->in, &b->in, sizeof(a->in)); + case AF_INET6: + return memcmp(&a->in6, &b->in6, sizeof(a->in6)); + default: + syslog(LOG_ERR, _("sockaddrcmp() was called with unknown address family %d, exitting!"), a->sa.sa_family); + cp_trace(); + raise(SIGFPE); + exit(0); + } +cp +} + +/* Subnet mask handling */ + +int maskcmp(char *a, char *b, int masklen, int len) +{ + int i, m, result; +cp + for(m = masklen, i = 0; m > 8; m -= 8, i++) + if((result = a[i] - b[i])) + return result; + + if(m) + return (a[i] & (0x100 - (m << 1))) - (b[i] & (0x100 - (m << 1))); + + return 0; +} + +void mask(char *a, int masklen, int len) +{ + int i; +cp + i = masklen / 8; + masklen %= 8; + + if(masklen) + a[i++] &= (0x100 - (masklen << 1)); + + for(; i < len; i++) + a[i] = 0; +} + +void maskcpy(char *a, char *b, int masklen, int len) +{ + int i, m; +cp + for(m = masklen, i = 0; m > 8; m -= 8, i++) + a[i] = b[i]; + + if(m) + { + a[i] = b[i] & (0x100 - (m << 1)); + i++; + } + + for(; i < len; i++) + a[i] = 0; +} + +int maskcheck(char *a, int masklen, int len) +{ + int i; +cp + i = masklen / 8; + masklen %= 8; + + if(masklen) + if(a[i++] & ~(0x100 - (masklen << 1))) + return -1; + + for(; i < len; i++) + if(a[i] != 0) + return -1; + + return 0; +} diff --git a/src/netutl.h b/src/netutl.h index 3d1584f6..6207fd18 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -17,16 +17,29 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.9 2002/02/11 10:16:18 guus Exp $ + $Id: netutl.h,v 1.2.4.10 2002/02/18 16:25:16 guus Exp $ */ #ifndef __TINC_NETUTL_H__ #define __TINC_NETUTL_H__ +#include +#include +#include + #include "net.h" +extern int hostnames; + extern char *hostlookup(unsigned long); -extern ipv4_t str2address(char*); -extern char *address2str(ipv4_t); +extern struct addrinfo *str2addrinfo(char *, char *, int); +extern sockaddr_t str2sockaddr(char *, char *); +extern void sockaddr2str(sockaddr_t *, char **, char **); +extern char *sockaddr2hostname(sockaddr_t *); +extern int sockaddrcmp(sockaddr_t *, sockaddr_t *); +extern int maskcmp(char *, char *, int, int); +extern void maskcpy(char *, char *, int, int); +extern void mask(char *, int, int); +extern int maskcheck(char *, int, int); #endif /* __TINC_NETUTL_H__ */ diff --git a/src/node.c b/src/node.c index 2abd7fbf..6e3b0f9b 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.9 2002/02/11 15:59:18 guus Exp $ + $Id: node.c,v 1.1.2.10 2002/02/18 16:25:16 guus Exp $ */ #include "config.h" @@ -27,6 +27,7 @@ #include #include "node.h" +#include "netutl.h" #include "net.h" #include #include @@ -45,14 +46,13 @@ int node_compare(node_t *a, node_t *b) int node_udp_compare(node_t *a, node_t *b) { - if(a->address < b->address) - return -1; - if (a->address > b->address) - return 1; - if (a->port < b->port) - return -1; - if (a->port > b->port) - return 1; + int result; +cp + result = sockaddrcmp(&a->address, &b->address); + + if(result) + return result; + return (a->name && b->name)?strcmp(a->name, b->name):0; } @@ -143,13 +143,13 @@ cp return avl_search(node_tree, &n); } -node_t *lookup_node_udp(ipv4_t address, port_t port) +node_t *lookup_node_udp(sockaddr_t *sa) { node_t n; cp + n.address = *sa; n.name = NULL; - n.address = address; - n.port = port; + return avl_search(node_udp_tree, &n); } @@ -163,8 +163,8 @@ cp for(node = node_tree->head; node; node = node->next) { n = (node_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s port %hd cipher %d digest %d maclength %d compression %d options %ld status %04x nexthop %s via %s"), - n->name, n->hostname, n->port, n->cipher?n->cipher->nid:0, n->digest?n->digest->type:0, n->maclength, n->compression, n->options, + syslog(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %ld status %04x nexthop %s via %s"), + n->name, n->hostname, n->cipher?n->cipher->nid:0, n->digest?n->digest->type:0, n->maclength, n->compression, n->options, n->status, n->nexthop?n->nexthop->name:"-", n->via?n->via->name:"-"); } diff --git a/src/node.h b/src/node.h index b662ccd0..64938521 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.11 2002/02/11 15:59:18 guus Exp $ + $Id: node.h,v 1.1.2.12 2002/02/18 16:25:16 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -41,8 +41,7 @@ typedef struct node_t { char *name; /* name of this node */ long int options; /* options turned on for this node */ - ipv4_t address; /* his real (internet) ip to send UDP packets to */ - port_t port; /* port number of UDP connection */ + sockaddr_t address; /* his real (internet) ip to send UDP packets to */ char *hostname; /* the hostname of its real ip */ struct node_status_t status; @@ -78,11 +77,11 @@ extern avl_tree_t *node_udp_tree; extern void init_nodes(void); extern void exit_nodes(void); extern node_t *new_node(void); -extern void free_node(node_t *n); -extern void node_add(node_t *n); -extern void node_del(node_t *n); +extern void free_node(node_t *); +extern void node_add(node_t *); +extern void node_del(node_t *); extern node_t *lookup_node(char *); -extern node_t *lookup_node_udp(ipv4_t, port_t); +extern node_t *lookup_node_udp(sockaddr_t *); extern void dump_nodes(void); #endif /* __TINC_NODE_H__ */ diff --git a/src/openbsd/device.c b/src/openbsd/device.c index a24d2d0d..8468b192 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,12 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.4 2002/02/11 12:33:01 guus Exp $ + $Id: device.c,v 1.1.2.5 2002/02/18 16:25:19 guus Exp $ */ #include "config.h" #include +#include #include #include #include @@ -70,7 +71,7 @@ int setup_device(void) cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %m"), device); + syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } cp @@ -107,7 +108,7 @@ cp if((lenin = readv(device_fd, vector, 2)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device); + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -145,7 +146,7 @@ cp if(writev(device_fd, vector, 2) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, device); + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } diff --git a/src/process.c b/src/process.c index 4455b65f..5cc32c66 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.34 2002/02/12 14:29:00 guus Exp $ + $Id: process.c,v 1.1.2.35 2002/02/18 16:25:16 guus Exp $ */ #include "config.h" @@ -255,8 +255,7 @@ int execute_script(const char *name) cp if((pid = fork()) < 0) { - syslog(LOG_ERR, _("System call `%s' failed: %m"), - "fork"); + syslog(LOG_ERR, _("System call `%s' failed: %s"), "fork", strerror(errno)); return -1; } @@ -291,7 +290,7 @@ cp } else { - syslog(LOG_ERR, _("System call `%s' failed: %m"), "waitpid"); + syslog(LOG_ERR, _("System call `%s' failed: %s"), "waitpid", strerror(errno)); return -1; } } diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 1fad4b78..8541d3da 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.1 2002/02/11 10:05:58 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.2 2002/02/18 16:25:16 guus Exp $ */ #include "config.h" @@ -413,16 +413,17 @@ int send_ack(connection_t *c) to create node_t and edge_t structures. */ int x; - char *addrstr; + char *address, *port; struct timeval now; cp /* Estimate weight */ gettimeofday(&now, NULL); c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; - addrstr = address2str(c->address); - x = send_request(c, "%d %hd %s %d %d", ACK, myself->port, addrstr, c->estimated_weight, c->options); - free(addrstr); + sockaddr2str(&c->address, &address, &port); + x = send_request(c, "%d %s %s %s %d %d", ACK, myport, address, port, c->estimated_weight, c->options); + free(address); + free(port); cp return x; } @@ -462,15 +463,17 @@ void send_everything(connection_t *c) int ack_h(connection_t *c) { - port_t hisport; - char addrstr[MAX_STRING_SIZE]; + char address[MAX_STRING_SIZE]; + char port[MAX_STRING_SIZE]; + char hisport[MAX_STRING_SIZE]; + char *hisaddress, *dummy; int weight; int options; node_t *n; connection_t *other; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d %hd "MAX_STRING" %d %d", &hisport, addrstr, &weight, &options) != 4) + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d", hisport, address, port, &weight, &options) != 5) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); return -1; @@ -484,12 +487,6 @@ cp { n = new_node(); n->name = xstrdup(c->name); - n->address = c->address; - n->hostname = xstrdup(c->hostname); - n->port = hisport; - - /* FIXME: Also check if no other tinc daemon uses the same IP and port for UDP traffic */ - node_add(n); } else @@ -512,17 +509,20 @@ cp /* Create an edge_t for this connection */ c->edge = new_edge(); - +cp c->edge->from.node = myself; - c->edge->from.address = str2address(addrstr); - c->edge->from.port = myself->port; + c->edge->from.tcpaddress = str2sockaddr(address, port); + c->edge->from.udpaddress = str2sockaddr(address, myport); c->edge->to.node = n; - c->edge->to.address = c->address; - c->edge->to.port = hisport; + c->edge->to.tcpaddress = c->address; + sockaddr2str(&c->address, &hisaddress, &dummy); + c->edge->to.udpaddress = str2sockaddr(hisaddress, hisport); + free(hisaddress); + free(dummy); c->edge->weight = (weight + c->estimated_weight) / 2; c->edge->connection = c; c->edge->options = c->options; - +cp edge_add(c->edge); /* Activate this connection */ diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 9c83199b..0c5ca353 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.1 2002/02/11 10:05:58 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.2 2002/02/18 16:25:18 guus Exp $ */ #include "config.h" @@ -48,16 +48,25 @@ int send_add_edge(connection_t *c, edge_t *e) { int x; - char *from_addrstr, *to_addrstr; + char *from_tcpaddress, *from_tcpport, *from_udpaddress, *from_udpport; + char *to_tcpaddress, *to_tcpport, *to_udpaddress, *to_udpport; cp - from_addrstr = address2str(e->from.address); - to_addrstr = address2str(e->to.address); - x = send_request(c, "%d %s %s %hd %s %s %hd %lx %d", ADD_EDGE, - e->from.node->name, from_addrstr, e->from.port, - e->to.node->name, to_addrstr, e->to.port, + sockaddr2str(&e->from.tcpaddress, &from_tcpaddress, &from_tcpport); + sockaddr2str(&e->from.udpaddress, &from_udpaddress, &from_udpport); + sockaddr2str(&e->to.tcpaddress, &to_tcpaddress, &to_tcpport); + sockaddr2str(&e->to.udpaddress, &to_udpaddress, &to_udpport); + x = send_request(c, "%d %s %s %s %s %s %s %s %s %lx %d", ADD_EDGE, + e->from.node->name, from_tcpaddress, from_tcpport, from_udpport, + e->to.node->name, to_tcpaddress, to_tcpport, to_udpport, e->options, e->weight); - free(from_addrstr); - free(to_addrstr); + free(from_tcpaddress); + free(from_tcpport); + free(from_udpaddress); + free(from_udpport); + free(to_tcpaddress); + free(to_tcpport); + free(to_udpaddress); + free(to_udpport); cp return x; } @@ -69,18 +78,22 @@ int add_edge_h(connection_t *c) node_t *from, *to; char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; - char from_addrstr[MAX_STRING_SIZE]; - char to_addrstr[MAX_STRING_SIZE]; - ipv4_t from_address, to_address; - port_t from_port, to_port; + char from_address[MAX_STRING_SIZE]; + char from_tcpport[MAX_STRING_SIZE]; + char from_udpport[MAX_STRING_SIZE]; + char to_address[MAX_STRING_SIZE]; + char to_tcpport[MAX_STRING_SIZE]; + char to_udpport[MAX_STRING_SIZE]; + sockaddr_t from_tcpaddress, from_udpaddress; + sockaddr_t to_tcpaddress, to_udpaddress; long int options; int weight; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %hd "MAX_STRING" "MAX_STRING" %hd %lx %d", - from_name, from_addrstr, &from_port, - to_name, to_addrstr, &to_port, - &options, &weight) != 8) + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", + from_name, from_address, from_tcpport, from_udpport, + to_name, to_address, to_tcpport, to_udpport, + &options, &weight) != 10) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, c->hostname); return -1; @@ -122,8 +135,10 @@ cp /* Convert addresses */ - from_address = str2address(from_addrstr); - to_address = str2address(to_addrstr); + from_tcpaddress = str2sockaddr(from_address, from_tcpport); + from_udpaddress = str2sockaddr(from_address, from_udpport); + to_tcpaddress = str2sockaddr(to_address, to_tcpport); + to_udpaddress = str2sockaddr(to_address, to_udpport); /* Check if edge already exists */ @@ -132,9 +147,9 @@ cp if(e) { if(e->weight != weight || e->options != options - || ((e->from.node == from) && (e->from.address != from_address || e->from.port != from_port || e->to.address != to_address || e->to.port != to_port)) - || ((e->from.node == to) && (e->from.address != to_address || e->from.port != to_port || e->to.address != from_address || e->to.port != from_port)) - ) + || ((e->from.node == from) && (sockaddrcmp(&e->from.tcpaddress, &from_tcpaddress) || sockaddrcmp(&e->from.udpaddress, &from_udpaddress) || sockaddrcmp(&e->to.tcpaddress, &to_tcpaddress) || sockaddrcmp(&e->to.udpaddress, &to_udpaddress))) + || ((e->from.node == to) && (sockaddrcmp(&e->from.tcpaddress, &to_tcpaddress) || sockaddrcmp(&e->from.udpaddress, &to_udpaddress) || sockaddrcmp(&e->to.tcpaddress, &from_tcpaddress) || sockaddrcmp(&e->to.udpaddress, &from_udpaddress))) + ) { if(from == myself || to == myself) { @@ -169,11 +184,11 @@ cp e = new_edge(); e->from.node = from; - e->from.address = from_address; - e->from.port = from_port; + e->from.tcpaddress = from_tcpaddress; + e->from.udpaddress = from_udpaddress; e->to.node = to; - e->to.address = to_address; - e->to.port = to_port; + e->to.tcpaddress = to_tcpaddress; + e->to.udpaddress = to_udpaddress; e->options = options; e->weight = weight; edge_add(e); diff --git a/src/route.c b/src/route.c index 0e16565b..1ac3e12a 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.22 2002/02/10 21:57:54 guus Exp $ + $Id: route.c,v 1.1.2.23 2002/02/18 16:25:19 guus Exp $ */ #include "config.h" @@ -105,23 +105,15 @@ cp node_t *route_ipv4(vpn_packet_t *packet) { - ipv4_t dest; subnet_t *subnet; cp -#ifdef HAVE_SOLARIS - /* The other form gives bus errors on a SparcStation 20. */ - dest = ((packet->data[30] * 0x100 + packet->data[31]) * 0x100 + packet->data[32]) * 0x100 + packet->data[33]; -#else - dest = ntohl(*((unsigned long*)(&packet->data[30]))); -#endif -cp - subnet = lookup_subnet_ipv4(&dest); + subnet = lookup_subnet_ipv4((ipv4_t *)&packet->data[30]); cp if(!subnet) { if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_WARNING, _("Cannot route packet: unknown destination address %d.%d.%d.%d"), + syslog(LOG_WARNING, _("Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"), packet->data[30], packet->data[31], packet->data[32], packet->data[33]); } @@ -163,7 +155,6 @@ void route_arp(vpn_packet_t *packet) struct ether_arp *arp; subnet_t *subnet; unsigned char ipbuf[4]; - ipv4_t dest; cp /* First, snatch the source address from the ARP packet */ @@ -193,8 +184,7 @@ cp /* Check if the IP address exists on the VPN */ - dest = ntohl(*((unsigned long*)(arp->arp_tpa))); - subnet = lookup_subnet_ipv4(&dest); + subnet = lookup_subnet_ipv4((ipv4_t *)arp->arp_tpa); if(!subnet) { diff --git a/src/solaris/device.c b/src/solaris/device.c index cf0bb534..758068d8 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -17,13 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.6 2002/02/11 14:20:46 guus Exp $ + $Id: device.c,v 1.1.2.7 2002/02/18 16:25:19 guus Exp $ */ #include "config.h" #include +#include #include #include #include @@ -71,7 +72,7 @@ cp cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %m"), device); + syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } cp @@ -82,34 +83,34 @@ cp ppa = atoi(ptr); if( (ip_fd = open("/dev/ip", O_RDWR, 0)) < 0){ - syslog(LOG_ERR, _("Could not open /dev/ip: %m")); + syslog(LOG_ERR, _("Could not open /dev/ip: %s"), strerror(errno)); return -1; } /* Assign a new PPA and get its unit number. */ if( (ppa = ioctl(device_fd, TUNNEWPPA, ppa)) < 0){ - syslog(LOG_ERR, _("Can't assign new interface: %m")); + syslog(LOG_ERR, _("Can't assign new interface: %s"), strerror(errno)); return -1; } if( (if_fd = open(device, O_RDWR, 0)) < 0){ - syslog(LOG_ERR, _("Could not open %s twice: %m"), device); + syslog(LOG_ERR, _("Could not open %s twice: %s"), device, strerror(errno)); return -1; } if(ioctl(if_fd, I_PUSH, "ip") < 0){ - syslog(LOG_ERR, _("Can't push IP module: %m")); + syslog(LOG_ERR, _("Can't push IP module: %s"), strerror(errno)); return -1; } /* Assign ppa according to the unit number returned by tun device */ if(ioctl(if_fd, IF_UNITSEL, (char *)&ppa) < 0){ - syslog(LOG_ERR, _("Can't set PPA %d: %m"), ppa); + syslog(LOG_ERR, _("Can't set PPA %d: %s"), ppa, strerror(errno)); return -1; } if(ioctl(ip_fd, I_LINK, if_fd) < 0){ - syslog(LOG_ERR, _("Can't link TUN device to IP: %m")); + syslog(LOG_ERR, _("Can't link TUN device to IP: %s"), strerror(errno)); return -1; } @@ -145,7 +146,7 @@ int read_packet(vpn_packet_t *packet) cp if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %m"), device_info, device); + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -176,7 +177,7 @@ cp if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %m"), device_info, packet->len); + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, packet->len, strerror(errno)); return -1; } diff --git a/src/subnet.c b/src/subnet.c index 6745e2f4..5fdc045a 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.29 2002/02/10 21:57:54 guus Exp $ + $Id: subnet.c,v 1.1.2.30 2002/02/18 16:25:19 guus Exp $ */ #include "config.h" @@ -30,15 +30,17 @@ #include #include +#include +#include +#include + #include "conf.h" #include "net.h" #include "node.h" #include "subnet.h" -#include "system.h" +#include "netutl.h" -#include -#include -#include +#include "system.h" /* lists type of subnet */ @@ -54,48 +56,36 @@ cp int subnet_compare_ipv4(subnet_t *a, subnet_t *b) { + int result; cp - /* We compare as if a subnet is a number that equals (address << 32 + netmask). */ - - if(a->net.ipv4.address < b->net.ipv4.address) - return -1; - else if(a->net.ipv4.address > b->net.ipv4.address) - return 1; + result = memcmp(&a->net.ipv4.address, &b->net.ipv4.address, sizeof(ipv4_t)); + + if(result) + return result; - if(a->net.ipv4.mask < b->net.ipv4.mask) - return -1; - else if(a->net.ipv4.mask > b->net.ipv4.mask) - return 1; - - return 0; + return a->net.ipv4.masklength - b->net.ipv4.masklength; } int subnet_compare_ipv6(subnet_t *a, subnet_t *b) { int result; cp - /* Same as ipv4 case, but with nasty 128 bit addresses */ - - result = memcmp(a->net.ipv6.address.x, b->net.ipv6.address.x, sizeof(ipv6_t)); + result = memcmp(&a->net.ipv6.address, &b->net.ipv6.address, sizeof(ipv6_t)); if(result) return result; - result = memcmp(a->net.ipv6.mask.x, b->net.ipv6.mask.x, sizeof(ipv6_t)); - - if(result) - return result; - - return 0; + return a->net.ipv6.masklength - b->net.ipv6.masklength; } int subnet_compare(subnet_t *a, subnet_t *b) { - int x; + int result; cp - x = a->type - b->type; - if(x) - return x; + result = a->type - b->type; + + if(result) + return result; switch(a->type) { @@ -186,101 +176,58 @@ subnet_t *str2net(char *subnetstr) { int i, l; subnet_t *subnet; - unsigned short int x[6]; + unsigned short int x[8]; cp subnet = new_subnet(); cp if(sscanf(subnetstr, "%hu.%hu.%hu.%hu/%d", - &x[0], - &x[1], - &x[2], - &x[3], - &subnet->net.ipv4.masklength) == 5) + &x[0], &x[1], &x[2], &x[3], + &l) == 5) { subnet->type = SUBNET_IPV4; - subnet->net.ipv4.address = (((((x[0] << 8) + x[1]) << 8) + x[2]) << 8) + x[3]; - subnet->net.ipv4.mask = ~((1 << (32 - subnet->net.ipv4.masklength)) - 1); + subnet->net.ipv4.masklength = l; + for(i = 0; i < 4; i++) + subnet->net.ipv4.address.x[i] = x[i]; return subnet; } if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", - &subnet->net.ipv6.address.x[0], - &subnet->net.ipv6.address.x[1], - &subnet->net.ipv6.address.x[2], - &subnet->net.ipv6.address.x[3], - &subnet->net.ipv6.address.x[4], - &subnet->net.ipv6.address.x[5], - &subnet->net.ipv6.address.x[6], - &subnet->net.ipv6.address.x[7], - &subnet->net.ipv6.masklength) == 9) + &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7], + &l) == 9) { subnet->type = SUBNET_IPV6; - for(l = subnet->net.ipv6.masklength, i = 0; i < 8; l -= 16, i++) - { - subnet->net.ipv6.address.x[i] = htons(subnet->net.ipv6.address.x[i]); - if(l >= 16) - subnet->net.ipv6.mask.x[i] = 65535; - else if (l > 0) - subnet->net.ipv6.mask.x[i] = htons(65536 - (1 << l)); - else - subnet->net.ipv6.mask.x[i] = 0; - } + subnet->net.ipv6.masklength = l; + for(i = 0; i < 8; i++) + subnet->net.ipv6.address.x[i] = htons(x[i]); return subnet; } if(sscanf(subnetstr, "%hu.%hu.%hu.%hu", - &x[0], - &x[1], - &x[2], - &x[3]) == 4) + &x[0], &x[1], &x[2], &x[3]) == 4) { subnet->type = SUBNET_IPV4; - subnet->net.ipv4.address = (((((x[0] << 8) + x[1]) << 8) + x[2]) << 8) + x[3]; - subnet->net.ipv4.mask = ~0; subnet->net.ipv4.masklength = 32; + for(i = 0; i < 4; i++) + subnet->net.ipv4.address.x[i] = x[i]; return subnet; } if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", - &subnet->net.ipv6.address.x[0], - &subnet->net.ipv6.address.x[1], - &subnet->net.ipv6.address.x[2], - &subnet->net.ipv6.address.x[3], - &subnet->net.ipv6.address.x[4], - &subnet->net.ipv6.address.x[5], - &subnet->net.ipv6.address.x[6], - &subnet->net.ipv6.address.x[7]) == 8) + &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7]) == 8) { subnet->type = SUBNET_IPV6; subnet->net.ipv6.masklength = 128; - for(l = subnet->net.ipv6.masklength, i = 0; i < 8; l -= 16, i++) - { - subnet->net.ipv6.address.x[i] = htons(subnet->net.ipv6.address.x[i]); - if(l >= 16) - subnet->net.ipv6.mask.x[i] = 65535; - else if (l > 0) - subnet->net.ipv6.mask.x[i] = htons(65536 - (1 << l)); - else - subnet->net.ipv6.mask.x[i] = 0; - } + for(i = 0; i < 8; i++) + subnet->net.ipv6.address.x[i] = htons(x[i]); return subnet; } if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx", - &x[0], - &x[1], - &x[2], - &x[3], - &x[4], - &x[5]) == 6) + &x[0], &x[1], &x[2], &x[3], &x[4], &x[5]) == 6) { subnet->type = SUBNET_MAC; - subnet->net.mac.address.x[0] = x[0]; - subnet->net.mac.address.x[1] = x[1]; - subnet->net.mac.address.x[2] = x[2]; - subnet->net.mac.address.x[3] = x[3]; - subnet->net.mac.address.x[4] = x[4]; - subnet->net.mac.address.x[5] = x[5]; + for(i = 0; i < 6; i++) + subnet->net.mac.address.x[i] = x[i]; return subnet; } @@ -305,10 +252,10 @@ cp break; case SUBNET_IPV4: asprintf(&netstr, "%hu.%hu.%hu.%hu/%d", - (unsigned short int)((subnet->net.ipv4.address >> 24) & 255), - (unsigned short int)((subnet->net.ipv4.address >> 16) & 255), - (unsigned short int)((subnet->net.ipv4.address >> 8) & 255), - (unsigned short int)(subnet->net.ipv4.address & 255), + subnet->net.ipv4.address.x[0], + subnet->net.ipv4.address.x[1], + subnet->net.ipv4.address.x[2], + subnet->net.ipv4.address.x[3], subnet->net.ipv4.masklength); break; case SUBNET_IPV6: @@ -324,7 +271,9 @@ cp subnet->net.ipv6.masklength); break; default: - asprintf(&netstr, _("unknown subnet type")); + syslog(LOG_ERR, _("net2str() was called with unknown subnet type %d, exitting!"), subnet->type); + cp_trace(); + exit(0); } cp return netstr; @@ -355,8 +304,8 @@ subnet_t *lookup_subnet_ipv4(ipv4_t *address) subnet_t subnet, *p; cp subnet.type = SUBNET_IPV4; - subnet.net.ipv4.address = *address; - subnet.net.ipv4.mask = 0xFFFFFFFF; + memcpy(&subnet.net.ipv4.address, address, sizeof(ipv4_t)); + subnet.net.ipv4.masklength = 32; do { @@ -368,14 +317,17 @@ cp cp if(p) { - if ((*address & p->net.ipv4.mask) == p->net.ipv4.address) + if(p->type != SUBNET_IPV4) + return NULL; + + if (!maskcmp((char *)address, (char *)&p->net.ipv4.address, p->net.ipv4.masklength, sizeof(ipv4_t))) break; else { /* Otherwise, see if there is a bigger enclosing subnet */ - subnet.net.ipv4.mask = p->net.ipv4.mask << 1; - subnet.net.ipv4.address = p->net.ipv4.address & subnet.net.ipv4.mask; + subnet.net.ipv4.masklength = p->net.ipv4.masklength - 1; + maskcpy((char *)&subnet.net.ipv4.address, (char *)&p->net.ipv4.address, subnet.net.ipv4.masklength, sizeof(ipv4_t)); } } } while (p); @@ -386,18 +338,36 @@ cp subnet_t *lookup_subnet_ipv6(ipv6_t *address) { subnet_t subnet, *p; - int i; cp subnet.type = SUBNET_IPV6; - memcpy(subnet.net.ipv6.address.x, address, sizeof(ipv6_t)); - memset(subnet.net.ipv6.mask.x, 0xFF, 16); + memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); + subnet.net.ipv6.masklength = 128; - p = (subnet_t *)avl_search_closest_greater(subnet_tree, &subnet); + do + { + /* Go find subnet */ - if(p) - for(i=0; i<8; i++) - if((address->x[i] & p->net.ipv6.address.x[i]) != p->net.ipv6.address.x[i]) - return NULL; + p = (subnet_t *)avl_search_closest_smaller(subnet_tree, &subnet); + + /* Check if the found subnet REALLY matches */ + +cp + if(p) + { + if(p->type != SUBNET_IPV6) + return NULL; + + if (!maskcmp((char *)address, (char *)&p->net.ipv6.address, p->net.ipv6.masklength, sizeof(ipv6_t))) + break; + else + { + /* Otherwise, see if there is a bigger enclosing subnet */ + + subnet.net.ipv6.masklength = p->net.ipv6.masklength - 1; + maskcpy((char *)&subnet.net.ipv6.address, (char *)&p->net.ipv6.address, subnet.net.ipv6.masklength, sizeof(ipv6_t)); + } + } + } while (p); return p; } diff --git a/src/subnet.h b/src/subnet.h index 9657ad9c..04e5c286 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.15 2002/02/10 21:57:54 guus Exp $ + $Id: subnet.h,v 1.1.2.16 2002/02/18 16:25:19 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -41,14 +41,12 @@ typedef struct subnet_mac_t typedef struct subnet_ipv4_t { ipv4_t address; - ipv4_t mask; int masklength; } subnet_ipv4_t; typedef struct subnet_ipv6_t { ipv6_t address; - ipv6_t mask; int masklength; } subnet_ipv6_t; From 76f01453dfa157b0070751b1025e55a1e36ebdca Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 20 Feb 2002 16:04:07 +0000 Subject: [PATCH 538/923] Fix segfault when receiving HUP signal. --- src/net.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/net.c b/src/net.c index bf58cf00..e42ccf4a 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.156 2002/02/18 16:25:16 guus Exp $ + $Id: net.c,v 1.35.4.157 2002/02/20 16:04:07 guus Exp $ */ #include "config.h" @@ -431,19 +431,21 @@ cp if(sighup) { - syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds")); sighup = 0; close_network_connections(); exit_configuration(&config_tree); + syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds")); + sleep(5); + + init_configuration(&config_tree); + if(read_server_config()) { syslog(LOG_ERR, _("Unable to reread configuration file, exiting")); exit(1); } - sleep(5); - if(setup_network_connections()) return; From 8c91fac31570594b6249d632cefe768f33c54b19 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 20 Feb 2002 16:04:39 +0000 Subject: [PATCH 539/923] Use AF_UNSPEC for listening sockets if AddressFamily = any. --- src/net_setup.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index 1c5ff15a..757121ae 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.1 2002/02/18 16:25:16 guus Exp $ + $Id: net_setup.c,v 1.1.2.2 2002/02/20 16:04:39 guus Exp $ */ #include "config.h" @@ -454,7 +454,7 @@ cp cp /* Open sockets */ - hint.ai_family = (addressfamily == AF_UNSPEC)?AF_INET6:addressfamily; + hint.ai_family = addressfamily; hint.ai_socktype = SOCK_STREAM; hint.ai_protocol = IPPROTO_TCP; hint.ai_flags = AI_PASSIVE; @@ -471,6 +471,19 @@ cp return -1; } + freeaddrinfo(ai); + + hint.ai_family = addressfamily; + hint.ai_socktype = SOCK_DGRAM; + hint.ai_protocol = IPPROTO_UDP; + hint.ai_flags = AI_PASSIVE; + + if(getaddrinfo(NULL, myport, &hint, &ai) || !ai) + { + syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", strerror(errno)); + return -1; + } + if((udp_socket = setup_vpn_in_socket((sockaddr_t *)ai->ai_addr)) < 0) { syslog(LOG_ERR, _("Unable to set up a listening UDP socket!")); From ed509312906625acee4007da6262de3898846888 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 20 Feb 2002 16:04:59 +0000 Subject: [PATCH 540/923] Forward packets in router mode. --- src/route.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/route.c b/src/route.c index 1ac3e12a..e9451c8c 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.23 2002/02/18 16:25:19 guus Exp $ + $Id: route.c,v 1.1.2.24 2002/02/20 16:04:59 guus Exp $ */ #include "config.h" @@ -269,8 +269,22 @@ void route_incoming(node_t *source, vpn_packet_t *packet) switch(routing_mode) { case RMODE_ROUTER: - memcpy(packet->data, mymac.net.mac.address.x, 6); /* Override destination address to make the kernel accept it */ - write_packet(packet); + { + node_t *n; + + n = route_ipv4(packet); + + if(n) + { + if(n == myself) + { + memcpy(packet->data, mymac.net.mac.address.x, 6); + write_packet(packet); + } + else + send_packet(n, packet); + } + } break; case RMODE_SWITCH: { From e8e69460a7090aaf6ecda8970d3060695de81b00 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 20 Feb 2002 17:15:33 +0000 Subject: [PATCH 541/923] Fix maskcmp() and maskcpy(). --- src/netutl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/netutl.c b/src/netutl.c index 2ad30fc6..ea4839f0 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.24 2002/02/18 16:25:16 guus Exp $ + $Id: netutl.c,v 1.12.4.25 2002/02/20 17:15:33 guus Exp $ */ #include "config.h" @@ -165,7 +165,7 @@ int maskcmp(char *a, char *b, int masklen, int len) { int i, m, result; cp - for(m = masklen, i = 0; m > 8; m -= 8, i++) + for(m = masklen, i = 0; m >= 8; m -= 8, i++) if((result = a[i] - b[i])) return result; @@ -193,7 +193,7 @@ void maskcpy(char *a, char *b, int masklen, int len) { int i, m; cp - for(m = masklen, i = 0; m > 8; m -= 8, i++) + for(m = masklen, i = 0; m >= 8; m -= 8, i++) a[i] = b[i]; if(m) From 626d5956d2bb0660ba315fba77da6cec9776fd3b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 20 Feb 2002 17:16:15 +0000 Subject: [PATCH 542/923] Cache results of lookup_subnet_...(). --- src/subnet.c | 48 +++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 41 insertions(+), 7 deletions(-) diff --git a/src/subnet.c b/src/subnet.c index 5fdc045a..954d5d0a 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.30 2002/02/18 16:25:19 guus Exp $ + $Id: subnet.c,v 1.1.2.31 2002/02/20 17:16:15 guus Exp $ */ #include "config.h" @@ -42,6 +42,10 @@ #include "system.h" +int cache_mac_valid = 0; +int cache_ipv4_valid = 0; +int cache_ipv6_valid = 0; + /* lists type of subnet */ avl_tree_t *subnet_tree; @@ -150,11 +154,20 @@ cp /* Adding and removing subnets */ +void cache_invalidate(void) +{ + cache_mac_valid = 0; + cache_ipv4_valid = 0; + cache_ipv6_valid = 0; +} + void subnet_add(node_t *n, subnet_t *subnet) { cp subnet->owner = n; + cache_invalidate(); + avl_insert(subnet_tree, subnet); cp avl_insert(n->subnet_tree, subnet); @@ -164,6 +177,8 @@ cp void subnet_del(node_t *n, subnet_t *subnet) { cp + cache_invalidate(); + avl_delete(n->subnet_tree, subnet); cp avl_delete(subnet_tree, subnet); @@ -289,20 +304,27 @@ cp subnet_t *lookup_subnet_mac(mac_t *address) { - subnet_t subnet, *p; + static subnet_t subnet, *p; cp + if(cache_mac_valid && !memcmp(&subnet.net.mac.address, address, sizeof(mac_t))) + return p; + subnet.type = SUBNET_MAC; memcpy(&subnet.net.mac.address, address, sizeof(mac_t)); p = (subnet_t *)avl_search(subnet_tree, &subnet); + cache_mac_valid = 1; cp return p; } subnet_t *lookup_subnet_ipv4(ipv4_t *address) { - subnet_t subnet, *p; + static subnet_t subnet, *p; cp + if(cache_ipv4_valid && !memcmp(&subnet.net.ipv4.address, address, sizeof(ipv4_t))) + return p; + subnet.type = SUBNET_IPV4; memcpy(&subnet.net.ipv4.address, address, sizeof(ipv4_t)); subnet.net.ipv4.masklength = 32; @@ -318,7 +340,10 @@ cp if(p) { if(p->type != SUBNET_IPV4) - return NULL; + { + p = NULL; + break; + } if (!maskcmp((char *)address, (char *)&p->net.ipv4.address, p->net.ipv4.masklength, sizeof(ipv4_t))) break; @@ -330,15 +355,21 @@ cp maskcpy((char *)&subnet.net.ipv4.address, (char *)&p->net.ipv4.address, subnet.net.ipv4.masklength, sizeof(ipv4_t)); } } - } while (p); + } while (p); - return p; + memcpy(&subnet.net.ipv4.address, address, sizeof(ipv4_t)); + cache_ipv4_valid = 1; +cp + return p; } subnet_t *lookup_subnet_ipv6(ipv6_t *address) { - subnet_t subnet, *p; + static subnet_t subnet, *p; cp + if(cache_ipv6_valid && !memcmp(&subnet.net.ipv6.address, address, sizeof(ipv6_t))) + return p; + subnet.type = SUBNET_IPV6; memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); subnet.net.ipv6.masklength = 128; @@ -369,6 +400,9 @@ cp } } while (p); + memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); + cache_ipv6_valid = 1; +cp return p; } From c6d01588312bec7691e72b42cf20c59ffe2749c2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 20 Feb 2002 19:25:09 +0000 Subject: [PATCH 543/923] Protocol now also exchanges cipher/digest/maclength/compression for the meta connection. --- src/connection.h | 12 ++++-- src/net_setup.c | 10 ++++- src/net_socket.c | 10 ++++- src/protocol_auth.c | 94 +++++++++++++++++++++++++++++++++++---------- src/protocol_key.c | 8 ++-- 5 files changed, 104 insertions(+), 30 deletions(-) diff --git a/src/connection.h b/src/connection.h index 436f192a..0cdcc091 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.25 2002/02/18 16:25:16 guus Exp $ + $Id: connection.h,v 1.1.2.26 2002/02/20 19:25:09 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -80,14 +80,20 @@ typedef struct connection_t { struct edge_t *edge; /* edge associated with this connection */ RSA *rsa_key; /* his public/private key */ - EVP_CIPHER *incipher; /* Cipher he will use to send data to us */ - EVP_CIPHER *outcipher; /* Cipher we will use to send data to him */ + const EVP_CIPHER *incipher; /* Cipher he will use to send data to us */ + const EVP_CIPHER *outcipher; /* Cipher we will use to send data to him */ EVP_CIPHER_CTX *inctx; /* Context of encrypted meta data that will come from him to us */ EVP_CIPHER_CTX *outctx; /* Context of encrypted meta data that will be sent from us to him */ char *inkey; /* His symmetric meta key + iv */ char *outkey; /* Our symmetric meta key + iv */ int inkeylength; /* Length of his key + iv */ int outkeylength; /* Length of our key + iv */ + const EVP_MD *indigest; + const EVP_MD *outdigest; + int inmaclength; + int outmaclength; + int incompression; + int outcompression; char *mychallenge; /* challenge we received from him */ char *hischallenge; /* challenge we sent to him */ diff --git a/src/net_setup.c b/src/net_setup.c index 757121ae..3699292d 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.2 2002/02/20 16:04:39 guus Exp $ + $Id: net_setup.c,v 1.1.2.3 2002/02/20 19:25:09 guus Exp $ */ #include "config.h" @@ -382,6 +382,8 @@ cp else myself->keylength = 1; + myself->connection->outcipher = EVP_bf_ofb(); + myself->key = (char *)xmalloc(myself->keylength); RAND_pseudo_bytes(myself->key, myself->keylength); @@ -410,6 +412,8 @@ cp else myself->digest = EVP_sha1(); + myself->connection->outdigest = EVP_sha1(); + if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength)) { if(myself->digest) @@ -429,6 +433,8 @@ cp else myself->maclength = 4; + myself->connection->outmaclength = 0; + /* Compression */ if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"), &myself->compression)) @@ -441,6 +447,8 @@ cp } else myself->compression = 0; + + myself->connection->outcompression = 0; cp /* Done */ diff --git a/src/net_socket.c b/src/net_socket.c index 93314fb6..9ce3fae0 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.1 2002/02/18 16:25:16 guus Exp $ + $Id: net_socket.c,v 1.1.2.2 2002/02/20 19:25:09 guus Exp $ */ #include "config.h" @@ -375,6 +375,10 @@ cp c = new_connection(); c->name = xstrdup(outgoing->name); + c->outcipher = myself->connection->outcipher; + c->outdigest = myself->connection->outdigest; + c->outmaclength = myself->connection->outmaclength; + c->outcompression = myself->connection->outcompression; init_configuration(&c->config_tree); read_connection_config(c); @@ -415,6 +419,10 @@ cp } c = new_connection(); + c->outcipher = myself->connection->outcipher; + c->outdigest = myself->connection->outdigest; + c->outmaclength = myself->connection->outmaclength; + c->outcompression = myself->connection->outcompression; c->address = sa; c->hostname = sockaddr2hostname(&sa); diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 8541d3da..e37d7671 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.2 2002/02/18 16:25:16 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.3 2002/02/20 19:25:09 guus Exp $ */ #include "config.h" @@ -195,15 +195,20 @@ cp /* Send the meta key */ - x = send_request(c, "%d %s", METAKEY, buffer); + x = send_request(c, "%d %d %d %d %d %s", METAKEY, + c->outcipher?c->outcipher->nid:0, c->outdigest?c->outdigest->type:0, + c->outmaclength, c->outcompression, buffer); /* Further outgoing requests are encrypted with the key we just generated */ - EVP_EncryptInit(c->outctx, EVP_bf_cfb(), - c->outkey + len - EVP_bf_cfb()->key_len, - c->outkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len); + if(c->outcipher) + { + EVP_EncryptInit(c->outctx, c->outcipher, + c->outkey + len - c->outcipher->key_len, + c->outkey + len - c->outcipher->key_len - c->outcipher->iv_len); - c->status.encryptout = 1; + c->status.encryptout = 1; + } cp return x; } @@ -211,9 +216,10 @@ cp int metakey_h(connection_t *c) { char buffer[MAX_STRING_SIZE]; + int cipher, digest, maclength, compression; int len; cp - if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1) + if(sscanf(c->buffer, "%*d %d %d %d %d "MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); return -1; @@ -258,11 +264,51 @@ cp /* All incoming requests will now be encrypted. */ cp - EVP_DecryptInit(c->inctx, EVP_bf_cfb(), - c->inkey + len - EVP_bf_cfb()->key_len, - c->inkey + len - EVP_bf_cfb()->key_len - EVP_bf_cfb()->iv_len); - - c->status.decryptin = 1; + /* Check and lookup cipher and digest algorithms */ + + if(cipher) + { + c->incipher = EVP_get_cipherbynid(cipher); + if(!c->incipher) + { + syslog(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); + return -1; + } + + EVP_DecryptInit(c->inctx, c->incipher, + c->inkey + len - c->incipher->key_len, + c->inkey + len - c->incipher->key_len - c->incipher->iv_len); + + c->status.decryptin = 1; + } + else + { + c->incipher = NULL; + } + + c->inmaclength = maclength; + + if(digest) + { + c->indigest = EVP_get_digestbynid(digest); + if(!c->indigest) + { + syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); + return -1; + } + + if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) + { + syslog(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); + return -1; + } + } + else + { + c->indigest = NULL; + } + + c->incompression = compression; c->allow_request = CHALLENGE; cp @@ -340,16 +386,19 @@ cp int send_chal_reply(connection_t *c) { - char hash[SHA_DIGEST_LENGTH*2+1]; + char hash[EVP_MAX_MD_SIZE*2+1]; + EVP_MD_CTX ctx; cp /* Calculate the hash from the challenge we received */ - SHA1(c->mychallenge, RSA_size(myself->connection->rsa_key), hash); + EVP_DigestInit(&ctx, c->indigest); + EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key)); + EVP_DigestFinal(&ctx, hash, NULL); /* Convert the hash to a hexadecimal formatted string */ - bin2hex(hash,hash,SHA_DIGEST_LENGTH); - hash[SHA_DIGEST_LENGTH*2] = '\0'; + bin2hex(hash,hash,c->indigest->md_size); + hash[c->indigest->md_size*2] = '\0'; /* Send the reply */ @@ -360,7 +409,8 @@ cp int chal_reply_h(connection_t *c) { char hishash[MAX_STRING_SIZE]; - char myhash[SHA_DIGEST_LENGTH]; + char myhash[EVP_MAX_MD_SIZE]; + EVP_MD_CTX ctx; cp if(sscanf(c->buffer, "%*d "MAX_STRING, hishash) != 1) { @@ -370,7 +420,7 @@ cp /* Check if the length of the hash is all right */ - if(strlen(hishash) != SHA_DIGEST_LENGTH*2) + if(strlen(hishash) != c->outdigest->md_size*2) { syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply length")); return -1; @@ -378,15 +428,17 @@ cp /* Convert the hash to binary format */ - hex2bin(hishash, hishash, SHA_DIGEST_LENGTH); + hex2bin(hishash, hishash, c->outdigest->md_size); /* Calculate the hash from the challenge we sent */ - SHA1(c->hischallenge, RSA_size(c->rsa_key), myhash); + EVP_DigestInit(&ctx, c->outdigest); + EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key)); + EVP_DigestFinal(&ctx, myhash, NULL); /* Verify the incoming hash with the calculated hash */ - if(memcmp(hishash, myhash, SHA_DIGEST_LENGTH)) + if(memcmp(hishash, myhash, c->outdigest->md_size)) { syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply")); if(debug_lvl >= DEBUG_SCARY_THINGS) diff --git a/src/protocol_key.c b/src/protocol_key.c index 621bb1b8..aec78899 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.2 2002/02/11 15:59:18 guus Exp $ + $Id: protocol_key.c,v 1.1.4.3 2002/02/20 19:25:09 guus Exp $ */ #include "config.h" @@ -41,7 +41,7 @@ #include "connection.h" #include "node.h" #include "edge.h" -\ + #include "system.h" int mykeyused = 0; @@ -245,6 +245,8 @@ cp from->cipher = NULL; } + from->maclength = maclength; + if(digest) { from->digest = EVP_get_digestbynid(digest); @@ -253,7 +255,6 @@ cp syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, from->hostname); return -1; } - from->maclength = maclength; if(from->maclength > from->digest->md_size || from->maclength < 0) { syslog(LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), from->name, from->hostname); @@ -263,7 +264,6 @@ cp else { from->digest = NULL; - from->maclength = maclength; } from->compression = compression; From 28cc9a6488f78c72152251f6fa2ee84d417223e8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 20 Feb 2002 19:31:15 +0000 Subject: [PATCH 544/923] Preserve inpkt->len, needed for broadcasts. --- src/net_packet.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/net_packet.c b/src/net_packet.c index 5171a4f4..da8b13ba 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.1 2002/02/18 16:25:16 guus Exp $ + $Id: net_packet.c,v 1.1.2.2 2002/02/20 19:31:15 guus Exp $ */ #include "config.h" @@ -185,6 +185,7 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; int nextpkt = 0; vpn_packet_t *outpkt; + int origlen; int outlen, outpad; long int complen = MTU + 12; EVP_CIPHER_CTX ctx; @@ -210,6 +211,8 @@ cp return; } + origlen = inpkt->len; + /* Compress the packet */ if(n->compression) @@ -261,6 +264,8 @@ cp n->name, n->hostname, strerror(errno)); return; } + + inpkt->len = origlen; cp } From dbc5b5bb5eb3096ad930aa6b590deaba2a103dfc Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 20 Feb 2002 22:15:32 +0000 Subject: [PATCH 545/923] - Use gai_strerror() where appropriate - Clear hints before using them with getaddrinfo() - Use sa_len on platforms that support them --- src/net.h | 8 +++++++- src/net_packet.c | 4 ++-- src/net_setup.c | 16 ++++++++-------- src/netutl.c | 6 +++--- 4 files changed, 20 insertions(+), 14 deletions(-) diff --git a/src/net.h b/src/net.h index 1100071a..5f3e2a87 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.39 2002/02/18 16:25:16 guus Exp $ + $Id: net.h,v 1.9.4.40 2002/02/20 22:15:32 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -67,6 +67,12 @@ typedef union { #define SA_PORT(s) ((s.sa.sa_family==AF_INET)?s.in.sin_port:(s.sa.sa_family==AF_INET6)?s.in6.sin6_port:0) +#ifdef HAVE_LINUX + #define SA_LEN(s) sizeof(sockaddr_t) +#else + #define SA_LEN(s) (s.sa_len) +#endif + typedef struct vpn_packet_t { length_t len; /* the actual number of bytes in the `data' field */ unsigned int seqno; /* 32 bits sequence number (network byte order of course) */ diff --git a/src/net_packet.c b/src/net_packet.c index da8b13ba..77683325 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.2 2002/02/20 19:31:15 guus Exp $ + $Id: net_packet.c,v 1.1.2.3 2002/02/20 22:15:32 guus Exp $ */ #include "config.h" @@ -258,7 +258,7 @@ cp /* Send the packet */ - if((sendto(udp_socket, (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), sizeof(sockaddr_t))) < 0) + if((sendto(udp_socket, (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), SA_LEN(n->address.sa))) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); diff --git a/src/net_setup.c b/src/net_setup.c index 3699292d..93939540 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.3 2002/02/20 19:25:09 guus Exp $ + $Id: net_setup.c,v 1.1.2.4 2002/02/20 22:15:32 guus Exp $ */ #include "config.h" @@ -221,7 +221,7 @@ int setup_myself(void) subnet_t *subnet; char *name, *mode, *afname, *cipher, *digest; struct addrinfo hint, *ai; - int choice; + int choice, err; cp myself = new_node(); myself->connection = new_connection(); @@ -462,14 +462,16 @@ cp cp /* Open sockets */ + memset(&hint, 0, sizeof(hint)); + hint.ai_family = addressfamily; hint.ai_socktype = SOCK_STREAM; hint.ai_protocol = IPPROTO_TCP; hint.ai_flags = AI_PASSIVE; - if(getaddrinfo(NULL, myport, &hint, &ai) || !ai) + if((err = getaddrinfo(NULL, myport, &hint, &ai)) || !ai) { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", strerror(errno)); + syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err)); return -1; } @@ -481,14 +483,12 @@ cp freeaddrinfo(ai); - hint.ai_family = addressfamily; hint.ai_socktype = SOCK_DGRAM; hint.ai_protocol = IPPROTO_UDP; - hint.ai_flags = AI_PASSIVE; - if(getaddrinfo(NULL, myport, &hint, &ai) || !ai) + if((err = getaddrinfo(NULL, myport, &hint, &ai)) || !ai) { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", strerror(errno)); + syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err)); return -1; } diff --git a/src/netutl.c b/src/netutl.c index ea4839f0..039082e6 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.25 2002/02/20 17:15:33 guus Exp $ + $Id: netutl.c,v 1.12.4.26 2002/02/20 22:15:32 guus Exp $ */ #include "config.h" @@ -103,7 +103,7 @@ void sockaddr2str(sockaddr_t *sa, char **addrstr, char **portstr) char port[NI_MAXSERV]; int err; cp - if((err = getnameinfo((struct sockaddr *)sa, sizeof(sockaddr_t), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST|NI_NUMERICSERV))) + if((err = getnameinfo(&sa->sa, SA_LEN(sa->sa), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST|NI_NUMERICSERV))) { syslog(LOG_ERR, _("Error while translating addresses: %s"), gai_strerror(err)); cp_trace(); @@ -123,7 +123,7 @@ char *sockaddr2hostname(sockaddr_t *sa) char port[NI_MAXSERV] = "unknown"; int err; cp - if((err = getnameinfo((struct sockaddr *)sa, sizeof(sockaddr_t), address, sizeof(address), port, sizeof(port), hostnames?0:(NI_NUMERICHOST|NI_NUMERICSERV)))) + if((err = getnameinfo(&sa->sa, SA_LEN(sa->sa), address, sizeof(address), port, sizeof(port), hostnames?0:(NI_NUMERICHOST|NI_NUMERICSERV)))) { syslog(LOG_ERR, _("Error while looking up hostname: %s"), gai_strerror(err)); } From 23fda5688e8a109f8a50511538b14e4fbe4f738c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 20 Feb 2002 22:37:38 +0000 Subject: [PATCH 546/923] - Change SA_LEN to SALEN, former one is already defined on some platforms. - Use SALEN everywhere appropriate. --- src/net.h | 8 +++----- src/net_packet.c | 4 ++-- src/net_socket.c | 12 ++++++------ src/netutl.c | 6 +++--- 4 files changed, 14 insertions(+), 16 deletions(-) diff --git a/src/net.h b/src/net.h index 5f3e2a87..ea1657be 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.40 2002/02/20 22:15:32 guus Exp $ + $Id: net.h,v 1.9.4.41 2002/02/20 22:37:38 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -65,12 +65,10 @@ typedef union { struct sockaddr_in6 in6; } sockaddr_t; -#define SA_PORT(s) ((s.sa.sa_family==AF_INET)?s.in.sin_port:(s.sa.sa_family==AF_INET6)?s.in6.sin6_port:0) - #ifdef HAVE_LINUX - #define SA_LEN(s) sizeof(sockaddr_t) + #define SALEN(s) sizeof(sockaddr_t) #else - #define SA_LEN(s) (s.sa_len) + #define SALEN(s) (s.sa_len) #endif typedef struct vpn_packet_t { diff --git a/src/net_packet.c b/src/net_packet.c index 77683325..42f9d890 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.3 2002/02/20 22:15:32 guus Exp $ + $Id: net_packet.c,v 1.1.2.4 2002/02/20 22:37:38 guus Exp $ */ #include "config.h" @@ -258,7 +258,7 @@ cp /* Send the packet */ - if((sendto(udp_socket, (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), SA_LEN(n->address.sa))) < 0) + if((sendto(udp_socket, (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); diff --git a/src/net_socket.c b/src/net_socket.c index 9ce3fae0..6cf69f22 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.2 2002/02/20 19:25:09 guus Exp $ + $Id: net_socket.c,v 1.1.2.3 2002/02/20 22:37:38 guus Exp $ */ #include "config.h" @@ -116,7 +116,7 @@ cp } #endif - if(bind(nfd, &sa->sa, sizeof(*sa))) + if(bind(nfd, &sa->sa, SALEN(sa->sa))) { close(nfd); addrstr = sockaddr2hostname(sa); @@ -170,7 +170,7 @@ cp } #endif - if(bind(nfd, &sa->sa, sizeof(*sa))) + if(bind(nfd, &sa->sa, SALEN(sa->sa))) { close(nfd); addrstr = sockaddr2hostname(sa); @@ -228,10 +228,10 @@ cp /* Connect */ - if(connect(c->socket, &c->address.sa, sizeof(c->address)) == -1) + if(connect(c->socket, &c->address.sa, SALEN(c->address.sa)) == -1) { close(c->socket); - syslog(LOG_ERR, _("%s: %s"), c->hostname, strerror(errno)); + syslog(LOG_ERR, _("Error while connecting to %s (%s): %s"), c->name, c->hostname, strerror(errno)); return -1; } @@ -334,7 +334,7 @@ begin: /* Connect */ - result = connect(c->socket, &c->address.sa, sizeof(c->address)); + result = connect(c->socket, &c->address.sa, SALEN(c->address.sa)); if(result == -1) { diff --git a/src/netutl.c b/src/netutl.c index 039082e6..ca3ea2d8 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.26 2002/02/20 22:15:32 guus Exp $ + $Id: netutl.c,v 1.12.4.27 2002/02/20 22:37:38 guus Exp $ */ #include "config.h" @@ -103,7 +103,7 @@ void sockaddr2str(sockaddr_t *sa, char **addrstr, char **portstr) char port[NI_MAXSERV]; int err; cp - if((err = getnameinfo(&sa->sa, SA_LEN(sa->sa), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST|NI_NUMERICSERV))) + if((err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST|NI_NUMERICSERV))) { syslog(LOG_ERR, _("Error while translating addresses: %s"), gai_strerror(err)); cp_trace(); @@ -123,7 +123,7 @@ char *sockaddr2hostname(sockaddr_t *sa) char port[NI_MAXSERV] = "unknown"; int err; cp - if((err = getnameinfo(&sa->sa, SA_LEN(sa->sa), address, sizeof(address), port, sizeof(port), hostnames?0:(NI_NUMERICHOST|NI_NUMERICSERV)))) + if((err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), hostnames?0:(NI_NUMERICHOST|NI_NUMERICSERV)))) { syslog(LOG_ERR, _("Error while looking up hostname: %s"), gai_strerror(err)); } From 2ac7be0d51a112108dc6c2b1c6f46da022f72f40 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 26 Feb 2002 22:47:51 +0000 Subject: [PATCH 547/923] Tweaking IPv6 support. --- src/net.h | 8 ++++---- src/netutl.c | 18 +++++++++++++++--- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/src/net.h b/src/net.h index ea1657be..df431979 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.41 2002/02/20 22:37:38 guus Exp $ + $Id: net.h,v 1.9.4.42 2002/02/26 22:47:51 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -65,10 +65,10 @@ typedef union { struct sockaddr_in6 in6; } sockaddr_t; -#ifdef HAVE_LINUX - #define SALEN(s) sizeof(sockaddr_t) +#ifdef SA_LEN +#define SALEN(s) SA_LEN(&s) #else - #define SALEN(s) (s.sa_len) +#define SALEN(s) (s.sa_family==AF_INET?sizeof(struct sockaddr_in):sizeof(struct sockaddr_in6)) #endif typedef struct vpn_packet_t { diff --git a/src/netutl.c b/src/netutl.c index ca3ea2d8..a5886fc1 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.27 2002/02/20 22:37:38 guus Exp $ + $Id: netutl.c,v 1.12.4.28 2002/02/26 22:47:51 guus Exp $ */ #include "config.h" @@ -101,6 +101,7 @@ void sockaddr2str(sockaddr_t *sa, char **addrstr, char **portstr) { char address[NI_MAXHOST]; char port[NI_MAXSERV]; + char *scopeid; int err; cp if((err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST|NI_NUMERICSERV))) @@ -111,6 +112,11 @@ cp exit(0); } +#ifdef HAVE_LINUX + if((scopeid = strchr(address, '%'))) + *scopeid = '\0'; /* Descope. */ +#endif + *addrstr = xstrdup(address); *portstr = xstrdup(port); cp @@ -147,9 +153,15 @@ cp case AF_UNSPEC: return 0; case AF_INET: - return memcmp(&a->in, &b->in, sizeof(a->in)); + result = memcmp(&a->in.sin_addr, &b->in.sin_addr, sizeof(a->in.sin_addr)); + if(result) + return result; + return memcmp(&a->in.sin_port, &b->in.sin_port, sizeof(a->in.sin_port)); case AF_INET6: - return memcmp(&a->in6, &b->in6, sizeof(a->in6)); + result = memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)); + if(result) + return result; + return memcmp(&a->in6.sin6_port, &b->in6.sin6_port, sizeof(a->in6.sin6_port)); default: syslog(LOG_ERR, _("sockaddrcmp() was called with unknown address family %d, exitting!"), a->sa.sa_family); cp_trace(); From 50403909b6bf6536924d4693bb1f32c248f17fda Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 26 Feb 2002 23:26:41 +0000 Subject: [PATCH 548/923] Allow multiple listening sockets. --- src/net.c | 23 +++++++++++++++-------- src/net.h | 13 ++++++++----- src/net_packet.c | 12 ++++++------ src/net_setup.c | 49 +++++++++++++++++++++++++++++++++++------------- src/net_socket.c | 13 ++++++++----- src/protocol.h | 6 +++--- 6 files changed, 76 insertions(+), 40 deletions(-) diff --git a/src/net.c b/src/net.c index e42ccf4a..fb70dee4 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.157 2002/02/20 16:04:07 guus Exp $ + $Id: net.c,v 1.35.4.158 2002/02/26 23:26:41 guus Exp $ */ #include "config.h" @@ -80,6 +80,7 @@ void build_fdset(fd_set *fs) { avl_node_t *node; connection_t *c; + int i; cp FD_ZERO(fs); @@ -89,8 +90,12 @@ cp FD_SET(c->socket, fs); } - FD_SET(tcp_socket, fs); - FD_SET(udp_socket, fs); + for(i = 0; i < tcp_sockets; i++) + FD_SET(tcp_socket[i], fs); + + for(i = 0; i < udp_sockets; i++) + FD_SET(udp_socket[i], fs); + FD_SET(device_fd, fs); cp } @@ -271,7 +276,7 @@ void check_network_activity(fd_set *f) { connection_t *c; avl_node_t *node; - int result; + int result, i; int len = sizeof(result); vpn_packet_t packet; cp @@ -281,8 +286,9 @@ cp route_outgoing(&packet); } - if(FD_ISSET(udp_socket, f)) - handle_incoming_vpn_data(); + for(i = 0; i < udp_sockets; i++) + if(FD_ISSET(udp_socket[i], f)) + handle_incoming_vpn_data(udp_socket[i]); for(node = connection_tree->head; node; node = node->next) { @@ -316,8 +322,9 @@ cp } } - if(FD_ISSET(tcp_socket, f)) - handle_new_meta_connection(); + for(i = 0; i < tcp_sockets; i++) + if(FD_ISSET(tcp_socket[i], f)) + handle_new_meta_connection(tcp_socket[i]); cp } diff --git a/src/net.h b/src/net.h index df431979..e42f07e5 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.42 2002/02/26 22:47:51 guus Exp $ + $Id: net.h,v 1.9.4.43 2002/02/26 23:26:41 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -34,6 +34,7 @@ #define MAXSIZE 1600 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ #define MAXBUFSIZE 2048 /* Probably way too much, but it must fit every possible request. */ +#define MAXSOCKETS 128 /* Overkill... */ typedef struct mac_t { @@ -105,8 +106,10 @@ extern char *status_text[]; #include "connection.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ -extern int tcp_socket; -extern int udp_socket; +extern int tcp_socket[MAXSOCKETS]; +extern int udp_socket[MAXSOCKETS]; +extern int tcp_sockets; +extern int udp_sockets; extern int keyexpires; extern int keylifetime; extern int do_prune; @@ -114,10 +117,10 @@ extern int do_purge; extern char *myport; extern void retry_outgoing(outgoing_t *); -extern void handle_incoming_vpn_data(void); +extern void handle_incoming_vpn_data(int); extern void finish_connecting(connection_t *); extern void do_outgoing_connection(connection_t *); -extern int handle_new_meta_connection(void); +extern int handle_new_meta_connection(int); extern int setup_listen_socket(sockaddr_t *); extern int setup_vpn_in_socket(sockaddr_t *); extern void send_packet(struct node_t *, vpn_packet_t *); diff --git a/src/net_packet.c b/src/net_packet.c index 42f9d890..725789de 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.4 2002/02/20 22:37:38 guus Exp $ + $Id: net_packet.c,v 1.1.2.5 2002/02/26 23:26:41 guus Exp $ */ #include "config.h" @@ -258,7 +258,7 @@ cp /* Send the packet */ - if((sendto(udp_socket, (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) + if((sendto(udp_socket[0], (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); @@ -349,7 +349,7 @@ cp cp } -void handle_incoming_vpn_data(void) +void handle_incoming_vpn_data(int sock) { vpn_packet_t pkt; int x, l = sizeof(x); @@ -358,10 +358,10 @@ void handle_incoming_vpn_data(void) socklen_t fromlen = sizeof(from); node_t *n; cp - if(getsockopt(udp_socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) + if(getsockopt(sock, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s"), - __FILE__, __LINE__, udp_socket, strerror(errno)); + __FILE__, __LINE__, sock, strerror(errno)); return; } if(x) @@ -370,7 +370,7 @@ cp return; } - if((pkt.len = recvfrom(udp_socket, (char *)&pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen)) <= 0) + if((pkt.len = recvfrom(sock, (char *)&pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen)) <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); return; diff --git a/src/net_setup.c b/src/net_setup.c index 93939540..a985b555 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.4 2002/02/20 22:15:32 guus Exp $ + $Id: net_setup.c,v 1.1.2.5 2002/02/26 23:26:41 guus Exp $ */ #include "config.h" @@ -219,9 +219,9 @@ int setup_myself(void) { config_t *cfg; subnet_t *subnet; - char *name, *mode, *afname, *cipher, *digest; - struct addrinfo hint, *ai; - int choice, err; + char *name, *hostname, *mode, *afname, *cipher, *digest; + struct addrinfo hint, *ai, *aip; + int choice, err, sock; cp myself = new_node(); myself->connection = new_connection(); @@ -475,10 +475,20 @@ cp return -1; } - if((tcp_socket = setup_listen_socket((sockaddr_t *)ai->ai_addr)) < 0) + tcp_sockets = 0; + + for(aip = ai; aip; aip = aip->ai_next) { - syslog(LOG_ERR, _("Unable to set up a listening TCP socket!")); - return -1; + if((sock = setup_listen_socket((sockaddr_t *)aip->ai_addr)) < 0) + continue; + + tcp_socket[++tcp_sockets] = sock; + if(debug_lvl >= DEBUG_CONNECTIONS) + { + hostname = sockaddr2hostname((sockaddr_t *)aip->ai_addr); + syslog(LOG_NOTICE, _("Listening on %s/tcp"), hostname); + free(hostname); + } } freeaddrinfo(ai); @@ -492,15 +502,25 @@ cp return -1; } - if((udp_socket = setup_vpn_in_socket((sockaddr_t *)ai->ai_addr)) < 0) + udp_sockets = 0; + + for(aip = ai; aip; aip = aip->ai_next) { - syslog(LOG_ERR, _("Unable to set up a listening UDP socket!")); - return -1; + if((sock = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr)) < 0) + continue; + + udp_socket[++udp_sockets] = sock; + if(debug_lvl >= DEBUG_CONNECTIONS) + { + hostname = sockaddr2hostname((sockaddr_t *)aip->ai_addr); + syslog(LOG_NOTICE, _("Listening on %s/udp"), hostname); + free(hostname); + } } freeaddrinfo(ai); - syslog(LOG_NOTICE, _("Ready: listening on port %s"), myport); + syslog(LOG_NOTICE, _("Ready")); cp return 0; } @@ -548,6 +568,7 @@ void close_network_connections(void) { avl_node_t *node, *next; connection_t *c; + int i; cp for(node = connection_tree->head; node; node = next) { @@ -561,8 +582,10 @@ cp if(myself && myself->connection) terminate_connection(myself->connection, 0); - close(udp_socket); - close(tcp_socket); + for(i = 0; i < udp_sockets; i++) + close(udp_socket[i]); + for(i = 0; i < tcp_sockets; i++) + close(tcp_socket[i]); exit_events(); exit_edges(); diff --git a/src/net_socket.c b/src/net_socket.c index 6cf69f22..757199d6 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.3 2002/02/20 22:37:38 guus Exp $ + $Id: net_socket.c,v 1.1.2.4 2002/02/26 23:26:41 guus Exp $ */ #include "config.h" @@ -70,8 +70,11 @@ int addressfamily = AF_INET; int maxtimeout = 900; int seconds_till_retry = 5; -int tcp_socket = -1; -int udp_socket = -1; +int tcp_socket[MAXSOCKETS]; +int udp_socket[MAXSOCKETS]; +int tcp_sockets = 0; +int udp_sockets = 0; + /* Setup sockets */ int setup_listen_socket(sockaddr_t *sa) @@ -406,13 +409,13 @@ cp accept a new tcp connect and create a new connection */ -int handle_new_meta_connection() +int handle_new_meta_connection(int sock) { connection_t *c; sockaddr_t sa; int fd, len = sizeof(sa); cp - if((fd = accept(tcp_socket, &sa.sa, &len)) < 0) + if((fd = accept(sock, &sa.sa, &len)) < 0) { syslog(LOG_ERR, _("Accepting a new connection failed: %s"), strerror(errno)); return -1; diff --git a/src/protocol.h b/src/protocol.h index e1c8ca9a..c265502a 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.26 2002/02/11 15:59:18 guus Exp $ + $Id: protocol.h,v 1.5.4.27 2002/02/26 23:26:41 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -50,8 +50,8 @@ enum { /* Maximum size of strings in a request */ -#define MAX_STRING_SIZE 1024 -#define MAX_STRING "%1024s" +#define MAX_STRING_SIZE 2048 +#define MAX_STRING "%2048s" /* Basic functions */ From 17bc5220c332fdd083fd47fc600010f85171adc7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 27 Feb 2002 22:37:55 +0000 Subject: [PATCH 549/923] Fix send_request() bug. --- src/protocol.c | 6 +++--- src/protocol_key.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index af8029d0..9b30a8a6 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.122 2002/02/10 21:57:54 guus Exp $ + $Id: protocol.c,v 1.28.4.123 2002/02/27 22:37:54 guus Exp $ */ #include "config.h" @@ -67,17 +67,17 @@ cp va_start(args, format); len = vsnprintf(buffer, MAXBUFSIZE, format, args); - request = va_arg(args, int); va_end(args); if(len < 0 || len > MAXBUFSIZE-1) { - syslog(LOG_ERR, _("Output buffer overflow while sending %s to %s (%s)"), request_name[request], c->name, c->hostname); + syslog(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), request_name[request], c->name, c->hostname); return -1; } if(debug_lvl >= DEBUG_PROTOCOL) { + sscanf(buffer, "%d", &request); if(debug_lvl >= DEBUG_META) syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], c->name, c->hostname, buffer); else diff --git a/src/protocol_key.c b/src/protocol_key.c index aec78899..b85de5ed 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.3 2002/02/20 19:25:09 guus Exp $ + $Id: protocol_key.c,v 1.1.4.4 2002/02/27 22:37:55 guus Exp $ */ #include "config.h" @@ -208,7 +208,7 @@ cp if(to != myself) { - return send_request(to->nexthop->connection, c->buffer); + return send_request(to->nexthop->connection, "%s", c->buffer); } /* Update our copy of the origin's packet key */ From 7f58ed7685f9fcd5271359a8c896670a835e1f95 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 1 Mar 2002 11:18:34 +0000 Subject: [PATCH 550/923] Make BindToInterface work. --- src/net_socket.c | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/src/net_socket.c b/src/net_socket.c index 757199d6..fdeac79a 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.4 2002/02/26 23:26:41 guus Exp $ + $Id: net_socket.c,v 1.1.2.5 2002/03/01 11:18:34 guus Exp $ */ #include "config.h" @@ -84,6 +84,7 @@ int setup_listen_socket(sockaddr_t *sa) int option; #ifdef HAVE_LINUX char *interface; + struct ifreq ifr; #endif cp if((nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP)) < 0) @@ -111,12 +112,16 @@ cp setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) - if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); - return -1; - } + { + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); + if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) + { + close(nfd); + syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); + return -1; + } + } #endif if(bind(nfd, &sa->sa, SALEN(sa->sa))) @@ -145,6 +150,7 @@ int setup_vpn_in_socket(sockaddr_t *sa) int option; #ifdef HAVE_LINUX char *interface; + struct ifreq ifr; #endif cp if((nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) @@ -165,12 +171,16 @@ cp setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); #ifdef HAVE_LINUX if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) - if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, interface, strlen(interface))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); - return -1; - } + { + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); + if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) + { + close(nfd); + syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); + return -1; + } + } #endif if(bind(nfd, &sa->sa, SALEN(sa->sa))) From 80ea653e8d8050878380fbc1446571cbaf578297 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 1 Mar 2002 12:25:58 +0000 Subject: [PATCH 551/923] Fix listening sockets. --- src/net_setup.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index a985b555..6278f5d6 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.5 2002/02/26 23:26:41 guus Exp $ + $Id: net_setup.c,v 1.1.2.6 2002/03/01 12:25:58 guus Exp $ */ #include "config.h" @@ -326,6 +326,8 @@ cp else routing_mode = RMODE_ROUTER; + get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance); + if(get_config_int(lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) { if(maxtimeout <= 0) @@ -482,7 +484,7 @@ cp if((sock = setup_listen_socket((sockaddr_t *)aip->ai_addr)) < 0) continue; - tcp_socket[++tcp_sockets] = sock; + tcp_socket[tcp_sockets++] = sock; if(debug_lvl >= DEBUG_CONNECTIONS) { hostname = sockaddr2hostname((sockaddr_t *)aip->ai_addr); @@ -509,7 +511,7 @@ cp if((sock = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr)) < 0) continue; - udp_socket[++udp_sockets] = sock; + udp_socket[udp_sockets++] = sock; if(debug_lvl >= DEBUG_CONNECTIONS) { hostname = sockaddr2hostname((sockaddr_t *)aip->ai_addr); From c2b738e7b51fbec2b11fbbf030b9a5a36df55fc4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 1 Mar 2002 12:26:56 +0000 Subject: [PATCH 552/923] If "PriorityInheritance = yes" is specified in tinc.conf, the value of the TOS field of the tunneled packets will be passed on to the UDP packets tinc sends out. --- src/net.h | 3 ++- src/net_packet.c | 17 +++++++++++++++-- src/route.c | 6 +++++- src/route.h | 3 ++- 4 files changed, 24 insertions(+), 5 deletions(-) diff --git a/src/net.h b/src/net.h index e42f07e5..0dc81817 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.43 2002/02/26 23:26:41 guus Exp $ + $Id: net.h,v 1.9.4.44 2002/03/01 12:26:56 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -74,6 +74,7 @@ typedef union { typedef struct vpn_packet_t { length_t len; /* the actual number of bytes in the `data' field */ + int priority; /* priority or TOS */ unsigned int seqno; /* 32 bits sequence number (network byte order of course) */ unsigned char data[MAXSIZE]; } vpn_packet_t; diff --git a/src/net_packet.c b/src/net_packet.c index 725789de..81d759a6 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.5 2002/02/26 23:26:41 guus Exp $ + $Id: net_packet.c,v 1.1.2.6 2002/03/01 12:26:56 guus Exp $ */ #include "config.h" @@ -190,6 +190,8 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) long int complen = MTU + 12; EVP_CIPHER_CTX ctx; vpn_packet_t *copy; + static int priority = 0; + int origpriority; cp if(!n->status.validkey) { @@ -212,6 +214,7 @@ cp } origlen = inpkt->len; + origpriority = inpkt->priority; /* Compress the packet */ @@ -258,6 +261,15 @@ cp /* Send the packet */ + if(priorityinheritance && origpriority != priority) + { + priority = origpriority; + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority); + if(setsockopt(udp_socket[0], SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ + syslog(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno)); + } + if((sendto(udp_socket[0], (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"), @@ -362,7 +374,8 @@ cp { syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s"), __FILE__, __LINE__, sock, strerror(errno)); - return; + cp_trace(); + exit(1); } if(x) { diff --git a/src/route.c b/src/route.c index e9451c8c..a6790c95 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.24 2002/02/20 16:04:59 guus Exp $ + $Id: route.c,v 1.1.2.25 2002/03/01 12:26:56 guus Exp $ */ #include "config.h" @@ -51,6 +51,7 @@ #include "system.h" int routing_mode = RMODE_ROUTER; +int priorityinheritance = 0; subnet_t mymac; void learn_mac(mac_t *address) @@ -107,6 +108,9 @@ node_t *route_ipv4(vpn_packet_t *packet) { subnet_t *subnet; cp + if(priorityinheritance) + packet->priority = packet->data[15]; + subnet = lookup_subnet_ipv4((ipv4_t *)&packet->data[30]); cp if(!subnet) diff --git a/src/route.h b/src/route.h index 70aab89a..1f9e7a5a 100644 --- a/src/route.h +++ b/src/route.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.h,v 1.1.2.5 2002/02/10 21:57:54 guus Exp $ + $Id: route.h,v 1.1.2.6 2002/03/01 12:26:56 guus Exp $ */ #ifndef __TINC_ROUTE_H__ @@ -31,6 +31,7 @@ enum }; extern int routing_mode; +extern int priorityinheritance; extern void route_incoming(node_t *, vpn_packet_t *); extern void route_outgoing(vpn_packet_t *); From f93b1334e087dd7af1b87f475b2d398fdd4d56ab Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 1 Mar 2002 13:18:54 +0000 Subject: [PATCH 553/923] Create/bind TCP and UDP listening sockets in pairs. --- src/net.c | 26 +++++++++++------------ src/net.h | 5 ++--- src/net_setup.c | 54 ++++++++++++++++-------------------------------- src/net_socket.c | 5 ++--- 4 files changed, 35 insertions(+), 55 deletions(-) diff --git a/src/net.c b/src/net.c index fb70dee4..5632727a 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.158 2002/02/26 23:26:41 guus Exp $ + $Id: net.c,v 1.35.4.159 2002/03/01 13:18:54 guus Exp $ */ #include "config.h" @@ -90,11 +90,11 @@ cp FD_SET(c->socket, fs); } - for(i = 0; i < tcp_sockets; i++) - FD_SET(tcp_socket[i], fs); - - for(i = 0; i < udp_sockets; i++) - FD_SET(udp_socket[i], fs); + for(i = 0; i < listen_sockets; i++) + { + FD_SET(tcp_socket[i], fs); + FD_SET(udp_socket[i], fs); + } FD_SET(device_fd, fs); cp @@ -286,9 +286,13 @@ cp route_outgoing(&packet); } - for(i = 0; i < udp_sockets; i++) - if(FD_ISSET(udp_socket[i], f)) - handle_incoming_vpn_data(udp_socket[i]); + for(i = 0; i < listen_sockets; i++) + { + if(FD_ISSET(udp_socket[i], f)) + handle_incoming_vpn_data(udp_socket[i]); + if(FD_ISSET(tcp_socket[i], f)) + handle_new_meta_connection(tcp_socket[i]); + } for(node = connection_tree->head; node; node = node->next) { @@ -321,10 +325,6 @@ cp } } } - - for(i = 0; i < tcp_sockets; i++) - if(FD_ISSET(tcp_socket[i], f)) - handle_new_meta_connection(tcp_socket[i]); cp } diff --git a/src/net.h b/src/net.h index 0dc81817..6a981186 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.44 2002/03/01 12:26:56 guus Exp $ + $Id: net.h,v 1.9.4.45 2002/03/01 13:18:54 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -109,8 +109,7 @@ extern char *status_text[]; extern int tcp_socket[MAXSOCKETS]; extern int udp_socket[MAXSOCKETS]; -extern int tcp_sockets; -extern int udp_sockets; +extern int listen_sockets; extern int keyexpires; extern int keylifetime; extern int do_prune; diff --git a/src/net_setup.c b/src/net_setup.c index 6278f5d6..6887fe34 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.6 2002/03/01 12:25:58 guus Exp $ + $Id: net_setup.c,v 1.1.2.7 2002/03/01 13:18:54 guus Exp $ */ #include "config.h" @@ -221,7 +221,7 @@ int setup_myself(void) subnet_t *subnet; char *name, *hostname, *mode, *afname, *cipher, *digest; struct addrinfo hint, *ai, *aip; - int choice, err, sock; + int choice, err; cp myself = new_node(); myself->connection = new_connection(); @@ -477,52 +477,33 @@ cp return -1; } - tcp_sockets = 0; - for(aip = ai; aip; aip = aip->ai_next) { - if((sock = setup_listen_socket((sockaddr_t *)aip->ai_addr)) < 0) + if((tcp_socket[listen_sockets] = setup_listen_socket((sockaddr_t *)aip->ai_addr)) < 0) + continue; + + if((udp_socket[listen_sockets] = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr)) < 0) continue; - tcp_socket[tcp_sockets++] = sock; if(debug_lvl >= DEBUG_CONNECTIONS) { hostname = sockaddr2hostname((sockaddr_t *)aip->ai_addr); - syslog(LOG_NOTICE, _("Listening on %s/tcp"), hostname); + syslog(LOG_NOTICE, _("Listening on %s"), hostname); free(hostname); } + + listen_sockets++; } freeaddrinfo(ai); - hint.ai_socktype = SOCK_DGRAM; - hint.ai_protocol = IPPROTO_UDP; - - if((err = getaddrinfo(NULL, myport, &hint, &ai)) || !ai) + if(listen_sockets) + syslog(LOG_NOTICE, _("Ready")); + else { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err)); + syslog(LOG_ERR, _("Unable to create any listening socket!")); return -1; } - - udp_sockets = 0; - - for(aip = ai; aip; aip = aip->ai_next) - { - if((sock = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr)) < 0) - continue; - - udp_socket[udp_sockets++] = sock; - if(debug_lvl >= DEBUG_CONNECTIONS) - { - hostname = sockaddr2hostname((sockaddr_t *)aip->ai_addr); - syslog(LOG_NOTICE, _("Listening on %s/udp"), hostname); - free(hostname); - } - } - - freeaddrinfo(ai); - - syslog(LOG_NOTICE, _("Ready")); cp return 0; } @@ -584,10 +565,11 @@ cp if(myself && myself->connection) terminate_connection(myself->connection, 0); - for(i = 0; i < udp_sockets; i++) - close(udp_socket[i]); - for(i = 0; i < tcp_sockets; i++) - close(tcp_socket[i]); + for(i = 0; i < listen_sockets; i++) + { + close(udp_socket[i]); + close(tcp_socket[i]); + } exit_events(); exit_edges(); diff --git a/src/net_socket.c b/src/net_socket.c index fdeac79a..39bbbaa8 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.5 2002/03/01 11:18:34 guus Exp $ + $Id: net_socket.c,v 1.1.2.6 2002/03/01 13:18:54 guus Exp $ */ #include "config.h" @@ -72,8 +72,7 @@ int seconds_till_retry = 5; int tcp_socket[MAXSOCKETS]; int udp_socket[MAXSOCKETS]; -int tcp_sockets = 0; -int udp_sockets = 0; +int listen_sockets = 0; /* Setup sockets */ From 0c879b8eeed3477b0f1cdd2f232e67e38bd9bce6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 1 Mar 2002 13:38:02 +0000 Subject: [PATCH 554/923] Updated documentation. --- doc/tinc.conf.5 | 40 +++++++++++++++++++++++++++++----------- doc/tinc.texi | 25 +++++++++++++++++-------- 2 files changed, 46 insertions(+), 19 deletions(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 9a1ca75d..7633dca9 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -100,12 +100,15 @@ If you leave it out, remember to replace it with at least one space character. Here are all valid variables, listed in alphabetical order. The default value is given between parentheses. .Bl -tag -width indent -.It Va AddressFamily Li = ipv4 | ipv6 | any Pq ipv4 +.It Va AddressFamily Li = ipv4 | ipv6 | any Po ipv4 Pc Bq experimental This option affects the address family of listening and outgoing sockets. If .Qq any -is selected, then the listening sockets will be IPv6 sockets, -but on most platforms those will also accept IPv4 connections. +is selected, then depending on the operating system both IPv4 and IPv6 or just +IPv6 listening sockets will be created. +.Pp +Mixing IPv4 and IPv6 may not work as desired. +It's best to choose one address family and use that for all tinc daemons on the VPN. .It Va BindToInterface Li = Ar interface Bq experimental If your computer has more than one network interface, .Nm tinc @@ -127,8 +130,8 @@ This option may not work on all platforms. Specifies which other tinc daemon to connect to on startup. Multiple .Va ConnectTo -variables may be specified; -if connecting to the first one fails then tinc will try the next one, and so on. +variables may be specified, +in which case outgoing connections to each specified tinc daemon are made. The names should be known to this tinc daemon (i.e., there should be a host configuration file for the name on the .Va ConnectTo @@ -174,11 +177,13 @@ variables in the host configuration files will be used to form a routing table. Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode. .It switch In this mode the MAC addresses of the packets on the VPN will be used to -dynamically create a routing table just like a network switch does. -Unicast, multicast and broadcast packets of every Ethernet protocol are supported in this mode +dynamically create a routing table just like an Ethernet switch does. +Unicast, multicast and broadcast packets of every protocol that runs over Ethernet are supported in this mode at the cost of frequent broadcast ARP requests and routing table updates. .It hub -In this mode every packet will be broadcast to the other daemons. +This mode is almost the same as the switch mode, but instead +every packet will be broadcast to the other daemons +while no routing table is created. .El .It Va Name Li = Ar name Bq required This is the name which identifies this tinc daemon. @@ -190,6 +195,9 @@ will wait before sending a probe to the other end. If that other end doesn't answer within that same amount of time, the connection is terminated, and the others will be notified of this. +.It Va PriorityInheritance Li = yes | no Po no Pc Bq experimental +When this option is enabled the value of the TOS field of tunneled IPv4 packets +will be inherited by the UDP packets that are sent out. .It Va PrivateKey Li = Ar key Bq obsolete The private RSA key of this tinc daemon. It will allow this tinc daemon to authenticate itself to other daemons. @@ -216,6 +224,11 @@ no secrets are revealed by sending out this information. .Bl -tag -width indent .It Va Address Li = Ar address Bq recommended The IP address or hostname of this tinc daemon on the real network. +This wil only be used when trying to make an outgoing connection to this tinc daemon. +Multiple +.Va Address +variables can be specified, in which case each address will be tried until a working +connection has been established. .It Va Cipher Li = Ar cipher Pq blowfish The symmetric cipher algorithm used to encrypt UDP packets. Any cipher supported by OpenSSL is recognised. @@ -264,15 +277,20 @@ The subnet which this tinc daemon will serve. tries to look up which other daemon it should send a packet to by searching the appropriate subnet. If the packet matches a subnet, it will be sent to the daemon who has this subnet in his host configuration file. -Multiple subnet lines can be specified. +Multiple +.Va Subnet +variables can be specified. .Pp Subnets can either be single MAC, IPv4 or IPv6 addresses, in which case a subnet consisting of only that single address is assumed, or they can be a IPv4 or IPv6 network address with a masklength. +Shorthand notations are not supported. For example, IPv4 subnets must be in a form like 192.168.1.0/24, where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask. Note that subnets like 192.168.1.1/24 are invalid! Read a networking HOWTO/FAQ/guide if you don't understand this. +IPv6 subnets are notated like fec0:0:0:1:0:0:0:0/64. +MAC addresses are notated like 0:1a:2b:3c:4d:5e. .It Va TCPOnly Li = yes | no Po no Pc Bq experimental If this variable is set to yes, then the packets are tunnelled over the TCP connection instead of a UDP connection. @@ -298,14 +316,14 @@ it will be executed right after the tinc daemon has connected to the virtual net It can be used to set up the corresponding network interface. .Pp The environment variable -.Ev NETNAME +.Ev $NETNAME will be passed to the executable. If specified with the .Va Interface configuration variable, or if the virtual network device is a Linux tun/tap device, the environment variable -.Ev INTERFACE +.Ev $INTERFACE will be set to the name of the network interface. .It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down If an executable file with this name exists, diff --git a/doc/tinc.texi b/doc/tinc.texi index d5ddbff0..dba07540 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.21 2002/02/18 16:25:15 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.21 2002/02/18 16:25:15 guus Exp $ +$Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.21 2002/02/18 16:25:15 guus Exp $ +$Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -737,13 +737,17 @@ required directives are given in @strong{bold}. @table @asis @cindex AddressFamily -@item AddressFamily = (ipv4) +@item AddressFamily = (ipv4) [experimental] This option affects the address family of listening and outgoing sockets. -If "any" is selected, then the listening sockets will be IPv6 sockets, -but on most platforms those will also accept IPv4 connections. +If "any" is selected, then depending on the operating system +both IPv4 and IPv6 or just IPv6 listening sockets will be created. + +Mixing IPv4 and IPv6 may not work as desired. +It's best to choose one address family +and use that for all tinc daemons on the VPN. @cindex BindToInterface -@item BindToInterface = +@item BindToInterface = [experimental] If you have more than one network interface in your computer, tinc will by default listen on all of them for incoming connections. It is possible to bind tinc to a single interface like eth0 or ppp0 with this @@ -752,7 +756,7 @@ variable. This option may not work on all platforms. @cindex BindToIP -@item BindToIP =
    +@item BindToIP =
    [experimental] If your computer has more than one IP address on a single interface (for example if you are running virtual hosts), tinc will by default listen on all of them for incoming connections. It is possible to bind tinc to @@ -836,6 +840,11 @@ probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. +@cindex PriorityInheritance +@item PriorityInheritance = (no) [experimental] +When this option is enabled the value of the TOS field of tunneled IPv4 packets +will be inherited by the UDP packets that are sent out. + @cindex PrivateKey @item PrivateKey = [obsolete] This is the RSA private key for tinc. However, for safety reasons it is From 7496ecc45ab6205bcce4e576c23b9afb52004e39 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 1 Mar 2002 13:38:15 +0000 Subject: [PATCH 555/923] Updated dutch translation. --- po/nl.po | 225 ++++++++++++++++++++++++++++++------------------------- 1 file changed, 121 insertions(+), 104 deletions(-) diff --git a/po/nl.po b/po/nl.po index 15b0de2e..56d9b72a 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,8 +5,8 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-02-18 17:09+0100\n" -"PO-Revision-Date: 2002-02-11 16:57+0100\n" +"POT-Creation-Date: 2002-03-01 14:19+0100\n" +"PO-Revision-Date: 2002-03-01 14:19+0100\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" @@ -172,53 +172,53 @@ msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:109 +#: src/net.c:114 msgid "Purging unreachable nodes" msgstr "Verwijderen onbereikbare nodes" -#: src/net.c:119 +#: src/net.c:124 #, c-format msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:173 +#: src/net.c:178 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:244 +#: src/net.c:249 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:257 +#: src/net.c:262 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:305 +#: src/net.c:315 src/net_socket.c:246 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:370 +#: src/net.c:377 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:404 +#: src/net.c:411 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:421 +#: src/net.c:428 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:434 +#: src/net.c:445 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:441 +#: src/net.c:452 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" @@ -242,67 +242,80 @@ msgstr "Fout tijdens decomprimeren pakket van %s (%s)" msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net_packet.c:196 +#: src/net_packet.c:199 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net_packet.c:221 +#: src/net_packet.c:227 #, c-format msgid "Error while compressing packet to %s (%s)" msgstr "Fout tijdens comprimeren pakket naar %s (%s)" -#: src/net_packet.c:260 +#: src/net_packet.c:268 +#, c-format +msgid "Setting outgoing packet priority to %d" +msgstr "Instellen prioriteit uitgaand pakket op %d" + +#. SO_PRIORITY doesn't seem to work +#: src/net_packet.c:270 src/net_setup.c:476 src/net_socket.c:99 +#: src/net_socket.c:138 src/net_socket.c:165 src/process.c:258 +#: src/process.c:293 +#, c-format +msgid "System call `%s' failed: %s" +msgstr "Systeemaanroep `%s' mislukte: %s" + +#: src/net_packet.c:275 #, c-format msgid "Error sending packet to %s (%s): %s" msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net_packet.c:275 +#: src/net_packet.c:292 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net_packet.c:282 +#: src/net_packet.c:299 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net_packet.c:291 +#: src/net_packet.c:308 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net_packet.c:299 +#: src/net_packet.c:316 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net_packet.c:319 +#: src/net_packet.c:336 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net_packet.c:336 +#: src/net_packet.c:353 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:358 +#: src/net_packet.c:375 #, c-format msgid "This is a bug: %s:%d: %d:%s" msgstr "Dit is een programmeerfout: %s:%d: %d:%s" -#: src/net_packet.c:364 +#: src/net_packet.c:382 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net_packet.c:370 +#: src/net_packet.c:388 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:379 +#: src/net_packet.c:397 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" @@ -356,134 +369,128 @@ msgstr "Ongeldig publiek/priv msgid "Invalid routing mode!" msgstr "Ongeldige routing modus!" -#: src/net_setup.c:333 +#: src/net_setup.c:335 msgid "Bogus maximum timeout!" msgstr "Onzinnige maximum timeout!" -#: src/net_setup.c:350 +#: src/net_setup.c:352 msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:372 +#: src/net_setup.c:374 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:405 +#: src/net_setup.c:409 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:419 +#: src/net_setup.c:425 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:424 +#: src/net_setup.c:430 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:438 +#: src/net_setup.c:446 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:464 src/net_socket.c:96 src/net_socket.c:131 -#: src/net_socket.c:157 src/process.c:258 src/process.c:293 +#: src/net_setup.c:491 #, c-format -msgid "System call `%s' failed: %s" -msgstr "Systeemaanroep `%s' mislukte: %s" +msgid "Listening on %s" +msgstr "Luisterend op %s" -#: src/net_setup.c:470 -msgid "Unable to set up a listening TCP socket!" -msgstr "Kon geen TCP luistersocket aanmaken!" +#: src/net_setup.c:501 +msgid "Ready" +msgstr "Gereed" -#: src/net_setup.c:476 -msgid "Unable to set up a listening UDP socket!" -msgstr "Kon geen UDP luistersocket aanmaken!" +#: src/net_setup.c:504 +msgid "Unable to create any listening socket!" +msgstr "Kon geen enkele luistersocket aanmaken!" -#: src/net_setup.c:482 -#, c-format -msgid "Ready: listening on port %s" -msgstr "Gereed: luisterend op poort %s" - -#: src/net_socket.c:88 +#: src/net_socket.c:91 #, c-format msgid "Creating metasocket failed: %s" msgstr "Aanmaak van metasocket mislukt: %s" -#: src/net_socket.c:114 src/net_socket.c:168 +#: src/net_socket.c:120 src/net_socket.c:179 #, c-format msgid "Can't bind to interface %s: %s" msgstr "Kan niet aan interface %s binden: %s" -#: src/net_socket.c:123 +#: src/net_socket.c:130 #, c-format msgid "Can't bind to %s/tcp: %s" msgstr "Kan niet aan %s/tcp binden: %s" -#: src/net_socket.c:149 +#: src/net_socket.c:157 #, c-format msgid "Creating UDP socket failed: %s" msgstr "Aanmaak UDP socket mislukte: %s" -#: src/net_socket.c:177 +#: src/net_socket.c:189 #, c-format msgid "Can't bind to %s/udp: %s" msgstr "Kan niet aan %s/udp binden: %s" -#: src/net_socket.c:200 +#: src/net_socket.c:212 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net_socket.c:209 src/net_socket.c:304 +#: src/net_socket.c:221 src/net_socket.c:316 #, c-format msgid "Trying to connect to %s (%s)" msgstr "Poging tot verbinden met %s (%s)" -#: src/net_socket.c:215 src/net_socket.c:311 +#: src/net_socket.c:227 src/net_socket.c:323 #, c-format msgid "Creating socket for %s failed: %s" msgstr "Aanmaken socket voor %s mislukt: %s" -#: src/net_socket.c:234 src/net_socket.c:350 -#, c-format -msgid "%s: %s" -msgstr "%s: %s" - -#: src/net_socket.c:239 src/net_socket.c:249 +#: src/net_socket.c:251 src/net_socket.c:261 #, c-format msgid "Connected to %s (%s)" msgstr "Verbonden met %s (%s)" -#: src/net_socket.c:268 +#: src/net_socket.c:280 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net_socket.c:332 +#: src/net_socket.c:344 #, c-format msgid "fcntl for %s: %s" msgstr "fcntl voor %s: %s" -#: src/net_socket.c:371 +#: src/net_socket.c:362 +#, c-format +msgid "%s: %s" +msgstr "%s: %s" + +#: src/net_socket.c:383 #, c-format msgid "Already connected to %s" msgstr "Reeds verbonden met %s" -#: src/net_socket.c:386 +#: src/net_socket.c:402 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net_socket.c:413 +#: src/net_socket.c:429 #, c-format msgid "Accepting a new connection failed: %s" msgstr "Aanname van nieuwe verbinding is mislukt: %s" -#: src/net_socket.c:425 +#: src/net_socket.c:445 #, c-format msgid "Connection from %s" msgstr "Verbinding van %s" -#: src/net_socket.c:447 +#: src/net_socket.c:467 #, c-format msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" @@ -493,31 +500,31 @@ msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" msgid "Error looking up %s port %s: %s\n" msgstr "Fout bij het opzoeken van %s poort %s: %s\n" -#: src/netutl.c:108 +#: src/netutl.c:109 #, c-format msgid "Error while translating addresses: %s" msgstr "Fout tijdens vertalen adressen: %s" -#: src/netutl.c:128 +#: src/netutl.c:134 #, c-format msgid "Error while looking up hostname: %s" msgstr "Fout bij het opzoeken van hostnaam: %s" -#: src/netutl.c:131 +#: src/netutl.c:137 #, c-format msgid "%s port %s" msgstr "%s poort %s" -#: src/netutl.c:154 +#: src/netutl.c:166 #, c-format msgid "sockaddrcmp() was called with unknown address family %d, exitting!" msgstr "" "sockaddrcmp() werd aangeroepen met onbekende adresfamilie %d, beëindigen!" -#: src/protocol.c:75 +#: src/protocol.c:74 #, c-format -msgid "Output buffer overflow while sending %s to %s (%s)" -msgstr "Uitvoer buffer overvol tijdens zenden %s naar %s (%s)" +msgid "Output buffer overflow while sending request to %s (%s)" +msgstr "Uitvoer buffer overvol tijdens zenden verzoek naar %s (%s)" #: src/protocol.c:82 #, c-format @@ -564,8 +571,8 @@ msgstr "Fout tijdens afhandelen %s van %s (%s)" msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol_auth.c:69 src/protocol_auth.c:218 src/protocol_auth.c:311 -#: src/protocol_auth.c:367 src/protocol_auth.c:478 src/protocol_edge.c:98 +#: src/protocol_auth.c:69 src/protocol_auth.c:224 src/protocol_auth.c:357 +#: src/protocol_auth.c:417 src/protocol_auth.c:530 src/protocol_edge.c:98 #: src/protocol_edge.c:230 src/protocol_key.c:78 src/protocol_key.c:116 #: src/protocol_key.c:184 src/protocol_misc.c:61 src/protocol_misc.c:91 #: src/protocol_misc.c:172 src/protocol_subnet.c:71 src/protocol_subnet.c:160 @@ -601,41 +608,56 @@ msgstr "Ander %s heeft onbekende identiteit (%s)" msgid "Generated random meta key (unencrypted): %s" msgstr "Willekeurige meta sleutel aangemaakt (niet versleuteld): %s" -#: src/protocol_auth.c:187 src/protocol_auth.c:248 +#: src/protocol_auth.c:187 src/protocol_auth.c:254 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleutelen van meta key voor %s (%s)" -#: src/protocol_auth.c:228 src/protocol_auth.c:321 src/protocol_auth.c:375 -#: src/protocol_auth.c:391 +#: src/protocol_auth.c:234 src/protocol_auth.c:367 src/protocol_auth.c:425 +#: src/protocol_auth.c:443 #, c-format msgid "Possible intruder %s (%s): %s" msgstr "Mogelijke indringer %s (%s): %s" -#: src/protocol_auth.c:256 +#: src/protocol_auth.c:262 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Ontving willekeurige meta key (niet versleuteld): %s" -#: src/protocol_auth.c:375 +#: src/protocol_auth.c:274 +#, c-format +msgid "%s (%s) uses unknown cipher!" +msgstr "%s (%s) gebruikt onbekende cipher!" + +#: src/protocol_auth.c:296 src/protocol_key.c:255 +#, c-format +msgid "Node %s (%s) uses unknown digest!" +msgstr "Node %s (%s) gebruikt onbekende digest!" + +#: src/protocol_auth.c:302 +#, c-format +msgid "%s (%s) uses bogus MAC length!" +msgstr "%s (%s) gebruikt onzinnige MAC lengte!" + +#: src/protocol_auth.c:425 msgid "wrong challenge reply length" msgstr "verkeerde lengte antwoord op uitdaging" -#: src/protocol_auth.c:391 +#: src/protocol_auth.c:443 msgid "wrong challenge reply" msgstr "verkeerd antwoord op uitdaging" -#: src/protocol_auth.c:396 +#: src/protocol_auth.c:448 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwachtte antwoord op uitdaging: %s" -#: src/protocol_auth.c:498 +#: src/protocol_auth.c:550 #, c-format msgid "Established a second connection with %s (%s), closing old connection" msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" -#: src/protocol_auth.c:534 +#: src/protocol_auth.c:586 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" @@ -701,12 +723,7 @@ msgstr "Node %s (%s) gebruikt onbekende cipher!" msgid "Node %s (%s) uses wrong keylength!" msgstr "Node %s (%s) gebruikt verkeerde lengte sleutel!" -#: src/protocol_key.c:253 -#, c-format -msgid "Node %s (%s) uses unknown digest!" -msgstr "Node %s (%s) gebruikt onbekende digest!" - -#: src/protocol_key.c:259 +#: src/protocol_key.c:260 #, c-format msgid "Node %s (%s) uses bogus MAC length!" msgstr "Node %s (%s) gebruikt onzinnige MAC lengte!" @@ -735,27 +752,27 @@ msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in de node boom" msgid "Got %s from %s (%s) for %s which does not appear in his subnet tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in zijn subnet boom" -#: src/subnet.c:99 +#: src/subnet.c:103 #, c-format msgid "subnet_compare() was called with unknown subnet type %d, exitting!" msgstr "" "subnet_compare() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:274 +#: src/subnet.c:289 #, c-format msgid "net2str() was called with unknown subnet type %d, exitting!" msgstr "net2str() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:381 +#: src/subnet.c:415 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:386 +#: src/subnet.c:420 #, c-format msgid " %s owner %s" msgstr " %s eigenaar %s" -#: src/subnet.c:389 +#: src/subnet.c:423 msgid "End of subnet list." msgstr "Einde van subnet lijst." @@ -1011,17 +1028,17 @@ msgstr "Signaal %d (%s) genegeerd" msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:69 +#: src/route.c:70 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:116 +#: src/route.c:120 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:136 +#: src/route.c:140 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1030,16 +1047,16 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:180 +#: src/route.c:184 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:193 +#: src/route.c:197 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:245 +#: src/route.c:249 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" From 14979f835df4214a7c2510852f7ffedc9e08c2c0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 1 Mar 2002 14:09:31 +0000 Subject: [PATCH 556/923] - Global time_t now, so that we don't have to call time() too often. - MAC addresses expire after a time configurable by MACExpire (default 600 seconds) --- src/event.c | 5 +++-- src/meta.c | 4 ++-- src/net.c | 26 ++++++++++++++------------ src/net.h | 3 ++- src/net_packet.c | 7 +++---- src/net_setup.c | 9 +++++++-- src/net_socket.c | 10 +++++----- src/protocol_misc.c | 4 ++-- src/route.c | 28 +++++++++++++++++++++++++++- src/route.h | 4 +++- src/subnet.h | 3 ++- 11 files changed, 70 insertions(+), 33 deletions(-) diff --git a/src/event.c b/src/event.c index d11f91cc..028483bd 100644 --- a/src/event.c +++ b/src/event.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.c,v 1.1.4.1 2002/02/11 10:05:58 guus Exp $ + $Id: event.c,v 1.1.4.2 2002/03/01 14:09:30 guus Exp $ */ #include "config.h" @@ -34,6 +34,7 @@ #include "system.h" avl_tree_t *event_tree; +extern time_t now; int id; @@ -98,7 +99,7 @@ cp if(event_tree->head) { event = (event_t *)event_tree->head->data; - if(event->time < time(NULL)) + if(event->time < now) { avl_delete(event_tree, event); return event; diff --git a/src/meta.c b/src/meta.c index f2326d11..b51c64d6 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.24 2002/02/18 16:25:16 guus Exp $ + $Id: meta.c,v 1.1.2.25 2002/03/01 14:09:31 guus Exp $ */ #include "config.h" @@ -204,7 +204,7 @@ cp return -1; } - c->last_ping_time = time(NULL); + c->last_ping_time = now; cp return 0; } diff --git a/src/net.c b/src/net.c index 5632727a..a1b17052 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.159 2002/03/01 13:18:54 guus Exp $ + $Id: net.c,v 1.35.4.160 2002/03/01 14:09:31 guus Exp $ */ #include "config.h" @@ -73,6 +73,8 @@ int do_purge = 0; int sighup = 0; int sigalrm = 0; +time_t now = 0; + /* put all file descriptors in an fd_set array */ @@ -229,12 +231,9 @@ cp */ void check_dead_connections(void) { - time_t now; avl_node_t *node, *next; connection_t *c; cp - now = time(NULL); - for(node = connection_tree->head; node; node = next) { next = node->next; @@ -359,12 +358,14 @@ void main_loop(void) int t; event_t *event; cp - last_ping_check = time(NULL); + last_ping_check = now; - srand(time(NULL)); + srand(now); for(;;) { + now = time(NULL); + tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */ tv.tv_usec = 0; @@ -394,25 +395,26 @@ cp do_purge = 0; } - t = time(NULL); - /* Let's check if everybody is still alive */ - if(last_ping_check + pingtimeout < t) + if(last_ping_check + pingtimeout < now) { check_dead_connections(); - last_ping_check = time(NULL); + last_ping_check = now; + + if(routing_mode != RMODE_ROUTER) + age_mac(); /* Should we regenerate our key? */ - if(keyexpires < t) + if(keyexpires < now) { if(debug_lvl >= DEBUG_STATUS) syslog(LOG_INFO, _("Regenerating symmetric key")); RAND_pseudo_bytes(myself->key, myself->keylength); send_key_changed(myself->connection, myself); - keyexpires = time(NULL) + keylifetime; + keyexpires = now + keylifetime; } } diff --git a/src/net.h b/src/net.h index 6a981186..07e589a5 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.45 2002/03/01 13:18:54 guus Exp $ + $Id: net.h,v 1.9.4.46 2002/03/01 14:09:31 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -115,6 +115,7 @@ extern int keylifetime; extern int do_prune; extern int do_purge; extern char *myport; +extern time_t now; extern void retry_outgoing(outgoing_t *); extern void handle_incoming_vpn_data(int); diff --git a/src/net_packet.c b/src/net_packet.c index 81d759a6..bffe4a7f 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.6 2002/03/01 12:26:56 guus Exp $ + $Id: net_packet.c,v 1.1.2.7 2002/03/01 14:09:31 guus Exp $ */ #include "config.h" @@ -399,10 +399,9 @@ cp return; } -/* if(n->connection) - n->connection->last_ping_time = time(NULL); -*/ + n->connection->last_ping_time = now; + receive_udppacket(n, &pkt); cp } diff --git a/src/net_setup.c b/src/net_setup.c index 6887fe34..f8a8b99b 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.7 2002/03/01 13:18:54 guus Exp $ + $Id: net_setup.c,v 1.1.2.8 2002/03/01 14:09:31 guus Exp $ */ #include "config.h" @@ -328,6 +328,9 @@ cp get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance); + if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) + macexpire= 600; + if(get_config_int(lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) { if(maxtimeout <= 0) @@ -392,7 +395,7 @@ cp if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) keylifetime = 3600; - keyexpires = time(NULL) + keylifetime; + keyexpires = now + keylifetime; /* Check if we want to use message authentication codes... */ @@ -514,6 +517,8 @@ cp int setup_network_connections(void) { cp + now = time(NULL); + init_connections(); init_subnets(); init_nodes(); diff --git a/src/net_socket.c b/src/net_socket.c index 39bbbaa8..63760afb 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.6 2002/03/01 13:18:54 guus Exp $ + $Id: net_socket.c,v 1.1.2.7 2002/03/01 14:09:31 guus Exp $ */ #include "config.h" @@ -204,7 +204,7 @@ cp event = new_event(); event->handler = (event_handler_t)setup_outgoing_connection; - event->time = time(NULL) + outgoing->timeout; + event->time = now + outgoing->timeout; event->data = outgoing; event_add(event); @@ -260,7 +260,7 @@ cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); - c->last_ping_time = time(NULL); + c->last_ping_time = now; send_id(c); cp @@ -407,7 +407,7 @@ cp } c->outgoing = outgoing; - c->last_ping_time = time(NULL); + c->last_ping_time = now; connection_add(c); @@ -439,7 +439,7 @@ cp c->address = sa; c->hostname = sockaddr2hostname(&sa); c->socket = fd; - c->last_ping_time = time(NULL); + c->last_ping_time = now; if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Connection from %s"), c->hostname); diff --git a/src/protocol_misc.c b/src/protocol_misc.c index 5863f9e9..0e4a86d7 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_misc.c,v 1.1.4.1 2002/02/11 10:05:58 guus Exp $ + $Id: protocol_misc.c,v 1.1.4.2 2002/03/01 14:09:31 guus Exp $ */ #include "config.h" @@ -122,7 +122,7 @@ int send_ping(connection_t *c) { cp c->status.pinged = 1; - c->last_ping_time = time(NULL); + c->last_ping_time = now; cp return send_request(c, "%d", PING); } diff --git a/src/route.c b/src/route.c index a6790c95..d76bd9bd 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.25 2002/03/01 12:26:56 guus Exp $ + $Id: route.c,v 1.1.2.26 2002/03/01 14:09:31 guus Exp $ */ #include "config.h" @@ -52,6 +52,7 @@ int routing_mode = RMODE_ROUTER; int priorityinheritance = 0; +int macexpire = 600; subnet_t mymac; void learn_mac(mac_t *address) @@ -84,6 +85,31 @@ cp send_add_subnet(c, subnet); } } + + subnet->net.mac.lastseen = now; +} + +void age_mac(void) +{ + subnet_t *s; + connection_t *c; + avl_node_t *node, *next, *node2; +cp + for(node = myself->subnet_tree->head; node; node = next) + { + s = (subnet_t *)node->data; + if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now) + { + for(node2 = connection_tree->head; node2; node2 = node2->next) + { + c = (connection_t *)node2->data; + if(c->status.active) + send_del_subnet(c, s); + } + subnet_del(myself, s); + } + } +cp } node_t *route_mac(vpn_packet_t *packet) diff --git a/src/route.h b/src/route.h index 1f9e7a5a..d188af2d 100644 --- a/src/route.h +++ b/src/route.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.h,v 1.1.2.6 2002/03/01 12:26:56 guus Exp $ + $Id: route.h,v 1.1.2.7 2002/03/01 14:09:31 guus Exp $ */ #ifndef __TINC_ROUTE_H__ @@ -32,7 +32,9 @@ enum extern int routing_mode; extern int priorityinheritance; +extern int macexpire; +extern void age_mac(void); extern void route_incoming(node_t *, vpn_packet_t *); extern void route_outgoing(vpn_packet_t *); diff --git a/src/subnet.h b/src/subnet.h index 04e5c286..7e926e4f 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.16 2002/02/18 16:25:19 guus Exp $ + $Id: subnet.h,v 1.1.2.17 2002/03/01 14:09:31 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -36,6 +36,7 @@ enum typedef struct subnet_mac_t { mac_t address; + time_t lastseen; } subnet_mac_t; typedef struct subnet_ipv4_t From ab90fa9bd1a653a330be7ef11293000721a0e7b4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 1 Mar 2002 14:25:10 +0000 Subject: [PATCH 557/923] Document and clean up MAC address expiry. --- doc/tinc.conf.5 | 8 ++++++- doc/tinc.texi | 19 ++++++++++----- po/nl.po | 63 ++++++++++++++++++++++++++----------------------- src/net.c | 4 ++-- src/route.c | 5 +++- 5 files changed, 60 insertions(+), 39 deletions(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 7633dca9..4de7c6de 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -165,6 +165,12 @@ Currently this option only affects the Linux tun/tap device. This option controls the period the encryption keys used to encrypt the data are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, even though it is thought to be nearly impossible to crack a single key. +.It Va MACExpire Li = Ar period Pq 600 +This option controls the amount of time MAC addresses are kept before they are removed. +This only has effect when +.Va Mode +is set to +.Qq switch . .It Va MaxTimeout Li = Ar period Pq 900 This is the maximum delay before trying to reconnect to other tinc daemons. .It Va Mode Li = router | switch | hub Pq router @@ -183,7 +189,7 @@ at the cost of frequent broadcast ARP requests and routing table updates. .It hub This mode is almost the same as the switch mode, but instead every packet will be broadcast to the other daemons -while no routing table is created. +while no routing table is managed. .El .It Va Name Li = Ar name Bq required This is the name which identifies this tinc daemon. diff --git a/doc/tinc.texi b/doc/tinc.texi index dba07540..abbfeb31 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ +$Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.22 2002/03/01 13:38:02 guus Exp $ +$Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -813,13 +813,15 @@ Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this @cindex switch @item switch In this mode the MAC addresses of the packets on the VPN will be used to -dynamically create a routing table just like a network switch does. -Unicast, multicast and broadcast packets of every ethernet protocol are supported in this mode +dynamically create a routing table just like an Ethernet switch does. +Unicast, multicast and broadcast packets of every protocol that runs over Ethernet are supported in this mode at the cost of frequent broadcast ARP requests and routing table updates. @cindex hub @item hub -In this mode every packet will be broadcast to the other daemons. +This mode is almost the same as the switch mode, but instead +every packet will be broadcast to the other daemons +while no routing table is managed. @end table @cindex KeyExpire @@ -829,6 +831,11 @@ are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, even though it is thought to be nearly impossible to crack a single key. +@cindex MACExpire +@item MACExpire = (600) +This option controls the amount of time MAC addresses are kept before they are removed. +This only has effect when Mode is set to "switch". + @cindex Name @item @strong{Name = } This is a symbolic name for this connection. It can be anything diff --git a/po/nl.po b/po/nl.po index 56d9b72a..65d44258 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-03-01 14:19+0100\n" +"POT-Creation-Date: 2002-03-01 15:22+0100\n" "PO-Revision-Date: 2002-03-01 14:19+0100\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -172,53 +172,53 @@ msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:114 +#: src/net.c:116 msgid "Purging unreachable nodes" msgstr "Verwijderen onbereikbare nodes" -#: src/net.c:124 +#: src/net.c:126 #, c-format msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:178 +#: src/net.c:180 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:249 +#: src/net.c:248 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:262 +#: src/net.c:261 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:315 src/net_socket.c:246 +#: src/net.c:314 src/net_socket.c:246 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:377 +#: src/net.c:378 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:411 +#: src/net.c:413 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:428 +#: src/net.c:430 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:445 +#: src/net.c:447 msgid "Rereading configuration file and restarting in 5 seconds" msgstr "Herlezen configuratiebestand en herstart in 5 seconden" -#: src/net.c:452 +#: src/net.c:454 msgid "Unable to reread configuration file, exiting" msgstr "Kan configuratiebestand niet herlezen, beëindigen" @@ -259,7 +259,7 @@ msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" #. SO_PRIORITY doesn't seem to work -#: src/net_packet.c:270 src/net_setup.c:476 src/net_socket.c:99 +#: src/net_packet.c:270 src/net_setup.c:479 src/net_socket.c:99 #: src/net_socket.c:138 src/net_socket.c:165 src/process.c:258 #: src/process.c:293 #, c-format @@ -369,44 +369,44 @@ msgstr "Ongeldig publiek/priv msgid "Invalid routing mode!" msgstr "Ongeldige routing modus!" -#: src/net_setup.c:335 +#: src/net_setup.c:338 msgid "Bogus maximum timeout!" msgstr "Onzinnige maximum timeout!" -#: src/net_setup.c:352 +#: src/net_setup.c:355 msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:374 +#: src/net_setup.c:377 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:409 +#: src/net_setup.c:412 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:425 +#: src/net_setup.c:428 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:430 +#: src/net_setup.c:433 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:446 +#: src/net_setup.c:449 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:491 +#: src/net_setup.c:494 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:501 +#: src/net_setup.c:504 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:504 +#: src/net_setup.c:507 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" @@ -1028,17 +1028,22 @@ msgstr "Signaal %d (%s) genegeerd" msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:70 +#: src/route.c:71 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:120 +#: src/route.c:104 +#, c-format +msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" +msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" + +#: src/route.c:149 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:140 +#: src/route.c:169 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1047,16 +1052,16 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:184 +#: src/route.c:213 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:197 +#: src/route.c:226 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:249 +#: src/route.c:278 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" diff --git a/src/net.c b/src/net.c index a1b17052..722e8ccd 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.160 2002/03/01 14:09:31 guus Exp $ + $Id: net.c,v 1.35.4.161 2002/03/01 14:25:10 guus Exp $ */ #include "config.h" @@ -402,7 +402,7 @@ cp check_dead_connections(); last_ping_check = now; - if(routing_mode != RMODE_ROUTER) + if(routing_mode== RMODE_SWITCH) age_mac(); /* Should we regenerate our key? */ diff --git a/src/route.c b/src/route.c index d76bd9bd..77fb7d17 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.26 2002/03/01 14:09:31 guus Exp $ + $Id: route.c,v 1.1.2.27 2002/03/01 14:25:10 guus Exp $ */ #include "config.h" @@ -100,6 +100,9 @@ cp s = (subnet_t *)node->data; if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"), + s->net.mac.address.x[0], s->net.mac.address.x[1], s->net.mac.address.x[2], s->net.mac.address.x[3], s->net.mac.address.x[4], s->net.mac.address.x[5]); for(node2 = connection_tree->head; node2; node2 = node2->next) { c = (connection_t *)node2->data; From 7d5741859e681e6b0d0e32b978da6f309c456729 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 1 Mar 2002 14:33:48 +0000 Subject: [PATCH 558/923] Woops. --- src/route.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/route.c b/src/route.c index 77fb7d17..c171d391 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.27 2002/03/01 14:25:10 guus Exp $ + $Id: route.c,v 1.1.2.28 2002/03/01 14:33:48 guus Exp $ */ #include "config.h" @@ -97,6 +97,7 @@ void age_mac(void) cp for(node = myself->subnet_tree->head; node; node = next) { + next = node->next; s = (subnet_t *)node->data; if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now) { From 0c16add71c6432c882c6d8f538a4b2db0026ec24 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 1 Mar 2002 15:14:29 +0000 Subject: [PATCH 559/923] Check if BindToDevice and PriorityInheritance are supported. --- po/nl.po | 106 +++++++++++++++++++++++++---------------------- src/net_packet.c | 4 +- src/net_setup.c | 6 ++- src/net_socket.c | 22 ++++++---- 4 files changed, 80 insertions(+), 58 deletions(-) diff --git a/po/nl.po b/po/nl.po index 65d44258..64e6452b 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,8 +5,8 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-03-01 15:22+0100\n" -"PO-Revision-Date: 2002-03-01 14:19+0100\n" +"POT-Creation-Date: 2002-03-01 16:10+0100\n" +"PO-Revision-Date: 2002-03-01 16:10+0100\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" @@ -196,7 +196,7 @@ msgstr "%s (%s) antwoordde niet op ping" msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:314 src/net_socket.c:246 +#: src/net.c:314 src/net_socket.c:254 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" @@ -253,69 +253,69 @@ msgstr "" msgid "Error while compressing packet to %s (%s)" msgstr "Fout tijdens comprimeren pakket naar %s (%s)" -#: src/net_packet.c:268 +#: src/net_packet.c:269 #, c-format msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" #. SO_PRIORITY doesn't seem to work -#: src/net_packet.c:270 src/net_setup.c:479 src/net_socket.c:99 -#: src/net_socket.c:138 src/net_socket.c:165 src/process.c:258 +#: src/net_packet.c:271 src/net_setup.c:483 src/net_socket.c:99 +#: src/net_socket.c:145 src/net_socket.c:172 src/process.c:258 #: src/process.c:293 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" -#: src/net_packet.c:275 +#: src/net_packet.c:277 #, c-format msgid "Error sending packet to %s (%s): %s" msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net_packet.c:292 +#: src/net_packet.c:294 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net_packet.c:299 +#: src/net_packet.c:301 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net_packet.c:308 +#: src/net_packet.c:310 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net_packet.c:316 +#: src/net_packet.c:318 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net_packet.c:336 +#: src/net_packet.c:338 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net_packet.c:353 +#: src/net_packet.c:355 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:375 +#: src/net_packet.c:377 #, c-format msgid "This is a bug: %s:%d: %d:%s" msgstr "Dit is een programmeerfout: %s:%d: %d:%s" -#: src/net_packet.c:382 +#: src/net_packet.c:384 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net_packet.c:388 +#: src/net_packet.c:390 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:397 +#: src/net_packet.c:399 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" @@ -369,44 +369,48 @@ msgstr "Ongeldig publiek/priv msgid "Invalid routing mode!" msgstr "Ongeldige routing modus!" -#: src/net_setup.c:338 +#: src/net_setup.c:332 +msgid "PriorityInheritance not supported on this platform" +msgstr "PriorityInheritance wordt niet ondersteund op dit platform" + +#: src/net_setup.c:342 msgid "Bogus maximum timeout!" msgstr "Onzinnige maximum timeout!" -#: src/net_setup.c:355 +#: src/net_setup.c:359 msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:377 +#: src/net_setup.c:381 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:412 +#: src/net_setup.c:416 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:428 +#: src/net_setup.c:432 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:433 +#: src/net_setup.c:437 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:449 +#: src/net_setup.c:453 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:494 +#: src/net_setup.c:498 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:504 +#: src/net_setup.c:508 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:507 +#: src/net_setup.c:511 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" @@ -415,82 +419,86 @@ msgstr "Kon geen enkele luistersocket aanmaken!" msgid "Creating metasocket failed: %s" msgstr "Aanmaak van metasocket mislukt: %s" -#: src/net_socket.c:120 src/net_socket.c:179 +#: src/net_socket.c:125 src/net_socket.c:187 #, c-format msgid "Can't bind to interface %s: %s" msgstr "Kan niet aan interface %s binden: %s" -#: src/net_socket.c:130 +#: src/net_socket.c:129 +msgid "BindToDevice not supported on this platform" +msgstr "BindToDevice wordt niet ondersteund op dit platform" + +#: src/net_socket.c:137 #, c-format msgid "Can't bind to %s/tcp: %s" msgstr "Kan niet aan %s/tcp binden: %s" -#: src/net_socket.c:157 +#: src/net_socket.c:164 #, c-format msgid "Creating UDP socket failed: %s" msgstr "Aanmaak UDP socket mislukte: %s" -#: src/net_socket.c:189 +#: src/net_socket.c:197 #, c-format msgid "Can't bind to %s/udp: %s" msgstr "Kan niet aan %s/udp binden: %s" -#: src/net_socket.c:212 +#: src/net_socket.c:220 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net_socket.c:221 src/net_socket.c:316 +#: src/net_socket.c:229 src/net_socket.c:324 #, c-format msgid "Trying to connect to %s (%s)" msgstr "Poging tot verbinden met %s (%s)" -#: src/net_socket.c:227 src/net_socket.c:323 +#: src/net_socket.c:235 src/net_socket.c:331 #, c-format msgid "Creating socket for %s failed: %s" msgstr "Aanmaken socket voor %s mislukt: %s" -#: src/net_socket.c:251 src/net_socket.c:261 +#: src/net_socket.c:259 src/net_socket.c:269 #, c-format msgid "Connected to %s (%s)" msgstr "Verbonden met %s (%s)" -#: src/net_socket.c:280 +#: src/net_socket.c:288 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net_socket.c:344 +#: src/net_socket.c:352 #, c-format msgid "fcntl for %s: %s" msgstr "fcntl voor %s: %s" -#: src/net_socket.c:362 +#: src/net_socket.c:370 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/net_socket.c:383 +#: src/net_socket.c:391 #, c-format msgid "Already connected to %s" msgstr "Reeds verbonden met %s" -#: src/net_socket.c:402 +#: src/net_socket.c:410 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net_socket.c:429 +#: src/net_socket.c:437 #, c-format msgid "Accepting a new connection failed: %s" msgstr "Aanname van nieuwe verbinding is mislukt: %s" -#: src/net_socket.c:445 +#: src/net_socket.c:453 #, c-format msgid "Connection from %s" msgstr "Verbinding van %s" -#: src/net_socket.c:467 +#: src/net_socket.c:475 #, c-format msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" @@ -1033,17 +1041,17 @@ msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:104 +#: src/route.c:105 #, c-format msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" -#: src/route.c:149 +#: src/route.c:150 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:169 +#: src/route.c:170 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1052,16 +1060,16 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:213 +#: src/route.c:214 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:226 +#: src/route.c:227 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:278 +#: src/route.c:279 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" diff --git a/src/net_packet.c b/src/net_packet.c index bffe4a7f..48c429ab 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.7 2002/03/01 14:09:31 guus Exp $ + $Id: net_packet.c,v 1.1.2.8 2002/03/01 15:14:29 guus Exp $ */ #include "config.h" @@ -261,6 +261,7 @@ cp /* Send the packet */ +#if defined(SOL_IP) && defined(IP_TOS) if(priorityinheritance && origpriority != priority) { priority = origpriority; @@ -269,6 +270,7 @@ cp if(setsockopt(udp_socket[0], SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ syslog(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno)); } +#endif if((sendto(udp_socket[0], (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { diff --git a/src/net_setup.c b/src/net_setup.c index f8a8b99b..77e7a7c9 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.8 2002/03/01 14:09:31 guus Exp $ + $Id: net_setup.c,v 1.1.2.9 2002/03/01 15:14:29 guus Exp $ */ #include "config.h" @@ -327,6 +327,10 @@ cp routing_mode = RMODE_ROUTER; get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance); +#if !defined(SOL_IP) || !defined(IP_TOS) + if(priorityinheritance) + syslog(LOG_WARNING, _("PriorityInheritance not supported on this platform")); +#endif if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) macexpire= 600; diff --git a/src/net_socket.c b/src/net_socket.c index 63760afb..cc799264 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.7 2002/03/01 14:09:31 guus Exp $ + $Id: net_socket.c,v 1.1.2.8 2002/03/01 15:14:29 guus Exp $ */ #include "config.h" @@ -81,7 +81,7 @@ int setup_listen_socket(sockaddr_t *sa) int nfd, flags; char *addrstr; int option; -#ifdef HAVE_LINUX +#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) char *interface; struct ifreq ifr; #endif @@ -104,14 +104,19 @@ cp option = 1; setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); -#ifdef HAVE_LINUX - setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); +#if defined(SOL_TCP) && defined(TCP_NODELAY) + setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); +#endif + +#if defined(SOL_IP) && defined(IP_TOS) && defined(IPTOS_LOWDELAY) option = IPTOS_LOWDELAY; setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); +#endif if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) { +#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) @@ -120,8 +125,10 @@ cp syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); return -1; } - } +#else + syslog(LOG_WARNING, _("BindToDevice not supported on this platform")); #endif + } if(bind(nfd, &sa->sa, SALEN(sa->sa))) { @@ -147,7 +154,7 @@ int setup_vpn_in_socket(sockaddr_t *sa) int nfd, flags; char *addrstr; int option; -#ifdef HAVE_LINUX +#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) char *interface; struct ifreq ifr; #endif @@ -168,7 +175,8 @@ cp option = 1; setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); -#ifdef HAVE_LINUX + +#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) { memset(&ifr, 0, sizeof(ifr)); From 024ab44d98883d78cefe2c622cec9831c7f19c13 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 10 Mar 2002 14:04:48 +0000 Subject: [PATCH 560/923] Fix forwarding of IPv6 packets. --- src/route.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/src/route.c b/src/route.c index c171d391..f42b6a55 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.28 2002/03/01 14:33:48 guus Exp $ + $Id: route.c,v 1.1.2.29 2002/03/10 14:04:48 guus Exp $ */ #include "config.h" @@ -254,7 +254,7 @@ cp void route_outgoing(vpn_packet_t *packet) { unsigned short int type; - node_t *n; + node_t *n = NULL; cp /* FIXME: multicast? */ @@ -304,9 +304,22 @@ void route_incoming(node_t *source, vpn_packet_t *packet) { case RMODE_ROUTER: { - node_t *n; + node_t *n = NULL; + unsigned short int type; - n = route_ipv4(packet); + type = ntohs(*((unsigned short*)(&packet->data[12]))); + switch(type) + { + case 0x0800: + n = route_ipv4(packet); + break; + case 0x86DD: + n = route_ipv6(packet); + break; + default: + n = myself; + break; + } if(n) { From 0c34478cc03167208c84f3d6d2ed6e53172b4711 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 10 Mar 2002 14:05:35 +0000 Subject: [PATCH 561/923] po/POTFILES and po/Makefile should not be generated by configure. --- configure.in | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/configure.in b/configure.in index b3c036c9..7e16a066 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.41 2002/02/12 14:42:37 guus Exp $ +dnl $Id: configure.in,v 1.13.2.42 2002/03/10 14:05:35 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -116,6 +116,4 @@ intl/Makefile lib/Makefile m4/Makefile po/Makefile.in -po/POTFILES -po/Makefile ) From 9de7470bfdabacec5f3769bf5cfa97ef4e481ba0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 10 Mar 2002 14:07:08 +0000 Subject: [PATCH 562/923] Autodetect $MAKE/gmake/make. --- autogen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/autogen.sh b/autogen.sh index c0083be9..186d1e30 100644 --- a/autogen.sh +++ b/autogen.sh @@ -4,7 +4,7 @@ DIE=0 -alias make=${MAKE:-make} +alias make=${MAKE:-`which gmake || which make`} srcdir="`/bin/pwd`" From 3cbe67a8de1da7bd042474de4d16cb4f7e9822ab Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 10 Mar 2002 15:40:27 +0000 Subject: [PATCH 563/923] Small fixes to improve portability. --- Makefile.am | 2 +- autogen.sh | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index bbfa0141..1c152cae 100644 --- a/Makefile.am +++ b/Makefile.am @@ -17,7 +17,7 @@ ChangeLog: cvs2cl -U cvsusers --fsf cvs-clean: maintainer-clean - for f in $(CVS_CREATED) `find -name Makefile.in` tinc-$(VERSION).tar.gz; do\ + for f in $(CVS_CREATED) `find . -name Makefile.in` tinc-$(VERSION).tar.gz; do\ rm -Rf "$$f"; \ done diff --git a/autogen.sh b/autogen.sh index 186d1e30..21a0f4c1 100644 --- a/autogen.sh +++ b/autogen.sh @@ -4,7 +4,10 @@ DIE=0 -alias make=${MAKE:-`which gmake || which make`} +if ${MAKE:-gmake} -q -C . autogen.sh 2> /dev/null +then + alias make=${MAKE:-gmake} +fi srcdir="`/bin/pwd`" From 5ffeb13d65313d5a191a605690a4f8fdf1604b48 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 10 Mar 2002 16:09:15 +0000 Subject: [PATCH 564/923] Don't retry to make outgoing connections when exitting. --- src/net_setup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index 77e7a7c9..a77fa58a 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.9 2002/03/01 15:14:29 guus Exp $ + $Id: net_setup.c,v 1.1.2.10 2002/03/10 16:09:15 guus Exp $ */ #include "config.h" @@ -567,7 +567,7 @@ cp next = node->next; c = (connection_t *)node->data; if(c->outgoing) - free(c->outgoing->name), free(c->outgoing); + free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL; terminate_connection(c, 0); } From 4fda4560bbdd41e217ce0e1a90ba98c79e4f3519 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 11 Mar 2002 11:23:04 +0000 Subject: [PATCH 565/923] Cleanups, spelling fixes, allow symbol names for signals (-k option), don't remove pidfile if other tincd is still running. --- src/net.c | 6 +-- src/process.c | 29 ++++++++----- src/subnet.c | 4 +- src/tincd.c | 117 ++++++++++++++++++++++++++++++-------------------- 4 files changed, 94 insertions(+), 62 deletions(-) diff --git a/src/net.c b/src/net.c index 722e8ccd..4061d7af 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.161 2002/03/01 14:25:10 guus Exp $ + $Id: net.c,v 1.35.4.162 2002/03/11 11:23:04 guus Exp $ */ #include "config.h" @@ -444,14 +444,14 @@ cp close_network_connections(); exit_configuration(&config_tree); - syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds")); + syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds...")); sleep(5); init_configuration(&config_tree); if(read_server_config()) { - syslog(LOG_ERR, _("Unable to reread configuration file, exiting")); + syslog(LOG_ERR, _("Unable to reread configuration file, exitting.")); exit(1); } diff --git a/src/process.c b/src/process.c index 5cc32c66..5c0eb9f9 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.35 2002/02/18 16:25:16 guus Exp $ + $Id: process.c,v 1.1.2.36 2002/03/11 11:23:04 guus Exp $ */ #include "config.h" @@ -65,7 +65,7 @@ extern int do_purge; void memory_full(int size) { - syslog(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exiting."), size); + syslog(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exitting."), size); cp_trace(); exit(1); } @@ -144,8 +144,15 @@ cp errno = 0; /* No error, sometimes errno is only changed on error */ /* ESRCH is returned when no process with that pid is found */ if(kill(pid, signal) && errno == ESRCH) - fprintf(stderr, _("Removing stale lock file.\n")); - remove_pid(pidfilename); + { + if(netname) + fprintf(stderr, _("The tincd for net `%s' is no longer running. "), netname); + else + fprintf(stderr, _("The tincd is no longer running. ")); + + fprintf(stderr, _("Removing stale lock file.\n")); + remove_pid(pidfilename); + } cp return 0; } @@ -323,25 +330,25 @@ sigquit_handler(int a) } RETSIGTYPE -sigsegv_square(int a) +fatal_signal_square(int a) { - syslog(LOG_ERR, _("Got another SEGV signal: not restarting")); + syslog(LOG_ERR, _("Got another fatal signal %d (%s): not restarting."), a, strsignal(a)); cp_trace(); exit(1); } RETSIGTYPE -sigsegv_handler(int a) +fatal_signal_handler(int a) { struct sigaction act; - syslog(LOG_ERR, _("Got SEGV signal")); + syslog(LOG_ERR, _("Got fatal signal %d (%s)"), a, strsignal(a)); cp_trace(); if(do_detach) { syslog(LOG_NOTICE, _("Trying to re-execute in 5 seconds...")); - act.sa_handler = sigsegv_square; + act.sa_handler = fatal_signal_square; act.sa_mask = emptysigset; act.sa_flags = 0; sigaction(SIGSEGV, &act, NULL); @@ -439,7 +446,9 @@ struct { { SIGHUP, sighup_handler }, { SIGTERM, sigterm_handler }, { SIGQUIT, sigquit_handler }, - { SIGSEGV, sigsegv_handler }, + { SIGSEGV, fatal_signal_handler }, + { SIGBUS, fatal_signal_handler }, + { SIGILL, fatal_signal_handler }, { SIGPIPE, ignore_signal_handler }, { SIGINT, sigint_handler }, { SIGUSR1, sigusr1_handler }, diff --git a/src/subnet.c b/src/subnet.c index 954d5d0a..525c14e9 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.31 2002/02/20 17:16:15 guus Exp $ + $Id: subnet.c,v 1.1.2.32 2002/03/11 11:23:04 guus Exp $ */ #include "config.h" @@ -233,7 +233,7 @@ cp subnet->type = SUBNET_IPV6; subnet->net.ipv6.masklength = 128; for(i = 0; i < 8; i++) - subnet->net.ipv6.address.x[i] = htons(x[i]); + subnet->net.ipv6.address.x[i] = htons(x[i]); return subnet; } diff --git a/src/tincd.c b/src/tincd.c index d9288bac..b8b29596 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,13 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.57 2002/02/10 21:57:54 guus Exp $ + $Id: tincd.c,v 1.10.4.58 2002/03/11 11:23:04 guus Exp $ */ #include "config.h" #include -#include +#include #include #include #include @@ -102,13 +102,13 @@ usage(int status) { printf(_("Usage: %s [option]...\n\n"), program_name); printf(_(" -c, --config=DIR Read configuration options from DIR.\n" - " -D, --no-detach Don't fork and detach.\n" - " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" - " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" - " -n, --net=NETNAME Connect to net NETNAME.\n")); + " -D, --no-detach Don't fork and detach.\n" + " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" + " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" + " -n, --net=NETNAME Connect to net NETNAME.\n")); printf(_(" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" " --help Display this help and exit.\n" - " --version Output version information and exit.\n\n")); + " --version Output version information and exit.\n\n")); printf(_("Report bugs to tinc@nl.linux.org.\n")); } exit(status); @@ -119,48 +119,77 @@ parse_options(int argc, char **argv, char **envp) { int r; int option_index = 0; - + while((r = getopt_long(argc, argv, "c:Dd::k::n:K::", long_options, &option_index)) != EOF) { switch(r) { case 0: /* long option */ break; - case 'c': /* config file */ - confbase = xmalloc(strlen(optarg)+1); - strcpy(confbase, optarg); - break; - case 'D': /* no detach */ - do_detach = 0; - break; - case 'd': /* inc debug level */ - if(optarg) - debug_lvl = atoi(optarg); - else - debug_lvl++; - break; - case 'k': /* kill old tincds */ - kill_tincd = optarg?atoi(optarg):SIGTERM; - break; - case 'n': /* net name given */ - netname = xmalloc(strlen(optarg)+1); - strcpy(netname, optarg); - break; - case 'K': /* generate public/private keypair */ + case 'c': /* config file */ + confbase = xmalloc(strlen(optarg)+1); + strcpy(confbase, optarg); + break; + case 'D': /* no detach */ + do_detach = 0; + break; + case 'd': /* inc debug level */ + if(optarg) + debug_lvl = atoi(optarg); + else + debug_lvl++; + break; + case 'k': /* kill old tincds */ + if(optarg) + { + if(!strcasecmp(optarg, "HUP")) + kill_tincd = SIGHUP; + else if(!strcasecmp(optarg, "TERM")) + kill_tincd = SIGTERM; + else if(!strcasecmp(optarg, "KILL")) + kill_tincd = SIGKILL; + else if(!strcasecmp(optarg, "USR1")) + kill_tincd = SIGUSR1; + else if(!strcasecmp(optarg, "USR2")) + kill_tincd = SIGUSR2; + else if(!strcasecmp(optarg, "WINCH")) + kill_tincd = SIGWINCH; + else if(!strcasecmp(optarg, "INT")) + kill_tincd = SIGINT; + else if(!strcasecmp(optarg, "ALRM")) + kill_tincd = SIGALRM; + else + { + kill_tincd = atoi(optarg); + if(!kill_tincd) + { + fprintf(stderr, _("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), optarg); + usage(1); + } + } + } + else + kill_tincd = SIGTERM; + break; + case 'n': /* net name given */ + netname = xmalloc(strlen(optarg)+1); + strcpy(netname, optarg); + break; + case 'K': /* generate public/private keypair */ if(optarg) { generate_keys = atoi(optarg); if(generate_keys < 512) { fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"), - optarg); + optarg); usage(1); } - generate_keys &= ~7; /* Round it to bytes */ + generate_keys &= ~7; /* Round it to bytes */ } else generate_keys = 1024; - break; + break; case '?': usage(1); default: @@ -188,7 +217,7 @@ void indicator(int a, int b, void *p) switch(b) { case 0: - fprintf(stderr, " p\n"); + fprintf(stderr, " p\n"); break; case 1: fprintf(stderr, " q\n"); @@ -240,7 +269,7 @@ int keygen(int bits) PEM_write_RSAPublicKey(f, rsa_key); fclose(f); free(filename); - + asprintf(&filename, "%s/rsa_key.priv", confbase); if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL) return -1; @@ -298,10 +327,10 @@ main(int argc, char **argv, char **envp) { printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT); printf(_("Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" - "See the AUTHORS file for a complete list.\n\n" - "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" - "and you are welcome to redistribute it under certain conditions;\n" - "see the file COPYING for details.\n")); + "See the AUTHORS file for a complete list.\n\n" + "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" + "and you are welcome to redistribute it under certain conditions;\n" + "see the file COPYING for details.\n")); return 0; } @@ -309,15 +338,9 @@ main(int argc, char **argv, char **envp) if(show_help) usage(0); - if(geteuid()) - { - fprintf(stderr, _("You must be root to run this program.\n")); - return 1; - } - #ifdef HAVE_SOLARIS openlog("tinc", LOG_CONS, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ -#else +#else openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ #endif @@ -342,7 +365,7 @@ cp read_server_config(); exit(keygen(generate_keys)); } - + if(kill_tincd) exit(kill_other(kill_tincd)); @@ -359,7 +382,7 @@ cp main_loop(); cleanup_and_exit(1); } - + syslog(LOG_ERR, _("Unrecoverable error")); cp_trace(); From c2713ba7a5ff12e270d66a5d3188a3640873830e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 11 Mar 2002 11:45:12 +0000 Subject: [PATCH 566/923] prune_connections() before build_fdset(). --- src/net.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/net.c b/src/net.c index 4061d7af..acba5ad3 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.162 2002/03/11 11:23:04 guus Exp $ + $Id: net.c,v 1.35.4.163 2002/03/11 11:45:12 guus Exp $ */ #include "config.h" @@ -369,6 +369,12 @@ cp tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */ tv.tv_usec = 0; + if(do_prune) + { + prune_connections(); + do_prune = 0; + } + build_fdset(&fset); if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) @@ -383,13 +389,7 @@ cp if(r > 0) check_network_activity(&fset); - if(do_prune) - { - prune_connections(); - do_prune = 0; - } - - if(do_purge) + if(do_purge) { purge(); do_purge = 0; From 46fa10cec7b6bf26773f5e86e7b8118d9075e807 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 11 Mar 2002 13:14:53 +0000 Subject: [PATCH 567/923] Try to reply to neighbor solicitation requests. --- src/route.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 74 insertions(+), 2 deletions(-) diff --git a/src/route.c b/src/route.c index f42b6a55..fc02c67f 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.29 2002/03/10 14:04:48 guus Exp $ + $Id: route.c,v 1.1.2.30 2002/03/11 13:14:53 guus Exp $ */ #include "config.h" @@ -33,6 +33,8 @@ #else #include #endif +#include +#include #include #include #include @@ -184,6 +186,71 @@ cp return subnet->owner; } +void route_neighborsol(vpn_packet_t *packet) +{ + struct ip6_hdr *hdr; + struct nd_neighbor_solicit *ns; + struct nd_opt_hdr *opt; + subnet_t *subnet; +cp + hdr = (struct ip6_hdr *)(packet->data + 14); + ns = (struct nd_neighbor_solicit *)(packet->data + 14 + sizeof(struct ip6_hdr)); + opt = (struct nd_opt_hdr *)(packet->data + 14 + sizeof(struct ip6_hdr) + sizeof(struct nd_neighbor_solicit)); + + /* First, snatch the source address from the neighbor solicitation packet */ + + memcpy(mymac.net.mac.address.x, packet->data + 6, 6); + + /* Check if this is a valid neighbor solicitation request */ + + if(ns->nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT || + opt->nd_opt_type != ND_OPT_SOURCE_LINKADDR) + { + if(debug_lvl > DEBUG_TRAFFIC) + { + syslog(LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request")); + } + return; + } + + /* Check if the IPv6 address exists on the VPN */ + + subnet = lookup_subnet_ipv6((ipv6_t *)&ns->nd_ns_target); + + if(!subnet) + { + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_WARNING, _("Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), + ntohs(ns->nd_ns_target.s6_addr16[0]), ntohs(ns->nd_ns_target.s6_addr16[1]), ntohs(ns->nd_ns_target.s6_addr16[2]), ntohs(ns->nd_ns_target.s6_addr16[3]), + ntohs(ns->nd_ns_target.s6_addr16[4]), ntohs(ns->nd_ns_target.s6_addr16[5]), ntohs(ns->nd_ns_target.s6_addr16[6]), ntohs(ns->nd_ns_target.s6_addr16[7])); + } + + return; + } + + /* Check if it is for our own subnet */ + + if(subnet->owner == myself) + return; /* silently ignore */ + + /* Create neighbor advertation reply */ + + memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ + packet->data[ETHER_ADDR_LEN*2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ + + memcpy(&hdr->ip6_dst, &hdr->ip6_src, 16); /* swap destination and source protocol address */ + memcpy(&hdr->ip6_src, &ns->nd_ns_target, 16); /* ... */ + + memcpy((char *)opt + sizeof(*opt), packet->data + ETHER_ADDR_LEN, 6); /* add fake source hard addr */ + + ns->nd_ns_hdr.icmp6_type = ND_NEIGHBOR_ADVERT; + opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; + + write_packet(packet); +cp +} + void route_arp(vpn_packet_t *packet) { struct ether_arp *arp; @@ -216,7 +283,7 @@ cp return; } - /* Check if the IP address exists on the VPN */ + /* Check if the IPv4 address exists on the VPN */ subnet = lookup_subnet_ipv4((ipv4_t *)arp->arp_tpa); @@ -269,6 +336,11 @@ cp break; case 0x86DD: n = route_ipv6(packet); + if(!n && packet->data[6] == 0x33 && packet->data[7] == 0x33 && packet->data[8] == 0xff) + { + route_neighborsol(packet); + return; + } break; case 0x0806: route_arp(packet); From d2e0ed533c8aa3c6ab538d87e004108c631cb0be Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 11 Mar 2002 13:56:00 +0000 Subject: [PATCH 568/923] New strategy: forward icmp6 neighbor solicitations to intended target. --- src/route.c | 39 +++++++++++++-------------------------- 1 file changed, 13 insertions(+), 26 deletions(-) diff --git a/src/route.c b/src/route.c index fc02c67f..bd4341da 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.30 2002/03/11 13:14:53 guus Exp $ + $Id: route.c,v 1.1.2.31 2002/03/11 13:56:00 guus Exp $ */ #include "config.h" @@ -57,6 +57,10 @@ int priorityinheritance = 0; int macexpire = 600; subnet_t mymac; +#ifdef HAVE_FREEBSD +#define s6_addr16 __u6_addr.__u6_addr16 +#endif + void learn_mac(mac_t *address) { subnet_t *subnet; @@ -186,16 +190,14 @@ cp return subnet->owner; } -void route_neighborsol(vpn_packet_t *packet) +node_t *route_neighborsol(vpn_packet_t *packet) { struct ip6_hdr *hdr; struct nd_neighbor_solicit *ns; - struct nd_opt_hdr *opt; subnet_t *subnet; cp hdr = (struct ip6_hdr *)(packet->data + 14); ns = (struct nd_neighbor_solicit *)(packet->data + 14 + sizeof(struct ip6_hdr)); - opt = (struct nd_opt_hdr *)(packet->data + 14 + sizeof(struct ip6_hdr) + sizeof(struct nd_neighbor_solicit)); /* First, snatch the source address from the neighbor solicitation packet */ @@ -203,8 +205,7 @@ cp /* Check if this is a valid neighbor solicitation request */ - if(ns->nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT || - opt->nd_opt_type != ND_OPT_SOURCE_LINKADDR) + if(ns->nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT) { if(debug_lvl > DEBUG_TRAFFIC) { @@ -226,28 +227,17 @@ cp ntohs(ns->nd_ns_target.s6_addr16[4]), ntohs(ns->nd_ns_target.s6_addr16[5]), ntohs(ns->nd_ns_target.s6_addr16[6]), ntohs(ns->nd_ns_target.s6_addr16[7])); } - return; + return NULL; } /* Check if it is for our own subnet */ if(subnet->owner == myself) - return; /* silently ignore */ + return NULL; /* silently ignore */ - /* Create neighbor advertation reply */ + /* Forward to destination */ - memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ - packet->data[ETHER_ADDR_LEN*2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ - - memcpy(&hdr->ip6_dst, &hdr->ip6_src, 16); /* swap destination and source protocol address */ - memcpy(&hdr->ip6_src, &ns->nd_ns_target, 16); /* ... */ - - memcpy((char *)opt + sizeof(*opt), packet->data + ETHER_ADDR_LEN, 6); /* add fake source hard addr */ - - ns->nd_ns_hdr.icmp6_type = ND_NEIGHBOR_ADVERT; - opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; - - write_packet(packet); + return subnet->owner; cp } @@ -336,11 +326,8 @@ cp break; case 0x86DD: n = route_ipv6(packet); - if(!n && packet->data[6] == 0x33 && packet->data[7] == 0x33 && packet->data[8] == 0xff) - { - route_neighborsol(packet); - return; - } + if(!n && packet->data[0] == 0x33 && packet->data[1] == 0x33 && packet->data[2] == 0xff) + n = route_neighborsol(packet); break; case 0x0806: route_arp(packet); From 2e7db2a6936a77baa0a81eb566674bd76d204951 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 12 Mar 2002 13:42:23 +0000 Subject: [PATCH 569/923] Simplified implementation of Kruskal's minimum spanning tree algorithm. --- src/graph.c | 52 +++++++++++++++++----------------------------------- 1 file changed, 17 insertions(+), 35 deletions(-) diff --git a/src/graph.c b/src/graph.c index abc918d9..6aac6f2a 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.7 2002/02/18 16:25:16 guus Exp $ + $Id: graph.c,v 1.1.2.8 2002/03/12 13:42:23 guus Exp $ */ /* We need to generate two trees from the graph: @@ -32,9 +32,7 @@ favour Kruskal's, because we make an extra AVL tree of edges sorted on weights (metric). That tree only has to be updated when an edge is added or removed, and during the MST algorithm we just have go linearly through that - tree, adding safe edges until #edges = #nodes - 1. The implementation here - however is not so fast, because I tried to avoid having to make a forest and - merge trees. + tree. For the SSSP algorithm Dijkstra's seems to be a nice choice. Currently a simple breadth-first search is presented here. @@ -62,20 +60,25 @@ #include "system.h" -/* Implementation of Kruskal's algorithm. - Running time: O(EN) - Please note that sorting on weight is already done by add_edge(). +/* Kruskal's minimum spanning tree algorithm. + Running time: O(E) + Edges are already sorted on weight. */ void mst_kruskal(void) { - avl_node_t *node, *next; + avl_node_t *node; edge_t *e; node_t *n; connection_t *c; - int nodes = 0; - int safe_edges = 0; - int skipped; + + /* Clear MST status on connections */ + + for(node = connection_tree->head; node; node = node->next) + { + c = (connection_t *)node->data; + c->status.mst = 0; + } /* Do we have something to do at all? */ @@ -88,46 +91,25 @@ void mst_kruskal(void) { n = (node_t *)node->data; n->status.visited = 0; - nodes++; } /* Starting point */ ((edge_t *)edge_weight_tree->head->data)->from.node->status.visited = 1; - /* Clear MST status on connections */ - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - c->status.mst = 0; - } - /* Add safe edges */ - for(skipped = 0, node = edge_weight_tree->head; node; node = next) + for(node = edge_weight_tree->head; node; node = node->next) { - next = node->next; e = (edge_t *)node->data; - if(e->from.node->status.visited == e->to.node->status.visited) - { - skipped = 1; - continue; - } + if(e->from.node->status.visited && e->to.node->status.visited) + continue; e->from.node->status.visited = 1; e->to.node->status.visited = 1; if(e->connection) e->connection->status.mst = 1; - - safe_edges++; - - if(skipped) - { - next = edge_weight_tree->head; - continue; - } } } From d6c2c4f2b7a94ef6a4db0de134d015bc8d21ffb1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 12 Mar 2002 14:19:51 +0000 Subject: [PATCH 570/923] Packet sequence number/authentication warnings only if debug_lvl >= 5. --- src/net_packet.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/net_packet.c b/src/net_packet.c index 48c429ab..981ad186 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.8 2002/03/01 15:14:29 guus Exp $ + $Id: net_packet.c,v 1.1.2.9 2002/03/12 14:19:51 guus Exp $ */ #include "config.h" @@ -103,7 +103,8 @@ cp HMAC(myself->digest, myself->key, myself->keylength, (char *)&inpkt->seqno, inpkt->len, hmac, NULL); if(memcmp(hmac, (char *)&inpkt->seqno + inpkt->len, myself->maclength)) { - syslog(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), n->name, n->hostname); + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), n->name, n->hostname); return; } } @@ -129,7 +130,8 @@ cp if(inpkt->seqno <= n->received_seqno) { - syslog(LOG_DEBUG, _("Got late or replayed packet from %s (%s), seqno %d"), n->name, n->hostname, inpkt->seqno); + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Got late or replayed packet from %s (%s), seqno %d"), n->name, n->hostname, inpkt->seqno); return; } From ecad9e9289162faec7b678be54178d22876b5d90 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 12 Mar 2002 14:20:44 +0000 Subject: [PATCH 571/923] Remove silly cache thingy. --- src/subnet.c | 39 ++++----------------------------------- 1 file changed, 4 insertions(+), 35 deletions(-) diff --git a/src/subnet.c b/src/subnet.c index 525c14e9..5e096252 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.32 2002/03/11 11:23:04 guus Exp $ + $Id: subnet.c,v 1.1.2.33 2002/03/12 14:20:44 guus Exp $ */ #include "config.h" @@ -42,10 +42,6 @@ #include "system.h" -int cache_mac_valid = 0; -int cache_ipv4_valid = 0; -int cache_ipv6_valid = 0; - /* lists type of subnet */ avl_tree_t *subnet_tree; @@ -154,20 +150,11 @@ cp /* Adding and removing subnets */ -void cache_invalidate(void) -{ - cache_mac_valid = 0; - cache_ipv4_valid = 0; - cache_ipv6_valid = 0; -} - void subnet_add(node_t *n, subnet_t *subnet) { cp subnet->owner = n; - cache_invalidate(); - avl_insert(subnet_tree, subnet); cp avl_insert(n->subnet_tree, subnet); @@ -177,8 +164,6 @@ cp void subnet_del(node_t *n, subnet_t *subnet) { cp - cache_invalidate(); - avl_delete(n->subnet_tree, subnet); cp avl_delete(subnet_tree, subnet); @@ -304,27 +289,20 @@ cp subnet_t *lookup_subnet_mac(mac_t *address) { - static subnet_t subnet, *p; + subnet_t subnet, *p; cp - if(cache_mac_valid && !memcmp(&subnet.net.mac.address, address, sizeof(mac_t))) - return p; - subnet.type = SUBNET_MAC; memcpy(&subnet.net.mac.address, address, sizeof(mac_t)); p = (subnet_t *)avl_search(subnet_tree, &subnet); - cache_mac_valid = 1; cp return p; } subnet_t *lookup_subnet_ipv4(ipv4_t *address) { - static subnet_t subnet, *p; + subnet_t subnet, *p; cp - if(cache_ipv4_valid && !memcmp(&subnet.net.ipv4.address, address, sizeof(ipv4_t))) - return p; - subnet.type = SUBNET_IPV4; memcpy(&subnet.net.ipv4.address, address, sizeof(ipv4_t)); subnet.net.ipv4.masklength = 32; @@ -356,20 +334,14 @@ cp } } } while (p); - - memcpy(&subnet.net.ipv4.address, address, sizeof(ipv4_t)); - cache_ipv4_valid = 1; cp return p; } subnet_t *lookup_subnet_ipv6(ipv6_t *address) { - static subnet_t subnet, *p; + subnet_t subnet, *p; cp - if(cache_ipv6_valid && !memcmp(&subnet.net.ipv6.address, address, sizeof(ipv6_t))) - return p; - subnet.type = SUBNET_IPV6; memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); subnet.net.ipv6.masklength = 128; @@ -399,9 +371,6 @@ cp } } } while (p); - - memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); - cache_ipv6_valid = 1; cp return p; } From f219f156cf13fd30369d7cd4632c406ffd6ff628 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 12 Mar 2002 14:25:04 +0000 Subject: [PATCH 572/923] Put #ifdef NEIGHBORSOL around corresponding code. --- src/route.c | 106 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 93 insertions(+), 13 deletions(-) diff --git a/src/route.c b/src/route.c index bd4341da..0799c48c 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.31 2002/03/11 13:56:00 guus Exp $ + $Id: route.c,v 1.1.2.32 2002/03/12 14:25:04 guus Exp $ */ #include "config.h" @@ -33,8 +33,10 @@ #else #include #endif +#ifdef NEIGHBORSOL #include #include +#endif #include #include #include @@ -57,10 +59,6 @@ int priorityinheritance = 0; int macexpire = 600; subnet_t mymac; -#ifdef HAVE_FREEBSD -#define s6_addr16 __u6_addr.__u6_addr16 -#endif - void learn_mac(mac_t *address) { subnet_t *subnet; @@ -190,14 +188,35 @@ cp return subnet->owner; } -node_t *route_neighborsol(vpn_packet_t *packet) +#ifdef NEIGHBORSOL +unsigned short int ipv6_cksum(short int *data, int len, unsigned short int cksum) +{ + while(len--) + { + cksum += ntohs(*data++); + } + return cksum; +} + +void route_neighborsol(vpn_packet_t *packet) { struct ip6_hdr *hdr; struct nd_neighbor_solicit *ns; + struct nd_opt_hdr *opt; subnet_t *subnet; + short int cksum; + + struct { + struct in6_addr ip6_src; /* source address */ + struct in6_addr ip6_dst; /* destination address */ + uint32_t length; + uint8_t junk[4]; + } pseudo; + cp hdr = (struct ip6_hdr *)(packet->data + 14); ns = (struct nd_neighbor_solicit *)(packet->data + 14 + sizeof(struct ip6_hdr)); + opt = (struct nd_opt_hdr *)(packet->data + 14 + sizeof(struct ip6_hdr) + sizeof(struct nd_neighbor_solicit)); /* First, snatch the source address from the neighbor solicitation packet */ @@ -205,7 +224,8 @@ cp /* Check if this is a valid neighbor solicitation request */ - if(ns->nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT) + if(ns->nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT || + opt->nd_opt_type != ND_OPT_SOURCE_LINKADDR) { if(debug_lvl > DEBUG_TRAFFIC) { @@ -215,7 +235,7 @@ cp } /* Check if the IPv6 address exists on the VPN */ - +#if 0 subnet = lookup_subnet_ipv6((ipv6_t *)&ns->nd_ns_target); if(!subnet) @@ -227,19 +247,74 @@ cp ntohs(ns->nd_ns_target.s6_addr16[4]), ntohs(ns->nd_ns_target.s6_addr16[5]), ntohs(ns->nd_ns_target.s6_addr16[6]), ntohs(ns->nd_ns_target.s6_addr16[7])); } - return NULL; + return; } /* Check if it is for our own subnet */ if(subnet->owner == myself) - return NULL; /* silently ignore */ + return; /* silently ignore */ +#endif + + syslog(LOG_DEBUG, "Neighbor solicitation request with checksum %hx", ntohs(ns->nd_ns_hdr.icmp6_cksum)); + + /* Create pseudo header */ - /* Forward to destination */ + memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); + memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); + pseudo.length = htonl(sizeof(*ns)); + pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; + pseudo.junk[3] = IPPROTO_ICMPV6; + + /* Generate checksum */ + + ns->nd_ns_hdr.icmp6_cksum = 0; + + cksum = ipv6_cksum((short int *)&pseudo, sizeof(pseudo)/2, 0); - return subnet->owner; + syslog(LOG_DEBUG, "Our checksum %hx", cksum); + + cksum = ipv6_cksum((short int *)ns, sizeof(*ns)/2, cksum); + + syslog(LOG_DEBUG, "Our checksum %hx", cksum); + + cksum = ipv6_cksum((short int *)opt, sizeof(*opt)/2, cksum); + + syslog(LOG_DEBUG, "Our checksum %hx", cksum); + + /* Create neighbor advertation reply */ + + memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ + packet->data[ETHER_ADDR_LEN*2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ + + memcpy(&hdr->ip6_dst, &hdr->ip6_src, 16); /* swap destination and source protocol address */ + memcpy(&hdr->ip6_src, &ns->nd_ns_target, 16); /* ... */ + + memcpy((char *)opt + sizeof(*opt), packet->data + ETHER_ADDR_LEN, 6); /* add fake source hard addr */ + + ns->nd_ns_hdr.icmp6_cksum = 0; + ns->nd_ns_hdr.icmp6_type = ND_NEIGHBOR_ADVERT; + opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; + + /* Create pseudo header */ + + memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); + memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); + pseudo.length = htonl(sizeof(struct icmp6_hdr)); + pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; + pseudo.junk[3] = IPPROTO_ICMPV6; + + /* Generate checksum */ + + cksum = ipv6_cksum((short int *)&pseudo, sizeof(pseudo)/2, 0); + cksum = ipv6_cksum((short int *)ns, sizeof(*ns)/2, cksum); + + ns->nd_ns_hdr.icmp6_cksum = htons(cksum); + + write_packet(packet); cp } +#endif void route_arp(vpn_packet_t *packet) { @@ -326,8 +401,13 @@ cp break; case 0x86DD: n = route_ipv6(packet); +#ifdef NEIGHBORSOL if(!n && packet->data[0] == 0x33 && packet->data[1] == 0x33 && packet->data[2] == 0xff) - n = route_neighborsol(packet); + { + route_neighborsol(packet); + return; + } +#endif break; case 0x0806: route_arp(packet); From 4b3aef9e6992ca78f1b17b179a3051d3fec0473d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 12 Mar 2002 16:30:15 +0000 Subject: [PATCH 573/923] Revert changes to Kruskal's algo. --- src/graph.c | 45 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 36 insertions(+), 9 deletions(-) diff --git a/src/graph.c b/src/graph.c index 6aac6f2a..dd080c05 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.8 2002/03/12 13:42:23 guus Exp $ + $Id: graph.c,v 1.1.2.9 2002/03/12 16:30:15 guus Exp $ */ /* We need to generate two trees from the graph: @@ -32,7 +32,9 @@ favour Kruskal's, because we make an extra AVL tree of edges sorted on weights (metric). That tree only has to be updated when an edge is added or removed, and during the MST algorithm we just have go linearly through that - tree. + tree, adding safe edges until #edges = #nodes - 1. The implementation here + however is not so fast, because I tried to avoid having to make a forest and + merge trees. For the SSSP algorithm Dijkstra's seems to be a nice choice. Currently a simple breadth-first search is presented here. @@ -60,17 +62,20 @@ #include "system.h" -/* Kruskal's minimum spanning tree algorithm. - Running time: O(E) - Edges are already sorted on weight. +/* Implementation of Kruskal's algorithm. + Running time: O(EN) + Please note that sorting on weight is already done by add_edge(). */ void mst_kruskal(void) { - avl_node_t *node; + avl_node_t *node, *next; edge_t *e; node_t *n; connection_t *c; + int nodes = 0; + int safe_edges = 0; + int skipped; /* Clear MST status on connections */ @@ -85,12 +90,16 @@ void mst_kruskal(void) if(!edge_weight_tree->head) return; + if(debug_lvl >= DEBUG_SCARY_THINGS) + syslog(LOG_DEBUG, "Running Kruskal's algorithm:"); + /* Clear visited status on nodes */ for(node = node_tree->head; node; node = node->next) { n = (node_t *)node->data; n->status.visited = 0; + nodes++; } /* Starting point */ @@ -99,18 +108,36 @@ void mst_kruskal(void) /* Add safe edges */ - for(node = edge_weight_tree->head; node; node = node->next) + for(skipped = 0, node = edge_weight_tree->head; node; node = next) { + next = node->next; e = (edge_t *)node->data; - if(e->from.node->status.visited && e->to.node->status.visited) - continue; + if(e->from.node->status.visited == e->to.node->status.visited) + { + skipped = 1; + continue; + } e->from.node->status.visited = 1; e->to.node->status.visited = 1; if(e->connection) e->connection->status.mst = 1; + + safe_edges++; + + if(debug_lvl >= DEBUG_SCARY_THINGS) + syslog(LOG_DEBUG, " Adding edge %s - %s weight %d", e->from.node->name, e->to.node->name, e->weight); + + if(skipped) + { + next = edge_weight_tree->head; + continue; + } } + + if(debug_lvl >= DEBUG_SCARY_THINGS) + syslog(LOG_DEBUG, "Done, counted %d nodes and %d safe edges.", nodes, safe_edges); } /* Implementation of a simple breadth-first search algorithm. From e1de9ca990ea638c7e297c5335be415e44c250c1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 15 Mar 2002 14:41:57 +0000 Subject: [PATCH 574/923] Neighbor solicitation requests now work (I think). --- src/route.c | 89 ++++++++++++++++++++++++----------------------------- 1 file changed, 40 insertions(+), 49 deletions(-) diff --git a/src/route.c b/src/route.c index 0799c48c..097dd13f 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.32 2002/03/12 14:25:04 guus Exp $ + $Id: route.c,v 1.1.2.33 2002/03/15 14:41:57 guus Exp $ */ #include "config.h" @@ -33,10 +33,8 @@ #else #include #endif -#ifdef NEIGHBORSOL #include #include -#endif #include #include #include @@ -188,14 +186,17 @@ cp return subnet->owner; } -#ifdef NEIGHBORSOL -unsigned short int ipv6_cksum(short int *data, int len, unsigned short int cksum) +unsigned short int inet_checksum(unsigned short int *data, int len, unsigned short int prevsum) { + unsigned long int checksum = prevsum ^ 0xFFFF; + while(len--) - { - cksum += ntohs(*data++); - } - return cksum; + checksum += ntohs(*data++); + + while(checksum >> 16) + checksum = (checksum & 0xFFFF) + (checksum >> 16); + + return checksum ^ 0xFFFF; } void route_neighborsol(vpn_packet_t *packet) @@ -204,7 +205,7 @@ void route_neighborsol(vpn_packet_t *packet) struct nd_neighbor_solicit *ns; struct nd_opt_hdr *opt; subnet_t *subnet; - short int cksum; + short unsigned int checksum; struct { struct in6_addr ip6_src; /* source address */ @@ -215,8 +216,8 @@ void route_neighborsol(vpn_packet_t *packet) cp hdr = (struct ip6_hdr *)(packet->data + 14); - ns = (struct nd_neighbor_solicit *)(packet->data + 14 + sizeof(struct ip6_hdr)); - opt = (struct nd_opt_hdr *)(packet->data + 14 + sizeof(struct ip6_hdr) + sizeof(struct nd_neighbor_solicit)); + ns = (struct nd_neighbor_solicit *)(packet->data + 14 + sizeof(*hdr)); + opt = (struct nd_opt_hdr *)(packet->data + 14 + sizeof(*hdr) + sizeof(*ns)); /* First, snatch the source address from the neighbor solicitation packet */ @@ -234,8 +235,28 @@ cp return; } + /* Create pseudo header */ + + memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); + memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); + pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); + pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; + pseudo.junk[3] = IPPROTO_ICMPV6; + + /* Generate checksum */ + + checksum = inet_checksum((unsigned short int *)&pseudo, sizeof(pseudo)/2, ~0); + checksum = inet_checksum((unsigned short int *)ns, sizeof(*ns)/2 + 4, checksum); + + if(checksum) + { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request")); + return; + } + /* Check if the IPv6 address exists on the VPN */ -#if 0 + subnet = lookup_subnet_ipv6((ipv6_t *)&ns->nd_ns_target); if(!subnet) @@ -254,35 +275,8 @@ cp if(subnet->owner == myself) return; /* silently ignore */ -#endif - syslog(LOG_DEBUG, "Neighbor solicitation request with checksum %hx", ntohs(ns->nd_ns_hdr.icmp6_cksum)); - - /* Create pseudo header */ - - memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); - memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); - pseudo.length = htonl(sizeof(*ns)); - pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; - pseudo.junk[3] = IPPROTO_ICMPV6; - - /* Generate checksum */ - - ns->nd_ns_hdr.icmp6_cksum = 0; - - cksum = ipv6_cksum((short int *)&pseudo, sizeof(pseudo)/2, 0); - - syslog(LOG_DEBUG, "Our checksum %hx", cksum); - - cksum = ipv6_cksum((short int *)ns, sizeof(*ns)/2, cksum); - - syslog(LOG_DEBUG, "Our checksum %hx", cksum); - - cksum = ipv6_cksum((short int *)opt, sizeof(*opt)/2, cksum); - - syslog(LOG_DEBUG, "Our checksum %hx", cksum); - - /* Create neighbor advertation reply */ + /* Create neighbor advertation reply */ memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ packet->data[ETHER_ADDR_LEN*2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ @@ -294,27 +288,26 @@ cp ns->nd_ns_hdr.icmp6_cksum = 0; ns->nd_ns_hdr.icmp6_type = ND_NEIGHBOR_ADVERT; + ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[0] = 0x40; /* Set solicited flag */ + ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[1] = ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[2] = ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[3] = 0; opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; /* Create pseudo header */ memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); - pseudo.length = htonl(sizeof(struct icmp6_hdr)); + pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; pseudo.junk[3] = IPPROTO_ICMPV6; /* Generate checksum */ - cksum = ipv6_cksum((short int *)&pseudo, sizeof(pseudo)/2, 0); - cksum = ipv6_cksum((short int *)ns, sizeof(*ns)/2, cksum); + checksum = inet_checksum((unsigned short int *)&pseudo, sizeof(pseudo)/2, ~0); + checksum = inet_checksum((unsigned short int *)ns, sizeof(*ns)/2 + 4, checksum); - ns->nd_ns_hdr.icmp6_cksum = htons(cksum); - write_packet(packet); cp } -#endif void route_arp(vpn_packet_t *packet) { @@ -401,13 +394,11 @@ cp break; case 0x86DD: n = route_ipv6(packet); -#ifdef NEIGHBORSOL if(!n && packet->data[0] == 0x33 && packet->data[1] == 0x33 && packet->data[2] == 0xff) { route_neighborsol(packet); return; } -#endif break; case 0x0806: route_arp(packet); From 0e93f0aa02274481c16fc9f30b795d4f063bd1c3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 15 Mar 2002 15:08:21 +0000 Subject: [PATCH 575/923] Oops, don't forget to actually put the checksum in the response packet. --- src/route.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/route.c b/src/route.c index 097dd13f..4e41cdff 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.33 2002/03/15 14:41:57 guus Exp $ + $Id: route.c,v 1.1.2.34 2002/03/15 15:08:21 guus Exp $ */ #include "config.h" @@ -275,7 +275,7 @@ cp if(subnet->owner == myself) return; /* silently ignore */ - + /* Create neighbor advertation reply */ memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ @@ -305,6 +305,8 @@ cp checksum = inet_checksum((unsigned short int *)&pseudo, sizeof(pseudo)/2, ~0); checksum = inet_checksum((unsigned short int *)ns, sizeof(*ns)/2 + 4, checksum); + ns->nd_ns_hdr.icmp6_cksum = checksum; + write_packet(packet); cp } From e0dee537705cdbd005f6ab1fbef5ac71dc8411c0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 15 Mar 2002 15:40:40 +0000 Subject: [PATCH 576/923] Different way of detecting neighbor solicitation requests. --- src/route.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/route.c b/src/route.c index 4e41cdff..00b5298b 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.34 2002/03/15 15:08:21 guus Exp $ + $Id: route.c,v 1.1.2.35 2002/03/15 15:40:40 guus Exp $ */ #include "config.h" @@ -52,6 +52,10 @@ #include "system.h" +#ifndef s6_addr16 +#define s6_addr16 __u6_addr.__u6_addr16 +#endif + int routing_mode = RMODE_ROUTER; int priorityinheritance = 0; int macexpire = 600; @@ -305,7 +309,7 @@ cp checksum = inet_checksum((unsigned short int *)&pseudo, sizeof(pseudo)/2, ~0); checksum = inet_checksum((unsigned short int *)ns, sizeof(*ns)/2 + 4, checksum); - ns->nd_ns_hdr.icmp6_cksum = checksum; + ns->nd_ns_hdr.icmp6_cksum = htons(checksum); write_packet(packet); cp @@ -395,12 +399,12 @@ cp n = route_ipv4(packet); break; case 0x86DD: - n = route_ipv6(packet); - if(!n && packet->data[0] == 0x33 && packet->data[1] == 0x33 && packet->data[2] == 0xff) + if(packet->data[20] == IPPROTO_ICMPV6 && packet->data[54] = ND_NEIGHBOR_SOLICIT) { route_neighborsol(packet); return; } + n = route_ipv6(packet); break; case 0x0806: route_arp(packet); From 07e37f8da03fa315be39623e62d8acba617aa226 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 15 Mar 2002 15:50:14 +0000 Subject: [PATCH 577/923] Typo. --- src/route.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/route.c b/src/route.c index 00b5298b..e1866a98 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.35 2002/03/15 15:40:40 guus Exp $ + $Id: route.c,v 1.1.2.36 2002/03/15 15:50:14 guus Exp $ */ #include "config.h" @@ -399,7 +399,7 @@ cp n = route_ipv4(packet); break; case 0x86DD: - if(packet->data[20] == IPPROTO_ICMPV6 && packet->data[54] = ND_NEIGHBOR_SOLICIT) + if(packet->data[20] == IPPROTO_ICMPV6 && packet->data[54] == ND_NEIGHBOR_SOLICIT) { route_neighborsol(packet); return; From 8b84c44175fedb81ca38107e0067ddea750add00 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 17 Mar 2002 15:59:29 +0000 Subject: [PATCH 578/923] Unmap v4mapped sockaddrs. --- src/net_packet.c | 4 +++- src/net_socket.c | 4 +++- src/netutl.c | 11 ++++++++++- src/netutl.h | 3 ++- 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/src/net_packet.c b/src/net_packet.c index 981ad186..61ec2045 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.9 2002/03/12 14:19:51 guus Exp $ + $Id: net_packet.c,v 1.1.2.10 2002/03/17 15:59:29 guus Exp $ */ #include "config.h" @@ -393,6 +393,8 @@ cp return; } + sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */ + n = lookup_node_udp(&from); if(!n) diff --git a/src/net_socket.c b/src/net_socket.c index cc799264..277b9b09 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.8 2002/03/01 15:14:29 guus Exp $ + $Id: net_socket.c,v 1.1.2.9 2002/03/17 15:59:29 guus Exp $ */ #include "config.h" @@ -438,6 +438,8 @@ cp return -1; } + sockaddrunmap(&sa); + c = new_connection(); c->outcipher = myself->connection->outcipher; c->outdigest = myself->connection->outdigest; diff --git a/src/netutl.c b/src/netutl.c index a5886fc1..95a168ca 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.28 2002/02/26 22:47:51 guus Exp $ + $Id: netutl.c,v 1.12.4.29 2002/03/17 15:59:29 guus Exp $ */ #include "config.h" @@ -171,6 +171,15 @@ cp cp } +void sockaddrunmap(sockaddr_t *sa) +{ + if(IN6_IS_ADDR_V4MAPPED(&sa->in6.sin6_addr)) + { + sa->in.sin_addr.s_addr = sa->in6.sin6_addr.s6_addr32[3]; + sa->in.sin_family = AF_INET; + } +} + /* Subnet mask handling */ int maskcmp(char *a, char *b, int masklen, int len) diff --git a/src/netutl.h b/src/netutl.h index 6207fd18..654d7ad4 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.10 2002/02/18 16:25:16 guus Exp $ + $Id: netutl.h,v 1.2.4.11 2002/03/17 15:59:29 guus Exp $ */ #ifndef __TINC_NETUTL_H__ @@ -37,6 +37,7 @@ extern sockaddr_t str2sockaddr(char *, char *); extern void sockaddr2str(sockaddr_t *, char **, char **); extern char *sockaddr2hostname(sockaddr_t *); extern int sockaddrcmp(sockaddr_t *, sockaddr_t *); +extern void sockaddrunmap(sockaddr_t *); extern int maskcmp(char *, char *, int, int); extern void maskcpy(char *, char *, int, int); extern void mask(char *, int, int); From b2579385de427c3c03d28520d3a93bd5f9bc9488 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 17 Mar 2002 16:08:39 +0000 Subject: [PATCH 579/923] Only unmap IPv6 addresses. --- src/netutl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/netutl.c b/src/netutl.c index 95a168ca..c7c2a2d8 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.29 2002/03/17 15:59:29 guus Exp $ + $Id: netutl.c,v 1.12.4.30 2002/03/17 16:08:39 guus Exp $ */ #include "config.h" @@ -173,7 +173,7 @@ cp void sockaddrunmap(sockaddr_t *sa) { - if(IN6_IS_ADDR_V4MAPPED(&sa->in6.sin6_addr)) + if(sa->sa.sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sa->in6.sin6_addr)) { sa->in.sin_addr.s_addr = sa->in6.sin6_addr.s6_addr32[3]; sa->in.sin_family = AF_INET; From 813c369a8faca94fc38bc66afafad063fa00f928 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 18 Mar 2002 14:19:02 +0000 Subject: [PATCH 580/923] #define s6_addr32, needed for FreeBSD. --- src/netutl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/netutl.c b/src/netutl.c index c7c2a2d8..d3964089 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.30 2002/03/17 16:08:39 guus Exp $ + $Id: netutl.c,v 1.12.4.31 2002/03/18 14:19:02 guus Exp $ */ #include "config.h" @@ -43,6 +43,10 @@ #include "system.h" +#ifndef s6_addr32 +#define s6_addr32 in6_u.u6_addr32 +#endif + int hostnames = 0; /* From 106fc2b769a635142bf5f9233a2f03e3a0f26b7f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 18 Mar 2002 14:39:37 +0000 Subject: [PATCH 581/923] Fix #define s6_addr32. --- src/netutl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/netutl.c b/src/netutl.c index d3964089..3b5d5b05 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.31 2002/03/18 14:19:02 guus Exp $ + $Id: netutl.c,v 1.12.4.32 2002/03/18 14:39:37 guus Exp $ */ #include "config.h" @@ -44,7 +44,7 @@ #include "system.h" #ifndef s6_addr32 -#define s6_addr32 in6_u.u6_addr32 +#define s6_addr32 __u6_addr.__u6_addr32 #endif int hostnames = 0; From 305505f5ec4bb738f175cd897fa409f08d2971a3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 18 Mar 2002 22:47:20 +0000 Subject: [PATCH 582/923] Remember sockaddrs of listening sockets, use appropriate one when sending UDP packets. --- src/net.c | 14 +++++++------- src/net.h | 11 ++++++++--- src/net_packet.c | 20 ++++++++++++++++---- src/net_setup.c | 11 ++++++----- src/net_socket.c | 5 ++--- 5 files changed, 39 insertions(+), 22 deletions(-) diff --git a/src/net.c b/src/net.c index acba5ad3..2b79263e 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.163 2002/03/11 11:45:12 guus Exp $ + $Id: net.c,v 1.35.4.164 2002/03/18 22:47:20 guus Exp $ */ #include "config.h" @@ -94,8 +94,8 @@ cp for(i = 0; i < listen_sockets; i++) { - FD_SET(tcp_socket[i], fs); - FD_SET(udp_socket[i], fs); + FD_SET(listen_socket[i].tcp, fs); + FD_SET(listen_socket[i].udp, fs); } FD_SET(device_fd, fs); @@ -287,10 +287,10 @@ cp for(i = 0; i < listen_sockets; i++) { - if(FD_ISSET(udp_socket[i], f)) - handle_incoming_vpn_data(udp_socket[i]); - if(FD_ISSET(tcp_socket[i], f)) - handle_new_meta_connection(tcp_socket[i]); + if(FD_ISSET(listen_socket[i].udp, f)) + handle_incoming_vpn_data(listen_socket[i].udp); + if(FD_ISSET(listen_socket[i].tcp, f)) + handle_new_meta_connection(listen_socket[i].tcp); } for(node = connection_tree->head; node; node = node->next) diff --git a/src/net.h b/src/net.h index 07e589a5..a5765762 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.46 2002/03/01 14:09:31 guus Exp $ + $Id: net.h,v 1.9.4.47 2002/03/18 22:47:20 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -98,6 +98,12 @@ typedef struct outgoing_t { struct addrinfo *aip; } outgoing_t; +typedef struct listen_socket_t { + int tcp; + int udp; + sockaddr_t sa; +} listen_socket_t; + extern int maxtimeout; extern int seconds_till_retry; extern int addressfamily; @@ -107,8 +113,7 @@ extern char *status_text[]; #include "connection.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ -extern int tcp_socket[MAXSOCKETS]; -extern int udp_socket[MAXSOCKETS]; +extern listen_socket_t listen_socket[MAXSOCKETS]; extern int listen_sockets; extern int keyexpires; extern int keylifetime; diff --git a/src/net_packet.c b/src/net_packet.c index 61ec2045..dcdd73ca 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.10 2002/03/17 15:59:29 guus Exp $ + $Id: net_packet.c,v 1.1.2.11 2002/03/18 22:47:20 guus Exp $ */ #include "config.h" @@ -194,7 +194,10 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) vpn_packet_t *copy; static int priority = 0; int origpriority; + int sock; cp + /* Make sure we have a valid key */ + if(!n->status.validkey) { if(debug_lvl >= DEBUG_TRAFFIC) @@ -261,20 +264,29 @@ cp inpkt->len += n->maclength; } + /* Determine which socket we have to use */ + + for(sock = 0; sock < listen_sockets; sock++) + if(n->address.sa.sa_family == listen_socket[sock].sa.sa.sa_family) + break; + + if(sock >= listen_sockets) + sock = 0; /* If none is available, just use the first and hope for the best. */ + /* Send the packet */ #if defined(SOL_IP) && defined(IP_TOS) - if(priorityinheritance && origpriority != priority) + if(priorityinheritance && origpriority != priority && listen_socket[sock].sa.sa.sa_family == AF_INET) { priority = origpriority; if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority); - if(setsockopt(udp_socket[0], SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ + if(setsockopt(sock, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ syslog(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno)); } #endif - if((sendto(udp_socket[0], (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) + if((sendto(listen_socket[sock].udp, (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); diff --git a/src/net_setup.c b/src/net_setup.c index a77fa58a..f4c9e534 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.10 2002/03/10 16:09:15 guus Exp $ + $Id: net_setup.c,v 1.1.2.11 2002/03/18 22:47:20 guus Exp $ */ #include "config.h" @@ -486,10 +486,10 @@ cp for(aip = ai; aip; aip = aip->ai_next) { - if((tcp_socket[listen_sockets] = setup_listen_socket((sockaddr_t *)aip->ai_addr)) < 0) + if((listen_socket[listen_sockets].tcp = setup_listen_socket((sockaddr_t *)aip->ai_addr)) < 0) continue; - if((udp_socket[listen_sockets] = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr)) < 0) + if((listen_socket[listen_sockets].udp = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr)) < 0) continue; if(debug_lvl >= DEBUG_CONNECTIONS) @@ -499,6 +499,7 @@ cp free(hostname); } + listen_socket[listen_sockets].sa.sa = *aip->ai_addr; listen_sockets++; } @@ -576,8 +577,8 @@ cp for(i = 0; i < listen_sockets; i++) { - close(udp_socket[i]); - close(tcp_socket[i]); + close(listen_socket[i].tcp); + close(listen_socket[i].udp); } exit_events(); diff --git a/src/net_socket.c b/src/net_socket.c index 277b9b09..fcc2e2fe 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.9 2002/03/17 15:59:29 guus Exp $ + $Id: net_socket.c,v 1.1.2.10 2002/03/18 22:47:20 guus Exp $ */ #include "config.h" @@ -70,8 +70,7 @@ int addressfamily = AF_INET; int maxtimeout = 900; int seconds_till_retry = 5; -int tcp_socket[MAXSOCKETS]; -int udp_socket[MAXSOCKETS]; +listen_socket_t listen_socket[MAXSOCKETS]; int listen_sockets = 0; /* Setup sockets */ From 9d99a789c38e8a1694537e427e8d4313c948b02b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 19 Mar 2002 00:07:09 +0000 Subject: [PATCH 583/923] Cleanup. --- src/process.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/process.c b/src/process.c index 5c0eb9f9..a7f5d5ff 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.36 2002/03/11 11:23:04 guus Exp $ + $Id: process.c,v 1.1.2.37 2002/03/19 00:07:09 guus Exp $ */ #include "config.h" @@ -81,6 +81,7 @@ int fcloseall(void) fclose(stdin); fclose(stdout); fclose(stderr); + return 0; } #endif From 5c2d74de86d1acb3774a20357ad815d000f8a7f6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 19 Mar 2002 00:08:23 +0000 Subject: [PATCH 584/923] Don't use s6_addr[16|32] anymore. --- src/netutl.c | 8 ++------ src/route.c | 10 +++------- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/src/netutl.c b/src/netutl.c index 3b5d5b05..c59a34b8 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.32 2002/03/18 14:39:37 guus Exp $ + $Id: netutl.c,v 1.12.4.33 2002/03/19 00:08:23 guus Exp $ */ #include "config.h" @@ -43,10 +43,6 @@ #include "system.h" -#ifndef s6_addr32 -#define s6_addr32 __u6_addr.__u6_addr32 -#endif - int hostnames = 0; /* @@ -179,7 +175,7 @@ void sockaddrunmap(sockaddr_t *sa) { if(sa->sa.sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sa->in6.sin6_addr)) { - sa->in.sin_addr.s_addr = sa->in6.sin6_addr.s6_addr32[3]; + sa->in.sin_addr.s_addr = ((uint32_t *)&sa->in6.sin6_addr)[3]; sa->in.sin_family = AF_INET; } } diff --git a/src/route.c b/src/route.c index e1866a98..dcf43e41 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.36 2002/03/15 15:50:14 guus Exp $ + $Id: route.c,v 1.1.2.37 2002/03/19 00:08:23 guus Exp $ */ #include "config.h" @@ -52,10 +52,6 @@ #include "system.h" -#ifndef s6_addr16 -#define s6_addr16 __u6_addr.__u6_addr16 -#endif - int routing_mode = RMODE_ROUTER; int priorityinheritance = 0; int macexpire = 600; @@ -268,8 +264,8 @@ cp if(debug_lvl >= DEBUG_TRAFFIC) { syslog(LOG_WARNING, _("Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), - ntohs(ns->nd_ns_target.s6_addr16[0]), ntohs(ns->nd_ns_target.s6_addr16[1]), ntohs(ns->nd_ns_target.s6_addr16[2]), ntohs(ns->nd_ns_target.s6_addr16[3]), - ntohs(ns->nd_ns_target.s6_addr16[4]), ntohs(ns->nd_ns_target.s6_addr16[5]), ntohs(ns->nd_ns_target.s6_addr16[6]), ntohs(ns->nd_ns_target.s6_addr16[7])); + ntohs(((uint16_t *)&ns->nd_ns_target)[0]), ntohs(((uint16_t *)&ns->nd_ns_target)[1]), ntohs(((uint16_t *)&ns->nd_ns_target)[2]), ntohs(((uint16_t *)&ns->nd_ns_target)[3]), + ntohs(((uint16_t *)&ns->nd_ns_target)[4]), ntohs(((uint16_t *)&ns->nd_ns_target)[5]), ntohs(((uint16_t *)&ns->nd_ns_target)[6]), ntohs(((uint16_t *)&ns->nd_ns_target)[7])); } return; From 5a88a27742d305be48498a297b90ee3fbdd935bf Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 19 Mar 2002 00:08:34 +0000 Subject: [PATCH 585/923] Updated dutch translation. --- po/nl.po | 259 ++++++++++++++++++++++++++++++++----------------------- 1 file changed, 149 insertions(+), 110 deletions(-) diff --git a/po/nl.po b/po/nl.po index 64e6452b..b6358ad5 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,8 +5,8 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-03-01 16:10+0100\n" -"PO-Revision-Date: 2002-03-01 16:10+0100\n" +"POT-Creation-Date: 2002-03-18 20:20+0100\n" +"PO-Revision-Date: 2002-03-18 20:20+0100\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" @@ -196,12 +196,12 @@ msgstr "%s (%s) antwoordde niet op ping" msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:314 src/net_socket.c:254 +#: src/net.c:314 src/net_socket.c:253 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:378 +#: src/net.c:384 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" @@ -215,107 +215,107 @@ msgid "Flushing event queue" msgstr "Legen taakrij" #: src/net.c:447 -msgid "Rereading configuration file and restarting in 5 seconds" -msgstr "Herlezen configuratiebestand en herstart in 5 seconden" +msgid "Rereading configuration file and restarting in 5 seconds..." +msgstr "Herlezen configuratiebestand en herstarten na 5 seconden..." #: src/net.c:454 -msgid "Unable to reread configuration file, exiting" -msgstr "Kan configuratiebestand niet herlezen, beëindigen" +msgid "Unable to reread configuration file, exitting." +msgstr "Kan configuratiebestand niet herlezen, beëindigen." -#: src/net_packet.c:106 +#: src/net_packet.c:107 #, c-format msgid "Got unauthenticated packet from %s (%s)" msgstr "Kreeg niet-geauthenticeerd pakket van %s (%s)" -#: src/net_packet.c:132 +#: src/net_packet.c:134 #, c-format msgid "Got late or replayed packet from %s (%s), seqno %d" msgstr "Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d" -#: src/net_packet.c:149 +#: src/net_packet.c:151 #, c-format msgid "Error while uncompressing packet from %s (%s)" msgstr "Fout tijdens decomprimeren pakket van %s (%s)" -#: src/net_packet.c:176 +#: src/net_packet.c:178 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net_packet.c:199 +#: src/net_packet.c:204 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net_packet.c:227 +#: src/net_packet.c:232 #, c-format msgid "Error while compressing packet to %s (%s)" msgstr "Fout tijdens comprimeren pakket naar %s (%s)" -#: src/net_packet.c:269 +#: src/net_packet.c:283 #, c-format msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" #. SO_PRIORITY doesn't seem to work -#: src/net_packet.c:271 src/net_setup.c:483 src/net_socket.c:99 -#: src/net_socket.c:145 src/net_socket.c:172 src/process.c:258 -#: src/process.c:293 +#: src/net_packet.c:285 src/net_setup.c:483 src/net_socket.c:98 +#: src/net_socket.c:144 src/net_socket.c:171 src/process.c:265 +#: src/process.c:300 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" -#: src/net_packet.c:277 +#: src/net_packet.c:291 #, c-format msgid "Error sending packet to %s (%s): %s" msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net_packet.c:294 +#: src/net_packet.c:308 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net_packet.c:301 +#: src/net_packet.c:315 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net_packet.c:310 +#: src/net_packet.c:324 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net_packet.c:318 +#: src/net_packet.c:332 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net_packet.c:338 +#: src/net_packet.c:352 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net_packet.c:355 +#: src/net_packet.c:369 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:377 +#: src/net_packet.c:391 #, c-format msgid "This is a bug: %s:%d: %d:%s" msgstr "Dit is een programmeerfout: %s:%d: %d:%s" -#: src/net_packet.c:384 +#: src/net_packet.c:398 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net_packet.c:390 +#: src/net_packet.c:404 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:399 +#: src/net_packet.c:415 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" @@ -406,124 +406,124 @@ msgstr "Onzinnig compressieniveau!" msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:508 +#: src/net_setup.c:509 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:511 +#: src/net_setup.c:512 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" -#: src/net_socket.c:91 +#: src/net_socket.c:90 #, c-format msgid "Creating metasocket failed: %s" msgstr "Aanmaak van metasocket mislukt: %s" -#: src/net_socket.c:125 src/net_socket.c:187 +#: src/net_socket.c:124 src/net_socket.c:186 #, c-format msgid "Can't bind to interface %s: %s" msgstr "Kan niet aan interface %s binden: %s" -#: src/net_socket.c:129 +#: src/net_socket.c:128 msgid "BindToDevice not supported on this platform" msgstr "BindToDevice wordt niet ondersteund op dit platform" -#: src/net_socket.c:137 +#: src/net_socket.c:136 #, c-format msgid "Can't bind to %s/tcp: %s" msgstr "Kan niet aan %s/tcp binden: %s" -#: src/net_socket.c:164 +#: src/net_socket.c:163 #, c-format msgid "Creating UDP socket failed: %s" msgstr "Aanmaak UDP socket mislukte: %s" -#: src/net_socket.c:197 +#: src/net_socket.c:196 #, c-format msgid "Can't bind to %s/udp: %s" msgstr "Kan niet aan %s/udp binden: %s" -#: src/net_socket.c:220 +#: src/net_socket.c:219 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net_socket.c:229 src/net_socket.c:324 +#: src/net_socket.c:228 src/net_socket.c:323 #, c-format msgid "Trying to connect to %s (%s)" msgstr "Poging tot verbinden met %s (%s)" -#: src/net_socket.c:235 src/net_socket.c:331 +#: src/net_socket.c:234 src/net_socket.c:330 #, c-format msgid "Creating socket for %s failed: %s" msgstr "Aanmaken socket voor %s mislukt: %s" -#: src/net_socket.c:259 src/net_socket.c:269 +#: src/net_socket.c:258 src/net_socket.c:268 #, c-format msgid "Connected to %s (%s)" msgstr "Verbonden met %s (%s)" -#: src/net_socket.c:288 +#: src/net_socket.c:287 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net_socket.c:352 +#: src/net_socket.c:351 #, c-format msgid "fcntl for %s: %s" msgstr "fcntl voor %s: %s" -#: src/net_socket.c:370 +#: src/net_socket.c:369 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/net_socket.c:391 +#: src/net_socket.c:390 #, c-format msgid "Already connected to %s" msgstr "Reeds verbonden met %s" -#: src/net_socket.c:410 +#: src/net_socket.c:409 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net_socket.c:437 +#: src/net_socket.c:436 #, c-format msgid "Accepting a new connection failed: %s" msgstr "Aanname van nieuwe verbinding is mislukt: %s" -#: src/net_socket.c:453 +#: src/net_socket.c:454 #, c-format msgid "Connection from %s" msgstr "Verbinding van %s" -#: src/net_socket.c:475 +#: src/net_socket.c:476 #, c-format msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" -#: src/netutl.c:65 src/netutl.c:88 +#: src/netutl.c:69 src/netutl.c:92 #, c-format msgid "Error looking up %s port %s: %s\n" msgstr "Fout bij het opzoeken van %s poort %s: %s\n" -#: src/netutl.c:109 +#: src/netutl.c:113 #, c-format msgid "Error while translating addresses: %s" msgstr "Fout tijdens vertalen adressen: %s" -#: src/netutl.c:134 +#: src/netutl.c:138 #, c-format msgid "Error while looking up hostname: %s" msgstr "Fout bij het opzoeken van hostnaam: %s" -#: src/netutl.c:137 +#: src/netutl.c:141 #, c-format msgid "%s port %s" msgstr "%s poort %s" -#: src/netutl.c:166 +#: src/netutl.c:170 #, c-format msgid "sockaddrcmp() was called with unknown address family %d, exitting!" msgstr "" @@ -760,27 +760,27 @@ msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in de node boom" msgid "Got %s from %s (%s) for %s which does not appear in his subnet tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in zijn subnet boom" -#: src/subnet.c:103 +#: src/subnet.c:99 #, c-format msgid "subnet_compare() was called with unknown subnet type %d, exitting!" msgstr "" "subnet_compare() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:289 +#: src/subnet.c:274 #, c-format msgid "net2str() was called with unknown subnet type %d, exitting!" msgstr "net2str() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:415 +#: src/subnet.c:384 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:420 +#: src/subnet.c:389 #, c-format msgid " %s owner %s" msgstr " %s eigenaar %s" -#: src/subnet.c:423 +#: src/subnet.c:392 msgid "End of subnet list." msgstr "Einde van subnet lijst." @@ -831,7 +831,15 @@ msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:155 +#: src/tincd.c:166 +#, c-format +msgid "" +"Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, " +"USR1, USR2, WINCH, INT or ALRM.\n" +msgstr "Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, KILL, " +"USR1, USR2, WINCH, INT of ALRM.\n" + +#: src/tincd.c:184 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" @@ -839,24 +847,24 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:216 +#: src/tincd.c:245 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:221 +#: src/tincd.c:250 msgid "Error during key generation!\n" msgstr "Fout tijdens genereren sleutel!\n" -#: src/tincd.c:225 +#: src/tincd.c:254 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:234 +#: src/tincd.c:263 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:238 src/tincd.c:249 +#: src/tincd.c:267 src/tincd.c:278 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -864,21 +872,21 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:245 +#: src/tincd.c:274 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:270 +#: src/tincd.c:299 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:299 +#: src/tincd.c:328 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:300 +#: src/tincd.c:329 msgid "" "Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -895,26 +903,22 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:314 -msgid "You must be root to run this program.\n" -msgstr "Je moet systeembeheerder zijn om dit programma te kunnen draaien.\n" - -#: src/tincd.c:363 +#: src/tincd.c:386 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:368 +#: src/tincd.c:391 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/process.c:356 src/tincd.c:373 +#: src/process.c:363 src/tincd.c:396 msgid "Not restarting." msgstr "Geen herstart." #: src/process.c:68 #, c-format -msgid "Memory exhausted (couldn't allocate %d bytes), exiting." +msgid "Memory exhausted (couldn't allocate %d bytes), exitting." msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." #: src/process.c:98 @@ -940,75 +944,86 @@ msgstr "Geen andere tincd draait voor net `%s'.\n" msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:147 +#: src/process.c:149 +#, c-format +msgid "The tincd for net `%s' is no longer running. " +msgstr "De tincd voor net `%s' draait niet meer. " + +#: src/process.c:151 +msgid "The tincd is no longer running. " +msgstr "De tincd draait niet meer. " + +#: src/process.c:153 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:174 +#: src/process.c:181 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:187 +#: src/process.c:194 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:190 +#: src/process.c:197 #, c-format msgid "tincd %s starting" msgstr "tincd %s wordt gestart" -#: src/process.c:265 +#: src/process.c:272 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:273 +#: src/process.c:280 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:281 +#: src/process.c:288 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:287 +#: src/process.c:294 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:312 +#: src/process.c:319 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:321 +#: src/process.c:328 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:328 -msgid "Got another SEGV signal: not restarting" -msgstr "Kreeg nog een SEGV signaal: geen herstart" +#: src/process.c:335 +#, c-format +msgid "Got another fatal signal %d (%s): not restarting." +msgstr "Kreeg nog een fataal signaal %s (%s): geen herstart." -#: src/process.c:337 -msgid "Got SEGV signal" -msgstr "Kreeg SEGV signaal" +#: src/process.c:344 +#, c-format +msgid "Got fatal signal %d (%s)" +msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:342 +#: src/process.c:349 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:365 +#: src/process.c:372 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:374 +#: src/process.c:381 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:381 +#: src/process.c:388 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1017,41 +1032,41 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:392 +#: src/process.c:399 msgid "Got ALRM signal" msgstr "Kreeg ALRM signaal" -#: src/process.c:421 +#: src/process.c:428 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:430 +#: src/process.c:437 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:485 +#: src/process.c:494 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:71 +#: src/route.c:77 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:105 +#: src/route.c:111 #, c-format msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" -#: src/route.c:150 +#: src/route.c:156 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:170 +#: src/route.c:176 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1060,16 +1075,34 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:214 +#: src/route.c:237 +msgid "" +"Cannot route packet: received unknown type neighbor solicitation request" +msgstr "Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation verzoek" + +#: src/route.c:258 +msgid "Cannot route packet: checksum error for neighbor solicitation request" +msgstr "Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek" + +#: src/route.c:270 +#, c-format +msgid "" +"Cannot route packet: neighbor solicitation request for unknown address %hx:%" +"hx:%hx:%hx:%hx:%hx:%hx:%hx" +msgstr "" +"Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres " +"%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx" + +#: src/route.c:345 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:227 +#: src/route.c:358 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:279 +#: src/route.c:415 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" @@ -1104,12 +1137,12 @@ msgstr " %s tcp op %s udp op %s - %s tcp op %s udp op %s opties %ld gewicht %d" msgid "End of edges." msgstr "Einde van edges." -#: src/graph.c:222 +#: src/graph.c:231 #, c-format msgid "Node %s (%s) became reachable" msgstr "Node %s (%s) werd bereikbaar" -#: src/graph.c:231 +#: src/graph.c:240 #, c-format msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" @@ -1231,3 +1264,9 @@ msgstr "NetBSD tun apparaat" #: src/openbsd/device.c:88 msgid "OpenBSD tun device" msgstr "OpenBSD tun apparaat" + +#~ msgid "You must be root to run this program.\n" +#~ msgstr "Je moet systeembeheerder zijn om dit programma te kunnen draaien.\n" + +#~ msgid "Got SEGV signal" +#~ msgstr "Kreeg SEGV signaal" From f48f8f4fedba365ceea30e1133bf1c560e9a522a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 19 Mar 2002 22:48:25 +0000 Subject: [PATCH 586/923] Updated SSSP algorithm to automatically detect indirect links (if a node uses different addresses for connections to other nodes). --- src/graph.c | 65 ++++++++++++++++++++++++++++++++++++----------------- src/node.h | 5 +++-- 2 files changed, 48 insertions(+), 22 deletions(-) diff --git a/src/graph.c b/src/graph.c index dd080c05..29e25db1 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.9 2002/03/12 16:30:15 guus Exp $ + $Id: graph.c,v 1.1.2.10 2002/03/19 22:48:25 guus Exp $ */ /* We need to generate two trees from the graph: @@ -151,6 +151,7 @@ void sssp_bfs(void) node_t *n; halfconnection_t to_hc, from_hc; avl_tree_t *todo_tree; + int indirect; todo_tree = avl_alloc_tree(NULL, NULL); @@ -160,11 +161,13 @@ void sssp_bfs(void) { n = (node_t *)node->data; n->status.visited = 0; + n->status.indirect = 1; } /* Begin with myself */ myself->status.visited = 1; + myself->status.indirect = 0; myself->nexthop = myself; myself->via = myself; node = avl_alloc_node(); @@ -189,25 +192,47 @@ void sssp_bfs(void) else to_hc = e->from, from_hc = e->to; - if(!to_hc.node->status.visited) - { - to_hc.node->status.visited = 1; - to_hc.node->nexthop = (n->nexthop == myself) ? to_hc.node : n->nexthop; - to_hc.node->via = (e->options & OPTION_INDIRECT || n->via != n) ? n->via : to_hc.node; - to_hc.node->options = e->options; - if(sockaddrcmp(&to_hc.node->address, &to_hc.udpaddress)) - { - node = avl_unlink(node_udp_tree, to_hc.node); - to_hc.node->address = to_hc.udpaddress; - if(to_hc.node->hostname) - free(to_hc.node->hostname); - to_hc.node->hostname = sockaddr2hostname(&to_hc.udpaddress); - avl_insert_node(node_udp_tree, node); - } - node = avl_alloc_node(); - node->data = to_hc.node; - avl_insert_before(todo_tree, from, node); - } + /* Situation: + + / + / + ------(n)from_hc-----to_hc + \ + \ + + n->address is set to the to_hc.udpaddress of the edge left of n. + We are currently examining the edge right of n: + + - If from_hc.udpaddress != n->address, then to_hc.node is probably + not reachable for the nodes left of n. We do as if the indirectdata + flag is set on edge e. + - If edge e provides for better reachability of to_hc.node, update + to_hc.node and (re)add it to the todo_tree to (re)examine the reachability + of nodes behind it. + */ + + indirect = n->status.indirect || e->options & OPTION_INDIRECT || ((n != myself) && sockaddrcmp(&n->address, &from_hc.udpaddress)); + + if(to_hc.node->status.visited && (!to_hc.node->status.indirect || indirect)) + continue; + + to_hc.node->status.visited = 1; + to_hc.node->status.indirect = indirect; + to_hc.node->nexthop = (n->nexthop == myself) ? to_hc.node : n->nexthop; + to_hc.node->via = indirect ? n->via : to_hc.node; + to_hc.node->options = e->options; + if(sockaddrcmp(&to_hc.node->address, &to_hc.udpaddress)) + { + node = avl_unlink(node_udp_tree, to_hc.node); + to_hc.node->address = to_hc.udpaddress; + if(to_hc.node->hostname) + free(to_hc.node->hostname); + to_hc.node->hostname = sockaddr2hostname(&to_hc.udpaddress); + avl_insert_node(node_udp_tree, node); + } + node = avl_alloc_node(); + node->data = to_hc.node; + avl_insert_before(todo_tree, from, node); } avl_delete_node(todo_tree, from); diff --git a/src/node.h b/src/node.h index 64938521..98147d3e 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.12 2002/02/18 16:25:16 guus Exp $ + $Id: node.h,v 1.1.2.13 2002/03/19 22:48:25 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -34,7 +34,8 @@ typedef struct node_status_t { int waitingforkey:1; /* 1 if we already sent out a request */ int visited:1; /* 1 if this node has been visited by one of the graph algorithms */ int reachable:1; /* 1 if this node is reachable in the graph */ - int unused:27; + int indirect:1; /* 1 if this node is not directly reachable by us */ + int unused:26; } node_status_t; typedef struct node_t { From 9da5390666ad532825d820b3554da3f39d3bc511 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 21 Mar 2002 23:11:53 +0000 Subject: [PATCH 587/923] Put a break on requests that run around in circles. --- src/protocol.c | 65 ++++++++++++++++++++++++++++++++++++++++++- src/protocol.h | 9 ++++-- src/protocol_edge.c | 22 +++++++++------ src/protocol_key.c | 22 +++++++++++---- src/protocol_subnet.c | 20 ++++++++----- 5 files changed, 114 insertions(+), 24 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 9b30a8a6..4e63728b 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.123 2002/02/27 22:37:54 guus Exp $ + $Id: protocol.c,v 1.28.4.124 2002/03/21 23:11:53 guus Exp $ */ #include "config.h" @@ -32,6 +32,7 @@ #include #include +#include #include "conf.h" #include "protocol.h" @@ -40,6 +41,8 @@ #include "system.h" +avl_tree_t *past_request_tree; + int check_id(char *id) { int i; @@ -143,6 +146,66 @@ cp return 0; } +int request_compare(past_request_t *a, past_request_t *b) +{ +cp + return strcmp(a->request, b->request); +} + +void init_requests(void) +{ +cp + past_request_tree = avl_alloc_tree((avl_compare_t)request_compare, (avl_action_t)free); +cp +} + +void exit_request(void) +{ +cp + avl_delete_tree(past_request_tree); +cp +} + +int seen_request(char *request) +{ + past_request_t p, *new; +cp + p.request = request; + + if(avl_search(past_request_tree, &p)) + return 1; + else + { + new = (past_request_t *)xmalloc(sizeof(*new)); + new->request = xstrdup(request); + new->firstseen = now; + avl_insert(past_request_tree, new); + return 0; + } +cp +} + +void age_past_requests(void) +{ + avl_node_t *node, *next; + past_request_t *p; + int left = 0, deleted = 0; +cp + for(node = past_request_tree->head; node; node = next) + { + next = node->next; + p = (past_request_t *)node->data; + if(p->firstseen + pingtimeout < now) + avl_delete_node(past_request_tree, node), deleted++; + else + left++; + } + + if(debug_lvl >= DEBUG_SCARY_THINGS && left + deleted) + syslog(LOG_DEBUG, _("Aging past requests: deleted %d, left %d\n"), deleted, left); +cp +} + /* Jumptable for the request handlers */ int (*request_handlers[])(connection_t*) = { diff --git a/src/protocol.h b/src/protocol.h index c265502a..258642c1 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.27 2002/02/26 23:26:41 guus Exp $ + $Id: protocol.h,v 1.5.4.28 2002/03/21 23:11:53 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -31,7 +31,7 @@ incompatible version have different protocols. */ -#define PROT_CURRENT 13 +#define PROT_CURRENT 14 /* Request numbers */ @@ -48,6 +48,11 @@ enum { LAST /* Guardian for the highest request number */ }; +typedef struct past_request_t { + char *request; + time_t firstseen; +} past_request_t; + /* Maximum size of strings in a request */ #define MAX_STRING_SIZE 2048 diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 0c5ca353..4fd5354b 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.2 2002/02/18 16:25:18 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.3 2002/03/21 23:11:53 guus Exp $ */ #include "config.h" @@ -55,7 +55,7 @@ cp sockaddr2str(&e->from.udpaddress, &from_udpaddress, &from_udpport); sockaddr2str(&e->to.tcpaddress, &to_tcpaddress, &to_tcpport); sockaddr2str(&e->to.udpaddress, &to_udpaddress, &to_udpport); - x = send_request(c, "%d %s %s %s %s %s %s %s %s %lx %d", ADD_EDGE, + x = send_request(c, "%d %lx %s %s %s %s %s %s %s %s %lx %d", ADD_EDGE, random(), e->from.node->name, from_tcpaddress, from_tcpport, from_udpport, e->to.node->name, to_tcpaddress, to_tcpport, to_udpport, e->options, e->weight); @@ -90,7 +90,7 @@ int add_edge_h(connection_t *c) int weight; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", + if(sscanf(c->buffer, "%*d %*lx "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", from_name, from_address, from_tcpport, from_udpport, to_name, to_address, to_tcpport, to_udpport, &options, &weight) != 10) @@ -113,6 +113,9 @@ cp return -1; } + if(seen_request(c->buffer)) + return 0; + /* Lookup nodes */ from = lookup_node(from_name); @@ -180,8 +183,6 @@ cp return 0; } - - e = new_edge(); e->from.node = from; e->from.tcpaddress = from_tcpaddress; @@ -199,7 +200,7 @@ cp { other = (connection_t *)node->data; if(other->status.active && other != c) - send_add_edge(other, e); + send_request(other, "%s", c->buffer); } /* Run MST before or after we tell the rest? */ @@ -212,7 +213,7 @@ cp int send_del_edge(connection_t *c, edge_t *e) { cp - return send_request(c, "%d %s %s", DEL_EDGE, + return send_request(c, "%d %lx %s %s", DEL_EDGE, random(), e->from.node->name, e->to.node->name); } @@ -225,7 +226,7 @@ int del_edge_h(connection_t *c) connection_t *other; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING"", from_name, to_name) != 2) + if(sscanf(c->buffer, "%*d %*lx "MAX_STRING" "MAX_STRING"", from_name, to_name) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", c->name, c->hostname); @@ -246,6 +247,9 @@ cp return -1; } + if(seen_request(c->buffer)) + return 0; + /* Lookup nodes */ from = lookup_node(from_name); @@ -291,7 +295,7 @@ cp { other = (connection_t *)node->data; if(other->status.active && other != c) - send_del_edge(other, e); + send_request(other, "%s", c->buffer); } /* Delete the edge */ diff --git a/src/protocol_key.c b/src/protocol_key.c index b85de5ed..dc44b537 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.4 2002/02/27 22:37:55 guus Exp $ + $Id: protocol_key.c,v 1.1.4.5 2002/03/21 23:11:53 guus Exp $ */ #include "config.h" @@ -61,8 +61,8 @@ cp for(node = connection_tree->head; node; node = node->next) { other = (connection_t *)node->data; - if(other->status.active && other->status.mst && other != c) - send_request(other, "%d %s", KEY_CHANGED, n->name); + if(other->status.active && other != c) + send_request(other, "%d %lx %s", KEY_CHANGED, random(), n->name); } cp return 0; @@ -71,15 +71,20 @@ cp int key_changed_h(connection_t *c) { char name[MAX_STRING_SIZE]; + avl_node_t *node; + connection_t *other; node_t *n; cp - if(sscanf(c->buffer, "%*d "MAX_STRING, name) != 1) + if(sscanf(c->buffer, "%*d %*lx "MAX_STRING, name) != 1) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", c->name, c->hostname); return -1; } + if(seen_request(c->buffer)) + return 0; + n = lookup_node(name); if(!n) @@ -93,7 +98,14 @@ cp n->status.waitingforkey = 0; n->sent_seqno = 0; - send_key_changed(c, n); + /* Tell the others */ + + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + if(other->status.active && other != c) + send_request(other, "%s", c->buffer); + } cp return 0; } diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index fbb021d1..3cea347b 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.1 2002/02/11 10:05:58 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.2 2002/03/21 23:11:53 guus Exp $ */ #include "config.h" @@ -50,7 +50,7 @@ int send_add_subnet(connection_t *c, subnet_t *subnet) int x; char *netstr; cp - x = send_request(c, "%d %s %s", ADD_SUBNET, + x = send_request(c, "%d %lx %s %s", ADD_SUBNET, random(), subnet->owner->name, netstr = net2str(subnet)); free(netstr); cp @@ -66,7 +66,7 @@ int add_subnet_h(connection_t *c) subnet_t *s; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) + if(sscanf(c->buffer, "%*d %*lx "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_SUBNET", c->name, c->hostname); return -1; @@ -88,6 +88,9 @@ cp return -1; } + if(seen_request(c->buffer)) + return 0; + /* Check if the owner of the new subnet is in the connection list */ owner = lookup_node(name); @@ -128,7 +131,7 @@ cp { other = (connection_t *)node->data; if(other->status.active && other != c) - send_add_subnet(other, s); + send_request(other, "%s", c->buffer); } cp return 0; @@ -140,7 +143,7 @@ int send_del_subnet(connection_t *c, subnet_t *s) char *netstr; cp netstr = net2str(s); - x = send_request(c, "%d %s %s", DEL_SUBNET, s->owner->name, netstr); + x = send_request(c, "%d %lx %s %s", DEL_SUBNET, random(), s->owner->name, netstr); free(netstr); cp return x; @@ -155,7 +158,7 @@ int del_subnet_h(connection_t *c) subnet_t *s, *find; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) + if(sscanf(c->buffer, "%*d %*lx "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_SUBNET", c->name, c->hostname); return -1; @@ -187,6 +190,9 @@ cp return -1; } + if(seen_request(c->buffer)) + return 0; + /* If everything is correct, delete the subnet from the list of the owner */ s->owner = owner; @@ -219,7 +225,7 @@ cp { other = (connection_t *)node->data; if(other->status.active && other != c) - send_del_subnet(other, find); + send_request(other, "%s", c->buffer); } /* Finally, delete it. */ From 52e7699273a3009fe4d91e608522401076922785 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 22 Mar 2002 11:43:48 +0000 Subject: [PATCH 588/923] - Added support for jumbograms. - Remove tcpaddress from edges, it is not used at all. - Last bits of code to prevent looping requests. --- acconfig.h | 3 +++ configure.in | 8 +++++++- src/edge.c | 16 +++++++-------- src/edge.h | 4 ++-- src/net.c | 4 +++- src/net.h | 14 +++++++++---- src/net_setup.c | 4 +++- src/protocol.c | 10 ++++++--- src/protocol.h | 7 ++++++- src/protocol_auth.c | 13 ++++++------ src/protocol_edge.c | 50 ++++++++++++++++++++++----------------------- 11 files changed, 80 insertions(+), 53 deletions(-) diff --git a/acconfig.h b/acconfig.h index f13c3e4b..41fdb995 100644 --- a/acconfig.h +++ b/acconfig.h @@ -67,6 +67,9 @@ /* Define to the location of if_tun.h */ #undef LINUX_IF_TUN_H +/* Define to 1 if support for jumbograms is enabled */ +#undef ENABLE_JUMBOGRAMS + /* Define to 1 if checkpoint tracing is enabled */ #undef ENABLE_TRACING diff --git a/configure.in b/configure.in index 7e16a066..2c1fa700 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.42 2002/03/10 14:05:35 guus Exp $ +dnl $Id: configure.in,v 1.13.2.43 2002/03/22 11:43:46 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -100,6 +100,12 @@ tinc_TUNTAP tinc_OPENSSL tinc_ZLIB +dnl Check if support for jumbograms is requested +AC_ARG_ENABLE(jumbograms, + [ --enable-jumbograms enable support for jumbograms (packets up to 9000 bytes)], + [ AC_DEFINE(ENABLE_JUMBOGRAMS) ] +) + dnl Check if checkpoint tracing has to be enabled AC_ARG_ENABLE(tracing, [ --enable-tracing enable checkpoint tracing (debugging only)], diff --git a/src/edge.c b/src/edge.c index b834879e..f0337e1e 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.7 2002/02/18 16:25:16 guus Exp $ + $Id: edge.c,v 1.1.2.8 2002/03/22 11:43:46 guus Exp $ */ #include "config.h" @@ -197,17 +197,17 @@ cp for(node = edge_tree->head; node; node = node->next) { e = (edge_t *)node->data; - from_tcp = sockaddr2hostname(&e->from.tcpaddress); +// from_tcp = sockaddr2hostname(&e->from.tcpaddress); from_udp = sockaddr2hostname(&e->from.udpaddress); - to_tcp = sockaddr2hostname(&e->to.tcpaddress); +// to_tcp = sockaddr2hostname(&e->to.tcpaddress); to_udp = sockaddr2hostname(&e->to.udpaddress); - syslog(LOG_DEBUG, _(" %s tcp at %s udp at %s - %s tcp at %s udp at %s options %ld weight %d"), - e->from.node->name, from_tcp, from_udp, - e->to.node->name, to_tcp, to_udp, + syslog(LOG_DEBUG, _(" %s at %s - %s at %s options %ld weight %d"), + e->from.node->name, from_udp, + e->to.node->name, to_udp, e->options, e->weight); - free(from_tcp); +// free(from_tcp); free(from_udp); - free(to_tcp); +// free(to_tcp); free(to_udp); } diff --git a/src/edge.h b/src/edge.h index e3fa078a..604082f8 100644 --- a/src/edge.h +++ b/src/edge.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.6 2002/02/18 16:25:16 guus Exp $ + $Id: edge.h,v 1.1.2.7 2002/03/22 11:43:46 guus Exp $ */ #ifndef __TINC_EDGE_H__ @@ -31,7 +31,7 @@ typedef struct halfconnection_t { struct node_t *node; /* node associated with this end of the connection */ - sockaddr_t tcpaddress; /* real (internet) ip on this end of the meta connection */ +// sockaddr_t tcpaddress; /* real (internet) ip on this end of the meta connection */ sockaddr_t udpaddress; /* real (internet) ip on this end of the vpn connection */ } halfconnection_t; diff --git a/src/net.c b/src/net.c index 2b79263e..5fd38235 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.164 2002/03/18 22:47:20 guus Exp $ + $Id: net.c,v 1.35.4.165 2002/03/22 11:43:46 guus Exp $ */ #include "config.h" @@ -405,6 +405,8 @@ cp if(routing_mode== RMODE_SWITCH) age_mac(); + age_past_requests(); + /* Should we regenerate our key? */ if(keyexpires < now) diff --git a/src/net.h b/src/net.h index a5765762..f1493eb1 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.47 2002/03/18 22:47:20 guus Exp $ + $Id: net.h,v 1.9.4.48 2002/03/22 11:43:48 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -30,10 +30,16 @@ #include "config.h" -#define MTU 1514 /* 1500 bytes payload + 14 bytes ethernet header */ -#define MAXSIZE 1600 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ +#ifdef ENABLE_JUMBOGRAMS + #define MTU 9014 /* 9000 bytes payload + 14 bytes ethernet header */ + #define MAXSIZE 9100 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ + #define MAXBUFSIZE 9100 /* Must support TCP packets of length 9000. */ +#else + #define MTU 1514 /* 1500 bytes payload + 14 bytes ethernet header */ + #define MAXSIZE 1600 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ + #define MAXBUFSIZE 2100 /* Quite large but needed for support of keys up to 8192 bits. */ +#endif -#define MAXBUFSIZE 2048 /* Probably way too much, but it must fit every possible request. */ #define MAXSOCKETS 128 /* Overkill... */ typedef struct mac_t diff --git a/src/net_setup.c b/src/net_setup.c index f4c9e534..376d5a7e 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.11 2002/03/18 22:47:20 guus Exp $ + $Id: net_setup.c,v 1.1.2.12 2002/03/22 11:43:48 guus Exp $ */ #include "config.h" @@ -529,6 +529,7 @@ cp init_nodes(); init_edges(); init_events(); + init_requests(); if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) { @@ -581,6 +582,7 @@ cp close(listen_socket[i].udp); } + exit_requests(); exit_events(); exit_edges(); exit_subnets(); diff --git a/src/protocol.c b/src/protocol.c index 4e63728b..9125cf6e 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.124 2002/03/21 23:11:53 guus Exp $ + $Id: protocol.c,v 1.28.4.125 2002/03/22 11:43:48 guus Exp $ */ #include "config.h" @@ -159,7 +159,7 @@ cp cp } -void exit_request(void) +void exit_requests(void) { cp avl_delete_tree(past_request_tree); @@ -173,7 +173,11 @@ cp p.request = request; if(avl_search(past_request_tree, &p)) - return 1; + { + if(debug_lvl >= DEBUG_SCARY_THINGS) + syslog(LOG_DEBUG, _("Already seen request")); + return 1; + } else { new = (past_request_t *)xmalloc(sizeof(*new)); diff --git a/src/protocol.h b/src/protocol.h index 258642c1..a4e480a0 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.28 2002/03/21 23:11:53 guus Exp $ + $Id: protocol.h,v 1.5.4.29 2002/03/22 11:43:48 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -64,6 +64,11 @@ extern int send_request(connection_t*, const char*, ...); extern int receive_request(connection_t *); extern int check_id(char *); +extern void init_requests(void); +extern void exit_requests(void); +extern int seen_request(char *); +extern void age_past_requests(void); + /* Requests */ extern int send_id(connection_t *); diff --git a/src/protocol_auth.c b/src/protocol_auth.c index e37d7671..92e076a8 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.3 2002/02/20 19:25:09 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.4 2002/03/22 11:43:48 guus Exp $ */ #include "config.h" @@ -515,8 +515,7 @@ void send_everything(connection_t *c) int ack_h(connection_t *c) { - char address[MAX_STRING_SIZE]; - char port[MAX_STRING_SIZE]; + char myaddress[MAX_STRING_SIZE]; char hisport[MAX_STRING_SIZE]; char *hisaddress, *dummy; int weight; @@ -525,7 +524,7 @@ int ack_h(connection_t *c) connection_t *other; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d", hisport, address, port, &weight, &options) != 5) + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %d %d", hisport, myaddress, &weight, &options) != 4) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); return -1; @@ -563,10 +562,10 @@ cp c->edge = new_edge(); cp c->edge->from.node = myself; - c->edge->from.tcpaddress = str2sockaddr(address, port); - c->edge->from.udpaddress = str2sockaddr(address, myport); +// c->edge->from.tcpaddress = str2sockaddr(address, port); + c->edge->from.udpaddress = str2sockaddr(myaddress, myport); c->edge->to.node = n; - c->edge->to.tcpaddress = c->address; +// c->edge->to.tcpaddress = c->address; sockaddr2str(&c->address, &hisaddress, &dummy); c->edge->to.udpaddress = str2sockaddr(hisaddress, hisport); free(hisaddress); diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 4fd5354b..69a1e286 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.3 2002/03/21 23:11:53 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.4 2002/03/22 11:43:48 guus Exp $ */ #include "config.h" @@ -48,23 +48,23 @@ int send_add_edge(connection_t *c, edge_t *e) { int x; - char *from_tcpaddress, *from_tcpport, *from_udpaddress, *from_udpport; - char *to_tcpaddress, *to_tcpport, *to_udpaddress, *to_udpport; + char *from_udpaddress, *from_udpport; + char *to_udpaddress, *to_udpport; cp - sockaddr2str(&e->from.tcpaddress, &from_tcpaddress, &from_tcpport); +// sockaddr2str(&e->from.tcpaddress, &from_tcpaddress, &from_tcpport); sockaddr2str(&e->from.udpaddress, &from_udpaddress, &from_udpport); - sockaddr2str(&e->to.tcpaddress, &to_tcpaddress, &to_tcpport); +// sockaddr2str(&e->to.tcpaddress, &to_tcpaddress, &to_tcpport); sockaddr2str(&e->to.udpaddress, &to_udpaddress, &to_udpport); - x = send_request(c, "%d %lx %s %s %s %s %s %s %s %s %lx %d", ADD_EDGE, random(), - e->from.node->name, from_tcpaddress, from_tcpport, from_udpport, - e->to.node->name, to_tcpaddress, to_tcpport, to_udpport, + x = send_request(c, "%d %lx %s %s %s %s %s %s %lx %d", ADD_EDGE, random(), + e->from.node->name, from_udpaddress, from_udpport, + e->to.node->name, to_udpaddress, to_udpport, e->options, e->weight); - free(from_tcpaddress); - free(from_tcpport); +// free(from_tcpaddress); +// free(from_tcpport); free(from_udpaddress); free(from_udpport); - free(to_tcpaddress); - free(to_tcpport); +// free(to_tcpaddress); +// free(to_tcpport); free(to_udpaddress); free(to_udpport); cp @@ -79,20 +79,20 @@ int add_edge_h(connection_t *c) char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; char from_address[MAX_STRING_SIZE]; - char from_tcpport[MAX_STRING_SIZE]; +// char from_tcpport[MAX_STRING_SIZE]; char from_udpport[MAX_STRING_SIZE]; char to_address[MAX_STRING_SIZE]; - char to_tcpport[MAX_STRING_SIZE]; +// char to_tcpport[MAX_STRING_SIZE]; char to_udpport[MAX_STRING_SIZE]; - sockaddr_t from_tcpaddress, from_udpaddress; - sockaddr_t to_tcpaddress, to_udpaddress; + sockaddr_t from_udpaddress; + sockaddr_t to_udpaddress; long int options; int weight; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d %*lx "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", - from_name, from_address, from_tcpport, from_udpport, - to_name, to_address, to_tcpport, to_udpport, + if(sscanf(c->buffer, "%*d %*lx "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", + from_name, from_address, from_udpport, + to_name, to_address, to_udpport, &options, &weight) != 10) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, c->hostname); @@ -138,9 +138,9 @@ cp /* Convert addresses */ - from_tcpaddress = str2sockaddr(from_address, from_tcpport); +// from_tcpaddress = str2sockaddr(from_address, from_tcpport); from_udpaddress = str2sockaddr(from_address, from_udpport); - to_tcpaddress = str2sockaddr(to_address, to_tcpport); +// to_tcpaddress = str2sockaddr(to_address, to_tcpport); to_udpaddress = str2sockaddr(to_address, to_udpport); /* Check if edge already exists */ @@ -150,8 +150,8 @@ cp if(e) { if(e->weight != weight || e->options != options - || ((e->from.node == from) && (sockaddrcmp(&e->from.tcpaddress, &from_tcpaddress) || sockaddrcmp(&e->from.udpaddress, &from_udpaddress) || sockaddrcmp(&e->to.tcpaddress, &to_tcpaddress) || sockaddrcmp(&e->to.udpaddress, &to_udpaddress))) - || ((e->from.node == to) && (sockaddrcmp(&e->from.tcpaddress, &to_tcpaddress) || sockaddrcmp(&e->from.udpaddress, &to_udpaddress) || sockaddrcmp(&e->to.tcpaddress, &from_tcpaddress) || sockaddrcmp(&e->to.udpaddress, &from_udpaddress))) + || ((e->from.node == from) && (sockaddrcmp(&e->from.udpaddress, &from_udpaddress)|| sockaddrcmp(&e->to.udpaddress, &to_udpaddress))) + || ((e->from.node == to) && (sockaddrcmp(&e->from.udpaddress, &to_udpaddress) || sockaddrcmp(&e->to.udpaddress, &from_udpaddress))) ) { if(from == myself || to == myself) @@ -185,10 +185,10 @@ cp e = new_edge(); e->from.node = from; - e->from.tcpaddress = from_tcpaddress; +// e->from.tcpaddress = from_tcpaddress; e->from.udpaddress = from_udpaddress; e->to.node = to; - e->to.tcpaddress = to_tcpaddress; +// e->to.tcpaddress = to_tcpaddress; e->to.udpaddress = to_udpaddress; e->options = options; e->weight = weight; From d6b70ed6f8b7ed65f64193fcfcdb6c8f4625e03c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 22 Mar 2002 12:41:54 +0000 Subject: [PATCH 589/923] Fix add_edge_h(). --- src/protocol_edge.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 69a1e286..d6b55b01 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.4 2002/03/22 11:43:48 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.5 2002/03/22 12:41:54 guus Exp $ */ #include "config.h" @@ -93,7 +93,7 @@ cp if(sscanf(c->buffer, "%*d %*lx "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", from_name, from_address, from_udpport, to_name, to_address, to_udpport, - &options, &weight) != 10) + &options, &weight) != 8) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, c->hostname); return -1; From 3c5655f59e85d312d11fa04489123e604920f95b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 22 Mar 2002 13:31:18 +0000 Subject: [PATCH 590/923] Fix compiler warnings, strictly use long int and %lx for options. --- src/connection.c | 4 ++-- src/edge.c | 4 ++-- src/node.c | 4 ++-- src/protocol.c | 4 ++-- src/protocol_auth.c | 8 ++++---- src/protocol_edge.c | 6 +++--- src/protocol_key.c | 4 ++-- src/protocol_subnet.c | 6 +++--- 8 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/connection.c b/src/connection.c index 8620e4af..391982a6 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.28 2002/02/18 16:25:16 guus Exp $ + $Id: connection.c,v 1.1.2.29 2002/03/22 13:31:18 guus Exp $ */ #include "config.h" @@ -116,7 +116,7 @@ cp for(node = connection_tree->head; node; node = node->next) { c = (connection_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s options %ld socket %d status %04x"), + syslog(LOG_DEBUG, _(" %s at %s options %lx socket %d status %04x"), c->name, c->hostname, c->options, c->socket, c->status); } diff --git a/src/edge.c b/src/edge.c index f0337e1e..da1cdb45 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.8 2002/03/22 11:43:46 guus Exp $ + $Id: edge.c,v 1.1.2.9 2002/03/22 13:31:18 guus Exp $ */ #include "config.h" @@ -201,7 +201,7 @@ cp from_udp = sockaddr2hostname(&e->from.udpaddress); // to_tcp = sockaddr2hostname(&e->to.tcpaddress); to_udp = sockaddr2hostname(&e->to.udpaddress); - syslog(LOG_DEBUG, _(" %s at %s - %s at %s options %ld weight %d"), + syslog(LOG_DEBUG, _(" %s at %s - %s at %s options %lx weight %d"), e->from.node->name, from_udp, e->to.node->name, to_udp, e->options, e->weight); diff --git a/src/node.c b/src/node.c index 6e3b0f9b..e4581cc5 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.10 2002/02/18 16:25:16 guus Exp $ + $Id: node.c,v 1.1.2.11 2002/03/22 13:31:18 guus Exp $ */ #include "config.h" @@ -163,7 +163,7 @@ cp for(node = node_tree->head; node; node = node->next) { n = (node_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %ld status %04x nexthop %s via %s"), + syslog(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), n->name, n->hostname, n->cipher?n->cipher->nid:0, n->digest?n->digest->type:0, n->maclength, n->compression, n->options, n->status, n->nexthop?n->nexthop->name:"-", n->via?n->via->name:"-"); } diff --git a/src/protocol.c b/src/protocol.c index 9125cf6e..9f8be7e0 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.125 2002/03/22 11:43:48 guus Exp $ + $Id: protocol.c,v 1.28.4.126 2002/03/22 13:31:18 guus Exp $ */ #include "config.h" @@ -74,7 +74,7 @@ cp if(len < 0 || len > MAXBUFSIZE-1) { - syslog(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), request_name[request], c->name, c->hostname); + syslog(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), c->name, c->hostname); return -1; } diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 92e076a8..cbe0958d 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.4 2002/03/22 11:43:48 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.5 2002/03/22 13:31:18 guus Exp $ */ #include "config.h" @@ -473,7 +473,7 @@ cp gettimeofday(&now, NULL); c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; sockaddr2str(&c->address, &address, &port); - x = send_request(c, "%d %s %s %s %d %d", ACK, myport, address, port, c->estimated_weight, c->options); + x = send_request(c, "%d %s %s %s %d %lx", ACK, myport, address, port, c->estimated_weight, c->options); free(address); free(port); cp @@ -519,12 +519,12 @@ int ack_h(connection_t *c) char hisport[MAX_STRING_SIZE]; char *hisaddress, *dummy; int weight; - int options; + long int options; node_t *n; connection_t *other; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %d %d", hisport, myaddress, &weight, &options) != 4) + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %d %lx", hisport, myaddress, &weight, &options) != 4) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); return -1; diff --git a/src/protocol_edge.c b/src/protocol_edge.c index d6b55b01..7760eea9 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.5 2002/03/22 12:41:54 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.6 2002/03/22 13:31:18 guus Exp $ */ #include "config.h" @@ -90,7 +90,7 @@ int add_edge_h(connection_t *c) int weight; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d %*lx "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", + if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", from_name, from_address, from_udpport, to_name, to_address, to_udpport, &options, &weight) != 8) @@ -226,7 +226,7 @@ int del_edge_h(connection_t *c) connection_t *other; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d %*lx "MAX_STRING" "MAX_STRING"", from_name, to_name) != 2) + if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING"", from_name, to_name) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", c->name, c->hostname); diff --git a/src/protocol_key.c b/src/protocol_key.c index dc44b537..016fbff7 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.5 2002/03/21 23:11:53 guus Exp $ + $Id: protocol_key.c,v 1.1.4.6 2002/03/22 13:31:18 guus Exp $ */ #include "config.h" @@ -75,7 +75,7 @@ int key_changed_h(connection_t *c) connection_t *other; node_t *n; cp - if(sscanf(c->buffer, "%*d %*lx "MAX_STRING, name) != 1) + if(sscanf(c->buffer, "%*d %*x "MAX_STRING, name) != 1) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", c->name, c->hostname); diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index 3cea347b..7f6cfc17 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.2 2002/03/21 23:11:53 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.3 2002/03/22 13:31:18 guus Exp $ */ #include "config.h" @@ -66,7 +66,7 @@ int add_subnet_h(connection_t *c) subnet_t *s; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d %*lx "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) + if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_SUBNET", c->name, c->hostname); return -1; @@ -158,7 +158,7 @@ int del_subnet_h(connection_t *c) subnet_t *s, *find; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d %*lx "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) + if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_SUBNET", c->name, c->hostname); return -1; From ccea26e0044ea59a9722385c9d69b1bc703e884f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 23 Mar 2002 20:01:05 +0000 Subject: [PATCH 591/923] send_ack() was broken. --- src/protocol_auth.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/protocol_auth.c b/src/protocol_auth.c index cbe0958d..661381ba 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.5 2002/03/22 13:31:18 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.6 2002/03/23 20:01:05 guus Exp $ */ #include "config.h" @@ -473,7 +473,7 @@ cp gettimeofday(&now, NULL); c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; sockaddr2str(&c->address, &address, &port); - x = send_request(c, "%d %s %s %s %d %lx", ACK, myport, address, port, c->estimated_weight, c->options); + x = send_request(c, "%d %s %s %d %lx", ACK, myport, address, c->estimated_weight, c->options); free(address); free(port); cp From 6aee1ad021092d37538e15da22367789a4d4a763 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 23 Mar 2002 20:12:29 +0000 Subject: [PATCH 592/923] free() request strings when deleting past requests from the tree. --- src/protocol.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 9f8be7e0..f0c50709 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.126 2002/03/22 13:31:18 guus Exp $ + $Id: protocol.c,v 1.28.4.127 2002/03/23 20:12:29 guus Exp $ */ #include "config.h" @@ -146,16 +146,25 @@ cp return 0; } -int request_compare(past_request_t *a, past_request_t *b) +int past_request_compare(past_request_t *a, past_request_t *b) { cp return strcmp(a->request, b->request); } +void free_past_request(past_request_t *r) +{ +cp + if(r->request) + free(r->request); + free(r); +cp +} + void init_requests(void) { cp - past_request_tree = avl_alloc_tree((avl_compare_t)request_compare, (avl_action_t)free); + past_request_tree = avl_alloc_tree((avl_compare_t)past_request_compare, (avl_action_t)free_past_request); cp } From cbd8133ab4a2ea8a0c46224a5f1ae79e92819e5f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 23 Mar 2002 20:13:56 +0000 Subject: [PATCH 593/923] Don't run graph algorithms if no edge is deleted in terminate_connection(). --- src/net.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/net.c b/src/net.c index 5fd38235..d6809d5f 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.165 2002/03/22 11:43:46 guus Exp $ + $Id: net.c,v 1.35.4.166 2002/03/23 20:13:56 guus Exp $ */ #include "config.h" @@ -198,12 +198,12 @@ cp } edge_del(c->edge); + + /* Run MST and SSSP algorithms */ + + graph(); } - /* Run MST and SSSP algorithms */ - - graph(); - /* Check if this was our outgoing connection */ if(c->outgoing) From 594d5b5d15551bd802c43926c7cb8863b7531654 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 23 Mar 2002 20:21:10 +0000 Subject: [PATCH 594/923] Reset retry timeout when receiving the first PONG, not right after receiving the ACK. --- src/protocol_auth.c | 7 +------ src/protocol_misc.c | 7 ++++++- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 661381ba..6b5b8740 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.6 2002/03/23 20:01:05 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.7 2002/03/23 20:21:10 guus Exp $ */ #include "config.h" @@ -602,11 +602,6 @@ cp /* Run MST and SSSP algorithms */ graph(); - - /* Succesful connection, reset timeout if this is an outgoing connection. */ - - if(c->outgoing) - c->outgoing->timeout = 0; cp return 0; } diff --git a/src/protocol_misc.c b/src/protocol_misc.c index 0e4a86d7..9f1a5fb7 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_misc.c,v 1.1.4.2 2002/03/01 14:09:31 guus Exp $ + $Id: protocol_misc.c,v 1.1.4.3 2002/03/23 20:21:10 guus Exp $ */ #include "config.h" @@ -143,6 +143,11 @@ int pong_h(connection_t *c) { cp c->status.pinged = 0; + + /* Succesful connection, reset timeout if this is an outgoing connection. */ + + if(c->outgoing) + c->outgoing->timeout = 0; cp return 0; } From 6ad5dd1a9adb1c1322ceb44d6f0fd160229e72ff Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 24 Mar 2002 16:22:59 +0000 Subject: [PATCH 595/923] Don't try to execute scripts unless they exist. --- src/process.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/process.c b/src/process.c index a7f5d5ff..0b17d7ac 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.37 2002/03/19 00:07:09 guus Exp $ + $Id: process.c,v 1.1.2.38 2002/03/24 16:22:59 guus Exp $ */ #include "config.h" @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include @@ -260,7 +261,13 @@ int execute_script(const char *name) { pid_t pid; int status; + struct stat s; cp + /* First check if there is a script */ + + if(stat(name, &s)) + return 0; + if((pid = fork()) < 0) { syslog(LOG_ERR, _("System call `%s' failed: %s"), "fork", strerror(errno)); From d699f3079c658e05f928c358d110d1d27849ea71 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 24 Mar 2002 16:28:27 +0000 Subject: [PATCH 596/923] Execute hosts/name-up when a node becomes reachable, and hosts/name-down when it becomes unreachable. --- src/graph.c | 13 ++++++++++++- src/net.c | 7 ++++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/graph.c b/src/graph.c index 29e25db1..53152a54 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.10 2002/03/19 22:48:25 guus Exp $ + $Id: graph.c,v 1.1.2.11 2002/03/24 16:28:27 guus Exp $ */ /* We need to generate two trees from the graph: @@ -44,6 +44,9 @@ destination address and port of a node if possible. */ +#include "config.h" + +#include #include #include "config.h" #include @@ -59,6 +62,7 @@ #include "node.h" #include "edge.h" #include "connection.h" +#include "process.h" #include "system.h" @@ -152,6 +156,7 @@ void sssp_bfs(void) halfconnection_t to_hc, from_hc; avl_tree_t *todo_tree; int indirect; + char *name; todo_tree = avl_alloc_tree(NULL, NULL); @@ -255,6 +260,9 @@ void sssp_bfs(void) if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Node %s (%s) became reachable"), n->name, n->hostname); n->status.reachable = 1; + asprintf(&name, "hosts/%s-up", n->name); + execute_script(name); + free(name); } } else @@ -267,6 +275,9 @@ void sssp_bfs(void) n->status.validkey = 0; n->status.waitingforkey = 0; n->sent_seqno = 0; + asprintf(&name, "hosts/%s-down", n->name); + execute_script(name); + free(name); } } } diff --git a/src/net.c b/src/net.c index d6809d5f..0a23c821 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.166 2002/03/23 20:13:56 guus Exp $ + $Id: net.c,v 1.35.4.167 2002/03/24 16:28:27 guus Exp $ */ #include "config.h" @@ -298,7 +298,7 @@ cp c = (connection_t *)node->data; if(c->status.remove) - return; + continue; if(FD_ISSET(c->socket, f)) { @@ -379,9 +379,10 @@ cp if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) { - if(errno != EINTR) /* because of a signal */ + if(errno != EINTR && errno != EAGAIN) { syslog(LOG_ERR, _("Error while waiting for input: %s"), strerror(errno)); + dump_connections(); return; } } From 4252ae83a43ea81382ce71ba614e2d1655f2e189 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 24 Mar 2002 16:36:56 +0000 Subject: [PATCH 597/923] Set $INTERFACE correctly when using ethertap while compiled with tun/tap support. --- src/linux/device.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/linux/device.c b/src/linux/device.c index 450fcd1d..e896f547 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.7 2002/02/18 16:25:19 guus Exp $ + $Id: device.c,v 1.1.2.8 2002/03/24 16:36:56 guus Exp $ */ #include "config.h" @@ -130,6 +130,7 @@ cp { device_info = _("Linux ethertap device"); device_type = DEVICE_TYPE_ETHERTAP; + interface = rindex(device, '/')?rindex(device, '/')+1:device; } syslog(LOG_INFO, _("%s is a %s"), device, device_info); From ad4f5cbc5fbce23893b7d42669ba907f18cc8ff4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 24 Mar 2002 16:40:14 +0000 Subject: [PATCH 598/923] Updated dutch translation. --- po/nl.po | 233 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 123 insertions(+), 110 deletions(-) diff --git a/po/nl.po b/po/nl.po index b6358ad5..80a96401 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,8 +5,8 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-03-18 20:20+0100\n" -"PO-Revision-Date: 2002-03-18 20:20+0100\n" +"POT-Creation-Date: 2002-03-24 17:38+0100\n" +"PO-Revision-Date: 2002-03-24 17:38+0100\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" @@ -130,8 +130,8 @@ msgstr "Verbindingen:" #: src/connection.c:119 #, c-format -msgid " %s at %s options %ld socket %d status %04x" -msgstr " %s op %s opties %ld socket %d status %04x" +msgid " %s at %s options %lx socket %d status %04x" +msgstr " %s op %s opties %lx socket %d status %04x" #: src/connection.c:123 msgid "End of connections." @@ -206,19 +206,19 @@ msgstr "Fout tijdens schrijven naar %s (%s): %s" msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:413 +#: src/net.c:416 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:430 +#: src/net.c:433 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:447 +#: src/net.c:450 msgid "Rereading configuration file and restarting in 5 seconds..." msgstr "Herlezen configuratiebestand en herstarten na 5 seconden..." -#: src/net.c:454 +#: src/net.c:457 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." @@ -260,8 +260,8 @@ msgstr "Instellen prioriteit uitgaand pakket op %d" #. SO_PRIORITY doesn't seem to work #: src/net_packet.c:285 src/net_setup.c:483 src/net_socket.c:98 -#: src/net_socket.c:144 src/net_socket.c:171 src/process.c:265 -#: src/process.c:300 +#: src/net_socket.c:144 src/net_socket.c:171 src/process.c:273 +#: src/process.c:308 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" @@ -503,95 +503,104 @@ msgstr "Verbinding van %s" msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" -#: src/netutl.c:69 src/netutl.c:92 +#: src/netutl.c:65 src/netutl.c:88 #, c-format msgid "Error looking up %s port %s: %s\n" msgstr "Fout bij het opzoeken van %s poort %s: %s\n" -#: src/netutl.c:113 +#: src/netutl.c:109 #, c-format msgid "Error while translating addresses: %s" msgstr "Fout tijdens vertalen adressen: %s" -#: src/netutl.c:138 +#: src/netutl.c:134 #, c-format msgid "Error while looking up hostname: %s" msgstr "Fout bij het opzoeken van hostnaam: %s" -#: src/netutl.c:141 +#: src/netutl.c:137 #, c-format msgid "%s port %s" msgstr "%s poort %s" -#: src/netutl.c:170 +#: src/netutl.c:166 #, c-format msgid "sockaddrcmp() was called with unknown address family %d, exitting!" msgstr "" "sockaddrcmp() werd aangeroepen met onbekende adresfamilie %d, beëindigen!" -#: src/protocol.c:74 +#: src/protocol.c:77 #, c-format msgid "Output buffer overflow while sending request to %s (%s)" msgstr "Uitvoer buffer overvol tijdens zenden verzoek naar %s (%s)" -#: src/protocol.c:82 +#: src/protocol.c:85 #, c-format msgid "Sending %s to %s (%s): %s" msgstr "Verzending %s naar %s (%s): %s" -#: src/protocol.c:84 +#: src/protocol.c:87 #, c-format msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:101 +#: src/protocol.c:104 #, c-format msgid "Unknown request from %s (%s): %s" msgstr "Onbekend verzoek van %s (%s): %s" -#: src/protocol.c:104 +#: src/protocol.c:107 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:114 +#: src/protocol.c:117 #, c-format msgid "Got %s from %s (%s): %s" msgstr "Kreeg %s van %s (%s): %s" -#: src/protocol.c:117 +#: src/protocol.c:120 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:124 +#: src/protocol.c:127 #, c-format msgid "Unauthorized request from %s (%s)" msgstr "Niet toegestaan verzoek van %s (%s)" -#: src/protocol.c:131 +#: src/protocol.c:134 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:138 +#: src/protocol.c:141 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" +#: src/protocol.c:187 +msgid "Already seen request" +msgstr "Verzoek reeds gezien" + +#: src/protocol.c:218 +#, c-format +msgid "Aging past requests: deleted %d, left %d\n" +msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven\n" + #: src/protocol_auth.c:69 src/protocol_auth.c:224 src/protocol_auth.c:357 -#: src/protocol_auth.c:417 src/protocol_auth.c:530 src/protocol_edge.c:98 -#: src/protocol_edge.c:230 src/protocol_key.c:78 src/protocol_key.c:116 -#: src/protocol_key.c:184 src/protocol_misc.c:61 src/protocol_misc.c:91 -#: src/protocol_misc.c:172 src/protocol_subnet.c:71 src/protocol_subnet.c:160 +#: src/protocol_auth.c:417 src/protocol_auth.c:529 src/protocol_edge.c:98 +#: src/protocol_edge.c:231 src/protocol_key.c:80 src/protocol_key.c:128 +#: src/protocol_key.c:196 src/protocol_misc.c:61 src/protocol_misc.c:91 +#: src/protocol_misc.c:177 src/protocol_subnet.c:71 src/protocol_subnet.c:163 #, c-format msgid "Got bad %s from %s (%s)" msgstr "Kreeg verkeerde %s van %s (%s)" #: src/protocol_auth.c:77 src/protocol_edge.c:106 src/protocol_edge.c:112 -#: src/protocol_edge.c:239 src/protocol_edge.c:245 src/protocol_subnet.c:79 -#: src/protocol_subnet.c:87 src/protocol_subnet.c:168 -#: src/protocol_subnet.c:186 +#: src/protocol_edge.c:240 src/protocol_edge.c:246 src/protocol_subnet.c:79 +#: src/protocol_subnet.c:87 src/protocol_subnet.c:171 +#: src/protocol_subnet.c:189 #, c-format msgid "Got bad %s from %s (%s): %s" msgstr "Kreeg verkeerde %s van %s (%s): %s" @@ -637,7 +646,7 @@ msgstr "Ontving willekeurige meta key (niet versleuteld): %s" msgid "%s (%s) uses unknown cipher!" msgstr "%s (%s) gebruikt onbekende cipher!" -#: src/protocol_auth.c:296 src/protocol_key.c:255 +#: src/protocol_auth.c:296 src/protocol_key.c:267 #, c-format msgid "Node %s (%s) uses unknown digest!" msgstr "Node %s (%s) gebruikt onbekende digest!" @@ -660,60 +669,60 @@ msgstr "verkeerd antwoord op uitdaging" msgid "Expected challenge reply: %s" msgstr "Verwachtte antwoord op uitdaging: %s" -#: src/protocol_auth.c:550 +#: src/protocol_auth.c:549 #, c-format msgid "Established a second connection with %s (%s), closing old connection" msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" -#: src/protocol_auth.c:586 +#: src/protocol_auth.c:585 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol_edge.c:106 src/protocol_edge.c:112 src/protocol_edge.c:239 -#: src/protocol_edge.c:245 src/protocol_subnet.c:79 src/protocol_subnet.c:168 +#: src/protocol_edge.c:106 src/protocol_edge.c:112 src/protocol_edge.c:240 +#: src/protocol_edge.c:246 src/protocol_subnet.c:79 src/protocol_subnet.c:171 msgid "invalid name" msgstr "ongeldige naam" -#: src/protocol_edge.c:157 +#: src/protocol_edge.c:160 #, c-format msgid "Got %s from %s (%s) for ourself which does not match existing entry" msgstr "" "Kreeg %s van %s (%s) voor onszelf welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:164 +#: src/protocol_edge.c:167 #, c-format msgid "Got %s from %s (%s) which does not match existing entry" msgstr "Kreeg %s van %s (%s) welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:174 +#: src/protocol_edge.c:177 #, c-format msgid "Got %s from %s (%s) for ourself which does not exist" msgstr "Kreeg %s van %s (%s) voor onszelf welke niet bestaat" -#: src/protocol_edge.c:256 src/protocol_edge.c:265 src/protocol_edge.c:276 +#: src/protocol_edge.c:260 src/protocol_edge.c:269 src/protocol_edge.c:280 #, c-format msgid "Got %s from %s (%s) which does not appear in the edge tree" msgstr "Kreeg %s van %s (%s) welke niet voorkomt in de edge tree" -#: src/protocol_edge.c:283 src/protocol_subnet.c:115 src/protocol_subnet.c:211 +#: src/protocol_edge.c:287 src/protocol_subnet.c:118 src/protocol_subnet.c:217 #, c-format msgid "Got %s from %s (%s) for ourself" msgstr "Kreeg %s van %s (%s) voor onszelf" -#: src/protocol_key.c:87 +#: src/protocol_key.c:92 #, c-format msgid "Got %s from %s (%s) origin %s which does not exist" msgstr "Kreeg %s van %s (%s) herkomst %s welke niet bestaat" -#: src/protocol_key.c:125 src/protocol_key.c:193 +#: src/protocol_key.c:137 src/protocol_key.c:205 #, c-format msgid "" "Got %s from %s (%s) origin %s which does not exist in our connection list" msgstr "" "Kreeg %s van %s (%s) herkomst %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:134 src/protocol_key.c:202 +#: src/protocol_key.c:146 src/protocol_key.c:214 #, c-format msgid "" "Got %s from %s (%s) destination %s which does not exist in our connection " @@ -721,17 +730,17 @@ msgid "" msgstr "" "Kreeg %s van %s (%s) doel %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:234 +#: src/protocol_key.c:246 #, c-format msgid "Node %s (%s) uses unknown cipher!" msgstr "Node %s (%s) gebruikt onbekende cipher!" -#: src/protocol_key.c:239 +#: src/protocol_key.c:251 #, c-format msgid "Node %s (%s) uses wrong keylength!" msgstr "Node %s (%s) gebruikt verkeerde lengte sleutel!" -#: src/protocol_key.c:260 +#: src/protocol_key.c:272 #, c-format msgid "Node %s (%s) uses bogus MAC length!" msgstr "Node %s (%s) gebruikt onzinnige MAC lengte!" @@ -746,16 +755,16 @@ msgstr "Statusmelding van %s (%s): %s: %s" msgid "Error message from %s (%s): %s: %s" msgstr "Foutmelding van %s (%s): %s: %s" -#: src/protocol_subnet.c:87 src/protocol_subnet.c:186 +#: src/protocol_subnet.c:87 src/protocol_subnet.c:189 msgid "invalid subnet string" msgstr "ongeldige subnet string" -#: src/protocol_subnet.c:177 +#: src/protocol_subnet.c:180 #, c-format msgid "Got %s from %s (%s) for %s which is not in our node tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in de node boom" -#: src/protocol_subnet.c:201 +#: src/protocol_subnet.c:207 #, c-format msgid "Got %s from %s (%s) for %s which does not appear in his subnet tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in zijn subnet boom" @@ -836,8 +845,9 @@ msgstr "" msgid "" "Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, " "USR1, USR2, WINCH, INT or ALRM.\n" -msgstr "Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, KILL, " -"USR1, USR2, WINCH, INT of ALRM.\n" +msgstr "" +"Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, " +"KILL, USR1, USR2, WINCH, INT of ALRM.\n" #: src/tincd.c:184 #, c-format @@ -912,118 +922,118 @@ msgstr "Onherstelbare fout" msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/process.c:363 src/tincd.c:396 +#: src/process.c:371 src/tincd.c:396 msgid "Not restarting." msgstr "Geen herstart." -#: src/process.c:68 +#: src/process.c:69 #, c-format msgid "Memory exhausted (couldn't allocate %d bytes), exitting." msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." -#: src/process.c:98 +#: src/process.c:100 msgid "Terminating" msgstr "Beëindigen" -#: src/process.c:114 +#: src/process.c:116 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd draait al voor net `%s' met pid %d.\n" -#: src/process.c:117 +#: src/process.c:119 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met pid %d.\n" -#: src/process.c:138 +#: src/process.c:140 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:140 +#: src/process.c:142 msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:149 +#: src/process.c:151 #, c-format msgid "The tincd for net `%s' is no longer running. " msgstr "De tincd voor net `%s' draait niet meer. " -#: src/process.c:151 +#: src/process.c:153 msgid "The tincd is no longer running. " msgstr "De tincd draait niet meer. " -#: src/process.c:153 +#: src/process.c:155 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:181 +#: src/process.c:183 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:194 +#: src/process.c:196 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:197 +#: src/process.c:199 #, c-format msgid "tincd %s starting" msgstr "tincd %s wordt gestart" -#: src/process.c:272 +#: src/process.c:280 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:280 +#: src/process.c:288 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:288 +#: src/process.c:296 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:294 +#: src/process.c:302 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:319 +#: src/process.c:327 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:328 +#: src/process.c:336 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:335 +#: src/process.c:343 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %s (%s): geen herstart." -#: src/process.c:344 +#: src/process.c:352 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:349 +#: src/process.c:357 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:372 +#: src/process.c:380 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:381 +#: src/process.c:389 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:388 +#: src/process.c:396 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1032,41 +1042,41 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:399 +#: src/process.c:407 msgid "Got ALRM signal" msgstr "Kreeg ALRM signaal" -#: src/process.c:428 +#: src/process.c:436 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:437 +#: src/process.c:445 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:494 +#: src/process.c:502 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:77 +#: src/route.c:73 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:111 +#: src/route.c:107 #, c-format msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" -#: src/route.c:156 +#: src/route.c:152 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:176 +#: src/route.c:172 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1075,34 +1085,37 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:237 +#: src/route.c:233 msgid "" "Cannot route packet: received unknown type neighbor solicitation request" -msgstr "Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation verzoek" +msgstr "" +"Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation " +"verzoek" -#: src/route.c:258 +#: src/route.c:254 msgid "Cannot route packet: checksum error for neighbor solicitation request" -msgstr "Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek" +msgstr "" +"Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek" -#: src/route.c:270 +#: src/route.c:266 #, c-format msgid "" "Cannot route packet: neighbor solicitation request for unknown address %hx:%" "hx:%hx:%hx:%hx:%hx:%hx:%hx" msgstr "" -"Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres " -"%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx" +"Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres %" +"hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx" -#: src/route.c:345 +#: src/route.c:341 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:358 +#: src/route.c:354 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:415 +#: src/route.c:411 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" @@ -1114,10 +1127,10 @@ msgstr "Nodes:" #: src/node.c:166 #, c-format msgid "" -" %s at %s cipher %d digest %d maclength %d compression %d options %ld status " +" %s at %s cipher %d digest %d maclength %d compression %d options %lx status " "%04x nexthop %s via %s" msgstr "" -" %s op %s cipher %d digest %d maclengte %d compressie %d opties %ld status %" +" %s op %s cipher %d digest %d maclengte %d compressie %d opties %lx status %" "04x nexthop %s via %s" #: src/node.c:171 @@ -1130,19 +1143,19 @@ msgstr "Edges:" #: src/edge.c:204 #, c-format -msgid " %s tcp at %s udp at %s - %s tcp at %s udp at %s options %ld weight %d" -msgstr " %s tcp op %s udp op %s - %s tcp op %s udp op %s opties %ld gewicht %d" +msgid " %s at %s - %s at %s options %lx weight %d" +msgstr " %s op %s - %s op %s opties %lx gewicht %d" #: src/edge.c:214 msgid "End of edges." msgstr "Einde van edges." -#: src/graph.c:231 +#: src/graph.c:261 #, c-format msgid "Node %s (%s) became reachable" msgstr "Node %s (%s) werd bereikbaar" -#: src/graph.c:240 +#: src/graph.c:273 #, c-format msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" @@ -1166,49 +1179,49 @@ msgstr "Oud ioctl() verzoek was nodig voor %s" msgid "Linux ethertap device" msgstr "Linux ethertap apparaat" -#: src/freebsd/device.c:87 src/linux/device.c:135 src/netbsd/device.c:90 +#: src/freebsd/device.c:87 src/linux/device.c:136 src/netbsd/device.c:90 #: src/openbsd/device.c:90 src/solaris/device.c:132 #, c-format msgid "%s is a %s" msgstr "%s is een %s" -#: src/freebsd/device.c:108 src/linux/device.c:158 src/linux/device.c:168 +#: src/freebsd/device.c:108 src/linux/device.c:159 src/linux/device.c:169 #: src/netbsd/device.c:111 src/openbsd/device.c:111 src/solaris/device.c:149 #, c-format msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" -#: src/freebsd/device.c:117 src/linux/device.c:179 src/netbsd/device.c:126 +#: src/freebsd/device.c:117 src/linux/device.c:180 src/netbsd/device.c:126 #: src/openbsd/device.c:126 src/solaris/device.c:164 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" -#: src/freebsd/device.c:128 src/linux/device.c:190 src/netbsd/device.c:139 +#: src/freebsd/device.c:128 src/linux/device.c:191 src/netbsd/device.c:139 #: src/openbsd/device.c:139 src/solaris/device.c:175 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" -#: src/linux/device.c:197 src/linux/device.c:206 src/netbsd/device.c:149 +#: src/linux/device.c:198 src/linux/device.c:207 src/netbsd/device.c:149 #: src/openbsd/device.c:149 src/solaris/device.c:180 #, c-format msgid "Can't write to %s %s: %s" msgstr "Kan niet schrijven naar %s %s: %s" -#: src/freebsd/device.c:144 src/linux/device.c:219 src/netbsd/device.c:160 +#: src/freebsd/device.c:144 src/linux/device.c:220 src/netbsd/device.c:160 #: src/openbsd/device.c:160 src/solaris/device.c:192 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" -#: src/freebsd/device.c:145 src/linux/device.c:220 src/netbsd/device.c:161 +#: src/freebsd/device.c:145 src/linux/device.c:221 src/netbsd/device.c:161 #: src/openbsd/device.c:161 src/solaris/device.c:193 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" -#: src/freebsd/device.c:146 src/linux/device.c:221 src/netbsd/device.c:162 +#: src/freebsd/device.c:146 src/linux/device.c:222 src/netbsd/device.c:162 #: src/openbsd/device.c:162 src/solaris/device.c:194 #, c-format msgid " total bytes out: %10d" From 8379c14b7f7a9b1400dd3776fc21dc9ccddd991d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 24 Mar 2002 16:50:58 +0000 Subject: [PATCH 599/923] Respect type field. --- src/openbsd/device.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/openbsd/device.c b/src/openbsd/device.c index 8468b192..9a39ede1 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.5 2002/02/18 16:25:19 guus Exp $ + $Id: device.c,v 1.1.2.6 2002/03/24 16:50:58 guus Exp $ */ #include "config.h" @@ -114,8 +114,8 @@ cp memcpy(packet->data, mymac.net.mac.address.x, 6); memcpy(packet->data + 6, mymac.net.mac.address.x, 6); - packet->data[12] = 0x08; - packet->data[13] = 0x00; + packet->data[12] = (ntohl(type) >> 8) & 0xFF; + packet->data[13] = ntohl(type) & 0xFF; packet->len = lenin + 10; @@ -132,13 +132,15 @@ cp int write_packet(vpn_packet_t *packet) { - u_int32_t type = htonl(AF_INET); + u_int32_t type; struct iovec vector[2]; cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); + type = htonl((packet->data[12] << 8) + packet->data[13]); + vector[0].iov_base = &type; vector[0].iov_len = sizeof(type); vector[1].iov_base = packet->data + 14; From c73bdd6bc8e213b7e27848b97307228c01570a1d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 24 Mar 2002 17:08:38 +0000 Subject: [PATCH 600/923] OpenBSD tun device uses address family number instead of Ethernet type. --- src/openbsd/device.c | 37 +++++++++++++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/src/openbsd/device.c b/src/openbsd/device.c index 9a39ede1..bd061358 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.6 2002/03/24 16:50:58 guus Exp $ + $Id: device.c,v 1.1.2.7 2002/03/24 17:08:38 guus Exp $ */ #include "config.h" @@ -114,8 +114,22 @@ cp memcpy(packet->data, mymac.net.mac.address.x, 6); memcpy(packet->data + 6, mymac.net.mac.address.x, 6); - packet->data[12] = (ntohl(type) >> 8) & 0xFF; - packet->data[13] = ntohl(type) & 0xFF; + + switch(ntohl(type)) + { + case AF_INET: + packet->data[12] = 0x8; + packet->data[13] = 0x0; + break; + case AF_INET6: + packet->data[12] = 0x86; + packet->data[13] = 0xDD; + break; + default: + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, _("Unknown address family %s while reading packet from %s %s"), ntohl(type), device_info, device); + return -1; + } packet->len = lenin + 10; @@ -134,12 +148,27 @@ int write_packet(vpn_packet_t *packet) { u_int32_t type; struct iovec vector[2]; + int af; cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); - type = htonl((packet->data[12] << 8) + packet->data[13]); + af = (packet->data[12] << 8) + packet->data[13]; + + switch(af) + { + case 0x800: + type = htonl(AF_INET); + break; + case 0x86DD: + type = htonl(AF_INET6); + break; + default: + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, _("Unknown address family %s while writing packet to %s %s"), af, device_info, device); + return -1; + } vector[0].iov_base = &type; vector[0].iov_len = sizeof(type); From 2749b997df33749f13d05e294db0e1e327e81d12 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 24 Mar 2002 17:14:01 +0000 Subject: [PATCH 601/923] Configuration variables were still handled case sensitively. --- src/conf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/conf.c b/src/conf.c index 3bf9b85f..b39f4b65 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.53 2002/02/18 16:25:16 guus Exp $ + $Id: conf.c,v 1.9.4.54 2002/03/24 17:14:01 guus Exp $ */ #include "config.h" @@ -127,7 +127,7 @@ cp if(!found) return NULL; - if(strcmp(found->variable, variable)) + if(strcasecmp(found->variable, variable)) return NULL; return found; @@ -145,7 +145,7 @@ cp if(node->next) { found = (config_t *)node->next->data; - if(!strcmp(found->variable, cfg->variable)) + if(!strcasecmp(found->variable, cfg->variable)) return found; } } From 33d8747021d57c5827c6a755739756f95c7527c8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 25 Mar 2002 13:54:49 +0000 Subject: [PATCH 602/923] Set myself->status.reachable. --- src/net_setup.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/net_setup.c b/src/net_setup.c index 376d5a7e..cd2b7ea5 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.12 2002/03/22 11:43:48 guus Exp $ + $Id: net_setup.c,v 1.1.2.13 2002/03/25 13:54:49 guus Exp $ */ #include "config.h" @@ -464,6 +464,7 @@ cp myself->nexthop = myself; myself->via = myself; myself->status.active = 1; + myself->status.reachable = 1; node_add(myself); graph(); From 89a2f761a6d8ae4912c2dd2e9178589001487ef5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 25 Mar 2002 15:01:32 +0000 Subject: [PATCH 603/923] Updated documentation. --- doc/tinc.conf.5 | 17 ++---------- doc/tinc.texi | 72 +++++++++++++++++++++++++++++-------------------- doc/tincd.8 | 20 ++++++++------ 3 files changed, 57 insertions(+), 52 deletions(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 4de7c6de..78d9b74b 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -106,9 +106,6 @@ If .Qq any is selected, then depending on the operating system both IPv4 and IPv6 or just IPv6 listening sockets will be created. -.Pp -Mixing IPv4 and IPv6 may not work as desired. -It's best to choose one address family and use that for all tinc daemons on the VPN. .It Va BindToInterface Li = Ar interface Bq experimental If your computer has more than one network interface, .Nm tinc @@ -116,16 +113,6 @@ will by default listen on all of them for incoming connections. It is possible to bind only to a single interface with this variable. .Pp This option may not work on all platforms. -.It Va BindToIP Li = Ar address Bq experimental -If your computer has more than one IP address on a single interface -(for example if you are running virtual hosts), -.Nm tinc -will by default listen on all of them for incoming connections. -It is possible to bind only to a single IP address with this variable. -It is still possible to listen on several interfaces at the same time though, -if they share the same IP address. -.Pp -This option may not work on all platforms. .It Va ConnectTo Li = Ar name Specifies which other tinc daemon to connect to on startup. Multiple @@ -250,7 +237,7 @@ Any digest supported by OpenSSL is recognised. Furthermore, specifying .Qq none will turn off packet authentication. -.It Va IndirectData Li = yes | no Po no Pc Bq experimental +.It Va IndirectData Li = yes | no Pq no This option specifies whether other tinc daemons besides the one you specified with .Va ConnectTo can make a direct connection to you. @@ -297,7 +284,7 @@ Note that subnets like 192.168.1.1/24 are invalid! Read a networking HOWTO/FAQ/guide if you don't understand this. IPv6 subnets are notated like fec0:0:0:1:0:0:0:0/64. MAC addresses are notated like 0:1a:2b:3c:4d:5e. -.It Va TCPOnly Li = yes | no Po no Pc Bq experimental +.It Va TCPOnly Li = yes | no Pq no If this variable is set to yes, then the packets are tunnelled over the TCP connection instead of a UDP connection. This is especially useful for those who want to run a tinc daemon diff --git a/doc/tinc.texi b/doc/tinc.texi index abbfeb31..8f73e9f9 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.24 2002/03/25 15:01:32 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $ +$Id: tinc.texi,v 1.8.4.24 2002/03/25 15:01:32 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.23 2002/03/01 14:25:10 guus Exp $ +$Id: tinc.texi,v 1.8.4.24 2002/03/25 15:01:32 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -221,6 +221,8 @@ as this driver. These are: FreeBSD 3.x, 4.x, 5.x. tinc on OpenBSD relies on the tun driver for its data acquisition from the kernel. It has been verified to work under at least OpenBSD 2.9. +Tunneling IPv6 packets may not work on OpenBSD. + @c ================================================================== @subsection Solaris @@ -228,7 +230,9 @@ acquisition from the kernel. It has been verified to work under at least OpenBSD @cindex Solaris tinc on Solaris relies on the universal tun/tap driver for its data acquisition from the kernel. Therefore, tinc will work on the same platforms -as this driver. These are: Solaris, 2.1.x. +as this driver. These are: Solaris 8 (SunOS 5.8). + +IPv6 packets cannot be tunneled on Solaris. @c @@ -385,8 +389,8 @@ Unfortunately somebody still has to write the text. @subsection Configuration of Solaris kernels This section will contain information on how to configure your Solaris -kernel to support the universal tun/tap device. You need to install -this driver yourself. +kernel to support the universal tun/tap device. For Solaris 8 (SunOS 5.8), +this is included in the default kernel configuration. Unfortunately somebody still has to write the text. @@ -403,11 +407,12 @@ having installed it, configure will give you an error message, and stop. @menu * OpenSSL:: +* zlib:: @end menu @c ================================================================== -@node OpenSSL, , Libraries, Libraries +@node OpenSSL, zlib, Libraries, Libraries @subsection OpenSSL @cindex OpenSSL @@ -457,6 +462,29 @@ all other requirements of the GPL are met. @end quotation +@c ================================================================== +@node zlib, , OpenSSL, Libraries +@subsection zlib + +@cindex zlib +For the optional compression of UDP packets, tinc uses the functions provided +by the zlib library. + +If this library is not installed, you wil get an error when configuring +tinc for build. Support for running tinc without having zlib +installed @emph{may} be added in the future. + +You can use your operating system's package manager to install this if +available. Make sure you install the development AND runtime versions +of this package. + +If you have to install zlib manually, you can get the source code +from @url{http://www.gzip.org/zlib/}. Instructions on how to configure, +build and install this package are included within the package. Please +make sure you build development and runtime libraries (which is the +default). + + @c @c @c @@ -742,10 +770,6 @@ This option affects the address family of listening and outgoing sockets. If "any" is selected, then depending on the operating system both IPv4 and IPv6 or just IPv6 listening sockets will be created. -Mixing IPv4 and IPv6 may not work as desired. -It's best to choose one address family -and use that for all tinc daemons on the VPN. - @cindex BindToInterface @item BindToInterface = [experimental] If you have more than one network interface in your computer, tinc will @@ -755,17 +779,6 @@ variable. This option may not work on all platforms. -@cindex BindToIP -@item BindToIP =
    [experimental] -If your computer has more than one IP address on a single interface (for -example if you are running virtual hosts), tinc will by default listen -on all of them for incoming connections. It is possible to bind tinc to -a single IP address with this variable. It is still possible to listen -on several interfaces at the same time though, if they share the same IP -address. - -This option may not work on all platforms. - @cindex ConnectTo @item @strong{ConnectTo = } Specifies which host to connect to on startup. Multiple ConnectTo @@ -899,7 +912,7 @@ Any digest supported by OpenSSL is recognized. Furthermore, specifying "none" will turn off packet authentication. @cindex IndirectData -@item IndirectData = (no) [experimental] +@item IndirectData = (no) This option specifies whether other tinc daemons besides the one you specified with ConnectTo can make a direct connection to you. This is especially useful if you are behind a firewall and it is impossible to @@ -951,6 +964,9 @@ or they can be a IPv4 or IPv6 network address with a masklength. For example, IPv4 subnets must be in a form like 192.168.1.0/24, where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask. Note that subnets like 192.168.1.1/24 are invalid! +Read a networking HOWTO/FAQ/guide if you don't understand this. +IPv6 subnets are notated like fec0:0:0:1:0:0:0:0/64. +MAC addresses are notated like 0:1a:2b:3c:4d:5e. @cindex CIDR notation masklength is the number of bits set to 1 in the netmask part; for @@ -1058,8 +1074,7 @@ If you configured tinc to work in `switch' or `hub' mode, the hardware address s be set to a unique address instead of fe:fd:0:0:0:0. You can use the environment variable $INTERFACE to get the name of the interface. -If you are using the ethertap driver however, you need to replace it with tap@emph{N}, -corresponding to the device file name. +However, this might not be reliable. If in doubt, use the name of the interface explicitly. @cindex ifconfig The next line gives the interface an IP address and a netmask. @@ -1232,7 +1247,7 @@ In @file{/etc/tinc/company/tinc-up}: # Real interface of internal network: # ifconfig eth0 10.4.3.32 netmask 255.255.0.0 broadcast 10.4.255.255 -ifconfig company hw ether fe:fd:0a:04:03:20 +ifconfig company hw ether fe:fd:0:0:0:0 ifconfig company 10.4.3.32 netmask 255.0.0.0 ifconfig company -arp @end example @@ -1342,9 +1357,8 @@ in combination with -K). After that, tinc will quit. @item --help Display a short reminder of these runtime options and terminate. -@item -k, --kill -Attempt to kill a running tincd and exit. A TERM signal (15) gets sent -to the daemon that his its PID in @file{/var/run/tinc.NETNAME.pid}. +@item -k, --kill[=SIGNAL] +Attempt to kill a running tincd (optionally with the specified SIGNAL instead of SIGTERM) and exit. Use it in conjunction with the -n option to make sure you kill the right tinc daemon. @item -n, --net=NETNAME diff --git a/doc/tincd.8 b/doc/tincd.8 index 6c476105..831bbb1d 100644 --- a/doc/tincd.8 +++ b/doc/tincd.8 @@ -1,4 +1,4 @@ -.Dd 2002-02-07 +.Dd 2002-03-25 .Dt TINCD 8 .\" Manual page created by: .\" Ivo Timmermans @@ -55,7 +55,7 @@ Attempt to kill a running .Nm (optionally with the specified .Ar SIGNAL -instead of SIGQUIT) and exit. +instead of SIGTERM) and exit. .It Fl n, -net Ns = Ns Ar NETNAME Connect to net .Ar NETNAME . @@ -130,6 +130,14 @@ Purpose is to cleanly shut down the virtual network device before it will be dea .It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/* The directory containing the host configuration files used to authenticate other tinc daemons. +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -up +Script which is executed as soon as host +.Ar NAME +becomes reachable. +.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -down +Script which is executed as soon as host +.Ar NAME +becomes unreachable. .It Pa /var/run/tinc. Ns Ar NETNAME Ns Pa .pid The PID of the currently running .Nm @@ -137,12 +145,8 @@ is stored in this file. .El .Sh BUGS The -.Va BindToInterface , -.Va BindToIP , -.Va IndirectData -and -.Va TCPOnly -options may not work correctly. +.Va BindToInterface +option may not work correctly. .Pp .Sy The cryptography in tinc is not well tested yet. Use it at your own risk! .Pp From a0c1696515fabd2183da7d8d83fd68410d2ec834 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 25 Mar 2002 15:12:09 +0000 Subject: [PATCH 604/923] Tell a little bit more about security. --- doc/tinc.texi | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 8f73e9f9..dfd11598 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.24 2002/03/25 15:01:32 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.25 2002/03/25 15:12:09 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.24 2002/03/25 15:01:32 guus Exp $ +$Id: tinc.texi,v 1.8.4.25 2002/03/25 15:12:09 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.24 2002/03/25 15:01:32 guus Exp $ +$Id: tinc.texi,v 1.8.4.25 2002/03/25 15:12:09 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -1673,8 +1673,13 @@ the tinc project after TINC. But in order to be ``immune'' to eavesdropping, you'll have to encrypt your data. Because tinc is a @emph{Secure} VPN (SVPN) daemon, it does exactly that: encrypt. -tinc uses blowfish encryption in CBC mode, sequence numbers and message authentication codes -to make sure eavesdroppers cannot get and cannot change any information at all from the packets they can intercept. +tinc by default uses blowfish encryption with 256 bit keys in CBC mode, 32 bit +sequence numbers and 4 byte long message authentication codes to make sure +eavesdroppers cannot get and cannot change any information at all from the +packets they can intercept. The encryption algorithm and message authentication +algorithm can be changed in the configuration. The length of the message +authentication codes is also adjustable. The length of the key for the +encryption algorithm is always the maximum length that is supported. @menu * Authentication protocol:: From 2de5e0eef911b9ff723d562ef9c62d833f3cdc45 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 25 Mar 2002 15:51:58 +0000 Subject: [PATCH 605/923] Send REQ_KEY only once until ANS_KEY has arrived. --- src/net_packet.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/net_packet.c b/src/net_packet.c index dcdd73ca..7216fb5f 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.11 2002/03/18 22:47:20 guus Exp $ + $Id: net_packet.c,v 1.1.2.12 2002/03/25 15:51:58 guus Exp $ */ #include "config.h" @@ -215,6 +215,8 @@ cp if(!n->status.waitingforkey) send_req_key(n->nexthop->connection, myself, n); + n->status.waitingforkey = 1; + return; } From 7d07df71f9b82afdcf23494867bb8899198a6223 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 26 Mar 2002 12:00:38 +0000 Subject: [PATCH 606/923] Fix execute_script(). --- src/process.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/process.c b/src/process.c index 0b17d7ac..bdd81e3b 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.38 2002/03/24 16:22:59 guus Exp $ + $Id: process.c,v 1.1.2.39 2002/03/26 12:00:38 guus Exp $ */ #include "config.h" @@ -207,10 +207,9 @@ cp Execute the program name, with sane environment. All output will be redirected to syslog. */ -void _execute_script(const char *name) __attribute__ ((noreturn)); -void _execute_script(const char *name) +void _execute_script(const char *scriptname) __attribute__ ((noreturn)); +void _execute_script(const char *scriptname) { - char *scriptname; char *s; cp #ifdef HAVE_UNSETENV @@ -239,8 +238,6 @@ cp chdir("/"); - asprintf(&scriptname, "%s/%s", confbase, name); - /* Close all file descriptors */ closelog(); /* <- this means we cannot use syslog() here anymore! */ fcloseall(); @@ -262,10 +259,13 @@ int execute_script(const char *name) pid_t pid; int status; struct stat s; + char *scriptname; cp + asprintf(&scriptname, "%s/%s", confbase, name); + /* First check if there is a script */ - if(stat(name, &s)) + if(stat(scriptname, &s)) return 0; if((pid = fork()) < 0) @@ -279,6 +279,8 @@ cp if(debug_lvl >= DEBUG_STATUS) syslog(LOG_INFO, _("Executing script %s"), name); + free(scriptname); + if(waitpid(pid, &status, 0) == pid) { if(WIFEXITED(status)) /* Child exited by itself */ @@ -312,7 +314,7 @@ cp cp /* Child here */ - _execute_script(name); + _execute_script(scriptname); } From e2238047d39eacc69da5732937021c38171ec7b9 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 26 Mar 2002 13:19:56 +0000 Subject: [PATCH 607/923] Small correction. --- doc/tinc.texi | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index dfd11598..33d37eee 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.25 2002/03/25 15:12:09 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.26 2002/03/26 13:19:56 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.25 2002/03/25 15:12:09 guus Exp $ +$Id: tinc.texi,v 1.8.4.26 2002/03/26 13:19:56 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.25 2002/03/25 15:12:09 guus Exp $ +$Id: tinc.texi,v 1.8.4.26 2002/03/26 13:19:56 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -1673,13 +1673,13 @@ the tinc project after TINC. But in order to be ``immune'' to eavesdropping, you'll have to encrypt your data. Because tinc is a @emph{Secure} VPN (SVPN) daemon, it does exactly that: encrypt. -tinc by default uses blowfish encryption with 256 bit keys in CBC mode, 32 bit +tinc by default uses blowfish encryption with 128 bit keys in CBC mode, 32 bit sequence numbers and 4 byte long message authentication codes to make sure eavesdroppers cannot get and cannot change any information at all from the packets they can intercept. The encryption algorithm and message authentication algorithm can be changed in the configuration. The length of the message authentication codes is also adjustable. The length of the key for the -encryption algorithm is always the maximum length that is supported. +encryption algorithm is always the default length used by OpenSSL. @menu * Authentication protocol:: From 0e7136027ce05bfeca977f2f64f3b228ea4fda87 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 27 Mar 2002 14:02:36 +0000 Subject: [PATCH 608/923] Merge do_prune() with build_fdset(). Probably fixes the invalid filedescriptor error. --- src/net.c | 119 +++++++++++++++++++---------------------------- src/net_socket.c | 3 +- 2 files changed, 50 insertions(+), 72 deletions(-) diff --git a/src/net.c b/src/net.c index 0a23c821..41767d8f 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.167 2002/03/24 16:28:27 guus Exp $ + $Id: net.c,v 1.35.4.168 2002/03/27 14:02:36 guus Exp $ */ #include "config.h" @@ -68,40 +68,12 @@ #include "system.h" -int do_prune = 0; int do_purge = 0; int sighup = 0; int sigalrm = 0; time_t now = 0; -/* - put all file descriptors in an fd_set array -*/ -void build_fdset(fd_set *fs) -{ - avl_node_t *node; - connection_t *c; - int i; -cp - FD_ZERO(fs); - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - FD_SET(c->socket, fs); - } - - for(i = 0; i < listen_sockets; i++) - { - FD_SET(listen_socket[i].tcp, fs); - FD_SET(listen_socket[i].udp, fs); - } - - FD_SET(device_fd, fs); -cp -} - /* Purge edges and subnets of unreachable nodes. Use carefully. */ void purge(void) @@ -161,6 +133,42 @@ cp cp } +/* + put all file descriptors in an fd_set array + While we're at it, purge stuff that needs to be removed. +*/ +void build_fdset(fd_set *fs) +{ + avl_node_t *node, *next; + connection_t *c; + int i; +cp + FD_ZERO(fs); + + for(node = connection_tree->head; node; node = next) + { + next = node->next; + c = (connection_t *)node->data; + + if(c->status.remove) + connection_del(c); + else + FD_SET(c->socket, fs); + } + + if(!connection_tree->head) + purge(); + + for(i = 0; i < listen_sockets; i++) + { + FD_SET(listen_socket[i].tcp, fs); + FD_SET(listen_socket[i].udp, fs); + } + + FD_SET(device_fd, fs); +cp +} + /* Terminate a connection: - Close the socket @@ -181,6 +189,10 @@ cp c->name, c->hostname); c->status.remove = 1; + c->status.active = 0; + + if(c->node) + c->node->connection = NULL; if(c->socket) close(c->socket); @@ -211,13 +223,6 @@ cp retry_outgoing(c->outgoing); c->outgoing = NULL; } - - /* Deactivate */ - - c->status.active = 0; - if(c->node) - c->node->connection = NULL; - do_prune = 1; cp } @@ -285,14 +290,6 @@ cp route_outgoing(&packet); } - for(i = 0; i < listen_sockets; i++) - { - if(FD_ISSET(listen_socket[i].udp, f)) - handle_incoming_vpn_data(listen_socket[i].udp); - if(FD_ISSET(listen_socket[i].tcp, f)) - handle_new_meta_connection(listen_socket[i].tcp); - } - for(node = connection_tree->head; node; node = node->next) { c = (connection_t *)node->data; @@ -320,29 +317,18 @@ cp if(receive_meta(c) < 0) { terminate_connection(c, c->status.active); - return; + continue; } } } -cp -} -void prune_connections(void) -{ - connection_t *c; - avl_node_t *node, *next; -cp - for(node = connection_tree->head; node; node = next) + for(i = 0; i < listen_sockets; i++) { - next = node->next; - c = (connection_t *)node->data; - - if(c->status.remove) - connection_del(c); + if(FD_ISSET(listen_socket[i].udp, f)) + handle_incoming_vpn_data(listen_socket[i].udp); + if(FD_ISSET(listen_socket[i].tcp, f)) + handle_new_meta_connection(listen_socket[i].tcp); } - - if(!connection_tree->head) - purge(); cp } @@ -355,7 +341,6 @@ void main_loop(void) struct timeval tv; int r; time_t last_ping_check; - int t; event_t *event; cp last_ping_check = now; @@ -369,12 +354,6 @@ cp tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */ tv.tv_usec = 0; - if(do_prune) - { - prune_connections(); - do_prune = 0; - } - build_fdset(&fset); if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) @@ -382,13 +361,13 @@ cp if(errno != EINTR && errno != EAGAIN) { syslog(LOG_ERR, _("Error while waiting for input: %s"), strerror(errno)); + cp_trace(); dump_connections(); return; } } - if(r > 0) - check_network_activity(&fset); + check_network_activity(&fset); if(do_purge) { diff --git a/src/net_socket.c b/src/net_socket.c index fcc2e2fe..73e5fb61 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.10 2002/03/18 22:47:20 guus Exp $ + $Id: net_socket.c,v 1.1.2.11 2002/03/27 14:02:36 guus Exp $ */ #include "config.h" @@ -286,7 +286,6 @@ begin: if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_ERR, _("Could not set up a meta connection to %s"), c->name); c->status.remove = 1; - do_prune = 1; retry_outgoing(c->outgoing); return; } From 61cb593e670107ca3041f582c5486c243d5eda9e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 27 Mar 2002 15:01:16 +0000 Subject: [PATCH 609/923] Extend list_t with the number of elements in the list. --- lib/list.c | 8 +++++++- lib/list.h | 3 ++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/list.c b/lib/list.c index 3082406f..cb2d4d21 100644 --- a/lib/list.c +++ b/lib/list.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.9 2001/02/25 15:34:50 guus Exp $ + $Id: list.c,v 1.1.2.10 2002/03/27 15:01:16 guus Exp $ */ #include "config.h" @@ -81,6 +81,8 @@ list_node_t *list_insert_head(list_t *list, void *data) else list->tail = node; + list->count++; + return node; } @@ -100,6 +102,8 @@ list_node_t *list_insert_tail(list_t *list, void *data) else list->head = node; + list->count++; + return node; } @@ -114,6 +118,8 @@ void list_unlink_node(list_t *list, list_node_t *node) node->next->prev = node->prev; else list->tail = node->prev; + + list->count--; } void list_delete_node(list_t *list, list_node_t *node) diff --git a/lib/list.h b/lib/list.h index b62ab992..3e1735bf 100644 --- a/lib/list.h +++ b/lib/list.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.h,v 1.1.2.4 2001/01/07 17:08:50 guus Exp $ + $Id: list.h,v 1.1.2.5 2002/03/27 15:01:16 guus Exp $ */ #ifndef __TINC_LIST_H__ @@ -40,6 +40,7 @@ typedef struct list_t { list_node_t *head; list_node_t *tail; + int count; /* Callbacks */ From 5eba1e1f6feadb3f7efb1261bd65e1e9e40b7f2b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 27 Mar 2002 15:01:37 +0000 Subject: [PATCH 610/923] Limit the amount of packets in a queue to 8. --- src/net.h | 4 +++- src/net_packet.c | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/net.h b/src/net.h index f1493eb1..922c5cf1 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.48 2002/03/22 11:43:48 guus Exp $ + $Id: net.h,v 1.9.4.49 2002/03/27 15:01:36 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -42,6 +42,8 @@ #define MAXSOCKETS 128 /* Overkill... */ +#define MAXQUEUELENGTH 8 /* Maximum number of packats in a single queue */ + typedef struct mac_t { unsigned char x[6]; diff --git a/src/net_packet.c b/src/net_packet.c index 7216fb5f..fd2ae067 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.12 2002/03/25 15:51:58 guus Exp $ + $Id: net_packet.c,v 1.1.2.13 2002/03/27 15:01:37 guus Exp $ */ #include "config.h" @@ -212,6 +212,9 @@ cp list_insert_tail(n->queue, copy); + if(n->queue->count > MAXQUEUELENGTH) + list_delete_head(n->queue); + if(!n->status.waitingforkey) send_req_key(n->nexthop->connection, myself, n); From efd29fde85481e080a676f2ba780a528a90a9925 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 27 Mar 2002 15:26:29 +0000 Subject: [PATCH 611/923] Small updates. --- doc/tinc.conf.5 | 2 -- doc/tinc.texi | 10 +++++----- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 78d9b74b..9ac1575b 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -290,8 +290,6 @@ then the packets are tunnelled over the TCP connection instead of a UDP connecti This is especially useful for those who want to run a tinc daemon from behind a masquerading firewall, or if UDP packet routing is disabled somehow. -This is experimental code, try this at your own risk. -It may not work at all. Setting this options also implicitly sets IndirectData. .El .Sh FILES diff --git a/doc/tinc.texi b/doc/tinc.texi index 33d37eee..726655d3 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.26 2002/03/26 13:19:56 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.27 2002/03/27 15:26:29 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.26 2002/03/26 13:19:56 guus Exp $ +$Id: tinc.texi,v 1.8.4.27 2002/03/27 15:26:29 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.26 2002/03/26 13:19:56 guus Exp $ +$Id: tinc.texi,v 1.8.4.27 2002/03/27 15:26:29 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -961,6 +961,7 @@ Multiple subnet lines can be specified for each daemon. Subnets can either be single MAC, IPv4 or IPv6 addresses, in which case a subnet consisting of only that single address is assumed, or they can be a IPv4 or IPv6 network address with a masklength. +Shorthand notations are not supported. For example, IPv4 subnets must be in a form like 192.168.1.0/24, where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask. Note that subnets like 192.168.1.1/24 are invalid! @@ -979,8 +980,7 @@ example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes If this variable is set to yes, then the packets are tunnelled over a TCP connection instead of a UDP connection. This is especially useful for those who want to run a tinc daemon from behind a masquerading -firewall, or if UDP packet routing is disabled somehow. This is -experimental code, try this at your own risk. It may not work at all. +firewall, or if UDP packet routing is disabled somehow. Setting this options also implicitly sets IndirectData. @end table From c6d2f6c620beae387e8f9fc995ed7c8e8a5bc3dc Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 27 Mar 2002 15:26:44 +0000 Subject: [PATCH 612/923] Remove cruft. --- src/edge.c | 9 ++------- src/protocol.c | 4 +--- src/protocol_auth.c | 4 +--- src/protocol_edge.c | 14 +------------- 4 files changed, 5 insertions(+), 26 deletions(-) diff --git a/src/edge.c b/src/edge.c index da1cdb45..c35af07c 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.9 2002/03/22 13:31:18 guus Exp $ + $Id: edge.c,v 1.1.2.10 2002/03/27 15:26:43 guus Exp $ */ #include "config.h" @@ -189,25 +189,20 @@ void dump_edges(void) { avl_node_t *node; edge_t *e; - char *from_tcp, *from_udp; - char *to_tcp, *to_udp; + char *from_udp, *to_udp; cp syslog(LOG_DEBUG, _("Edges:")); for(node = edge_tree->head; node; node = node->next) { e = (edge_t *)node->data; -// from_tcp = sockaddr2hostname(&e->from.tcpaddress); from_udp = sockaddr2hostname(&e->from.udpaddress); -// to_tcp = sockaddr2hostname(&e->to.tcpaddress); to_udp = sockaddr2hostname(&e->to.udpaddress); syslog(LOG_DEBUG, _(" %s at %s - %s at %s options %lx weight %d"), e->from.node->name, from_udp, e->to.node->name, to_udp, e->options, e->weight); -// free(from_tcp); free(from_udp); -// free(to_tcp); free(to_udp); } diff --git a/src/protocol.c b/src/protocol.c index f0c50709..9b2ec91a 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.127 2002/03/23 20:12:29 guus Exp $ + $Id: protocol.c,v 1.28.4.128 2002/03/27 15:26:43 guus Exp $ */ #include "config.h" @@ -225,7 +225,6 @@ int (*request_handlers[])(connection_t*) = { id_h, metakey_h, challenge_h, chal_reply_h, ack_h, status_h, error_h, termreq_h, ping_h, pong_h, -// add_node_h, del_node_h, add_subnet_h, del_subnet_h, add_edge_h, del_edge_h, key_changed_h, req_key_h, ans_key_h, @@ -238,7 +237,6 @@ char (*request_name[]) = { "ID", "METAKEY", "CHALLENGE", "CHAL_REPLY", "ACK", "STATUS", "ERROR", "TERMREQ", "PING", "PONG", -// "ADD_NODE", "DEL_NODE", "ADD_SUBNET", "DEL_SUBNET", "ADD_EDGE", "DEL_EDGE", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 6b5b8740..074b7d13 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.7 2002/03/23 20:21:10 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.8 2002/03/27 15:26:44 guus Exp $ */ #include "config.h" @@ -562,10 +562,8 @@ cp c->edge = new_edge(); cp c->edge->from.node = myself; -// c->edge->from.tcpaddress = str2sockaddr(address, port); c->edge->from.udpaddress = str2sockaddr(myaddress, myport); c->edge->to.node = n; -// c->edge->to.tcpaddress = c->address; sockaddr2str(&c->address, &hisaddress, &dummy); c->edge->to.udpaddress = str2sockaddr(hisaddress, hisport); free(hisaddress); diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 7760eea9..0d3218e8 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.6 2002/03/22 13:31:18 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.7 2002/03/27 15:26:44 guus Exp $ */ #include "config.h" @@ -51,20 +51,14 @@ int send_add_edge(connection_t *c, edge_t *e) char *from_udpaddress, *from_udpport; char *to_udpaddress, *to_udpport; cp -// sockaddr2str(&e->from.tcpaddress, &from_tcpaddress, &from_tcpport); sockaddr2str(&e->from.udpaddress, &from_udpaddress, &from_udpport); -// sockaddr2str(&e->to.tcpaddress, &to_tcpaddress, &to_tcpport); sockaddr2str(&e->to.udpaddress, &to_udpaddress, &to_udpport); x = send_request(c, "%d %lx %s %s %s %s %s %s %lx %d", ADD_EDGE, random(), e->from.node->name, from_udpaddress, from_udpport, e->to.node->name, to_udpaddress, to_udpport, e->options, e->weight); -// free(from_tcpaddress); -// free(from_tcpport); free(from_udpaddress); free(from_udpport); -// free(to_tcpaddress); -// free(to_tcpport); free(to_udpaddress); free(to_udpport); cp @@ -79,10 +73,8 @@ int add_edge_h(connection_t *c) char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; char from_address[MAX_STRING_SIZE]; -// char from_tcpport[MAX_STRING_SIZE]; char from_udpport[MAX_STRING_SIZE]; char to_address[MAX_STRING_SIZE]; -// char to_tcpport[MAX_STRING_SIZE]; char to_udpport[MAX_STRING_SIZE]; sockaddr_t from_udpaddress; sockaddr_t to_udpaddress; @@ -138,9 +130,7 @@ cp /* Convert addresses */ -// from_tcpaddress = str2sockaddr(from_address, from_tcpport); from_udpaddress = str2sockaddr(from_address, from_udpport); -// to_tcpaddress = str2sockaddr(to_address, to_tcpport); to_udpaddress = str2sockaddr(to_address, to_udpport); /* Check if edge already exists */ @@ -185,10 +175,8 @@ cp e = new_edge(); e->from.node = from; -// e->from.tcpaddress = from_tcpaddress; e->from.udpaddress = from_udpaddress; e->to.node = to; -// e->to.tcpaddress = to_tcpaddress; e->to.udpaddress = to_udpaddress; e->options = options; e->weight = weight; From a5d8be8b1a9978d58c251d1020bb730bb1dc8ea1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 27 Mar 2002 15:35:07 +0000 Subject: [PATCH 613/923] Recent automake uses $(AMTAR) instead of $(TAR) --- doc/Makefile.maint | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/Makefile.maint b/doc/Makefile.maint index 947e338f..75804f0a 100644 --- a/doc/Makefile.maint +++ b/doc/Makefile.maint @@ -35,4 +35,4 @@ $(dyn_MANS): %.8: %.x $(HELP2MAN) fi sample-config.tar.gz: - GZIP=$(GZIP_ENV) $(TAR) chozf sample-config.tar.gz sample-config + GZIP=$(GZIP_ENV) $(AMTAR) chozf sample-config.tar.gz sample-config From 420f46acb0551a290b3263e39347b694286b2fa4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 27 Mar 2002 15:47:06 +0000 Subject: [PATCH 614/923] Remove symlink to device.c when doing a make dist. --- src/Makefile.am | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Makefile.am b/src/Makefile.am index d769071c..32aee666 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.20 2002/02/18 16:25:16 guus Exp $ +# $Id: Makefile.am,v 1.4.4.21 2002/03/27 15:47:06 guus Exp $ sbin_PROGRAMS = tincd @@ -24,5 +24,8 @@ localedir = $(datadir)/locale CFLAGS = @CFLAGS@ -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"$(sysconfdir)\" \ -DLOCALEDIR=\"$(localedir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" +dist-hook: + rm -f `find . -type l` + lint: $(tincd_SOURCES) lclint -nullassign -nullret +trytorecover +posixlib -skipansiheaders -skipposixheaders +gnuextensions -I/usr/include -I/usr/lib/gcc-lib/i386-linux/2.95.2/include -I. -I/home/zarq/p/tinc/cvs/cabal/src -I.. -I.. -I/home/zarq/p/tinc/cvs/cabal/lib -I/home/zarq/p/tinc/cvs/cabal/intl -D_POSIX_SOURCE -D__ELF__ -Dunix -D__i386__ -Dlinux -DHAVE_CONFIG_H -DPKGLIBDIR=/usr/local/lib/tinc -DCONFDIR=\"/usr/local/etc\" -DLOCALEDIR=\"/usr/local/share/locale\" $^ From 0fe3dc38ed0527a5cfda9218114c8ee10422086b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 27 Mar 2002 16:00:38 +0000 Subject: [PATCH 615/923] Fix format strings. --- src/openbsd/device.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/openbsd/device.c b/src/openbsd/device.c index bd061358..3d7099f2 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.7 2002/03/24 17:08:38 guus Exp $ + $Id: device.c,v 1.1.2.8 2002/03/27 16:00:38 guus Exp $ */ #include "config.h" @@ -127,7 +127,7 @@ cp break; default: if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Unknown address family %s while reading packet from %s %s"), ntohl(type), device_info, device); + syslog(LOG_ERR, _("Unknown address family %d while reading packet from %s %s"), ntohl(type), device_info, device); return -1; } @@ -166,7 +166,7 @@ cp break; default: if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Unknown address family %s while writing packet to %s %s"), af, device_info, device); + syslog(LOG_ERR, _("Unknown address family %d while writing packet to %s %s"), af, device_info, device); return -1; } From 33d3bad87d5f3e00e3ed81b75bca2ef21fd6e983 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 27 Mar 2002 16:00:49 +0000 Subject: [PATCH 616/923] Update dutch translation. --- po/nl.po | 166 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 85 insertions(+), 81 deletions(-) diff --git a/po/nl.po b/po/nl.po index 80a96401..29515eb6 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,8 +5,8 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-03-24 17:38+0100\n" -"PO-Revision-Date: 2002-03-24 17:38+0100\n" +"POT-Creation-Date: 2002-03-27 16:59+0100\n" +"PO-Revision-Date: 2002-03-27 16:59+0100\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" @@ -172,53 +172,53 @@ msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:116 +#: src/net.c:88 msgid "Purging unreachable nodes" msgstr "Verwijderen onbereikbare nodes" -#: src/net.c:126 +#: src/net.c:98 #, c-format msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:180 +#: src/net.c:188 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:248 +#: src/net.c:253 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:261 +#: src/net.c:266 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:314 src/net_socket.c:253 +#: src/net.c:311 src/net_socket.c:253 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:384 +#: src/net.c:363 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:416 +#: src/net.c:395 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:433 +#: src/net.c:412 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:450 +#: src/net.c:429 msgid "Rereading configuration file and restarting in 5 seconds..." msgstr "Herlezen configuratiebestand en herstarten na 5 seconden..." -#: src/net.c:457 +#: src/net.c:436 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." @@ -248,74 +248,74 @@ msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net_packet.c:232 +#: src/net_packet.c:237 #, c-format msgid "Error while compressing packet to %s (%s)" msgstr "Fout tijdens comprimeren pakket naar %s (%s)" -#: src/net_packet.c:283 +#: src/net_packet.c:288 #, c-format msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" #. SO_PRIORITY doesn't seem to work -#: src/net_packet.c:285 src/net_setup.c:483 src/net_socket.c:98 +#: src/net_packet.c:290 src/net_setup.c:484 src/net_socket.c:98 #: src/net_socket.c:144 src/net_socket.c:171 src/process.c:273 -#: src/process.c:308 +#: src/process.c:310 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" -#: src/net_packet.c:291 +#: src/net_packet.c:296 #, c-format msgid "Error sending packet to %s (%s): %s" msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net_packet.c:308 +#: src/net_packet.c:313 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net_packet.c:315 +#: src/net_packet.c:320 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net_packet.c:324 +#: src/net_packet.c:329 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net_packet.c:332 +#: src/net_packet.c:337 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net_packet.c:352 +#: src/net_packet.c:357 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net_packet.c:369 +#: src/net_packet.c:374 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:391 +#: src/net_packet.c:396 #, c-format msgid "This is a bug: %s:%d: %d:%s" msgstr "Dit is een programmeerfout: %s:%d: %d:%s" -#: src/net_packet.c:398 +#: src/net_packet.c:403 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net_packet.c:404 +#: src/net_packet.c:409 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:415 +#: src/net_packet.c:420 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" @@ -401,16 +401,16 @@ msgstr "Onzinnige MAC lengte!" msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:498 +#: src/net_setup.c:499 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:509 +#: src/net_setup.c:510 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:512 +#: src/net_setup.c:513 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" @@ -448,12 +448,12 @@ msgstr "Kan niet aan %s/udp binden: %s" msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net_socket.c:228 src/net_socket.c:323 +#: src/net_socket.c:228 src/net_socket.c:322 #, c-format msgid "Trying to connect to %s (%s)" msgstr "Poging tot verbinden met %s (%s)" -#: src/net_socket.c:234 src/net_socket.c:330 +#: src/net_socket.c:234 src/net_socket.c:329 #, c-format msgid "Creating socket for %s failed: %s" msgstr "Aanmaken socket voor %s mislukt: %s" @@ -468,37 +468,37 @@ msgstr "Verbonden met %s (%s)" msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net_socket.c:351 +#: src/net_socket.c:350 #, c-format msgid "fcntl for %s: %s" msgstr "fcntl voor %s: %s" -#: src/net_socket.c:369 +#: src/net_socket.c:368 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/net_socket.c:390 +#: src/net_socket.c:389 #, c-format msgid "Already connected to %s" msgstr "Reeds verbonden met %s" -#: src/net_socket.c:409 +#: src/net_socket.c:408 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net_socket.c:436 +#: src/net_socket.c:435 #, c-format msgid "Accepting a new connection failed: %s" msgstr "Aanname van nieuwe verbinding is mislukt: %s" -#: src/net_socket.c:454 +#: src/net_socket.c:453 #, c-format msgid "Connection from %s" msgstr "Verbinding van %s" -#: src/net_socket.c:476 +#: src/net_socket.c:475 #, c-format msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" @@ -589,16 +589,16 @@ msgid "Aging past requests: deleted %d, left %d\n" msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven\n" #: src/protocol_auth.c:69 src/protocol_auth.c:224 src/protocol_auth.c:357 -#: src/protocol_auth.c:417 src/protocol_auth.c:529 src/protocol_edge.c:98 -#: src/protocol_edge.c:231 src/protocol_key.c:80 src/protocol_key.c:128 +#: src/protocol_auth.c:417 src/protocol_auth.c:529 src/protocol_edge.c:90 +#: src/protocol_edge.c:219 src/protocol_key.c:80 src/protocol_key.c:128 #: src/protocol_key.c:196 src/protocol_misc.c:61 src/protocol_misc.c:91 #: src/protocol_misc.c:177 src/protocol_subnet.c:71 src/protocol_subnet.c:163 #, c-format msgid "Got bad %s from %s (%s)" msgstr "Kreeg verkeerde %s van %s (%s)" -#: src/protocol_auth.c:77 src/protocol_edge.c:106 src/protocol_edge.c:112 -#: src/protocol_edge.c:240 src/protocol_edge.c:246 src/protocol_subnet.c:79 +#: src/protocol_auth.c:77 src/protocol_edge.c:98 src/protocol_edge.c:104 +#: src/protocol_edge.c:228 src/protocol_edge.c:234 src/protocol_subnet.c:79 #: src/protocol_subnet.c:87 src/protocol_subnet.c:171 #: src/protocol_subnet.c:189 #, c-format @@ -674,38 +674,38 @@ msgstr "Verwachtte antwoord op uitdaging: %s" msgid "Established a second connection with %s (%s), closing old connection" msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" -#: src/protocol_auth.c:585 +#: src/protocol_auth.c:583 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol_edge.c:106 src/protocol_edge.c:112 src/protocol_edge.c:240 -#: src/protocol_edge.c:246 src/protocol_subnet.c:79 src/protocol_subnet.c:171 +#: src/protocol_edge.c:98 src/protocol_edge.c:104 src/protocol_edge.c:228 +#: src/protocol_edge.c:234 src/protocol_subnet.c:79 src/protocol_subnet.c:171 msgid "invalid name" msgstr "ongeldige naam" -#: src/protocol_edge.c:160 +#: src/protocol_edge.c:150 #, c-format msgid "Got %s from %s (%s) for ourself which does not match existing entry" msgstr "" "Kreeg %s van %s (%s) voor onszelf welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:167 +#: src/protocol_edge.c:157 #, c-format msgid "Got %s from %s (%s) which does not match existing entry" msgstr "Kreeg %s van %s (%s) welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:177 +#: src/protocol_edge.c:167 #, c-format msgid "Got %s from %s (%s) for ourself which does not exist" msgstr "Kreeg %s van %s (%s) voor onszelf welke niet bestaat" -#: src/protocol_edge.c:260 src/protocol_edge.c:269 src/protocol_edge.c:280 +#: src/protocol_edge.c:248 src/protocol_edge.c:257 src/protocol_edge.c:268 #, c-format msgid "Got %s from %s (%s) which does not appear in the edge tree" msgstr "Kreeg %s van %s (%s) welke niet voorkomt in de edge tree" -#: src/protocol_edge.c:287 src/protocol_subnet.c:118 src/protocol_subnet.c:217 +#: src/protocol_edge.c:275 src/protocol_subnet.c:118 src/protocol_subnet.c:217 #, c-format msgid "Got %s from %s (%s) for ourself" msgstr "Kreeg %s van %s (%s) voor onszelf" @@ -922,7 +922,7 @@ msgstr "Onherstelbare fout" msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/process.c:371 src/tincd.c:396 +#: src/process.c:373 src/tincd.c:396 msgid "Not restarting." msgstr "Geen herstart." @@ -987,53 +987,53 @@ msgstr "tincd %s wordt gestart" msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:288 +#: src/process.c:290 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:296 +#: src/process.c:298 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:302 +#: src/process.c:304 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:327 +#: src/process.c:329 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:336 +#: src/process.c:338 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:343 +#: src/process.c:345 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %s (%s): geen herstart." -#: src/process.c:352 +#: src/process.c:354 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:357 +#: src/process.c:359 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:380 +#: src/process.c:382 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:389 +#: src/process.c:391 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:396 +#: src/process.c:398 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1042,21 +1042,21 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:407 +#: src/process.c:409 msgid "Got ALRM signal" msgstr "Kreeg ALRM signaal" -#: src/process.c:436 +#: src/process.c:438 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:445 +#: src/process.c:447 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:502 +#: src/process.c:504 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" @@ -1137,16 +1137,16 @@ msgstr "" msgid "End of nodes." msgstr "Einde van nodes." -#: src/edge.c:195 +#: src/edge.c:194 msgid "Edges:" msgstr "Edges:" -#: src/edge.c:204 +#: src/edge.c:201 #, c-format msgid " %s at %s - %s at %s options %lx weight %d" msgstr " %s op %s - %s op %s opties %lx gewicht %d" -#: src/edge.c:214 +#: src/edge.c:209 msgid "End of edges." msgstr "Einde van edges." @@ -1192,37 +1192,37 @@ msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" #: src/freebsd/device.c:117 src/linux/device.c:180 src/netbsd/device.c:126 -#: src/openbsd/device.c:126 src/solaris/device.c:164 +#: src/openbsd/device.c:140 src/solaris/device.c:164 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" #: src/freebsd/device.c:128 src/linux/device.c:191 src/netbsd/device.c:139 -#: src/openbsd/device.c:139 src/solaris/device.c:175 +#: src/openbsd/device.c:154 src/solaris/device.c:175 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" #: src/linux/device.c:198 src/linux/device.c:207 src/netbsd/device.c:149 -#: src/openbsd/device.c:149 src/solaris/device.c:180 +#: src/openbsd/device.c:180 src/solaris/device.c:180 #, c-format msgid "Can't write to %s %s: %s" msgstr "Kan niet schrijven naar %s %s: %s" #: src/freebsd/device.c:144 src/linux/device.c:220 src/netbsd/device.c:160 -#: src/openbsd/device.c:160 src/solaris/device.c:192 +#: src/openbsd/device.c:191 src/solaris/device.c:192 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" #: src/freebsd/device.c:145 src/linux/device.c:221 src/netbsd/device.c:161 -#: src/openbsd/device.c:161 src/solaris/device.c:193 +#: src/openbsd/device.c:192 src/solaris/device.c:193 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" #: src/freebsd/device.c:146 src/linux/device.c:222 src/netbsd/device.c:162 -#: src/openbsd/device.c:162 src/solaris/device.c:194 +#: src/openbsd/device.c:193 src/solaris/device.c:194 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" @@ -1278,8 +1278,12 @@ msgstr "NetBSD tun apparaat" msgid "OpenBSD tun device" msgstr "OpenBSD tun apparaat" -#~ msgid "You must be root to run this program.\n" -#~ msgstr "Je moet systeembeheerder zijn om dit programma te kunnen draaien.\n" +#: src/openbsd/device.c:130 +#, c-format +msgid "Unknown address family %d while reading packet from %s %s" +msgstr "Onbekende adresfamilie tijdens lezen pakket van %s %s" -#~ msgid "Got SEGV signal" -#~ msgstr "Kreeg SEGV signaal" +#: src/openbsd/device.c:169 +#, c-format +msgid "Unknown address family %d while writing packet to %s %s" +msgstr "Onbekende adresfamilie tijdens schrijven pakket naar %s %s" From 9a03e7fa3d52ea062b4a3ff88b5d87ee95d24772 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 27 Mar 2002 16:26:26 +0000 Subject: [PATCH 617/923] Update with information about the pre6 release. --- NEWS | 23 +++++++++++++++++++++++ README | 33 ++++++++++++++++++++++++--------- 2 files changed, 47 insertions(+), 9 deletions(-) diff --git a/NEWS b/NEWS index 45b68e70..d3e7da6e 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,26 @@ +version 1.0pre6 Mar 27 2002 + +* Improvement of redundant links: + + * Non-blocking connects. + + * Protocol broadcast messages can no longer go into an infinite loop. + + * Graph algorithm updated to look harder for direct connections. + +* Good support for routing IPv6 packets over the VPN. Works on Linux, + FreeBSD, possibly OpenBSD but not on Solaris. + +* Support for tunnels over IPv6 networks. Works on all supported + operating systems. + +* Optional compression of UDP connections using zlib. + +* Optionally let UDP connections inherit TOS field of tunneld packets. + +* Optionally start scripts when certain hosts become (un)reachable. + + version 1.0pre5 Feb 9 2002 * Security enhancements: diff --git a/README b/README index 818a8d0d..ca45c4a6 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is the README file for tinc version 1.0pre5. Installation +This is the README file for tinc version 1.0pre6. Installation instructions may be found in the INSTALL file. tinc is Copyright (C) 1998-2002 by: @@ -27,7 +27,9 @@ uses strong authentication with RSA keys. On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc 1.0pre4. Due to a lack of sequence numbers and a message authentication code for each packet, an attacker could possibly disrupt certain network services or -launch a denial of service attack by replaying intercepted packets. +launch a denial of service attack by replaying intercepted packets. The current +version adds sequence numbers and message authentication codes to prevent such +attacks. Cryptography is a hard thing to get right. We cannot make any guarantees. Time, review and feedback are the only things that can @@ -35,8 +37,8 @@ prove the security of any cryptographic product. If you wish to review tinc or give us feedback, you are stronly encouraged to do so. -Changes to configuration file format ------------------------------------- +Changes to configuration file format since 1.0pre5 +-------------------------------------------------- Some configuration variables have different names now. Most notably "TapDevice" should be changed into "Device", and "Device" should be changed into @@ -53,6 +55,11 @@ this library is not installed on you system, configure will fail. The manual in doc/tinc.texi contains more detailed information on how to install this library. +Since 1.0pre6, the zlib library is used for optional compression. You need this +library whether or not you plan to enable the compression. You can find it at +http://www.gzip.org/zlib/. Because of a possible exploit in earlier versions we +recommand that you download version 1.1.4 or later. + In order to compile tinc, you will also need autoconf, automake, GNU make, m4 and gettext. @@ -88,7 +95,8 @@ Since pre5, tinc can operate in several routing modes. The default mode, "router", works exactly like the older version, and uses Subnet lines to determine the destination of packets. The other two modes, "switch" and "hub", allow the tinc daemons to work together like a single network switch or hub. -This is useful for bridging networks. +This is useful for bridging networks. The latter modes only work properly on +Linux and FreeBSD. The algorithms used for encryption and generating message authentication codes can now be changed in the configuration files. All cipher and digest algorithms @@ -96,7 +104,14 @@ supported by OpenSSL can be used. Useful ciphers are "blowfish" (default), "bf-ofb", "des", "des3", etcetera. Useful digests are "sha1" (default), "md5", etcetera. -Preliminary support for routing IPv6 packets has been added. Just add Subnet -lines with IPv6 addresses (without using :: abbreviations) and use ifconfig to -give the virtual network interface corresponding IPv6 addresses. -Autoconfiguration will not work in router mode. +Support for routing IPv6 packets has been added. Just add Subnet lines with +IPv6 addresses (without using :: abbreviations) and use ifconfig or ip (from +the iproute package) to give the virtual network interface corresponding IPv6 +addresses. Autoconfiguration will not work in router mode. Tunneling IPv6 +packets only works on Linux, FreeBSD and possibly OpenBSD. + +It is also possible to make tunnels to other tinc daemons over IPv6 networks. +In order to enable this feature the option "AddressFamily = any" or +"AddressFamily = ipv6" must be added to the tinc.conf file. The host +configuration files should contain IPv6 addresses for the "Address" variables, +or hostnames which have an AAAA or A6 record. From 3d8a373bb3a788efffc555122b9d0569b96c5944 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 27 Mar 2002 19:43:50 +0000 Subject: [PATCH 618/923] Make configure --help output look nicer. --- m4/zlib.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/m4/zlib.m4 b/m4/zlib.m4 index 8407838a..d5fbc675 100644 --- a/m4/zlib.m4 +++ b/m4/zlib.m4 @@ -5,14 +5,14 @@ AC_DEFUN(tinc_ZLIB, tinc_ac_save_CPPFLAGS="$CPPFLAGS" AC_ARG_WITH(zlib-include, - [ --with-zlib-include=DIR zlib headers directory], + [ --with-zlib-include=DIR zlib headers directory], [zlib_include="$withval" CFLAGS="$CFLAGS -I$withval" CPPFLAGS="$CPPFLAGS -I$withval"] ) AC_ARG_WITH(zlib-lib, - [ --with-zlib-lib=DIR zlib library directory], + [ --with-zlib-lib=DIR zlib library directory], [zlib_lib="$withval" LIBS="$LIBS -L$withval"] ) From 438419734ebee38dc3f7390e5c8ae8e6ca2cb6cf Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 1 Apr 2002 21:28:05 +0000 Subject: [PATCH 619/923] Don't check_network_activity() if select() is interrupted by a signal. --- src/net.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/net.c b/src/net.c index 41767d8f..1df4e9ec 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.168 2002/03/27 14:02:36 guus Exp $ + $Id: net.c,v 1.35.4.169 2002/04/01 21:28:05 guus Exp $ */ #include "config.h" @@ -365,6 +365,8 @@ cp dump_connections(); return; } + + continue; } check_network_activity(&fset); From d8c249008a0b2abd44e652ed70e69b3dbc05b9d8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 1 Apr 2002 21:28:39 +0000 Subject: [PATCH 620/923] check_rsa() is broken, I don't know why, just remove it for now. --- src/net_setup.c | 36 +----------------------------------- 1 file changed, 1 insertion(+), 35 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index cd2b7ea5..b5dc727f 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.13 2002/03/25 13:54:49 guus Exp $ + $Id: net_setup.c,v 1.1.2.14 2002/04/01 21:28:39 guus Exp $ */ #include "config.h" @@ -184,34 +184,6 @@ cp return -1; } -int check_rsa_key(RSA *rsa_key) -{ - char *test1, *test2, *test3; -cp - if(rsa_key->p && rsa_key->q) - { - if(RSA_check_key(rsa_key) != 1) - return -1; - } - else - { - test1 = xmalloc(RSA_size(rsa_key)); - test2 = xmalloc(RSA_size(rsa_key)); - test3 = xmalloc(RSA_size(rsa_key)); - - if(RSA_public_encrypt(RSA_size(rsa_key), test1, test2, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) - return -1; - - if(RSA_private_decrypt(RSA_size(rsa_key), test2, test3, rsa_key, RSA_NO_PADDING) != RSA_size(rsa_key)) - return -1; - - if(memcmp(test1, test3, RSA_size(rsa_key))) - return -1; - } -cp - return 0; -} - /* Configure node_t myself and set up the local sockets (listen only) */ @@ -263,12 +235,6 @@ cp return -1; cp - if(check_rsa_key(myself->connection->rsa_key)) - { - syslog(LOG_ERR, _("Invalid public/private keypair!")); - return -1; - } - if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport)) asprintf(&myport, "655"); From ad6b1203490699ecc708290b2af1a45e134a5e20 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 5 Apr 2002 09:11:38 +0000 Subject: [PATCH 621/923] Fix maskcheck() and maskcmp(). --- src/netutl.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/netutl.c b/src/netutl.c index c59a34b8..20d3809d 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.33 2002/03/19 00:08:23 guus Exp $ + $Id: netutl.c,v 1.12.4.34 2002/04/05 09:11:38 guus Exp $ */ #include "config.h" @@ -191,7 +191,7 @@ cp return result; if(m) - return (a[i] & (0x100 - (m << 1))) - (b[i] & (0x100 - (m << 1))); + return (a[i] & (0x100 - (1 << (8 - m)))) - (b[i] & (0x100 - (1 << (8 - m)))); return 0; } @@ -204,7 +204,7 @@ cp masklen %= 8; if(masklen) - a[i++] &= (0x100 - (masklen << 1)); + a[i++] &= (0x100 - (1 << masklen)); for(; i < len; i++) a[i] = 0; @@ -219,7 +219,7 @@ cp if(m) { - a[i] = b[i] & (0x100 - (m << 1)); + a[i] = b[i] & (0x100 - (1 << m)); i++; } @@ -235,7 +235,7 @@ cp masklen %= 8; if(masklen) - if(a[i++] & ~(0x100 - (masklen << 1))) + if(a[i++] & (char)~(0x100 - (1 << masklen))) return -1; for(; i < len; i++) From 630dd023b990e076fdab890ff90783dc1ac7c13f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 8 Apr 2002 13:27:09 +0000 Subject: [PATCH 622/923] Automake forgets about depcomp, remind it. --- Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 1c152cae..805c3123 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,12 +6,12 @@ SUBDIRS = m4 intl lib src doc po ACLOCAL_AMFLAGS = -EXTRA_DIST = system.h COPYING.README +EXTRA_DIST = system.h COPYING.README depcomp CVS_CREATED = ABOUT-NLS configure aclocal.m4 config.h.in config.guess \ config.sub install-sh ltconfig ltmain.sh missing mkinstalldirs \ stamp-h.in m4/Makefile.am ChangeLog po/Makefile.in.in \ - po/tinc.pot src/.libs intl + po/tinc.pot src/.libs intl depcomp ChangeLog: cvs2cl -U cvsusers --fsf From 5df8a8cb3f4a0d2290f6677b44bbcaaf27a60bbc Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 9 Apr 2002 11:42:48 +0000 Subject: [PATCH 623/923] masklength is better known as prefixlength. --- src/conf.c | 8 ++++---- src/subnet.c | 34 +++++++++++++++++----------------- src/subnet.h | 6 +++--- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/src/conf.c b/src/conf.c index b39f4b65..bc29e071 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.54 2002/03/24 17:14:01 guus Exp $ + $Id: conf.c,v 1.9.4.55 2002/04/09 11:42:48 guus Exp $ */ #include "config.h" @@ -255,10 +255,10 @@ cp /* Teach newbies what subnets are... */ - if(((subnet->type == SUBNET_IPV4) && maskcheck((char *)&subnet->net.ipv4.address, subnet->net.ipv4.masklength, sizeof(ipv4_t))) - || ((subnet->type == SUBNET_IPV6) && maskcheck((char *)&subnet->net.ipv6.address, subnet->net.ipv6.masklength, sizeof(ipv6_t)))) + if(((subnet->type == SUBNET_IPV4) && maskcheck((char *)&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) + || ((subnet->type == SUBNET_IPV6) && maskcheck((char *)&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) { - syslog(LOG_ERR, _("Network address and mask length do not match for configuration variable %s in %s line %d"), + syslog(LOG_ERR, _("Network address and prefix length do not match for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); free(subnet); return 0; diff --git a/src/subnet.c b/src/subnet.c index 5e096252..0320957f 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.33 2002/03/12 14:20:44 guus Exp $ + $Id: subnet.c,v 1.1.2.34 2002/04/09 11:42:48 guus Exp $ */ #include "config.h" @@ -63,7 +63,7 @@ cp if(result) return result; - return a->net.ipv4.masklength - b->net.ipv4.masklength; + return a->net.ipv4.prefixlength - b->net.ipv4.prefixlength; } int subnet_compare_ipv6(subnet_t *a, subnet_t *b) @@ -75,7 +75,7 @@ cp if(result) return result; - return a->net.ipv6.masklength - b->net.ipv6.masklength; + return a->net.ipv6.prefixlength - b->net.ipv6.prefixlength; } int subnet_compare(subnet_t *a, subnet_t *b) @@ -185,7 +185,7 @@ cp &l) == 5) { subnet->type = SUBNET_IPV4; - subnet->net.ipv4.masklength = l; + subnet->net.ipv4.prefixlength = l; for(i = 0; i < 4; i++) subnet->net.ipv4.address.x[i] = x[i]; return subnet; @@ -196,7 +196,7 @@ cp &l) == 9) { subnet->type = SUBNET_IPV6; - subnet->net.ipv6.masklength = l; + subnet->net.ipv6.prefixlength = l; for(i = 0; i < 8; i++) subnet->net.ipv6.address.x[i] = htons(x[i]); return subnet; @@ -206,7 +206,7 @@ cp &x[0], &x[1], &x[2], &x[3]) == 4) { subnet->type = SUBNET_IPV4; - subnet->net.ipv4.masklength = 32; + subnet->net.ipv4.prefixlength = 32; for(i = 0; i < 4; i++) subnet->net.ipv4.address.x[i] = x[i]; return subnet; @@ -216,7 +216,7 @@ cp &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7]) == 8) { subnet->type = SUBNET_IPV6; - subnet->net.ipv6.masklength = 128; + subnet->net.ipv6.prefixlength = 128; for(i = 0; i < 8; i++) subnet->net.ipv6.address.x[i] = htons(x[i]); return subnet; @@ -256,7 +256,7 @@ cp subnet->net.ipv4.address.x[1], subnet->net.ipv4.address.x[2], subnet->net.ipv4.address.x[3], - subnet->net.ipv4.masklength); + subnet->net.ipv4.prefixlength); break; case SUBNET_IPV6: asprintf(&netstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", @@ -268,7 +268,7 @@ cp ntohs(subnet->net.ipv6.address.x[5]), ntohs(subnet->net.ipv6.address.x[6]), ntohs(subnet->net.ipv6.address.x[7]), - subnet->net.ipv6.masklength); + subnet->net.ipv6.prefixlength); break; default: syslog(LOG_ERR, _("net2str() was called with unknown subnet type %d, exitting!"), subnet->type); @@ -305,7 +305,7 @@ subnet_t *lookup_subnet_ipv4(ipv4_t *address) cp subnet.type = SUBNET_IPV4; memcpy(&subnet.net.ipv4.address, address, sizeof(ipv4_t)); - subnet.net.ipv4.masklength = 32; + subnet.net.ipv4.prefixlength = 32; do { @@ -323,14 +323,14 @@ cp break; } - if (!maskcmp((char *)address, (char *)&p->net.ipv4.address, p->net.ipv4.masklength, sizeof(ipv4_t))) + if (!maskcmp((char *)address, (char *)&p->net.ipv4.address, p->net.ipv4.prefixlength, sizeof(ipv4_t))) break; else { /* Otherwise, see if there is a bigger enclosing subnet */ - subnet.net.ipv4.masklength = p->net.ipv4.masklength - 1; - maskcpy((char *)&subnet.net.ipv4.address, (char *)&p->net.ipv4.address, subnet.net.ipv4.masklength, sizeof(ipv4_t)); + subnet.net.ipv4.prefixlength = p->net.ipv4.prefixlength - 1; + maskcpy((char *)&subnet.net.ipv4.address, (char *)&p->net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t)); } } } while (p); @@ -344,7 +344,7 @@ subnet_t *lookup_subnet_ipv6(ipv6_t *address) cp subnet.type = SUBNET_IPV6; memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); - subnet.net.ipv6.masklength = 128; + subnet.net.ipv6.prefixlength = 128; do { @@ -360,14 +360,14 @@ cp if(p->type != SUBNET_IPV6) return NULL; - if (!maskcmp((char *)address, (char *)&p->net.ipv6.address, p->net.ipv6.masklength, sizeof(ipv6_t))) + if (!maskcmp((char *)address, (char *)&p->net.ipv6.address, p->net.ipv6.prefixlength, sizeof(ipv6_t))) break; else { /* Otherwise, see if there is a bigger enclosing subnet */ - subnet.net.ipv6.masklength = p->net.ipv6.masklength - 1; - maskcpy((char *)&subnet.net.ipv6.address, (char *)&p->net.ipv6.address, subnet.net.ipv6.masklength, sizeof(ipv6_t)); + subnet.net.ipv6.prefixlength = p->net.ipv6.prefixlength - 1; + maskcpy((char *)&subnet.net.ipv6.address, (char *)&p->net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)); } } } while (p); diff --git a/src/subnet.h b/src/subnet.h index 7e926e4f..be20315b 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.17 2002/03/01 14:09:31 guus Exp $ + $Id: subnet.h,v 1.1.2.18 2002/04/09 11:42:48 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -42,13 +42,13 @@ typedef struct subnet_mac_t typedef struct subnet_ipv4_t { ipv4_t address; - int masklength; + int prefixlength; } subnet_ipv4_t; typedef struct subnet_ipv6_t { ipv6_t address; - int masklength; + int prefixlength; } subnet_ipv6_t; #include "node.h" From b1322d244ff24e900f2298b8aa775d825c8ab00b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 9 Apr 2002 11:43:29 +0000 Subject: [PATCH 624/923] masklength is better known as prefixlength --- doc/PROTOCOL | 4 ++-- doc/tinc.conf.5 | 6 +++--- doc/tinc.texi | 20 ++++++++++---------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/doc/PROTOCOL b/doc/PROTOCOL index 61e2c77b..da9c75ba 100644 --- a/doc/PROTOCOL +++ b/doc/PROTOCOL @@ -12,7 +12,7 @@ This is the protocol documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: PROTOCOL,v 1.1.2.5 2002/02/10 21:57:51 guus Exp $ + $Id: PROTOCOL,v 1.1.2.6 2002/04/09 11:43:29 guus Exp $ 1. Protocols used in tinc @@ -78,7 +78,7 @@ origin ADD_EDGE node1 12.23.34.45 655 node2 21.32.43.54 655 222 0 +------------------> name of node on one side of the edge origin ADD_SUBNET node 192.168.1.0/24 - | | +--> masklength + | | +--> prefixlength | +--------> IPv4 network address +------------------> owner of this subnet -------------------------------------------------------------------------- diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 9ac1575b..2dfdf070 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -1,4 +1,4 @@ -.Dd 2002-02-06 +.Dd 2002-04-09 .Dt TINC.CONF 5 .\" Manual page created by: .\" Ivo Timmermans @@ -264,7 +264,7 @@ the above two options then are not necessary. Either the PEM format is used, or exactly one of the above two options must be specified in each host configuration file, if you want to be able to establish a connection with that host. -.It Va Subnet Li = Ar address Ns Op Li / Ns Ar masklength +.It Va Subnet Li = Ar address Ns Op Li / Ns Ar prefixlength The subnet which this tinc daemon will serve. .Nm tinc tries to look up which other daemon it should send a packet to by searching the appropriate subnet. @@ -276,7 +276,7 @@ variables can be specified. .Pp Subnets can either be single MAC, IPv4 or IPv6 addresses, in which case a subnet consisting of only that single address is assumed, -or they can be a IPv4 or IPv6 network address with a masklength. +or they can be a IPv4 or IPv6 network address with a prefixlength. Shorthand notations are not supported. For example, IPv4 subnets must be in a form like 192.168.1.0/24, where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask. diff --git a/doc/tinc.texi b/doc/tinc.texi index 726655d3..5ce852e9 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.27 2002/03/27 15:26:29 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.28 2002/04/09 11:43:29 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.27 2002/03/27 15:26:29 guus Exp $ +$Id: tinc.texi,v 1.8.4.28 2002/04/09 11:43:29 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.27 2002/03/27 15:26:29 guus Exp $ +$Id: tinc.texi,v 1.8.4.28 2002/04/09 11:43:29 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -951,7 +951,7 @@ in each host configuration file, if you want to be able to establish a connection with that host. @cindex Subnet -@item Subnet = +@item Subnet = The subnet which this tinc daemon will serve. tinc tries to look up which other daemon it should send a packet to by searching the appropiate subnet. If the packet matches a subnet, @@ -960,7 +960,7 @@ Multiple subnet lines can be specified for each daemon. Subnets can either be single MAC, IPv4 or IPv6 addresses, in which case a subnet consisting of only that single address is assumed, -or they can be a IPv4 or IPv6 network address with a masklength. +or they can be a IPv4 or IPv6 network address with a prefixlength. Shorthand notations are not supported. For example, IPv4 subnets must be in a form like 192.168.1.0/24, where 192.168.1.0 is the network address and 24 is the number of bits set in the netmask. @@ -970,7 +970,7 @@ IPv6 subnets are notated like fec0:0:0:1:0:0:0:0/64. MAC addresses are notated like 0:1a:2b:3c:4d:5e. @cindex CIDR notation -masklength is the number of bits set to 1 in the netmask part; for +prefixlength is the number of bits set to 1 in the netmask part; for example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes /22. This conforms to standard CIDR notation as described in @uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519} @@ -1403,8 +1403,8 @@ only, so keep an eye on it! @item Something is not configured right. Packets are being sent out to the virtual network device, but according to the Subnet directives in your host configuration file, those packets should go to your own host. Most common mistake is that -you have a Subnet line in your host configuration file with a netmask which is -just as large as the netmask of the virtual network interface. The latter should in almost all +you have a Subnet line in your host configuration file with a prefix length which is +just as large as the prefix of the virtual network interface. The latter should in almost all cases be larger. Rethink your configuration. Note that you will only see this message if you specified a debug level of 5 or higher! @@ -1424,7 +1424,7 @@ Jan 1 12:00:00 host tinc.net[1234]: Trying to look up 0.0.192.168 in connection @item Add the `ifconfig $INTERFACE -arp' to tinc-up. @end itemize -@item Network address and subnet mask do not match! +@item Network address and prefix length do not match! @itemize @item The Subnet field must contain a @emph{network} address. @@ -1594,7 +1594,7 @@ origin ADD_EDGE node1 12.23.34.45 655 node2 21.32.43.54 655 222 0 +------------------> name of node on one side of the edge origin ADD_SUBNET node 192.168.1.0/24 - | | +--> masklength + | | +--> prefixlength | +--------> IPv4 network address +------------------> owner of this subnet -------------------------------------------------------------------------- From f2a3fcbdda250e5982c3ef36808568f996f8fff1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 9 Apr 2002 11:43:45 +0000 Subject: [PATCH 625/923] Updated dutch translation. --- po/nl.po | 55 +++++++++++++++++++++++++++---------------------------- 1 file changed, 27 insertions(+), 28 deletions(-) diff --git a/po/nl.po b/po/nl.po index 29515eb6..0f37900c 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-03-27 16:59+0100\n" +"POT-Creation-Date: 2002-04-09 13:41+0200\n" "PO-Revision-Date: 2002-03-27 16:59+0100\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -44,10 +44,10 @@ msgstr "Subnet verwacht voor configuratievariabele %s in %s regel %d" #: src/conf.c:261 #, c-format msgid "" -"Network address and mask length do not match for configuration variable %s " +"Network address and prefix length do not match for configuration variable %s " "in %s line %d" msgstr "" -"Netwerk adres en maskerlengte komen niet overeen bij configuratievariabele %" +"Netwerk adres en prefix lengte komen niet overeen bij configuratievariabele %" "s in %s regel %d" #: src/conf.c:369 @@ -206,19 +206,19 @@ msgstr "Fout tijdens schrijven naar %s (%s): %s" msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:395 +#: src/net.c:397 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:412 +#: src/net.c:414 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:429 +#: src/net.c:431 msgid "Rereading configuration file and restarting in 5 seconds..." msgstr "Herlezen configuratiebestand en herstarten na 5 seconden..." -#: src/net.c:436 +#: src/net.c:438 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." @@ -259,7 +259,7 @@ msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" #. SO_PRIORITY doesn't seem to work -#: src/net_packet.c:290 src/net_setup.c:484 src/net_socket.c:98 +#: src/net_packet.c:290 src/net_setup.c:450 src/net_socket.c:98 #: src/net_socket.c:144 src/net_socket.c:171 src/process.c:273 #: src/process.c:310 #, c-format @@ -345,72 +345,68 @@ msgstr "Fout tijdens lezen RSA priv msgid "Reading RSA private key file `%s' failed: %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:230 src/net_setup.c:231 +#: src/net_setup.c:202 src/net_setup.c:203 msgid "MYSELF" msgstr "MIJZELF" -#: src/net_setup.c:238 +#: src/net_setup.c:210 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net_setup.c:244 +#: src/net_setup.c:216 msgid "Invalid name for myself!" msgstr "Ongeldige naam voor mijzelf!" -#: src/net_setup.c:258 +#: src/net_setup.c:230 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net_setup.c:268 -msgid "Invalid public/private keypair!" -msgstr "Ongeldig publiek/privé sleutelpaar!" - -#: src/net_setup.c:321 +#: src/net_setup.c:287 msgid "Invalid routing mode!" msgstr "Ongeldige routing modus!" -#: src/net_setup.c:332 +#: src/net_setup.c:298 msgid "PriorityInheritance not supported on this platform" msgstr "PriorityInheritance wordt niet ondersteund op dit platform" -#: src/net_setup.c:342 +#: src/net_setup.c:308 msgid "Bogus maximum timeout!" msgstr "Onzinnige maximum timeout!" -#: src/net_setup.c:359 +#: src/net_setup.c:325 msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:381 +#: src/net_setup.c:347 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:416 +#: src/net_setup.c:382 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:432 +#: src/net_setup.c:398 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:437 +#: src/net_setup.c:403 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:453 +#: src/net_setup.c:419 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:499 +#: src/net_setup.c:465 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:510 +#: src/net_setup.c:476 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:513 +#: src/net_setup.c:479 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" @@ -1287,3 +1283,6 @@ msgstr "Onbekende adresfamilie tijdens lezen pakket van %s %s" #, c-format msgid "Unknown address family %d while writing packet to %s %s" msgstr "Onbekende adresfamilie tijdens schrijven pakket naar %s %s" + +#~ msgid "Invalid public/private keypair!" +#~ msgstr "Ongeldig publiek/privé sleutelpaar!" From e69d2258032362c85c5936a5c137c70227e59332 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 9 Apr 2002 11:44:47 +0000 Subject: [PATCH 626/923] Remarks about 1.0pre7 release. --- NEWS | 12 +++++++++++- README | 2 +- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index d3e7da6e..0317dd5a 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,13 @@ +version 1.0pre7 Apr 7 2002 + +* Don't do blocking read()s when getting a signal. + +* Remove RSA key checking code, since it sometimes thinks perfectly good RSA + keys are bad. + +* Fix handling of subnets when prefixlength isn't divisible by 8. + + version 1.0pre6 Mar 27 2002 * Improvement of redundant links: @@ -16,7 +26,7 @@ version 1.0pre6 Mar 27 2002 * Optional compression of UDP connections using zlib. -* Optionally let UDP connections inherit TOS field of tunneld packets. +* Optionally let UDP connections inherit TOS field of tunneled packets. * Optionally start scripts when certain hosts become (un)reachable. diff --git a/README b/README index ca45c4a6..d75d7f65 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is the README file for tinc version 1.0pre6. Installation +This is the README file for tinc version 1.0pre7. Installation instructions may be found in the INSTALL file. tinc is Copyright (C) 1998-2002 by: From 97d492d9e23f43fe4c8a5ca8c95747088cf32f98 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Thu, 18 Apr 2002 20:09:05 +0000 Subject: [PATCH 627/923] Put #ifndef checks for HAVE_RAND_PSEUDO_BYTES in the correct places. --- src/net.c | 6 +++++- src/net_packet.c | 6 +----- src/net_socket.c | 6 +++++- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/net.c b/src/net.c index 1df4e9ec..30c73d90 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.169 2002/04/01 21:28:05 guus Exp $ + $Id: net.c,v 1.35.4.170 2002/04/18 20:09:05 zarq Exp $ */ #include "config.h" @@ -68,6 +68,10 @@ #include "system.h" +#ifndef HAVE_RAND_PSEUDO_BYTES +#define RAND_pseudo_bytes RAND_bytes +#endif + int do_purge = 0; int sighup = 0; int sigalrm = 0; diff --git a/src/net_packet.c b/src/net_packet.c index fd2ae067..f0423c10 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.13 2002/03/27 15:01:37 guus Exp $ + $Id: net_packet.c,v 1.1.2.14 2002/04/18 20:09:05 zarq Exp $ */ #include "config.h" @@ -50,10 +50,6 @@ #include #include -#ifndef HAVE_RAND_PSEUDO_BYTES -#define RAND_pseudo_bytes RAND_bytes -#endif - #include #include diff --git a/src/net_socket.c b/src/net_socket.c index 73e5fb61..5111ec25 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.11 2002/03/27 14:02:36 guus Exp $ + $Id: net_socket.c,v 1.1.2.12 2002/04/18 20:09:05 zarq Exp $ */ #include "config.h" @@ -66,6 +66,10 @@ #include "system.h" +#ifndef HAVE_RAND_PSEUDO_BYTES +#define RAND_pseudo_bytes RAND_bytes +#endif + int addressfamily = AF_INET; int maxtimeout = 900; int seconds_till_retry = 5; From 40c2e36a96a3f5c34d4851b30f3561123f3906b5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 19 Apr 2002 14:06:40 +0000 Subject: [PATCH 628/923] Support for MaxOS/X. --- acconfig.h | 3 +++ configure.in | 22 ++++++++++++++++++++-- src/netutl.c | 3 ++- src/route.c | 3 ++- system.h | 4 ++++ 5 files changed, 31 insertions(+), 4 deletions(-) diff --git a/acconfig.h b/acconfig.h index 41fdb995..f8e234fd 100644 --- a/acconfig.h +++ b/acconfig.h @@ -75,3 +75,6 @@ /* Define to enable use of old SSLeay_add_all_algorithms() function */ #undef HAVE_SSLEAY_ADD_ALL_ALGORITHMS + +/* Define if there a socklen_t */ +#undef HAVE_SOCKLEN_T diff --git a/configure.in b/configure.in index 2c1fa700..d8b68e4c 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.43 2002/03/22 11:43:46 guus Exp $ +dnl $Id: configure.in,v 1.13.2.44 2002/04/19 14:06:40 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -42,6 +42,10 @@ case $host_os in AC_DEFINE(HAVE_FREEBSD) [ rm -f src/device.c; ln -sf freebsd/device.c src/device.c ] ;; + *darwin*) + AC_DEFINE(HAVE_FREEBSD) + [ rm -f src/device.c; ln -sf freebsd/device.c src/device.c ] + ;; *solaris*) AC_DEFINE(HAVE_SOLARIS) [ rm -f src/device.c; ln -sf solaris/device.c src/device.c ] @@ -54,6 +58,9 @@ case $host_os in AC_DEFINE(HAVE_NETBSD) [ rm -f src/device.c; ln -sf netbsd/device.c src/device.c ] ;; + *) + AC_MSG_ERROR("Unknown operating system.") + ;; esac AC_CACHE_SAVE @@ -72,6 +79,18 @@ AC_TYPE_SIZE_T AC_HEADER_TIME AC_STRUCT_TM +AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t, +[ + AC_TRY_COMPILE( + [#include ], + [socklen_t len = 42; return len;], + ac_cv_type_socklen_t=yes, + ac_cv_type_socklen_t=no) +]) +if test $ac_cv_type_socklen_t == yes; then + AC_DEFINE(HAVE_SOCKLEN_T) +fi + dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA @@ -83,7 +102,6 @@ jm_FUNC_REALLOC AM_GNU_GETTEXT - dnl Support for SunOS AC_CHECK_FUNC(socket, [], [ diff --git a/src/netutl.c b/src/netutl.c index 20d3809d..1e08a9ef 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.34 2002/04/05 09:11:38 guus Exp $ + $Id: netutl.c,v 1.12.4.35 2002/04/19 14:06:40 guus Exp $ */ #include "config.h" @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include diff --git a/src/route.c b/src/route.c index dcf43e41..94c3d576 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.37 2002/03/19 00:08:23 guus Exp $ + $Id: route.c,v 1.1.2.38 2002/04/19 14:06:40 guus Exp $ */ #include "config.h" @@ -40,6 +40,7 @@ #include #include #include +#include #include diff --git a/system.h b/system.h index 51adca0b..8006d1a7 100644 --- a/system.h +++ b/system.h @@ -48,5 +48,9 @@ /* Other functions */ #include +#ifndef HAVE_SOCKLEN_T +typedef int socklen_t; +#endif + #endif /* __TINC_SYSTEM_H__ */ From b6ad4ce35a4434c209ee26015f15a18180987bac Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 23 Apr 2002 07:49:38 +0000 Subject: [PATCH 629/923] Add BindToAddress variable, similar to the late BindToIP. --- src/net_setup.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index b5dc727f..b472f16e 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.14 2002/04/01 21:28:39 guus Exp $ + $Id: net_setup.c,v 1.1.2.15 2002/04/23 07:49:38 guus Exp $ */ #include "config.h" @@ -192,6 +192,7 @@ int setup_myself(void) config_t *cfg; subnet_t *subnet; char *name, *hostname, *mode, *afname, *cipher, *digest; + char *address = NULL; struct addrinfo hint, *ai, *aip; int choice, err; cp @@ -440,12 +441,14 @@ cp memset(&hint, 0, sizeof(hint)); + get_config_string(lookup_config(config_tree, "BindToAddress"), &address); + hint.ai_family = addressfamily; hint.ai_socktype = SOCK_STREAM; hint.ai_protocol = IPPROTO_TCP; hint.ai_flags = AI_PASSIVE; - if((err = getaddrinfo(NULL, myport, &hint, &ai)) || !ai) + if((err = getaddrinfo(address, myport, &hint, &ai)) || !ai) { syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err)); return -1; From 01747d73a217f7ddf2107b086476702a9d04d683 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 25 Apr 2002 19:17:24 +0000 Subject: [PATCH 630/923] Added Nick Patavalis for his RedHat package. --- THANKS | 1 + 1 file changed, 1 insertion(+) diff --git a/THANKS b/THANKS index e4cfd6d0..7dec517d 100644 --- a/THANKS +++ b/THANKS @@ -18,6 +18,7 @@ We would like to thank * Armijn Hemel (for being our very own PR manager) * Jerome Etienne (for a thorough security analysis of tinc) * Mark Glines (for his compression patch) + * Nick Patavalis (RedHat package) for their help, support and ideas. Thank you guys! From e6a67fc439fc3b46157647bed1af59b7519adb80 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 26 Apr 2002 18:13:00 +0000 Subject: [PATCH 631/923] Typo --- src/subnet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/subnet.c b/src/subnet.c index 0320957f..9d13d7c5 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.34 2002/04/09 11:42:48 guus Exp $ + $Id: subnet.c,v 1.1.2.35 2002/04/26 18:13:00 zarq Exp $ */ #include "config.h" @@ -271,7 +271,7 @@ cp subnet->net.ipv6.prefixlength); break; default: - syslog(LOG_ERR, _("net2str() was called with unknown subnet type %d, exitting!"), subnet->type); + syslog(LOG_ERR, _("net2str() was called with unknown subnet type %d, exiting!"), subnet->type); cp_trace(); exit(0); } From 67a6d7bcc4891c627663c639c0e02315bd4cf437 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 27 Apr 2002 11:40:45 +0000 Subject: [PATCH 632/923] Informative log message if execl() failed. --- src/process.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/process.c b/src/process.c index bdd81e3b..ae1985da 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.39 2002/03/26 12:00:38 guus Exp $ + $Id: process.c,v 1.1.2.40 2002/04/27 11:40:45 guus Exp $ */ #include "config.h" @@ -244,11 +244,10 @@ cp execl(scriptname, NULL); /* No return on success */ - - if(errno != ENOENT) /* Ignore if the file does not exist */ - exit(1); /* Some error while trying execl(). */ - else - exit(0); + + openlog("tinc", LOG_CONS | LOG_PID, LOG_DAEMON); + syslog(LOG_ERR, _("Could not execute `%s': %s"), scriptname, strerror(errno)); + exit(errno); } /* From 7caa253df4a34e594438e3fbe80c2bddab9a2b4a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 29 Apr 2002 20:05:07 +0000 Subject: [PATCH 633/923] Fix very stupid bug in node_del(), which might have caused corruption of subnets. --- src/node.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/node.c b/src/node.c index e4581cc5..2b31af4d 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.11 2002/03/22 13:31:18 guus Exp $ + $Id: node.c,v 1.1.2.12 2002/04/29 20:05:07 guus Exp $ */ #include "config.h" @@ -123,7 +123,7 @@ cp subnet_del(n, s); } - for(node = n->subnet_tree->head; node; node = next) + for(node = n->edge_tree->head; node; node = next) { next = node->next; e = (edge_t *)node->data; From 2be8e69ca16e1558463c39c48af76d3d4a4674b7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 1 May 2002 09:15:58 +0000 Subject: [PATCH 634/923] Only purge once when there are no more connections. --- src/net.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/net.c b/src/net.c index 30c73d90..358e7a9c 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.170 2002/04/18 20:09:05 zarq Exp $ + $Id: net.c,v 1.35.4.171 2002/05/01 09:15:58 guus Exp $ */ #include "config.h" @@ -155,14 +155,15 @@ cp c = (connection_t *)node->data; if(c->status.remove) - connection_del(c); + { + connection_del(c); + if(!connection_tree->head) + purge(); + } else FD_SET(c->socket, fs); } - if(!connection_tree->head) - purge(); - for(i = 0; i < listen_sockets; i++) { FD_SET(listen_socket[i].tcp, fs); From 4856d8e1f8398780a49545f35ba9b5746c9fc060 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 2 Jun 2002 16:06:33 +0000 Subject: [PATCH 635/923] Support RSA_PUBKEYs (as opposed to RSAPublicKeys) so tinc accepts public keys generated by the OpenSSL command line tools. --- src/net_setup.c | 39 ++++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index b472f16e..ec0700c3 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.15 2002/04/23 07:49:38 guus Exp $ + $Id: net_setup.c,v 1.1.2.16 2002/06/02 16:06:33 guus Exp $ */ #include "config.h" @@ -107,13 +107,26 @@ cp free(fname); c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); fclose(fp); - if(!c->rsa_key) + if(c->rsa_key) + return 0; /* Woohoo. */ + + /* If it fails, try PEM_read_RSA_PUBKEY. */ + if((fp = fopen(fname, "r")) == NULL) { - syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), + syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), fname, strerror(errno)); + free(fname); return -1; } - return 0; + free(fname); + c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); + fclose(fp); + if(c->rsa_key) + return 0; + + syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), + fname, strerror(errno)); + return -1; } else { @@ -135,11 +148,23 @@ cp if(c->rsa_key) return 0; - else + + /* Try again with PEM_read_RSA_PUBKEY. */ + + asprintf(&fname, "%s/hosts/%s", confbase, c->name); + if((fp = fopen(fname, "r"))) { - syslog(LOG_ERR, _("No public key for %s specified!"), c->name); - return -1; + c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); + fclose(fp); } + + free(fname); + + if(c->rsa_key) + return 0; + + syslog(LOG_ERR, _("No public key for %s specified!"), c->name); + return -1; } int read_rsa_private_key(void) From 5886b6a10d0d2edf20ff53c4926ec4e41a36b8c0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 5 Jun 2002 00:20:40 +0000 Subject: [PATCH 636/923] Make it work correctly with NetBSD tun device. --- src/netbsd/device.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/src/netbsd/device.c b/src/netbsd/device.c index a8c01f53..43dfed49 100644 --- a/src/netbsd/device.c +++ b/src/netbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.2 2002/02/18 16:25:19 guus Exp $ + $Id: device.c,v 1.1.2.3 2002/06/05 00:20:40 guus Exp $ */ #include "config.h" @@ -102,11 +102,9 @@ cp int read_packet(vpn_packet_t *packet) { int lenin; - u_int32_t type; - struct iovec vector[2] = {{&type, sizeof(type)}, {packet->data + 14, MTU - 14}}; cp - if((lenin = readv(device_fd, vector, 2)) <= 0) + if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; @@ -117,7 +115,7 @@ cp packet->data[12] = 0x08; packet->data[13] = 0x00; - packet->len = lenin + 10; + packet->len = lenin + 14; device_total_in += packet->len; @@ -132,19 +130,12 @@ cp int write_packet(vpn_packet_t *packet) { - u_int32_t type = htonl(AF_INET); - struct iovec vector[2]; cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); - vector[0].iov_base = &type; - vector[0].iov_len = sizeof(type); - vector[1].iov_base = packet->data + 14; - vector[1].iov_len = packet->len - 14; - - if(writev(device_fd, vector, 2) < 0) + if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; From 14e570f5eeff631c1312b11fcc5d22230ec27aff Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 5 Jun 2002 00:25:55 +0000 Subject: [PATCH 637/923] Use correct includes on NetBSD. --- src/netutl.c | 6 ++++-- src/route.c | 10 ++++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/src/netutl.c b/src/netutl.c index 1e08a9ef..29bcfc14 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.35 2002/04/19 14:06:40 guus Exp $ + $Id: netutl.c,v 1.12.4.36 2002/06/05 00:25:54 guus Exp $ */ #include "config.h" @@ -27,7 +27,9 @@ #include #include #include -#include +#ifndef HAVE_NETBSD + #include +#endif #include #include #include diff --git a/src/route.c b/src/route.c index 94c3d576..48a14ca8 100644 --- a/src/route.c +++ b/src/route.c @@ -17,17 +17,17 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.38 2002/04/19 14:06:40 guus Exp $ + $Id: route.c,v 1.1.2.39 2002/06/05 00:25:55 guus Exp $ */ #include "config.h" -#if defined(HAVE_FREEBSD) || defined(HAVE_OPENBSD) +#if defined(HAVE_FREEBSD) || defined(HAVE_OPENBSD) || defined(HAVE_NETBSD) #include #endif #include #include -#if defined(HAVE_SOLARIS) || defined(HAVE_OPENBSD) +#if defined(HAVE_SOLARIS) || defined(HAVE_OPENBSD) || defined(HAVE_NETBSD) #include #define ETHER_ADDR_LEN 6 #else @@ -40,7 +40,9 @@ #include #include #include -#include +#ifndef HAVE_NETBSD + #include +#endif #include From d333fca4d611b85dd922ddf35bd9eddcb8095c85 Mon Sep 17 00:00:00 2001 From: Wessel Dankers Date: Fri, 7 Jun 2002 11:14:05 +0000 Subject: [PATCH 638/923] This should work much better. --- src/netutl.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/netutl.c b/src/netutl.c index 29bcfc14..4d91bf44 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.36 2002/06/05 00:25:54 guus Exp $ + $Id: netutl.c,v 1.12.4.37 2002/06/07 11:14:05 wsl Exp $ */ #include "config.h" @@ -236,14 +236,13 @@ int maskcheck(char *a, int masklen, int len) cp i = masklen / 8; masklen %= 8; - - if(masklen) - if(a[i++] & (char)~(0x100 - (1 << masklen))) - return -1; - + + if(a[i++] & (0xff >> masklen)) + return -1; + for(; i < len; i++) if(a[i] != 0) - return -1; + return -2; return 0; } From 116ba3b3da73fb857cf75b5c92c6aacd70d94dd9 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 8 Jun 2002 12:57:10 +0000 Subject: [PATCH 639/923] Cleanup: - Remove checks for specific OS's, instead check for #defines/#includes. - Use uint??_t where appropriate. - Mask handling functions use void pointers to get rid of silly casts. --- configure.in | 11 +++++---- src/conf.c | 6 ++--- src/graph.c | 4 ++-- src/net.c | 6 +++-- src/net.h | 16 ++++++++----- src/net_packet.c | 6 +++-- src/net_setup.c | 6 +++-- src/net_socket.c | 14 +++++++---- src/netutl.c | 20 +++++++++------- src/netutl.h | 11 ++++----- src/node.h | 10 +++++--- src/route.c | 60 ++++++++++++++++++++++++++---------------------- src/subnet.c | 12 +++++----- src/tincd.c | 4 ++-- 14 files changed, 107 insertions(+), 79 deletions(-) diff --git a/configure.in b/configure.in index d8b68e4c..5efcd870 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.44 2002/04/19 14:06:40 guus Exp $ +dnl $Id: configure.in,v 1.13.2.45 2002/06/08 12:57:09 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -69,8 +69,9 @@ dnl Checks for libraries. dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS([fcntl.h limits.h sys/ioctl.h syslog.h unistd.h \ -sys/time.h malloc.h strings.h sys/file.h]) +AC_CHECK_HEADERS([fcntl.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \ +net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h \ +sys/file.h sys/ioctl.h sys/param.h sys/time.h]) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST @@ -95,8 +96,8 @@ dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL -AC_CHECK_FUNCS([ftime socket select strtol strerror flock unsetenv \ -asprintf putenv strdup fcloseall daemon strsignal get_current_dir_name]) +AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime get_current_dir_name \ +putenv select strdup strerror strsignal strtol unsetenv]) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/src/conf.c b/src/conf.c index bc29e071..96dbef35 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.55 2002/04/09 11:42:48 guus Exp $ + $Id: conf.c,v 1.9.4.56 2002/06/08 12:57:09 guus Exp $ */ #include "config.h" @@ -255,8 +255,8 @@ cp /* Teach newbies what subnets are... */ - if(((subnet->type == SUBNET_IPV4) && maskcheck((char *)&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) - || ((subnet->type == SUBNET_IPV6) && maskcheck((char *)&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) + if(((subnet->type == SUBNET_IPV4) && maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) + || ((subnet->type == SUBNET_IPV6) && maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) { syslog(LOG_ERR, _("Network address and prefix length do not match for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); diff --git a/src/graph.c b/src/graph.c index 53152a54..9d9bc1f3 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.11 2002/03/24 16:28:27 guus Exp $ + $Id: graph.c,v 1.1.2.12 2002/06/08 12:57:09 guus Exp $ */ /* We need to generate two trees from the graph: @@ -50,7 +50,7 @@ #include #include "config.h" #include -#if defined(HAVE_FREEBSD) || defined(HAVE_OPENBSD) +#ifdef HAVE_SYS_PARAM_H #include #endif #include diff --git a/src/net.c b/src/net.c index 358e7a9c..7ebbbd0f 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.171 2002/05/01 09:15:58 guus Exp $ + $Id: net.c,v 1.35.4.172 2002/06/08 12:57:09 guus Exp $ */ #include "config.h" @@ -26,8 +26,10 @@ #include #include #include -#ifdef HAVE_LINUX +#ifdef HAVE_NETINET_IP_H #include +#endif +#ifdef HAVE_NETINET_TCP_H #include #endif #include diff --git a/src/net.h b/src/net.h index 922c5cf1..29839a29 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.49 2002/03/27 15:01:36 guus Exp $ + $Id: net.h,v 1.9.4.50 2002/06/08 12:57:09 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -28,6 +28,10 @@ #include #include +#ifdef HAVE_STDINT_H + #include +#endif + #include "config.h" #ifdef ENABLE_JUMBOGRAMS @@ -46,12 +50,12 @@ typedef struct mac_t { - unsigned char x[6]; + uint8_t x[6]; } mac_t; typedef struct ipv4_t { - unsigned char x[4]; + uint8_t x[4]; } ipv4_t; typedef struct ip_mask_t { @@ -61,7 +65,7 @@ typedef struct ip_mask_t { typedef struct ipv6_t { - unsigned short x[8]; + uint16_t x[8]; } ipv6_t; typedef unsigned short port_t; @@ -83,8 +87,8 @@ typedef union { typedef struct vpn_packet_t { length_t len; /* the actual number of bytes in the `data' field */ int priority; /* priority or TOS */ - unsigned int seqno; /* 32 bits sequence number (network byte order of course) */ - unsigned char data[MAXSIZE]; + uint32_t seqno; /* 32 bits sequence number (network byte order of course) */ + uint8_t data[MAXSIZE]; } vpn_packet_t; typedef struct queue_element_t { diff --git a/src/net_packet.c b/src/net_packet.c index f0423c10..8dac0d9c 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.14 2002/04/18 20:09:05 zarq Exp $ + $Id: net_packet.c,v 1.1.2.15 2002/06/08 12:57:09 guus Exp $ */ #include "config.h" @@ -26,8 +26,10 @@ #include #include #include -#ifdef HAVE_LINUX +#ifdef HAVE_NETINET_IP_H #include +#endif +#ifdef HAVE_NETINET_TCP_H #include #endif #include diff --git a/src/net_setup.c b/src/net_setup.c index ec0700c3..d2a60f02 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.16 2002/06/02 16:06:33 guus Exp $ + $Id: net_setup.c,v 1.1.2.17 2002/06/08 12:57:10 guus Exp $ */ #include "config.h" @@ -26,8 +26,10 @@ #include #include #include -#ifdef HAVE_LINUX +#ifdef HAVE_NETINET_IP_H #include +#endif +#ifdef HAVE_NETINET_TCP_H #include #endif #include diff --git a/src/net_socket.c b/src/net_socket.c index 5111ec25..74841875 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.12 2002/04/18 20:09:05 zarq Exp $ + $Id: net_socket.c,v 1.1.2.13 2002/06/08 12:57:10 guus Exp $ */ #include "config.h" @@ -26,8 +26,10 @@ #include #include #include -#ifdef HAVE_LINUX +#ifdef HAVE_NETINET_IP_H #include +#endif +#ifdef HAVE_NETINET_TCP_H #include #endif #include @@ -241,10 +243,12 @@ cp /* Optimize TCP settings */ -#ifdef HAVE_LINUX +#if defined(SOL_TCP) && defined(TCP_NODELAY) option = 1; setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); +#endif +#if defined(SOL_IP) && defined(IP_TOS) option = IPTOS_LOWDELAY; setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); #endif @@ -337,10 +341,12 @@ begin: /* Optimize TCP settings */ -#ifdef HAVE_LINUX +#if defined(SOL_TCP) && defined(TCP_NODELAY) option = 1; setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); +#endif +#if defined(SOL_IP) && defined(IP_TOS) option = IPTOS_LOWDELAY; setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); #endif diff --git a/src/netutl.c b/src/netutl.c index 4d91bf44..82a4259b 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.37 2002/06/07 11:14:05 wsl Exp $ + $Id: netutl.c,v 1.12.4.38 2002/06/08 12:57:10 guus Exp $ */ #include "config.h" @@ -27,7 +27,7 @@ #include #include #include -#ifndef HAVE_NETBSD +#ifndef HAVE_STDINT_H #include #endif #include @@ -115,10 +115,8 @@ cp exit(0); } -#ifdef HAVE_LINUX if((scopeid = strchr(address, '%'))) *scopeid = '\0'; /* Descope. */ -#endif *addrstr = xstrdup(address); *portstr = xstrdup(port); @@ -185,9 +183,11 @@ void sockaddrunmap(sockaddr_t *sa) /* Subnet mask handling */ -int maskcmp(char *a, char *b, int masklen, int len) +int maskcmp(void *va, void *vb, int masklen, int len) { int i, m, result; + char *a = va; + char *b = vb; cp for(m = masklen, i = 0; m >= 8; m -= 8, i++) if((result = a[i] - b[i])) @@ -199,9 +199,10 @@ cp return 0; } -void mask(char *a, int masklen, int len) +void mask(void *va, int masklen, int len) { int i; + char *a = va; cp i = masklen / 8; masklen %= 8; @@ -213,9 +214,11 @@ cp a[i] = 0; } -void maskcpy(char *a, char *b, int masklen, int len) +void maskcpy(void *va, void *vb, int masklen, int len) { int i, m; + char *a = va; + char *b = vb; cp for(m = masklen, i = 0; m >= 8; m -= 8, i++) a[i] = b[i]; @@ -230,9 +233,10 @@ cp a[i] = 0; } -int maskcheck(char *a, int masklen, int len) +int maskcheck(void *va, int masklen, int len) { int i; + char *a = va; cp i = masklen / 8; masklen %= 8; diff --git a/src/netutl.h b/src/netutl.h index 654d7ad4..7126e0c3 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.11 2002/03/17 15:59:29 guus Exp $ + $Id: netutl.h,v 1.2.4.12 2002/06/08 12:57:10 guus Exp $ */ #ifndef __TINC_NETUTL_H__ @@ -31,16 +31,15 @@ extern int hostnames; -extern char *hostlookup(unsigned long); extern struct addrinfo *str2addrinfo(char *, char *, int); extern sockaddr_t str2sockaddr(char *, char *); extern void sockaddr2str(sockaddr_t *, char **, char **); extern char *sockaddr2hostname(sockaddr_t *); extern int sockaddrcmp(sockaddr_t *, sockaddr_t *); extern void sockaddrunmap(sockaddr_t *); -extern int maskcmp(char *, char *, int, int); -extern void maskcpy(char *, char *, int, int); -extern void mask(char *, int, int); -extern int maskcheck(char *, int, int); +extern int maskcmp(void *, void *, int, int); +extern void maskcpy(void *, void *, int, int); +extern void mask(void *, int, int); +extern int maskcheck(void *, int, int); #endif /* __TINC_NETUTL_H__ */ diff --git a/src/node.h b/src/node.h index 98147d3e..6f366c2a 100644 --- a/src/node.h +++ b/src/node.h @@ -17,12 +17,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.13 2002/03/19 22:48:25 guus Exp $ + $Id: node.h,v 1.1.2.14 2002/06/08 12:57:10 guus Exp $ */ #ifndef __TINC_NODE_H__ #define __TINC_NODE_H__ +#ifdef HAVE_STDINT_H + #include +#endif + #include #include "subnet.h" @@ -67,8 +71,8 @@ typedef struct node_t { struct connection_t *connection; /* Connection associated with this node (if a direct connection exists) */ - unsigned int sent_seqno; /* Sequence number last sent to this node */ - unsigned int received_seqno; /* Sequence number last received from this node */ + uint32_t sent_seqno; /* Sequence number last sent to this node */ + uint32_t received_seqno; /* Sequence number last received from this node */ } node_t; extern struct node_t *myself; diff --git a/src/route.c b/src/route.c index 48a14ca8..9ddb1d1c 100644 --- a/src/route.c +++ b/src/route.c @@ -17,20 +17,20 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.39 2002/06/05 00:25:55 guus Exp $ + $Id: route.c,v 1.1.2.40 2002/06/08 12:57:10 guus Exp $ */ #include "config.h" -#if defined(HAVE_FREEBSD) || defined(HAVE_OPENBSD) || defined(HAVE_NETBSD) +#ifdef HAVE_SYS_PARAM_H #include #endif #include #include -#if defined(HAVE_SOLARIS) || defined(HAVE_OPENBSD) || defined(HAVE_NETBSD) +#ifdef HAVE_NET_IF_H #include - #define ETHER_ADDR_LEN 6 -#else +#endif +#ifdef HAVE_NET_ETHERNET_H #include #endif #include @@ -40,7 +40,7 @@ #include #include #include -#ifndef HAVE_NETBSD +#ifdef HAVE_STDINT_H #include #endif @@ -55,6 +55,10 @@ #include "system.h" +#ifndef ETHER_ADDR_LEN + #define ETHER_ADDR_LEN 6 +#endif + int routing_mode = RMODE_ROUTER; int priorityinheritance = 0; int macexpire = 600; @@ -173,14 +177,14 @@ cp if(debug_lvl >= DEBUG_TRAFFIC) { syslog(LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), - ntohs(*(short unsigned int *)&packet->data[38]), - ntohs(*(short unsigned int *)&packet->data[40]), - ntohs(*(short unsigned int *)&packet->data[42]), - ntohs(*(short unsigned int *)&packet->data[44]), - ntohs(*(short unsigned int *)&packet->data[46]), - ntohs(*(short unsigned int *)&packet->data[48]), - ntohs(*(short unsigned int *)&packet->data[50]), - ntohs(*(short unsigned int *)&packet->data[52])); + ntohs(*(uint16_t *)&packet->data[38]), + ntohs(*(uint16_t *)&packet->data[40]), + ntohs(*(uint16_t *)&packet->data[42]), + ntohs(*(uint16_t *)&packet->data[44]), + ntohs(*(uint16_t *)&packet->data[46]), + ntohs(*(uint16_t *)&packet->data[48]), + ntohs(*(uint16_t *)&packet->data[50]), + ntohs(*(uint16_t *)&packet->data[52])); } return NULL; @@ -189,9 +193,9 @@ cp return subnet->owner; } -unsigned short int inet_checksum(unsigned short int *data, int len, unsigned short int prevsum) +uint16_t inet_checksum(uint16_t *data, int len, uint16_t prevsum) { - unsigned long int checksum = prevsum ^ 0xFFFF; + uint32_t checksum = prevsum ^ 0xFFFF; while(len--) checksum += ntohs(*data++); @@ -208,7 +212,7 @@ void route_neighborsol(vpn_packet_t *packet) struct nd_neighbor_solicit *ns; struct nd_opt_hdr *opt; subnet_t *subnet; - short unsigned int checksum; + uint16_t checksum; struct { struct in6_addr ip6_src; /* source address */ @@ -248,8 +252,8 @@ cp /* Generate checksum */ - checksum = inet_checksum((unsigned short int *)&pseudo, sizeof(pseudo)/2, ~0); - checksum = inet_checksum((unsigned short int *)ns, sizeof(*ns)/2 + 4, checksum); + checksum = inet_checksum((uint16_t *)&pseudo, sizeof(pseudo)/2, ~0); + checksum = inet_checksum((uint16_t *)ns, sizeof(*ns)/2 + 4, checksum); if(checksum) { @@ -305,8 +309,8 @@ cp /* Generate checksum */ - checksum = inet_checksum((unsigned short int *)&pseudo, sizeof(pseudo)/2, ~0); - checksum = inet_checksum((unsigned short int *)ns, sizeof(*ns)/2 + 4, checksum); + checksum = inet_checksum((uint16_t *)&pseudo, sizeof(pseudo)/2, ~0); + checksum = inet_checksum((uint16_t *)ns, sizeof(*ns)/2 + 4, checksum); ns->nd_ns_hdr.icmp6_cksum = htons(checksum); @@ -318,7 +322,7 @@ void route_arp(vpn_packet_t *packet) { struct ether_arp *arp; subnet_t *subnet; - unsigned char ipbuf[4]; + uint8_t ipbuf[4]; cp /* First, snatch the source address from the ARP packet */ @@ -335,8 +339,8 @@ cp if(ntohs(arp->arp_hrd) != ARPHRD_ETHER || ntohs(arp->arp_pro) != ETHERTYPE_IP || - (int) (arp->arp_hln) != ETHER_ADDR_LEN || - (int) (arp->arp_pln) != 4 || + arp->arp_hln != ETHER_ADDR_LEN || + arp->arp_pln != 4 || ntohs(arp->arp_op) != ARPOP_REQUEST ) { if(debug_lvl > DEBUG_TRAFFIC) @@ -383,7 +387,7 @@ cp void route_outgoing(vpn_packet_t *packet) { - unsigned short int type; + uint16_t type; node_t *n = NULL; cp /* FIXME: multicast? */ @@ -391,7 +395,7 @@ cp switch(routing_mode) { case RMODE_ROUTER: - type = ntohs(*((unsigned short*)(&packet->data[12]))); + type = ntohs(*((uint16_t *)(&packet->data[12]))); switch(type) { case 0x0800: @@ -440,9 +444,9 @@ void route_incoming(node_t *source, vpn_packet_t *packet) case RMODE_ROUTER: { node_t *n = NULL; - unsigned short int type; + uint16_t type; - type = ntohs(*((unsigned short*)(&packet->data[12]))); + type = ntohs(*((uint16_t *)(&packet->data[12]))); switch(type) { case 0x0800: diff --git a/src/subnet.c b/src/subnet.c index 9d13d7c5..d971a4d7 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.35 2002/04/26 18:13:00 zarq Exp $ + $Id: subnet.c,v 1.1.2.36 2002/06/08 12:57:10 guus Exp $ */ #include "config.h" @@ -176,7 +176,7 @@ subnet_t *str2net(char *subnetstr) { int i, l; subnet_t *subnet; - unsigned short int x[8]; + uint16_t x[8]; cp subnet = new_subnet(); cp @@ -323,14 +323,14 @@ cp break; } - if (!maskcmp((char *)address, (char *)&p->net.ipv4.address, p->net.ipv4.prefixlength, sizeof(ipv4_t))) + if (!maskcmp(address, &p->net.ipv4.address, p->net.ipv4.prefixlength, sizeof(ipv4_t))) break; else { /* Otherwise, see if there is a bigger enclosing subnet */ subnet.net.ipv4.prefixlength = p->net.ipv4.prefixlength - 1; - maskcpy((char *)&subnet.net.ipv4.address, (char *)&p->net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t)); + maskcpy(&subnet.net.ipv4.address, &p->net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t)); } } } while (p); @@ -360,14 +360,14 @@ cp if(p->type != SUBNET_IPV6) return NULL; - if (!maskcmp((char *)address, (char *)&p->net.ipv6.address, p->net.ipv6.prefixlength, sizeof(ipv6_t))) + if (!maskcmp(address, &p->net.ipv6.address, p->net.ipv6.prefixlength, sizeof(ipv6_t))) break; else { /* Otherwise, see if there is a bigger enclosing subnet */ subnet.net.ipv6.prefixlength = p->net.ipv6.prefixlength - 1; - maskcpy((char *)&subnet.net.ipv6.address, (char *)&p->net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)); + maskcpy(&subnet.net.ipv6.address, &p->net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)); } } } while (p); diff --git a/src/tincd.c b/src/tincd.c index b8b29596..0838e829 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.58 2002/03/11 11:23:04 guus Exp $ + $Id: tincd.c,v 1.10.4.59 2002/06/08 12:57:10 guus Exp $ */ #include "config.h" @@ -338,7 +338,7 @@ main(int argc, char **argv, char **envp) if(show_help) usage(0); -#ifdef HAVE_SOLARIS +#ifndef LOG_PERROR openlog("tinc", LOG_CONS, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ #else openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ From e47e51e9d17416e2b614287d14a5518881decd44 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 8 Jun 2002 13:46:43 +0000 Subject: [PATCH 640/923] Use inttypes.h instead of stdint.h. --- configure.in | 4 ++-- src/net.h | 6 +++--- src/netutl.c | 6 +++--- src/node.h | 6 +++--- src/route.c | 6 +++--- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/configure.in b/configure.in index 5efcd870..37f47340 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.45 2002/06/08 12:57:09 guus Exp $ +dnl $Id: configure.in,v 1.13.2.46 2002/06/08 13:46:06 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -69,7 +69,7 @@ dnl Checks for libraries. dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS([fcntl.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \ +AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \ net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h \ sys/file.h sys/ioctl.h sys/param.h sys/time.h]) diff --git a/src/net.h b/src/net.h index 29839a29..b7e01041 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.50 2002/06/08 12:57:09 guus Exp $ + $Id: net.h,v 1.9.4.51 2002/06/08 13:46:07 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -28,8 +28,8 @@ #include #include -#ifdef HAVE_STDINT_H - #include +#ifdef HAVE_INTTYPES_H + #include #endif #include "config.h" diff --git a/src/netutl.c b/src/netutl.c index 82a4259b..cfaf6b47 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.38 2002/06/08 12:57:10 guus Exp $ + $Id: netutl.c,v 1.12.4.39 2002/06/08 13:46:43 guus Exp $ */ #include "config.h" @@ -27,8 +27,8 @@ #include #include #include -#ifndef HAVE_STDINT_H - #include +#ifdef HAVE_INTTYPES_H + #include #endif #include #include diff --git a/src/node.h b/src/node.h index 6f366c2a..73ff0a27 100644 --- a/src/node.h +++ b/src/node.h @@ -17,14 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.14 2002/06/08 12:57:10 guus Exp $ + $Id: node.h,v 1.1.2.15 2002/06/08 13:46:07 guus Exp $ */ #ifndef __TINC_NODE_H__ #define __TINC_NODE_H__ -#ifdef HAVE_STDINT_H - #include +#ifdef HAVE_INTTYPES_H + #include #endif #include diff --git a/src/route.c b/src/route.c index 9ddb1d1c..d2c540b6 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.40 2002/06/08 12:57:10 guus Exp $ + $Id: route.c,v 1.1.2.41 2002/06/08 13:46:07 guus Exp $ */ #include "config.h" @@ -40,8 +40,8 @@ #include #include #include -#ifdef HAVE_STDINT_H - #include +#ifdef HAVE_INTTYPES_H + #include #endif #include From 78e88521845ae3bdd963ae5a414cb9c251963fa2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 8 Jun 2002 14:08:57 +0000 Subject: [PATCH 641/923] - netinet/* include files depend on netinet/in_systm.h. - Squash bashism in configure.in. --- configure.in | 6 +++--- src/net.c | 5 ++++- src/net_packet.c | 5 ++++- src/net_setup.c | 5 ++++- src/net_socket.c | 5 ++++- src/route.c | 5 ++++- 6 files changed, 23 insertions(+), 8 deletions(-) diff --git a/configure.in b/configure.in index 37f47340..f04d0652 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.46 2002/06/08 13:46:06 guus Exp $ +dnl $Id: configure.in,v 1.13.2.47 2002/06/08 14:08:56 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -70,7 +70,7 @@ dnl Checks for libraries. dnl Checks for header files. AC_HEADER_STDC AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \ -net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h \ +net/ethernet.h net/if.h netinet/in_systm.h netinet/ip.h netinet/tcp.h \ sys/file.h sys/ioctl.h sys/param.h sys/time.h]) dnl Checks for typedefs, structures, and compiler characteristics. @@ -88,7 +88,7 @@ AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t, ac_cv_type_socklen_t=yes, ac_cv_type_socklen_t=no) ]) -if test $ac_cv_type_socklen_t == yes; then +if test $ac_cv_type_socklen_t = yes; then AC_DEFINE(HAVE_SOCKLEN_T) fi diff --git a/src/net.c b/src/net.c index 7ebbbd0f..9ec15fe1 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.172 2002/06/08 12:57:09 guus Exp $ + $Id: net.c,v 1.35.4.173 2002/06/08 14:08:57 guus Exp $ */ #include "config.h" @@ -26,6 +26,9 @@ #include #include #include +#ifdef HAVE_NETINET_IN_SYSTM_H + #include +#endif #ifdef HAVE_NETINET_IP_H #include #endif diff --git a/src/net_packet.c b/src/net_packet.c index 8dac0d9c..691260ed 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.15 2002/06/08 12:57:09 guus Exp $ + $Id: net_packet.c,v 1.1.2.16 2002/06/08 14:08:57 guus Exp $ */ #include "config.h" @@ -26,6 +26,9 @@ #include #include #include +#ifdef HAVE_NETINET_IN_SYSTM_H + #include +#endif #ifdef HAVE_NETINET_IP_H #include #endif diff --git a/src/net_setup.c b/src/net_setup.c index d2a60f02..d0d57daa 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.17 2002/06/08 12:57:10 guus Exp $ + $Id: net_setup.c,v 1.1.2.18 2002/06/08 14:08:57 guus Exp $ */ #include "config.h" @@ -26,6 +26,9 @@ #include #include #include +#ifdef HAVE_NETINET_IN_SYSTM_H + #include +#endif #ifdef HAVE_NETINET_IP_H #include #endif diff --git a/src/net_socket.c b/src/net_socket.c index 74841875..089f0078 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.13 2002/06/08 12:57:10 guus Exp $ + $Id: net_socket.c,v 1.1.2.14 2002/06/08 14:08:57 guus Exp $ */ #include "config.h" @@ -26,6 +26,9 @@ #include #include #include +#ifdef HAVE_NETINET_IN_SYSTM_H + #include +#endif #ifdef HAVE_NETINET_IP_H #include #endif diff --git a/src/route.c b/src/route.c index d2c540b6..a552eaf5 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.41 2002/06/08 13:46:07 guus Exp $ + $Id: route.c,v 1.1.2.42 2002/06/08 14:08:57 guus Exp $ */ #include "config.h" @@ -33,6 +33,9 @@ #ifdef HAVE_NET_ETHERNET_H #include #endif +#ifdef HAVE_NETINET_IN_SYSTM_H + #include +#endif #include #include #include From 9d769e0bf2ce266e8533e5e7c16bf07e44a9be34 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 9 Jun 2002 15:26:10 +0000 Subject: [PATCH 642/923] OSX support --- configure.in | 7 +++--- lib/dropin.c | 4 ++- lib/fake-getnameinfo.c | 56 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+), 4 deletions(-) create mode 100644 lib/fake-getnameinfo.c diff --git a/configure.in b/configure.in index f04d0652..390b3d08 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.47 2002/06/08 14:08:56 guus Exp $ +dnl $Id: configure.in,v 1.13.2.48 2002/06/09 15:26:10 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -83,7 +83,8 @@ AC_STRUCT_TM AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t, [ AC_TRY_COMPILE( - [#include ], + [#include + #include ], [socklen_t len = 42; return len;], ac_cv_type_socklen_t=yes, ac_cv_type_socklen_t=no) @@ -97,7 +98,7 @@ AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime get_current_dir_name \ -putenv select strdup strerror strsignal strtol unsetenv]) +putenv select strdup strerror strsignal strtol unsetenv getnameinfo]) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/lib/dropin.c b/lib/dropin.c index 66aaa316..a500a034 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.8 2002/02/10 21:57:51 guus Exp $ + $Id: dropin.c,v 1.1.2.9 2002/06/09 15:26:10 zarq Exp $ */ #include "config.h" @@ -35,6 +35,8 @@ #include #include +#include "fake-getnameinfo.c" + #ifndef HAVE_DAEMON /* Replacement for the daemon() function. diff --git a/lib/fake-getnameinfo.c b/lib/fake-getnameinfo.c new file mode 100644 index 00000000..c3ff57f0 --- /dev/null +++ b/lib/fake-getnameinfo.c @@ -0,0 +1,56 @@ +/* + * fake library for ssh + * + * This file includes getnameinfo(). + * These funtions are defined in rfc2133. + * + * But these functions are not implemented correctly. The minimum subset + * is implemented for ssh use only. For exapmle, this routine assumes + * that ai_family is AF_INET. Don't use it for another purpose. + */ + +#include "config.h" +#include + +RCSID("$Id: fake-getnameinfo.c,v 1.1.2.1 2002/06/09 15:26:10 zarq Exp $"); + +#ifndef HAVE_GETNAMEINFO + +int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, + size_t hostlen, char *serv, size_t servlen, int flags) +{ + struct sockaddr_in *sin = (struct sockaddr_in *)sa; + struct hostent *hp; + char tmpserv[16]; + + if (serv) { + snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port)); + if (strlen(tmpserv) >= servlen) + return EAI_MEMORY; + else + strcpy(serv, tmpserv); + } + + if (host) { + if (flags & NI_NUMERICHOST) { + if (strlen(inet_ntoa(sin->sin_addr)) >= hostlen) + return EAI_MEMORY; + + strcpy(host, inet_ntoa(sin->sin_addr)); + return 0; + } else { + hp = gethostbyaddr((char *)&sin->sin_addr, + sizeof(struct in_addr), AF_INET); + if (hp == NULL) + return EAI_NODATA; + + if (strlen(hp->h_name) >= hostlen) + return EAI_MEMORY; + + strcpy(host, hp->h_name); + return 0; + } + } + return 0; +} +#endif /* !HAVE_GETNAMEINFO */ From 548551fd05f58863dfbbaaf147febfab0a22889b Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 9 Jun 2002 15:50:12 +0000 Subject: [PATCH 643/923] getnameinfo fixes --- lib/Makefile.am | 4 +- lib/dropin.h | 9 +- lib/fake-getnameinfo.c | 5 +- po/nl.po | 231 +++++++++++++++++++++-------------------- 4 files changed, 132 insertions(+), 117 deletions(-) diff --git a/lib/Makefile.am b/lib/Makefile.am index aa4d55a3..e3979d85 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,5 +1,5 @@ ## Process this file with automake to produce Makefile.in -# $Id: Makefile.am,v 1.2.4.7 2001/02/11 11:50:09 guus Exp $ +# $Id: Makefile.am,v 1.2.4.8 2002/06/09 15:50:11 zarq Exp $ noinst_LIBRARIES = libvpn.a @@ -12,4 +12,4 @@ libvpn_a_DEPENDENCIES = $(libvpn_a_LIBADD) noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h avl_tree.h dropin.h -EXTRA_DIST = README +EXTRA_DIST = README fake-getnameinfo.c diff --git a/lib/dropin.h b/lib/dropin.h index ad66d99d..7bf1602c 100644 --- a/lib/dropin.h +++ b/lib/dropin.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.h,v 1.1.2.6 2002/02/10 21:57:51 guus Exp $ + $Id: dropin.h,v 1.1.2.7 2002/06/09 15:50:11 zarq Exp $ */ #ifndef __DROPIN_H__ @@ -35,4 +35,11 @@ extern char* get_current_dir_name(void); extern int asprintf(char **, const char *, ...); #endif +#ifndef HAVE_GETNAMEINFO +#include +#include +extern int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, + size_t hostlen, char *serv, size_t servlen, int flags); +#endif + #endif /* __DROPIN_H__ */ diff --git a/lib/fake-getnameinfo.c b/lib/fake-getnameinfo.c index c3ff57f0..3ad42d03 100644 --- a/lib/fake-getnameinfo.c +++ b/lib/fake-getnameinfo.c @@ -10,9 +10,12 @@ */ #include "config.h" + +#include +#include #include -RCSID("$Id: fake-getnameinfo.c,v 1.1.2.1 2002/06/09 15:26:10 zarq Exp $"); +/* RCSID("$Id: fake-getnameinfo.c,v 1.1.2.2 2002/06/09 15:50:11 zarq Exp $"); */ #ifndef HAVE_GETNAMEINFO diff --git a/po/nl.po b/po/nl.po index 0f37900c..84051886 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-04-09 13:41+0200\n" +"POT-Creation-Date: 2002-06-09 17:28+0200\n" "PO-Revision-Date: 2002-03-27 16:59+0100\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -172,354 +172,354 @@ msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:88 +#: src/net.c:97 msgid "Purging unreachable nodes" msgstr "Verwijderen onbereikbare nodes" -#: src/net.c:98 +#: src/net.c:107 #, c-format msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:188 +#: src/net.c:198 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:253 +#: src/net.c:263 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:266 +#: src/net.c:276 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:311 src/net_socket.c:253 +#: src/net.c:321 src/net_socket.c:264 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:363 +#: src/net.c:373 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:397 +#: src/net.c:407 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:414 +#: src/net.c:424 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:431 +#: src/net.c:441 msgid "Rereading configuration file and restarting in 5 seconds..." msgstr "Herlezen configuratiebestand en herstarten na 5 seconden..." -#: src/net.c:438 +#: src/net.c:448 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." -#: src/net_packet.c:107 +#: src/net_packet.c:108 #, c-format msgid "Got unauthenticated packet from %s (%s)" msgstr "Kreeg niet-geauthenticeerd pakket van %s (%s)" -#: src/net_packet.c:134 +#: src/net_packet.c:135 #, c-format msgid "Got late or replayed packet from %s (%s), seqno %d" msgstr "Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d" -#: src/net_packet.c:151 +#: src/net_packet.c:152 #, c-format msgid "Error while uncompressing packet from %s (%s)" msgstr "Fout tijdens decomprimeren pakket van %s (%s)" -#: src/net_packet.c:178 +#: src/net_packet.c:179 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net_packet.c:204 +#: src/net_packet.c:205 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net_packet.c:237 +#: src/net_packet.c:238 #, c-format msgid "Error while compressing packet to %s (%s)" msgstr "Fout tijdens comprimeren pakket naar %s (%s)" -#: src/net_packet.c:288 +#: src/net_packet.c:289 #, c-format msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" #. SO_PRIORITY doesn't seem to work -#: src/net_packet.c:290 src/net_setup.c:450 src/net_socket.c:98 -#: src/net_socket.c:144 src/net_socket.c:171 src/process.c:273 -#: src/process.c:310 +#: src/net_packet.c:291 src/net_setup.c:483 src/net_socket.c:107 +#: src/net_socket.c:153 src/net_socket.c:180 src/process.c:272 +#: src/process.c:309 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" -#: src/net_packet.c:296 +#: src/net_packet.c:297 #, c-format msgid "Error sending packet to %s (%s): %s" msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net_packet.c:313 +#: src/net_packet.c:314 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net_packet.c:320 +#: src/net_packet.c:321 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net_packet.c:329 +#: src/net_packet.c:330 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net_packet.c:337 +#: src/net_packet.c:338 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net_packet.c:357 +#: src/net_packet.c:358 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net_packet.c:374 +#: src/net_packet.c:375 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:396 +#: src/net_packet.c:397 #, c-format msgid "This is a bug: %s:%d: %d:%s" msgstr "Dit is een programmeerfout: %s:%d: %d:%s" -#: src/net_packet.c:403 +#: src/net_packet.c:404 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net_packet.c:409 +#: src/net_packet.c:410 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:420 +#: src/net_packet.c:421 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" -#: src/net_setup.c:102 +#: src/net_setup.c:107 src/net_setup.c:121 #, c-format msgid "Error reading RSA public key file `%s': %s" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %s" -#: src/net_setup.c:112 +#: src/net_setup.c:132 #, c-format msgid "Reading RSA public key file `%s' failed: %s" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %s" -#: src/net_setup.c:140 +#: src/net_setup.c:171 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net_setup.c:166 +#: src/net_setup.c:196 #, c-format msgid "Error reading RSA private key file `%s': %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:176 +#: src/net_setup.c:206 #, c-format msgid "Reading RSA private key file `%s' failed: %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:202 src/net_setup.c:203 +#: src/net_setup.c:233 src/net_setup.c:234 msgid "MYSELF" msgstr "MIJZELF" -#: src/net_setup.c:210 +#: src/net_setup.c:241 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net_setup.c:216 +#: src/net_setup.c:247 msgid "Invalid name for myself!" msgstr "Ongeldige naam voor mijzelf!" -#: src/net_setup.c:230 +#: src/net_setup.c:261 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net_setup.c:287 +#: src/net_setup.c:318 msgid "Invalid routing mode!" msgstr "Ongeldige routing modus!" -#: src/net_setup.c:298 +#: src/net_setup.c:329 msgid "PriorityInheritance not supported on this platform" msgstr "PriorityInheritance wordt niet ondersteund op dit platform" -#: src/net_setup.c:308 +#: src/net_setup.c:339 msgid "Bogus maximum timeout!" msgstr "Onzinnige maximum timeout!" -#: src/net_setup.c:325 +#: src/net_setup.c:356 msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:347 +#: src/net_setup.c:378 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:382 +#: src/net_setup.c:413 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:398 +#: src/net_setup.c:429 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:403 +#: src/net_setup.c:434 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:419 +#: src/net_setup.c:450 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:465 +#: src/net_setup.c:498 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:476 +#: src/net_setup.c:509 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:479 +#: src/net_setup.c:512 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" -#: src/net_socket.c:90 +#: src/net_socket.c:99 #, c-format msgid "Creating metasocket failed: %s" msgstr "Aanmaak van metasocket mislukt: %s" -#: src/net_socket.c:124 src/net_socket.c:186 +#: src/net_socket.c:133 src/net_socket.c:195 #, c-format msgid "Can't bind to interface %s: %s" msgstr "Kan niet aan interface %s binden: %s" -#: src/net_socket.c:128 +#: src/net_socket.c:137 msgid "BindToDevice not supported on this platform" msgstr "BindToDevice wordt niet ondersteund op dit platform" -#: src/net_socket.c:136 +#: src/net_socket.c:145 #, c-format msgid "Can't bind to %s/tcp: %s" msgstr "Kan niet aan %s/tcp binden: %s" -#: src/net_socket.c:163 +#: src/net_socket.c:172 #, c-format msgid "Creating UDP socket failed: %s" msgstr "Aanmaak UDP socket mislukte: %s" -#: src/net_socket.c:196 +#: src/net_socket.c:205 #, c-format msgid "Can't bind to %s/udp: %s" msgstr "Kan niet aan %s/udp binden: %s" -#: src/net_socket.c:219 +#: src/net_socket.c:228 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net_socket.c:228 src/net_socket.c:322 +#: src/net_socket.c:237 src/net_socket.c:333 #, c-format msgid "Trying to connect to %s (%s)" msgstr "Poging tot verbinden met %s (%s)" -#: src/net_socket.c:234 src/net_socket.c:329 +#: src/net_socket.c:243 src/net_socket.c:340 #, c-format msgid "Creating socket for %s failed: %s" msgstr "Aanmaken socket voor %s mislukt: %s" -#: src/net_socket.c:258 src/net_socket.c:268 +#: src/net_socket.c:269 src/net_socket.c:279 #, c-format msgid "Connected to %s (%s)" msgstr "Verbonden met %s (%s)" -#: src/net_socket.c:287 +#: src/net_socket.c:298 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net_socket.c:350 +#: src/net_socket.c:363 #, c-format msgid "fcntl for %s: %s" msgstr "fcntl voor %s: %s" -#: src/net_socket.c:368 +#: src/net_socket.c:381 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/net_socket.c:389 +#: src/net_socket.c:402 #, c-format msgid "Already connected to %s" msgstr "Reeds verbonden met %s" -#: src/net_socket.c:408 +#: src/net_socket.c:421 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net_socket.c:435 +#: src/net_socket.c:448 #, c-format msgid "Accepting a new connection failed: %s" msgstr "Aanname van nieuwe verbinding is mislukt: %s" -#: src/net_socket.c:453 +#: src/net_socket.c:466 #, c-format msgid "Connection from %s" msgstr "Verbinding van %s" -#: src/net_socket.c:475 +#: src/net_socket.c:488 #, c-format msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" -#: src/netutl.c:65 src/netutl.c:88 +#: src/netutl.c:68 src/netutl.c:91 #, c-format msgid "Error looking up %s port %s: %s\n" msgstr "Fout bij het opzoeken van %s poort %s: %s\n" -#: src/netutl.c:109 +#: src/netutl.c:112 #, c-format msgid "Error while translating addresses: %s" msgstr "Fout tijdens vertalen adressen: %s" -#: src/netutl.c:134 +#: src/netutl.c:135 #, c-format msgid "Error while looking up hostname: %s" msgstr "Fout bij het opzoeken van hostnaam: %s" -#: src/netutl.c:137 +#: src/netutl.c:138 #, c-format msgid "%s port %s" msgstr "%s poort %s" -#: src/netutl.c:166 +#: src/netutl.c:167 #, c-format msgid "sockaddrcmp() was called with unknown address family %d, exitting!" msgstr "" @@ -772,8 +772,8 @@ msgstr "" "subnet_compare() werd aangeroepen met onbekend subnet type %d, beëindigen!" #: src/subnet.c:274 -#, c-format -msgid "net2str() was called with unknown subnet type %d, exitting!" +#, fuzzy, c-format +msgid "net2str() was called with unknown subnet type %d, exiting!" msgstr "net2str() werd aangeroepen met onbekend subnet type %d, beëindigen!" #: src/subnet.c:384 @@ -918,7 +918,7 @@ msgstr "Onherstelbare fout" msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/process.c:373 src/tincd.c:396 +#: src/process.c:372 src/tincd.c:396 msgid "Not restarting." msgstr "Geen herstart." @@ -978,58 +978,63 @@ msgstr "tincd %s (%s %s) start, debug niveau %d" msgid "tincd %s starting" msgstr "tincd %s wordt gestart" -#: src/process.c:280 +#: src/process.c:249 +#, fuzzy, c-format +msgid "Could not execute `%s': %s" +msgstr "Kon `%s' niet openen: %s" + +#: src/process.c:279 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:290 +#: src/process.c:289 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:298 +#: src/process.c:297 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:304 +#: src/process.c:303 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:329 +#: src/process.c:328 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:338 +#: src/process.c:337 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:345 +#: src/process.c:344 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %s (%s): geen herstart." -#: src/process.c:354 +#: src/process.c:353 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:359 +#: src/process.c:358 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:382 +#: src/process.c:381 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:391 +#: src/process.c:390 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:398 +#: src/process.c:397 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1038,41 +1043,41 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:409 +#: src/process.c:408 msgid "Got ALRM signal" msgstr "Kreeg ALRM signaal" -#: src/process.c:438 +#: src/process.c:437 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:447 +#: src/process.c:446 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:504 +#: src/process.c:503 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:73 +#: src/route.c:83 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:107 +#: src/route.c:117 #, c-format msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" -#: src/route.c:152 +#: src/route.c:162 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:172 +#: src/route.c:182 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1081,19 +1086,19 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:233 +#: src/route.c:243 msgid "" "Cannot route packet: received unknown type neighbor solicitation request" msgstr "" "Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation " "verzoek" -#: src/route.c:254 +#: src/route.c:264 msgid "Cannot route packet: checksum error for neighbor solicitation request" msgstr "" "Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek" -#: src/route.c:266 +#: src/route.c:276 #, c-format msgid "" "Cannot route packet: neighbor solicitation request for unknown address %hx:%" @@ -1102,16 +1107,16 @@ msgstr "" "Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres %" "hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx" -#: src/route.c:341 +#: src/route.c:351 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:354 +#: src/route.c:364 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:411 +#: src/route.c:421 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" @@ -1182,42 +1187,42 @@ msgid "%s is a %s" msgstr "%s is een %s" #: src/freebsd/device.c:108 src/linux/device.c:159 src/linux/device.c:169 -#: src/netbsd/device.c:111 src/openbsd/device.c:111 src/solaris/device.c:149 +#: src/netbsd/device.c:109 src/openbsd/device.c:111 src/solaris/device.c:149 #, c-format msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" -#: src/freebsd/device.c:117 src/linux/device.c:180 src/netbsd/device.c:126 +#: src/freebsd/device.c:117 src/linux/device.c:180 src/netbsd/device.c:124 #: src/openbsd/device.c:140 src/solaris/device.c:164 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" -#: src/freebsd/device.c:128 src/linux/device.c:191 src/netbsd/device.c:139 +#: src/freebsd/device.c:128 src/linux/device.c:191 src/netbsd/device.c:135 #: src/openbsd/device.c:154 src/solaris/device.c:175 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" -#: src/linux/device.c:198 src/linux/device.c:207 src/netbsd/device.c:149 +#: src/linux/device.c:198 src/linux/device.c:207 src/netbsd/device.c:140 #: src/openbsd/device.c:180 src/solaris/device.c:180 #, c-format msgid "Can't write to %s %s: %s" msgstr "Kan niet schrijven naar %s %s: %s" -#: src/freebsd/device.c:144 src/linux/device.c:220 src/netbsd/device.c:160 +#: src/freebsd/device.c:144 src/linux/device.c:220 src/netbsd/device.c:151 #: src/openbsd/device.c:191 src/solaris/device.c:192 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" -#: src/freebsd/device.c:145 src/linux/device.c:221 src/netbsd/device.c:161 +#: src/freebsd/device.c:145 src/linux/device.c:221 src/netbsd/device.c:152 #: src/openbsd/device.c:192 src/solaris/device.c:193 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" -#: src/freebsd/device.c:146 src/linux/device.c:222 src/netbsd/device.c:162 +#: src/freebsd/device.c:146 src/linux/device.c:222 src/netbsd/device.c:153 #: src/openbsd/device.c:193 src/solaris/device.c:194 #, c-format msgid " total bytes out: %10d" From cd3601c5df57c7544ece00bf79e82b36499a26ff Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 9 Jun 2002 15:58:05 +0000 Subject: [PATCH 644/923] Add /sw/{include,lib} to search paths if they exist --- configure.in | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/configure.in b/configure.in index 390b3d08..7fc317f2 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.48 2002/06/09 15:26:10 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.49 2002/06/09 15:58:05 zarq Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -65,6 +65,13 @@ esac AC_CACHE_SAVE +if test -d /sw/include ; then + CPPFLAGS="$CPPFLAGS -I/sw/include" +fi +if test -d /sw/lib ; then + LIBS="$LIBS -L/sw/lib" +fi + dnl Checks for libraries. dnl Checks for header files. From 7608136a8dae24f2df30eac8644efd0d7cd57dc9 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 9 Jun 2002 16:12:04 +0000 Subject: [PATCH 645/923] Include a few more header files --- lib/fake-getnameinfo.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/fake-getnameinfo.c b/lib/fake-getnameinfo.c index 3ad42d03..ad69410a 100644 --- a/lib/fake-getnameinfo.c +++ b/lib/fake-getnameinfo.c @@ -12,10 +12,14 @@ #include "config.h" #include +#include #include +#include +#include + #include -/* RCSID("$Id: fake-getnameinfo.c,v 1.1.2.2 2002/06/09 15:50:11 zarq Exp $"); */ +/* RCSID("$Id: fake-getnameinfo.c,v 1.1.2.3 2002/06/09 16:12:04 zarq Exp $"); */ #ifndef HAVE_GETNAMEINFO From 944df3eeee50972fcac84cfc8eefb36033bf04ad Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 9 Jun 2002 16:19:20 +0000 Subject: [PATCH 646/923] Include netbsd's device.c in make dist --- src/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 32aee666..d2251b70 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,9 +1,9 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.21 2002/03/27 15:47:06 guus Exp $ +# $Id: Makefile.am,v 1.4.4.22 2002/06/09 16:19:20 zarq Exp $ sbin_PROGRAMS = tincd -EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c +EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c netbsd/device.c tincd_SOURCES = conf.c connection.c device.c edge.c event.c graph.c meta.c net.c net_packet.c net_setup.c \ net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \ From bd72e14138185f342885c0ed1c0f2c5dbf571132 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Sun, 9 Jun 2002 16:23:12 +0000 Subject: [PATCH 647/923] Added Alessandro Gatti --- THANKS | 1 + 1 file changed, 1 insertion(+) diff --git a/THANKS b/THANKS index 7dec517d..ded7de60 100644 --- a/THANKS +++ b/THANKS @@ -19,6 +19,7 @@ We would like to thank * Jerome Etienne (for a thorough security analysis of tinc) * Mark Glines (for his compression patch) * Nick Patavalis (RedHat package) + * Alessandro Gatti (for helping us support Darwin) for their help, support and ideas. Thank you guys! From 69b758879ee6d322e89143141b98d52167845c26 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 10 Jun 2002 14:33:40 +0000 Subject: [PATCH 648/923] Added Darwin (MacOS/X) tun device handling. --- src/darwin/device.c | 153 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 src/darwin/device.c diff --git a/src/darwin/device.c b/src/darwin/device.c new file mode 100644 index 00000000..ecd1d14b --- /dev/null +++ b/src/darwin/device.c @@ -0,0 +1,153 @@ +/* + device.c -- Interaction with MacOS/X tun device + Copyright (C) 2001-2002 Ivo Timmermans , + 2001-2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.1.2.1 2002/06/10 14:33:40 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include "conf.h" +#include "net.h" +#include "subnet.h" + +#include "system.h" + +#define DEFAULT_DEVICE "/dev/tun0" + +int device_fd = -1; +int device_type; +char *device; +char *interface; +char *device_info; +int device_total_in = 0; +int device_total_out = 0; + +extern subnet_t mymac; + +/* + open the local ethertap device +*/ +int setup_device(void) +{ +cp + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; + + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + interface = rindex(device, '/')?rindex(device, '/')+1:device; +cp + if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) + { + syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + return -1; + } +cp + + /* Set default MAC address for ethertap devices */ + + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; + + device_info = _("MacOS/X tun device"); + + syslog(LOG_INFO, _("%s is a %s"), device, device_info); +cp + return 0; +} + +void close_device(void) +{ +cp + close(device_fd); +} + +/* + read, encrypt and send data that is + available through the ethertap device +*/ +int read_packet(vpn_packet_t *packet) +{ + int lenin; +cp + if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) + { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); + return -1; + } + + memcpy(packet->data, mymac.net.mac.address.x, 6); + memcpy(packet->data + 6, mymac.net.mac.address.x, 6); + packet->data[12] = 0x08; + packet->data[13] = 0x00; + + packet->len = lenin + 14; + + device_total_in += packet->len; + + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), + packet->len, device_info); + + return 0; +cp +} + +int write_packet(vpn_packet_t *packet) +{ +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + if(write(device_fd, packet->data + 14, packet->len - 14) < 0) + { + syslog(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, device, strerror(errno)); + return -1; + } + + device_total_out += packet->len; +cp +} + +void dump_device_stats(void) +{ +cp + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp +} From 40ac473cb10f9c6a59739ce70032b746d8e0bf68 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 10 Jun 2002 14:35:18 +0000 Subject: [PATCH 649/923] Use darwin/device.c when compiling on MacOS/X. --- configure.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index 7fc317f2..715b4016 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.49 2002/06/09 15:58:05 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.50 2002/06/10 14:35:18 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -43,8 +43,8 @@ case $host_os in [ rm -f src/device.c; ln -sf freebsd/device.c src/device.c ] ;; *darwin*) - AC_DEFINE(HAVE_FREEBSD) - [ rm -f src/device.c; ln -sf freebsd/device.c src/device.c ] + AC_DEFINE(HAVE_DARWIN) + [ rm -f src/device.c; ln -sf darwin/device.c src/device.c ] ;; *solaris*) AC_DEFINE(HAVE_SOLARIS) From de6835a9dd1891b6435c128cc6c2293950a4d7a7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 10 Jun 2002 15:08:23 +0000 Subject: [PATCH 650/923] Include darwin/device.c in distribution. --- src/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index d2251b70..1f8bcf7a 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,9 +1,9 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.22 2002/06/09 16:19:20 zarq Exp $ +# $Id: Makefile.am,v 1.4.4.23 2002/06/10 15:08:23 guus Exp $ sbin_PROGRAMS = tincd -EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c netbsd/device.c +EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c netbsd/device.c darwin/device.c tincd_SOURCES = conf.c connection.c device.c edge.c event.c graph.c meta.c net.c net_packet.c net_setup.c \ net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \ From 8988b127e18435054e48cbcca8ac712ddda3d6d2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 11 Jun 2002 11:03:17 +0000 Subject: [PATCH 651/923] Autoconf cleanup. Works for both 2.13 and 2.53, although running autoconf 2.53 still gives some errors. --- acconfig.h | 80 --------------------------------------------------- configure.in | 23 ++++++++------- m4/malloc.m4 | 8 +++--- m4/openssl.m4 | 18 ++++++------ m4/realloc.m4 | 8 +++--- m4/tuntap.m4 | 4 +-- 6 files changed, 31 insertions(+), 110 deletions(-) delete mode 100644 acconfig.h diff --git a/acconfig.h b/acconfig.h deleted file mode 100644 index f8e234fd..00000000 --- a/acconfig.h +++ /dev/null @@ -1,80 +0,0 @@ -/* Define to the name name of this package */ -#undef PACKAGE - -/* Define to the version of the package */ -#undef VERSION - -/* Define to rpl_malloc if the replacement function should be used. */ -#undef malloc - -/* Define to rpl_realloc if the replacement function should be used. */ -#undef realloc - -/* This is always defined. It enables GNU extensions on systems that - have them. */ -#if !defined(_GNU_SOURCE) -# undef _GNU_SOURCE -#endif - -#if !defined(__USE_BSD) -# undef __USE_BSD -#endif - - -/* Define to 1 if NLS is requested. */ -#undef ENABLE_NLS - -/* Define as 1 if you have catgets and don't want to use GNU gettext. */ -#undef HAVE_CATGETS - -/* Define as 1 if you have gettext and don't want to use GNU gettext. */ -#undef HAVE_GETTEXT - -/* Define if your locale.h file contains LC_MESSAGES. */ -#undef HAVE_LC_MESSAGES - -/* Define to 1 if you have the stpcpy function. */ -#undef HAVE_STPCPY - -/* For getopt */ -#if HAVE_STDLIB_H -# define getopt system_getopt -# include -# undef getopt -#endif - -/* Linux */ -#undef HAVE_LINUX - -/* FreeBSD */ -#undef HAVE_FREEBSD - -/* OpenBSD */ -#undef HAVE_OPENBSD - -/* Solaris */ -#undef HAVE_SOLARIS - -/* NetBSD */ -#undef HAVE_NETBSD - -/* Define to the location of the kernel sources */ -#undef CONFIG_TINC_KERNELDIR - -/* Define to 1 if tun/tap support is enabled and found */ -#undef HAVE_TUNTAP - -/* Define to the location of if_tun.h */ -#undef LINUX_IF_TUN_H - -/* Define to 1 if support for jumbograms is enabled */ -#undef ENABLE_JUMBOGRAMS - -/* Define to 1 if checkpoint tracing is enabled */ -#undef ENABLE_TRACING - -/* Define to enable use of old SSLeay_add_all_algorithms() function */ -#undef HAVE_SSLEAY_ADD_ALL_ALGORITHMS - -/* Define if there a socklen_t */ -#undef HAVE_SOCKLEN_T diff --git a/configure.in b/configure.in index 715b4016..e8b9527c 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.50 2002/06/10 14:35:18 guus Exp $ +dnl $Id: configure.in,v 1.13.2.51 2002/06/11 11:03:17 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -12,7 +12,8 @@ AM_ACLOCAL_INCLUDE(m4) # Enable GNU extensions. # Define this here, not in acconfig's @TOP@ section, since definitions # in the latter don't make it into the configure-time tests. -AC_DEFINE([_GNU_SOURCE], [__USE_BSD]) +AC_DEFINE([_GNU_SOURCE], 1, [Enable GNU extenstions]) +AC_DEFINE([__USE_BSD], 1, [Enable BSD extensions]) ALL_LINGUAS="nl" @@ -35,27 +36,27 @@ AC_CANONICAL_HOST case $host_os in *linux*) - AC_DEFINE(HAVE_LINUX) + AC_DEFINE(HAVE_LINUX, 1, [Linux]) [ rm -f src/device.c; ln -sf linux/device.c src/device.c ] ;; *freebsd*) - AC_DEFINE(HAVE_FREEBSD) + AC_DEFINE(HAVE_FREEBSD, 1, [FreeBSD]) [ rm -f src/device.c; ln -sf freebsd/device.c src/device.c ] ;; *darwin*) - AC_DEFINE(HAVE_DARWIN) + AC_DEFINE(HAVE_DARWIN, 1, [Darwin (MacOS/X)]) [ rm -f src/device.c; ln -sf darwin/device.c src/device.c ] ;; *solaris*) - AC_DEFINE(HAVE_SOLARIS) + AC_DEFINE(HAVE_SOLARIS, 1, [Solaris/SunOS]) [ rm -f src/device.c; ln -sf solaris/device.c src/device.c ] ;; *openbsd*) - AC_DEFINE(HAVE_OPENBSD) + AC_DEFINE(HAVE_OPENBSD, 1, [OpenBSD]) [ rm -f src/device.c; ln -sf openbsd/device.c src/device.c ] ;; *netbsd*) - AC_DEFINE(HAVE_NETBSD) + AC_DEFINE(HAVE_NETBSD, 1, [NetBSD]) [ rm -f src/device.c; ln -sf netbsd/device.c src/device.c ] ;; *) @@ -97,7 +98,7 @@ AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t, ac_cv_type_socklen_t=no) ]) if test $ac_cv_type_socklen_t = yes; then - AC_DEFINE(HAVE_SOCKLEN_T) + AC_DEFINE(HAVE_SOCKLEN_T, 1, [socklen_t available]) fi dnl Checks for library functions. @@ -130,13 +131,13 @@ tinc_ZLIB dnl Check if support for jumbograms is requested AC_ARG_ENABLE(jumbograms, [ --enable-jumbograms enable support for jumbograms (packets up to 9000 bytes)], - [ AC_DEFINE(ENABLE_JUMBOGRAMS) ] + [ AC_DEFINE(ENABLE_JUMBOGRAMS, 1, [Support for jumbograms (packets up to 9000 bytes)]) ] ) dnl Check if checkpoint tracing has to be enabled AC_ARG_ENABLE(tracing, [ --enable-tracing enable checkpoint tracing (debugging only)], - [ AC_DEFINE(ENABLE_TRACING) ] + [ AC_DEFINE(ENABLE_TRACING, 1, [Checkpoint tracing]) ] ) AC_SUBST(INCLUDES) diff --git a/m4/malloc.m4 b/m4/malloc.m4 index bd3cad46..dacd9191 100644 --- a/m4/malloc.m4 +++ b/m4/malloc.m4 @@ -20,8 +20,7 @@ AC_DEFUN(jm_FUNC_MALLOC, fi dnl xmalloc.c requires that this symbol be defined so it doesn't dnl mistakenly use a broken malloc -- as it might if this test were omitted. - ac_kludge=HAVE_DONE_WORKING_MALLOC_CHECK - AC_DEFINE_UNQUOTED($ac_kludge) + AC_DEFINE(HAVE_DONE_WORKING_MALLOC_CHECK, 1, [Needed for xmalloc.c]) AC_CACHE_CHECK([for working malloc], jm_cv_func_working_malloc, [AC_TRY_RUN([ @@ -38,7 +37,8 @@ AC_DEFUN(jm_FUNC_MALLOC, jm_cv_func_working_malloc=no) ]) if test $jm_cv_func_working_malloc = no; then - LIBOBJS="$LIBOBJS malloc.o" - AC_DEFINE_UNQUOTED(malloc, rpl_malloc) +dnl This should be converted to: AC_LIBOBJ([malloc]) + LIBOBJS="$LIBOBJS malloc.$ac_objext" + AC_DEFINE(malloc, rpl_malloc, [Replacement malloc()]) fi ]) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index e5c09395..40ad4fd0 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -19,31 +19,31 @@ AC_DEFUN(tinc_OPENSSL, AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h, [], - [AC_MSG_ERROR("OpenSSL header files not found."); break] + [AC_MSG_ERROR([OpenSSL header files not found.]); break] ) CPPFLAGS="$tinc_ac_save_CPPFLAGS" AC_CHECK_LIB(crypto, SHA1_version, [LIBS="$LIBS -lcrypto"], - [AC_MSG_ERROR("OpenSSL libraries not found.")] + [AC_MSG_ERROR([OpenSSL libraries not found.])] ) AC_CHECK_FUNCS(RAND_pseudo_bytes) AC_CHECK_FUNC(OpenSSL_add_all_algorithms, [], - AC_CHECK_FUNC(SSLeay_add_all_algorithms, - [AC_DEFINE(HAVE_SSLEAY_ADD_ALL_ALGORITHMS)], - [AC_MSG_ERROR("Missing required OpenSSL functionality!")] - ) + [AC_CHECK_FUNC(SSLeay_add_all_algorithms, + [AC_DEFINE(HAVE_SSLEAY_ADD_ALL_ALGORITHMS, 1, [Defined if this function should be used instead of OpenSLL_add_all_algorithms])], + [AC_MSG_ERROR([Missing required OpenSSL functionality!])] + )] ) AC_CHECK_FUNC(dlopen, [], - AC_CHECK_LIB(dl, dlopen, + [AC_CHECK_LIB(dl, dlopen, [LIBS="$LIBS -ldl"], - [AC_MSG_ERROR("OpenSSL depends on libdl.")] - ) + [AC_MSG_ERROR([OpenSSL depends on libdl.])] + )] ) ]) diff --git a/m4/realloc.m4 b/m4/realloc.m4 index aba19840..2eaeb0c3 100644 --- a/m4/realloc.m4 +++ b/m4/realloc.m4 @@ -20,8 +20,7 @@ AC_DEFUN(jm_FUNC_REALLOC, fi dnl xmalloc.c requires that this symbol be defined so it doesn't dnl mistakenly use a broken realloc -- as it might if this test were omitted. - ac_kludge=HAVE_DONE_WORKING_REALLOC_CHECK - AC_DEFINE_UNQUOTED($ac_kludge) + AC_DEFINE(HAVE_DONE_WORKING_REALLOC_CHECK, 1, [Needed for xmalloc.c]) AC_CACHE_CHECK([for working realloc], jm_cv_func_working_realloc, [AC_TRY_RUN([ @@ -38,7 +37,8 @@ AC_DEFUN(jm_FUNC_REALLOC, jm_cv_func_working_realloc=no) ]) if test $jm_cv_func_working_realloc = no; then - LIBOBJS="$LIBOBJS realloc.o" - AC_DEFINE_UNQUOTED(realloc, rpl_realloc) +dnl This should be converted to: AC_LIBOBJ([realloc]) + LIBOBJS="$LIBOBJS realloc.$ac_objext" + AC_DEFINE(realloc, rpl_realloc, [Replacement realloc()]) fi ]) diff --git a/m4/tuntap.m4 b/m4/tuntap.m4 index 0bee1ce3..cd3a485a 100644 --- a/m4/tuntap.m4 +++ b/m4/tuntap.m4 @@ -29,9 +29,9 @@ AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, ]) if test $tinc_cv_linux_if_tun_h != none; then - AC_DEFINE(HAVE_TUNTAP) + AC_DEFINE(HAVE_TUNTAP, 1, [Universal tun/tap driver present]) if test $tinc_cv_linux_if_tun_h != default; then - AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, $tinc_cv_linux_if_tun_h) + AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, $tinc_cv_linux_if_tun_h, [Location of if_tun.h]) fi fi AC_SUBST(LINUX_IF_TUN_H) From 3a3adf5b690e9be1390a5df3caee6af64b25838f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 12 Jun 2002 13:45:23 +0000 Subject: [PATCH 652/923] Add configuration details for NetBSD and Darwin (MacOS/X). --- doc/tinc.texi | 80 +++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 75 insertions(+), 5 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 5ce852e9..84ccce92 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.28 2002/04/09 11:43:29 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.29 2002/06/12 13:45:23 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.28 2002/04/09 11:43:29 guus Exp $ +$Id: tinc.texi,v 1.8.4.29 2002/06/12 13:45:23 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.28 2002/04/09 11:43:29 guus Exp $ +$Id: tinc.texi,v 1.8.4.29 2002/06/12 13:45:23 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -224,6 +224,19 @@ acquisition from the kernel. It has been verified to work under at least OpenBSD Tunneling IPv6 packets may not work on OpenBSD. +@c ================================================================== +@subsection Solaris + +@c ================================================================== +@subsection NetBSD + +@cindex NetBSD +tinc on NetBSD relies on the tun driver for its data +acquisition from the kernel. It has been verified to work under at least NetBSD 1.5.2. + +Tunneling IPv6 does not work on OpenBSD. + + @c ================================================================== @subsection Solaris @@ -234,6 +247,17 @@ as this driver. These are: Solaris 8 (SunOS 5.8). IPv6 packets cannot be tunneled on Solaris. +@c ================================================================== +@subsection Darwin (MacOS/X) + +@cindex Darwin +@cindex MacOS/X +tinc on Darwin relies on the tunnel driver for its data +acquisition from the kernel. This driver is not part of Darwin but can be +downloaded from @uref{http://chrisp.de/en/projects/tunnel.html}. + +IPv6 packets cannot be tunneled on Darwin. + @c @c @@ -290,7 +314,9 @@ you should read the @uref{http://howto.linuxberg.com/LDP/HOWTO/Kernel-HOWTO.html * Configuration of Linux kernels 2.4.0 and higher:: * Configuration of FreeBSD kernels:: * Configuration of OpenBSD kernels:: +* Configuration of NetBSD kernels:: * Configuration of Solaris kernels:: +* Configuration of Darwin (MacOS/X) kernels:: @end menu @@ -374,7 +400,7 @@ Unfortunately somebody still has to write the text. @c ================================================================== -@node Configuration of OpenBSD kernels, Configuration of Solaris kernels, Configuration of FreeBSD kernels, Configuring the kernel +@node Configuration of OpenBSD kernels, Configuration of NetBSD kernels, Configuration of FreeBSD kernels, Configuring the kernel @subsection Configuration of OpenBSD kernels This section will contain information on how to configure your OpenBSD @@ -385,7 +411,18 @@ Unfortunately somebody still has to write the text. @c ================================================================== -@node Configuration of Solaris kernels, , Configuration of OpenBSD kernels, Configuring the kernel +@node Configuration of NetBSD kernels, Configuration of Solaris kernels, Configuration of OpenBSD kernels, Configuring the kernel +@subsection Configuration of NetBSD kernels + +This section will contain information on how to configure your NetBSD +kernel to support the tun device. For 1.5.2 systems, +this is included in the default kernel configuration. + +Unfortunately somebody still has to write the text. + + +@c ================================================================== +@node Configuration of Solaris kernels, Configuration of Darwin (MacOS/X) kernels, Configuration of NetBSD kernels, Configuring the kernel @subsection Configuration of Solaris kernels This section will contain information on how to configure your Solaris @@ -395,6 +432,23 @@ this is included in the default kernel configuration. Unfortunately somebody still has to write the text. +@c ================================================================== +@node Configuration of Darwin (MacOS/X) kernels, , Configuration of Solaris kernels, Configuring the kernel +@subsection Configuration of Darwin (MacOS/X) kernels + +Darwin does not come with a tunnel driver. You must download it at +@uref{http://chrisp.de/en/projects/tunnel.html}. If compiling the source fails, +try the binary module. The tunnel driver must be loaded before starting tinc +with the following command: + +@example +kmodload tunnel +@end example + +Once loaded, the tunnel driver will automatically create @file{/dev/tun0}..@file{/dev/tun3} +and the corresponding network interfaces. + + @c ================================================================== @node Libraries, , Configuring the kernel, Preparations @section Libraries @@ -533,6 +587,22 @@ If you happen to have a binary package for tinc for your distribution, you can use the package management tools of that distribution to install tinc. The documentation that comes along with your distribution will tell you how to do that. +@menu +* Darwin (MacOS/X) build environment:: +@end menu + + +@c ================================================================== +@node Darwin (MacOS/X) build environment, , , Building and installing tinc +@subsection Darwin (MacOS/X) build environment + +In order to build tinc on Darwin, you need to install the MacOS/X Developer Tools +from @uref{http://developer.apple.com/tools/macosxtools.html} and +a recent version of Fink from @uref{http://fink.sourceforge.net/}. + +After installation use fink to download and install the following packages: +autoconf25, automake, dlcompat, m4, openssl and zlib. + @c ================================================================== @node System files, , Building and installing tinc, Installation From 940fcb6701d055f49530f12c93371f0280efce80 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 13 Jun 2002 16:12:40 +0000 Subject: [PATCH 653/923] Reset listen_sockets after SIGHUP. --- src/net_setup.c | 4 +++- src/net_socket.c | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index d0d57daa..aa5b669e 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.18 2002/06/08 14:08:57 guus Exp $ + $Id: net_setup.c,v 1.1.2.19 2002/06/13 16:12:40 guus Exp $ */ #include "config.h" @@ -484,6 +484,8 @@ cp return -1; } + listen_sockets = 0; + for(aip = ai; aip; aip = aip->ai_next) { if((listen_socket[listen_sockets].tcp = setup_listen_socket((sockaddr_t *)aip->ai_addr)) < 0) diff --git a/src/net_socket.c b/src/net_socket.c index 089f0078..9af1cc94 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.14 2002/06/08 14:08:57 guus Exp $ + $Id: net_socket.c,v 1.1.2.15 2002/06/13 16:12:40 guus Exp $ */ #include "config.h" @@ -80,7 +80,7 @@ int maxtimeout = 900; int seconds_till_retry = 5; listen_socket_t listen_socket[MAXSOCKETS]; -int listen_sockets = 0; +int listen_sockets; /* Setup sockets */ From faabd163adf89bd0580cd40b8735ef8d9028a942 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 14 Jun 2002 11:51:29 +0000 Subject: [PATCH 654/923] Update comments about IPv6 autoconfiguration. --- README | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README b/README index d75d7f65..e38b5727 100644 --- a/README +++ b/README @@ -107,8 +107,9 @@ etcetera. Support for routing IPv6 packets has been added. Just add Subnet lines with IPv6 addresses (without using :: abbreviations) and use ifconfig or ip (from the iproute package) to give the virtual network interface corresponding IPv6 -addresses. Autoconfiguration will not work in router mode. Tunneling IPv6 -packets only works on Linux, FreeBSD and possibly OpenBSD. +addresses. tinc does not provide autoconfiguration for IPv6 hosts, if you need +it use radvd or zebra. Tunneling IPv6 packets only works on Linux, FreeBSD and +possibly OpenBSD. It is also possible to make tunnels to other tinc daemons over IPv6 networks. In order to enable this feature the option "AddressFamily = any" or From 627f7c22b447bd464b536cd016278545674df93d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 21 Jun 2002 10:11:37 +0000 Subject: [PATCH 655/923] s/sliepen.warande.net/sliepen.eu.org/g s/itimmermans@bigfoot.com/ivo@o2w.nl/g --- AUTHORS | 4 ++-- README | 4 ++-- cvsusers | 4 ++-- doc/CONNECTIVITY | 4 ++-- doc/NETWORKING | 4 ++-- doc/PROTOCOL | 6 +++--- doc/SECURITY2 | 4 ++-- doc/es/tinc-es.html | 6 +++--- doc/es/tinc_toc-es.html | 2 +- doc/tinc.conf.5 | 4 ++-- doc/tinc.texi | 16 ++++++++-------- doc/tincd.8 | 8 ++++---- lib/avl_tree.c | 8 ++++---- lib/avl_tree.h | 8 ++++---- lib/dropin.c | 6 +++--- lib/dropin.h | 6 +++--- lib/list.c | 6 +++--- lib/list.h | 6 +++--- lib/rbl.c | 6 +++--- lib/rbl.h | 6 +++--- lib/utils.c | 2 +- lib/utils.h | 2 +- po/nl.po | 6 +++--- po/old/es.po | 2 +- src/conf.c | 6 +++--- src/conf.h | 6 +++--- src/connection.c | 6 +++--- src/connection.h | 6 +++--- src/darwin/device.c | 6 +++--- src/device.h | 4 ++-- src/edge.c | 6 +++--- src/edge.h | 6 +++--- src/event.c | 6 +++--- src/event.h | 6 +++--- src/freebsd/device.c | 6 +++--- src/graph.c | 6 +++--- src/graph.h | 6 +++--- src/linux/device.c | 6 +++--- src/meta.c | 6 +++--- src/meta.h | 6 +++--- src/net.c | 6 +++--- src/net.h | 4 ++-- src/net_packet.c | 6 +++--- src/net_setup.c | 6 +++--- src/net_socket.c | 6 +++--- src/netbsd/device.c | 6 +++--- src/netutl.c | 6 +++--- src/netutl.h | 4 ++-- src/node.c | 6 +++--- src/node.h | 6 +++--- src/openbsd/device.c | 6 +++--- src/process.c | 6 +++--- src/process.h | 6 +++--- src/protocol.c | 6 +++--- src/protocol.h | 6 +++--- src/protocol_auth.c | 6 +++--- src/protocol_edge.c | 6 +++--- src/protocol_key.c | 6 +++--- src/protocol_misc.c | 6 +++--- src/protocol_subnet.c | 6 +++--- src/route.c | 6 +++--- src/route.h | 4 ++-- src/solaris/device.c | 6 +++--- src/subnet.c | 6 +++--- src/subnet.h | 6 +++--- src/tincd.c | 6 +++--- system.h | 2 +- 67 files changed, 188 insertions(+), 188 deletions(-) diff --git a/AUTHORS b/AUTHORS index 4721984f..ac4e1a22 100644 --- a/AUTHORS +++ b/AUTHORS @@ -1,6 +1,6 @@ Main tinc authors: -Guus Sliepen -Ivo Timmermans +Guus Sliepen +Ivo Timmermans These files are from other sources: * lib/pidfile.h and lib/pidfile.c are by Martin Schulze, taken from diff --git a/README b/README index e38b5727..d957790b 100644 --- a/README +++ b/README @@ -3,8 +3,8 @@ instructions may be found in the INSTALL file. tinc is Copyright (C) 1998-2002 by: -Ivo Timmermans , -Guus Sliepen , +Ivo Timmermans , +Guus Sliepen , and others. For a complete list of authors see the AUTHORS file. diff --git a/cvsusers b/cvsusers index 3d1d2d33..24b85047 100644 --- a/cvsusers +++ b/cvsusers @@ -1,3 +1,3 @@ -zarq:Ivo Timmermans -guus:Guus Sliepen +zarq:Ivo Timmermans +guus:Guus Sliepen wsl:Wessel Dankers diff --git a/doc/CONNECTIVITY b/doc/CONNECTIVITY index 4a2aeea9..ecdcf3e3 100644 --- a/doc/CONNECTIVITY +++ b/doc/CONNECTIVITY @@ -1,7 +1,7 @@ This document describes how nodes in a VPN find and connect to eachother and maintain a stable network. - Copyright 2001-2002 Guus Sliepen + Copyright 2001-2002 Guus Sliepen Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this @@ -12,7 +12,7 @@ maintain a stable network. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: CONNECTIVITY,v 1.1.2.8 2002/02/10 21:57:51 guus Exp $ + $Id: CONNECTIVITY,v 1.1.2.9 2002/06/21 10:11:10 guus Exp $ 1. Problem ========== diff --git a/doc/NETWORKING b/doc/NETWORKING index 89a2e686..053f5bf3 100644 --- a/doc/NETWORKING +++ b/doc/NETWORKING @@ -1,7 +1,7 @@ This is the network infrastructure documentation for tinc, a Virtual Private Network daemon. - Copyright 2001-2002 Guus Sliepen + Copyright 2001-2002 Guus Sliepen Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this @@ -12,7 +12,7 @@ Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: NETWORKING,v 1.1.2.2 2002/02/10 21:57:51 guus Exp $ + $Id: NETWORKING,v 1.1.2.3 2002/06/21 10:11:10 guus Exp $ 1. Packet flow ============== diff --git a/doc/PROTOCOL b/doc/PROTOCOL index da9c75ba..c1ec7e77 100644 --- a/doc/PROTOCOL +++ b/doc/PROTOCOL @@ -1,7 +1,7 @@ This is the protocol documentation for tinc, a Virtual Private Network daemon. - Copyright 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmmermans + Copyright 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmmermans Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this @@ -12,7 +12,7 @@ This is the protocol documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: PROTOCOL,v 1.1.2.6 2002/04/09 11:43:29 guus Exp $ + $Id: PROTOCOL,v 1.1.2.7 2002/06/21 10:11:10 guus Exp $ 1. Protocols used in tinc diff --git a/doc/SECURITY2 b/doc/SECURITY2 index 4276a018..11a9ed2a 100644 --- a/doc/SECURITY2 +++ b/doc/SECURITY2 @@ -1,6 +1,6 @@ This is the security documentation for tinc, a Virtual Private Network daemon. - Copyright 2001-2002 Guus Sliepen , + Copyright 2001-2002 Guus Sliepen , 2001-2002 Wessel Dankers Permission is granted to make and distribute verbatim copies of @@ -12,7 +12,7 @@ This is the security documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: SECURITY2,v 1.1.2.2 2002/02/10 21:57:51 guus Exp $ + $Id: SECURITY2,v 1.1.2.3 2002/06/21 10:11:10 guus Exp $ Proposed new authentication scheme ---------------------------------- diff --git a/doc/es/tinc-es.html b/doc/es/tinc-es.html index f8787000..ccaa9d27 100644 --- a/doc/es/tinc-es.html +++ b/doc/es/tinc-es.html @@ -6,7 +6,7 @@

    Manual de tinc

    Preparando una Red Privada Virtual con tinc

    -
    Ivo Timmermans <itimmermans@bigfoot.com>
    +
    Ivo Timmermans <ivo@o2w.nl>

    @@ -199,7 +199,7 @@ Puede agregar estas l 

     tinc            655/tcp    TINC 
 tinc            655/udp   TINC 
-#               Ivo Timmermans <itimmermans@bigfoot.com>
+#               Ivo Timmermans <ivo@o2w.nl>
 62;
    @@ -861,7 +861,7 @@ Nosotros tenemos un canal IRC en la red IRC de Open Projects. Conectarse a
    -
    Ivo Timmermans (zarq) (itimmermans@bigfoot.com) +
    Ivo Timmermans (zarq) (ivo@o2w.nl)
    El codificador/hacker principal y el que mantiene el paquete. diff --git a/doc/es/tinc_toc-es.html b/doc/es/tinc_toc-es.html index 2bb54986..858434f4 100644 --- a/doc/es/tinc_toc-es.html +++ b/doc/es/tinc_toc-es.html @@ -6,7 +6,7 @@

    Manual de tinc

    Preparando una Red Privada Virtual con tinc

    -
    Ivo Timmermans <itimmermans@bigfoot.com>
    +
    Ivo Timmermans <ivo@o2w.nl>

      diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 2dfdf070..7e7284b1 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -1,8 +1,8 @@ .Dd 2002-04-09 .Dt TINC.CONF 5 .\" Manual page created by: -.\" Ivo Timmermans -.\" Guus Sliepen +.\" Ivo Timmermans +.\" Guus Sliepen .Sh NAME .Nm tinc.conf .Nd tinc daemon configuration diff --git a/doc/tinc.texi b/doc/tinc.texi index 84ccce92..0ce939a2 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.29 2002/06/12 13:45:23 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.30 2002/06/21 10:11:10 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -15,10 +15,10 @@ This is the info manual for tinc, a Virtual Private Network daemon. Copyright @copyright{} 1998-2002 Ivo Timmermans -, Guus Sliepen and +, Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.29 2002/06/12 13:45:23 guus Exp $ +$Id: tinc.texi,v 1.8.4.30 2002/06/21 10:11:10 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -40,10 +40,10 @@ permission notice identical to this one. @vskip 0pt plus 1filll @cindex copyright Copyright @copyright{} 1998-2002 Ivo Timmermans -, Guus Sliepen and +, Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.29 2002/06/12 13:45:23 guus Exp $ +$Id: tinc.texi,v 1.8.4.30 2002/06/21 10:11:10 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -684,7 +684,7 @@ number 655 is registered with the IANA. @example tinc 655/tcp TINC tinc 655/udp TINC -# Ivo Timmermans +# Ivo Timmermans @end example @@ -1932,10 +1932,10 @@ and join channel #tinc. @section Authors @table @asis -@item Ivo Timmermans (zarq) (@email{itimmermans@@bigfoot.com}) +@item Ivo Timmermans (zarq) (@email{ivo@@o2w.nl}) Main coder/hacker and maintainer of the package. -@item Guus Sliepen (guus) (@email{guus@@sliepen.warande.net}) +@item Guus Sliepen (guus) (@email{guus@@sliepen.eu.org}) Originator of it all, co-author. @item Wessel Dankers (Ubiq) (@email{wsl@@nl.linux.org}) diff --git a/doc/tincd.8 b/doc/tincd.8 index 831bbb1d..83d26639 100644 --- a/doc/tincd.8 +++ b/doc/tincd.8 @@ -1,8 +1,8 @@ .Dd 2002-03-25 .Dt TINCD 8 .\" Manual page created by: -.\" Ivo Timmermans -.\" Guus Sliepen +.\" Ivo Timmermans +.\" Guus Sliepen .Sh NAME .Nm tincd .Nd tinc VPN daemon @@ -168,7 +168,7 @@ tinc comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions; see the file COPYING for details. .Sh AUTHORS -.An "Ivo Timmermans" Aq itimmermans@bigfoot.com -.An "Guus Sliepen" Aq guus@sliepen.warande.net +.An "Ivo Timmermans" Aq ivo@o2w.nl +.An "Guus Sliepen" Aq guus@sliepen.eu.org .Pp And thanks to many others for their contributions to tinc! diff --git a/lib/avl_tree.c b/lib/avl_tree.c index a4f00518..8ec680be 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -1,8 +1,8 @@ /* avl_tree.c -- avl_ tree and linked list convenience Copyright (C) 1998 Michael H. Buselli - 2000,2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + 2000,2001 Ivo Timmermans , + 2000,2001 Guus Sliepen 2000,2001 Wessel Dankers This program is free software; you can redistribute it and/or modify @@ -27,9 +27,9 @@ Cleaned up and incorporated some of the ideas from the red-black tree library for inclusion into tinc (http://tinc.nl.linux.org/) by - Guus Sliepen . + Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.8 2002/02/10 21:57:51 guus Exp $ + $Id: avl_tree.c,v 1.1.2.9 2002/06/21 10:11:11 guus Exp $ */ #include diff --git a/lib/avl_tree.h b/lib/avl_tree.h index d1ad6189..35c13a32 100644 --- a/lib/avl_tree.h +++ b/lib/avl_tree.h @@ -1,8 +1,8 @@ /* avl_tree.h -- header file for avl_tree.c Copyright (C) 1998 Michael H. Buselli - 2000,2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + 2000,2001 Ivo Timmermans , + 2000,2001 Guus Sliepen 2000,2001 Wessel Dankers This program is free software; you can redistribute it and/or modify @@ -27,9 +27,9 @@ Cleaned up and incorporated some of the ideas from the red-black tree library for inclusion into tinc (http://tinc.nl.linux.org/) by - Guus Sliepen . + Guus Sliepen . - $Id: avl_tree.h,v 1.1.2.4 2001/02/06 10:13:22 guus Exp $ + $Id: avl_tree.h,v 1.1.2.5 2002/06/21 10:11:11 guus Exp $ */ diff --git a/lib/dropin.c b/lib/dropin.c index a500a034..d7658c76 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -1,7 +1,7 @@ /* dropin.c -- a set of drop-in replacements for libc functions - Copyright (C) 2000,2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 2000,2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.9 2002/06/09 15:26:10 zarq Exp $ + $Id: dropin.c,v 1.1.2.10 2002/06/21 10:11:11 guus Exp $ */ #include "config.h" diff --git a/lib/dropin.h b/lib/dropin.h index 7bf1602c..ecf14403 100644 --- a/lib/dropin.h +++ b/lib/dropin.h @@ -1,7 +1,7 @@ /* dropin.h -- header file for dropin.c - Copyright (C) 2000,2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 2000,2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.h,v 1.1.2.7 2002/06/09 15:50:11 zarq Exp $ + $Id: dropin.h,v 1.1.2.8 2002/06/21 10:11:11 guus Exp $ */ #ifndef __DROPIN_H__ diff --git a/lib/list.c b/lib/list.c index cb2d4d21..b4c5871c 100644 --- a/lib/list.c +++ b/lib/list.c @@ -1,7 +1,7 @@ /* list.c -- functions to deal with double linked lists - Copyright (C) 2000,2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 2000,2001 Ivo Timmermans + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.10 2002/03/27 15:01:16 guus Exp $ + $Id: list.c,v 1.1.2.11 2002/06/21 10:11:11 guus Exp $ */ #include "config.h" diff --git a/lib/list.h b/lib/list.h index 3e1735bf..4c9885d4 100644 --- a/lib/list.h +++ b/lib/list.h @@ -1,7 +1,7 @@ /* list.h -- header file for list.c - Copyright (C) 2000,2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 2000,2001 Ivo Timmermans + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.h,v 1.1.2.5 2002/03/27 15:01:16 guus Exp $ + $Id: list.h,v 1.1.2.6 2002/06/21 10:11:11 guus Exp $ */ #ifndef __TINC_LIST_H__ diff --git a/lib/rbl.c b/lib/rbl.c index 226e938b..26a02db0 100644 --- a/lib/rbl.c +++ b/lib/rbl.c @@ -1,7 +1,7 @@ /* rbl.c -- red-black tree + linked list convenience - Copyright (C) 2000 Ivo Timmermans , - 2000 Guus Sliepen + Copyright (C) 2000 Ivo Timmermans , + 2000 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.c,v 1.1.2.12 2000/11/24 23:12:59 guus Exp $ + $Id: rbl.c,v 1.1.2.13 2002/06/21 10:11:11 guus Exp $ */ #include "config.h" diff --git a/lib/rbl.h b/lib/rbl.h index 0a090bd7..2dc245aa 100644 --- a/lib/rbl.h +++ b/lib/rbl.h @@ -1,7 +1,7 @@ /* rbl.h -- header file for rbl.c - Copyright (C) 2000 Ivo Timmermans , - 2000 Guus Sliepen + Copyright (C) 2000 Ivo Timmermans , + 2000 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: rbl.h,v 1.1.2.8 2000/11/24 23:13:00 guus Exp $ + $Id: rbl.h,v 1.1.2.9 2002/06/21 10:11:11 guus Exp $ */ #ifndef __RBL_H__ diff --git a/lib/utils.c b/lib/utils.c index d79532b2..ce78dd2e 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -1,7 +1,7 @@ /* utils.c -- gathering of some stupid small functions Copyright (C) 1999-2001 Ivo Timmermans - 2000,2001 Guus Sliepen + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/lib/utils.h b/lib/utils.h index 0b79bfae..b138c99c 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -1,7 +1,7 @@ /* utils.h -- header file for utils.c Copyright (C) 1999-2001 Ivo Timmermans - 2000,2001 Guus Sliepen + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/po/nl.po b/po/nl.po index 84051886..9a11a718 100644 --- a/po/nl.po +++ b/po/nl.po @@ -1,13 +1,13 @@ # Dutch messages for tinc # Copyright (C) 1999-2001 Ivo Timmermans, Guus Sliepen. -# Ivo Timmermans , 1999-2002. -# Guus Sliepen , 2000-2002. +# Ivo Timmermans , 1999-2002. +# Guus Sliepen , 2000-2002. msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" "POT-Creation-Date: 2002-06-09 17:28+0200\n" "PO-Revision-Date: 2002-03-27 16:59+0100\n" -"Last-Translator: Guus Sliepen \n" +"Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" diff --git a/po/old/es.po b/po/old/es.po index ac664692..30c01a69 100644 --- a/po/old/es.po +++ b/po/old/es.po @@ -1,6 +1,6 @@ # Spanish messages for tinc # Copyright (C) 1999, 2000 Free Software Foundation, Inc. -# Ivo Timmermans , 1999, 2000. +# Ivo Timmermans , 1999, 2000. # msgid "" msgstr "" diff --git a/src/conf.c b/src/conf.c index 96dbef35..1d9efb64 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1,8 +1,8 @@ /* conf.c -- configuration code Copyright (C) 1998 Robert van der Meulen - 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + 1998-2002 Ivo Timmermans + 2000-2002 Guus Sliepen 2000 Cris van Pelt This program is free software; you can redistribute it and/or modify @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.56 2002/06/08 12:57:09 guus Exp $ + $Id: conf.c,v 1.9.4.57 2002/06/21 10:11:12 guus Exp $ */ #include "config.h" diff --git a/src/conf.h b/src/conf.h index bf399ddb..847e52c2 100644 --- a/src/conf.h +++ b/src/conf.h @@ -1,7 +1,7 @@ /* conf.h -- header for conf.c - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.32 2002/02/18 16:25:16 guus Exp $ + $Id: conf.h,v 1.6.4.33 2002/06/21 10:11:12 guus Exp $ */ #ifndef __TINC_CONF_H__ diff --git a/src/connection.c b/src/connection.c index 391982a6..e8a53ecc 100644 --- a/src/connection.c +++ b/src/connection.c @@ -1,7 +1,7 @@ /* connection.c -- connection list management - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans + Copyright (C) 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.29 2002/03/22 13:31:18 guus Exp $ + $Id: connection.c,v 1.1.2.30 2002/06/21 10:11:12 guus Exp $ */ #include "config.h" diff --git a/src/connection.h b/src/connection.h index 0cdcc091..5f8b970a 100644 --- a/src/connection.h +++ b/src/connection.h @@ -1,7 +1,7 @@ /* connection.h -- header for connection.c - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans + Copyright (C) 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.26 2002/02/20 19:25:09 guus Exp $ + $Id: connection.h,v 1.1.2.27 2002/06/21 10:11:12 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ diff --git a/src/darwin/device.c b/src/darwin/device.c index ecd1d14b..2f673ab7 100644 --- a/src/darwin/device.c +++ b/src/darwin/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with MacOS/X tun device - Copyright (C) 2001-2002 Ivo Timmermans , - 2001-2002 Guus Sliepen + Copyright (C) 2001-2002 Ivo Timmermans , + 2001-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.1 2002/06/10 14:33:40 guus Exp $ + $Id: device.c,v 1.1.2.2 2002/06/21 10:11:34 guus Exp $ */ #include "config.h" diff --git a/src/device.h b/src/device.h index 3d3aa761..20f9dadc 100644 --- a/src/device.h +++ b/src/device.h @@ -1,7 +1,7 @@ /* net.h -- generic header for device.c Copyright (C) 2001-2002 Ivo Timmermans - 2001-2002 Guus Sliepen + 2001-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.h,v 1.1.2.5 2002/02/10 21:57:54 guus Exp $ + $Id: device.h,v 1.1.2.6 2002/06/21 10:11:12 guus Exp $ */ #ifndef __TINC_DEVICE_H__ diff --git a/src/edge.c b/src/edge.c index c35af07c..eb664d27 100644 --- a/src/edge.c +++ b/src/edge.c @@ -1,7 +1,7 @@ /* edge.c -- edge tree management - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans + Copyright (C) 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.10 2002/03/27 15:26:43 guus Exp $ + $Id: edge.c,v 1.1.2.11 2002/06/21 10:11:12 guus Exp $ */ #include "config.h" diff --git a/src/edge.h b/src/edge.h index 604082f8..2e5b910d 100644 --- a/src/edge.h +++ b/src/edge.h @@ -1,7 +1,7 @@ /* edge.h -- header for edge.c - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans + Copyright (C) 2001-2002 Guus Sliepen , + 2001-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.7 2002/03/22 11:43:46 guus Exp $ + $Id: edge.h,v 1.1.2.8 2002/06/21 10:11:12 guus Exp $ */ #ifndef __TINC_EDGE_H__ diff --git a/src/event.c b/src/event.c index 028483bd..295e28f1 100644 --- a/src/event.c +++ b/src/event.c @@ -1,7 +1,7 @@ /* event.c -- event queue - Copyright (C) 2002 Guus Sliepen , - 2002 Ivo Timmermans + Copyright (C) 2002 Guus Sliepen , + 2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.c,v 1.1.4.2 2002/03/01 14:09:30 guus Exp $ + $Id: event.c,v 1.1.4.3 2002/06/21 10:11:12 guus Exp $ */ #include "config.h" diff --git a/src/event.h b/src/event.h index 7a356126..e5f5516f 100644 --- a/src/event.h +++ b/src/event.h @@ -1,7 +1,7 @@ /* event.h -- header for event.c - Copyright (C) 2002 Guus Sliepen , - 2002 Ivo Timmermans + Copyright (C) 2002 Guus Sliepen , + 2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.h,v 1.1.4.1 2002/02/11 10:05:58 guus Exp $ + $Id: event.h,v 1.1.4.2 2002/06/21 10:11:12 guus Exp $ */ #ifndef __TINC_EVENT_H__ diff --git a/src/freebsd/device.c b/src/freebsd/device.c index 2f5f32e2..1139c65b 100644 --- a/src/freebsd/device.c +++ b/src/freebsd/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with FreeBSD tap device - Copyright (C) 2001-2002 Ivo Timmermans , - 2001-2002 Guus Sliepen + Copyright (C) 2001-2002 Ivo Timmermans , + 2001-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.4 2002/02/18 16:25:19 guus Exp $ + $Id: device.c,v 1.1.2.5 2002/06/21 10:11:35 guus Exp $ */ #include "config.h" diff --git a/src/graph.c b/src/graph.c index 9d9bc1f3..7f51c44e 100644 --- a/src/graph.c +++ b/src/graph.c @@ -1,7 +1,7 @@ /* graph.c -- graph algorithms - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans + Copyright (C) 2001-2002 Guus Sliepen , + 2001-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.12 2002/06/08 12:57:09 guus Exp $ + $Id: graph.c,v 1.1.2.13 2002/06/21 10:11:12 guus Exp $ */ /* We need to generate two trees from the graph: diff --git a/src/graph.h b/src/graph.h index 3c8c0d5b..372cbfbe 100644 --- a/src/graph.h +++ b/src/graph.h @@ -1,7 +1,7 @@ /* graph.h -- header for graph.c - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans + Copyright (C) 2001-2002 Guus Sliepen , + 2001-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.h,v 1.1.2.3 2002/02/10 21:57:54 guus Exp $ + $Id: graph.h,v 1.1.2.4 2002/06/21 10:11:12 guus Exp $ */ extern void graph(void); diff --git a/src/linux/device.c b/src/linux/device.c index e896f547..310e3328 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with Linux ethertap and tun/tap device - Copyright (C) 2001-2002 Ivo Timmermans , - 2001-2002 Guus Sliepen + Copyright (C) 2001-2002 Ivo Timmermans , + 2001-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.8 2002/03/24 16:36:56 guus Exp $ + $Id: device.c,v 1.1.2.9 2002/06/21 10:11:36 guus Exp $ */ #include "config.h" diff --git a/src/meta.c b/src/meta.c index b51c64d6..8d6b0a84 100644 --- a/src/meta.c +++ b/src/meta.c @@ -1,7 +1,7 @@ /* meta.c -- handle the meta communication - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans + Copyright (C) 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.25 2002/03/01 14:09:31 guus Exp $ + $Id: meta.c,v 1.1.2.26 2002/06/21 10:11:12 guus Exp $ */ #include "config.h" diff --git a/src/meta.h b/src/meta.h index d54573ef..55b1e0ca 100644 --- a/src/meta.h +++ b/src/meta.h @@ -1,7 +1,7 @@ /* meta.h -- header for meta.c - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans + Copyright (C) 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.h,v 1.1.2.6 2002/02/10 21:57:54 guus Exp $ + $Id: meta.h,v 1.1.2.7 2002/06/21 10:11:12 guus Exp $ */ #ifndef __TINC_META_H__ diff --git a/src/net.c b/src/net.c index 9ec15fe1..2a072d80 100644 --- a/src/net.c +++ b/src/net.c @@ -1,7 +1,7 @@ /* net.c -- most of the network code - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.173 2002/06/08 14:08:57 guus Exp $ + $Id: net.c,v 1.35.4.174 2002/06/21 10:11:12 guus Exp $ */ #include "config.h" diff --git a/src/net.h b/src/net.h index b7e01041..a16db158 100644 --- a/src/net.h +++ b/src/net.h @@ -1,7 +1,7 @@ /* net.h -- header for net.c Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.51 2002/06/08 13:46:07 guus Exp $ + $Id: net.h,v 1.9.4.52 2002/06/21 10:11:12 guus Exp $ */ #ifndef __TINC_NET_H__ diff --git a/src/net_packet.c b/src/net_packet.c index 691260ed..25f1d28e 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -1,7 +1,7 @@ /* net_packet.c -- Handles in- and outgoing VPN packets - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.16 2002/06/08 14:08:57 guus Exp $ + $Id: net_packet.c,v 1.1.2.17 2002/06/21 10:11:12 guus Exp $ */ #include "config.h" diff --git a/src/net_setup.c b/src/net_setup.c index aa5b669e..fc93e9c3 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -1,7 +1,7 @@ /* net_setup.c -- Setup. - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.19 2002/06/13 16:12:40 guus Exp $ + $Id: net_setup.c,v 1.1.2.20 2002/06/21 10:11:12 guus Exp $ */ #include "config.h" diff --git a/src/net_socket.c b/src/net_socket.c index 9af1cc94..f1628cdd 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -1,7 +1,7 @@ /* net_socket.c -- Handle various kinds of sockets. - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.15 2002/06/13 16:12:40 guus Exp $ + $Id: net_socket.c,v 1.1.2.16 2002/06/21 10:11:12 guus Exp $ */ #include "config.h" diff --git a/src/netbsd/device.c b/src/netbsd/device.c index 43dfed49..33896aa6 100644 --- a/src/netbsd/device.c +++ b/src/netbsd/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with NetBSD tun device - Copyright (C) 2001-2002 Ivo Timmermans , - 2001-2002 Guus Sliepen + Copyright (C) 2001-2002 Ivo Timmermans , + 2001-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.3 2002/06/05 00:20:40 guus Exp $ + $Id: device.c,v 1.1.2.4 2002/06/21 10:11:36 guus Exp $ */ #include "config.h" diff --git a/src/netutl.c b/src/netutl.c index cfaf6b47..0cf1e0b1 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -1,7 +1,7 @@ /* netutl.c -- some supporting network utility code - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.39 2002/06/08 13:46:43 guus Exp $ + $Id: netutl.c,v 1.12.4.40 2002/06/21 10:11:12 guus Exp $ */ #include "config.h" diff --git a/src/netutl.h b/src/netutl.h index 7126e0c3..db5e2143 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -1,7 +1,7 @@ /* netutl.h -- header file for netutl.c Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.12 2002/06/08 12:57:10 guus Exp $ + $Id: netutl.h,v 1.2.4.13 2002/06/21 10:11:13 guus Exp $ */ #ifndef __TINC_NETUTL_H__ diff --git a/src/node.c b/src/node.c index 2b31af4d..591f4ed5 100644 --- a/src/node.c +++ b/src/node.c @@ -1,7 +1,7 @@ /* node.c -- node tree management - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans + Copyright (C) 2001-2002 Guus Sliepen , + 2001-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.12 2002/04/29 20:05:07 guus Exp $ + $Id: node.c,v 1.1.2.13 2002/06/21 10:11:13 guus Exp $ */ #include "config.h" diff --git a/src/node.h b/src/node.h index 73ff0a27..f80075f5 100644 --- a/src/node.h +++ b/src/node.h @@ -1,7 +1,7 @@ /* node.h -- header for node.c - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans + Copyright (C) 2001-2002 Guus Sliepen , + 2001-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.15 2002/06/08 13:46:07 guus Exp $ + $Id: node.h,v 1.1.2.16 2002/06/21 10:11:13 guus Exp $ */ #ifndef __TINC_NODE_H__ diff --git a/src/openbsd/device.c b/src/openbsd/device.c index 3d7099f2..1a339a5e 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with OpenBSD tun device - Copyright (C) 2001-2002 Ivo Timmermans , - 2001-2002 Guus Sliepen + Copyright (C) 2001-2002 Ivo Timmermans , + 2001-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.8 2002/03/27 16:00:38 guus Exp $ + $Id: device.c,v 1.1.2.9 2002/06/21 10:11:36 guus Exp $ */ #include "config.h" diff --git a/src/process.c b/src/process.c index ae1985da..9d1c489f 100644 --- a/src/process.c +++ b/src/process.c @@ -1,7 +1,7 @@ /* process.c -- process management functions - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.40 2002/04/27 11:40:45 guus Exp $ + $Id: process.c,v 1.1.2.41 2002/06/21 10:11:13 guus Exp $ */ #include "config.h" diff --git a/src/process.h b/src/process.h index 1289d2da..249792a7 100644 --- a/src/process.h +++ b/src/process.h @@ -1,7 +1,7 @@ /* process.h -- header file for process.c - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.10 2002/02/10 21:57:54 guus Exp $ + $Id: process.h,v 1.1.2.11 2002/06/21 10:11:13 guus Exp $ */ #ifndef __TINC_PROCESS_H__ diff --git a/src/protocol.c b/src/protocol.c index 9b2ec91a..60273539 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -1,7 +1,7 @@ /* protocol.c -- handle the meta-protocol, basic functions - Copyright (C) 1999-2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 1999-2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.128 2002/03/27 15:26:43 guus Exp $ + $Id: protocol.c,v 1.28.4.129 2002/06/21 10:11:13 guus Exp $ */ #include "config.h" diff --git a/src/protocol.h b/src/protocol.h index a4e480a0..1ed4bebe 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -1,7 +1,7 @@ /* protocol.h -- header for protocol.c - Copyright (C) 1999-2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 1999-2001 Ivo Timmermans , + 2000,2001 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.29 2002/03/22 11:43:48 guus Exp $ + $Id: protocol.h,v 1.5.4.30 2002/06/21 10:11:13 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 074b7d13..c7c57329 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -1,7 +1,7 @@ /* protocol_auth.c -- handle the meta-protocol, authentication - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.8 2002/03/27 15:26:44 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.9 2002/06/21 10:11:13 guus Exp $ */ #include "config.h" diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 0d3218e8..a13a096a 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -1,7 +1,7 @@ /* protocol_edge.c -- handle the meta-protocol, edges - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.7 2002/03/27 15:26:44 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.8 2002/06/21 10:11:19 guus Exp $ */ #include "config.h" diff --git a/src/protocol_key.c b/src/protocol_key.c index 016fbff7..3d711f90 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -1,7 +1,7 @@ /* protocol_key.c -- handle the meta-protocol, key exchange - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.6 2002/03/22 13:31:18 guus Exp $ + $Id: protocol_key.c,v 1.1.4.7 2002/06/21 10:11:19 guus Exp $ */ #include "config.h" diff --git a/src/protocol_misc.c b/src/protocol_misc.c index 9f1a5fb7..af1cb527 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -1,7 +1,7 @@ /* protocol_misc.c -- handle the meta-protocol, miscellaneous functions - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_misc.c,v 1.1.4.3 2002/03/23 20:21:10 guus Exp $ + $Id: protocol_misc.c,v 1.1.4.4 2002/06/21 10:11:19 guus Exp $ */ #include "config.h" diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index 7f6cfc17..d6ca43df 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -1,7 +1,7 @@ /* protocol_subnet.c -- handle the meta-protocol, subnets - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.3 2002/03/22 13:31:18 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.4 2002/06/21 10:11:19 guus Exp $ */ #include "config.h" diff --git a/src/route.c b/src/route.c index a552eaf5..21c047c9 100644 --- a/src/route.c +++ b/src/route.c @@ -1,7 +1,7 @@ /* route.c -- routing - Copyright (C) 2000-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 2000-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.42 2002/06/08 14:08:57 guus Exp $ + $Id: route.c,v 1.1.2.43 2002/06/21 10:11:33 guus Exp $ */ #include "config.h" diff --git a/src/route.h b/src/route.h index d188af2d..2883b03c 100644 --- a/src/route.h +++ b/src/route.h @@ -1,7 +1,7 @@ /* route.h -- header file for route.c Copyright (C) 2000-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.h,v 1.1.2.7 2002/03/01 14:09:31 guus Exp $ + $Id: route.h,v 1.1.2.8 2002/06/21 10:11:33 guus Exp $ */ #ifndef __TINC_ROUTE_H__ diff --git a/src/solaris/device.c b/src/solaris/device.c index 758068d8..c72662b1 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with Solaris tun device - Copyright (C) 2001-2002 Ivo Timmermans , - 2001-2002 Guus Sliepen + Copyright (C) 2001-2002 Ivo Timmermans , + 2001-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.7 2002/02/18 16:25:19 guus Exp $ + $Id: device.c,v 1.1.2.8 2002/06/21 10:11:37 guus Exp $ */ diff --git a/src/subnet.c b/src/subnet.c index d971a4d7..f4b14741 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -1,7 +1,7 @@ /* subnet.c -- handle subnet lookups and lists - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans + Copyright (C) 2000-2002 Guus Sliepen , + 2000-2002 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.36 2002/06/08 12:57:10 guus Exp $ + $Id: subnet.c,v 1.1.2.37 2002/06/21 10:11:33 guus Exp $ */ #include "config.h" diff --git a/src/subnet.h b/src/subnet.h index be20315b..0ea21860 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -1,7 +1,7 @@ /* subnet.h -- header for subnet.c - Copyright (C) 2000,2001 Guus Sliepen , - 2000,2001 Ivo Timmermans + Copyright (C) 2000,2001 Guus Sliepen , + 2000,2001 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.18 2002/04/09 11:42:48 guus Exp $ + $Id: subnet.h,v 1.1.2.19 2002/06/21 10:11:34 guus Exp $ */ #ifndef __TINC_SUBNET_H__ diff --git a/src/tincd.c b/src/tincd.c index 0838e829..d9badac3 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -1,7 +1,7 @@ /* tincd.c -- the main file for tincd - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + Copyright (C) 1998-2002 Ivo Timmermans + 2000-2002 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.59 2002/06/08 12:57:10 guus Exp $ + $Id: tincd.c,v 1.10.4.60 2002/06/21 10:11:34 guus Exp $ */ #include "config.h" diff --git a/system.h b/system.h index 8006d1a7..5b5e7950 100644 --- a/system.h +++ b/system.h @@ -1,6 +1,6 @@ /* system.h -- header for locale settings - Copyright (C) 1998,99,2000 Ivo Timmermans + Copyright (C) 1998,99,2000 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by From a1bd878e11ae7e66e7e9a4040c3b19f9b7bc50f4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 21 Jun 2002 17:49:48 +0000 Subject: [PATCH 656/923] Fix for prefixlengths of 32 (IPv4) and 128 (IPv6) bits. --- src/netutl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/netutl.c b/src/netutl.c index 0cf1e0b1..1cf03c3d 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.40 2002/06/21 10:11:12 guus Exp $ + $Id: netutl.c,v 1.12.4.41 2002/06/21 17:49:48 guus Exp $ */ #include "config.h" @@ -241,7 +241,7 @@ cp i = masklen / 8; masklen %= 8; - if(a[i++] & (0xff >> masklen)) + if(masklen && a[i++] & (0xff >> masklen)) return -1; for(; i < len; i++) From 36cbaa32f480b481bf2ee99fd4835586a02ebc60 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 10 Jul 2002 11:27:06 +0000 Subject: [PATCH 657/923] Allow list of environment variables to be passed to execute_script(). When executing host-up/down scripts, include the address and port of the remote host. --- src/graph.c | 62 +++++++++++++++++++++++++++++-------------------- src/net_setup.c | 25 +++++++++++++++++--- src/process.c | 37 +++++++---------------------- src/process.h | 4 ++-- 4 files changed, 69 insertions(+), 59 deletions(-) diff --git a/src/graph.c b/src/graph.c index 7f51c44e..7d9caf27 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.13 2002/06/21 10:11:12 guus Exp $ + $Id: graph.c,v 1.1.2.14 2002/07/10 11:27:06 guus Exp $ */ /* We need to generate two trees from the graph: @@ -63,6 +63,7 @@ #include "edge.h" #include "connection.h" #include "process.h" +#include "device.h" #include "system.h" @@ -157,6 +158,9 @@ void sssp_bfs(void) avl_tree_t *todo_tree; int indirect; char *name; + char *address, *port; + char *envp[7]; + int i; todo_tree = avl_alloc_tree(NULL, NULL); @@ -253,32 +257,40 @@ void sssp_bfs(void) next = node->next; n = (node_t *)node->data; - if(n->status.visited) + if(n->status.visited ^ n->status.reachable) { - if(!n->status.reachable) - { - if(debug_lvl >= DEBUG_TRAFFIC) + n->status.reachable = !n->status.reachable; + if(debug_lvl >= DEBUG_TRAFFIC) + if(n->status.reachable) syslog(LOG_DEBUG, _("Node %s (%s) became reachable"), n->name, n->hostname); - n->status.reachable = 1; - asprintf(&name, "hosts/%s-up", n->name); - execute_script(name); - free(name); - } - } - else - { - if(n->status.reachable) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Node %s (%s) became unreachable"), n->name, n->hostname); - n->status.reachable = 0; - n->status.validkey = 0; - n->status.waitingforkey = 0; - n->sent_seqno = 0; - asprintf(&name, "hosts/%s-down", n->name); - execute_script(name); - free(name); - } + else + syslog(LOG_DEBUG, _("Node %s (%s) became unreachable"), n->name, n->hostname); + + if(!n->status.reachable) + { + n->status.reachable = 0; + n->status.validkey = 0; + n->status.waitingforkey = 0; + n->sent_seqno = 0; + } + + asprintf(&envp[0], "NETNAME=%s", netname?netname:""); + asprintf(&envp[1], "DEVICE=%s", device?device:""); + asprintf(&envp[2], "INTERFACE=%s", interface?interface:""); + asprintf(&envp[3], "NODE=%s", n->name); + sockaddr2str(&n->address, &address, &port); + asprintf(&envp[4], "REMOTEADDRESS=%s", address); + asprintf(&envp[5], "REMOTEPORT=%s", port); + envp[6] = NULL; + + asprintf(&name, n->status.reachable?"hosts/%s-up":"hosts/%s-down", n->name); + execute_script(name, envp); + free(name); + free(address); + free(port); + + for(i = 0; i < 7; i++) + free(envp[i]); } } } diff --git a/src/net_setup.c b/src/net_setup.c index fc93e9c3..2884c50a 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.20 2002/06/21 10:11:12 guus Exp $ + $Id: net_setup.c,v 1.1.2.21 2002/07/10 11:27:06 guus Exp $ */ #include "config.h" @@ -523,6 +523,8 @@ cp */ int setup_network_connections(void) { + char *envp[4]; + int i; cp now = time(NULL); @@ -547,7 +549,15 @@ cp return -1; /* Run tinc-up script to further initialize the tap interface */ - execute_script("tinc-up"); + asprintf(&envp[0], "NETNAME=%s", netname?netname:""); + asprintf(&envp[1], "DEVICE=%s", device?device:""); + asprintf(&envp[2], "INTERFACE=%s", interface?interface:""); + envp[3] = NULL; + + execute_script("tinc-up", envp); + + for(i = 0; i < 4; i++) + free(envp[i]); if(setup_myself() < 0) return -1; @@ -564,6 +574,7 @@ void close_network_connections(void) { avl_node_t *node, *next; connection_t *c; + char *envp[4]; int i; cp for(node = connection_tree->head; node; node = next) @@ -591,7 +602,15 @@ cp exit_nodes(); exit_connections(); - execute_script("tinc-down"); + asprintf(&envp[0], "NETNAME=%s", netname?netname:""); + asprintf(&envp[1], "DEVICE=%s", device?device:""); + asprintf(&envp[2], "INTERFACE=%s", interface?interface:""); + envp[3] = NULL; + + execute_script("tinc-down", envp); + + for(i = 0; i < 4; i++) + free(envp[i]); close_device(); cp diff --git a/src/process.c b/src/process.c index 9d1c489f..8e701b2e 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.41 2002/06/21 10:11:13 guus Exp $ + $Id: process.c,v 1.1.2.42 2002/07/10 11:27:06 guus Exp $ */ #include "config.h" @@ -207,35 +207,14 @@ cp Execute the program name, with sane environment. All output will be redirected to syslog. */ -void _execute_script(const char *scriptname) __attribute__ ((noreturn)); -void _execute_script(const char *scriptname) +void _execute_script(const char *scriptname, char **envp) __attribute__ ((noreturn)); +void _execute_script(const char *scriptname, char **envp) { char *s; cp -#ifdef HAVE_UNSETENV - unsetenv("NETNAME"); - unsetenv("DEVICE"); - unsetenv("INTERFACE"); -#endif - - if(netname) - { - asprintf(&s, "NETNAME=%s", netname); - putenv(s); /* Don't free s! see man 3 putenv */ - } - - if(device) - { - asprintf(&s, "DEVICE=%s", device); - putenv(s); /* Don't free s! see man 3 putenv */ - } - - if(interface) - { - asprintf(&s, "INTERFACE=%s", interface); - putenv(s); /* Don't free s! see man 3 putenv */ - } - + while(*envp) + putenv(*envp++); + chdir("/"); /* Close all file descriptors */ @@ -253,7 +232,7 @@ cp /* Fork and execute the program pointed to by name. */ -int execute_script(const char *name) +int execute_script(const char *name, char **envp) { pid_t pid; int status; @@ -313,7 +292,7 @@ cp cp /* Child here */ - _execute_script(scriptname); + _execute_script(scriptname, envp); } diff --git a/src/process.h b/src/process.h index 249792a7..6620489b 100644 --- a/src/process.h +++ b/src/process.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.11 2002/06/21 10:11:13 guus Exp $ + $Id: process.h,v 1.1.2.12 2002/07/10 11:27:06 guus Exp $ */ #ifndef __TINC_PROCESS_H__ @@ -28,7 +28,7 @@ extern int do_detach; extern void setup_signals(void); -extern int execute_script(const char *); +extern int execute_script(const char *, char **); extern int detach(void); extern int kill_other(int); extern void cleanup_and_exit(int); From 8dd09568f1604f1ac8cc0d8d5120d986f5654900 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 10 Jul 2002 11:32:33 +0000 Subject: [PATCH 658/923] Allow identical subnets from different owners. --- src/subnet.c | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/src/subnet.c b/src/subnet.c index f4b14741..c1cbe164 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.37 2002/06/21 10:11:33 guus Exp $ + $Id: subnet.c,v 1.1.2.38 2002/07/10 11:32:33 guus Exp $ */ #include "config.h" @@ -50,8 +50,14 @@ avl_tree_t *subnet_tree; int subnet_compare_mac(subnet_t *a, subnet_t *b) { + int result; cp - return memcmp(&a->net.mac.address, &b->net.mac.address, sizeof(mac_t)); + result = memcmp(&a->net.mac.address, &b->net.mac.address, sizeof(mac_t)); + + if(result || !a->owner || !b->owner) + return result; + + return strcmp(a->owner->name, b->owner->name); } int subnet_compare_ipv4(subnet_t *a, subnet_t *b) @@ -63,7 +69,12 @@ cp if(result) return result; - return a->net.ipv4.prefixlength - b->net.ipv4.prefixlength; + result = a->net.ipv4.prefixlength - b->net.ipv4.prefixlength; + + if(result || !a->owner || !b->owner) + return result; + + return strcmp(a->owner->name, b->owner->name); } int subnet_compare_ipv6(subnet_t *a, subnet_t *b) @@ -75,7 +86,12 @@ cp if(result) return result; - return a->net.ipv6.prefixlength - b->net.ipv6.prefixlength; + result = a->net.ipv6.prefixlength - b->net.ipv6.prefixlength; + + if(result || !a->owner || !b->owner) + return result; + + return strcmp(a->owner->name, b->owner->name); } int subnet_compare(subnet_t *a, subnet_t *b) @@ -293,6 +309,7 @@ subnet_t *lookup_subnet_mac(mac_t *address) cp subnet.type = SUBNET_MAC; memcpy(&subnet.net.mac.address, address, sizeof(mac_t)); + subnet.owner = NULL; p = (subnet_t *)avl_search(subnet_tree, &subnet); cp @@ -306,6 +323,7 @@ cp subnet.type = SUBNET_IPV4; memcpy(&subnet.net.ipv4.address, address, sizeof(ipv4_t)); subnet.net.ipv4.prefixlength = 32; + subnet.owner = NULL; do { @@ -345,6 +363,7 @@ cp subnet.type = SUBNET_IPV6; memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); subnet.net.ipv6.prefixlength = 128; + subnet.owner = NULL; do { From c98db1b861d62430e23f26b0da18e7b3ec875767 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 11 Jul 2002 12:42:43 +0000 Subject: [PATCH 659/923] Clear subnets before using them. --- src/subnet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/subnet.c b/src/subnet.c index c1cbe164..ada81120 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.38 2002/07/10 11:32:33 guus Exp $ + $Id: subnet.c,v 1.1.2.39 2002/07/11 12:42:43 guus Exp $ */ #include "config.h" @@ -155,7 +155,7 @@ cp subnet_t *new_subnet(void) { cp - return (subnet_t *)xmalloc(sizeof(subnet_t)); + return (subnet_t *)xmalloc_and_zero(sizeof(subnet_t)); } void free_subnet(subnet_t *subnet) From 8949404db08f4ab594e60778bb76a9061426d7cc Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 11 Jul 2002 12:55:58 +0000 Subject: [PATCH 660/923] Started port to Cygwin. --- configure.in | 6 +++++- src/Makefile.am | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index e8b9527c..4cea75a8 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.51 2002/06/11 11:03:17 guus Exp $ +dnl $Id: configure.in,v 1.13.2.52 2002/07/11 12:55:57 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -59,6 +59,10 @@ case $host_os in AC_DEFINE(HAVE_NETBSD, 1, [NetBSD]) [ rm -f src/device.c; ln -sf netbsd/device.c src/device.c ] ;; + *cygwin*) + AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin]) + [ rm -f src/device.c; ln -sf cygwin/device.c src/device.c ] + ;; *) AC_MSG_ERROR("Unknown operating system.") ;; diff --git a/src/Makefile.am b/src/Makefile.am index 1f8bcf7a..598a6340 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,9 +1,9 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.23 2002/06/10 15:08:23 guus Exp $ +# $Id: Makefile.am,v 1.4.4.24 2002/07/11 12:55:58 guus Exp $ sbin_PROGRAMS = tincd -EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c netbsd/device.c darwin/device.c +EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c netbsd/device.c darwin/device.c cygwin/device.c tincd_SOURCES = conf.c connection.c device.c edge.c event.c graph.c meta.c net.c net_packet.c net_setup.c \ net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \ From afabbd6b9020dd6555a7ecd320a7b3e96119d538 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 11 Jul 2002 12:57:06 +0000 Subject: [PATCH 661/923] Added stub device.c for Cygwin. --- src/cygwin/device.c | 140 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 140 insertions(+) create mode 100644 src/cygwin/device.c diff --git a/src/cygwin/device.c b/src/cygwin/device.c new file mode 100644 index 00000000..f5380abf --- /dev/null +++ b/src/cygwin/device.c @@ -0,0 +1,140 @@ +/* + device.c -- Stub for Cygwin environment + Copyright (C) 2002 Ivo Timmermans , + 2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.1.2.1 2002/07/11 12:57:06 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include "conf.h" +#include "net.h" +#include "subnet.h" + +#include "system.h" + +int device_fd = -1; +int device_type; +char *device; +char *interface; +char *device_info; + +int device_total_in = 0; +int device_total_out = 0; + +extern subnet_t mymac; + +int setup_device(void) +{ + struct ifreq ifr; + +cp + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; + + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + interface = rindex(device, '/')?rindex(device, '/')+1:device; +cp + if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) + { + syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + return -1; + } +cp + /* Set default MAC address for ethertap devices */ + + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; + + device_info = _("Stub device for Cygwin environment"); + + syslog(LOG_INFO, _("%s is a %s"), device, device_info); +cp + return 0; +} + +void close_device(void) +{ +cp + close(device_fd); +} + +int read_packet(vpn_packet_t *packet) +{ + int lenin; +cp + if((lenin = read(device_fd, packet->data, MTU)) <= 0) + { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); + return -1; + } + + packet->len = lenin; + + device_total_in += packet->len; + + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); + } + + return 0; +cp +} + +int write_packet(vpn_packet_t *packet) +{ +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + if(write(device_fd, packet->data, packet->len) < 0) + { + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); + return -1; + } + + device_total_out += packet->len; +cp + return 0; +} + +void dump_device_stats(void) +{ +cp + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp +} From c4cd19935763b379e730a6fdf53dc1ca98d0b938 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 12 Jul 2002 11:45:21 +0000 Subject: [PATCH 662/923] Include complete fake-getname/addrinfo from OpenSSH. --- configure.in | 19 +- lib/Makefile.am | 8 +- lib/README | 1 - lib/dropin.c | 4 +- lib/fake-gai-errnos.h | 14 + lib/fake-getaddrinfo.c | 128 +++++++++ lib/fake-getaddrinfo.h | 51 ++++ lib/fake-getnameinfo.c | 2 +- lib/fake-getnameinfo.h | 23 ++ lib/rbl.c | 596 ----------------------------------------- lib/rbl.h | 104 ------- lib/utils.h | 3 + 12 files changed, 242 insertions(+), 711 deletions(-) delete mode 100644 lib/README create mode 100644 lib/fake-gai-errnos.h create mode 100644 lib/fake-getaddrinfo.c create mode 100644 lib/fake-getaddrinfo.h create mode 100644 lib/fake-getnameinfo.h delete mode 100644 lib/rbl.c delete mode 100644 lib/rbl.h diff --git a/configure.in b/configure.in index 4cea75a8..5e173c48 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.52 2002/07/11 12:55:57 guus Exp $ +dnl $Id: configure.in,v 1.13.2.53 2002/07/12 11:45:20 guus Exp $ AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) @@ -105,12 +105,27 @@ if test $ac_cv_type_socklen_t = yes; then AC_DEFINE(HAVE_SOCKLEN_T, 1, [socklen_t available]) fi +AC_CACHE_CHECK([for struct addrinfo], ac_cv_struct_addrinfo, +[ + AC_TRY_COMPILE( + [#include + #include + #include ], + [struct addrinfo ai; ai.ai_family = AF_INET; return ai.ai_family;], + ac_cv_struct_addrinfo=yes, + ac_cv_struct_addrinfo=no) +]) +if test $ac_cv_struct_addrinfo = yes; then + AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available]) +fi + dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime get_current_dir_name \ -putenv select strdup strerror strsignal strtol unsetenv getnameinfo]) +putenv select strdup strerror strsignal strtol unsetenv \ +freeaddrinfo gai_strerror getaddrinfo getnameinfo]) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/lib/Makefile.am b/lib/Makefile.am index e3979d85..dd4f2af9 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,15 +1,15 @@ ## Process this file with automake to produce Makefile.in -# $Id: Makefile.am,v 1.2.4.8 2002/06/09 15:50:11 zarq Exp $ +# $Id: Makefile.am,v 1.2.4.9 2002/07/12 11:45:21 guus Exp $ noinst_LIBRARIES = libvpn.a INCLUDES = @INCLUDES@ -I. -I$(top_builddir) -I$(top_srcdir)/intl -libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c avl_tree.c dropin.c +libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c avl_tree.c dropin.c fake-getaddrinfo.c fake-getnameinfo.c libvpn_a_LIBADD = @LIBOBJS@ @ALLOCA@ libvpn_a_DEPENDENCIES = $(libvpn_a_LIBADD) -noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h avl_tree.h dropin.h +noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h avl_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h -EXTRA_DIST = README fake-getnameinfo.c +EXTRA_DIST = diff --git a/lib/README b/lib/README deleted file mode 100644 index d842e59a..00000000 --- a/lib/README +++ /dev/null @@ -1 +0,0 @@ -The files in this directory were merely copied from fileutils 4.0. \ No newline at end of file diff --git a/lib/dropin.c b/lib/dropin.c index d7658c76..661c4551 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.10 2002/06/21 10:11:11 guus Exp $ + $Id: dropin.c,v 1.1.2.11 2002/07/12 11:45:21 guus Exp $ */ #include "config.h" @@ -35,8 +35,6 @@ #include #include -#include "fake-getnameinfo.c" - #ifndef HAVE_DAEMON /* Replacement for the daemon() function. diff --git a/lib/fake-gai-errnos.h b/lib/fake-gai-errnos.h new file mode 100644 index 00000000..8edab9ef --- /dev/null +++ b/lib/fake-gai-errnos.h @@ -0,0 +1,14 @@ +/* + * fake library for ssh + * + * This file is included in getaddrinfo.c and getnameinfo.c. + * See getaddrinfo.c and getnameinfo.c. + */ + +/* $Id: fake-gai-errnos.h,v 1.1.2.1 2002/07/12 11:45:21 guus Exp $ */ + +/* for old netdb.h */ +#ifndef EAI_NODATA +#define EAI_NODATA 1 +#define EAI_MEMORY 2 +#endif diff --git a/lib/fake-getaddrinfo.c b/lib/fake-getaddrinfo.c new file mode 100644 index 00000000..a1d36b12 --- /dev/null +++ b/lib/fake-getaddrinfo.c @@ -0,0 +1,128 @@ +/* + * fake library for ssh + * + * This file includes getaddrinfo(), freeaddrinfo() and gai_strerror(). + * These funtions are defined in rfc2133. + * + * But these functions are not implemented correctly. The minimum subset + * is implemented for ssh use only. For exapmle, this routine assumes + * that ai_family is AF_INET. Don't use it for another purpose. + */ + +#include "config.h" + +#include +#include +#include +#include +#include + +#include + +#include "fake-getaddrinfo.h" + +#ifndef HAVE_GAI_STRERROR +char *gai_strerror(int ecode) +{ + switch (ecode) { + case EAI_NODATA: + return "no address associated with hostname."; + case EAI_MEMORY: + return "memory allocation failure."; + default: + return "unknown error."; + } +} +#endif /* !HAVE_GAI_STRERROR */ + +#ifndef HAVE_FREEADDRINFO +void freeaddrinfo(struct addrinfo *ai) +{ + struct addrinfo *next; + + do { + next = ai->ai_next; + free(ai); + } while (NULL != (ai = next)); +} +#endif /* !HAVE_FREEADDRINFO */ + +#ifndef HAVE_GETADDRINFO +static struct addrinfo *malloc_ai(int port, u_long addr) +{ + struct addrinfo *ai; + + ai = malloc(sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); + if (ai == NULL) + return(NULL); + + memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); + + ai->ai_addr = (struct sockaddr *)(ai + 1); + /* XXX -- ssh doesn't use sa_len */ + ai->ai_addrlen = sizeof(struct sockaddr_in); + ai->ai_addr->sa_family = ai->ai_family = AF_INET; + + ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; + ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; + + return(ai); +} + +int getaddrinfo(const char *hostname, const char *servname, + const struct addrinfo *hints, struct addrinfo **res) +{ + struct addrinfo *cur, *prev = NULL; + struct hostent *hp; + struct in_addr in; + int i, port; + + if (servname) + port = htons(atoi(servname)); + else + port = 0; + + if (hints && hints->ai_flags & AI_PASSIVE) { + if (NULL != (*res = malloc_ai(port, htonl(0x00000000)))) + return 0; + else + return EAI_MEMORY; + } + + if (!hostname) { + if (NULL != (*res = malloc_ai(port, htonl(0x7f000001)))) + return 0; + else + return EAI_MEMORY; + } + + if (inet_aton(hostname, &in)) { + if (NULL != (*res = malloc_ai(port, in.s_addr))) + return 0; + else + return EAI_MEMORY; + } + + hp = gethostbyname(hostname); + if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { + for (i = 0; hp->h_addr_list[i]; i++) { + cur = malloc_ai(port, ((struct in_addr *)hp->h_addr_list[i])->s_addr); + if (cur == NULL) { + if (*res) + freeaddrinfo(*res); + return EAI_MEMORY; + } + + if (prev) + prev->ai_next = cur; + else + *res = cur; + + prev = cur; + } + return 0; + } + + return EAI_NODATA; +} +#endif /* !HAVE_GETADDRINFO */ diff --git a/lib/fake-getaddrinfo.h b/lib/fake-getaddrinfo.h new file mode 100644 index 00000000..6b1744c9 --- /dev/null +++ b/lib/fake-getaddrinfo.h @@ -0,0 +1,51 @@ +/* $Id: fake-getaddrinfo.h,v 1.1.2.1 2002/07/12 11:45:21 guus Exp $ */ + +#ifndef _FAKE_GETADDRINFO_H +#define _FAKE_GETADDRINFO_H + +#include "config.h" + +#include +#include +#include + +#include "fake-gai-errnos.h" + +#ifndef AI_PASSIVE +# define AI_PASSIVE 1 +# define AI_CANONNAME 2 +#endif + +#ifndef NI_NUMERICHOST +# define NI_NUMERICHOST 2 +# define NI_NAMEREQD 4 +# define NI_NUMERICSERV 8 +#endif + +#ifndef HAVE_STRUCT_ADDRINFO +struct addrinfo { + int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ + int ai_family; /* PF_xxx */ + int ai_socktype; /* SOCK_xxx */ + int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ + size_t ai_addrlen; /* length of ai_addr */ + char *ai_canonname; /* canonical name for hostname */ + struct sockaddr *ai_addr; /* binary address */ + struct addrinfo *ai_next; /* next structure in linked list */ +}; +#endif /* !HAVE_STRUCT_ADDRINFO */ + +#ifndef HAVE_GETADDRINFO +int getaddrinfo(const char *hostname, const char *servname, + const struct addrinfo *hints, struct addrinfo **res); +#endif /* !HAVE_GETADDRINFO */ + +#ifndef HAVE_GAI_STRERROR +char *gai_strerror(int ecode); +#endif /* !HAVE_GAI_STRERROR */ + +#ifndef HAVE_FREEADDRINFO +void freeaddrinfo(struct addrinfo *ai); +#endif /* !HAVE_FREEADDRINFO */ + +#endif /* _FAKE_GETADDRINFO_H */ diff --git a/lib/fake-getnameinfo.c b/lib/fake-getnameinfo.c index ad69410a..894c6952 100644 --- a/lib/fake-getnameinfo.c +++ b/lib/fake-getnameinfo.c @@ -19,7 +19,7 @@ #include -/* RCSID("$Id: fake-getnameinfo.c,v 1.1.2.3 2002/06/09 16:12:04 zarq Exp $"); */ +#include "fake-getnameinfo.h" #ifndef HAVE_GETNAMEINFO diff --git a/lib/fake-getnameinfo.h b/lib/fake-getnameinfo.h new file mode 100644 index 00000000..3f215e1b --- /dev/null +++ b/lib/fake-getnameinfo.h @@ -0,0 +1,23 @@ +/* $Id: fake-getnameinfo.h,v 1.1.2.1 2002/07/12 11:45:21 guus Exp $ */ + +#ifndef _FAKE_GETNAMEINFO_H +#define _FAKE_GETNAMEINFO_H + +#include "config.h" + +#include +#include + +#ifndef HAVE_GETNAMEINFO +int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, + size_t hostlen, char *serv, size_t servlen, int flags); +#endif /* !HAVE_GETNAMEINFO */ + +#ifndef NI_MAXSERV +# define NI_MAXSERV 32 +#endif /* !NI_MAXSERV */ +#ifndef NI_MAXHOST +# define NI_MAXHOST 1025 +#endif /* !NI_MAXHOST */ + +#endif /* _FAKE_GETNAMEINFO_H */ diff --git a/lib/rbl.c b/lib/rbl.c deleted file mode 100644 index 26a02db0..00000000 --- a/lib/rbl.c +++ /dev/null @@ -1,596 +0,0 @@ -/* - rbl.c -- red-black tree + linked list convenience - Copyright (C) 2000 Ivo Timmermans , - 2000 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: rbl.c,v 1.1.2.13 2002/06/21 10:11:11 guus Exp $ -*/ - -#include "config.h" - -#include -#include - -#include "rbl.h" -#include - -/* Allocate a new rbl node */ -rbl_t *new_rbl() -{ - return (rbl_t *)xmalloc_and_zero(sizeof(rbl_t)); -} - -/* Free a rbl node */ -void free_rbl(rbl_t *rbl) -{ - if(rbl->data && rbl->tree->delete) - rbl->tree->delete(rbl->data); - free(rbl); -} - -/* Allocate a new rbltree header */ -rbltree_t *new_rbltree(rbl_compare_t compare, rbl_action_t delete) -{ - rbltree_t *tree; - - tree = (rbltree_t *)xmalloc_and_zero(sizeof(rbltree_t)); - if(tree) - { - tree->compare = compare; - tree->delete = delete; - } - - return tree; -} - -/* Free a rbltree header */ -void free_rbltree(rbltree_t *tree) -{ - free(tree); -} - -/* Search closest match in the tree */ -rbl_t *rbl_search_closest_rbl(rbltree_t *tree, void *data) -{ - rbl_t *rbl, *next; - int result; - - next = rbl = tree->top; - - while(next) - { - rbl = next; - - result = tree->compare(data, rbl->data); - - if(result < 0) - next = rbl->left; - else if(result > 0) - next = rbl->right; - else - break; - } - - return rbl; -} - -/* Search closest match in the tree */ -rbl_t *rbl_search_closest_greater_rbl(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_search_closest_rbl(tree, data); - - if(rbl) - { - if(tree->compare(data, rbl->data) > 0) - rbl = rbl->next; - } - - return rbl; -} - -/* Search closest match in the tree */ -rbl_t *rbl_search_closest_smaller_rbl(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_search_closest_rbl(tree, data); - - if(rbl) - { - if(tree->compare(data, rbl->data) < 0) - rbl = rbl->next; - } - - return rbl; -} - -void *rbl_search_closest(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_search_closest_rbl(tree, data); - - if(rbl) - return rbl->data; - else - return NULL; -} - -void *rbl_search_closest_greater(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_search_closest_greater_rbl(tree, data); - - if(rbl) - return rbl->data; - else - return NULL; -} - -void *rbl_search_closest_smaller(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_search_closest_smaller_rbl(tree, data); - - if(rbl) - return rbl->data; - else - return NULL; -} - -/* Search exact match or return NULL pointer */ -rbl_t *rbl_search_rbl(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - int result; - - rbl = tree->top; - - while(rbl) - { - result = tree->compare(data, rbl->data); - - if(result < 0) - rbl = rbl->left; - else if(result > 0) - rbl = rbl->right; - else - return rbl; - } - - return NULL; -} - -void *rbl_search(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_search_rbl(tree, data); - - if(rbl) - return rbl->data; - else - return NULL; -} - -/* Red-black tree operations taken from Introduction to Algorithms, - Cormen, Leiserson & Rivest, chapter 14. -*/ - -void rbl_left_rotate(rbl_t *x) -{ - rbl_t *y; - - y = x->right; - x->right = y->left; - - if(y->left) - y->left->parent = x; - - y->parent = x->parent; - - if(!x->parent) - x->tree->top = y; - else - if(x == x->parent->left) - x->parent->left = y; - else - x->parent->right = y; - - y->left = x; - x->parent = y; -} - -void rbl_right_rotate(rbl_t *y) -{ - rbl_t *x; - - x = y->left; - y->left = x->right; - - if(x->right) - x->right->parent = y; - - x->parent = y->parent; - - if(!y->parent) - y->tree->top = x; - else - if(y == y->parent->right) - y->parent->right = x; - else - y->parent->left = x; - - x->right = y; - y->parent = x; -} - -/* Insert a node into the rbl tree */ -rbl_t *rbl_insert_rbl(rbltree_t *tree, rbl_t *rbl) -{ - rbl_t *closest, *x, *y; - int result; - - rbl->tree = tree; - - /* Binary tree and linked list insert */ - - if(tree->top) - { - closest = rbl_search_closest_rbl(tree, rbl->data); - result = tree->compare(rbl->data, closest->data); - if(result < 0) - { - closest->left = rbl; - - rbl->prev = closest->prev; - rbl->next = closest; - closest->prev = rbl; - - if(rbl->prev) - rbl->prev->next = rbl; - else - tree->head = rbl; - } - else if(result > 0) - { - closest->right = rbl; - - rbl->next = closest->next; - rbl->prev = closest; - closest->next = rbl; - - if(rbl->next) - rbl->next->prev = rbl; - else - tree->tail = rbl; - } - else - return closest; /* Ofcourse, we cannot add two identical things */ - - rbl->parent = closest; - } - else - { - tree->top = rbl; - tree->head = rbl; - tree->tail = rbl; - } - - /* Red-black part of insert */ - - x = rbl; - x->color = RBL_RED; - - while(x != tree->top && x->parent->color == RBL_RED) - { - if(x->parent == x->parent->parent->left) - { - y = x->parent->parent->right; - if(y && y->color == RBL_RED) - { - x->parent->color = RBL_BLACK; - y->color = RBL_BLACK; - x->parent->parent->color = RBL_RED; - x = x->parent->parent; - } - else - { - if(x == x->parent->right) - { - x = x->parent; - rbl_left_rotate(x); - } - x->parent->color = RBL_BLACK; - x->parent->parent->color = RBL_RED; - rbl_right_rotate(x->parent->parent); - } - } - else - { - y = x->parent->parent->left; - if(y && y->color == RBL_RED) - { - x->parent->color = RBL_BLACK; - y->color = RBL_BLACK; - x->parent->parent->color = RBL_RED; - x = x->parent->parent; - } - else - { - if(x == x->parent->left) - { - x = x->parent; - rbl_right_rotate(x); - } - x->parent->color = RBL_BLACK; - x->parent->parent->color = RBL_RED; - rbl_left_rotate(x->parent->parent); - } - } - } - - tree->top->color = RBL_BLACK; - return rbl; -} - -/* Create a new node and insert it into the tree */ -rbl_t *rbl_insert(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = new_rbl(); - rbl->data = data; - - if(rbl_insert_rbl(tree, rbl) == rbl) - return rbl; - else - { - free_rbl(rbl); - return NULL; - } -} - -/* Restore red-black property after violation due to a deletion */ -void rbl_delete_fixup(rbl_t *x) -{ - rbl_t *w; - - while(x != x->tree->top && x->color == RBL_BLACK) - { - if(x == x->parent->left) - { - w = x->parent->right; - if(w->color == RBL_RED) - { - w->color = RBL_BLACK; - x->parent->color = RBL_RED; - rbl_left_rotate(x->parent); - w = x->parent->right; - } - if(w->left->color == RBL_BLACK && w->right->color == RBL_BLACK) - { - w->color = RBL_RED; - x = x->parent; - } - else - { - if(w->right->color == RBL_BLACK) - { - w->left->color = RBL_BLACK; - w->color = RBL_RED; - rbl_right_rotate(w); - w = x->parent->right; - } - w->color = x->parent->color; - x->parent->color = RBL_BLACK; - w->right->color = RBL_BLACK; - rbl_left_rotate(x->parent); - x = x->tree->top; - } - } - else - { - w = x->parent->left; - if(w->color == RBL_RED) - { - w->color = RBL_BLACK; - x->parent->color = RBL_RED; - rbl_right_rotate(x->parent); - w = x->parent->left; - } - if(w->right->color == RBL_BLACK && w->left->color == RBL_BLACK) - { - w->color = RBL_RED; - x = x->parent; - } - else - { - if(w->left->color == RBL_BLACK) - { - w->right->color = RBL_BLACK; - w->color = RBL_RED; - rbl_left_rotate(w); - w = x->parent->left; - } - w->color = x->parent->color; - x->parent->color = RBL_BLACK; - w->left->color = RBL_BLACK; - rbl_right_rotate(x->parent); - x = x->tree->top; - } - } - } - - x->color = RBL_BLACK; -} - -/* Unlink node from the tree, but keep the node intact. */ -rbl_t *rbl_unlink_rbl(rbl_t *rbl) -{ - rbl_t *x, *y; - - /* Binary tree delete */ - - if(rbl->left && rbl->right) - y = rbl->next; - else - y = rbl; - - if(y->left) - x = y->left; - else - x = y->right; - - if(x) - x->parent = y->parent; - - if(!y->parent) - rbl->tree->top = x; - else - if(y == y->parent->left) - y->parent->left = x; - else - y->parent->right = x; - - if(y != rbl) - { - y->left = rbl->left; - y->right = rbl->right; - y->parent = rbl->parent; - if(rbl == rbl->parent->left) - rbl->parent->left = y; - else - rbl->parent->right = y; - } - - /* Linked list delete */ - - if(rbl->prev) - rbl->prev->next = rbl->next; - else - rbl->tree->head = rbl->next; - - if(rbl->next) - rbl->next->prev = rbl->prev; - else - rbl->tree->tail = rbl->prev; - - /* Red-black part of delete */ - - if(y->color == RBL_BLACK && x) - rbl_delete_fixup(x); - - return rbl; -} - -/* Search node in tree and unlink it */ -rbl_t *rbl_unlink(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_search_rbl(tree, data); - - if(rbl) - rbl_unlink_rbl(rbl); - - return rbl; -} - -/* Unlink node and free it */ -void rbl_delete_rbl(rbl_t *rbl) -{ - rbl_unlink_rbl(rbl); - free_rbl(rbl); -} - -/* Search node in tree, unlink and free it */ -void rbl_delete(rbltree_t *tree, void *data) -{ - rbl_t *rbl; - - rbl = rbl_unlink(tree, data); - - if(rbl) - free_rbl(rbl); -} - -/* Optimized unlinking for a complete tree */ -void rbl_unlink_rbltree(rbltree_t *tree) -{ - rbl_t *rbl, *next; - - for(rbl = tree->head; rbl; rbl = next) - { - next = rbl->next; - rbl->tree = NULL; - rbl->parent = NULL; - rbl->left = NULL; - rbl->right = NULL; - rbl->prev = NULL; - rbl->next = NULL; - } - - tree->top = NULL; - tree->head = NULL; - tree->tail = NULL; -} - -/* Optimized deletion for a complete tree */ -void rbl_delete_rbltree(rbltree_t *tree) -{ - rbl_t *rbl, *next; - - for(rbl = tree->head; rbl; rbl = next) - { - next = rbl->next; - free_rbl(rbl); - } - - tree->top = NULL; - tree->head = NULL; - tree->tail = NULL; -} - -/* Do action for each list entry (in order) - Deletion of entry for which action is called is allowed. - */ -void rbl_foreach(rbltree_t *tree, rbl_action_t action) -{ - rbl_t *rbl, *next; - - for(rbl = tree->head; rbl; rbl = next) - { - next = rbl->next; - action(rbl->data); - } -} - -void rbl_foreach_rbl(rbltree_t *tree, rbl_action_rbl_t action) -{ - rbl_t *rbl, *next; - - for(rbl = tree->head; rbl; rbl = next) - { - next = rbl->next; - action(rbl); - } -} diff --git a/lib/rbl.h b/lib/rbl.h deleted file mode 100644 index 2dc245aa..00000000 --- a/lib/rbl.h +++ /dev/null @@ -1,104 +0,0 @@ -/* - rbl.h -- header file for rbl.c - Copyright (C) 2000 Ivo Timmermans , - 2000 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: rbl.h,v 1.1.2.9 2002/06/21 10:11:11 guus Exp $ -*/ - -#ifndef __RBL_H__ -#define __RBL_H__ - -#define RBL_FOREACH(tree,rbl) for(rbl = tree->head; rbl; rbl = rbl->next) - -typedef struct rbl_t -{ - /* 'red-black tree' part */ - - struct rbltree_t *tree; - - int color; - - struct rbl_t *parent; - struct rbl_t *left; - struct rbl_t *right; - - /* 'linked list' part */ - - struct rbl_t *prev; - struct rbl_t *next; - - /* payload */ - - void *data; - -} rbl_t; - -typedef int (*rbl_compare_t) (const void *, const void *); -typedef void (*rbl_action_t) (const void *); -typedef void (*rbl_action_rbl_t) (const struct rbl_t *); - -typedef struct rbltree_t -{ - /* callback functions */ - - rbl_compare_t compare; - rbl_action_t delete; - - /* tree part */ - - struct rbl_t *top; - - /* linked list */ - - struct rbl_t *head; - struct rbl_t *tail; - -} rbltree_t; - -enum color -{ - RBL_RED, - RBL_BLACK -} color; - -extern rbltree_t *new_rbltree(rbl_compare_t, rbl_action_t); -extern void free_rbltree(rbltree_t *); -extern rbl_t *new_rbl(void); -extern void free_rbl(rbl_t *); - -extern void *rbl_search(rbltree_t *, void *); -extern void *rbl_search_closest(rbltree_t *, void *); -extern void *rbl_search_closest_greater(rbltree_t *, void *); -extern void *rbl_search_closest_smaller(rbltree_t *, void *); -extern rbl_t *rbl_search_rbl(rbltree_t *, void *); -extern rbl_t *rbl_search_closest_rbl(rbltree_t *, void *); -extern rbl_t *rbl_search_closest_greater_rbl(rbltree_t *, void *); -extern rbl_t *rbl_search_closest_smaller_rbl(rbltree_t *, void *); -extern rbl_t *rbl_insert(rbltree_t *, void *); -extern rbl_t *rbl_unlink(rbltree_t *, void *); -extern void rbl_delete(rbltree_t *, void *); -extern rbl_t *rbl_insert_rbl(rbltree_t *, rbl_t *); -extern rbl_t *rbl_unlink_rbl(rbl_t *); -extern void rbl_delete_rbl(rbl_t *); -extern void rbl_unlink_rbltree(rbltree_t *); -extern void rbl_delete_rbltree(rbltree_t *); - -extern void rbl_foreach(rbltree_t *, rbl_action_t); -extern void rbl_foreach_rbl(rbltree_t *, rbl_action_rbl_t); - -#endif /* __RBL_H__ */ diff --git a/lib/utils.h b/lib/utils.h index b138c99c..2d1c9bf8 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -23,6 +23,9 @@ #include +#include "fake-getaddrinfo.h" +#include "fake-getnameinfo.h" + enum { DEBUG_NOTHING = 0, /* Quiet mode, only show starting/stopping of the daemon */ DEBUG_CONNECTIONS = 1, /* Show (dis)connects of other tinc daemons via TCP */ From 227ccd3a8a5602e4c31add8da1bfd8b35c6a801f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 16 Jul 2002 13:12:49 +0000 Subject: [PATCH 663/923] Allow tincd to be locked into main memory. --- src/tincd.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/src/tincd.c b/src/tincd.c index d9badac3..044fe0c4 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.60 2002/06/21 10:11:34 guus Exp $ + $Id: tincd.c,v 1.10.4.61 2002/07/16 13:12:49 guus Exp $ */ #include "config.h" @@ -33,6 +33,7 @@ #include #include #include +#include #ifdef HAVE_SYS_IOCTL_H # include @@ -73,6 +74,9 @@ int generate_keys = 0; /* If nonzero, use null ciphers and skip all key exchanges. */ int bypass_security = 0; +/* If nonzero, disable swapping for this process. */ +int do_mlock = 0; + char *identname; /* program name for syslog */ char *pidfilename; /* pid file location */ char **g_argv; /* a copy of the cmdline arguments */ @@ -90,6 +94,7 @@ static struct option const long_options[] = { "generate-keys", optional_argument, NULL, 'K'}, { "debug", optional_argument, NULL, 'd'}, { "bypass-security", no_argument, &bypass_security, 1 }, + { "mlock", no_argument, &do_mlock, 1}, { NULL, 0, NULL, 0 } }; @@ -105,8 +110,9 @@ usage(int status) " -D, --no-detach Don't fork and detach.\n" " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" - " -n, --net=NETNAME Connect to net NETNAME.\n")); - printf(_(" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" + " -n, --net=NETNAME Connect to net NETNAME.\n" + " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" + " -L, --mlock Lock tinc into main memory.\n" " --help Display this help and exit.\n" " --version Output version information and exit.\n\n")); printf(_("Report bugs to tinc@nl.linux.org.\n")); @@ -120,7 +126,7 @@ parse_options(int argc, char **argv, char **envp) int r; int option_index = 0; - while((r = getopt_long(argc, argv, "c:Dd::k::n:K::", long_options, &option_index)) != EOF) + while((r = getopt_long(argc, argv, "c:DLd::k::n:K::", long_options, &option_index)) != EOF) { switch(r) { @@ -133,6 +139,9 @@ parse_options(int argc, char **argv, char **envp) case 'D': /* no detach */ do_detach = 0; break; + case 'L': /* no detach */ + do_mlock = 1; + break; case 'd': /* inc debug level */ if(optarg) debug_lvl = atoi(optarg); @@ -344,6 +353,14 @@ main(int argc, char **argv, char **envp) openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ #endif + /* Lock all pages into memory if requested */ + + if(do_mlock) + if(mlockall(MCL_CURRENT | MCL_FUTURE)) { + syslog(LOG_ERR, _("System call `%s' failed: %s"), "mlockall", strerror(errno)); + return -1; + } + g_argv = argv; make_names(); From 9f370893fafaeacdd78f5488cfa8b76fdee0d224 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 16 Jul 2002 13:18:27 +0000 Subject: [PATCH 664/923] Don't bother to chown, and correctly document ConnectTo. --- doc/tinc.texi | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 0ce939a2..44bec212 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.30 2002/06/21 10:11:10 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.31 2002/07/16 13:18:27 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.30 2002/06/21 10:11:10 guus Exp $ +$Id: tinc.texi,v 1.8.4.31 2002/07/16 13:18:27 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.30 2002/06/21 10:11:10 guus Exp $ +$Id: tinc.texi,v 1.8.4.31 2002/07/16 13:18:27 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -635,12 +635,9 @@ ethertap devices: @example mknod -m 600 /dev/tap0 c 36 16 -chown 0.0 /dev/tap0 mknod -m 600 /dev/tap1 c 36 17 -chown 0.0 /dev/tap0 ... mknod -m 600 /dev/tap@emph{N} c 36 @emph{N+16} -chown 0.0 /dev/tap@emph{N} @end example There is a maximum of 16 ethertap devices. @@ -650,7 +647,6 @@ following device file (unless it already exist): @example mknod -m 600 /dev/tun c 10 200 -chown 0.0 /dev/tun @end example If you use Linux, and you run the new 2.4 kernel using the devfs filesystem, @@ -851,15 +847,15 @@ This option may not work on all platforms. @cindex ConnectTo @item @strong{ConnectTo = } -Specifies which host to connect to on startup. Multiple ConnectTo -variables may be specified, if connecting to the first one fails then -tinc will try the next one, and so on. It is possible to specify -hostnames for dynamic IP addresses (like those given on dyndns.org), -tinc will not cache the resolved IP address. +Specifies which other tinc daemon to connect to on startup. +Multiple ConnectTo variables may be specified, +in which case outgoing connections to each specified tinc daemon are made. +The names should be known to this tinc daemon +(i.e., there should be a host configuration file for the name on the ConnectTo line). -If you don't specify a host with ConnectTo, regardless of whether a -value for ConnectPort is given, tinc won't connect at all, and will -instead just listen for incoming connections. +If you don't specify a host with ConnectTo, +tinc won't try to connect to other daemons at all, +and will instead just listen for incoming connections. @cindex Device @item @strong{Device = } (/dev/tap0 or /dev/misc/net/tun) From 18948c5784bfedf0dd5a371e41bc2cceee76d92e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 18 Jul 2002 14:30:45 +0000 Subject: [PATCH 665/923] Added support for raw sockets. This can be used instead of tun/tap devices. --- src/raw_socket/device.c | 174 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 174 insertions(+) create mode 100644 src/raw_socket/device.c diff --git a/src/raw_socket/device.c b/src/raw_socket/device.c new file mode 100644 index 00000000..054afeef --- /dev/null +++ b/src/raw_socket/device.c @@ -0,0 +1,174 @@ +/* + device.c -- raw socket + Copyright (C) 2002 Ivo Timmermans , + 2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.1.2.1 2002/07/18 14:30:45 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include "conf.h" +#include "net.h" +#include "subnet.h" + +#include "system.h" + +int device_fd = -1; +int device_type; +char *device; +char *interface; +char ifrname[IFNAMSIZ]; +char *device_info; + +int device_total_in = 0; +int device_total_out = 0; + +extern subnet_t mymac; + +/* + open the local ethertap device +*/ +int setup_device(void) +{ + struct ifreq ifr; + struct sockaddr_ll sa; +cp + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + interface = "eth0"; + + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = interface; + + device_info = _("raw socket"); +cp + if((device_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0) + { + syslog(LOG_ERR, _("Could not open %s: %s"), device_info, strerror(errno)); + return -1; + } + + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); + if(ioctl(device_fd, SIOCGIFINDEX, &ifr)) + { + close(device_fd); + syslog(LOG_ERR, _("Can't find interface %s: %s"), interface, strerror(errno)); + return -1; + } + + memset(&sa, '0', sizeof(sa)); + sa.sll_family = AF_PACKET; + sa.sll_protocol = htons(ETH_P_ALL); + sa.sll_ifindex = ifr.ifr_ifindex; + + if(bind(device_fd, (struct sockaddr *)&sa, (socklen_t)sizeof(sa))) + { + syslog(LOG_ERR, _("Could not bind to %s: %s"), device, strerror(errno)); + return -1; + } +cp + /* Set default MAC address for ethertap devices */ + + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; + + syslog(LOG_INFO, _("%s is a %s"), device, device_info); +cp + return 0; +} + +void close_device(void) +{ +cp + close(device_fd); +} + +/* + read, encrypt and send data that is + available through the ethertap device +*/ +int read_packet(vpn_packet_t *packet) +{ + int lenin; +cp + + if((lenin = read(device_fd, packet->data, MTU)) <= 0) + { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); + return -1; + } + + packet->len = lenin; + + device_total_in += packet->len; + + if(debug_lvl >= DEBUG_TRAFFIC) + { + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); + } + + return 0; +cp +} + +int write_packet(vpn_packet_t *packet) +{ +cp + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + if(write(device_fd, packet->data, packet->len) < 0) + { + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); + return -1; + } + + device_total_out += packet->len; +cp + return 0; +} + +void dump_device_stats(void) +{ +cp + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp +} From 912e7e968f4888d62b3c620893a70e825599973b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 24 Aug 2002 12:11:40 +0000 Subject: [PATCH 666/923] Gettext 1.11.5 compatibility. --- Makefile.am | 10 +-- autogen.sh | 8 +-- configure.in | 11 ++-- lib/Makefile.am | 4 +- lib/getopt.c | 11 +--- lib/gettext.h | 77 ++++++++++++++++++++++ lib/xmalloc.c | 10 +-- m4/malloc.m4 | 4 +- m4/perl.m4 | 39 ------------ m4/realloc.m4 | 4 +- po/Makevars | 25 ++++++++ po/nl.po | 166 +++++++++++++++++++++++------------------------- src/Makefile.am | 6 +- system.h | 22 +------ 14 files changed, 209 insertions(+), 188 deletions(-) create mode 100644 lib/gettext.h delete mode 100644 m4/perl.m4 create mode 100644 po/Makevars diff --git a/Makefile.am b/Makefile.am index 805c3123..8462e685 100644 --- a/Makefile.am +++ b/Makefile.am @@ -2,16 +2,17 @@ AUTOMAKE_OPTIONS = gnu -SUBDIRS = m4 intl lib src doc po +SUBDIRS = m4 lib src doc po -ACLOCAL_AMFLAGS = +ACLOCAL_AMFLAGS = -I m4 -EXTRA_DIST = system.h COPYING.README depcomp +EXTRA_DIST = config.rpath mkinstalldirs system.h COPYING.README depcomp CVS_CREATED = ABOUT-NLS configure aclocal.m4 config.h.in config.guess \ config.sub install-sh ltconfig ltmain.sh missing mkinstalldirs \ stamp-h.in m4/Makefile.am ChangeLog po/Makefile.in.in \ - po/tinc.pot src/.libs intl depcomp + po/tinc.pot po/*.sed po/*.header po/*.sin po/Rules-quot \ + src/.libs intl depcomp ChangeLog: cvs2cl -U cvsusers --fsf @@ -20,6 +21,7 @@ cvs-clean: maintainer-clean for f in $(CVS_CREATED) `find . -name Makefile.in` tinc-$(VERSION).tar.gz; do\ rm -Rf "$$f"; \ done + grep -l gettext `find m4 -type f` | xargs rm -f deb: dpkg-buildpackage -rfakeroot diff --git a/autogen.sh b/autogen.sh index 21a0f4c1..1209bd8e 100644 --- a/autogen.sh +++ b/autogen.sh @@ -114,8 +114,8 @@ do else echo "Creating $dr/aclocal.m4 ..." test -r $dr/aclocal.m4 || touch $dr/aclocal.m4 - echo "Running gettextize... Ignore non-fatal messages." - echo "no" | gettextize --force --copy + echo "Running autopoint..." + autopoint --force echo "Making $dr/aclocal.m4 writable ..." test -r $dr/aclocal.m4 && chmod u+w $dr/aclocal.m4 fi @@ -123,8 +123,8 @@ do if grep "^AM_GNOME_GETTEXT" configure.in >/dev/null; then echo "Creating $dr/aclocal.m4 ..." test -r $dr/aclocal.m4 || touch $dr/aclocal.m4 - echo "Running gettextize... Ignore non-fatal messages." - echo "no" | gettextize --force --copy + echo "Running autopoint..." + autopoint --force echo "Making $dr/aclocal.m4 writable ..." test -r $dr/aclocal.m4 && chmod u+w $dr/aclocal.m4 fi diff --git a/configure.in b/configure.in index 5e173c48..9f9849d6 100644 --- a/configure.in +++ b/configure.in @@ -1,7 +1,8 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.53 2002/07/12 11:45:20 guus Exp $ +dnl $Id: configure.in,v 1.13.2.54 2002/08/24 12:11:38 guus Exp $ +AC_PREREQ(2.50) AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) AM_CONFIG_HEADER(config.h) @@ -9,6 +10,9 @@ AM_CONFIG_HEADER(config.h) dnl Include the macros from the m4/ directory AM_ACLOCAL_INCLUDE(m4) +AM_GNU_GETTEXT([external]) +AM_GNU_GETTEXT_VERSION(0.11.5) + # Enable GNU extensions. # Define this here, not in acconfig's @TOP@ section, since definitions # in the latter don't make it into the configure-time tests. @@ -129,8 +133,6 @@ freeaddrinfo gai_strerror getaddrinfo getnameinfo]) jm_FUNC_MALLOC jm_FUNC_REALLOC -AM_GNU_GETTEXT - dnl Support for SunOS AC_CHECK_FUNC(socket, [], [ @@ -161,11 +163,10 @@ AC_ARG_ENABLE(tracing, AC_SUBST(INCLUDES) -AC_OUTPUT(Makefile +AC_OUTPUT(Makefile po/Makefile.in src/Makefile doc/Makefile doc/es/Makefile -intl/Makefile lib/Makefile m4/Makefile po/Makefile.in diff --git a/lib/Makefile.am b/lib/Makefile.am index dd4f2af9..ff3e5a5a 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,9 +1,9 @@ ## Process this file with automake to produce Makefile.in -# $Id: Makefile.am,v 1.2.4.9 2002/07/12 11:45:21 guus Exp $ +# $Id: Makefile.am,v 1.2.4.10 2002/08/24 12:11:39 guus Exp $ noinst_LIBRARIES = libvpn.a -INCLUDES = @INCLUDES@ -I. -I$(top_builddir) -I$(top_srcdir)/intl +INCLUDES = @INCLUDES@ -I. -I$(top_builddir) libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c avl_tree.c dropin.c fake-getaddrinfo.c fake-getnameinfo.c diff --git a/lib/getopt.c b/lib/getopt.c index 300f86de..264a11be 100644 --- a/lib/getopt.c +++ b/lib/getopt.c @@ -85,16 +85,7 @@ USA. */ #define getpid() GetCurrentProcessId() #endif -#ifndef _ -/* This is for other GNU distributions with internationalized messages. - When compiling libc, the _ macro is predefined. */ -#ifdef HAVE_LIBINTL_H -# include -# define _(msgid) gettext (msgid) -#else -# define _(msgid) (msgid) -#endif -#endif +#include "gettext.h" /* This version of `getopt' appears to the caller like standard Unix `getopt' but it behaves differently for the user, since it allows the user diff --git a/lib/gettext.h b/lib/gettext.h new file mode 100644 index 00000000..ad29e0ab --- /dev/null +++ b/lib/gettext.h @@ -0,0 +1,77 @@ +/* Convenience header for conditional use of GNU . + Copyright (C) 1995-1998, 2000-2002 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify it + under the terms of the GNU Library General Public License as published + by the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Library General Public + License along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, + USA. */ + +#ifndef _LIBGETTEXT_H +#define _LIBGETTEXT_H 1 + +/* NLS can be disabled through the configure --disable-nls option. */ +#if ENABLE_NLS + +/* Get declarations of GNU message catalog functions. */ +# include + +/* Shorthand notation */ + +# define _(Text) gettext (Text) + +#else + +/* Solaris /usr/include/locale.h includes /usr/include/libintl.h, which + chokes if dcgettext is defined as a macro. So include it now, to make + later inclusions of a NOP. We don't include + as well because people using "gettext.h" will not include , + and also including would fail on SunOS 4, whereas + is OK. */ +#if defined(__sun) +# include +#endif + +/* Disabled NLS. + The casts to 'const char *' serve the purpose of producing warnings + for invalid uses of the value returned from these functions. + On pre-ANSI systems without 'const', the config.h file is supposed to + contain "#define const". */ +# define gettext(Msgid) ((const char *) (Msgid)) +# define dgettext(Domainname, Msgid) ((const char *) (Msgid)) +# define dcgettext(Domainname, Msgid, Category) ((const char *) (Msgid)) +# define ngettext(Msgid1, Msgid2, N) \ + ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2)) +# define dngettext(Domainname, Msgid1, Msgid2, N) \ + ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2)) +# define dcngettext(Domainname, Msgid1, Msgid2, N, Category) \ + ((N) == 1 ? (const char *) (Msgid1) : (const char *) (Msgid2)) +# define textdomain(Domainname) ((const char *) (Domainname)) +# define bindtextdomain(Domainname, Dirname) ((const char *) (Dirname)) +# define bind_textdomain_codeset(Domainname, Codeset) ((const char *) (Codeset)) + +# define _(Text) Text + +#endif + +/* A pseudo function call that serves as a marker for the automated + extraction of messages, but does not call gettext(). The run-time + translation is done at a different place in the code. + The argument, String, should be a literal string. Concatenated strings + and other string expressions won't work. + The macro's expansion is not parenthesized, so that it is suitable as + initializer for static 'char[]' or 'const char[]' variables. */ +#define gettext_noop(String) String + +#define N_(Text) Text + +#endif /* _LIBGETTEXT_H */ diff --git a/lib/xmalloc.c b/lib/xmalloc.c index e1ab3140..e7541bdd 100644 --- a/lib/xmalloc.c +++ b/lib/xmalloc.c @@ -32,15 +32,7 @@ void *realloc (); void free (); #endif -#if ENABLE_NLS -# include -# define _(Text) gettext (Text) -#else -# define textdomain(Domain) -# define _(Text) Text -#endif -#define N_(Text) Text - +#include "gettext.h" #include "xalloc.h" #ifndef EXIT_FAILURE diff --git a/m4/malloc.m4 b/m4/malloc.m4 index dacd9191..a6b4c9a5 100644 --- a/m4/malloc.m4 +++ b/m4/malloc.m4 @@ -37,8 +37,8 @@ AC_DEFUN(jm_FUNC_MALLOC, jm_cv_func_working_malloc=no) ]) if test $jm_cv_func_working_malloc = no; then -dnl This should be converted to: AC_LIBOBJ([malloc]) - LIBOBJS="$LIBOBJS malloc.$ac_objext" + dnl This was: LIBOBJS="$LIBOBJS malloc.$ac_objext" + AC_LIBOBJ([malloc]) AC_DEFINE(malloc, rpl_malloc, [Replacement malloc()]) fi ]) diff --git a/m4/perl.m4 b/m4/perl.m4 deleted file mode 100644 index 0cc681cc..00000000 --- a/m4/perl.m4 +++ /dev/null @@ -1,39 +0,0 @@ -#serial 1 - -dnl From Jim Meyering. -dnl Find a new-enough version of Perl. -dnl - -AC_DEFUN(jm_PERL, -[ - dnl FIXME: don't hard-code 5.003 - dnl FIXME: should we cache the result? - AC_MSG_CHECKING([for perl5.003 or newer]) - if test "${PERL+set}" = set; then - # `PERL' is set in the user's environment. - candidate_perl_names="$PERL" - perl_specified=yes - else - candidate_perl_names='perl perl5' - perl_specified=no - fi - - found=no - AC_SUBST(PERL) - PERL="$missing_dir/missing perl" - for perl in $candidate_perl_names; do - # Run test in a subshell; some versions of sh will print an error if - # an executable is not found, even if stderr is redirected. - if ( $perl -e 'require 5.003' ) > /dev/null 2>&1; then - PERL=$perl - found=yes - break - fi - done - - AC_MSG_RESULT($found) - test $found = no && AC_MSG_WARN([ -*** You don't seem to have perl5.003 or newer installed. -*** Because of that, you may be unable to regenerate certain files -*** if you modify the sources from which they are derived.] ) -]) diff --git a/m4/realloc.m4 b/m4/realloc.m4 index 2eaeb0c3..cae9c1f9 100644 --- a/m4/realloc.m4 +++ b/m4/realloc.m4 @@ -37,8 +37,8 @@ AC_DEFUN(jm_FUNC_REALLOC, jm_cv_func_working_realloc=no) ]) if test $jm_cv_func_working_realloc = no; then -dnl This should be converted to: AC_LIBOBJ([realloc]) - LIBOBJS="$LIBOBJS realloc.$ac_objext" + dnl This was: LIBOBJS="$LIBOBJS realloc.$ac_objext" + AC_LIBOBJ([realloc]) AC_DEFINE(realloc, rpl_realloc, [Replacement realloc()]) fi ]) diff --git a/po/Makevars b/po/Makevars new file mode 100644 index 00000000..f7335a34 --- /dev/null +++ b/po/Makevars @@ -0,0 +1,25 @@ +# Makefile variables for PO directory in any package using GNU gettext. + +# Usually the message domain is the same as the package name. +DOMAIN = $(PACKAGE) + +# These two variables depend on the location of this directory. +subdir = po +top_builddir = .. + +# These options get passed to xgettext. +XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ + +# This is the copyright holder that gets inserted into the header of the +# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding +# package. (Note that the msgstr strings, extracted from the package's +# sources, belong to the copyright holder of the package.) Translators are +# expected to transfer the copyright for their translations to this person +# or entity, or to disclaim their copyright. The empty string stands for +# the public domain; in this case the translators are expected to disclaim +# their copyright. +COPYRIGHT_HOLDER = Ivo Timmermans and Guus Sliepen + +# This is the list of locale categories, beyond LC_MESSAGES, for which the +# message catalogs shall be used. It is usually empty. +EXTRA_LOCALE_CATEGORIES = diff --git a/po/nl.po b/po/nl.po index 9a11a718..e743e699 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,8 +5,8 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-06-09 17:28+0200\n" -"PO-Revision-Date: 2002-03-27 16:59+0100\n" +"POT-Creation-Date: 2002-08-24 13:45+0200\n" +"PO-Revision-Date: 2002-08-24 14:20+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" @@ -92,13 +92,11 @@ msgstr "Waarschuwing: `%s' is een symbolische link" msgid "Unable to read symbolic link `%s': %s" msgstr "Kan symbolische link `%s' niet lezen: %s" -#. Accessible by others #: src/conf.c:545 #, c-format msgid "`%s' has unsecure permissions" msgstr "`%s' heeft onveilige permissies" -#. Ask for a file and/or directory name. #: src/conf.c:570 #, c-format msgid "Please enter a file to save %s to [%s]: " @@ -258,10 +256,9 @@ msgstr "Fout tijdens comprimeren pakket naar %s (%s)" msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" -#. SO_PRIORITY doesn't seem to work #: src/net_packet.c:291 src/net_setup.c:483 src/net_socket.c:107 -#: src/net_socket.c:153 src/net_socket.c:180 src/process.c:272 -#: src/process.c:309 +#: src/net_socket.c:153 src/net_socket.c:180 src/tincd.c:360 src/process.c:251 +#: src/process.c:288 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" @@ -397,16 +394,16 @@ msgstr "Onzinnige MAC lengte!" msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:498 +#: src/net_setup.c:500 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:509 +#: src/net_setup.c:511 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:512 +#: src/net_setup.c:514 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" @@ -765,36 +762,36 @@ msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in de node boom" msgid "Got %s from %s (%s) for %s which does not appear in his subnet tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in zijn subnet boom" -#: src/subnet.c:99 +#: src/subnet.c:115 #, c-format msgid "subnet_compare() was called with unknown subnet type %d, exitting!" msgstr "" "subnet_compare() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:274 -#, fuzzy, c-format +#: src/subnet.c:290 +#, c-format msgid "net2str() was called with unknown subnet type %d, exiting!" msgstr "net2str() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:384 +#: src/subnet.c:403 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:389 +#: src/subnet.c:408 #, c-format msgid " %s owner %s" msgstr " %s eigenaar %s" -#: src/subnet.c:392 +#: src/subnet.c:411 msgid "End of subnet list." msgstr "Einde van subnet lijst." -#: src/tincd.c:100 +#: src/tincd.c:105 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:103 +#: src/tincd.c:108 #, c-format msgid "" "Usage: %s [option]...\n" @@ -803,13 +800,18 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:104 +#: src/tincd.c:109 msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" " -n, --net=NETNAME Connect to net NETNAME.\n" +" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" +" -L, --mlock Lock tinc into main memory.\n" +" --help Display this help and exit.\n" +" --version Output version information and exit.\n" +"\n" msgstr "" " -c, --config=MAP Lees configuratie uit MAP.\n" " -D, --no-detach Start geen nieuw proces.\n" @@ -817,26 +819,19 @@ msgstr "" " -k, --kill[=SIGNAAL] Poging tot zenden signaal naar lopende tincd en " "beëindig.\n" " -n, --net=NETNAAM Verbind met net NETNAAM.\n" - -#: src/tincd.c:109 -msgid "" -" -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" -" --help Display this help and exit.\n" -" --version Output version information and exit.\n" -"\n" -msgstr "" " -K, --generate-keys[=BITS] Genereer publiek/privé RSA sleutelpaar.\n" +" -L, --mlock Houd tinc vast in het centrale geheugen.\n" " --help Geef deze hulp en beëindig.\n" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:112 +#: src/tincd.c:118 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:166 +#: src/tincd.c:175 #, c-format msgid "" "Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, " @@ -845,7 +840,7 @@ msgstr "" "Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, " "KILL, USR1, USR2, WINCH, INT of ALRM.\n" -#: src/tincd.c:184 +#: src/tincd.c:193 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" @@ -853,24 +848,24 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:245 +#: src/tincd.c:254 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:250 +#: src/tincd.c:259 msgid "Error during key generation!\n" msgstr "Fout tijdens genereren sleutel!\n" -#: src/tincd.c:254 +#: src/tincd.c:263 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:263 +#: src/tincd.c:272 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:267 src/tincd.c:278 +#: src/tincd.c:276 src/tincd.c:287 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -878,21 +873,21 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:274 +#: src/tincd.c:283 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:299 +#: src/tincd.c:308 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:328 +#: src/tincd.c:337 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:329 +#: src/tincd.c:338 msgid "" "Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -909,16 +904,16 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:386 +#: src/tincd.c:403 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:391 +#: src/tincd.c:408 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/process.c:372 src/tincd.c:396 +#: src/tincd.c:413 src/process.c:351 msgid "Not restarting." msgstr "Geen herstart." @@ -978,63 +973,63 @@ msgstr "tincd %s (%s %s) start, debug niveau %d" msgid "tincd %s starting" msgstr "tincd %s wordt gestart" -#: src/process.c:249 -#, fuzzy, c-format +#: src/process.c:228 +#, c-format msgid "Could not execute `%s': %s" -msgstr "Kon `%s' niet openen: %s" +msgstr "Kon `%s' niet uitvoeren: %s" -#: src/process.c:279 +#: src/process.c:258 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:289 +#: src/process.c:268 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:297 +#: src/process.c:276 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:303 +#: src/process.c:282 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:328 +#: src/process.c:307 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:337 +#: src/process.c:316 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:344 +#: src/process.c:323 #, c-format msgid "Got another fatal signal %d (%s): not restarting." -msgstr "Kreeg nog een fataal signaal %s (%s): geen herstart." +msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart." -#: src/process.c:353 +#: src/process.c:332 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:358 +#: src/process.c:337 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:381 +#: src/process.c:360 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:390 +#: src/process.c:369 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:397 +#: src/process.c:376 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1043,21 +1038,21 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:408 +#: src/process.c:387 msgid "Got ALRM signal" msgstr "Kreeg ALRM signaal" -#: src/process.c:437 +#: src/process.c:416 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:446 +#: src/process.c:425 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:503 +#: src/process.c:482 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" @@ -1151,18 +1146,18 @@ msgstr " %s op %s - %s op %s opties %lx gewicht %d" msgid "End of edges." msgstr "Einde van edges." -#: src/graph.c:261 +#: src/graph.c:265 #, c-format msgid "Node %s (%s) became reachable" msgstr "Node %s (%s) werd bereikbaar" -#: src/graph.c:273 +#: src/graph.c:267 #, c-format msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" -#: src/freebsd/device.c:70 src/linux/device.c:89 src/netbsd/device.c:74 -#: src/openbsd/device.c:74 src/solaris/device.c:75 +#: src/linux/device.c:89 src/freebsd/device.c:70 src/solaris/device.c:75 +#: src/netbsd/device.c:74 src/openbsd/device.c:74 #, c-format msgid "Could not open %s: %s" msgstr "Kon `%s' niet openen: %s" @@ -1180,50 +1175,50 @@ msgstr "Oud ioctl() verzoek was nodig voor %s" msgid "Linux ethertap device" msgstr "Linux ethertap apparaat" -#: src/freebsd/device.c:87 src/linux/device.c:136 src/netbsd/device.c:90 -#: src/openbsd/device.c:90 src/solaris/device.c:132 +#: src/linux/device.c:136 src/freebsd/device.c:87 src/solaris/device.c:132 +#: src/netbsd/device.c:90 src/openbsd/device.c:90 #, c-format msgid "%s is a %s" msgstr "%s is een %s" -#: src/freebsd/device.c:108 src/linux/device.c:159 src/linux/device.c:169 -#: src/netbsd/device.c:109 src/openbsd/device.c:111 src/solaris/device.c:149 +#: src/linux/device.c:159 src/linux/device.c:169 src/freebsd/device.c:108 +#: src/solaris/device.c:149 src/netbsd/device.c:109 src/openbsd/device.c:111 #, c-format msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" -#: src/freebsd/device.c:117 src/linux/device.c:180 src/netbsd/device.c:124 -#: src/openbsd/device.c:140 src/solaris/device.c:164 +#: src/linux/device.c:180 src/freebsd/device.c:117 src/solaris/device.c:164 +#: src/netbsd/device.c:124 src/openbsd/device.c:140 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" -#: src/freebsd/device.c:128 src/linux/device.c:191 src/netbsd/device.c:135 -#: src/openbsd/device.c:154 src/solaris/device.c:175 +#: src/linux/device.c:191 src/freebsd/device.c:128 src/solaris/device.c:175 +#: src/netbsd/device.c:135 src/openbsd/device.c:154 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" -#: src/linux/device.c:198 src/linux/device.c:207 src/netbsd/device.c:140 -#: src/openbsd/device.c:180 src/solaris/device.c:180 +#: src/linux/device.c:198 src/linux/device.c:207 src/solaris/device.c:180 +#: src/netbsd/device.c:140 src/openbsd/device.c:180 #, c-format msgid "Can't write to %s %s: %s" msgstr "Kan niet schrijven naar %s %s: %s" -#: src/freebsd/device.c:144 src/linux/device.c:220 src/netbsd/device.c:151 -#: src/openbsd/device.c:191 src/solaris/device.c:192 +#: src/linux/device.c:220 src/freebsd/device.c:144 src/solaris/device.c:192 +#: src/netbsd/device.c:151 src/openbsd/device.c:191 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" -#: src/freebsd/device.c:145 src/linux/device.c:221 src/netbsd/device.c:152 -#: src/openbsd/device.c:192 src/solaris/device.c:193 +#: src/linux/device.c:221 src/freebsd/device.c:145 src/solaris/device.c:193 +#: src/netbsd/device.c:152 src/openbsd/device.c:192 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" -#: src/freebsd/device.c:146 src/linux/device.c:222 src/netbsd/device.c:153 -#: src/openbsd/device.c:193 src/solaris/device.c:194 +#: src/linux/device.c:222 src/freebsd/device.c:146 src/solaris/device.c:194 +#: src/netbsd/device.c:153 src/openbsd/device.c:193 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" @@ -1282,12 +1277,9 @@ msgstr "OpenBSD tun apparaat" #: src/openbsd/device.c:130 #, c-format msgid "Unknown address family %d while reading packet from %s %s" -msgstr "Onbekende adresfamilie tijdens lezen pakket van %s %s" +msgstr "Onbekende adresfamilie %d tijdens lezen pakket van %s %s" #: src/openbsd/device.c:169 #, c-format msgid "Unknown address family %d while writing packet to %s %s" -msgstr "Onbekende adresfamilie tijdens schrijven pakket naar %s %s" - -#~ msgid "Invalid public/private keypair!" -#~ msgstr "Ongeldig publiek/privé sleutelpaar!" +msgstr "Onbekende adresfamilie %d tijdens schrijven pakket naar %s %s" diff --git a/src/Makefile.am b/src/Makefile.am index 598a6340..aadeae29 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.24 2002/07/11 12:55:58 guus Exp $ +# $Id: Makefile.am,v 1.4.4.25 2002/08/24 12:11:40 guus Exp $ sbin_PROGRAMS = tincd @@ -9,12 +9,12 @@ tincd_SOURCES = conf.c connection.c device.c edge.c event.c graph.c meta.c net.c net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \ protocol_key.c protocol_subnet.c route.c subnet.c tincd.c -INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -I$(top_srcdir)/intl +INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib noinst_HEADERS = conf.h connection.h device.h edge.h event.h graph.h meta.h net.h netutl.h node.h process.h \ protocol.h route.h subnet.h -LIBS = @LIBS@ @INTLLIBS@ +LIBS = @LIBS@ tincd_LDADD = \ $(top_builddir)/lib/libvpn.a diff --git a/system.h b/system.h index 5b5e7950..6391c398 100644 --- a/system.h +++ b/system.h @@ -20,26 +20,7 @@ #ifndef __TINC_SYSTEM_H__ #define __TINC_SYSTEM_H__ -/* Take care of NLS matters. -- from fileutils 4.0 */ - -#if HAVE_LOCALE_H -# include -#endif -#if !HAVE_SETLOCALE -# define setlocale(Category, Locale) /* empty */ -#endif - -#if ENABLE_NLS -# include -# define _(Text) gettext (Text) -#else -# undef bindtextdomain -# define bindtextdomain(Domain, Directory) /* empty */ -# undef textdomain -# define textdomain(Domain) /* empty */ -# define _(Text) Text -#endif -#define N_(Text) Text +#include "gettext.h" #ifndef HAVE_STRSIGNAL # define strsignal(p) "" @@ -53,4 +34,3 @@ typedef int socklen_t; #endif #endif /* __TINC_SYSTEM_H__ */ - From f2c2443bbcfd5e09518bd87f3fd8d4a727d73ae2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 24 Aug 2002 12:54:55 +0000 Subject: [PATCH 667/923] Check for ranlib. --- configure.in | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index 9f9849d6..9a584b76 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.54 2002/08/24 12:11:38 guus Exp $ +dnl $Id: configure.in,v 1.13.2.55 2002/08/24 12:54:55 guus Exp $ AC_PREREQ(2.50) AC_INIT(src/tincd.c) @@ -29,8 +29,7 @@ AC_PROG_AWK AC_PROG_INSTALL AC_PROG_LN_S AC_PROG_MAKE_SET -jm_PERL - +AC_PROG_RANLIB AC_ISC_POSIX From 2cb21f8810a6e0241a80623e991c8308b603ae95 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 2 Sep 2002 22:40:42 +0000 Subject: [PATCH 668/923] Replacement for the current routing algorithm. --- src/protocol_node.c | 195 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 195 insertions(+) create mode 100644 src/protocol_node.c diff --git a/src/protocol_node.c b/src/protocol_node.c new file mode 100644 index 00000000..3d0355fd --- /dev/null +++ b/src/protocol_node.c @@ -0,0 +1,195 @@ +/* + protocol_node.c -- handle the meta-protocol, nodes + Copyright (C) 1999-2002 Ivo Timmermans , + 2000-2002 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: protocol_node.c,v 1.1.4.1 2002/09/02 22:40:42 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "conf.h" +#include "net.h" +#include "netutl.h" +#include "protocol.h" +#include "meta.h" +#include "connection.h" +#include "node.h" + +#include "system.h" + +int send_add_node(connection_t *c, node_t *n) +{ + int x; + char *address, *port; +cp + sockaddr2str(&n->address, &address, &port); + x = send_request(c, "%d %s %s %s %lx %d", ADD_NODE, + n->name, address, port, + n->options, n->distance + 1); + free(address); + free(port); +cp + return x; +} + +int add_node_h(connection_t *c) +{ + connection_t *other; + node_t *n; + char name[MAX_STRING_SIZE]; + char address[MAX_STRING_SIZE]; + char port[MAX_STRING_SIZE]; + long int options; + int distance; + avl_node_t *node; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", + name, address, port, &options, &distance) != 5) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_NODE", c->name, c->hostname); + return -1; + } + + /* Check if names are valid */ + + if(check_id(name)) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_NODE", c->name, c->hostname, _("invalid name")); + return -1; + } + + /* Lookup nodes */ + + n = lookup_node(name); + + if(!n) + { + // It's a new node. Add it and tell the others. + n = new_node(); + n->name = xstrdup(name); + n->address = str2sockaddr(address, port); + n->hostname = sockaddr2hostname(&n->address); + n->options = options; + n->distance = distance; + n->nexthop = c->node; + node_add(n); + } + else + { + // If this ADD_NODE is closer or more direct, use it instead of the old one. + if((n->options & OPTION_INDIRECT) && !(options & OPTION_INDIRECT) || n->distance > distance) + { + free(n->hostname); + n->address = str2sockaddr(address, port); + n->hostname = sockaddr2hostname(&n->address); + n->options = options; + n->distance = distance; + n->nexthop = c->node; + } + else + // Otherwise, just ignore it. + return 0; + } + + /* Tell the rest about the new node */ + + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + if(other->status.active && other != c) + send_add_node(other, n); + } + +cp + return 0; +} + +int send_del_node(connection_t *c, node_t *n) +{ +cp + return send_request(c, "%d %s", DEL_NODE, n->name); +} + +int del_node_h(connection_t *c) +{ + char name[MAX_STRING_SIZE]; + node_t *n; + connection_t *other; + avl_node_t *node; +cp + if(sscanf(c->buffer, "%*d "MAX_STRING, name) != 1) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_NODE", + c->name, c->hostname); + return -1; + } + + /* Check if names are valid */ + + if(check_id(name)) + { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_NODE", c->name, c->hostname, _("invalid name")); + return -1; + } + + /* Lookup nodes */ + + n = lookup_node(name); + + if(!n) + { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) which does not appear in the node tree"), "DEL_NODE", c->name, c->hostname); + return 0; + } + + /* If we got a DEL_NODE but we know of a different route to it, tell the one who send the DEL_NODE */ + + if(n->nexthop != c->node) + { + return send_add_node(c, n); + } + + /* Otherwise, tell the rest about the deleted node */ + + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + if(other->status.active && other != c) + send_del_node(other, n); + } + + /* Delete the node */ + + node_del(n); + + exit: +cp + return 0; +} From 856de4c5fe8acd779aa9277d4554e34ff3625e97 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 3 Sep 2002 20:42:05 +0000 Subject: [PATCH 669/923] Make sure setlocale() is available. --- lib/gettext.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/gettext.h b/lib/gettext.h index ad29e0ab..ba92769e 100644 --- a/lib/gettext.h +++ b/lib/gettext.h @@ -24,6 +24,7 @@ /* Get declarations of GNU message catalog functions. */ # include +# include /* Shorthand notation */ @@ -60,6 +61,7 @@ # define bind_textdomain_codeset(Domainname, Codeset) ((const char *) (Codeset)) # define _(Text) Text +# define setlocale(Category, Locale) ((chonst char *) (Locale)) #endif From d134c4542d4e890e1c1007f32b866742319853c5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 3 Sep 2002 20:43:26 +0000 Subject: [PATCH 670/923] Drop graph and edge stuff. Use new node stuff instead. --- src/Makefile.am | 8 ++-- src/connection.h | 8 ++-- src/net.c | 66 +++++++++++++-------------------- src/net_packet.c | 5 +-- src/net_setup.c | 7 +--- src/net_socket.c | 5 +-- src/node.c | 17 ++------- src/node.h | 6 +-- src/process.c | 3 +- src/protocol.c | 6 +-- src/protocol.h | 19 ++++------ src/protocol_auth.c | 85 ++++++++++++++++--------------------------- src/protocol_key.c | 9 ++--- src/protocol_node.c | 34 ++++++++++++----- src/protocol_subnet.c | 4 +- 15 files changed, 116 insertions(+), 166 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index aadeae29..cc1cdc30 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,17 +1,17 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.25 2002/08/24 12:11:40 guus Exp $ +# $Id: Makefile.am,v 1.4.4.26 2002/09/03 20:43:24 guus Exp $ sbin_PROGRAMS = tincd EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c netbsd/device.c darwin/device.c cygwin/device.c -tincd_SOURCES = conf.c connection.c device.c edge.c event.c graph.c meta.c net.c net_packet.c net_setup.c \ - net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \ +tincd_SOURCES = conf.c connection.c device.c event.c meta.c net.c net_packet.c net_setup.c \ + net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_node.c protocol_misc.c \ protocol_key.c protocol_subnet.c route.c subnet.c tincd.c INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -noinst_HEADERS = conf.h connection.h device.h edge.h event.h graph.h meta.h net.h netutl.h node.h process.h \ +noinst_HEADERS = conf.h connection.h device.h event.h meta.h net.h netutl.h node.h process.h \ protocol.h route.h subnet.h LIBS = @LIBS@ diff --git a/src/connection.h b/src/connection.h index 5f8b970a..fdc87d74 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.27 2002/06/21 10:11:12 guus Exp $ + $Id: connection.h,v 1.1.2.28 2002/09/03 20:43:24 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -44,7 +44,6 @@ #include "conf.h" #include "node.h" -#include "edge.h" #define OPTION_INDIRECT 0x0001 #define OPTION_TCPONLY 0x0002 @@ -66,18 +65,19 @@ typedef struct connection_t { char *name; /* name he claims to have */ sockaddr_t address; /* his real (internet) ip */ + sockaddr_t myaddress; /* our own address as seen by him */ + char *hostname; /* the hostname of its real ip */ int protocol_version; /* used protocol */ int socket; /* socket used for this connection */ long int options; /* options for this connection */ struct connection_status_t status; /* status info */ - int estimated_weight; /* estimation for the weight of the edge for this connection */ + int estimated_weight; /* estimation for the weight for this connection */ struct timeval start; /* time this connection was started, used for above estimation */ struct outgoing_t *outgoing; /* used to keep track of outgoing connections */ struct node_t *node; /* node associated with the other end */ - struct edge_t *edge; /* edge associated with this connection */ RSA *rsa_key; /* his public/private key */ const EVP_CIPHER *incipher; /* Cipher he will use to send data to us */ diff --git a/src/net.c b/src/net.c index 2a072d80..ca70886f 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.174 2002/06/21 10:11:12 guus Exp $ + $Id: net.c,v 1.35.4.175 2002/09/03 20:43:25 guus Exp $ */ #include "config.h" @@ -65,7 +65,6 @@ #include "process.h" #include "protocol.h" #include "subnet.h" -#include "graph.h" #include "process.h" #include "route.h" #include "device.h" @@ -83,13 +82,12 @@ int sigalrm = 0; time_t now = 0; -/* Purge edges and subnets of unreachable nodes. Use carefully. */ +/* Purge subnets of unreachable nodes. Use carefully. */ void purge(void) { - avl_node_t *nnode, *nnext, *enode, *enext, *snode, *snext, *cnode; + avl_node_t *nnode, *nnext, *snode, *snext, *cnode; node_t *n; - edge_t *e; subnet_t *s; connection_t *c; cp @@ -121,21 +119,6 @@ cp subnet_del(n, s); } - for(enode = n->edge_tree->head; enode; enode = enext) - { - enext = enode->next; - e = (edge_t *)enode->data; - - for(cnode = connection_tree->head; cnode; cnode = cnode->next) - { - c = (connection_t *)cnode->data; - if(c->status.active) - send_del_edge(c, e); - } - - edge_del(e); - } - node_del(n); } } @@ -182,14 +165,15 @@ cp /* Terminate a connection: - Close the socket - - Remove associated edge and tell other connections about it if report = 1 + - Tell other connections about it if report = 1 - Check if we need to retry making an outgoing connection - Deactivate the host */ void terminate_connection(connection_t *c, int report) { - avl_node_t *node; + avl_node_t *node, *node2; connection_t *other; + node_t *n; cp if(c->status.remove) return; @@ -202,30 +186,31 @@ cp c->status.active = 0; if(c->node) - c->node->connection = NULL; - - if(c->socket) - close(c->socket); - - if(c->edge) { - if(report) + if(report && c->node->connection) { for(node = connection_tree->head; node; node = node->next) { other = (connection_t *)node->data; - if(other->status.active && other != c) - send_del_edge(other, c->edge); + if(other == c) + continue; + for(node2 = node_tree->head; node2; node2 = node2->next) + { + n = (node_t *)node2->data; + if(n->nexthop == c->node) + { + send_del_node(other, n); + n->status.reachable = 0; + } + } } } - - edge_del(c->edge); - - /* Run MST and SSSP algorithms */ - - graph(); + c->node->connection = NULL; } + if(c->socket) + close(c->socket); + /* Check if this was our outgoing connection */ if(c->outgoing) @@ -246,14 +231,13 @@ cp */ void check_dead_connections(void) { - avl_node_t *node, *next; + avl_node_t *node; connection_t *c; cp - for(node = connection_tree->head; node; node = next) + for(node = connection_tree->head; node; node = node->next) { - next = node->next; c = (connection_t *)node->data; - if(c->last_ping_time + pingtimeout < now) + if(c->last_ping_time + pingtimeout < now && !c->status.remove) { if(c->status.active) { diff --git a/src/net_packet.c b/src/net_packet.c index 25f1d28e..bd1e4e21 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.17 2002/06/21 10:11:12 guus Exp $ + $Id: net_packet.c,v 1.1.2.18 2002/09/03 20:43:25 guus Exp $ */ #include "config.h" @@ -70,7 +70,6 @@ #include "process.h" #include "protocol.h" #include "subnet.h" -#include "graph.h" #include "process.h" #include "route.h" #include "device.h" @@ -332,7 +331,7 @@ cp return; } - via = (n->via == myself)?n->nexthop:n->via; + via = (n->options & OPTION_INDIRECT)?n->nexthop:n; if(via != n && debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), diff --git a/src/net_setup.c b/src/net_setup.c index 2884c50a..edbcbf54 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.21 2002/07/10 11:27:06 guus Exp $ + $Id: net_setup.c,v 1.1.2.22 2002/09/03 20:43:25 guus Exp $ */ #include "config.h" @@ -67,7 +67,6 @@ #include "process.h" #include "protocol.h" #include "subnet.h" -#include "graph.h" #include "process.h" #include "route.h" #include "device.h" @@ -464,8 +463,6 @@ cp myself->status.reachable = 1; node_add(myself); - graph(); - cp /* Open sockets */ @@ -531,7 +528,6 @@ cp init_connections(); init_subnets(); init_nodes(); - init_edges(); init_events(); init_requests(); @@ -597,7 +593,6 @@ cp exit_requests(); exit_events(); - exit_edges(); exit_subnets(); exit_nodes(); exit_connections(); diff --git a/src/net_socket.c b/src/net_socket.c index f1628cdd..e0cec2c8 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.16 2002/06/21 10:11:12 guus Exp $ + $Id: net_socket.c,v 1.1.2.17 2002/09/03 20:43:25 guus Exp $ */ #include "config.h" @@ -63,7 +63,6 @@ #include "process.h" #include "protocol.h" #include "subnet.h" -#include "graph.h" #include "process.h" #include "route.h" #include "device.h" @@ -147,7 +146,7 @@ cp return -1; } - if(listen(nfd, 3)) + if(listen(nfd, 0)) { close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %s"), "listen", strerror(errno)); diff --git a/src/node.c b/src/node.c index 591f4ed5..adc3a74d 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.13 2002/06/21 10:11:13 guus Exp $ + $Id: node.c,v 1.1.2.14 2002/09/03 20:43:25 guus Exp $ */ #include "config.h" @@ -77,7 +77,6 @@ node_t *new_node(void) node_t *n = (node_t *)xmalloc_and_zero(sizeof(*n)); cp n->subnet_tree = new_subnet_tree(); - n->edge_tree = new_edge_tree(); n->queue = list_alloc((list_action_t)free); cp return n; @@ -96,8 +95,6 @@ cp free(n->key); if(n->subnet_tree) free_subnet_tree(n->subnet_tree); - if(n->edge_tree) - free_edge_tree(n->edge_tree); free(n); cp } @@ -113,7 +110,6 @@ cp void node_del(node_t *n) { avl_node_t *node, *next; - edge_t *e; subnet_t *s; cp for(node = n->subnet_tree->head; node; node = next) @@ -122,13 +118,6 @@ cp s = (subnet_t *)node->data; subnet_del(n, s); } - - for(node = n->edge_tree->head; node; node = next) - { - next = node->next; - e = (edge_t *)node->data; - edge_del(e); - } cp avl_delete(node_tree, n); avl_delete(node_udp_tree, n); @@ -163,9 +152,9 @@ cp for(node = node_tree->head; node; node = node->next) { n = (node_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), + syslog(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s distance %d"), n->name, n->hostname, n->cipher?n->cipher->nid:0, n->digest?n->digest->type:0, n->maclength, n->compression, n->options, - n->status, n->nexthop?n->nexthop->name:"-", n->via?n->via->name:"-"); + n->status, n->nexthop?n->nexthop->name:"-", n->distance); } syslog(LOG_DEBUG, _("End of nodes.")); diff --git a/src/node.h b/src/node.h index f80075f5..174a4c1e 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.16 2002/06/21 10:11:13 guus Exp $ + $Id: node.h,v 1.1.2.17 2002/09/03 20:43:25 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -51,6 +51,8 @@ typedef struct node_t { struct node_status_t status; + int distance; /* Distance from us to that node */ + const EVP_CIPHER *cipher; /* Cipher type for UDP packets */ char *key; /* Cipher key and iv */ int keylength; /* Cipher key and iv length*/ @@ -67,8 +69,6 @@ typedef struct node_t { avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */ - avl_tree_t *edge_tree; /* Edges with this node as one of the endpoints */ - struct connection_t *connection; /* Connection associated with this node (if a direct connection exists) */ uint32_t sent_seqno; /* Sequence number last sent to this node */ diff --git a/src/process.c b/src/process.c index 8e701b2e..d53d5f06 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.42 2002/07/10 11:27:06 guus Exp $ + $Id: process.c,v 1.1.2.43 2002/09/03 20:43:25 guus Exp $ */ #include "config.h" @@ -399,7 +399,6 @@ sigusr2_handler(int a) { dump_device_stats(); dump_nodes(); - dump_edges(); dump_subnets(); } diff --git a/src/protocol.c b/src/protocol.c index 60273539..76c252f6 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.129 2002/06/21 10:11:13 guus Exp $ + $Id: protocol.c,v 1.28.4.130 2002/09/03 20:43:25 guus Exp $ */ #include "config.h" @@ -226,7 +226,7 @@ int (*request_handlers[])(connection_t*) = { status_h, error_h, termreq_h, ping_h, pong_h, add_subnet_h, del_subnet_h, - add_edge_h, del_edge_h, + add_node_h, del_node_h, key_changed_h, req_key_h, ans_key_h, tcppacket_h, }; @@ -238,7 +238,7 @@ char (*request_name[]) = { "STATUS", "ERROR", "TERMREQ", "PING", "PONG", "ADD_SUBNET", "DEL_SUBNET", - "ADD_EDGE", "DEL_EDGE", + "ADD_NODE", "DEL_NODE", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", "PACKET", }; diff --git a/src/protocol.h b/src/protocol.h index 1ed4bebe..dea2e9f0 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.30 2002/06/21 10:11:13 guus Exp $ + $Id: protocol.h,v 1.5.4.31 2002/09/03 20:43:25 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -31,7 +31,7 @@ incompatible version have different protocols. */ -#define PROT_CURRENT 14 +#define PROT_CURRENT 15 /* Request numbers */ @@ -40,9 +40,8 @@ enum { ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, ACK, STATUS, ERROR, TERMREQ, PING, PONG, -// ADD_NODE, DEL_NODE, ADD_SUBNET, DEL_SUBNET, - ADD_EDGE, DEL_EDGE, + ADD_NODE, DEL_NODE, KEY_CHANGED, REQ_KEY, ANS_KEY, PACKET, LAST /* Guardian for the highest request number */ @@ -81,12 +80,10 @@ extern int send_error(connection_t *, int, char *); extern int send_termreq(connection_t *); extern int send_ping(connection_t *); extern int send_pong(connection_t *); -// extern int send_add_node(connection_t *, node_t *); -// extern int send_del_node(connection_t *, node_t *); extern int send_add_subnet(connection_t *, subnet_t *); extern int send_del_subnet(connection_t *, subnet_t *); -extern int send_add_edge(connection_t *, edge_t *); -extern int send_del_edge(connection_t *, edge_t *); +extern int send_add_node(connection_t *, node_t *); +extern int send_del_node(connection_t *, node_t *); extern int send_key_changed(connection_t *, node_t *); extern int send_req_key(connection_t *, node_t *, node_t *); extern int send_ans_key(connection_t *, node_t *, node_t *); @@ -106,12 +103,10 @@ extern int error_h(connection_t *); extern int termreq_h(connection_t *); extern int ping_h(connection_t *); extern int pong_h(connection_t *); -// extern int add_node_h(connection_t *); -// extern int del_node_h(connection_t *); extern int add_subnet_h(connection_t *); extern int del_subnet_h(connection_t *); -extern int add_edge_h(connection_t *); -extern int del_edge_h(connection_t *); +extern int add_node_h(connection_t *); +extern int del_node_h(connection_t *); extern int key_changed_h(connection_t *); extern int req_key_h(connection_t *); extern int ans_key_h(connection_t *); diff --git a/src/protocol_auth.c b/src/protocol_auth.c index c7c57329..b2ffaff9 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.9 2002/06/21 10:11:13 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.10 2002/09/03 20:43:25 guus Exp $ */ #include "config.h" @@ -48,8 +48,6 @@ #include "meta.h" #include "connection.h" #include "node.h" -#include "edge.h" -#include "graph.h" #include "system.h" @@ -462,7 +460,7 @@ cp int send_ack(connection_t *c) { /* ACK message contains rest of the information the other end needs - to create node_t and edge_t structures. */ + to create node_t structures. */ int x; char *address, *port; @@ -473,7 +471,7 @@ cp gettimeofday(&now, NULL); c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; sockaddr2str(&c->address, &address, &port); - x = send_request(c, "%d %s %s %d %lx", ACK, myport, address, c->estimated_weight, c->options); + x = send_request(c, "%d %s %s %lx", ACK, myport, address, c->options); free(address); free(port); cp @@ -485,13 +483,16 @@ void send_everything(connection_t *c) avl_node_t *node, *node2; node_t *n; subnet_t *s; - edge_t *e; + connection_t *other; - /* Send all known subnets */ + /* Send all known nodes and subnets */ for(node = node_tree->head; node; node = node->next) { n = (node_t *)node->data; + + if(n != c->node && n != myself) + send_add_node(c, n); for(node2 = n->subnet_tree->head; node2; node2 = node2->next) { @@ -500,16 +501,14 @@ void send_everything(connection_t *c) } } - /* Send all known edges */ - - for(node = edge_tree->head; node; node = node->next) + /* Inform others of this new node */ + + for(node = connection_tree->head; node; node = node->next) { - e = (edge_t *)node->data; - - if(e == c->edge) - continue; - - send_add_edge(c, e); + other = (connection_t *)node->data; + + if(other->status.active && other != c) + send_add_node(other, c->node); } } @@ -518,13 +517,11 @@ int ack_h(connection_t *c) char myaddress[MAX_STRING_SIZE]; char hisport[MAX_STRING_SIZE]; char *hisaddress, *dummy; - int weight; long int options; node_t *n; - connection_t *other; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %d %lx", hisport, myaddress, &weight, &options) != 4) + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %lx", hisport, myaddress, &options) != 3) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); return -1; @@ -549,30 +546,26 @@ cp syslog(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); terminate_connection(n->connection, 0); } - - /* FIXME: check if information in existing node matches that of the other end of this connection */ } - n->connection = c; c->node = n; c->options |= options; - - /* Create an edge_t for this connection */ - - c->edge = new_edge(); -cp - c->edge->from.node = myself; - c->edge->from.udpaddress = str2sockaddr(myaddress, myport); - c->edge->to.node = n; + c->myaddress = str2sockaddr(myaddress, myport); + + n->connection = c; sockaddr2str(&c->address, &hisaddress, &dummy); - c->edge->to.udpaddress = str2sockaddr(hisaddress, hisport); - free(hisaddress); - free(dummy); - c->edge->weight = (weight + c->estimated_weight) / 2; - c->edge->connection = c; - c->edge->options = c->options; -cp - edge_add(c->edge); + node = avl_unlink(node_udp_tree, n); + n->address = str2sockaddr(hisaddress, hisport); + avl_insert_node(node_udp_tree, node); + if(n->hostname) + free(n->hostname); + n->hostname = sockaddr2hostname(&n->address); + n->options = c->options; + n->distance = 1; + n->via = n->nexthop = n; + n->status.reachable = 1; + n->status.validkey = 0; + n->status.waitingforkey = 0; /* Activate this connection */ @@ -583,23 +576,9 @@ cp syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); cp - /* Send him everything we know */ + /* Send him everything we know and tell the others about him */ send_everything(c); - - /* Notify others of this connection */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - - if(other->status.active && other != c) - send_add_edge(other, c->edge); - } - - /* Run MST and SSSP algorithms */ - - graph(); cp return 0; } diff --git a/src/protocol_key.c b/src/protocol_key.c index 3d711f90..90df50f2 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.7 2002/06/21 10:11:19 guus Exp $ + $Id: protocol_key.c,v 1.1.4.8 2002/09/03 20:43:25 guus Exp $ */ #include "config.h" @@ -40,7 +40,6 @@ #include "meta.h" #include "connection.h" #include "node.h" -#include "edge.h" #include "system.h" @@ -96,7 +95,6 @@ cp n->status.validkey = 0; n->status.waitingforkey = 0; - n->sent_seqno = 0; /* Tell the others */ @@ -153,7 +151,7 @@ cp if(to == myself) /* Yes, send our own key back */ { mykeyused = 1; - from->received_seqno = 0; + from->sent_seqno = 0; send_ans_key(c, myself, from); } else @@ -235,7 +233,8 @@ cp from->status.validkey = 1; from->status.waitingforkey = 0; - + from->received_seqno = 0; + /* Check and lookup cipher and digest algorithms */ if(cipher) diff --git a/src/protocol_node.c b/src/protocol_node.c index 3d0355fd..7808ab41 100644 --- a/src/protocol_node.c +++ b/src/protocol_node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_node.c,v 1.1.4.1 2002/09/02 22:40:42 guus Exp $ + $Id: protocol_node.c,v 1.1.4.2 2002/09/03 20:43:25 guus Exp $ */ #include "config.h" @@ -48,10 +48,13 @@ int send_add_node(connection_t *c, node_t *n) int x; char *address, *port; cp + if(!n->status.reachable) + return 0; + sockaddr2str(&n->address, &address, &port); x = send_request(c, "%d %s %s %s %lx %d", ADD_NODE, n->name, address, port, - n->options, n->distance + 1); + n->options, n->distance + 1); // Alternatively, use n->distance + c->estimated_weight free(address); free(port); cp @@ -84,6 +87,11 @@ cp return -1; } + /* This node is indirect if it's nexthop is as well */ + + if(c->node->options & OPTION_INDIRECT) + options |= OPTION_INDIRECT; + /* Lookup nodes */ n = lookup_node(name); @@ -97,20 +105,27 @@ cp n->hostname = sockaddr2hostname(&n->address); n->options = options; n->distance = distance; - n->nexthop = c->node; + n->via = n->nexthop = c->node; + n->status.reachable = 1; node_add(n); } else { // If this ADD_NODE is closer or more direct, use it instead of the old one. - if((n->options & OPTION_INDIRECT) && !(options & OPTION_INDIRECT) || n->distance > distance) + if(((n->options & OPTION_INDIRECT) && !(options & OPTION_INDIRECT)) || n->distance > distance) { - free(n->hostname); + avl_node_t *node = avl_unlink(node_udp_tree, n); n->address = str2sockaddr(address, port); + avl_insert_node(node_udp_tree, node); + if(n->hostname) + free(n->hostname); n->hostname = sockaddr2hostname(&n->address); n->options = options; n->distance = distance; - n->nexthop = c->node; + n->via = n->nexthop = c->node; + n->status.reachable = 1; + n->status.validkey = 0; + n->status.waitingforkey = 0; } else // Otherwise, just ignore it. @@ -185,11 +200,10 @@ cp send_del_node(other, n); } - /* Delete the node */ + /* "Delete" the node */ - node_del(n); - - exit: + n->status.reachable = 0; + n->status.validkey = 0; cp return 0; } diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index d6ca43df..e5103079 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.4 2002/06/21 10:11:19 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.5 2002/09/03 20:43:26 guus Exp $ */ #include "config.h" @@ -40,8 +40,6 @@ #include "meta.h" #include "connection.h" #include "node.h" -#include "edge.h" -#include "graph.h" #include "system.h" From b5bb06200eda170c9836e1b4474d6f5b920c2151 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 3 Sep 2002 22:37:49 +0000 Subject: [PATCH 671/923] A reachable node is always more preferable to an unreachable one... --- src/protocol_node.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/protocol_node.c b/src/protocol_node.c index 7808ab41..b86ef79e 100644 --- a/src/protocol_node.c +++ b/src/protocol_node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_node.c,v 1.1.4.2 2002/09/03 20:43:25 guus Exp $ + $Id: protocol_node.c,v 1.1.4.3 2002/09/03 22:37:49 guus Exp $ */ #include "config.h" @@ -112,7 +112,7 @@ cp else { // If this ADD_NODE is closer or more direct, use it instead of the old one. - if(((n->options & OPTION_INDIRECT) && !(options & OPTION_INDIRECT)) || n->distance > distance) + if(!n->reachable || ((n->options & OPTION_INDIRECT) && !(options & OPTION_INDIRECT)) || n->distance > distance) { avl_node_t *node = avl_unlink(node_udp_tree, n); n->address = str2sockaddr(address, port); From ddb96301a39dd3dac8d3df4e2e189b13b75e0b6e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 3 Sep 2002 22:49:55 +0000 Subject: [PATCH 672/923] Woops. --- src/protocol_node.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/protocol_node.c b/src/protocol_node.c index b86ef79e..e407977b 100644 --- a/src/protocol_node.c +++ b/src/protocol_node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_node.c,v 1.1.4.3 2002/09/03 22:37:49 guus Exp $ + $Id: protocol_node.c,v 1.1.4.4 2002/09/03 22:49:55 guus Exp $ */ #include "config.h" @@ -112,7 +112,7 @@ cp else { // If this ADD_NODE is closer or more direct, use it instead of the old one. - if(!n->reachable || ((n->options & OPTION_INDIRECT) && !(options & OPTION_INDIRECT)) || n->distance > distance) + if(!n->status.reachable || ((n->options & OPTION_INDIRECT) && !(options & OPTION_INDIRECT)) || n->distance > distance) { avl_node_t *node = avl_unlink(node_udp_tree, n); n->address = str2sockaddr(address, port); From 4a7c2026aec6966f934b60d75bc472d28f8587d8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Sep 2002 08:02:33 +0000 Subject: [PATCH 673/923] Reduce KEY_CHANGED traffic. --- src/protocol.c | 22 ++++++++++++++++------ src/protocol_key.c | 11 ++--------- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/src/protocol.c b/src/protocol.c index 76c252f6..91c4ef3a 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.130 2002/09/03 20:43:25 guus Exp $ + $Id: protocol.c,v 1.28.4.131 2002/09/04 08:02:33 guus Exp $ */ #include "config.h" @@ -62,8 +62,15 @@ int send_request(connection_t *c, const char *format, ...) va_list args; char buffer[MAXBUFSIZE]; int len, request; - + char *name = "everyone"; + char *hostname = "broadcast"; cp + if(c) + { + name = c->name; + hostname = c->hostname; + } + /* Use vsnprintf instead of vasprintf: faster, no memory fragmentation, cleanup is automatic, and there is a limit on the input buffer anyway */ @@ -74,7 +81,7 @@ cp if(len < 0 || len > MAXBUFSIZE-1) { - syslog(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), c->name, c->hostname); + syslog(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), name, hostname); return -1; } @@ -82,14 +89,17 @@ cp { sscanf(buffer, "%d", &request); if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], c->name, c->hostname, buffer); + syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], name, hostname, buffer); else - syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], c->name, c->hostname); + syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], name, hostname); } buffer[len++] = '\n'; cp - return send_meta(c, buffer, len); + if(c) + return send_meta(c, buffer, len); + else + return broadcast_meta(NULL, buffer, len); } int receive_request(connection_t *c) diff --git a/src/protocol_key.c b/src/protocol_key.c index 90df50f2..0f14cd69 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.8 2002/09/03 20:43:25 guus Exp $ + $Id: protocol_key.c,v 1.1.4.9 2002/09/04 08:02:33 guus Exp $ */ #include "config.h" @@ -47,8 +47,6 @@ int mykeyused = 0; int send_key_changed(connection_t *c, node_t *n) { - connection_t *other; - avl_node_t *node; cp /* Only send this message if some other daemon requested our key previously. This reduces unnecessary key_changed broadcasts. @@ -57,12 +55,7 @@ cp if(n == myself && !mykeyused) return 0; - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%d %lx %s", KEY_CHANGED, random(), n->name); - } + send_request(NULL, "%d %lx %s", KEY_CHANGED, random(), n->name); cp return 0; } From 698d6ddac6ab32d5a4b802941b02232793442684 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Sep 2002 08:33:08 +0000 Subject: [PATCH 674/923] Prevent looping DEL_NODE/ADD_NODE messages after a node disconnects. --- src/node.h | 3 +- src/protocol.h | 4 +-- src/protocol_node.c | 67 +++++++++++++++++++++++++++++++++++---------- 3 files changed, 56 insertions(+), 18 deletions(-) diff --git a/src/node.h b/src/node.h index 174a4c1e..f2bea91b 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.17 2002/09/03 20:43:25 guus Exp $ + $Id: node.h,v 1.1.2.18 2002/09/04 08:33:08 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -65,6 +65,7 @@ typedef struct node_t { list_t *queue; /* Queue for packets awaiting to be encrypted */ struct node_t *nexthop; /* nearest node from us to him */ + struct node_t *prevhop; /* nearest node from him to us */ struct node_t *via; /* next hop for UDP packets */ avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */ diff --git a/src/protocol.h b/src/protocol.h index dea2e9f0..1fd760a2 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.31 2002/09/03 20:43:25 guus Exp $ + $Id: protocol.h,v 1.5.4.32 2002/09/04 08:33:08 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -31,7 +31,7 @@ incompatible version have different protocols. */ -#define PROT_CURRENT 15 +#define PROT_CURRENT 16 /* Request numbers */ diff --git a/src/protocol_node.c b/src/protocol_node.c index e407977b..c27f254d 100644 --- a/src/protocol_node.c +++ b/src/protocol_node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_node.c,v 1.1.4.4 2002/09/03 22:49:55 guus Exp $ + $Id: protocol_node.c,v 1.1.4.5 2002/09/04 08:33:08 guus Exp $ */ #include "config.h" @@ -52,9 +52,10 @@ cp return 0; sockaddr2str(&n->address, &address, &port); - x = send_request(c, "%d %s %s %s %lx %d", ADD_NODE, + x = send_request(c, "%d %s %s %s %lx %d %s %s", ADD_NODE, n->name, address, port, - n->options, n->distance + 1); // Alternatively, use n->distance + c->estimated_weight + n->options, n->distance + 1, // Alternatively, use n->distance + c->estimated_weight + n->prevhop->name, n->via->name); free(address); free(port); cp @@ -64,16 +65,18 @@ cp int add_node_h(connection_t *c) { connection_t *other; - node_t *n; + node_t *n, *prevhop, *via; char name[MAX_STRING_SIZE]; char address[MAX_STRING_SIZE]; char port[MAX_STRING_SIZE]; + char prevhopname[MAX_STRING_SIZE]; + char vianame[MAX_STRING_SIZE]; long int options; int distance; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", - name, address, port, &options, &distance) != 5) + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d "MAX_STRING" "MAX_STRING, + name, address, port, &options, &distance, prevhopname, vianame) != 7) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_NODE", c->name, c->hostname); return -1; @@ -94,6 +97,24 @@ cp /* Lookup nodes */ + prevhop = lookup_node(prevhopname); + + if(!prevhop) + { + prevhop = new_node(); + prevhop->name = xstrdup(prevhopname); + node_add(prevhop); + } + + via = lookup_node(vianame); + + if(!via) + { + via = new_node(); + via->name = xstrdup(vianame); + node_add(via); + } + n = lookup_node(name); if(!n) @@ -105,16 +126,30 @@ cp n->hostname = sockaddr2hostname(&n->address); n->options = options; n->distance = distance; - n->via = n->nexthop = c->node; - n->status.reachable = 1; + n->nexthop = c->node; + n->prevhop = prevhop; + n->via = via; node_add(n); + if(prevhop == myself) + { + syslog(LOG_WARNING, _("Got ADD_NODE %s prevhop %s via %s from %s, sending back a DEL_NODE!"), name, prevhopname, vianame, c->name); + send_del_node(c, n); + return 0; + } + n->status.reachable = 1; } else { // If this ADD_NODE is closer or more direct, use it instead of the old one. if(!n->status.reachable || ((n->options & OPTION_INDIRECT) && !(options & OPTION_INDIRECT)) || n->distance > distance) { - avl_node_t *node = avl_unlink(node_udp_tree, n); + if(prevhop == myself) + { + syslog(LOG_WARNING, _("Got ADD_NODE %s prevhop %s via %s from %s!"), name, prevhopname, vianame, c->name); + send_del_node(c, n); + return 0; + } + node = avl_unlink(node_udp_tree, n); n->address = str2sockaddr(address, port); avl_insert_node(node_udp_tree, node); if(n->hostname) @@ -148,17 +183,18 @@ cp int send_del_node(connection_t *c, node_t *n) { cp - return send_request(c, "%d %s", DEL_NODE, n->name); + return send_request(c, "%d %s %s", DEL_NODE, n->name, n->prevhop->name); } int del_node_h(connection_t *c) { char name[MAX_STRING_SIZE]; - node_t *n; + char prevhopname[MAX_STRING_SIZE]; + node_t *n, *prevhop; connection_t *other; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d "MAX_STRING, name) != 1) + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, name, prevhopname) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_NODE", c->name, c->hostname); @@ -176,8 +212,9 @@ cp /* Lookup nodes */ n = lookup_node(name); - - if(!n) + prevhop = lookup_node(prevhopname); + + if(!n || !prevhop) { if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_WARNING, _("Got %s from %s (%s) which does not appear in the node tree"), "DEL_NODE", c->name, c->hostname); @@ -186,7 +223,7 @@ cp /* If we got a DEL_NODE but we know of a different route to it, tell the one who send the DEL_NODE */ - if(n->nexthop != c->node) + if(n->nexthop != c->node || n->prevhop != prevhop) { return send_add_node(c, n); } From 2af0bcc8fd39ca34a7ff856d539cdf38728a8c25 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Sep 2002 08:36:34 +0000 Subject: [PATCH 675/923] Don't forget to set prevhop to myself for new connections. --- src/protocol_auth.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/protocol_auth.c b/src/protocol_auth.c index b2ffaff9..6563470c 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.10 2002/09/03 20:43:25 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.11 2002/09/04 08:36:34 guus Exp $ */ #include "config.h" @@ -563,6 +563,7 @@ cp n->options = c->options; n->distance = 1; n->via = n->nexthop = n; + n->prevhop = myself; n->status.reachable = 1; n->status.validkey = 0; n->status.waitingforkey = 0; From 973530db628fb91106d6fb7a17151e1d036e40a2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Sep 2002 08:48:03 +0000 Subject: [PATCH 676/923] Just ignore wrong ADD_NODEs instead of replying with a DEL_NODE, in the hope other DEL_NODEs will catch up eventually. --- src/protocol_node.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/protocol_node.c b/src/protocol_node.c index c27f254d..758b1eaa 100644 --- a/src/protocol_node.c +++ b/src/protocol_node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_node.c,v 1.1.4.5 2002/09/04 08:33:08 guus Exp $ + $Id: protocol_node.c,v 1.1.4.6 2002/09/04 08:48:03 guus Exp $ */ #include "config.h" @@ -133,7 +133,7 @@ cp if(prevhop == myself) { syslog(LOG_WARNING, _("Got ADD_NODE %s prevhop %s via %s from %s, sending back a DEL_NODE!"), name, prevhopname, vianame, c->name); - send_del_node(c, n); + // send_del_node(c, n); return 0; } n->status.reachable = 1; @@ -146,7 +146,7 @@ cp if(prevhop == myself) { syslog(LOG_WARNING, _("Got ADD_NODE %s prevhop %s via %s from %s!"), name, prevhopname, vianame, c->name); - send_del_node(c, n); + // send_del_node(c, n); return 0; } node = avl_unlink(node_udp_tree, n); @@ -223,7 +223,7 @@ cp /* If we got a DEL_NODE but we know of a different route to it, tell the one who send the DEL_NODE */ - if(n->nexthop != c->node || n->prevhop != prevhop) + if(n->nexthop != c->node) { return send_add_node(c, n); } From 82ebfc923ddb050c88bdf5d65ac943a15ca8748a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Sep 2002 13:48:52 +0000 Subject: [PATCH 677/923] Revert to edge and graph stuff. This time, use a directed graph. --- src/Makefile.am | 8 ++--- src/connection.h | 8 ++--- src/edge.c | 77 +++++++++++++-------------------------- src/edge.h | 16 ++++----- src/graph.c | 80 +++++++++++++++++++---------------------- src/net.c | 66 +++++++++++++++++++++------------- src/net_packet.c | 5 +-- src/net_setup.c | 7 +++- src/net_socket.c | 5 +-- src/node.c | 17 +++++++-- src/node.h | 7 ++-- src/protocol.c | 26 +++++--------- src/protocol.h | 20 +++++++---- src/protocol_auth.c | 87 +++++++++++++++++++++++++-------------------- src/protocol_edge.c | 59 ++++++++++++------------------ 15 files changed, 238 insertions(+), 250 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index cc1cdc30..d8d8fd93 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,17 +1,17 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.26 2002/09/03 20:43:24 guus Exp $ +# $Id: Makefile.am,v 1.4.4.27 2002/09/04 13:48:51 guus Exp $ sbin_PROGRAMS = tincd EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c netbsd/device.c darwin/device.c cygwin/device.c -tincd_SOURCES = conf.c connection.c device.c event.c meta.c net.c net_packet.c net_setup.c \ - net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_node.c protocol_misc.c \ +tincd_SOURCES = conf.c connection.c device.c edge.c event.c graph.c meta.c net.c net_packet.c net_setup.c \ + net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \ protocol_key.c protocol_subnet.c route.c subnet.c tincd.c INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -noinst_HEADERS = conf.h connection.h device.h event.h meta.h net.h netutl.h node.h process.h \ +noinst_HEADERS = conf.h connection.h device.h edge.h event.h graph.h meta.h net.h netutl.h node.h process.h \ protocol.h route.h subnet.h LIBS = @LIBS@ diff --git a/src/connection.h b/src/connection.h index fdc87d74..a6d8c58e 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.28 2002/09/03 20:43:24 guus Exp $ + $Id: connection.h,v 1.1.2.29 2002/09/04 13:48:51 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -44,6 +44,7 @@ #include "conf.h" #include "node.h" +#include "edge.h" #define OPTION_INDIRECT 0x0001 #define OPTION_TCPONLY 0x0002 @@ -65,19 +66,18 @@ typedef struct connection_t { char *name; /* name he claims to have */ sockaddr_t address; /* his real (internet) ip */ - sockaddr_t myaddress; /* our own address as seen by him */ - char *hostname; /* the hostname of its real ip */ int protocol_version; /* used protocol */ int socket; /* socket used for this connection */ long int options; /* options for this connection */ struct connection_status_t status; /* status info */ - int estimated_weight; /* estimation for the weight for this connection */ + int estimated_weight; /* estimation for the weight of the edge for this connection */ struct timeval start; /* time this connection was started, used for above estimation */ struct outgoing_t *outgoing; /* used to keep track of outgoing connections */ struct node_t *node; /* node associated with the other end */ + struct edge_t *edge; /* edge associated with this connection */ RSA *rsa_key; /* his public/private key */ const EVP_CIPHER *incipher; /* Cipher he will use to send data to us */ diff --git a/src/edge.c b/src/edge.c index eb664d27..a0f5535f 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.11 2002/06/21 10:11:12 guus Exp $ + $Id: edge.c,v 1.1.2.12 2002/09/04 13:48:51 guus Exp $ */ #include "config.h" @@ -35,6 +35,8 @@ #include "conf.h" #include #include "subnet.h" +#include "edge.h" +#include "node.h" #include "xalloc.h" #include "system.h" @@ -46,12 +48,12 @@ int edge_compare(edge_t *a, edge_t *b) { int result; - result = strcmp(a->from.node->name, b->from.node->name); + result = strcmp(a->from->name, b->from->name); if(result) return result; else - return strcmp(a->to.node->name, b->to.node->name); + return strcmp(a->to->name, b->to->name); } /* Evil edge_compare() from a parallel universe ;) @@ -60,34 +62,11 @@ int edge_compare(edge_t *a, edge_t *b) { int result; - return (result = strcmp(a->from.node->name, b->from.node->name)) || (result = strcmp(a->to.node->name, b->to.node->name)), result; + return (result = strcmp(a->from->name, b->from->name)) || (result = strcmp(a->to->name, b->to->name)), result; } */ -int edge_name_compare(edge_t *a, edge_t *b) -{ - int result; - char *name_a1, *name_a2, *name_b1, *name_b2; - - if(strcmp(a->from.node->name, a->to.node->name) < 0) - name_a1 = a->from.node->name, name_a2 = a->to.node->name; - else - name_a1 = a->to.node->name, name_a2 = a->from.node->name; - - if(strcmp(b->from.node->name, b->to.node->name) < 0) - name_b1 = b->from.node->name, name_b2 = b->to.node->name; - else - name_b1 = b->to.node->name, name_b2 = b->from.node->name; - - result = strcmp(name_a1, name_b1); - - if(result) - return result; - else - return strcmp(name_a2, name_b2); -} - int edge_weight_compare(edge_t *a, edge_t *b) { int result; @@ -97,7 +76,7 @@ int edge_weight_compare(edge_t *a, edge_t *b) if(result) return result; else - return edge_name_compare(a, b); + return edge_compare(a, b); } void init_edges(void) @@ -111,7 +90,7 @@ cp avl_tree_t *new_edge_tree(void) { cp - return avl_alloc_tree((avl_compare_t)edge_name_compare, NULL); + return avl_alloc_tree((avl_compare_t)edge_compare, NULL); cp } @@ -152,35 +131,32 @@ void edge_add(edge_t *e) cp avl_insert(edge_tree, e); avl_insert(edge_weight_tree, e); - avl_insert(e->from.node->edge_tree, e); - avl_insert(e->to.node->edge_tree, e); + avl_insert(e->from->edge_tree, e); +cp + e->reverse = lookup_edge(e->to, e->from); + if(e->reverse) + e->reverse->reverse = e; cp } void edge_del(edge_t *e) { +cp + if(e->reverse) + e->reverse->reverse = NULL; cp avl_delete(edge_tree, e); avl_delete(edge_weight_tree, e); - avl_delete(e->from.node->edge_tree, e); - avl_delete(e->to.node->edge_tree, e); + avl_delete(e->from->edge_tree, e); cp } edge_t *lookup_edge(node_t *from, node_t *to) { - edge_t v, *result; + edge_t v; cp - v.from.node = from; - v.to.node = to; - - result = avl_search(edge_tree, &v); - - if(result) - return result; -cp - v.from.node = to; - v.to.node = from; + v.from = from; + v.to = to; return avl_search(edge_tree, &v); } @@ -189,21 +165,18 @@ void dump_edges(void) { avl_node_t *node; edge_t *e; - char *from_udp, *to_udp; + char *address; cp syslog(LOG_DEBUG, _("Edges:")); for(node = edge_tree->head; node; node = node->next) { e = (edge_t *)node->data; - from_udp = sockaddr2hostname(&e->from.udpaddress); - to_udp = sockaddr2hostname(&e->to.udpaddress); - syslog(LOG_DEBUG, _(" %s at %s - %s at %s options %lx weight %d"), - e->from.node->name, from_udp, - e->to.node->name, to_udp, + address = sockaddr2hostname(&e->address); + syslog(LOG_DEBUG, _(" %s to %s at %s options %lx weight %d"), + e->from->name, e->to->name, address, e->options, e->weight); - free(from_udp); - free(to_udp); + free(address); } syslog(LOG_DEBUG, _("End of edges.")); diff --git a/src/edge.h b/src/edge.h index 2e5b910d..e3735e63 100644 --- a/src/edge.h +++ b/src/edge.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.8 2002/06/21 10:11:12 guus Exp $ + $Id: edge.h,v 1.1.2.9 2002/09/04 13:48:51 guus Exp $ */ #ifndef __TINC_EDGE_H__ @@ -29,23 +29,19 @@ #include "node.h" #include "connection.h" -typedef struct halfconnection_t { - struct node_t *node; /* node associated with this end of the connection */ -// sockaddr_t tcpaddress; /* real (internet) ip on this end of the meta connection */ - sockaddr_t udpaddress; /* real (internet) ip on this end of the vpn connection */ -} halfconnection_t; - typedef struct edge_t { - struct halfconnection_t from; - struct halfconnection_t to; + struct node_t *from; + struct node_t *to; + sockaddr_t address; long int options; /* options turned on for this edge */ int weight; /* weight of this edge */ struct connection_t *connection; /* connection associated with this edge, if available */ + struct edge_t *reverse; /* edge in the opposite direction, if available */ } edge_t; -extern avl_tree_t *edge_tree; /* Tree with all known edges (replaces active_tree) */ +extern avl_tree_t *edge_tree; /* Tree with all known edges */ extern avl_tree_t *edge_weight_tree; /* Tree with all known edges sorted on weight */ extern void init_edges(void); diff --git a/src/graph.c b/src/graph.c index 7d9caf27..b5e81931 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.14 2002/07/10 11:27:06 guus Exp $ + $Id: graph.c,v 1.1.2.15 2002/09/04 13:48:51 guus Exp $ */ /* We need to generate two trees from the graph: @@ -109,7 +109,7 @@ void mst_kruskal(void) /* Starting point */ - ((edge_t *)edge_weight_tree->head->data)->from.node->status.visited = 1; + ((edge_t *)edge_weight_tree->head->data)->from->status.visited = 1; /* Add safe edges */ @@ -118,24 +118,25 @@ void mst_kruskal(void) next = node->next; e = (edge_t *)node->data; - if(e->from.node->status.visited == e->to.node->status.visited) + if(!e->reverse || e->from->status.visited == e->to->status.visited) { skipped = 1; continue; } - e->from.node->status.visited = 1; - e->to.node->status.visited = 1; + e->from->status.visited = 1; + e->to->status.visited = 1; if(e->connection) e->connection->status.mst = 1; safe_edges++; if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, " Adding edge %s - %s weight %d", e->from.node->name, e->to.node->name, e->weight); + syslog(LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name, e->to->name, e->weight); if(skipped) { + skipped = 0; next = edge_weight_tree->head; continue; } @@ -154,7 +155,6 @@ void sssp_bfs(void) avl_node_t *node, *from, *next, *to; edge_t *e; node_t *n; - halfconnection_t to_hc, from_hc; avl_tree_t *todo_tree; int indirect; char *name; @@ -195,52 +195,50 @@ void sssp_bfs(void) for(to = n->edge_tree->head; to; to = to->next) /* "to" is the edge connected to "from" */ { e = (edge_t *)to->data; - - if(e->from.node == n) /* "from_hc" is the halfconnection with .node == from */ - to_hc = e->to, from_hc = e->from; - else - to_hc = e->from, from_hc = e->to; + + if(!e->reverse) + continue; /* Situation: / / - ------(n)from_hc-----to_hc + ------(n)-----(e->to) \ \ - n->address is set to the to_hc.udpaddress of the edge left of n. - We are currently examining the edge right of n: + n->address is set to the e->address of the edge left of n to n. + We are currently examining the edge e right of n from n: - - If from_hc.udpaddress != n->address, then to_hc.node is probably + - If e->reverse->address != n->address, then e->to is probably not reachable for the nodes left of n. We do as if the indirectdata flag is set on edge e. - - If edge e provides for better reachability of to_hc.node, update - to_hc.node and (re)add it to the todo_tree to (re)examine the reachability + - If edge e provides for better reachability of e->to, update + e->to and (re)add it to the todo_tree to (re)examine the reachability of nodes behind it. */ - indirect = n->status.indirect || e->options & OPTION_INDIRECT || ((n != myself) && sockaddrcmp(&n->address, &from_hc.udpaddress)); + indirect = n->status.indirect || e->options & OPTION_INDIRECT || ((n != myself) && sockaddrcmp(&n->address, &e->reverse->address)); - if(to_hc.node->status.visited && (!to_hc.node->status.indirect || indirect)) + if(e->to->status.visited && (!e->to->status.indirect || indirect)) continue; - to_hc.node->status.visited = 1; - to_hc.node->status.indirect = indirect; - to_hc.node->nexthop = (n->nexthop == myself) ? to_hc.node : n->nexthop; - to_hc.node->via = indirect ? n->via : to_hc.node; - to_hc.node->options = e->options; - if(sockaddrcmp(&to_hc.node->address, &to_hc.udpaddress)) - { - node = avl_unlink(node_udp_tree, to_hc.node); - to_hc.node->address = to_hc.udpaddress; - if(to_hc.node->hostname) - free(to_hc.node->hostname); - to_hc.node->hostname = sockaddr2hostname(&to_hc.udpaddress); - avl_insert_node(node_udp_tree, node); - } + e->to->status.visited = 1; + e->to->status.indirect = indirect; + e->to->nexthop = (n->nexthop == myself) ? e->to : n->nexthop; + e->to->via = indirect ? n->via : e->to; + e->to->options = e->options; + if(sockaddrcmp(&e->to->address, &e->address)) + { + node = avl_unlink(node_udp_tree, e->to); + e->to->address = e->address; + if(e->to->hostname) + free(e->to->hostname); + e->to->hostname = sockaddr2hostname(&e->to->address); + avl_insert_node(node_udp_tree, node); + } node = avl_alloc_node(); - node->data = to_hc.node; + node->data = e->to; avl_insert_before(todo_tree, from, node); } @@ -257,7 +255,7 @@ void sssp_bfs(void) next = node->next; n = (node_t *)node->data; - if(n->status.visited ^ n->status.reachable) + if(n->status.visited != n->status.reachable) { n->status.reachable = !n->status.reachable; if(debug_lvl >= DEBUG_TRAFFIC) @@ -266,13 +264,9 @@ void sssp_bfs(void) else syslog(LOG_DEBUG, _("Node %s (%s) became unreachable"), n->name, n->hostname); - if(!n->status.reachable) - { - n->status.reachable = 0; - n->status.validkey = 0; - n->status.waitingforkey = 0; - n->sent_seqno = 0; - } + n->status.validkey = 0; + n->status.waitingforkey = 0; + n->sent_seqno = 0; asprintf(&envp[0], "NETNAME=%s", netname?netname:""); asprintf(&envp[1], "DEVICE=%s", device?device:""); diff --git a/src/net.c b/src/net.c index ca70886f..4a5c4b9f 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.175 2002/09/03 20:43:25 guus Exp $ + $Id: net.c,v 1.35.4.176 2002/09/04 13:48:51 guus Exp $ */ #include "config.h" @@ -65,6 +65,7 @@ #include "process.h" #include "protocol.h" #include "subnet.h" +#include "graph.h" #include "process.h" #include "route.h" #include "device.h" @@ -82,12 +83,13 @@ int sigalrm = 0; time_t now = 0; -/* Purge subnets of unreachable nodes. Use carefully. */ +/* Purge edges and subnets of unreachable nodes. Use carefully. */ void purge(void) { - avl_node_t *nnode, *nnext, *snode, *snext, *cnode; + avl_node_t *nnode, *nnext, *enode, *enext, *snode, *snext, *cnode; node_t *n; + edge_t *e; subnet_t *s; connection_t *c; cp @@ -119,6 +121,21 @@ cp subnet_del(n, s); } + for(enode = n->edge_tree->head; enode; enode = enext) + { + enext = enode->next; + e = (edge_t *)enode->data; + + for(cnode = connection_tree->head; cnode; cnode = cnode->next) + { + c = (connection_t *)cnode->data; + if(c->status.active) + send_del_edge(c, e); + } + + edge_del(e); + } + node_del(n); } } @@ -165,15 +182,14 @@ cp /* Terminate a connection: - Close the socket - - Tell other connections about it if report = 1 + - Remove associated edge and tell other connections about it if report = 1 - Check if we need to retry making an outgoing connection - Deactivate the host */ void terminate_connection(connection_t *c, int report) { - avl_node_t *node, *node2; + avl_node_t *node; connection_t *other; - node_t *n; cp if(c->status.remove) return; @@ -186,30 +202,29 @@ cp c->status.active = 0; if(c->node) + c->node->connection = NULL; + + if(c->socket) + close(c->socket); + + if(c->edge) { - if(report && c->node->connection) + if(report) { for(node = connection_tree->head; node; node = node->next) { other = (connection_t *)node->data; - if(other == c) - continue; - for(node2 = node_tree->head; node2; node2 = node2->next) - { - n = (node_t *)node2->data; - if(n->nexthop == c->node) - { - send_del_node(other, n); - n->status.reachable = 0; - } - } + if(other->status.active && other != c) + send_del_edge(other, c->edge); } } - c->node->connection = NULL; - } - if(c->socket) - close(c->socket); + edge_del(c->edge); + + /* Run MST and SSSP algorithms */ + + graph(); + } /* Check if this was our outgoing connection */ @@ -231,13 +246,14 @@ cp */ void check_dead_connections(void) { - avl_node_t *node; + avl_node_t *node, *next; connection_t *c; cp - for(node = connection_tree->head; node; node = node->next) + for(node = connection_tree->head; node; node = next) { + next = node->next; c = (connection_t *)node->data; - if(c->last_ping_time + pingtimeout < now && !c->status.remove) + if(c->last_ping_time + pingtimeout < now) { if(c->status.active) { diff --git a/src/net_packet.c b/src/net_packet.c index bd1e4e21..8419d6a0 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.18 2002/09/03 20:43:25 guus Exp $ + $Id: net_packet.c,v 1.1.2.19 2002/09/04 13:48:52 guus Exp $ */ #include "config.h" @@ -70,6 +70,7 @@ #include "process.h" #include "protocol.h" #include "subnet.h" +#include "graph.h" #include "process.h" #include "route.h" #include "device.h" @@ -331,7 +332,7 @@ cp return; } - via = (n->options & OPTION_INDIRECT)?n->nexthop:n; + via = (n->via == myself)?n->nexthop:n->via; if(via != n && debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), diff --git a/src/net_setup.c b/src/net_setup.c index edbcbf54..fe7a562d 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.22 2002/09/03 20:43:25 guus Exp $ + $Id: net_setup.c,v 1.1.2.23 2002/09/04 13:48:52 guus Exp $ */ #include "config.h" @@ -67,6 +67,7 @@ #include "process.h" #include "protocol.h" #include "subnet.h" +#include "graph.h" #include "process.h" #include "route.h" #include "device.h" @@ -463,6 +464,8 @@ cp myself->status.reachable = 1; node_add(myself); + graph(); + cp /* Open sockets */ @@ -528,6 +531,7 @@ cp init_connections(); init_subnets(); init_nodes(); + init_edges(); init_events(); init_requests(); @@ -593,6 +597,7 @@ cp exit_requests(); exit_events(); + exit_edges(); exit_subnets(); exit_nodes(); exit_connections(); diff --git a/src/net_socket.c b/src/net_socket.c index e0cec2c8..0281d655 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.17 2002/09/03 20:43:25 guus Exp $ + $Id: net_socket.c,v 1.1.2.18 2002/09/04 13:48:52 guus Exp $ */ #include "config.h" @@ -63,6 +63,7 @@ #include "process.h" #include "protocol.h" #include "subnet.h" +#include "graph.h" #include "process.h" #include "route.h" #include "device.h" @@ -146,7 +147,7 @@ cp return -1; } - if(listen(nfd, 0)) + if(listen(nfd, 3)) { close(nfd); syslog(LOG_ERR, _("System call `%s' failed: %s"), "listen", strerror(errno)); diff --git a/src/node.c b/src/node.c index adc3a74d..a66bc177 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.14 2002/09/03 20:43:25 guus Exp $ + $Id: node.c,v 1.1.2.15 2002/09/04 13:48:52 guus Exp $ */ #include "config.h" @@ -77,6 +77,7 @@ node_t *new_node(void) node_t *n = (node_t *)xmalloc_and_zero(sizeof(*n)); cp n->subnet_tree = new_subnet_tree(); + n->edge_tree = new_edge_tree(); n->queue = list_alloc((list_action_t)free); cp return n; @@ -95,6 +96,8 @@ cp free(n->key); if(n->subnet_tree) free_subnet_tree(n->subnet_tree); + if(n->edge_tree) + free_edge_tree(n->edge_tree); free(n); cp } @@ -110,6 +113,7 @@ cp void node_del(node_t *n) { avl_node_t *node, *next; + edge_t *e; subnet_t *s; cp for(node = n->subnet_tree->head; node; node = next) @@ -118,6 +122,13 @@ cp s = (subnet_t *)node->data; subnet_del(n, s); } + + for(node = n->edge_tree->head; node; node = next) + { + next = node->next; + e = (edge_t *)node->data; + edge_del(e); + } cp avl_delete(node_tree, n); avl_delete(node_udp_tree, n); @@ -152,9 +163,9 @@ cp for(node = node_tree->head; node; node = node->next) { n = (node_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s distance %d"), + syslog(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), n->name, n->hostname, n->cipher?n->cipher->nid:0, n->digest?n->digest->type:0, n->maclength, n->compression, n->options, - n->status, n->nexthop?n->nexthop->name:"-", n->distance); + n->status, n->nexthop?n->nexthop->name:"-", n->via?n->via->name:"-"); } syslog(LOG_DEBUG, _("End of nodes.")); diff --git a/src/node.h b/src/node.h index f2bea91b..8f6b30ff 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.18 2002/09/04 08:33:08 guus Exp $ + $Id: node.h,v 1.1.2.19 2002/09/04 13:48:52 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -51,8 +51,6 @@ typedef struct node_t { struct node_status_t status; - int distance; /* Distance from us to that node */ - const EVP_CIPHER *cipher; /* Cipher type for UDP packets */ char *key; /* Cipher key and iv */ int keylength; /* Cipher key and iv length*/ @@ -65,11 +63,12 @@ typedef struct node_t { list_t *queue; /* Queue for packets awaiting to be encrypted */ struct node_t *nexthop; /* nearest node from us to him */ - struct node_t *prevhop; /* nearest node from him to us */ struct node_t *via; /* next hop for UDP packets */ avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */ + avl_tree_t *edge_tree; /* Edges with this node as one of the endpoints */ + struct connection_t *connection; /* Connection associated with this node (if a direct connection exists) */ uint32_t sent_seqno; /* Sequence number last sent to this node */ diff --git a/src/protocol.c b/src/protocol.c index 91c4ef3a..644e89e9 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.131 2002/09/04 08:02:33 guus Exp $ + $Id: protocol.c,v 1.28.4.132 2002/09/04 13:48:52 guus Exp $ */ #include "config.h" @@ -62,15 +62,8 @@ int send_request(connection_t *c, const char *format, ...) va_list args; char buffer[MAXBUFSIZE]; int len, request; - char *name = "everyone"; - char *hostname = "broadcast"; -cp - if(c) - { - name = c->name; - hostname = c->hostname; - } +cp /* Use vsnprintf instead of vasprintf: faster, no memory fragmentation, cleanup is automatic, and there is a limit on the input buffer anyway */ @@ -81,7 +74,7 @@ cp if(len < 0 || len > MAXBUFSIZE-1) { - syslog(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), name, hostname); + syslog(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), c->name, c->hostname); return -1; } @@ -89,17 +82,14 @@ cp { sscanf(buffer, "%d", &request); if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], name, hostname, buffer); + syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], c->name, c->hostname, buffer); else - syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], name, hostname); + syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], c->name, c->hostname); } buffer[len++] = '\n'; cp - if(c) - return send_meta(c, buffer, len); - else - return broadcast_meta(NULL, buffer, len); + return send_meta(c, buffer, len); } int receive_request(connection_t *c) @@ -236,7 +226,7 @@ int (*request_handlers[])(connection_t*) = { status_h, error_h, termreq_h, ping_h, pong_h, add_subnet_h, del_subnet_h, - add_node_h, del_node_h, + add_edge_h, del_edge_h, key_changed_h, req_key_h, ans_key_h, tcppacket_h, }; @@ -248,7 +238,7 @@ char (*request_name[]) = { "STATUS", "ERROR", "TERMREQ", "PING", "PONG", "ADD_SUBNET", "DEL_SUBNET", - "ADD_NODE", "DEL_NODE", + "ADD_EDGE", "DEL_EDGE", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", "PACKET", }; diff --git a/src/protocol.h b/src/protocol.h index 1fd760a2..a021f4fe 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.32 2002/09/04 08:33:08 guus Exp $ + $Id: protocol.h,v 1.5.4.33 2002/09/04 13:48:52 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -25,13 +25,14 @@ #include "net.h" #include "node.h" +#include "edge.h" #include "subnet.h" /* Protocol version. Different versions are incompatible, incompatible version have different protocols. */ -#define PROT_CURRENT 16 +#define PROT_CURRENT 17 /* Request numbers */ @@ -40,8 +41,9 @@ enum { ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, ACK, STATUS, ERROR, TERMREQ, PING, PONG, +// ADD_NODE, DEL_NODE, ADD_SUBNET, DEL_SUBNET, - ADD_NODE, DEL_NODE, + ADD_EDGE, DEL_EDGE, KEY_CHANGED, REQ_KEY, ANS_KEY, PACKET, LAST /* Guardian for the highest request number */ @@ -80,10 +82,12 @@ extern int send_error(connection_t *, int, char *); extern int send_termreq(connection_t *); extern int send_ping(connection_t *); extern int send_pong(connection_t *); +// extern int send_add_node(connection_t *, node_t *); +// extern int send_del_node(connection_t *, node_t *); extern int send_add_subnet(connection_t *, subnet_t *); extern int send_del_subnet(connection_t *, subnet_t *); -extern int send_add_node(connection_t *, node_t *); -extern int send_del_node(connection_t *, node_t *); +extern int send_add_edge(connection_t *, edge_t *); +extern int send_del_edge(connection_t *, edge_t *); extern int send_key_changed(connection_t *, node_t *); extern int send_req_key(connection_t *, node_t *, node_t *); extern int send_ans_key(connection_t *, node_t *, node_t *); @@ -103,10 +107,12 @@ extern int error_h(connection_t *); extern int termreq_h(connection_t *); extern int ping_h(connection_t *); extern int pong_h(connection_t *); +// extern int add_node_h(connection_t *); +// extern int del_node_h(connection_t *); extern int add_subnet_h(connection_t *); extern int del_subnet_h(connection_t *); -extern int add_node_h(connection_t *); -extern int del_node_h(connection_t *); +extern int add_edge_h(connection_t *); +extern int del_edge_h(connection_t *); extern int key_changed_h(connection_t *); extern int req_key_h(connection_t *); extern int ans_key_h(connection_t *); diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 6563470c..14914ba8 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.11 2002/09/04 08:36:34 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.12 2002/09/04 13:48:52 guus Exp $ */ #include "config.h" @@ -48,6 +48,8 @@ #include "meta.h" #include "connection.h" #include "node.h" +#include "edge.h" +#include "graph.h" #include "system.h" @@ -460,20 +462,16 @@ cp int send_ack(connection_t *c) { /* ACK message contains rest of the information the other end needs - to create node_t structures. */ + to create node_t and edge_t structures. */ int x; - char *address, *port; struct timeval now; cp /* Estimate weight */ gettimeofday(&now, NULL); c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; - sockaddr2str(&c->address, &address, &port); - x = send_request(c, "%d %s %s %lx", ACK, myport, address, c->options); - free(address); - free(port); + x = send_request(c, "%d %s %s %d %lx", ACK, myport, c->estimated_weight, c->options); cp return x; } @@ -483,16 +481,13 @@ void send_everything(connection_t *c) avl_node_t *node, *node2; node_t *n; subnet_t *s; - connection_t *other; + edge_t *e; - /* Send all known nodes and subnets */ + /* Send all known subnets */ for(node = node_tree->head; node; node = node->next) { n = (node_t *)node->data; - - if(n != c->node && n != myself) - send_add_node(c, n); for(node2 = n->subnet_tree->head; node2; node2 = node2->next) { @@ -501,27 +496,27 @@ void send_everything(connection_t *c) } } - /* Inform others of this new node */ - - for(node = connection_tree->head; node; node = node->next) + /* Send all known edges */ + + for(node = edge_tree->head; node; node = node->next) { - other = (connection_t *)node->data; - - if(other->status.active && other != c) - send_add_node(other, c->node); + e = (edge_t *)node->data; + + send_add_edge(c, e); } } int ack_h(connection_t *c) { - char myaddress[MAX_STRING_SIZE]; char hisport[MAX_STRING_SIZE]; char *hisaddress, *dummy; + int weight; long int options; node_t *n; + connection_t *other; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" %lx", hisport, myaddress, &options) != 3) + if(sscanf(c->buffer, "%*d "MAX_STRING" %d %lx", hisport, &weight, &options) != 3) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); return -1; @@ -546,27 +541,29 @@ cp syslog(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); terminate_connection(n->connection, 0); } + + /* FIXME: check if information in existing node matches that of the other end of this connection */ } + n->connection = c; c->node = n; c->options |= options; - c->myaddress = str2sockaddr(myaddress, myport); - - n->connection = c; + + /* Create an edge_t for this connection */ + + c->edge = new_edge(); +cp + c->edge->from = myself; + c->edge->to = n; sockaddr2str(&c->address, &hisaddress, &dummy); - node = avl_unlink(node_udp_tree, n); - n->address = str2sockaddr(hisaddress, hisport); - avl_insert_node(node_udp_tree, node); - if(n->hostname) - free(n->hostname); - n->hostname = sockaddr2hostname(&n->address); - n->options = c->options; - n->distance = 1; - n->via = n->nexthop = n; - n->prevhop = myself; - n->status.reachable = 1; - n->status.validkey = 0; - n->status.waitingforkey = 0; + c->edge->address = str2sockaddr(hisaddress, hisport); + free(hisaddress); + free(dummy); + c->edge->weight = (weight + c->estimated_weight) / 2; + c->edge->connection = c; + c->edge->options = c->options; +cp + edge_add(c->edge); /* Activate this connection */ @@ -577,9 +574,23 @@ cp syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); cp - /* Send him everything we know and tell the others about him */ + /* Send him everything we know */ send_everything(c); + + /* Notify others of this connection */ + + for(node = connection_tree->head; node; node = node->next) + { + other = (connection_t *)node->data; + + if(other->status.active && other != c) + send_add_edge(other, c->edge); + } + + /* Run MST and SSSP algorithms */ + + graph(); cp return 0; } diff --git a/src/protocol_edge.c b/src/protocol_edge.c index a13a096a..9b35a9fb 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.8 2002/06/21 10:11:19 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.9 2002/09/04 13:48:52 guus Exp $ */ #include "config.h" @@ -48,19 +48,14 @@ int send_add_edge(connection_t *c, edge_t *e) { int x; - char *from_udpaddress, *from_udpport; - char *to_udpaddress, *to_udpport; + char *address, *port; cp - sockaddr2str(&e->from.udpaddress, &from_udpaddress, &from_udpport); - sockaddr2str(&e->to.udpaddress, &to_udpaddress, &to_udpport); - x = send_request(c, "%d %lx %s %s %s %s %s %s %lx %d", ADD_EDGE, random(), - e->from.node->name, from_udpaddress, from_udpport, - e->to.node->name, to_udpaddress, to_udpport, + sockaddr2str(&e->address, &address, &port); + x = send_request(c, "%d %lx %s %s %s %s %lx %d", ADD_EDGE, random(), + e->from->name, e->to->name, address, port, e->options, e->weight); - free(from_udpaddress); - free(from_udpport); - free(to_udpaddress); - free(to_udpport); + free(address); + free(port); cp return x; } @@ -72,20 +67,15 @@ int add_edge_h(connection_t *c) node_t *from, *to; char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; - char from_address[MAX_STRING_SIZE]; - char from_udpport[MAX_STRING_SIZE]; char to_address[MAX_STRING_SIZE]; - char to_udpport[MAX_STRING_SIZE]; - sockaddr_t from_udpaddress; - sockaddr_t to_udpaddress; + char to_port[MAX_STRING_SIZE]; + sockaddr_t address; long int options; int weight; avl_node_t *node; cp - if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", - from_name, from_address, from_udpport, - to_name, to_address, to_udpport, - &options, &weight) != 8) + if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", + from_name, to_name, to_address, to_port, &options, &weight) != 6) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, c->hostname); return -1; @@ -130,8 +120,7 @@ cp /* Convert addresses */ - from_udpaddress = str2sockaddr(from_address, from_udpport); - to_udpaddress = str2sockaddr(to_address, to_udpport); + address = str2sockaddr(to_address, to_port); /* Check if edge already exists */ @@ -139,12 +128,9 @@ cp if(e) { - if(e->weight != weight || e->options != options - || ((e->from.node == from) && (sockaddrcmp(&e->from.udpaddress, &from_udpaddress)|| sockaddrcmp(&e->to.udpaddress, &to_udpaddress))) - || ((e->from.node == to) && (sockaddrcmp(&e->from.udpaddress, &to_udpaddress) || sockaddrcmp(&e->to.udpaddress, &from_udpaddress))) - ) + if(e->weight != weight || e->options != options || sockaddrcmp(&e->address, &address)) { - if(from == myself || to == myself) + if(from == myself) { if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); @@ -161,23 +147,22 @@ cp else return 0; } - else if(from == myself || to == myself) + else if(from == myself) { if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not exist"), "ADD_EDGE", c->name, c->hostname); e = new_edge(); - e->from.node = from; - e->to.node = to; + e->from = from; + e->to = to; send_del_edge(c, e); free_edge(e); return 0; } e = new_edge(); - e->from.node = from; - e->from.udpaddress = from_udpaddress; - e->to.node = to; - e->to.udpaddress = to_udpaddress; + e->from = from; + e->to = to; + e->address = address; e->options = options; e->weight = weight; edge_add(e); @@ -202,7 +187,7 @@ int send_del_edge(connection_t *c, edge_t *e) { cp return send_request(c, "%d %lx %s %s", DEL_EDGE, random(), - e->from.node->name, e->to.node->name); + e->from->name, e->to->name); } int del_edge_h(connection_t *c) @@ -269,7 +254,7 @@ cp return 0; } - if(e->from.node == myself || e->to.node == myself) + if(e->from == myself) { if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_EDGE", c->name, c->hostname); From 431fa10b37e78172a03c952e28a0364cc0e438f0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Sep 2002 14:17:28 +0000 Subject: [PATCH 678/923] Small fixes. --- src/process.c | 3 ++- src/protocol_auth.c | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/process.c b/src/process.c index d53d5f06..0898e70e 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.43 2002/09/03 20:43:25 guus Exp $ + $Id: process.c,v 1.1.2.44 2002/09/04 14:17:28 guus Exp $ */ #include "config.h" @@ -399,6 +399,7 @@ sigusr2_handler(int a) { dump_device_stats(); dump_nodes(); + dump_edges(); dump_subnets(); } diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 14914ba8..42d35e98 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.12 2002/09/04 13:48:52 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.13 2002/09/04 14:17:28 guus Exp $ */ #include "config.h" @@ -471,7 +471,7 @@ cp gettimeofday(&now, NULL); c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; - x = send_request(c, "%d %s %s %d %lx", ACK, myport, c->estimated_weight, c->options); + x = send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options); cp return x; } From 8b2b67e26c5b971761f5015764d5e188f6343bc4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Sep 2002 16:26:45 +0000 Subject: [PATCH 679/923] Generalized request broadcasting/forwarding. --- src/connection.c | 9 ++++++- src/connection.h | 4 +++- src/meta.c | 3 ++- src/net.c | 36 +++++----------------------- src/protocol.c | 25 ++++++++++++++++++-- src/protocol.h | 3 ++- src/protocol_auth.c | 55 +++++++++++++++++-------------------------- src/protocol_edge.c | 20 +++------------- src/protocol_key.c | 15 +++--------- src/protocol_subnet.c | 24 ++++--------------- 10 files changed, 76 insertions(+), 118 deletions(-) diff --git a/src/connection.c b/src/connection.c index e8a53ecc..642bface 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.30 2002/06/21 10:11:12 guus Exp $ + $Id: connection.c,v 1.1.2.31 2002/09/04 16:26:44 guus Exp $ */ #include "config.h" @@ -41,6 +41,7 @@ #include "system.h" avl_tree_t *connection_tree; /* Meta connections */ +connection_t *broadcast; int connection_compare(connection_t *a, connection_t *b) { @@ -51,6 +52,10 @@ void init_connections(void) { cp connection_tree = avl_alloc_tree((avl_compare_t)connection_compare, NULL); +cp + broadcast = new_connection(); + broadcast->name = xstrdup(_("everyone")); + broadcast->hostname = xstrdup(_("BROADCAST")); cp } @@ -58,6 +63,8 @@ void exit_connections(void) { cp avl_delete_tree(connection_tree); +cp + free_connection(broadcast); cp } diff --git a/src/connection.h b/src/connection.h index a6d8c58e..4d2ea2d3 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.29 2002/09/04 13:48:51 guus Exp $ + $Id: connection.h,v 1.1.2.30 2002/09/04 16:26:44 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -99,6 +99,7 @@ typedef struct connection_t { char buffer[MAXBUFSIZE]; /* metadata input buffer */ int buflen; /* bytes read into buffer */ + int reqlen; /* length of incoming request */ int tcplen; /* length of incoming TCPpacket */ int allow_request; /* defined if there's only one request possible */ @@ -108,6 +109,7 @@ typedef struct connection_t { } connection_t; extern avl_tree_t *connection_tree; +extern connection_t *broadcast; extern void init_connections(void); extern void exit_connections(void); diff --git a/src/meta.c b/src/meta.c index 8d6b0a84..c3d4f829 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.26 2002/06/21 10:11:12 guus Exp $ + $Id: meta.c,v 1.1.2.27 2002/09/04 16:26:44 guus Exp $ */ #include "config.h" @@ -182,6 +182,7 @@ cp if(reqlen) { + c->reqlen = reqlen; if(receive_request(c)) return -1; diff --git a/src/net.c b/src/net.c index 4a5c4b9f..13933d9a 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.176 2002/09/04 13:48:51 guus Exp $ + $Id: net.c,v 1.35.4.177 2002/09/04 16:26:44 guus Exp $ */ #include "config.h" @@ -87,11 +87,10 @@ time_t now = 0; void purge(void) { - avl_node_t *nnode, *nnext, *enode, *enext, *snode, *snext, *cnode; + avl_node_t *nnode, *nnext, *enode, *enext, *snode, *snext; node_t *n; edge_t *e; subnet_t *s; - connection_t *c; cp if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_DEBUG, _("Purging unreachable nodes")); @@ -110,14 +109,7 @@ cp { snext = snode->next; s = (subnet_t *)snode->data; - - for(cnode = connection_tree->head; cnode; cnode = cnode->next) - { - c = (connection_t *)cnode->data; - if(c->status.active) - send_del_subnet(c, s); - } - + send_del_subnet(broadcast, s); subnet_del(n, s); } @@ -125,14 +117,7 @@ cp { enext = enode->next; e = (edge_t *)enode->data; - - for(cnode = connection_tree->head; cnode; cnode = cnode->next) - { - c = (connection_t *)cnode->data; - if(c->status.active) - send_del_edge(c, e); - } - + send_del_edge(broadcast, e); edge_del(e); } @@ -188,8 +173,6 @@ cp */ void terminate_connection(connection_t *c, int report) { - avl_node_t *node; - connection_t *other; cp if(c->status.remove) return; @@ -210,14 +193,7 @@ cp if(c->edge) { if(report) - { - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_del_edge(other, c->edge); - } - } + send_del_edge(broadcast, c->edge); edge_del(c->edge); @@ -407,7 +383,7 @@ cp syslog(LOG_INFO, _("Regenerating symmetric key")); RAND_pseudo_bytes(myself->key, myself->keylength); - send_key_changed(myself->connection, myself); + send_key_changed(broadcast, myself); keyexpires = now + keylifetime; } } diff --git a/src/protocol.c b/src/protocol.c index 644e89e9..4127f51a 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.132 2002/09/04 13:48:52 guus Exp $ + $Id: protocol.c,v 1.28.4.133 2002/09/04 16:26:44 guus Exp $ */ #include "config.h" @@ -89,7 +89,28 @@ cp buffer[len++] = '\n'; cp - return send_meta(c, buffer, len); + if(c == broadcast) + return broadcast_meta(NULL, buffer, len); + else + return send_meta(c, buffer, len); +} + +int forward_request(connection_t *from) +{ + int request; +cp + if(debug_lvl >= DEBUG_PROTOCOL) + { + sscanf(from->buffer, "%d", &request); + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Broadcasting %s from %s (%s): %s"), request_name[request], from->name, from->hostname, from->buffer); + else + syslog(LOG_DEBUG, _("Broadcasting %s from %s (%s)"), request_name[request], from->name, from->hostname); + } + + from->buffer[from->reqlen - 1] = '\n'; +cp + return broadcast_meta(from, from->buffer, from->reqlen); } int receive_request(connection_t *c) diff --git a/src/protocol.h b/src/protocol.h index a021f4fe..47f772c7 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.33 2002/09/04 13:48:52 guus Exp $ + $Id: protocol.h,v 1.5.4.34 2002/09/04 16:26:45 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -62,6 +62,7 @@ typedef struct past_request_t { /* Basic functions */ extern int send_request(connection_t*, const char*, ...); +extern int forward_request(connection_t *); extern int receive_request(connection_t *); extern int check_id(char *); diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 42d35e98..4456ea59 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.13 2002/09/04 14:17:28 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.14 2002/09/04 16:26:45 guus Exp $ */ #include "config.h" @@ -483,7 +483,7 @@ void send_everything(connection_t *c) subnet_t *s; edge_t *e; - /* Send all known subnets */ + /* Send all known subnets and edges */ for(node = node_tree->head; node; node = node->next) { @@ -494,15 +494,12 @@ void send_everything(connection_t *c) s = (subnet_t *)node2->data; send_add_subnet(c, s); } - } - /* Send all known edges */ - - for(node = edge_tree->head; node; node = node->next) - { - e = (edge_t *)node->data; - - send_add_edge(c, e); + for(node2 = n->edge_tree->head; node2; node2 = node2->next) + { + e = (edge_t *)node2->data; + send_add_edge(c, e); + } } } @@ -513,8 +510,6 @@ int ack_h(connection_t *c) int weight; long int options; node_t *n; - connection_t *other; - avl_node_t *node; cp if(sscanf(c->buffer, "%*d "MAX_STRING" %d %lx", hisport, &weight, &options) != 3) { @@ -541,14 +536,24 @@ cp syslog(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); terminate_connection(n->connection, 0); } - - /* FIXME: check if information in existing node matches that of the other end of this connection */ } n->connection = c; c->node = n; c->options |= options; + /* Activate this connection */ + + c->allow_request = ALL; + c->status.active = 1; + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); + + /* Send him everything we know */ + + send_everything(c); + /* Create an edge_t for this connection */ c->edge = new_edge(); @@ -565,28 +570,10 @@ cp cp edge_add(c->edge); - /* Activate this connection */ - - c->allow_request = ALL; - c->status.active = 1; - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); - cp - /* Send him everything we know */ + /* Notify everyone of the new edge */ - send_everything(c); - - /* Notify others of this connection */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - - if(other->status.active && other != c) - send_add_edge(other, c->edge); - } + send_add_edge(broadcast, c->edge); /* Run MST and SSSP algorithms */ diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 9b35a9fb..7663a46f 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.9 2002/09/04 13:48:52 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.10 2002/09/04 16:26:45 guus Exp $ */ #include "config.h" @@ -62,7 +62,6 @@ cp int add_edge_h(connection_t *c) { - connection_t *other; edge_t *e; node_t *from, *to; char from_name[MAX_STRING_SIZE]; @@ -72,7 +71,6 @@ int add_edge_h(connection_t *c) sockaddr_t address; long int options; int weight; - avl_node_t *node; cp if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", from_name, to_name, to_address, to_port, &options, &weight) != 6) @@ -169,12 +167,7 @@ cp /* Tell the rest about the new edge */ - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } + forward_request(c); /* Run MST before or after we tell the rest? */ @@ -196,8 +189,6 @@ int del_edge_h(connection_t *c) char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; node_t *from, *to; - connection_t *other; - avl_node_t *node; cp if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING"", from_name, to_name) != 2) { @@ -264,12 +255,7 @@ cp /* Tell the rest about the deleted edge */ - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } + forward_request(c); /* Delete the edge */ diff --git a/src/protocol_key.c b/src/protocol_key.c index 0f14cd69..029b41a4 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.9 2002/09/04 08:02:33 guus Exp $ + $Id: protocol_key.c,v 1.1.4.10 2002/09/04 16:26:45 guus Exp $ */ #include "config.h" @@ -54,17 +54,13 @@ cp if(n == myself && !mykeyused) return 0; - - send_request(NULL, "%d %lx %s", KEY_CHANGED, random(), n->name); cp - return 0; + return send_request(c, "%d %lx %s", KEY_CHANGED, random(), n->name); } int key_changed_h(connection_t *c) { char name[MAX_STRING_SIZE]; - avl_node_t *node; - connection_t *other; node_t *n; cp if(sscanf(c->buffer, "%*d %*x "MAX_STRING, name) != 1) @@ -91,12 +87,7 @@ cp /* Tell the others */ - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } + forward_request(c); cp return 0; } diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index e5103079..a7344d7a 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.5 2002/09/03 20:43:26 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.6 2002/09/04 16:26:45 guus Exp $ */ #include "config.h" @@ -60,9 +60,7 @@ int add_subnet_h(connection_t *c) char subnetstr[MAX_STRING_SIZE]; char name[MAX_STRING_SIZE]; node_t *owner; - connection_t *other; subnet_t *s; - avl_node_t *node; cp if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) { @@ -124,13 +122,8 @@ cp subnet_add(owner, s); /* Tell the rest */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } + + forward_request(c); cp return 0; } @@ -152,9 +145,7 @@ int del_subnet_h(connection_t *c) char subnetstr[MAX_STRING_SIZE]; char name[MAX_STRING_SIZE]; node_t *owner; - connection_t *other; subnet_t *s, *find; - avl_node_t *node; cp if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) { @@ -218,13 +209,8 @@ cp } /* Tell the rest */ - - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_request(other, "%s", c->buffer); - } + + forward_request(c); /* Finally, delete it. */ From d4277e9ee8affa59ac9b3475245360bd14af1fa8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Sep 2002 16:36:03 +0000 Subject: [PATCH 680/923] Updated dutch translation. --- po/nl.po | 138 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 78 insertions(+), 60 deletions(-) diff --git a/po/nl.po b/po/nl.po index e743e699..6c96705b 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,8 +5,8 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-08-24 13:45+0200\n" -"PO-Revision-Date: 2002-08-24 14:20+0200\n" +"POT-Creation-Date: 2002-09-04 18:33+0200\n" +"PO-Revision-Date: 2002-09-04 18:33+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" @@ -122,16 +122,24 @@ msgstr "" "bescherming.\n" "Ik maak of overschrijf dit bestand niet.\n" -#: src/connection.c:114 +#: src/connection.c:57 +msgid "everyone" +msgstr "iedereen" + +#: src/connection.c:58 +msgid "BROADCAST" +msgstr "BROADCAST" + +#: src/connection.c:121 msgid "Connections:" msgstr "Verbindingen:" -#: src/connection.c:119 +#: src/connection.c:126 #, c-format msgid " %s at %s options %lx socket %d status %04x" msgstr " %s op %s opties %lx socket %d status %04x" -#: src/connection.c:123 +#: src/connection.c:130 msgid "End of connections." msgstr "Einde van verbindingen." @@ -165,58 +173,58 @@ msgstr "Verbinding be msgid "Metadata socket read error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" -#: src/meta.c:202 +#: src/meta.c:203 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:97 +#: src/net.c:96 msgid "Purging unreachable nodes" msgstr "Verwijderen onbereikbare nodes" -#: src/net.c:107 +#: src/net.c:106 #, c-format msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:198 +#: src/net.c:181 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:263 +#: src/net.c:239 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:276 +#: src/net.c:252 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:321 src/net_socket.c:264 +#: src/net.c:297 src/net_socket.c:264 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:373 +#: src/net.c:349 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:407 +#: src/net.c:383 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:424 +#: src/net.c:400 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:441 +#: src/net.c:417 msgid "Rereading configuration file and restarting in 5 seconds..." msgstr "Herlezen configuratiebestand en herstarten na 5 seconden..." -#: src/net.c:448 +#: src/net.c:424 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." @@ -537,63 +545,73 @@ msgstr "Verzending %s naar %s (%s): %s" msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:104 +#: src/protocol.c:106 +#, c-format +msgid "Broadcasting %s from %s (%s): %s" +msgstr "Verspreiding %s van %s (%s): %s" + +#: src/protocol.c:108 +#, c-format +msgid "Broadcasting %s from %s (%s)" +msgstr "Verspreiding %s van %s (%s)" + +#: src/protocol.c:125 #, c-format msgid "Unknown request from %s (%s): %s" msgstr "Onbekend verzoek van %s (%s): %s" -#: src/protocol.c:107 +#: src/protocol.c:128 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:117 +#: src/protocol.c:138 #, c-format msgid "Got %s from %s (%s): %s" msgstr "Kreeg %s van %s (%s): %s" -#: src/protocol.c:120 +#: src/protocol.c:141 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:127 +#: src/protocol.c:148 #, c-format msgid "Unauthorized request from %s (%s)" msgstr "Niet toegestaan verzoek van %s (%s)" -#: src/protocol.c:134 +#: src/protocol.c:155 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:141 +#: src/protocol.c:162 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:187 +#: src/protocol.c:208 msgid "Already seen request" msgstr "Verzoek reeds gezien" -#: src/protocol.c:218 +#: src/protocol.c:239 #, c-format msgid "Aging past requests: deleted %d, left %d\n" msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven\n" #: src/protocol_auth.c:69 src/protocol_auth.c:224 src/protocol_auth.c:357 -#: src/protocol_auth.c:417 src/protocol_auth.c:529 src/protocol_edge.c:90 -#: src/protocol_edge.c:219 src/protocol_key.c:80 src/protocol_key.c:128 -#: src/protocol_key.c:196 src/protocol_misc.c:61 src/protocol_misc.c:91 -#: src/protocol_misc.c:177 src/protocol_subnet.c:71 src/protocol_subnet.c:163 +#: src/protocol_auth.c:417 src/protocol_auth.c:516 src/protocol_edge.c:78 +#: src/protocol_edge.c:195 src/protocol_key.c:68 src/protocol_key.c:110 +#: src/protocol_key.c:178 src/protocol_misc.c:61 src/protocol_misc.c:91 +#: src/protocol_misc.c:177 src/protocol_subnet.c:67 src/protocol_subnet.c:152 #, c-format msgid "Got bad %s from %s (%s)" msgstr "Kreeg verkeerde %s van %s (%s)" -#: src/protocol_auth.c:77 src/protocol_edge.c:98 src/protocol_edge.c:104 -#: src/protocol_edge.c:228 src/protocol_edge.c:234 src/protocol_subnet.c:79 -#: src/protocol_subnet.c:87 src/protocol_subnet.c:171 -#: src/protocol_subnet.c:189 +#: src/protocol_auth.c:77 src/protocol_edge.c:86 src/protocol_edge.c:92 +#: src/protocol_edge.c:204 src/protocol_edge.c:210 src/protocol_subnet.c:75 +#: src/protocol_subnet.c:83 src/protocol_subnet.c:160 +#: src/protocol_subnet.c:178 #, c-format msgid "Got bad %s from %s (%s): %s" msgstr "Kreeg verkeerde %s van %s (%s): %s" @@ -639,7 +657,7 @@ msgstr "Ontving willekeurige meta key (niet versleuteld): %s" msgid "%s (%s) uses unknown cipher!" msgstr "%s (%s) gebruikt onbekende cipher!" -#: src/protocol_auth.c:296 src/protocol_key.c:267 +#: src/protocol_auth.c:296 src/protocol_key.c:250 #, c-format msgid "Node %s (%s) uses unknown digest!" msgstr "Node %s (%s) gebruikt onbekende digest!" @@ -662,60 +680,60 @@ msgstr "verkeerd antwoord op uitdaging" msgid "Expected challenge reply: %s" msgstr "Verwachtte antwoord op uitdaging: %s" -#: src/protocol_auth.c:549 +#: src/protocol_auth.c:536 #, c-format msgid "Established a second connection with %s (%s), closing old connection" msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" -#: src/protocol_auth.c:583 +#: src/protocol_auth.c:551 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol_edge.c:98 src/protocol_edge.c:104 src/protocol_edge.c:228 -#: src/protocol_edge.c:234 src/protocol_subnet.c:79 src/protocol_subnet.c:171 +#: src/protocol_edge.c:86 src/protocol_edge.c:92 src/protocol_edge.c:204 +#: src/protocol_edge.c:210 src/protocol_subnet.c:75 src/protocol_subnet.c:160 msgid "invalid name" msgstr "ongeldige naam" -#: src/protocol_edge.c:150 +#: src/protocol_edge.c:134 #, c-format msgid "Got %s from %s (%s) for ourself which does not match existing entry" msgstr "" "Kreeg %s van %s (%s) voor onszelf welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:157 +#: src/protocol_edge.c:141 #, c-format msgid "Got %s from %s (%s) which does not match existing entry" msgstr "Kreeg %s van %s (%s) welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:167 +#: src/protocol_edge.c:151 #, c-format msgid "Got %s from %s (%s) for ourself which does not exist" msgstr "Kreeg %s van %s (%s) voor onszelf welke niet bestaat" -#: src/protocol_edge.c:248 src/protocol_edge.c:257 src/protocol_edge.c:268 +#: src/protocol_edge.c:224 src/protocol_edge.c:233 src/protocol_edge.c:244 #, c-format msgid "Got %s from %s (%s) which does not appear in the edge tree" msgstr "Kreeg %s van %s (%s) welke niet voorkomt in de edge tree" -#: src/protocol_edge.c:275 src/protocol_subnet.c:118 src/protocol_subnet.c:217 +#: src/protocol_edge.c:251 src/protocol_subnet.c:114 src/protocol_subnet.c:206 #, c-format msgid "Got %s from %s (%s) for ourself" msgstr "Kreeg %s van %s (%s) voor onszelf" -#: src/protocol_key.c:92 +#: src/protocol_key.c:80 #, c-format msgid "Got %s from %s (%s) origin %s which does not exist" msgstr "Kreeg %s van %s (%s) herkomst %s welke niet bestaat" -#: src/protocol_key.c:137 src/protocol_key.c:205 +#: src/protocol_key.c:119 src/protocol_key.c:187 #, c-format msgid "" "Got %s from %s (%s) origin %s which does not exist in our connection list" msgstr "" "Kreeg %s van %s (%s) herkomst %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:146 src/protocol_key.c:214 +#: src/protocol_key.c:128 src/protocol_key.c:196 #, c-format msgid "" "Got %s from %s (%s) destination %s which does not exist in our connection " @@ -723,17 +741,17 @@ msgid "" msgstr "" "Kreeg %s van %s (%s) doel %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:246 +#: src/protocol_key.c:229 #, c-format msgid "Node %s (%s) uses unknown cipher!" msgstr "Node %s (%s) gebruikt onbekende cipher!" -#: src/protocol_key.c:251 +#: src/protocol_key.c:234 #, c-format msgid "Node %s (%s) uses wrong keylength!" msgstr "Node %s (%s) gebruikt verkeerde lengte sleutel!" -#: src/protocol_key.c:272 +#: src/protocol_key.c:255 #, c-format msgid "Node %s (%s) uses bogus MAC length!" msgstr "Node %s (%s) gebruikt onzinnige MAC lengte!" @@ -748,16 +766,16 @@ msgstr "Statusmelding van %s (%s): %s: %s" msgid "Error message from %s (%s): %s: %s" msgstr "Foutmelding van %s (%s): %s: %s" -#: src/protocol_subnet.c:87 src/protocol_subnet.c:189 +#: src/protocol_subnet.c:83 src/protocol_subnet.c:178 msgid "invalid subnet string" msgstr "ongeldige subnet string" -#: src/protocol_subnet.c:180 +#: src/protocol_subnet.c:169 #, c-format msgid "Got %s from %s (%s) for %s which is not in our node tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in de node boom" -#: src/protocol_subnet.c:207 +#: src/protocol_subnet.c:196 #, c-format msgid "Got %s from %s (%s) for %s which does not appear in his subnet tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in zijn subnet boom" @@ -1133,25 +1151,25 @@ msgstr "" msgid "End of nodes." msgstr "Einde van nodes." -#: src/edge.c:194 +#: src/edge.c:170 msgid "Edges:" msgstr "Edges:" -#: src/edge.c:201 +#: src/edge.c:176 #, c-format -msgid " %s at %s - %s at %s options %lx weight %d" -msgstr " %s op %s - %s op %s opties %lx gewicht %d" +msgid " %s to %s at %s options %lx weight %d" +msgstr " %s naar %s op %s opties %lx gewicht %d" -#: src/edge.c:209 +#: src/edge.c:182 msgid "End of edges." msgstr "Einde van edges." -#: src/graph.c:265 +#: src/graph.c:263 #, c-format msgid "Node %s (%s) became reachable" msgstr "Node %s (%s) werd bereikbaar" -#: src/graph.c:267 +#: src/graph.c:265 #, c-format msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" From 6fdaa8e1caff4edb44a105b03c79403b743e9bd2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Sep 2002 19:57:53 +0000 Subject: [PATCH 681/923] Small updates. --- configure.in | 4 ++-- po/nl.po | 10 +++++----- src/protocol.c | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/configure.in b/configure.in index 9a584b76..b530e0c4 100644 --- a/configure.in +++ b/configure.in @@ -1,8 +1,8 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.55 2002/08/24 12:54:55 guus Exp $ +dnl $Id: configure.in,v 1.13.2.56 2002/09/04 19:57:53 guus Exp $ -AC_PREREQ(2.50) +AC_PREREQ(2.53) AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) AM_CONFIG_HEADER(config.h) diff --git a/po/nl.po b/po/nl.po index 6c96705b..e94fbb68 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-09-04 18:33+0200\n" +"POT-Creation-Date: 2002-09-04 18:47+0200\n" "PO-Revision-Date: 2002-09-04 18:33+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -547,13 +547,13 @@ msgstr "Verzending %s naar %s (%s)" #: src/protocol.c:106 #, c-format -msgid "Broadcasting %s from %s (%s): %s" -msgstr "Verspreiding %s van %s (%s): %s" +msgid "Forwarding %s from %s (%s): %s" +msgstr "Doorsturen %s van %s (%s): %s" #: src/protocol.c:108 #, c-format -msgid "Broadcasting %s from %s (%s)" -msgstr "Verspreiding %s van %s (%s)" +msgid "Forwarding %s from %s (%s)" +msgstr "Doorsturen %s van %s (%s)" #: src/protocol.c:125 #, c-format diff --git a/src/protocol.c b/src/protocol.c index 4127f51a..855c2b70 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.133 2002/09/04 16:26:44 guus Exp $ + $Id: protocol.c,v 1.28.4.134 2002/09/04 19:57:53 guus Exp $ */ #include "config.h" @@ -103,9 +103,9 @@ cp { sscanf(from->buffer, "%d", &request); if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Broadcasting %s from %s (%s): %s"), request_name[request], from->name, from->hostname, from->buffer); + syslog(LOG_DEBUG, _("Forwarding %s from %s (%s): %s"), request_name[request], from->name, from->hostname, from->buffer); else - syslog(LOG_DEBUG, _("Broadcasting %s from %s (%s)"), request_name[request], from->name, from->hostname); + syslog(LOG_DEBUG, _("Forwarding %s from %s (%s)"), request_name[request], from->name, from->hostname); } from->buffer[from->reqlen - 1] = '\n'; From b18bd211bec84a804f58da5f2d2908e54de3fe40 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Sep 2002 23:04:52 +0000 Subject: [PATCH 682/923] Run autopoint and libtoolize before creating initial makefiles. --- autogen.sh | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/autogen.sh b/autogen.sh index 1209bd8e..ecdd7010 100644 --- a/autogen.sh +++ b/autogen.sh @@ -96,18 +96,6 @@ do echo processing $dr macrodirs=`sed -n -e 's,AM_ACLOCAL_INCLUDE(\(.*\)),\1,gp' < $coin` ( cd $dr - aclocalinclude="$ACLOCAL_FLAGS" - for k in $macrodirs; do - if test -d $k; then - if test -f $k/Makefile.am.in; then - make -C $k -f Makefile.am.in Makefile.am - fi - aclocalinclude="$aclocalinclude -I $k" - ##else - ## echo "**Warning**: No such directory \`$k'. Ignored." - fi - done - touch ChangeLog if grep "^AM_GNU_GETTEXT" configure.in >/dev/null; then if grep "sed.*POTFILES" configure.in >/dev/null; then : do nothing -- we still have an old unmodified configure.in @@ -132,6 +120,18 @@ do echo "Running libtoolize..." libtoolize --force --copy fi + aclocalinclude="$ACLOCAL_FLAGS" + for k in $macrodirs; do + if test -d $k; then + if test -f $k/Makefile.am.in; then + make -C $k -f Makefile.am.in Makefile.am + fi + aclocalinclude="$aclocalinclude -I $k" + ##else + ## echo "**Warning**: No such directory \`$k'. Ignored." + fi + done + touch ChangeLog echo "Running aclocal $aclocalinclude ..." aclocal $aclocalinclude if grep "^AM_CONFIG_HEADER" configure.in >/dev/null; then From b4f87952bf2d37524c705b32864f802144f94d68 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Sep 2002 23:05:49 +0000 Subject: [PATCH 683/923] Add missing headers. --- lib/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/Makefile.am b/lib/Makefile.am index ff3e5a5a..369042e3 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,5 +1,5 @@ ## Process this file with automake to produce Makefile.in -# $Id: Makefile.am,v 1.2.4.10 2002/08/24 12:11:39 guus Exp $ +# $Id: Makefile.am,v 1.2.4.11 2002/09/04 23:05:49 guus Exp $ noinst_LIBRARIES = libvpn.a @@ -10,6 +10,6 @@ libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c avl_tre libvpn_a_LIBADD = @LIBOBJS@ @ALLOCA@ libvpn_a_DEPENDENCIES = $(libvpn_a_LIBADD) -noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h avl_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h +noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h avl_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h gettext.h EXTRA_DIST = From e4d85a6557ee45870bee0c5a16807e48b7a3c243 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 4 Sep 2002 23:11:58 +0000 Subject: [PATCH 684/923] Typo. --- lib/gettext.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/gettext.h b/lib/gettext.h index ba92769e..2b9a16df 100644 --- a/lib/gettext.h +++ b/lib/gettext.h @@ -61,7 +61,7 @@ # define bind_textdomain_codeset(Domainname, Codeset) ((const char *) (Codeset)) # define _(Text) Text -# define setlocale(Category, Locale) ((chonst char *) (Locale)) +# define setlocale(Category, Locale) ((const char *) (Locale)) #endif From 641705df90b4c41e7f5083f6cd601cbbfb1c2c85 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 6 Sep 2002 09:48:39 +0000 Subject: [PATCH 685/923] Only reset seqno's when a key is sent or received. --- src/graph.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/graph.c b/src/graph.c index b5e81931..6841ff29 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.15 2002/09/04 13:48:51 guus Exp $ + $Id: graph.c,v 1.1.2.16 2002/09/06 09:48:39 guus Exp $ */ /* We need to generate two trees from the graph: @@ -266,7 +266,6 @@ void sssp_bfs(void) n->status.validkey = 0; n->status.waitingforkey = 0; - n->sent_seqno = 0; asprintf(&envp[0], "NETNAME=%s", netname?netname:""); asprintf(&envp[1], "DEVICE=%s", device?device:""); From fbf8a47879671541939cfdc6beb93b02b9eee303 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 6 Sep 2002 10:23:52 +0000 Subject: [PATCH 686/923] Remove global edge_tree. --- src/edge.c | 51 ++++++++++++++++-------------------------------- src/edge.h | 3 +-- src/net_packet.c | 3 +-- 3 files changed, 19 insertions(+), 38 deletions(-) diff --git a/src/edge.c b/src/edge.c index a0f5535f..4a000e88 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.12 2002/09/04 13:48:51 guus Exp $ + $Id: edge.c,v 1.1.2.13 2002/09/06 10:23:52 guus Exp $ */ #include "config.h" @@ -41,32 +41,13 @@ #include "xalloc.h" #include "system.h" -avl_tree_t *edge_tree; /* Tree with all known edges (replaces active_tree) */ avl_tree_t *edge_weight_tree; /* Tree with all edges, sorted on weight */ int edge_compare(edge_t *a, edge_t *b) { - int result; - - result = strcmp(a->from->name, b->from->name); - - if(result) - return result; - else - return strcmp(a->to->name, b->to->name); + return strcmp(a->to->name, b->to->name); } -/* Evil edge_compare() from a parallel universe ;) - -int edge_compare(edge_t *a, edge_t *b) -{ - int result; - - return (result = strcmp(a->from->name, b->from->name)) || (result = strcmp(a->to->name, b->to->name)), result; -} - -*/ - int edge_weight_compare(edge_t *a, edge_t *b) { int result; @@ -82,7 +63,6 @@ int edge_weight_compare(edge_t *a, edge_t *b) void init_edges(void) { cp - edge_tree = avl_alloc_tree((avl_compare_t)edge_compare, NULL); edge_weight_tree = avl_alloc_tree((avl_compare_t)edge_weight_compare, NULL); cp } @@ -104,7 +84,7 @@ cp void exit_edges(void) { cp - avl_delete_tree(edge_tree); + avl_delete_tree(edge_weight_tree); cp } @@ -129,7 +109,6 @@ cp void edge_add(edge_t *e) { cp - avl_insert(edge_tree, e); avl_insert(edge_weight_tree, e); avl_insert(e->from->edge_tree, e); cp @@ -145,7 +124,6 @@ cp if(e->reverse) e->reverse->reverse = NULL; cp - avl_delete(edge_tree, e); avl_delete(edge_weight_tree, e); avl_delete(e->from->edge_tree, e); cp @@ -158,25 +136,30 @@ cp v.from = from; v.to = to; - return avl_search(edge_tree, &v); + return avl_search(from->edge_tree, &v); } void dump_edges(void) { - avl_node_t *node; + avl_node_t *node, *node2; + node_t *n; edge_t *e; char *address; cp syslog(LOG_DEBUG, _("Edges:")); - for(node = edge_tree->head; node; node = node->next) + for(node = node_tree->head; node; node = node->next) { - e = (edge_t *)node->data; - address = sockaddr2hostname(&e->address); - syslog(LOG_DEBUG, _(" %s to %s at %s options %lx weight %d"), - e->from->name, e->to->name, address, - e->options, e->weight); - free(address); + n = (node_t *)node->data; + for(node2 = n->edge_tree->head; node2; node2 = node2->next) + { + e = (edge_t *)node2->data; + address = sockaddr2hostname(&e->address); + syslog(LOG_DEBUG, _(" %s to %s at %s options %lx weight %d"), + e->from->name, e->to->name, address, + e->options, e->weight); + free(address); + } } syslog(LOG_DEBUG, _("End of edges.")); diff --git a/src/edge.h b/src/edge.h index e3735e63..9ddb7564 100644 --- a/src/edge.h +++ b/src/edge.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.9 2002/09/04 13:48:51 guus Exp $ + $Id: edge.h,v 1.1.2.10 2002/09/06 10:23:52 guus Exp $ */ #ifndef __TINC_EDGE_H__ @@ -41,7 +41,6 @@ typedef struct edge_t { struct edge_t *reverse; /* edge in the opposite direction, if available */ } edge_t; -extern avl_tree_t *edge_tree; /* Tree with all known edges */ extern avl_tree_t *edge_weight_tree; /* Tree with all known edges sorted on weight */ extern void init_edges(void); diff --git a/src/net_packet.c b/src/net_packet.c index 8419d6a0..7dd9a21a 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.19 2002/09/04 13:48:52 guus Exp $ + $Id: net_packet.c,v 1.1.2.20 2002/09/06 10:23:52 guus Exp $ */ #include "config.h" @@ -429,4 +429,3 @@ cp receive_udppacket(n, &pkt); cp } - From fc7116a32b798589e7731db9f9db66345c8c3e01 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 6 Sep 2002 11:08:21 +0000 Subject: [PATCH 687/923] Added AM_MAINTAINER_MODE --- configure.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.in b/configure.in index b530e0c4..d8f621e8 100644 --- a/configure.in +++ b/configure.in @@ -1,11 +1,12 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.56 2002/09/04 19:57:53 guus Exp $ +dnl $Id: configure.in,v 1.13.2.57 2002/09/06 11:08:21 zarq Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) AM_CONFIG_HEADER(config.h) +AM_MAINTAINER_MODE dnl Include the macros from the m4/ directory AM_ACLOCAL_INCLUDE(m4) From d5b61fc0cd249fd2b2751a1ff77b321323a17beb Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 6 Sep 2002 12:19:16 +0000 Subject: [PATCH 688/923] edge_weight_compare() shouldn't rely on edge_compare(). --- src/edge.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/edge.c b/src/edge.c index 4a000e88..3ac0b1ba 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.13 2002/09/06 10:23:52 guus Exp $ + $Id: edge.c,v 1.1.2.14 2002/09/06 12:19:16 guus Exp $ */ #include "config.h" @@ -56,8 +56,13 @@ int edge_weight_compare(edge_t *a, edge_t *b) if(result) return result; - else - return edge_compare(a, b); + + result = strcmp(a->from->name, b->from->name); + + if(result) + return result; + + return strcmp(a->to->name, b->to->name); } void init_edges(void) From 66741978e16cc407e5c760621c34d1aabb753cd2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 6 Sep 2002 14:31:12 +0000 Subject: [PATCH 689/923] Reset the *correct* seqnos. --- src/protocol_key.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/protocol_key.c b/src/protocol_key.c index 029b41a4..24115563 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.10 2002/09/04 16:26:45 guus Exp $ + $Id: protocol_key.c,v 1.1.4.11 2002/09/06 14:31:12 guus Exp $ */ #include "config.h" @@ -135,7 +135,7 @@ cp if(to == myself) /* Yes, send our own key back */ { mykeyused = 1; - from->sent_seqno = 0; + from->received_seqno = 0; send_ans_key(c, myself, from); } else @@ -217,7 +217,7 @@ cp from->status.validkey = 1; from->status.waitingforkey = 0; - from->received_seqno = 0; + from->sent_seqno = 0; /* Check and lookup cipher and digest algorithms */ From a8ddba42b99d7694359f1387235596b84d297b9e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 6 Sep 2002 21:02:36 +0000 Subject: [PATCH 690/923] Fix MST algorithm. --- src/graph.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/graph.c b/src/graph.c index 6841ff29..b9fbbde6 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.16 2002/09/06 09:48:39 guus Exp $ + $Id: graph.c,v 1.1.2.17 2002/09/06 21:02:36 guus Exp $ */ /* We need to generate two trees from the graph: @@ -128,6 +128,8 @@ void mst_kruskal(void) e->to->status.visited = 1; if(e->connection) e->connection->status.mst = 1; + if(e->reverse->connection) + e->reverse->connection->status.mst = 1; safe_edges++; From 5638b9830f9cfe43f545c37cfd7ccf1d4b4bfcc6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 6 Sep 2002 21:22:35 +0000 Subject: [PATCH 691/923] Why don't these connection_t's get cleaned up? --- src/net.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/net.c b/src/net.c index 13933d9a..69a0133e 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.177 2002/09/04 16:26:44 guus Exp $ + $Id: net.c,v 1.35.4.178 2002/09/06 21:22:35 guus Exp $ */ #include "config.h" @@ -248,6 +248,12 @@ cp } else { + if(c->status.remove) + { + syslog(LOG_WARNING, _("Old connection_t for %s (%s) status %04x still lingering, deleting..."), c->name, c->hostname, c->status); + connection_del(c); + continue; + } if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_WARNING, _("Timeout from %s (%s) during authentication"), c->name, c->hostname); From 5fc1ed17f41f0c535cf57a4b7e00cd6d45759503 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 9 Sep 2002 19:40:12 +0000 Subject: [PATCH 692/923] Cleanups: - Convert cp to cp(); so that automatic indenters work. - Convert constructions like if(x == NULL) to if(!x). - Move all assignments out of conditions. --- configure.in | 4 +-- lib/utils.h | 8 ++--- src/conf.c | 81 +++++++++++++++++++++++++------------------ src/connection.c | 38 ++++++++++---------- src/edge.c | 44 +++++++++++------------ src/event.c | 30 ++++++++-------- src/graph.c | 8 ++--- src/linux/device.c | 14 +++++--- src/meta.c | 14 ++++---- src/net.c | 30 ++++++++-------- src/net_packet.c | 36 ++++++++++--------- src/net_setup.c | 79 ++++++++++++++++++++++++----------------- src/net_socket.c | 46 +++++++++++++----------- src/netutl.c | 58 +++++++++++++++++++------------ src/node.c | 38 ++++++++++---------- src/process.c | 34 ++++++++++-------- src/protocol.c | 38 ++++++++++---------- src/protocol_auth.c | 70 +++++++++++++++++++------------------ src/protocol_edge.c | 16 ++++----- src/protocol_key.c | 24 ++++++------- src/protocol_misc.c | 42 +++++++++++----------- src/protocol_node.c | 16 ++++----- src/protocol_subnet.c | 30 +++++++++------- src/route.c | 32 ++++++++--------- src/subnet.c | 72 +++++++++++++++++++------------------- src/tincd.c | 32 +++++++++++------ 26 files changed, 508 insertions(+), 426 deletions(-) diff --git a/configure.in b/configure.in index d8f621e8..249cd14e 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.57 2002/09/06 11:08:21 zarq Exp $ +dnl $Id: configure.in,v 1.13.2.58 2002/09/09 19:39:53 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -129,7 +129,7 @@ AC_FUNC_ALLOCA AC_TYPE_SIGNAL AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime get_current_dir_name \ putenv select strdup strerror strsignal strtol unsetenv \ -freeaddrinfo gai_strerror getaddrinfo getnameinfo]) +freeaddrinfo gai_strerror getaddrinfo getnameinfo mlockall]) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/lib/utils.h b/lib/utils.h index 2d1c9bf8..a1a666bd 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -46,11 +46,11 @@ extern volatile char *cp_file[]; extern volatile int cp_index; extern void cp_trace(void); - #define cp { cp_line[cp_index] = __LINE__; cp_file[cp_index] = __FILE__; cp_index++; cp_index %= 16; } - #define ecp { fprintf(stderr, "Explicit checkpoint in %s line %d\n", __FILE__, __LINE__); } + #define cp() { cp_line[cp_index] = __LINE__; cp_file[cp_index] = __FILE__; cp_index++; cp_index %= 16; } + #define ecp() { fprintf(stderr, "Explicit checkpoint in %s line %d\n", __FILE__, __LINE__); } #else - #define cp - #define ecp + #define cp() + #define ecp() #define cp_trace() #endif diff --git a/src/conf.c b/src/conf.c index 1d9efb64..f70abdfe 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.57 2002/06/21 10:11:12 guus Exp $ + $Id: conf.c,v 1.9.4.58 2002/09/09 19:39:55 guus Exp $ */ #include "config.h" @@ -72,23 +72,23 @@ int config_compare(config_t *a, config_t *b) void init_configuration(avl_tree_t **config_tree) { -cp + cp(); *config_tree = avl_alloc_tree((avl_compare_t)config_compare, (avl_action_t)free_config); -cp + cp(); } void exit_configuration(avl_tree_t **config_tree) { -cp + cp(); avl_delete_tree(*config_tree); *config_tree = NULL; -cp + cp(); } config_t *new_config(void) { config_t *cfg; -cp + cp(); cfg = (config_t *)xmalloc_and_zero(sizeof(*cfg)); return cfg; @@ -96,7 +96,7 @@ cp void free_config(config_t *cfg) { -cp + cp(); if(cfg->variable) free(cfg->variable); if(cfg->value) @@ -104,20 +104,20 @@ cp if(cfg->file) free(cfg->file); free(cfg); -cp + cp(); } void config_add(avl_tree_t *config_tree, config_t *cfg) { -cp + cp(); avl_insert(config_tree, cfg); -cp + cp(); } config_t *lookup_config(avl_tree_t *config_tree, char *variable) { config_t cfg, *found; -cp + cp(); cfg.variable = variable; cfg.file = ""; cfg.line = 0; @@ -137,7 +137,7 @@ config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg) { avl_node_t *node; config_t *found; -cp + cp(); node = avl_search_node(config_tree, cfg); if(node) @@ -155,7 +155,7 @@ cp int get_config_bool(config_t *cfg, int *result) { -cp + cp(); if(!cfg) return 0; @@ -178,7 +178,7 @@ cp int get_config_int(config_t *cfg, int *result) { -cp + cp(); if(!cfg) return 0; @@ -192,7 +192,7 @@ cp int get_config_string(config_t *cfg, char **result) { -cp + cp(); if(!cfg) return 0; @@ -203,7 +203,7 @@ cp int get_config_address(config_t *cfg, struct addrinfo **result) { struct addrinfo *ai; -cp + cp(); if(!cfg) return 0; @@ -222,7 +222,7 @@ cp int get_config_port(config_t *cfg, port_t *result) { -cp + cp(); if(!cfg) return 0; @@ -240,7 +240,7 @@ cp int get_config_subnet(config_t *cfg, subnet_t **result) { subnet_t *subnet; -cp + cp(); if(!cfg) return 0; @@ -295,7 +295,7 @@ char *readline(FILE *fp, char **buf, size_t *buflen) if(feof(fp)) return NULL; - if((buf != NULL) && (buflen != NULL)) + if(buf && buflen) { size = *buflen; line = *buf; @@ -313,7 +313,7 @@ char *readline(FILE *fp, char **buf, size_t *buflen) { errno = 0; p = fgets(idx, maxlen, fp); - if(p == NULL) /* EOF or error */ + if(!p) /* EOF or error */ { if(feof(fp)) break; @@ -325,7 +325,7 @@ char *readline(FILE *fp, char **buf, size_t *buflen) } newline = strchr(p, '\n'); - if(newline == NULL) + if(!newline) /* We haven't yet read everything to the end of the line */ { newsize = size << 1; @@ -341,7 +341,7 @@ char *readline(FILE *fp, char **buf, size_t *buflen) } } - if((buf != NULL) && (buflen != NULL)) + if(buf && buflen) { *buflen = size; *buf = line; @@ -363,8 +363,10 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) config_t *cfg; size_t bufsize; -cp - if((fp = fopen (fname, "r")) == NULL) + cp(); + fp = fopen (fname, "r"); + + if(!fp) { syslog(LOG_ERR, _("Cannot open config file %s: %s"), fname, strerror(errno)); return -3; @@ -375,7 +377,9 @@ cp for(;;) { - if((line = readline(fp, &buffer, &bufsize)) == NULL) + line = readline(fp, &buffer, &bufsize); + + if(!line) { err = -1; break; @@ -389,7 +393,9 @@ cp lineno++; - if((variable = strtok(line, "\t =")) == NULL) + variable = strtok(line, "\t ="); + + if(!variable) continue; /* no tokens on this line */ if(variable[0] == '#') @@ -400,7 +406,9 @@ cp if(!ignore) { - if(((value = strtok(NULL, "\t\n\r =")) == NULL) || value[0] == '#') + value = strtok(NULL, "\t\n\r ="); + + if(!value || value[0] == '#') { syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), variable, lineno, fname); @@ -422,7 +430,7 @@ cp free(buffer); fclose (fp); -cp + cp(); return err; } @@ -430,7 +438,7 @@ int read_server_config() { char *fname; int x; -cp + cp(); asprintf(&fname, "%s/tinc.conf", confbase); x = read_config_file(config_tree, fname); if(x == -1) /* System error: complain */ @@ -438,7 +446,7 @@ cp syslog(LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno)); } free(fname); -cp + cp(); return x; } @@ -571,18 +579,20 @@ FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode what, filename); fflush(stdout); - if((fn = readline(stdin, NULL, NULL)) == NULL) + fn = readline(stdin, NULL, NULL); + + if(!fn) { fprintf(stderr, _("Error while reading stdin: %s\n"), strerror(errno)); return NULL; } - if(strlen(fn) == 0) + if(!strlen(fn)) /* User just pressed enter. */ fn = xstrdup(filename); } - if((strchr(fn, '/') == NULL) || (fn[0] != '/')) + if(!strchr(fn, '/') || fn[0] != '/') { /* The directory is a relative path or a filename. */ char *p; @@ -597,7 +607,10 @@ FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode umask(0077); /* Disallow everything for group and other */ /* Open it first to keep the inode busy */ - if((r = fopen(fn, mode)) == NULL) + + r = fopen(fn, mode); + + if(!r) { fprintf(stderr, _("Error opening file `%s': %s\n"), fn, strerror(errno)); diff --git a/src/connection.c b/src/connection.c index 642bface..9fd23a75 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.31 2002/09/04 16:26:44 guus Exp $ + $Id: connection.c,v 1.1.2.32 2002/09/09 19:39:58 guus Exp $ */ #include "config.h" @@ -50,41 +50,41 @@ int connection_compare(connection_t *a, connection_t *b) void init_connections(void) { -cp + cp(); connection_tree = avl_alloc_tree((avl_compare_t)connection_compare, NULL); -cp + cp(); broadcast = new_connection(); broadcast->name = xstrdup(_("everyone")); broadcast->hostname = xstrdup(_("BROADCAST")); -cp + cp(); } void exit_connections(void) { -cp + cp(); avl_delete_tree(connection_tree); -cp + cp(); free_connection(broadcast); -cp + cp(); } connection_t *new_connection(void) { connection_t *c; -cp + cp(); c = (connection_t *)xmalloc_and_zero(sizeof(connection_t)); if(!c) return NULL; gettimeofday(&c->start, NULL); -cp + cp(); return c; } void free_connection(connection_t *c) { -cp + cp(); if(c->hostname) free(c->hostname); if(c->inkey) @@ -96,28 +96,28 @@ cp if(c->hischallenge) free(c->hischallenge); free(c); -cp + cp(); } void connection_add(connection_t *c) { -cp + cp(); avl_insert(connection_tree, c); -cp + cp(); } void connection_del(connection_t *c) { -cp + cp(); avl_delete(connection_tree, c); -cp + cp(); } void dump_connections(void) { avl_node_t *node; connection_t *c; -cp + cp(); syslog(LOG_DEBUG, _("Connections:")); for(node = connection_tree->head; node; node = node->next) @@ -128,17 +128,17 @@ cp } syslog(LOG_DEBUG, _("End of connections.")); -cp + cp(); } int read_connection_config(connection_t *c) { char *fname; int x; -cp + cp(); asprintf(&fname, "%s/hosts/%s", confbase, c->name); x = read_config_file(c->config_tree, fname); free(fname); -cp + cp(); return x; } diff --git a/src/edge.c b/src/edge.c index 3ac0b1ba..e35d806d 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.14 2002/09/06 12:19:16 guus Exp $ + $Id: edge.c,v 1.1.2.15 2002/09/09 19:39:58 guus Exp $ */ #include "config.h" @@ -67,30 +67,30 @@ int edge_weight_compare(edge_t *a, edge_t *b) void init_edges(void) { -cp + cp(); edge_weight_tree = avl_alloc_tree((avl_compare_t)edge_weight_compare, NULL); -cp + cp(); } avl_tree_t *new_edge_tree(void) { -cp + cp(); return avl_alloc_tree((avl_compare_t)edge_compare, NULL); -cp + cp(); } void free_edge_tree(avl_tree_t *edge_tree) { -cp + cp(); avl_delete_tree(edge_tree); -cp + cp(); } void exit_edges(void) { -cp + cp(); avl_delete_tree(edge_weight_tree); -cp + cp(); } /* Creation and deletion of connection elements */ @@ -98,46 +98,46 @@ cp edge_t *new_edge(void) { edge_t *e; -cp + cp(); e = (edge_t *)xmalloc_and_zero(sizeof(*e)); -cp + cp(); return e; } void free_edge(edge_t *e) { -cp + cp(); free(e); -cp + cp(); } void edge_add(edge_t *e) { -cp + cp(); avl_insert(edge_weight_tree, e); avl_insert(e->from->edge_tree, e); -cp + cp(); e->reverse = lookup_edge(e->to, e->from); if(e->reverse) e->reverse->reverse = e; -cp + cp(); } void edge_del(edge_t *e) { -cp + cp(); if(e->reverse) e->reverse->reverse = NULL; -cp + cp(); avl_delete(edge_weight_tree, e); avl_delete(e->from->edge_tree, e); -cp + cp(); } edge_t *lookup_edge(node_t *from, node_t *to) { edge_t v; -cp + cp(); v.from = from; v.to = to; @@ -150,7 +150,7 @@ void dump_edges(void) node_t *n; edge_t *e; char *address; -cp + cp(); syslog(LOG_DEBUG, _("Edges:")); for(node = node_tree->head; node; node = node->next) @@ -168,5 +168,5 @@ cp } syslog(LOG_DEBUG, _("End of edges.")); -cp + cp(); } diff --git a/src/event.c b/src/event.c index 295e28f1..bc56dc1f 100644 --- a/src/event.c +++ b/src/event.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.c,v 1.1.4.3 2002/06/21 10:11:12 guus Exp $ + $Id: event.c,v 1.1.4.4 2002/09/09 19:39:58 guus Exp $ */ #include "config.h" @@ -49,53 +49,53 @@ int event_compare(event_t *a, event_t *b) void init_events(void) { -cp + cp(); event_tree = avl_alloc_tree((avl_compare_t)event_compare, NULL); -cp + cp(); } void exit_events(void) { -cp + cp(); avl_delete_tree(event_tree); -cp + cp(); } event_t *new_event(void) { event_t *event; -cp + cp(); event = (event_t *)xmalloc_and_zero(sizeof(*event)); -cp + cp(); return event; } void free_event(event_t *event) { -cp + cp(); free(event); -cp + cp(); } void event_add(event_t *event) { -cp + cp(); event->id = ++id; avl_insert(event_tree, event); -cp + cp(); } void event_del(event_t *event) { -cp + cp(); avl_delete(event_tree, event); -cp + cp(); } event_t *get_expired_event(void) { event_t *event; -cp + cp(); if(event_tree->head) { event = (event_t *)event_tree->head->data; @@ -105,6 +105,6 @@ cp return event; } } -cp + cp(); return NULL; } diff --git a/src/graph.c b/src/graph.c index b9fbbde6..fb1eb650 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.17 2002/09/06 21:02:36 guus Exp $ + $Id: graph.c,v 1.1.2.18 2002/09/09 19:39:58 guus Exp $ */ /* We need to generate two trees from the graph: @@ -269,9 +269,9 @@ void sssp_bfs(void) n->status.validkey = 0; n->status.waitingforkey = 0; - asprintf(&envp[0], "NETNAME=%s", netname?netname:""); - asprintf(&envp[1], "DEVICE=%s", device?device:""); - asprintf(&envp[2], "INTERFACE=%s", interface?interface:""); + asprintf(&envp[0], "NETNAME=%s", netname?:""); + asprintf(&envp[1], "DEVICE=%s", device?:""); + asprintf(&envp[2], "INTERFACE=%s", interface?:""); asprintf(&envp[3], "NODE=%s", n->name); sockaddr2str(&n->address, &address, &port); asprintf(&envp[4], "REMOTEADDRESS=%s", address); diff --git a/src/linux/device.c b/src/linux/device.c index 310e3328..0088accd 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.9 2002/06/21 10:11:36 guus Exp $ + $Id: device.c,v 1.1.2.10 2002/09/09 19:40:12 guus Exp $ */ #include "config.h" @@ -84,7 +84,9 @@ cp interface = rindex(device, '/')?rindex(device, '/')+1:device; #endif cp - if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) + device_fd = open(device, O_RDWR | O_NONBLOCK); + + if(device_fd < 0) { syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; @@ -154,7 +156,9 @@ int read_packet(vpn_packet_t *packet) cp if(device_type == DEVICE_TYPE_TUNTAP) { - if((lenin = read(device_fd, packet->data, MTU)) <= 0) + lenin = read(device_fd, packet->data, MTU); + + if(lenin <= 0) { syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; @@ -164,7 +168,9 @@ cp } else /* ethertap */ { - if((lenin = read(device_fd, packet->data - 2, MTU + 2)) <= 0) + lenin = read(device_fd, packet->data - 2, MTU + 2); + + if(lenin <= 0) { syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; diff --git a/src/meta.c b/src/meta.c index c3d4f829..7a68d9d2 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.27 2002/09/04 16:26:44 guus Exp $ + $Id: meta.c,v 1.1.2.28 2002/09/09 19:39:58 guus Exp $ */ #include "config.h" @@ -44,7 +44,7 @@ int send_meta(connection_t *c, char *buffer, int length) char *bufp; int outlen; char outbuf[MAXBUFSIZE]; -cp + cp(); if(debug_lvl >= DEBUG_META) syslog(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s)"), length, c->name, c->hostname); @@ -63,7 +63,7 @@ cp syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, c->hostname, strerror(errno)); return -1; } -cp + cp(); return 0; } @@ -71,14 +71,14 @@ void broadcast_meta(connection_t *from, char *buffer, int length) { avl_node_t *node; connection_t *c; -cp + cp(); for(node = connection_tree->head; node; node = node->next) { c = (connection_t *)node->data; if(c != from && c->status.active) send_meta(c, buffer, length); } -cp + cp(); } int receive_meta(connection_t *c) @@ -88,7 +88,7 @@ int receive_meta(connection_t *c) int lenin, reqlen; int decrypted = 0; char inbuf[MAXBUFSIZE]; -cp + cp(); if(getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s %s (%s)"), __FILE__, __LINE__, c->socket, strerror(errno), @@ -206,6 +206,6 @@ cp } c->last_ping_time = now; -cp + cp(); return 0; } diff --git a/src/net.c b/src/net.c index 69a0133e..b0bfaca3 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.178 2002/09/06 21:22:35 guus Exp $ + $Id: net.c,v 1.35.4.179 2002/09/09 19:39:58 guus Exp $ */ #include "config.h" @@ -91,7 +91,7 @@ void purge(void) node_t *n; edge_t *e; subnet_t *s; -cp + cp(); if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_DEBUG, _("Purging unreachable nodes")); @@ -124,7 +124,7 @@ cp node_del(n); } } -cp + cp(); } /* @@ -136,7 +136,7 @@ void build_fdset(fd_set *fs) avl_node_t *node, *next; connection_t *c; int i; -cp + cp(); FD_ZERO(fs); for(node = connection_tree->head; node; node = next) @@ -161,7 +161,7 @@ cp } FD_SET(device_fd, fs); -cp + cp(); } /* @@ -173,7 +173,7 @@ cp */ void terminate_connection(connection_t *c, int report) { -cp + cp(); if(c->status.remove) return; @@ -209,7 +209,7 @@ cp retry_outgoing(c->outgoing); c->outgoing = NULL; } -cp + cp(); } /* @@ -224,7 +224,7 @@ void check_dead_connections(void) { avl_node_t *node, *next; connection_t *c; -cp + cp(); for(node = connection_tree->head; node; node = next) { next = node->next; @@ -261,7 +261,7 @@ cp } } } -cp + cp(); } /* @@ -275,7 +275,7 @@ void check_network_activity(fd_set *f) int result, i; int len = sizeof(result); vpn_packet_t packet; -cp + cp(); if(FD_ISSET(device_fd, f)) { if(!read_packet(&packet)) @@ -321,7 +321,7 @@ cp if(FD_ISSET(listen_socket[i].tcp, f)) handle_new_meta_connection(listen_socket[i].tcp); } -cp + cp(); } /* @@ -334,7 +334,7 @@ void main_loop(void) int r; time_t last_ping_check; event_t *event; -cp + cp(); last_ping_check = now; srand(now); @@ -348,7 +348,9 @@ cp build_fdset(&fset); - if((r = select(FD_SETSIZE, &fset, NULL, NULL, &tv)) < 0) + r = select(FD_SETSIZE, &fset, NULL, NULL, &tv); + + if(r < 0) { if(errno != EINTR && errno != EAGAIN) { @@ -437,5 +439,5 @@ cp continue; } } -cp + cp(); } diff --git a/src/net_packet.c b/src/net_packet.c index 7dd9a21a..db31b770 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.20 2002/09/06 10:23:52 guus Exp $ + $Id: net_packet.c,v 1.1.2.21 2002/09/09 19:39:58 guus Exp $ */ #include "config.h" @@ -95,7 +95,7 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) long int complen = MTU + 12; EVP_CIPHER_CTX ctx; char hmac[EVP_MAX_MD_SIZE]; -cp + cp(); /* Check the message authentication code */ if(myself->digest && myself->maclength) @@ -158,28 +158,28 @@ cp } receive_packet(n, inpkt); -cp + cp(); } void receive_tcppacket(connection_t *c, char *buffer, int len) { vpn_packet_t outpkt; -cp + cp(); outpkt.len = len; memcpy(outpkt.data, buffer, len); receive_packet(c->node, &outpkt); -cp + cp(); } void receive_packet(node_t *n, vpn_packet_t *packet) { -cp + cp(); if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, n->name, n->hostname); route_incoming(n, packet); -cp + cp(); } void send_udppacket(node_t *n, vpn_packet_t *inpkt) @@ -196,7 +196,7 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) static int priority = 0; int origpriority; int sock; -cp + cp(); /* Make sure we have a valid key */ if(!n->status.validkey) @@ -300,7 +300,7 @@ cp } inpkt->len = origlen; -cp + cp(); } /* @@ -309,7 +309,7 @@ cp void send_packet(node_t *n, vpn_packet_t *packet) { node_t *via; -cp + cp(); if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), packet->len, n->name, n->hostname); @@ -353,7 +353,7 @@ void broadcast_packet(node_t *from, vpn_packet_t *packet) { avl_node_t *node; connection_t *c; -cp + cp(); if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), packet->len, from->name, from->hostname); @@ -364,13 +364,13 @@ cp if(c->status.active && c->status.mst && c != from->nexthop->connection) send_packet(c->node, packet); } -cp + cp(); } void flush_queue(node_t *n) { list_node_t *node, *next; -cp + cp(); if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); @@ -380,7 +380,7 @@ cp send_udppacket(n, (vpn_packet_t *)node->data); list_delete_node(n->queue, node); } -cp + cp(); } void handle_incoming_vpn_data(int sock) @@ -391,7 +391,7 @@ void handle_incoming_vpn_data(int sock) sockaddr_t from; socklen_t fromlen = sizeof(from); node_t *n; -cp + cp(); if(getsockopt(sock, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s"), @@ -405,7 +405,9 @@ cp return; } - if((pkt.len = recvfrom(sock, (char *)&pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen)) <= 0) + pkt.len = recvfrom(sock, (char *)&pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); + + if(pkt.len <= 0) { syslog(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); return; @@ -427,5 +429,5 @@ cp n->connection->last_ping_time = now; receive_udppacket(n, &pkt); -cp + cp(); } diff --git a/src/net_setup.c b/src/net_setup.c index fe7a562d..0fe50685 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.23 2002/09/04 13:48:52 guus Exp $ + $Id: net_setup.c,v 1.1.2.24 2002/09/09 19:39:58 guus Exp $ */ #include "config.h" @@ -82,7 +82,7 @@ int read_rsa_public_key(connection_t *c) FILE *fp; char *fname; char *key; -cp + cp(); if(!c->rsa_key) c->rsa_key = RSA_new(); @@ -102,7 +102,8 @@ cp { if(is_safe_path(fname)) { - if((fp = fopen(fname, "r")) == NULL) + fp = fopen(fname, "r"); + if(!fp) { syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), fname, strerror(errno)); @@ -116,7 +117,8 @@ cp return 0; /* Woohoo. */ /* If it fails, try PEM_read_RSA_PUBKEY. */ - if((fp = fopen(fname, "r")) == NULL) + fp = fopen(fname, "r"); + if(!fp) { syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), fname, strerror(errno)); @@ -143,7 +145,9 @@ cp /* Else, check if a harnessed public key is in the config file */ asprintf(&fname, "%s/hosts/%s", confbase, c->name); - if((fp = fopen(fname, "r"))) + fp = fopen(fname, "r"); + + if(fp) { c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); fclose(fp); @@ -157,7 +161,9 @@ cp /* Try again with PEM_read_RSA_PUBKEY. */ asprintf(&fname, "%s/hosts/%s", confbase, c->name); - if((fp = fopen(fname, "r"))) + fp = fopen(fname, "r"); + + if(fp) { c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); fclose(fp); @@ -176,7 +182,7 @@ int read_rsa_private_key(void) { FILE *fp; char *fname, *key; -cp + cp(); if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { myself->connection->rsa_key = RSA_new(); @@ -191,7 +197,8 @@ cp if(is_safe_path(fname)) { - if((fp = fopen(fname, "r")) == NULL) + fp = fopen(fname, "r"); + if(!fp) { syslog(LOG_ERR, _("Error reading RSA private key file `%s': %s"), fname, strerror(errno)); @@ -225,7 +232,7 @@ int setup_myself(void) char *address = NULL; struct addrinfo hint, *ai, *aip; int choice, err; -cp + cp(); myself = new_node(); myself->connection = new_connection(); init_configuration(&myself->connection->config_tree); @@ -252,7 +259,7 @@ cp myself->name = name; myself->connection->name = xstrdup(name); -cp + cp(); if(read_rsa_private_key()) return -1; @@ -264,7 +271,7 @@ cp if(read_rsa_public_key(myself->connection)) return -1; -cp + cp(); if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport)) asprintf(&myport, "655"); @@ -283,7 +290,7 @@ cp cfg = lookup_config_next(myself->connection->config_tree, cfg); } -cp + cp(); /* Check some options */ if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice)) @@ -362,7 +369,7 @@ cp addressfamily = AF_INET; get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames); -cp + cp(); /* Generate packet encryption key */ if(get_config_string(lookup_config(myself->connection->config_tree, "Cipher"), &cipher)) @@ -373,7 +380,9 @@ cp } else { - if(!(myself->cipher = EVP_get_cipherbyname(cipher))) + myself->cipher = EVP_get_cipherbyname(cipher); + + if(!myself->cipher) { syslog(LOG_ERR, _("Unrecognized cipher type!")); return -1; @@ -408,7 +417,9 @@ cp } else { - if(!(myself->digest = EVP_get_digestbyname(digest))) + myself->digest = EVP_get_digestbyname(digest); + + if(!myself->digest) { syslog(LOG_ERR, _("Unrecognized digest type!")); return -1; @@ -455,7 +466,7 @@ cp myself->compression = 0; myself->connection->outcompression = 0; -cp + cp(); /* Done */ myself->nexthop = myself; @@ -466,7 +477,7 @@ cp graph(); -cp + cp(); /* Open sockets */ memset(&hint, 0, sizeof(hint)); @@ -478,7 +489,9 @@ cp hint.ai_protocol = IPPROTO_TCP; hint.ai_flags = AI_PASSIVE; - if((err = getaddrinfo(address, myport, &hint, &ai)) || !ai) + err = getaddrinfo(address, myport, &hint, &ai); + + if(err || !ai) { syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err)); return -1; @@ -488,10 +501,14 @@ cp for(aip = ai; aip; aip = aip->ai_next) { - if((listen_socket[listen_sockets].tcp = setup_listen_socket((sockaddr_t *)aip->ai_addr)) < 0) + listen_socket[listen_sockets].tcp = setup_listen_socket((sockaddr_t *)aip->ai_addr); + + if(listen_socket[listen_sockets].tcp < 0) continue; - if((listen_socket[listen_sockets].udp = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr)) < 0) + listen_socket[listen_sockets].udp = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr); + + if(listen_socket[listen_sockets].udp < 0) continue; if(debug_lvl >= DEBUG_CONNECTIONS) @@ -514,7 +531,7 @@ cp syslog(LOG_ERR, _("Unable to create any listening socket!")); return -1; } -cp + cp(); return 0; } @@ -525,7 +542,7 @@ int setup_network_connections(void) { char *envp[4]; int i; -cp + cp(); now = time(NULL); init_connections(); @@ -549,9 +566,9 @@ cp return -1; /* Run tinc-up script to further initialize the tap interface */ - asprintf(&envp[0], "NETNAME=%s", netname?netname:""); - asprintf(&envp[1], "DEVICE=%s", device?device:""); - asprintf(&envp[2], "INTERFACE=%s", interface?interface:""); + asprintf(&envp[0], "NETNAME=%s", netname?:""); + asprintf(&envp[1], "DEVICE=%s", device?:""); + asprintf(&envp[2], "INTERFACE=%s", interface?:""); envp[3] = NULL; execute_script("tinc-up", envp); @@ -563,7 +580,7 @@ cp return -1; try_outgoing_connections(); -cp + cp(); return 0; } @@ -576,7 +593,7 @@ void close_network_connections(void) connection_t *c; char *envp[4]; int i; -cp + cp(); for(node = connection_tree->head; node; node = next) { next = node->next; @@ -602,9 +619,9 @@ cp exit_nodes(); exit_connections(); - asprintf(&envp[0], "NETNAME=%s", netname?netname:""); - asprintf(&envp[1], "DEVICE=%s", device?device:""); - asprintf(&envp[2], "INTERFACE=%s", interface?interface:""); + asprintf(&envp[0], "NETNAME=%s", netname?:""); + asprintf(&envp[1], "DEVICE=%s", device?:""); + asprintf(&envp[2], "INTERFACE=%s", interface?:""); envp[3] = NULL; execute_script("tinc-down", envp); @@ -613,6 +630,6 @@ cp free(envp[i]); close_device(); -cp + cp(); return; } diff --git a/src/net_socket.c b/src/net_socket.c index 0281d655..cbe9e688 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.18 2002/09/04 13:48:52 guus Exp $ + $Id: net_socket.c,v 1.1.2.19 2002/09/09 19:39:59 guus Exp $ */ #include "config.h" @@ -93,8 +93,10 @@ int setup_listen_socket(sockaddr_t *sa) char *interface; struct ifreq ifr; #endif -cp - if((nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP)) < 0) + cp(); + nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP); + + if(nfd < 0) { syslog(LOG_ERR, _("Creating metasocket failed: %s"), strerror(errno)); return -1; @@ -153,7 +155,7 @@ cp syslog(LOG_ERR, _("System call `%s' failed: %s"), "listen", strerror(errno)); return -1; } -cp + cp(); return nfd; } @@ -166,8 +168,10 @@ int setup_vpn_in_socket(sockaddr_t *sa) char *interface; struct ifreq ifr; #endif -cp - if((nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP)) < 0) + cp(); + nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP); + + if(nfd < 0) { syslog(LOG_ERR, _("Creating UDP socket failed: %s"), strerror(errno)); return -1; @@ -206,14 +210,14 @@ cp free(addrstr); return -1; } -cp + cp(); return nfd; } void retry_outgoing(outgoing_t *outgoing) { event_t *event; -cp + cp(); outgoing->timeout += 5; if(outgoing->timeout > maxtimeout) outgoing->timeout = maxtimeout; @@ -226,13 +230,13 @@ cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), outgoing->timeout); -cp + cp(); } int setup_outgoing_socket(connection_t *c) { int option; -cp + cp(); if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); @@ -267,28 +271,28 @@ cp if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); -cp + cp(); return 0; } void finish_connecting(connection_t *c) { -cp + cp(); if(debug_lvl >= DEBUG_CONNECTIONS) syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); c->last_ping_time = now; send_id(c); -cp + cp(); } void do_outgoing_connection(connection_t *c) { char *address, *port; int option, result, flags; -cp + cp(); begin: if(!c->outgoing->ai) { @@ -385,14 +389,14 @@ begin: finish_connecting(c); return; -cp + cp(); } void setup_outgoing_connection(outgoing_t *outgoing) { connection_t *c; node_t *n; -cp + cp(); n = lookup_node(outgoing->name); if(n) @@ -442,8 +446,10 @@ int handle_new_meta_connection(int sock) connection_t *c; sockaddr_t sa; int fd, len = sizeof(sa); -cp - if((fd = accept(sock, &sa.sa, &len)) < 0) + cp(); + fd = accept(sock, &sa.sa, &len); + + if(fd < 0) { syslog(LOG_ERR, _("Accepting a new connection failed: %s"), strerror(errno)); return -1; @@ -469,7 +475,7 @@ cp c->allow_request = ID; send_id(c); -cp + cp(); return 0; } @@ -478,7 +484,7 @@ void try_outgoing_connections(void) static config_t *cfg = NULL; char *name; outgoing_t *outgoing; -cp + cp(); for(cfg = lookup_config(config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(config_tree, cfg)) { get_config_string(cfg, &name); diff --git a/src/netutl.c b/src/netutl.c index 1cf03c3d..35a3fef6 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.41 2002/06/21 17:49:48 guus Exp $ + $Id: netutl.c,v 1.12.4.42 2002/09/09 19:39:59 guus Exp $ */ #include "config.h" @@ -56,13 +56,15 @@ struct addrinfo *str2addrinfo(char *address, char *service, int socktype) { struct addrinfo hint, *ai; int err; -cp + cp(); memset(&hint, 0, sizeof(hint)); hint.ai_family = addressfamily; hint.ai_socktype = socktype; - if((err = getaddrinfo(address, service, &hint, &ai))) + err = getaddrinfo(address, service, &hint, &ai); + + if(err) { if(debug_lvl >= DEBUG_ERROR) syslog(LOG_WARNING, _("Error looking up %s port %s: %s\n"), address, service, gai_strerror(err)); @@ -70,7 +72,7 @@ cp return NULL; } -cp + cp(); return ai; } @@ -79,14 +81,16 @@ sockaddr_t str2sockaddr(char *address, char *port) struct addrinfo hint, *ai; sockaddr_t result; int err; -cp + cp(); memset(&hint, 0, sizeof(hint)); hint.ai_family = AF_UNSPEC; hint.ai_flags = AI_NUMERICHOST; hint.ai_socktype = SOCK_STREAM; - if((err = getaddrinfo(address, port, &hint, &ai) || !ai)) + err = getaddrinfo(address, port, &hint, &ai); + + if(err || !ai) { syslog(LOG_ERR, _("Error looking up %s port %s: %s\n"), address, port, gai_strerror(err)); cp_trace(); @@ -96,7 +100,7 @@ cp result = *(sockaddr_t *)ai->ai_addr; freeaddrinfo(ai); -cp + cp(); return result; } @@ -106,8 +110,10 @@ void sockaddr2str(sockaddr_t *sa, char **addrstr, char **portstr) char port[NI_MAXSERV]; char *scopeid; int err; -cp - if((err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST|NI_NUMERICSERV))) + cp(); + err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST|NI_NUMERICSERV); + + if(err) { syslog(LOG_ERR, _("Error while translating addresses: %s"), gai_strerror(err)); cp_trace(); @@ -115,12 +121,14 @@ cp exit(0); } - if((scopeid = strchr(address, '%'))) + scopeid = strchr(address, '%'); + + if(scopeid) *scopeid = '\0'; /* Descope. */ *addrstr = xstrdup(address); *portstr = xstrdup(port); -cp + cp(); } char *sockaddr2hostname(sockaddr_t *sa) @@ -129,21 +137,22 @@ char *sockaddr2hostname(sockaddr_t *sa) char address[NI_MAXHOST] = "unknown"; char port[NI_MAXSERV] = "unknown"; int err; -cp - if((err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), hostnames?0:(NI_NUMERICHOST|NI_NUMERICSERV)))) + cp(); + err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), hostnames?0:(NI_NUMERICHOST|NI_NUMERICSERV)); + if(err) { syslog(LOG_ERR, _("Error while looking up hostname: %s"), gai_strerror(err)); } asprintf(&str, _("%s port %s"), address, port); -cp + cp(); return str; } int sockaddrcmp(sockaddr_t *a, sockaddr_t *b) { int result; -cp + cp(); result = a->sa.sa_family - b->sa.sa_family; if(result) @@ -169,7 +178,7 @@ cp raise(SIGFPE); exit(0); } -cp + cp(); } void sockaddrunmap(sockaddr_t *sa) @@ -188,11 +197,14 @@ int maskcmp(void *va, void *vb, int masklen, int len) int i, m, result; char *a = va; char *b = vb; -cp + cp(); for(m = masklen, i = 0; m >= 8; m -= 8, i++) - if((result = a[i] - b[i])) - return result; - + { + result = a[i] - b[i]; + if(result) + return result; + } + if(m) return (a[i] & (0x100 - (1 << (8 - m)))) - (b[i] & (0x100 - (1 << (8 - m)))); @@ -203,7 +215,7 @@ void mask(void *va, int masklen, int len) { int i; char *a = va; -cp + cp(); i = masklen / 8; masklen %= 8; @@ -219,7 +231,7 @@ void maskcpy(void *va, void *vb, int masklen, int len) int i, m; char *a = va; char *b = vb; -cp + cp(); for(m = masklen, i = 0; m >= 8; m -= 8, i++) a[i] = b[i]; @@ -237,7 +249,7 @@ int maskcheck(void *va, int masklen, int len) { int i; char *a = va; -cp + cp(); i = masklen / 8; masklen %= 8; diff --git a/src/node.c b/src/node.c index a66bc177..4fdb99c1 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.15 2002/09/04 13:48:52 guus Exp $ + $Id: node.c,v 1.1.2.16 2002/09/09 19:39:59 guus Exp $ */ #include "config.h" @@ -47,7 +47,7 @@ int node_compare(node_t *a, node_t *b) int node_udp_compare(node_t *a, node_t *b) { int result; -cp + cp(); result = sockaddrcmp(&a->address, &b->address); if(result) @@ -58,34 +58,34 @@ cp void init_nodes(void) { -cp + cp(); node_tree = avl_alloc_tree((avl_compare_t)node_compare, NULL); node_udp_tree = avl_alloc_tree((avl_compare_t)node_udp_compare, NULL); -cp + cp(); } void exit_nodes(void) { -cp + cp(); avl_delete_tree(node_tree); avl_delete_tree(node_udp_tree); -cp + cp(); } node_t *new_node(void) { node_t *n = (node_t *)xmalloc_and_zero(sizeof(*n)); -cp + cp(); n->subnet_tree = new_subnet_tree(); n->edge_tree = new_edge_tree(); n->queue = list_alloc((list_action_t)free); -cp + cp(); return n; } void free_node(node_t *n) { -cp + cp(); if(n->queue) list_delete_list(n->queue); if(n->name) @@ -99,15 +99,15 @@ cp if(n->edge_tree) free_edge_tree(n->edge_tree); free(n); -cp + cp(); } void node_add(node_t *n) { -cp + cp(); avl_insert(node_tree, n); avl_insert(node_udp_tree, n); -cp + cp(); } void node_del(node_t *n) @@ -115,7 +115,7 @@ void node_del(node_t *n) avl_node_t *node, *next; edge_t *e; subnet_t *s; -cp + cp(); for(node = n->subnet_tree->head; node; node = next) { next = node->next; @@ -129,16 +129,16 @@ cp e = (edge_t *)node->data; edge_del(e); } -cp + cp(); avl_delete(node_tree, n); avl_delete(node_udp_tree, n); -cp + cp(); } node_t *lookup_node(char *name) { node_t n; -cp + cp(); n.name = name; return avl_search(node_tree, &n); } @@ -146,7 +146,7 @@ cp node_t *lookup_node_udp(sockaddr_t *sa) { node_t n; -cp + cp(); n.address = *sa; n.name = NULL; @@ -157,7 +157,7 @@ void dump_nodes(void) { avl_node_t *node; node_t *n; -cp + cp(); syslog(LOG_DEBUG, _("Nodes:")); for(node = node_tree->head; node; node = node->next) @@ -169,5 +169,5 @@ cp } syslog(LOG_DEBUG, _("End of nodes.")); -cp + cp(); } diff --git a/src/process.c b/src/process.c index 0898e70e..3e075524 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.44 2002/09/04 14:17:28 guus Exp $ + $Id: process.c,v 1.1.2.45 2002/09/09 19:39:59 guus Exp $ */ #include "config.h" @@ -91,7 +91,7 @@ int fcloseall(void) */ void cleanup_and_exit(int c) { -cp + cp(); close_network_connections(); if(debug_lvl > DEBUG_NOTHING) @@ -109,8 +109,10 @@ cp int write_pidfile(void) { int pid; -cp - if((pid = check_pid(pidfilename))) + cp(); + pid = check_pid(pidfilename); + + if(pid) { if(netname) fprintf(stderr, _("A tincd is already running for net `%s' with pid %d.\n"), @@ -123,7 +125,7 @@ cp /* if it's locked, write-protected, or whatever */ if(!write_pid(pidfilename)) return 1; -cp + cp(); return 0; } @@ -133,8 +135,10 @@ cp int kill_other(int signal) { int pid; -cp - if(!(pid = read_pid(pidfilename))) + cp(); + pid = read_pid(pidfilename); + + if(!pid) { if(netname) fprintf(stderr, _("No other tincd is running for net `%s'.\n"), netname); @@ -155,7 +159,7 @@ cp fprintf(stderr, _("Removing stale lock file.\n")); remove_pid(pidfilename); } -cp + cp(); return 0; } @@ -164,7 +168,7 @@ cp */ int detach(void) { -cp + cp(); setup_signals(); /* First check if we can open a fresh new pidfile */ @@ -199,7 +203,7 @@ cp syslog(LOG_NOTICE, _("tincd %s starting"), VERSION); xalloc_fail_func = memory_full; -cp + cp(); return 0; } @@ -211,7 +215,7 @@ void _execute_script(const char *scriptname, char **envp) __attribute__ ((noret void _execute_script(const char *scriptname, char **envp) { char *s; -cp + cp(); while(*envp) putenv(*envp++); @@ -238,7 +242,7 @@ int execute_script(const char *name, char **envp) int status; struct stat s; char *scriptname; -cp + cp(); asprintf(&scriptname, "%s/%s", confbase, name); /* First check if there is a script */ @@ -246,7 +250,9 @@ cp if(stat(scriptname, &s)) return 0; - if((pid = fork()) < 0) + pid = fork(); + + if(pid < 0) { syslog(LOG_ERR, _("System call `%s' failed: %s"), "fork", strerror(errno)); return -1; @@ -289,7 +295,7 @@ cp return -1; } } -cp + cp(); /* Child here */ _execute_script(scriptname, envp); diff --git a/src/protocol.c b/src/protocol.c index 855c2b70..7a7e901d 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.134 2002/09/04 19:57:53 guus Exp $ + $Id: protocol.c,v 1.28.4.135 2002/09/09 19:39:59 guus Exp $ */ #include "config.h" @@ -63,7 +63,7 @@ int send_request(connection_t *c, const char *format, ...) char buffer[MAXBUFSIZE]; int len, request; -cp + cp(); /* Use vsnprintf instead of vasprintf: faster, no memory fragmentation, cleanup is automatic, and there is a limit on the input buffer anyway */ @@ -88,7 +88,7 @@ cp } buffer[len++] = '\n'; -cp + cp(); if(c == broadcast) return broadcast_meta(NULL, buffer, len); else @@ -98,7 +98,7 @@ cp int forward_request(connection_t *from) { int request; -cp + cp(); if(debug_lvl >= DEBUG_PROTOCOL) { sscanf(from->buffer, "%d", &request); @@ -109,17 +109,17 @@ cp } from->buffer[from->reqlen - 1] = '\n'; -cp + cp(); return broadcast_meta(from, from->buffer, from->reqlen); } int receive_request(connection_t *c) { int request; -cp + cp(); if(sscanf(c->buffer, "%d", &request) == 1) { - if((request < 0) || (request >= LAST) || (request_handlers[request] == NULL)) + if((request < 0) || (request >= LAST) || !request_handlers[request]) { if(debug_lvl >= DEBUG_META) syslog(LOG_DEBUG, _("Unknown request from %s (%s): %s"), @@ -163,43 +163,43 @@ cp c->name, c->hostname); return -1; } -cp + cp(); return 0; } int past_request_compare(past_request_t *a, past_request_t *b) { -cp + cp(); return strcmp(a->request, b->request); } void free_past_request(past_request_t *r) { -cp + cp(); if(r->request) free(r->request); free(r); -cp + cp(); } void init_requests(void) { -cp + cp(); past_request_tree = avl_alloc_tree((avl_compare_t)past_request_compare, (avl_action_t)free_past_request); -cp + cp(); } void exit_requests(void) { -cp + cp(); avl_delete_tree(past_request_tree); -cp + cp(); } int seen_request(char *request) { past_request_t p, *new; -cp + cp(); p.request = request; if(avl_search(past_request_tree, &p)) @@ -216,7 +216,7 @@ cp avl_insert(past_request_tree, new); return 0; } -cp + cp(); } void age_past_requests(void) @@ -224,7 +224,7 @@ void age_past_requests(void) avl_node_t *node, *next; past_request_t *p; int left = 0, deleted = 0; -cp + cp(); for(node = past_request_tree->head; node; node = next) { next = node->next; @@ -237,7 +237,7 @@ cp if(debug_lvl >= DEBUG_SCARY_THINGS && left + deleted) syslog(LOG_DEBUG, _("Aging past requests: deleted %d, left %d\n"), deleted, left); -cp + cp(); } /* Jumptable for the request handlers */ diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 4456ea59..8fe8b38b 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.14 2002/09/04 16:26:45 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.15 2002/09/09 19:39:59 guus Exp $ */ #include "config.h" @@ -55,7 +55,7 @@ int send_id(connection_t *c) { -cp + cp(); return send_request(c, "%d %s %d", ID, myself->connection->name, myself->connection->protocol_version); } @@ -63,7 +63,7 @@ int id_h(connection_t *c) { char name[MAX_STRING_SIZE]; int bla; -cp + cp(); if(sscanf(c->buffer, "%*d "MAX_STRING" %d", name, &c->protocol_version) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, c->hostname); @@ -112,7 +112,9 @@ cp { init_configuration(&c->config_tree); - if((bla = read_connection_config(c))) + bla = read_connection_config(c); + + if(bla) { syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name); return -1; @@ -133,7 +135,7 @@ cp c->options |= OPTION_TCPONLY | OPTION_INDIRECT; c->allow_request = METAKEY; -cp + cp(); return send_metakey(c); } @@ -141,7 +143,7 @@ int send_metakey(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len, x; -cp + cp(); len = RSA_size(c->rsa_key); /* Allocate buffers for the meta key */ @@ -151,7 +153,7 @@ cp if(!c->outctx) c->outctx = xmalloc(sizeof(*c->outctx)); -cp + cp(); /* Copy random data to the buffer */ RAND_bytes(c->outkey, len); @@ -187,7 +189,7 @@ cp syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); return -1; } -cp + cp(); /* Convert the encrypted random data to a hexadecimal formatted string */ bin2hex(buffer, buffer, len); @@ -209,7 +211,7 @@ cp c->status.encryptout = 1; } -cp + cp(); return x; } @@ -218,13 +220,13 @@ int metakey_h(connection_t *c) char buffer[MAX_STRING_SIZE]; int cipher, digest, maclength, compression; int len; -cp + cp(); if(sscanf(c->buffer, "%*d %d %d %d %d "MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); return -1; } -cp + cp(); len = RSA_size(myself->connection->rsa_key); /* Check if the length of the meta key is all right */ @@ -236,7 +238,7 @@ cp } /* Allocate buffers for the meta key */ -cp + cp(); if(!c->inkey) c->inkey = xmalloc(len); @@ -244,11 +246,11 @@ cp c->inctx = xmalloc(sizeof(*c->inctx)); /* Convert the challenge from hexadecimal back to binary */ -cp + cp(); hex2bin(buffer,buffer,len); /* Decrypt the meta key */ -cp + cp(); if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ { syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); @@ -263,7 +265,7 @@ cp } /* All incoming requests will now be encrypted. */ -cp + cp(); /* Check and lookup cipher and digest algorithms */ if(cipher) @@ -311,7 +313,7 @@ cp c->incompression = compression; c->allow_request = CHALLENGE; -cp + cp(); return send_challenge(c); } @@ -319,7 +321,7 @@ int send_challenge(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len, x; -cp + cp(); /* CHECKME: what is most reasonable value for len? */ len = RSA_size(c->rsa_key); @@ -328,22 +330,22 @@ cp if(!c->hischallenge) c->hischallenge = xmalloc(len); -cp + cp(); /* Copy random data to the buffer */ RAND_bytes(c->hischallenge, len); -cp + cp(); /* Convert to hex */ bin2hex(c->hischallenge, buffer, len); buffer[len*2] = '\0'; -cp + cp(); /* Send the challenge */ x = send_request(c, "%d %s", CHALLENGE, buffer); -cp + cp(); return x; } @@ -351,7 +353,7 @@ int challenge_h(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len; -cp + cp(); if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, c->hostname); @@ -380,7 +382,7 @@ cp c->allow_request = CHAL_REPLY; /* Rest is done by send_chal_reply() */ -cp + cp(); return send_chal_reply(c); } @@ -388,7 +390,7 @@ int send_chal_reply(connection_t *c) { char hash[EVP_MAX_MD_SIZE*2+1]; EVP_MD_CTX ctx; -cp + cp(); /* Calculate the hash from the challenge we received */ EVP_DigestInit(&ctx, c->indigest); @@ -402,7 +404,7 @@ cp /* Send the reply */ -cp + cp(); return send_request(c, "%d %s", CHAL_REPLY, hash); } @@ -411,7 +413,7 @@ int chal_reply_h(connection_t *c) char hishash[MAX_STRING_SIZE]; char myhash[EVP_MAX_MD_SIZE]; EVP_MD_CTX ctx; -cp + cp(); if(sscanf(c->buffer, "%*d "MAX_STRING, hishash) != 1) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, c->hostname); @@ -455,7 +457,7 @@ cp */ c->allow_request = ACK; -cp + cp(); return send_ack(c); } @@ -466,13 +468,13 @@ int send_ack(connection_t *c) int x; struct timeval now; -cp + cp(); /* Estimate weight */ gettimeofday(&now, NULL); c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; x = send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options); -cp + cp(); return x; } @@ -510,7 +512,7 @@ int ack_h(connection_t *c) int weight; long int options; node_t *n; -cp + cp(); if(sscanf(c->buffer, "%*d "MAX_STRING" %d %lx", hisport, &weight, &options) != 3) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); @@ -557,7 +559,7 @@ cp /* Create an edge_t for this connection */ c->edge = new_edge(); -cp + cp(); c->edge->from = myself; c->edge->to = n; sockaddr2str(&c->address, &hisaddress, &dummy); @@ -567,10 +569,10 @@ cp c->edge->weight = (weight + c->estimated_weight) / 2; c->edge->connection = c; c->edge->options = c->options; -cp + cp(); edge_add(c->edge); -cp + cp(); /* Notify everyone of the new edge */ send_add_edge(broadcast, c->edge); @@ -578,6 +580,6 @@ cp /* Run MST and SSSP algorithms */ graph(); -cp + cp(); return 0; } diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 7663a46f..7a04f082 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.10 2002/09/04 16:26:45 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.11 2002/09/09 19:40:04 guus Exp $ */ #include "config.h" @@ -49,14 +49,14 @@ int send_add_edge(connection_t *c, edge_t *e) { int x; char *address, *port; -cp + cp(); sockaddr2str(&e->address, &address, &port); x = send_request(c, "%d %lx %s %s %s %s %lx %d", ADD_EDGE, random(), e->from->name, e->to->name, address, port, e->options, e->weight); free(address); free(port); -cp + cp(); return x; } @@ -71,7 +71,7 @@ int add_edge_h(connection_t *c) sockaddr_t address; long int options; int weight; -cp + cp(); if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", from_name, to_name, to_address, to_port, &options, &weight) != 6) { @@ -172,13 +172,13 @@ cp /* Run MST before or after we tell the rest? */ graph(); -cp + cp(); return 0; } int send_del_edge(connection_t *c, edge_t *e) { -cp + cp(); return send_request(c, "%d %lx %s %s", DEL_EDGE, random(), e->from->name, e->to->name); } @@ -189,7 +189,7 @@ int del_edge_h(connection_t *c) char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; node_t *from, *to; -cp + cp(); if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING"", from_name, to_name) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", @@ -264,6 +264,6 @@ cp /* Run MST before or after we tell the rest? */ graph(); -cp + cp(); return 0; } diff --git a/src/protocol_key.c b/src/protocol_key.c index 24115563..03131eb8 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.11 2002/09/06 14:31:12 guus Exp $ + $Id: protocol_key.c,v 1.1.4.12 2002/09/09 19:40:05 guus Exp $ */ #include "config.h" @@ -47,14 +47,14 @@ int mykeyused = 0; int send_key_changed(connection_t *c, node_t *n) { -cp + cp(); /* Only send this message if some other daemon requested our key previously. This reduces unnecessary key_changed broadcasts. */ if(n == myself && !mykeyused) return 0; -cp + cp(); return send_request(c, "%d %lx %s", KEY_CHANGED, random(), n->name); } @@ -62,7 +62,7 @@ int key_changed_h(connection_t *c) { char name[MAX_STRING_SIZE]; node_t *n; -cp + cp(); if(sscanf(c->buffer, "%*d %*x "MAX_STRING, name) != 1) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", @@ -88,13 +88,13 @@ cp /* Tell the others */ forward_request(c); -cp + cp(); return 0; } int send_req_key(connection_t *c, node_t *from, node_t *to) { -cp + cp(); return send_request(c, "%d %s %s", REQ_KEY, from->name, to->name); } @@ -104,7 +104,7 @@ int req_key_h(connection_t *c) char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; node_t *from, *to; -cp + cp(); if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, from_name, to_name) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", @@ -150,17 +150,17 @@ cp send_req_key(to->nexthop->connection, from, to); } -cp + cp(); return 0; } int send_ans_key(connection_t *c, node_t *from, node_t *to) { char key[MAX_STRING_SIZE]; -cp + cp(); bin2hex(from->key, key, from->keylength); key[from->keylength * 2] = '\0'; -cp + cp(); return send_request(c, "%d %s %s %s %d %d %d %d", ANS_KEY, from->name, to->name, key, from->cipher?from->cipher->nid:0, from->digest?from->digest->type:0, from->maclength, from->compression); } @@ -172,7 +172,7 @@ int ans_key_h(connection_t *c) char key[MAX_STRING_SIZE]; int cipher, digest, maclength, compression; node_t *from, *to; -cp + cp(); if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d", from_name, to_name, key, &cipher, &digest, &maclength, &compression) != 7) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", @@ -264,6 +264,6 @@ cp from->compression = compression; flush_queue(from); -cp + cp(); return 0; } diff --git a/src/protocol_misc.c b/src/protocol_misc.c index af1cb527..3e48970a 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_misc.c,v 1.1.4.4 2002/06/21 10:11:19 guus Exp $ + $Id: protocol_misc.c,v 1.1.4.5 2002/09/09 19:40:08 guus Exp $ */ #include "config.h" @@ -44,10 +44,10 @@ int send_status(connection_t *c, int statusno, char *statusstring) { -cp + cp(); if(!statusstring) statusstring = status_text[statusno]; -cp + cp(); return send_request(c, "%d %d %s", STATUS, statusno, statusstring); } @@ -55,7 +55,7 @@ int status_h(connection_t *c) { int statusno; char statusstring[MAX_STRING_SIZE]; -cp + cp(); if(sscanf(c->buffer, "%*d %d "MAX_STRING, &statusno, statusstring) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "STATUS", @@ -69,13 +69,13 @@ cp c->name, c->hostname, status_text[statusno], statusstring); } -cp + cp(); return 0; } int send_error(connection_t *c, int err, char *errstring) { -cp + cp(); if(!errstring) errstring = strerror(err); return send_request(c, "%d %d %s", ERROR, err, errstring); @@ -85,7 +85,7 @@ int error_h(connection_t *c) { int err; char errorstring[MAX_STRING_SIZE]; -cp + cp(); if(sscanf(c->buffer, "%*d %d "MAX_STRING, &err, errorstring) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ERROR", @@ -100,55 +100,55 @@ cp } terminate_connection(c, c->status.active); -cp + cp(); return 0; } int send_termreq(connection_t *c) { -cp + cp(); return send_request(c, "%d", TERMREQ); } int termreq_h(connection_t *c) { -cp + cp(); terminate_connection(c, c->status.active); -cp + cp(); return 0; } int send_ping(connection_t *c) { -cp + cp(); c->status.pinged = 1; c->last_ping_time = now; -cp + cp(); return send_request(c, "%d", PING); } int ping_h(connection_t *c) { -cp + cp(); return send_pong(c); } int send_pong(connection_t *c) { -cp + cp(); return send_request(c, "%d", PONG); } int pong_h(connection_t *c) { -cp + cp(); c->status.pinged = 0; /* Succesful connection, reset timeout if this is an outgoing connection. */ if(c->outgoing) c->outgoing->timeout = 0; -cp + cp(); return 0; } @@ -157,21 +157,21 @@ cp int send_tcppacket(connection_t *c, vpn_packet_t *packet) { int x; -cp + cp(); /* Evil hack. */ x = send_request(c, "%d %hd", PACKET, packet->len); if(x) return x; -cp + cp(); return send_meta(c, packet->data, packet->len); } int tcppacket_h(connection_t *c) { short int len; -cp + cp(); if(sscanf(c->buffer, "%*d %hd", &len) != 1) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "PACKET", c->name, c->hostname); @@ -181,7 +181,7 @@ cp /* Set reqlen to len, this will tell receive_meta() that a tcppacket is coming. */ c->tcplen = len; -cp + cp(); return 0; } diff --git a/src/protocol_node.c b/src/protocol_node.c index 758b1eaa..f95dec8e 100644 --- a/src/protocol_node.c +++ b/src/protocol_node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_node.c,v 1.1.4.6 2002/09/04 08:48:03 guus Exp $ + $Id: protocol_node.c,v 1.1.4.7 2002/09/09 19:40:08 guus Exp $ */ #include "config.h" @@ -47,7 +47,7 @@ int send_add_node(connection_t *c, node_t *n) { int x; char *address, *port; -cp + cp(); if(!n->status.reachable) return 0; @@ -58,7 +58,7 @@ cp n->prevhop->name, n->via->name); free(address); free(port); -cp + cp(); return x; } @@ -74,7 +74,7 @@ int add_node_h(connection_t *c) long int options; int distance; avl_node_t *node; -cp + cp(); if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d "MAX_STRING" "MAX_STRING, name, address, port, &options, &distance, prevhopname, vianame) != 7) { @@ -176,13 +176,13 @@ cp send_add_node(other, n); } -cp + cp(); return 0; } int send_del_node(connection_t *c, node_t *n) { -cp + cp(); return send_request(c, "%d %s %s", DEL_NODE, n->name, n->prevhop->name); } @@ -193,7 +193,7 @@ int del_node_h(connection_t *c) node_t *n, *prevhop; connection_t *other; avl_node_t *node; -cp + cp(); if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, name, prevhopname) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_NODE", @@ -241,6 +241,6 @@ cp n->status.reachable = 0; n->status.validkey = 0; -cp + cp(); return 0; } diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index a7344d7a..ba617e5d 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.6 2002/09/04 16:26:45 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.7 2002/09/09 19:40:09 guus Exp $ */ #include "config.h" @@ -47,11 +47,11 @@ int send_add_subnet(connection_t *c, subnet_t *subnet) { int x; char *netstr; -cp + cp(); x = send_request(c, "%d %lx %s %s", ADD_SUBNET, random(), subnet->owner->name, netstr = net2str(subnet)); free(netstr); -cp + cp(); return x; } @@ -61,7 +61,7 @@ int add_subnet_h(connection_t *c) char name[MAX_STRING_SIZE]; node_t *owner; subnet_t *s; -cp + cp(); if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_SUBNET", c->name, c->hostname); @@ -78,7 +78,9 @@ cp /* Check if subnet string is valid */ - if(!(s = str2net(subnetstr))) + s = str2net(subnetstr); + + if(!s) { syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid subnet string")); return -1; @@ -124,7 +126,7 @@ cp /* Tell the rest */ forward_request(c); -cp + cp(); return 0; } @@ -132,11 +134,11 @@ int send_del_subnet(connection_t *c, subnet_t *s) { int x; char *netstr; -cp + cp(); netstr = net2str(s); x = send_request(c, "%d %lx %s %s", DEL_SUBNET, random(), s->owner->name, netstr); free(netstr); -cp + cp(); return x; } @@ -146,7 +148,7 @@ int del_subnet_h(connection_t *c) char name[MAX_STRING_SIZE]; node_t *owner; subnet_t *s, *find; -cp + cp(); if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_SUBNET", c->name, c->hostname); @@ -163,7 +165,9 @@ cp /* Check if the owner of the new subnet is in the connection list */ - if(!(owner = lookup_node(name))) + owner = lookup_node(name); + + if(!owner) { if(debug_lvl >= DEBUG_PROTOCOL) syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which is not in our node tree"), @@ -173,7 +177,9 @@ cp /* Check if subnet string is valid */ - if(!(s = str2net(subnetstr))) + s = str2net(subnetstr); + + if(!s) { syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid subnet string")); return -1; @@ -216,6 +222,6 @@ cp subnet_del(owner, find); -cp + cp(); return 0; } diff --git a/src/route.c b/src/route.c index 21c047c9..ad62bc22 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.43 2002/06/21 10:11:33 guus Exp $ + $Id: route.c,v 1.1.2.44 2002/09/09 19:40:11 guus Exp $ */ #include "config.h" @@ -72,7 +72,7 @@ void learn_mac(mac_t *address) subnet_t *subnet; avl_node_t *node; connection_t *c; -cp + cp(); subnet = lookup_subnet_mac(address); /* If we don't know this MAC address yet, store it */ @@ -106,7 +106,7 @@ void age_mac(void) subnet_t *s; connection_t *c; avl_node_t *node, *next, *node2; -cp + cp(); for(node = myself->subnet_tree->head; node; node = next) { next = node->next; @@ -125,13 +125,13 @@ cp subnet_del(myself, s); } } -cp + cp(); } node_t *route_mac(vpn_packet_t *packet) { subnet_t *subnet; -cp + cp(); /* Learn source address */ learn_mac((mac_t *)(&packet->data[6])); @@ -149,12 +149,12 @@ cp node_t *route_ipv4(vpn_packet_t *packet) { subnet_t *subnet; -cp + cp(); if(priorityinheritance) packet->priority = packet->data[15]; subnet = lookup_subnet_ipv4((ipv4_t *)&packet->data[30]); -cp + cp(); if(!subnet) { if(debug_lvl >= DEBUG_TRAFFIC) @@ -165,16 +165,16 @@ cp return NULL; } -cp + cp(); return subnet->owner; } node_t *route_ipv6(vpn_packet_t *packet) { subnet_t *subnet; -cp + cp(); subnet = lookup_subnet_ipv6((ipv6_t *)&packet->data[38]); -cp + cp(); if(!subnet) { if(debug_lvl >= DEBUG_TRAFFIC) @@ -192,7 +192,7 @@ cp return NULL; } -cp + cp(); return subnet->owner; } @@ -224,7 +224,7 @@ void route_neighborsol(vpn_packet_t *packet) uint8_t junk[4]; } pseudo; -cp + cp(); hdr = (struct ip6_hdr *)(packet->data + 14); ns = (struct nd_neighbor_solicit *)(packet->data + 14 + sizeof(*hdr)); opt = (struct nd_opt_hdr *)(packet->data + 14 + sizeof(*hdr) + sizeof(*ns)); @@ -318,7 +318,7 @@ cp ns->nd_ns_hdr.icmp6_cksum = htons(checksum); write_packet(packet); -cp + cp(); } void route_arp(vpn_packet_t *packet) @@ -326,7 +326,7 @@ void route_arp(vpn_packet_t *packet) struct ether_arp *arp; subnet_t *subnet; uint8_t ipbuf[4]; -cp + cp(); /* First, snatch the source address from the ARP packet */ memcpy(mymac.net.mac.address.x, packet->data + 6, 6); @@ -385,14 +385,14 @@ cp arp->arp_op = htons(ARPOP_REPLY); write_packet(packet); -cp + cp(); } void route_outgoing(vpn_packet_t *packet) { uint16_t type; node_t *n = NULL; -cp + cp(); /* FIXME: multicast? */ switch(routing_mode) diff --git a/src/subnet.c b/src/subnet.c index ada81120..e6d8b9b0 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.39 2002/07/11 12:42:43 guus Exp $ + $Id: subnet.c,v 1.1.2.40 2002/09/09 19:40:11 guus Exp $ */ #include "config.h" @@ -51,7 +51,7 @@ avl_tree_t *subnet_tree; int subnet_compare_mac(subnet_t *a, subnet_t *b) { int result; -cp + cp(); result = memcmp(&a->net.mac.address, &b->net.mac.address, sizeof(mac_t)); if(result || !a->owner || !b->owner) @@ -63,7 +63,7 @@ cp int subnet_compare_ipv4(subnet_t *a, subnet_t *b) { int result; -cp + cp(); result = memcmp(&a->net.ipv4.address, &b->net.ipv4.address, sizeof(ipv4_t)); if(result) @@ -80,7 +80,7 @@ cp int subnet_compare_ipv6(subnet_t *a, subnet_t *b) { int result; -cp + cp(); result = memcmp(&a->net.ipv6.address, &b->net.ipv6.address, sizeof(ipv6_t)); if(result) @@ -97,7 +97,7 @@ cp int subnet_compare(subnet_t *a, subnet_t *b) { int result; -cp + cp(); result = a->type - b->type; if(result) @@ -124,43 +124,43 @@ cp void init_subnets(void) { -cp + cp(); subnet_tree = avl_alloc_tree((avl_compare_t)subnet_compare, (avl_action_t)free_subnet); -cp + cp(); } void exit_subnets(void) { -cp + cp(); avl_delete_tree(subnet_tree); -cp + cp(); } avl_tree_t *new_subnet_tree(void) { -cp + cp(); return avl_alloc_tree((avl_compare_t)subnet_compare, NULL); -cp + cp(); } void free_subnet_tree(avl_tree_t *subnet_tree) { -cp + cp(); avl_delete_tree(subnet_tree); -cp + cp(); } /* Allocating and freeing space for subnets */ subnet_t *new_subnet(void) { -cp + cp(); return (subnet_t *)xmalloc_and_zero(sizeof(subnet_t)); } void free_subnet(subnet_t *subnet) { -cp + cp(); free(subnet); } @@ -168,22 +168,22 @@ cp void subnet_add(node_t *n, subnet_t *subnet) { -cp + cp(); subnet->owner = n; avl_insert(subnet_tree, subnet); -cp + cp(); avl_insert(n->subnet_tree, subnet); -cp + cp(); } void subnet_del(node_t *n, subnet_t *subnet) { -cp + cp(); avl_delete(n->subnet_tree, subnet); -cp + cp(); avl_delete(subnet_tree, subnet); -cp + cp(); } /* Ascii representation of subnets */ @@ -193,9 +193,9 @@ subnet_t *str2net(char *subnetstr) int i, l; subnet_t *subnet; uint16_t x[8]; -cp + cp(); subnet = new_subnet(); -cp + cp(); if(sscanf(subnetstr, "%hu.%hu.%hu.%hu/%d", &x[0], &x[1], &x[2], &x[3], &l) == 5) @@ -254,7 +254,7 @@ cp char *net2str(subnet_t *subnet) { char *netstr; -cp + cp(); switch(subnet->type) { case SUBNET_MAC: @@ -291,7 +291,7 @@ cp cp_trace(); exit(0); } -cp + cp(); return netstr; } @@ -299,27 +299,27 @@ cp subnet_t *lookup_subnet(node_t *owner, subnet_t *subnet) { -cp + cp(); return avl_search(owner->subnet_tree, subnet); } subnet_t *lookup_subnet_mac(mac_t *address) { subnet_t subnet, *p; -cp + cp(); subnet.type = SUBNET_MAC; memcpy(&subnet.net.mac.address, address, sizeof(mac_t)); subnet.owner = NULL; p = (subnet_t *)avl_search(subnet_tree, &subnet); -cp + cp(); return p; } subnet_t *lookup_subnet_ipv4(ipv4_t *address) { subnet_t subnet, *p; -cp + cp(); subnet.type = SUBNET_IPV4; memcpy(&subnet.net.ipv4.address, address, sizeof(ipv4_t)); subnet.net.ipv4.prefixlength = 32; @@ -332,7 +332,7 @@ cp p = (subnet_t *)avl_search_closest_smaller(subnet_tree, &subnet); /* Check if the found subnet REALLY matches */ -cp + cp(); if(p) { if(p->type != SUBNET_IPV4) @@ -352,14 +352,14 @@ cp } } } while (p); -cp + cp(); return p; } subnet_t *lookup_subnet_ipv6(ipv6_t *address) { subnet_t subnet, *p; -cp + cp(); subnet.type = SUBNET_IPV6; memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); subnet.net.ipv6.prefixlength = 128; @@ -373,7 +373,7 @@ cp /* Check if the found subnet REALLY matches */ -cp + cp(); if(p) { if(p->type != SUBNET_IPV6) @@ -390,7 +390,7 @@ cp } } } while (p); -cp + cp(); return p; } @@ -399,7 +399,7 @@ void dump_subnets(void) char *netstr; subnet_t *subnet; avl_node_t *node; -cp + cp(); syslog(LOG_DEBUG, _("Subnet list:")); for(node = subnet_tree->head; node; node = node->next) { @@ -409,5 +409,5 @@ cp free(netstr); } syslog(LOG_DEBUG, _("End of subnet list.")); -cp + cp(); } diff --git a/src/tincd.c b/src/tincd.c index 044fe0c4..6746c330 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.61 2002/07/16 13:12:49 guus Exp $ + $Id: tincd.c,v 1.10.4.62 2002/09/09 19:40:12 guus Exp $ */ #include "config.h" @@ -269,7 +269,9 @@ int keygen(int bits) else asprintf(&filename, "%s/rsa_key.pub", confbase); - if((f = ask_and_safe_open(filename, _("public RSA key"), "a")) == NULL) + f = ask_and_safe_open(filename, _("public RSA key"), "a"); + + if(!f) return -1; if(ftell(f)) @@ -280,7 +282,9 @@ int keygen(int bits) free(filename); asprintf(&filename, "%s/rsa_key.priv", confbase); - if((f = ask_and_safe_open(filename, _("private RSA key"), "a")) == NULL) + f = ask_and_safe_open(filename, _("private RSA key"), "a"); + + if(!f) return -1; if(ftell(f)) @@ -356,10 +360,16 @@ main(int argc, char **argv, char **envp) /* Lock all pages into memory if requested */ if(do_mlock) - if(mlockall(MCL_CURRENT | MCL_FUTURE)) { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "mlockall", strerror(errno)); - return -1; - } +#ifdef HAVE_MLOCKALL + if(mlockall(MCL_CURRENT | MCL_FUTURE)) + { + syslog(LOG_ERR, _("System call `%s' failed: %s"), "mlockall", strerror(errno)); +#else + { + syslog(LOG_ERR, _("mlockall() not supported on this platform!")); +#endif + return -1; + } g_argv = argv; @@ -367,7 +377,7 @@ main(int argc, char **argv, char **envp) init_configuration(&config_tree); /* Slllluuuuuuurrrrp! */ -cp + cp(); RAND_load_file("/dev/urandom", 1024); #ifdef HAVE_SSLEAY_ADD_ALL_ALGORITHMS @@ -376,7 +386,7 @@ cp OpenSSL_add_all_algorithms(); #endif -cp + cp(); if(generate_keys) { read_server_config(); @@ -388,10 +398,10 @@ cp if(read_server_config()) exit(1); -cp + cp(); if(detach()) exit(0); -cp + cp(); for(;;) { if(!setup_network_connections()) From f75dcef72a81a337e847adf0bae54198894f65b9 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 9 Sep 2002 21:25:28 +0000 Subject: [PATCH 693/923] Switch to K&R style indentation. --- src/conf.c | 902 ++++++++++++++++++------------------- src/conf.h | 16 +- src/connection.c | 143 +++--- src/connection.h | 96 ++-- src/cygwin/device.c | 118 +++-- src/darwin/device.c | 123 +++-- src/device.h | 4 +- src/edge.c | 158 +++---- src/edge.h | 22 +- src/event.c | 89 ++-- src/event.h | 14 +- src/freebsd/device.c | 115 +++-- src/graph.c | 353 ++++++++------- src/linux/device.c | 233 +++++----- src/meta.c | 275 ++++++------ src/meta.h | 4 +- src/net.c | 507 ++++++++++----------- src/net.h | 83 ++-- src/net_packet.c | 536 +++++++++++----------- src/net_setup.c | 960 ++++++++++++++++++++-------------------- src/net_socket.c | 647 ++++++++++++++------------- src/netbsd/device.c | 127 +++--- src/netutl.c | 331 +++++++------- src/netutl.h | 4 +- src/node.c | 197 +++++---- src/node.h | 60 +-- src/openbsd/device.c | 204 ++++----- src/process.c | 571 ++++++++++++------------ src/process.h | 4 +- src/protocol.c | 342 +++++++------- src/protocol.h | 35 +- src/protocol_auth.c | 921 +++++++++++++++++++------------------- src/protocol_edge.c | 374 ++++++++-------- src/protocol_key.c | 412 +++++++++-------- src/protocol_misc.c | 210 ++++----- src/protocol_node.c | 340 +++++++------- src/protocol_subnet.c | 284 ++++++------ src/raw_socket/device.c | 156 +++---- src/route.c | 820 +++++++++++++++++----------------- src/route.h | 13 +- src/solaris/device.c | 190 ++++---- src/subnet.c | 559 +++++++++++------------ src/subnet.h | 55 ++- src/tincd.c | 564 +++++++++++------------ 44 files changed, 6039 insertions(+), 6132 deletions(-) diff --git a/src/conf.c b/src/conf.c index f70abdfe..192d04f3 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.58 2002/09/09 19:39:55 guus Exp $ + $Id: conf.c,v 1.9.4.59 2002/09/09 21:24:25 guus Exp $ */ #include "config.h" @@ -38,235 +38,246 @@ #include #include -#include /* for cp */ +#include /* for cp */ #include #include "conf.h" -#include "netutl.h" /* for str2address */ +#include "netutl.h" /* for str2address */ #include "system.h" avl_tree_t *config_tree; int debug_lvl = 0; -int pingtimeout = 0; /* seconds before timeout */ -char *confbase = NULL; /* directory in which all config files are */ -char *netname = NULL; /* name of the vpn network */ +int pingtimeout = 0; /* seconds before timeout */ +char *confbase = NULL; /* directory in which all config files are */ +char *netname = NULL; /* name of the vpn network */ -int config_compare(config_t *a, config_t *b) +int config_compare(config_t * a, config_t * b) { - int result; + int result; - result = strcasecmp(a->variable, b->variable); + result = strcasecmp(a->variable, b->variable); - if(result) - return result; + if(result) + return result; - result = a->line - b->line; + result = a->line - b->line; - if(result) - return result; - else - return strcmp(a->file, b->file); + if(result) + return result; + else + return strcmp(a->file, b->file); } -void init_configuration(avl_tree_t **config_tree) +void init_configuration(avl_tree_t ** config_tree) { - cp(); - *config_tree = avl_alloc_tree((avl_compare_t)config_compare, (avl_action_t)free_config); - cp(); + cp(); + + *config_tree = avl_alloc_tree((avl_compare_t) config_compare, (avl_action_t) free_config); } -void exit_configuration(avl_tree_t **config_tree) +void exit_configuration(avl_tree_t ** config_tree) { - cp(); - avl_delete_tree(*config_tree); - *config_tree = NULL; - cp(); + cp(); + + avl_delete_tree(*config_tree); + *config_tree = NULL; } config_t *new_config(void) { - config_t *cfg; - cp(); - cfg = (config_t *)xmalloc_and_zero(sizeof(*cfg)); + cp(); - return cfg; + return (config_t *) xmalloc_and_zero(sizeof(config_t)); } -void free_config(config_t *cfg) +void free_config(config_t * cfg) { - cp(); - if(cfg->variable) - free(cfg->variable); - if(cfg->value) - free(cfg->value); - if(cfg->file) - free(cfg->file); - free(cfg); - cp(); + cp(); + + if(cfg->variable) + free(cfg->variable); + + if(cfg->value) + free(cfg->value); + + if(cfg->file) + free(cfg->file); + + free(cfg); } -void config_add(avl_tree_t *config_tree, config_t *cfg) +void config_add(avl_tree_t * config_tree, config_t * cfg) { - cp(); - avl_insert(config_tree, cfg); - cp(); + cp(); + + avl_insert(config_tree, cfg); } -config_t *lookup_config(avl_tree_t *config_tree, char *variable) +config_t *lookup_config(avl_tree_t * config_tree, char *variable) { - config_t cfg, *found; - cp(); - cfg.variable = variable; - cfg.file = ""; - cfg.line = 0; + config_t cfg, *found; - found = avl_search_closest_greater(config_tree, &cfg); + cp(); - if(!found) - return NULL; + cfg.variable = variable; + cfg.file = ""; + cfg.line = 0; - if(strcasecmp(found->variable, variable)) - return NULL; + found = avl_search_closest_greater(config_tree, &cfg); - return found; + if(!found) + return NULL; + + if(strcasecmp(found->variable, variable)) + return NULL; + + return found; } -config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg) +config_t *lookup_config_next(avl_tree_t * config_tree, config_t * cfg) { - avl_node_t *node; - config_t *found; - cp(); - node = avl_search_node(config_tree, cfg); + avl_node_t *node; + config_t *found; - if(node) - { - if(node->next) - { - found = (config_t *)node->next->data; - if(!strcasecmp(found->variable, cfg->variable)) - return found; - } - } + cp(); - return NULL; + node = avl_search_node(config_tree, cfg); + + if(node) { + if(node->next) { + found = (config_t *) node->next->data; + + if(!strcasecmp(found->variable, cfg->variable)) + return found; + } + } + + return NULL; } -int get_config_bool(config_t *cfg, int *result) +int get_config_bool(config_t * cfg, int *result) { - cp(); - if(!cfg) - return 0; + cp(); - if(!strcasecmp(cfg->value, "yes")) - { - *result = 1; - return 1; - } - else if(!strcasecmp(cfg->value, "no")) - { - *result = 0; - return 1; - } + if(!cfg) + return 0; - syslog(LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); + if(!strcasecmp(cfg->value, "yes")) { + *result = 1; + return 1; + } else if(!strcasecmp(cfg->value, "no")) { + *result = 0; + return 1; + } - return 0; + syslog(LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + + return 0; } -int get_config_int(config_t *cfg, int *result) +int get_config_int(config_t * cfg, int *result) { - cp(); - if(!cfg) - return 0; + cp(); - if(sscanf(cfg->value, "%d", result) == 1) - return 1; + if(!cfg) + return 0; - syslog(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; + if(sscanf(cfg->value, "%d", result) == 1) + return 1; + + syslog(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + + return 0; } -int get_config_string(config_t *cfg, char **result) +int get_config_string(config_t * cfg, char **result) { - cp(); - if(!cfg) - return 0; + cp(); - *result = xstrdup(cfg->value); - return 1; + if(!cfg) + return 0; + + *result = xstrdup(cfg->value); + + return 1; } -int get_config_address(config_t *cfg, struct addrinfo **result) +int get_config_address(config_t * cfg, struct addrinfo **result) { - struct addrinfo *ai; - cp(); - if(!cfg) - return 0; + struct addrinfo *ai; - ai = str2addrinfo(cfg->value, NULL, 0); + cp(); - if(ai) - { - *result = ai; - return 1; - } + if(!cfg) + return 0; - syslog(LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; + ai = str2addrinfo(cfg->value, NULL, 0); + + if(ai) { + *result = ai; + return 1; + } + + syslog(LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + + return 0; } -int get_config_port(config_t *cfg, port_t *result) +int get_config_port(config_t * cfg, port_t * result) { - cp(); - if(!cfg) - return 0; + cp(); - if(sscanf(cfg->value, "%hu", result) == 1) - { - *result = htons(*result); - return 1; - } + if(!cfg) + return 0; - syslog(LOG_ERR, _("Port number expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; + if(sscanf(cfg->value, "%hu", result) == 1) { + *result = htons(*result); + return 1; + } + + syslog(LOG_ERR, _("Port number expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + + return 0; } -int get_config_subnet(config_t *cfg, subnet_t **result) +int get_config_subnet(config_t * cfg, subnet_t ** result) { - subnet_t *subnet; - cp(); - if(!cfg) - return 0; + subnet_t *subnet; - subnet = str2net(cfg->value); + cp(); - if(!subnet) - { - syslog(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - return 0; - } + if(!cfg) + return 0; - /* Teach newbies what subnets are... */ + subnet = str2net(cfg->value); - if(((subnet->type == SUBNET_IPV4) && maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) - || ((subnet->type == SUBNET_IPV6) && maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) - { - syslog(LOG_ERR, _("Network address and prefix length do not match for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - free(subnet); - return 0; - } + if(!subnet) { + syslog(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + return 0; + } - *result = subnet; + /* Teach newbies what subnets are... */ - return 1; + if(((subnet->type == SUBNET_IPV4) + && maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) + || ((subnet->type == SUBNET_IPV6) + && maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) { + syslog(LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"), + cfg->variable, cfg->file, cfg->line); + free(subnet); + return 0; + } + + *result = subnet; + + return 1; } /* @@ -279,358 +290,329 @@ int get_config_subnet(config_t *cfg, subnet_t **result) given, and buf needs to be expanded, the var pointed to by buflen will be increased. */ -char *readline(FILE *fp, char **buf, size_t *buflen) +char *readline(FILE * fp, char **buf, size_t * buflen) { - char *newline = NULL; - char *p; - char *line; /* The array that contains everything that has been read - so far */ - char *idx; /* Read into this pointer, which points to an offset - within line */ - size_t size, newsize; /* The size of the current array pointed to by - line */ - size_t maxlen; /* Maximum number of characters that may be read with - fgets. This is newsize - oldsize. */ + char *newline = NULL; + char *p; + char *line; /* The array that contains everything that has been read so far */ + char *idx; /* Read into this pointer, which points to an offset within line */ + size_t size, newsize; /* The size of the current array pointed to by line */ + size_t maxlen; /* Maximum number of characters that may be read with fgets. This is newsize - oldsize. */ - if(feof(fp)) - return NULL; + if(feof(fp)) + return NULL; - if(buf && buflen) - { - size = *buflen; - line = *buf; - } - else - { - size = 100; - line = xmalloc(size); - } - - maxlen = size; - idx = line; - *idx = 0; - for(;;) - { - errno = 0; - p = fgets(idx, maxlen, fp); - if(!p) /* EOF or error */ - { - if(feof(fp)) - break; - - /* otherwise: error; let the calling function print an error - message if applicable */ - free(line); - return NULL; + if(buf && buflen) { + size = *buflen; + line = *buf; + } else { + size = 100; + line = xmalloc(size); } - newline = strchr(p, '\n'); - if(!newline) - /* We haven't yet read everything to the end of the line */ - { - newsize = size << 1; - line = xrealloc(line, newsize); - idx = &line[size - 1]; - maxlen = newsize - size + 1; - size = newsize; - } - else - { - *newline = '\0'; /* kill newline */ - break; /* yay */ - } - } + maxlen = size; + idx = line; + *idx = 0; - if(buf && buflen) - { - *buflen = size; - *buf = line; - } - return line; + for(;;) { + errno = 0; + p = fgets(idx, maxlen, fp); + + if(!p) { /* EOF or error */ + if(feof(fp)) + break; + + /* otherwise: error; let the calling function print an error message if applicable */ + free(line); + return NULL; + } + + newline = strchr(p, '\n'); + + if(!newline) { /* We haven't yet read everything to the end of the line */ + newsize = size << 1; + line = xrealloc(line, newsize); + idx = &line[size - 1]; + maxlen = newsize - size + 1; + size = newsize; + } else { + *newline = '\0'; /* kill newline */ + break; /* yay */ + } + } + + if(buf && buflen) { + *buflen = size; + *buf = line; + } + + return line; } /* Parse a configuration file and put the results in the configuration tree starting at *base. */ -int read_config_file(avl_tree_t *config_tree, const char *fname) +int read_config_file(avl_tree_t * config_tree, const char *fname) { - int err = -2; /* Parse error */ - FILE *fp; - char *buffer, *line; - char *variable, *value; - int lineno = 0, ignore = 0; - config_t *cfg; - size_t bufsize; + int err = -2; /* Parse error */ + FILE *fp; + char *buffer, *line; + char *variable, *value; + int lineno = 0, ignore = 0; + config_t *cfg; + size_t bufsize; - cp(); - fp = fopen (fname, "r"); + cp(); - if(!fp) - { - syslog(LOG_ERR, _("Cannot open config file %s: %s"), fname, strerror(errno)); - return -3; - } + fp = fopen(fname, "r"); - bufsize = 100; - buffer = xmalloc(bufsize); - - for(;;) - { - line = readline(fp, &buffer, &bufsize); - - if(!line) - { - err = -1; - break; + if(!fp) { + syslog(LOG_ERR, _("Cannot open config file %s: %s"), fname, + strerror(errno)); + return -3; } - if(feof(fp)) - { - err = 0; - break; + bufsize = 100; + buffer = xmalloc(bufsize); + + for(;;) { + line = readline(fp, &buffer, &bufsize); + + if(!line) { + err = -1; + break; + } + + if(feof(fp)) { + err = 0; + break; + } + + lineno++; + + variable = strtok(line, "\t ="); + + if(!variable) + continue; /* no tokens on this line */ + + if(variable[0] == '#') + continue; /* comment: ignore */ + + if(!strcmp(variable, "-----BEGIN")) + ignore = 1; + + if(!ignore) { + value = strtok(NULL, "\t\n\r ="); + + if(!value || value[0] == '#') { + syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), + variable, lineno, fname); + break; + } + + cfg = new_config(); + cfg->variable = xstrdup(variable); + cfg->value = xstrdup(value); + cfg->file = xstrdup(fname); + cfg->line = lineno; + + config_add(config_tree, cfg); + } + + if(!strcmp(variable, "-----END")) + ignore = 0; } - lineno++; + free(buffer); + fclose(fp); - variable = strtok(line, "\t ="); - - if(!variable) - continue; /* no tokens on this line */ - - if(variable[0] == '#') - continue; /* comment: ignore */ - - if(!strcmp(variable, "-----BEGIN")) - ignore = 1; - - if(!ignore) - { - value = strtok(NULL, "\t\n\r ="); - - if(!value || value[0] == '#') - { - syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), - variable, lineno, fname); - break; - } - - cfg = new_config(); - cfg->variable = xstrdup(variable); - cfg->value = xstrdup(value); - cfg->file = xstrdup(fname); - cfg->line = lineno; - - config_add(config_tree, cfg); - } - - if(!strcmp(variable, "-----END")) - ignore = 0; - } - - free(buffer); - fclose (fp); - cp(); - return err; + return err; } int read_server_config() { - char *fname; - int x; - cp(); - asprintf(&fname, "%s/tinc.conf", confbase); - x = read_config_file(config_tree, fname); - if(x == -1) /* System error: complain */ - { - syslog(LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno)); - } - free(fname); - cp(); - return x; + char *fname; + int x; + + cp(); + + asprintf(&fname, "%s/tinc.conf", confbase); + x = read_config_file(config_tree, fname); + + if(x == -1) { /* System error: complain */ + syslog(LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno)); + } + + free(fname); + + return x; } -int isadir(const char* f) +int isadir(const char *f) { - struct stat s; + struct stat s; - if(stat(f, &s) < 0) - return 0; - else - return S_ISDIR(s.st_mode); + if(stat(f, &s) < 0) + return 0; + else + return S_ISDIR(s.st_mode); } int is_safe_path(const char *file) { - char *p; - const char *f; - char x; - struct stat s; - char l[MAXBUFSIZE]; + char *p; + const char *f; + char x; + struct stat s; + char l[MAXBUFSIZE]; - if(*file != '/') - { - syslog(LOG_ERR, _("`%s' is not an absolute path"), file); - return 0; - } - - p = strrchr(file, '/'); - - if(p == file) /* It's in the root */ - p++; - - x = *p; - *p = '\0'; - - f = file; -check1: - if(lstat(f, &s) < 0) - { - syslog(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); - return 0; - } - - if(s.st_uid != geteuid()) - { - syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), - f, s.st_uid, geteuid()); - return 0; - } - - if(S_ISLNK(s.st_mode)) - { - syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), - f); - - if(readlink(f, l, MAXBUFSIZE) < 0) - { - syslog(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, strerror(errno)); - return 0; - } - - f = l; - goto check1; - } - - *p = x; - f = file; - -check2: - if(lstat(f, &s) < 0 && errno != ENOENT) - { - syslog(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); - return 0; - } - - if(errno == ENOENT) - return 1; - - if(s.st_uid != geteuid()) - { - syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), - f, s.st_uid, geteuid()); - return 0; - } - - if(S_ISLNK(s.st_mode)) - { - syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), - f); - - if(readlink(f, l, MAXBUFSIZE) < 0) - { - syslog(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, strerror(errno)); - return 0; - } - - f = l; - goto check2; - } - - if(s.st_mode & 0007) - { - /* Accessible by others */ - syslog(LOG_ERR, _("`%s' has unsecure permissions"), - f); - return 0; - } - - return 1; -} - -FILE *ask_and_safe_open(const char* filename, const char* what, const char* mode) -{ - FILE *r; - char *directory; - char *fn; - - /* Check stdin and stdout */ - if(!isatty(0) || !isatty(1)) - { - /* Argh, they are running us from a script or something. Write - the files to the current directory and let them burn in hell - for ever. */ - fn = xstrdup(filename); - } - else - { - /* Ask for a file and/or directory name. */ - fprintf(stdout, _("Please enter a file to save %s to [%s]: "), - what, filename); - fflush(stdout); - - fn = readline(stdin, NULL, NULL); - - if(!fn) - { - fprintf(stderr, _("Error while reading stdin: %s\n"), strerror(errno)); - return NULL; + if(*file != '/') { + syslog(LOG_ERR, _("`%s' is not an absolute path"), file); + return 0; } - if(!strlen(fn)) - /* User just pressed enter. */ - fn = xstrdup(filename); - } + p = strrchr(file, '/'); - if(!strchr(fn, '/') || fn[0] != '/') - { - /* The directory is a relative path or a filename. */ - char *p; + if(p == file) /* It's in the root */ + p++; - directory = get_current_dir_name(); - asprintf(&p, "%s/%s", directory, fn); - free(fn); - free(directory); - fn = p; - } + x = *p; + *p = '\0'; - umask(0077); /* Disallow everything for group and other */ + f = file; - /* Open it first to keep the inode busy */ +check1: + if(lstat(f, &s) < 0) { + syslog(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); + return 0; + } - r = fopen(fn, mode); + if(s.st_uid != geteuid()) { + syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), + f, s.st_uid, geteuid()); + return 0; + } - if(!r) - { - fprintf(stderr, _("Error opening file `%s': %s\n"), - fn, strerror(errno)); - free(fn); - return NULL; - } + if(S_ISLNK(s.st_mode)) { + syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), f); - /* Then check the file for nasty attacks */ - if(!is_safe_path(fn)) /* Do not permit any directories that are - readable or writeable by other users. */ - { - fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" - "I will not create or overwrite this file.\n"), - fn); - fclose(r); - free(fn); - return NULL; - } + if(readlink(f, l, MAXBUFSIZE) < 0) { + syslog(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, + strerror(errno)); + return 0; + } - free(fn); + f = l; + goto check1; + } - return r; + *p = x; + f = file; + +check2: + if(lstat(f, &s) < 0 && errno != ENOENT) { + syslog(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); + return 0; + } + + if(errno == ENOENT) + return 1; + + if(s.st_uid != geteuid()) { + syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), + f, s.st_uid, geteuid()); + return 0; + } + + if(S_ISLNK(s.st_mode)) { + syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), f); + + if(readlink(f, l, MAXBUFSIZE) < 0) { + syslog(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, + strerror(errno)); + return 0; + } + + f = l; + goto check2; + } + + if(s.st_mode & 0007) { + /* Accessible by others */ + syslog(LOG_ERR, _("`%s' has unsecure permissions"), f); + return 0; + } + + return 1; +} + +FILE *ask_and_safe_open(const char *filename, const char *what, + const char *mode) +{ + FILE *r; + char *directory; + char *fn; + + /* Check stdin and stdout */ + if(!isatty(0) || !isatty(1)) { + /* Argh, they are running us from a script or something. Write + the files to the current directory and let them burn in hell + for ever. */ + fn = xstrdup(filename); + } else { + /* Ask for a file and/or directory name. */ + fprintf(stdout, _("Please enter a file to save %s to [%s]: "), + what, filename); + fflush(stdout); + + fn = readline(stdin, NULL, NULL); + + if(!fn) { + fprintf(stderr, _("Error while reading stdin: %s\n"), + strerror(errno)); + return NULL; + } + + if(!strlen(fn)) + /* User just pressed enter. */ + fn = xstrdup(filename); + } + + if(!strchr(fn, '/') || fn[0] != '/') { + /* The directory is a relative path or a filename. */ + char *p; + + directory = get_current_dir_name(); + asprintf(&p, "%s/%s", directory, fn); + free(fn); + free(directory); + fn = p; + } + + umask(0077); /* Disallow everything for group and other */ + + /* Open it first to keep the inode busy */ + + r = fopen(fn, mode); + + if(!r) { + fprintf(stderr, _("Error opening file `%s': %s\n"), + fn, strerror(errno)); + free(fn); + return NULL; + } + + /* Then check the file for nasty attacks */ + if(!is_safe_path(fn)) { /* Do not permit any directories that are readable or writeable by other users. */ + fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" + "I will not create or overwrite this file.\n"), fn); + fclose(r); + free(fn); + return NULL; + } + + free(fn); + + return r; } diff --git a/src/conf.h b/src/conf.h index 847e52c2..e9fb2ae1 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.33 2002/06/21 10:11:12 guus Exp $ + $Id: conf.h,v 1.6.4.34 2002/09/09 21:24:31 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -32,10 +32,10 @@ #include "subnet.h" typedef struct config_t { - char *variable; - char *value; - char *file; - int line; + char *variable; + char *value; + char *file; + int line; } config_t; extern avl_tree_t *config_tree; @@ -59,12 +59,12 @@ extern int get_config_int(config_t *, int *); extern int get_config_port(config_t *, port_t *); extern int get_config_string(config_t *, char **); extern int get_config_address(config_t *, struct addrinfo **); -struct subnet_t; /* Needed for next line. */ +struct subnet_t; /* Needed for next line. */ extern int get_config_subnet(config_t *, struct subnet_t **); extern int read_config_file(avl_tree_t *, const char *); extern int read_server_config(void); -extern FILE *ask_and_safe_open(const char*, const char*, const char *); +extern FILE *ask_and_safe_open(const char *, const char *, const char *); extern int is_safe_path(const char *); -#endif /* __TINC_CONF_H__ */ +#endif /* __TINC_CONF_H__ */ diff --git a/src/connection.c b/src/connection.c index 9fd23a75..089ff0de 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.32 2002/09/09 19:39:58 guus Exp $ + $Id: connection.c,v 1.1.2.33 2002/09/09 21:24:31 guus Exp $ */ #include "config.h" @@ -30,7 +30,7 @@ #include #include -#include "net.h" /* Don't ask. */ +#include "net.h" /* Don't ask. */ #include "netutl.h" #include "config.h" #include "conf.h" @@ -43,102 +43,109 @@ avl_tree_t *connection_tree; /* Meta connections */ connection_t *broadcast; -int connection_compare(connection_t *a, connection_t *b) +int connection_compare(connection_t * a, connection_t * b) { - return a - b; + return a - b; } void init_connections(void) { - cp(); - connection_tree = avl_alloc_tree((avl_compare_t)connection_compare, NULL); - cp(); - broadcast = new_connection(); - broadcast->name = xstrdup(_("everyone")); - broadcast->hostname = xstrdup(_("BROADCAST")); - cp(); + cp(); + + connection_tree = avl_alloc_tree((avl_compare_t) connection_compare, NULL); + broadcast = new_connection(); + broadcast->name = xstrdup(_("everyone")); + broadcast->hostname = xstrdup(_("BROADCAST")); } void exit_connections(void) { - cp(); - avl_delete_tree(connection_tree); - cp(); - free_connection(broadcast); - cp(); + cp(); + + avl_delete_tree(connection_tree); + free_connection(broadcast); } connection_t *new_connection(void) { - connection_t *c; - cp(); - c = (connection_t *)xmalloc_and_zero(sizeof(connection_t)); + connection_t *c; - if(!c) - return NULL; + cp(); - gettimeofday(&c->start, NULL); - cp(); - return c; + c = (connection_t *) xmalloc_and_zero(sizeof(connection_t)); + + if(!c) + return NULL; + + gettimeofday(&c->start, NULL); + + return c; } -void free_connection(connection_t *c) +void free_connection(connection_t * c) { - cp(); - if(c->hostname) - free(c->hostname); - if(c->inkey) - free(c->inkey); - if(c->outkey) - free(c->outkey); - if(c->mychallenge) - free(c->mychallenge); - if(c->hischallenge) - free(c->hischallenge); - free(c); - cp(); + cp(); + + if(c->hostname) + free(c->hostname); + + if(c->inkey) + free(c->inkey); + + if(c->outkey) + free(c->outkey); + + if(c->mychallenge) + free(c->mychallenge); + + if(c->hischallenge) + free(c->hischallenge); + + free(c); } -void connection_add(connection_t *c) +void connection_add(connection_t * c) { - cp(); - avl_insert(connection_tree, c); - cp(); + cp(); + + avl_insert(connection_tree, c); } -void connection_del(connection_t *c) +void connection_del(connection_t * c) { - cp(); - avl_delete(connection_tree, c); - cp(); + cp(); + + avl_delete(connection_tree, c); } void dump_connections(void) { - avl_node_t *node; - connection_t *c; - cp(); - syslog(LOG_DEBUG, _("Connections:")); + avl_node_t *node; + connection_t *c; - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s options %lx socket %d status %04x"), - c->name, c->hostname, c->options, c->socket, c->status); - } - - syslog(LOG_DEBUG, _("End of connections.")); - cp(); + cp(); + + syslog(LOG_DEBUG, _("Connections:")); + + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; + syslog(LOG_DEBUG, _(" %s at %s options %lx socket %d status %04x"), + c->name, c->hostname, c->options, c->socket, c->status); + } + + syslog(LOG_DEBUG, _("End of connections.")); } -int read_connection_config(connection_t *c) +int read_connection_config(connection_t * c) { - char *fname; - int x; - cp(); - asprintf(&fname, "%s/hosts/%s", confbase, c->name); - x = read_config_file(c->config_tree, fname); - free(fname); - cp(); - return x; + char *fname; + int x; + + cp(); + + asprintf(&fname, "%s/hosts/%s", confbase, c->name); + x = read_config_file(c->config_tree, fname); + free(fname); + + return x; } diff --git a/src/connection.h b/src/connection.h index 4d2ea2d3..97552275 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.30 2002/09/04 16:26:44 guus Exp $ + $Id: connection.h,v 1.1.2.31 2002/09/09 21:24:31 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -50,62 +50,62 @@ #define OPTION_TCPONLY 0x0002 typedef struct connection_status_t { - int pinged:1; /* sent ping */ - int active:1; /* 1 if active.. */ - int connecting:1; /* 1 if we are waiting for a non-blocking connect() to finish */ - int termreq:1; /* the termination of this connection was requested */ - int remove:1; /* Set to 1 if you want this connection removed */ - int timeout:1; /* 1 if gotten timeout */ - int encryptout:1; /* 1 if we can encrypt outgoing traffic */ - int decryptin:1; /* 1 if we have to decrypt incoming traffic */ - int mst:1; /* 1 if this connection is part of a minimum spanning tree */ - int unused:18; + int pinged:1; /* sent ping */ + int active:1; /* 1 if active.. */ + int connecting:1; /* 1 if we are waiting for a non-blocking connect() to finish */ + int termreq:1; /* the termination of this connection was requested */ + int remove:1; /* Set to 1 if you want this connection removed */ + int timeout:1; /* 1 if gotten timeout */ + int encryptout:1; /* 1 if we can encrypt outgoing traffic */ + int decryptin:1; /* 1 if we have to decrypt incoming traffic */ + int mst:1; /* 1 if this connection is part of a minimum spanning tree */ + int unused:18; } connection_status_t; typedef struct connection_t { - char *name; /* name he claims to have */ + char *name; /* name he claims to have */ - sockaddr_t address; /* his real (internet) ip */ - char *hostname; /* the hostname of its real ip */ - int protocol_version; /* used protocol */ + sockaddr_t address; /* his real (internet) ip */ + char *hostname; /* the hostname of its real ip */ + int protocol_version; /* used protocol */ - int socket; /* socket used for this connection */ - long int options; /* options for this connection */ - struct connection_status_t status; /* status info */ - int estimated_weight; /* estimation for the weight of the edge for this connection */ - struct timeval start; /* time this connection was started, used for above estimation */ - struct outgoing_t *outgoing; /* used to keep track of outgoing connections */ + int socket; /* socket used for this connection */ + long int options; /* options for this connection */ + struct connection_status_t status; /* status info */ + int estimated_weight; /* estimation for the weight of the edge for this connection */ + struct timeval start; /* time this connection was started, used for above estimation */ + struct outgoing_t *outgoing; /* used to keep track of outgoing connections */ - struct node_t *node; /* node associated with the other end */ - struct edge_t *edge; /* edge associated with this connection */ + struct node_t *node; /* node associated with the other end */ + struct edge_t *edge; /* edge associated with this connection */ - RSA *rsa_key; /* his public/private key */ - const EVP_CIPHER *incipher; /* Cipher he will use to send data to us */ - const EVP_CIPHER *outcipher; /* Cipher we will use to send data to him */ - EVP_CIPHER_CTX *inctx; /* Context of encrypted meta data that will come from him to us */ - EVP_CIPHER_CTX *outctx; /* Context of encrypted meta data that will be sent from us to him */ - char *inkey; /* His symmetric meta key + iv */ - char *outkey; /* Our symmetric meta key + iv */ - int inkeylength; /* Length of his key + iv */ - int outkeylength; /* Length of our key + iv */ - const EVP_MD *indigest; - const EVP_MD *outdigest; - int inmaclength; - int outmaclength; - int incompression; - int outcompression; - char *mychallenge; /* challenge we received from him */ - char *hischallenge; /* challenge we sent to him */ + RSA *rsa_key; /* his public/private key */ + const EVP_CIPHER *incipher; /* Cipher he will use to send data to us */ + const EVP_CIPHER *outcipher; /* Cipher we will use to send data to him */ + EVP_CIPHER_CTX *inctx; /* Context of encrypted meta data that will come from him to us */ + EVP_CIPHER_CTX *outctx; /* Context of encrypted meta data that will be sent from us to him */ + char *inkey; /* His symmetric meta key + iv */ + char *outkey; /* Our symmetric meta key + iv */ + int inkeylength; /* Length of his key + iv */ + int outkeylength; /* Length of our key + iv */ + const EVP_MD *indigest; + const EVP_MD *outdigest; + int inmaclength; + int outmaclength; + int incompression; + int outcompression; + char *mychallenge; /* challenge we received from him */ + char *hischallenge; /* challenge we sent to him */ - char buffer[MAXBUFSIZE]; /* metadata input buffer */ - int buflen; /* bytes read into buffer */ - int reqlen; /* length of incoming request */ - int tcplen; /* length of incoming TCPpacket */ - int allow_request; /* defined if there's only one request possible */ + char buffer[MAXBUFSIZE]; /* metadata input buffer */ + int buflen; /* bytes read into buffer */ + int reqlen; /* length of incoming request */ + int tcplen; /* length of incoming TCPpacket */ + int allow_request; /* defined if there's only one request possible */ - time_t last_ping_time; /* last time we saw some activity from the other end */ + time_t last_ping_time; /* last time we saw some activity from the other end */ - avl_tree_t *config_tree; /* Pointer to configuration tree belonging to him */ + avl_tree_t *config_tree; /* Pointer to configuration tree belonging to him */ } connection_t; extern avl_tree_t *connection_tree; @@ -120,4 +120,4 @@ extern void connection_del(connection_t *); extern void dump_connections(void); extern int read_connection_config(connection_t *); -#endif /* __TINC_CONNECTION_H__ */ +#endif /* __TINC_CONNECTION_H__ */ diff --git a/src/cygwin/device.c b/src/cygwin/device.c index f5380abf..b14aec16 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.1 2002/07/11 12:57:06 guus Exp $ + $Id: device.c,v 1.1.2.2 2002/09/09 21:25:18 guus Exp $ */ #include "config.h" @@ -51,90 +51,78 @@ extern subnet_t mymac; int setup_device(void) { - struct ifreq ifr; + struct ifreq ifr; -cp - if(!get_config_string(lookup_config(config_tree, "Device"), &device)) - device = DEFAULT_DEVICE; + cp if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - interface = rindex(device, '/')?rindex(device, '/')+1:device; -cp - if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) - { - syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); - return -1; - } -cp - /* Set default MAC address for ethertap devices */ + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; + cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { + syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + return -1; + } + cp + /* Set default MAC address for ethertap devices */ + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; + device_info = _("Stub device for Cygwin environment"); - device_info = _("Stub device for Cygwin environment"); - - syslog(LOG_INFO, _("%s is a %s"), device, device_info); -cp - return 0; + syslog(LOG_INFO, _("%s is a %s"), device, device_info); + cp return 0; } void close_device(void) { -cp - close(device_fd); + cp close(device_fd); } -int read_packet(vpn_packet_t *packet) +int read_packet(vpn_packet_t * packet) { - int lenin; -cp - if((lenin = read(device_fd, packet->data, MTU)) <= 0) - { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + int lenin; + cp if((lenin = read(device_fd, packet->data, MTU)) <= 0) { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return -1; + } - packet->len = lenin; + packet->len = lenin; - device_total_in += packet->len; + device_total_in += packet->len; - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - } + if(debug_lvl >= DEBUG_TRAFFIC) { + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + device_info); + } - return 0; -cp -} + return 0; +cp} -int write_packet(vpn_packet_t *packet) +int write_packet(vpn_packet_t * packet) { -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), - packet->len, device_info); + cp if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); - if(write(device_fd, packet->data, packet->len) < 0) - { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + if(write(device_fd, packet->data, packet->len) < 0) { + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + strerror(errno)); + return -1; + } - device_total_out += packet->len; -cp - return 0; + device_total_out += packet->len; + cp return 0; } void dump_device_stats(void) { -cp - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp -} + cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp} diff --git a/src/darwin/device.c b/src/darwin/device.c index 2f673ab7..d30f0b6a 100644 --- a/src/darwin/device.c +++ b/src/darwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.2 2002/06/21 10:11:34 guus Exp $ + $Id: device.c,v 1.1.2.3 2002/09/09 21:25:19 guus Exp $ */ #include "config.h" @@ -58,96 +58,83 @@ extern subnet_t mymac; */ int setup_device(void) { -cp - if(!get_config_string(lookup_config(config_tree, "Device"), &device)) - device = DEFAULT_DEVICE; + cp if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - interface = rindex(device, '/')?rindex(device, '/')+1:device; -cp - if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) - { - syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); - return -1; - } -cp + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; + cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { + syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + return -1; + } + cp + /* Set default MAC address for ethertap devices */ + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; - /* Set default MAC address for ethertap devices */ + device_info = _("MacOS/X tun device"); - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; - - device_info = _("MacOS/X tun device"); - - syslog(LOG_INFO, _("%s is a %s"), device, device_info); -cp - return 0; + syslog(LOG_INFO, _("%s is a %s"), device, device_info); + cp return 0; } void close_device(void) { -cp - close(device_fd); + cp close(device_fd); } /* read, encrypt and send data that is available through the ethertap device */ -int read_packet(vpn_packet_t *packet) +int read_packet(vpn_packet_t * packet) { - int lenin; -cp - if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) - { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + int lenin; + cp if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return -1; + } - memcpy(packet->data, mymac.net.mac.address.x, 6); - memcpy(packet->data + 6, mymac.net.mac.address.x, 6); - packet->data[12] = 0x08; - packet->data[13] = 0x00; + memcpy(packet->data, mymac.net.mac.address.x, 6); + memcpy(packet->data + 6, mymac.net.mac.address.x, 6); + packet->data[12] = 0x08; + packet->data[13] = 0x00; - packet->len = lenin + 14; + packet->len = lenin + 14; - device_total_in += packet->len; + device_total_in += packet->len; - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), - packet->len, device_info); + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), + packet->len, device_info); - return 0; -cp -} + return 0; +cp} -int write_packet(vpn_packet_t *packet) +int write_packet(vpn_packet_t * packet) { -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), - packet->len, device_info); + cp if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); - if(write(device_fd, packet->data + 14, packet->len - 14) < 0) - { - syslog(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { + syslog(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, + device, strerror(errno)); + return -1; + } - device_total_out += packet->len; -cp -} + device_total_out += packet->len; +cp} void dump_device_stats(void) { -cp - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp -} + cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp} diff --git a/src/device.h b/src/device.h index 20f9dadc..04225dd3 100644 --- a/src/device.h +++ b/src/device.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.h,v 1.1.2.6 2002/06/21 10:11:12 guus Exp $ + $Id: device.h,v 1.1.2.7 2002/09/09 21:24:31 guus Exp $ */ #ifndef __TINC_DEVICE_H__ @@ -33,4 +33,4 @@ extern int read_packet(vpn_packet_t *); extern int write_packet(vpn_packet_t *); extern void dump_device_stats(void); -#endif /* __TINC_DEVICE_H__ */ +#endif /* __TINC_DEVICE_H__ */ diff --git a/src/edge.c b/src/edge.c index e35d806d..8c100090 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.15 2002/09/09 19:39:58 guus Exp $ + $Id: edge.c,v 1.1.2.16 2002/09/09 21:24:31 guus Exp $ */ #include "config.h" @@ -29,7 +29,7 @@ #include #include -#include "net.h" /* Don't ask. */ +#include "net.h" /* Don't ask. */ #include "netutl.h" #include "config.h" #include "conf.h" @@ -41,132 +41,132 @@ #include "xalloc.h" #include "system.h" -avl_tree_t *edge_weight_tree; /* Tree with all edges, sorted on weight */ +avl_tree_t *edge_weight_tree; /* Tree with all edges, sorted on weight */ -int edge_compare(edge_t *a, edge_t *b) +int edge_compare(edge_t * a, edge_t * b) { - return strcmp(a->to->name, b->to->name); + return strcmp(a->to->name, b->to->name); } -int edge_weight_compare(edge_t *a, edge_t *b) +int edge_weight_compare(edge_t * a, edge_t * b) { - int result; + int result; - result = a->weight - b->weight; + result = a->weight - b->weight; - if(result) - return result; + if(result) + return result; - result = strcmp(a->from->name, b->from->name); + result = strcmp(a->from->name, b->from->name); - if(result) - return result; + if(result) + return result; - return strcmp(a->to->name, b->to->name); + return strcmp(a->to->name, b->to->name); } void init_edges(void) { - cp(); - edge_weight_tree = avl_alloc_tree((avl_compare_t)edge_weight_compare, NULL); - cp(); + cp(); + + edge_weight_tree = + avl_alloc_tree((avl_compare_t) edge_weight_compare, NULL); } avl_tree_t *new_edge_tree(void) { - cp(); - return avl_alloc_tree((avl_compare_t)edge_compare, NULL); - cp(); + cp(); + + return avl_alloc_tree((avl_compare_t) edge_compare, NULL); } -void free_edge_tree(avl_tree_t *edge_tree) +void free_edge_tree(avl_tree_t * edge_tree) { - cp(); - avl_delete_tree(edge_tree); - cp(); + cp(); + + avl_delete_tree(edge_tree); } void exit_edges(void) { - cp(); - avl_delete_tree(edge_weight_tree); - cp(); + cp(); + + avl_delete_tree(edge_weight_tree); } /* Creation and deletion of connection elements */ edge_t *new_edge(void) { - edge_t *e; - cp(); - e = (edge_t *)xmalloc_and_zero(sizeof(*e)); - cp(); - return e; + cp(); + + return (edge_t *) xmalloc_and_zero(sizeof(edge_t)); } -void free_edge(edge_t *e) +void free_edge(edge_t * e) { - cp(); - free(e); - cp(); + cp(); + + free(e); } -void edge_add(edge_t *e) +void edge_add(edge_t * e) { - cp(); - avl_insert(edge_weight_tree, e); - avl_insert(e->from->edge_tree, e); - cp(); - e->reverse = lookup_edge(e->to, e->from); - if(e->reverse) - e->reverse->reverse = e; - cp(); + cp(); + + avl_insert(edge_weight_tree, e); + avl_insert(e->from->edge_tree, e); + + e->reverse = lookup_edge(e->to, e->from); + + if(e->reverse) + e->reverse->reverse = e; } -void edge_del(edge_t *e) +void edge_del(edge_t * e) { - cp(); - if(e->reverse) - e->reverse->reverse = NULL; - cp(); - avl_delete(edge_weight_tree, e); - avl_delete(e->from->edge_tree, e); - cp(); + cp(); + + if(e->reverse) + e->reverse->reverse = NULL; + + avl_delete(e->from->edge_tree, e); + avl_delete(edge_weight_tree, e); } -edge_t *lookup_edge(node_t *from, node_t *to) +edge_t *lookup_edge(node_t * from, node_t * to) { - edge_t v; - cp(); - v.from = from; - v.to = to; + edge_t v; - return avl_search(from->edge_tree, &v); + cp(); + + v.from = from; + v.to = to; + + return avl_search(from->edge_tree, &v); } void dump_edges(void) { - avl_node_t *node, *node2; - node_t *n; - edge_t *e; - char *address; - cp(); - syslog(LOG_DEBUG, _("Edges:")); + avl_node_t *node, *node2; + node_t *n; + edge_t *e; + char *address; - for(node = node_tree->head; node; node = node->next) - { - n = (node_t *)node->data; - for(node2 = n->edge_tree->head; node2; node2 = node2->next) - { - e = (edge_t *)node2->data; - address = sockaddr2hostname(&e->address); - syslog(LOG_DEBUG, _(" %s to %s at %s options %lx weight %d"), - e->from->name, e->to->name, address, - e->options, e->weight); - free(address); + cp(); + + syslog(LOG_DEBUG, _("Edges:")); + + for(node = node_tree->head; node; node = node->next) { + n = (node_t *) node->data; + for(node2 = n->edge_tree->head; node2; node2 = node2->next) { + e = (edge_t *) node2->data; + address = sockaddr2hostname(&e->address); + syslog(LOG_DEBUG, _(" %s to %s at %s options %lx weight %d"), + e->from->name, e->to->name, address, e->options, e->weight); + free(address); + } } - } - syslog(LOG_DEBUG, _("End of edges.")); - cp(); + syslog(LOG_DEBUG, _("End of edges.")); } diff --git a/src/edge.h b/src/edge.h index 9ddb7564..875b1aa2 100644 --- a/src/edge.h +++ b/src/edge.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.10 2002/09/06 10:23:52 guus Exp $ + $Id: edge.h,v 1.1.2.11 2002/09/09 21:24:31 guus Exp $ */ #ifndef __TINC_EDGE_H__ @@ -30,18 +30,18 @@ #include "connection.h" typedef struct edge_t { - struct node_t *from; - struct node_t *to; - sockaddr_t address; + struct node_t *from; + struct node_t *to; + sockaddr_t address; - long int options; /* options turned on for this edge */ - int weight; /* weight of this edge */ - - struct connection_t *connection; /* connection associated with this edge, if available */ - struct edge_t *reverse; /* edge in the opposite direction, if available */ + long int options; /* options turned on for this edge */ + int weight; /* weight of this edge */ + + struct connection_t *connection; /* connection associated with this edge, if available */ + struct edge_t *reverse; /* edge in the opposite direction, if available */ } edge_t; -extern avl_tree_t *edge_weight_tree; /* Tree with all known edges sorted on weight */ +extern avl_tree_t *edge_weight_tree; /* Tree with all known edges sorted on weight */ extern void init_edges(void); extern void exit_edges(void); @@ -54,4 +54,4 @@ extern void edge_del(edge_t *); extern edge_t *lookup_edge(struct node_t *, struct node_t *); extern void dump_edges(void); -#endif /* __TINC_EDGE_H__ */ +#endif /* __TINC_EDGE_H__ */ diff --git a/src/event.c b/src/event.c index bc56dc1f..acf2ffb7 100644 --- a/src/event.c +++ b/src/event.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.c,v 1.1.4.4 2002/09/09 19:39:58 guus Exp $ + $Id: event.c,v 1.1.4.5 2002/09/09 21:24:31 guus Exp $ */ #include "config.h" @@ -38,73 +38,74 @@ extern time_t now; int id; -int event_compare(event_t *a, event_t *b) +int event_compare(event_t * a, event_t * b) { - if(a->time > b->time) - return 1; - if(a->time < b->time) - return -1; - return a->id - b->id; + if(a->time > b->time) + return 1; + + if(a->time < b->time) + return -1; + + return a->id - b->id; } void init_events(void) { - cp(); - event_tree = avl_alloc_tree((avl_compare_t)event_compare, NULL); - cp(); + cp(); + + event_tree = avl_alloc_tree((avl_compare_t) event_compare, NULL); } void exit_events(void) { - cp(); - avl_delete_tree(event_tree); - cp(); + cp(); + + avl_delete_tree(event_tree); } event_t *new_event(void) { - event_t *event; - cp(); - event = (event_t *)xmalloc_and_zero(sizeof(*event)); - cp(); - return event; + cp(); + + return (event_t *) xmalloc_and_zero(sizeof(event_t)); } -void free_event(event_t *event) +void free_event(event_t * event) { - cp(); - free(event); - cp(); + cp(); + + free(event); } -void event_add(event_t *event) +void event_add(event_t * event) { - cp(); - event->id = ++id; - avl_insert(event_tree, event); - cp(); + cp(); + + event->id = ++id; + avl_insert(event_tree, event); } -void event_del(event_t *event) +void event_del(event_t * event) { - cp(); - avl_delete(event_tree, event); - cp(); + cp(); + + avl_delete(event_tree, event); } event_t *get_expired_event(void) { - event_t *event; - cp(); - if(event_tree->head) - { - event = (event_t *)event_tree->head->data; - if(event->time < now) - { - avl_delete(event_tree, event); - return event; - } - } - cp(); - return NULL; + event_t *event; + + cp(); + + if(event_tree->head) { + event = (event_t *) event_tree->head->data; + + if(event->time < now) { + avl_delete(event_tree, event); + return event; + } + } + + return NULL; } diff --git a/src/event.h b/src/event.h index e5f5516f..5833ad11 100644 --- a/src/event.h +++ b/src/event.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.h,v 1.1.4.2 2002/06/21 10:11:12 guus Exp $ + $Id: event.h,v 1.1.4.3 2002/09/09 21:24:34 guus Exp $ */ #ifndef __TINC_EVENT_H__ @@ -28,13 +28,13 @@ avl_tree_t *event_tree; -typedef void (*event_handler_t)(void *); +typedef void (*event_handler_t) (void *); typedef struct { - time_t time; - int id; - event_handler_t handler; - void *data; + time_t time; + int id; + event_handler_t handler; + void *data; } event_t; extern void init_events(void); @@ -45,4 +45,4 @@ extern void event_add(event_t *); extern void event_del(event_t *); extern event_t *get_expired_event(void); -#endif /* __TINC_EVENT_H__ */ +#endif /* __TINC_EVENT_H__ */ diff --git a/src/freebsd/device.c b/src/freebsd/device.c index 1139c65b..0e3a9fce 100644 --- a/src/freebsd/device.c +++ b/src/freebsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.5 2002/06/21 10:11:35 guus Exp $ + $Id: device.c,v 1.1.2.6 2002/09/09 21:25:19 guus Exp $ */ #include "config.h" @@ -58,91 +58,78 @@ extern subnet_t mymac; */ int setup_device(void) { -cp - if(!get_config_string(lookup_config(config_tree, "Device"), &device)) - device = DEFAULT_DEVICE; + cp if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - interface = rindex(device, '/')?rindex(device, '/')+1:device; -cp - if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) - { - syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); - return -1; - } -cp + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; + cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { + syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + return -1; + } + cp + /* Set default MAC address for ethertap devices */ + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; - /* Set default MAC address for ethertap devices */ + device_info = _("FreeBSD tap device"); - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; - - device_info = _("FreeBSD tap device"); - - syslog(LOG_INFO, _("%s is a %s"), device, device_info); -cp - return 0; + syslog(LOG_INFO, _("%s is a %s"), device, device_info); + cp return 0; } void close_device(void) { -cp - close(device_fd); + cp close(device_fd); } /* read, encrypt and send data that is available through the ethertap device */ -int read_packet(vpn_packet_t *packet) +int read_packet(vpn_packet_t * packet) { - int lenin; -cp - if((lenin = read(device_fd, packet->data, MTU)) <= 0) - { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + int lenin; + cp if((lenin = read(device_fd, packet->data, MTU)) <= 0) { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return -1; + } - packet->len = lenin; + packet->len = lenin; - device_total_in += packet->len; + device_total_in += packet->len; - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), - packet->len, device_info); + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), + packet->len, device_info); - return 0; -cp -} + return 0; +cp} -int write_packet(vpn_packet_t *packet) +int write_packet(vpn_packet_t * packet) { -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), - packet->len, device_info); + cp if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); - if(write(device_fd, packet->data, packet->len) < 0) - { - syslog(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + if(write(device_fd, packet->data, packet->len) < 0) { + syslog(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, + device, strerror(errno)); + return -1; + } - device_total_out += packet->len; -cp -} + device_total_out += packet->len; +cp} void dump_device_stats(void) { -cp - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp -} + cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp} diff --git a/src/graph.c b/src/graph.c index fb1eb650..d1bd2ac3 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.18 2002/09/09 19:39:58 guus Exp $ + $Id: graph.c,v 1.1.2.19 2002/09/09 21:24:34 guus Exp $ */ /* We need to generate two trees from the graph: @@ -51,7 +51,7 @@ #include "config.h" #include #ifdef HAVE_SYS_PARAM_H - #include +#include #endif #include @@ -74,78 +74,79 @@ void mst_kruskal(void) { - avl_node_t *node, *next; - edge_t *e; - node_t *n; - connection_t *c; - int nodes = 0; - int safe_edges = 0; - int skipped; + avl_node_t *node, *next; + edge_t *e; + node_t *n; + connection_t *c; + int nodes = 0; + int safe_edges = 0; + int skipped; - /* Clear MST status on connections */ + cp(); + + /* Clear MST status on connections */ - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - c->status.mst = 0; - } + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; + c->status.mst = 0; + } - /* Do we have something to do at all? */ - - if(!edge_weight_tree->head) - return; + /* Do we have something to do at all? */ - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, "Running Kruskal's algorithm:"); + if(!edge_weight_tree->head) + return; - /* Clear visited status on nodes */ + if(debug_lvl >= DEBUG_SCARY_THINGS) + syslog(LOG_DEBUG, "Running Kruskal's algorithm:"); - for(node = node_tree->head; node; node = node->next) - { - n = (node_t *)node->data; - n->status.visited = 0; - nodes++; - } + /* Clear visited status on nodes */ - /* Starting point */ - - ((edge_t *)edge_weight_tree->head->data)->from->status.visited = 1; + for(node = node_tree->head; node; node = node->next) { + n = (node_t *) node->data; + n->status.visited = 0; + nodes++; + } - /* Add safe edges */ + /* Starting point */ - for(skipped = 0, node = edge_weight_tree->head; node; node = next) - { - next = node->next; - e = (edge_t *)node->data; + ((edge_t *) edge_weight_tree->head->data)->from->status.visited = 1; - if(!e->reverse || e->from->status.visited == e->to->status.visited) - { - skipped = 1; - continue; - } + /* Add safe edges */ - e->from->status.visited = 1; - e->to->status.visited = 1; - if(e->connection) - e->connection->status.mst = 1; - if(e->reverse->connection) - e->reverse->connection->status.mst = 1; + for(skipped = 0, node = edge_weight_tree->head; node; node = next) { + next = node->next; + e = (edge_t *) node->data; - safe_edges++; + if(!e->reverse || e->from->status.visited == e->to->status.visited) { + skipped = 1; + continue; + } - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name, e->to->name, e->weight); + e->from->status.visited = 1; + e->to->status.visited = 1; - if(skipped) - { - skipped = 0; - next = edge_weight_tree->head; - continue; - } - } + if(e->connection) + e->connection->status.mst = 1; - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, "Done, counted %d nodes and %d safe edges.", nodes, safe_edges); + if(e->reverse->connection) + e->reverse->connection->status.mst = 1; + + safe_edges++; + + if(debug_lvl >= DEBUG_SCARY_THINGS) + syslog(LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name, + e->to->name, e->weight); + + if(skipped) { + skipped = 0; + next = edge_weight_tree->head; + continue; + } + } + + if(debug_lvl >= DEBUG_SCARY_THINGS) + syslog(LOG_DEBUG, "Done, counted %d nodes and %d safe edges.", nodes, + safe_edges); } /* Implementation of a simple breadth-first search algorithm. @@ -154,144 +155,152 @@ void mst_kruskal(void) void sssp_bfs(void) { - avl_node_t *node, *from, *next, *to; - edge_t *e; - node_t *n; - avl_tree_t *todo_tree; - int indirect; - char *name; - char *address, *port; - char *envp[7]; - int i; + avl_node_t *node, *from, *next, *to; + edge_t *e; + node_t *n; + avl_tree_t *todo_tree; + int indirect; + char *name; + char *address, *port; + char *envp[7]; + int i; - todo_tree = avl_alloc_tree(NULL, NULL); + cp(); - /* Clear visited status on nodes */ + todo_tree = avl_alloc_tree(NULL, NULL); - for(node = node_tree->head; node; node = node->next) - { - n = (node_t *)node->data; - n->status.visited = 0; - n->status.indirect = 1; - } + /* Clear visited status on nodes */ - /* Begin with myself */ + for(node = node_tree->head; node; node = node->next) { + n = (node_t *) node->data; + n->status.visited = 0; + n->status.indirect = 1; + } - myself->status.visited = 1; - myself->status.indirect = 0; - myself->nexthop = myself; - myself->via = myself; - node = avl_alloc_node(); - node->data = myself; - avl_insert_top(todo_tree, node); + /* Begin with myself */ - /* Loop while todo_tree is filled */ + myself->status.visited = 1; + myself->status.indirect = 0; + myself->nexthop = myself; + myself->via = myself; + node = avl_alloc_node(); + node->data = myself; + avl_insert_top(todo_tree, node); - while(todo_tree->head) - { - for(from = todo_tree->head; from; from = next) /* "from" is the node from which we start */ - { - next = from->next; - n = (node_t *)from->data; + /* Loop while todo_tree is filled */ - for(to = n->edge_tree->head; to; to = to->next) /* "to" is the edge connected to "from" */ - { - e = (edge_t *)to->data; - - if(!e->reverse) - continue; + while(todo_tree->head) { + for(from = todo_tree->head; from; from = next) { /* "from" is the node from which we start */ + next = from->next; + n = (node_t *) from->data; - /* Situation: + for(to = n->edge_tree->head; to; to = to->next) { /* "to" is the edge connected to "from" */ + e = (edge_t *) to->data; - / - / - ------(n)-----(e->to) - \ - \ + if(!e->reverse) + continue; - n->address is set to the e->address of the edge left of n to n. - We are currently examining the edge e right of n from n: + /* Situation: - - If e->reverse->address != n->address, then e->to is probably - not reachable for the nodes left of n. We do as if the indirectdata - flag is set on edge e. - - If edge e provides for better reachability of e->to, update - e->to and (re)add it to the todo_tree to (re)examine the reachability - of nodes behind it. - */ + / + / + ------(n)-----(e->to) + \ + \ - indirect = n->status.indirect || e->options & OPTION_INDIRECT || ((n != myself) && sockaddrcmp(&n->address, &e->reverse->address)); + n->address is set to the e->address of the edge left of n to n. + We are currently examining the edge e right of n from n: - if(e->to->status.visited && (!e->to->status.indirect || indirect)) - continue; + - If e->reverse->address != n->address, then e->to is probably + not reachable for the nodes left of n. We do as if the indirectdata + flag is set on edge e. + - If edge e provides for better reachability of e->to, update + e->to and (re)add it to the todo_tree to (re)examine the reachability + of nodes behind it. + */ - e->to->status.visited = 1; - e->to->status.indirect = indirect; - e->to->nexthop = (n->nexthop == myself) ? e->to : n->nexthop; - e->to->via = indirect ? n->via : e->to; - e->to->options = e->options; - if(sockaddrcmp(&e->to->address, &e->address)) - { - node = avl_unlink(node_udp_tree, e->to); - e->to->address = e->address; - if(e->to->hostname) - free(e->to->hostname); - e->to->hostname = sockaddr2hostname(&e->to->address); - avl_insert_node(node_udp_tree, node); - } - node = avl_alloc_node(); - node->data = e->to; - avl_insert_before(todo_tree, from, node); - } + indirect = n->status.indirect || e->options & OPTION_INDIRECT + || ((n != myself) + && sockaddrcmp(&n->address, &e->reverse->address)); - avl_delete_node(todo_tree, from); - } - } + if(e->to->status.visited + && (!e->to->status.indirect || indirect)) + continue; - avl_free_tree(todo_tree); - - /* Check reachability status. */ + e->to->status.visited = 1; + e->to->status.indirect = indirect; + e->to->nexthop = (n->nexthop == myself) ? e->to : n->nexthop; + e->to->via = indirect ? n->via : e->to; + e->to->options = e->options; - for(node = node_tree->head; node; node = next) - { - next = node->next; - n = (node_t *)node->data; + if(sockaddrcmp(&e->to->address, &e->address)) { + node = avl_unlink(node_udp_tree, e->to); + e->to->address = e->address; - if(n->status.visited != n->status.reachable) - { - n->status.reachable = !n->status.reachable; - if(debug_lvl >= DEBUG_TRAFFIC) - if(n->status.reachable) - syslog(LOG_DEBUG, _("Node %s (%s) became reachable"), n->name, n->hostname); - else - syslog(LOG_DEBUG, _("Node %s (%s) became unreachable"), n->name, n->hostname); + if(e->to->hostname) + free(e->to->hostname); - n->status.validkey = 0; - n->status.waitingforkey = 0; + e->to->hostname = sockaddr2hostname(&e->to->address); + avl_insert_node(node_udp_tree, node); + } - asprintf(&envp[0], "NETNAME=%s", netname?:""); - asprintf(&envp[1], "DEVICE=%s", device?:""); - asprintf(&envp[2], "INTERFACE=%s", interface?:""); - asprintf(&envp[3], "NODE=%s", n->name); - sockaddr2str(&n->address, &address, &port); - asprintf(&envp[4], "REMOTEADDRESS=%s", address); - asprintf(&envp[5], "REMOTEPORT=%s", port); - envp[6] = NULL; + node = avl_alloc_node(); + node->data = e->to; + avl_insert_before(todo_tree, from, node); + } - asprintf(&name, n->status.reachable?"hosts/%s-up":"hosts/%s-down", n->name); - execute_script(name, envp); - free(name); - free(address); - free(port); + avl_delete_node(todo_tree, from); + } + } - for(i = 0; i < 7; i++) - free(envp[i]); - } - } + avl_free_tree(todo_tree); + + /* Check reachability status. */ + + for(node = node_tree->head; node; node = next) { + next = node->next; + n = (node_t *) node->data; + + if(n->status.visited != n->status.reachable) { + n->status.reachable = !n->status.reachable; + + if(debug_lvl >= DEBUG_TRAFFIC) + if(n->status.reachable) + syslog(LOG_DEBUG, _("Node %s (%s) became reachable"), + n->name, n->hostname); + else + syslog(LOG_DEBUG, _("Node %s (%s) became unreachable"), + n->name, n->hostname); + + n->status.validkey = 0; + n->status.waitingforkey = 0; + + asprintf(&envp[0], "NETNAME=%s", netname ? : ""); + asprintf(&envp[1], "DEVICE=%s", device ? : ""); + asprintf(&envp[2], "INTERFACE=%s", interface ? : ""); + asprintf(&envp[3], "NODE=%s", n->name); + sockaddr2str(&n->address, &address, &port); + asprintf(&envp[4], "REMOTEADDRESS=%s", address); + asprintf(&envp[5], "REMOTEPORT=%s", port); + envp[6] = NULL; + + asprintf(&name, + n->status.reachable ? "hosts/%s-up" : "hosts/%s-down", + n->name); + execute_script(name, envp); + + free(name); + free(address); + free(port); + + for(i = 0; i < 7; i++) + free(envp[i]); + } + } } void graph(void) { - mst_kruskal(); - sssp_bfs(); + mst_kruskal(); + sssp_bfs(); } diff --git a/src/linux/device.c b/src/linux/device.c index 0088accd..0391f6a2 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.10 2002/09/09 19:40:12 guus Exp $ + $Id: device.c,v 1.1.2.11 2002/09/09 21:25:23 guus Exp $ */ #include "config.h" @@ -34,14 +34,14 @@ #include #ifdef HAVE_TUNTAP - #ifdef LINUX_IF_TUN_H - #include LINUX_IF_TUN_H - #else - #include - #endif - #define DEFAULT_DEVICE "/dev/misc/net/tun" +#ifdef LINUX_IF_TUN_H +#include LINUX_IF_TUN_H #else - #define DEFAULT_DEVICE "/dev/tap0" +#include +#endif +#define DEFAULT_DEVICE "/dev/misc/net/tun" +#else +#define DEFAULT_DEVICE "/dev/tap0" #endif #include @@ -71,160 +71,137 @@ extern subnet_t mymac; */ int setup_device(void) { - struct ifreq ifr; + struct ifreq ifr; -cp - if(!get_config_string(lookup_config(config_tree, "Device"), &device)) - device = DEFAULT_DEVICE; + cp if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) #ifdef HAVE_TUNTAP - interface = netname; + interface = netname; #else - interface = rindex(device, '/')?rindex(device, '/')+1:device; + interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; #endif -cp - device_fd = open(device, O_RDWR | O_NONBLOCK); + cp device_fd = open(device, O_RDWR | O_NONBLOCK); - if(device_fd < 0) - { - syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); - return -1; - } -cp - /* Set default MAC address for ethertap devices */ - - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; + if(device_fd < 0) { + syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + return -1; + } + cp + /* Set default MAC address for ethertap devices */ + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; #ifdef HAVE_TUNTAP - /* Ok now check if this is an old ethertap or a new tun/tap thingie */ + /* Ok now check if this is an old ethertap or a new tun/tap thingie */ - memset(&ifr, 0, sizeof(ifr)); -cp - ifr.ifr_flags = IFF_TAP | IFF_NO_PI; - if (interface) - strncpy(ifr.ifr_name, interface, IFNAMSIZ); -cp - if (!ioctl(device_fd, TUNSETIFF, (void *) &ifr)) - { - device_info = _("Linux tun/tap device"); - device_type = DEVICE_TYPE_TUNTAP; - strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); - interface = ifrname; - } - else - if (!ioctl(device_fd, (('T'<< 8) | 202), (void *) &ifr)) - { - syslog(LOG_WARNING, _("Old ioctl() request was needed for %s"), device); - device_type = DEVICE_TYPE_TUNTAP; - device_info = _("Linux tun/tap device"); - strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); - interface = ifrname; - } - else + memset(&ifr, 0, sizeof(ifr)); + cp ifr.ifr_flags = IFF_TAP | IFF_NO_PI; + if(interface) + strncpy(ifr.ifr_name, interface, IFNAMSIZ); + cp if(!ioctl(device_fd, TUNSETIFF, (void *) &ifr)) { + device_info = _("Linux tun/tap device"); + device_type = DEVICE_TYPE_TUNTAP; + strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); + interface = ifrname; + } else if(!ioctl(device_fd, (('T' << 8) | 202), (void *) &ifr)) { + syslog(LOG_WARNING, _("Old ioctl() request was needed for %s"), device); + device_type = DEVICE_TYPE_TUNTAP; + device_info = _("Linux tun/tap device"); + strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); + interface = ifrname; + } else #endif - { - device_info = _("Linux ethertap device"); - device_type = DEVICE_TYPE_ETHERTAP; - interface = rindex(device, '/')?rindex(device, '/')+1:device; - } + { + device_info = _("Linux ethertap device"); + device_type = DEVICE_TYPE_ETHERTAP; + interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; + } - syslog(LOG_INFO, _("%s is a %s"), device, device_info); -cp - return 0; + syslog(LOG_INFO, _("%s is a %s"), device, device_info); + cp return 0; } void close_device(void) { -cp - close(device_fd); + cp close(device_fd); } /* read, encrypt and send data that is available through the ethertap device */ -int read_packet(vpn_packet_t *packet) +int read_packet(vpn_packet_t * packet) { - int lenin; -cp - if(device_type == DEVICE_TYPE_TUNTAP) - { - lenin = read(device_fd, packet->data, MTU); + int lenin; + cp if(device_type == DEVICE_TYPE_TUNTAP) { + lenin = read(device_fd, packet->data, MTU); - if(lenin <= 0) - { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + if(lenin <= 0) { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), + device_info, device, strerror(errno)); + return -1; + } - packet->len = lenin; - } - else /* ethertap */ - { - lenin = read(device_fd, packet->data - 2, MTU + 2); + packet->len = lenin; + } else { /* ethertap */ - if(lenin <= 0) - { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + lenin = read(device_fd, packet->data - 2, MTU + 2); - packet->len = lenin - 2; - } + if(lenin <= 0) { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), + device_info, device, strerror(errno)); + return -1; + } - device_total_in += packet->len; + packet->len = lenin - 2; + } - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - } + device_total_in += packet->len; - return 0; -cp -} + if(debug_lvl >= DEBUG_TRAFFIC) { + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + device_info); + } -int write_packet(vpn_packet_t *packet) + return 0; +cp} + +int write_packet(vpn_packet_t * packet) { -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), - packet->len, device_info); + cp if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); - if(device_type == DEVICE_TYPE_TUNTAP) - { - if(write(device_fd, packet->data, packet->len) < 0) - { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } - } - else/* ethertap */ - { - *(short int *)(packet->data - 2) = packet->len; - if(write(device_fd, packet->data - 2, packet->len + 2) < 0) - { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } - } + if(device_type == DEVICE_TYPE_TUNTAP) { + if(write(device_fd, packet->data, packet->len) < 0) { + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + strerror(errno)); + return -1; + } + } else { /* ethertap */ - device_total_out += packet->len; -cp - return 0; + *(short int *) (packet->data - 2) = packet->len; + if(write(device_fd, packet->data - 2, packet->len + 2) < 0) { + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + strerror(errno)); + return -1; + } + } + + device_total_out += packet->len; + cp return 0; } void dump_device_stats(void) { -cp - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp -} + cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp} diff --git a/src/meta.c b/src/meta.c index 7a68d9d2..fa475dfb 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.28 2002/09/09 19:39:58 guus Exp $ + $Id: meta.c,v 1.1.2.29 2002/09/09 21:24:34 guus Exp $ */ #include "config.h" @@ -39,173 +39,160 @@ #include "system.h" #include "protocol.h" -int send_meta(connection_t *c, char *buffer, int length) +int send_meta(connection_t * c, char *buffer, int length) { - char *bufp; - int outlen; - char outbuf[MAXBUFSIZE]; - cp(); - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s)"), length, - c->name, c->hostname); + char *bufp; + int outlen; + char outbuf[MAXBUFSIZE]; - if(c->status.encryptout) - { - EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length); - bufp = outbuf; - length = outlen; - } - else - bufp = buffer; + cp(); - if(write(c->socket, bufp, length) < 0) - { - syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, c->hostname, strerror(errno)); - return -1; - } - cp(); - return 0; + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s)"), length, + c->name, c->hostname); + + if(c->status.encryptout) { + EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length); + bufp = outbuf; + length = outlen; + } else + bufp = buffer; + + if(write(c->socket, bufp, length) < 0) { + syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, + c->hostname, strerror(errno)); + return -1; + } + + return 0; } -void broadcast_meta(connection_t *from, char *buffer, int length) +void broadcast_meta(connection_t * from, char *buffer, int length) { - avl_node_t *node; - connection_t *c; - cp(); - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - if(c != from && c->status.active) - send_meta(c, buffer, length); - } - cp(); + avl_node_t *node; + connection_t *c; + + cp(); + + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; + + if(c != from && c->status.active) + send_meta(c, buffer, length); + } } -int receive_meta(connection_t *c) +int receive_meta(connection_t * c) { - int x, l = sizeof(x); - int oldlen, i; - int lenin, reqlen; - int decrypted = 0; - char inbuf[MAXBUFSIZE]; - cp(); - if(getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) - { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s %s (%s)"), __FILE__, __LINE__, c->socket, strerror(errno), - c->name, c->hostname); - return -1; - } - if(x) - { - syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), - c->name, c->hostname, strerror(x)); - return -1; - } + int x, l = sizeof(x); + int oldlen, i; + int lenin, reqlen; + int decrypted = 0; + char inbuf[MAXBUFSIZE]; - /* Strategy: - - Read as much as possible from the TCP socket in one go. - - Decrypt it. - - Check if a full request is in the input buffer. - - If yes, process request and remove it from the buffer, - then check again. - - If not, keep stuff in buffer and exit. - */ + cp(); - lenin = read(c->socket, c->buffer + c->buflen, MAXBUFSIZE - c->buflen); + if(getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s %s (%s)"), __FILE__, + __LINE__, c->socket, strerror(errno), c->name, c->hostname); + return -1; + } - if(lenin<=0) - { - if(lenin==0) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), - c->name, c->hostname); - } - else - if(errno==EINTR) - return 0; - else - syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %s"), - c->name, c->hostname, strerror(errno)); + if(x) { + syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), + c->name, c->hostname, strerror(x)); + return -1; + } - return -1; - } + /* Strategy: + - Read as much as possible from the TCP socket in one go. + - Decrypt it. + - Check if a full request is in the input buffer. + - If yes, process request and remove it from the buffer, + then check again. + - If not, keep stuff in buffer and exit. + */ - oldlen = c->buflen; - c->buflen += lenin; + lenin = read(c->socket, c->buffer + c->buflen, MAXBUFSIZE - c->buflen); - while(lenin) - { - /* Decrypt */ + if(lenin <= 0) { + if(lenin == 0) { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), + c->name, c->hostname); + } else if(errno == EINTR) + return 0; + else + syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %s"), + c->name, c->hostname, strerror(errno)); - if(c->status.decryptin && !decrypted) - { - EVP_DecryptUpdate(c->inctx, inbuf, &lenin, c->buffer + oldlen, lenin); - memcpy(c->buffer + oldlen, inbuf, lenin); - decrypted = 1; - } + return -1; + } - /* Are we receiving a TCPpacket? */ + oldlen = c->buflen; + c->buflen += lenin; - if(c->tcplen) - { - if(c->tcplen <= c->buflen) - { - receive_tcppacket(c, c->buffer, c->tcplen); + while(lenin) { + /* Decrypt */ - c->buflen -= c->tcplen; - lenin -= c->tcplen; - memmove(c->buffer, c->buffer + c->tcplen, c->buflen); - oldlen = 0; - c->tcplen = 0; - continue; - } - else - { - break; - } - } + if(c->status.decryptin && !decrypted) { + EVP_DecryptUpdate(c->inctx, inbuf, &lenin, c->buffer + oldlen, + lenin); + memcpy(c->buffer + oldlen, inbuf, lenin); + decrypted = 1; + } - /* Otherwise we are waiting for a request */ + /* Are we receiving a TCPpacket? */ - reqlen = 0; + if(c->tcplen) { + if(c->tcplen <= c->buflen) { + receive_tcppacket(c, c->buffer, c->tcplen); - for(i = oldlen; i < c->buflen; i++) - { - if(c->buffer[i] == '\n') - { - c->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ - reqlen = i + 1; - break; - } - } + c->buflen -= c->tcplen; + lenin -= c->tcplen; + memmove(c->buffer, c->buffer + c->tcplen, c->buflen); + oldlen = 0; + c->tcplen = 0; + continue; + } else { + break; + } + } - if(reqlen) - { - c->reqlen = reqlen; - if(receive_request(c)) - return -1; + /* Otherwise we are waiting for a request */ - c->buflen -= reqlen; - lenin -= reqlen; - memmove(c->buffer, c->buffer + reqlen, c->buflen); - oldlen = 0; - continue; - } - else - { - break; - } - } + reqlen = 0; - if(c->buflen >= MAXBUFSIZE) - { - syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), - c->name, c->hostname); - return -1; - } + for(i = oldlen; i < c->buflen; i++) { + if(c->buffer[i] == '\n') { + c->buffer[i] = '\0'; /* replace end-of-line by end-of-string so we can use sscanf */ + reqlen = i + 1; + break; + } + } - c->last_ping_time = now; - cp(); - return 0; + if(reqlen) { + c->reqlen = reqlen; + if(receive_request(c)) + return -1; + + c->buflen -= reqlen; + lenin -= reqlen; + memmove(c->buffer, c->buffer + reqlen, c->buflen); + oldlen = 0; + continue; + } else { + break; + } + } + + if(c->buflen >= MAXBUFSIZE) { + syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), + c->name, c->hostname); + return -1; + } + + c->last_ping_time = now; + + return 0; } diff --git a/src/meta.h b/src/meta.h index 55b1e0ca..dedabb1b 100644 --- a/src/meta.h +++ b/src/meta.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.h,v 1.1.2.7 2002/06/21 10:11:12 guus Exp $ + $Id: meta.h,v 1.1.2.8 2002/09/09 21:24:34 guus Exp $ */ #ifndef __TINC_META_H__ @@ -29,4 +29,4 @@ extern int send_meta(connection_t *, const char *, int); extern int broadcast_meta(connection_t *, const char *, int); extern int receive_meta(connection_t *); -#endif /* __TINC_META_H__ */ +#endif /* __TINC_META_H__ */ diff --git a/src/net.c b/src/net.c index b0bfaca3..5cd3fa5e 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.179 2002/09/09 19:39:58 guus Exp $ + $Id: net.c,v 1.35.4.180 2002/09/09 21:24:34 guus Exp $ */ #include "config.h" @@ -27,13 +27,13 @@ #include #include #ifdef HAVE_NETINET_IN_SYSTM_H - #include +#include #endif #ifdef HAVE_NETINET_IP_H - #include +#include #endif #ifdef HAVE_NETINET_TCP_H - #include +#include #endif #include #include @@ -87,81 +87,76 @@ time_t now = 0; void purge(void) { - avl_node_t *nnode, *nnext, *enode, *enext, *snode, *snext; - node_t *n; - edge_t *e; - subnet_t *s; - cp(); - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_DEBUG, _("Purging unreachable nodes")); + avl_node_t *nnode, *nnext, *enode, *enext, *snode, *snext; + node_t *n; + edge_t *e; + subnet_t *s; - for(nnode = node_tree->head; nnode; nnode = nnext) - { - nnext = nnode->next; - n = (node_t *)nnode->data; + cp(); - if(!n->status.reachable) - { - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, _("Purging node %s (%s)"), n->name, n->hostname); + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_DEBUG, _("Purging unreachable nodes")); - for(snode = n->subnet_tree->head; snode; snode = snext) - { - snext = snode->next; - s = (subnet_t *)snode->data; - send_del_subnet(broadcast, s); - subnet_del(n, s); - } + for(nnode = node_tree->head; nnode; nnode = nnext) { + nnext = nnode->next; + n = (node_t *) nnode->data; - for(enode = n->edge_tree->head; enode; enode = enext) - { - enext = enode->next; - e = (edge_t *)enode->data; - send_del_edge(broadcast, e); - edge_del(e); - } + if(!n->status.reachable) { + if(debug_lvl >= DEBUG_SCARY_THINGS) + syslog(LOG_DEBUG, _("Purging node %s (%s)"), n->name, + n->hostname); - node_del(n); - } - } - cp(); + for(snode = n->subnet_tree->head; snode; snode = snext) { + snext = snode->next; + s = (subnet_t *) snode->data; + send_del_subnet(broadcast, s); + subnet_del(n, s); + } + + for(enode = n->edge_tree->head; enode; enode = enext) { + enext = enode->next; + e = (edge_t *) enode->data; + send_del_edge(broadcast, e); + edge_del(e); + } + + node_del(n); + } + } } /* put all file descriptors in an fd_set array While we're at it, purge stuff that needs to be removed. */ -void build_fdset(fd_set *fs) +void build_fdset(fd_set * fs) { - avl_node_t *node, *next; - connection_t *c; - int i; - cp(); - FD_ZERO(fs); + avl_node_t *node, *next; + connection_t *c; + int i; - for(node = connection_tree->head; node; node = next) - { - next = node->next; - c = (connection_t *)node->data; + cp(); - if(c->status.remove) - { - connection_del(c); - if(!connection_tree->head) - purge(); - } - else - FD_SET(c->socket, fs); - } + FD_ZERO(fs); - for(i = 0; i < listen_sockets; i++) - { - FD_SET(listen_socket[i].tcp, fs); - FD_SET(listen_socket[i].udp, fs); - } + for(node = connection_tree->head; node; node = next) { + next = node->next; + c = (connection_t *) node->data; - FD_SET(device_fd, fs); - cp(); + if(c->status.remove) { + connection_del(c); + if(!connection_tree->head) + purge(); + } else + FD_SET(c->socket, fs); + } + + for(i = 0; i < listen_sockets; i++) { + FD_SET(listen_socket[i].tcp, fs); + FD_SET(listen_socket[i].udp, fs); + } + + FD_SET(device_fd, fs); } /* @@ -171,45 +166,43 @@ void build_fdset(fd_set *fs) - Check if we need to retry making an outgoing connection - Deactivate the host */ -void terminate_connection(connection_t *c, int report) +void terminate_connection(connection_t * c, int report) { - cp(); - if(c->status.remove) - return; + cp(); - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), - c->name, c->hostname); + if(c->status.remove) + return; - c->status.remove = 1; - c->status.active = 0; + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), + c->name, c->hostname); - if(c->node) - c->node->connection = NULL; + c->status.remove = 1; + c->status.active = 0; - if(c->socket) - close(c->socket); + if(c->node) + c->node->connection = NULL; - if(c->edge) - { - if(report) - send_del_edge(broadcast, c->edge); + if(c->socket) + close(c->socket); - edge_del(c->edge); + if(c->edge) { + if(report) + send_del_edge(broadcast, c->edge); - /* Run MST and SSSP algorithms */ + edge_del(c->edge); - graph(); - } + /* Run MST and SSSP algorithms */ - /* Check if this was our outgoing connection */ + graph(); + } - if(c->outgoing) - { - retry_outgoing(c->outgoing); - c->outgoing = NULL; - } - cp(); + /* Check if this was our outgoing connection */ + + if(c->outgoing) { + retry_outgoing(c->outgoing); + c->outgoing = NULL; + } } /* @@ -222,106 +215,99 @@ void terminate_connection(connection_t *c, int report) */ void check_dead_connections(void) { - avl_node_t *node, *next; - connection_t *c; - cp(); - for(node = connection_tree->head; node; node = next) - { - next = node->next; - c = (connection_t *)node->data; - if(c->last_ping_time + pingtimeout < now) - { - if(c->status.active) - { - if(c->status.pinged) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), - c->name, c->hostname); - c->status.timeout = 1; - terminate_connection(c, 1); - } - else - { - send_ping(c); - } - } - else - { - if(c->status.remove) - { - syslog(LOG_WARNING, _("Old connection_t for %s (%s) status %04x still lingering, deleting..."), c->name, c->hostname, c->status); - connection_del(c); - continue; - } - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_WARNING, _("Timeout from %s (%s) during authentication"), - c->name, c->hostname); - terminate_connection(c, 0); - } - } - } - cp(); + avl_node_t *node, *next; + connection_t *c; + + cp(); + + for(node = connection_tree->head; node; node = next) { + next = node->next; + c = (connection_t *) node->data; + + if(c->last_ping_time + pingtimeout < now) { + if(c->status.active) { + if(c->status.pinged) { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), + c->name, c->hostname); + c->status.timeout = 1; + terminate_connection(c, 1); + } else { + send_ping(c); + } + } else { + if(c->status.remove) { + syslog(LOG_WARNING, _("Old connection_t for %s (%s) status %04x still lingering, deleting..."), + c->name, c->hostname, c->status); + connection_del(c); + continue; + } + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_WARNING, _("Timeout from %s (%s) during authentication"), + c->name, c->hostname); + terminate_connection(c, 0); + } + } + } } /* check all connections to see if anything happened on their sockets */ -void check_network_activity(fd_set *f) +void check_network_activity(fd_set * f) { - connection_t *c; - avl_node_t *node; - int result, i; - int len = sizeof(result); - vpn_packet_t packet; - cp(); - if(FD_ISSET(device_fd, f)) - { - if(!read_packet(&packet)) - route_outgoing(&packet); - } + connection_t *c; + avl_node_t *node; + int result, i; + int len = sizeof(result); + vpn_packet_t packet; - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; + cp(); - if(c->status.remove) - continue; + if(FD_ISSET(device_fd, f)) { + if(!read_packet(&packet)) + route_outgoing(&packet); + } - if(FD_ISSET(c->socket, f)) - { - if(c->status.connecting) - { - c->status.connecting = 0; - getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &result, &len); - if(!result) - finish_connecting(c); - else - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_DEBUG, _("Error while connecting to %s (%s): %s"), c->name, c->hostname, strerror(result)); - close(c->socket); - do_outgoing_connection(c); - continue; - } - } - if(receive_meta(c) < 0) - { - terminate_connection(c, c->status.active); - continue; - } - } - } + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; - for(i = 0; i < listen_sockets; i++) - { - if(FD_ISSET(listen_socket[i].udp, f)) - handle_incoming_vpn_data(listen_socket[i].udp); - if(FD_ISSET(listen_socket[i].tcp, f)) - handle_new_meta_connection(listen_socket[i].tcp); - } - cp(); + if(c->status.remove) + continue; + + if(FD_ISSET(c->socket, f)) { + if(c->status.connecting) { + c->status.connecting = 0; + getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &result, &len); + + if(!result) + finish_connecting(c); + else { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_DEBUG, + _("Error while connecting to %s (%s): %s"), + c->name, c->hostname, strerror(result)); + close(c->socket); + do_outgoing_connection(c); + continue; + } + } + + if(receive_meta(c) < 0) { + terminate_connection(c, c->status.active); + continue; + } + } + } + + for(i = 0; i < listen_sockets; i++) { + if(FD_ISSET(listen_socket[i].udp, f)) + handle_incoming_vpn_data(listen_socket[i].udp); + + if(FD_ISSET(listen_socket[i].tcp, f)) + handle_new_meta_connection(listen_socket[i].tcp); + } } /* @@ -329,115 +315,106 @@ void check_network_activity(fd_set *f) */ void main_loop(void) { - fd_set fset; - struct timeval tv; - int r; - time_t last_ping_check; - event_t *event; - cp(); - last_ping_check = now; + fd_set fset; + struct timeval tv; + int r; + time_t last_ping_check; + event_t *event; - srand(now); + cp(); - for(;;) - { - now = time(NULL); + last_ping_check = now; + srand(now); - tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */ - tv.tv_usec = 0; + for(;;) { + now = time(NULL); - build_fdset(&fset); + tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */ + tv.tv_usec = 0; - r = select(FD_SETSIZE, &fset, NULL, NULL, &tv); + build_fdset(&fset); - if(r < 0) - { - if(errno != EINTR && errno != EAGAIN) - { - syslog(LOG_ERR, _("Error while waiting for input: %s"), strerror(errno)); - cp_trace(); - dump_connections(); - return; - } + r = select(FD_SETSIZE, &fset, NULL, NULL, &tv); - continue; - } + if(r < 0) { + if(errno != EINTR && errno != EAGAIN) { + syslog(LOG_ERR, _("Error while waiting for input: %s"), + strerror(errno)); + cp_trace(); + dump_connections(); + return; + } - check_network_activity(&fset); + continue; + } - if(do_purge) - { - purge(); - do_purge = 0; - } + check_network_activity(&fset); - /* Let's check if everybody is still alive */ + if(do_purge) { + purge(); + do_purge = 0; + } - if(last_ping_check + pingtimeout < now) - { - check_dead_connections(); - last_ping_check = now; + /* Let's check if everybody is still alive */ - if(routing_mode== RMODE_SWITCH) - age_mac(); + if(last_ping_check + pingtimeout < now) { + check_dead_connections(); + last_ping_check = now; - age_past_requests(); + if(routing_mode == RMODE_SWITCH) + age_mac(); - /* Should we regenerate our key? */ + age_past_requests(); - if(keyexpires < now) - { - if(debug_lvl >= DEBUG_STATUS) - syslog(LOG_INFO, _("Regenerating symmetric key")); + /* Should we regenerate our key? */ - RAND_pseudo_bytes(myself->key, myself->keylength); - send_key_changed(broadcast, myself); - keyexpires = now + keylifetime; - } - } + if(keyexpires < now) { + if(debug_lvl >= DEBUG_STATUS) + syslog(LOG_INFO, _("Regenerating symmetric key")); + + RAND_pseudo_bytes(myself->key, myself->keylength); + send_key_changed(broadcast, myself); + keyexpires = now + keylifetime; + } + } - while((event = get_expired_event())) - { - event->handler(event->data); - free(event); - } + while((event = get_expired_event())) { + event->handler(event->data); + free(event); + } - if(sigalrm) - { - syslog(LOG_INFO, _("Flushing event queue")); + if(sigalrm) { + syslog(LOG_INFO, _("Flushing event queue")); - while(event_tree->head) - { - event = (event_t *)event_tree->head->data; - event->handler(event->data); - event_del(event); - } - sigalrm = 0; - } + while(event_tree->head) { + event = (event_t *) event_tree->head->data; + event->handler(event->data); + event_del(event); + } + sigalrm = 0; + } - if(sighup) - { - sighup = 0; - close_network_connections(); - exit_configuration(&config_tree); + if(sighup) { + sighup = 0; + close_network_connections(); + exit_configuration(&config_tree); - syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds...")); - sleep(5); + syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds...")); + sleep(5); - init_configuration(&config_tree); + init_configuration(&config_tree); - if(read_server_config()) - { - syslog(LOG_ERR, _("Unable to reread configuration file, exitting.")); - exit(1); - } + if(read_server_config()) { + syslog(LOG_ERR, + _("Unable to reread configuration file, exitting.")); + exit(1); + } - if(setup_network_connections()) - return; + if(setup_network_connections()) + return; - continue; - } - } - cp(); + continue; + } + } } diff --git a/src/net.h b/src/net.h index a16db158..08b0aea8 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.52 2002/06/21 10:11:12 guus Exp $ + $Id: net.h,v 1.9.4.53 2002/09/09 21:24:36 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -29,43 +29,40 @@ #include #ifdef HAVE_INTTYPES_H - #include +#include #endif #include "config.h" #ifdef ENABLE_JUMBOGRAMS - #define MTU 9014 /* 9000 bytes payload + 14 bytes ethernet header */ - #define MAXSIZE 9100 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ - #define MAXBUFSIZE 9100 /* Must support TCP packets of length 9000. */ +#define MTU 9014 /* 9000 bytes payload + 14 bytes ethernet header */ +#define MAXSIZE 9100 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ +#define MAXBUFSIZE 9100 /* Must support TCP packets of length 9000. */ #else - #define MTU 1514 /* 1500 bytes payload + 14 bytes ethernet header */ - #define MAXSIZE 1600 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ - #define MAXBUFSIZE 2100 /* Quite large but needed for support of keys up to 8192 bits. */ +#define MTU 1514 /* 1500 bytes payload + 14 bytes ethernet header */ +#define MAXSIZE 1600 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ +#define MAXBUFSIZE 2100 /* Quite large but needed for support of keys up to 8192 bits. */ #endif -#define MAXSOCKETS 128 /* Overkill... */ +#define MAXSOCKETS 128 /* Overkill... */ -#define MAXQUEUELENGTH 8 /* Maximum number of packats in a single queue */ +#define MAXQUEUELENGTH 8 /* Maximum number of packats in a single queue */ -typedef struct mac_t -{ - uint8_t x[6]; +typedef struct mac_t { + uint8_t x[6]; } mac_t; -typedef struct ipv4_t -{ - uint8_t x[4]; +typedef struct ipv4_t { + uint8_t x[4]; } ipv4_t; typedef struct ip_mask_t { - ipv4_t address; - ipv4_t mask; + ipv4_t address; + ipv4_t mask; } ip_mask_t; -typedef struct ipv6_t -{ - uint16_t x[8]; +typedef struct ipv6_t { + uint16_t x[8]; } ipv6_t; typedef unsigned short port_t; @@ -73,9 +70,9 @@ typedef unsigned short port_t; typedef short length_t; typedef union { - struct sockaddr sa; - struct sockaddr_in in; - struct sockaddr_in6 in6; + struct sockaddr sa; + struct sockaddr_in in; + struct sockaddr_in6 in6; } sockaddr_t; #ifdef SA_LEN @@ -85,35 +82,35 @@ typedef union { #endif typedef struct vpn_packet_t { - length_t len; /* the actual number of bytes in the `data' field */ - int priority; /* priority or TOS */ - uint32_t seqno; /* 32 bits sequence number (network byte order of course) */ - uint8_t data[MAXSIZE]; + length_t len; /* the actual number of bytes in the `data' field */ + int priority; /* priority or TOS */ + uint32_t seqno; /* 32 bits sequence number (network byte order of course) */ + uint8_t data[MAXSIZE]; } vpn_packet_t; typedef struct queue_element_t { - void *packet; - struct queue_element_t *prev; - struct queue_element_t *next; + void *packet; + struct queue_element_t *prev; + struct queue_element_t *next; } queue_element_t; typedef struct packet_queue_t { - queue_element_t *head; - queue_element_t *tail; + queue_element_t *head; + queue_element_t *tail; } packet_queue_t; typedef struct outgoing_t { - char *name; - int timeout; - struct config_t *cfg; - struct addrinfo *ai; - struct addrinfo *aip; + char *name; + int timeout; + struct config_t *cfg; + struct addrinfo *ai; + struct addrinfo *aip; } outgoing_t; typedef struct listen_socket_t { - int tcp; - int udp; - sockaddr_t sa; + int tcp; + int udp; + sockaddr_t sa; } listen_socket_t; extern int maxtimeout; @@ -123,7 +120,7 @@ extern int addressfamily; extern char *request_name[]; extern char *status_text[]; -#include "connection.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ +#include "connection.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ extern listen_socket_t listen_socket[MAXSOCKETS]; extern int listen_sockets; @@ -154,4 +151,4 @@ extern void terminate_connection(connection_t *, int); extern void flush_queue(struct node_t *); extern int read_rsa_public_key(struct connection_t *); -#endif /* __TINC_NET_H__ */ +#endif /* __TINC_NET_H__ */ diff --git a/src/net_packet.c b/src/net_packet.c index db31b770..00733b6f 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.21 2002/09/09 19:39:58 guus Exp $ + $Id: net_packet.c,v 1.1.2.22 2002/09/09 21:24:41 guus Exp $ */ #include "config.h" @@ -27,13 +27,13 @@ #include #include #ifdef HAVE_NETINET_IN_SYSTM_H - #include +#include #endif #ifdef HAVE_NETINET_IP_H - #include +#include #endif #ifdef HAVE_NETINET_TCP_H - #include +#include #endif #include #include @@ -85,349 +85,353 @@ int keyexpires = 0; /* VPN packet I/O */ -void receive_udppacket(node_t *n, vpn_packet_t *inpkt) +void receive_udppacket(node_t * n, vpn_packet_t * inpkt) { - vpn_packet_t pkt1, pkt2; - vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; - int nextpkt = 0; - vpn_packet_t *outpkt = pkt[0]; - int outlen, outpad; - long int complen = MTU + 12; - EVP_CIPHER_CTX ctx; - char hmac[EVP_MAX_MD_SIZE]; - cp(); - /* Check the message authentication code */ + vpn_packet_t pkt1, pkt2; + vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; + int nextpkt = 0; + vpn_packet_t *outpkt = pkt[0]; + int outlen, outpad; + long int complen = MTU + 12; + EVP_CIPHER_CTX ctx; + char hmac[EVP_MAX_MD_SIZE]; - if(myself->digest && myself->maclength) - { - inpkt->len -= myself->maclength; - HMAC(myself->digest, myself->key, myself->keylength, (char *)&inpkt->seqno, inpkt->len, hmac, NULL); - if(memcmp(hmac, (char *)&inpkt->seqno + inpkt->len, myself->maclength)) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), n->name, n->hostname); - return; - } - } + cp(); - /* Decrypt the packet */ + /* Check the message authentication code */ - if(myself->cipher) - { - outpkt = pkt[nextpkt++]; + if(myself->digest && myself->maclength) { + inpkt->len -= myself->maclength; + HMAC(myself->digest, myself->key, myself->keylength, + (char *) &inpkt->seqno, inpkt->len, hmac, NULL); - EVP_DecryptInit(&ctx, myself->cipher, myself->key, myself->key + myself->cipher->key_len); - EVP_DecryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); - EVP_DecryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad); + if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), + n->name, n->hostname); + return; + } + } - outpkt->len = outlen + outpad; - inpkt = outpkt; - } + /* Decrypt the packet */ - /* Check the sequence number */ + if(myself->cipher) { + outpkt = pkt[nextpkt++]; - inpkt->len -= sizeof(inpkt->seqno); - inpkt->seqno = ntohl(inpkt->seqno); + EVP_DecryptInit(&ctx, myself->cipher, myself->key, + myself->key + myself->cipher->key_len); + EVP_DecryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen, + (char *) &inpkt->seqno, inpkt->len); + EVP_DecryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad); - if(inpkt->seqno <= n->received_seqno) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Got late or replayed packet from %s (%s), seqno %d"), n->name, n->hostname, inpkt->seqno); - return; - } - - n->received_seqno = inpkt->seqno; + outpkt->len = outlen + outpad; + inpkt = outpkt; + } - if(n->received_seqno > MAX_SEQNO) - keyexpires = 0; + /* Check the sequence number */ - /* Decompress the packet */ - - if(myself->compression) - { - outpkt = pkt[nextpkt++]; + inpkt->len -= sizeof(inpkt->seqno); + inpkt->seqno = ntohl(inpkt->seqno); - if(uncompress(outpkt->data, &complen, inpkt->data, inpkt->len) != Z_OK) - { - syslog(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), n->name, n->hostname); - return; - } - - outpkt->len = complen; - inpkt = outpkt; - } + if(inpkt->seqno <= n->received_seqno) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, + _("Got late or replayed packet from %s (%s), seqno %d"), + n->name, n->hostname, inpkt->seqno); + return; + } - receive_packet(n, inpkt); - cp(); + n->received_seqno = inpkt->seqno; + + if(n->received_seqno > MAX_SEQNO) + keyexpires = 0; + + /* Decompress the packet */ + + if(myself->compression) { + outpkt = pkt[nextpkt++]; + + if(uncompress(outpkt->data, &complen, inpkt->data, inpkt->len) != Z_OK) { + syslog(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), + n->name, n->hostname); + return; + } + + outpkt->len = complen; + inpkt = outpkt; + } + + receive_packet(n, inpkt); } -void receive_tcppacket(connection_t *c, char *buffer, int len) +void receive_tcppacket(connection_t * c, char *buffer, int len) { - vpn_packet_t outpkt; - cp(); - outpkt.len = len; - memcpy(outpkt.data, buffer, len); + vpn_packet_t outpkt; - receive_packet(c->node, &outpkt); - cp(); + cp(); + + outpkt.len = len; + memcpy(outpkt.data, buffer, len); + + receive_packet(c->node, &outpkt); } -void receive_packet(node_t *n, vpn_packet_t *packet) +void receive_packet(node_t * n, vpn_packet_t * packet) { - cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, n->name, n->hostname); + cp(); - route_incoming(n, packet); - cp(); + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), + packet->len, n->name, n->hostname); + + route_incoming(n, packet); } -void send_udppacket(node_t *n, vpn_packet_t *inpkt) +void send_udppacket(node_t * n, vpn_packet_t * inpkt) { - vpn_packet_t pkt1, pkt2; - vpn_packet_t *pkt[] = {&pkt1, &pkt2, &pkt1, &pkt2}; - int nextpkt = 0; - vpn_packet_t *outpkt; - int origlen; - int outlen, outpad; - long int complen = MTU + 12; - EVP_CIPHER_CTX ctx; - vpn_packet_t *copy; - static int priority = 0; - int origpriority; - int sock; - cp(); - /* Make sure we have a valid key */ + vpn_packet_t pkt1, pkt2; + vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; + int nextpkt = 0; + vpn_packet_t *outpkt; + int origlen; + int outlen, outpad; + long int complen = MTU + 12; + EVP_CIPHER_CTX ctx; + vpn_packet_t *copy; + static int priority = 0; + int origpriority; + int sock; - if(!n->status.validkey) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), - n->name, n->hostname); + cp(); - /* Since packet is on the stack of handle_tap_input(), - we have to make a copy of it first. */ + /* Make sure we have a valid key */ - copy = xmalloc(sizeof(vpn_packet_t)); - memcpy(copy, inpkt, sizeof(vpn_packet_t)); + if(!n->status.validkey) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, + _("No valid key known yet for %s (%s), queueing packet"), + n->name, n->hostname); - list_insert_tail(n->queue, copy); + /* Since packet is on the stack of handle_tap_input(), we have to make a copy of it first. */ - if(n->queue->count > MAXQUEUELENGTH) - list_delete_head(n->queue); + copy = xmalloc(sizeof(vpn_packet_t)); + memcpy(copy, inpkt, sizeof(vpn_packet_t)); - if(!n->status.waitingforkey) - send_req_key(n->nexthop->connection, myself, n); + list_insert_tail(n->queue, copy); - n->status.waitingforkey = 1; + if(n->queue->count > MAXQUEUELENGTH) + list_delete_head(n->queue); - return; - } + if(!n->status.waitingforkey) + send_req_key(n->nexthop->connection, myself, n); - origlen = inpkt->len; - origpriority = inpkt->priority; + n->status.waitingforkey = 1; - /* Compress the packet */ + return; + } - if(n->compression) - { - outpkt = pkt[nextpkt++]; + origlen = inpkt->len; + origpriority = inpkt->priority; - if(compress2(outpkt->data, &complen, inpkt->data, inpkt->len, n->compression) != Z_OK) - { - syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname); - return; - } - - outpkt->len = complen; - inpkt = outpkt; - } + /* Compress the packet */ - /* Add sequence number */ + if(n->compression) { + outpkt = pkt[nextpkt++]; - inpkt->seqno = htonl(++(n->sent_seqno)); - inpkt->len += sizeof(inpkt->seqno); + if(compress2 + (outpkt->data, &complen, inpkt->data, inpkt->len, + n->compression) != Z_OK) { + syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), + n->name, n->hostname); + return; + } - /* Encrypt the packet */ + outpkt->len = complen; + inpkt = outpkt; + } - if(n->cipher) - { - outpkt = pkt[nextpkt++]; + /* Add sequence number */ - EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); - EVP_EncryptUpdate(&ctx, (char *)&outpkt->seqno, &outlen, (char *)&inpkt->seqno, inpkt->len); - EVP_EncryptFinal(&ctx, (char *)&outpkt->seqno + outlen, &outpad); + inpkt->seqno = htonl(++(n->sent_seqno)); + inpkt->len += sizeof(inpkt->seqno); - outpkt->len = outlen + outpad; - inpkt = outpkt; - } + /* Encrypt the packet */ - /* Add the message authentication code */ + if(n->cipher) { + outpkt = pkt[nextpkt++]; - if(n->digest && n->maclength) - { - HMAC(n->digest, n->key, n->keylength, (char *)&inpkt->seqno, inpkt->len, (char *)&inpkt->seqno + inpkt->len, &outlen); - inpkt->len += n->maclength; - } + EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); + EVP_EncryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen, + (char *) &inpkt->seqno, inpkt->len); + EVP_EncryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad); - /* Determine which socket we have to use */ + outpkt->len = outlen + outpad; + inpkt = outpkt; + } - for(sock = 0; sock < listen_sockets; sock++) - if(n->address.sa.sa_family == listen_socket[sock].sa.sa.sa_family) - break; + /* Add the message authentication code */ - if(sock >= listen_sockets) - sock = 0; /* If none is available, just use the first and hope for the best. */ - - /* Send the packet */ + if(n->digest && n->maclength) { + HMAC(n->digest, n->key, n->keylength, (char *) &inpkt->seqno, + inpkt->len, (char *) &inpkt->seqno + inpkt->len, &outlen); + inpkt->len += n->maclength; + } + + /* Determine which socket we have to use */ + + for(sock = 0; sock < listen_sockets; sock++) + if(n->address.sa.sa_family == listen_socket[sock].sa.sa.sa_family) + break; + + if(sock >= listen_sockets) + sock = 0; /* If none is available, just use the first and hope for the best. */ + + /* Send the packet */ #if defined(SOL_IP) && defined(IP_TOS) - if(priorityinheritance && origpriority != priority && listen_socket[sock].sa.sa.sa_family == AF_INET) - { - priority = origpriority; - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority); - if(setsockopt(sock, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ - syslog(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno)); - } + if(priorityinheritance && origpriority != priority + && listen_socket[sock].sa.sa.sa_family == AF_INET) { + priority = origpriority; + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Setting outgoing packet priority to %d"), + priority); + if(setsockopt(sock, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ + syslog(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", + strerror(errno)); + } #endif - if((sendto(listen_socket[sock].udp, (char *)&inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) - { - syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"), - n->name, n->hostname, strerror(errno)); - return; - } - - inpkt->len = origlen; - cp(); + if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { + syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, + n->hostname, strerror(errno)); + return; + } + + inpkt->len = origlen; } /* send a packet to the given vpn ip. */ -void send_packet(node_t *n, vpn_packet_t *packet) +void send_packet(node_t * n, vpn_packet_t * packet) { - node_t *via; - cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), - packet->len, n->name, n->hostname); + node_t *via; - if(n == myself) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_NOTICE, _("Packet is looping back to us!")); - } + cp(); - return; - } - - if(!n->status.reachable) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Node %s (%s) is not reachable"), - n->name, n->hostname); - return; - } + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), + packet->len, n->name, n->hostname); - via = (n->via == myself)?n->nexthop:n->via; + if(n == myself) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_NOTICE, _("Packet is looping back to us!")); - if(via != n && debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), - n->name, via->name, n->via->hostname); + return; + } - if((myself->options | via->options) & OPTION_TCPONLY) - { - if(send_tcppacket(via->connection, packet)) - terminate_connection(via->connection, 1); - } - else - send_udppacket(via, packet); + if(!n->status.reachable) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Node %s (%s) is not reachable"), + n->name, n->hostname); + + return; + } + + via = (n->via == myself) ? n->nexthop : n->via; + + if(via != n && debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), + n->name, via->name, n->via->hostname); + + if((myself->options | via->options) & OPTION_TCPONLY) { + if(send_tcppacket(via->connection, packet)) + terminate_connection(via->connection, 1); + } else + send_udppacket(via, packet); } /* Broadcast a packet using the minimum spanning tree */ -void broadcast_packet(node_t *from, vpn_packet_t *packet) +void broadcast_packet(node_t * from, vpn_packet_t * packet) { - avl_node_t *node; - connection_t *c; - cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), - packet->len, from->name, from->hostname); + avl_node_t *node; + connection_t *c; - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - if(c->status.active && c->status.mst && c != from->nexthop->connection) - send_packet(c->node, packet); - } - cp(); + cp(); + + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), + packet->len, from->name, from->hostname); + + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; + + if(c->status.active && c->status.mst && c != from->nexthop->connection) + send_packet(c->node, packet); + } } -void flush_queue(node_t *n) +void flush_queue(node_t * n) { - list_node_t *node, *next; - cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); + list_node_t *node, *next; - for(node = n->queue->head; node; node = next) - { - next = node->next; - send_udppacket(n, (vpn_packet_t *)node->data); - list_delete_node(n->queue, node); - } - cp(); + cp(); + + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); + + for(node = n->queue->head; node; node = next) { + next = node->next; + send_udppacket(n, (vpn_packet_t *) node->data); + list_delete_node(n->queue, node); + } } void handle_incoming_vpn_data(int sock) { - vpn_packet_t pkt; - int x, l = sizeof(x); - char *hostname; - sockaddr_t from; - socklen_t fromlen = sizeof(from); - node_t *n; - cp(); - if(getsockopt(sock, SOL_SOCKET, SO_ERROR, &x, &l) < 0) - { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s"), - __FILE__, __LINE__, sock, strerror(errno)); - cp_trace(); - exit(1); - } - if(x) - { - syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); - return; - } + vpn_packet_t pkt; + int x, l = sizeof(x); + char *hostname; + sockaddr_t from; + socklen_t fromlen = sizeof(from); + node_t *n; - pkt.len = recvfrom(sock, (char *)&pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); + cp(); - if(pkt.len <= 0) - { - syslog(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); - return; - } + if(getsockopt(sock, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { + syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s"), + __FILE__, __LINE__, sock, strerror(errno)); + cp_trace(); + exit(1); + } - sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */ + if(x) { + syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); + return; + } - n = lookup_node_udp(&from); + pkt.len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); - if(!n) - { - hostname = sockaddr2hostname(&from); - syslog(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname); - free(hostname); - return; - } + if(pkt.len <= 0) { + syslog(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); + return; + } - if(n->connection) - n->connection->last_ping_time = now; + sockaddrunmap(&from); /* Some braindead IPv6 implementations do stupid things. */ - receive_udppacket(n, &pkt); - cp(); + n = lookup_node_udp(&from); + + if(!n) { + hostname = sockaddr2hostname(&from); + syslog(LOG_WARNING, _("Received UDP packet from unknown source %s"), + hostname); + free(hostname); + return; + } + + if(n->connection) + n->connection->last_ping_time = now; + + receive_udppacket(n, &pkt); } diff --git a/src/net_setup.c b/src/net_setup.c index 0fe50685..eee05605 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.24 2002/09/09 19:39:58 guus Exp $ + $Id: net_setup.c,v 1.1.2.25 2002/09/09 21:24:41 guus Exp $ */ #include "config.h" @@ -27,13 +27,13 @@ #include #include #ifdef HAVE_NETINET_IN_SYSTM_H - #include +#include #endif #ifdef HAVE_NETINET_IP_H - #include +#include #endif #ifdef HAVE_NETINET_TCP_H - #include +#include #endif #include #include @@ -77,148 +77,152 @@ char *myport; -int read_rsa_public_key(connection_t *c) +int read_rsa_public_key(connection_t * c) { - FILE *fp; - char *fname; - char *key; - cp(); - if(!c->rsa_key) - c->rsa_key = RSA_new(); + FILE *fp; + char *fname; + char *key; - /* First, check for simple PublicKey statement */ + cp(); - if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) - { - BN_hex2bn(&c->rsa_key->n, key); - BN_hex2bn(&c->rsa_key->e, "FFFF"); - free(key); - return 0; - } + if(!c->rsa_key) + c->rsa_key = RSA_new(); - /* Else, check for PublicKeyFile statement and read it */ + /* First, check for simple PublicKey statement */ - if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) - { - if(is_safe_path(fname)) - { - fp = fopen(fname, "r"); - if(!fp) - { - syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), - fname, strerror(errno)); - free(fname); - return -1; - } - free(fname); - c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); - fclose(fp); - if(c->rsa_key) - return 0; /* Woohoo. */ - - /* If it fails, try PEM_read_RSA_PUBKEY. */ - fp = fopen(fname, "r"); - if(!fp) - { - syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), - fname, strerror(errno)); - free(fname); - return -1; - } - free(fname); - c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); - fclose(fp); - if(c->rsa_key) - return 0; + if(get_config_string(lookup_config(c->config_tree, "PublicKey"), &key)) { + BN_hex2bn(&c->rsa_key->n, key); + BN_hex2bn(&c->rsa_key->e, "FFFF"); + free(key); + return 0; + } - syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), - fname, strerror(errno)); - return -1; - } - else - { - free(fname); - return -1; - } - } + /* Else, check for PublicKeyFile statement and read it */ - /* Else, check if a harnessed public key is in the config file */ + if(get_config_string + (lookup_config(c->config_tree, "PublicKeyFile"), &fname)) { + if(is_safe_path(fname)) { + fp = fopen(fname, "r"); - asprintf(&fname, "%s/hosts/%s", confbase, c->name); - fp = fopen(fname, "r"); + if(!fp) { + syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), + fname, strerror(errno)); + free(fname); + return -1; + } - if(fp) - { - c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); - fclose(fp); - } + free(fname); + c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); + fclose(fp); - free(fname); + if(c->rsa_key) + return 0; /* Woohoo. */ - if(c->rsa_key) - return 0; + /* If it fails, try PEM_read_RSA_PUBKEY. */ + fp = fopen(fname, "r"); - /* Try again with PEM_read_RSA_PUBKEY. */ + if(!fp) { + syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), + fname, strerror(errno)); + free(fname); + return -1; + } - asprintf(&fname, "%s/hosts/%s", confbase, c->name); - fp = fopen(fname, "r"); + free(fname); + c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); + fclose(fp); - if(fp) - { - c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); - fclose(fp); - } + if(c->rsa_key) + return 0; - free(fname); + syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), + fname, strerror(errno)); + return -1; + } else { + free(fname); + return -1; + } + } - if(c->rsa_key) - return 0; + /* Else, check if a harnessed public key is in the config file */ - syslog(LOG_ERR, _("No public key for %s specified!"), c->name); - return -1; + asprintf(&fname, "%s/hosts/%s", confbase, c->name); + fp = fopen(fname, "r"); + + if(fp) { + c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); + fclose(fp); + } + + free(fname); + + if(c->rsa_key) + return 0; + + /* Try again with PEM_read_RSA_PUBKEY. */ + + asprintf(&fname, "%s/hosts/%s", confbase, c->name); + fp = fopen(fname, "r"); + + if(fp) { + c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); + fclose(fp); + } + + free(fname); + + if(c->rsa_key) + return 0; + + syslog(LOG_ERR, _("No public key for %s specified!"), c->name); + + return -1; } int read_rsa_private_key(void) { - FILE *fp; - char *fname, *key; - cp(); - if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) - { - myself->connection->rsa_key = RSA_new(); - BN_hex2bn(&myself->connection->rsa_key->d, key); - BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); - free(key); - return 0; - } + FILE *fp; + char *fname, *key; - if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) - asprintf(&fname, "%s/rsa_key.priv", confbase); + cp(); - if(is_safe_path(fname)) - { - fp = fopen(fname, "r"); - if(!fp) - { - syslog(LOG_ERR, _("Error reading RSA private key file `%s': %s"), - fname, strerror(errno)); - free(fname); - return -1; - } - free(fname); - myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); - fclose(fp); - if(!myself->connection->rsa_key) - { - syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), - fname, strerror(errno)); - return -1; - } - return 0; - } + if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { + myself->connection->rsa_key = RSA_new(); + BN_hex2bn(&myself->connection->rsa_key->d, key); + BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); + free(key); + return 0; + } - free(fname); - return -1; + if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) + asprintf(&fname, "%s/rsa_key.priv", confbase); + + if(is_safe_path(fname)) { + fp = fopen(fname, "r"); + + if(!fp) { + syslog(LOG_ERR, _("Error reading RSA private key file `%s': %s"), + fname, strerror(errno)); + free(fname); + return -1; + } + + free(fname); + myself->connection->rsa_key = + PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); + fclose(fp); + + if(!myself->connection->rsa_key) { + syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), + fname, strerror(errno)); + return -1; + } + + return 0; + } + + free(fname); + return -1; } /* @@ -226,313 +230,289 @@ int read_rsa_private_key(void) */ int setup_myself(void) { - config_t *cfg; - subnet_t *subnet; - char *name, *hostname, *mode, *afname, *cipher, *digest; - char *address = NULL; - struct addrinfo hint, *ai, *aip; - int choice, err; - cp(); - myself = new_node(); - myself->connection = new_connection(); - init_configuration(&myself->connection->config_tree); + config_t *cfg; + subnet_t *subnet; + char *name, *hostname, *mode, *afname, *cipher, *digest; + char *address = NULL; + struct addrinfo hint, *ai, *aip; + int choice, err; - asprintf(&myself->hostname, _("MYSELF")); - asprintf(&myself->connection->hostname, _("MYSELF")); + cp(); - myself->connection->options = 0; - myself->connection->protocol_version = PROT_CURRENT; + myself = new_node(); + myself->connection = new_connection(); + init_configuration(&myself->connection->config_tree); - if(!get_config_string(lookup_config(config_tree, "Name"), &name)) /* Not acceptable */ - { - syslog(LOG_ERR, _("Name for tinc daemon required!")); - return -1; - } + asprintf(&myself->hostname, _("MYSELF")); + asprintf(&myself->connection->hostname, _("MYSELF")); - if(check_id(name)) - { - syslog(LOG_ERR, _("Invalid name for myself!")); - free(name); - return -1; - } + myself->connection->options = 0; + myself->connection->protocol_version = PROT_CURRENT; - myself->name = name; - myself->connection->name = xstrdup(name); - - cp(); - if(read_rsa_private_key()) - return -1; - - if(read_connection_config(myself->connection)) - { - syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); - return -1; - } - - if(read_rsa_public_key(myself->connection)) - return -1; - cp(); - - if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport)) - asprintf(&myport, "655"); - -/* Read in all the subnets specified in the host configuration file */ - - cfg = lookup_config(myself->connection->config_tree, "Subnet"); - - while(cfg) - { - if(!get_config_subnet(cfg, &subnet)) - return -1; - - subnet_add(myself, subnet); - - cfg = lookup_config_next(myself->connection->config_tree, cfg); - } - - cp(); - /* Check some options */ - - if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice)) - if(choice) - myself->options |= OPTION_INDIRECT; - - if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice)) - if(choice) - myself->options |= OPTION_TCPONLY; - - if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice)) - if(choice) - myself->options |= OPTION_INDIRECT; - - if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice)) - if(choice) - myself->options |= OPTION_TCPONLY; - - if(myself->options & OPTION_TCPONLY) - myself->options |= OPTION_INDIRECT; - - if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) - { - if(!strcasecmp(mode, "router")) - routing_mode = RMODE_ROUTER; - else if (!strcasecmp(mode, "switch")) - routing_mode = RMODE_SWITCH; - else if (!strcasecmp(mode, "hub")) - routing_mode = RMODE_HUB; - else - { - syslog(LOG_ERR, _("Invalid routing mode!")); - return -1; - } - free(mode); - } - else - routing_mode = RMODE_ROUTER; - - get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance); -#if !defined(SOL_IP) || !defined(IP_TOS) - if(priorityinheritance) - syslog(LOG_WARNING, _("PriorityInheritance not supported on this platform")); -#endif - - if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) - macexpire= 600; - - if(get_config_int(lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) - { - if(maxtimeout <= 0) - { - syslog(LOG_ERR, _("Bogus maximum timeout!")); - return -1; - } - } - else - maxtimeout = 900; - - if(get_config_string(lookup_config(config_tree, "AddressFamily"), &afname)) - { - if(!strcasecmp(afname, "IPv4")) - addressfamily = AF_INET; - else if (!strcasecmp(afname, "IPv6")) - addressfamily = AF_INET6; - else if (!strcasecmp(afname, "any")) - addressfamily = AF_UNSPEC; - else - { - syslog(LOG_ERR, _("Invalid address family!")); - return -1; - } - free(afname); - } - else - addressfamily = AF_INET; - - get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames); - cp(); - /* Generate packet encryption key */ - - if(get_config_string(lookup_config(myself->connection->config_tree, "Cipher"), &cipher)) - { - if(!strcasecmp(cipher, "none")) - { - myself->cipher = NULL; - } - else - { - myself->cipher = EVP_get_cipherbyname(cipher); - - if(!myself->cipher) - { - syslog(LOG_ERR, _("Unrecognized cipher type!")); - return -1; - } - } - } - else - myself->cipher = EVP_bf_cbc(); - - if(myself->cipher) - myself->keylength = myself->cipher->key_len + myself->cipher->iv_len; - else - myself->keylength = 1; - - myself->connection->outcipher = EVP_bf_ofb(); - - myself->key = (char *)xmalloc(myself->keylength); - RAND_pseudo_bytes(myself->key, myself->keylength); - - if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) - keylifetime = 3600; - - keyexpires = now + keylifetime; - - /* Check if we want to use message authentication codes... */ - - if(get_config_string(lookup_config(myself->connection->config_tree, "Digest"), &digest)) - { - if(!strcasecmp(digest, "none")) - { - myself->digest = NULL; - } - else - { - myself->digest = EVP_get_digestbyname(digest); - - if(!myself->digest) - { - syslog(LOG_ERR, _("Unrecognized digest type!")); - return -1; - } - } - } - else - myself->digest = EVP_sha1(); - - myself->connection->outdigest = EVP_sha1(); - - if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength)) - { - if(myself->digest) - { - if(myself->maclength > myself->digest->md_size) - { - syslog(LOG_ERR, _("MAC length exceeds size of digest!")); - return -1; - } - else if (myself->maclength < 0) - { - syslog(LOG_ERR, _("Bogus MAC length!")); - return -1; - } - } - } - else - myself->maclength = 4; - - myself->connection->outmaclength = 0; - - /* Compression */ - - if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"), &myself->compression)) - { - if(myself->compression < 0 || myself->compression > 9) - { - syslog(LOG_ERR, _("Bogus compression level!")); - return -1; - } - } - else - myself->compression = 0; - - myself->connection->outcompression = 0; - cp(); - /* Done */ - - myself->nexthop = myself; - myself->via = myself; - myself->status.active = 1; - myself->status.reachable = 1; - node_add(myself); - - graph(); - - cp(); - /* Open sockets */ - - memset(&hint, 0, sizeof(hint)); - - get_config_string(lookup_config(config_tree, "BindToAddress"), &address); - - hint.ai_family = addressfamily; - hint.ai_socktype = SOCK_STREAM; - hint.ai_protocol = IPPROTO_TCP; - hint.ai_flags = AI_PASSIVE; - - err = getaddrinfo(address, myport, &hint, &ai); - - if(err || !ai) - { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err)); - return -1; - } - - listen_sockets = 0; - - for(aip = ai; aip; aip = aip->ai_next) - { - listen_socket[listen_sockets].tcp = setup_listen_socket((sockaddr_t *)aip->ai_addr); - - if(listen_socket[listen_sockets].tcp < 0) - continue; - - listen_socket[listen_sockets].udp = setup_vpn_in_socket((sockaddr_t *)aip->ai_addr); - - if(listen_socket[listen_sockets].udp < 0) - continue; - - if(debug_lvl >= DEBUG_CONNECTIONS) - { - hostname = sockaddr2hostname((sockaddr_t *)aip->ai_addr); - syslog(LOG_NOTICE, _("Listening on %s"), hostname); - free(hostname); + if(!get_config_string(lookup_config(config_tree, "Name"), &name)) { /* Not acceptable */ + syslog(LOG_ERR, _("Name for tinc daemon required!")); + return -1; } - listen_socket[listen_sockets].sa.sa = *aip->ai_addr; - listen_sockets++; - } + if(check_id(name)) { + syslog(LOG_ERR, _("Invalid name for myself!")); + free(name); + return -1; + } - freeaddrinfo(ai); + myself->name = name; + myself->connection->name = xstrdup(name); - if(listen_sockets) - syslog(LOG_NOTICE, _("Ready")); - else - { - syslog(LOG_ERR, _("Unable to create any listening socket!")); - return -1; - } - cp(); - return 0; + if(read_rsa_private_key()) + return -1; + + if(read_connection_config(myself->connection)) { + syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); + return -1; + } + + if(read_rsa_public_key(myself->connection)) + return -1; + + if(!get_config_string + (lookup_config(myself->connection->config_tree, "Port"), &myport)) + asprintf(&myport, "655"); + + /* Read in all the subnets specified in the host configuration file */ + + cfg = lookup_config(myself->connection->config_tree, "Subnet"); + + while(cfg) { + if(!get_config_subnet(cfg, &subnet)) + return -1; + + subnet_add(myself, subnet); + + cfg = lookup_config_next(myself->connection->config_tree, cfg); + } + + /* Check some options */ + + if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice)) + if(choice) + myself->options |= OPTION_INDIRECT; + + if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice)) + if(choice) + myself->options |= OPTION_TCPONLY; + + if(get_config_bool + (lookup_config(myself->connection->config_tree, "IndirectData"), + &choice)) + if(choice) + myself->options |= OPTION_INDIRECT; + + if(get_config_bool + (lookup_config(myself->connection->config_tree, "TCPOnly"), &choice)) + if(choice) + myself->options |= OPTION_TCPONLY; + + if(myself->options & OPTION_TCPONLY) + myself->options |= OPTION_INDIRECT; + + if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) { + if(!strcasecmp(mode, "router")) + routing_mode = RMODE_ROUTER; + else if(!strcasecmp(mode, "switch")) + routing_mode = RMODE_SWITCH; + else if(!strcasecmp(mode, "hub")) + routing_mode = RMODE_HUB; + else { + syslog(LOG_ERR, _("Invalid routing mode!")); + return -1; + } + free(mode); + } else + routing_mode = RMODE_ROUTER; + + get_config_bool(lookup_config(config_tree, "PriorityInheritance"), + &priorityinheritance); +#if !defined(SOL_IP) || !defined(IP_TOS) + if(priorityinheritance) + syslog(LOG_WARNING, _("PriorityInheritance not supported on this platform")); +#endif + + if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) + macexpire = 600; + + if(get_config_int + (lookup_config(myself->connection->config_tree, "MaxTimeout"), + &maxtimeout)) { + if(maxtimeout <= 0) { + syslog(LOG_ERR, _("Bogus maximum timeout!")); + return -1; + } + } else + maxtimeout = 900; + + if(get_config_string(lookup_config(config_tree, "AddressFamily"), &afname)) { + if(!strcasecmp(afname, "IPv4")) + addressfamily = AF_INET; + else if(!strcasecmp(afname, "IPv6")) + addressfamily = AF_INET6; + else if(!strcasecmp(afname, "any")) + addressfamily = AF_UNSPEC; + else { + syslog(LOG_ERR, _("Invalid address family!")); + return -1; + } + free(afname); + } else + addressfamily = AF_INET; + + get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames); + + /* Generate packet encryption key */ + + if(get_config_string + (lookup_config(myself->connection->config_tree, "Cipher"), &cipher)) { + if(!strcasecmp(cipher, "none")) { + myself->cipher = NULL; + } else { + myself->cipher = EVP_get_cipherbyname(cipher); + + if(!myself->cipher) { + syslog(LOG_ERR, _("Unrecognized cipher type!")); + return -1; + } + } + } else + myself->cipher = EVP_bf_cbc(); + + if(myself->cipher) + myself->keylength = myself->cipher->key_len + myself->cipher->iv_len; + else + myself->keylength = 1; + + myself->connection->outcipher = EVP_bf_ofb(); + + myself->key = (char *) xmalloc(myself->keylength); + RAND_pseudo_bytes(myself->key, myself->keylength); + + if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) + keylifetime = 3600; + + keyexpires = now + keylifetime; + + /* Check if we want to use message authentication codes... */ + + if(get_config_string + (lookup_config(myself->connection->config_tree, "Digest"), &digest)) { + if(!strcasecmp(digest, "none")) { + myself->digest = NULL; + } else { + myself->digest = EVP_get_digestbyname(digest); + + if(!myself->digest) { + syslog(LOG_ERR, _("Unrecognized digest type!")); + return -1; + } + } + } else + myself->digest = EVP_sha1(); + + myself->connection->outdigest = EVP_sha1(); + + if(get_config_int + (lookup_config(myself->connection->config_tree, "MACLength"), + &myself->maclength)) { + if(myself->digest) { + if(myself->maclength > myself->digest->md_size) { + syslog(LOG_ERR, _("MAC length exceeds size of digest!")); + return -1; + } else if(myself->maclength < 0) { + syslog(LOG_ERR, _("Bogus MAC length!")); + return -1; + } + } + } else + myself->maclength = 4; + + myself->connection->outmaclength = 0; + + /* Compression */ + + if(get_config_int + (lookup_config(myself->connection->config_tree, "Compression"), + &myself->compression)) { + if(myself->compression < 0 || myself->compression > 9) { + syslog(LOG_ERR, _("Bogus compression level!")); + return -1; + } + } else + myself->compression = 0; + + myself->connection->outcompression = 0; + + /* Done */ + + myself->nexthop = myself; + myself->via = myself; + myself->status.active = 1; + myself->status.reachable = 1; + node_add(myself); + + graph(); + + /* Open sockets */ + + memset(&hint, 0, sizeof(hint)); + + get_config_string(lookup_config(config_tree, "BindToAddress"), &address); + + hint.ai_family = addressfamily; + hint.ai_socktype = SOCK_STREAM; + hint.ai_protocol = IPPROTO_TCP; + hint.ai_flags = AI_PASSIVE; + + err = getaddrinfo(address, myport, &hint, &ai); + + if(err || !ai) { + syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", + gai_strerror(err)); + return -1; + } + + listen_sockets = 0; + + for(aip = ai; aip; aip = aip->ai_next) { + listen_socket[listen_sockets].tcp = + setup_listen_socket((sockaddr_t *) aip->ai_addr); + + if(listen_socket[listen_sockets].tcp < 0) + continue; + + listen_socket[listen_sockets].udp = + setup_vpn_in_socket((sockaddr_t *) aip->ai_addr); + + if(listen_socket[listen_sockets].udp < 0) + continue; + + if(debug_lvl >= DEBUG_CONNECTIONS) { + hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr); + syslog(LOG_NOTICE, _("Listening on %s"), hostname); + free(hostname); + } + + listen_socket[listen_sockets].sa.sa = *aip->ai_addr; + listen_sockets++; + } + + freeaddrinfo(ai); + + if(listen_sockets) + syslog(LOG_NOTICE, _("Ready")); + else { + syslog(LOG_ERR, _("Unable to create any listening socket!")); + return -1; + } + + return 0; } /* @@ -540,48 +520,47 @@ int setup_myself(void) */ int setup_network_connections(void) { - char *envp[4]; - int i; - cp(); - now = time(NULL); + char *envp[4]; + int i; - init_connections(); - init_subnets(); - init_nodes(); - init_edges(); - init_events(); - init_requests(); + cp(); - if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) - { - if(pingtimeout < 1) - { - pingtimeout = 86400; - } - } - else - pingtimeout = 60; + now = time(NULL); - if(setup_device() < 0) - return -1; + init_connections(); + init_subnets(); + init_nodes(); + init_edges(); + init_events(); + init_requests(); - /* Run tinc-up script to further initialize the tap interface */ - asprintf(&envp[0], "NETNAME=%s", netname?:""); - asprintf(&envp[1], "DEVICE=%s", device?:""); - asprintf(&envp[2], "INTERFACE=%s", interface?:""); - envp[3] = NULL; + if(get_config_int(lookup_config(config_tree, "PingTimeout"), &pingtimeout)) { + if(pingtimeout < 1) { + pingtimeout = 86400; + } + } else + pingtimeout = 60; - execute_script("tinc-up", envp); + if(setup_device() < 0) + return -1; - for(i = 0; i < 4; i++) - free(envp[i]); + /* Run tinc-up script to further initialize the tap interface */ + asprintf(&envp[0], "NETNAME=%s", netname ? : ""); + asprintf(&envp[1], "DEVICE=%s", device ? : ""); + asprintf(&envp[2], "INTERFACE=%s", interface ? : ""); + envp[3] = NULL; - if(setup_myself() < 0) - return -1; + execute_script("tinc-up", envp); - try_outgoing_connections(); - cp(); - return 0; + for(i = 0; i < 4; i++) + free(envp[i]); + + if(setup_myself() < 0) + return -1; + + try_outgoing_connections(); + + return 0; } /* @@ -589,47 +568,48 @@ int setup_network_connections(void) */ void close_network_connections(void) { - avl_node_t *node, *next; - connection_t *c; - char *envp[4]; - int i; - cp(); - for(node = connection_tree->head; node; node = next) - { - next = node->next; - c = (connection_t *)node->data; - if(c->outgoing) - free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL; - terminate_connection(c, 0); - } + avl_node_t *node, *next; + connection_t *c; + char *envp[4]; + int i; - if(myself && myself->connection) - terminate_connection(myself->connection, 0); + cp(); - for(i = 0; i < listen_sockets; i++) - { - close(listen_socket[i].tcp); - close(listen_socket[i].udp); - } + for(node = connection_tree->head; node; node = next) { + next = node->next; + c = (connection_t *) node->data; - exit_requests(); - exit_events(); - exit_edges(); - exit_subnets(); - exit_nodes(); - exit_connections(); + if(c->outgoing) + free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL; + terminate_connection(c, 0); + } - asprintf(&envp[0], "NETNAME=%s", netname?:""); - asprintf(&envp[1], "DEVICE=%s", device?:""); - asprintf(&envp[2], "INTERFACE=%s", interface?:""); - envp[3] = NULL; + if(myself && myself->connection) + terminate_connection(myself->connection, 0); - execute_script("tinc-down", envp); + for(i = 0; i < listen_sockets; i++) { + close(listen_socket[i].tcp); + close(listen_socket[i].udp); + } - for(i = 0; i < 4; i++) - free(envp[i]); + exit_requests(); + exit_events(); + exit_edges(); + exit_subnets(); + exit_nodes(); + exit_connections(); - close_device(); - cp(); - return; + asprintf(&envp[0], "NETNAME=%s", netname ? : ""); + asprintf(&envp[1], "DEVICE=%s", device ? : ""); + asprintf(&envp[2], "INTERFACE=%s", interface ? : ""); + envp[3] = NULL; + + execute_script("tinc-down", envp); + + for(i = 0; i < 4; i++) + free(envp[i]); + + close_device(); + + return; } diff --git a/src/net_socket.c b/src/net_socket.c index cbe9e688..96a58b05 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.19 2002/09/09 19:39:59 guus Exp $ + $Id: net_socket.c,v 1.1.2.20 2002/09/09 21:24:41 guus Exp $ */ #include "config.h" @@ -27,13 +27,13 @@ #include #include #ifdef HAVE_NETINET_IN_SYSTM_H - #include +#include #endif #ifdef HAVE_NETINET_IP_H - #include +#include #endif #ifdef HAVE_NETINET_TCP_H - #include +#include #endif #include #include @@ -84,357 +84,369 @@ int listen_sockets; /* Setup sockets */ -int setup_listen_socket(sockaddr_t *sa) +int setup_listen_socket(sockaddr_t * sa) { - int nfd, flags; - char *addrstr; - int option; + int nfd, flags; + char *addrstr; + int option; #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - char *interface; - struct ifreq ifr; + char *interface; + struct ifreq ifr; #endif - cp(); - nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP); - if(nfd < 0) - { - syslog(LOG_ERR, _("Creating metasocket failed: %s"), strerror(errno)); - return -1; - } + cp(); - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", strerror(errno)); - return -1; - } + nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP); - /* Optimize TCP settings */ + if(nfd < 0) { + syslog(LOG_ERR, _("Creating metasocket failed: %s"), strerror(errno)); + return -1; + } - option = 1; - setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); + flags = fcntl(nfd, F_GETFL); + + if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", + strerror(errno)); + return -1; + } + + /* Optimize TCP settings */ + + option = 1; + setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); #if defined(SOL_TCP) && defined(TCP_NODELAY) - setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); + setsockopt(nfd, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); #endif #if defined(SOL_IP) && defined(IP_TOS) && defined(IPTOS_LOWDELAY) - option = IPTOS_LOWDELAY; - setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); + option = IPTOS_LOWDELAY; + setsockopt(nfd, SOL_IP, IP_TOS, &option, sizeof(option)); #endif - if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) - { + if(get_config_string + (lookup_config(config_tree, "BindToInterface"), &interface)) { #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); - if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); - return -1; - } + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); + + if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) { + close(nfd); + syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, + strerror(errno)); + return -1; + } #else - syslog(LOG_WARNING, _("BindToDevice not supported on this platform")); + syslog(LOG_WARNING, _("BindToDevice not supported on this platform")); #endif - } - - if(bind(nfd, &sa->sa, SALEN(sa->sa))) - { - close(nfd); - addrstr = sockaddr2hostname(sa); - syslog(LOG_ERR, _("Can't bind to %s/tcp: %s"), addrstr, strerror(errno)); - free(addrstr); - return -1; - } - - if(listen(nfd, 3)) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %s"), "listen", strerror(errno)); - return -1; - } - cp(); - return nfd; -} - -int setup_vpn_in_socket(sockaddr_t *sa) -{ - int nfd, flags; - char *addrstr; - int option; -#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - char *interface; - struct ifreq ifr; -#endif - cp(); - nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP); - - if(nfd < 0) - { - syslog(LOG_ERR, _("Creating UDP socket failed: %s"), strerror(errno)); - return -1; - } - - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) - { - close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", strerror(errno)); - return -1; - } - - option = 1; - setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); - -#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - if(get_config_string(lookup_config(config_tree, "BindToInterface"), &interface)) - { - memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); - if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) - { - close(nfd); - syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); - return -1; } - } + + if(bind(nfd, &sa->sa, SALEN(sa->sa))) { + close(nfd); + addrstr = sockaddr2hostname(sa); + syslog(LOG_ERR, _("Can't bind to %s/tcp: %s"), addrstr, + strerror(errno)); + free(addrstr); + return -1; + } + + if(listen(nfd, 3)) { + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %s"), "listen", + strerror(errno)); + return -1; + } + + return nfd; +} + +int setup_vpn_in_socket(sockaddr_t * sa) +{ + int nfd, flags; + char *addrstr; + int option; +#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) + char *interface; + struct ifreq ifr; #endif - if(bind(nfd, &sa->sa, SALEN(sa->sa))) - { - close(nfd); - addrstr = sockaddr2hostname(sa); - syslog(LOG_ERR, _("Can't bind to %s/udp: %s"), addrstr, strerror(errno)); - free(addrstr); - return -1; - } - cp(); - return nfd; + cp(); + + nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP); + + if(nfd < 0) { + syslog(LOG_ERR, _("Creating UDP socket failed: %s"), strerror(errno)); + return -1; + } + + flags = fcntl(nfd, F_GETFL); + if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + close(nfd); + syslog(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", + strerror(errno)); + return -1; + } + + option = 1; + setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); + +#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) + if(get_config_string + (lookup_config(config_tree, "BindToInterface"), &interface)) { + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); + + if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) { + close(nfd); + syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, + strerror(errno)); + return -1; + } + } +#endif + + if(bind(nfd, &sa->sa, SALEN(sa->sa))) { + close(nfd); + addrstr = sockaddr2hostname(sa); + syslog(LOG_ERR, _("Can't bind to %s/udp: %s"), addrstr, + strerror(errno)); + free(addrstr); + return -1; + } + + return nfd; } -void retry_outgoing(outgoing_t *outgoing) +void retry_outgoing(outgoing_t * outgoing) { - event_t *event; - cp(); - outgoing->timeout += 5; - if(outgoing->timeout > maxtimeout) - outgoing->timeout = maxtimeout; + event_t *event; - event = new_event(); - event->handler = (event_handler_t)setup_outgoing_connection; - event->time = now + outgoing->timeout; - event->data = outgoing; - event_add(event); + cp(); - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), outgoing->timeout); - cp(); + outgoing->timeout += 5; + + if(outgoing->timeout > maxtimeout) + outgoing->timeout = maxtimeout; + + event = new_event(); + event->handler = (event_handler_t) setup_outgoing_connection; + event->time = now + outgoing->timeout; + event->data = outgoing; + event_add(event); + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, + _("Trying to re-establish outgoing connection in %d seconds"), + outgoing->timeout); } -int setup_outgoing_socket(connection_t *c) +int setup_outgoing_socket(connection_t * c) { - int option; - cp(); - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); + int option; - c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); + cp(); - if(c->socket == -1) - { - syslog(LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, strerror(errno)); - return -1; - } + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, + c->hostname); - /* Optimize TCP settings */ + c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); + + if(c->socket == -1) { + syslog(LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, + strerror(errno)); + return -1; + } + + /* Optimize TCP settings */ #if defined(SOL_TCP) && defined(TCP_NODELAY) - option = 1; - setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); + option = 1; + setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); #endif #if defined(SOL_IP) && defined(IP_TOS) - option = IPTOS_LOWDELAY; - setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); + option = IPTOS_LOWDELAY; + setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); #endif - /* Connect */ + /* Connect */ - if(connect(c->socket, &c->address.sa, SALEN(c->address.sa)) == -1) - { - close(c->socket); - syslog(LOG_ERR, _("Error while connecting to %s (%s): %s"), c->name, c->hostname, strerror(errno)); - return -1; - } + if(connect(c->socket, &c->address.sa, SALEN(c->address.sa)) == -1) { + close(c->socket); + syslog(LOG_ERR, _("Error while connecting to %s (%s): %s"), c->name, + c->hostname, strerror(errno)); + return -1; + } - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); - cp(); - return 0; + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); + + return 0; } -void finish_connecting(connection_t *c) +void finish_connecting(connection_t * c) { - cp(); - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); + cp(); - c->last_ping_time = now; + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); - send_id(c); - cp(); + c->last_ping_time = now; + + send_id(c); } -void do_outgoing_connection(connection_t *c) +void do_outgoing_connection(connection_t * c) { - char *address, *port; - int option, result, flags; - cp(); + char *address, *port; + int option, result, flags; + + cp(); + begin: - if(!c->outgoing->ai) - { - if(!c->outgoing->cfg) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_ERR, _("Could not set up a meta connection to %s"), c->name); - c->status.remove = 1; - retry_outgoing(c->outgoing); - return; - } + if(!c->outgoing->ai) { + if(!c->outgoing->cfg) { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_ERR, _("Could not set up a meta connection to %s"), + c->name); + c->status.remove = 1; + retry_outgoing(c->outgoing); + return; + } - get_config_string(c->outgoing->cfg, &address); + get_config_string(c->outgoing->cfg, &address); - if(!get_config_string(lookup_config(c->config_tree, "Port"), &port)) - asprintf(&port, "655"); + if(!get_config_string(lookup_config(c->config_tree, "Port"), &port)) + asprintf(&port, "655"); - c->outgoing->ai = str2addrinfo(address, port, SOCK_STREAM); - free(address); - free(port); + c->outgoing->ai = str2addrinfo(address, port, SOCK_STREAM); + free(address); + free(port); - c->outgoing->aip = c->outgoing->ai; - c->outgoing->cfg = lookup_config_next(c->config_tree, c->outgoing->cfg); - } + c->outgoing->aip = c->outgoing->ai; + c->outgoing->cfg = lookup_config_next(c->config_tree, c->outgoing->cfg); + } - if(!c->outgoing->aip) - { - freeaddrinfo(c->outgoing->ai); - c->outgoing->ai = NULL; - goto begin; - } + if(!c->outgoing->aip) { + freeaddrinfo(c->outgoing->ai); + c->outgoing->ai = NULL; + goto begin; + } - memcpy(&c->address, c->outgoing->aip->ai_addr, c->outgoing->aip->ai_addrlen); - c->outgoing->aip = c->outgoing->aip->ai_next; + memcpy(&c->address, c->outgoing->aip->ai_addr, + c->outgoing->aip->ai_addrlen); + c->outgoing->aip = c->outgoing->aip->ai_next; - if(c->hostname) - free(c->hostname); + if(c->hostname) + free(c->hostname); - c->hostname = sockaddr2hostname(&c->address); + c->hostname = sockaddr2hostname(&c->address); - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, + c->hostname); - c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); + c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); - if(c->socket == -1) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, strerror(errno)); + if(c->socket == -1) { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, + strerror(errno)); - goto begin; - } + goto begin; + } - /* Optimize TCP settings */ + /* Optimize TCP settings */ #if defined(SOL_TCP) && defined(TCP_NODELAY) - option = 1; - setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); + option = 1; + setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); #endif #if defined(SOL_IP) && defined(IP_TOS) - option = IPTOS_LOWDELAY; - setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); + option = IPTOS_LOWDELAY; + setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); #endif - /* Non-blocking */ + /* Non-blocking */ - flags = fcntl(c->socket, F_GETFL); + flags = fcntl(c->socket, F_GETFL); - if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) - { - syslog(LOG_ERR, _("fcntl for %s: %s"), c->hostname, strerror(errno)); - } - - /* Connect */ - - result = connect(c->socket, &c->address.sa, SALEN(c->address.sa)); - - if(result == -1) - { - if(errno == EINPROGRESS) - { - c->status.connecting = 1; - return; + if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) { + syslog(LOG_ERR, _("fcntl for %s: %s"), c->hostname, strerror(errno)); } - close(c->socket); + /* Connect */ - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_ERR, _("%s: %s"), c->hostname, strerror(errno)); + result = connect(c->socket, &c->address.sa, SALEN(c->address.sa)); - goto begin; - } + if(result == -1) { + if(errno == EINPROGRESS) { + c->status.connecting = 1; + return; + } - finish_connecting(c); - return; - cp(); + close(c->socket); + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_ERR, _("%s: %s"), c->hostname, strerror(errno)); + + goto begin; + } + + finish_connecting(c); + + return; } -void setup_outgoing_connection(outgoing_t *outgoing) +void setup_outgoing_connection(outgoing_t * outgoing) { - connection_t *c; - node_t *n; - cp(); - n = lookup_node(outgoing->name); - - if(n) - if(n->connection) - { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Already connected to %s"), outgoing->name); - n->connection->outgoing = outgoing; - return; - } + connection_t *c; + node_t *n; - c = new_connection(); - c->name = xstrdup(outgoing->name); - c->outcipher = myself->connection->outcipher; - c->outdigest = myself->connection->outdigest; - c->outmaclength = myself->connection->outmaclength; - c->outcompression = myself->connection->outcompression; + cp(); - init_configuration(&c->config_tree); - read_connection_config(c); - - outgoing->cfg = lookup_config(c->config_tree, "Address"); - - if(!outgoing->cfg) - { - syslog(LOG_ERR, _("No address specified for %s"), c->name); - free_connection(c); - free(outgoing->name); - free(outgoing); - return; - } - - c->outgoing = outgoing; - c->last_ping_time = now; + n = lookup_node(outgoing->name); - connection_add(c); + if(n) + if(n->connection) { + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_INFO, _("Already connected to %s"), outgoing->name); - do_outgoing_connection(c); + n->connection->outgoing = outgoing; + return; + } + + c = new_connection(); + c->name = xstrdup(outgoing->name); + c->outcipher = myself->connection->outcipher; + c->outdigest = myself->connection->outdigest; + c->outmaclength = myself->connection->outmaclength; + c->outcompression = myself->connection->outcompression; + + init_configuration(&c->config_tree); + read_connection_config(c); + + outgoing->cfg = lookup_config(c->config_tree, "Address"); + + if(!outgoing->cfg) { + syslog(LOG_ERR, _("No address specified for %s"), c->name); + free_connection(c); + free(outgoing->name); + free(outgoing); + return; + } + + c->outgoing = outgoing; + c->last_ping_time = now; + + connection_add(c); + + do_outgoing_connection(c); } /* @@ -443,61 +455,66 @@ void setup_outgoing_connection(outgoing_t *outgoing) */ int handle_new_meta_connection(int sock) { - connection_t *c; - sockaddr_t sa; - int fd, len = sizeof(sa); - cp(); - fd = accept(sock, &sa.sa, &len); + connection_t *c; + sockaddr_t sa; + int fd, len = sizeof(sa); - if(fd < 0) - { - syslog(LOG_ERR, _("Accepting a new connection failed: %s"), strerror(errno)); - return -1; - } + cp(); - sockaddrunmap(&sa); + fd = accept(sock, &sa.sa, &len); - c = new_connection(); - c->outcipher = myself->connection->outcipher; - c->outdigest = myself->connection->outdigest; - c->outmaclength = myself->connection->outmaclength; - c->outcompression = myself->connection->outcompression; + if(fd < 0) { + syslog(LOG_ERR, _("Accepting a new connection failed: %s"), + strerror(errno)); + return -1; + } - c->address = sa; - c->hostname = sockaddr2hostname(&sa); - c->socket = fd; - c->last_ping_time = now; + sockaddrunmap(&sa); - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection from %s"), c->hostname); + c = new_connection(); + c->outcipher = myself->connection->outcipher; + c->outdigest = myself->connection->outdigest; + c->outmaclength = myself->connection->outmaclength; + c->outcompression = myself->connection->outcompression; - connection_add(c); + c->address = sa; + c->hostname = sockaddr2hostname(&sa); + c->socket = fd; + c->last_ping_time = now; - c->allow_request = ID; - send_id(c); - cp(); - return 0; + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Connection from %s"), c->hostname); + + connection_add(c); + + c->allow_request = ID; + send_id(c); + + return 0; } void try_outgoing_connections(void) { - static config_t *cfg = NULL; - char *name; - outgoing_t *outgoing; - cp(); - for(cfg = lookup_config(config_tree, "ConnectTo"); cfg; cfg = lookup_config_next(config_tree, cfg)) - { - get_config_string(cfg, &name); + static config_t *cfg = NULL; + char *name; + outgoing_t *outgoing; - if(check_id(name)) - { - syslog(LOG_ERR, _("Invalid name for outgoing connection in %s line %d"), cfg->file, cfg->line); - free(name); - continue; - } + cp(); - outgoing = xmalloc_and_zero(sizeof(*outgoing)); - outgoing->name = name; - setup_outgoing_connection(outgoing); - } + for(cfg = lookup_config(config_tree, "ConnectTo"); cfg; + cfg = lookup_config_next(config_tree, cfg)) { + get_config_string(cfg, &name); + + if(check_id(name)) { + syslog(LOG_ERR, + _("Invalid name for outgoing connection in %s line %d"), + cfg->file, cfg->line); + free(name); + continue; + } + + outgoing = xmalloc_and_zero(sizeof(*outgoing)); + outgoing->name = name; + setup_outgoing_connection(outgoing); + } } diff --git a/src/netbsd/device.c b/src/netbsd/device.c index 33896aa6..53bd9da8 100644 --- a/src/netbsd/device.c +++ b/src/netbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.4 2002/06/21 10:11:36 guus Exp $ + $Id: device.c,v 1.1.2.5 2002/09/09 21:25:23 guus Exp $ */ #include "config.h" @@ -63,93 +63,80 @@ extern subnet_t mymac; */ int setup_device(void) { - if(!get_config_string(lookup_config(config_tree, "Device"), &device)) - device = DEFAULT_DEVICE; + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - interface = rindex(device, '/')?rindex(device, '/')+1:device; -cp - if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) - { - syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); - return -1; - } -cp - /* Set default MAC address for ethertap devices */ + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; + cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { + syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + return -1; + } + cp + /* Set default MAC address for ethertap devices */ + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; + device_info = _("NetBSD tun device"); - device_info = _("NetBSD tun device"); - - syslog(LOG_INFO, _("%s is a %s"), device, device_info); -cp - return 0; + syslog(LOG_INFO, _("%s is a %s"), device, device_info); + cp return 0; } void close_device(void) { -cp - close(device_fd); -cp -} + cp close(device_fd); +cp} -int read_packet(vpn_packet_t *packet) +int read_packet(vpn_packet_t * packet) { - int lenin; -cp + int lenin; + cp if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return -1; + } - if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) - { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + memcpy(packet->data, mymac.net.mac.address.x, 6); + memcpy(packet->data + 6, mymac.net.mac.address.x, 6); + packet->data[12] = 0x08; + packet->data[13] = 0x00; - memcpy(packet->data, mymac.net.mac.address.x, 6); - memcpy(packet->data + 6, mymac.net.mac.address.x, 6); - packet->data[12] = 0x08; - packet->data[13] = 0x00; + packet->len = lenin + 14; - packet->len = lenin + 14; + device_total_in += packet->len; - device_total_in += packet->len; + if(debug_lvl >= DEBUG_TRAFFIC) { + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + device_info); + } - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - } + return 0; +cp} - return 0; -cp -} - -int write_packet(vpn_packet_t *packet) +int write_packet(vpn_packet_t * packet) { -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), - packet->len, device_info); + cp if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); - if(write(device_fd, packet->data + 14, packet->len - 14) < 0) - { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + strerror(errno)); + return -1; + } - device_total_out += packet->len; -cp -} + device_total_out += packet->len; +cp} void dump_device_stats(void) { -cp - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp -} + cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp} diff --git a/src/netutl.c b/src/netutl.c index 35a3fef6..e5c969e7 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.42 2002/09/09 19:39:59 guus Exp $ + $Id: netutl.c,v 1.12.4.43 2002/09/09 21:24:41 guus Exp $ */ #include "config.h" @@ -28,7 +28,7 @@ #include #include #ifdef HAVE_INTTYPES_H - #include +#include #endif #include #include @@ -54,211 +54,232 @@ int hostnames = 0; */ struct addrinfo *str2addrinfo(char *address, char *service, int socktype) { - struct addrinfo hint, *ai; - int err; - cp(); - memset(&hint, 0, sizeof(hint)); + struct addrinfo hint, *ai; + int err; - hint.ai_family = addressfamily; - hint.ai_socktype = socktype; + cp(); - err = getaddrinfo(address, service, &hint, &ai); + memset(&hint, 0, sizeof(hint)); - if(err) - { - if(debug_lvl >= DEBUG_ERROR) - syslog(LOG_WARNING, _("Error looking up %s port %s: %s\n"), address, service, gai_strerror(err)); - cp_trace(); - return NULL; - } + hint.ai_family = addressfamily; + hint.ai_socktype = socktype; - cp(); - return ai; + err = getaddrinfo(address, service, &hint, &ai); + + if(err) { + if(debug_lvl >= DEBUG_ERROR) + syslog(LOG_WARNING, _("Error looking up %s port %s: %s\n"), address, + service, gai_strerror(err)); + cp_trace(); + return NULL; + } + + return ai; } sockaddr_t str2sockaddr(char *address, char *port) { - struct addrinfo hint, *ai; - sockaddr_t result; - int err; - cp(); - memset(&hint, 0, sizeof(hint)); + struct addrinfo hint, *ai; + sockaddr_t result; + int err; - hint.ai_family = AF_UNSPEC; - hint.ai_flags = AI_NUMERICHOST; - hint.ai_socktype = SOCK_STREAM; + cp(); - err = getaddrinfo(address, port, &hint, &ai); + memset(&hint, 0, sizeof(hint)); - if(err || !ai) - { - syslog(LOG_ERR, _("Error looking up %s port %s: %s\n"), address, port, gai_strerror(err)); - cp_trace(); - raise(SIGFPE); - exit(0); - } + hint.ai_family = AF_UNSPEC; + hint.ai_flags = AI_NUMERICHOST; + hint.ai_socktype = SOCK_STREAM; - result = *(sockaddr_t *)ai->ai_addr; - freeaddrinfo(ai); - cp(); - return result; + err = getaddrinfo(address, port, &hint, &ai); + + if(err || !ai) { + syslog(LOG_ERR, _("Error looking up %s port %s: %s\n"), address, port, + gai_strerror(err)); + cp_trace(); + raise(SIGFPE); + exit(0); + } + + result = *(sockaddr_t *) ai->ai_addr; + freeaddrinfo(ai); + + return result; } -void sockaddr2str(sockaddr_t *sa, char **addrstr, char **portstr) +void sockaddr2str(sockaddr_t * sa, char **addrstr, char **portstr) { - char address[NI_MAXHOST]; - char port[NI_MAXSERV]; - char *scopeid; - int err; - cp(); - err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST|NI_NUMERICSERV); + char address[NI_MAXHOST]; + char port[NI_MAXSERV]; + char *scopeid; + int err; - if(err) - { - syslog(LOG_ERR, _("Error while translating addresses: %s"), gai_strerror(err)); - cp_trace(); - raise(SIGFPE); - exit(0); - } + cp(); - scopeid = strchr(address, '%'); + err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV); - if(scopeid) - *scopeid = '\0'; /* Descope. */ + if(err) { + syslog(LOG_ERR, _("Error while translating addresses: %s"), + gai_strerror(err)); + cp_trace(); + raise(SIGFPE); + exit(0); + } - *addrstr = xstrdup(address); - *portstr = xstrdup(port); - cp(); + scopeid = strchr(address, '%'); + + if(scopeid) + *scopeid = '\0'; /* Descope. */ + + *addrstr = xstrdup(address); + *portstr = xstrdup(port); } -char *sockaddr2hostname(sockaddr_t *sa) +char *sockaddr2hostname(sockaddr_t * sa) { - char *str; - char address[NI_MAXHOST] = "unknown"; - char port[NI_MAXSERV] = "unknown"; - int err; - cp(); - err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), hostnames?0:(NI_NUMERICHOST|NI_NUMERICSERV)); - if(err) - { - syslog(LOG_ERR, _("Error while looking up hostname: %s"), gai_strerror(err)); - } + char *str; + char address[NI_MAXHOST] = "unknown"; + char port[NI_MAXSERV] = "unknown"; + int err; - asprintf(&str, _("%s port %s"), address, port); - cp(); - return str; + cp(); + + err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), + hostnames ? 0 : (NI_NUMERICHOST | NI_NUMERICSERV)); + if(err) { + syslog(LOG_ERR, _("Error while looking up hostname: %s"), + gai_strerror(err)); + } + + asprintf(&str, _("%s port %s"), address, port); + + return str; } -int sockaddrcmp(sockaddr_t *a, sockaddr_t *b) +int sockaddrcmp(sockaddr_t * a, sockaddr_t * b) { - int result; - cp(); - result = a->sa.sa_family - b->sa.sa_family; - - if(result) - return result; - - switch(a->sa.sa_family) - { - case AF_UNSPEC: - return 0; - case AF_INET: - result = memcmp(&a->in.sin_addr, &b->in.sin_addr, sizeof(a->in.sin_addr)); + int result; + + cp(); + + result = a->sa.sa_family - b->sa.sa_family; + if(result) - return result; - return memcmp(&a->in.sin_port, &b->in.sin_port, sizeof(a->in.sin_port)); - case AF_INET6: - result = memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)); - if(result) - return result; - return memcmp(&a->in6.sin6_port, &b->in6.sin6_port, sizeof(a->in6.sin6_port)); - default: - syslog(LOG_ERR, _("sockaddrcmp() was called with unknown address family %d, exitting!"), a->sa.sa_family); - cp_trace(); - raise(SIGFPE); - exit(0); - } - cp(); + return result; + + switch (a->sa.sa_family) { + case AF_UNSPEC: + return 0; + + case AF_INET: + result = memcmp(&a->in.sin_addr, &b->in.sin_addr, sizeof(a->in.sin_addr)); + + if(result) + return result; + + return memcmp(&a->in.sin_port, &b->in.sin_port, sizeof(a->in.sin_port)); + + case AF_INET6: + result = memcmp(&a->in6.sin6_addr, &b->in6.sin6_addr, sizeof(a->in6.sin6_addr)); + + if(result) + return result; + + return memcmp(&a->in6.sin6_port, &b->in6.sin6_port, sizeof(a->in6.sin6_port)); + + default: + syslog(LOG_ERR, _("sockaddrcmp() was called with unknown address family %d, exitting!"), + a->sa.sa_family); + cp_trace(); + raise(SIGFPE); + exit(0); + } } -void sockaddrunmap(sockaddr_t *sa) +void sockaddrunmap(sockaddr_t * sa) { - if(sa->sa.sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sa->in6.sin6_addr)) - { - sa->in.sin_addr.s_addr = ((uint32_t *)&sa->in6.sin6_addr)[3]; - sa->in.sin_family = AF_INET; - } + if(sa->sa.sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sa->in6.sin6_addr)) { + sa->in.sin_addr.s_addr = ((uint32_t *) & sa->in6.sin6_addr)[3]; + sa->in.sin_family = AF_INET; + } } /* Subnet mask handling */ int maskcmp(void *va, void *vb, int masklen, int len) { - int i, m, result; - char *a = va; - char *b = vb; - cp(); - for(m = masklen, i = 0; m >= 8; m -= 8, i++) - { - result = a[i] - b[i]; - if(result) - return result; - } - - if(m) - return (a[i] & (0x100 - (1 << (8 - m)))) - (b[i] & (0x100 - (1 << (8 - m)))); + int i, m, result; + char *a = va; + char *b = vb; - return 0; + cp(); + + for(m = masklen, i = 0; m >= 8; m -= 8, i++) { + result = a[i] - b[i]; + if(result) + return result; + } + + if(m) + return (a[i] & (0x100 - (1 << (8 - m)))) - + (b[i] & (0x100 - (1 << (8 - m)))); + + return 0; } void mask(void *va, int masklen, int len) { - int i; - char *a = va; - cp(); - i = masklen / 8; - masklen %= 8; - - if(masklen) - a[i++] &= (0x100 - (1 << masklen)); - - for(; i < len; i++) - a[i] = 0; + int i; + char *a = va; + + cp(); + + i = masklen / 8; + masklen %= 8; + + if(masklen) + a[i++] &= (0x100 - (1 << masklen)); + + for(; i < len; i++) + a[i] = 0; } void maskcpy(void *va, void *vb, int masklen, int len) { - int i, m; - char *a = va; - char *b = vb; - cp(); - for(m = masklen, i = 0; m >= 8; m -= 8, i++) - a[i] = b[i]; + int i, m; + char *a = va; + char *b = vb; - if(m) - { - a[i] = b[i] & (0x100 - (1 << m)); - i++; - } + cp(); - for(; i < len; i++) - a[i] = 0; + for(m = masklen, i = 0; m >= 8; m -= 8, i++) + a[i] = b[i]; + + if(m) { + a[i] = b[i] & (0x100 - (1 << m)); + i++; + } + + for(; i < len; i++) + a[i] = 0; } int maskcheck(void *va, int masklen, int len) { - int i; - char *a = va; - cp(); - i = masklen / 8; - masklen %= 8; + int i; + char *a = va; - if(masklen && a[i++] & (0xff >> masklen)) - return -1; + cp(); - for(; i < len; i++) - if(a[i] != 0) - return -2; + i = masklen / 8; + masklen %= 8; - return 0; + if(masklen && a[i++] & (0xff >> masklen)) + return -1; + + for(; i < len; i++) + if(a[i] != 0) + return -2; + + return 0; } diff --git a/src/netutl.h b/src/netutl.h index db5e2143..5554b275 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.13 2002/06/21 10:11:13 guus Exp $ + $Id: netutl.h,v 1.2.4.14 2002/09/09 21:24:41 guus Exp $ */ #ifndef __TINC_NETUTL_H__ @@ -42,4 +42,4 @@ extern void maskcpy(void *, void *, int, int); extern void mask(void *, int, int); extern int maskcheck(void *, int, int); -#endif /* __TINC_NETUTL_H__ */ +#endif /* __TINC_NETUTL_H__ */ diff --git a/src/node.c b/src/node.c index 4fdb99c1..89b1689d 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.16 2002/09/09 19:39:59 guus Exp $ + $Id: node.c,v 1.1.2.17 2002/09/09 21:24:41 guus Exp $ */ #include "config.h" @@ -34,140 +34,151 @@ #include "system.h" -avl_tree_t *node_tree; /* Known nodes, sorted by name */ -avl_tree_t *node_udp_tree; /* Known nodes, sorted by address and port */ +avl_tree_t *node_tree; /* Known nodes, sorted by name */ +avl_tree_t *node_udp_tree; /* Known nodes, sorted by address and port */ node_t *myself; -int node_compare(node_t *a, node_t *b) +int node_compare(node_t * a, node_t * b) { - return strcmp(a->name, b->name); + return strcmp(a->name, b->name); } -int node_udp_compare(node_t *a, node_t *b) +int node_udp_compare(node_t * a, node_t * b) { - int result; - cp(); - result = sockaddrcmp(&a->address, &b->address); + int result; - if(result) - return result; + cp(); - return (a->name && b->name)?strcmp(a->name, b->name):0; + result = sockaddrcmp(&a->address, &b->address); + + if(result) + return result; + + return (a->name && b->name) ? strcmp(a->name, b->name) : 0; } void init_nodes(void) { - cp(); - node_tree = avl_alloc_tree((avl_compare_t)node_compare, NULL); - node_udp_tree = avl_alloc_tree((avl_compare_t)node_udp_compare, NULL); - cp(); + cp(); + + node_tree = avl_alloc_tree((avl_compare_t) node_compare, NULL); + node_udp_tree = avl_alloc_tree((avl_compare_t) node_udp_compare, NULL); } void exit_nodes(void) { - cp(); - avl_delete_tree(node_tree); - avl_delete_tree(node_udp_tree); - cp(); + cp(); + + avl_delete_tree(node_tree); + avl_delete_tree(node_udp_tree); } node_t *new_node(void) { - node_t *n = (node_t *)xmalloc_and_zero(sizeof(*n)); - cp(); - n->subnet_tree = new_subnet_tree(); - n->edge_tree = new_edge_tree(); - n->queue = list_alloc((list_action_t)free); - cp(); - return n; + node_t *n = (node_t *) xmalloc_and_zero(sizeof(*n)); + + cp(); + + n->subnet_tree = new_subnet_tree(); + n->edge_tree = new_edge_tree(); + n->queue = list_alloc((list_action_t) free); + + return n; } -void free_node(node_t *n) +void free_node(node_t * n) { - cp(); - if(n->queue) - list_delete_list(n->queue); - if(n->name) - free(n->name); - if(n->hostname) - free(n->hostname); - if(n->key) - free(n->key); - if(n->subnet_tree) - free_subnet_tree(n->subnet_tree); - if(n->edge_tree) - free_edge_tree(n->edge_tree); - free(n); - cp(); + cp(); + + if(n->queue) + list_delete_list(n->queue); + + if(n->name) + free(n->name); + + if(n->hostname) + free(n->hostname); + + if(n->key) + free(n->key); + + if(n->subnet_tree) + free_subnet_tree(n->subnet_tree); + + if(n->edge_tree) + free_edge_tree(n->edge_tree); + + free(n); } -void node_add(node_t *n) +void node_add(node_t * n) { - cp(); - avl_insert(node_tree, n); - avl_insert(node_udp_tree, n); - cp(); + cp(); + + avl_insert(node_tree, n); + avl_insert(node_udp_tree, n); } -void node_del(node_t *n) +void node_del(node_t * n) { - avl_node_t *node, *next; - edge_t *e; - subnet_t *s; - cp(); - for(node = n->subnet_tree->head; node; node = next) - { - next = node->next; - s = (subnet_t *)node->data; - subnet_del(n, s); - } + avl_node_t *node, *next; + edge_t *e; + subnet_t *s; - for(node = n->edge_tree->head; node; node = next) - { - next = node->next; - e = (edge_t *)node->data; - edge_del(e); - } - cp(); - avl_delete(node_tree, n); - avl_delete(node_udp_tree, n); - cp(); + cp(); + + for(node = n->subnet_tree->head; node; node = next) { + next = node->next; + s = (subnet_t *) node->data; + subnet_del(n, s); + } + + for(node = n->edge_tree->head; node; node = next) { + next = node->next; + e = (edge_t *) node->data; + edge_del(e); + } + + avl_delete(node_tree, n); + avl_delete(node_udp_tree, n); } node_t *lookup_node(char *name) { - node_t n; - cp(); - n.name = name; - return avl_search(node_tree, &n); + node_t n; + cp(); + n.name = name; + return avl_search(node_tree, &n); } -node_t *lookup_node_udp(sockaddr_t *sa) +node_t *lookup_node_udp(sockaddr_t * sa) { - node_t n; - cp(); - n.address = *sa; - n.name = NULL; + node_t n; + cp(); + n.address = *sa; + n.name = NULL; - return avl_search(node_udp_tree, &n); + return avl_search(node_udp_tree, &n); } void dump_nodes(void) { - avl_node_t *node; - node_t *n; - cp(); - syslog(LOG_DEBUG, _("Nodes:")); + avl_node_t *node; + node_t *n; - for(node = node_tree->head; node; node = node->next) - { - n = (node_t *)node->data; - syslog(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), - n->name, n->hostname, n->cipher?n->cipher->nid:0, n->digest?n->digest->type:0, n->maclength, n->compression, n->options, - n->status, n->nexthop?n->nexthop->name:"-", n->via?n->via->name:"-"); - } - - syslog(LOG_DEBUG, _("End of nodes.")); - cp(); + cp(); + + syslog(LOG_DEBUG, _("Nodes:")); + + for(node = node_tree->head; node; node = node->next) { + n = (node_t *) node->data; + syslog(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), + n->name, n->hostname, n->cipher ? n->cipher->nid : 0, + n->digest ? n->digest->type : 0, n->maclength, n->compression, + n->options, n->status, n->nexthop ? n->nexthop->name : "-", + n->via ? n->via->name : "-"); + } + + syslog(LOG_DEBUG, _("End of nodes.")); } diff --git a/src/node.h b/src/node.h index 8f6b30ff..e4dcd524 100644 --- a/src/node.h +++ b/src/node.h @@ -17,14 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.19 2002/09/04 13:48:52 guus Exp $ + $Id: node.h,v 1.1.2.20 2002/09/09 21:24:41 guus Exp $ */ #ifndef __TINC_NODE_H__ #define __TINC_NODE_H__ #ifdef HAVE_INTTYPES_H - #include +#include #endif #include @@ -33,46 +33,46 @@ #include "connection.h" typedef struct node_status_t { - int active:1; /* 1 if active.. */ - int validkey:1; /* 1 if we currently have a valid key for him */ - int waitingforkey:1; /* 1 if we already sent out a request */ - int visited:1; /* 1 if this node has been visited by one of the graph algorithms */ - int reachable:1; /* 1 if this node is reachable in the graph */ - int indirect:1; /* 1 if this node is not directly reachable by us */ - int unused:26; + int active:1; /* 1 if active.. */ + int validkey:1; /* 1 if we currently have a valid key for him */ + int waitingforkey:1; /* 1 if we already sent out a request */ + int visited:1; /* 1 if this node has been visited by one of the graph algorithms */ + int reachable:1; /* 1 if this node is reachable in the graph */ + int indirect:1; /* 1 if this node is not directly reachable by us */ + int unused:26; } node_status_t; typedef struct node_t { - char *name; /* name of this node */ - long int options; /* options turned on for this node */ + char *name; /* name of this node */ + long int options; /* options turned on for this node */ - sockaddr_t address; /* his real (internet) ip to send UDP packets to */ - char *hostname; /* the hostname of its real ip */ + sockaddr_t address; /* his real (internet) ip to send UDP packets to */ + char *hostname; /* the hostname of its real ip */ - struct node_status_t status; + struct node_status_t status; - const EVP_CIPHER *cipher; /* Cipher type for UDP packets */ - char *key; /* Cipher key and iv */ - int keylength; /* Cipher key and iv length*/ + const EVP_CIPHER *cipher; /* Cipher type for UDP packets */ + char *key; /* Cipher key and iv */ + int keylength; /* Cipher key and iv length */ - const EVP_MD *digest; /* Digest type for MAC */ - int maclength; /* Length of MAC */ + const EVP_MD *digest; /* Digest type for MAC */ + int maclength; /* Length of MAC */ - int compression; /* Compressionlevel, 0 = no compression */ + int compression; /* Compressionlevel, 0 = no compression */ - list_t *queue; /* Queue for packets awaiting to be encrypted */ + list_t *queue; /* Queue for packets awaiting to be encrypted */ - struct node_t *nexthop; /* nearest node from us to him */ - struct node_t *via; /* next hop for UDP packets */ - - avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */ + struct node_t *nexthop; /* nearest node from us to him */ + struct node_t *via; /* next hop for UDP packets */ - avl_tree_t *edge_tree; /* Edges with this node as one of the endpoints */ + avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */ - struct connection_t *connection; /* Connection associated with this node (if a direct connection exists) */ + avl_tree_t *edge_tree; /* Edges with this node as one of the endpoints */ - uint32_t sent_seqno; /* Sequence number last sent to this node */ - uint32_t received_seqno; /* Sequence number last received from this node */ + struct connection_t *connection; /* Connection associated with this node (if a direct connection exists) */ + + uint32_t sent_seqno; /* Sequence number last sent to this node */ + uint32_t received_seqno; /* Sequence number last received from this node */ } node_t; extern struct node_t *myself; @@ -89,4 +89,4 @@ extern node_t *lookup_node(char *); extern node_t *lookup_node_udp(sockaddr_t *); extern void dump_nodes(void); -#endif /* __TINC_NODE_H__ */ +#endif /* __TINC_NODE_H__ */ diff --git a/src/openbsd/device.c b/src/openbsd/device.c index 1a339a5e..dee8fa0a 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.9 2002/06/21 10:11:36 guus Exp $ + $Id: device.c,v 1.1.2.10 2002/09/09 21:25:26 guus Exp $ */ #include "config.h" @@ -63,133 +63,125 @@ extern subnet_t mymac; */ int setup_device(void) { - if(!get_config_string(lookup_config(config_tree, "Device"), &device)) - device = DEFAULT_DEVICE; + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - interface = rindex(device, '/')?rindex(device, '/')+1:device; -cp - if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) - { - syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); - return -1; - } -cp - /* Set default MAC address for ethertap devices */ + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; + cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { + syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + return -1; + } + cp + /* Set default MAC address for ethertap devices */ + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; + device_info = _("OpenBSD tun device"); - device_info = _("OpenBSD tun device"); - - syslog(LOG_INFO, _("%s is a %s"), device, device_info); -cp - return 0; + syslog(LOG_INFO, _("%s is a %s"), device, device_info); + cp return 0; } void close_device(void) { -cp - close(device_fd); -cp -} + cp close(device_fd); +cp} -int read_packet(vpn_packet_t *packet) +int read_packet(vpn_packet_t * packet) { - int lenin; - u_int32_t type; - struct iovec vector[2] = {{&type, sizeof(type)}, {packet->data + 14, MTU - 14}}; -cp + int lenin; + u_int32_t type; + struct iovec vector[2] = { {&type, sizeof(type)} + , {packet->data + 14, MTU - 14} + }; + cp if((lenin = readv(device_fd, vector, 2)) <= 0) { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return -1; + } - if((lenin = readv(device_fd, vector, 2)) <= 0) - { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + memcpy(packet->data, mymac.net.mac.address.x, 6); + memcpy(packet->data + 6, mymac.net.mac.address.x, 6); - memcpy(packet->data, mymac.net.mac.address.x, 6); - memcpy(packet->data + 6, mymac.net.mac.address.x, 6); + switch (ntohl(type)) { + case AF_INET: + packet->data[12] = 0x8; + packet->data[13] = 0x0; + break; + case AF_INET6: + packet->data[12] = 0x86; + packet->data[13] = 0xDD; + break; + default: + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, + _ + ("Unknown address family %d while reading packet from %s %s"), + ntohl(type), device_info, device); + return -1; + } - switch(ntohl(type)) - { - case AF_INET: - packet->data[12] = 0x8; - packet->data[13] = 0x0; - break; - case AF_INET6: - packet->data[12] = 0x86; - packet->data[13] = 0xDD; - break; - default: - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Unknown address family %d while reading packet from %s %s"), ntohl(type), device_info, device); - return -1; - } + packet->len = lenin + 10; - packet->len = lenin + 10; + device_total_in += packet->len; - device_total_in += packet->len; + if(debug_lvl >= DEBUG_TRAFFIC) { + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + device_info); + } - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - } + return 0; +cp} - return 0; -cp -} - -int write_packet(vpn_packet_t *packet) +int write_packet(vpn_packet_t * packet) { - u_int32_t type; - struct iovec vector[2]; - int af; -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), - packet->len, device_info); + u_int32_t type; + struct iovec vector[2]; + int af; + cp if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); - af = (packet->data[12] << 8) + packet->data[13]; + af = (packet->data[12] << 8) + packet->data[13]; - switch(af) - { - case 0x800: - type = htonl(AF_INET); - break; - case 0x86DD: - type = htonl(AF_INET6); - break; - default: - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Unknown address family %d while writing packet to %s %s"), af, device_info, device); - return -1; - } + switch (af) { + case 0x800: + type = htonl(AF_INET); + break; + case 0x86DD: + type = htonl(AF_INET6); + break; + default: + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, + _("Unknown address family %d while writing packet to %s %s"), + af, device_info, device); + return -1; + } - vector[0].iov_base = &type; - vector[0].iov_len = sizeof(type); - vector[1].iov_base = packet->data + 14; - vector[1].iov_len = packet->len - 14; + vector[0].iov_base = &type; + vector[0].iov_len = sizeof(type); + vector[1].iov_base = packet->data + 14; + vector[1].iov_len = packet->len - 14; - if(writev(device_fd, vector, 2) < 0) - { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + if(writev(device_fd, vector, 2) < 0) { + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + strerror(errno)); + return -1; + } - device_total_out += packet->len; -cp -} + device_total_out += packet->len; +cp} void dump_device_stats(void) { -cp - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp -} + cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp} diff --git a/src/process.c b/src/process.c index 3e075524..f149d7cd 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.45 2002/09/09 19:39:59 guus Exp $ + $Id: process.c,v 1.1.2.46 2002/09/09 21:24:41 guus Exp $ */ #include "config.h" @@ -66,9 +66,9 @@ extern int do_purge; void memory_full(int size) { - syslog(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exitting."), size); - cp_trace(); - exit(1); + syslog(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exitting."), size); + cp_trace(); + exit(1); } /* Some functions the less gifted operating systems might lack... */ @@ -76,13 +76,13 @@ void memory_full(int size) #ifndef HAVE_FCLOSEALL int fcloseall(void) { - fflush(stdin); - fflush(stdout); - fflush(stderr); - fclose(stdin); - fclose(stdout); - fclose(stderr); - return 0; + fflush(stdin); + fflush(stdout); + fflush(stderr); + fclose(stdin); + fclose(stdout); + fclose(stderr); + return 0; } #endif @@ -91,16 +91,17 @@ int fcloseall(void) */ void cleanup_and_exit(int c) { - cp(); - close_network_connections(); + cp(); - if(debug_lvl > DEBUG_NOTHING) - dump_device_stats(); + close_network_connections(); - syslog(LOG_NOTICE, _("Terminating")); + if(debug_lvl > DEBUG_NOTHING) + dump_device_stats(); - closelog(); - exit(c); + syslog(LOG_NOTICE, _("Terminating")); + + closelog(); + exit(c); } /* @@ -108,25 +109,26 @@ void cleanup_and_exit(int c) */ int write_pidfile(void) { - int pid; - cp(); - pid = check_pid(pidfilename); + int pid; - if(pid) - { - if(netname) - fprintf(stderr, _("A tincd is already running for net `%s' with pid %d.\n"), - netname, pid); - else - fprintf(stderr, _("A tincd is already running with pid %d.\n"), pid); - return 1; - } + cp(); - /* if it's locked, write-protected, or whatever */ - if(!write_pid(pidfilename)) - return 1; - cp(); - return 0; + pid = check_pid(pidfilename); + + if(pid) { + if(netname) + fprintf(stderr, _("A tincd is already running for net `%s' with pid %d.\n"), + netname, pid); + else + fprintf(stderr, _("A tincd is already running with pid %d.\n"), pid); + return 1; + } + + /* if it's locked, write-protected, or whatever */ + if(!write_pid(pidfilename)) + return 1; + + return 0; } /* @@ -134,33 +136,36 @@ int write_pidfile(void) */ int kill_other(int signal) { - int pid; - cp(); - pid = read_pid(pidfilename); + int pid; - if(!pid) - { - if(netname) - fprintf(stderr, _("No other tincd is running for net `%s'.\n"), netname); - else - fprintf(stderr, _("No other tincd is running.\n")); - return 1; - } + cp(); - errno = 0; /* No error, sometimes errno is only changed on error */ - /* ESRCH is returned when no process with that pid is found */ - if(kill(pid, signal) && errno == ESRCH) - { - if(netname) - fprintf(stderr, _("The tincd for net `%s' is no longer running. "), netname); - else - fprintf(stderr, _("The tincd is no longer running. ")); + pid = read_pid(pidfilename); - fprintf(stderr, _("Removing stale lock file.\n")); - remove_pid(pidfilename); - } - cp(); - return 0; + if(!pid) { + if(netname) + fprintf(stderr, _("No other tincd is running for net `%s'.\n"), + netname); + else + fprintf(stderr, _("No other tincd is running.\n")); + return 1; + } + + errno = 0; /* No error, sometimes errno is only changed on error */ + + /* ESRCH is returned when no process with that pid is found */ + if(kill(pid, signal) && errno == ESRCH) { + if(netname) + fprintf(stderr, _("The tincd for net `%s' is no longer running. "), + netname); + else + fprintf(stderr, _("The tincd is no longer running. ")); + + fprintf(stderr, _("Removing stale lock file.\n")); + remove_pid(pidfilename); + } + + return 0; } /* @@ -168,69 +173,73 @@ int kill_other(int signal) */ int detach(void) { - cp(); - setup_signals(); + cp(); - /* First check if we can open a fresh new pidfile */ - - if(write_pidfile()) - return -1; + setup_signals(); - /* If we succeeded in doing that, detach */ + /* First check if we can open a fresh new pidfile */ - closelog(); + if(write_pidfile()) + return -1; - if(do_detach) - { - if(daemon(0, 0) < 0) - { - fprintf(stderr, _("Couldn't detach from terminal: %s"), strerror(errno)); - return -1; + /* If we succeeded in doing that, detach */ + + closelog(); + + if(do_detach) { + if(daemon(0, 0) < 0) { + fprintf(stderr, _("Couldn't detach from terminal: %s"), + strerror(errno)); + return -1; + } + + /* Now UPDATE the pid in the pidfile, because we changed it... */ + + if(!write_pid(pidfilename)) + return -1; } - /* Now UPDATE the pid in the pidfile, because we changed it... */ - - if(!write_pid(pidfilename)) - return -1; - } - - openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); + openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d"), - VERSION, __DATE__, __TIME__, debug_lvl); - else - syslog(LOG_NOTICE, _("tincd %s starting"), VERSION); + if(debug_lvl > DEBUG_NOTHING) + syslog(LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d"), + VERSION, __DATE__, __TIME__, debug_lvl); + else + syslog(LOG_NOTICE, _("tincd %s starting"), VERSION); - xalloc_fail_func = memory_full; - cp(); - return 0; + xalloc_fail_func = memory_full; + + return 0; } /* Execute the program name, with sane environment. All output will be redirected to syslog. */ -void _execute_script(const char *scriptname, char **envp) __attribute__ ((noreturn)); +void _execute_script(const char *scriptname, char **envp) + __attribute__ ((noreturn)); void _execute_script(const char *scriptname, char **envp) { - char *s; - cp(); - while(*envp) - putenv(*envp++); - - chdir("/"); - - /* Close all file descriptors */ - closelog(); /* <- this means we cannot use syslog() here anymore! */ - fcloseall(); + char *s; - execl(scriptname, NULL); - /* No return on success */ + cp(); - openlog("tinc", LOG_CONS | LOG_PID, LOG_DAEMON); - syslog(LOG_ERR, _("Could not execute `%s': %s"), scriptname, strerror(errno)); - exit(errno); + while(*envp) + putenv(*envp++); + + chdir("/"); + + /* Close all file descriptors */ + closelog(); /* <- this means we cannot use syslog() here anymore! */ + fcloseall(); + + execl(scriptname, NULL); + /* No return on success */ + + openlog("tinc", LOG_CONS | LOG_PID, LOG_DAEMON); + syslog(LOG_ERR, _("Could not execute `%s': %s"), scriptname, + strerror(errno)); + exit(errno); } /* @@ -238,67 +247,62 @@ void _execute_script(const char *scriptname, char **envp) */ int execute_script(const char *name, char **envp) { - pid_t pid; - int status; - struct stat s; - char *scriptname; - cp(); - asprintf(&scriptname, "%s/%s", confbase, name); + pid_t pid; + int status; + struct stat s; + char *scriptname; - /* First check if there is a script */ + cp(); - if(stat(scriptname, &s)) - return 0; + asprintf(&scriptname, "%s/%s", confbase, name); - pid = fork(); - - if(pid < 0) - { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "fork", strerror(errno)); - return -1; - } + /* First check if there is a script */ - if(pid) - { - if(debug_lvl >= DEBUG_STATUS) - syslog(LOG_INFO, _("Executing script %s"), name); + if(stat(scriptname, &s)) + return 0; - free(scriptname); + pid = fork(); - if(waitpid(pid, &status, 0) == pid) - { - if(WIFEXITED(status)) /* Child exited by itself */ - { - if(WEXITSTATUS(status)) - { - syslog(LOG_ERR, _("Process %d (%s) exited with non-zero status %d"), pid, name, WEXITSTATUS(status)); - return -1; - } - else - return 0; - } - else if(WIFSIGNALED(status)) /* Child was killed by a signal */ - { - syslog(LOG_ERR, _("Process %d (%s) was killed by signal %d (%s)"), - pid, name, WTERMSIG(status), strsignal(WTERMSIG(status))); - return -1; - } - else /* Something strange happened */ - { - syslog(LOG_ERR, _("Process %d (%s) terminated abnormally"), pid, name); - return -1; - } - } - else - { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "waitpid", strerror(errno)); - return -1; - } - } - cp(); - /* Child here */ + if(pid < 0) { + syslog(LOG_ERR, _("System call `%s' failed: %s"), "fork", + strerror(errno)); + return -1; + } - _execute_script(scriptname, envp); + if(pid) { + if(debug_lvl >= DEBUG_STATUS) + syslog(LOG_INFO, _("Executing script %s"), name); + + free(scriptname); + + if(waitpid(pid, &status, 0) == pid) { + if(WIFEXITED(status)) { /* Child exited by itself */ + if(WEXITSTATUS(status)) { + syslog(LOG_ERR, _("Process %d (%s) exited with non-zero status %d"), + pid, name, WEXITSTATUS(status)); + return -1; + } else + return 0; + } else if(WIFSIGNALED(status)) { /* Child was killed by a signal */ + syslog(LOG_ERR, _("Process %d (%s) was killed by signal %d (%s)"), pid, + name, WTERMSIG(status), strsignal(WTERMSIG(status))); + return -1; + } else { /* Something strange happened */ + + syslog(LOG_ERR, _("Process %d (%s) terminated abnormally"), pid, + name); + return -1; + } + } else { + syslog(LOG_ERR, _("System call `%s' failed: %s"), "waitpid", + strerror(errno)); + return -1; + } + } + + /* Child here */ + + _execute_script(scriptname, envp); } @@ -306,186 +310,171 @@ int execute_script(const char *name, char **envp) Signal handlers. */ -RETSIGTYPE -sigterm_handler(int a) +RETSIGTYPE sigterm_handler(int a) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got TERM signal")); + if(debug_lvl > DEBUG_NOTHING) + syslog(LOG_NOTICE, _("Got TERM signal")); - cleanup_and_exit(0); + cleanup_and_exit(0); } -RETSIGTYPE -sigquit_handler(int a) +RETSIGTYPE sigquit_handler(int a) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got QUIT signal")); - cleanup_and_exit(0); + if(debug_lvl > DEBUG_NOTHING) + syslog(LOG_NOTICE, _("Got QUIT signal")); + cleanup_and_exit(0); } -RETSIGTYPE -fatal_signal_square(int a) +RETSIGTYPE fatal_signal_square(int a) { - syslog(LOG_ERR, _("Got another fatal signal %d (%s): not restarting."), a, strsignal(a)); - cp_trace(); - exit(1); + syslog(LOG_ERR, _("Got another fatal signal %d (%s): not restarting."), a, + strsignal(a)); + cp_trace(); + exit(1); } -RETSIGTYPE -fatal_signal_handler(int a) +RETSIGTYPE fatal_signal_handler(int a) { - struct sigaction act; - syslog(LOG_ERR, _("Got fatal signal %d (%s)"), a, strsignal(a)); - cp_trace(); + struct sigaction act; + syslog(LOG_ERR, _("Got fatal signal %d (%s)"), a, strsignal(a)); + cp_trace(); - if(do_detach) - { - syslog(LOG_NOTICE, _("Trying to re-execute in 5 seconds...")); + if(do_detach) { + syslog(LOG_NOTICE, _("Trying to re-execute in 5 seconds...")); - act.sa_handler = fatal_signal_square; - act.sa_mask = emptysigset; - act.sa_flags = 0; - sigaction(SIGSEGV, &act, NULL); + act.sa_handler = fatal_signal_square; + act.sa_mask = emptysigset; + act.sa_flags = 0; + sigaction(SIGSEGV, &act, NULL); - close_network_connections(); - sleep(5); - remove_pid(pidfilename); - execvp(g_argv[0], g_argv); - } - else - { - syslog(LOG_NOTICE, _("Not restarting.")); - exit(1); - } + close_network_connections(); + sleep(5); + remove_pid(pidfilename); + execvp(g_argv[0], g_argv); + } else { + syslog(LOG_NOTICE, _("Not restarting.")); + exit(1); + } } -RETSIGTYPE -sighup_handler(int a) +RETSIGTYPE sighup_handler(int a) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got HUP signal")); - sighup = 1; + if(debug_lvl > DEBUG_NOTHING) + syslog(LOG_NOTICE, _("Got HUP signal")); + sighup = 1; } -RETSIGTYPE -sigint_handler(int a) +RETSIGTYPE sigint_handler(int a) { - if(saved_debug_lvl) - { - syslog(LOG_NOTICE, _("Reverting to old debug level (%d)"), - saved_debug_lvl); - debug_lvl = saved_debug_lvl; - saved_debug_lvl = 0; - } - else - { - syslog(LOG_NOTICE, _("Temporarily setting debug level to 5. Kill me with SIGINT again to go back to level %d."), - debug_lvl); - saved_debug_lvl = debug_lvl; - debug_lvl = 5; - } + if(saved_debug_lvl) { + syslog(LOG_NOTICE, _("Reverting to old debug level (%d)"), + saved_debug_lvl); + debug_lvl = saved_debug_lvl; + saved_debug_lvl = 0; + } else { + syslog(LOG_NOTICE, + _ + ("Temporarily setting debug level to 5. Kill me with SIGINT again to go back to level %d."), + debug_lvl); + saved_debug_lvl = debug_lvl; + debug_lvl = 5; + } } -RETSIGTYPE -sigalrm_handler(int a) +RETSIGTYPE sigalrm_handler(int a) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got ALRM signal")); - sigalrm = 1; + if(debug_lvl > DEBUG_NOTHING) + syslog(LOG_NOTICE, _("Got ALRM signal")); + sigalrm = 1; } -RETSIGTYPE -sigusr1_handler(int a) +RETSIGTYPE sigusr1_handler(int a) { - dump_connections(); + dump_connections(); } -RETSIGTYPE -sigusr2_handler(int a) +RETSIGTYPE sigusr2_handler(int a) { - dump_device_stats(); - dump_nodes(); - dump_edges(); - dump_subnets(); + dump_device_stats(); + dump_nodes(); + dump_edges(); + dump_subnets(); } -RETSIGTYPE -sigwinch_handler(int a) +RETSIGTYPE sigwinch_handler(int a) { - extern int do_purge; - do_purge = 1; + extern int do_purge; + do_purge = 1; } -RETSIGTYPE -unexpected_signal_handler(int a) +RETSIGTYPE unexpected_signal_handler(int a) { - syslog(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); - cp_trace(); + syslog(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); + cp_trace(); } -RETSIGTYPE -ignore_signal_handler(int a) +RETSIGTYPE ignore_signal_handler(int a) { - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - syslog(LOG_DEBUG, _("Ignored signal %d (%s)"), a, strsignal(a)); - cp_trace(); - } + if(debug_lvl >= DEBUG_SCARY_THINGS) { + syslog(LOG_DEBUG, _("Ignored signal %d (%s)"), a, strsignal(a)); + cp_trace(); + } } struct { - int signal; - void (*handler)(int); + int signal; + void (*handler) (int); } sighandlers[] = { - { SIGHUP, sighup_handler }, - { SIGTERM, sigterm_handler }, - { SIGQUIT, sigquit_handler }, - { SIGSEGV, fatal_signal_handler }, - { SIGBUS, fatal_signal_handler }, - { SIGILL, fatal_signal_handler }, - { SIGPIPE, ignore_signal_handler }, - { SIGINT, sigint_handler }, - { SIGUSR1, sigusr1_handler }, - { SIGUSR2, sigusr2_handler }, - { SIGCHLD, ignore_signal_handler }, - { SIGALRM, sigalrm_handler }, - { SIGWINCH, sigwinch_handler }, - { 0, NULL } + { + SIGHUP, sighup_handler}, { + SIGTERM, sigterm_handler}, { + SIGQUIT, sigquit_handler}, { + SIGSEGV, fatal_signal_handler}, { + SIGBUS, fatal_signal_handler}, { + SIGILL, fatal_signal_handler}, { + SIGPIPE, ignore_signal_handler}, { + SIGINT, sigint_handler}, { + SIGUSR1, sigusr1_handler}, { + SIGUSR2, sigusr2_handler}, { + SIGCHLD, ignore_signal_handler}, { + SIGALRM, sigalrm_handler}, { + SIGWINCH, sigwinch_handler}, { + 0, NULL} }; -void -setup_signals(void) +void setup_signals(void) { - int i; - struct sigaction act; + int i; + struct sigaction act; - sigemptyset(&emptysigset); - act.sa_handler = NULL; - act.sa_mask = emptysigset; - act.sa_flags = 0; + sigemptyset(&emptysigset); + act.sa_handler = NULL; + act.sa_mask = emptysigset; + act.sa_flags = 0; - /* Set a default signal handler for every signal, errors will be - ignored. */ - for(i = 0; i < NSIG; i++) - { - if(!do_detach) - act.sa_handler = SIG_DFL; - else - act.sa_handler = unexpected_signal_handler; - sigaction(i, &act, NULL); - } + /* Set a default signal handler for every signal, errors will be + ignored. */ + for(i = 0; i < NSIG; i++) { + if(!do_detach) + act.sa_handler = SIG_DFL; + else + act.sa_handler = unexpected_signal_handler; + sigaction(i, &act, NULL); + } - /* If we didn't detach, allow coredumps */ - if(!do_detach) - sighandlers[3].handler = SIG_DFL; + /* If we didn't detach, allow coredumps */ + if(!do_detach) + sighandlers[3].handler = SIG_DFL; - /* Then, for each known signal that we want to catch, assign a - handler to the signal, with error checking this time. */ - for(i = 0; sighandlers[i].signal; i++) - { - act.sa_handler = sighandlers[i].handler; - if(sigaction(sighandlers[i].signal, &act, NULL) < 0) - fprintf(stderr, _("Installing signal handler for signal %d (%s) failed: %s\n"), - sighandlers[i].signal, strsignal(sighandlers[i].signal), strerror(errno)); - } + /* Then, for each known signal that we want to catch, assign a + handler to the signal, with error checking this time. */ + for(i = 0; sighandlers[i].signal; i++) { + act.sa_handler = sighandlers[i].handler; + if(sigaction(sighandlers[i].signal, &act, NULL) < 0) + fprintf(stderr, + _ + ("Installing signal handler for signal %d (%s) failed: %s\n"), + sighandlers[i].signal, strsignal(sighandlers[i].signal), + strerror(errno)); + } } diff --git a/src/process.h b/src/process.h index 6620489b..dd794e40 100644 --- a/src/process.h +++ b/src/process.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.12 2002/07/10 11:27:06 guus Exp $ + $Id: process.h,v 1.1.2.13 2002/09/09 21:24:41 guus Exp $ */ #ifndef __TINC_PROCESS_H__ @@ -33,4 +33,4 @@ extern int detach(void); extern int kill_other(int); extern void cleanup_and_exit(int); -#endif /* __TINC_PROCESS_H__ */ +#endif /* __TINC_PROCESS_H__ */ diff --git a/src/protocol.c b/src/protocol.c index 7a7e901d..565087cd 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.135 2002/09/09 19:39:59 guus Exp $ + $Id: protocol.c,v 1.28.4.136 2002/09/09 21:24:41 guus Exp $ */ #include "config.h" @@ -45,221 +45,221 @@ avl_tree_t *past_request_tree; int check_id(char *id) { - int i; + int i; - for (i = 0; i < strlen(id); i++) - if(!isalnum(id[i]) && id[i] != '_') - return -1; - - return 0; + for(i = 0; i < strlen(id); i++) + if(!isalnum(id[i]) && id[i] != '_') + return -1; + + return 0; } /* Generic request routines - takes care of logging and error detection as well */ -int send_request(connection_t *c, const char *format, ...) +int send_request(connection_t * c, const char *format, ...) { - va_list args; - char buffer[MAXBUFSIZE]; - int len, request; + va_list args; + char buffer[MAXBUFSIZE]; + int len, request; - cp(); - /* Use vsnprintf instead of vasprintf: faster, no memory - fragmentation, cleanup is automatic, and there is a limit on the - input buffer anyway */ + cp(); - va_start(args, format); - len = vsnprintf(buffer, MAXBUFSIZE, format, args); - va_end(args); + /* Use vsnprintf instead of vasprintf: faster, no memory + fragmentation, cleanup is automatic, and there is a limit on the + input buffer anyway */ - if(len < 0 || len > MAXBUFSIZE-1) - { - syslog(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), c->name, c->hostname); - return -1; - } + va_start(args, format); + len = vsnprintf(buffer, MAXBUFSIZE, format, args); + va_end(args); - if(debug_lvl >= DEBUG_PROTOCOL) - { - sscanf(buffer, "%d", &request); - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], c->name, c->hostname, buffer); - else - syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], c->name, c->hostname); - } - - buffer[len++] = '\n'; - cp(); - if(c == broadcast) - return broadcast_meta(NULL, buffer, len); - else - return send_meta(c, buffer, len); -} - -int forward_request(connection_t *from) -{ - int request; - cp(); - if(debug_lvl >= DEBUG_PROTOCOL) - { - sscanf(from->buffer, "%d", &request); - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Forwarding %s from %s (%s): %s"), request_name[request], from->name, from->hostname, from->buffer); - else - syslog(LOG_DEBUG, _("Forwarding %s from %s (%s)"), request_name[request], from->name, from->hostname); - } - - from->buffer[from->reqlen - 1] = '\n'; - cp(); - return broadcast_meta(from, from->buffer, from->reqlen); -} - -int receive_request(connection_t *c) -{ - int request; - cp(); - if(sscanf(c->buffer, "%d", &request) == 1) - { - if((request < 0) || (request >= LAST) || !request_handlers[request]) - { - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Unknown request from %s (%s): %s"), - c->name, c->hostname, c->buffer); - else - syslog(LOG_ERR, _("Unknown request from %s (%s)"), - c->name, c->hostname); - - return -1; - } - else - { - if(debug_lvl >= DEBUG_PROTOCOL) - { - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Got %s from %s (%s): %s"), - request_name[request], c->name, c->hostname, c->buffer); - else - syslog(LOG_DEBUG, _("Got %s from %s (%s)"), - request_name[request], c->name, c->hostname); - } + if(len < 0 || len > MAXBUFSIZE - 1) { + syslog(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), + c->name, c->hostname); + return -1; } - if((c->allow_request != ALL) && (c->allow_request != request)) - { - syslog(LOG_ERR, _("Unauthorized request from %s (%s)"), c->name, c->hostname); - return -1; - } + if(debug_lvl >= DEBUG_PROTOCOL) { + sscanf(buffer, "%d", &request); + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), + request_name[request], c->name, c->hostname, buffer); + else + syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], + c->name, c->hostname); + } - if(request_handlers[request](c)) - /* Something went wrong. Probably scriptkiddies. Terminate. */ - { - syslog(LOG_ERR, _("Error while processing %s from %s (%s)"), - request_name[request], c->name, c->hostname); - return -1; - } - } - else - { - syslog(LOG_ERR, _("Bogus data received from %s (%s)"), - c->name, c->hostname); - return -1; - } - cp(); - return 0; + buffer[len++] = '\n'; + + if(c == broadcast) + return broadcast_meta(NULL, buffer, len); + else + return send_meta(c, buffer, len); } -int past_request_compare(past_request_t *a, past_request_t *b) +int forward_request(connection_t * from) { - cp(); - return strcmp(a->request, b->request); + int request; + cp(); + + cp(); + + if(debug_lvl >= DEBUG_PROTOCOL) { + sscanf(from->buffer, "%d", &request); + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Forwarding %s from %s (%s): %s"), + request_name[request], from->name, from->hostname, + from->buffer); + else + syslog(LOG_DEBUG, _("Forwarding %s from %s (%s)"), + request_name[request], from->name, from->hostname); + } + + from->buffer[from->reqlen - 1] = '\n'; + + return broadcast_meta(from, from->buffer, from->reqlen); } -void free_past_request(past_request_t *r) +int receive_request(connection_t * c) { - cp(); - if(r->request) - free(r->request); - free(r); - cp(); + int request; + + cp(); + + if(sscanf(c->buffer, "%d", &request) == 1) { + if((request < 0) || (request >= LAST) || !request_handlers[request]) { + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Unknown request from %s (%s): %s"), + c->name, c->hostname, c->buffer); + else + syslog(LOG_ERR, _("Unknown request from %s (%s)"), + c->name, c->hostname); + + return -1; + } else { + if(debug_lvl >= DEBUG_PROTOCOL) { + if(debug_lvl >= DEBUG_META) + syslog(LOG_DEBUG, _("Got %s from %s (%s): %s"), + request_name[request], c->name, c->hostname, + c->buffer); + else + syslog(LOG_DEBUG, _("Got %s from %s (%s)"), + request_name[request], c->name, c->hostname); + } + } + + if((c->allow_request != ALL) && (c->allow_request != request)) { + syslog(LOG_ERR, _("Unauthorized request from %s (%s)"), c->name, + c->hostname); + return -1; + } + + if(request_handlers[request] (c)) + /* Something went wrong. Probably scriptkiddies. Terminate. */ + { + syslog(LOG_ERR, _("Error while processing %s from %s (%s)"), + request_name[request], c->name, c->hostname); + return -1; + } + } else { + syslog(LOG_ERR, _("Bogus data received from %s (%s)"), + c->name, c->hostname); + return -1; + } + + return 0; +} + +int past_request_compare(past_request_t * a, past_request_t * b) +{ + return strcmp(a->request, b->request); +} + +void free_past_request(past_request_t * r) +{ + cp(); + + if(r->request) + free(r->request); + + free(r); } void init_requests(void) { - cp(); - past_request_tree = avl_alloc_tree((avl_compare_t)past_request_compare, (avl_action_t)free_past_request); - cp(); + cp(); + + past_request_tree = avl_alloc_tree((avl_compare_t) past_request_compare, (avl_action_t) free_past_request); } void exit_requests(void) { - cp(); - avl_delete_tree(past_request_tree); - cp(); + cp(); + + avl_delete_tree(past_request_tree); } int seen_request(char *request) { - past_request_t p, *new; - cp(); - p.request = request; + past_request_t p, *new; - if(avl_search(past_request_tree, &p)) - { - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, _("Already seen request")); - return 1; - } - else - { - new = (past_request_t *)xmalloc(sizeof(*new)); - new->request = xstrdup(request); - new->firstseen = now; - avl_insert(past_request_tree, new); - return 0; - } - cp(); + cp(); + + p.request = request; + + if(avl_search(past_request_tree, &p)) { + if(debug_lvl >= DEBUG_SCARY_THINGS) + syslog(LOG_DEBUG, _("Already seen request")); + return 1; + } else { + new = (past_request_t *) xmalloc(sizeof(*new)); + new->request = xstrdup(request); + new->firstseen = now; + avl_insert(past_request_tree, new); + return 0; + } } void age_past_requests(void) { - avl_node_t *node, *next; - past_request_t *p; - int left = 0, deleted = 0; - cp(); - for(node = past_request_tree->head; node; node = next) - { - next = node->next; - p = (past_request_t *)node->data; - if(p->firstseen + pingtimeout < now) - avl_delete_node(past_request_tree, node), deleted++; - else - left++; - } + avl_node_t *node, *next; + past_request_t *p; + int left = 0, deleted = 0; - if(debug_lvl >= DEBUG_SCARY_THINGS && left + deleted) - syslog(LOG_DEBUG, _("Aging past requests: deleted %d, left %d\n"), deleted, left); - cp(); + cp(); + + for(node = past_request_tree->head; node; node = next) { + next = node->next; + p = (past_request_t *) node->data; + + if(p->firstseen + pingtimeout < now) + avl_delete_node(past_request_tree, node), deleted++; + else + left++; + } + + if(debug_lvl >= DEBUG_SCARY_THINGS && left + deleted) + syslog(LOG_DEBUG, _("Aging past requests: deleted %d, left %d\n"), + deleted, left); } /* Jumptable for the request handlers */ -int (*request_handlers[])(connection_t*) = { - id_h, metakey_h, challenge_h, chal_reply_h, ack_h, - status_h, error_h, termreq_h, - ping_h, pong_h, - add_subnet_h, del_subnet_h, - add_edge_h, del_edge_h, - key_changed_h, req_key_h, ans_key_h, - tcppacket_h, +int (*request_handlers[]) (connection_t *) = { + id_h, metakey_h, challenge_h, chal_reply_h, ack_h, + status_h, error_h, termreq_h, + ping_h, pong_h, + add_subnet_h, del_subnet_h, + add_edge_h, del_edge_h, + key_changed_h, req_key_h, ans_key_h, tcppacket_h, }; /* Request names */ char (*request_name[]) = { - "ID", "METAKEY", "CHALLENGE", "CHAL_REPLY", "ACK", - "STATUS", "ERROR", "TERMREQ", - "PING", "PONG", - "ADD_SUBNET", "DEL_SUBNET", - "ADD_EDGE", "DEL_EDGE", - "KEY_CHANGED", "REQ_KEY", "ANS_KEY", - "PACKET", + "ID", "METAKEY", "CHALLENGE", "CHAL_REPLY", "ACK", + "STATUS", "ERROR", "TERMREQ", + "PING", "PONG", + "ADD_SUBNET", "DEL_SUBNET", + "ADD_EDGE", "DEL_EDGE", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", "PACKET", }; diff --git a/src/protocol.h b/src/protocol.h index 47f772c7..f782523e 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.34 2002/09/04 16:26:45 guus Exp $ + $Id: protocol.h,v 1.5.4.35 2002/09/09 21:24:42 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -37,21 +37,20 @@ /* Request numbers */ enum { - ALL = -1, /* Guardian for allow_request */ - ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, ACK, - STATUS, ERROR, TERMREQ, - PING, PONG, -// ADD_NODE, DEL_NODE, - ADD_SUBNET, DEL_SUBNET, - ADD_EDGE, DEL_EDGE, - KEY_CHANGED, REQ_KEY, ANS_KEY, - PACKET, - LAST /* Guardian for the highest request number */ + ALL = -1, /* Guardian for allow_request */ + ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, ACK, + STATUS, ERROR, TERMREQ, + PING, PONG, + ADD_SUBNET, DEL_SUBNET, + ADD_EDGE, DEL_EDGE, + KEY_CHANGED, REQ_KEY, ANS_KEY, + PACKET, + LAST /* Guardian for the highest request number */ }; typedef struct past_request_t { - char *request; - time_t firstseen; + char *request; + time_t firstseen; } past_request_t; /* Maximum size of strings in a request */ @@ -61,7 +60,7 @@ typedef struct past_request_t { /* Basic functions */ -extern int send_request(connection_t*, const char*, ...); +extern int send_request(connection_t *, const char *, ...); extern int forward_request(connection_t *); extern int receive_request(connection_t *); extern int check_id(char *); @@ -83,8 +82,6 @@ extern int send_error(connection_t *, int, char *); extern int send_termreq(connection_t *); extern int send_ping(connection_t *); extern int send_pong(connection_t *); -// extern int send_add_node(connection_t *, node_t *); -// extern int send_del_node(connection_t *, node_t *); extern int send_add_subnet(connection_t *, subnet_t *); extern int send_del_subnet(connection_t *, subnet_t *); extern int send_add_edge(connection_t *, edge_t *); @@ -96,7 +93,7 @@ extern int send_tcppacket(connection_t *, vpn_packet_t *); /* Request handlers */ -extern int (*request_handlers[])(connection_t *); +extern int (*request_handlers[]) (connection_t *); extern int id_h(connection_t *); extern int metakey_h(connection_t *); @@ -108,8 +105,6 @@ extern int error_h(connection_t *); extern int termreq_h(connection_t *); extern int ping_h(connection_t *); extern int pong_h(connection_t *); -// extern int add_node_h(connection_t *); -// extern int del_node_h(connection_t *); extern int add_subnet_h(connection_t *); extern int del_subnet_h(connection_t *); extern int add_edge_h(connection_t *); @@ -119,4 +114,4 @@ extern int req_key_h(connection_t *); extern int ans_key_h(connection_t *); extern int tcppacket_h(connection_t *); -#endif /* __TINC_PROTOCOL_H__ */ +#endif /* __TINC_PROTOCOL_H__ */ diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 8fe8b38b..fc0c3aae 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.15 2002/09/09 19:39:59 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.16 2002/09/09 21:24:45 guus Exp $ */ #include "config.h" @@ -53,533 +53,544 @@ #include "system.h" -int send_id(connection_t *c) +int send_id(connection_t * c) { - cp(); - return send_request(c, "%d %s %d", ID, myself->connection->name, myself->connection->protocol_version); + cp(); + + return send_request(c, "%d %s %d", ID, myself->connection->name, + myself->connection->protocol_version); } -int id_h(connection_t *c) +int id_h(connection_t * c) { - char name[MAX_STRING_SIZE]; - int bla; - cp(); - if(sscanf(c->buffer, "%*d "MAX_STRING" %d", name, &c->protocol_version) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, c->hostname); - return -1; - } + char name[MAX_STRING_SIZE]; + int bla; - /* Check if identity is a valid name */ + cp(); - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, c->hostname, "invalid name"); - return -1; - } - - /* If we set c->name in advance, make sure we are connected to the right host */ - - if(c->name) - { - if(strcmp(c->name, name)) - { - syslog(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, c->name); - return -1; - } - } - else - c->name = xstrdup(name); - - /* Check if version matches */ - - if(c->protocol_version != myself->connection->protocol_version) - { - syslog(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), - c->name, c->hostname, c->protocol_version); - return -1; - } - - if(bypass_security) - { - if(!c->config_tree) - init_configuration(&c->config_tree); - c->allow_request = ACK; - return send_ack(c); - } - - if(!c->config_tree) - { - init_configuration(&c->config_tree); - - bla = read_connection_config(c); - - if(bla) - { - syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name); - return -1; - } - } - - if(read_rsa_public_key(c)) - { - return -1; - } - - /* Check some options */ - - if((get_config_bool(lookup_config(c->config_tree, "IndirectData"), &bla) && bla) || myself->options & OPTION_INDIRECT) - c->options |= OPTION_INDIRECT; - - if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &bla) && bla) || myself->options & OPTION_TCPONLY) - c->options |= OPTION_TCPONLY | OPTION_INDIRECT; - - c->allow_request = METAKEY; - cp(); - return send_metakey(c); -} - -int send_metakey(connection_t *c) -{ - char buffer[MAX_STRING_SIZE]; - int len, x; - cp(); - len = RSA_size(c->rsa_key); - - /* Allocate buffers for the meta key */ - - if(!c->outkey) - c->outkey = xmalloc(len); - - if(!c->outctx) - c->outctx = xmalloc(sizeof(*c->outctx)); - cp(); - /* Copy random data to the buffer */ - - RAND_bytes(c->outkey, len); - - /* The message we send must be smaller than the modulus of the RSA key. - By definition, for a key of k bits, the following formula holds: - - 2^(k-1) <= modulus < 2^(k) - - Where ^ means "to the power of", not "xor". - This means that to be sure, we must choose our message < 2^(k-1). - This can be done by setting the most significant bit to zero. - */ - - c->outkey[0] &= 0x7F; - - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(c->outkey, buffer, len); - buffer[len*2] = '\0'; - syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer); - } - - /* Encrypt the random data - - We do not use one of the PKCS padding schemes here. - This is allowed, because we encrypt a totally random string - with a length equal to that of the modulus of the RSA key. - */ - - if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) - { - syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); - return -1; - } - cp(); - /* Convert the encrypted random data to a hexadecimal formatted string */ - - bin2hex(buffer, buffer, len); - buffer[len*2] = '\0'; - - /* Send the meta key */ - - x = send_request(c, "%d %d %d %d %d %s", METAKEY, - c->outcipher?c->outcipher->nid:0, c->outdigest?c->outdigest->type:0, - c->outmaclength, c->outcompression, buffer); - - /* Further outgoing requests are encrypted with the key we just generated */ - - if(c->outcipher) - { - EVP_EncryptInit(c->outctx, c->outcipher, - c->outkey + len - c->outcipher->key_len, - c->outkey + len - c->outcipher->key_len - c->outcipher->iv_len); - - c->status.encryptout = 1; - } - cp(); - return x; -} - -int metakey_h(connection_t *c) -{ - char buffer[MAX_STRING_SIZE]; - int cipher, digest, maclength, compression; - int len; - cp(); - if(sscanf(c->buffer, "%*d %d %d %d %d "MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); - return -1; - } - cp(); - len = RSA_size(myself->connection->rsa_key); - - /* Check if the length of the meta key is all right */ - - if(strlen(buffer) != len*2) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); - return -1; - } - - /* Allocate buffers for the meta key */ - cp(); - if(!c->inkey) - c->inkey = xmalloc(len); - - if(!c->inctx) - c->inctx = xmalloc(sizeof(*c->inctx)); - - /* Convert the challenge from hexadecimal back to binary */ - cp(); - hex2bin(buffer,buffer,len); - - /* Decrypt the meta key */ - cp(); - if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) /* See challenge() */ - { - syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); - return -1; - } - - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(c->inkey, buffer, len); - buffer[len*2] = '\0'; - syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); - } - - /* All incoming requests will now be encrypted. */ - cp(); - /* Check and lookup cipher and digest algorithms */ - - if(cipher) - { - c->incipher = EVP_get_cipherbynid(cipher); - if(!c->incipher) - { - syslog(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); - return -1; + if(sscanf(c->buffer, "%*d " MAX_STRING " %d", name, &c->protocol_version) != 2) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, + c->hostname); + return -1; } - EVP_DecryptInit(c->inctx, c->incipher, - c->inkey + len - c->incipher->key_len, - c->inkey + len - c->incipher->key_len - c->incipher->iv_len); + /* Check if identity is a valid name */ - c->status.decryptin = 1; - } - else - { - c->incipher = NULL; - } - - c->inmaclength = maclength; - - if(digest) - { - c->indigest = EVP_get_digestbynid(digest); - if(!c->indigest) - { - syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); - return -1; + if(check_id(name)) { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, + c->hostname, "invalid name"); + return -1; } - - if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) - { - syslog(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); - return -1; + + /* If we set c->name in advance, make sure we are connected to the right host */ + + if(c->name) { + if(strcmp(c->name, name)) { + syslog(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, + c->name); + return -1; + } + } else + c->name = xstrdup(name); + + /* Check if version matches */ + + if(c->protocol_version != myself->connection->protocol_version) { + syslog(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), + c->name, c->hostname, c->protocol_version); + return -1; } - } - else - { - c->indigest = NULL; - } - c->incompression = compression; + if(bypass_security) { + if(!c->config_tree) + init_configuration(&c->config_tree); + c->allow_request = ACK; + return send_ack(c); + } - c->allow_request = CHALLENGE; - cp(); - return send_challenge(c); + if(!c->config_tree) { + init_configuration(&c->config_tree); + + bla = read_connection_config(c); + + if(bla) { + syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, + c->name); + return -1; + } + } + + if(read_rsa_public_key(c)) { + return -1; + } + + /* Check some options */ + + if((get_config_bool(lookup_config(c->config_tree, "IndirectData"), &bla) && bla) || myself->options & OPTION_INDIRECT) + c->options |= OPTION_INDIRECT; + + if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &bla) && bla) || myself->options & OPTION_TCPONLY) + c->options |= OPTION_TCPONLY | OPTION_INDIRECT; + + c->allow_request = METAKEY; + + return send_metakey(c); } -int send_challenge(connection_t *c) +int send_metakey(connection_t * c) { - char buffer[MAX_STRING_SIZE]; - int len, x; - cp(); - /* CHECKME: what is most reasonable value for len? */ + char buffer[MAX_STRING_SIZE]; + int len, x; - len = RSA_size(c->rsa_key); + cp(); - /* Allocate buffers for the challenge */ + len = RSA_size(c->rsa_key); - if(!c->hischallenge) - c->hischallenge = xmalloc(len); - cp(); - /* Copy random data to the buffer */ + /* Allocate buffers for the meta key */ - RAND_bytes(c->hischallenge, len); + if(!c->outkey) + c->outkey = xmalloc(len); - cp(); - /* Convert to hex */ + if(!c->outctx) + c->outctx = xmalloc(sizeof(*c->outctx)); + cp(); + /* Copy random data to the buffer */ - bin2hex(c->hischallenge, buffer, len); - buffer[len*2] = '\0'; + RAND_bytes(c->outkey, len); - cp(); - /* Send the challenge */ + /* The message we send must be smaller than the modulus of the RSA key. + By definition, for a key of k bits, the following formula holds: - x = send_request(c, "%d %s", CHALLENGE, buffer); - cp(); - return x; + 2^(k-1) <= modulus < 2^(k) + + Where ^ means "to the power of", not "xor". + This means that to be sure, we must choose our message < 2^(k-1). + This can be done by setting the most significant bit to zero. + */ + + c->outkey[0] &= 0x7F; + + if(debug_lvl >= DEBUG_SCARY_THINGS) { + bin2hex(c->outkey, buffer, len); + buffer[len * 2] = '\0'; + syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), + buffer); + } + + /* Encrypt the random data + + We do not use one of the PKCS padding schemes here. + This is allowed, because we encrypt a totally random string + with a length equal to that of the modulus of the RSA key. + */ + + if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) { + syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), + c->name, c->hostname); + return -1; + } + + /* Convert the encrypted random data to a hexadecimal formatted string */ + + bin2hex(buffer, buffer, len); + buffer[len * 2] = '\0'; + + /* Send the meta key */ + + x = send_request(c, "%d %d %d %d %d %s", METAKEY, + c->outcipher ? c->outcipher->nid : 0, + c->outdigest ? c->outdigest->type : 0, c->outmaclength, + c->outcompression, buffer); + + /* Further outgoing requests are encrypted with the key we just generated */ + + if(c->outcipher) { + EVP_EncryptInit(c->outctx, c->outcipher, + c->outkey + len - c->outcipher->key_len, + c->outkey + len - c->outcipher->key_len - + c->outcipher->iv_len); + + c->status.encryptout = 1; + } + + return x; } -int challenge_h(connection_t *c) +int metakey_h(connection_t * c) { - char buffer[MAX_STRING_SIZE]; - int len; - cp(); - if(sscanf(c->buffer, "%*d "MAX_STRING, buffer) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, c->hostname); - return -1; - } + char buffer[MAX_STRING_SIZE]; + int cipher, digest, maclength, compression; + int len; - len = RSA_size(myself->connection->rsa_key); + cp(); - /* Check if the length of the challenge is all right */ + if(sscanf + (c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, + &compression, buffer) != 5) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, + c->hostname); + return -1; + } - if(strlen(buffer) != len*2) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong challenge length"); - return -1; - } + len = RSA_size(myself->connection->rsa_key); - /* Allocate buffers for the challenge */ + /* Check if the length of the meta key is all right */ - if(!c->mychallenge) - c->mychallenge = xmalloc(len); + if(strlen(buffer) != len * 2) { + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, + c->hostname, "wrong keylength"); + return -1; + } - /* Convert the challenge from hexadecimal back to binary */ + /* Allocate buffers for the meta key */ - hex2bin(buffer,c->mychallenge,len); + if(!c->inkey) + c->inkey = xmalloc(len); - c->allow_request = CHAL_REPLY; + if(!c->inctx) + c->inctx = xmalloc(sizeof(*c->inctx)); - /* Rest is done by send_chal_reply() */ - cp(); - return send_chal_reply(c); + /* Convert the challenge from hexadecimal back to binary */ + + hex2bin(buffer, buffer, len); + + /* Decrypt the meta key */ + + if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */ + syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), + c->name, c->hostname); + return -1; + } + + if(debug_lvl >= DEBUG_SCARY_THINGS) { + bin2hex(c->inkey, buffer, len); + buffer[len * 2] = '\0'; + syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), + buffer); + } + + /* All incoming requests will now be encrypted. */ + + /* Check and lookup cipher and digest algorithms */ + + if(cipher) { + c->incipher = EVP_get_cipherbynid(cipher); + + if(!c->incipher) { + syslog(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, + c->hostname); + return -1; + } + + EVP_DecryptInit(c->inctx, c->incipher, + c->inkey + len - c->incipher->key_len, + c->inkey + len - c->incipher->key_len - + c->incipher->iv_len); + + c->status.decryptin = 1; + } else { + c->incipher = NULL; + } + + c->inmaclength = maclength; + + if(digest) { + c->indigest = EVP_get_digestbynid(digest); + + if(!c->indigest) { + syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, + c->hostname); + return -1; + } + + if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) { + syslog(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, + c->hostname); + return -1; + } + } else { + c->indigest = NULL; + } + + c->incompression = compression; + + c->allow_request = CHALLENGE; + + return send_challenge(c); } -int send_chal_reply(connection_t *c) +int send_challenge(connection_t * c) { - char hash[EVP_MAX_MD_SIZE*2+1]; - EVP_MD_CTX ctx; - cp(); - /* Calculate the hash from the challenge we received */ + char buffer[MAX_STRING_SIZE]; + int len, x; - EVP_DigestInit(&ctx, c->indigest); - EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key)); - EVP_DigestFinal(&ctx, hash, NULL); + cp(); - /* Convert the hash to a hexadecimal formatted string */ + /* CHECKME: what is most reasonable value for len? */ - bin2hex(hash,hash,c->indigest->md_size); - hash[c->indigest->md_size*2] = '\0'; + len = RSA_size(c->rsa_key); - /* Send the reply */ + /* Allocate buffers for the challenge */ - cp(); - return send_request(c, "%d %s", CHAL_REPLY, hash); + if(!c->hischallenge) + c->hischallenge = xmalloc(len); + + /* Copy random data to the buffer */ + + RAND_bytes(c->hischallenge, len); + + /* Convert to hex */ + + bin2hex(c->hischallenge, buffer, len); + buffer[len * 2] = '\0'; + + /* Send the challenge */ + + x = send_request(c, "%d %s", CHALLENGE, buffer); + + return x; } -int chal_reply_h(connection_t *c) +int challenge_h(connection_t * c) { - char hishash[MAX_STRING_SIZE]; - char myhash[EVP_MAX_MD_SIZE]; - EVP_MD_CTX ctx; - cp(); - if(sscanf(c->buffer, "%*d "MAX_STRING, hishash) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, c->hostname); - return -1; - } + char buffer[MAX_STRING_SIZE]; + int len; - /* Check if the length of the hash is all right */ + cp(); - if(strlen(hishash) != c->outdigest->md_size*2) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply length")); - return -1; - } + if(sscanf(c->buffer, "%*d " MAX_STRING, buffer) != 1) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, + c->hostname); + return -1; + } - /* Convert the hash to binary format */ + len = RSA_size(myself->connection->rsa_key); - hex2bin(hishash, hishash, c->outdigest->md_size); + /* Check if the length of the challenge is all right */ - /* Calculate the hash from the challenge we sent */ + if(strlen(buffer) != len * 2) { + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, + c->hostname, "wrong challenge length"); + return -1; + } - EVP_DigestInit(&ctx, c->outdigest); - EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key)); - EVP_DigestFinal(&ctx, myhash, NULL); + /* Allocate buffers for the challenge */ - /* Verify the incoming hash with the calculated hash */ + if(!c->mychallenge) + c->mychallenge = xmalloc(len); - if(memcmp(hishash, myhash, c->outdigest->md_size)) - { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply")); - if(debug_lvl >= DEBUG_SCARY_THINGS) - { - bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); - hishash[SHA_DIGEST_LENGTH*2] = '\0'; - syslog(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); - } - return -1; - } + /* Convert the challenge from hexadecimal back to binary */ - /* Identity has now been positively verified. - Send an acknowledgement with the rest of the information needed. - */ + hex2bin(buffer, c->mychallenge, len); - c->allow_request = ACK; - cp(); - return send_ack(c); + c->allow_request = CHAL_REPLY; + + /* Rest is done by send_chal_reply() */ + + return send_chal_reply(c); } -int send_ack(connection_t *c) +int send_chal_reply(connection_t * c) { - /* ACK message contains rest of the information the other end needs - to create node_t and edge_t structures. */ + char hash[EVP_MAX_MD_SIZE * 2 + 1]; + EVP_MD_CTX ctx; - int x; - struct timeval now; - cp(); - /* Estimate weight */ - - gettimeofday(&now, NULL); - c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; - x = send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options); - cp(); - return x; + cp(); + + /* Calculate the hash from the challenge we received */ + + EVP_DigestInit(&ctx, c->indigest); + EVP_DigestUpdate(&ctx, c->mychallenge, + RSA_size(myself->connection->rsa_key)); + EVP_DigestFinal(&ctx, hash, NULL); + + /* Convert the hash to a hexadecimal formatted string */ + + bin2hex(hash, hash, c->indigest->md_size); + hash[c->indigest->md_size * 2] = '\0'; + + /* Send the reply */ + + return send_request(c, "%d %s", CHAL_REPLY, hash); } -void send_everything(connection_t *c) +int chal_reply_h(connection_t * c) { - avl_node_t *node, *node2; - node_t *n; - subnet_t *s; - edge_t *e; + char hishash[MAX_STRING_SIZE]; + char myhash[EVP_MAX_MD_SIZE]; + EVP_MD_CTX ctx; - /* Send all known subnets and edges */ - - for(node = node_tree->head; node; node = node->next) - { - n = (node_t *)node->data; + cp(); - for(node2 = n->subnet_tree->head; node2; node2 = node2->next) - { - s = (subnet_t *)node2->data; - send_add_subnet(c, s); - } + if(sscanf(c->buffer, "%*d " MAX_STRING, hishash) != 1) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, + c->hostname); + return -1; + } - for(node2 = n->edge_tree->head; node2; node2 = node2->next) - { - e = (edge_t *)node2->data; - send_add_edge(c, e); - } - } + /* Check if the length of the hash is all right */ + + if(strlen(hishash) != c->outdigest->md_size * 2) { + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, + c->hostname, _("wrong challenge reply length")); + return -1; + } + + /* Convert the hash to binary format */ + + hex2bin(hishash, hishash, c->outdigest->md_size); + + /* Calculate the hash from the challenge we sent */ + + EVP_DigestInit(&ctx, c->outdigest); + EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key)); + EVP_DigestFinal(&ctx, myhash, NULL); + + /* Verify the incoming hash with the calculated hash */ + + if(memcmp(hishash, myhash, c->outdigest->md_size)) { + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, + c->hostname, _("wrong challenge reply")); + + if(debug_lvl >= DEBUG_SCARY_THINGS) { + bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); + hishash[SHA_DIGEST_LENGTH * 2] = '\0'; + syslog(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); + } + + return -1; + } + + /* Identity has now been positively verified. + Send an acknowledgement with the rest of the information needed. + */ + + c->allow_request = ACK; + + return send_ack(c); } -int ack_h(connection_t *c) +int send_ack(connection_t * c) { - char hisport[MAX_STRING_SIZE]; - char *hisaddress, *dummy; - int weight; - long int options; - node_t *n; - cp(); - if(sscanf(c->buffer, "%*d "MAX_STRING" %d %lx", hisport, &weight, &options) != 3) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); - return -1; - } + /* ACK message contains rest of the information the other end needs + to create node_t and edge_t structures. */ - /* Check if we already have a node_t for him */ + int x; + struct timeval now; - n = lookup_node(c->name); - - if(!n) - { - n = new_node(); - n->name = xstrdup(c->name); - node_add(n); - } - else - { - if(n->connection) - { - /* Oh dear, we already have a connection to this node. */ - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); - terminate_connection(n->connection, 0); - } - } - - n->connection = c; - c->node = n; - c->options |= options; + cp(); - /* Activate this connection */ + /* Estimate weight */ - c->allow_request = ALL; - c->status.active = 1; + gettimeofday(&now, NULL); + c->estimated_weight = + (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - + c->start.tv_usec) / 1000; + x = send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, + c->options); - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); - - /* Send him everything we know */ - - send_everything(c); - - /* Create an edge_t for this connection */ - - c->edge = new_edge(); - cp(); - c->edge->from = myself; - c->edge->to = n; - sockaddr2str(&c->address, &hisaddress, &dummy); - c->edge->address = str2sockaddr(hisaddress, hisport); - free(hisaddress); - free(dummy); - c->edge->weight = (weight + c->estimated_weight) / 2; - c->edge->connection = c; - c->edge->options = c->options; - cp(); - edge_add(c->edge); - - cp(); - /* Notify everyone of the new edge */ - - send_add_edge(broadcast, c->edge); - - /* Run MST and SSSP algorithms */ - - graph(); - cp(); - return 0; + return x; +} + +void send_everything(connection_t * c) +{ + avl_node_t *node, *node2; + node_t *n; + subnet_t *s; + edge_t *e; + + /* Send all known subnets and edges */ + + for(node = node_tree->head; node; node = node->next) { + n = (node_t *) node->data; + + for(node2 = n->subnet_tree->head; node2; node2 = node2->next) { + s = (subnet_t *) node2->data; + send_add_subnet(c, s); + } + + for(node2 = n->edge_tree->head; node2; node2 = node2->next) { + e = (edge_t *) node2->data; + send_add_edge(c, e); + } + } +} + +int ack_h(connection_t * c) +{ + char hisport[MAX_STRING_SIZE]; + char *hisaddress, *dummy; + int weight; + long int options; + node_t *n; + + cp(); + + if(sscanf + (c->buffer, "%*d " MAX_STRING " %d %lx", hisport, &weight, &options) != 3) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, + c->hostname); + return -1; + } + + /* Check if we already have a node_t for him */ + + n = lookup_node(c->name); + + if(!n) { + n = new_node(); + n->name = xstrdup(c->name); + node_add(n); + } else { + if(n->connection) { + /* Oh dear, we already have a connection to this node. */ + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), + n->name, n->hostname); + terminate_connection(n->connection, 0); + } + } + + n->connection = c; + c->node = n; + c->options |= options; + + /* Activate this connection */ + + c->allow_request = ALL; + c->status.active = 1; + + if(debug_lvl >= DEBUG_CONNECTIONS) + syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, + c->hostname); + + /* Send him everything we know */ + + send_everything(c); + + /* Create an edge_t for this connection */ + + c->edge = new_edge(); + cp(); + c->edge->from = myself; + c->edge->to = n; + sockaddr2str(&c->address, &hisaddress, &dummy); + c->edge->address = str2sockaddr(hisaddress, hisport); + free(hisaddress); + free(dummy); + c->edge->weight = (weight + c->estimated_weight) / 2; + c->edge->connection = c; + c->edge->options = c->options; + + edge_add(c->edge); + + /* Notify everyone of the new edge */ + + send_add_edge(broadcast, c->edge); + + /* Run MST and SSSP algorithms */ + + graph(); + + return 0; } diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 7a04f082..bd473f15 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.11 2002/09/09 19:40:04 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.12 2002/09/09 21:24:48 guus Exp $ */ #include "config.h" @@ -45,225 +45,231 @@ #include "system.h" -int send_add_edge(connection_t *c, edge_t *e) +int send_add_edge(connection_t * c, edge_t * e) { - int x; - char *address, *port; - cp(); - sockaddr2str(&e->address, &address, &port); - x = send_request(c, "%d %lx %s %s %s %s %lx %d", ADD_EDGE, random(), - e->from->name, e->to->name, address, port, - e->options, e->weight); - free(address); - free(port); - cp(); - return x; + int x; + char *address, *port; + + cp(); + + sockaddr2str(&e->address, &address, &port); + + x = send_request(c, "%d %lx %s %s %s %s %lx %d", ADD_EDGE, random(), + e->from->name, e->to->name, address, port, + e->options, e->weight); + free(address); + free(port); + + return x; } -int add_edge_h(connection_t *c) +int add_edge_h(connection_t * c) { - edge_t *e; - node_t *from, *to; - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - char to_address[MAX_STRING_SIZE]; - char to_port[MAX_STRING_SIZE]; - sockaddr_t address; - long int options; - int weight; - cp(); - if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", - from_name, to_name, to_address, to_port, &options, &weight) != 6) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, c->hostname); - return -1; - } + edge_t *e; + node_t *from, *to; + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + char to_address[MAX_STRING_SIZE]; + char to_port[MAX_STRING_SIZE]; + sockaddr_t address; + long int options; + int weight; - /* Check if names are valid */ + cp(); - if(check_id(from_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } + if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", + from_name, to_name, to_address, to_port, &options, &weight) != 6) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, + c->hostname); + return -1; + } - if(check_id(to_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } + /* Check if names are valid */ - if(seen_request(c->buffer)) - return 0; + if(check_id(from_name)) { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, + c->hostname, _("invalid name")); + return -1; + } - /* Lookup nodes */ + if(check_id(to_name)) { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, + c->hostname, _("invalid name")); + return -1; + } - from = lookup_node(from_name); - - if(!from) - { - from = new_node(); - from->name = xstrdup(from_name); - node_add(from); - } + if(seen_request(c->buffer)) + return 0; - to = lookup_node(to_name); - - if(!to) - { - to = new_node(); - to->name = xstrdup(to_name); - node_add(to); - } + /* Lookup nodes */ - /* Convert addresses */ - - address = str2sockaddr(to_address, to_port); + from = lookup_node(from_name); - /* Check if edge already exists */ - - e = lookup_edge(from, to); - - if(e) - { - if(e->weight != weight || e->options != options || sockaddrcmp(&e->address, &address)) - { - if(from == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); - send_add_edge(c, e); - return 0; - } - else - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); - edge_del(e); - } - } - else - return 0; - } - else if(from == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not exist"), "ADD_EDGE", c->name, c->hostname); - e = new_edge(); - e->from = from; - e->to = to; - send_del_edge(c, e); - free_edge(e); - return 0; - } + if(!from) { + from = new_node(); + from->name = xstrdup(from_name); + node_add(from); + } - e = new_edge(); - e->from = from; - e->to = to; - e->address = address; - e->options = options; - e->weight = weight; - edge_add(e); + to = lookup_node(to_name); - /* Tell the rest about the new edge */ + if(!to) { + to = new_node(); + to->name = xstrdup(to_name); + node_add(to); + } - forward_request(c); + /* Convert addresses */ - /* Run MST before or after we tell the rest? */ + address = str2sockaddr(to_address, to_port); - graph(); - cp(); - return 0; + /* Check if edge already exists */ + + e = lookup_edge(from, to); + + if(e) { + if(e->weight != weight || e->options != options || sockaddrcmp(&e->address, &address)) { + if(from == myself) { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not match existing entry"), + "ADD_EDGE", c->name, c->hostname); + send_add_edge(c, e); + return 0; + } else { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) which does not match existing entry"), + "ADD_EDGE", c->name, c->hostname); + edge_del(e); + } + } else + return 0; + } else if(from == myself) { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not exist"), + "ADD_EDGE", c->name, c->hostname); + e = new_edge(); + e->from = from; + e->to = to; + send_del_edge(c, e); + free_edge(e); + return 0; + } + + e = new_edge(); + e->from = from; + e->to = to; + e->address = address; + e->options = options; + e->weight = weight; + edge_add(e); + + /* Tell the rest about the new edge */ + + forward_request(c); + + /* Run MST before or after we tell the rest? */ + + graph(); + + return 0; } -int send_del_edge(connection_t *c, edge_t *e) +int send_del_edge(connection_t * c, edge_t * e) { - cp(); - return send_request(c, "%d %lx %s %s", DEL_EDGE, random(), - e->from->name, e->to->name); + cp(); + + return send_request(c, "%d %lx %s %s", DEL_EDGE, random(), + e->from->name, e->to->name); } -int del_edge_h(connection_t *c) +int del_edge_h(connection_t * c) { - edge_t *e; - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - node_t *from, *to; - cp(); - if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING"", from_name, to_name) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", - c->name, c->hostname); - return -1; - } + edge_t *e; + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + node_t *from, *to; - /* Check if names are valid */ + cp(); - if(check_id(from_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } + if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, from_name, to_name) != 2) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", c->name, + c->hostname); + return -1; + } - if(check_id(to_name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); - return -1; - } + /* Check if names are valid */ - if(seen_request(c->buffer)) - return 0; + if(check_id(from_name)) { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, + c->hostname, _("invalid name")); + return -1; + } - /* Lookup nodes */ + if(check_id(to_name)) { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, + c->hostname, _("invalid name")); + return -1; + } - from = lookup_node(from_name); - - if(!from) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); - return 0; - } + if(seen_request(c->buffer)) + return 0; - to = lookup_node(to_name); - - if(!to) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); - return 0; - } + /* Lookup nodes */ - /* Check if edge exists */ - - e = lookup_edge(from, to); - - if(!e) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); - return 0; - } + from = lookup_node(from_name); - if(e->from == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_EDGE", c->name, c->hostname); - send_add_edge(c, e); /* Send back a correction */ - return 0; - } + if(!from) { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_ERR, + _ + ("Got %s from %s (%s) which does not appear in the edge tree"), + "DEL_EDGE", c->name, c->hostname); + return 0; + } - /* Tell the rest about the deleted edge */ + to = lookup_node(to_name); - forward_request(c); + if(!to) { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_ERR, + _ + ("Got %s from %s (%s) which does not appear in the edge tree"), + "DEL_EDGE", c->name, c->hostname); + return 0; + } - /* Delete the edge */ - - edge_del(e); + /* Check if edge exists */ - /* Run MST before or after we tell the rest? */ + e = lookup_edge(from, to); - graph(); - cp(); - return 0; + if(!e) { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, + _ + ("Got %s from %s (%s) which does not appear in the edge tree"), + "DEL_EDGE", c->name, c->hostname); + return 0; + } + + if(e->from == myself) { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), + "DEL_EDGE", c->name, c->hostname); + send_add_edge(c, e); /* Send back a correction */ + return 0; + } + + /* Tell the rest about the deleted edge */ + + forward_request(c); + + /* Delete the edge */ + + edge_del(e); + + /* Run MST before or after we tell the rest? */ + + graph(); + + return 0; } diff --git a/src/protocol_key.c b/src/protocol_key.c index 03131eb8..66c9a909 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.12 2002/09/09 19:40:05 guus Exp $ + $Id: protocol_key.c,v 1.1.4.13 2002/09/09 21:24:56 guus Exp $ */ #include "config.h" @@ -45,225 +45,217 @@ int mykeyused = 0; -int send_key_changed(connection_t *c, node_t *n) +int send_key_changed(connection_t * c, node_t * n) { - cp(); - /* Only send this message if some other daemon requested our key previously. - This reduces unnecessary key_changed broadcasts. - */ + cp(); - if(n == myself && !mykeyused) - return 0; - cp(); - return send_request(c, "%d %lx %s", KEY_CHANGED, random(), n->name); + /* Only send this message if some other daemon requested our key previously. + This reduces unnecessary key_changed broadcasts. + */ + + if(n == myself && !mykeyused) + return 0; + + return send_request(c, "%d %lx %s", KEY_CHANGED, random(), n->name); } -int key_changed_h(connection_t *c) +int key_changed_h(connection_t * c) { - char name[MAX_STRING_SIZE]; - node_t *n; - cp(); - if(sscanf(c->buffer, "%*d %*x "MAX_STRING, name) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", - c->name, c->hostname); - return -1; - } + char name[MAX_STRING_SIZE]; + node_t *n; - if(seen_request(c->buffer)) - return 0; + cp(); - n = lookup_node(name); - - if(!n) - { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), "KEY_CHANGED", - c->name, c->hostname, name); - return -1; - } - - n->status.validkey = 0; - n->status.waitingforkey = 0; - - /* Tell the others */ - - forward_request(c); - cp(); - return 0; -} - -int send_req_key(connection_t *c, node_t *from, node_t *to) -{ - cp(); - return send_request(c, "%d %s %s", REQ_KEY, - from->name, to->name); -} - -int req_key_h(connection_t *c) -{ - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - node_t *from, *to; - cp(); - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, from_name, to_name) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", - c->name, c->hostname); - return -1; - } - - from = lookup_node(from_name); - - if(!from) - { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "REQ_KEY", - c->name, c->hostname, from_name); - return -1; - } - - to = lookup_node(to_name); - - if(!to) - { - syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "REQ_KEY", - c->name, c->hostname, to_name); - return -1; - } - - /* Check if this key request is for us */ - - if(to == myself) /* Yes, send our own key back */ - { - mykeyused = 1; - from->received_seqno = 0; - send_ans_key(c, myself, from); - } - else - { -/* Proxy keys - if(to->status.validkey) - { - send_ans_key(c, to, from); - } - else -*/ - send_req_key(to->nexthop->connection, from, to); - } - - cp(); - return 0; -} - -int send_ans_key(connection_t *c, node_t *from, node_t *to) -{ - char key[MAX_STRING_SIZE]; - cp(); - bin2hex(from->key, key, from->keylength); - key[from->keylength * 2] = '\0'; - cp(); - return send_request(c, "%d %s %s %s %d %d %d %d", ANS_KEY, - from->name, to->name, key, from->cipher?from->cipher->nid:0, from->digest?from->digest->type:0, from->maclength, from->compression); -} - -int ans_key_h(connection_t *c) -{ - char from_name[MAX_STRING_SIZE]; - char to_name[MAX_STRING_SIZE]; - char key[MAX_STRING_SIZE]; - int cipher, digest, maclength, compression; - node_t *from, *to; - cp(); - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d", from_name, to_name, key, &cipher, &digest, &maclength, &compression) != 7) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", - c->name, c->hostname); - return -1; - } - - from = lookup_node(from_name); - - if(!from) - { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "ANS_KEY", - c->name, c->hostname, from_name); - return -1; - } - - to = lookup_node(to_name); - - if(!to) - { - syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "ANS_KEY", - c->name, c->hostname, to_name); - return -1; - } - - /* Forward it if necessary */ - - if(to != myself) - { - return send_request(to->nexthop->connection, "%s", c->buffer); - } - - /* Update our copy of the origin's packet key */ - - if(from->key) - free(from->key); - - from->key = xstrdup(key); - from->keylength = strlen(key) / 2; - hex2bin(from->key, from->key, from->keylength); - from->key[from->keylength] = '\0'; - - from->status.validkey = 1; - from->status.waitingforkey = 0; - from->sent_seqno = 0; - - /* Check and lookup cipher and digest algorithms */ - - if(cipher) - { - from->cipher = EVP_get_cipherbynid(cipher); - if(!from->cipher) - { - syslog(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, from->hostname); - return -1; + if(sscanf(c->buffer, "%*d %*x " MAX_STRING, name) != 1) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", + c->name, c->hostname); + return -1; } - if(from->keylength != from->cipher->key_len + from->cipher->iv_len) - { - syslog(LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name, from->hostname); - return -1; - } - } - else - { - from->cipher = NULL; - } - from->maclength = maclength; + if(seen_request(c->buffer)) + return 0; - if(digest) - { - from->digest = EVP_get_digestbynid(digest); - if(!from->digest) - { - syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, from->hostname); - return -1; + n = lookup_node(name); + + if(!n) { + syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), + "KEY_CHANGED", c->name, c->hostname, name); + return -1; } - if(from->maclength > from->digest->md_size || from->maclength < 0) - { - syslog(LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), from->name, from->hostname); - return -1; - } - } - else - { - from->digest = NULL; - } - from->compression = compression; - - flush_queue(from); - cp(); - return 0; + n->status.validkey = 0; + n->status.waitingforkey = 0; + + /* Tell the others */ + + forward_request(c); + + return 0; +} + +int send_req_key(connection_t * c, node_t * from, node_t * to) +{ + cp(); + + return send_request(c, "%d %s %s", REQ_KEY, from->name, to->name); +} + +int req_key_h(connection_t * c) +{ + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + node_t *from, *to; + + cp(); + + if(sscanf(c->buffer, "%*d " MAX_STRING " " MAX_STRING, from_name, to_name) != 2) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", c->name, + c->hostname); + return -1; + } + + from = lookup_node(from_name); + + if(!from) { + syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), + "REQ_KEY", c->name, c->hostname, from_name); + return -1; + } + + to = lookup_node(to_name); + + if(!to) { + syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), + "REQ_KEY", c->name, c->hostname, to_name); + return -1; + } + + /* Check if this key request is for us */ + + if(to == myself) { /* Yes, send our own key back */ + mykeyused = 1; + from->received_seqno = 0; + send_ans_key(c, myself, from); + } else { + send_req_key(to->nexthop->connection, from, to); + } + + return 0; +} + +int send_ans_key(connection_t * c, node_t * from, node_t * to) +{ + char key[MAX_STRING_SIZE]; + + cp(); + + bin2hex(from->key, key, from->keylength); + key[from->keylength * 2] = '\0'; + + return send_request(c, "%d %s %s %s %d %d %d %d", ANS_KEY, + from->name, to->name, key, + from->cipher ? from->cipher->nid : 0, + from->digest ? from->digest->type : 0, from->maclength, + from->compression); +} + +int ans_key_h(connection_t * c) +{ + char from_name[MAX_STRING_SIZE]; + char to_name[MAX_STRING_SIZE]; + char key[MAX_STRING_SIZE]; + int cipher, digest, maclength, compression; + node_t *from, *to; + + cp(); + + if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d", + from_name, to_name, key, &cipher, &digest, &maclength, + &compression) != 7) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", c->name, + c->hostname); + return -1; + } + + from = lookup_node(from_name); + + if(!from) { + syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), + "ANS_KEY", c->name, c->hostname, from_name); + return -1; + } + + to = lookup_node(to_name); + + if(!to) { + syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), + "ANS_KEY", c->name, c->hostname, to_name); + return -1; + } + + /* Forward it if necessary */ + + if(to != myself) { + return send_request(to->nexthop->connection, "%s", c->buffer); + } + + /* Update our copy of the origin's packet key */ + + if(from->key) + free(from->key); + + from->key = xstrdup(key); + from->keylength = strlen(key) / 2; + hex2bin(from->key, from->key, from->keylength); + from->key[from->keylength] = '\0'; + + from->status.validkey = 1; + from->status.waitingforkey = 0; + from->sent_seqno = 0; + + /* Check and lookup cipher and digest algorithms */ + + if(cipher) { + from->cipher = EVP_get_cipherbynid(cipher); + + if(!from->cipher) { + syslog(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, + from->hostname); + return -1; + } + + if(from->keylength != from->cipher->key_len + from->cipher->iv_len) { + syslog(LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name, + from->hostname); + return -1; + } + } else { + from->cipher = NULL; + } + + from->maclength = maclength; + + if(digest) { + from->digest = EVP_get_digestbynid(digest); + + if(!from->digest) { + syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, + from->hostname); + return -1; + } + + if(from->maclength > from->digest->md_size || from->maclength < 0) { + syslog(LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), + from->name, from->hostname); + return -1; + } + } else { + from->digest = NULL; + } + + from->compression = compression; + + flush_queue(from); + + return 0; } diff --git a/src/protocol_misc.c b/src/protocol_misc.c index 3e48970a..4dcdd927 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_misc.c,v 1.1.4.5 2002/09/09 19:40:08 guus Exp $ + $Id: protocol_misc.c,v 1.1.4.6 2002/09/09 21:25:02 guus Exp $ */ #include "config.h" @@ -42,157 +42,169 @@ /* Status and error notification routines */ -int send_status(connection_t *c, int statusno, char *statusstring) +int send_status(connection_t * c, int statusno, char *statusstring) { - cp(); - if(!statusstring) - statusstring = status_text[statusno]; - cp(); - return send_request(c, "%d %d %s", STATUS, statusno, statusstring); + cp(); + + if(!statusstring) + statusstring = status_text[statusno]; + + return send_request(c, "%d %d %s", STATUS, statusno, statusstring); } -int status_h(connection_t *c) +int status_h(connection_t * c) { - int statusno; - char statusstring[MAX_STRING_SIZE]; - cp(); - if(sscanf(c->buffer, "%*d %d "MAX_STRING, &statusno, statusstring) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "STATUS", - c->name, c->hostname); - return -1; - } + int statusno; + char statusstring[MAX_STRING_SIZE]; - if(debug_lvl >= DEBUG_STATUS) - { - syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), - c->name, c->hostname, status_text[statusno], statusstring); - } + cp(); - cp(); - return 0; + if(sscanf(c->buffer, "%*d %d " MAX_STRING, &statusno, statusstring) != 2) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "STATUS", + c->name, c->hostname); + return -1; + } + + if(debug_lvl >= DEBUG_STATUS) { + syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), + c->name, c->hostname, status_text[statusno], statusstring); + } + + return 0; } -int send_error(connection_t *c, int err, char *errstring) +int send_error(connection_t * c, int err, char *errstring) { - cp(); - if(!errstring) - errstring = strerror(err); - return send_request(c, "%d %d %s", ERROR, err, errstring); + cp(); + + if(!errstring) + errstring = strerror(err); + + return send_request(c, "%d %d %s", ERROR, err, errstring); } -int error_h(connection_t *c) +int error_h(connection_t * c) { - int err; - char errorstring[MAX_STRING_SIZE]; - cp(); - if(sscanf(c->buffer, "%*d %d "MAX_STRING, &err, errorstring) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ERROR", - c->name, c->hostname); - return -1; - } + int err; + char errorstring[MAX_STRING_SIZE]; - if(debug_lvl >= DEBUG_ERROR) - { - syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), - c->name, c->hostname, strerror(err), errorstring); - } + cp(); - terminate_connection(c, c->status.active); - cp(); - return 0; + if(sscanf(c->buffer, "%*d %d " MAX_STRING, &err, errorstring) != 2) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ERROR", + c->name, c->hostname); + return -1; + } + + if(debug_lvl >= DEBUG_ERROR) { + syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), + c->name, c->hostname, strerror(err), errorstring); + } + + terminate_connection(c, c->status.active); + + return 0; } -int send_termreq(connection_t *c) +int send_termreq(connection_t * c) { - cp(); - return send_request(c, "%d", TERMREQ); + cp(); + + return send_request(c, "%d", TERMREQ); } -int termreq_h(connection_t *c) +int termreq_h(connection_t * c) { - cp(); - terminate_connection(c, c->status.active); - cp(); - return 0; + cp(); + + terminate_connection(c, c->status.active); + + return 0; } -int send_ping(connection_t *c) +int send_ping(connection_t * c) { - cp(); - c->status.pinged = 1; - c->last_ping_time = now; - cp(); - return send_request(c, "%d", PING); + cp(); + + c->status.pinged = 1; + c->last_ping_time = now; + + return send_request(c, "%d", PING); } -int ping_h(connection_t *c) +int ping_h(connection_t * c) { - cp(); - return send_pong(c); + cp(); + + return send_pong(c); } -int send_pong(connection_t *c) +int send_pong(connection_t * c) { - cp(); - return send_request(c, "%d", PONG); + cp(); + + return send_request(c, "%d", PONG); } -int pong_h(connection_t *c) +int pong_h(connection_t * c) { - cp(); - c->status.pinged = 0; + cp(); - /* Succesful connection, reset timeout if this is an outgoing connection. */ - - if(c->outgoing) - c->outgoing->timeout = 0; - cp(); - return 0; + c->status.pinged = 0; + + /* Succesful connection, reset timeout if this is an outgoing connection. */ + + if(c->outgoing) + c->outgoing->timeout = 0; + + return 0; } /* Sending and receiving packets via TCP */ -int send_tcppacket(connection_t *c, vpn_packet_t *packet) +int send_tcppacket(connection_t * c, vpn_packet_t * packet) { - int x; - cp(); - /* Evil hack. */ + int x; - x = send_request(c, "%d %hd", PACKET, packet->len); + cp(); - if(x) - return x; - cp(); - return send_meta(c, packet->data, packet->len); + /* Evil hack. */ + + x = send_request(c, "%d %hd", PACKET, packet->len); + + if(x) + return x; + + return send_meta(c, packet->data, packet->len); } -int tcppacket_h(connection_t *c) +int tcppacket_h(connection_t * c) { - short int len; - cp(); - if(sscanf(c->buffer, "%*d %hd", &len) != 1) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "PACKET", c->name, c->hostname); - return -1; - } + short int len; - /* Set reqlen to len, this will tell receive_meta() that a tcppacket is coming. */ + cp(); - c->tcplen = len; - cp(); - return 0; + if(sscanf(c->buffer, "%*d %hd", &len) != 1) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "PACKET", c->name, + c->hostname); + return -1; + } + + /* Set reqlen to len, this will tell receive_meta() that a tcppacket is coming. */ + + c->tcplen = len; + + return 0; } /* Status strings */ char (*status_text[]) = { - "Warning", + "Warning", }; /* Error strings */ char (*error_text[]) = { - "Error", + "Error", }; diff --git a/src/protocol_node.c b/src/protocol_node.c index f95dec8e..f6be38fd 100644 --- a/src/protocol_node.c +++ b/src/protocol_node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_node.c,v 1.1.4.7 2002/09/09 19:40:08 guus Exp $ + $Id: protocol_node.c,v 1.1.4.8 2002/09/09 21:25:02 guus Exp $ */ #include "config.h" @@ -43,204 +43,202 @@ #include "system.h" -int send_add_node(connection_t *c, node_t *n) +int send_add_node(connection_t * c, node_t * n) { - int x; - char *address, *port; - cp(); - if(!n->status.reachable) - return 0; + int x; + char *address, *port; + cp(); + if(!n->status.reachable) + return 0; - sockaddr2str(&n->address, &address, &port); - x = send_request(c, "%d %s %s %s %lx %d %s %s", ADD_NODE, - n->name, address, port, - n->options, n->distance + 1, // Alternatively, use n->distance + c->estimated_weight - n->prevhop->name, n->via->name); - free(address); - free(port); - cp(); - return x; + sockaddr2str(&n->address, &address, &port); + x = send_request(c, "%d %s %s %s %lx %d %s %s", ADD_NODE, n->name, address, port, n->options, n->distance + 1, // Alternatively, use n->distance + c->estimated_weight + n->prevhop->name, n->via->name); + free(address); + free(port); + cp(); + return x; } -int add_node_h(connection_t *c) +int add_node_h(connection_t * c) { - connection_t *other; - node_t *n, *prevhop, *via; - char name[MAX_STRING_SIZE]; - char address[MAX_STRING_SIZE]; - char port[MAX_STRING_SIZE]; - char prevhopname[MAX_STRING_SIZE]; - char vianame[MAX_STRING_SIZE]; - long int options; - int distance; - avl_node_t *node; - cp(); - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d "MAX_STRING" "MAX_STRING, - name, address, port, &options, &distance, prevhopname, vianame) != 7) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_NODE", c->name, c->hostname); - return -1; - } + connection_t *other; + node_t *n, *prevhop, *via; + char name[MAX_STRING_SIZE]; + char address[MAX_STRING_SIZE]; + char port[MAX_STRING_SIZE]; + char prevhopname[MAX_STRING_SIZE]; + char vianame[MAX_STRING_SIZE]; + long int options; + int distance; + avl_node_t *node; + cp(); + if(sscanf + (c->buffer, + "%*d " MAX_STRING " " MAX_STRING " " MAX_STRING " %lx %d " MAX_STRING + " " MAX_STRING, name, address, port, &options, &distance, prevhopname, + vianame) != 7) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_NODE", c->name, + c->hostname); + return -1; + } - /* Check if names are valid */ + /* Check if names are valid */ - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_NODE", c->name, c->hostname, _("invalid name")); - return -1; - } + if(check_id(name)) { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_NODE", c->name, + c->hostname, _("invalid name")); + return -1; + } - /* This node is indirect if it's nexthop is as well */ - - if(c->node->options & OPTION_INDIRECT) - options |= OPTION_INDIRECT; + /* This node is indirect if it's nexthop is as well */ - /* Lookup nodes */ + if(c->node->options & OPTION_INDIRECT) + options |= OPTION_INDIRECT; - prevhop = lookup_node(prevhopname); - - if(!prevhop) - { - prevhop = new_node(); - prevhop->name = xstrdup(prevhopname); - node_add(prevhop); - } + /* Lookup nodes */ - via = lookup_node(vianame); - - if(!via) - { - via = new_node(); - via->name = xstrdup(vianame); - node_add(via); - } + prevhop = lookup_node(prevhopname); - n = lookup_node(name); - - if(!n) - { - // It's a new node. Add it and tell the others. - n = new_node(); - n->name = xstrdup(name); - n->address = str2sockaddr(address, port); - n->hostname = sockaddr2hostname(&n->address); - n->options = options; - n->distance = distance; - n->nexthop = c->node; - n->prevhop = prevhop; - n->via = via; - node_add(n); - if(prevhop == myself) - { - syslog(LOG_WARNING, _("Got ADD_NODE %s prevhop %s via %s from %s, sending back a DEL_NODE!"), name, prevhopname, vianame, c->name); - // send_del_node(c, n); - return 0; - } - n->status.reachable = 1; - } - else - { - // If this ADD_NODE is closer or more direct, use it instead of the old one. - if(!n->status.reachable || ((n->options & OPTION_INDIRECT) && !(options & OPTION_INDIRECT)) || n->distance > distance) - { - if(prevhop == myself) - { - syslog(LOG_WARNING, _("Got ADD_NODE %s prevhop %s via %s from %s!"), name, prevhopname, vianame, c->name); - // send_del_node(c, n); - return 0; - } - node = avl_unlink(node_udp_tree, n); - n->address = str2sockaddr(address, port); - avl_insert_node(node_udp_tree, node); - if(n->hostname) - free(n->hostname); - n->hostname = sockaddr2hostname(&n->address); - n->options = options; - n->distance = distance; - n->via = n->nexthop = c->node; - n->status.reachable = 1; - n->status.validkey = 0; - n->status.waitingforkey = 0; - } - else - // Otherwise, just ignore it. - return 0; - } + if(!prevhop) { + prevhop = new_node(); + prevhop->name = xstrdup(prevhopname); + node_add(prevhop); + } - /* Tell the rest about the new node */ + via = lookup_node(vianame); - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_add_node(other, n); - } + if(!via) { + via = new_node(); + via->name = xstrdup(vianame); + node_add(via); + } - cp(); - return 0; + n = lookup_node(name); + + if(!n) { + // It's a new node. Add it and tell the others. + n = new_node(); + n->name = xstrdup(name); + n->address = str2sockaddr(address, port); + n->hostname = sockaddr2hostname(&n->address); + n->options = options; + n->distance = distance; + n->nexthop = c->node; + n->prevhop = prevhop; + n->via = via; + node_add(n); + if(prevhop == myself) { + syslog(LOG_WARNING, + _ + ("Got ADD_NODE %s prevhop %s via %s from %s, sending back a DEL_NODE!"), + name, prevhopname, vianame, c->name); + // send_del_node(c, n); + return 0; + } + n->status.reachable = 1; + } else { + // If this ADD_NODE is closer or more direct, use it instead of the old one. + if(!n->status.reachable + || ((n->options & OPTION_INDIRECT) && !(options & OPTION_INDIRECT)) + || n->distance > distance) { + if(prevhop == myself) { + syslog(LOG_WARNING, + _("Got ADD_NODE %s prevhop %s via %s from %s!"), name, + prevhopname, vianame, c->name); + // send_del_node(c, n); + return 0; + } + node = avl_unlink(node_udp_tree, n); + n->address = str2sockaddr(address, port); + avl_insert_node(node_udp_tree, node); + if(n->hostname) + free(n->hostname); + n->hostname = sockaddr2hostname(&n->address); + n->options = options; + n->distance = distance; + n->via = n->nexthop = c->node; + n->status.reachable = 1; + n->status.validkey = 0; + n->status.waitingforkey = 0; + } else + // Otherwise, just ignore it. + return 0; + } + + /* Tell the rest about the new node */ + + for(node = connection_tree->head; node; node = node->next) { + other = (connection_t *) node->data; + if(other->status.active && other != c) + send_add_node(other, n); + } + + cp(); + return 0; } -int send_del_node(connection_t *c, node_t *n) +int send_del_node(connection_t * c, node_t * n) { - cp(); - return send_request(c, "%d %s %s", DEL_NODE, n->name, n->prevhop->name); + cp(); + return send_request(c, "%d %s %s", DEL_NODE, n->name, n->prevhop->name); } -int del_node_h(connection_t *c) +int del_node_h(connection_t * c) { - char name[MAX_STRING_SIZE]; - char prevhopname[MAX_STRING_SIZE]; - node_t *n, *prevhop; - connection_t *other; - avl_node_t *node; - cp(); - if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING, name, prevhopname) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_NODE", - c->name, c->hostname); - return -1; - } + char name[MAX_STRING_SIZE]; + char prevhopname[MAX_STRING_SIZE]; + node_t *n, *prevhop; + connection_t *other; + avl_node_t *node; + cp(); + if(sscanf(c->buffer, "%*d " MAX_STRING " " MAX_STRING, name, prevhopname) != + 2) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_NODE", c->name, + c->hostname); + return -1; + } - /* Check if names are valid */ + /* Check if names are valid */ - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_NODE", c->name, c->hostname, _("invalid name")); - return -1; - } + if(check_id(name)) { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_NODE", c->name, + c->hostname, _("invalid name")); + return -1; + } - /* Lookup nodes */ + /* Lookup nodes */ - n = lookup_node(name); - prevhop = lookup_node(prevhopname); + n = lookup_node(name); + prevhop = lookup_node(prevhopname); - if(!n || !prevhop) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) which does not appear in the node tree"), "DEL_NODE", c->name, c->hostname); - return 0; - } + if(!n || !prevhop) { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, + _ + ("Got %s from %s (%s) which does not appear in the node tree"), + "DEL_NODE", c->name, c->hostname); + return 0; + } - /* If we got a DEL_NODE but we know of a different route to it, tell the one who send the DEL_NODE */ + /* If we got a DEL_NODE but we know of a different route to it, tell the one who send the DEL_NODE */ - if(n->nexthop != c->node) - { - return send_add_node(c, n); - } - - /* Otherwise, tell the rest about the deleted node */ + if(n->nexthop != c->node) { + return send_add_node(c, n); + } - for(node = connection_tree->head; node; node = node->next) - { - other = (connection_t *)node->data; - if(other->status.active && other != c) - send_del_node(other, n); - } + /* Otherwise, tell the rest about the deleted node */ - /* "Delete" the node */ - - n->status.reachable = 0; - n->status.validkey = 0; - cp(); - return 0; + for(node = connection_tree->head; node; node = node->next) { + other = (connection_t *) node->data; + if(other->status.active && other != c) + send_del_node(other, n); + } + + /* "Delete" the node */ + + n->status.reachable = 0; + n->status.validkey = 0; + cp(); + return 0; } diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index ba617e5d..81cd52cb 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.7 2002/09/09 19:40:09 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.8 2002/09/09 21:25:02 guus Exp $ */ #include "config.h" @@ -43,185 +43,191 @@ #include "system.h" -int send_add_subnet(connection_t *c, subnet_t *subnet) +int send_add_subnet(connection_t * c, subnet_t * subnet) { - int x; - char *netstr; - cp(); - x = send_request(c, "%d %lx %s %s", ADD_SUBNET, random(), - subnet->owner->name, netstr = net2str(subnet)); - free(netstr); - cp(); - return x; + int x; + char *netstr; + + cp(); + + x = send_request(c, "%d %lx %s %s", ADD_SUBNET, random(), + subnet->owner->name, netstr = net2str(subnet)); + + free(netstr); + + return x; } -int add_subnet_h(connection_t *c) +int add_subnet_h(connection_t * c) { - char subnetstr[MAX_STRING_SIZE]; - char name[MAX_STRING_SIZE]; - node_t *owner; - subnet_t *s; - cp(); - if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_SUBNET", c->name, c->hostname); - return -1; - } + char subnetstr[MAX_STRING_SIZE]; + char name[MAX_STRING_SIZE]; + node_t *owner; + subnet_t *s; - /* Check if owner name is a valid */ + cp(); - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid name")); - return -1; - } + if(sscanf(c->buffer, "%*d %*x " MAX_STRING " " MAX_STRING, name, subnetstr) != 2) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_SUBNET", c->name, + c->hostname); + return -1; + } - /* Check if subnet string is valid */ + /* Check if owner name is a valid */ - s = str2net(subnetstr); + if(check_id(name)) { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, + c->hostname, _("invalid name")); + return -1; + } - if(!s) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid subnet string")); - return -1; - } + /* Check if subnet string is valid */ - if(seen_request(c->buffer)) - return 0; - - /* Check if the owner of the new subnet is in the connection list */ + s = str2net(subnetstr); - owner = lookup_node(name); + if(!s) { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, + c->hostname, _("invalid subnet string")); + return -1; + } - if(!owner) - { - owner = new_node(); - owner->name = xstrdup(name); - node_add(owner); - } + if(seen_request(c->buffer)) + return 0; - /* Check if we already know this subnet */ - - if(lookup_subnet(owner, s)) - { - free_subnet(s); - return 0; - } + /* Check if the owner of the new subnet is in the connection list */ - /* If we don't know this subnet, but we are the owner, retaliate with a DEL_SUBNET */ + owner = lookup_node(name); - if(owner == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "ADD_SUBNET", c->name, c->hostname); - s->owner = myself; - send_del_subnet(c, s); - return 0; - } + if(!owner) { + owner = new_node(); + owner->name = xstrdup(name); + node_add(owner); + } - /* If everything is correct, add the subnet to the list of the owner */ + /* Check if we already know this subnet */ - subnet_add(owner, s); + if(lookup_subnet(owner, s)) { + free_subnet(s); + return 0; + } - /* Tell the rest */ + /* If we don't know this subnet, but we are the owner, retaliate with a DEL_SUBNET */ - forward_request(c); - cp(); - return 0; + if(owner == myself) { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), + "ADD_SUBNET", c->name, c->hostname); + s->owner = myself; + send_del_subnet(c, s); + return 0; + } + + /* If everything is correct, add the subnet to the list of the owner */ + + subnet_add(owner, s); + + /* Tell the rest */ + + forward_request(c); + + return 0; } -int send_del_subnet(connection_t *c, subnet_t *s) +int send_del_subnet(connection_t * c, subnet_t * s) { - int x; - char *netstr; - cp(); - netstr = net2str(s); - x = send_request(c, "%d %lx %s %s", DEL_SUBNET, random(), s->owner->name, netstr); - free(netstr); - cp(); - return x; + int x; + char *netstr; + + cp(); + + netstr = net2str(s); + + x = send_request(c, "%d %lx %s %s", DEL_SUBNET, random(), s->owner->name, netstr); + + free(netstr); + + return x; } -int del_subnet_h(connection_t *c) +int del_subnet_h(connection_t * c) { - char subnetstr[MAX_STRING_SIZE]; - char name[MAX_STRING_SIZE]; - node_t *owner; - subnet_t *s, *find; - cp(); - if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, name, subnetstr) != 2) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_SUBNET", c->name, c->hostname); - return -1; - } + char subnetstr[MAX_STRING_SIZE]; + char name[MAX_STRING_SIZE]; + node_t *owner; + subnet_t *s, *find; - /* Check if owner name is a valid */ + cp(); - if(check_id(name)) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid name")); - return -1; - } + if(sscanf(c->buffer, "%*d %*x " MAX_STRING " " MAX_STRING, name, subnetstr) != 2) { + syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_SUBNET", c->name, + c->hostname); + return -1; + } - /* Check if the owner of the new subnet is in the connection list */ + /* Check if owner name is a valid */ - owner = lookup_node(name); + if(check_id(name)) { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, + c->hostname, _("invalid name")); + return -1; + } - if(!owner) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which is not in our node tree"), - "DEL_SUBNET", c->name, c->hostname, name); - return 0; - } + /* Check if the owner of the new subnet is in the connection list */ - /* Check if subnet string is valid */ + owner = lookup_node(name); - s = str2net(subnetstr); + if(!owner) { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which is not in our node tree"), + "DEL_SUBNET", c->name, c->hostname, name); + return 0; + } - if(!s) - { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid subnet string")); - return -1; - } + /* Check if subnet string is valid */ - if(seen_request(c->buffer)) - return 0; + s = str2net(subnetstr); - /* If everything is correct, delete the subnet from the list of the owner */ + if(!s) { + syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, + c->hostname, _("invalid subnet string")); + return -1; + } - s->owner = owner; + if(seen_request(c->buffer)) + return 0; - find = lookup_subnet(owner, s); - - free_subnet(s); + /* If everything is correct, delete the subnet from the list of the owner */ - if(!find) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), - "DEL_SUBNET", c->name, c->hostname, name); - return 0; - } - - /* If we are the owner of this subnet, retaliate with an ADD_SUBNET */ - - if(owner == myself) - { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_SUBNET", c->name, c->hostname); - send_add_subnet(c, find); - return 0; - } + s->owner = owner; - /* Tell the rest */ + find = lookup_subnet(owner, s); - forward_request(c); + free_subnet(s); - /* Finally, delete it. */ + if(!find) { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), + "DEL_SUBNET", c->name, c->hostname, name); + return 0; + } - subnet_del(owner, find); + /* If we are the owner of this subnet, retaliate with an ADD_SUBNET */ - cp(); - return 0; + if(owner == myself) { + if(debug_lvl >= DEBUG_PROTOCOL) + syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), + "DEL_SUBNET", c->name, c->hostname); + send_add_subnet(c, find); + return 0; + } + + /* Tell the rest */ + + forward_request(c); + + /* Finally, delete it. */ + + subnet_del(owner, find); + + return 0; } diff --git a/src/raw_socket/device.c b/src/raw_socket/device.c index 054afeef..0f239e09 100644 --- a/src/raw_socket/device.c +++ b/src/raw_socket/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.1 2002/07/18 14:30:45 guus Exp $ + $Id: device.c,v 1.1.2.2 2002/09/09 21:25:28 guus Exp $ */ #include "config.h" @@ -60,115 +60,103 @@ extern subnet_t mymac; */ int setup_device(void) { - struct ifreq ifr; - struct sockaddr_ll sa; -cp - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - interface = "eth0"; + struct ifreq ifr; + struct sockaddr_ll sa; + cp if(!get_config_string + (lookup_config(config_tree, "Interface"), &interface)) + interface = "eth0"; - if(!get_config_string(lookup_config(config_tree, "Device"), &device)) - device = interface; + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = interface; - device_info = _("raw socket"); -cp - if((device_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0) - { - syslog(LOG_ERR, _("Could not open %s: %s"), device_info, strerror(errno)); - return -1; - } + device_info = _("raw socket"); + cp if((device_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0) { + syslog(LOG_ERR, _("Could not open %s: %s"), device_info, + strerror(errno)); + return -1; + } - memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); - if(ioctl(device_fd, SIOCGIFINDEX, &ifr)) - { - close(device_fd); - syslog(LOG_ERR, _("Can't find interface %s: %s"), interface, strerror(errno)); - return -1; - } + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); + if(ioctl(device_fd, SIOCGIFINDEX, &ifr)) { + close(device_fd); + syslog(LOG_ERR, _("Can't find interface %s: %s"), interface, + strerror(errno)); + return -1; + } - memset(&sa, '0', sizeof(sa)); - sa.sll_family = AF_PACKET; - sa.sll_protocol = htons(ETH_P_ALL); - sa.sll_ifindex = ifr.ifr_ifindex; + memset(&sa, '0', sizeof(sa)); + sa.sll_family = AF_PACKET; + sa.sll_protocol = htons(ETH_P_ALL); + sa.sll_ifindex = ifr.ifr_ifindex; - if(bind(device_fd, (struct sockaddr *)&sa, (socklen_t)sizeof(sa))) - { - syslog(LOG_ERR, _("Could not bind to %s: %s"), device, strerror(errno)); - return -1; - } -cp - /* Set default MAC address for ethertap devices */ + if(bind(device_fd, (struct sockaddr *) &sa, (socklen_t) sizeof(sa))) { + syslog(LOG_ERR, _("Could not bind to %s: %s"), device, strerror(errno)); + return -1; + } + cp + /* Set default MAC address for ethertap devices */ + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; - - syslog(LOG_INFO, _("%s is a %s"), device, device_info); -cp - return 0; + syslog(LOG_INFO, _("%s is a %s"), device, device_info); + cp return 0; } void close_device(void) { -cp - close(device_fd); + cp close(device_fd); } /* read, encrypt and send data that is available through the ethertap device */ -int read_packet(vpn_packet_t *packet) +int read_packet(vpn_packet_t * packet) { - int lenin; -cp + int lenin; + cp if((lenin = read(device_fd, packet->data, MTU)) <= 0) { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return -1; + } - if((lenin = read(device_fd, packet->data, MTU)) <= 0) - { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + packet->len = lenin; - packet->len = lenin; + device_total_in += packet->len; - device_total_in += packet->len; + if(debug_lvl >= DEBUG_TRAFFIC) { + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + device_info); + } - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - } + return 0; +cp} - return 0; -cp -} - -int write_packet(vpn_packet_t *packet) +int write_packet(vpn_packet_t * packet) { -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), - packet->len, device_info); + cp if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); - if(write(device_fd, packet->data, packet->len) < 0) - { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + if(write(device_fd, packet->data, packet->len) < 0) { + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + strerror(errno)); + return -1; + } - device_total_out += packet->len; -cp - return 0; + device_total_out += packet->len; + cp return 0; } void dump_device_stats(void) { -cp - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp -} + cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp} diff --git a/src/route.c b/src/route.c index ad62bc22..fa99a7ef 100644 --- a/src/route.c +++ b/src/route.c @@ -17,24 +17,24 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.44 2002/09/09 19:40:11 guus Exp $ + $Id: route.c,v 1.1.2.45 2002/09/09 21:25:07 guus Exp $ */ #include "config.h" #ifdef HAVE_SYS_PARAM_H - #include +#include #endif #include #include #ifdef HAVE_NET_IF_H - #include +#include #endif #ifdef HAVE_NET_ETHERNET_H - #include +#include #endif #ifdef HAVE_NETINET_IN_SYSTM_H - #include +#include #endif #include #include @@ -44,7 +44,7 @@ #include #include #ifdef HAVE_INTTYPES_H - #include +#include #endif #include @@ -59,7 +59,7 @@ #include "system.h" #ifndef ETHER_ADDR_LEN - #define ETHER_ADDR_LEN 6 +#define ETHER_ADDR_LEN 6 #endif int routing_mode = RMODE_ROUTER; @@ -67,437 +67,437 @@ int priorityinheritance = 0; int macexpire = 600; subnet_t mymac; -void learn_mac(mac_t *address) +void learn_mac(mac_t * address) { - subnet_t *subnet; - avl_node_t *node; - connection_t *c; - cp(); - subnet = lookup_subnet_mac(address); + subnet_t *subnet; + avl_node_t *node; + connection_t *c; - /* If we don't know this MAC address yet, store it */ - - if(!subnet || subnet->owner!=myself) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx"), - address->x[0], address->x[1], address->x[2], address->x[3], address->x[4], address->x[5]); - - subnet = new_subnet(); - subnet->type = SUBNET_MAC; - memcpy(&subnet->net.mac.address, address, sizeof(mac_t)); - subnet_add(myself, subnet); + cp(); - /* And tell all other tinc daemons it's our MAC */ - - for(node = connection_tree->head; node; node = node->next) - { - c = (connection_t *)node->data; - if(c->status.active) - send_add_subnet(c, subnet); - } - } + subnet = lookup_subnet_mac(address); - subnet->net.mac.lastseen = now; + /* If we don't know this MAC address yet, store it */ + + if(!subnet || subnet->owner != myself) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx"), + address->x[0], address->x[1], address->x[2], address->x[3], + address->x[4], address->x[5]); + + subnet = new_subnet(); + subnet->type = SUBNET_MAC; + memcpy(&subnet->net.mac.address, address, sizeof(mac_t)); + subnet_add(myself, subnet); + + /* And tell all other tinc daemons it's our MAC */ + + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; + if(c->status.active) + send_add_subnet(c, subnet); + } + } + + subnet->net.mac.lastseen = now; } void age_mac(void) { - subnet_t *s; - connection_t *c; - avl_node_t *node, *next, *node2; - cp(); - for(node = myself->subnet_tree->head; node; node = next) - { - next = node->next; - s = (subnet_t *)node->data; - if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"), - s->net.mac.address.x[0], s->net.mac.address.x[1], s->net.mac.address.x[2], s->net.mac.address.x[3], s->net.mac.address.x[4], s->net.mac.address.x[5]); - for(node2 = connection_tree->head; node2; node2 = node2->next) - { - c = (connection_t *)node2->data; - if(c->status.active) - send_del_subnet(c, s); - } - subnet_del(myself, s); + subnet_t *s; + connection_t *c; + avl_node_t *node, *next, *node2; + + cp(); + + for(node = myself->subnet_tree->head; node; node = next) { + next = node->next; + s = (subnet_t *) node->data; + if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"), + s->net.mac.address.x[0], s->net.mac.address.x[1], + s->net.mac.address.x[2], s->net.mac.address.x[3], + s->net.mac.address.x[4], s->net.mac.address.x[5]); + + for(node2 = connection_tree->head; node2; node2 = node2->next) { + c = (connection_t *) node2->data; + if(c->status.active) + send_del_subnet(c, s); + } + + subnet_del(myself, s); + } } - } - cp(); } -node_t *route_mac(vpn_packet_t *packet) +node_t *route_mac(vpn_packet_t * packet) { - subnet_t *subnet; - cp(); - /* Learn source address */ + subnet_t *subnet; - learn_mac((mac_t *)(&packet->data[6])); - - /* Lookup destination address */ - - subnet = lookup_subnet_mac((mac_t *)(&packet->data[0])); + cp(); - if(subnet) - return subnet->owner; - else - return NULL; + /* Learn source address */ + + learn_mac((mac_t *) (&packet->data[6])); + + /* Lookup destination address */ + + subnet = lookup_subnet_mac((mac_t *) (&packet->data[0])); + + if(subnet) + return subnet->owner; + else + return NULL; } -node_t *route_ipv4(vpn_packet_t *packet) +node_t *route_ipv4(vpn_packet_t * packet) { - subnet_t *subnet; - cp(); - if(priorityinheritance) - packet->priority = packet->data[15]; + subnet_t *subnet; - subnet = lookup_subnet_ipv4((ipv4_t *)&packet->data[30]); - cp(); - if(!subnet) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"), - packet->data[30], packet->data[31], packet->data[32], packet->data[33]); - } + cp(); - return NULL; - } - cp(); - return subnet->owner; -} + if(priorityinheritance) + packet->priority = packet->data[15]; -node_t *route_ipv6(vpn_packet_t *packet) -{ - subnet_t *subnet; - cp(); - subnet = lookup_subnet_ipv6((ipv6_t *)&packet->data[38]); - cp(); - if(!subnet) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), - ntohs(*(uint16_t *)&packet->data[38]), - ntohs(*(uint16_t *)&packet->data[40]), - ntohs(*(uint16_t *)&packet->data[42]), - ntohs(*(uint16_t *)&packet->data[44]), - ntohs(*(uint16_t *)&packet->data[46]), - ntohs(*(uint16_t *)&packet->data[48]), - ntohs(*(uint16_t *)&packet->data[50]), - ntohs(*(uint16_t *)&packet->data[52])); - } + subnet = lookup_subnet_ipv4((ipv4_t *) & packet->data[30]); - return NULL; - } - cp(); - return subnet->owner; -} - -uint16_t inet_checksum(uint16_t *data, int len, uint16_t prevsum) -{ - uint32_t checksum = prevsum ^ 0xFFFF; - - while(len--) - checksum += ntohs(*data++); - - while(checksum >> 16) - checksum = (checksum & 0xFFFF) + (checksum >> 16); - - return checksum ^ 0xFFFF; -} - -void route_neighborsol(vpn_packet_t *packet) -{ - struct ip6_hdr *hdr; - struct nd_neighbor_solicit *ns; - struct nd_opt_hdr *opt; - subnet_t *subnet; - uint16_t checksum; - - struct { - struct in6_addr ip6_src; /* source address */ - struct in6_addr ip6_dst; /* destination address */ - uint32_t length; - uint8_t junk[4]; - } pseudo; - - cp(); - hdr = (struct ip6_hdr *)(packet->data + 14); - ns = (struct nd_neighbor_solicit *)(packet->data + 14 + sizeof(*hdr)); - opt = (struct nd_opt_hdr *)(packet->data + 14 + sizeof(*hdr) + sizeof(*ns)); - - /* First, snatch the source address from the neighbor solicitation packet */ - - memcpy(mymac.net.mac.address.x, packet->data + 6, 6); - - /* Check if this is a valid neighbor solicitation request */ - - if(ns->nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT || - opt->nd_opt_type != ND_OPT_SOURCE_LINKADDR) - { - if(debug_lvl > DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request")); - } - return; - } - - /* Create pseudo header */ - - memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); - memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); - pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); - pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; - pseudo.junk[3] = IPPROTO_ICMPV6; - - /* Generate checksum */ - - checksum = inet_checksum((uint16_t *)&pseudo, sizeof(pseudo)/2, ~0); - checksum = inet_checksum((uint16_t *)ns, sizeof(*ns)/2 + 4, checksum); - - if(checksum) - { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request")); - return; - } - - /* Check if the IPv6 address exists on the VPN */ - - subnet = lookup_subnet_ipv6((ipv6_t *)&ns->nd_ns_target); - - if(!subnet) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), - ntohs(((uint16_t *)&ns->nd_ns_target)[0]), ntohs(((uint16_t *)&ns->nd_ns_target)[1]), ntohs(((uint16_t *)&ns->nd_ns_target)[2]), ntohs(((uint16_t *)&ns->nd_ns_target)[3]), - ntohs(((uint16_t *)&ns->nd_ns_target)[4]), ntohs(((uint16_t *)&ns->nd_ns_target)[5]), ntohs(((uint16_t *)&ns->nd_ns_target)[6]), ntohs(((uint16_t *)&ns->nd_ns_target)[7])); - } - - return; - } - - /* Check if it is for our own subnet */ - - if(subnet->owner == myself) - return; /* silently ignore */ - - /* Create neighbor advertation reply */ - - memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ - packet->data[ETHER_ADDR_LEN*2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ - - memcpy(&hdr->ip6_dst, &hdr->ip6_src, 16); /* swap destination and source protocol address */ - memcpy(&hdr->ip6_src, &ns->nd_ns_target, 16); /* ... */ - - memcpy((char *)opt + sizeof(*opt), packet->data + ETHER_ADDR_LEN, 6); /* add fake source hard addr */ - - ns->nd_ns_hdr.icmp6_cksum = 0; - ns->nd_ns_hdr.icmp6_type = ND_NEIGHBOR_ADVERT; - ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[0] = 0x40; /* Set solicited flag */ - ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[1] = ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[2] = ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[3] = 0; - opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; - - /* Create pseudo header */ - - memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); - memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); - pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); - pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; - pseudo.junk[3] = IPPROTO_ICMPV6; - - /* Generate checksum */ - - checksum = inet_checksum((uint16_t *)&pseudo, sizeof(pseudo)/2, ~0); - checksum = inet_checksum((uint16_t *)ns, sizeof(*ns)/2 + 4, checksum); - - ns->nd_ns_hdr.icmp6_cksum = htons(checksum); - - write_packet(packet); - cp(); -} - -void route_arp(vpn_packet_t *packet) -{ - struct ether_arp *arp; - subnet_t *subnet; - uint8_t ipbuf[4]; - cp(); - /* First, snatch the source address from the ARP packet */ - - memcpy(mymac.net.mac.address.x, packet->data + 6, 6); - - /* This routine generates replies to ARP requests. - You don't need to set NOARP flag on the interface anymore (which is broken on FreeBSD). - Most of the code here is taken from choparp.c by Takamichi Tateoka (tree@mma.club.uec.ac.jp) - */ - - arp = (struct ether_arp *)(packet->data + 14); - - /* Check if this is a valid ARP request */ - - if(ntohs(arp->arp_hrd) != ARPHRD_ETHER || - ntohs(arp->arp_pro) != ETHERTYPE_IP || - arp->arp_hln != ETHER_ADDR_LEN || - arp->arp_pln != 4 || - ntohs(arp->arp_op) != ARPOP_REQUEST ) - { - if(debug_lvl > DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: received unknown type ARP request")); - } - return; - } - - /* Check if the IPv4 address exists on the VPN */ - - subnet = lookup_subnet_ipv4((ipv4_t *)arp->arp_tpa); - - if(!subnet) - { - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: ARP request for unknown address %d.%d.%d.%d"), - arp->arp_tpa[0], arp->arp_tpa[1], arp->arp_tpa[2], arp->arp_tpa[3]); - } - - return; - } - - /* Check if it is for our own subnet */ - - if(subnet->owner == myself) - return; /* silently ignore */ - - memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ - packet->data[ETHER_ADDR_LEN*2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ - - memcpy(ipbuf, arp->arp_tpa, 4); /* save protocol addr */ - memcpy(arp->arp_tpa, arp->arp_spa, 4); /* swap destination and source protocol address */ - memcpy(arp->arp_spa, ipbuf, 4); /* ... */ - - memcpy(arp->arp_tha, arp->arp_sha, 10); /* set target hard/proto addr */ - memcpy(arp->arp_sha, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* add fake source hard addr */ - arp->arp_op = htons(ARPOP_REPLY); - - write_packet(packet); - cp(); -} - -void route_outgoing(vpn_packet_t *packet) -{ - uint16_t type; - node_t *n = NULL; - cp(); - /* FIXME: multicast? */ - - switch(routing_mode) - { - case RMODE_ROUTER: - type = ntohs(*((uint16_t *)(&packet->data[12]))); - switch(type) - { - case 0x0800: - n = route_ipv4(packet); - break; - case 0x86DD: - if(packet->data[20] == IPPROTO_ICMPV6 && packet->data[54] == ND_NEIGHBOR_SOLICIT) - { - route_neighborsol(packet); - return; + if(!subnet) { + if(debug_lvl >= DEBUG_TRAFFIC) { + syslog(LOG_WARNING, _("Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"), + packet->data[30], packet->data[31], packet->data[32], + packet->data[33]); } - n = route_ipv6(packet); - break; - case 0x0806: - route_arp(packet); - return; - default: - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_WARNING, _("Cannot route packet: unknown type %hx"), type); - } - return; - } - if(n) - send_packet(n, packet); - break; - - case RMODE_SWITCH: - n = route_mac(packet); - if(n) - send_packet(n, packet); - else - broadcast_packet(myself, packet); - break; - - case RMODE_HUB: - broadcast_packet(myself, packet); - break; - } + + return NULL; + } + + return subnet->owner; } -void route_incoming(node_t *source, vpn_packet_t *packet) +node_t *route_ipv6(vpn_packet_t * packet) { - switch(routing_mode) - { - case RMODE_ROUTER: - { - node_t *n = NULL; - uint16_t type; + subnet_t *subnet; - type = ntohs(*((uint16_t *)(&packet->data[12]))); - switch(type) - { - case 0x0800: - n = route_ipv4(packet); - break; - case 0x86DD: - n = route_ipv6(packet); - break; - default: - n = myself; - break; - } + cp(); - if(n) - { - if(n == myself) - { - memcpy(packet->data, mymac.net.mac.address.x, 6); - write_packet(packet); + subnet = lookup_subnet_ipv6((ipv6_t *) & packet->data[38]); + + if(!subnet) { + if(debug_lvl >= DEBUG_TRAFFIC) { + syslog(LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), + ntohs(*(uint16_t *) & packet->data[38]), + ntohs(*(uint16_t *) & packet->data[40]), + ntohs(*(uint16_t *) & packet->data[42]), + ntohs(*(uint16_t *) & packet->data[44]), + ntohs(*(uint16_t *) & packet->data[46]), + ntohs(*(uint16_t *) & packet->data[48]), + ntohs(*(uint16_t *) & packet->data[50]), + ntohs(*(uint16_t *) & packet->data[52])); } - else - send_packet(n, packet); - } - } - break; - case RMODE_SWITCH: - { - subnet_t *subnet; - subnet = lookup_subnet_mac((mac_t *)(&packet->data[0])); + return NULL; + } - if(subnet) - { - if(subnet->owner == myself) - write_packet(packet); - else - send_packet(subnet->owner, packet); - } - else - { - broadcast_packet(source, packet); - write_packet(packet); - } - } - break; - case RMODE_HUB: - broadcast_packet(source, packet); /* Spread it on */ - write_packet(packet); - break; - } + return subnet->owner; +} + +uint16_t inet_checksum(uint16_t * data, int len, uint16_t prevsum) +{ + uint32_t checksum = prevsum ^ 0xFFFF; + + while(len--) + checksum += ntohs(*data++); + + while(checksum >> 16) + checksum = (checksum & 0xFFFF) + (checksum >> 16); + + return checksum ^ 0xFFFF; +} + +void route_neighborsol(vpn_packet_t * packet) +{ + struct ip6_hdr *hdr; + struct nd_neighbor_solicit *ns; + struct nd_opt_hdr *opt; + subnet_t *subnet; + uint16_t checksum; + + struct { + struct in6_addr ip6_src; /* source address */ + struct in6_addr ip6_dst; /* destination address */ + uint32_t length; + uint8_t junk[4]; + } pseudo; + + cp(); + + hdr = (struct ip6_hdr *) (packet->data + 14); + ns = (struct nd_neighbor_solicit *) (packet->data + 14 + sizeof(*hdr)); + opt = (struct nd_opt_hdr *) (packet->data + 14 + sizeof(*hdr) + sizeof(*ns)); + + /* First, snatch the source address from the neighbor solicitation packet */ + + memcpy(mymac.net.mac.address.x, packet->data + 6, 6); + + /* Check if this is a valid neighbor solicitation request */ + + if(ns->nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT || + opt->nd_opt_type != ND_OPT_SOURCE_LINKADDR) { + if(debug_lvl > DEBUG_TRAFFIC) { + syslog(LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request")); + } + return; + } + + /* Create pseudo header */ + + memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); + memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); + pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); + pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; + pseudo.junk[3] = IPPROTO_ICMPV6; + + /* Generate checksum */ + + checksum = inet_checksum((uint16_t *) & pseudo, sizeof(pseudo) / 2, ~0); + checksum = inet_checksum((uint16_t *) ns, sizeof(*ns) / 2 + 4, checksum); + + if(checksum) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request")); + return; + } + + /* Check if the IPv6 address exists on the VPN */ + + subnet = lookup_subnet_ipv6((ipv6_t *) & ns->nd_ns_target); + + if(!subnet) { + if(debug_lvl >= DEBUG_TRAFFIC) { + syslog(LOG_WARNING, _("Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), + ntohs(((uint16_t *) & ns->nd_ns_target)[0]), + ntohs(((uint16_t *) & ns->nd_ns_target)[1]), + ntohs(((uint16_t *) & ns->nd_ns_target)[2]), + ntohs(((uint16_t *) & ns->nd_ns_target)[3]), + ntohs(((uint16_t *) & ns->nd_ns_target)[4]), + ntohs(((uint16_t *) & ns->nd_ns_target)[5]), + ntohs(((uint16_t *) & ns->nd_ns_target)[6]), + ntohs(((uint16_t *) & ns->nd_ns_target)[7])); + } + + return; + } + + /* Check if it is for our own subnet */ + + if(subnet->owner == myself) + return; /* silently ignore */ + + /* Create neighbor advertation reply */ + + memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ + packet->data[ETHER_ADDR_LEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ + + memcpy(&hdr->ip6_dst, &hdr->ip6_src, 16); /* swap destination and source protocol address */ + memcpy(&hdr->ip6_src, &ns->nd_ns_target, 16); /* ... */ + + memcpy((char *) opt + sizeof(*opt), packet->data + ETHER_ADDR_LEN, 6); /* add fake source hard addr */ + + ns->nd_ns_hdr.icmp6_cksum = 0; + ns->nd_ns_hdr.icmp6_type = ND_NEIGHBOR_ADVERT; + ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[0] = 0x40; /* Set solicited flag */ + ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[1] = + ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[2] = + ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[3] = 0; + opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; + + /* Create pseudo header */ + + memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); + memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); + pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); + pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; + pseudo.junk[3] = IPPROTO_ICMPV6; + + /* Generate checksum */ + + checksum = inet_checksum((uint16_t *) & pseudo, sizeof(pseudo) / 2, ~0); + checksum = inet_checksum((uint16_t *) ns, sizeof(*ns) / 2 + 4, checksum); + + ns->nd_ns_hdr.icmp6_cksum = htons(checksum); + + write_packet(packet); +} + +void route_arp(vpn_packet_t * packet) +{ + struct ether_arp *arp; + subnet_t *subnet; + uint8_t ipbuf[4]; + + cp(); + + /* First, snatch the source address from the ARP packet */ + + memcpy(mymac.net.mac.address.x, packet->data + 6, 6); + + /* This routine generates replies to ARP requests. + You don't need to set NOARP flag on the interface anymore (which is broken on FreeBSD). + Most of the code here is taken from choparp.c by Takamichi Tateoka (tree@mma.club.uec.ac.jp) + */ + + arp = (struct ether_arp *) (packet->data + 14); + + /* Check if this is a valid ARP request */ + + if(ntohs(arp->arp_hrd) != ARPHRD_ETHER || ntohs(arp->arp_pro) != ETHERTYPE_IP || + arp->arp_hln != ETHER_ADDR_LEN || arp->arp_pln != 4 || ntohs(arp->arp_op) != ARPOP_REQUEST) { + if(debug_lvl > DEBUG_TRAFFIC) { + syslog(LOG_WARNING, _("Cannot route packet: received unknown type ARP request")); + } + return; + } + + /* Check if the IPv4 address exists on the VPN */ + + subnet = lookup_subnet_ipv4((ipv4_t *) arp->arp_tpa); + + if(!subnet) { + if(debug_lvl >= DEBUG_TRAFFIC) { + syslog(LOG_WARNING, _("Cannot route packet: ARP request for unknown address %d.%d.%d.%d"), + arp->arp_tpa[0], arp->arp_tpa[1], arp->arp_tpa[2], + arp->arp_tpa[3]); + } + + return; + } + + /* Check if it is for our own subnet */ + + if(subnet->owner == myself) + return; /* silently ignore */ + + memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ + packet->data[ETHER_ADDR_LEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ + + memcpy(ipbuf, arp->arp_tpa, 4); /* save protocol addr */ + memcpy(arp->arp_tpa, arp->arp_spa, 4); /* swap destination and source protocol address */ + memcpy(arp->arp_spa, ipbuf, 4); /* ... */ + + memcpy(arp->arp_tha, arp->arp_sha, 10); /* set target hard/proto addr */ + memcpy(arp->arp_sha, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* add fake source hard addr */ + arp->arp_op = htons(ARPOP_REPLY); + + write_packet(packet); +} + +void route_outgoing(vpn_packet_t * packet) +{ + uint16_t type; + node_t *n = NULL; + + cp(); + + /* FIXME: multicast? */ + + switch (routing_mode) { + case RMODE_ROUTER: + type = ntohs(*((uint16_t *) (&packet->data[12]))); + switch (type) { + case 0x0800: + n = route_ipv4(packet); + break; + + case 0x86DD: + if(packet->data[20] == IPPROTO_ICMPV6 && packet->data[54] == ND_NEIGHBOR_SOLICIT) { + route_neighborsol(packet); + return; + } + n = route_ipv6(packet); + break; + + case 0x0806: + route_arp(packet); + return; + + default: + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_WARNING, _("Cannot route packet: unknown type %hx"), type); + return; + } + if(n) + send_packet(n, packet); + break; + + case RMODE_SWITCH: + n = route_mac(packet); + if(n) + send_packet(n, packet); + else + broadcast_packet(myself, packet); + break; + + case RMODE_HUB: + broadcast_packet(myself, packet); + break; + } +} + +void route_incoming(node_t * source, vpn_packet_t * packet) +{ + switch (routing_mode) { + case RMODE_ROUTER: + { + node_t *n = NULL; + uint16_t type; + + type = ntohs(*((uint16_t *) (&packet->data[12]))); + switch (type) { + case 0x0800: + n = route_ipv4(packet); + break; + + case 0x86DD: + n = route_ipv6(packet); + break; + + default: + n = myself; + break; + } + + if(n) { + if(n == myself) { + memcpy(packet->data, mymac.net.mac.address.x, 6); + write_packet(packet); + } else + send_packet(n, packet); + } + } + break; + + case RMODE_SWITCH: + { + subnet_t *subnet; + + subnet = lookup_subnet_mac((mac_t *) (&packet->data[0])); + + if(subnet) { + if(subnet->owner == myself) + write_packet(packet); + else + send_packet(subnet->owner, packet); + } else { + broadcast_packet(source, packet); + write_packet(packet); + } + } + break; + + case RMODE_HUB: + broadcast_packet(source, packet); /* Spread it on */ + write_packet(packet); + break; + } } diff --git a/src/route.h b/src/route.h index 2883b03c..1752d470 100644 --- a/src/route.h +++ b/src/route.h @@ -17,17 +17,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.h,v 1.1.2.8 2002/06/21 10:11:33 guus Exp $ + $Id: route.h,v 1.1.2.9 2002/09/09 21:25:07 guus Exp $ */ #ifndef __TINC_ROUTE_H__ #define __TINC_ROUTE_H__ -enum -{ - RMODE_HUB = 0, - RMODE_SWITCH, - RMODE_ROUTER, +enum { + RMODE_HUB = 0, + RMODE_SWITCH, + RMODE_ROUTER, }; extern int routing_mode; @@ -38,4 +37,4 @@ extern void age_mac(void); extern void route_incoming(node_t *, vpn_packet_t *); extern void route_outgoing(vpn_packet_t *); -#endif /* __TINC_ROUTE_H__ */ +#endif /* __TINC_ROUTE_H__ */ diff --git a/src/solaris/device.c b/src/solaris/device.c index c72662b1..bab7236a 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.8 2002/06/21 10:11:37 guus Exp $ + $Id: device.c,v 1.1.2.9 2002/09/09 21:25:28 guus Exp $ */ @@ -61,136 +61,126 @@ subnet_t mymac; int setup_device(void) { - int ip_fd = -1, if_fd = -1; - int ppa; - char *ptr; + int ip_fd = -1, if_fd = -1; + int ppa; + char *ptr; -cp - if(!get_config_string(lookup_config(config_tree, "Device"), &device)) - device = DEFAULT_DEVICE; + cp if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + device = DEFAULT_DEVICE; -cp - if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) - { - syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); - return -1; - } -cp - ppa = 0; + cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { + syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + return -1; + } + cp ppa = 0; - ptr = device; - while(*ptr && !isdigit((int)*ptr)) ptr++; - ppa = atoi(ptr); + ptr = device; + while(*ptr && !isdigit((int) *ptr)) + ptr++; + ppa = atoi(ptr); - if( (ip_fd = open("/dev/ip", O_RDWR, 0)) < 0){ - syslog(LOG_ERR, _("Could not open /dev/ip: %s"), strerror(errno)); - return -1; - } + if((ip_fd = open("/dev/ip", O_RDWR, 0)) < 0) { + syslog(LOG_ERR, _("Could not open /dev/ip: %s"), strerror(errno)); + return -1; + } - /* Assign a new PPA and get its unit number. */ - if( (ppa = ioctl(device_fd, TUNNEWPPA, ppa)) < 0){ - syslog(LOG_ERR, _("Can't assign new interface: %s"), strerror(errno)); - return -1; - } + /* Assign a new PPA and get its unit number. */ + if((ppa = ioctl(device_fd, TUNNEWPPA, ppa)) < 0) { + syslog(LOG_ERR, _("Can't assign new interface: %s"), strerror(errno)); + return -1; + } - if( (if_fd = open(device, O_RDWR, 0)) < 0){ - syslog(LOG_ERR, _("Could not open %s twice: %s"), device, strerror(errno)); - return -1; - } + if((if_fd = open(device, O_RDWR, 0)) < 0) { + syslog(LOG_ERR, _("Could not open %s twice: %s"), device, + strerror(errno)); + return -1; + } - if(ioctl(if_fd, I_PUSH, "ip") < 0){ - syslog(LOG_ERR, _("Can't push IP module: %s"), strerror(errno)); - return -1; - } + if(ioctl(if_fd, I_PUSH, "ip") < 0) { + syslog(LOG_ERR, _("Can't push IP module: %s"), strerror(errno)); + return -1; + } - /* Assign ppa according to the unit number returned by tun device */ - if(ioctl(if_fd, IF_UNITSEL, (char *)&ppa) < 0){ - syslog(LOG_ERR, _("Can't set PPA %d: %s"), ppa, strerror(errno)); - return -1; - } + /* Assign ppa according to the unit number returned by tun device */ + if(ioctl(if_fd, IF_UNITSEL, (char *) &ppa) < 0) { + syslog(LOG_ERR, _("Can't set PPA %d: %s"), ppa, strerror(errno)); + return -1; + } - if(ioctl(ip_fd, I_LINK, if_fd) < 0){ - syslog(LOG_ERR, _("Can't link TUN device to IP: %s"), strerror(errno)); - return -1; - } + if(ioctl(ip_fd, I_LINK, if_fd) < 0) { + syslog(LOG_ERR, _("Can't link TUN device to IP: %s"), strerror(errno)); + return -1; + } - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - asprintf(&interface, "tun%d", ppa); + if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + asprintf(&interface, "tun%d", ppa); - device_info = _("Solaris tun device"); + device_info = _("Solaris tun device"); - /* Set default MAC address for ethertap devices */ + /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; + mymac.type = SUBNET_MAC; + mymac.net.mac.address.x[0] = 0xfe; + mymac.net.mac.address.x[1] = 0xfd; + mymac.net.mac.address.x[2] = 0x00; + mymac.net.mac.address.x[3] = 0x00; + mymac.net.mac.address.x[4] = 0x00; + mymac.net.mac.address.x[5] = 0x00; - syslog(LOG_INFO, _("%s is a %s"), device, device_info); -cp - return 0; + syslog(LOG_INFO, _("%s is a %s"), device, device_info); + cp return 0; } void close_device(void) { -cp - close(device_fd); + cp close(device_fd); } -int read_packet(vpn_packet_t *packet) +int read_packet(vpn_packet_t * packet) { - int lenin; -cp - if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) - { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; - } + int lenin; + cp if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return -1; + } - memcpy(packet->data, mymac.net.mac.address.x, 6); - memcpy(packet->data + 6, mymac.net.mac.address.x, 6); - packet->data[12] = 0x08; - packet->data[13] = 0x00; + memcpy(packet->data, mymac.net.mac.address.x, 6); + memcpy(packet->data + 6, mymac.net.mac.address.x, 6); + packet->data[12] = 0x08; + packet->data[13] = 0x00; - packet->len = lenin + 14; + packet->len = lenin + 14; - device_total_in += packet->len; + device_total_in += packet->len; - if(debug_lvl >= DEBUG_TRAFFIC) - { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - } + if(debug_lvl >= DEBUG_TRAFFIC) { + syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + device_info); + } - return 0; -cp -} + return 0; +cp} -int write_packet(vpn_packet_t *packet) +int write_packet(vpn_packet_t * packet) { -cp - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), - packet->len, device_info); + cp if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); - if(write(device_fd, packet->data + 14, packet->len - 14) < 0) - { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, packet->len, strerror(errno)); - return -1; - } + if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, packet->len, + strerror(errno)); + return -1; + } - device_total_out += packet->len; -cp - return 0; + device_total_out += packet->len; + cp return 0; } void dump_device_stats(void) { -cp - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp -} + cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +cp} diff --git a/src/subnet.c b/src/subnet.c index e6d8b9b0..4ceec9af 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.40 2002/09/09 19:40:11 guus Exp $ + $Id: subnet.c,v 1.1.2.41 2002/09/09 21:25:10 guus Exp $ */ #include "config.h" @@ -48,366 +48,379 @@ avl_tree_t *subnet_tree; /* Subnet comparison */ -int subnet_compare_mac(subnet_t *a, subnet_t *b) +int subnet_compare_mac(subnet_t * a, subnet_t * b) { - int result; - cp(); - result = memcmp(&a->net.mac.address, &b->net.mac.address, sizeof(mac_t)); - - if(result || !a->owner || !b->owner) - return result; + int result; - return strcmp(a->owner->name, b->owner->name); + result = memcmp(&a->net.mac.address, &b->net.mac.address, sizeof(mac_t)); + + if(result || !a->owner || !b->owner) + return result; + + return strcmp(a->owner->name, b->owner->name); } -int subnet_compare_ipv4(subnet_t *a, subnet_t *b) +int subnet_compare_ipv4(subnet_t * a, subnet_t * b) { - int result; - cp(); - result = memcmp(&a->net.ipv4.address, &b->net.ipv4.address, sizeof(ipv4_t)); - - if(result) - return result; + int result; - result = a->net.ipv4.prefixlength - b->net.ipv4.prefixlength; - - if(result || !a->owner || !b->owner) - return result; + result = memcmp(&a->net.ipv4.address, &b->net.ipv4.address, sizeof(ipv4_t)); - return strcmp(a->owner->name, b->owner->name); + if(result) + return result; + + result = a->net.ipv4.prefixlength - b->net.ipv4.prefixlength; + + if(result || !a->owner || !b->owner) + return result; + + return strcmp(a->owner->name, b->owner->name); } -int subnet_compare_ipv6(subnet_t *a, subnet_t *b) +int subnet_compare_ipv6(subnet_t * a, subnet_t * b) { - int result; - cp(); - result = memcmp(&a->net.ipv6.address, &b->net.ipv6.address, sizeof(ipv6_t)); - - if(result) - return result; + int result; - result = a->net.ipv6.prefixlength - b->net.ipv6.prefixlength; - - if(result || !a->owner || !b->owner) - return result; + result = memcmp(&a->net.ipv6.address, &b->net.ipv6.address, sizeof(ipv6_t)); - return strcmp(a->owner->name, b->owner->name); + if(result) + return result; + + result = a->net.ipv6.prefixlength - b->net.ipv6.prefixlength; + + if(result || !a->owner || !b->owner) + return result; + + return strcmp(a->owner->name, b->owner->name); } -int subnet_compare(subnet_t *a, subnet_t *b) +int subnet_compare(subnet_t * a, subnet_t * b) { - int result; - cp(); - result = a->type - b->type; - - if(result) - return result; - - switch(a->type) - { - case SUBNET_MAC: - return subnet_compare_mac(a, b); - case SUBNET_IPV4: - return subnet_compare_ipv4(a, b); - case SUBNET_IPV6: - return subnet_compare_ipv6(a, b); - default: - syslog(LOG_ERR, _("subnet_compare() was called with unknown subnet type %d, exitting!"), a->type); - cp_trace(); - exit(0); - } + int result; - return 0; + result = a->type - b->type; + + if(result) + return result; + + switch (a->type) { + case SUBNET_MAC: + return subnet_compare_mac(a, b); + case SUBNET_IPV4: + return subnet_compare_ipv4(a, b); + case SUBNET_IPV6: + return subnet_compare_ipv6(a, b); + default: + syslog(LOG_ERR, + _ + ("subnet_compare() was called with unknown subnet type %d, exitting!"), + a->type); + cp_trace(); + exit(0); + } + + return 0; } /* Initialising trees */ void init_subnets(void) { - cp(); - subnet_tree = avl_alloc_tree((avl_compare_t)subnet_compare, (avl_action_t)free_subnet); - cp(); + cp(); + + subnet_tree = avl_alloc_tree((avl_compare_t) subnet_compare, (avl_action_t) free_subnet); } void exit_subnets(void) { - cp(); - avl_delete_tree(subnet_tree); - cp(); + cp(); + + avl_delete_tree(subnet_tree); } avl_tree_t *new_subnet_tree(void) { - cp(); - return avl_alloc_tree((avl_compare_t)subnet_compare, NULL); - cp(); + cp(); + + return avl_alloc_tree((avl_compare_t) subnet_compare, NULL); } -void free_subnet_tree(avl_tree_t *subnet_tree) +void free_subnet_tree(avl_tree_t * subnet_tree) { - cp(); - avl_delete_tree(subnet_tree); - cp(); + cp(); + + avl_delete_tree(subnet_tree); } /* Allocating and freeing space for subnets */ subnet_t *new_subnet(void) { - cp(); - return (subnet_t *)xmalloc_and_zero(sizeof(subnet_t)); + cp(); + + return (subnet_t *) xmalloc_and_zero(sizeof(subnet_t)); } -void free_subnet(subnet_t *subnet) +void free_subnet(subnet_t * subnet) { - cp(); - free(subnet); + cp(); + + free(subnet); } /* Adding and removing subnets */ -void subnet_add(node_t *n, subnet_t *subnet) +void subnet_add(node_t * n, subnet_t * subnet) { - cp(); - subnet->owner = n; + cp(); - avl_insert(subnet_tree, subnet); - cp(); - avl_insert(n->subnet_tree, subnet); - cp(); + subnet->owner = n; + + avl_insert(subnet_tree, subnet); + avl_insert(n->subnet_tree, subnet); } -void subnet_del(node_t *n, subnet_t *subnet) +void subnet_del(node_t * n, subnet_t * subnet) { - cp(); - avl_delete(n->subnet_tree, subnet); - cp(); - avl_delete(subnet_tree, subnet); - cp(); + cp(); + + avl_delete(n->subnet_tree, subnet); + avl_delete(subnet_tree, subnet); } /* Ascii representation of subnets */ subnet_t *str2net(char *subnetstr) { - int i, l; - subnet_t *subnet; - uint16_t x[8]; - cp(); - subnet = new_subnet(); - cp(); - if(sscanf(subnetstr, "%hu.%hu.%hu.%hu/%d", - &x[0], &x[1], &x[2], &x[3], - &l) == 5) - { - subnet->type = SUBNET_IPV4; - subnet->net.ipv4.prefixlength = l; - for(i = 0; i < 4; i++) - subnet->net.ipv4.address.x[i] = x[i]; - return subnet; - } - - if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", - &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7], - &l) == 9) - { - subnet->type = SUBNET_IPV6; - subnet->net.ipv6.prefixlength = l; - for(i = 0; i < 8; i++) - subnet->net.ipv6.address.x[i] = htons(x[i]); - return subnet; - } + int i, l; + subnet_t *subnet; + uint16_t x[8]; - if(sscanf(subnetstr, "%hu.%hu.%hu.%hu", - &x[0], &x[1], &x[2], &x[3]) == 4) - { - subnet->type = SUBNET_IPV4; - subnet->net.ipv4.prefixlength = 32; - for(i = 0; i < 4; i++) - subnet->net.ipv4.address.x[i] = x[i]; - return subnet; - } - - if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", - &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7]) == 8) - { - subnet->type = SUBNET_IPV6; - subnet->net.ipv6.prefixlength = 128; - for(i = 0; i < 8; i++) - subnet->net.ipv6.address.x[i] = htons(x[i]); - return subnet; - } + cp(); - if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx", - &x[0], &x[1], &x[2], &x[3], &x[4], &x[5]) == 6) - { - subnet->type = SUBNET_MAC; - for(i = 0; i < 6; i++) - subnet->net.mac.address.x[i] = x[i]; - return subnet; - } + subnet = new_subnet(); - free(subnet); - return NULL; + if(sscanf(subnetstr, "%hu.%hu.%hu.%hu/%d", + &x[0], &x[1], &x[2], &x[3], &l) == 5) { + subnet->type = SUBNET_IPV4; + subnet->net.ipv4.prefixlength = l; + + for(i = 0; i < 4; i++) + subnet->net.ipv4.address.x[i] = x[i]; + + return subnet; + } + + if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", + &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7], + &l) == 9) { + subnet->type = SUBNET_IPV6; + subnet->net.ipv6.prefixlength = l; + + for(i = 0; i < 8; i++) + subnet->net.ipv6.address.x[i] = htons(x[i]); + + return subnet; + } + + if(sscanf(subnetstr, "%hu.%hu.%hu.%hu", &x[0], &x[1], &x[2], &x[3]) == 4) { + subnet->type = SUBNET_IPV4; + subnet->net.ipv4.prefixlength = 32; + + for(i = 0; i < 4; i++) + subnet->net.ipv4.address.x[i] = x[i]; + + return subnet; + } + + if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", + &x[0], &x[1], &x[2], &x[3], &x[4], &x[5], &x[6], &x[7]) == 8) { + subnet->type = SUBNET_IPV6; + subnet->net.ipv6.prefixlength = 128; + + for(i = 0; i < 8; i++) + subnet->net.ipv6.address.x[i] = htons(x[i]); + + return subnet; + } + + if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx", + &x[0], &x[1], &x[2], &x[3], &x[4], &x[5]) == 6) { + subnet->type = SUBNET_MAC; + + for(i = 0; i < 6; i++) + subnet->net.mac.address.x[i] = x[i]; + + return subnet; + } + + free(subnet); + + return NULL; } -char *net2str(subnet_t *subnet) +char *net2str(subnet_t * subnet) { - char *netstr; - cp(); - switch(subnet->type) - { - case SUBNET_MAC: - asprintf(&netstr, "%hx:%hx:%hx:%hx:%hx:%hx", - subnet->net.mac.address.x[0], - subnet->net.mac.address.x[1], - subnet->net.mac.address.x[2], - subnet->net.mac.address.x[3], - subnet->net.mac.address.x[4], - subnet->net.mac.address.x[5]); - break; - case SUBNET_IPV4: - asprintf(&netstr, "%hu.%hu.%hu.%hu/%d", - subnet->net.ipv4.address.x[0], - subnet->net.ipv4.address.x[1], - subnet->net.ipv4.address.x[2], - subnet->net.ipv4.address.x[3], - subnet->net.ipv4.prefixlength); - break; - case SUBNET_IPV6: - asprintf(&netstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", - ntohs(subnet->net.ipv6.address.x[0]), - ntohs(subnet->net.ipv6.address.x[1]), - ntohs(subnet->net.ipv6.address.x[2]), - ntohs(subnet->net.ipv6.address.x[3]), - ntohs(subnet->net.ipv6.address.x[4]), - ntohs(subnet->net.ipv6.address.x[5]), - ntohs(subnet->net.ipv6.address.x[6]), - ntohs(subnet->net.ipv6.address.x[7]), - subnet->net.ipv6.prefixlength); - break; - default: - syslog(LOG_ERR, _("net2str() was called with unknown subnet type %d, exiting!"), subnet->type); - cp_trace(); - exit(0); - } - cp(); - return netstr; + char *netstr; + + cp(); + + switch (subnet->type) { + case SUBNET_MAC: + asprintf(&netstr, "%hx:%hx:%hx:%hx:%hx:%hx", + subnet->net.mac.address.x[0], + subnet->net.mac.address.x[1], + subnet->net.mac.address.x[2], + subnet->net.mac.address.x[3], + subnet->net.mac.address.x[4], subnet->net.mac.address.x[5]); + break; + + case SUBNET_IPV4: + asprintf(&netstr, "%hu.%hu.%hu.%hu/%d", + subnet->net.ipv4.address.x[0], + subnet->net.ipv4.address.x[1], + subnet->net.ipv4.address.x[2], + subnet->net.ipv4.address.x[3], subnet->net.ipv4.prefixlength); + break; + + case SUBNET_IPV6: + asprintf(&netstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", + ntohs(subnet->net.ipv6.address.x[0]), + ntohs(subnet->net.ipv6.address.x[1]), + ntohs(subnet->net.ipv6.address.x[2]), + ntohs(subnet->net.ipv6.address.x[3]), + ntohs(subnet->net.ipv6.address.x[4]), + ntohs(subnet->net.ipv6.address.x[5]), + ntohs(subnet->net.ipv6.address.x[6]), + ntohs(subnet->net.ipv6.address.x[7]), + subnet->net.ipv6.prefixlength); + break; + + default: + syslog(LOG_ERR, + _("net2str() was called with unknown subnet type %d, exiting!"), + subnet->type); + cp_trace(); + exit(0); + } + + return netstr; } /* Subnet lookup routines */ -subnet_t *lookup_subnet(node_t *owner, subnet_t *subnet) +subnet_t *lookup_subnet(node_t * owner, subnet_t * subnet) { - cp(); - return avl_search(owner->subnet_tree, subnet); + cp(); + + return avl_search(owner->subnet_tree, subnet); } -subnet_t *lookup_subnet_mac(mac_t *address) +subnet_t *lookup_subnet_mac(mac_t * address) { - subnet_t subnet, *p; - cp(); - subnet.type = SUBNET_MAC; - memcpy(&subnet.net.mac.address, address, sizeof(mac_t)); - subnet.owner = NULL; + subnet_t subnet, *p; - p = (subnet_t *)avl_search(subnet_tree, &subnet); - cp(); - return p; + cp(); + + subnet.type = SUBNET_MAC; + memcpy(&subnet.net.mac.address, address, sizeof(mac_t)); + subnet.owner = NULL; + + p = (subnet_t *) avl_search(subnet_tree, &subnet); + + return p; } -subnet_t *lookup_subnet_ipv4(ipv4_t *address) +subnet_t *lookup_subnet_ipv4(ipv4_t * address) { - subnet_t subnet, *p; - cp(); - subnet.type = SUBNET_IPV4; - memcpy(&subnet.net.ipv4.address, address, sizeof(ipv4_t)); - subnet.net.ipv4.prefixlength = 32; - subnet.owner = NULL; + subnet_t subnet, *p; - do - { - /* Go find subnet */ - - p = (subnet_t *)avl_search_closest_smaller(subnet_tree, &subnet); + cp(); - /* Check if the found subnet REALLY matches */ - cp(); - if(p) - { - if(p->type != SUBNET_IPV4) - { - p = NULL; - break; - } + subnet.type = SUBNET_IPV4; + memcpy(&subnet.net.ipv4.address, address, sizeof(ipv4_t)); + subnet.net.ipv4.prefixlength = 32; + subnet.owner = NULL; - if (!maskcmp(address, &p->net.ipv4.address, p->net.ipv4.prefixlength, sizeof(ipv4_t))) - break; - else - { - /* Otherwise, see if there is a bigger enclosing subnet */ + do { + /* Go find subnet */ - subnet.net.ipv4.prefixlength = p->net.ipv4.prefixlength - 1; - maskcpy(&subnet.net.ipv4.address, &p->net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t)); - } - } - } while (p); - cp(); - return p; + p = (subnet_t *) avl_search_closest_smaller(subnet_tree, &subnet); + + /* Check if the found subnet REALLY matches */ + + if(p) { + if(p->type != SUBNET_IPV4) { + p = NULL; + break; + } + + if(!maskcmp(address, &p->net.ipv4.address, p->net.ipv4.prefixlength, sizeof(ipv4_t))) + break; + else { + /* Otherwise, see if there is a bigger enclosing subnet */ + + subnet.net.ipv4.prefixlength = p->net.ipv4.prefixlength - 1; + maskcpy(&subnet.net.ipv4.address, &p->net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t)); + } + } + } while(p); + + return p; } -subnet_t *lookup_subnet_ipv6(ipv6_t *address) +subnet_t *lookup_subnet_ipv6(ipv6_t * address) { - subnet_t subnet, *p; - cp(); - subnet.type = SUBNET_IPV6; - memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); - subnet.net.ipv6.prefixlength = 128; - subnet.owner = NULL; - - do - { - /* Go find subnet */ - - p = (subnet_t *)avl_search_closest_smaller(subnet_tree, &subnet); + subnet_t subnet, *p; - /* Check if the found subnet REALLY matches */ + cp(); - cp(); - if(p) - { - if(p->type != SUBNET_IPV6) - return NULL; + subnet.type = SUBNET_IPV6; + memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); + subnet.net.ipv6.prefixlength = 128; + subnet.owner = NULL; - if (!maskcmp(address, &p->net.ipv6.address, p->net.ipv6.prefixlength, sizeof(ipv6_t))) - break; - else - { - /* Otherwise, see if there is a bigger enclosing subnet */ + do { + /* Go find subnet */ - subnet.net.ipv6.prefixlength = p->net.ipv6.prefixlength - 1; - maskcpy(&subnet.net.ipv6.address, &p->net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)); - } - } - } while (p); - cp(); - return p; + p = (subnet_t *) avl_search_closest_smaller(subnet_tree, &subnet); + + /* Check if the found subnet REALLY matches */ + + if(p) { + if(p->type != SUBNET_IPV6) + return NULL; + + if(!maskcmp(address, &p->net.ipv6.address, p->net.ipv6.prefixlength, sizeof(ipv6_t))) + break; + else { + /* Otherwise, see if there is a bigger enclosing subnet */ + + subnet.net.ipv6.prefixlength = p->net.ipv6.prefixlength - 1; + maskcpy(&subnet.net.ipv6.address, &p->net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)); + } + } + } while(p); + + return p; } void dump_subnets(void) { - char *netstr; - subnet_t *subnet; - avl_node_t *node; - cp(); - syslog(LOG_DEBUG, _("Subnet list:")); - for(node = subnet_tree->head; node; node = node->next) - { - subnet = (subnet_t *)node->data; - netstr = net2str(subnet); - syslog(LOG_DEBUG, _(" %s owner %s"), netstr, subnet->owner->name); - free(netstr); - } - syslog(LOG_DEBUG, _("End of subnet list.")); - cp(); + char *netstr; + subnet_t *subnet; + avl_node_t *node; + + cp(); + + syslog(LOG_DEBUG, _("Subnet list:")); + + for(node = subnet_tree->head; node; node = node->next) { + subnet = (subnet_t *) node->data; + netstr = net2str(subnet); + syslog(LOG_DEBUG, _(" %s owner %s"), netstr, subnet->owner->name); + free(netstr); + } + + syslog(LOG_DEBUG, _("End of subnet list.")); } diff --git a/src/subnet.h b/src/subnet.h index 0ea21860..30d13ca4 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.19 2002/06/21 10:11:34 guus Exp $ + $Id: subnet.h,v 1.1.2.20 2002/09/09 21:25:16 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -25,48 +25,43 @@ #include "net.h" -enum -{ - SUBNET_MAC = 0, - SUBNET_IPV4, - SUBNET_IPV6, - SUBNET_TYPES /* Guardian */ +enum { + SUBNET_MAC = 0, + SUBNET_IPV4, + SUBNET_IPV6, + SUBNET_TYPES /* Guardian */ }; -typedef struct subnet_mac_t -{ - mac_t address; - time_t lastseen; +typedef struct subnet_mac_t { + mac_t address; + time_t lastseen; } subnet_mac_t; -typedef struct subnet_ipv4_t -{ - ipv4_t address; - int prefixlength; +typedef struct subnet_ipv4_t { + ipv4_t address; + int prefixlength; } subnet_ipv4_t; -typedef struct subnet_ipv6_t -{ - ipv6_t address; - int prefixlength; +typedef struct subnet_ipv6_t { + ipv6_t address; + int prefixlength; } subnet_ipv6_t; #include "node.h" typedef struct subnet_t { - struct node_t *owner; /* the owner of this subnet */ - struct node_t *uplink; /* the uplink which we should send packets to for this subnet */ + struct node_t *owner; /* the owner of this subnet */ + struct node_t *uplink; /* the uplink which we should send packets to for this subnet */ - int type; /* subnet type (IPv4? IPv6? MAC? something even weirder?) */ + int type; /* subnet type (IPv4? IPv6? MAC? something even weirder?) */ - /* And now for the actual subnet: */ + /* And now for the actual subnet: */ - union net - { - subnet_mac_t mac; - subnet_ipv4_t ipv4; - subnet_ipv6_t ipv6; - } net; + union net { + subnet_mac_t mac; + subnet_ipv4_t ipv4; + subnet_ipv6_t ipv6; + } net; } subnet_t; extern subnet_t *new_subnet(void); @@ -85,4 +80,4 @@ extern subnet_t *lookup_subnet_ipv4(ipv4_t *); extern subnet_t *lookup_subnet_ipv6(ipv6_t *); extern void dump_subnets(void); -#endif /* __TINC_SUBNET_H__ */ +#endif /* __TINC_SUBNET_H__ */ diff --git a/src/tincd.c b/src/tincd.c index 6746c330..6bd92ecb 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.62 2002/09/09 19:40:12 guus Exp $ + $Id: tincd.c,v 1.10.4.63 2002/09/09 21:25:16 guus Exp $ */ #include "config.h" @@ -77,167 +77,178 @@ int bypass_security = 0; /* If nonzero, disable swapping for this process. */ int do_mlock = 0; -char *identname; /* program name for syslog */ -char *pidfilename; /* pid file location */ -char **g_argv; /* a copy of the cmdline arguments */ -char **environment; /* A pointer to the environment on - startup */ +char *identname; /* program name for syslog */ +char *pidfilename; /* pid file location */ +char **g_argv; /* a copy of the cmdline arguments */ +char **environment; /* A pointer to the environment on + startup */ -static struct option const long_options[] = -{ - { "config", required_argument, NULL, 'c' }, - { "kill", optional_argument, NULL, 'k' }, - { "net", required_argument, NULL, 'n' }, - { "help", no_argument, &show_help, 1 }, - { "version", no_argument, &show_version, 1 }, - { "no-detach", no_argument, &do_detach, 0 }, - { "generate-keys", optional_argument, NULL, 'K'}, - { "debug", optional_argument, NULL, 'd'}, - { "bypass-security", no_argument, &bypass_security, 1 }, - { "mlock", no_argument, &do_mlock, 1}, - { NULL, 0, NULL, 0 } +static struct option const long_options[] = { + {"config", required_argument, NULL, 'c'}, + {"kill", optional_argument, NULL, 'k'}, + {"net", required_argument, NULL, 'n'}, + {"help", no_argument, &show_help, 1}, + {"version", no_argument, &show_version, 1}, + {"no-detach", no_argument, &do_detach, 0}, + {"generate-keys", optional_argument, NULL, 'K'}, + {"debug", optional_argument, NULL, 'd'}, + {"bypass-security", no_argument, &bypass_security, 1}, + {"mlock", no_argument, &do_mlock, 1}, + {NULL, 0, NULL, 0} }; -static void -usage(int status) +static void usage(int status) { - if(status != 0) - fprintf(stderr, _("Try `%s --help\' for more information.\n"), program_name); - else - { - printf(_("Usage: %s [option]...\n\n"), program_name); - printf(_(" -c, --config=DIR Read configuration options from DIR.\n" - " -D, --no-detach Don't fork and detach.\n" - " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" - " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" - " -n, --net=NETNAME Connect to net NETNAME.\n" - " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" - " -L, --mlock Lock tinc into main memory.\n" - " --help Display this help and exit.\n" - " --version Output version information and exit.\n\n")); - printf(_("Report bugs to tinc@nl.linux.org.\n")); - } - exit(status); + if(status != 0) + fprintf(stderr, _("Try `%s --help\' for more information.\n"), + program_name); + else { + printf(_("Usage: %s [option]...\n\n"), program_name); + printf(_ + (" -c, --config=DIR Read configuration options from DIR.\n" + " -D, --no-detach Don't fork and detach.\n" + " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" + " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" + " -n, --net=NETNAME Connect to net NETNAME.\n" + " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" + " -L, --mlock Lock tinc into main memory.\n" + " --help Display this help and exit.\n" + " --version Output version information and exit.\n\n")); + printf(_("Report bugs to tinc@nl.linux.org.\n")); + } + + exit(status); } -void -parse_options(int argc, char **argv, char **envp) +void parse_options(int argc, char **argv, char **envp) { - int r; - int option_index = 0; + int r; + int option_index = 0; - while((r = getopt_long(argc, argv, "c:DLd::k::n:K::", long_options, &option_index)) != EOF) - { - switch(r) - { - case 0: /* long option */ - break; - case 'c': /* config file */ - confbase = xmalloc(strlen(optarg)+1); - strcpy(confbase, optarg); - break; - case 'D': /* no detach */ - do_detach = 0; - break; - case 'L': /* no detach */ - do_mlock = 1; - break; - case 'd': /* inc debug level */ - if(optarg) - debug_lvl = atoi(optarg); - else - debug_lvl++; - break; - case 'k': /* kill old tincds */ - if(optarg) - { - if(!strcasecmp(optarg, "HUP")) - kill_tincd = SIGHUP; - else if(!strcasecmp(optarg, "TERM")) - kill_tincd = SIGTERM; - else if(!strcasecmp(optarg, "KILL")) - kill_tincd = SIGKILL; - else if(!strcasecmp(optarg, "USR1")) - kill_tincd = SIGUSR1; - else if(!strcasecmp(optarg, "USR2")) - kill_tincd = SIGUSR2; - else if(!strcasecmp(optarg, "WINCH")) - kill_tincd = SIGWINCH; - else if(!strcasecmp(optarg, "INT")) - kill_tincd = SIGINT; - else if(!strcasecmp(optarg, "ALRM")) - kill_tincd = SIGALRM; - else - { - kill_tincd = atoi(optarg); - if(!kill_tincd) - { - fprintf(stderr, _("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), optarg); - usage(1); - } - } - } - else - kill_tincd = SIGTERM; - break; - case 'n': /* net name given */ - netname = xmalloc(strlen(optarg)+1); - strcpy(netname, optarg); - break; - case 'K': /* generate public/private keypair */ - if(optarg) - { - generate_keys = atoi(optarg); - if(generate_keys < 512) - { - fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"), - optarg); - usage(1); - } - generate_keys &= ~7; /* Round it to bytes */ - } - else - generate_keys = 1024; - break; - case '?': - usage(1); - default: - break; - } - } + while((r = getopt_long(argc, argv, "c:DLd::k::n:K::", long_options, &option_index)) != EOF) { + switch (r) { + case 0: /* long option */ + break; + + case 'c': /* config file */ + confbase = xmalloc(strlen(optarg) + 1); + strcpy(confbase, optarg); + break; + + case 'D': /* no detach */ + do_detach = 0; + break; + + case 'L': /* no detach */ + do_mlock = 1; + break; + + case 'd': /* inc debug level */ + if(optarg) + debug_lvl = atoi(optarg); + else + debug_lvl++; + break; + + case 'k': /* kill old tincds */ + if(optarg) { + if(!strcasecmp(optarg, "HUP")) + kill_tincd = SIGHUP; + else if(!strcasecmp(optarg, "TERM")) + kill_tincd = SIGTERM; + else if(!strcasecmp(optarg, "KILL")) + kill_tincd = SIGKILL; + else if(!strcasecmp(optarg, "USR1")) + kill_tincd = SIGUSR1; + else if(!strcasecmp(optarg, "USR2")) + kill_tincd = SIGUSR2; + else if(!strcasecmp(optarg, "WINCH")) + kill_tincd = SIGWINCH; + else if(!strcasecmp(optarg, "INT")) + kill_tincd = SIGINT; + else if(!strcasecmp(optarg, "ALRM")) + kill_tincd = SIGALRM; + else { + kill_tincd = atoi(optarg); + + if(!kill_tincd) { + fprintf(stderr, + _ + ("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), + optarg); + usage(1); + } + } + } else + kill_tincd = SIGTERM; + break; + + case 'n': /* net name given */ + netname = xmalloc(strlen(optarg) + 1); + strcpy(netname, optarg); + break; + + case 'K': /* generate public/private keypair */ + if(optarg) { + generate_keys = atoi(optarg); + + if(generate_keys < 512) { + fprintf(stderr, + _ + ("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"), + optarg); + usage(1); + } + + generate_keys &= ~7; /* Round it to bytes */ + } else + generate_keys = 1024; + break; + + case '?': + usage(1); + + default: + break; + } + } } /* This function prettyprints the key generation process */ void indicator(int a, int b, void *p) { - switch(a) - { - case 0: - fprintf(stderr, "."); - break; - case 1: - fprintf(stderr, "+"); - break; - case 2: - fprintf(stderr, "-"); - break; - case 3: - switch(b) - { - case 0: - fprintf(stderr, " p\n"); - break; - case 1: - fprintf(stderr, " q\n"); - break; - default: - fprintf(stderr, "?"); - } - break; - default: - fprintf(stderr, "?"); - } + switch (a) { + case 0: + fprintf(stderr, "."); + break; + + case 1: + fprintf(stderr, "+"); + break; + + case 2: + fprintf(stderr, "-"); + break; + + case 3: + switch (b) { + case 0: + fprintf(stderr, " p\n"); + break; + + case 1: + fprintf(stderr, " q\n"); + break; + + default: + fprintf(stderr, "?"); + } + break; + + default: + fprintf(stderr, "?"); + } } /* @@ -246,55 +257,53 @@ void indicator(int a, int b, void *p) */ int keygen(int bits) { - RSA *rsa_key; - FILE *f; - char *name = NULL; - char *filename; + RSA *rsa_key; + FILE *f; + char *name = NULL; + char *filename; - fprintf(stderr, _("Generating %d bits keys:\n"), bits); - rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL); + fprintf(stderr, _("Generating %d bits keys:\n"), bits); + rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL); - if(!rsa_key) - { - fprintf(stderr, _("Error during key generation!\n")); - return -1; - } - else - fprintf(stderr, _("Done.\n")); + if(!rsa_key) { + fprintf(stderr, _("Error during key generation!\n")); + return -1; + } else + fprintf(stderr, _("Done.\n")); - get_config_string(lookup_config(config_tree, "Name"), &name); + get_config_string(lookup_config(config_tree, "Name"), &name); - if(name) - asprintf(&filename, "%s/hosts/%s", confbase, name); - else - asprintf(&filename, "%s/rsa_key.pub", confbase); + if(name) + asprintf(&filename, "%s/hosts/%s", confbase, name); + else + asprintf(&filename, "%s/rsa_key.pub", confbase); - f = ask_and_safe_open(filename, _("public RSA key"), "a"); - - if(!f) - return -1; + f = ask_and_safe_open(filename, _("public RSA key"), "a"); - if(ftell(f)) - fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); + if(!f) + return -1; - PEM_write_RSAPublicKey(f, rsa_key); - fclose(f); - free(filename); + if(ftell(f)) + fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); - asprintf(&filename, "%s/rsa_key.priv", confbase); - f = ask_and_safe_open(filename, _("private RSA key"), "a"); - - if(!f) - return -1; + PEM_write_RSAPublicKey(f, rsa_key); + fclose(f); + free(filename); - if(ftell(f)) - fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); + asprintf(&filename, "%s/rsa_key.priv", confbase); + f = ask_and_safe_open(filename, _("private RSA key"), "a"); - PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); - fclose(f); - free(filename); + if(!f) + return -1; - return 0; + if(ftell(f)) + fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); + + PEM_write_RSAPrivateKey(f, rsa_key, NULL, NULL, 0, NULL, NULL); + fclose(f); + free(filename); + + return 0; } /* @@ -302,126 +311,119 @@ int keygen(int bits) */ void make_names(void) { - if(netname) - { - if(!pidfilename) - asprintf(&pidfilename, LOCALSTATEDIR "/run/tinc.%s.pid", netname); - if(!confbase) - asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); - else - syslog(LOG_INFO, _("Both netname and configuration directory given, using the latter...")); - if(!identname) - asprintf(&identname, "tinc.%s", netname); - } - else - { - if(!pidfilename) - pidfilename = LOCALSTATEDIR "/run/tinc.pid"; - if(!confbase) - asprintf(&confbase, "%s/tinc", CONFDIR); - if(!identname) - identname = "tinc"; - } + if(netname) { + if(!pidfilename) + asprintf(&pidfilename, LOCALSTATEDIR "/run/tinc.%s.pid", netname); + + if(!confbase) + asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); + else + syslog(LOG_INFO, _("Both netname and configuration directory given, using the latter...")); + + if(!identname) + asprintf(&identname, "tinc.%s", netname); + } else { + if(!pidfilename) + pidfilename = LOCALSTATEDIR "/run/tinc.pid"; + + if(!confbase) + asprintf(&confbase, "%s/tinc", CONFDIR); + + if(!identname) + identname = "tinc"; + } } -int -main(int argc, char **argv, char **envp) +int main(int argc, char **argv, char **envp) { - program_name = argv[0]; + program_name = argv[0]; - setlocale (LC_ALL, ""); - bindtextdomain (PACKAGE, LOCALEDIR); - textdomain (PACKAGE); + setlocale(LC_ALL, ""); + bindtextdomain(PACKAGE, LOCALEDIR); + textdomain(PACKAGE); - environment = envp; - parse_options(argc, argv, envp); + environment = envp; + parse_options(argc, argv, envp); - if(show_version) - { - printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT); - printf(_("Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" - "See the AUTHORS file for a complete list.\n\n" - "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" - "and you are welcome to redistribute it under certain conditions;\n" - "see the file COPYING for details.\n")); + if(show_version) { + printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, + VERSION, __DATE__, __TIME__, PROT_CURRENT); + printf(_("Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" + "See the AUTHORS file for a complete list.\n\n" + "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" + "and you are welcome to redistribute it under certain conditions;\n" + "see the file COPYING for details.\n")); - return 0; - } + return 0; + } - if(show_help) - usage(0); + if(show_help) + usage(0); #ifndef LOG_PERROR - openlog("tinc", LOG_CONS, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ + openlog("tinc", LOG_CONS, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ #else - openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ + openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ #endif - /* Lock all pages into memory if requested */ - - if(do_mlock) + /* Lock all pages into memory if requested */ + + if(do_mlock) #ifdef HAVE_MLOCKALL - if(mlockall(MCL_CURRENT | MCL_FUTURE)) - { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "mlockall", strerror(errno)); + if(mlockall(MCL_CURRENT | MCL_FUTURE)) { + syslog(LOG_ERR, _("System call `%s' failed: %s"), "mlockall", + strerror(errno)); #else - { - syslog(LOG_ERR, _("mlockall() not supported on this platform!")); + { + syslog(LOG_ERR, _("mlockall() not supported on this platform!")); #endif - return -1; - } - - g_argv = argv; + return -1; + } - make_names(); - init_configuration(&config_tree); + g_argv = argv; - /* Slllluuuuuuurrrrp! */ - cp(); - RAND_load_file("/dev/urandom", 1024); + make_names(); + init_configuration(&config_tree); + + /* Slllluuuuuuurrrrp! */ + + RAND_load_file("/dev/urandom", 1024); #ifdef HAVE_SSLEAY_ADD_ALL_ALGORITHMS - SSLeay_add_all_algorithms(); + SSLeay_add_all_algorithms(); #else - OpenSSL_add_all_algorithms(); + OpenSSL_add_all_algorithms(); #endif - cp(); - if(generate_keys) - { - read_server_config(); - exit(keygen(generate_keys)); - } + if(generate_keys) { + read_server_config(); + exit(keygen(generate_keys)); + } - if(kill_tincd) - exit(kill_other(kill_tincd)); + if(kill_tincd) + exit(kill_other(kill_tincd)); - if(read_server_config()) - exit(1); - cp(); - if(detach()) - exit(0); - cp(); - for(;;) - { - if(!setup_network_connections()) - { - main_loop(); - cleanup_and_exit(1); - } + if(read_server_config()) + exit(1); - syslog(LOG_ERR, _("Unrecoverable error")); - cp_trace(); + if(detach()) + exit(0); - if(do_detach) - { - syslog(LOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout); - sleep(maxtimeout); - } - else - { - syslog(LOG_ERR, _("Not restarting.")); - exit(1); - } - } + for(;;) { + if(!setup_network_connections()) { + main_loop(); + cleanup_and_exit(1); + } + + syslog(LOG_ERR, _("Unrecoverable error")); + cp_trace(); + + if(do_detach) { + syslog(LOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout); + sleep(maxtimeout); + } else { + syslog(LOG_ERR, _("Not restarting.")); + exit(1); + } + } } From 9f38e394636a177c00a4545de2a99c661de36386 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 9 Sep 2002 21:49:16 +0000 Subject: [PATCH 694/923] Switch to K&R style indentation. --- lib/avl_tree.c | 1021 ++++++++++++++++++++++++------------------------ lib/avl_tree.h | 50 +-- lib/dropin.c | 163 ++++---- lib/dropin.h | 8 +- lib/list.c | 197 +++++----- lib/list.h | 28 +- lib/utils.c | 61 ++- lib/utils.h | 30 +- 8 files changed, 771 insertions(+), 787 deletions(-) diff --git a/lib/avl_tree.c b/lib/avl_tree.c index 8ec680be..009c680b 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.9 2002/06/21 10:11:11 guus Exp $ + $Id: avl_tree.c,v 1.1.2.10 2002/09/09 21:49:16 guus Exp $ */ #include @@ -55,669 +55,674 @@ #ifndef AVL_DEPTH int lg(unsigned int u) { - int r = 1; - if (!u) - return 0; - if (u & 0xffff0000) - { - u >>= 16; - r += 16; - } - if (u & 0x0000ff00) - { - u >>= 8; - r += 8; - } - if (u & 0x000000f0) - { - u >>= 4; - r += 4; - } - if (u & 0x0000000c) - { - u >>= 2; - r += 2; - } - if (u & 0x00000002) - r++; - return r; + int r = 1; + + if(!u) + return 0; + + if(u & 0xffff0000) { + u >>= 16; + r += 16; + } + + if(u & 0x0000ff00) { + u >>= 8; + r += 8; + } + + if(u & 0x000000f0) { + u >>= 4; + r += 4; + } + + if(u & 0x0000000c) { + u >>= 2; + r += 2; + } + + if(u & 0x00000002) + r++; + + return r; } #endif /* Internal helper functions */ -int avl_check_balance(avl_node_t *node) +int avl_check_balance(avl_node_t * node) { #ifdef AVL_DEPTH - int d; - d = R_AVL_DEPTH(node) - L_AVL_DEPTH(node); - return d < -1 ? -1 : d > 1 ? 1 : 0; + int d; + + d = R_AVL_DEPTH(node) - L_AVL_DEPTH(node); + + return d < -1 ? -1 : d > 1 ? 1 : 0; #else /* int d; * d = lg(AVL_R_COUNT(node)) - lg(AVL_L_COUNT(node)); * d = d<-1?-1:d>1?1:0; */ - int pl, r; + int pl, r; - pl = lg(AVL_L_COUNT(node)); - r = AVL_R_COUNT(node); + pl = lg(AVL_L_COUNT(node)); + r = AVL_R_COUNT(node); - if (r >> pl + 1) - return 1; - if (pl < 2 || r >> pl - 2) - return 0; - return -1; + if(r >> pl + 1) + return 1; + + if(pl < 2 || r >> pl - 2) + return 0; + + return -1; #endif } -void avl_rebalance(avl_tree_t *tree, avl_node_t *node) +void avl_rebalance(avl_tree_t * tree, avl_node_t * node) { - avl_node_t *child; - avl_node_t *gchild; - avl_node_t *parent; - avl_node_t **superparent; + avl_node_t *child; + avl_node_t *gchild; + avl_node_t *parent; + avl_node_t **superparent; - parent = node; + parent = node; - while (node) - { - parent = node->parent; + while(node) { + parent = node->parent; - superparent = parent ? node == parent->left ? &parent->left : &parent->right : &tree->root; + superparent = + parent ? node == + parent->left ? &parent->left : &parent->right : &tree->root; - switch (avl_check_balance(node)) - { - case -1: - child = node->left; + switch (avl_check_balance(node)) { + case -1: + child = node->left; #ifdef AVL_DEPTH - if(L_AVL_DEPTH(child) >= R_AVL_DEPTH(child)) { + if(L_AVL_DEPTH(child) >= R_AVL_DEPTH(child)) { #else - if (AVL_L_COUNT(child) >= AVL_R_COUNT(child)) - { + if(AVL_L_COUNT(child) >= AVL_R_COUNT(child)) { #endif - node->left = child->right; - if (node->left) - node->left->parent = node; - child->right = node; - node->parent = child; - *superparent = child; - child->parent = parent; + node->left = child->right; + if(node->left) + node->left->parent = node; + + child->right = node; + node->parent = child; + *superparent = child; + child->parent = parent; #ifdef AVL_COUNT - node->count = AVL_CALC_COUNT(node); - child->count = AVL_CALC_COUNT(child); + node->count = AVL_CALC_COUNT(node); + child->count = AVL_CALC_COUNT(child); #endif #ifdef AVL_DEPTH - node->depth = AVL_CALC_DEPTH(node); - child->depth = AVL_CALC_DEPTH(child); + node->depth = AVL_CALC_DEPTH(node); + child->depth = AVL_CALC_DEPTH(child); #endif - } else - { - gchild = child->right; - node->left = gchild->right; - if (node->left) - node->left->parent = node; - child->right = gchild->left; - if (child->right) - child->right->parent = child; - gchild->right = node; - if (gchild->right) - gchild->right->parent = gchild; - gchild->left = child; - if (gchild->left) - gchild->left->parent = gchild; - *superparent = gchild; - gchild->parent = parent; + } else { + gchild = child->right; + node->left = gchild->right; + + if(node->left) + node->left->parent = node; + child->right = gchild->left; + + if(child->right) + child->right->parent = child; + gchild->right = node; + + if(gchild->right) + gchild->right->parent = gchild; + gchild->left = child; + + if(gchild->left) + gchild->left->parent = gchild; + *superparent = gchild; + + gchild->parent = parent; #ifdef AVL_COUNT - node->count = AVL_CALC_COUNT(node); - child->count = AVL_CALC_COUNT(child); - gchild->count = AVL_CALC_COUNT(gchild); + node->count = AVL_CALC_COUNT(node); + child->count = AVL_CALC_COUNT(child); + gchild->count = AVL_CALC_COUNT(gchild); #endif #ifdef AVL_DEPTH - node->depth = AVL_CALC_DEPTH(node); - child->depth = AVL_CALC_DEPTH(child); - gchild->depth = AVL_CALC_DEPTH(gchild); + node->depth = AVL_CALC_DEPTH(node); + child->depth = AVL_CALC_DEPTH(child); + gchild->depth = AVL_CALC_DEPTH(gchild); #endif - } - break; - case 1: - child = node->right; + } + break; + + case 1: + child = node->right; #ifdef AVL_DEPTH - if(R_AVL_DEPTH(child) >= L_AVL_DEPTH(child)) { + if(R_AVL_DEPTH(child) >= L_AVL_DEPTH(child)) { #else - if (AVL_R_COUNT(child) >= AVL_L_COUNT(child)) - { + if(AVL_R_COUNT(child) >= AVL_L_COUNT(child)) { #endif - node->right = child->left; - if (node->right) - node->right->parent = node; - child->left = node; - node->parent = child; - *superparent = child; - child->parent = parent; + node->right = child->left; + if(node->right) + node->right->parent = node; + child->left = node; + node->parent = child; + *superparent = child; + child->parent = parent; #ifdef AVL_COUNT - node->count = AVL_CALC_COUNT(node); - child->count = AVL_CALC_COUNT(child); + node->count = AVL_CALC_COUNT(node); + child->count = AVL_CALC_COUNT(child); #endif #ifdef AVL_DEPTH - node->depth = AVL_CALC_DEPTH(node); - child->depth = AVL_CALC_DEPTH(child); + node->depth = AVL_CALC_DEPTH(node); + child->depth = AVL_CALC_DEPTH(child); #endif - } else - { - gchild = child->left; - node->right = gchild->left; - if (node->right) - node->right->parent = node; - child->left = gchild->right; - if (child->left) - child->left->parent = child; - gchild->left = node; - if (gchild->left) - gchild->left->parent = gchild; - gchild->right = child; - if (gchild->right) - gchild->right->parent = gchild; - *superparent = gchild; - gchild->parent = parent; + } else { + gchild = child->left; + node->right = gchild->left; + + if(node->right) + node->right->parent = node; + child->left = gchild->right; + + if(child->left) + child->left->parent = child; + gchild->left = node; + + if(gchild->left) + gchild->left->parent = gchild; + gchild->right = child; + + if(gchild->right) + gchild->right->parent = gchild; + + *superparent = gchild; + gchild->parent = parent; #ifdef AVL_COUNT - node->count = AVL_CALC_COUNT(node); - child->count = AVL_CALC_COUNT(child); - gchild->count = AVL_CALC_COUNT(gchild); + node->count = AVL_CALC_COUNT(node); + child->count = AVL_CALC_COUNT(child); + gchild->count = AVL_CALC_COUNT(gchild); #endif #ifdef AVL_DEPTH - node->depth = AVL_CALC_DEPTH(node); - child->depth = AVL_CALC_DEPTH(child); - gchild->depth = AVL_CALC_DEPTH(gchild); + node->depth = AVL_CALC_DEPTH(node); + child->depth = AVL_CALC_DEPTH(child); + gchild->depth = AVL_CALC_DEPTH(gchild); #endif - } - break; - default: + } + break; + + default: #ifdef AVL_COUNT - node->count = AVL_CALC_COUNT(node); + node->count = AVL_CALC_COUNT(node); #endif #ifdef AVL_DEPTH - node->depth = AVL_CALC_DEPTH(node); + node->depth = AVL_CALC_DEPTH(node); #endif - } - node = parent; - } + } + node = parent; + } } /* (De)constructors */ avl_tree_t *avl_alloc_tree(avl_compare_t compare, avl_action_t delete) { - avl_tree_t *tree; - - tree = xmalloc_and_zero(sizeof(avl_tree_t)); - tree->compare = compare; - tree->delete = delete; + avl_tree_t *tree; - return tree; + tree = xmalloc_and_zero(sizeof(avl_tree_t)); + tree->compare = compare; + tree->delete = delete; + + return tree; } -void avl_free_tree(avl_tree_t *tree) +void avl_free_tree(avl_tree_t * tree) { - free(tree); + free(tree); } avl_node_t *avl_alloc_node(void) { - avl_node_t *node; - - node = xmalloc_and_zero(sizeof(avl_node_t)); - - return node; + return (avl_node_t *)xmalloc_and_zero(sizeof(avl_node_t)); } -void avl_free_node(avl_tree_t *tree, avl_node_t *node) +void avl_free_node(avl_tree_t * tree, avl_node_t * node) { - if(node->data && tree->delete) - tree->delete(node->data); - free(node); + if(node->data && tree->delete) + tree->delete(node->data); + + free(node); } /* Searching */ -void *avl_search(const avl_tree_t *tree, const void *data) +void *avl_search(const avl_tree_t * tree, const void *data) { - avl_node_t *node; - - node = avl_search_node(tree, data); + avl_node_t *node; - return node?node->data:NULL; + node = avl_search_node(tree, data); + + return node ? node->data : NULL; } -void *avl_search_closest(const avl_tree_t *tree, const void *data, int *result) +void *avl_search_closest(const avl_tree_t * tree, const void *data, int *result) { - avl_node_t *node; - - node = avl_search_closest_node(tree, data, result); + avl_node_t *node; - return node?node->data:NULL; + node = avl_search_closest_node(tree, data, result); + + return node ? node->data : NULL; } -void *avl_search_closest_smaller(const avl_tree_t *tree, const void *data) +void *avl_search_closest_smaller(const avl_tree_t * tree, const void *data) { - avl_node_t *node; - - node = avl_search_closest_smaller_node(tree, data); + avl_node_t *node; - return node?node->data:NULL; + node = avl_search_closest_smaller_node(tree, data); + + return node ? node->data : NULL; } -void *avl_search_closest_greater(const avl_tree_t *tree, const void *data) +void *avl_search_closest_greater(const avl_tree_t * tree, const void *data) { - avl_node_t *node; - - node = avl_search_closest_greater_node(tree, data); + avl_node_t *node; - return node?node->data:NULL; + node = avl_search_closest_greater_node(tree, data); + + return node ? node->data : NULL; } -avl_node_t *avl_search_node(const avl_tree_t *tree, const void *data) +avl_node_t *avl_search_node(const avl_tree_t * tree, const void *data) { - avl_node_t *node; - int result; - - node = avl_search_closest_node(tree, data, &result); - - return result?NULL:node; + avl_node_t *node; + int result; + + node = avl_search_closest_node(tree, data, &result); + + return result ? NULL : node; } -avl_node_t *avl_search_closest_node(const avl_tree_t *tree, const void *data, int *result) +avl_node_t *avl_search_closest_node(const avl_tree_t * tree, const void *data, + int *result) { - avl_node_t *node; - int c; + avl_node_t *node; + int c; - node = tree->root; + node = tree->root; - if (!node) - { - if(result) - *result = 0; - return NULL; - } + if(!node) { + if(result) + *result = 0; + return NULL; + } - for (;;) - { - c = tree->compare(data, node->data); + for(;;) { + c = tree->compare(data, node->data); - if (c < 0) - { - if (node->left) - node = node->left; - else - { - if(result) - *result = -1; - break; - } - } - else if (c > 0) - { - if (node->right) - node = node->right; - else - { - if(result) - *result = 1; - break; - } - } - else - { - if(result) - *result = 0; - break; - } - } + if(c < 0) { + if(node->left) + node = node->left; + else { + if(result) + *result = -1; + break; + } + } else if(c > 0) { + if(node->right) + node = node->right; + else { + if(result) + *result = 1; + break; + } + } else { + if(result) + *result = 0; + break; + } + } - return node; + return node; } -avl_node_t *avl_search_closest_smaller_node(const avl_tree_t *tree, const void *data) +avl_node_t *avl_search_closest_smaller_node(const avl_tree_t * tree, + const void *data) { - avl_node_t *node; - int result; - - node = avl_search_closest_node(tree, data, &result); - - if(result < 0) - node = node->prev; - - return node; + avl_node_t *node; + int result; + + node = avl_search_closest_node(tree, data, &result); + + if(result < 0) + node = node->prev; + + return node; } -avl_node_t *avl_search_closest_greater_node(const avl_tree_t *tree, const void *data) +avl_node_t *avl_search_closest_greater_node(const avl_tree_t * tree, + const void *data) { - avl_node_t *node; - int result; - - node = avl_search_closest_node(tree, data, &result); - - if(result > 0) - node = node->next; - - return node; + avl_node_t *node; + int result; + + node = avl_search_closest_node(tree, data, &result); + + if(result > 0) + node = node->next; + + return node; } /* Insertion and deletion */ -avl_node_t *avl_insert(avl_tree_t *tree, void *data) +avl_node_t *avl_insert(avl_tree_t * tree, void *data) { - avl_node_t *closest, *new; - int result; + avl_node_t *closest, *new; + int result; - if (!tree->root) - { - new = avl_alloc_node(); - new->data = data; - avl_insert_top(tree, new); - } - else - { - closest = avl_search_closest_node(tree, data, &result); - switch(result) - { - case -1: - new = avl_alloc_node(); - new->data = data; - avl_insert_before(tree, closest, new); - break; - case 1: - new = avl_alloc_node(); - new->data = data; - avl_insert_after(tree, closest, new); - break; - default: - return NULL; - } - } - -#ifdef AVL_COUNT - new->count = 1; -#endif -#ifdef AVL_DEPTH - new->depth = 1; -#endif + if(!tree->root) { + new = avl_alloc_node(); + new->data = data; + avl_insert_top(tree, new); + } else { + closest = avl_search_closest_node(tree, data, &result); - return new; -} + switch (result) { + case -1: + new = avl_alloc_node(); + new->data = data; + avl_insert_before(tree, closest, new); + break; -avl_node_t *avl_insert_node(avl_tree_t *tree, avl_node_t *node) -{ - avl_node_t *closest; - int result; + case 1: + new = avl_alloc_node(); + new->data = data; + avl_insert_after(tree, closest, new); + break; - if (!tree->root) - avl_insert_top(tree, node); - else - { - closest = avl_search_closest_node(tree, node->data, &result); - switch(result) - { - case -1: - avl_insert_before(tree, closest, node); - break; - case 1: - avl_insert_after(tree, closest, node); - break; - case 0: - return NULL; - } - } - -#ifdef AVL_COUNT - node->count = 1; -#endif -#ifdef AVL_DEPTH - node->depth = 1; -#endif - - return node; -} - -void avl_insert_top(avl_tree_t *tree, avl_node_t *node) -{ - node->prev = node->next = node->parent = NULL; - tree->head = tree->tail = tree->root = node; -} - -void avl_insert_before(avl_tree_t *tree, avl_node_t *before, avl_node_t *node) -{ - if (!before) - return tree->tail ? avl_insert_after(tree, tree->tail, node) : avl_insert_top(tree, node); - - node->next = before; - node->parent = before; - node->prev = before->prev; - - if(before->left) - return avl_insert_after(tree, before->prev, node); - - if (before->prev) - before->prev->next = node; - else - tree->head = node; - - before->prev = node; - before->left = node; - - avl_rebalance(tree, before->parent); -} - -void avl_insert_after(avl_tree_t *tree, avl_node_t *after, avl_node_t *node) -{ - if (!after) - return tree->head ? avl_insert_before(tree, tree->head, node) : avl_insert_top(tree, node); - - if(after->right) - return avl_insert_before(tree, after->next, node); - - node->prev = after; - node->parent = after; - node->next = after->next; - - if (after->next) - after->next->prev = node; - else - tree->tail = node; - - after->next = node; - after->right = node; - - avl_rebalance(tree, after->parent); -} - -avl_node_t *avl_unlink(avl_tree_t *tree, void *data) -{ - avl_node_t *node; - - node = avl_search_node(tree, data); - - if(node) - avl_unlink_node(tree, node); - - return node; -} - -void avl_unlink_node(avl_tree_t *tree, avl_node_t *node) -{ - avl_node_t *parent; - avl_node_t **superparent; - avl_node_t *subst, *left, *right; - avl_node_t *balnode; - - if (node->prev) - node->prev->next = node->next; - else - tree->head = node->next; - if (node->next) - node->next->prev = node->prev; - else - tree->tail = node->prev; - - parent = node->parent; - - superparent = parent ? node == parent->left ? &parent->left : &parent->right : &tree->root; - - left = node->left; - right = node->right; - if (!left) - { - *superparent = right; - if (right) - right->parent = parent; - balnode = parent; - } else if (!right) - { - *superparent = left; - left->parent = parent; - balnode = parent; - } else - { - subst = node->prev; - if (subst == left) - { - balnode = subst; - } else - { - balnode = subst->parent; - balnode->right = subst->left; - if (balnode->right) - balnode->right->parent = balnode; - subst->left = left; - left->parent = subst; - } - subst->right = right; - subst->parent = parent; - right->parent = subst; - *superparent = subst; - } - - avl_rebalance(tree, balnode); - - node->next = node->prev = node->parent = node->left = node->right = NULL; + default: + return NULL; + } + } #ifdef AVL_COUNT - node->count = 0; + new->count = 1; #endif #ifdef AVL_DEPTH - node->depth = 0; + new->depth = 1; +#endif + + return new; +} + +avl_node_t *avl_insert_node(avl_tree_t * tree, avl_node_t * node) +{ + avl_node_t *closest; + int result; + + if(!tree->root) + avl_insert_top(tree, node); + else { + closest = avl_search_closest_node(tree, node->data, &result); + + switch (result) { + case -1: + avl_insert_before(tree, closest, node); + break; + + case 1: + avl_insert_after(tree, closest, node); + break; + + case 0: + return NULL; + } + } + +#ifdef AVL_COUNT + node->count = 1; +#endif +#ifdef AVL_DEPTH + node->depth = 1; +#endif + + return node; +} + +void avl_insert_top(avl_tree_t * tree, avl_node_t * node) +{ + node->prev = node->next = node->parent = NULL; + tree->head = tree->tail = tree->root = node; +} + +void avl_insert_before(avl_tree_t * tree, avl_node_t * before, + avl_node_t * node) +{ + if(!before) + return tree->tail ? avl_insert_after(tree, tree->tail, node) : avl_insert_top(tree, node); + + node->next = before; + node->parent = before; + node->prev = before->prev; + + if(before->left) + return avl_insert_after(tree, before->prev, node); + + if(before->prev) + before->prev->next = node; + else + tree->head = node; + + before->prev = node; + before->left = node; + + avl_rebalance(tree, before->parent); +} + +void avl_insert_after(avl_tree_t * tree, avl_node_t * after, avl_node_t * node) +{ + if(!after) + return tree->head ? avl_insert_before(tree, tree->head, + node) : avl_insert_top(tree, + node); + + if(after->right) + return avl_insert_before(tree, after->next, node); + + node->prev = after; + node->parent = after; + node->next = after->next; + + if(after->next) + after->next->prev = node; + else + tree->tail = node; + + after->next = node; + after->right = node; + + avl_rebalance(tree, after->parent); +} + +avl_node_t *avl_unlink(avl_tree_t * tree, void *data) +{ + avl_node_t *node; + + node = avl_search_node(tree, data); + + if(node) + avl_unlink_node(tree, node); + + return node; +} + +void avl_unlink_node(avl_tree_t * tree, avl_node_t * node) +{ + avl_node_t *parent; + avl_node_t **superparent; + avl_node_t *subst, *left, *right; + avl_node_t *balnode; + + if(node->prev) + node->prev->next = node->next; + else + tree->head = node->next; + if(node->next) + node->next->prev = node->prev; + else + tree->tail = node->prev; + + parent = node->parent; + + superparent = + parent ? node == + parent->left ? &parent->left : &parent->right : &tree->root; + + left = node->left; + right = node->right; + if(!left) { + *superparent = right; + + if(right) + right->parent = parent; + + balnode = parent; + } else if(!right) { + *superparent = left; + left->parent = parent; + balnode = parent; + } else { + subst = node->prev; + + if(subst == left) { + balnode = subst; + } else { + balnode = subst->parent; + balnode->right = subst->left; + + if(balnode->right) + balnode->right->parent = balnode; + + subst->left = left; + left->parent = subst; + } + + subst->right = right; + subst->parent = parent; + right->parent = subst; + *superparent = subst; + } + + avl_rebalance(tree, balnode); + + node->next = node->prev = node->parent = node->left = node->right = NULL; + +#ifdef AVL_COUNT + node->count = 0; +#endif +#ifdef AVL_DEPTH + node->depth = 0; #endif } -void avl_delete_node(avl_tree_t *tree, avl_node_t *node) +void avl_delete_node(avl_tree_t * tree, avl_node_t * node) { - avl_unlink_node(tree, node); - avl_free_node(tree, node); + avl_unlink_node(tree, node); + avl_free_node(tree, node); } -void avl_delete(avl_tree_t *tree, void *data) +void avl_delete(avl_tree_t * tree, void *data) { - avl_node_t *node; + avl_node_t *node; - node = avl_search_node(tree, data); + node = avl_search_node(tree, data); - if (node) - avl_delete_node(tree, node); + if(node) + avl_delete_node(tree, node); } /* Fast tree cleanup */ -void avl_delete_tree(avl_tree_t *tree) +void avl_delete_tree(avl_tree_t * tree) { - avl_node_t *node, *next; - - for(node = tree->root; node; node = next) - { - next = node->next; - avl_free_node(tree, node); - } - - avl_free_tree(tree); + avl_node_t *node, *next; + + for(node = tree->root; node; node = next) { + next = node->next; + avl_free_node(tree, node); + } + + avl_free_tree(tree); } /* Tree walking */ -void avl_foreach(avl_tree_t *tree, avl_action_t action) +void avl_foreach(avl_tree_t * tree, avl_action_t action) { - avl_node_t *node, *next; - - for(node = tree->head; node; node = next) - { - next = node->next; - action(node->data); - } + avl_node_t *node, *next; + + for(node = tree->head; node; node = next) { + next = node->next; + action(node->data); + } } -void avl_foreach_node(avl_tree_t *tree, avl_action_t action) +void avl_foreach_node(avl_tree_t * tree, avl_action_t action) { - avl_node_t *node, *next; - - for(node = tree->head; node; node = next) - { - next = node->next; - action(node); - } + avl_node_t *node, *next; + + for(node = tree->head; node; node = next) { + next = node->next; + action(node); + } } /* Indexing */ #ifdef AVL_COUNT -unsigned int avl_count(avl_tree_t *tree) +unsigned int avl_count(avl_tree_t * tree) { - return AVL_NODE_COUNT(tree->root); + return AVL_NODE_COUNT(tree->root); } -avl_node_t *avl_get_node(const avl_tree_t *tree, unsigned int index) +avl_node_t *avl_get_node(const avl_tree_t * tree, unsigned int index) { - avl_node_t *node; - unsigned int c; + avl_node_t *node; + unsigned int c; - node = tree->root; + node = tree->root; - while (node) - { - c = AVL_L_COUNT(node); + while(node) { + c = AVL_L_COUNT(node); - if (index < c) - { - node = node->left; - } else if (index > c) - { - node = node->right; - index -= c + 1; - } else - { - return node; - } - } - - return NULL; + if(index < c) { + node = node->left; + } else if(index > c) { + node = node->right; + index -= c + 1; + } else { + return node; + } + } + + return NULL; } -unsigned int avl_index(const avl_node_t *node) +unsigned int avl_index(const avl_node_t * node) { - avl_node_t *next; - unsigned int index; + avl_node_t *next; + unsigned int index; - index = AVL_L_COUNT(node); + index = AVL_L_COUNT(node); - while ((next = node->parent)) - { - if (node == next->right) - index += AVL_L_COUNT(next) + 1; - node = next; - } + while((next = node->parent)) { + if(node == next->right) + index += AVL_L_COUNT(next) + 1; + node = next; + } - return index; + return index; } #endif #ifdef AVL_DEPTH -unsigned int avl_depth(avl_tree_t *tree) +unsigned int avl_depth(avl_tree_t * tree) { - return AVL_NODE_DEPTH(tree->root); + return AVL_NODE_DEPTH(tree->root); } #endif diff --git a/lib/avl_tree.h b/lib/avl_tree.h index 35c13a32..08bed6b9 100644 --- a/lib/avl_tree.h +++ b/lib/avl_tree.h @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.h,v 1.1.2.5 2002/06/21 10:11:11 guus Exp $ + $Id: avl_tree.h,v 1.1.2.6 2002/09/09 21:49:16 guus Exp $ */ @@ -37,34 +37,34 @@ #define __AVL_TREE_H__ #ifndef AVL_DEPTH - #ifndef AVL_COUNT - #define AVL_DEPTH - #endif +#ifndef AVL_COUNT +#define AVL_DEPTH +#endif #endif typedef struct avl_node_t { - /* Linked list part */ + /* Linked list part */ - struct avl_node_t *next; - struct avl_node_t *prev; + struct avl_node_t *next; + struct avl_node_t *prev; - /* Tree part */ + /* Tree part */ - struct avl_node_t *parent; - struct avl_node_t *left; - struct avl_node_t *right; + struct avl_node_t *parent; + struct avl_node_t *left; + struct avl_node_t *right; #ifdef AVL_COUNT - unsigned int count; + unsigned int count; #endif #ifdef AVL_DEPTH - unsigned char depth; + unsigned char depth; #endif - /* Payload */ + /* Payload */ - void *data; + void *data; } avl_node_t; @@ -74,17 +74,17 @@ typedef void (*avl_action_node_t) (const avl_node_t *); typedef struct avl_tree_t { - /* Linked list part */ + /* Linked list part */ - avl_node_t *head; - avl_node_t *tail; + avl_node_t *head; + avl_node_t *tail; - /* Tree part */ + /* Tree part */ - avl_node_t *root; + avl_node_t *root; - avl_compare_t compare; - avl_action_t delete; + avl_compare_t compare; + avl_action_t delete; } avl_tree_t; @@ -94,7 +94,7 @@ extern avl_tree_t *avl_alloc_tree(avl_compare_t, avl_action_t); extern void avl_free_tree(avl_tree_t *); extern avl_node_t *avl_alloc_node(void); -extern void avl_free_node(avl_tree_t *tree, avl_node_t *); +extern void avl_free_node(avl_tree_t * tree, avl_node_t *); /* Insertion and deletion */ @@ -106,7 +106,7 @@ extern void avl_insert_before(avl_tree_t *, avl_node_t *, avl_node_t *); extern void avl_insert_after(avl_tree_t *, avl_node_t *, avl_node_t *); extern avl_node_t *avl_unlink(avl_tree_t *, void *); -extern void avl_unlink_node(avl_tree_t *tree, avl_node_t *); +extern void avl_unlink_node(avl_tree_t * tree, avl_node_t *); extern void avl_delete(avl_tree_t *, void *); extern void avl_delete_node(avl_tree_t *, avl_node_t *); @@ -142,4 +142,4 @@ extern unsigned int avl_index(const avl_node_t *); extern unsigned int avl_depth(avl_tree_t *); #endif -#endif /* __AVL_TREE_H__ */ +#endif /* __AVL_TREE_H__ */ diff --git a/lib/dropin.c b/lib/dropin.c index 661c4551..22bc812f 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.11 2002/07/12 11:45:21 guus Exp $ + $Id: dropin.c,v 1.1.2.12 2002/09/09 21:49:16 guus Exp $ */ #include "config.h" @@ -51,61 +51,51 @@ */ int daemon(int nochdir, int noclose) { - pid_t pid; - int fd; - - pid = fork(); - - /* Check if forking failed */ - if(pid < 0) - { - perror("fork"); - exit(-1); - } + pid_t pid; + int fd; - /* If we are the parent, terminate */ - if(pid) - exit(0); + pid = fork(); - /* Detach by becoming the new process group leader */ - if(setsid() < 0) - { - perror("setsid"); - return -1; - } - - /* Change working directory to the root (to avoid keeping mount - points busy) */ - if(!nochdir) - { - chdir("/"); - } - - /* Redirect stdin/out/err to /dev/null */ - if(!noclose) - { - fd = open("/dev/null", O_RDWR); + /* Check if forking failed */ + if(pid < 0) { + perror("fork"); + exit(-1); + } - if(fd < 0) - { - perror("opening /dev/null"); - return -1; - } - else - { - dup2(fd, 0); - dup2(fd, 1); - dup2(fd, 2); - } - } + /* If we are the parent, terminate */ + if(pid) + exit(0); - return 0; + /* Detach by becoming the new process group leader */ + if(setsid() < 0) { + perror("setsid"); + return -1; + } + + /* Change working directory to the root (to avoid keeping mount + points busy) */ + if(!nochdir) { + chdir("/"); + } + + /* Redirect stdin/out/err to /dev/null */ + if(!noclose) { + fd = open("/dev/null", O_RDWR); + + if(fd < 0) { + perror("opening /dev/null"); + return -1; + } else { + dup2(fd, 0); + dup2(fd, 1); + dup2(fd, 2); + } + } + + return 0; } #endif - - - #ifndef HAVE_GET_CURRENT_DIR_NAME /* Replacement for the GNU get_current_dir_name function: @@ -116,56 +106,55 @@ int daemon(int nochdir, int noclose) */ char *get_current_dir_name(void) { - size_t size; - char *buf; - char *r; + size_t size; + char *buf; + char *r; - /* Start with 100 bytes. If this turns out to be insufficient to - contain the working directory, double the size. */ - size = 100; - buf = xmalloc(size); + /* Start with 100 bytes. If this turns out to be insufficient to + contain the working directory, double the size. */ + size = 100; + buf = xmalloc(size); - errno = 0; /* Success */ - r = getcwd(buf, size); - /* getcwd returns NULL and sets errno to ERANGE if the bufferspace - is insufficient to contain the entire working directory. */ - while(r == NULL && errno == ERANGE) - { - free(buf); - size <<= 1; /* double the size */ - buf = xmalloc(size); - r = getcwd(buf, size); - } + errno = 0; /* Success */ + r = getcwd(buf, size); - return buf; + /* getcwd returns NULL and sets errno to ERANGE if the bufferspace + is insufficient to contain the entire working directory. */ + while(r == NULL && errno == ERANGE) { + free(buf); + size <<= 1; /* double the size */ + buf = xmalloc(size); + r = getcwd(buf, size); + } + + return buf; } #endif #ifndef HAVE_ASPRINTF int asprintf(char **buf, const char *fmt, ...) { - int status; - va_list ap; - int len; - - len = 4096; - *buf = xmalloc(len); + int status; + va_list ap; + int len; - va_start(ap, fmt); - status = vsnprintf (*buf, len, fmt, ap); - va_end (ap); + len = 4096; + *buf = xmalloc(len); - if(status >= 0) - *buf = xrealloc(*buf, status); + va_start(ap, fmt); + status = vsnprintf(*buf, len, fmt, ap); + va_end(ap); - if(status > len-1) - { - len = status; - va_start(ap, fmt); - status = vsnprintf (*buf, len, fmt, ap); - va_end (ap); - } + if(status >= 0) + *buf = xrealloc(*buf, status); - return status; + if(status > len - 1) { + len = status; + va_start(ap, fmt); + status = vsnprintf(*buf, len, fmt, ap); + va_end(ap); + } + + return status; } #endif diff --git a/lib/dropin.h b/lib/dropin.h index ecf14403..0d10c367 100644 --- a/lib/dropin.h +++ b/lib/dropin.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.h,v 1.1.2.8 2002/06/21 10:11:11 guus Exp $ + $Id: dropin.h,v 1.1.2.9 2002/09/09 21:49:16 guus Exp $ */ #ifndef __DROPIN_H__ @@ -28,7 +28,7 @@ extern int daemon(int, int); #endif #ifndef HAVE_GET_CURRENT_DIR_NAME -extern char* get_current_dir_name(void); +extern char *get_current_dir_name(void); #endif #ifndef HAVE_ASPRINTF @@ -39,7 +39,7 @@ extern int asprintf(char **, const char *, ...); #include #include extern int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, - size_t hostlen, char *serv, size_t servlen, int flags); + size_t hostlen, char *serv, size_t servlen, int flags); #endif -#endif /* __DROPIN_H__ */ +#endif /* __DROPIN_H__ */ diff --git a/lib/list.c b/lib/list.c index b4c5871c..d47ce0eb 100644 --- a/lib/list.c +++ b/lib/list.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.11 2002/06/21 10:11:11 guus Exp $ + $Id: list.c,v 1.1.2.12 2002/09/09 21:49:16 guus Exp $ */ #include "config.h" @@ -33,165 +33,158 @@ list_t *list_alloc(list_action_t delete) { - list_t *list; + list_t *list; - list = xmalloc_and_zero(sizeof(list_t)); - list->delete = delete; + list = xmalloc_and_zero(sizeof(list_t)); + list->delete = delete; - return list; + return list; } -void list_free(list_t *list) +void list_free(list_t * list) { - free(list); + free(list); } list_node_t *list_alloc_node(void) { - list_node_t *node; - - node = xmalloc_and_zero(sizeof(list_node_t)); - - return node; + return (list_node_t *)xmalloc_and_zero(sizeof(list_node_t)); } -void list_free_node(list_t *list, list_node_t *node) +void list_free_node(list_t * list, list_node_t * node) { - if(node->data && list->delete) - list->delete(node->data); - - free(node); + if(node->data && list->delete) + list->delete(node->data); + + free(node); } /* Insertion and deletion */ -list_node_t *list_insert_head(list_t *list, void *data) +list_node_t *list_insert_head(list_t * list, void *data) { - list_node_t *node; - - node = list_alloc_node(); - - node->data = data; - node->prev = NULL; - node->next = list->head; - list->head = node; - - if(node->next) - node->next->prev = node; - else - list->tail = node; + list_node_t *node; - list->count++; + node = list_alloc_node(); - return node; + node->data = data; + node->prev = NULL; + node->next = list->head; + list->head = node; + + if(node->next) + node->next->prev = node; + else + list->tail = node; + + list->count++; + + return node; } -list_node_t *list_insert_tail(list_t *list, void *data) +list_node_t *list_insert_tail(list_t * list, void *data) { - list_node_t *node; - - node = list_alloc_node(); - - node->data = data; - node->next = NULL; - node->prev = list->tail; - list->tail = node; - - if(node->prev) - node->prev->next = node; - else - list->head = node; + list_node_t *node; - list->count++; - - return node; + node = list_alloc_node(); + + node->data = data; + node->next = NULL; + node->prev = list->tail; + list->tail = node; + + if(node->prev) + node->prev->next = node; + else + list->head = node; + + list->count++; + + return node; } -void list_unlink_node(list_t *list, list_node_t *node) +void list_unlink_node(list_t * list, list_node_t * node) { - if(node->prev) - node->prev->next = node->next; - else - list->head = node->next; - - if(node->next) - node->next->prev = node->prev; - else - list->tail = node->prev; + if(node->prev) + node->prev->next = node->next; + else + list->head = node->next; - list->count--; + if(node->next) + node->next->prev = node->prev; + else + list->tail = node->prev; + + list->count--; } -void list_delete_node(list_t *list, list_node_t *node) +void list_delete_node(list_t * list, list_node_t * node) { - list_unlink_node(list, node); - list_free_node(list, node); + list_unlink_node(list, node); + list_free_node(list, node); } -void list_delete_head(list_t *list) +void list_delete_head(list_t * list) { - list_delete_node(list, list->head); + list_delete_node(list, list->head); } -void list_delete_tail(list_t *list) +void list_delete_tail(list_t * list) { - list_delete_node(list, list->tail); + list_delete_node(list, list->tail); } /* Head/tail lookup */ -void *list_get_head(list_t *list) +void *list_get_head(list_t * list) { - if(list->head) - return list->head->data; - else - return NULL; + if(list->head) + return list->head->data; + else + return NULL; } -void *list_get_tail(list_t *list) +void *list_get_tail(list_t * list) { - if(list->tail) - return list->tail->data; - else - return NULL; + if(list->tail) + return list->tail->data; + else + return NULL; } /* Fast list deletion */ -void list_delete_list(list_t *list) +void list_delete_list(list_t * list) { - list_node_t *node, *next; - - for(node = list->head; node; node = next) - { - next = node->next; - list_free_node(list, node); - } + list_node_t *node, *next; - list_free(list); + for(node = list->head; node; node = next) { + next = node->next; + list_free_node(list, node); + } + + list_free(list); } /* Traversing */ -void list_foreach_node(list_t *list, list_action_node_t action) +void list_foreach_node(list_t * list, list_action_node_t action) { - list_node_t *node, *next; + list_node_t *node, *next; - for(node = list->head; node; node = next) - { - next = node->next; - action(node); - } + for(node = list->head; node; node = next) { + next = node->next; + action(node); + } } -void list_foreach(list_t *list, list_action_t action) +void list_foreach(list_t * list, list_action_t action) { - list_node_t *node, *next; + list_node_t *node, *next; - for(node = list->head; node; node = next) - { - next = node->next; - if(node->data) - action(node->data); - } + for(node = list->head; node; node = next) { + next = node->next; + if(node->data) + action(node->data); + } } diff --git a/lib/list.h b/lib/list.h index 4c9885d4..326a9296 100644 --- a/lib/list.h +++ b/lib/list.h @@ -17,34 +17,32 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.h,v 1.1.2.6 2002/06/21 10:11:11 guus Exp $ + $Id: list.h,v 1.1.2.7 2002/09/09 21:49:16 guus Exp $ */ #ifndef __TINC_LIST_H__ #define __TINC_LIST_H__ -typedef struct list_node_t -{ - struct list_node_t *prev; - struct list_node_t *next; +typedef struct list_node_t { + struct list_node_t *prev; + struct list_node_t *next; - /* Payload */ + /* Payload */ - void *data; + void *data; } list_node_t; typedef void (*list_action_t) (const void *); typedef void (*list_action_node_t) (const list_node_t *); -typedef struct list_t -{ - list_node_t *head; - list_node_t *tail; - int count; +typedef struct list_t { + list_node_t *head; + list_node_t *tail; + int count; - /* Callbacks */ + /* Callbacks */ - list_action_t delete; + list_action_t delete; } list_t; /* (De)constructors */ @@ -79,4 +77,4 @@ extern void list_delete_list(list_t *); extern void list_foreach(list_t *, list_action_t); extern void list_foreach_node(list_t *, list_action_node_t); -#endif /* __TINC_LIST_H__ */ +#endif /* __TINC_LIST_H__ */ diff --git a/lib/utils.c b/lib/utils.c index ce78dd2e..3b1abc37 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -38,50 +38,49 @@ char *hexadecimals = "0123456789ABCDEF"; int charhex2bin(char c) { - if(isdigit(c)) - return c - '0'; - else - return toupper(c) - 'A' + 10; + if(isdigit(c)) + return c - '0'; + else + return toupper(c) - 'A' + 10; } void hex2bin(char *src, char *dst, int length) { - int i; - for(i=0; i=0; i--) - { - dst[i*2+1] = hexadecimals[(unsigned char)src[i] & 15]; - dst[i*2] = hexadecimals[(unsigned char)src[i]>>4]; - } + int i; + for(i = length - 1; i >= 0; i--) { + dst[i * 2 + 1] = hexadecimals[(unsigned char) src[i] & 15]; + dst[i * 2] = hexadecimals[(unsigned char) src[i] >> 4]; + } } #ifdef ENABLE_TRACING void cp_trace() { - syslog(LOG_DEBUG, "Checkpoint trace: %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d...", - cp_file[(cp_index+15)%16], cp_line[(cp_index+15)%16], - cp_file[(cp_index+14)%16], cp_line[(cp_index+14)%16], - cp_file[(cp_index+13)%16], cp_line[(cp_index+13)%16], - cp_file[(cp_index+12)%16], cp_line[(cp_index+12)%16], - cp_file[(cp_index+11)%16], cp_line[(cp_index+11)%16], - cp_file[(cp_index+10)%16], cp_line[(cp_index+10)%16], - cp_file[(cp_index+9)%16], cp_line[(cp_index+9)%16], - cp_file[(cp_index+8)%16], cp_line[(cp_index+8)%16], - cp_file[(cp_index+7)%16], cp_line[(cp_index+7)%16], - cp_file[(cp_index+6)%16], cp_line[(cp_index+6)%16], - cp_file[(cp_index+5)%16], cp_line[(cp_index+5)%16], - cp_file[(cp_index+4)%16], cp_line[(cp_index+4)%16], - cp_file[(cp_index+3)%16], cp_line[(cp_index+3)%16], - cp_file[(cp_index+2)%16], cp_line[(cp_index+2)%16], - cp_file[(cp_index+1)%16], cp_line[(cp_index+1)%16], - cp_file[cp_index], cp_line[cp_index] - ); + syslog(LOG_DEBUG, "Checkpoint trace: %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d...", + cp_file[(cp_index + 15) % 16], cp_line[(cp_index + 15) % 16], + cp_file[(cp_index + 14) % 16], cp_line[(cp_index + 14) % 16], + cp_file[(cp_index + 13) % 16], cp_line[(cp_index + 13) % 16], + cp_file[(cp_index + 12) % 16], cp_line[(cp_index + 12) % 16], + cp_file[(cp_index + 11) % 16], cp_line[(cp_index + 11) % 16], + cp_file[(cp_index + 10) % 16], cp_line[(cp_index + 10) % 16], + cp_file[(cp_index + 9) % 16], cp_line[(cp_index + 9) % 16], + cp_file[(cp_index + 8) % 16], cp_line[(cp_index + 8) % 16], + cp_file[(cp_index + 7) % 16], cp_line[(cp_index + 7) % 16], + cp_file[(cp_index + 6) % 16], cp_line[(cp_index + 6) % 16], + cp_file[(cp_index + 5) % 16], cp_line[(cp_index + 5) % 16], + cp_file[(cp_index + 4) % 16], cp_line[(cp_index + 4) % 16], + cp_file[(cp_index + 3) % 16], cp_line[(cp_index + 3) % 16], + cp_file[(cp_index + 2) % 16], cp_line[(cp_index + 2) % 16], + cp_file[(cp_index + 1) % 16], cp_line[(cp_index + 1) % 16], + cp_file[cp_index], cp_line[cp_index] + ); } #endif diff --git a/lib/utils.h b/lib/utils.h index a1a666bd..7a953a3e 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -27,15 +27,15 @@ #include "fake-getnameinfo.h" enum { - DEBUG_NOTHING = 0, /* Quiet mode, only show starting/stopping of the daemon */ - DEBUG_CONNECTIONS = 1, /* Show (dis)connects of other tinc daemons via TCP */ - DEBUG_ERROR = 2, /* Show error messages received from other hosts */ - DEBUG_STATUS = 2, /* Show status messages received from other hosts */ - DEBUG_PROTOCOL = 3, /* Show the requests that are sent/received */ - DEBUG_META = 4, /* Show contents of every request that is sent/received */ - DEBUG_TRAFFIC = 5, /* Show network traffic information */ - DEBUG_PACKET = 6, /* Show contents of each packet that is being sent/received */ - DEBUG_SCARY_THINGS = 10 /* You have been warned */ + DEBUG_NOTHING = 0, /* Quiet mode, only show starting/stopping of the daemon */ + DEBUG_CONNECTIONS = 1, /* Show (dis)connects of other tinc daemons via TCP */ + DEBUG_ERROR = 2, /* Show error messages received from other hosts */ + DEBUG_STATUS = 2, /* Show status messages received from other hosts */ + DEBUG_PROTOCOL = 3, /* Show the requests that are sent/received */ + DEBUG_META = 4, /* Show contents of every request that is sent/received */ + DEBUG_TRAFFIC = 5, /* Show network traffic information */ + DEBUG_PACKET = 6, /* Show contents of each packet that is being sent/received */ + DEBUG_SCARY_THINGS = 10 /* You have been warned */ }; #define min(a,b) (((a)<(b))?(a):(b)) @@ -46,15 +46,15 @@ extern volatile char *cp_file[]; extern volatile int cp_index; extern void cp_trace(void); - #define cp() { cp_line[cp_index] = __LINE__; cp_file[cp_index] = __FILE__; cp_index++; cp_index %= 16; } - #define ecp() { fprintf(stderr, "Explicit checkpoint in %s line %d\n", __FILE__, __LINE__); } +#define cp() { cp_line[cp_index] = __LINE__; cp_file[cp_index] = __FILE__; cp_index++; cp_index %= 16; } +#define ecp() { fprintf(stderr, "Explicit checkpoint in %s line %d\n", __FILE__, __LINE__); } #else - #define cp() - #define ecp() - #define cp_trace() +#define cp() +#define ecp() +#define cp_trace() #endif extern void hex2bin(char *src, char *dst, int length); extern void bin2hex(char *src, char *dst, int length); -#endif /* __TINC_UTILS_H__ */ +#endif /* __TINC_UTILS_H__ */ From 6f9f6779e6bd1dd7bb795b42dad550863a386ca8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 9 Sep 2002 22:33:31 +0000 Subject: [PATCH 695/923] Remove redundant spaces. --- lib/avl_tree.c | 60 ++++++++++++++++++++--------------------- lib/avl_tree.h | 12 ++++----- lib/list.c | 28 +++++++++---------- lib/list.h | 6 ++--- src/conf.c | 28 +++++++++---------- src/connection.c | 12 ++++----- src/cygwin/device.c | 6 ++--- src/darwin/device.c | 6 ++--- src/edge.c | 16 +++++------ src/event.c | 10 +++---- src/event.h | 4 +-- src/freebsd/device.c | 6 ++--- src/linux/device.c | 53 +++++++++++++++++++++++------------- src/meta.c | 8 +++--- src/net.c | 4 +-- src/net_packet.c | 16 +++++------ src/net_setup.c | 4 +-- src/net_socket.c | 16 +++++------ src/netbsd/device.c | 6 ++--- src/netutl.c | 10 +++---- src/node.c | 14 +++++----- src/openbsd/device.c | 6 ++--- src/process.c | 4 +-- src/protocol.c | 14 +++++----- src/protocol.h | 4 +-- src/protocol_auth.c | 24 ++++++++--------- src/protocol_edge.c | 10 +++---- src/protocol_key.c | 14 +++++----- src/protocol_misc.c | 26 +++++++++--------- src/protocol_node.c | 10 +++---- src/protocol_subnet.c | 10 +++---- src/raw_socket/device.c | 6 ++--- src/route.c | 38 +++++++++++++------------- src/solaris/device.c | 6 ++--- src/subnet.c | 28 +++++++++---------- 35 files changed, 270 insertions(+), 255 deletions(-) diff --git a/lib/avl_tree.c b/lib/avl_tree.c index 009c680b..575b2f12 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.10 2002/09/09 21:49:16 guus Exp $ + $Id: avl_tree.c,v 1.1.2.11 2002/09/09 22:32:24 guus Exp $ */ #include @@ -89,7 +89,7 @@ int lg(unsigned int u) /* Internal helper functions */ -int avl_check_balance(avl_node_t * node) +int avl_check_balance(avl_node_t *node) { #ifdef AVL_DEPTH int d; @@ -117,7 +117,7 @@ int avl_check_balance(avl_node_t * node) #endif } -void avl_rebalance(avl_tree_t * tree, avl_node_t * node) +void avl_rebalance(avl_tree_t *tree, avl_node_t *node) { avl_node_t *child; avl_node_t *gchild; @@ -272,7 +272,7 @@ avl_tree_t *avl_alloc_tree(avl_compare_t compare, avl_action_t delete) return tree; } -void avl_free_tree(avl_tree_t * tree) +void avl_free_tree(avl_tree_t *tree) { free(tree); } @@ -282,7 +282,7 @@ avl_node_t *avl_alloc_node(void) return (avl_node_t *)xmalloc_and_zero(sizeof(avl_node_t)); } -void avl_free_node(avl_tree_t * tree, avl_node_t * node) +void avl_free_node(avl_tree_t *tree, avl_node_t *node) { if(node->data && tree->delete) tree->delete(node->data); @@ -292,7 +292,7 @@ void avl_free_node(avl_tree_t * tree, avl_node_t * node) /* Searching */ -void *avl_search(const avl_tree_t * tree, const void *data) +void *avl_search(const avl_tree_t *tree, const void *data) { avl_node_t *node; @@ -301,7 +301,7 @@ void *avl_search(const avl_tree_t * tree, const void *data) return node ? node->data : NULL; } -void *avl_search_closest(const avl_tree_t * tree, const void *data, int *result) +void *avl_search_closest(const avl_tree_t *tree, const void *data, int *result) { avl_node_t *node; @@ -310,7 +310,7 @@ void *avl_search_closest(const avl_tree_t * tree, const void *data, int *result) return node ? node->data : NULL; } -void *avl_search_closest_smaller(const avl_tree_t * tree, const void *data) +void *avl_search_closest_smaller(const avl_tree_t *tree, const void *data) { avl_node_t *node; @@ -319,7 +319,7 @@ void *avl_search_closest_smaller(const avl_tree_t * tree, const void *data) return node ? node->data : NULL; } -void *avl_search_closest_greater(const avl_tree_t * tree, const void *data) +void *avl_search_closest_greater(const avl_tree_t *tree, const void *data) { avl_node_t *node; @@ -328,7 +328,7 @@ void *avl_search_closest_greater(const avl_tree_t * tree, const void *data) return node ? node->data : NULL; } -avl_node_t *avl_search_node(const avl_tree_t * tree, const void *data) +avl_node_t *avl_search_node(const avl_tree_t *tree, const void *data) { avl_node_t *node; int result; @@ -338,7 +338,7 @@ avl_node_t *avl_search_node(const avl_tree_t * tree, const void *data) return result ? NULL : node; } -avl_node_t *avl_search_closest_node(const avl_tree_t * tree, const void *data, +avl_node_t *avl_search_closest_node(const avl_tree_t *tree, const void *data, int *result) { avl_node_t *node; @@ -381,7 +381,7 @@ avl_node_t *avl_search_closest_node(const avl_tree_t * tree, const void *data, return node; } -avl_node_t *avl_search_closest_smaller_node(const avl_tree_t * tree, +avl_node_t *avl_search_closest_smaller_node(const avl_tree_t *tree, const void *data) { avl_node_t *node; @@ -395,7 +395,7 @@ avl_node_t *avl_search_closest_smaller_node(const avl_tree_t * tree, return node; } -avl_node_t *avl_search_closest_greater_node(const avl_tree_t * tree, +avl_node_t *avl_search_closest_greater_node(const avl_tree_t *tree, const void *data) { avl_node_t *node; @@ -411,7 +411,7 @@ avl_node_t *avl_search_closest_greater_node(const avl_tree_t * tree, /* Insertion and deletion */ -avl_node_t *avl_insert(avl_tree_t * tree, void *data) +avl_node_t *avl_insert(avl_tree_t *tree, void *data) { avl_node_t *closest, *new; int result; @@ -451,7 +451,7 @@ avl_node_t *avl_insert(avl_tree_t * tree, void *data) return new; } -avl_node_t *avl_insert_node(avl_tree_t * tree, avl_node_t * node) +avl_node_t *avl_insert_node(avl_tree_t *tree, avl_node_t *node) { avl_node_t *closest; int result; @@ -485,14 +485,14 @@ avl_node_t *avl_insert_node(avl_tree_t * tree, avl_node_t * node) return node; } -void avl_insert_top(avl_tree_t * tree, avl_node_t * node) +void avl_insert_top(avl_tree_t *tree, avl_node_t *node) { node->prev = node->next = node->parent = NULL; tree->head = tree->tail = tree->root = node; } -void avl_insert_before(avl_tree_t * tree, avl_node_t * before, - avl_node_t * node) +void avl_insert_before(avl_tree_t *tree, avl_node_t *before, + avl_node_t *node) { if(!before) return tree->tail ? avl_insert_after(tree, tree->tail, node) : avl_insert_top(tree, node); @@ -515,7 +515,7 @@ void avl_insert_before(avl_tree_t * tree, avl_node_t * before, avl_rebalance(tree, before->parent); } -void avl_insert_after(avl_tree_t * tree, avl_node_t * after, avl_node_t * node) +void avl_insert_after(avl_tree_t *tree, avl_node_t *after, avl_node_t *node) { if(!after) return tree->head ? avl_insert_before(tree, tree->head, @@ -540,7 +540,7 @@ void avl_insert_after(avl_tree_t * tree, avl_node_t * after, avl_node_t * node) avl_rebalance(tree, after->parent); } -avl_node_t *avl_unlink(avl_tree_t * tree, void *data) +avl_node_t *avl_unlink(avl_tree_t *tree, void *data) { avl_node_t *node; @@ -552,7 +552,7 @@ avl_node_t *avl_unlink(avl_tree_t * tree, void *data) return node; } -void avl_unlink_node(avl_tree_t * tree, avl_node_t * node) +void avl_unlink_node(avl_tree_t *tree, avl_node_t *node) { avl_node_t *parent; avl_node_t **superparent; @@ -621,13 +621,13 @@ void avl_unlink_node(avl_tree_t * tree, avl_node_t * node) #endif } -void avl_delete_node(avl_tree_t * tree, avl_node_t * node) +void avl_delete_node(avl_tree_t *tree, avl_node_t *node) { avl_unlink_node(tree, node); avl_free_node(tree, node); } -void avl_delete(avl_tree_t * tree, void *data) +void avl_delete(avl_tree_t *tree, void *data) { avl_node_t *node; @@ -639,7 +639,7 @@ void avl_delete(avl_tree_t * tree, void *data) /* Fast tree cleanup */ -void avl_delete_tree(avl_tree_t * tree) +void avl_delete_tree(avl_tree_t *tree) { avl_node_t *node, *next; @@ -653,7 +653,7 @@ void avl_delete_tree(avl_tree_t * tree) /* Tree walking */ -void avl_foreach(avl_tree_t * tree, avl_action_t action) +void avl_foreach(avl_tree_t *tree, avl_action_t action) { avl_node_t *node, *next; @@ -663,7 +663,7 @@ void avl_foreach(avl_tree_t * tree, avl_action_t action) } } -void avl_foreach_node(avl_tree_t * tree, avl_action_t action) +void avl_foreach_node(avl_tree_t *tree, avl_action_t action) { avl_node_t *node, *next; @@ -676,12 +676,12 @@ void avl_foreach_node(avl_tree_t * tree, avl_action_t action) /* Indexing */ #ifdef AVL_COUNT -unsigned int avl_count(avl_tree_t * tree) +unsigned int avl_count(avl_tree_t *tree) { return AVL_NODE_COUNT(tree->root); } -avl_node_t *avl_get_node(const avl_tree_t * tree, unsigned int index) +avl_node_t *avl_get_node(const avl_tree_t *tree, unsigned int index) { avl_node_t *node; unsigned int c; @@ -704,7 +704,7 @@ avl_node_t *avl_get_node(const avl_tree_t * tree, unsigned int index) return NULL; } -unsigned int avl_index(const avl_node_t * node) +unsigned int avl_index(const avl_node_t *node) { avl_node_t *next; unsigned int index; @@ -721,7 +721,7 @@ unsigned int avl_index(const avl_node_t * node) } #endif #ifdef AVL_DEPTH -unsigned int avl_depth(avl_tree_t * tree) +unsigned int avl_depth(avl_tree_t *tree) { return AVL_NODE_DEPTH(tree->root); } diff --git a/lib/avl_tree.h b/lib/avl_tree.h index 08bed6b9..f4eddaa3 100644 --- a/lib/avl_tree.h +++ b/lib/avl_tree.h @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.h,v 1.1.2.6 2002/09/09 21:49:16 guus Exp $ + $Id: avl_tree.h,v 1.1.2.7 2002/09/09 22:32:27 guus Exp $ */ @@ -68,9 +68,9 @@ typedef struct avl_node_t { } avl_node_t; -typedef int (*avl_compare_t) (const void *, const void *); -typedef void (*avl_action_t) (const void *); -typedef void (*avl_action_node_t) (const avl_node_t *); +typedef int (*avl_compare_t)(const void *, const void *); +typedef void (*avl_action_t)(const void *); +typedef void (*avl_action_node_t)(const avl_node_t *); typedef struct avl_tree_t { @@ -94,7 +94,7 @@ extern avl_tree_t *avl_alloc_tree(avl_compare_t, avl_action_t); extern void avl_free_tree(avl_tree_t *); extern avl_node_t *avl_alloc_node(void); -extern void avl_free_node(avl_tree_t * tree, avl_node_t *); +extern void avl_free_node(avl_tree_t *tree, avl_node_t *); /* Insertion and deletion */ @@ -106,7 +106,7 @@ extern void avl_insert_before(avl_tree_t *, avl_node_t *, avl_node_t *); extern void avl_insert_after(avl_tree_t *, avl_node_t *, avl_node_t *); extern avl_node_t *avl_unlink(avl_tree_t *, void *); -extern void avl_unlink_node(avl_tree_t * tree, avl_node_t *); +extern void avl_unlink_node(avl_tree_t *tree, avl_node_t *); extern void avl_delete(avl_tree_t *, void *); extern void avl_delete_node(avl_tree_t *, avl_node_t *); diff --git a/lib/list.c b/lib/list.c index d47ce0eb..4c4a3f62 100644 --- a/lib/list.c +++ b/lib/list.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.12 2002/09/09 21:49:16 guus Exp $ + $Id: list.c,v 1.1.2.13 2002/09/09 22:32:27 guus Exp $ */ #include "config.h" @@ -41,7 +41,7 @@ list_t *list_alloc(list_action_t delete) return list; } -void list_free(list_t * list) +void list_free(list_t *list) { free(list); } @@ -51,7 +51,7 @@ list_node_t *list_alloc_node(void) return (list_node_t *)xmalloc_and_zero(sizeof(list_node_t)); } -void list_free_node(list_t * list, list_node_t * node) +void list_free_node(list_t *list, list_node_t *node) { if(node->data && list->delete) list->delete(node->data); @@ -61,7 +61,7 @@ void list_free_node(list_t * list, list_node_t * node) /* Insertion and deletion */ -list_node_t *list_insert_head(list_t * list, void *data) +list_node_t *list_insert_head(list_t *list, void *data) { list_node_t *node; @@ -82,7 +82,7 @@ list_node_t *list_insert_head(list_t * list, void *data) return node; } -list_node_t *list_insert_tail(list_t * list, void *data) +list_node_t *list_insert_tail(list_t *list, void *data) { list_node_t *node; @@ -103,7 +103,7 @@ list_node_t *list_insert_tail(list_t * list, void *data) return node; } -void list_unlink_node(list_t * list, list_node_t * node) +void list_unlink_node(list_t *list, list_node_t *node) { if(node->prev) node->prev->next = node->next; @@ -118,25 +118,25 @@ void list_unlink_node(list_t * list, list_node_t * node) list->count--; } -void list_delete_node(list_t * list, list_node_t * node) +void list_delete_node(list_t *list, list_node_t *node) { list_unlink_node(list, node); list_free_node(list, node); } -void list_delete_head(list_t * list) +void list_delete_head(list_t *list) { list_delete_node(list, list->head); } -void list_delete_tail(list_t * list) +void list_delete_tail(list_t *list) { list_delete_node(list, list->tail); } /* Head/tail lookup */ -void *list_get_head(list_t * list) +void *list_get_head(list_t *list) { if(list->head) return list->head->data; @@ -144,7 +144,7 @@ void *list_get_head(list_t * list) return NULL; } -void *list_get_tail(list_t * list) +void *list_get_tail(list_t *list) { if(list->tail) return list->tail->data; @@ -154,7 +154,7 @@ void *list_get_tail(list_t * list) /* Fast list deletion */ -void list_delete_list(list_t * list) +void list_delete_list(list_t *list) { list_node_t *node, *next; @@ -168,7 +168,7 @@ void list_delete_list(list_t * list) /* Traversing */ -void list_foreach_node(list_t * list, list_action_node_t action) +void list_foreach_node(list_t *list, list_action_node_t action) { list_node_t *node, *next; @@ -178,7 +178,7 @@ void list_foreach_node(list_t * list, list_action_node_t action) } } -void list_foreach(list_t * list, list_action_t action) +void list_foreach(list_t *list, list_action_t action) { list_node_t *node, *next; diff --git a/lib/list.h b/lib/list.h index 326a9296..df08e492 100644 --- a/lib/list.h +++ b/lib/list.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.h,v 1.1.2.7 2002/09/09 21:49:16 guus Exp $ + $Id: list.h,v 1.1.2.8 2002/09/09 22:32:27 guus Exp $ */ #ifndef __TINC_LIST_H__ @@ -32,8 +32,8 @@ typedef struct list_node_t { void *data; } list_node_t; -typedef void (*list_action_t) (const void *); -typedef void (*list_action_node_t) (const list_node_t *); +typedef void (*list_action_t)(const void *); +typedef void (*list_action_node_t)(const list_node_t *); typedef struct list_t { list_node_t *head; diff --git a/src/conf.c b/src/conf.c index 192d04f3..71f1c783 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.59 2002/09/09 21:24:25 guus Exp $ + $Id: conf.c,v 1.9.4.60 2002/09/09 22:32:30 guus Exp $ */ #include "config.h" @@ -53,7 +53,7 @@ int pingtimeout = 0; /* seconds before timeout */ char *confbase = NULL; /* directory in which all config files are */ char *netname = NULL; /* name of the vpn network */ -int config_compare(config_t * a, config_t * b) +int config_compare(config_t *a, config_t *b) { int result; @@ -92,7 +92,7 @@ config_t *new_config(void) return (config_t *) xmalloc_and_zero(sizeof(config_t)); } -void free_config(config_t * cfg) +void free_config(config_t *cfg) { cp(); @@ -108,14 +108,14 @@ void free_config(config_t * cfg) free(cfg); } -void config_add(avl_tree_t * config_tree, config_t * cfg) +void config_add(avl_tree_t *config_tree, config_t *cfg) { cp(); avl_insert(config_tree, cfg); } -config_t *lookup_config(avl_tree_t * config_tree, char *variable) +config_t *lookup_config(avl_tree_t *config_tree, char *variable) { config_t cfg, *found; @@ -136,7 +136,7 @@ config_t *lookup_config(avl_tree_t * config_tree, char *variable) return found; } -config_t *lookup_config_next(avl_tree_t * config_tree, config_t * cfg) +config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg) { avl_node_t *node; config_t *found; @@ -157,7 +157,7 @@ config_t *lookup_config_next(avl_tree_t * config_tree, config_t * cfg) return NULL; } -int get_config_bool(config_t * cfg, int *result) +int get_config_bool(config_t *cfg, int *result) { cp(); @@ -178,7 +178,7 @@ int get_config_bool(config_t * cfg, int *result) return 0; } -int get_config_int(config_t * cfg, int *result) +int get_config_int(config_t *cfg, int *result) { cp(); @@ -194,7 +194,7 @@ int get_config_int(config_t * cfg, int *result) return 0; } -int get_config_string(config_t * cfg, char **result) +int get_config_string(config_t *cfg, char **result) { cp(); @@ -206,7 +206,7 @@ int get_config_string(config_t * cfg, char **result) return 1; } -int get_config_address(config_t * cfg, struct addrinfo **result) +int get_config_address(config_t *cfg, struct addrinfo **result) { struct addrinfo *ai; @@ -228,7 +228,7 @@ int get_config_address(config_t * cfg, struct addrinfo **result) return 0; } -int get_config_port(config_t * cfg, port_t * result) +int get_config_port(config_t *cfg, port_t *result) { cp(); @@ -246,7 +246,7 @@ int get_config_port(config_t * cfg, port_t * result) return 0; } -int get_config_subnet(config_t * cfg, subnet_t ** result) +int get_config_subnet(config_t *cfg, subnet_t ** result) { subnet_t *subnet; @@ -290,7 +290,7 @@ int get_config_subnet(config_t * cfg, subnet_t ** result) given, and buf needs to be expanded, the var pointed to by buflen will be increased. */ -char *readline(FILE * fp, char **buf, size_t * buflen) +char *readline(FILE * fp, char **buf, size_t *buflen) { char *newline = NULL; char *p; @@ -353,7 +353,7 @@ char *readline(FILE * fp, char **buf, size_t * buflen) Parse a configuration file and put the results in the configuration tree starting at *base. */ -int read_config_file(avl_tree_t * config_tree, const char *fname) +int read_config_file(avl_tree_t *config_tree, const char *fname) { int err = -2; /* Parse error */ FILE *fp; diff --git a/src/connection.c b/src/connection.c index 089ff0de..a35d4f0a 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.33 2002/09/09 21:24:31 guus Exp $ + $Id: connection.c,v 1.1.2.34 2002/09/09 22:32:30 guus Exp $ */ #include "config.h" @@ -43,7 +43,7 @@ avl_tree_t *connection_tree; /* Meta connections */ connection_t *broadcast; -int connection_compare(connection_t * a, connection_t * b) +int connection_compare(connection_t *a, connection_t *b) { return a - b; } @@ -82,7 +82,7 @@ connection_t *new_connection(void) return c; } -void free_connection(connection_t * c) +void free_connection(connection_t *c) { cp(); @@ -104,14 +104,14 @@ void free_connection(connection_t * c) free(c); } -void connection_add(connection_t * c) +void connection_add(connection_t *c) { cp(); avl_insert(connection_tree, c); } -void connection_del(connection_t * c) +void connection_del(connection_t *c) { cp(); @@ -136,7 +136,7 @@ void dump_connections(void) syslog(LOG_DEBUG, _("End of connections.")); } -int read_connection_config(connection_t * c) +int read_connection_config(connection_t *c) { char *fname; int x; diff --git a/src/cygwin/device.c b/src/cygwin/device.c index b14aec16..7cc8b1cb 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.2 2002/09/09 21:25:18 guus Exp $ + $Id: device.c,v 1.1.2.3 2002/09/09 22:33:21 guus Exp $ */ #include "config.h" @@ -83,7 +83,7 @@ void close_device(void) cp close(device_fd); } -int read_packet(vpn_packet_t * packet) +int read_packet(vpn_packet_t *packet) { int lenin; cp if((lenin = read(device_fd, packet->data, MTU)) <= 0) { @@ -104,7 +104,7 @@ int read_packet(vpn_packet_t * packet) return 0; cp} -int write_packet(vpn_packet_t * packet) +int write_packet(vpn_packet_t *packet) { cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), diff --git a/src/darwin/device.c b/src/darwin/device.c index d30f0b6a..99741f66 100644 --- a/src/darwin/device.c +++ b/src/darwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.3 2002/09/09 21:25:19 guus Exp $ + $Id: device.c,v 1.1.2.4 2002/09/09 22:33:23 guus Exp $ */ #include "config.h" @@ -92,7 +92,7 @@ void close_device(void) read, encrypt and send data that is available through the ethertap device */ -int read_packet(vpn_packet_t * packet) +int read_packet(vpn_packet_t *packet) { int lenin; cp if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { @@ -117,7 +117,7 @@ int read_packet(vpn_packet_t * packet) return 0; cp} -int write_packet(vpn_packet_t * packet) +int write_packet(vpn_packet_t *packet) { cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), diff --git a/src/edge.c b/src/edge.c index 8c100090..9cc9df83 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.16 2002/09/09 21:24:31 guus Exp $ + $Id: edge.c,v 1.1.2.17 2002/09/09 22:32:30 guus Exp $ */ #include "config.h" @@ -43,12 +43,12 @@ avl_tree_t *edge_weight_tree; /* Tree with all edges, sorted on weight */ -int edge_compare(edge_t * a, edge_t * b) +int edge_compare(edge_t *a, edge_t *b) { return strcmp(a->to->name, b->to->name); } -int edge_weight_compare(edge_t * a, edge_t * b) +int edge_weight_compare(edge_t *a, edge_t *b) { int result; @@ -80,7 +80,7 @@ avl_tree_t *new_edge_tree(void) return avl_alloc_tree((avl_compare_t) edge_compare, NULL); } -void free_edge_tree(avl_tree_t * edge_tree) +void free_edge_tree(avl_tree_t *edge_tree) { cp(); @@ -103,14 +103,14 @@ edge_t *new_edge(void) return (edge_t *) xmalloc_and_zero(sizeof(edge_t)); } -void free_edge(edge_t * e) +void free_edge(edge_t *e) { cp(); free(e); } -void edge_add(edge_t * e) +void edge_add(edge_t *e) { cp(); @@ -123,7 +123,7 @@ void edge_add(edge_t * e) e->reverse->reverse = e; } -void edge_del(edge_t * e) +void edge_del(edge_t *e) { cp(); @@ -134,7 +134,7 @@ void edge_del(edge_t * e) avl_delete(edge_weight_tree, e); } -edge_t *lookup_edge(node_t * from, node_t * to) +edge_t *lookup_edge(node_t *from, node_t *to) { edge_t v; diff --git a/src/event.c b/src/event.c index acf2ffb7..a91be86d 100644 --- a/src/event.c +++ b/src/event.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.c,v 1.1.4.5 2002/09/09 21:24:31 guus Exp $ + $Id: event.c,v 1.1.4.6 2002/09/09 22:32:30 guus Exp $ */ #include "config.h" @@ -38,7 +38,7 @@ extern time_t now; int id; -int event_compare(event_t * a, event_t * b) +int event_compare(event_t *a, event_t *b) { if(a->time > b->time) return 1; @@ -70,14 +70,14 @@ event_t *new_event(void) return (event_t *) xmalloc_and_zero(sizeof(event_t)); } -void free_event(event_t * event) +void free_event(event_t *event) { cp(); free(event); } -void event_add(event_t * event) +void event_add(event_t *event) { cp(); @@ -85,7 +85,7 @@ void event_add(event_t * event) avl_insert(event_tree, event); } -void event_del(event_t * event) +void event_del(event_t *event) { cp(); diff --git a/src/event.h b/src/event.h index 5833ad11..25eb9667 100644 --- a/src/event.h +++ b/src/event.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.h,v 1.1.4.3 2002/09/09 21:24:34 guus Exp $ + $Id: event.h,v 1.1.4.4 2002/09/09 22:32:36 guus Exp $ */ #ifndef __TINC_EVENT_H__ @@ -28,7 +28,7 @@ avl_tree_t *event_tree; -typedef void (*event_handler_t) (void *); +typedef void (*event_handler_t)(void *); typedef struct { time_t time; diff --git a/src/freebsd/device.c b/src/freebsd/device.c index 0e3a9fce..074f3473 100644 --- a/src/freebsd/device.c +++ b/src/freebsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.6 2002/09/09 21:25:19 guus Exp $ + $Id: device.c,v 1.1.2.7 2002/09/09 22:33:23 guus Exp $ */ #include "config.h" @@ -92,7 +92,7 @@ void close_device(void) read, encrypt and send data that is available through the ethertap device */ -int read_packet(vpn_packet_t * packet) +int read_packet(vpn_packet_t *packet) { int lenin; cp if((lenin = read(device_fd, packet->data, MTU)) <= 0) { @@ -112,7 +112,7 @@ int read_packet(vpn_packet_t * packet) return 0; cp} -int write_packet(vpn_packet_t * packet) +int write_packet(vpn_packet_t *packet) { cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), diff --git a/src/linux/device.c b/src/linux/device.c index 0391f6a2..92b3a3ca 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.11 2002/09/09 21:25:23 guus Exp $ + $Id: device.c,v 1.1.2.12 2002/09/09 22:33:24 guus Exp $ */ #include "config.h" @@ -73,7 +73,9 @@ int setup_device(void) { struct ifreq ifr; - cp if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + cp(); + + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) device = DEFAULT_DEVICE; if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) @@ -82,15 +84,15 @@ int setup_device(void) #else interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; #endif - cp device_fd = open(device, O_RDWR | O_NONBLOCK); + device_fd = open(device, O_RDWR | O_NONBLOCK); if(device_fd < 0) { syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } - cp - /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; + + /* Set default MAC address for ethertap devices */ + mymac.type = SUBNET_MAC; mymac.net.mac.address.x[0] = 0xfe; mymac.net.mac.address.x[1] = 0xfd; mymac.net.mac.address.x[2] = 0x00; @@ -102,10 +104,12 @@ int setup_device(void) /* Ok now check if this is an old ethertap or a new tun/tap thingie */ memset(&ifr, 0, sizeof(ifr)); - cp ifr.ifr_flags = IFF_TAP | IFF_NO_PI; + ifr.ifr_flags = IFF_TAP | IFF_NO_PI; + if(interface) strncpy(ifr.ifr_name, interface, IFNAMSIZ); - cp if(!ioctl(device_fd, TUNSETIFF, (void *) &ifr)) { + + if(!ioctl(device_fd, TUNSETIFF, (void *) &ifr)) { device_info = _("Linux tun/tap device"); device_type = DEVICE_TYPE_TUNTAP; strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); @@ -125,22 +129,28 @@ int setup_device(void) } syslog(LOG_INFO, _("%s is a %s"), device, device_info); - cp return 0; + + return 0; } void close_device(void) { - cp close(device_fd); + cp(); + + close(device_fd); } /* read, encrypt and send data that is available through the ethertap device */ -int read_packet(vpn_packet_t * packet) +int read_packet(vpn_packet_t *packet) { int lenin; - cp if(device_type == DEVICE_TYPE_TUNTAP) { + + cp(); + + if(device_type == DEVICE_TYPE_TUNTAP) { lenin = read(device_fd, packet->data, MTU); if(lenin <= 0) { @@ -171,11 +181,13 @@ int read_packet(vpn_packet_t * packet) } return 0; -cp} +} -int write_packet(vpn_packet_t * packet) +int write_packet(vpn_packet_t *packet) { - cp if(debug_lvl >= DEBUG_TRAFFIC) + cp(); + + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); @@ -186,8 +198,8 @@ int write_packet(vpn_packet_t * packet) return -1; } } else { /* ethertap */ + *(short int *)(packet->data - 2) = packet->len; - *(short int *) (packet->data - 2) = packet->len; if(write(device_fd, packet->data - 2, packet->len + 2) < 0) { syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); @@ -196,12 +208,15 @@ int write_packet(vpn_packet_t * packet) } device_total_out += packet->len; - cp return 0; + + return 0; } void dump_device_stats(void) { - cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + cp(); + + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp} +} diff --git a/src/meta.c b/src/meta.c index fa475dfb..bf6cc4ca 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.29 2002/09/09 21:24:34 guus Exp $ + $Id: meta.c,v 1.1.2.30 2002/09/09 22:32:39 guus Exp $ */ #include "config.h" @@ -39,7 +39,7 @@ #include "system.h" #include "protocol.h" -int send_meta(connection_t * c, char *buffer, int length) +int send_meta(connection_t *c, char *buffer, int length) { char *bufp; int outlen; @@ -67,7 +67,7 @@ int send_meta(connection_t * c, char *buffer, int length) return 0; } -void broadcast_meta(connection_t * from, char *buffer, int length) +void broadcast_meta(connection_t *from, char *buffer, int length) { avl_node_t *node; connection_t *c; @@ -82,7 +82,7 @@ void broadcast_meta(connection_t * from, char *buffer, int length) } } -int receive_meta(connection_t * c) +int receive_meta(connection_t *c) { int x, l = sizeof(x); int oldlen, i; diff --git a/src/net.c b/src/net.c index 5cd3fa5e..c56fe98d 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.180 2002/09/09 21:24:34 guus Exp $ + $Id: net.c,v 1.35.4.181 2002/09/09 22:32:39 guus Exp $ */ #include "config.h" @@ -166,7 +166,7 @@ void build_fdset(fd_set * fs) - Check if we need to retry making an outgoing connection - Deactivate the host */ -void terminate_connection(connection_t * c, int report) +void terminate_connection(connection_t *c, int report) { cp(); diff --git a/src/net_packet.c b/src/net_packet.c index 00733b6f..eaa2cf18 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.22 2002/09/09 21:24:41 guus Exp $ + $Id: net_packet.c,v 1.1.2.23 2002/09/09 22:32:44 guus Exp $ */ #include "config.h" @@ -85,7 +85,7 @@ int keyexpires = 0; /* VPN packet I/O */ -void receive_udppacket(node_t * n, vpn_packet_t * inpkt) +void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { vpn_packet_t pkt1, pkt2; vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; @@ -164,7 +164,7 @@ void receive_udppacket(node_t * n, vpn_packet_t * inpkt) receive_packet(n, inpkt); } -void receive_tcppacket(connection_t * c, char *buffer, int len) +void receive_tcppacket(connection_t *c, char *buffer, int len) { vpn_packet_t outpkt; @@ -176,7 +176,7 @@ void receive_tcppacket(connection_t * c, char *buffer, int len) receive_packet(c->node, &outpkt); } -void receive_packet(node_t * n, vpn_packet_t * packet) +void receive_packet(node_t *n, vpn_packet_t *packet) { cp(); @@ -187,7 +187,7 @@ void receive_packet(node_t * n, vpn_packet_t * packet) route_incoming(n, packet); } -void send_udppacket(node_t * n, vpn_packet_t * inpkt) +void send_udppacket(node_t *n, vpn_packet_t *inpkt) { vpn_packet_t pkt1, pkt2; vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; @@ -313,7 +313,7 @@ void send_udppacket(node_t * n, vpn_packet_t * inpkt) /* send a packet to the given vpn ip. */ -void send_packet(node_t * n, vpn_packet_t * packet) +void send_packet(node_t *n, vpn_packet_t *packet) { node_t *via; @@ -353,7 +353,7 @@ void send_packet(node_t * n, vpn_packet_t * packet) /* Broadcast a packet using the minimum spanning tree */ -void broadcast_packet(node_t * from, vpn_packet_t * packet) +void broadcast_packet(node_t *from, vpn_packet_t *packet) { avl_node_t *node; connection_t *c; @@ -372,7 +372,7 @@ void broadcast_packet(node_t * from, vpn_packet_t * packet) } } -void flush_queue(node_t * n) +void flush_queue(node_t *n) { list_node_t *node, *next; diff --git a/src/net_setup.c b/src/net_setup.c index eee05605..5243b1e9 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.25 2002/09/09 21:24:41 guus Exp $ + $Id: net_setup.c,v 1.1.2.26 2002/09/09 22:32:44 guus Exp $ */ #include "config.h" @@ -77,7 +77,7 @@ char *myport; -int read_rsa_public_key(connection_t * c) +int read_rsa_public_key(connection_t *c) { FILE *fp; char *fname; diff --git a/src/net_socket.c b/src/net_socket.c index 96a58b05..eedef7b2 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.20 2002/09/09 21:24:41 guus Exp $ + $Id: net_socket.c,v 1.1.2.21 2002/09/09 22:32:44 guus Exp $ */ #include "config.h" @@ -84,7 +84,7 @@ int listen_sockets; /* Setup sockets */ -int setup_listen_socket(sockaddr_t * sa) +int setup_listen_socket(sockaddr_t *sa) { int nfd, flags; char *addrstr; @@ -162,7 +162,7 @@ int setup_listen_socket(sockaddr_t * sa) return nfd; } -int setup_vpn_in_socket(sockaddr_t * sa) +int setup_vpn_in_socket(sockaddr_t *sa) { int nfd, flags; char *addrstr; @@ -219,7 +219,7 @@ int setup_vpn_in_socket(sockaddr_t * sa) return nfd; } -void retry_outgoing(outgoing_t * outgoing) +void retry_outgoing(outgoing_t *outgoing) { event_t *event; @@ -242,7 +242,7 @@ void retry_outgoing(outgoing_t * outgoing) outgoing->timeout); } -int setup_outgoing_socket(connection_t * c) +int setup_outgoing_socket(connection_t *c) { int option; @@ -288,7 +288,7 @@ int setup_outgoing_socket(connection_t * c) } -void finish_connecting(connection_t * c) +void finish_connecting(connection_t *c) { cp(); @@ -300,7 +300,7 @@ void finish_connecting(connection_t * c) send_id(c); } -void do_outgoing_connection(connection_t * c) +void do_outgoing_connection(connection_t *c) { char *address, *port; int option, result, flags; @@ -403,7 +403,7 @@ begin: return; } -void setup_outgoing_connection(outgoing_t * outgoing) +void setup_outgoing_connection(outgoing_t *outgoing) { connection_t *c; node_t *n; diff --git a/src/netbsd/device.c b/src/netbsd/device.c index 53bd9da8..232e58df 100644 --- a/src/netbsd/device.c +++ b/src/netbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.5 2002/09/09 21:25:23 guus Exp $ + $Id: device.c,v 1.1.2.6 2002/09/09 22:33:24 guus Exp $ */ #include "config.h" @@ -93,7 +93,7 @@ void close_device(void) cp close(device_fd); cp} -int read_packet(vpn_packet_t * packet) +int read_packet(vpn_packet_t *packet) { int lenin; cp if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { @@ -119,7 +119,7 @@ int read_packet(vpn_packet_t * packet) return 0; cp} -int write_packet(vpn_packet_t * packet) +int write_packet(vpn_packet_t *packet) { cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), diff --git a/src/netutl.c b/src/netutl.c index e5c969e7..c977316a 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.43 2002/09/09 21:24:41 guus Exp $ + $Id: netutl.c,v 1.12.4.44 2002/09/09 22:32:44 guus Exp $ */ #include "config.h" @@ -107,7 +107,7 @@ sockaddr_t str2sockaddr(char *address, char *port) return result; } -void sockaddr2str(sockaddr_t * sa, char **addrstr, char **portstr) +void sockaddr2str(sockaddr_t *sa, char **addrstr, char **portstr) { char address[NI_MAXHOST]; char port[NI_MAXSERV]; @@ -135,7 +135,7 @@ void sockaddr2str(sockaddr_t * sa, char **addrstr, char **portstr) *portstr = xstrdup(port); } -char *sockaddr2hostname(sockaddr_t * sa) +char *sockaddr2hostname(sockaddr_t *sa) { char *str; char address[NI_MAXHOST] = "unknown"; @@ -156,7 +156,7 @@ char *sockaddr2hostname(sockaddr_t * sa) return str; } -int sockaddrcmp(sockaddr_t * a, sockaddr_t * b) +int sockaddrcmp(sockaddr_t *a, sockaddr_t *b) { int result; @@ -196,7 +196,7 @@ int sockaddrcmp(sockaddr_t * a, sockaddr_t * b) } } -void sockaddrunmap(sockaddr_t * sa) +void sockaddrunmap(sockaddr_t *sa) { if(sa->sa.sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sa->in6.sin6_addr)) { sa->in.sin_addr.s_addr = ((uint32_t *) & sa->in6.sin6_addr)[3]; diff --git a/src/node.c b/src/node.c index 89b1689d..e68c7359 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.17 2002/09/09 21:24:41 guus Exp $ + $Id: node.c,v 1.1.2.18 2002/09/09 22:32:49 guus Exp $ */ #include "config.h" @@ -39,12 +39,12 @@ avl_tree_t *node_udp_tree; /* Known nodes, sorted by address and port */ node_t *myself; -int node_compare(node_t * a, node_t * b) +int node_compare(node_t *a, node_t *b) { return strcmp(a->name, b->name); } -int node_udp_compare(node_t * a, node_t * b) +int node_udp_compare(node_t *a, node_t *b) { int result; @@ -87,7 +87,7 @@ node_t *new_node(void) return n; } -void free_node(node_t * n) +void free_node(node_t *n) { cp(); @@ -112,7 +112,7 @@ void free_node(node_t * n) free(n); } -void node_add(node_t * n) +void node_add(node_t *n) { cp(); @@ -120,7 +120,7 @@ void node_add(node_t * n) avl_insert(node_udp_tree, n); } -void node_del(node_t * n) +void node_del(node_t *n) { avl_node_t *node, *next; edge_t *e; @@ -152,7 +152,7 @@ node_t *lookup_node(char *name) return avl_search(node_tree, &n); } -node_t *lookup_node_udp(sockaddr_t * sa) +node_t *lookup_node_udp(sockaddr_t *sa) { node_t n; cp(); diff --git a/src/openbsd/device.c b/src/openbsd/device.c index dee8fa0a..48d8b9bd 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.10 2002/09/09 21:25:26 guus Exp $ + $Id: device.c,v 1.1.2.11 2002/09/09 22:33:27 guus Exp $ */ #include "config.h" @@ -93,7 +93,7 @@ void close_device(void) cp close(device_fd); cp} -int read_packet(vpn_packet_t * packet) +int read_packet(vpn_packet_t *packet) { int lenin; u_int32_t type; @@ -139,7 +139,7 @@ int read_packet(vpn_packet_t * packet) return 0; cp} -int write_packet(vpn_packet_t * packet) +int write_packet(vpn_packet_t *packet) { u_int32_t type; struct iovec vector[2]; diff --git a/src/process.c b/src/process.c index f149d7cd..46a8de8d 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.46 2002/09/09 21:24:41 guus Exp $ + $Id: process.c,v 1.1.2.47 2002/09/09 22:32:49 guus Exp $ */ #include "config.h" @@ -423,7 +423,7 @@ RETSIGTYPE ignore_signal_handler(int a) struct { int signal; - void (*handler) (int); + void (*handler)(int); } sighandlers[] = { { SIGHUP, sighup_handler}, { diff --git a/src/protocol.c b/src/protocol.c index 565087cd..b499c487 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.136 2002/09/09 21:24:41 guus Exp $ + $Id: protocol.c,v 1.28.4.137 2002/09/09 22:32:49 guus Exp $ */ #include "config.h" @@ -57,7 +57,7 @@ int check_id(char *id) /* Generic request routines - takes care of logging and error detection as well */ -int send_request(connection_t * c, const char *format, ...) +int send_request(connection_t *c, const char *format, ...) { va_list args; char buffer[MAXBUFSIZE]; @@ -97,7 +97,7 @@ int send_request(connection_t * c, const char *format, ...) return send_meta(c, buffer, len); } -int forward_request(connection_t * from) +int forward_request(connection_t *from) { int request; cp(); @@ -120,7 +120,7 @@ int forward_request(connection_t * from) return broadcast_meta(from, from->buffer, from->reqlen); } -int receive_request(connection_t * c) +int receive_request(connection_t *c) { int request; @@ -170,12 +170,12 @@ int receive_request(connection_t * c) return 0; } -int past_request_compare(past_request_t * a, past_request_t * b) +int past_request_compare(past_request_t *a, past_request_t *b) { return strcmp(a->request, b->request); } -void free_past_request(past_request_t * r) +void free_past_request(past_request_t *r) { cp(); @@ -245,7 +245,7 @@ void age_past_requests(void) /* Jumptable for the request handlers */ -int (*request_handlers[]) (connection_t *) = { +int (*request_handlers[])(connection_t *) = { id_h, metakey_h, challenge_h, chal_reply_h, ack_h, status_h, error_h, termreq_h, ping_h, pong_h, diff --git a/src/protocol.h b/src/protocol.h index f782523e..db1c96c1 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.35 2002/09/09 21:24:42 guus Exp $ + $Id: protocol.h,v 1.5.4.36 2002/09/09 22:32:55 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -93,7 +93,7 @@ extern int send_tcppacket(connection_t *, vpn_packet_t *); /* Request handlers */ -extern int (*request_handlers[]) (connection_t *); +extern int (*request_handlers[])(connection_t *); extern int id_h(connection_t *); extern int metakey_h(connection_t *); diff --git a/src/protocol_auth.c b/src/protocol_auth.c index fc0c3aae..83b1c200 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.16 2002/09/09 21:24:45 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.17 2002/09/09 22:32:59 guus Exp $ */ #include "config.h" @@ -53,7 +53,7 @@ #include "system.h" -int send_id(connection_t * c) +int send_id(connection_t *c) { cp(); @@ -61,7 +61,7 @@ int send_id(connection_t * c) myself->connection->protocol_version); } -int id_h(connection_t * c) +int id_h(connection_t *c) { char name[MAX_STRING_SIZE]; int bla; @@ -137,7 +137,7 @@ int id_h(connection_t * c) return send_metakey(c); } -int send_metakey(connection_t * c) +int send_metakey(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len, x; @@ -216,7 +216,7 @@ int send_metakey(connection_t * c) return x; } -int metakey_h(connection_t * c) +int metakey_h(connection_t *c) { char buffer[MAX_STRING_SIZE]; int cipher, digest, maclength, compression; @@ -319,7 +319,7 @@ int metakey_h(connection_t * c) return send_challenge(c); } -int send_challenge(connection_t * c) +int send_challenge(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len, x; @@ -351,7 +351,7 @@ int send_challenge(connection_t * c) return x; } -int challenge_h(connection_t * c) +int challenge_h(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len; @@ -390,7 +390,7 @@ int challenge_h(connection_t * c) return send_chal_reply(c); } -int send_chal_reply(connection_t * c) +int send_chal_reply(connection_t *c) { char hash[EVP_MAX_MD_SIZE * 2 + 1]; EVP_MD_CTX ctx; @@ -414,7 +414,7 @@ int send_chal_reply(connection_t * c) return send_request(c, "%d %s", CHAL_REPLY, hash); } -int chal_reply_h(connection_t * c) +int chal_reply_h(connection_t *c) { char hishash[MAX_STRING_SIZE]; char myhash[EVP_MAX_MD_SIZE]; @@ -470,7 +470,7 @@ int chal_reply_h(connection_t * c) return send_ack(c); } -int send_ack(connection_t * c) +int send_ack(connection_t *c) { /* ACK message contains rest of the information the other end needs to create node_t and edge_t structures. */ @@ -492,7 +492,7 @@ int send_ack(connection_t * c) return x; } -void send_everything(connection_t * c) +void send_everything(connection_t *c) { avl_node_t *node, *node2; node_t *n; @@ -516,7 +516,7 @@ void send_everything(connection_t * c) } } -int ack_h(connection_t * c) +int ack_h(connection_t *c) { char hisport[MAX_STRING_SIZE]; char *hisaddress, *dummy; diff --git a/src/protocol_edge.c b/src/protocol_edge.c index bd473f15..6129f71b 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.12 2002/09/09 21:24:48 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.13 2002/09/09 22:33:02 guus Exp $ */ #include "config.h" @@ -45,7 +45,7 @@ #include "system.h" -int send_add_edge(connection_t * c, edge_t * e) +int send_add_edge(connection_t *c, edge_t *e) { int x; char *address, *port; @@ -63,7 +63,7 @@ int send_add_edge(connection_t * c, edge_t * e) return x; } -int add_edge_h(connection_t * c) +int add_edge_h(connection_t *c) { edge_t *e; node_t *from, *to; @@ -174,7 +174,7 @@ int add_edge_h(connection_t * c) return 0; } -int send_del_edge(connection_t * c, edge_t * e) +int send_del_edge(connection_t *c, edge_t *e) { cp(); @@ -182,7 +182,7 @@ int send_del_edge(connection_t * c, edge_t * e) e->from->name, e->to->name); } -int del_edge_h(connection_t * c) +int del_edge_h(connection_t *c) { edge_t *e; char from_name[MAX_STRING_SIZE]; diff --git a/src/protocol_key.c b/src/protocol_key.c index 66c9a909..2453975d 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.13 2002/09/09 21:24:56 guus Exp $ + $Id: protocol_key.c,v 1.1.4.14 2002/09/09 22:33:03 guus Exp $ */ #include "config.h" @@ -45,7 +45,7 @@ int mykeyused = 0; -int send_key_changed(connection_t * c, node_t * n) +int send_key_changed(connection_t *c, node_t *n) { cp(); @@ -59,7 +59,7 @@ int send_key_changed(connection_t * c, node_t * n) return send_request(c, "%d %lx %s", KEY_CHANGED, random(), n->name); } -int key_changed_h(connection_t * c) +int key_changed_h(connection_t *c) { char name[MAX_STRING_SIZE]; node_t *n; @@ -93,14 +93,14 @@ int key_changed_h(connection_t * c) return 0; } -int send_req_key(connection_t * c, node_t * from, node_t * to) +int send_req_key(connection_t *c, node_t *from, node_t *to) { cp(); return send_request(c, "%d %s %s", REQ_KEY, from->name, to->name); } -int req_key_h(connection_t * c) +int req_key_h(connection_t *c) { char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; @@ -143,7 +143,7 @@ int req_key_h(connection_t * c) return 0; } -int send_ans_key(connection_t * c, node_t * from, node_t * to) +int send_ans_key(connection_t *c, node_t *from, node_t *to) { char key[MAX_STRING_SIZE]; @@ -159,7 +159,7 @@ int send_ans_key(connection_t * c, node_t * from, node_t * to) from->compression); } -int ans_key_h(connection_t * c) +int ans_key_h(connection_t *c) { char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; diff --git a/src/protocol_misc.c b/src/protocol_misc.c index 4dcdd927..363c8c3f 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_misc.c,v 1.1.4.6 2002/09/09 21:25:02 guus Exp $ + $Id: protocol_misc.c,v 1.1.4.7 2002/09/09 22:33:04 guus Exp $ */ #include "config.h" @@ -42,7 +42,7 @@ /* Status and error notification routines */ -int send_status(connection_t * c, int statusno, char *statusstring) +int send_status(connection_t *c, int statusno, char *statusstring) { cp(); @@ -52,7 +52,7 @@ int send_status(connection_t * c, int statusno, char *statusstring) return send_request(c, "%d %d %s", STATUS, statusno, statusstring); } -int status_h(connection_t * c) +int status_h(connection_t *c) { int statusno; char statusstring[MAX_STRING_SIZE]; @@ -73,7 +73,7 @@ int status_h(connection_t * c) return 0; } -int send_error(connection_t * c, int err, char *errstring) +int send_error(connection_t *c, int err, char *errstring) { cp(); @@ -83,7 +83,7 @@ int send_error(connection_t * c, int err, char *errstring) return send_request(c, "%d %d %s", ERROR, err, errstring); } -int error_h(connection_t * c) +int error_h(connection_t *c) { int err; char errorstring[MAX_STRING_SIZE]; @@ -106,14 +106,14 @@ int error_h(connection_t * c) return 0; } -int send_termreq(connection_t * c) +int send_termreq(connection_t *c) { cp(); return send_request(c, "%d", TERMREQ); } -int termreq_h(connection_t * c) +int termreq_h(connection_t *c) { cp(); @@ -122,7 +122,7 @@ int termreq_h(connection_t * c) return 0; } -int send_ping(connection_t * c) +int send_ping(connection_t *c) { cp(); @@ -132,21 +132,21 @@ int send_ping(connection_t * c) return send_request(c, "%d", PING); } -int ping_h(connection_t * c) +int ping_h(connection_t *c) { cp(); return send_pong(c); } -int send_pong(connection_t * c) +int send_pong(connection_t *c) { cp(); return send_request(c, "%d", PONG); } -int pong_h(connection_t * c) +int pong_h(connection_t *c) { cp(); @@ -162,7 +162,7 @@ int pong_h(connection_t * c) /* Sending and receiving packets via TCP */ -int send_tcppacket(connection_t * c, vpn_packet_t * packet) +int send_tcppacket(connection_t *c, vpn_packet_t *packet) { int x; @@ -178,7 +178,7 @@ int send_tcppacket(connection_t * c, vpn_packet_t * packet) return send_meta(c, packet->data, packet->len); } -int tcppacket_h(connection_t * c) +int tcppacket_h(connection_t *c) { short int len; diff --git a/src/protocol_node.c b/src/protocol_node.c index f6be38fd..fa04e13f 100644 --- a/src/protocol_node.c +++ b/src/protocol_node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_node.c,v 1.1.4.8 2002/09/09 21:25:02 guus Exp $ + $Id: protocol_node.c,v 1.1.4.9 2002/09/09 22:33:08 guus Exp $ */ #include "config.h" @@ -43,7 +43,7 @@ #include "system.h" -int send_add_node(connection_t * c, node_t * n) +int send_add_node(connection_t *c, node_t *n) { int x; char *address, *port; @@ -60,7 +60,7 @@ int send_add_node(connection_t * c, node_t * n) return x; } -int add_node_h(connection_t * c) +int add_node_h(connection_t *c) { connection_t *other; node_t *n, *prevhop, *via; @@ -178,13 +178,13 @@ int add_node_h(connection_t * c) return 0; } -int send_del_node(connection_t * c, node_t * n) +int send_del_node(connection_t *c, node_t *n) { cp(); return send_request(c, "%d %s %s", DEL_NODE, n->name, n->prevhop->name); } -int del_node_h(connection_t * c) +int del_node_h(connection_t *c) { char name[MAX_STRING_SIZE]; char prevhopname[MAX_STRING_SIZE]; diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index 81cd52cb..b426a8e9 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.8 2002/09/09 21:25:02 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.9 2002/09/09 22:33:13 guus Exp $ */ #include "config.h" @@ -43,7 +43,7 @@ #include "system.h" -int send_add_subnet(connection_t * c, subnet_t * subnet) +int send_add_subnet(connection_t *c, subnet_t *subnet) { int x; char *netstr; @@ -58,7 +58,7 @@ int send_add_subnet(connection_t * c, subnet_t * subnet) return x; } -int add_subnet_h(connection_t * c) +int add_subnet_h(connection_t *c) { char subnetstr[MAX_STRING_SIZE]; char name[MAX_STRING_SIZE]; @@ -133,7 +133,7 @@ int add_subnet_h(connection_t * c) return 0; } -int send_del_subnet(connection_t * c, subnet_t * s) +int send_del_subnet(connection_t *c, subnet_t *s) { int x; char *netstr; @@ -149,7 +149,7 @@ int send_del_subnet(connection_t * c, subnet_t * s) return x; } -int del_subnet_h(connection_t * c) +int del_subnet_h(connection_t *c) { char subnetstr[MAX_STRING_SIZE]; char name[MAX_STRING_SIZE]; diff --git a/src/raw_socket/device.c b/src/raw_socket/device.c index 0f239e09..8dd00a20 100644 --- a/src/raw_socket/device.c +++ b/src/raw_socket/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.2 2002/09/09 21:25:28 guus Exp $ + $Id: device.c,v 1.1.2.3 2002/09/09 22:33:31 guus Exp $ */ #include "config.h" @@ -117,7 +117,7 @@ void close_device(void) read, encrypt and send data that is available through the ethertap device */ -int read_packet(vpn_packet_t * packet) +int read_packet(vpn_packet_t *packet) { int lenin; cp if((lenin = read(device_fd, packet->data, MTU)) <= 0) { @@ -138,7 +138,7 @@ int read_packet(vpn_packet_t * packet) return 0; cp} -int write_packet(vpn_packet_t * packet) +int write_packet(vpn_packet_t *packet) { cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), diff --git a/src/route.c b/src/route.c index fa99a7ef..ff84ee98 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.45 2002/09/09 21:25:07 guus Exp $ + $Id: route.c,v 1.1.2.46 2002/09/09 22:33:16 guus Exp $ */ #include "config.h" @@ -67,7 +67,7 @@ int priorityinheritance = 0; int macexpire = 600; subnet_t mymac; -void learn_mac(mac_t * address) +void learn_mac(mac_t *address) { subnet_t *subnet; avl_node_t *node; @@ -131,7 +131,7 @@ void age_mac(void) } } -node_t *route_mac(vpn_packet_t * packet) +node_t *route_mac(vpn_packet_t *packet) { subnet_t *subnet; @@ -139,11 +139,11 @@ node_t *route_mac(vpn_packet_t * packet) /* Learn source address */ - learn_mac((mac_t *) (&packet->data[6])); + learn_mac((mac_t *)(&packet->data[6])); /* Lookup destination address */ - subnet = lookup_subnet_mac((mac_t *) (&packet->data[0])); + subnet = lookup_subnet_mac((mac_t *)(&packet->data[0])); if(subnet) return subnet->owner; @@ -151,7 +151,7 @@ node_t *route_mac(vpn_packet_t * packet) return NULL; } -node_t *route_ipv4(vpn_packet_t * packet) +node_t *route_ipv4(vpn_packet_t *packet) { subnet_t *subnet; @@ -175,7 +175,7 @@ node_t *route_ipv4(vpn_packet_t * packet) return subnet->owner; } -node_t *route_ipv6(vpn_packet_t * packet) +node_t *route_ipv6(vpn_packet_t *packet) { subnet_t *subnet; @@ -202,7 +202,7 @@ node_t *route_ipv6(vpn_packet_t * packet) return subnet->owner; } -uint16_t inet_checksum(uint16_t * data, int len, uint16_t prevsum) +uint16_t inet_checksum(uint16_t *data, int len, uint16_t prevsum) { uint32_t checksum = prevsum ^ 0xFFFF; @@ -215,7 +215,7 @@ uint16_t inet_checksum(uint16_t * data, int len, uint16_t prevsum) return checksum ^ 0xFFFF; } -void route_neighborsol(vpn_packet_t * packet) +void route_neighborsol(vpn_packet_t *packet) { struct ip6_hdr *hdr; struct nd_neighbor_solicit *ns; @@ -232,9 +232,9 @@ void route_neighborsol(vpn_packet_t * packet) cp(); - hdr = (struct ip6_hdr *) (packet->data + 14); - ns = (struct nd_neighbor_solicit *) (packet->data + 14 + sizeof(*hdr)); - opt = (struct nd_opt_hdr *) (packet->data + 14 + sizeof(*hdr) + sizeof(*ns)); + hdr = (struct ip6_hdr *)(packet->data + 14); + ns = (struct nd_neighbor_solicit *)(packet->data + 14 + sizeof(*hdr)); + opt = (struct nd_opt_hdr *)(packet->data + 14 + sizeof(*hdr) + sizeof(*ns)); /* First, snatch the source address from the neighbor solicitation packet */ @@ -330,7 +330,7 @@ void route_neighborsol(vpn_packet_t * packet) write_packet(packet); } -void route_arp(vpn_packet_t * packet) +void route_arp(vpn_packet_t *packet) { struct ether_arp *arp; subnet_t *subnet; @@ -347,7 +347,7 @@ void route_arp(vpn_packet_t * packet) Most of the code here is taken from choparp.c by Takamichi Tateoka (tree@mma.club.uec.ac.jp) */ - arp = (struct ether_arp *) (packet->data + 14); + arp = (struct ether_arp *)(packet->data + 14); /* Check if this is a valid ARP request */ @@ -392,7 +392,7 @@ void route_arp(vpn_packet_t * packet) write_packet(packet); } -void route_outgoing(vpn_packet_t * packet) +void route_outgoing(vpn_packet_t *packet) { uint16_t type; node_t *n = NULL; @@ -403,7 +403,7 @@ void route_outgoing(vpn_packet_t * packet) switch (routing_mode) { case RMODE_ROUTER: - type = ntohs(*((uint16_t *) (&packet->data[12]))); + type = ntohs(*((uint16_t *)(&packet->data[12]))); switch (type) { case 0x0800: n = route_ipv4(packet); @@ -444,7 +444,7 @@ void route_outgoing(vpn_packet_t * packet) } } -void route_incoming(node_t * source, vpn_packet_t * packet) +void route_incoming(node_t *source, vpn_packet_t *packet) { switch (routing_mode) { case RMODE_ROUTER: @@ -452,7 +452,7 @@ void route_incoming(node_t * source, vpn_packet_t * packet) node_t *n = NULL; uint16_t type; - type = ntohs(*((uint16_t *) (&packet->data[12]))); + type = ntohs(*((uint16_t *)(&packet->data[12]))); switch (type) { case 0x0800: n = route_ipv4(packet); @@ -481,7 +481,7 @@ void route_incoming(node_t * source, vpn_packet_t * packet) { subnet_t *subnet; - subnet = lookup_subnet_mac((mac_t *) (&packet->data[0])); + subnet = lookup_subnet_mac((mac_t *)(&packet->data[0])); if(subnet) { if(subnet->owner == myself) diff --git a/src/solaris/device.c b/src/solaris/device.c index bab7236a..47bfa600 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.9 2002/09/09 21:25:28 guus Exp $ + $Id: device.c,v 1.1.2.10 2002/09/09 22:33:31 guus Exp $ */ @@ -136,7 +136,7 @@ void close_device(void) cp close(device_fd); } -int read_packet(vpn_packet_t * packet) +int read_packet(vpn_packet_t *packet) { int lenin; cp if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { @@ -162,7 +162,7 @@ int read_packet(vpn_packet_t * packet) return 0; cp} -int write_packet(vpn_packet_t * packet) +int write_packet(vpn_packet_t *packet) { cp if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), diff --git a/src/subnet.c b/src/subnet.c index 4ceec9af..fa00cd88 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.41 2002/09/09 21:25:10 guus Exp $ + $Id: subnet.c,v 1.1.2.42 2002/09/09 22:33:21 guus Exp $ */ #include "config.h" @@ -48,7 +48,7 @@ avl_tree_t *subnet_tree; /* Subnet comparison */ -int subnet_compare_mac(subnet_t * a, subnet_t * b) +int subnet_compare_mac(subnet_t *a, subnet_t *b) { int result; @@ -60,7 +60,7 @@ int subnet_compare_mac(subnet_t * a, subnet_t * b) return strcmp(a->owner->name, b->owner->name); } -int subnet_compare_ipv4(subnet_t * a, subnet_t * b) +int subnet_compare_ipv4(subnet_t *a, subnet_t *b) { int result; @@ -77,7 +77,7 @@ int subnet_compare_ipv4(subnet_t * a, subnet_t * b) return strcmp(a->owner->name, b->owner->name); } -int subnet_compare_ipv6(subnet_t * a, subnet_t * b) +int subnet_compare_ipv6(subnet_t *a, subnet_t *b) { int result; @@ -94,7 +94,7 @@ int subnet_compare_ipv6(subnet_t * a, subnet_t * b) return strcmp(a->owner->name, b->owner->name); } -int subnet_compare(subnet_t * a, subnet_t * b) +int subnet_compare(subnet_t *a, subnet_t *b) { int result; @@ -145,7 +145,7 @@ avl_tree_t *new_subnet_tree(void) return avl_alloc_tree((avl_compare_t) subnet_compare, NULL); } -void free_subnet_tree(avl_tree_t * subnet_tree) +void free_subnet_tree(avl_tree_t *subnet_tree) { cp(); @@ -161,7 +161,7 @@ subnet_t *new_subnet(void) return (subnet_t *) xmalloc_and_zero(sizeof(subnet_t)); } -void free_subnet(subnet_t * subnet) +void free_subnet(subnet_t *subnet) { cp(); @@ -170,7 +170,7 @@ void free_subnet(subnet_t * subnet) /* Adding and removing subnets */ -void subnet_add(node_t * n, subnet_t * subnet) +void subnet_add(node_t *n, subnet_t *subnet) { cp(); @@ -180,7 +180,7 @@ void subnet_add(node_t * n, subnet_t * subnet) avl_insert(n->subnet_tree, subnet); } -void subnet_del(node_t * n, subnet_t * subnet) +void subnet_del(node_t *n, subnet_t *subnet) { cp(); @@ -259,7 +259,7 @@ subnet_t *str2net(char *subnetstr) return NULL; } -char *net2str(subnet_t * subnet) +char *net2str(subnet_t *subnet) { char *netstr; @@ -309,14 +309,14 @@ char *net2str(subnet_t * subnet) /* Subnet lookup routines */ -subnet_t *lookup_subnet(node_t * owner, subnet_t * subnet) +subnet_t *lookup_subnet(node_t *owner, subnet_t *subnet) { cp(); return avl_search(owner->subnet_tree, subnet); } -subnet_t *lookup_subnet_mac(mac_t * address) +subnet_t *lookup_subnet_mac(mac_t *address) { subnet_t subnet, *p; @@ -331,7 +331,7 @@ subnet_t *lookup_subnet_mac(mac_t * address) return p; } -subnet_t *lookup_subnet_ipv4(ipv4_t * address) +subnet_t *lookup_subnet_ipv4(ipv4_t *address) { subnet_t subnet, *p; @@ -369,7 +369,7 @@ subnet_t *lookup_subnet_ipv4(ipv4_t * address) return p; } -subnet_t *lookup_subnet_ipv6(ipv6_t * address) +subnet_t *lookup_subnet_ipv6(ipv6_t *address) { subnet_t subnet, *p; From 3bc554347560a9c24e68bb2c7c7749be07bbec3d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 9 Sep 2002 22:41:56 +0000 Subject: [PATCH 696/923] Let GCC check format string and arguments of send_request(). --- src/protocol.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/protocol.h b/src/protocol.h index db1c96c1..67fcb325 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.36 2002/09/09 22:32:55 guus Exp $ + $Id: protocol.h,v 1.5.4.37 2002/09/09 22:41:56 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -60,7 +60,7 @@ typedef struct past_request_t { /* Basic functions */ -extern int send_request(connection_t *, const char *, ...); +extern int send_request(connection_t *, const char *, ...) __attribute__ ((format(printf, 2, 3))); extern int forward_request(connection_t *); extern int receive_request(connection_t *); extern int check_id(char *); From 161f917dd03c174742fb8c6722f430a93b506cb1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 10 Sep 2002 09:40:25 +0000 Subject: [PATCH 697/923] Fix compiler warnings. --- lib/avl_tree.c | 34 +++++++++++++++++++++++----------- lib/pidfile.c | 1 + src/graph.c | 5 +++-- src/meta.c | 8 ++++---- src/process.c | 4 +--- 5 files changed, 32 insertions(+), 20 deletions(-) diff --git a/lib/avl_tree.c b/lib/avl_tree.c index 575b2f12..d35936e6 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.11 2002/09/09 22:32:24 guus Exp $ + $Id: avl_tree.c,v 1.1.2.12 2002/09/10 09:40:15 guus Exp $ */ #include @@ -494,15 +494,22 @@ void avl_insert_top(avl_tree_t *tree, avl_node_t *node) void avl_insert_before(avl_tree_t *tree, avl_node_t *before, avl_node_t *node) { - if(!before) - return tree->tail ? avl_insert_after(tree, tree->tail, node) : avl_insert_top(tree, node); + if(!before) { + if(tree->tail) + avl_insert_after(tree, tree->tail, node); + else + avl_insert_top(tree, node); + return; + } node->next = before; node->parent = before; node->prev = before->prev; - if(before->left) - return avl_insert_after(tree, before->prev, node); + if(before->left) { + avl_insert_after(tree, before->prev, node); + return; + } if(before->prev) before->prev->next = node; @@ -517,13 +524,18 @@ void avl_insert_before(avl_tree_t *tree, avl_node_t *before, void avl_insert_after(avl_tree_t *tree, avl_node_t *after, avl_node_t *node) { - if(!after) - return tree->head ? avl_insert_before(tree, tree->head, - node) : avl_insert_top(tree, - node); + if(!after) { + if(tree->head) + avl_insert_before(tree, tree->head, node); + else + avl_insert_top(tree, node); + return; + } - if(after->right) - return avl_insert_before(tree, after->next, node); + if(after->right) { + avl_insert_before(tree, after->next, node); + return; + } node->prev = after; node->parent = after; diff --git a/lib/pidfile.c b/lib/pidfile.c index a954d18f..250f67b7 100644 --- a/lib/pidfile.c +++ b/lib/pidfile.c @@ -33,6 +33,7 @@ #include #include #include +#include #include /* read_pid diff --git a/src/graph.c b/src/graph.c index d1bd2ac3..feb9d009 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.19 2002/09/09 21:24:34 guus Exp $ + $Id: graph.c,v 1.1.2.20 2002/09/10 09:40:21 guus Exp $ */ /* We need to generate two trees from the graph: @@ -264,13 +264,14 @@ void sssp_bfs(void) if(n->status.visited != n->status.reachable) { n->status.reachable = !n->status.reachable; - if(debug_lvl >= DEBUG_TRAFFIC) + if(debug_lvl >= DEBUG_TRAFFIC) { if(n->status.reachable) syslog(LOG_DEBUG, _("Node %s (%s) became reachable"), n->name, n->hostname); else syslog(LOG_DEBUG, _("Node %s (%s) became unreachable"), n->name, n->hostname); + } n->status.validkey = 0; n->status.waitingforkey = 0; diff --git a/src/meta.c b/src/meta.c index bf6cc4ca..0025dd83 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.30 2002/09/09 22:32:39 guus Exp $ + $Id: meta.c,v 1.1.2.31 2002/09/10 09:40:25 guus Exp $ */ #include "config.h" @@ -84,7 +84,8 @@ void broadcast_meta(connection_t *from, char *buffer, int length) int receive_meta(connection_t *c) { - int x, l = sizeof(x); + int x; + socklen_t l = sizeof(x); int oldlen, i; int lenin, reqlen; int decrypted = 0; @@ -136,8 +137,7 @@ int receive_meta(connection_t *c) /* Decrypt */ if(c->status.decryptin && !decrypted) { - EVP_DecryptUpdate(c->inctx, inbuf, &lenin, c->buffer + oldlen, - lenin); + EVP_DecryptUpdate(c->inctx, inbuf, &lenin, c->buffer + oldlen, lenin); memcpy(c->buffer + oldlen, inbuf, lenin); decrypted = 1; } diff --git a/src/process.c b/src/process.c index 46a8de8d..a70d8d28 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.47 2002/09/09 22:32:49 guus Exp $ + $Id: process.c,v 1.1.2.48 2002/09/10 09:40:25 guus Exp $ */ #include "config.h" @@ -220,8 +220,6 @@ void _execute_script(const char *scriptname, char **envp) __attribute__ ((noreturn)); void _execute_script(const char *scriptname, char **envp) { - char *s; - cp(); while(*envp) From c01f78ed3603eecaec8e3649a3bfb3de9742fd24 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 10 Sep 2002 21:29:42 +0000 Subject: [PATCH 698/923] Clean up after indent. --- src/cygwin/device.c | 42 ++++++++++++++-------- src/darwin/device.c | 41 ++++++++++++++-------- src/freebsd/device.c | 41 ++++++++++++++-------- src/netbsd/device.c | 40 +++++++++++++-------- src/openbsd/device.c | 77 ++++++++++++++++++++++++----------------- src/raw_socket/device.c | 43 +++++++++++++++-------- src/solaris/device.c | 38 +++++++++++++------- 7 files changed, 208 insertions(+), 114 deletions(-) diff --git a/src/cygwin/device.c b/src/cygwin/device.c index 7cc8b1cb..3bfc2ab1 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.3 2002/09/09 22:33:21 guus Exp $ + $Id: device.c,v 1.1.2.4 2002/09/10 21:29:42 guus Exp $ */ #include "config.h" @@ -53,18 +53,21 @@ int setup_device(void) { struct ifreq ifr; - cp if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + cp(); + + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) device = DEFAULT_DEVICE; if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; - cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { + + if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } - cp - /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; + + /* Set default MAC address for ethertap devices */ + mymac.type = SUBNET_MAC; mymac.net.mac.address.x[0] = 0xfe; mymac.net.mac.address.x[1] = 0xfd; mymac.net.mac.address.x[2] = 0x00; @@ -75,18 +78,24 @@ int setup_device(void) device_info = _("Stub device for Cygwin environment"); syslog(LOG_INFO, _("%s is a %s"), device, device_info); - cp return 0; + + return 0; } void close_device(void) { - cp close(device_fd); + cp(); + + close(device_fd); } int read_packet(vpn_packet_t *packet) { int lenin; - cp if((lenin = read(device_fd, packet->data, MTU)) <= 0) { + + cp(); + + if((lenin = read(device_fd, packet->data, MTU)) <= 0) { syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; @@ -102,11 +111,13 @@ int read_packet(vpn_packet_t *packet) } return 0; -cp} +} int write_packet(vpn_packet_t *packet) { - cp if(debug_lvl >= DEBUG_TRAFFIC) + cp(); + + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); @@ -117,12 +128,15 @@ int write_packet(vpn_packet_t *packet) } device_total_out += packet->len; - cp return 0; + + return 0; } void dump_device_stats(void) { - cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + cp(); + + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp} +} diff --git a/src/darwin/device.c b/src/darwin/device.c index 99741f66..4b597ad2 100644 --- a/src/darwin/device.c +++ b/src/darwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.4 2002/09/09 22:33:23 guus Exp $ + $Id: device.c,v 1.1.2.5 2002/09/10 21:29:42 guus Exp $ */ #include "config.h" @@ -58,18 +58,21 @@ extern subnet_t mymac; */ int setup_device(void) { - cp if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + cp(); + + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) device = DEFAULT_DEVICE; if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; - cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { + + if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } - cp - /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; + + /* Set default MAC address for ethertap devices */ + mymac.type = SUBNET_MAC; mymac.net.mac.address.x[0] = 0xfe; mymac.net.mac.address.x[1] = 0xfd; mymac.net.mac.address.x[2] = 0x00; @@ -80,12 +83,15 @@ int setup_device(void) device_info = _("MacOS/X tun device"); syslog(LOG_INFO, _("%s is a %s"), device, device_info); - cp return 0; + + return 0; } void close_device(void) { - cp close(device_fd); + cp(); + + close(device_fd); } /* @@ -95,7 +101,10 @@ void close_device(void) int read_packet(vpn_packet_t *packet) { int lenin; - cp if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { + + cp(); + + if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; @@ -115,11 +124,13 @@ int read_packet(vpn_packet_t *packet) packet->len, device_info); return 0; -cp} +} int write_packet(vpn_packet_t *packet) { - cp if(debug_lvl >= DEBUG_TRAFFIC) + cp(); + + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); @@ -130,11 +141,13 @@ int write_packet(vpn_packet_t *packet) } device_total_out += packet->len; -cp} +} void dump_device_stats(void) { - cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + cp(); + + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp} +} diff --git a/src/freebsd/device.c b/src/freebsd/device.c index 074f3473..5e0fff25 100644 --- a/src/freebsd/device.c +++ b/src/freebsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.7 2002/09/09 22:33:23 guus Exp $ + $Id: device.c,v 1.1.2.8 2002/09/10 21:29:42 guus Exp $ */ #include "config.h" @@ -58,18 +58,21 @@ extern subnet_t mymac; */ int setup_device(void) { - cp if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + cp(); + + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) device = DEFAULT_DEVICE; if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; - cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { + + if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } - cp - /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; + + /* Set default MAC address for ethertap devices */ + mymac.type = SUBNET_MAC; mymac.net.mac.address.x[0] = 0xfe; mymac.net.mac.address.x[1] = 0xfd; mymac.net.mac.address.x[2] = 0x00; @@ -80,12 +83,15 @@ int setup_device(void) device_info = _("FreeBSD tap device"); syslog(LOG_INFO, _("%s is a %s"), device, device_info); - cp return 0; + + return 0; } void close_device(void) { - cp close(device_fd); + cp(); + + close(device_fd); } /* @@ -95,7 +101,10 @@ void close_device(void) int read_packet(vpn_packet_t *packet) { int lenin; - cp if((lenin = read(device_fd, packet->data, MTU)) <= 0) { + + cp(); + + if((lenin = read(device_fd, packet->data, MTU)) <= 0) { syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; @@ -110,11 +119,13 @@ int read_packet(vpn_packet_t *packet) packet->len, device_info); return 0; -cp} +} int write_packet(vpn_packet_t *packet) { - cp if(debug_lvl >= DEBUG_TRAFFIC) + cp(); + + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); @@ -125,11 +136,13 @@ int write_packet(vpn_packet_t *packet) } device_total_out += packet->len; -cp} +} void dump_device_stats(void) { - cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + cp(); + + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp} +} diff --git a/src/netbsd/device.c b/src/netbsd/device.c index 232e58df..98b607a3 100644 --- a/src/netbsd/device.c +++ b/src/netbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.6 2002/09/09 22:33:24 guus Exp $ + $Id: device.c,v 1.1.2.7 2002/09/10 21:29:42 guus Exp $ */ #include "config.h" @@ -63,18 +63,20 @@ extern subnet_t mymac; */ int setup_device(void) { + cp(); + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) device = DEFAULT_DEVICE; if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; - cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { + if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } - cp - /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; + + /* Set default MAC address for ethertap devices */ + mymac.type = SUBNET_MAC; mymac.net.mac.address.x[0] = 0xfe; mymac.net.mac.address.x[1] = 0xfd; mymac.net.mac.address.x[2] = 0x00; @@ -85,18 +87,24 @@ int setup_device(void) device_info = _("NetBSD tun device"); syslog(LOG_INFO, _("%s is a %s"), device, device_info); - cp return 0; + + return 0; } void close_device(void) { - cp close(device_fd); -cp} + cp(); + + close(device_fd); +} int read_packet(vpn_packet_t *packet) { int lenin; - cp if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { + + cp(); + + if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; @@ -117,11 +125,13 @@ int read_packet(vpn_packet_t *packet) } return 0; -cp} +} int write_packet(vpn_packet_t *packet) { - cp if(debug_lvl >= DEBUG_TRAFFIC) + cp(); + + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); @@ -132,11 +142,13 @@ int write_packet(vpn_packet_t *packet) } device_total_out += packet->len; -cp} +} void dump_device_stats(void) { - cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + cp(); + + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp} +} diff --git a/src/openbsd/device.c b/src/openbsd/device.c index 48d8b9bd..3e032b6c 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.11 2002/09/09 22:33:27 guus Exp $ + $Id: device.c,v 1.1.2.12 2002/09/10 21:29:42 guus Exp $ */ #include "config.h" @@ -63,18 +63,20 @@ extern subnet_t mymac; */ int setup_device(void) { + cp(); + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) device = DEFAULT_DEVICE; if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; - cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { + if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } - cp - /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; + + /* Set default MAC address for ethertap devices */ + mymac.type = SUBNET_MAC; mymac.net.mac.address.x[0] = 0xfe; mymac.net.mac.address.x[1] = 0xfd; mymac.net.mac.address.x[2] = 0x00; @@ -85,22 +87,26 @@ int setup_device(void) device_info = _("OpenBSD tun device"); syslog(LOG_INFO, _("%s is a %s"), device, device_info); - cp return 0; + + return 0; } void close_device(void) { - cp close(device_fd); -cp} + cp(); + + close(device_fd); +} int read_packet(vpn_packet_t *packet) { int lenin; u_int32_t type; - struct iovec vector[2] = { {&type, sizeof(type)} - , {packet->data + 14, MTU - 14} - }; - cp if((lenin = readv(device_fd, vector, 2)) <= 0) { + struct iovec vector[2] = {{&type, sizeof(type)}, {packet->data + 14, MTU - 14}}; + + cp(); + + if((lenin = readv(device_fd, vector, 2)) <= 0) { syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; @@ -110,21 +116,23 @@ int read_packet(vpn_packet_t *packet) memcpy(packet->data + 6, mymac.net.mac.address.x, 6); switch (ntohl(type)) { - case AF_INET: - packet->data[12] = 0x8; - packet->data[13] = 0x0; - break; - case AF_INET6: - packet->data[12] = 0x86; - packet->data[13] = 0xDD; - break; - default: - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, - _ - ("Unknown address family %d while reading packet from %s %s"), - ntohl(type), device_info, device); - return -1; + case AF_INET: + packet->data[12] = 0x8; + packet->data[13] = 0x0; + break; + + case AF_INET6: + packet->data[12] = 0x86; + packet->data[13] = 0xDD; + break; + + default: + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_ERR, + _ + ("Unknown address family %d while reading packet from %s %s"), + ntohl(type), device_info, device); + return -1; } packet->len = lenin + 10; @@ -137,14 +145,17 @@ int read_packet(vpn_packet_t *packet) } return 0; -cp} +} int write_packet(vpn_packet_t *packet) { u_int32_t type; struct iovec vector[2]; int af; - cp if(debug_lvl >= DEBUG_TRAFFIC) + + cp(); + + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); @@ -177,11 +188,13 @@ int write_packet(vpn_packet_t *packet) } device_total_out += packet->len; -cp} +} void dump_device_stats(void) { - cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + cp(); + + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp} +} diff --git a/src/raw_socket/device.c b/src/raw_socket/device.c index 8dd00a20..b75f824d 100644 --- a/src/raw_socket/device.c +++ b/src/raw_socket/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.3 2002/09/09 22:33:31 guus Exp $ + $Id: device.c,v 1.1.2.4 2002/09/10 21:29:42 guus Exp $ */ #include "config.h" @@ -62,7 +62,10 @@ int setup_device(void) { struct ifreq ifr; struct sockaddr_ll sa; - cp if(!get_config_string + + cp(); + + if(!get_config_string (lookup_config(config_tree, "Interface"), &interface)) interface = "eth0"; @@ -70,7 +73,8 @@ int setup_device(void) device = interface; device_info = _("raw socket"); - cp if((device_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0) { + + if((device_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0) { syslog(LOG_ERR, _("Could not open %s: %s"), device_info, strerror(errno)); return -1; @@ -94,9 +98,9 @@ int setup_device(void) syslog(LOG_ERR, _("Could not bind to %s: %s"), device, strerror(errno)); return -1; } - cp - /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; + + /* Set default MAC address for ethertap devices */ + mymac.type = SUBNET_MAC; mymac.net.mac.address.x[0] = 0xfe; mymac.net.mac.address.x[1] = 0xfd; mymac.net.mac.address.x[2] = 0x00; @@ -105,12 +109,15 @@ int setup_device(void) mymac.net.mac.address.x[5] = 0x00; syslog(LOG_INFO, _("%s is a %s"), device, device_info); - cp return 0; + + return 0; } void close_device(void) { - cp close(device_fd); + cp(); + + close(device_fd); } /* @@ -120,7 +127,10 @@ void close_device(void) int read_packet(vpn_packet_t *packet) { int lenin; - cp if((lenin = read(device_fd, packet->data, MTU)) <= 0) { + + cp(); + + if((lenin = read(device_fd, packet->data, MTU)) <= 0) { syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; @@ -136,11 +146,13 @@ int read_packet(vpn_packet_t *packet) } return 0; -cp} +} int write_packet(vpn_packet_t *packet) { - cp if(debug_lvl >= DEBUG_TRAFFIC) + cp(); + + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); @@ -151,12 +163,15 @@ int write_packet(vpn_packet_t *packet) } device_total_out += packet->len; - cp return 0; + + return 0; } void dump_device_stats(void) { - cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + cp(); + + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp} +} diff --git a/src/solaris/device.c b/src/solaris/device.c index 47bfa600..a9ea6eb9 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.10 2002/09/09 22:33:31 guus Exp $ + $Id: device.c,v 1.1.2.11 2002/09/10 21:29:42 guus Exp $ */ @@ -65,14 +65,17 @@ int setup_device(void) int ppa; char *ptr; - cp if(!get_config_string(lookup_config(config_tree, "Device"), &device)) + cp(); + + if(!get_config_string(lookup_config(config_tree, "Device"), &device)) device = DEFAULT_DEVICE; - cp if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { + if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } - cp ppa = 0; + + ppa = 0; ptr = device; while(*ptr && !isdigit((int) *ptr)) @@ -128,18 +131,24 @@ int setup_device(void) mymac.net.mac.address.x[5] = 0x00; syslog(LOG_INFO, _("%s is a %s"), device, device_info); - cp return 0; + + return 0; } void close_device(void) { - cp close(device_fd); + cp(); + + close(device_fd); } int read_packet(vpn_packet_t *packet) { int lenin; - cp if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { + + cp(); + + if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; @@ -160,11 +169,13 @@ int read_packet(vpn_packet_t *packet) } return 0; -cp} +} int write_packet(vpn_packet_t *packet) { - cp if(debug_lvl >= DEBUG_TRAFFIC) + cp(); + + if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); @@ -175,12 +186,15 @@ int write_packet(vpn_packet_t *packet) } device_total_out += packet->len; - cp return 0; + + return 0; } void dump_device_stats(void) { - cp syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + cp(); + + syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -cp} +} From dd888ca685176128bf41034208f3dbb220f9d832 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 10 Sep 2002 21:46:05 +0000 Subject: [PATCH 699/923] Link with libintl if necessary. --- src/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index d8d8fd93..f7e9462a 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.27 2002/09/04 13:48:51 guus Exp $ +# $Id: Makefile.am,v 1.4.4.28 2002/09/10 21:46:05 guus Exp $ sbin_PROGRAMS = tincd @@ -14,7 +14,7 @@ INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib noinst_HEADERS = conf.h connection.h device.h edge.h event.h graph.h meta.h net.h netutl.h node.h process.h \ protocol.h route.h subnet.h -LIBS = @LIBS@ +LIBS = @LIBS@ @LIBINTL@ tincd_LDADD = \ $(top_builddir)/lib/libvpn.a From eaf1208e9d5c5a15e4b23de936830520bf3b5685 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 10 Sep 2002 22:13:01 +0000 Subject: [PATCH 700/923] Fix placement of #include "config.h" --- lib/utils.c | 4 ++-- src/connection.c | 3 +-- src/edge.c | 3 +-- src/graph.c | 3 +-- src/net.h | 6 +++--- 5 files changed, 8 insertions(+), 11 deletions(-) diff --git a/lib/utils.c b/lib/utils.c index 3b1abc37..79e32080 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -18,12 +18,12 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#include "config.h" + #include #include #include -#include "config.h" - #include #include #include diff --git a/src/connection.c b/src/connection.c index a35d4f0a..b9a3c237 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.34 2002/09/09 22:32:30 guus Exp $ + $Id: connection.c,v 1.1.2.35 2002/09/10 22:12:33 guus Exp $ */ #include "config.h" @@ -32,7 +32,6 @@ #include "net.h" /* Don't ask. */ #include "netutl.h" -#include "config.h" #include "conf.h" #include #include "subnet.h" diff --git a/src/edge.c b/src/edge.c index 9cc9df83..0a47f8c8 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.17 2002/09/09 22:32:30 guus Exp $ + $Id: edge.c,v 1.1.2.18 2002/09/10 22:12:33 guus Exp $ */ #include "config.h" @@ -31,7 +31,6 @@ #include "net.h" /* Don't ask. */ #include "netutl.h" -#include "config.h" #include "conf.h" #include #include "subnet.h" diff --git a/src/graph.c b/src/graph.c index feb9d009..b7c285fa 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.20 2002/09/10 09:40:21 guus Exp $ + $Id: graph.c,v 1.1.2.21 2002/09/10 22:12:33 guus Exp $ */ /* We need to generate two trees from the graph: @@ -48,7 +48,6 @@ #include #include -#include "config.h" #include #ifdef HAVE_SYS_PARAM_H #include diff --git a/src/net.h b/src/net.h index 08b0aea8..490cdcf3 100644 --- a/src/net.h +++ b/src/net.h @@ -17,12 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.53 2002/09/09 21:24:36 guus Exp $ + $Id: net.h,v 1.9.4.54 2002/09/10 22:12:33 guus Exp $ */ #ifndef __TINC_NET_H__ #define __TINC_NET_H__ +#include "config.h" + #include #include #include @@ -32,8 +34,6 @@ #include #endif -#include "config.h" - #ifdef ENABLE_JUMBOGRAMS #define MTU 9014 /* 9000 bytes payload + 14 bytes ethernet header */ #define MAXSIZE 9100 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ From f6905582d0e70ac5b44369780aaa921d9c721197 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 10 Sep 2002 22:13:22 +0000 Subject: [PATCH 701/923] Make sure malloc() is declared. --- lib/fake-getaddrinfo.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/fake-getaddrinfo.c b/lib/fake-getaddrinfo.c index a1d36b12..d831732d 100644 --- a/lib/fake-getaddrinfo.c +++ b/lib/fake-getaddrinfo.c @@ -11,6 +11,7 @@ #include "config.h" +#include #include #include #include From 3e3b4a3190cf950c265a8c62d577812a22b11dcc Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 11 Sep 2002 22:25:58 +0000 Subject: [PATCH 702/923] What was I thinking? --- src/protocol_node.c | 244 -------------------------------------------- 1 file changed, 244 deletions(-) delete mode 100644 src/protocol_node.c diff --git a/src/protocol_node.c b/src/protocol_node.c deleted file mode 100644 index fa04e13f..00000000 --- a/src/protocol_node.c +++ /dev/null @@ -1,244 +0,0 @@ -/* - protocol_node.c -- handle the meta-protocol, nodes - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: protocol_node.c,v 1.1.4.9 2002/09/09 22:33:08 guus Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "conf.h" -#include "net.h" -#include "netutl.h" -#include "protocol.h" -#include "meta.h" -#include "connection.h" -#include "node.h" - -#include "system.h" - -int send_add_node(connection_t *c, node_t *n) -{ - int x; - char *address, *port; - cp(); - if(!n->status.reachable) - return 0; - - sockaddr2str(&n->address, &address, &port); - x = send_request(c, "%d %s %s %s %lx %d %s %s", ADD_NODE, n->name, address, port, n->options, n->distance + 1, // Alternatively, use n->distance + c->estimated_weight - n->prevhop->name, n->via->name); - free(address); - free(port); - cp(); - return x; -} - -int add_node_h(connection_t *c) -{ - connection_t *other; - node_t *n, *prevhop, *via; - char name[MAX_STRING_SIZE]; - char address[MAX_STRING_SIZE]; - char port[MAX_STRING_SIZE]; - char prevhopname[MAX_STRING_SIZE]; - char vianame[MAX_STRING_SIZE]; - long int options; - int distance; - avl_node_t *node; - cp(); - if(sscanf - (c->buffer, - "%*d " MAX_STRING " " MAX_STRING " " MAX_STRING " %lx %d " MAX_STRING - " " MAX_STRING, name, address, port, &options, &distance, prevhopname, - vianame) != 7) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_NODE", c->name, - c->hostname); - return -1; - } - - /* Check if names are valid */ - - if(check_id(name)) { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_NODE", c->name, - c->hostname, _("invalid name")); - return -1; - } - - /* This node is indirect if it's nexthop is as well */ - - if(c->node->options & OPTION_INDIRECT) - options |= OPTION_INDIRECT; - - /* Lookup nodes */ - - prevhop = lookup_node(prevhopname); - - if(!prevhop) { - prevhop = new_node(); - prevhop->name = xstrdup(prevhopname); - node_add(prevhop); - } - - via = lookup_node(vianame); - - if(!via) { - via = new_node(); - via->name = xstrdup(vianame); - node_add(via); - } - - n = lookup_node(name); - - if(!n) { - // It's a new node. Add it and tell the others. - n = new_node(); - n->name = xstrdup(name); - n->address = str2sockaddr(address, port); - n->hostname = sockaddr2hostname(&n->address); - n->options = options; - n->distance = distance; - n->nexthop = c->node; - n->prevhop = prevhop; - n->via = via; - node_add(n); - if(prevhop == myself) { - syslog(LOG_WARNING, - _ - ("Got ADD_NODE %s prevhop %s via %s from %s, sending back a DEL_NODE!"), - name, prevhopname, vianame, c->name); - // send_del_node(c, n); - return 0; - } - n->status.reachable = 1; - } else { - // If this ADD_NODE is closer or more direct, use it instead of the old one. - if(!n->status.reachable - || ((n->options & OPTION_INDIRECT) && !(options & OPTION_INDIRECT)) - || n->distance > distance) { - if(prevhop == myself) { - syslog(LOG_WARNING, - _("Got ADD_NODE %s prevhop %s via %s from %s!"), name, - prevhopname, vianame, c->name); - // send_del_node(c, n); - return 0; - } - node = avl_unlink(node_udp_tree, n); - n->address = str2sockaddr(address, port); - avl_insert_node(node_udp_tree, node); - if(n->hostname) - free(n->hostname); - n->hostname = sockaddr2hostname(&n->address); - n->options = options; - n->distance = distance; - n->via = n->nexthop = c->node; - n->status.reachable = 1; - n->status.validkey = 0; - n->status.waitingforkey = 0; - } else - // Otherwise, just ignore it. - return 0; - } - - /* Tell the rest about the new node */ - - for(node = connection_tree->head; node; node = node->next) { - other = (connection_t *) node->data; - if(other->status.active && other != c) - send_add_node(other, n); - } - - cp(); - return 0; -} - -int send_del_node(connection_t *c, node_t *n) -{ - cp(); - return send_request(c, "%d %s %s", DEL_NODE, n->name, n->prevhop->name); -} - -int del_node_h(connection_t *c) -{ - char name[MAX_STRING_SIZE]; - char prevhopname[MAX_STRING_SIZE]; - node_t *n, *prevhop; - connection_t *other; - avl_node_t *node; - cp(); - if(sscanf(c->buffer, "%*d " MAX_STRING " " MAX_STRING, name, prevhopname) != - 2) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_NODE", c->name, - c->hostname); - return -1; - } - - /* Check if names are valid */ - - if(check_id(name)) { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_NODE", c->name, - c->hostname, _("invalid name")); - return -1; - } - - /* Lookup nodes */ - - n = lookup_node(name); - prevhop = lookup_node(prevhopname); - - if(!n || !prevhop) { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, - _ - ("Got %s from %s (%s) which does not appear in the node tree"), - "DEL_NODE", c->name, c->hostname); - return 0; - } - - /* If we got a DEL_NODE but we know of a different route to it, tell the one who send the DEL_NODE */ - - if(n->nexthop != c->node) { - return send_add_node(c, n); - } - - /* Otherwise, tell the rest about the deleted node */ - - for(node = connection_tree->head; node; node = node->next) { - other = (connection_t *) node->data; - if(other->status.active && other != c) - send_del_node(other, n); - } - - /* "Delete" the node */ - - n->status.reachable = 0; - n->status.validkey = 0; - cp(); - return 0; -} From 38c80bdd46fab68c686a293e2820041291972f3a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 15 Sep 2002 12:26:04 +0000 Subject: [PATCH 703/923] MacOS/X needs #define _P1003_1B_VISIBLE in order to use mlockall(). --- src/tincd.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/tincd.c b/src/tincd.c index 6bd92ecb..8ebbe42a 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.63 2002/09/09 21:25:16 guus Exp $ + $Id: tincd.c,v 1.10.4.64 2002/09/15 12:26:04 guus Exp $ */ #include "config.h" @@ -33,6 +33,12 @@ #include #include #include + +/* Darwin (MacOS/X) needs the following definition... */ +#ifndef _P1003_1B_VISIBLE +#define _P1003_1B_VISIBLE +#endif + #include #ifdef HAVE_SYS_IOCTL_H From 8d472a415e9c5fdb878386005d29cdfd97b8a404 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 15 Sep 2002 12:26:24 +0000 Subject: [PATCH 704/923] port_t isn't used anymore and conflicts with MacOS/X headers. --- src/conf.c | 20 +------------------- src/conf.h | 3 +-- src/net.h | 4 +--- 3 files changed, 3 insertions(+), 24 deletions(-) diff --git a/src/conf.c b/src/conf.c index 71f1c783..de39cf97 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.60 2002/09/09 22:32:30 guus Exp $ + $Id: conf.c,v 1.9.4.61 2002/09/15 12:26:24 guus Exp $ */ #include "config.h" @@ -228,24 +228,6 @@ int get_config_address(config_t *cfg, struct addrinfo **result) return 0; } -int get_config_port(config_t *cfg, port_t *result) -{ - cp(); - - if(!cfg) - return 0; - - if(sscanf(cfg->value, "%hu", result) == 1) { - *result = htons(*result); - return 1; - } - - syslog(LOG_ERR, _("Port number expected for configuration variable %s in %s line %d"), - cfg->variable, cfg->file, cfg->line); - - return 0; -} - int get_config_subnet(config_t *cfg, subnet_t ** result) { subnet_t *subnet; diff --git a/src/conf.h b/src/conf.h index e9fb2ae1..77ec5c97 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.34 2002/09/09 21:24:31 guus Exp $ + $Id: conf.h,v 1.6.4.35 2002/09/15 12:26:24 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -56,7 +56,6 @@ extern config_t *lookup_config(avl_tree_t *, char *); extern config_t *lookup_config_next(avl_tree_t *, config_t *); extern int get_config_bool(config_t *, int *); extern int get_config_int(config_t *, int *); -extern int get_config_port(config_t *, port_t *); extern int get_config_string(config_t *, char **); extern int get_config_address(config_t *, struct addrinfo **); struct subnet_t; /* Needed for next line. */ diff --git a/src/net.h b/src/net.h index 490cdcf3..93c8be19 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.54 2002/09/10 22:12:33 guus Exp $ + $Id: net.h,v 1.9.4.55 2002/09/15 12:26:24 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -65,8 +65,6 @@ typedef struct ipv6_t { uint16_t x[8]; } ipv6_t; -typedef unsigned short port_t; - typedef short length_t; typedef union { From 5eca9520d93bced1275d45e5e2a933d69354cd6d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 15 Sep 2002 14:55:54 +0000 Subject: [PATCH 705/923] Small fixes so tinc compiles out of the box on SunOS 5.8 --- configure.in | 16 +++++++++++----- lib/fake-getnameinfo.c | 4 +++- src/net.c | 22 +++++++++++----------- src/net_packet.c | 20 ++++++++++---------- src/net_setup.c | 20 ++++++++++---------- src/net_socket.c | 20 ++++++++++---------- src/process.c | 10 +++------- src/protocol_edge.c | 14 ++++---------- src/subnet.c | 6 ++---- src/tincd.c | 13 ++++--------- 10 files changed, 68 insertions(+), 77 deletions(-) diff --git a/configure.in b/configure.in index 249cd14e..77db35a4 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.58 2002/09/09 19:39:53 guus Exp $ +dnl $Id: configure.in,v 1.13.2.59 2002/09/15 14:55:53 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -86,8 +86,13 @@ dnl Checks for libraries. dnl Checks for header files. AC_HEADER_STDC AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \ -net/ethernet.h net/if.h netinet/in_systm.h netinet/ip.h netinet/tcp.h \ -sys/file.h sys/ioctl.h sys/param.h sys/time.h]) + sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h]) +AC_CHECK_HEADERS([net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h], [], [], + [#include + #include + #ifdef HAVE_NETINET_IN_SYSTM_H + #include + #endif]) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST @@ -128,8 +133,7 @@ AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime get_current_dir_name \ -putenv select strdup strerror strsignal strtol unsetenv \ -freeaddrinfo gai_strerror getaddrinfo getnameinfo mlockall]) +putenv select strdup strerror strsignal strtol unsetenv mlockall]) jm_FUNC_MALLOC jm_FUNC_REALLOC @@ -142,6 +146,8 @@ AC_CHECK_FUNC(gethostbyname, [], [ AC_CHECK_LIB(nsl, gethostbyname) ]) +AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo]) + AC_CACHE_SAVE dnl These are defined in files in m4/ diff --git a/lib/fake-getnameinfo.c b/lib/fake-getnameinfo.c index 894c6952..05416487 100644 --- a/lib/fake-getnameinfo.c +++ b/lib/fake-getnameinfo.c @@ -11,9 +11,11 @@ #include "config.h" +#include #include -#include #include +#include +#include #include #include diff --git a/src/net.c b/src/net.c index c56fe98d..f81c4ba8 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.181 2002/09/09 22:32:39 guus Exp $ + $Id: net.c,v 1.35.4.182 2002/09/15 14:55:53 guus Exp $ */ #include "config.h" @@ -25,16 +25,6 @@ #include #include #include -#include -#ifdef HAVE_NETINET_IN_SYSTM_H -#include -#endif -#ifdef HAVE_NETINET_IP_H -#include -#endif -#ifdef HAVE_NETINET_TCP_H -#include -#endif #include #include #include @@ -49,6 +39,16 @@ #include #include #include +#ifdef HAVE_NETINET_IN_SYSTM_H +#include +#endif +#include +#ifdef HAVE_NETINET_IP_H +#include +#endif +#ifdef HAVE_NETINET_TCP_H +#include +#endif #include diff --git a/src/net_packet.c b/src/net_packet.c index eaa2cf18..7c51ad63 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.23 2002/09/09 22:32:44 guus Exp $ + $Id: net_packet.c,v 1.1.2.24 2002/09/15 14:55:53 guus Exp $ */ #include "config.h" @@ -26,15 +26,6 @@ #include #include #include -#ifdef HAVE_NETINET_IN_SYSTM_H -#include -#endif -#ifdef HAVE_NETINET_IP_H -#include -#endif -#ifdef HAVE_NETINET_TCP_H -#include -#endif #include #include #include @@ -49,6 +40,15 @@ #include #include #include +#ifdef HAVE_NETINET_IN_SYSTM_H +#include +#endif +#ifdef HAVE_NETINET_IP_H +#include +#endif +#ifdef HAVE_NETINET_TCP_H +#include +#endif #include #include diff --git a/src/net_setup.c b/src/net_setup.c index 5243b1e9..ec47f60d 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.26 2002/09/09 22:32:44 guus Exp $ + $Id: net_setup.c,v 1.1.2.27 2002/09/15 14:55:53 guus Exp $ */ #include "config.h" @@ -26,15 +26,6 @@ #include #include #include -#ifdef HAVE_NETINET_IN_SYSTM_H -#include -#endif -#ifdef HAVE_NETINET_IP_H -#include -#endif -#ifdef HAVE_NETINET_TCP_H -#include -#endif #include #include #include @@ -49,6 +40,15 @@ #include #include #include +#ifdef HAVE_NETINET_IN_SYSTM_H +#include +#endif +#ifdef HAVE_NETINET_IP_H +#include +#endif +#ifdef HAVE_NETINET_TCP_H +#include +#endif #include #include diff --git a/src/net_socket.c b/src/net_socket.c index eedef7b2..05485f8d 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.21 2002/09/09 22:32:44 guus Exp $ + $Id: net_socket.c,v 1.1.2.22 2002/09/15 14:55:53 guus Exp $ */ #include "config.h" @@ -26,15 +26,6 @@ #include #include #include -#ifdef HAVE_NETINET_IN_SYSTM_H -#include -#endif -#ifdef HAVE_NETINET_IP_H -#include -#endif -#ifdef HAVE_NETINET_TCP_H -#include -#endif #include #include #include @@ -49,6 +40,15 @@ #include #include #include +#ifdef HAVE_NETINET_IN_SYSTM_H +#include +#endif +#ifdef HAVE_NETINET_IP_H +#include +#endif +#ifdef HAVE_NETINET_TCP_H +#include +#endif #include #include diff --git a/src/process.c b/src/process.c index a70d8d28..edcd5a00 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.48 2002/09/10 09:40:25 guus Exp $ + $Id: process.c,v 1.1.2.49 2002/09/15 14:55:53 guus Exp $ */ #include "config.h" @@ -370,9 +370,7 @@ RETSIGTYPE sigint_handler(int a) debug_lvl = saved_debug_lvl; saved_debug_lvl = 0; } else { - syslog(LOG_NOTICE, - _ - ("Temporarily setting debug level to 5. Kill me with SIGINT again to go back to level %d."), + syslog(LOG_NOTICE, _("Temporarily setting debug level to 5. Kill me with SIGINT again to go back to level %d."), debug_lvl); saved_debug_lvl = debug_lvl; debug_lvl = 5; @@ -469,9 +467,7 @@ void setup_signals(void) for(i = 0; sighandlers[i].signal; i++) { act.sa_handler = sighandlers[i].handler; if(sigaction(sighandlers[i].signal, &act, NULL) < 0) - fprintf(stderr, - _ - ("Installing signal handler for signal %d (%s) failed: %s\n"), + fprintf(stderr, _("Installing signal handler for signal %d (%s) failed: %s\n"), sighandlers[i].signal, strsignal(sighandlers[i].signal), strerror(errno)); } diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 6129f71b..0ac9e7c8 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.13 2002/09/09 22:33:02 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.14 2002/09/15 14:55:53 guus Exp $ */ #include "config.h" @@ -220,9 +220,7 @@ int del_edge_h(connection_t *c) if(!from) { if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_ERR, - _ - ("Got %s from %s (%s) which does not appear in the edge tree"), + syslog(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); return 0; } @@ -231,9 +229,7 @@ int del_edge_h(connection_t *c) if(!to) { if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_ERR, - _ - ("Got %s from %s (%s) which does not appear in the edge tree"), + syslog(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); return 0; } @@ -244,9 +240,7 @@ int del_edge_h(connection_t *c) if(!e) { if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, - _ - ("Got %s from %s (%s) which does not appear in the edge tree"), + syslog(LOG_WARNING, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); return 0; } diff --git a/src/subnet.c b/src/subnet.c index fa00cd88..4e528e1a 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.42 2002/09/09 22:33:21 guus Exp $ + $Id: subnet.c,v 1.1.2.43 2002/09/15 14:55:54 guus Exp $ */ #include "config.h" @@ -111,9 +111,7 @@ int subnet_compare(subnet_t *a, subnet_t *b) case SUBNET_IPV6: return subnet_compare_ipv6(a, b); default: - syslog(LOG_ERR, - _ - ("subnet_compare() was called with unknown subnet type %d, exitting!"), + syslog(LOG_ERR, _("subnet_compare() was called with unknown subnet type %d, exitting!"), a->type); cp_trace(); exit(0); diff --git a/src/tincd.c b/src/tincd.c index 8ebbe42a..2aa16dd4 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.64 2002/09/15 12:26:04 guus Exp $ + $Id: tincd.c,v 1.10.4.65 2002/09/15 14:55:54 guus Exp $ */ #include "config.h" @@ -110,8 +110,7 @@ static void usage(int status) program_name); else { printf(_("Usage: %s [option]...\n\n"), program_name); - printf(_ - (" -c, --config=DIR Read configuration options from DIR.\n" + printf(_(" -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" " -d, --debug[=LEVEL] Increase debug level or set it to LEVEL.\n" " -k, --kill[=SIGNAL] Attempt to kill a running tincd and exit.\n" @@ -178,9 +177,7 @@ void parse_options(int argc, char **argv, char **envp) kill_tincd = atoi(optarg); if(!kill_tincd) { - fprintf(stderr, - _ - ("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), + fprintf(stderr, _("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), optarg); usage(1); } @@ -199,9 +196,7 @@ void parse_options(int argc, char **argv, char **envp) generate_keys = atoi(optarg); if(generate_keys < 512) { - fprintf(stderr, - _ - ("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"), + fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"), optarg); usage(1); } From 7d76ceaebd5180f4ef37086980c799199eb7de16 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 15 Sep 2002 17:40:00 +0000 Subject: [PATCH 706/923] Updated dutch translation. --- po/nl.po | 532 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 269 insertions(+), 263 deletions(-) diff --git a/po/nl.po b/po/nl.po index e94fbb68..c7dc27b7 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,43 +5,38 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-09-04 18:47+0200\n" -"PO-Revision-Date: 2002-09-04 18:33+0200\n" +"POT-Creation-Date: 2002-09-15 15:51+0200\n" +"PO-Revision-Date: 2002-09-15 15:51+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=iso-8859-1\n" "Content-Transfer-Encoding: 8bit\n" -#: src/conf.c:173 +#: src/conf.c:175 #, c-format msgid "\"yes\" or \"no\" expected for configuration variable %s in %s line %d" msgstr "" "\"ja\" of \"nee\" verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:188 +#: src/conf.c:191 #, c-format msgid "Integer expected for configuration variable %s in %s line %d" msgstr "Geheel getal verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:218 +#: src/conf.c:225 #, c-format msgid "" "Hostname or IP address expected for configuration variable %s in %s line %d" msgstr "" "Hostnaam of IP adres verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:235 -#, c-format -msgid "Port number expected for configuration variable %s in %s line %d" -msgstr "Poortnummer verwacht voor configuratievariabele %s in %s regel %d" - -#: src/conf.c:251 +#: src/conf.c:243 #, c-format msgid "Subnet expected for configuration variable %s in %s line %d" msgstr "Subnet verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:261 +#: src/conf.c:254 #, c-format msgid "" "Network address and prefix length do not match for configuration variable %s " @@ -50,69 +45,69 @@ msgstr "" "Netwerk adres en prefix lengte komen niet overeen bij configuratievariabele %" "s in %s regel %d" -#: src/conf.c:369 +#: src/conf.c:353 #, c-format msgid "Cannot open config file %s: %s" msgstr "Kan configuratie bestand %s niet openen: %s" -#: src/conf.c:405 +#: src/conf.c:391 #, c-format msgid "No value for variable `%s' on line %d while reading config file %s" msgstr "" "Geen waarde voor variabele `%s' op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/conf.c:438 +#: src/conf.c:426 #, c-format msgid "Failed to read `%s': %s" msgstr "Lezen van `%s' mislukte: %s" -#: src/conf.c:465 +#: src/conf.c:453 #, c-format msgid "`%s' is not an absolute path" msgstr "`%s' is geen absoluut pad" -#: src/conf.c:481 src/conf.c:513 +#: src/conf.c:469 src/conf.c:497 #, c-format msgid "Couldn't stat `%s': %s" msgstr "Kon `%s' niet statten: %s" -#: src/conf.c:487 src/conf.c:522 +#: src/conf.c:474 src/conf.c:505 #, c-format msgid "`%s' is owned by UID %d instead of %d" msgstr "`%s' is eigendom van UID %d in plaats van %d" -#: src/conf.c:494 src/conf.c:529 +#: src/conf.c:480 src/conf.c:511 #, c-format msgid "Warning: `%s' is a symlink" msgstr "Waarschuwing: `%s' is een symbolische link" -#: src/conf.c:499 src/conf.c:534 +#: src/conf.c:483 src/conf.c:514 #, c-format msgid "Unable to read symbolic link `%s': %s" msgstr "Kan symbolische link `%s' niet lezen: %s" -#: src/conf.c:545 +#: src/conf.c:525 #, c-format msgid "`%s' has unsecure permissions" msgstr "`%s' heeft onveilige permissies" -#: src/conf.c:570 +#: src/conf.c:547 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "Geef een bestand om de %s naar de schrijven [%s]: " -#: src/conf.c:576 +#: src/conf.c:554 #, c-format msgid "Error while reading stdin: %s\n" msgstr "Fout tijdens lezen van standaardinvoer: %s\n" -#: src/conf.c:602 +#: src/conf.c:582 #, c-format msgid "Error opening file `%s': %s\n" msgstr "Fout bij het openen van het bestand `%s': %s\n" -#: src/conf.c:612 +#: src/conf.c:590 #, c-format msgid "" "The file `%s' (or any of the leading directories) has unsafe permissions.\n" @@ -122,63 +117,63 @@ msgstr "" "bescherming.\n" "Ik maak of overschrijf dit bestand niet.\n" -#: src/connection.c:57 +#: src/connection.c:56 msgid "everyone" msgstr "iedereen" -#: src/connection.c:58 +#: src/connection.c:57 msgid "BROADCAST" msgstr "BROADCAST" -#: src/connection.c:121 +#: src/connection.c:127 msgid "Connections:" msgstr "Verbindingen:" -#: src/connection.c:126 +#: src/connection.c:131 #, c-format msgid " %s at %s options %lx socket %d status %04x" msgstr " %s op %s opties %lx socket %d status %04x" -#: src/connection.c:130 +#: src/connection.c:135 msgid "End of connections." msgstr "Einde van verbindingen." -#: src/meta.c:49 +#: src/meta.c:51 #, c-format msgid "Sending %d bytes of metadata to %s (%s)" msgstr "Verzenden van %d bytes metadata naar %s (%s)" -#: src/meta.c:63 +#: src/meta.c:62 #, c-format msgid "Sending meta data to %s (%s) failed: %s" msgstr "Fout tijdens verzenden metadata naar %s (%s): %s" -#: src/meta.c:94 +#: src/meta.c:97 #, c-format msgid "This is a bug: %s:%d: %d:%s %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%s %s (%s)" -#: src/meta.c:100 +#: src/meta.c:103 #, c-format msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s): %s" -#: src/meta.c:121 +#: src/meta.c:122 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:128 +#: src/meta.c:127 #, c-format msgid "Metadata socket read error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" -#: src/meta.c:203 +#: src/meta.c:190 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:96 +#: src/net.c:98 msgid "Purging unreachable nodes" msgstr "Verwijderen onbereikbare nodes" @@ -187,344 +182,351 @@ msgstr "Verwijderen onbereikbare nodes" msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:181 +#: src/net.c:177 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:239 +#: src/net.c:231 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:252 +#: src/net.c:240 +#, c-format +msgid "Old connection_t for %s (%s) status %04x still lingering, deleting..." +msgstr "" +"Oude connection_t voor %s (%s) status %04x nog steeds aanwezig, wordt " +"verwijderd..." + +#: src/net.c:246 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:297 src/net_socket.c:264 +#: src/net.c:289 src/net_socket.c:279 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:349 +#: src/net.c:341 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:383 +#: src/net.c:373 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:400 +#: src/net.c:388 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:417 +#: src/net.c:403 msgid "Rereading configuration file and restarting in 5 seconds..." msgstr "Herlezen configuratiebestand en herstarten na 5 seconden..." -#: src/net.c:424 +#: src/net.c:410 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." -#: src/net_packet.c:108 +#: src/net_packet.c:110 #, c-format msgid "Got unauthenticated packet from %s (%s)" msgstr "Kreeg niet-geauthenticeerd pakket van %s (%s)" -#: src/net_packet.c:135 +#: src/net_packet.c:139 #, c-format msgid "Got late or replayed packet from %s (%s), seqno %d" msgstr "Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d" -#: src/net_packet.c:152 +#: src/net_packet.c:155 #, c-format msgid "Error while uncompressing packet from %s (%s)" msgstr "Fout tijdens decomprimeren pakket van %s (%s)" -#: src/net_packet.c:179 +#: src/net_packet.c:184 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net_packet.c:205 +#: src/net_packet.c:212 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net_packet.c:238 +#: src/net_packet.c:244 #, c-format msgid "Error while compressing packet to %s (%s)" msgstr "Fout tijdens comprimeren pakket naar %s (%s)" -#: src/net_packet.c:289 +#: src/net_packet.c:296 #, c-format msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" -#: src/net_packet.c:291 src/net_setup.c:483 src/net_socket.c:107 -#: src/net_socket.c:153 src/net_socket.c:180 src/tincd.c:360 src/process.c:251 -#: src/process.c:288 +#: src/net_packet.c:299 src/net_setup.c:476 src/net_socket.c:110 +#: src/net_socket.c:157 src/net_socket.c:187 src/tincd.c:375 src/process.c:265 +#: src/process.c:295 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" -#: src/net_packet.c:297 +#: src/net_packet.c:305 #, c-format msgid "Error sending packet to %s (%s): %s" msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net_packet.c:314 +#: src/net_packet.c:323 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net_packet.c:321 +#: src/net_packet.c:328 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net_packet.c:330 +#: src/net_packet.c:335 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net_packet.c:338 +#: src/net_packet.c:344 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net_packet.c:358 +#: src/net_packet.c:364 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net_packet.c:375 +#: src/net_packet.c:382 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:397 +#: src/net_packet.c:403 #, c-format msgid "This is a bug: %s:%d: %d:%s" msgstr "Dit is een programmeerfout: %s:%d: %d:%s" -#: src/net_packet.c:404 +#: src/net_packet.c:410 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net_packet.c:410 +#: src/net_packet.c:417 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:421 +#: src/net_packet.c:427 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" -#: src/net_setup.c:107 src/net_setup.c:121 +#: src/net_setup.c:108 src/net_setup.c:125 #, c-format msgid "Error reading RSA public key file `%s': %s" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %s" -#: src/net_setup.c:132 +#: src/net_setup.c:138 #, c-format msgid "Reading RSA public key file `%s' failed: %s" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %s" -#: src/net_setup.c:171 +#: src/net_setup.c:177 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net_setup.c:196 +#: src/net_setup.c:204 #, c-format msgid "Error reading RSA private key file `%s': %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:206 +#: src/net_setup.c:216 #, c-format msgid "Reading RSA private key file `%s' failed: %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:233 src/net_setup.c:234 +#: src/net_setup.c:246 src/net_setup.c:247 msgid "MYSELF" msgstr "MIJZELF" -#: src/net_setup.c:241 +#: src/net_setup.c:253 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net_setup.c:247 +#: src/net_setup.c:258 msgid "Invalid name for myself!" msgstr "Ongeldige naam voor mijzelf!" -#: src/net_setup.c:261 +#: src/net_setup.c:270 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net_setup.c:318 +#: src/net_setup.c:326 msgid "Invalid routing mode!" msgstr "Ongeldige routing modus!" -#: src/net_setup.c:329 +#: src/net_setup.c:337 msgid "PriorityInheritance not supported on this platform" msgstr "PriorityInheritance wordt niet ondersteund op dit platform" -#: src/net_setup.c:339 +#: src/net_setup.c:347 msgid "Bogus maximum timeout!" msgstr "Onzinnige maximum timeout!" -#: src/net_setup.c:356 +#: src/net_setup.c:361 msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:378 +#: src/net_setup.c:380 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:413 +#: src/net_setup.c:412 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:429 +#: src/net_setup.c:426 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:434 +#: src/net_setup.c:429 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:450 +#: src/net_setup.c:444 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:500 +#: src/net_setup.c:498 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:511 +#: src/net_setup.c:509 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:514 +#: src/net_setup.c:511 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" -#: src/net_socket.c:99 +#: src/net_socket.c:102 #, c-format msgid "Creating metasocket failed: %s" msgstr "Aanmaak van metasocket mislukt: %s" -#: src/net_socket.c:133 src/net_socket.c:195 +#: src/net_socket.c:137 src/net_socket.c:203 #, c-format msgid "Can't bind to interface %s: %s" msgstr "Kan niet aan interface %s binden: %s" -#: src/net_socket.c:137 +#: src/net_socket.c:142 msgid "BindToDevice not supported on this platform" msgstr "BindToDevice wordt niet ondersteund op dit platform" -#: src/net_socket.c:145 +#: src/net_socket.c:149 #, c-format msgid "Can't bind to %s/tcp: %s" msgstr "Kan niet aan %s/tcp binden: %s" -#: src/net_socket.c:172 +#: src/net_socket.c:180 #, c-format msgid "Creating UDP socket failed: %s" msgstr "Aanmaak UDP socket mislukte: %s" -#: src/net_socket.c:205 +#: src/net_socket.c:213 #, c-format msgid "Can't bind to %s/udp: %s" msgstr "Kan niet aan %s/udp binden: %s" -#: src/net_socket.c:228 +#: src/net_socket.c:241 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net_socket.c:237 src/net_socket.c:333 +#: src/net_socket.c:252 src/net_socket.c:350 #, c-format msgid "Trying to connect to %s (%s)" msgstr "Poging tot verbinden met %s (%s)" -#: src/net_socket.c:243 src/net_socket.c:340 +#: src/net_socket.c:258 src/net_socket.c:357 #, c-format msgid "Creating socket for %s failed: %s" msgstr "Aanmaken socket voor %s mislukt: %s" -#: src/net_socket.c:269 src/net_socket.c:279 +#: src/net_socket.c:285 src/net_socket.c:296 #, c-format msgid "Connected to %s (%s)" msgstr "Verbonden met %s (%s)" -#: src/net_socket.c:298 +#: src/net_socket.c:314 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net_socket.c:363 +#: src/net_socket.c:380 #, c-format msgid "fcntl for %s: %s" msgstr "fcntl voor %s: %s" -#: src/net_socket.c:381 +#: src/net_socket.c:396 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/net_socket.c:402 +#: src/net_socket.c:418 #, c-format msgid "Already connected to %s" msgstr "Reeds verbonden met %s" -#: src/net_socket.c:421 +#: src/net_socket.c:437 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net_socket.c:448 +#: src/net_socket.c:467 #, c-format msgid "Accepting a new connection failed: %s" msgstr "Aanname van nieuwe verbinding is mislukt: %s" -#: src/net_socket.c:466 +#: src/net_socket.c:486 #, c-format msgid "Connection from %s" msgstr "Verbinding van %s" -#: src/net_socket.c:488 +#: src/net_socket.c:510 #, c-format msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" -#: src/netutl.c:68 src/netutl.c:91 +#: src/netutl.c:71 src/netutl.c:97 #, c-format msgid "Error looking up %s port %s: %s\n" msgstr "Fout bij het opzoeken van %s poort %s: %s\n" -#: src/netutl.c:112 +#: src/netutl.c:122 #, c-format msgid "Error while translating addresses: %s" msgstr "Fout tijdens vertalen adressen: %s" -#: src/netutl.c:135 +#: src/netutl.c:150 #, c-format msgid "Error while looking up hostname: %s" msgstr "Fout bij het opzoeken van hostnaam: %s" -#: src/netutl.c:138 +#: src/netutl.c:154 #, c-format msgid "%s port %s" msgstr "%s poort %s" -#: src/netutl.c:167 +#: src/netutl.c:191 #, c-format msgid "sockaddrcmp() was called with unknown address family %d, exitting!" msgstr "" @@ -540,88 +542,88 @@ msgstr "Uitvoer buffer overvol tijdens zenden verzoek naar %s (%s)" msgid "Sending %s to %s (%s): %s" msgstr "Verzending %s naar %s (%s): %s" -#: src/protocol.c:87 +#: src/protocol.c:88 #, c-format msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:106 +#: src/protocol.c:110 #, c-format msgid "Forwarding %s from %s (%s): %s" msgstr "Doorsturen %s van %s (%s): %s" -#: src/protocol.c:108 +#: src/protocol.c:114 #, c-format msgid "Forwarding %s from %s (%s)" msgstr "Doorsturen %s van %s (%s)" -#: src/protocol.c:125 +#: src/protocol.c:132 #, c-format msgid "Unknown request from %s (%s): %s" msgstr "Onbekend verzoek van %s (%s): %s" -#: src/protocol.c:128 +#: src/protocol.c:135 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:138 +#: src/protocol.c:142 #, c-format msgid "Got %s from %s (%s): %s" msgstr "Kreeg %s van %s (%s): %s" -#: src/protocol.c:141 +#: src/protocol.c:146 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:148 +#: src/protocol.c:152 #, c-format msgid "Unauthorized request from %s (%s)" msgstr "Niet toegestaan verzoek van %s (%s)" -#: src/protocol.c:155 +#: src/protocol.c:160 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:162 +#: src/protocol.c:165 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:208 +#: src/protocol.c:212 msgid "Already seen request" msgstr "Verzoek reeds gezien" -#: src/protocol.c:239 +#: src/protocol.c:242 #, c-format msgid "Aging past requests: deleted %d, left %d\n" msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven\n" -#: src/protocol_auth.c:69 src/protocol_auth.c:224 src/protocol_auth.c:357 -#: src/protocol_auth.c:417 src/protocol_auth.c:516 src/protocol_edge.c:78 -#: src/protocol_edge.c:195 src/protocol_key.c:68 src/protocol_key.c:110 -#: src/protocol_key.c:178 src/protocol_misc.c:61 src/protocol_misc.c:91 -#: src/protocol_misc.c:177 src/protocol_subnet.c:67 src/protocol_subnet.c:152 +#: src/protocol_auth.c:72 src/protocol_auth.c:230 src/protocol_auth.c:362 +#: src/protocol_auth.c:426 src/protocol_auth.c:531 src/protocol_edge.c:82 +#: src/protocol_edge.c:195 src/protocol_key.c:70 src/protocol_key.c:112 +#: src/protocol_key.c:175 src/protocol_misc.c:63 src/protocol_misc.c:94 +#: src/protocol_misc.c:188 src/protocol_subnet.c:71 src/protocol_subnet.c:162 #, c-format msgid "Got bad %s from %s (%s)" msgstr "Kreeg verkeerde %s van %s (%s)" -#: src/protocol_auth.c:77 src/protocol_edge.c:86 src/protocol_edge.c:92 -#: src/protocol_edge.c:204 src/protocol_edge.c:210 src/protocol_subnet.c:75 -#: src/protocol_subnet.c:83 src/protocol_subnet.c:160 -#: src/protocol_subnet.c:178 +#: src/protocol_auth.c:80 src/protocol_edge.c:90 src/protocol_edge.c:96 +#: src/protocol_edge.c:203 src/protocol_edge.c:209 src/protocol_subnet.c:79 +#: src/protocol_subnet.c:89 src/protocol_subnet.c:170 +#: src/protocol_subnet.c:191 #, c-format msgid "Got bad %s from %s (%s): %s" msgstr "Kreeg verkeerde %s van %s (%s): %s" -#: src/protocol_auth.c:87 +#: src/protocol_auth.c:89 #, c-format msgid "Peer %s is %s instead of %s" msgstr "Ander %s is %s in plaats van %s" -#: src/protocol_auth.c:98 +#: src/protocol_auth.c:99 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt incompatibele versie %d" @@ -631,67 +633,67 @@ msgstr "Ander %s (%s) gebruikt incompatibele versie %d" msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft onbekende identiteit (%s)" -#: src/protocol_auth.c:175 +#: src/protocol_auth.c:176 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "Willekeurige meta sleutel aangemaakt (niet versleuteld): %s" -#: src/protocol_auth.c:187 src/protocol_auth.c:254 +#: src/protocol_auth.c:188 src/protocol_auth.c:260 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleutelen van meta key voor %s (%s)" -#: src/protocol_auth.c:234 src/protocol_auth.c:367 src/protocol_auth.c:425 -#: src/protocol_auth.c:443 +#: src/protocol_auth.c:240 src/protocol_auth.c:372 src/protocol_auth.c:434 +#: src/protocol_auth.c:452 #, c-format msgid "Possible intruder %s (%s): %s" msgstr "Mogelijke indringer %s (%s): %s" -#: src/protocol_auth.c:262 +#: src/protocol_auth.c:268 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Ontving willekeurige meta key (niet versleuteld): %s" -#: src/protocol_auth.c:274 +#: src/protocol_auth.c:280 #, c-format msgid "%s (%s) uses unknown cipher!" msgstr "%s (%s) gebruikt onbekende cipher!" -#: src/protocol_auth.c:296 src/protocol_key.c:250 +#: src/protocol_auth.c:301 src/protocol_key.c:242 #, c-format msgid "Node %s (%s) uses unknown digest!" msgstr "Node %s (%s) gebruikt onbekende digest!" -#: src/protocol_auth.c:302 +#: src/protocol_auth.c:307 #, c-format msgid "%s (%s) uses bogus MAC length!" msgstr "%s (%s) gebruikt onzinnige MAC lengte!" -#: src/protocol_auth.c:425 +#: src/protocol_auth.c:435 msgid "wrong challenge reply length" msgstr "verkeerde lengte antwoord op uitdaging" -#: src/protocol_auth.c:443 +#: src/protocol_auth.c:453 msgid "wrong challenge reply" msgstr "verkeerd antwoord op uitdaging" -#: src/protocol_auth.c:448 +#: src/protocol_auth.c:458 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwachtte antwoord op uitdaging: %s" -#: src/protocol_auth.c:536 +#: src/protocol_auth.c:548 #, c-format msgid "Established a second connection with %s (%s), closing old connection" msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" -#: src/protocol_auth.c:551 +#: src/protocol_auth.c:564 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol_edge.c:86 src/protocol_edge.c:92 src/protocol_edge.c:204 -#: src/protocol_edge.c:210 src/protocol_subnet.c:75 src/protocol_subnet.c:160 +#: src/protocol_edge.c:91 src/protocol_edge.c:97 src/protocol_edge.c:204 +#: src/protocol_edge.c:210 src/protocol_subnet.c:80 src/protocol_subnet.c:171 msgid "invalid name" msgstr "ongeldige naam" @@ -701,39 +703,39 @@ msgid "Got %s from %s (%s) for ourself which does not match existing entry" msgstr "" "Kreeg %s van %s (%s) voor onszelf welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:141 +#: src/protocol_edge.c:140 #, c-format msgid "Got %s from %s (%s) which does not match existing entry" msgstr "Kreeg %s van %s (%s) welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:151 +#: src/protocol_edge.c:148 #, c-format msgid "Got %s from %s (%s) for ourself which does not exist" msgstr "Kreeg %s van %s (%s) voor onszelf welke niet bestaat" -#: src/protocol_edge.c:224 src/protocol_edge.c:233 src/protocol_edge.c:244 +#: src/protocol_edge.c:223 src/protocol_edge.c:232 src/protocol_edge.c:243 #, c-format msgid "Got %s from %s (%s) which does not appear in the edge tree" msgstr "Kreeg %s van %s (%s) welke niet voorkomt in de edge tree" -#: src/protocol_edge.c:251 src/protocol_subnet.c:114 src/protocol_subnet.c:206 +#: src/protocol_edge.c:250 src/protocol_subnet.c:118 src/protocol_subnet.c:218 #, c-format msgid "Got %s from %s (%s) for ourself" msgstr "Kreeg %s van %s (%s) voor onszelf" -#: src/protocol_key.c:80 +#: src/protocol_key.c:81 #, c-format msgid "Got %s from %s (%s) origin %s which does not exist" msgstr "Kreeg %s van %s (%s) herkomst %s welke niet bestaat" -#: src/protocol_key.c:119 src/protocol_key.c:187 +#: src/protocol_key.c:120 src/protocol_key.c:183 #, c-format msgid "" "Got %s from %s (%s) origin %s which does not exist in our connection list" msgstr "" "Kreeg %s van %s (%s) herkomst %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:128 src/protocol_key.c:196 +#: src/protocol_key.c:128 src/protocol_key.c:191 #, c-format msgid "" "Got %s from %s (%s) destination %s which does not exist in our connection " @@ -741,75 +743,75 @@ msgid "" msgstr "" "Kreeg %s van %s (%s) doel %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:229 +#: src/protocol_key.c:222 #, c-format msgid "Node %s (%s) uses unknown cipher!" msgstr "Node %s (%s) gebruikt onbekende cipher!" -#: src/protocol_key.c:234 +#: src/protocol_key.c:228 #, c-format msgid "Node %s (%s) uses wrong keylength!" msgstr "Node %s (%s) gebruikt verkeerde lengte sleutel!" -#: src/protocol_key.c:255 +#: src/protocol_key.c:248 #, c-format msgid "Node %s (%s) uses bogus MAC length!" msgstr "Node %s (%s) gebruikt onzinnige MAC lengte!" -#: src/protocol_misc.c:68 +#: src/protocol_misc.c:69 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Statusmelding van %s (%s): %s: %s" -#: src/protocol_misc.c:98 +#: src/protocol_misc.c:100 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Foutmelding van %s (%s): %s: %s" -#: src/protocol_subnet.c:83 src/protocol_subnet.c:178 +#: src/protocol_subnet.c:90 src/protocol_subnet.c:192 msgid "invalid subnet string" msgstr "ongeldige subnet string" -#: src/protocol_subnet.c:169 +#: src/protocol_subnet.c:181 #, c-format msgid "Got %s from %s (%s) for %s which is not in our node tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in de node boom" -#: src/protocol_subnet.c:196 +#: src/protocol_subnet.c:209 #, c-format msgid "Got %s from %s (%s) for %s which does not appear in his subnet tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in zijn subnet boom" -#: src/subnet.c:115 +#: src/subnet.c:114 #, c-format msgid "subnet_compare() was called with unknown subnet type %d, exitting!" msgstr "" "subnet_compare() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:290 +#: src/subnet.c:299 #, c-format msgid "net2str() was called with unknown subnet type %d, exiting!" msgstr "net2str() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:403 +#: src/subnet.c:414 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:408 +#: src/subnet.c:419 #, c-format msgid " %s owner %s" msgstr " %s eigenaar %s" -#: src/subnet.c:411 +#: src/subnet.c:423 msgid "End of subnet list." msgstr "Einde van subnet lijst." -#: src/tincd.c:105 +#: src/tincd.c:109 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:108 +#: src/tincd.c:112 #, c-format msgid "" "Usage: %s [option]...\n" @@ -818,7 +820,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:109 +#: src/tincd.c:113 msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" @@ -843,13 +845,13 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:118 +#: src/tincd.c:122 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:175 +#: src/tincd.c:180 #, c-format msgid "" "Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, " @@ -858,7 +860,7 @@ msgstr "" "Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, " "KILL, USR1, USR2, WINCH, INT of ALRM.\n" -#: src/tincd.c:193 +#: src/tincd.c:199 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" @@ -866,24 +868,24 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:254 +#: src/tincd.c:266 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:259 +#: src/tincd.c:270 msgid "Error during key generation!\n" msgstr "Fout tijdens genereren sleutel!\n" -#: src/tincd.c:263 +#: src/tincd.c:273 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:272 +#: src/tincd.c:282 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:276 src/tincd.c:287 +#: src/tincd.c:288 src/tincd.c:301 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -891,21 +893,21 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:283 +#: src/tincd.c:295 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:308 +#: src/tincd.c:322 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:337 +#: src/tincd.c:350 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:338 +#: src/tincd.c:352 msgid "" "Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -922,16 +924,20 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:403 +#: src/tincd.c:379 +msgid "mlockall() not supported on this platform!" +msgstr "mlockall() wordt niet ondersteund op dit platform!" + +#: src/tincd.c:419 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:408 +#: src/tincd.c:423 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:413 src/process.c:351 +#: src/tincd.c:426 src/process.c:353 msgid "Not restarting." msgstr "Geen herstart." @@ -940,114 +946,114 @@ msgstr "Geen herstart." msgid "Memory exhausted (couldn't allocate %d bytes), exitting." msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." -#: src/process.c:100 +#: src/process.c:101 msgid "Terminating" msgstr "Beëindigen" -#: src/process.c:116 +#: src/process.c:120 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd draait al voor net `%s' met pid %d.\n" -#: src/process.c:119 +#: src/process.c:123 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met pid %d.\n" -#: src/process.c:140 +#: src/process.c:147 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:142 +#: src/process.c:150 msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:151 +#: src/process.c:159 #, c-format msgid "The tincd for net `%s' is no longer running. " msgstr "De tincd voor net `%s' draait niet meer. " -#: src/process.c:153 +#: src/process.c:162 msgid "The tincd is no longer running. " msgstr "De tincd draait niet meer. " -#: src/process.c:155 +#: src/process.c:164 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:183 +#: src/process.c:191 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:196 +#: src/process.c:205 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:199 +#: src/process.c:208 #, c-format msgid "tincd %s starting" msgstr "tincd %s wordt gestart" -#: src/process.c:228 +#: src/process.c:238 #, c-format msgid "Could not execute `%s': %s" msgstr "Kon `%s' niet uitvoeren: %s" -#: src/process.c:258 +#: src/process.c:272 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:268 +#: src/process.c:279 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:276 +#: src/process.c:285 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:282 +#: src/process.c:290 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:307 +#: src/process.c:314 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:316 +#: src/process.c:322 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:323 +#: src/process.c:328 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart." -#: src/process.c:332 +#: src/process.c:337 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:337 +#: src/process.c:341 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:360 +#: src/process.c:361 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:369 +#: src/process.c:368 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:376 +#: src/process.c:373 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1056,41 +1062,41 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:387 +#: src/process.c:383 msgid "Got ALRM signal" msgstr "Kreeg ALRM signaal" -#: src/process.c:416 +#: src/process.c:408 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:425 +#: src/process.c:415 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:482 +#: src/process.c:470 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:83 +#: src/route.c:84 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:117 +#: src/route.c:118 #, c-format msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" -#: src/route.c:162 +#: src/route.c:167 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:182 +#: src/route.c:188 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1099,19 +1105,19 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:243 +#: src/route.c:248 msgid "" "Cannot route packet: received unknown type neighbor solicitation request" msgstr "" "Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation " "verzoek" -#: src/route.c:264 +#: src/route.c:268 msgid "Cannot route packet: checksum error for neighbor solicitation request" msgstr "" "Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek" -#: src/route.c:276 +#: src/route.c:278 #, c-format msgid "" "Cannot route packet: neighbor solicitation request for unknown address %hx:%" @@ -1120,25 +1126,25 @@ msgstr "" "Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres %" "hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx" -#: src/route.c:351 +#: src/route.c:357 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:364 +#: src/route.c:368 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:421 +#: src/route.c:426 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" -#: src/node.c:161 +#: src/node.c:172 msgid "Nodes:" msgstr "Nodes:" -#: src/node.c:166 +#: src/node.c:176 #, c-format msgid "" " %s at %s cipher %d digest %d maclength %d compression %d options %lx status " @@ -1147,101 +1153,101 @@ msgstr "" " %s op %s cipher %d digest %d maclengte %d compressie %d opties %lx status %" "04x nexthop %s via %s" -#: src/node.c:171 +#: src/node.c:183 msgid "End of nodes." msgstr "Einde van nodes." -#: src/edge.c:170 +#: src/edge.c:157 msgid "Edges:" msgstr "Edges:" -#: src/edge.c:176 +#: src/edge.c:164 #, c-format msgid " %s to %s at %s options %lx weight %d" msgstr " %s naar %s op %s opties %lx gewicht %d" -#: src/edge.c:182 +#: src/edge.c:170 msgid "End of edges." msgstr "Einde van edges." -#: src/graph.c:263 +#: src/graph.c:268 #, c-format msgid "Node %s (%s) became reachable" msgstr "Node %s (%s) werd bereikbaar" -#: src/graph.c:265 +#: src/graph.c:271 #, c-format msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" -#: src/linux/device.c:89 src/freebsd/device.c:70 src/solaris/device.c:75 +#: src/linux/device.c:90 src/freebsd/device.c:70 src/solaris/device.c:74 #: src/netbsd/device.c:74 src/openbsd/device.c:74 #, c-format msgid "Could not open %s: %s" msgstr "Kon `%s' niet openen: %s" -#: src/linux/device.c:114 src/linux/device.c:124 +#: src/linux/device.c:113 src/linux/device.c:120 msgid "Linux tun/tap device" msgstr "Linux tun/tap apparaat" -#: src/linux/device.c:122 +#: src/linux/device.c:118 #, c-format msgid "Old ioctl() request was needed for %s" msgstr "Oud ioctl() verzoek was nodig voor %s" -#: src/linux/device.c:131 +#: src/linux/device.c:126 msgid "Linux ethertap device" msgstr "Linux ethertap apparaat" -#: src/linux/device.c:136 src/freebsd/device.c:87 src/solaris/device.c:132 -#: src/netbsd/device.c:90 src/openbsd/device.c:90 +#: src/linux/device.c:131 src/freebsd/device.c:85 src/solaris/device.c:133 +#: src/netbsd/device.c:89 src/openbsd/device.c:89 #, c-format msgid "%s is a %s" msgstr "%s is een %s" -#: src/linux/device.c:159 src/linux/device.c:169 src/freebsd/device.c:108 -#: src/solaris/device.c:149 src/netbsd/device.c:109 src/openbsd/device.c:111 +#: src/linux/device.c:157 src/linux/device.c:168 src/freebsd/device.c:108 +#: src/solaris/device.c:152 src/netbsd/device.c:108 src/openbsd/device.c:110 #, c-format msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" -#: src/linux/device.c:180 src/freebsd/device.c:117 src/solaris/device.c:164 -#: src/netbsd/device.c:124 src/openbsd/device.c:140 +#: src/linux/device.c:179 src/freebsd/device.c:118 src/solaris/device.c:167 +#: src/netbsd/device.c:123 src/openbsd/device.c:143 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" -#: src/linux/device.c:191 src/freebsd/device.c:128 src/solaris/device.c:175 -#: src/netbsd/device.c:135 src/openbsd/device.c:154 +#: src/linux/device.c:191 src/freebsd/device.c:129 src/solaris/device.c:179 +#: src/netbsd/device.c:135 src/openbsd/device.c:159 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" -#: src/linux/device.c:198 src/linux/device.c:207 src/solaris/device.c:180 -#: src/netbsd/device.c:140 src/openbsd/device.c:180 +#: src/linux/device.c:196 src/linux/device.c:204 src/solaris/device.c:183 +#: src/netbsd/device.c:139 src/openbsd/device.c:185 #, c-format msgid "Can't write to %s %s: %s" msgstr "Kan niet schrijven naar %s %s: %s" -#: src/linux/device.c:220 src/freebsd/device.c:144 src/solaris/device.c:192 -#: src/netbsd/device.c:151 src/openbsd/device.c:191 +#: src/linux/device.c:219 src/freebsd/device.c:145 src/solaris/device.c:197 +#: src/netbsd/device.c:151 src/openbsd/device.c:197 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" -#: src/linux/device.c:221 src/freebsd/device.c:145 src/solaris/device.c:193 -#: src/netbsd/device.c:152 src/openbsd/device.c:192 +#: src/linux/device.c:220 src/freebsd/device.c:146 src/solaris/device.c:198 +#: src/netbsd/device.c:152 src/openbsd/device.c:198 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" -#: src/linux/device.c:222 src/freebsd/device.c:146 src/solaris/device.c:194 -#: src/netbsd/device.c:153 src/openbsd/device.c:193 +#: src/linux/device.c:221 src/freebsd/device.c:147 src/solaris/device.c:199 +#: src/netbsd/device.c:153 src/openbsd/device.c:199 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" -#: src/freebsd/device.c:85 +#: src/freebsd/device.c:83 msgid "FreeBSD tap device" msgstr "FreeBSD tap apparaat" @@ -1265,39 +1271,39 @@ msgstr "Kan geen nieuwe interface toekennen: %s" msgid "Could not open %s twice: %s" msgstr "Kon `%s' niet twee keer openen: %s" -#: src/solaris/device.c:102 +#: src/solaris/device.c:103 #, c-format msgid "Can't push IP module: %s" msgstr "Kan IP module niet invoegen: %s" -#: src/solaris/device.c:108 +#: src/solaris/device.c:109 #, c-format msgid "Can't set PPA %d: %s" msgstr "Kon PPA %d niet instellen: %s" -#: src/solaris/device.c:113 +#: src/solaris/device.c:114 #, c-format msgid "Can't link TUN device to IP: %s" msgstr "Kan TUN apparaat niet koppelen aan IP: %s" -#: src/solaris/device.c:120 +#: src/solaris/device.c:121 msgid "Solaris tun device" msgstr "Solaris tun apparaat" -#: src/netbsd/device.c:88 +#: src/netbsd/device.c:87 msgid "NetBSD tun device" msgstr "NetBSD tun apparaat" -#: src/openbsd/device.c:88 +#: src/openbsd/device.c:87 msgid "OpenBSD tun device" msgstr "OpenBSD tun apparaat" -#: src/openbsd/device.c:130 +#: src/openbsd/device.c:133 #, c-format msgid "Unknown address family %d while reading packet from %s %s" msgstr "Onbekende adresfamilie %d tijdens lezen pakket van %s %s" -#: src/openbsd/device.c:169 +#: src/openbsd/device.c:174 #, c-format msgid "Unknown address family %d while writing packet to %s %s" msgstr "Onbekende adresfamilie %d tijdens schrijven pakket naar %s %s" From bf3a11898898c0618cd1b2e7a792b7d7fe56aecb Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 15 Sep 2002 22:19:19 +0000 Subject: [PATCH 707/923] Use /dev/net/tun as default for tun/tap device under Linux. --- src/linux/device.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/linux/device.c b/src/linux/device.c index 92b3a3ca..629b49e7 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.12 2002/09/09 22:33:24 guus Exp $ + $Id: device.c,v 1.1.2.13 2002/09/15 22:19:19 guus Exp $ */ #include "config.h" @@ -39,7 +39,7 @@ #else #include #endif -#define DEFAULT_DEVICE "/dev/misc/net/tun" +#define DEFAULT_DEVICE "/dev/net/tun" #else #define DEFAULT_DEVICE "/dev/tap0" #endif From 1dcbdf48eb4a642e4d70a9e67aaca78deacf352d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 15 Sep 2002 22:19:38 +0000 Subject: [PATCH 708/923] Update documentation. --- doc/CONNECTIVITY | 363 +++--------------------------------- doc/PROTOCOL | 82 +++++--- doc/SECURITY2 | 20 +- doc/sample-config/tinc-up | 7 +- doc/sample-config/tinc.conf | 4 +- doc/tinc.conf.5 | 2 +- doc/tinc.texi | 217 ++++++++++----------- doc/tincd.8 | 3 + 8 files changed, 212 insertions(+), 486 deletions(-) diff --git a/doc/CONNECTIVITY b/doc/CONNECTIVITY index ecdcf3e3..385a0550 100644 --- a/doc/CONNECTIVITY +++ b/doc/CONNECTIVITY @@ -12,343 +12,34 @@ maintain a stable network. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: CONNECTIVITY,v 1.1.2.9 2002/06/21 10:11:10 guus Exp $ + $Id: CONNECTIVITY,v 1.1.2.10 2002/09/15 22:19:37 guus Exp $ -1. Problem +1. Synchronisation +================== + +Each tinc daemon has zero or more connections to other tinc daemons. It will +try to keep it's own information synchronised with the other tinc daemons. If +one of it's peers sends information, the tinc daemon will check if it is new +information. If so, it will update it's own information and forward the new +information to all the other peers. + +This scheme will make sure that after a short amount of time all tinc daemons +share the same information. It will also almost completely prevent information +from looping, because "new" information that is already known is ignored and +not forwarded any further. However, since information can also be deleted +there's the possibility of a looping sequence of add/delete messages. This is +resolved by additionaly adding a unique identifier to each broadcasted message. +Messages are dropped if the same message with that identifier has already been +seen. + +2. Routing ========== -We have a set of nodes (A, B, C, ...) that are part of the same VPN. They need -to connect to eachother and form a single graph that satisfies the tree -property. +Every node tells it's peers to which other peers it is connected. This way +every node will eventually know every connection every node has on the VPN. +Each node will use graph algorithms to determine if other nodes are reachable or not and +what the best route is to other nodes. -There is the possibility that loops are formed, the offending connections must -be eliminated. - -Suppose we start with two smaller graphs that want to form a single larger -graph. Both graphs consist of three nodes: - - A-----B-----C - - - - D-----E-----F - -It is very well possible that A wants to connect to D, and F wants to connect -to C, both at the same time. The following loop will occur: - - A-----B-----C - | ^ - | | - v | - D-----E-----F - -The situation described here is totally symmetric, there is no preference to -one connection over the other. The problem of resolving the loop, maintaining -consistency and stability is therefore not a trivial one. - -What happens when A---D and C---F are connected to eachother? They exchange -lists of known hosts. A knows of B and C, and D knows of E and F. The protocol -defines ADD_HOST messages, from now on we will say that "node X sends and -ADD_HOST(Y) to Z". - -There are two possible scenarios: either both A---D and C---F finish -authentication at the same time, or A---D finishes first, so that ADD_HOST -messages will reach C and F before they finish authentication. - -1.1 A---D finishes first ------------------------- - -After A---D authentication finishes the following actions are taken: - - 1 A sends ADD_HOST(B) to D - A sends ADD_HOST(C) to D - D sends ADD_HOST(E) to A - D sends ADD_HOST(F) to A - - 2 A sends ADD_HOST(D) to B - A receives ADD_HOST(E) from D: - A sends ADD_HOST(E) to B - A receives ADD_HOST(F) from D: - A sends ADD_HOST(F) to B - D sends ADD_HOST(A) to E - D receives ADD_HOST(B) from A: - D sends ADD_HOST(B) to E - D receives ADD_HOST(C) from A: - D sends ADD_HOST(C) to E - - 3 B receives ADD_HOST(D) from A, - B sends ADD_HOST(D) to C - B receives ADD_HOST(E) from A: - B sends ADD_HOST(E) to C - B receives ADD_HOST(F) from A: - B sends ADD_HOST(F) to C - E receives ADD_HOST(A) from D: - E sends ADD_HOST(A) to F - E receives ADD_HOST(B) from D: - E sends ADD_HOST(B) to F - E receives ADD_HOST(C) from D: - E sends ADD_HOST(C) to F - - 4 C receives ADD_HOST(D) from B. - C receives ADD_HOST(E) from B. - C receives ADD_HOST(F) from B. - F receives ADD_HOST(A) from E. - F receives ADD_HOST(B) from E. - F receives ADD_HOST(C) from E. - -Then C---F authentication finishes, the following actions are taken: - - 1 C notes that F is already known: - Connection is closed. - F notes that C is already known: - Connection is closed. - -1.2 Both A---D and C---F finish at the same time. -------------------------------------------------- - - 1 A sends ADD_HOST(B) to D - A sends ADD_HOST(C) to D - D sends ADD_HOST(E) to A - D sends ADD_HOST(F) to A - - C sends ADD_HOST(A) to F - C sends ADD_HOST(B) to F - F sends ADD_HOST(D) to C - F sends ADD_HOST(E) to C - - 2 A sends ADD_HOST(D) to B - A receives ADD_HOST(E) from D: - A sends ADD_HOST(E) to B - A receives ADD_HOST(F) from D: - A sends ADD_HOST(F) to B - D sends ADD_HOST(A) to E - D receives ADD_HOST(B) from A: - D sends ADD_HOST(B) to E - D receives ADD_HOST(C) from A: - D sends ADD_HOST(C) to E - - C sends ADD_HOST(F) to B - C receives ADD_HOST(D) from F: - A sends ADD_HOST(D) to B - C receives ADD_HOST(E) from F: - A sends ADD_HOST(E) to B - F sends ADD_HOSTS(C) to E - F receives ADD_HOST(A) from C: - D sends ADD_HOST(A) to E - F receives ADD_HOST(B) from C: - D sends ADD_HOST(B) to E - - 3 B receives ADD_HOST(D) from A, - B sends ADD_HOST(D) to C - B receives ADD_HOST(E) from A: - B sends ADD_HOST(E) to C - B receives ADD_HOST(F) from A: - B sends ADD_HOST(F) to C - E receives ADD_HOST(A) from D: - E sends ADD_HOST(A) to F - E receives ADD_HOST(B) from D: - E sends ADD_HOST(B) to F - E receives ADD_HOST(C) from D: - E sends ADD_HOST(C) to F - - B receives ADD_HOST(F) from C, and notes that is is already known: - - B receives ADD_HOST(D) from C, and notes that is is already known: - - B receives ADD_HOST(E) from C, and notes that is is already known: - - E receives ADD_HOST(C) from F, and notes that is is already known: - - E receives ADD_HOST(A) from F, and notes that is is already known: - - E receives ADD_HOST(B) from F, and notes that is is already known: - - - 4 A receives ADD_HOST(D) from B, and notes that it is already known: - - A receives ADD_HOST(E) from B, and notes that it is already known: - - A receives ADD_HOST(F) from B, and notes that it is already known: - - F receives ADD_HOST(A) from E, and notes that it is already known: - - F receives ADD_HOST(B) from E, and notes that it is already known: - - F receives ADD_HOST(B) from E, and notes that it is already known: - - - ... - -1.2.1 Augmenting ADD_HOST -------------------------- - -A solution would be to augment ADD_HOST with an extra parameter, the nexthop of -the added host: - - 3 B receives ADD_HOST(D,A) from A, - B sends ADD_HOST(D,A) to C - B receives ADD_HOST(E,D) from A: - B sends ADD_HOST(E,D) to C - B receives ADD_HOST(F,E) from A: - B sends ADD_HOST(F,E) to C - E receives ADD_HOST(A,D) from D: - E sends ADD_HOST(A,D) to F - E receives ADD_HOST(B,A) from D: - E sends ADD_HOST(B,A) to F - E receives ADD_HOST(C,B) from D: - E sends ADD_HOST(C,B) to F - - B receives ADD_HOST(F,C) from C, and notes that F is already known: - - B receives ADD_HOST(D,E) from C, and notes that D is already known: - - B receives ADD_HOST(E,F) from C, and notes that E is already known: - - E receives ADD_HOST(C,F) from F, and notes that C is already known: - - E receives ADD_HOST(A,B) from F, and notes that A is already known: - - E receives ADD_HOST(B,C) from F, and notes that B is already known: - - -So, B and E have to make a choice. Which ADD_HOST is going to win? Fortunately, -since the ADD_HOST messages are augmented, they have an extra piece of -information they can use to decide in a deterministic way which one is going to -win. For example, B got ADD_HOST(F,E) and ADD_HOST(F,C). Since "E" > "C", it -could let ADD_HOST(F,E) win. - - B receives ADD_HOST(F,C) from C, and notes that F is already known: - since "C" < "E", B ignores ADD_HOST(F,E) - B sends ADD_HOST(F,C) to A - ... - E receives ADD_HOST(C,F) from F, and notes that C is already known: - since "F" > "B", E removes the ADD_HOST(C,B) in favour of the new one - E sends ADD_HOST(C,F) to D - - 4 A receives ADD_HOST(F,E) from B, and notes that F is already known: - since "E" < "D", A ignores ADD_HOST(F,D). - ... - D receives ADD_HOST(C,F) from E, and notes that C is already known: - since "F" > "B", D removes the ADD_HOST(C,B), - closes the connection with C, in favour of the new one. - -Ok, time to forget this crap. - -1.2.2 ------ - -The problem with the current ADD/DEL_HOST technique is that each host only -knows the general direction in which to send packets for the other hosts. It -really doesn't know much about the true topology of the network, only about -it's direct neighbours. With so little information each host cannot make a -certain decision which it knows for sure all the others will decide too. - -Let's do something totally different. Instead of notifying every host of the -addition of a new host, which is represented by a vertex in a graph, lets send -out notifications of new connections, which are the edges in a graph. This is -rather cheap, since our graphs are (almost) spanning trees, there is -approximately one edge for each vertex in the graph, so we don't need to send -more messages. Furthermore, an edge is characterized by two vertices, so we -only send a fixed amount of extra information. The size/complexity of the -problem therefore does not increase much. - -What is the advantage of notifying each vertex of new edges instead of new -vertices? Well, all the vertices now know exactly which connections are made -between each host. This was not known with the former schemes. - -Ok back to our problem: - - A-----B-----C - - - - D-----E-----F - -Edges are undirected, and are characterised by the vertices it connects, sorted -alphabetically, so the edges in the two graphs are: - -(A,B), (B,C), (D,E) and (E,F). - -So again we have that A wants to connect to D, and F wants to connect to C, -both at the same time. The following loop will occur: - - A-----B-----C - | ^ - | | - v | - D-----E-----F - -Instead of sending ADD_HOSTs, lets assume the hosts send ADD_EDGEs. So, after -making the connections: - - 1 A sends ADD_EDGE(A,D) to B - A sends ADD_EDGE(A,B) to D - A sends ADD_EDGE(B,C) to D - D sends ADD_EDGE(A,D) to E - D sends ADD_EDGE(D,E) to A - D sends ADD_EDGE(E,F) to A - - C sends ADD_EDGE(C,F) to B - C sends ADD_EDGE(A,B) to F - C sends ADD_EDGE(B,C) to F - F sends ADD_EDGE(C,F) to E - F sends ADD_EDGE(D,E) to C - F sends ADD_EDGE(E,F) to C - - 2 B receives ADD_EDGE(A,D) from A: - B sends ADD_EDGE(A,D) to C - B receives ADD_EDGE(D,E) from A: - B sends ADD_EDGE(D,E) to C - B receives ADD_EDGE(E,F) from A: - B sends ADD_EDGE(E,F) to C - ... - - B receives ADD_EDGE(C,F) from C, notes that both C and F are already known, - but that the edge (C,F) was not known, so a loop has been created: - - -Ok, how to resolve the loop? Remeber, we want to do that in such a way that it -is consistent with the way all the other hosts resolve the loop. Here is the -things B does when it notices that a loop is going to be formed: - - B performs a Breadth First Search from the first element of the list of all - known hosts sorted alfabetically, in this case A, and thereby finds a - spanning tree. (This might later be changed into a minimum spanning tree - alhorithm, but the key point here is that all hosts do this with exactly the - same starting parameters.) All known edges that are not in the spanning tree - are marked inactive. - -An edge marked inactive does not mean anything, unless this edge is connected -to B itself. In that case, B will stop sending messages over that edge. B might -consider closing this edge, but this is not really needed. Keeping it means no -DEL_EDGE has to be sent for it, and if another edge is removed (which will -quite certainly split the graph if it's a spanning tree), this edge might be -reactivated, without the need of sending a new ADD_EDGE for it. On the other -hand, we mustn't keep to many inactive edges, because we want to keep the -number of known edges linear to the number of hosts (otherwise the size of the -problem will grow quadratically). - -So, since B didn't deactivate one of it's own edges, it forwards the -ADD_EDGE(C,F) to A, which also does a BFS, and so on, until it reaches F. F of -course also does a BFS, notes that is is one of it's own edges. It deactivates -the edge (C,F), and consequently will not forward the ADD_EDGE(C,F) to C -anymore. In the mean time, C got messages from B which will make C do the same. - -Ok, suppose a DEL_EDGE was sent, and it means an inactive edge has to be -reactivated. The vertices connected by that edge must exchange their entire -knowledge of edges again, because in the mean time other messages could have -been sent, which were not properly forwarded. Take this example: - - X C-----D - | | | - | | | - v | | - A-----B- - -E - -The edge (B,E) is inactive. X is trying to make a new connection with A. A -sends an ADD_EDGE(A,X) to B, which forwards it to C. At that time, the -connection between C and D goes down, so C sends a DEL_EDGE(C,D) to B, and D -sends a DEL_EDGE(C,D) to E. If we just allow (B,E) to be reactivated again -without anything else, then E and D will never have received the ADD_EDGE(A,X). -So, B and E have to exchange edges again, and propagate them to the hosts they -already know. +Because all nodes share the same information, using a deterministic algorithm +each node will calculate the same minimum spanning tree for the entire VPN. +The MST will be used to send broadcast VPN packets. diff --git a/doc/PROTOCOL b/doc/PROTOCOL index c1ec7e77..795be833 100644 --- a/doc/PROTOCOL +++ b/doc/PROTOCOL @@ -12,7 +12,7 @@ This is the protocol documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: PROTOCOL,v 1.1.2.7 2002/06/21 10:11:10 guus Exp $ + $Id: PROTOCOL,v 1.1.2.8 2002/09/15 22:19:37 guus Exp $ 1. Protocols used in tinc @@ -69,24 +69,62 @@ synchronised. daemon message -------------------------------------------------------------------------- -origin ADD_EDGE node1 12.23.34.45 655 node2 21.32.43.54 655 222 0 - | | | \___________________/ | +-> options - | | | | +----> weight - | | | +----------------> see below - | | +--> UDP port - | +----------> real address - +------------------> name of node on one side of the edge +origin ADD_EDGE node1 node2 21.32.43.54 655 222 0 + | | | | | +-> options + | | | | +----> weight + | | | +--------> UDP port of node2 + | | +----------------> real address of node2 + | +-------------------------> name of destination node + +-------------------------------> name of source node origin ADD_SUBNET node 192.168.1.0/24 | | +--> prefixlength - | +--------> IPv4 network address + | +--------> network address +------------------> owner of this subnet -------------------------------------------------------------------------- +The ADD_EDGE messages are to inform other tinc daemons that a connection between +two nodes exist. The address of the destination node is available so that +VPN packets can be sent directly to that node. + +The ADD_SUBNET messages inform other tinc daemons that certain subnets belong +to certain nodes. tinc will use it to determine to which node a VPN packet has +to be sent. + +message +------------------------------------------------------------------ +DEL_EDGE node1 node2 + | +----> name of destination node + +----------> name of source node + +DEL_SUBNET node 192.168.1.0/24 + | | +--> prefixlength + | +--------> network address + +------------------> owner of this subnet +------------------------------------------------------------------ + In case a connection between two daemons is closed or broken, DEL_EDGE messages are sent to inform the other daemons of that fact. Each daemon will calculate a new route to the the daemons, or mark them unreachable if there isn't any. +message +------------------------------------------------------------------ +REQ_KEY origin destination + | +--> name of the tinc daemon it wants the key from + +----------> name of the daemon that wants the key + +ANS_KEY origin destination 4ae0b0a82d6e0078 91 64 4 + | | \______________/ | | +--> MAC length + | | | | +-----> digest algorithm + | | | +--------> cipher algorithm + | | +--> 128 bits key + | +--> name of the daemon that wants the key + +----------> name of the daemon that uses this key + +KEY_CHANGED origin + +--> daemon that has changed it's packet key +-------------------------------------------------------------------------- + The keys used to encrypt VPN packets are not sent out directly. This is because it would generate a lot of traffic on VPNs with many daemons, and chances are that not every tinc daemon will ever send a packet to every @@ -97,33 +135,17 @@ act as a proxy and forward its copy back to the requestor. daemon message -------------------------------------------------------------------------- -daemon REQ_KEY origin destination - | +--> name of the tinc daemon it wants the key from - +----------> name of the daemon that wants the key - -daemon ANS_KEY origin destination 4ae0b0a82d6e0078 91 64 4 - | | \______________/ | | +--> MAC length - | | | | +-----> digest algorithm - | | | +--------> cipher algorithm - | | +--> 128 bits key - | +--> name of the daemon that wants the key - +----------> name of the daemon that uses this key - -daemon KEY_CHANGED origin - +--> daemon that has changed it's packet key +origin PING +dest. PONG -------------------------------------------------------------------------- There is also a mechanism to check if hosts are still alive. Since network failures or a crash can cause a daemon to be killed without properly shutting down the TCP connection, this is necessary to keep an up to date connection list. Pings are sent at regular intervals, except when there -is also some other traffic. - -daemon message --------------------------------------------------------------------------- -origin PING -dest. PONG --------------------------------------------------------------------------- +is also some other traffic. A little bit of salt (random data) is added +with each PING and PONG message, to make sure that long sequences of PING/PONG +messages without any other traffic won't result in known plaintext. This basically covers everything that is sent over the meta connection by tinc. diff --git a/doc/SECURITY2 b/doc/SECURITY2 index 11a9ed2a..9b375c2f 100644 --- a/doc/SECURITY2 +++ b/doc/SECURITY2 @@ -12,7 +12,7 @@ This is the security documentation for tinc, a Virtual Private Network daemon. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: SECURITY2,v 1.1.2.3 2002/06/21 10:11:10 guus Exp $ + $Id: SECURITY2,v 1.1.2.4 2002/09/15 22:19:37 guus Exp $ Proposed new authentication scheme ---------------------------------- @@ -66,17 +66,15 @@ server CHAL_REPLY 928ffe After the correct challenge replies are recieved, both ends have proved their identity. Further information is exchanged. -client ACK 655 12.23.34.45 123 0 - | | | +-> options - | | +----> estimated weight - | +------------> IP address of server as seen by client - +--------------------> UDP port of client +client ACK 655 123 0 + | | +-> options + | +----> estimated weight + +--------> listening port of client -server ACK 655 21.32.43.54 321 0 - | | | +-> options - | | +----> estimated weight - | +------------> IP address of client as seen by server - +--------------------> UDP port of server +server ACK 655 321 0 + | | +-> options + | +----> estimated weight + +--------> listening port of server -------------------------------------------------------------------------- This new scheme has several improvements, both in efficiency and security. diff --git a/doc/sample-config/tinc-up b/doc/sample-config/tinc-up index 8f05c4a5..739afd81 100644 --- a/doc/sample-config/tinc-up +++ b/doc/sample-config/tinc-up @@ -6,10 +6,13 @@ # but for ethertap and FreeBSD this is tap0, tap1, tap2 etcetera, # for Solaris and OpenBSD it is tun0, tun1, etcetera. -# Set hardware ethernet address (required!) +# Set hardware ethernet address, needed on Linux when in router mode ifconfig $INTERFACE hw ether fe:fd:0:0:0:0 # Give it the right ip and netmask. Remember, the subnet of the # tap device must be larger than that of the individual Subnets # as defined in the host configuration file! -ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0 -arp +ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0 + +# Disable ARP, needed on Linux when in router mode +ifconfig $INTERFACE -arp diff --git a/doc/sample-config/tinc.conf b/doc/sample-config/tinc.conf index f5f0aa63..0307e75b 100644 --- a/doc/sample-config/tinc.conf +++ b/doc/sample-config/tinc.conf @@ -18,8 +18,8 @@ ConnectTo = beta # The tap device tinc will use. Required. # Default is /dev/tap0 for ethertap or FreeBSD, # /dev/tun0 for Solaris and OpenBSD, -# and /dev/misc/net/tun for Linux tun/tap device. -Device = /dev/misc/net/tun +# and /dev/net/tun for Linux tun/tap device. +Device = /dev/net/tun # The file in which the private key for this host is stored. Required. PrivateKeyFile = /etc/tinc/example/rsa_key.priv diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 7e7284b1..94b83ce4 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -129,7 +129,7 @@ If you don't specify a host with .Nm tinc won't try to connect to other daemons at all, and will instead just listen for incoming connections. -.It Va Device Li = Ar device Po /dev/tap0 or /dev/misc/net/tun Pc +.It Va Device Li = Ar device Po /dev/tap0 or /dev/net/tun Pc The virtual network device to use. .Nm tinc will automatically detect what kind of device it is. diff --git a/doc/tinc.texi b/doc/tinc.texi index 44bec212..c3db80f9 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.31 2002/07/16 13:18:27 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.32 2002/09/15 22:19:37 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.31 2002/07/16 13:18:27 guus Exp $ +$Id: tinc.texi,v 1.8.4.32 2002/09/15 22:19:37 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.31 2002/07/16 13:18:27 guus Exp $ +$Id: tinc.texi,v 1.8.4.32 2002/09/15 22:19:37 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -456,8 +456,8 @@ and the corresponding network interfaces. @cindex requirements @cindex libraries Before you can configure or build tinc, you need to have the OpenSSL -library installed on your system. If you try to configure tinc without -having installed it, configure will give you an error message, and stop. +and zlib libraries installed on your system. If you try to configure tinc without +having them installed, configure will give you an error message, and stop. @menu * OpenSSL:: @@ -565,7 +565,7 @@ md5sum before continuing. tinc comes in a convenient autoconf/automake package, which you can just treat the same as any other package. Which is just untar it, type -`configure' and then `make'. +`./configure' and then `make'. More detailed instructions are in the file @file{INSTALL}, which is included in the source distribution. @@ -651,7 +651,7 @@ mknod -m 600 /dev/tun c 10 200 If you use Linux, and you run the new 2.4 kernel using the devfs filesystem, then the tun/tap device will probably be automatically generated as -@file{/dev/misc/net/tun}. +@file{/dev/net/tun}. Unlike the ethertap device, you do not need multiple device files if you are planning to run multiple tinc daemons. @@ -773,9 +773,9 @@ assume that you use it. @section How connections work When tinc starts up, it parses the command-line options and then -reads in the configuration file. -If it sees a `ConnectTo' value pointing to another tinc daemon in the file, -it will try to connect to that other one. +reads in the configuration file tinc.conf. +If it sees one or more `ConnectTo' values pointing to other tinc daemons in that file, +it will try to connect to those other daemons. Whether this succeeds or not and whether `ConnectTo' is specified or not, tinc will listen for incoming connection from other deamons. If you did specify a `ConnectTo' value and the other side is not responding, @@ -783,14 +783,14 @@ tinc will keep retrying. This means that once started, tinc will stay running until you tell it to stop, and failures to connect to other tinc daemons will not stop your tinc daemon for trying again later. -This means you don't have to intervene if there are any network problems. +This means you don't have to intervene if there are temporary network problems. @cindex client @cindex server There is no real distinction between a server and a client in tinc. If you wish, you can view a tinc daemon without a `ConnectTo' value as a server, and one which does specify such a value as a client. -It does not matter if two tinc daemons have a `ConnectTo' value pointing to eachother however. +It does not matter if two tinc daemons have a `ConnectTo' value pointing to each other however. @c ================================================================== @@ -858,7 +858,7 @@ tinc won't try to connect to other daemons at all, and will instead just listen for incoming connections. @cindex Device -@item @strong{Device = } (/dev/tap0 or /dev/misc/net/tun) +@item @strong{Device = } (/dev/tap0 or /dev/net/tun) The virtual network device to use. Note that you can only use one device per daemon. See also @ref{Device files}. @@ -993,10 +993,8 @@ up to the length of the digest produced by the digest algorithm. @cindex Port @item Port = (655) -Connect to the upstream host (given with the ConnectTo directive) on -port port. port may be given in decimal (default), octal (when preceded -by a single zero) o hexadecimal (prefixed with 0x). port is the port -number for both the UDP and the TCP (meta) connections. +This is the port this tinc daemon listens on. +You can use decimal portnumbers or symbolic names (as listed in /etc/services). @cindex PublicKey @item PublicKey = [obsolete] @@ -1323,7 +1321,7 @@ and in @file{/etc/tinc/company/tinc.conf}: @example Name = BranchD ConnectTo = BranchC -Device = /dev/misc/net/tun +Device = /dev/net/tun PrivateKeyFile = /etc/tinc/company/rsa_key.priv @end example @@ -1393,9 +1391,6 @@ and look in the syslog to find out what the problems are. Besides the settings in the configuration file, tinc also accepts some command line options. -This list is a longer version of that in the manpage. The latter is -generated automatically, so may be more up-to-date. - @cindex command line @cindex runtime options @cindex options @@ -1434,6 +1429,10 @@ Connect to net NETNAME. @xref{Multiple networks}. Don't fork and detach. This will also disable the automatic restart mechanism for fatal errors. +@item -L, --mlock +Lock tinc into main memory. +This will prevent sensitive data like shared private keys to be written to the system swap files/partitions. + @item --version Output version information and exit. @@ -1456,7 +1455,7 @@ only, so keep an eye on it! @item You forgot to compile `Netlink device emulation' in the kernel. @end itemize -@item Can't write to /dev/misc/net/tun: No such device +@item Can't write to /dev/net/tun: No such device @itemize @item You forgot to `modprobe tun'. @@ -1481,15 +1480,6 @@ or if that is not the case, try changing the prefix length into /32. @item Network doesn't work, syslog shows only packets of length 46 -@cindex arp -@example -Jan 1 12:00:00 host tinc.net[1234]: Read packet of length 46 from tap device -Jan 1 12:00:00 host tinc.net[1234]: Trying to look up 0.0.192.168 in connection list failed! -@end example -@itemize -@item Add the `ifconfig $INTERFACE -arp' to tinc-up. -@end itemize - @item Network address and prefix length do not match! @itemize @@ -1510,9 +1500,7 @@ this message. In normal operation, these errors should not occur. @itemize @item You must specify the complete pathname. Specifying a relative path does not make sense here. tinc changes its -directory to / when starting (to avoid keeping a mount point busy); and -even if we built in a default directory to look for these files, the key -files are bound to be in a different directory. +directory to / when starting (to avoid keeping a mount point busy). @end itemize @end table @@ -1565,9 +1553,11 @@ to deduce the destination of the packets. Since the latter modes only depend on the link layer information, any protocol that runs over Ethernet is supported (for instance IPX and Appletalk). -After the destination has been determined, a sequence number will be added to the packet. -The packet will then be encrypted and a message authentication -code will be appended. +After the destination has been determined, +the packet will be compressed (optionally), +a sequence number will be added to the packet, +the packet will then be encrypted +and a message authentication code will be appended. @cindex encapsulating @cindex UDP @@ -1586,16 +1576,21 @@ To let the kernel on the receiving end accept the packet, the destination MAC address must match that of the virtual network interface. If tinc is in it's default routing mode, ARP does not work, so the correct destination MAC cannot be set by the sending daemons. -tinc solves this by always overwriting the -destination MAC address with fe:fd:0:0:0:0. That is also the reason why you must -set the MAC address of your tap interface to that address. +tinc solves this by letting the receiving end detect the MAC address +and overwriting the destination MAC address of the received packet. +However, the MAC address of the network interface at the receiver might not always be known to tinc. +That is the reason why you should set the MAC address of your tap interface to that address +when in routing mode. + +In switch or hub modes ARP does work so the sender already knows the correct destination MAC address. +In those modes every interface should have a unique MAC address, so make sure they are not the same. @c ================================================================== @node The meta-connection, , The UDP tunnel, The connection @subsection The meta-connection -Having only an UDP connection available is not enough. Though suitable +Having only a UDP connection available is not enough. Though suitable for transmitting data, we want to be able to reliably send other information, such as routing and session key information to somebody. @@ -1637,7 +1632,8 @@ The meta protocol consists of requests that can be sent to the other side. Each request has a unique number and several parameters. All requests are represented in the standard ASCII character set. It is possible to use tools such as telnet or netcat to connect to a tinc -daemon and to read and write requests by hand, provided that one +daemon started with the --bypass-security option +and to read and write requests by hand, provided that one understands the numeric codes sent. The authentication scheme is described in @ref{Authentication protocol}. After a @@ -1651,64 +1647,78 @@ synchronised. @example daemon message -------------------------------------------------------------------------- -origin ADD_EDGE node1 12.23.34.45 655 node2 21.32.43.54 655 222 0 - | | | \___________________/ | +-> options - | | | | +----> weight - | | | +----------------> see below - | | +--> UDP port - | +----------> real address - +------------------> name of node on one side of the edge +origin ADD_EDGE node1 node2 21.32.43.54 655 222 0 + | | | | | +-> options + | | | | +----> weight + | | | +--------> UDP port of node2 + | | +----------------> real address of node2 + | +-------------------------> name of destination node + +-------------------------------> name of source node origin ADD_SUBNET node 192.168.1.0/24 | | +--> prefixlength - | +--------> IPv4 network address + | +--------> network address +------------------> owner of this subnet -------------------------------------------------------------------------- @end example +The ADD_EDGE messages are to inform other tinc daemons that a connection between +two nodes exist. The address of the destination node is available so that +VPN packets can be sent directly to that node. + +The ADD_SUBNET messages inform other tinc daemons that certain subnets belong +to certain nodes. tinc will use it to determine to which node a VPN packet has +to be sent. + @cindex DEL_EDGE +@cindex DEL_SUBNET +@example +message +------------------------------------------------------------------ +DEL_EDGE node1 node2 + | +----> name of destination node + +----------> name of source node + +DEL_SUBNET node 192.168.1.0/24 + | | +--> prefixlength + | +--------> network address + +------------------> owner of this subnet +------------------------------------------------------------------ +@end example + In case a connection between two daemons is closed or broken, DEL_EDGE messages are sent to inform the other daemons of that fact. Each daemon will calculate a new route to the the daemons, or mark them unreachable if there isn't any. +@cindex REQ_KEY +@cindex ANS_KEY +@cindex KEY_CHANGED +@example +message +------------------------------------------------------------------ +REQ_KEY origin destination + | +--> name of the tinc daemon it wants the key from + +----------> name of the daemon that wants the key + +ANS_KEY origin destination 4ae0b0a82d6e0078 91 64 4 + | | \______________/ | | +--> MAC length + | | | | +-----> digest algorithm + | | | +--------> cipher algorithm + | | +--> 128 bits key + | +--> name of the daemon that wants the key + +----------> name of the daemon that uses this key + +KEY_CHANGED origin + +--> daemon that has changed it's packet key +-------------------------------------------------------------------------- +@end example + The keys used to encrypt VPN packets are not sent out directly. This is because it would generate a lot of traffic on VPNs with many daemons, and chances are that not every tinc daemon will ever send a packet to every other daemon. Instead, if a daemon needs a key it sends a request for it via the meta connection of the nearest hop in the direction of the -destination. If any hop on the way has already learned the key, it will -act as a proxy and forward its copy back to the requester. - -@cindex REQ_KEY -@cindex ANS_KEY -@cindex KEY_CHANGED -@example -daemon message --------------------------------------------------------------------------- -daemon REQ_KEY origin destination - | +--> name of the tinc daemon it wants the key from - +----------> name of the daemon that wants the key - -daemon ANS_KEY origin destination 4ae0b0a82d6e0078 91 64 4 - | | \______________/ | | +--> MAC length - | | | | +-----> digest algorithm - | | | +--------> cipher algorithm - | | +--> 128 bits key - | +--> name of the daemon that wants the key - +----------> name of the daemon that uses this key - -daemon KEY_CHANGED origin - +--> daemon that has changed it's packet key --------------------------------------------------------------------------- -@end example - -There is also a mechanism to check if hosts are still alive. Since network -failures or a crash can cause a daemon to be killed without properly -shutting down the TCP connection, this is necessary to keep an up to date -connection list. PINGs are sent at regular intervals, except when there -is also some other traffic. A little bit of salt (random data) is added -with each PING and PONG message, to make sure that long sequences of PING/PONG -messages without any other traffic won't result in known plaintext. +destination. @cindex PING @cindex PONG @@ -1720,6 +1730,14 @@ dest. PONG -------------------------------------------------------------------------- @end example +There is also a mechanism to check if hosts are still alive. Since network +failures or a crash can cause a daemon to be killed without properly +shutting down the TCP connection, this is necessary to keep an up to date +connection list. PINGs are sent at regular intervals, except when there +is also some other traffic. A little bit of salt (random data) is added +with each PING and PONG message, to make sure that long sequences of PING/PONG +messages without any other traffic won't result in known plaintext. + This basically covers what is sent over the meta connection by tinc. @@ -1813,17 +1831,15 @@ server CHAL_REPLY 928ffe After the correct challenge replies are received, both ends have proved their identity. Further information is exchanged. -client ACK 655 12.23.34.45 123 0 - | | | +-> options - | | +----> estimated weight - | +------------> IP address of server as seen by client - +--------------------> UDP port of client +client ACK 655 123 0 + | | +-> options + | +----> estimated weight + +--------> listening port of client -server ACK 655 21.32.43.54 321 0 - | | | +-> options - | | +----> estimated weight - | +------------> IP address of client as seen by server - +--------------------> UDP port of server +server ACK 655 321 0 + | | +-> options + | +----> estimated weight + +--------> listening port of server -------------------------------------------------------------------------- @end example @@ -1891,8 +1907,8 @@ The UDP packet containing the network packet from the VPN has the following layo Encrypted with symmetric cipher @end example -So, the entire VPN packet is encrypted using a symmetric cipher. A 32 bits -sequence number is added in front of the actual VPN packet, to act as a unique +So, the entire VPN packet is encrypted using a symmetric cipher, including a 32 bits +sequence number that is added in front of the actual VPN packet, to act as a unique IV for each packet and to prevent replay attacks. A message authentication code is added to the UDP packet to prevent alteration of packets. By default the first 4 bytes of the digest are used for this, but this can be changed using @@ -1918,8 +1934,8 @@ tinc's website is at @url{http://tinc.nl.linux.org/}, this server is located in the Netherlands. @cindex IRC -We have an IRC channel on the Open Projects IRC network. Connect to -@uref{http://openprojects.nu/services/irc.html, irc.openprojects.net}, +We have an IRC channel on the FreeNode IRC network. Connect to +@uref{http://www.freenode.net/, irc.freenode.net} and join channel #tinc. @@ -1929,14 +1945,7 @@ and join channel #tinc. @table @asis @item Ivo Timmermans (zarq) (@email{ivo@@o2w.nl}) -Main coder/hacker and maintainer of the package. - @item Guus Sliepen (guus) (@email{guus@@sliepen.eu.org}) -Originator of it all, co-author. - -@item Wessel Dankers (Ubiq) (@email{wsl@@nl.linux.org}) -For the name `tinc' and various suggestions. - @end table We have received a lot of valuable input from users. With their help, diff --git a/doc/tincd.8 b/doc/tincd.8 index 83d26639..23d692b0 100644 --- a/doc/tincd.8 +++ b/doc/tincd.8 @@ -62,6 +62,9 @@ Connect to net .It Fl D, -no-detach Don't fork and detach. This will also disable the automatic restart mechanism for fatal errors. +.It Fl L, -mlock +Lock tinc into main memory. +This will prevent sensitive data like shared private keys to be written to the system swap files/partitions. .It Fl -version Output version information and exit. .El From b216297a004f083336c633aaccecb4ab175360b3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 15 Sep 2002 22:34:25 +0000 Subject: [PATCH 709/923] Remarks about 1.0pre8 release. --- NEWS | 14 ++++++++++++++ README | 7 ++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 0317dd5a..b2b7ab81 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,17 @@ +version 1.0pre8 Sep 16 2002 + +* More fixes for subnets with prefixlength undivisible by 8. + +* Added support for NetBSD and MacOS/X. + +* Switched from undirected graphs to directed graphs to avoid certain race + conditions and improve scalability. + +* Generalized broadcasting and forwarding of protocol messages. + +* Cleanup of source code. + + version 1.0pre7 Apr 7 2002 * Don't do blocking read()s when getting a signal. diff --git a/README b/README index d957790b..688a5543 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is the README file for tinc version 1.0pre7. Installation +This is the README file for tinc version 1.0pre8. Installation instructions may be found in the INSTALL file. tinc is Copyright (C) 1998-2002 by: @@ -44,6 +44,11 @@ Some configuration variables have different names now. Most notably "TapDevice" should be changed into "Device", and "Device" should be changed into "BindToDevice". +Compatibility +------------- + +Version 1.0pre8 is not compatible with older versions of tinc. + Requirements ------------ From 4f3395ee4dad3cdd23706af180ebddfa5e576012 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 15 Sep 2002 22:37:59 +0000 Subject: [PATCH 710/923] Thank some more people. --- THANKS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/THANKS b/THANKS index ded7de60..e58c4289 100644 --- a/THANKS +++ b/THANKS @@ -20,6 +20,9 @@ We would like to thank * Mark Glines (for his compression patch) * Nick Patavalis (RedHat package) * Alessandro Gatti (for helping us support Darwin) + * Ivo van Dong (for help during the early versions of tinc) + * Jeroen Ubbink (for help testing tinc on Free- and NetBSD) + * LarstiQ (for help testing tinc on MacOS/X) for their help, support and ideas. Thank you guys! From 6904e0469ef52aa6100f0185d579bc205bd07be8 Mon Sep 17 00:00:00 2001 From: Wessel Dankers Date: Mon, 16 Sep 2002 14:08:04 +0000 Subject: [PATCH 711/923] its: Engels voor "van het" - 3e persoon enkelvoud, genitief, onzijdig it's: Engels voor "het is". Dus niet "van het". --- doc/CONNECTIVITY | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/CONNECTIVITY b/doc/CONNECTIVITY index 385a0550..6cf16dd2 100644 --- a/doc/CONNECTIVITY +++ b/doc/CONNECTIVITY @@ -12,15 +12,15 @@ maintain a stable network. provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. - $Id: CONNECTIVITY,v 1.1.2.10 2002/09/15 22:19:37 guus Exp $ + $Id: CONNECTIVITY,v 1.1.2.11 2002/09/16 14:08:04 wsl Exp $ 1. Synchronisation ================== Each tinc daemon has zero or more connections to other tinc daemons. It will -try to keep it's own information synchronised with the other tinc daemons. If -one of it's peers sends information, the tinc daemon will check if it is new -information. If so, it will update it's own information and forward the new +try to keep its own information synchronised with the other tinc daemons. If +one of its peers sends information, the tinc daemon will check if it is new +information. If so, it will update its own information and forward the new information to all the other peers. This scheme will make sure that after a short amount of time all tinc daemons @@ -35,7 +35,7 @@ seen. 2. Routing ========== -Every node tells it's peers to which other peers it is connected. This way +Every node tells its peers to which other peers it is connected. This way every node will eventually know every connection every node has on the VPN. Each node will use graph algorithms to determine if other nodes are reachable or not and what the best route is to other nodes. From 006591efe5b3e6c64040d267f8c0477468abf2bf Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 24 Sep 2002 11:43:34 +0000 Subject: [PATCH 712/923] Run graph() after edge_del() when updating an edge. --- src/protocol_edge.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 0ac9e7c8..37176714 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.14 2002/09/15 14:55:53 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.15 2002/09/24 11:43:34 guus Exp $ */ #include "config.h" @@ -140,6 +140,7 @@ int add_edge_h(connection_t *c) syslog(LOG_WARNING, _("Got %s from %s (%s) which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); edge_del(e); + graph(); } } else return 0; From e310cc82d3f9c9bdb3b827daa149861a41e2e00a Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Mon, 30 Sep 2002 19:04:37 +0000 Subject: [PATCH 713/923] Fix saving of debug level for startup level 0 --- src/process.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/process.c b/src/process.c index edcd5a00..4626d745 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.49 2002/09/15 14:55:53 guus Exp $ + $Id: process.c,v 1.1.2.50 2002/09/30 19:04:37 zarq Exp $ */ #include "config.h" @@ -58,7 +58,7 @@ extern char **g_argv; sigset_t emptysigset; -static int saved_debug_lvl = 0; +static int saved_debug_lvl = -1; extern int sighup; extern int sigalrm; @@ -364,11 +364,11 @@ RETSIGTYPE sighup_handler(int a) RETSIGTYPE sigint_handler(int a) { - if(saved_debug_lvl) { + if(saved_debug_lvl != -1) { syslog(LOG_NOTICE, _("Reverting to old debug level (%d)"), saved_debug_lvl); debug_lvl = saved_debug_lvl; - saved_debug_lvl = 0; + saved_debug_lvl = -1; } else { syslog(LOG_NOTICE, _("Temporarily setting debug level to 5. Kill me with SIGINT again to go back to level %d."), debug_lvl); From 07db46a44feb283c1c17bcce918ab49274a3b11f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 7 Oct 2002 07:32:31 +0000 Subject: [PATCH 714/923] Add documentation for BindToAddress. --- doc/tinc.conf.5 | 7 +++++++ doc/tinc.texi | 14 +++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 94b83ce4..db51eb68 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -106,6 +106,13 @@ If .Qq any is selected, then depending on the operating system both IPv4 and IPv6 or just IPv6 listening sockets will be created. +.It Va BindToAddress Li = Ar address Bq experimental +If your computer has more than one IPv4 or IPv6 address, +.Nm tinc +will by default listen on all of them for incoming connections. +It is possible to bind only to a single address with this variable. +.Pp +This option may not work on all platforms. .It Va BindToInterface Li = Ar interface Bq experimental If your computer has more than one network interface, .Nm tinc diff --git a/doc/tinc.texi b/doc/tinc.texi index c3db80f9..3c597b32 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.32 2002/09/15 22:19:37 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.33 2002/10/07 07:32:31 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.32 2002/09/15 22:19:37 guus Exp $ +$Id: tinc.texi,v 1.8.4.33 2002/10/07 07:32:31 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.32 2002/09/15 22:19:37 guus Exp $ +$Id: tinc.texi,v 1.8.4.33 2002/10/07 07:32:31 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -836,6 +836,14 @@ This option affects the address family of listening and outgoing sockets. If "any" is selected, then depending on the operating system both IPv4 and IPv6 or just IPv6 listening sockets will be created. +@cindex BindToAddress +@item BindToAddress =
      [experimental] +If your computer has more than one IPv4 or IPv6 address, tinc +will by default listen on all of them for incoming connections. +It is possible to bind only to a single address with this variable. + +This option may not work on all platforms. + @cindex BindToInterface @item BindToInterface = [experimental] If you have more than one network interface in your computer, tinc will From 5b2a62ebb6317cd88e491ee958c54670f381aee8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 14 Nov 2002 22:09:03 +0000 Subject: [PATCH 715/923] Fix PriorityInheritance. --- src/net_packet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/net_packet.c b/src/net_packet.c index 7c51ad63..65ec7d75 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.24 2002/09/15 14:55:53 guus Exp $ + $Id: net_packet.c,v 1.1.2.25 2002/11/14 22:09:03 guus Exp $ */ #include "config.h" @@ -295,7 +295,7 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) if(debug_lvl >= DEBUG_TRAFFIC) syslog(LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority); - if(setsockopt(sock, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ + if(setsockopt(listen_socket[sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ syslog(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno)); } From 4c88ff86bcd32735d4768ef3464812cd77c500be Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 27 Dec 2002 19:32:33 +0000 Subject: [PATCH 716/923] PrivateKeyFile instead of PrivateKey. --- doc/tinc.texi | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 3c597b32..488aa343 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.33 2002/10/07 07:32:31 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.34 2002/12/27 19:32:33 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.33 2002/10/07 07:32:31 guus Exp $ +$Id: tinc.texi,v 1.8.4.34 2002/12/27 19:32:33 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.33 2002/10/07 07:32:31 guus Exp $ +$Id: tinc.texi,v 1.8.4.34 2002/12/27 19:32:33 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -1215,7 +1215,7 @@ and in @file{/etc/tinc/company/tinc.conf}: @example Name = BranchA -PrivateKey = /etc/tinc/company/rsa_key.priv +PrivateKeyFile = /etc/tinc/company/rsa_key.priv Device = /dev/tap0 @end example @@ -1254,7 +1254,7 @@ and in @file{/etc/tinc/company/tinc.conf}: @example Name = BranchB ConnectTo = BranchA -PrivateKey = /etc/tinc/company/rsa_key.priv +PrivateKeyFile = /etc/tinc/company/rsa_key.priv @end example Note here that the internal address (on eth0) doesn't have to be the From 44b87ddb7ac90be13ef3e3d5118acaa158184853 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 12 Jan 2003 17:02:23 +0000 Subject: [PATCH 717/923] Run graph algorithm when replacing a second connection from the same host replaces an older one. --- src/protocol_auth.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 83b1c200..da2fa130 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.17 2002/09/09 22:32:59 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.18 2003/01/12 17:02:23 guus Exp $ */ #include "config.h" @@ -548,6 +548,8 @@ int ack_h(connection_t *c) syslog(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); terminate_connection(n->connection, 0); + /* Run graph algorithm to purge key and make sure up/down scripts are rerun with new IP addresses and stuff */ + graph(); } } From 38f562fdfcacb50d34b9a48bfaea7faa132f493a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 14 Jan 2003 12:53:59 +0000 Subject: [PATCH 718/923] Add $NAME for tinc-up/down scripts. --- src/net_setup.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index ec47f60d..acb156cc 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.27 2002/09/15 14:55:53 guus Exp $ + $Id: net_setup.c,v 1.1.2.28 2003/01/14 12:53:59 guus Exp $ */ #include "config.h" @@ -520,7 +520,7 @@ int setup_myself(void) */ int setup_network_connections(void) { - char *envp[4]; + char *envp[5]; int i; cp(); @@ -544,20 +544,21 @@ int setup_network_connections(void) if(setup_device() < 0) return -1; + if(setup_myself() < 0) + return -1; + /* Run tinc-up script to further initialize the tap interface */ asprintf(&envp[0], "NETNAME=%s", netname ? : ""); asprintf(&envp[1], "DEVICE=%s", device ? : ""); asprintf(&envp[2], "INTERFACE=%s", interface ? : ""); - envp[3] = NULL; + asprintf(&envp[3], "NAME=%s", myself->name); + envp[4] = NULL; execute_script("tinc-up", envp); - for(i = 0; i < 4; i++) + for(i = 0; i < 5; i++) free(envp[i]); - if(setup_myself() < 0) - return -1; - try_outgoing_connections(); return 0; @@ -570,7 +571,7 @@ void close_network_connections(void) { avl_node_t *node, *next; connection_t *c; - char *envp[4]; + char *envp[5]; int i; cp(); @@ -602,7 +603,8 @@ void close_network_connections(void) asprintf(&envp[0], "NETNAME=%s", netname ? : ""); asprintf(&envp[1], "DEVICE=%s", device ? : ""); asprintf(&envp[2], "INTERFACE=%s", interface ? : ""); - envp[3] = NULL; + asprintf(&envp[3], "NAME=%s", myself->name); + envp[4] = NULL; execute_script("tinc-down", envp); From c08858baa91a00e38c0f5482dbb0817dbd0361f1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 17 Jan 2003 00:37:20 +0000 Subject: [PATCH 719/923] - Fix indentation in some places. - Optimise select loop. - Remove unused function setup_outgoing_socket(). - Clear EVP_CIPHER_CTX structures before using them. --- src/graph.c | 17 ++++++++------- src/net.c | 25 ++++++++++++++++------- src/net_socket.c | 50 ++------------------------------------------- src/protocol_auth.c | 27 +++++++++--------------- 4 files changed, 38 insertions(+), 81 deletions(-) diff --git a/src/graph.c b/src/graph.c index b7c285fa..f0a93aee 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.21 2002/09/10 22:12:33 guus Exp $ + $Id: graph.c,v 1.1.2.22 2003/01/17 00:37:17 guus Exp $ */ /* We need to generate two trees from the graph: @@ -201,26 +201,25 @@ void sssp_bfs(void) /* Situation: - / + / / ------(n)-----(e->to) \ - \ + \ n->address is set to the e->address of the edge left of n to n. We are currently examining the edge e right of n from n: - If e->reverse->address != n->address, then e->to is probably - not reachable for the nodes left of n. We do as if the indirectdata - flag is set on edge e. + not reachable for the nodes left of n. We do as if the indirectdata + flag is set on edge e. - If edge e provides for better reachability of e->to, update - e->to and (re)add it to the todo_tree to (re)examine the reachability - of nodes behind it. + e->to and (re)add it to the todo_tree to (re)examine the reachability + of nodes behind it. */ indirect = n->status.indirect || e->options & OPTION_INDIRECT - || ((n != myself) - && sockaddrcmp(&n->address, &e->reverse->address)); + || ((n != myself) && sockaddrcmp(&n->address, &e->reverse->address)); if(e->to->status.visited && (!e->to->status.indirect || indirect)) diff --git a/src/net.c b/src/net.c index f81c4ba8..ee18037b 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.182 2002/09/15 14:55:53 guus Exp $ + $Id: net.c,v 1.35.4.183 2003/01/17 00:37:18 guus Exp $ */ #include "config.h" @@ -129,11 +129,11 @@ void purge(void) put all file descriptors in an fd_set array While we're at it, purge stuff that needs to be removed. */ -void build_fdset(fd_set * fs) +int build_fdset(fd_set * fs) { avl_node_t *node, *next; connection_t *c; - int i; + int i, max = 0; cp(); @@ -147,16 +147,27 @@ void build_fdset(fd_set * fs) connection_del(c); if(!connection_tree->head) purge(); - } else + } else { FD_SET(c->socket, fs); + if(c->socket > max) + max = c->socket; + } } for(i = 0; i < listen_sockets; i++) { FD_SET(listen_socket[i].tcp, fs); + if(listen_socket[i].tcp > max) + max = listen_socket[i].tcp; FD_SET(listen_socket[i].udp, fs); + if(listen_socket[i].udp > max) + max = listen_socket[i].udp; } FD_SET(device_fd, fs); + if(device_fd > max) + max = device_fd; + + return max; } /* @@ -317,7 +328,7 @@ void main_loop(void) { fd_set fset; struct timeval tv; - int r; + int r, maxfd; time_t last_ping_check; event_t *event; @@ -332,9 +343,9 @@ void main_loop(void) tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */ tv.tv_usec = 0; - build_fdset(&fset); + maxfd = build_fdset(&fset); - r = select(FD_SETSIZE, &fset, NULL, NULL, &tv); + r = select(maxfd + 1, &fset, NULL, NULL, &tv); if(r < 0) { if(errno != EINTR && errno != EAGAIN) { diff --git a/src/net_socket.c b/src/net_socket.c index 05485f8d..b17dd8db 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.22 2002/09/15 14:55:53 guus Exp $ + $Id: net_socket.c,v 1.1.2.23 2003/01/17 00:37:20 guus Exp $ */ #include "config.h" @@ -139,7 +139,7 @@ int setup_listen_socket(sockaddr_t *sa) return -1; } #else - syslog(LOG_WARNING, _("BindToDevice not supported on this platform")); + syslog(LOG_WARNING, _("BindToInterface not supported on this platform")); #endif } @@ -242,52 +242,6 @@ void retry_outgoing(outgoing_t *outgoing) outgoing->timeout); } -int setup_outgoing_socket(connection_t *c) -{ - int option; - - cp(); - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, - c->hostname); - - c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); - - if(c->socket == -1) { - syslog(LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, - strerror(errno)); - return -1; - } - - /* Optimize TCP settings */ - -#if defined(SOL_TCP) && defined(TCP_NODELAY) - option = 1; - setsockopt(c->socket, SOL_TCP, TCP_NODELAY, &option, sizeof(option)); -#endif - -#if defined(SOL_IP) && defined(IP_TOS) - option = IPTOS_LOWDELAY; - setsockopt(c->socket, SOL_IP, IP_TOS, &option, sizeof(option)); -#endif - - /* Connect */ - - if(connect(c->socket, &c->address.sa, SALEN(c->address.sa)) == -1) { - close(c->socket); - syslog(LOG_ERR, _("Error while connecting to %s (%s): %s"), c->name, - c->hostname, strerror(errno)); - return -1; - } - - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); - - return 0; -} - - void finish_connecting(connection_t *c) { cp(); diff --git a/src/protocol_auth.c b/src/protocol_auth.c index da2fa130..134e0f06 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.18 2003/01/12 17:02:23 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.19 2003/01/17 00:37:20 guus Exp $ */ #include "config.h" @@ -152,7 +152,7 @@ int send_metakey(connection_t *c) c->outkey = xmalloc(len); if(!c->outctx) - c->outctx = xmalloc(sizeof(*c->outctx)); + c->outctx = xmalloc_and_zero(sizeof(*c->outctx)); cp(); /* Copy random data to the buffer */ @@ -224,9 +224,7 @@ int metakey_h(connection_t *c) cp(); - if(sscanf - (c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, - &compression, buffer) != 5) { + if(sscanf(c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) { syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); return -1; @@ -237,8 +235,7 @@ int metakey_h(connection_t *c) /* Check if the length of the meta key is all right */ if(strlen(buffer) != len * 2) { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, - c->hostname, "wrong keylength"); + syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); return -1; } @@ -248,7 +245,7 @@ int metakey_h(connection_t *c) c->inkey = xmalloc(len); if(!c->inctx) - c->inctx = xmalloc(sizeof(*c->inctx)); + c->inctx = xmalloc_and_zero(sizeof(*c->inctx)); /* Convert the challenge from hexadecimal back to binary */ @@ -265,8 +262,7 @@ int metakey_h(connection_t *c) if(debug_lvl >= DEBUG_SCARY_THINGS) { bin2hex(c->inkey, buffer, len); buffer[len * 2] = '\0'; - syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), - buffer); + syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); } /* All incoming requests will now be encrypted. */ @@ -275,10 +271,9 @@ int metakey_h(connection_t *c) if(cipher) { c->incipher = EVP_get_cipherbynid(cipher); - + if(!c->incipher) { - syslog(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, - c->hostname); + syslog(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); return -1; } @@ -298,14 +293,12 @@ int metakey_h(connection_t *c) c->indigest = EVP_get_digestbynid(digest); if(!c->indigest) { - syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, - c->hostname); + syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); return -1; } if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) { - syslog(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, - c->hostname); + syslog(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); return -1; } } else { From 1783a3aaa9b692ab64260a9c2adf588ed6083a1c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 17 Jan 2003 00:43:58 +0000 Subject: [PATCH 720/923] Various fixes for autoconf and OpenSSL 0.9.7 and a missing header. --- configure.in | 8 ++++---- lib/fake-getnameinfo.c | 1 + m4/openssl.m4 | 10 +--------- src/tincd.c | 12 ++++++++++-- 4 files changed, 16 insertions(+), 15 deletions(-) diff --git a/configure.in b/configure.in index 77db35a4..0477c213 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.59 2002/09/15 14:55:53 guus Exp $ +dnl $Id: configure.in,v 1.13.2.60 2003/01/17 00:43:56 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -36,7 +36,7 @@ AC_ISC_POSIX dnl Check and set OS -AC_CANONICAL_HOST +#AC_CANONICAL_HOST case $host_os in *linux*) @@ -169,11 +169,11 @@ AC_ARG_ENABLE(tracing, AC_SUBST(INCLUDES) -AC_OUTPUT(Makefile po/Makefile.in +AC_OUTPUT(Makefile src/Makefile doc/Makefile doc/es/Makefile lib/Makefile -m4/Makefile po/Makefile.in +m4/Makefile ) diff --git a/lib/fake-getnameinfo.c b/lib/fake-getnameinfo.c index 05416487..50d0722f 100644 --- a/lib/fake-getnameinfo.c +++ b/lib/fake-getnameinfo.c @@ -22,6 +22,7 @@ #include #include "fake-getnameinfo.h" +#include "fake-getaddrinfo.h" #ifndef HAVE_GETNAMEINFO diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 40ad4fd0..79dd3c11 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -29,15 +29,7 @@ AC_DEFUN(tinc_OPENSSL, [AC_MSG_ERROR([OpenSSL libraries not found.])] ) - AC_CHECK_FUNCS(RAND_pseudo_bytes) - - AC_CHECK_FUNC(OpenSSL_add_all_algorithms, - [], - [AC_CHECK_FUNC(SSLeay_add_all_algorithms, - [AC_DEFINE(HAVE_SSLEAY_ADD_ALL_ALGORITHMS, 1, [Defined if this function should be used instead of OpenSLL_add_all_algorithms])], - [AC_MSG_ERROR([Missing required OpenSSL functionality!])] - )] - ) + AC_CHECK_FUNCS([RAND_pseudo_bytes OPENSSL_add_all_algorithms_noconf OpenSSL_add_all_algorithms SSLeay_add_all_algorithms]) AC_CHECK_FUNC(dlopen, [], diff --git a/src/tincd.c b/src/tincd.c index 2aa16dd4..4335d7b6 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.65 2002/09/15 14:55:54 guus Exp $ + $Id: tincd.c,v 1.10.4.66 2003/01/17 00:43:58 guus Exp $ */ #include "config.h" @@ -390,10 +390,18 @@ int main(int argc, char **argv, char **envp) RAND_load_file("/dev/urandom", 1024); +#ifdef HAVE_OPENSSL_ADD_ALL_ALGORITHMS_NOCONF + OPENSSL_add_all_algorithms_noconf(); +#else +#ifdef HAVE_OPENSSL_ADD_ALL_ALGORITHMS + OpenSSL_add_all_algorithms(); +#else #ifdef HAVE_SSLEAY_ADD_ALL_ALGORITHMS SSLeay_add_all_algorithms(); #else - OpenSSL_add_all_algorithms(); +#error No add_all_algorithms function available! +#endif +#endif #endif if(generate_keys) { From 2fff0a91a7e3e5f44e97255b6dd5807656b255a8 Mon Sep 17 00:00:00 2001 From: Ivo Timmermans Date: Fri, 14 Mar 2003 09:43:10 +0000 Subject: [PATCH 721/923] Call RSA_blinding_on(), as advised in the paper on http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html to offer some resistance against timing attacks. --- src/net_setup.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index acb156cc..0eef4289 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.28 2003/01/14 12:53:59 guus Exp $ + $Id: net_setup.c,v 1.1.2.29 2003/03/14 09:43:10 zarq Exp $ */ #include "config.h" @@ -85,8 +85,10 @@ int read_rsa_public_key(connection_t *c) cp(); - if(!c->rsa_key) + if(!c->rsa_key) { c->rsa_key = RSA_new(); + RSA_blinding_on(c->rsa_key, NULL); + } /* First, check for simple PublicKey statement */ @@ -132,8 +134,10 @@ int read_rsa_public_key(connection_t *c) c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); fclose(fp); - if(c->rsa_key) + if(c->rsa_key) { + RSA_blinding_on(c->rsa_key, NULL); return 0; + } syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), fname, strerror(errno)); @@ -166,6 +170,7 @@ int read_rsa_public_key(connection_t *c) if(fp) { c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); + RSA_blinding_on(c->rsa_key, NULL); fclose(fp); } @@ -188,6 +193,7 @@ int read_rsa_private_key(void) if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { myself->connection->rsa_key = RSA_new(); + RSA_blinding_on(myself->connection->rsa_key, NULL); BN_hex2bn(&myself->connection->rsa_key->d, key); BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); free(key); From 88ae2e9e0c1eb62d9b74c4b38d9c0e93557fed9f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 19 Mar 2003 11:43:42 +0000 Subject: [PATCH 722/923] Make sure send_meta() writes everything. --- src/meta.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/src/meta.c b/src/meta.c index 0025dd83..4622269a 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.31 2002/09/10 09:40:25 guus Exp $ + $Id: meta.c,v 1.1.2.32 2003/03/19 11:43:42 guus Exp $ */ #include "config.h" @@ -44,6 +44,7 @@ int send_meta(connection_t *c, char *buffer, int length) char *bufp; int outlen; char outbuf[MAXBUFSIZE]; + int result; cp(); @@ -58,12 +59,19 @@ int send_meta(connection_t *c, char *buffer, int length) } else bufp = buffer; - if(write(c->socket, bufp, length) < 0) { - syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, - c->hostname, strerror(errno)); - return -1; + while(length) { + result = write(c->socket, bufp, length); + if(result <= 0) { + if(errno = EINTR) + continue; + syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, + c->hostname, strerror(errno)); + return -1; + } + bufp += result; + length -= result; } - + return 0; } From 69158563e9f790777eb27aeb8484a86d12385af4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 19 Mar 2003 11:45:05 +0000 Subject: [PATCH 723/923] Typo. --- src/meta.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/meta.c b/src/meta.c index 4622269a..e1e1c677 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.32 2003/03/19 11:43:42 guus Exp $ + $Id: meta.c,v 1.1.2.33 2003/03/19 11:45:05 guus Exp $ */ #include "config.h" @@ -62,7 +62,7 @@ int send_meta(connection_t *c, char *buffer, int length) while(length) { result = write(c->socket, bufp, length); if(result <= 0) { - if(errno = EINTR) + if(errno == EINTR) continue; syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, c->hostname, strerror(errno)); From 9792ba2cac35cb50cc99b72dd4cb9d3ef350dbd4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 28 Mar 2003 13:41:49 +0000 Subject: [PATCH 724/923] - Avoid memory leak caused by OpenSSL 0.9.7a. - Disable RSA_blinding_on() because it segfaults. --- src/net.h | 4 +++- src/net_packet.c | 19 +++++++++---------- src/net_setup.c | 12 +++++++----- 3 files changed, 19 insertions(+), 16 deletions(-) diff --git a/src/net.h b/src/net.h index 93c8be19..d6527343 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.55 2002/09/15 12:26:24 guus Exp $ + $Id: net.h,v 1.9.4.56 2003/03/28 13:41:49 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -29,6 +29,7 @@ #include #include #include +#include #ifdef HAVE_INTTYPES_H #include @@ -128,6 +129,7 @@ extern int do_prune; extern int do_purge; extern char *myport; extern time_t now; +extern EVP_CIPHER_CTX packet_ctx; extern void retry_outgoing(outgoing_t *); extern void handle_incoming_vpn_data(int); diff --git a/src/net_packet.c b/src/net_packet.c index 65ec7d75..07f578e5 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.25 2002/11/14 22:09:03 guus Exp $ + $Id: net_packet.c,v 1.1.2.26 2003/03/28 13:41:49 guus Exp $ */ #include "config.h" @@ -80,6 +80,7 @@ int keylifetime = 0; int keyexpires = 0; +EVP_CIPHER_CTX packet_ctx; #define MAX_SEQNO 1073741824 @@ -93,7 +94,6 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) vpn_packet_t *outpkt = pkt[0]; int outlen, outpad; long int complen = MTU + 12; - EVP_CIPHER_CTX ctx; char hmac[EVP_MAX_MD_SIZE]; cp(); @@ -118,12 +118,12 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) if(myself->cipher) { outpkt = pkt[nextpkt++]; - EVP_DecryptInit(&ctx, myself->cipher, myself->key, + EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); - EVP_DecryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen, + EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, (char *) &inpkt->seqno, inpkt->len); - EVP_DecryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad); - + EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); + outpkt->len = outlen + outpad; inpkt = outpkt; } @@ -196,7 +196,6 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) int origlen; int outlen, outpad; long int complen = MTU + 12; - EVP_CIPHER_CTX ctx; vpn_packet_t *copy; static int priority = 0; int origpriority; @@ -260,10 +259,10 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) if(n->cipher) { outpkt = pkt[nextpkt++]; - EVP_EncryptInit(&ctx, n->cipher, n->key, n->key + n->cipher->key_len); - EVP_EncryptUpdate(&ctx, (char *) &outpkt->seqno, &outlen, + EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len); + EVP_EncryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, (char *) &inpkt->seqno, inpkt->len); - EVP_EncryptFinal(&ctx, (char *) &outpkt->seqno + outlen, &outpad); + EVP_EncryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); outpkt->len = outlen + outpad; inpkt = outpkt; diff --git a/src/net_setup.c b/src/net_setup.c index 0eef4289..fcbc8c5d 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.29 2003/03/14 09:43:10 zarq Exp $ + $Id: net_setup.c,v 1.1.2.30 2003/03/28 13:41:49 guus Exp $ */ #include "config.h" @@ -87,7 +87,7 @@ int read_rsa_public_key(connection_t *c) if(!c->rsa_key) { c->rsa_key = RSA_new(); - RSA_blinding_on(c->rsa_key, NULL); +// RSA_blinding_on(c->rsa_key, NULL); } /* First, check for simple PublicKey statement */ @@ -135,7 +135,7 @@ int read_rsa_public_key(connection_t *c) fclose(fp); if(c->rsa_key) { - RSA_blinding_on(c->rsa_key, NULL); +// RSA_blinding_on(c->rsa_key, NULL); return 0; } @@ -170,7 +170,7 @@ int read_rsa_public_key(connection_t *c) if(fp) { c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); - RSA_blinding_on(c->rsa_key, NULL); +// RSA_blinding_on(c->rsa_key, NULL); fclose(fp); } @@ -193,7 +193,7 @@ int read_rsa_private_key(void) if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { myself->connection->rsa_key = RSA_new(); - RSA_blinding_on(myself->connection->rsa_key, NULL); +// RSA_blinding_on(myself->connection->rsa_key, NULL); BN_hex2bn(&myself->connection->rsa_key->d, key); BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); free(key); @@ -404,6 +404,8 @@ int setup_myself(void) keylifetime = 3600; keyexpires = now + keylifetime; + + EVP_CIPHER_CTX_init(&packet_ctx); /* Check if we want to use message authentication codes... */ From 7d21a8d1c7fd8909fe02385dbb4717c074db4648 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 29 Mar 2003 21:51:21 +0000 Subject: [PATCH 725/923] - Speed up checksumming - If a destination is not found in the subnet list or the destination node is unreachable, respond with an appropiate ICMP message. --- src/route.c | 204 ++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 181 insertions(+), 23 deletions(-) diff --git a/src/route.c b/src/route.c index ff84ee98..00aa4863 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.46 2002/09/09 22:33:16 guus Exp $ + $Id: route.c,v 1.1.2.47 2003/03/29 21:51:21 guus Exp $ */ #include "config.h" @@ -36,6 +36,8 @@ #ifdef HAVE_NETINET_IN_SYSTM_H #include #endif +#include +#include #include #include #include @@ -67,6 +69,34 @@ int priorityinheritance = 0; int macexpire = 600; subnet_t mymac; +/* RFC 1071 */ + +uint16_t inet_checksum(void *data, int len, uint16_t prevsum) +{ + uint16_t *p = data; + uint32_t checksum = prevsum ^ 0xFFFF; + + len /= 2; + + while(len--) + checksum += *p++; + + while(checksum >> 16) + checksum = (checksum & 0xFFFF) + (checksum >> 16); + + return ~checksum; +} + +int ratelimit(void) { + static time_t lasttime = 0; + + if(lasttime == now) + return 1; + + lasttime = now; + return 0; +} + void learn_mac(mac_t *address) { subnet_t *subnet; @@ -151,6 +181,67 @@ node_t *route_mac(vpn_packet_t *packet) return NULL; } +/* RFC 792 */ + +void route_ipv4_unreachable(vpn_packet_t *packet, uint8_t code) +{ + struct ip *hdr; + struct icmp *icmp; + + struct in_addr ip_src; + struct in_addr ip_dst; + uint32_t oldlen; + + if(ratelimit()) + return; + + cp(); + + hdr = (struct ip *)(packet->data + 14); + icmp = (struct icmp *)(packet->data + 14 + 20); + + /* Remember original source and destination */ + + memcpy(&ip_src, &hdr->ip_src, 4); + memcpy(&ip_dst, &hdr->ip_dst, 4); + oldlen = packet->len - 14; + + if(oldlen >= IP_MSS - sizeof(*hdr) - sizeof(struct icmphdr)) + oldlen = IP_MSS - sizeof(*hdr) - sizeof(struct icmphdr); + + /* Copy first part of original contents to ICMP message */ + + memmove(&icmp->icmp_ip, hdr, oldlen); + + /* Fill in IPv4 header */ + + hdr->ip_v = 4; + hdr->ip_hl = sizeof(*hdr) / 4; + hdr->ip_tos = 0; + hdr->ip_len = htons(20 + 8 + oldlen); + hdr->ip_id = 0; + hdr->ip_off = 0; + hdr->ip_ttl = 255; + hdr->ip_p = IPPROTO_ICMP; + hdr->ip_sum = 0; + memcpy(&hdr->ip_src, &ip_dst, 4); + memcpy(&hdr->ip_dst, &ip_src, 4); + + hdr->ip_sum = inet_checksum(hdr, 20, ~0); + + /* Fill in ICMP header */ + + icmp->icmp_type = ICMP_DEST_UNREACH; + icmp->icmp_code = code; + icmp->icmp_cksum = 0; + + icmp->icmp_cksum = inet_checksum(icmp, 8 + oldlen, ~0); + + packet->len = 14 + 20 + 8 + oldlen; + + write_packet(packet); +} + node_t *route_ipv4(vpn_packet_t *packet) { subnet_t *subnet; @@ -169,12 +260,86 @@ node_t *route_ipv4(vpn_packet_t *packet) packet->data[33]); } + route_ipv4_unreachable(packet, ICMP_NET_UNKNOWN); return NULL; } + + if(!subnet->owner->status.reachable) + route_ipv4_unreachable(packet, ICMP_NET_UNREACH); return subnet->owner; } +/* RFC 2463 */ + +void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) +{ + struct ip6_hdr *hdr; + struct icmp6_hdr *icmp; + uint16_t checksum; + + struct { + struct in6_addr ip6_src; /* source address */ + struct in6_addr ip6_dst; /* destination address */ + uint32_t length; + uint32_t next; + } pseudo; + + if(ratelimit()) + return; + + cp(); + + hdr = (struct ip6_hdr *)(packet->data + 14); + icmp = (struct icmp6_hdr *)(packet->data + 14 + sizeof(*hdr)); + + /* Remember original source and destination */ + + memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); + memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); + pseudo.length = ntohs(hdr->ip6_plen) + sizeof(*hdr); + + if(pseudo.length >= IP_MSS - sizeof(*hdr) - sizeof(*icmp)) + pseudo.length = IP_MSS - sizeof(*hdr) - sizeof(*icmp); + + /* Copy first part of original contents to ICMP message */ + + memmove(((char *)icmp) + sizeof(*icmp), hdr, pseudo.length); + + /* Fill in IPv6 header */ + + hdr->ip6_flow = htonl(0x60000000UL); + hdr->ip6_plen = htons(sizeof(*icmp) + pseudo.length); + hdr->ip6_nxt = IPPROTO_ICMPV6; + hdr->ip6_hlim = 255; + memcpy(&hdr->ip6_dst, &pseudo.ip6_src, 16); + memcpy(&hdr->ip6_src, &pseudo.ip6_dst, 16); + + /* Fill in ICMP header */ + + icmp->icmp6_type = ICMP6_DST_UNREACH; + icmp->icmp6_code = code; + icmp->icmp6_cksum = 0; + + /* Create pseudo header */ + + memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); + memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); + pseudo.length = htonl(sizeof(*icmp) + pseudo.length); + pseudo.next = htonl(IPPROTO_ICMPV6); + + /* Generate checksum */ + + checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0); + checksum = inet_checksum(icmp, ntohl(pseudo.length), checksum); + + icmp->icmp6_cksum = checksum; + + packet->len = 14 + sizeof(*hdr) + ntohl(pseudo.length); + + write_packet(packet); +} + node_t *route_ipv6(vpn_packet_t *packet) { subnet_t *subnet; @@ -195,25 +360,18 @@ node_t *route_ipv6(vpn_packet_t *packet) ntohs(*(uint16_t *) & packet->data[50]), ntohs(*(uint16_t *) & packet->data[52])); } + route_ipv6_unreachable(packet, ICMP6_DST_UNREACH_ADDR); return NULL; } + if(!subnet->owner->status.reachable) + route_ipv6_unreachable(packet, ICMP6_DST_UNREACH_NOROUTE); + return subnet->owner; } -uint16_t inet_checksum(uint16_t *data, int len, uint16_t prevsum) -{ - uint32_t checksum = prevsum ^ 0xFFFF; - - while(len--) - checksum += ntohs(*data++); - - while(checksum >> 16) - checksum = (checksum & 0xFFFF) + (checksum >> 16); - - return checksum ^ 0xFFFF; -} +/* RFC 2461 */ void route_neighborsol(vpn_packet_t *packet) { @@ -227,7 +385,7 @@ void route_neighborsol(vpn_packet_t *packet) struct in6_addr ip6_src; /* source address */ struct in6_addr ip6_dst; /* destination address */ uint32_t length; - uint8_t junk[4]; + uint32_t next; } pseudo; cp(); @@ -255,13 +413,12 @@ void route_neighborsol(vpn_packet_t *packet) memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); - pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; - pseudo.junk[3] = IPPROTO_ICMPV6; + pseudo.next = htonl(IPPROTO_ICMPV6); /* Generate checksum */ - checksum = inet_checksum((uint16_t *) & pseudo, sizeof(pseudo) / 2, ~0); - checksum = inet_checksum((uint16_t *) ns, sizeof(*ns) / 2 + 4, checksum); + checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0); + checksum = inet_checksum(ns, sizeof(*ns) + 8, checksum); if(checksum) { if(debug_lvl >= DEBUG_TRAFFIC) @@ -317,19 +474,20 @@ void route_neighborsol(vpn_packet_t *packet) memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); - pseudo.junk[0] = pseudo.junk[1] = pseudo.junk[2] = 0; - pseudo.junk[3] = IPPROTO_ICMPV6; + pseudo.next = htonl(IPPROTO_ICMPV6); /* Generate checksum */ - checksum = inet_checksum((uint16_t *) & pseudo, sizeof(pseudo) / 2, ~0); - checksum = inet_checksum((uint16_t *) ns, sizeof(*ns) / 2 + 4, checksum); + checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0); + checksum = inet_checksum(ns, sizeof(*ns) + 8, checksum); - ns->nd_ns_hdr.icmp6_cksum = htons(checksum); + ns->nd_ns_hdr.icmp6_cksum = checksum; write_packet(packet); } +/* RFC 826 */ + void route_arp(vpn_packet_t *packet) { struct ether_arp *arp; From c3ad3731a8dfa34535a156a7cfdb4e18afaa8bce Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 29 Mar 2003 21:58:35 +0000 Subject: [PATCH 726/923] Don't copy more than necessary. --- src/route.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/src/route.c b/src/route.c index 00aa4863..53cf2d58 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.47 2003/03/29 21:51:21 guus Exp $ + $Id: route.c,v 1.1.2.48 2003/03/29 21:58:35 guus Exp $ */ #include "config.h" @@ -295,8 +295,8 @@ void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) /* Remember original source and destination */ - memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); - memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); + memcpy(&pseudo.ip6_src, &hdr->ip6_dst, 16); + memcpy(&pseudo.ip6_dst, &hdr->ip6_src, 16); pseudo.length = ntohs(hdr->ip6_plen) + sizeof(*hdr); if(pseudo.length >= IP_MSS - sizeof(*hdr) - sizeof(*icmp)) @@ -312,8 +312,8 @@ void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) hdr->ip6_plen = htons(sizeof(*icmp) + pseudo.length); hdr->ip6_nxt = IPPROTO_ICMPV6; hdr->ip6_hlim = 255; - memcpy(&hdr->ip6_dst, &pseudo.ip6_src, 16); - memcpy(&hdr->ip6_src, &pseudo.ip6_dst, 16); + memcpy(&hdr->ip6_dst, &pseudo.ip6_dst, 16); + memcpy(&hdr->ip6_src, &pseudo.ip6_src, 16); /* Fill in ICMP header */ @@ -323,8 +323,6 @@ void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) /* Create pseudo header */ - memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); - memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); pseudo.length = htonl(sizeof(*icmp) + pseudo.length); pseudo.next = htonl(IPPROTO_ICMPV6); From 8285827da127e38728b60b5c5484e5cdabff2f21 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 29 Mar 2003 22:11:22 +0000 Subject: [PATCH 727/923] Checksums must also work for uneven number of bytes. --- src/route.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/route.c b/src/route.c index 53cf2d58..06dffc97 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.48 2003/03/29 21:58:35 guus Exp $ + $Id: route.c,v 1.1.2.49 2003/03/29 22:11:22 guus Exp $ */ #include "config.h" @@ -76,10 +76,13 @@ uint16_t inet_checksum(void *data, int len, uint16_t prevsum) uint16_t *p = data; uint32_t checksum = prevsum ^ 0xFFFF; - len /= 2; - - while(len--) + while(len >= 2) { checksum += *p++; + len -= 2; + } + + if(len) + checksum += *(unsigned char *)p; while(checksum >> 16) checksum = (checksum & 0xFFFF) + (checksum >> 16); From 51a1bcf00143319c74ffb58a66a19c41be422c21 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 3 Apr 2003 11:43:17 +0000 Subject: [PATCH 728/923] HUP signal now closes connections to hosts if their host config file is gone or changed. The tinc.conf file is reread for changes in the ConnectTo lines. --- src/net.c | 45 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 34 insertions(+), 11 deletions(-) diff --git a/src/net.c b/src/net.c index ee18037b..c1030b5b 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.183 2003/01/17 00:37:18 guus Exp $ + $Id: net.c,v 1.35.4.184 2003/04/03 11:43:17 guus Exp $ */ #include "config.h" @@ -329,12 +329,13 @@ void main_loop(void) fd_set fset; struct timeval tv; int r, maxfd; - time_t last_ping_check; + time_t last_ping_check, last_config_check; event_t *event; cp(); last_ping_check = now; + last_config_check = now; srand(now); for(;;) { @@ -407,24 +408,46 @@ void main_loop(void) } if(sighup) { + connection_t *c; + avl_node_t *node; + char *fname; + struct stat s; + sighup = 0; - close_network_connections(); + + /* Reread our own configuration file */ + exit_configuration(&config_tree); - - syslog(LOG_INFO, _("Rereading configuration file and restarting in 5 seconds...")); - sleep(5); - init_configuration(&config_tree); if(read_server_config()) { - syslog(LOG_ERR, - _("Unable to reread configuration file, exitting.")); + syslog(LOG_ERR, _("Unable to reread configuration file, exitting.")); exit(1); } - if(setup_network_connections()) - return; + /* Close connections to hosts that have a changed or deleted host config file */ + + for(node = connection_tree->head; node; node = node->next) { + c = (connection_t *) node->data; + + if(c->outgoing) { + free(c->outgoing->name); + free(c->outgoing); + c->outgoing = NULL; + } + + asprintf(&fname, "%s/hosts/%s", confbase, c->name); + if(stat(fname, &s) || s.st_mtime > last_config_check) + terminate_connection(c, c->status.active); + free(fname); + } + last_config_check = now; + + /* Try to make outgoing connections */ + + try_outgoing_connections(); + continue; } } From bc9e78250ef6fb5169d03565b7d8d9caf309eb98 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 18 Apr 2003 21:18:36 +0000 Subject: [PATCH 729/923] Better handling of late packets. --- src/net_packet.c | 29 ++++++++++++++++++++--------- src/node.h | 3 ++- src/protocol_key.c | 3 ++- 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/src/net_packet.c b/src/net_packet.c index 07f578e5..724eaa33 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.26 2003/03/28 13:41:49 guus Exp $ + $Id: net_packet.c,v 1.1.2.27 2003/04/18 21:18:36 guus Exp $ */ #include "config.h" @@ -95,6 +95,7 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) int outlen, outpad; long int complen = MTU + 12; char hmac[EVP_MAX_MD_SIZE]; + int i; cp(); @@ -133,16 +134,26 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) inpkt->len -= sizeof(inpkt->seqno); inpkt->seqno = ntohl(inpkt->seqno); - if(inpkt->seqno <= n->received_seqno) { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, - _("Got late or replayed packet from %s (%s), seqno %d"), - n->name, n->hostname, inpkt->seqno); - return; + if(inpkt->seqno != n->received_seqno + 1) { + if(inpkt->seqno >= n->received_seqno + sizeof(n->late) * 8) { + if(debug_lvl >= DEBUG_TRAFFIC) + syslog(LOG_WARNING, _("Lost %d packets from %s (%s)"), + inpkt->seqno - n->received_seqno - 1, n->name, n->hostname); + + memset(n->late, 0, sizeof(n->late)); + } else if (inpkt->seqno <= n->received_seqno) { + if(inpkt->seqno <= n->received_seqno - sizeof(n->late) * 8 || !(n->late[(inpkt->seqno / 8) % sizeof(n->late)] & (1 << inpkt->seqno % 8))) { + syslog(LOG_WARNING, _("Got late or replayed packet from %s (%s), seqno %d, last received %d"), + n->name, n->hostname, inpkt->seqno, n->received_seqno, n->late[(inpkt->seqno / 8) % sizeof(n->late)]); + } else + for(i = n->received_seqno + 1; i < inpkt->seqno; i++) + n->late[(inpkt->seqno / 8) % sizeof(n->late)] |= 1 << i % 8; + } } - + n->received_seqno = inpkt->seqno; - + n->late[(n->received_seqno / 8) % sizeof(n->late)] &= ~(1 << n->received_seqno % 8); + if(n->received_seqno > MAX_SEQNO) keyexpires = 0; diff --git a/src/node.h b/src/node.h index e4dcd524..6e5e68eb 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.20 2002/09/09 21:24:41 guus Exp $ + $Id: node.h,v 1.1.2.21 2003/04/18 21:18:36 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -73,6 +73,7 @@ typedef struct node_t { uint32_t sent_seqno; /* Sequence number last sent to this node */ uint32_t received_seqno; /* Sequence number last received from this node */ + unsigned char late[16]; /* Bitfield marking late packets */ } node_t; extern struct node_t *myself; diff --git a/src/protocol_key.c b/src/protocol_key.c index 2453975d..786a8a17 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.14 2002/09/09 22:33:03 guus Exp $ + $Id: protocol_key.c,v 1.1.4.15 2003/04/18 21:18:36 guus Exp $ */ #include "config.h" @@ -135,6 +135,7 @@ int req_key_h(connection_t *c) if(to == myself) { /* Yes, send our own key back */ mykeyused = 1; from->received_seqno = 0; + memset(from->late, 0, sizeof(from->late)); send_ans_key(c, myself, from); } else { send_req_key(to->nexthop->connection, from, to); From 1ad2394b8468593030653bbfd0dee879fb711432 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 19 Apr 2003 11:12:45 +0000 Subject: [PATCH 730/923] Make sure outgoing_t is completely freed. --- src/net.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/net.c b/src/net.c index c1030b5b..a20de41f 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.184 2003/04/03 11:43:17 guus Exp $ + $Id: net.c,v 1.35.4.185 2003/04/19 11:12:45 guus Exp $ */ #include "config.h" @@ -432,6 +432,7 @@ void main_loop(void) if(c->outgoing) { free(c->outgoing->name); + freeaddrinfo(c->outgoing->ai); free(c->outgoing); c->outgoing = NULL; } From c70f52087bf6f7514684bbc859b83aec2ca17ae4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 6 May 2003 21:13:18 +0000 Subject: [PATCH 731/923] - Per-node EVP_CIPHER_CTX to avoid initialisation overhead. - LZO compression, thanks to Teemu Kiviniemi. - Updated dutch translation. --- THANKS | 2 + configure.in | 3 +- po/nl.po | 267 +++++++++++++++++++++++---------------------- src/net.c | 3 +- src/net.h | 9 +- src/net_packet.c | 65 +++++++++-- src/net_setup.c | 5 +- src/node.c | 5 +- src/node.h | 5 +- src/protocol_key.c | 9 +- 10 files changed, 218 insertions(+), 155 deletions(-) diff --git a/THANKS b/THANKS index e58c4289..9eef8a57 100644 --- a/THANKS +++ b/THANKS @@ -23,6 +23,8 @@ We would like to thank * Ivo van Dong (for help during the early versions of tinc) * Jeroen Ubbink (for help testing tinc on Free- and NetBSD) * LarstiQ (for help testing tinc on MacOS/X) + * Marc A. Lehmann (for bitching and valid criticism) + * Teemu Kiviniemi (for his lzo compression patch) for their help, support and ideas. Thank you guys! diff --git a/configure.in b/configure.in index 0477c213..83e1faec 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.60 2003/01/17 00:43:56 guus Exp $ +dnl $Id: configure.in,v 1.13.2.61 2003/05/06 21:13:13 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -154,6 +154,7 @@ dnl These are defined in files in m4/ tinc_TUNTAP tinc_OPENSSL tinc_ZLIB +tinc_LZO dnl Check if support for jumbograms is requested AC_ARG_ENABLE(jumbograms, diff --git a/po/nl.po b/po/nl.po index c7dc27b7..ca8dfefa 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,8 +5,8 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2002-09-15 15:51+0200\n" -"PO-Revision-Date: 2002-09-15 15:51+0200\n" +"POT-Creation-Date: 2003-05-06 23:10+0200\n" +"PO-Revision-Date: 2003-05-06 23:10+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" @@ -138,37 +138,37 @@ msgstr " %s op %s opties %lx socket %d status %04x" msgid "End of connections." msgstr "Einde van verbindingen." -#: src/meta.c:51 +#: src/meta.c:52 #, c-format msgid "Sending %d bytes of metadata to %s (%s)" msgstr "Verzenden van %d bytes metadata naar %s (%s)" -#: src/meta.c:62 +#: src/meta.c:67 #, c-format msgid "Sending meta data to %s (%s) failed: %s" msgstr "Fout tijdens verzenden metadata naar %s (%s): %s" -#: src/meta.c:97 +#: src/meta.c:105 #, c-format msgid "This is a bug: %s:%d: %d:%s %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%s %s (%s)" -#: src/meta.c:103 +#: src/meta.c:111 #, c-format msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s): %s" -#: src/meta.c:122 +#: src/meta.c:130 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:127 +#: src/meta.c:135 #, c-format msgid "Metadata socket read error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" -#: src/meta.c:190 +#: src/meta.c:198 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" @@ -182,238 +182,240 @@ msgstr "Verwijderen onbereikbare nodes" msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:177 +#: src/net.c:188 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:231 +#: src/net.c:242 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:240 +#: src/net.c:251 #, c-format msgid "Old connection_t for %s (%s) status %04x still lingering, deleting..." msgstr "" "Oude connection_t voor %s (%s) status %04x nog steeds aanwezig, wordt " "verwijderd..." -#: src/net.c:246 +#: src/net.c:257 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:289 src/net_socket.c:279 +#: src/net.c:300 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:341 +#: src/net.c:353 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:373 +#: src/net.c:385 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:388 +#: src/net.c:401 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:403 -msgid "Rereading configuration file and restarting in 5 seconds..." -msgstr "Herlezen configuratiebestand en herstarten na 5 seconden..." - -#: src/net.c:410 +#: src/net.c:425 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." -#: src/net_packet.c:110 +#: src/net_packet.c:154 #, c-format msgid "Got unauthenticated packet from %s (%s)" msgstr "Kreeg niet-geauthenticeerd pakket van %s (%s)" -#: src/net_packet.c:139 +#: src/net_packet.c:184 #, c-format -msgid "Got late or replayed packet from %s (%s), seqno %d" -msgstr "Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d" +msgid "Lost %d packets from %s (%s)" +msgstr "%d pakketten van %s (%s) verloren" -#: src/net_packet.c:155 +#: src/net_packet.c:190 +#, c-format +msgid "Got late or replayed packet from %s (%s), seqno %d, last received %d" +msgstr "" +"Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d, laatste ontvangen %d" + +#: src/net_packet.c:210 #, c-format msgid "Error while uncompressing packet from %s (%s)" msgstr "Fout tijdens decomprimeren pakket van %s (%s)" -#: src/net_packet.c:184 +#: src/net_packet.c:238 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net_packet.c:212 +#: src/net_packet.c:265 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net_packet.c:244 +#: src/net_packet.c:295 #, c-format msgid "Error while compressing packet to %s (%s)" msgstr "Fout tijdens comprimeren pakket naar %s (%s)" -#: src/net_packet.c:296 +#: src/net_packet.c:347 #, c-format msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" -#: src/net_packet.c:299 src/net_setup.c:476 src/net_socket.c:110 +#: src/net_packet.c:350 src/net_setup.c:485 src/net_socket.c:110 #: src/net_socket.c:157 src/net_socket.c:187 src/tincd.c:375 src/process.c:265 #: src/process.c:295 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" -#: src/net_packet.c:305 +#: src/net_packet.c:356 #, c-format msgid "Error sending packet to %s (%s): %s" msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net_packet.c:323 +#: src/net_packet.c:374 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net_packet.c:328 +#: src/net_packet.c:379 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net_packet.c:335 +#: src/net_packet.c:386 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net_packet.c:344 +#: src/net_packet.c:395 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net_packet.c:364 +#: src/net_packet.c:415 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net_packet.c:382 +#: src/net_packet.c:433 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:403 +#: src/net_packet.c:454 #, c-format msgid "This is a bug: %s:%d: %d:%s" msgstr "Dit is een programmeerfout: %s:%d: %d:%s" -#: src/net_packet.c:410 +#: src/net_packet.c:461 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net_packet.c:417 +#: src/net_packet.c:468 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:427 +#: src/net_packet.c:478 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" -#: src/net_setup.c:108 src/net_setup.c:125 +#: src/net_setup.c:110 src/net_setup.c:127 #, c-format msgid "Error reading RSA public key file `%s': %s" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %s" -#: src/net_setup.c:138 +#: src/net_setup.c:142 #, c-format msgid "Reading RSA public key file `%s' failed: %s" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %s" -#: src/net_setup.c:177 +#: src/net_setup.c:182 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net_setup.c:204 +#: src/net_setup.c:210 #, c-format msgid "Error reading RSA private key file `%s': %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:216 +#: src/net_setup.c:222 #, c-format msgid "Reading RSA private key file `%s' failed: %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:246 src/net_setup.c:247 +#: src/net_setup.c:252 src/net_setup.c:253 msgid "MYSELF" msgstr "MIJZELF" -#: src/net_setup.c:253 +#: src/net_setup.c:259 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net_setup.c:258 +#: src/net_setup.c:264 msgid "Invalid name for myself!" msgstr "Ongeldige naam voor mijzelf!" -#: src/net_setup.c:270 +#: src/net_setup.c:276 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net_setup.c:326 +#: src/net_setup.c:332 msgid "Invalid routing mode!" msgstr "Ongeldige routing modus!" -#: src/net_setup.c:337 +#: src/net_setup.c:343 msgid "PriorityInheritance not supported on this platform" msgstr "PriorityInheritance wordt niet ondersteund op dit platform" -#: src/net_setup.c:347 +#: src/net_setup.c:353 msgid "Bogus maximum timeout!" msgstr "Onzinnige maximum timeout!" -#: src/net_setup.c:361 +#: src/net_setup.c:367 msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:380 +#: src/net_setup.c:386 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:412 +#: src/net_setup.c:421 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:426 +#: src/net_setup.c:435 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:429 +#: src/net_setup.c:438 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:444 +#: src/net_setup.c:453 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:498 +#: src/net_setup.c:507 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:509 +#: src/net_setup.c:518 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:511 +#: src/net_setup.c:520 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" @@ -428,8 +430,8 @@ msgid "Can't bind to interface %s: %s" msgstr "Kan niet aan interface %s binden: %s" #: src/net_socket.c:142 -msgid "BindToDevice not supported on this platform" -msgstr "BindToDevice wordt niet ondersteund op dit platform" +msgid "BindToInterface not supported on this platform" +msgstr "BindToInterface wordt niet ondersteund op dit platform" #: src/net_socket.c:149 #, c-format @@ -451,57 +453,57 @@ msgstr "Kan niet aan %s/udp binden: %s" msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net_socket.c:252 src/net_socket.c:350 -#, c-format -msgid "Trying to connect to %s (%s)" -msgstr "Poging tot verbinden met %s (%s)" - -#: src/net_socket.c:258 src/net_socket.c:357 -#, c-format -msgid "Creating socket for %s failed: %s" -msgstr "Aanmaken socket voor %s mislukt: %s" - -#: src/net_socket.c:285 src/net_socket.c:296 +#: src/net_socket.c:250 #, c-format msgid "Connected to %s (%s)" msgstr "Verbonden met %s (%s)" -#: src/net_socket.c:314 +#: src/net_socket.c:268 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net_socket.c:380 +#: src/net_socket.c:304 +#, c-format +msgid "Trying to connect to %s (%s)" +msgstr "Poging tot verbinden met %s (%s)" + +#: src/net_socket.c:311 +#, c-format +msgid "Creating socket for %s failed: %s" +msgstr "Aanmaken socket voor %s mislukt: %s" + +#: src/net_socket.c:334 #, c-format msgid "fcntl for %s: %s" msgstr "fcntl voor %s: %s" -#: src/net_socket.c:396 +#: src/net_socket.c:350 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/net_socket.c:418 +#: src/net_socket.c:372 #, c-format msgid "Already connected to %s" msgstr "Reeds verbonden met %s" -#: src/net_socket.c:437 +#: src/net_socket.c:391 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net_socket.c:467 +#: src/net_socket.c:421 #, c-format msgid "Accepting a new connection failed: %s" msgstr "Aanname van nieuwe verbinding is mislukt: %s" -#: src/net_socket.c:486 +#: src/net_socket.c:440 #, c-format msgid "Connection from %s" msgstr "Verbinding van %s" -#: src/net_socket.c:510 +#: src/net_socket.c:464 #, c-format msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" @@ -601,17 +603,17 @@ msgstr "Verzoek reeds gezien" msgid "Aging past requests: deleted %d, left %d\n" msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven\n" -#: src/protocol_auth.c:72 src/protocol_auth.c:230 src/protocol_auth.c:362 -#: src/protocol_auth.c:426 src/protocol_auth.c:531 src/protocol_edge.c:82 -#: src/protocol_edge.c:195 src/protocol_key.c:70 src/protocol_key.c:112 -#: src/protocol_key.c:175 src/protocol_misc.c:63 src/protocol_misc.c:94 +#: src/protocol_auth.c:72 src/protocol_auth.c:228 src/protocol_auth.c:355 +#: src/protocol_auth.c:419 src/protocol_auth.c:524 src/protocol_edge.c:82 +#: src/protocol_edge.c:196 src/protocol_key.c:70 src/protocol_key.c:112 +#: src/protocol_key.c:176 src/protocol_misc.c:63 src/protocol_misc.c:94 #: src/protocol_misc.c:188 src/protocol_subnet.c:71 src/protocol_subnet.c:162 #, c-format msgid "Got bad %s from %s (%s)" msgstr "Kreeg verkeerde %s van %s (%s)" #: src/protocol_auth.c:80 src/protocol_edge.c:90 src/protocol_edge.c:96 -#: src/protocol_edge.c:203 src/protocol_edge.c:209 src/protocol_subnet.c:79 +#: src/protocol_edge.c:204 src/protocol_edge.c:210 src/protocol_subnet.c:79 #: src/protocol_subnet.c:89 src/protocol_subnet.c:170 #: src/protocol_subnet.c:191 #, c-format @@ -638,62 +640,62 @@ msgstr "Ander %s heeft onbekende identiteit (%s)" msgid "Generated random meta key (unencrypted): %s" msgstr "Willekeurige meta sleutel aangemaakt (niet versleuteld): %s" -#: src/protocol_auth.c:188 src/protocol_auth.c:260 +#: src/protocol_auth.c:188 src/protocol_auth.c:257 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleutelen van meta key voor %s (%s)" -#: src/protocol_auth.c:240 src/protocol_auth.c:372 src/protocol_auth.c:434 -#: src/protocol_auth.c:452 +#: src/protocol_auth.c:238 src/protocol_auth.c:365 src/protocol_auth.c:427 +#: src/protocol_auth.c:445 #, c-format msgid "Possible intruder %s (%s): %s" msgstr "Mogelijke indringer %s (%s): %s" -#: src/protocol_auth.c:268 +#: src/protocol_auth.c:265 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Ontving willekeurige meta key (niet versleuteld): %s" -#: src/protocol_auth.c:280 +#: src/protocol_auth.c:276 #, c-format msgid "%s (%s) uses unknown cipher!" msgstr "%s (%s) gebruikt onbekende cipher!" -#: src/protocol_auth.c:301 src/protocol_key.c:242 +#: src/protocol_auth.c:296 src/protocol_key.c:243 #, c-format msgid "Node %s (%s) uses unknown digest!" msgstr "Node %s (%s) gebruikt onbekende digest!" -#: src/protocol_auth.c:307 +#: src/protocol_auth.c:301 #, c-format msgid "%s (%s) uses bogus MAC length!" msgstr "%s (%s) gebruikt onzinnige MAC lengte!" -#: src/protocol_auth.c:435 +#: src/protocol_auth.c:428 msgid "wrong challenge reply length" msgstr "verkeerde lengte antwoord op uitdaging" -#: src/protocol_auth.c:453 +#: src/protocol_auth.c:446 msgid "wrong challenge reply" msgstr "verkeerd antwoord op uitdaging" -#: src/protocol_auth.c:458 +#: src/protocol_auth.c:451 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwachtte antwoord op uitdaging: %s" -#: src/protocol_auth.c:548 +#: src/protocol_auth.c:541 #, c-format msgid "Established a second connection with %s (%s), closing old connection" msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" -#: src/protocol_auth.c:564 +#: src/protocol_auth.c:559 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol_edge.c:91 src/protocol_edge.c:97 src/protocol_edge.c:204 -#: src/protocol_edge.c:210 src/protocol_subnet.c:80 src/protocol_subnet.c:171 +#: src/protocol_edge.c:91 src/protocol_edge.c:97 src/protocol_edge.c:205 +#: src/protocol_edge.c:211 src/protocol_subnet.c:80 src/protocol_subnet.c:171 msgid "invalid name" msgstr "ongeldige naam" @@ -708,17 +710,17 @@ msgstr "" msgid "Got %s from %s (%s) which does not match existing entry" msgstr "Kreeg %s van %s (%s) welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:148 +#: src/protocol_edge.c:149 #, c-format msgid "Got %s from %s (%s) for ourself which does not exist" msgstr "Kreeg %s van %s (%s) voor onszelf welke niet bestaat" -#: src/protocol_edge.c:223 src/protocol_edge.c:232 src/protocol_edge.c:243 +#: src/protocol_edge.c:224 src/protocol_edge.c:233 src/protocol_edge.c:244 #, c-format msgid "Got %s from %s (%s) which does not appear in the edge tree" msgstr "Kreeg %s van %s (%s) welke niet voorkomt in de edge tree" -#: src/protocol_edge.c:250 src/protocol_subnet.c:118 src/protocol_subnet.c:218 +#: src/protocol_edge.c:251 src/protocol_subnet.c:118 src/protocol_subnet.c:218 #, c-format msgid "Got %s from %s (%s) for ourself" msgstr "Kreeg %s van %s (%s) voor onszelf" @@ -728,14 +730,14 @@ msgstr "Kreeg %s van %s (%s) voor onszelf" msgid "Got %s from %s (%s) origin %s which does not exist" msgstr "Kreeg %s van %s (%s) herkomst %s welke niet bestaat" -#: src/protocol_key.c:120 src/protocol_key.c:183 +#: src/protocol_key.c:120 src/protocol_key.c:184 #, c-format msgid "" "Got %s from %s (%s) origin %s which does not exist in our connection list" msgstr "" "Kreeg %s van %s (%s) herkomst %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:128 src/protocol_key.c:191 +#: src/protocol_key.c:128 src/protocol_key.c:192 #, c-format msgid "" "Got %s from %s (%s) destination %s which does not exist in our connection " @@ -743,21 +745,26 @@ msgid "" msgstr "" "Kreeg %s van %s (%s) doel %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:222 +#: src/protocol_key.c:223 #, c-format msgid "Node %s (%s) uses unknown cipher!" msgstr "Node %s (%s) gebruikt onbekende cipher!" -#: src/protocol_key.c:228 +#: src/protocol_key.c:229 #, c-format msgid "Node %s (%s) uses wrong keylength!" msgstr "Node %s (%s) gebruikt verkeerde lengte sleutel!" -#: src/protocol_key.c:248 +#: src/protocol_key.c:249 #, c-format msgid "Node %s (%s) uses bogus MAC length!" msgstr "Node %s (%s) gebruikt onzinnige MAC lengte!" +#: src/protocol_key.c:258 +#, c-format +msgid "Node %s (%s) uses bogus compression level!" +msgstr "Node %s (%s) gebruikt onzinnig compressieniveau!" + #: src/protocol_misc.c:69 #, c-format msgid "Status message from %s (%s): %s: %s" @@ -928,16 +935,16 @@ msgstr "" msgid "mlockall() not supported on this platform!" msgstr "mlockall() wordt niet ondersteund op dit platform!" -#: src/tincd.c:419 +#: src/tincd.c:427 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:423 +#: src/tincd.c:431 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:426 src/process.c:353 +#: src/tincd.c:434 src/process.c:353 msgid "Not restarting." msgstr "Geen herstart." @@ -1081,22 +1088,22 @@ msgstr "Signaal %d (%s) genegeerd" msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:84 +#: src/route.c:117 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:118 +#: src/route.c:151 #, c-format msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" -#: src/route.c:167 +#: src/route.c:261 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:188 +#: src/route.c:354 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1105,19 +1112,19 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:248 +#: src/route.c:407 msgid "" "Cannot route packet: received unknown type neighbor solicitation request" msgstr "" "Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation " "verzoek" -#: src/route.c:268 +#: src/route.c:426 msgid "Cannot route packet: checksum error for neighbor solicitation request" msgstr "" "Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek" -#: src/route.c:278 +#: src/route.c:436 #, c-format msgid "" "Cannot route packet: neighbor solicitation request for unknown address %hx:%" @@ -1126,25 +1133,25 @@ msgstr "" "Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres %" "hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx" -#: src/route.c:357 +#: src/route.c:516 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:368 +#: src/route.c:527 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:426 +#: src/route.c:585 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" -#: src/node.c:172 +#: src/node.c:175 msgid "Nodes:" msgstr "Nodes:" -#: src/node.c:176 +#: src/node.c:179 #, c-format msgid "" " %s at %s cipher %d digest %d maclength %d compression %d options %lx status " @@ -1153,7 +1160,7 @@ msgstr "" " %s op %s cipher %d digest %d maclengte %d compressie %d opties %lx status %" "04x nexthop %s via %s" -#: src/node.c:183 +#: src/node.c:186 msgid "End of nodes." msgstr "Einde van nodes." @@ -1170,12 +1177,12 @@ msgstr " %s naar %s op %s opties %lx gewicht %d" msgid "End of edges." msgstr "Einde van edges." -#: src/graph.c:268 +#: src/graph.c:267 #, c-format msgid "Node %s (%s) became reachable" msgstr "Node %s (%s) werd bereikbaar" -#: src/graph.c:271 +#: src/graph.c:270 #, c-format msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" diff --git a/src/net.c b/src/net.c index a20de41f..582c90a5 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.185 2003/04/19 11:12:45 guus Exp $ + $Id: net.c,v 1.35.4.186 2003/05/06 21:13:14 guus Exp $ */ #include "config.h" @@ -385,6 +385,7 @@ void main_loop(void) syslog(LOG_INFO, _("Regenerating symmetric key")); RAND_pseudo_bytes(myself->key, myself->keylength); + EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); send_key_changed(broadcast, myself); keyexpires = now + keylifetime; } diff --git a/src/net.h b/src/net.h index d6527343..6d2677bf 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.56 2003/03/28 13:41:49 guus Exp $ + $Id: net.h,v 1.9.4.57 2003/05/06 21:13:17 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -37,14 +37,13 @@ #ifdef ENABLE_JUMBOGRAMS #define MTU 9014 /* 9000 bytes payload + 14 bytes ethernet header */ -#define MAXSIZE 9100 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ -#define MAXBUFSIZE 9100 /* Must support TCP packets of length 9000. */ #else #define MTU 1514 /* 1500 bytes payload + 14 bytes ethernet header */ -#define MAXSIZE 1600 /* MTU + header (seqno) and trailer (CBC padding and HMAC) */ -#define MAXBUFSIZE 2100 /* Quite large but needed for support of keys up to 8192 bits. */ #endif +#define MAXSIZE (MTU + 4 + 8 + 64 + MTU/64 + 20) /* MTU + seqno + padding + HMAC + compressor overhead */ +#define MAXBUFSIZE ((MAXSIZE > 2048 ? MAXSIZE : 2048) + 128) /* Enough room for a request with a MAXSIZEd packet or a 8192 bits RSA key */ + #define MAXSOCKETS 128 /* Overkill... */ #define MAXQUEUELENGTH 8 /* Maximum number of packats in a single queue */ diff --git a/src/net_packet.c b/src/net_packet.c index 724eaa33..e4c4c10a 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.27 2003/04/18 21:18:36 guus Exp $ + $Id: net_packet.c,v 1.1.2.28 2003/05/06 21:13:17 guus Exp $ */ #include "config.h" @@ -56,6 +56,7 @@ #include #include +#include #include #include @@ -81,9 +82,51 @@ int keylifetime = 0; int keyexpires = 0; EVP_CIPHER_CTX packet_ctx; +char lzo_wrkmem[MAXSIZE]; + #define MAX_SEQNO 1073741824 +length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) +{ + if(level == 10) { + lzo_uint lzolen = sizeof(lzo_wrkmem); + lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem); + return lzolen; + } else if(level < 10) { + unsigned long destlen; + if(compress2(dest, &destlen, source, len, level) == Z_OK) + return destlen; + else + return -1; + } else { + lzo_uint lzolen = sizeof(lzo_wrkmem); + lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem); + return lzolen; + } + + return -1; +} + +length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) +{ + if(level > 9) { + lzo_uint lzolen = sizeof(lzo_wrkmem); + if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK) + return lzolen; + else + return -1; + } else { + unsigned long destlen; + if(uncompress(dest, &destlen, source, len) == Z_OK) + return destlen; + else + return -1; + } + + return -1; +} + /* VPN packet I/O */ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) @@ -119,8 +162,9 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) if(myself->cipher) { outpkt = pkt[nextpkt++]; - EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, - myself->key + myself->cipher->key_len); +// EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, +// myself->key + myself->cipher->key_len); + EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL); EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, (char *) &inpkt->seqno, inpkt->len); EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); @@ -162,13 +206,12 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) if(myself->compression) { outpkt = pkt[nextpkt++]; - if(uncompress(outpkt->data, &complen, inpkt->data, inpkt->len) != Z_OK) { + if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, myself->compression)) < 0) { syslog(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), n->name, n->hostname); return; } - outpkt->len = complen; inpkt = outpkt; } @@ -248,15 +291,12 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) if(n->compression) { outpkt = pkt[nextpkt++]; - if(compress2 - (outpkt->data, &complen, inpkt->data, inpkt->len, - n->compression) != Z_OK) { + if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->compression)) < 0) { syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname); return; } - outpkt->len = complen; inpkt = outpkt; } @@ -270,10 +310,11 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) if(n->cipher) { outpkt = pkt[nextpkt++]; - EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len); - EVP_EncryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, +// EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len); + EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL); + EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen, (char *) &inpkt->seqno, inpkt->len); - EVP_EncryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); + EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); outpkt->len = outlen + outpad; inpkt = outpkt; diff --git a/src/net_setup.c b/src/net_setup.c index fcbc8c5d..44d0c744 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.30 2003/03/28 13:41:49 guus Exp $ + $Id: net_setup.c,v 1.1.2.31 2003/05/06 21:13:17 guus Exp $ */ #include "config.h" @@ -406,6 +406,7 @@ int setup_myself(void) keyexpires = now + keylifetime; EVP_CIPHER_CTX_init(&packet_ctx); + EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); /* Check if we want to use message authentication codes... */ @@ -448,7 +449,7 @@ int setup_myself(void) if(get_config_int (lookup_config(myself->connection->config_tree, "Compression"), &myself->compression)) { - if(myself->compression < 0 || myself->compression > 9) { + if(myself->compression < 0 || myself->compression > 11) { syslog(LOG_ERR, _("Bogus compression level!")); return -1; } diff --git a/src/node.c b/src/node.c index e68c7359..48a4ebd8 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.18 2002/09/09 22:32:49 guus Exp $ + $Id: node.c,v 1.1.2.19 2003/05/06 21:13:17 guus Exp $ */ #include "config.h" @@ -83,6 +83,7 @@ node_t *new_node(void) n->subnet_tree = new_subnet_tree(); n->edge_tree = new_edge_tree(); n->queue = list_alloc((list_action_t) free); + EVP_CIPHER_CTX_init(&n->packet_ctx); return n; } @@ -109,6 +110,8 @@ void free_node(node_t *n) if(n->edge_tree) free_edge_tree(n->edge_tree); + EVP_CIPHER_CTX_cleanup(&n->packet_ctx); + free(n); } diff --git a/src/node.h b/src/node.h index 6e5e68eb..800c6dee 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.21 2003/04/18 21:18:36 guus Exp $ + $Id: node.h,v 1.1.2.22 2003/05/06 21:13:18 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -54,7 +54,8 @@ typedef struct node_t { const EVP_CIPHER *cipher; /* Cipher type for UDP packets */ char *key; /* Cipher key and iv */ int keylength; /* Cipher key and iv length */ - + EVP_CIPHER_CTX packet_ctx; /* Cipher context */ + const EVP_MD *digest; /* Digest type for MAC */ int maclength; /* Length of MAC */ diff --git a/src/protocol_key.c b/src/protocol_key.c index 786a8a17..0ecad9ba 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.15 2003/04/18 21:18:36 guus Exp $ + $Id: protocol_key.c,v 1.1.4.16 2003/05/06 21:13:18 guus Exp $ */ #include "config.h" @@ -254,8 +254,15 @@ int ans_key_h(connection_t *c) from->digest = NULL; } + if(compression < 0 || compression > 11) { + syslog(LOG_ERR, _("Node %s (%s) uses bogus compression level!"), from->name, from->hostname); + return -1; + } + from->compression = compression; + EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len); + flush_queue(from); return 0; From 6ba4e2da55001e17aec6a7ee71002130555ff439 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 6 May 2003 23:14:45 +0000 Subject: [PATCH 732/923] Small fixes to make LZO compression work. --- src/net_packet.c | 12 +++++------- src/tincd.c | 17 ++++++++++++----- 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/src/net_packet.c b/src/net_packet.c index e4c4c10a..f9fdf926 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.28 2003/05/06 21:13:17 guus Exp $ + $Id: net_packet.c,v 1.1.2.29 2003/05/06 23:14:45 guus Exp $ */ #include "config.h" @@ -82,7 +82,7 @@ int keylifetime = 0; int keyexpires = 0; EVP_CIPHER_CTX packet_ctx; -char lzo_wrkmem[MAXSIZE]; +char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS]; #define MAX_SEQNO 1073741824 @@ -94,7 +94,7 @@ length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem); return lzolen; } else if(level < 10) { - unsigned long destlen; + unsigned long destlen = MAXSIZE; if(compress2(dest, &destlen, source, len, level) == Z_OK) return destlen; else @@ -117,7 +117,7 @@ length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, i else return -1; } else { - unsigned long destlen; + unsigned long destlen = MAXSIZE; if(uncompress(dest, &destlen, source, len) == Z_OK) return destlen; else @@ -136,7 +136,6 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) int nextpkt = 0; vpn_packet_t *outpkt = pkt[0]; int outlen, outpad; - long int complen = MTU + 12; char hmac[EVP_MAX_MD_SIZE]; int i; @@ -188,7 +187,7 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) } else if (inpkt->seqno <= n->received_seqno) { if(inpkt->seqno <= n->received_seqno - sizeof(n->late) * 8 || !(n->late[(inpkt->seqno / 8) % sizeof(n->late)] & (1 << inpkt->seqno % 8))) { syslog(LOG_WARNING, _("Got late or replayed packet from %s (%s), seqno %d, last received %d"), - n->name, n->hostname, inpkt->seqno, n->received_seqno, n->late[(inpkt->seqno / 8) % sizeof(n->late)]); + n->name, n->hostname, inpkt->seqno, n->received_seqno); } else for(i = n->received_seqno + 1; i < inpkt->seqno; i++) n->late[(inpkt->seqno / 8) % sizeof(n->late)] |= 1 << i % 8; @@ -249,7 +248,6 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) vpn_packet_t *outpkt; int origlen; int outlen, outpad; - long int complen = MTU + 12; vpn_packet_t *copy; static int priority = 0; int origpriority; diff --git a/src/tincd.c b/src/tincd.c index 4335d7b6..f3ffc195 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.66 2003/01/17 00:43:58 guus Exp $ + $Id: tincd.c,v 1.10.4.67 2003/05/06 23:14:45 guus Exp $ */ #include "config.h" @@ -50,6 +50,8 @@ #include #include +#include + #include #include @@ -361,6 +363,9 @@ int main(int argc, char **argv, char **envp) if(show_help) usage(0); + if(kill_tincd) + exit(kill_other(kill_tincd)); + #ifndef LOG_PERROR openlog("tinc", LOG_CONS, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ #else @@ -409,15 +414,17 @@ int main(int argc, char **argv, char **envp) exit(keygen(generate_keys)); } - if(kill_tincd) - exit(kill_other(kill_tincd)); - if(read_server_config()) exit(1); + if(lzo_init() != LZO_E_OK) { + syslog(LOG_ERR, _("Error initializing LZO compressor!")); + exit(1); + } + if(detach()) exit(0); - + for(;;) { if(!setup_network_connections()) { main_loop(); From 249933350bda2c3fa09c7ce8eb36bf84ee30a1cb Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 7 May 2003 11:21:58 +0000 Subject: [PATCH 733/923] Small fixes. --- src/net.h | 4 ++-- src/net_packet.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/net.h b/src/net.h index 6d2677bf..ae384024 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.57 2003/05/06 21:13:17 guus Exp $ + $Id: net.h,v 1.9.4.58 2003/05/07 11:21:58 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -41,7 +41,7 @@ #define MTU 1514 /* 1500 bytes payload + 14 bytes ethernet header */ #endif -#define MAXSIZE (MTU + 4 + 8 + 64 + MTU/64 + 20) /* MTU + seqno + padding + HMAC + compressor overhead */ +#define MAXSIZE (MTU + 4 + EVP_MAX_BLOCK_LENGTH + EVP_MAX_MD_SIZE + MTU/64 + 20) /* MTU + seqno + padding + HMAC + compressor overhead */ #define MAXBUFSIZE ((MAXSIZE > 2048 ? MAXSIZE : 2048) + 128) /* Enough room for a request with a MAXSIZEd packet or a 8192 bits RSA key */ #define MAXSOCKETS 128 /* Overkill... */ diff --git a/src/net_packet.c b/src/net_packet.c index f9fdf926..fff877bc 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.29 2003/05/06 23:14:45 guus Exp $ + $Id: net_packet.c,v 1.1.2.30 2003/05/07 11:21:58 guus Exp $ */ #include "config.h" @@ -90,7 +90,7 @@ char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_CO length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) { if(level == 10) { - lzo_uint lzolen = sizeof(lzo_wrkmem); + lzo_uint lzolen = MAXSIZE; lzo1x_1_compress(source, len, dest, &lzolen, lzo_wrkmem); return lzolen; } else if(level < 10) { @@ -100,7 +100,7 @@ length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int else return -1; } else { - lzo_uint lzolen = sizeof(lzo_wrkmem); + lzo_uint lzolen = MAXSIZE; lzo1x_999_compress(source, len, dest, &lzolen, lzo_wrkmem); return lzolen; } @@ -111,7 +111,7 @@ length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) { if(level > 9) { - lzo_uint lzolen = sizeof(lzo_wrkmem); + lzo_uint lzolen = MAXSIZE; if(lzo1x_decompress_safe(source, len, dest, &lzolen, NULL) == LZO_E_OK) return lzolen; else From f238c209f4a0ced889b8fb443753ed2cdb3548b3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 17 May 2003 22:12:52 +0000 Subject: [PATCH 734/923] Fix links. --- doc/tinc.texi | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 488aa343..298c24d9 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.34 2002/12/27 19:32:33 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.35 2003/05/17 22:12:52 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.34 2002/12/27 19:32:33 guus Exp $ +$Id: tinc.texi,v 1.8.4.35 2003/05/17 22:12:52 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.34 2002/12/27 19:32:33 guus Exp $ +$Id: tinc.texi,v 1.8.4.35 2003/05/17 22:12:52 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -187,7 +187,7 @@ packets. @cindex release For an up to date list of supported platforms, please check the list on our website: -@uref{http://tinc.nl.linux.org/platforms.html}. +@uref{http://tinc.nl.linux.org/platforms}. @c ================================================================== @@ -559,7 +559,7 @@ system startup scripts and sample configurations. If you cannot use one of the precompiled packages, or you want to compile tinc for yourself, you can use the source. The source is distributed under the GNU General Public License (GPL). Download the source from the -@uref{http://tinc.nl.linux.org/download.html, download page}, which has +@uref{http://tinc.nl.linux.org/download, download page}, which has the checksums of these files listed; you may wish to check these with md5sum before continuing. From 4b0e5a03fe89529ebe5d471a82c29c153a12116b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 7 Jun 2003 13:18:32 +0000 Subject: [PATCH 735/923] Fix warning and add missing checks for LZO library. --- m4/lzo.m4 | 31 +++++++++++++++++++++++++++++++ src/Makefile.am | 4 ++-- 2 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 m4/lzo.m4 diff --git a/m4/lzo.m4 b/m4/lzo.m4 new file mode 100644 index 00000000..58011f1a --- /dev/null +++ b/m4/lzo.m4 @@ -0,0 +1,31 @@ +dnl Check to find the lzo headers/libraries + +AC_DEFUN(tinc_LZO, +[ + tinc_ac_save_CPPFLAGS="$CPPFLAGS" + + AC_ARG_WITH(lzo-include, + [ --with-lzo-include=DIR lzo headers directory], + [lzo_include="$withval" + CFLAGS="$CFLAGS -I$withval" + CPPFLAGS="$CPPFLAGS -I$withval"] + ) + + AC_ARG_WITH(lzo-lib, + [ --with-lzo-lib=DIR lzo library directory], + [lzo_lib="$withval" + LIBS="$LIBS -L$withval"] + ) + + AC_CHECK_HEADERS(lzo1x.h, + [], + [AC_MSG_ERROR("lzo header files not found."); break] + ) + + CPPFLAGS="$tinc_ac_save_CPPFLAGS" + + AC_CHECK_LIB(lzo, lzo1x_1_compress, + [LIBS="$LIBS -llzo"], + [AC_MSG_ERROR("lzo libraries not found.")] + ) +]) diff --git a/src/Makefile.am b/src/Makefile.am index f7e9462a..bc34d532 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.28 2002/09/10 21:46:05 guus Exp $ +# $Id: Makefile.am,v 1.4.4.29 2003/06/07 13:18:31 guus Exp $ sbin_PROGRAMS = tincd @@ -21,7 +21,7 @@ tincd_LDADD = \ localedir = $(datadir)/locale -CFLAGS = @CFLAGS@ -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"$(sysconfdir)\" \ +AM_CFLAGS = @CFLAGS@ -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"$(sysconfdir)\" \ -DLOCALEDIR=\"$(localedir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" dist-hook: From 9e02a3d5631b687833e4cdcde18cda66e38138fc Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 11 Jun 2003 19:07:56 +0000 Subject: [PATCH 736/923] Call make_names() before doing anything else. --- src/tincd.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/tincd.c b/src/tincd.c index f3ffc195..7e28bcb2 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.67 2003/05/06 23:14:45 guus Exp $ + $Id: tincd.c,v 1.10.4.68 2003/06/11 19:07:56 guus Exp $ */ #include "config.h" @@ -65,13 +65,13 @@ #include "system.h" /* The name this program was run with. */ -char *program_name; +char *program_name = NULL; /* If nonzero, display usage information and exit. */ -int show_help; +int show_help = 0; /* If nonzero, print the version on standard output and exit. */ -int show_version; +int show_version = 0; /* If nonzero, it will attempt to kill a running tincd and exit. */ int kill_tincd = 0; @@ -85,8 +85,8 @@ int bypass_security = 0; /* If nonzero, disable swapping for this process. */ int do_mlock = 0; -char *identname; /* program name for syslog */ -char *pidfilename; /* pid file location */ +char *identname = NULL; /* program name for syslog */ +char *pidfilename = NULL; /* pid file location */ char **g_argv; /* a copy of the cmdline arguments */ char **environment; /* A pointer to the environment on startup */ @@ -347,6 +347,7 @@ int main(int argc, char **argv, char **envp) environment = envp; parse_options(argc, argv, envp); + make_names(); if(show_version) { printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, @@ -388,7 +389,6 @@ int main(int argc, char **argv, char **envp) g_argv = argv; - make_names(); init_configuration(&config_tree); /* Slllluuuuuuurrrrp! */ From 451800eda87e886021fabd1888e486c51e97902a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 11 Jun 2003 19:09:52 +0000 Subject: [PATCH 737/923] If we have a Linux tun/tap device and we are in router mode, open the device in tun mode. --- src/linux/device.c | 106 +++++++++++++++++++++++++++++---------------- 1 file changed, 69 insertions(+), 37 deletions(-) diff --git a/src/linux/device.c b/src/linux/device.c index 629b49e7..c5c8bcd4 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.13 2002/09/15 22:19:19 guus Exp $ + $Id: device.c,v 1.1.2.14 2003/06/11 19:09:52 guus Exp $ */ #include "config.h" @@ -48,11 +48,15 @@ #include "conf.h" #include "net.h" #include "subnet.h" +#include "route.h" #include "system.h" -#define DEVICE_TYPE_ETHERTAP 0 -#define DEVICE_TYPE_TUNTAP 1 +enum { + DEVICE_TYPE_ETHERTAP, + DEVICE_TYPE_TUN, + DEVICE_TYPE_TAP, +}; int device_fd = -1; int device_type; @@ -104,20 +108,24 @@ int setup_device(void) /* Ok now check if this is an old ethertap or a new tun/tap thingie */ memset(&ifr, 0, sizeof(ifr)); - ifr.ifr_flags = IFF_TAP | IFF_NO_PI; + if(routing_mode == RMODE_ROUTER) { + ifr.ifr_flags = IFF_TUN; + device_type = DEVICE_TYPE_TUN; + device_info = _("Linux tun/tap device (tun mode)"); + } else { + ifr.ifr_flags = IFF_TAP | IFF_NO_PI; + device_type = DEVICE_TYPE_TAP; + device_info = _("Linux tun/tap device (tap mode)"); + } if(interface) strncpy(ifr.ifr_name, interface, IFNAMSIZ); if(!ioctl(device_fd, TUNSETIFF, (void *) &ifr)) { - device_info = _("Linux tun/tap device"); - device_type = DEVICE_TYPE_TUNTAP; strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); interface = ifrname; } else if(!ioctl(device_fd, (('T' << 8) | 202), (void *) &ifr)) { syslog(LOG_WARNING, _("Old ioctl() request was needed for %s"), device); - device_type = DEVICE_TYPE_TUNTAP; - device_info = _("Linux tun/tap device"); strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); interface = ifrname; } else @@ -150,27 +158,40 @@ int read_packet(vpn_packet_t *packet) cp(); - if(device_type == DEVICE_TYPE_TUNTAP) { - lenin = read(device_fd, packet->data, MTU); + switch(device_type) { + case DEVICE_TYPE_TUN: + lenin = read(device_fd, packet->data + 10, MTU - 10); - if(lenin <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), - device_info, device, strerror(errno)); - return -1; - } + if(lenin <= 0) { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), + device_info, device, strerror(errno)); + return -1; + } - packet->len = lenin; - } else { /* ethertap */ + packet->len = lenin + 10; + break; + case DEVICE_TYPE_TAP: + lenin = read(device_fd, packet->data, MTU); - lenin = read(device_fd, packet->data - 2, MTU + 2); + if(lenin <= 0) { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), + device_info, device, strerror(errno)); + return -1; + } - if(lenin <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), - device_info, device, strerror(errno)); - return -1; - } + packet->len = lenin; + break; + case DEVICE_TYPE_ETHERTAP: + lenin = read(device_fd, packet->data - 2, MTU + 2); - packet->len = lenin - 2; + if(lenin <= 0) { + syslog(LOG_ERR, _("Error while reading from %s %s: %s"), + device_info, device, strerror(errno)); + return -1; + } + + packet->len = lenin - 2; + break; } device_total_in += packet->len; @@ -191,20 +212,31 @@ int write_packet(vpn_packet_t *packet) syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); - if(device_type == DEVICE_TYPE_TUNTAP) { - if(write(device_fd, packet->data, packet->len) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, - strerror(errno)); - return -1; - } - } else { /* ethertap */ - *(short int *)(packet->data - 2) = packet->len; + switch(device_type) { + case DEVICE_TYPE_TUN: + packet->data[10] = packet->data[11] = 0; + if(write(device_fd, packet->data + 10, packet->len - 10) < 0) { + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + strerror(errno)); + return -1; + } + break; + case DEVICE_TYPE_TAP: + if(write(device_fd, packet->data, packet->len) < 0) { + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + strerror(errno)); + return -1; + } + break; + case DEVICE_TYPE_ETHERTAP: + *(short int *)(packet->data - 2) = packet->len; - if(write(device_fd, packet->data - 2, packet->len + 2) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, - strerror(errno)); - return -1; - } + if(write(device_fd, packet->data - 2, packet->len + 2) < 0) { + syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + strerror(errno)); + return -1; + } + break; } device_total_out += packet->len; From 31f17d43346a9175aec7c29ce41c71b1d08f725e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 11 Jun 2003 19:27:35 +0000 Subject: [PATCH 738/923] AddressFamily is "any" by default. --- src/net_socket.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/net_socket.c b/src/net_socket.c index b17dd8db..26636566 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.23 2003/01/17 00:37:20 guus Exp $ + $Id: net_socket.c,v 1.1.2.24 2003/06/11 19:27:35 guus Exp $ */ #include "config.h" @@ -75,7 +75,7 @@ #define RAND_pseudo_bytes RAND_bytes #endif -int addressfamily = AF_INET; +int addressfamily = AF_UNSPEC; int maxtimeout = 900; int seconds_till_retry = 5; From 12de5a8eedd985f4732e88de6185f77a8244612c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 11 Jun 2003 19:28:38 +0000 Subject: [PATCH 739/923] Remove mymac stuff from device.c. --- src/cygwin/device.c | 13 +------------ src/darwin/device.c | 15 +-------------- src/freebsd/device.c | 13 +------------ src/linux/device.c | 15 +++------------ src/netbsd/device.c | 15 +-------------- src/openbsd/device.c | 16 +--------------- src/raw_socket/device.c | 13 +------------ src/route.c | 14 +++++++++----- src/route.h | 3 ++- src/solaris/device.c | 16 +--------------- 10 files changed, 21 insertions(+), 112 deletions(-) diff --git a/src/cygwin/device.c b/src/cygwin/device.c index 3bfc2ab1..9b06d4d1 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.4 2002/09/10 21:29:42 guus Exp $ + $Id: device.c,v 1.1.2.5 2003/06/11 19:28:36 guus Exp $ */ #include "config.h" @@ -47,8 +47,6 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -extern subnet_t mymac; - int setup_device(void) { struct ifreq ifr; @@ -66,15 +64,6 @@ int setup_device(void) return -1; } - /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; - device_info = _("Stub device for Cygwin environment"); syslog(LOG_INFO, _("%s is a %s"), device, device_info); diff --git a/src/darwin/device.c b/src/darwin/device.c index 4b597ad2..c08153fe 100644 --- a/src/darwin/device.c +++ b/src/darwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.5 2002/09/10 21:29:42 guus Exp $ + $Id: device.c,v 1.1.2.6 2003/06/11 19:28:36 guus Exp $ */ #include "config.h" @@ -51,8 +51,6 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -extern subnet_t mymac; - /* open the local ethertap device */ @@ -71,15 +69,6 @@ int setup_device(void) return -1; } - /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; - device_info = _("MacOS/X tun device"); syslog(LOG_INFO, _("%s is a %s"), device, device_info); @@ -110,8 +99,6 @@ int read_packet(vpn_packet_t *packet) return -1; } - memcpy(packet->data, mymac.net.mac.address.x, 6); - memcpy(packet->data + 6, mymac.net.mac.address.x, 6); packet->data[12] = 0x08; packet->data[13] = 0x00; diff --git a/src/freebsd/device.c b/src/freebsd/device.c index 5e0fff25..86ed951b 100644 --- a/src/freebsd/device.c +++ b/src/freebsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.8 2002/09/10 21:29:42 guus Exp $ + $Id: device.c,v 1.1.2.9 2003/06/11 19:28:37 guus Exp $ */ #include "config.h" @@ -51,8 +51,6 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -extern subnet_t mymac; - /* open the local ethertap device */ @@ -71,15 +69,6 @@ int setup_device(void) return -1; } - /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; - device_info = _("FreeBSD tap device"); syslog(LOG_INFO, _("%s is a %s"), device, device_info); diff --git a/src/linux/device.c b/src/linux/device.c index c5c8bcd4..ea663846 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.14 2003/06/11 19:09:52 guus Exp $ + $Id: device.c,v 1.1.2.15 2003/06/11 19:28:37 guus Exp $ */ #include "config.h" @@ -68,8 +68,6 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -extern subnet_t mymac; - /* open the local ethertap device */ @@ -95,15 +93,6 @@ int setup_device(void) return -1; } - /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; - #ifdef HAVE_TUNTAP /* Ok now check if this is an old ethertap or a new tun/tap thingie */ @@ -131,6 +120,8 @@ int setup_device(void) } else #endif { + if(routing_mode == RMODE_ROUTER) + overwrite_mac = 1; device_info = _("Linux ethertap device"); device_type = DEVICE_TYPE_ETHERTAP; interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; diff --git a/src/netbsd/device.c b/src/netbsd/device.c index 98b607a3..b9400358 100644 --- a/src/netbsd/device.c +++ b/src/netbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.7 2002/09/10 21:29:42 guus Exp $ + $Id: device.c,v 1.1.2.8 2003/06/11 19:28:37 guus Exp $ */ #include "config.h" @@ -56,8 +56,6 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -extern subnet_t mymac; - /* open the local ethertap device */ @@ -75,15 +73,6 @@ int setup_device(void) return -1; } - /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; - device_info = _("NetBSD tun device"); syslog(LOG_INFO, _("%s is a %s"), device, device_info); @@ -110,8 +99,6 @@ int read_packet(vpn_packet_t *packet) return -1; } - memcpy(packet->data, mymac.net.mac.address.x, 6); - memcpy(packet->data + 6, mymac.net.mac.address.x, 6); packet->data[12] = 0x08; packet->data[13] = 0x00; diff --git a/src/openbsd/device.c b/src/openbsd/device.c index 3e032b6c..b1a30d22 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.12 2002/09/10 21:29:42 guus Exp $ + $Id: device.c,v 1.1.2.13 2003/06/11 19:28:37 guus Exp $ */ #include "config.h" @@ -56,8 +56,6 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -extern subnet_t mymac; - /* open the local ethertap device */ @@ -75,15 +73,6 @@ int setup_device(void) return -1; } - /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; - device_info = _("OpenBSD tun device"); syslog(LOG_INFO, _("%s is a %s"), device, device_info); @@ -112,9 +101,6 @@ int read_packet(vpn_packet_t *packet) return -1; } - memcpy(packet->data, mymac.net.mac.address.x, 6); - memcpy(packet->data + 6, mymac.net.mac.address.x, 6); - switch (ntohl(type)) { case AF_INET: packet->data[12] = 0x8; diff --git a/src/raw_socket/device.c b/src/raw_socket/device.c index b75f824d..1b9d8949 100644 --- a/src/raw_socket/device.c +++ b/src/raw_socket/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.4 2002/09/10 21:29:42 guus Exp $ + $Id: device.c,v 1.1.2.5 2003/06/11 19:28:38 guus Exp $ */ #include "config.h" @@ -53,8 +53,6 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -extern subnet_t mymac; - /* open the local ethertap device */ @@ -99,15 +97,6 @@ int setup_device(void) return -1; } - /* Set default MAC address for ethertap devices */ - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; - syslog(LOG_INFO, _("%s is a %s"), device, device_info); return 0; diff --git a/src/route.c b/src/route.c index 06dffc97..571b1ba2 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.49 2003/03/29 22:11:22 guus Exp $ + $Id: route.c,v 1.1.2.50 2003/06/11 19:28:35 guus Exp $ */ #include "config.h" @@ -67,7 +67,8 @@ int routing_mode = RMODE_ROUTER; int priorityinheritance = 0; int macexpire = 600; -subnet_t mymac; +int overwrite_mac = 0; +mac_t mymac = {0xFE, 0xFD, 0, 0, 0, 0}; /* RFC 1071 */ @@ -397,7 +398,8 @@ void route_neighborsol(vpn_packet_t *packet) /* First, snatch the source address from the neighbor solicitation packet */ - memcpy(mymac.net.mac.address.x, packet->data + 6, 6); + if(overwrite_mac) + memcpy(mymac.x, packet->data + 6, 6); /* Check if this is a valid neighbor solicitation request */ @@ -499,7 +501,8 @@ void route_arp(vpn_packet_t *packet) /* First, snatch the source address from the ARP packet */ - memcpy(mymac.net.mac.address.x, packet->data + 6, 6); + if(overwrite_mac) + memcpy(mymac.x, packet->data + 6, 6); /* This routine generates replies to ARP requests. You don't need to set NOARP flag on the interface anymore (which is broken on FreeBSD). @@ -628,7 +631,8 @@ void route_incoming(node_t *source, vpn_packet_t *packet) if(n) { if(n == myself) { - memcpy(packet->data, mymac.net.mac.address.x, 6); + if(overwrite_mac) + memcpy(packet->data, mymac.x, 6); write_packet(packet); } else send_packet(n, packet); diff --git a/src/route.h b/src/route.h index 1752d470..0e23486f 100644 --- a/src/route.h +++ b/src/route.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.h,v 1.1.2.9 2002/09/09 21:25:07 guus Exp $ + $Id: route.h,v 1.1.2.10 2003/06/11 19:28:35 guus Exp $ */ #ifndef __TINC_ROUTE_H__ @@ -30,6 +30,7 @@ enum { }; extern int routing_mode; +extern int overwrite_mac; extern int priorityinheritance; extern int macexpire; diff --git a/src/solaris/device.c b/src/solaris/device.c index a9ea6eb9..3054a98f 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.11 2002/09/10 21:29:42 guus Exp $ + $Id: device.c,v 1.1.2.12 2003/06/11 19:28:38 guus Exp $ */ @@ -57,8 +57,6 @@ char *device_info = NULL; int device_total_in = 0; int device_total_out = 0; -subnet_t mymac; - int setup_device(void) { int ip_fd = -1, if_fd = -1; @@ -120,16 +118,6 @@ int setup_device(void) device_info = _("Solaris tun device"); - /* Set default MAC address for ethertap devices */ - - mymac.type = SUBNET_MAC; - mymac.net.mac.address.x[0] = 0xfe; - mymac.net.mac.address.x[1] = 0xfd; - mymac.net.mac.address.x[2] = 0x00; - mymac.net.mac.address.x[3] = 0x00; - mymac.net.mac.address.x[4] = 0x00; - mymac.net.mac.address.x[5] = 0x00; - syslog(LOG_INFO, _("%s is a %s"), device, device_info); return 0; @@ -154,8 +142,6 @@ int read_packet(vpn_packet_t *packet) return -1; } - memcpy(packet->data, mymac.net.mac.address.x, 6); - memcpy(packet->data + 6, mymac.net.mac.address.x, 6); packet->data[12] = 0x08; packet->data[13] = 0x00; From cf63cbef2bcb6a1f21ded439cbb09842581b9020 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 11 Jun 2003 19:39:02 +0000 Subject: [PATCH 740/923] Fixes from Wessel Danker's libavl. --- lib/avl_tree.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/avl_tree.c b/lib/avl_tree.c index d35936e6..7bacc20e 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.12 2002/09/10 09:40:15 guus Exp $ + $Id: avl_tree.c,v 1.1.2.13 2003/06/11 19:39:02 guus Exp $ */ #include @@ -519,7 +519,7 @@ void avl_insert_before(avl_tree_t *tree, avl_node_t *before, before->prev = node; before->left = node; - avl_rebalance(tree, before->parent); + avl_rebalance(tree, before); } void avl_insert_after(avl_tree_t *tree, avl_node_t *after, avl_node_t *node) @@ -549,7 +549,7 @@ void avl_insert_after(avl_tree_t *tree, avl_node_t *after, avl_node_t *node) after->next = node; after->right = node; - avl_rebalance(tree, after->parent); + avl_rebalance(tree, after); } avl_node_t *avl_unlink(avl_tree_t *tree, void *data) From 0a9aef2da749f7b7d1ca183daad88f6433579b9f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 11 Jun 2003 19:40:43 +0000 Subject: [PATCH 741/923] More braces to make gcc happy. --- src/route.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/route.c b/src/route.c index 571b1ba2..261462e2 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.50 2003/06/11 19:28:35 guus Exp $ + $Id: route.c,v 1.1.2.51 2003/06/11 19:40:43 guus Exp $ */ #include "config.h" @@ -68,7 +68,7 @@ int routing_mode = RMODE_ROUTER; int priorityinheritance = 0; int macexpire = 600; int overwrite_mac = 0; -mac_t mymac = {0xFE, 0xFD, 0, 0, 0, 0}; +mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}}; /* RFC 1071 */ From 9279b3c69982b066e2aaea4e444892b51332881a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 11 Jun 2003 20:18:48 +0000 Subject: [PATCH 742/923] Update documentation. --- doc/tinc.conf.5 | 5 +- doc/tinc.texi | 118 ++++++++++++++++++++++++------------------------ 2 files changed, 62 insertions(+), 61 deletions(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index db51eb68..77232408 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -100,7 +100,7 @@ If you leave it out, remember to replace it with at least one space character. Here are all valid variables, listed in alphabetical order. The default value is given between parentheses. .Bl -tag -width indent -.It Va AddressFamily Li = ipv4 | ipv6 | any Po ipv4 Pc Bq experimental +.It Va AddressFamily Li = ipv4 | ipv6 | any Pq any This option affects the address family of listening and outgoing sockets. If .Qq any @@ -237,7 +237,8 @@ Furthermore, specifying will turn off packet encryption. .It Va Compression Li = Ar level Pq 0 This option sets the level of compression used for UDP packets. -Possible values are 0 (off), 1 (fast) and any integer up to 9 (best). +Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), +and 10 (lzo). .It Va Digest Li = Ar digest Pq sha1 The digest algorithm used to authenticate UDP packets. Any digest supported by OpenSSL is recognised. diff --git a/doc/tinc.texi b/doc/tinc.texi index 298c24d9..2214d49f 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.35 2003/05/17 22:12:52 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.36 2003/06/11 20:18:48 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.35 2003/05/17 22:12:52 guus Exp $ +$Id: tinc.texi,v 1.8.4.36 2003/06/11 20:18:48 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.35 2003/05/17 22:12:52 guus Exp $ +$Id: tinc.texi,v 1.8.4.36 2003/06/11 20:18:48 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -455,13 +455,14 @@ and the corresponding network interfaces. @cindex requirements @cindex libraries -Before you can configure or build tinc, you need to have the OpenSSL -and zlib libraries installed on your system. If you try to configure tinc without +Before you can configure or build tinc, you need to have the OpenSSL, +zlib and lzo libraries installed on your system. If you try to configure tinc without having them installed, configure will give you an error message, and stop. @menu * OpenSSL:: * zlib:: +* lzo:: @end menu @@ -517,7 +518,7 @@ all other requirements of the GPL are met. @c ================================================================== -@node zlib, , OpenSSL, Libraries +@node zlib, lzo, OpenSSL, Libraries @subsection zlib @cindex zlib @@ -539,6 +540,28 @@ make sure you build development and runtime libraries (which is the default). +@c ================================================================== +@node lzo, , zlib, Libraries +@subsection lzo + +@cindex lzo +Another form of compression is offered using the lzo library. + +If this library is not installed, you wil get an error when configuring +tinc for build. Support for running tinc without having lzo +installed @emph{may} be added in the future. + +You can use your operating system's package manager to install this if +available. Make sure you install the development AND runtime versions +of this package. + +If you have to install lzo manually, you can get the source code +from @url{http://www.oberhumer.com/opensource/lzo/}. Instructions on how to configure, +build and install this package are included within the package. Please +make sure you build development and runtime libraries (which is the +default). + + @c @c @c @@ -601,7 +624,7 @@ from @uref{http://developer.apple.com/tools/macosxtools.html} and a recent version of Fink from @uref{http://fink.sourceforge.net/}. After installation use fink to download and install the following packages: -autoconf25, automake, dlcompat, m4, openssl and zlib. +autoconf25, automake, dlcompat, m4, openssl, zlib and lzo. @c ================================================================== @@ -831,7 +854,7 @@ required directives are given in @strong{bold}. @table @asis @cindex AddressFamily -@item AddressFamily = (ipv4) [experimental] +@item AddressFamily = (any) This option affects the address family of listening and outgoing sockets. If "any" is selected, then depending on the operating system both IPv4 and IPv6 or just IPv6 listening sockets will be created. @@ -977,7 +1000,8 @@ Any cipher supported by OpenSSL is recognized. @cindex Compression @item Compression = (0) This option sets the level of compression used for UDP packets. -Possible values are 0 (off), 1 (fast) and any integer up to 9 (best). +Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), +and 10 (lzo). @cindex Digest @item Digest = (sha1) @@ -1132,24 +1156,10 @@ An example @file{tinc-up} script: @example #!/bin/sh -ifconfig $INTERFACE hw ether fe:fd:0:0:0:0 ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0 -ifconfig $INTERFACE -arp @end example -@cindex MAC address -@cindex hardware address -The first line sets up the MAC address of the network interface. -Due to the nature of how Ethernet and tinc work, it has to be set to fe:fd:0:0:0:0 -for tinc to work in it's normal mode. -If you configured tinc to work in `switch' or `hub' mode, the hardware address should instead -be set to a unique address instead of fe:fd:0:0:0:0. - -You can use the environment variable $INTERFACE to get the name of the interface. -However, this might not be reliable. If in doubt, use the name of the interface explicitly. - -@cindex ifconfig -The next line gives the interface an IP address and a netmask. +This script gives the interface an IP address and a netmask. The kernel will also automatically add a route to this interface, so normally you don't need to add route commands to the @file{tinc-up} script. The kernel will also bring the interface up after this command. @@ -1157,11 +1167,6 @@ The kernel will also bring the interface up after this command. The netmask is the mask of the @emph{entire} VPN network, not just your own subnet. -@cindex arp -The last line tells the kernel not to use ARP on that interface. -Again this has to do with how Ethernet and tinc work. -Use this option only if you are running tinc under Linux and are using tinc's normal routing mode. - @c ================================================================== @node Example configuration, , Network interfaces, Configuration @@ -1206,9 +1211,7 @@ In @file{/etc/tinc/company/tinc-up}: # Real interface of internal network: # ifconfig eth0 10.1.54.1 netmask 255.255.0.0 broadcast 10.1.255.255 -ifconfig tap0 hw ether fe:fd:0:0:0:0 -ifconfig tap0 10.1.54.1 netmask 255.0.0.0 -ifconfig tap0 -arp +ifconfig $INTERFACE 10.1.54.1 netmask 255.0.0.0 @end example and in @file{/etc/tinc/company/tinc.conf}: @@ -1225,16 +1228,16 @@ On all hosts, /etc/tinc/company/hosts/BranchA contains: Subnet = 10.1.0.0/16 Address = 1.2.3.4 -Note that the IP addresses of eth0 and tap0 are the same. -This is quite possible, if you make sure that the netmasks of the interfaces are different. -It is in fact recommended to give give both real internal network interfaces and tap interfaces the same IP address, -since that will make things a lot easier to remember and set up. - -----BEGIN RSA PUBLIC KEY----- ... -----END RSA PUBLIC KEY----- @end example +Note that the IP addresses of eth0 and tap0 are the same. +This is quite possible, if you make sure that the netmasks of the interfaces are different. +It is in fact recommended to give give both real internal network interfaces and tap interfaces the same IP address, +since that will make things a lot easier to remember and set up. + @subsubheading For Branch B @@ -1244,9 +1247,7 @@ In @file{/etc/tinc/company/tinc-up}: # Real interface of internal network: # ifconfig eth0 10.2.43.8 netmask 255.255.0.0 broadcast 10.2.255.255 -ifconfig tap0 hw ether fe:fd:0:0:0:0 -ifconfig tap0 10.2.1.12 netmask 255.0.0.0 -ifconfig tap0 -arp +ifconfig $INTERFACE 10.2.1.12 netmask 255.0.0.0 @end example and in @file{/etc/tinc/company/tinc.conf}: @@ -1281,9 +1282,7 @@ In @file{/etc/tinc/company/tinc-up}: # Real interface of internal network: # ifconfig eth0 10.3.69.254 netmask 255.255.0.0 broadcast 10.3.255.255 -ifconfig tap1 hw ether fe:fd:0:0:0:0 -ifconfig tap1 10.3.69.254 netmask 255.0.0.0 -ifconfig tap1 -arp +ifconfig $INTERFACE 10.3.69.254 netmask 255.0.0.0 @end example and in @file{/etc/tinc/company/tinc.conf}: @@ -1319,9 +1318,7 @@ In @file{/etc/tinc/company/tinc-up}: # Real interface of internal network: # ifconfig eth0 10.4.3.32 netmask 255.255.0.0 broadcast 10.4.255.255 -ifconfig company hw ether fe:fd:0:0:0:0 -ifconfig company 10.4.3.32 netmask 255.0.0.0 -ifconfig company -arp +ifconfig $INTERFACE 10.4.3.32 netmask 255.0.0.0 @end example and in @file{/etc/tinc/company/tinc.conf}: @@ -1548,18 +1545,19 @@ computer over the existing Internet infrastructure. The data itself is read from a character device file, the so-called @emph{virtual network device}. This device is associated with a network interface. Any data sent to this interface can be read from the device, -and any data written to the device gets sent from the interface. Data to -and from the device is formatted as if it were a normal Ethernet card, -so a frame is preceded by two MAC addresses and a @emph{frame type} -field. +and any data written to the device gets sent from the interface. +There are two possible types of virtual network devices: +`tun' style, which are point-to-point devices which can only handle IPv4 and/or IPv6 packets, +and `tap' style, which are Ethernet devices and handle complete Ethernet frames. So when tinc reads an Ethernet frame from the device, it determines its type. When tinc is in it's default routing mode, it can handle IPv4 and IPv6 -packets. Depending on the Subnet lines, it will send the packets off to their destination. +packets. Depending on the Subnet lines, it will send the packets off to their destination IP address. In the `switch' and `hub' mode, tinc will use broadcasts and MAC address discovery to deduce the destination of the packets. Since the latter modes only depend on the link layer information, any protocol that runs over Ethernet is supported (for instance IPX and Appletalk). +However, only `tap' style devices provide this information. After the destination has been determined, the packet will be compressed (optionally), @@ -1580,18 +1578,20 @@ in reverse. So it checks the message authentication code, decrypts the contents checks the sequence number and writes the decrypted information to its own virtual network device. -To let the kernel on the receiving end accept the packet, the destination MAC -address must match that of the virtual network interface. -If tinc is in it's default routing mode, ARP does not work, so the correct destination MAC cannot be set -by the sending daemons. -tinc solves this by letting the receiving end detect the MAC address +If the virtual network device is a `tun' device (a point-to-point tunnel), +there is no problem for the kernel to accept a packet. +However, if it is a `tap' device (this is the only available type on FreeBSD), +the destination MAC address must match that of the virtual network interface. +If tinc is in it's default routing mode, ARP does not work, so the correct destination MAC +can not be known by the sending host. +tinc solves this by letting the receiving end detect the MAC address of its own virtual network interface and overwriting the destination MAC address of the received packet. -However, the MAC address of the network interface at the receiver might not always be known to tinc. -That is the reason why you should set the MAC address of your tap interface to that address -when in routing mode. In switch or hub modes ARP does work so the sender already knows the correct destination MAC address. In those modes every interface should have a unique MAC address, so make sure they are not the same. +Because switch and hub modes rely on MAC addresses to function correctly, +these modes cannot be used on the following operating systems which don't have a `tap' style virtual network device: +OpenBSD, NetBSD, Darwin and Solaris. @c ================================================================== From 636e650261712e3687048fe19987fd50ce84b093 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 11 Jun 2003 20:19:46 +0000 Subject: [PATCH 743/923] Update dutch translation. --- po/nl.po | 184 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 97 insertions(+), 87 deletions(-) diff --git a/po/nl.po b/po/nl.po index ca8dfefa..86563076 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,7 +5,8 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2003-05-06 23:10+0200\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-06-11 22:14+0200\n" "PO-Revision-Date: 2003-05-06 23:10+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -226,105 +227,105 @@ msgstr "Legen taakrij" msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." -#: src/net_packet.c:154 +#: src/net_packet.c:153 #, c-format msgid "Got unauthenticated packet from %s (%s)" msgstr "Kreeg niet-geauthenticeerd pakket van %s (%s)" -#: src/net_packet.c:184 +#: src/net_packet.c:183 #, c-format msgid "Lost %d packets from %s (%s)" msgstr "%d pakketten van %s (%s) verloren" -#: src/net_packet.c:190 +#: src/net_packet.c:189 #, c-format msgid "Got late or replayed packet from %s (%s), seqno %d, last received %d" msgstr "" "Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d, laatste ontvangen %d" -#: src/net_packet.c:210 +#: src/net_packet.c:209 #, c-format msgid "Error while uncompressing packet from %s (%s)" msgstr "Fout tijdens decomprimeren pakket van %s (%s)" -#: src/net_packet.c:238 +#: src/net_packet.c:237 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net_packet.c:265 +#: src/net_packet.c:263 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net_packet.c:295 +#: src/net_packet.c:293 #, c-format msgid "Error while compressing packet to %s (%s)" msgstr "Fout tijdens comprimeren pakket naar %s (%s)" -#: src/net_packet.c:347 +#: src/net_packet.c:345 #, c-format msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" -#: src/net_packet.c:350 src/net_setup.c:485 src/net_socket.c:110 -#: src/net_socket.c:157 src/net_socket.c:187 src/tincd.c:375 src/process.c:265 +#: src/net_packet.c:348 src/net_setup.c:485 src/net_socket.c:110 +#: src/net_socket.c:157 src/net_socket.c:187 src/tincd.c:381 src/process.c:265 #: src/process.c:295 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" -#: src/net_packet.c:356 +#: src/net_packet.c:354 #, c-format msgid "Error sending packet to %s (%s): %s" msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net_packet.c:374 +#: src/net_packet.c:372 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net_packet.c:379 +#: src/net_packet.c:377 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net_packet.c:386 +#: src/net_packet.c:384 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net_packet.c:395 +#: src/net_packet.c:393 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net_packet.c:415 +#: src/net_packet.c:413 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net_packet.c:433 +#: src/net_packet.c:431 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:454 +#: src/net_packet.c:452 #, c-format msgid "This is a bug: %s:%d: %d:%s" msgstr "Dit is een programmeerfout: %s:%d: %d:%s" -#: src/net_packet.c:461 +#: src/net_packet.c:459 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net_packet.c:468 +#: src/net_packet.c:466 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:478 +#: src/net_packet.c:476 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" @@ -813,12 +814,12 @@ msgstr " %s eigenaar %s" msgid "End of subnet list." msgstr "Einde van subnet lijst." -#: src/tincd.c:109 +#: src/tincd.c:111 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:112 +#: src/tincd.c:114 #, c-format msgid "" "Usage: %s [option]...\n" @@ -827,7 +828,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:113 +#: src/tincd.c:115 msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" @@ -852,13 +853,13 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:122 +#: src/tincd.c:124 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:180 +#: src/tincd.c:182 #, c-format msgid "" "Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, " @@ -867,7 +868,7 @@ msgstr "" "Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, " "KILL, USR1, USR2, WINCH, INT of ALRM.\n" -#: src/tincd.c:199 +#: src/tincd.c:201 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" @@ -875,24 +876,24 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:266 +#: src/tincd.c:268 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:270 +#: src/tincd.c:272 msgid "Error during key generation!\n" msgstr "Fout tijdens genereren sleutel!\n" -#: src/tincd.c:273 +#: src/tincd.c:275 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:282 +#: src/tincd.c:284 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:288 src/tincd.c:301 +#: src/tincd.c:290 src/tincd.c:303 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -900,21 +901,21 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:295 +#: src/tincd.c:297 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:322 +#: src/tincd.c:324 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:350 +#: src/tincd.c:353 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:352 +#: src/tincd.c:355 msgid "" "Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -931,20 +932,24 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:379 +#: src/tincd.c:385 msgid "mlockall() not supported on this platform!" msgstr "mlockall() wordt niet ondersteund op dit platform!" -#: src/tincd.c:427 +#: src/tincd.c:421 +msgid "Error initializing LZO compressor!" +msgstr "Fout tijdens initialiseren LZO compressor!" + +#: src/tincd.c:434 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:431 +#: src/tincd.c:438 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:434 src/process.c:353 +#: src/tincd.c:441 src/process.c:353 msgid "Not restarting." msgstr "Geen herstart." @@ -1088,22 +1093,22 @@ msgstr "Signaal %d (%s) genegeerd" msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:117 +#: src/route.c:118 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:151 +#: src/route.c:152 #, c-format msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" -#: src/route.c:261 +#: src/route.c:262 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:354 +#: src/route.c:355 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1112,19 +1117,19 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:407 +#: src/route.c:409 msgid "" "Cannot route packet: received unknown type neighbor solicitation request" msgstr "" "Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation " "verzoek" -#: src/route.c:426 +#: src/route.c:428 msgid "Cannot route packet: checksum error for neighbor solicitation request" msgstr "" "Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek" -#: src/route.c:436 +#: src/route.c:438 #, c-format msgid "" "Cannot route packet: neighbor solicitation request for unknown address %hx:%" @@ -1133,16 +1138,16 @@ msgstr "" "Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres %" "hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx" -#: src/route.c:516 +#: src/route.c:519 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:527 +#: src/route.c:530 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:585 +#: src/route.c:588 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" @@ -1187,130 +1192,135 @@ msgstr "Node %s (%s) werd bereikbaar" msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" -#: src/linux/device.c:90 src/freebsd/device.c:70 src/solaris/device.c:74 -#: src/netbsd/device.c:74 src/openbsd/device.c:74 +#: src/linux/device.c:92 src/freebsd/device.c:68 src/solaris/device.c:72 +#: src/netbsd/device.c:72 src/openbsd/device.c:72 #, c-format msgid "Could not open %s: %s" msgstr "Kon `%s' niet openen: %s" -#: src/linux/device.c:113 src/linux/device.c:120 -msgid "Linux tun/tap device" -msgstr "Linux tun/tap apparaat" +#: src/linux/device.c:103 +msgid "Linux tun/tap device (tun mode)" +msgstr "Linux tun/tap apparaat (tun modus)" -#: src/linux/device.c:118 +#: src/linux/device.c:107 +msgid "Linux tun/tap device (tap mode)" +msgstr "Linux tun/tap apparaat (tap modues)" + +#: src/linux/device.c:117 #, c-format msgid "Old ioctl() request was needed for %s" msgstr "Oud ioctl() verzoek was nodig voor %s" -#: src/linux/device.c:126 +#: src/linux/device.c:125 msgid "Linux ethertap device" msgstr "Linux ethertap apparaat" -#: src/linux/device.c:131 src/freebsd/device.c:85 src/solaris/device.c:133 -#: src/netbsd/device.c:89 src/openbsd/device.c:89 +#: src/linux/device.c:130 src/freebsd/device.c:74 src/solaris/device.c:121 +#: src/netbsd/device.c:78 src/openbsd/device.c:78 #, c-format msgid "%s is a %s" msgstr "%s is een %s" -#: src/linux/device.c:157 src/linux/device.c:168 src/freebsd/device.c:108 -#: src/solaris/device.c:152 src/netbsd/device.c:108 src/openbsd/device.c:110 +#: src/linux/device.c:157 src/linux/device.c:168 src/linux/device.c:179 +#: src/freebsd/device.c:97 src/solaris/device.c:140 src/netbsd/device.c:97 +#: src/openbsd/device.c:99 #, c-format msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" -#: src/linux/device.c:179 src/freebsd/device.c:118 src/solaris/device.c:167 -#: src/netbsd/device.c:123 src/openbsd/device.c:143 +#: src/linux/device.c:191 src/freebsd/device.c:107 src/solaris/device.c:153 +#: src/netbsd/device.c:110 src/openbsd/device.c:129 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" -#: src/linux/device.c:191 src/freebsd/device.c:129 src/solaris/device.c:179 -#: src/netbsd/device.c:135 src/openbsd/device.c:159 +#: src/linux/device.c:203 src/freebsd/device.c:118 src/solaris/device.c:165 +#: src/netbsd/device.c:122 src/openbsd/device.c:145 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" -#: src/linux/device.c:196 src/linux/device.c:204 src/solaris/device.c:183 -#: src/netbsd/device.c:139 src/openbsd/device.c:185 +#: src/linux/device.c:210 src/linux/device.c:217 src/linux/device.c:226 +#: src/solaris/device.c:169 src/netbsd/device.c:126 src/openbsd/device.c:171 #, c-format msgid "Can't write to %s %s: %s" msgstr "Kan niet schrijven naar %s %s: %s" -#: src/linux/device.c:219 src/freebsd/device.c:145 src/solaris/device.c:197 -#: src/netbsd/device.c:151 src/openbsd/device.c:197 +#: src/linux/device.c:242 src/freebsd/device.c:134 src/solaris/device.c:183 +#: src/netbsd/device.c:138 src/openbsd/device.c:183 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" -#: src/linux/device.c:220 src/freebsd/device.c:146 src/solaris/device.c:198 -#: src/netbsd/device.c:152 src/openbsd/device.c:198 +#: src/linux/device.c:243 src/freebsd/device.c:135 src/solaris/device.c:184 +#: src/netbsd/device.c:139 src/openbsd/device.c:184 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" -#: src/linux/device.c:221 src/freebsd/device.c:147 src/solaris/device.c:199 -#: src/netbsd/device.c:153 src/openbsd/device.c:199 +#: src/linux/device.c:244 src/freebsd/device.c:136 src/solaris/device.c:185 +#: src/netbsd/device.c:140 src/openbsd/device.c:185 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" -#: src/freebsd/device.c:83 +#: src/freebsd/device.c:72 msgid "FreeBSD tap device" msgstr "FreeBSD tap apparaat" -#: src/freebsd/device.c:133 +#: src/freebsd/device.c:122 #, c-format msgid "Error while writing to %s %s: %s" msgstr "Fout tijdens schrijven naar %s %s: %s" -#: src/solaris/device.c:86 +#: src/solaris/device.c:84 #, c-format msgid "Could not open /dev/ip: %s" msgstr "Kon /dev/ip niet openen: %s" -#: src/solaris/device.c:92 +#: src/solaris/device.c:90 #, c-format msgid "Can't assign new interface: %s" msgstr "Kan geen nieuwe interface toekennen: %s" -#: src/solaris/device.c:97 +#: src/solaris/device.c:95 #, c-format msgid "Could not open %s twice: %s" msgstr "Kon `%s' niet twee keer openen: %s" -#: src/solaris/device.c:103 +#: src/solaris/device.c:101 #, c-format msgid "Can't push IP module: %s" msgstr "Kan IP module niet invoegen: %s" -#: src/solaris/device.c:109 +#: src/solaris/device.c:107 #, c-format msgid "Can't set PPA %d: %s" msgstr "Kon PPA %d niet instellen: %s" -#: src/solaris/device.c:114 +#: src/solaris/device.c:112 #, c-format msgid "Can't link TUN device to IP: %s" msgstr "Kan TUN apparaat niet koppelen aan IP: %s" -#: src/solaris/device.c:121 +#: src/solaris/device.c:119 msgid "Solaris tun device" msgstr "Solaris tun apparaat" -#: src/netbsd/device.c:87 +#: src/netbsd/device.c:76 msgid "NetBSD tun device" msgstr "NetBSD tun apparaat" -#: src/openbsd/device.c:87 +#: src/openbsd/device.c:76 msgid "OpenBSD tun device" msgstr "OpenBSD tun apparaat" -#: src/openbsd/device.c:133 +#: src/openbsd/device.c:119 #, c-format msgid "Unknown address family %d while reading packet from %s %s" msgstr "Onbekende adresfamilie %d tijdens lezen pakket van %s %s" -#: src/openbsd/device.c:174 +#: src/openbsd/device.c:160 #, c-format msgid "Unknown address family %d while writing packet to %s %s" msgstr "Onbekende adresfamilie %d tijdens schrijven pakket naar %s %s" From c3593491d44e8e8f239bb297f5d5f6541d581b78 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 11 Jun 2003 20:36:36 +0000 Subject: [PATCH 744/923] Typo and conversion to UTF-8. --- po/nl.po | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/po/nl.po b/po/nl.po index 86563076..da4bf6f9 100644 --- a/po/nl.po +++ b/po/nl.po @@ -11,7 +11,7 @@ msgstr "" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" #: src/conf.c:175 @@ -162,7 +162,7 @@ msgstr "Fout op metadata socket voor %s (%s): %s" #: src/meta.c:130 #, c-format msgid "Connection closed by %s (%s)" -msgstr "Verbinding beëindigd door %s (%s)" +msgstr "Verbinding beëindigd door %s (%s)" #: src/meta.c:135 #, c-format @@ -186,7 +186,7 @@ msgstr "Verwijdering node %s (%s)" #: src/net.c:188 #, c-format msgid "Closing connection with %s (%s)" -msgstr "Beëindigen verbinding met %s (%s)" +msgstr "Beëindigen verbinding met %s (%s)" #: src/net.c:242 #, c-format @@ -225,7 +225,7 @@ msgstr "Legen taakrij" #: src/net.c:425 msgid "Unable to reread configuration file, exitting." -msgstr "Kan configuratiebestand niet herlezen, beëindigen." +msgstr "Kan configuratiebestand niet herlezen, beëindigen." #: src/net_packet.c:153 #, c-format @@ -348,12 +348,12 @@ msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" #: src/net_setup.c:210 #, c-format msgid "Error reading RSA private key file `%s': %s" -msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" +msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" #: src/net_setup.c:222 #, c-format msgid "Reading RSA private key file `%s' failed: %s" -msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" +msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" #: src/net_setup.c:252 src/net_setup.c:253 msgid "MYSELF" @@ -533,7 +533,7 @@ msgstr "%s poort %s" #, c-format msgid "sockaddrcmp() was called with unknown address family %d, exitting!" msgstr "" -"sockaddrcmp() werd aangeroepen met onbekende adresfamilie %d, beëindigen!" +"sockaddrcmp() werd aangeroepen met onbekende adresfamilie %d, beëindigen!" #: src/protocol.c:77 #, c-format @@ -794,12 +794,12 @@ msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in zijn subnet boom" #, c-format msgid "subnet_compare() was called with unknown subnet type %d, exitting!" msgstr "" -"subnet_compare() werd aangeroepen met onbekend subnet type %d, beëindigen!" +"subnet_compare() werd aangeroepen met onbekend subnet type %d, beëindigen!" #: src/subnet.c:299 #, c-format msgid "net2str() was called with unknown subnet type %d, exiting!" -msgstr "net2str() werd aangeroepen met onbekend subnet type %d, beëindigen!" +msgstr "net2str() werd aangeroepen met onbekend subnet type %d, beëindigen!" #: src/subnet.c:414 msgid "Subnet list:" @@ -845,12 +845,12 @@ msgstr "" " -D, --no-detach Start geen nieuw proces.\n" " -d, --debug[=NIVEAU] Verhoog debugniveau of stel het in op NIVEAU.\n" " -k, --kill[=SIGNAAL] Poging tot zenden signaal naar lopende tincd en " -"beëindig.\n" +"beëindig.\n" " -n, --net=NETNAAM Verbind met net NETNAAM.\n" -" -K, --generate-keys[=BITS] Genereer publiek/privé RSA sleutelpaar.\n" +" -K, --generate-keys[=BITS] Genereer publiek/privé RSA sleutelpaar.\n" " -L, --mlock Houd tinc vast in het centrale geheugen.\n" -" --help Geef deze hulp en beëindig.\n" -" --version Geef versie informatie en beëindig.\n" +" --help Geef deze hulp en beëindig.\n" +" --version Geef versie informatie en beëindig.\n" "\n" #: src/tincd.c:124 @@ -865,7 +865,7 @@ msgid "" "Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, " "USR1, USR2, WINCH, INT or ALRM.\n" msgstr "" -"Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, " +"Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, " "KILL, USR1, USR2, WINCH, INT of ALRM.\n" #: src/tincd.c:201 @@ -899,7 +899,7 @@ msgid "" "Make sure only one key is stored in the file.\n" msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" -"Let er op dat er slechts één sleutel in het bestand is.\n" +"Let er op dat er slechts één sleutel in het bestand is.\n" #: src/tincd.c:297 msgid "private RSA key" @@ -956,11 +956,11 @@ msgstr "Geen herstart." #: src/process.c:69 #, c-format msgid "Memory exhausted (couldn't allocate %d bytes), exitting." -msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." +msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." #: src/process.c:101 msgid "Terminating" -msgstr "Beëindigen" +msgstr "Beëindigen" #: src/process.c:120 #, c-format @@ -1022,7 +1022,7 @@ msgstr "Uitvoeren script %s" #: src/process.c:279 #, c-format msgid "Process %d (%s) exited with non-zero status %d" -msgstr "Proces %d (%s) beëindigde met status %d" +msgstr "Proces %d (%s) beëindigde met status %d" #: src/process.c:285 #, c-format @@ -1032,7 +1032,7 @@ msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" #: src/process.c:290 #, c-format msgid "Process %d (%s) terminated abnormally" -msgstr "Proces %d (%s) abnormaal beëindigd" +msgstr "Proces %d (%s) abnormaal beëindigd" #: src/process.c:314 msgid "Got TERM signal" @@ -1204,7 +1204,7 @@ msgstr "Linux tun/tap apparaat (tun modus)" #: src/linux/device.c:107 msgid "Linux tun/tap device (tap mode)" -msgstr "Linux tun/tap apparaat (tap modues)" +msgstr "Linux tun/tap apparaat (tap modus)" #: src/linux/device.c:117 #, c-format From 8bfa554af97ee0694919b9f5b78ada89c6af62f5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 12 Jun 2003 11:08:40 +0000 Subject: [PATCH 745/923] There are two lzo compression levels. --- doc/tinc.conf.5 | 2 +- doc/tinc.texi | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index 77232408..ad4fa1d7 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -238,7 +238,7 @@ will turn off packet encryption. .It Va Compression Li = Ar level Pq 0 This option sets the level of compression used for UDP packets. Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), -and 10 (lzo). +10 (fast lzo) and 11 (best lzo). .It Va Digest Li = Ar digest Pq sha1 The digest algorithm used to authenticate UDP packets. Any digest supported by OpenSSL is recognised. diff --git a/doc/tinc.texi b/doc/tinc.texi index 2214d49f..838226bc 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.36 2003/06/11 20:18:48 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.37 2003/06/12 11:08:40 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.36 2003/06/11 20:18:48 guus Exp $ +$Id: tinc.texi,v 1.8.4.37 2003/06/12 11:08:40 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2002 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.36 2003/06/11 20:18:48 guus Exp $ +$Id: tinc.texi,v 1.8.4.37 2003/06/12 11:08:40 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -1001,7 +1001,7 @@ Any cipher supported by OpenSSL is recognized. @item Compression = (0) This option sets the level of compression used for UDP packets. Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), -and 10 (lzo). +10 (fast lzo) and 11 (best lzo). @cindex Digest @item Digest = (sha1) From 9528a63c35da77ba5b825068aeffbc5587816dd5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 25 Jun 2003 20:52:59 +0000 Subject: [PATCH 746/923] Really make tinc default to any addressfamily. --- src/net_setup.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index 44d0c744..e279d374 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.31 2003/05/06 21:13:17 guus Exp $ + $Id: net_setup.c,v 1.1.2.32 2003/06/25 20:52:59 guus Exp $ */ #include "config.h" @@ -368,8 +368,7 @@ int setup_myself(void) return -1; } free(afname); - } else - addressfamily = AF_INET; + } get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames); From 6c7172d694dcb80e538518282b6c4bd51818f1d2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 25 Jun 2003 20:55:05 +0000 Subject: [PATCH 747/923] This subtle pointer arithmetic thingy is (I'm very sure of it) the cause of the lingering connections problem. Hopefully it is fixed now... --- src/connection.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/connection.c b/src/connection.c index b9a3c237..e4e8fad8 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.35 2002/09/10 22:12:33 guus Exp $ + $Id: connection.c,v 1.1.2.36 2003/06/25 20:55:05 guus Exp $ */ #include "config.h" @@ -44,7 +44,7 @@ connection_t *broadcast; int connection_compare(connection_t *a, connection_t *b) { - return a - b; + return (void *)a - (void *)b; } void init_connections(void) From 81f5713ab71944d51703653eab7f364fba0c482e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 6 Jul 2003 17:15:25 +0000 Subject: [PATCH 748/923] - simplify configure.in - drop support for OpenSSL < 0.9.7 - add some missing definitions/includes --- configure.in | 33 +++++++-------------------------- m4/openssl.m4 | 11 +++++++++-- src/net.c | 7 ++----- src/net.h | 8 +++++++- src/protocol_auth.c | 6 +----- src/route.c | 20 +++++++++++++++++--- src/tincd.c | 14 +------------- 7 files changed, 44 insertions(+), 55 deletions(-) diff --git a/configure.in b/configure.in index 83e1faec..0e767601 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.61 2003/05/06 21:13:13 guus Exp $ +dnl $Id: configure.in,v 1.13.2.62 2003/07/06 17:15:24 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -101,32 +101,13 @@ AC_TYPE_SIZE_T AC_HEADER_TIME AC_STRUCT_TM -AC_CACHE_CHECK([for socklen_t], ac_cv_type_socklen_t, -[ - AC_TRY_COMPILE( +AC_CHECK_TYPES([socklen_t, struct addrinfo, struct sockaddr_in6], , , [#include - #include ], - [socklen_t len = 42; return len;], - ac_cv_type_socklen_t=yes, - ac_cv_type_socklen_t=no) -]) -if test $ac_cv_type_socklen_t = yes; then - AC_DEFINE(HAVE_SOCKLEN_T, 1, [socklen_t available]) -fi - -AC_CACHE_CHECK([for struct addrinfo], ac_cv_struct_addrinfo, -[ - AC_TRY_COMPILE( - [#include - #include - #include ], - [struct addrinfo ai; ai.ai_family = AF_INET; return ai.ai_family;], - ac_cv_struct_addrinfo=yes, - ac_cv_struct_addrinfo=no) -]) -if test $ac_cv_struct_addrinfo = yes; then - AC_DEFINE(HAVE_STRUCT_ADDRINFO, 1, [struct addrinfo available]) -fi + #include + #include + #include + ] +) dnl Checks for library functions. AC_FUNC_MEMCMP diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 79dd3c11..1a61a8b5 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -29,13 +29,20 @@ AC_DEFUN(tinc_OPENSSL, [AC_MSG_ERROR([OpenSSL libraries not found.])] ) - AC_CHECK_FUNCS([RAND_pseudo_bytes OPENSSL_add_all_algorithms_noconf OpenSSL_add_all_algorithms SSLeay_add_all_algorithms]) + AC_CHECK_FUNCS([RAND_pseudo_bytes EVP_EncryptInit_ex], , + [AC_MSG_ERROR([Missing OpenSSL functionality, make sure you have installed the latest version.]); break], + ) + + AC_CHECK_DECL([OpenSSL_add_all_algorithms], , + [AC_MSG_ERROR([Missing OpenSSL functionality, make sure you have installed the latest version.]); break], + [#include ] + ) AC_CHECK_FUNC(dlopen, [], [AC_CHECK_LIB(dl, dlopen, [LIBS="$LIBS -ldl"], - [AC_MSG_ERROR([OpenSSL depends on libdl.])] + [AC_MSG_ERROR([OpenSSL depends on libdl.]); break] )] ) ]) diff --git a/src/net.c b/src/net.c index 582c90a5..52e9bf88 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.186 2003/05/06 21:13:14 guus Exp $ + $Id: net.c,v 1.35.4.187 2003/07/06 17:15:25 guus Exp $ */ #include "config.h" @@ -31,6 +31,7 @@ #include #include #include +#include #include #include #include @@ -73,10 +74,6 @@ #include "system.h" -#ifndef HAVE_RAND_PSEUDO_BYTES -#define RAND_pseudo_bytes RAND_bytes -#endif - int do_purge = 0; int sighup = 0; int sigalrm = 0; diff --git a/src/net.h b/src/net.h index ae384024..083cb235 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.58 2003/05/07 11:21:58 guus Exp $ + $Id: net.h,v 1.9.4.59 2003/07/06 17:15:25 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -70,13 +70,19 @@ typedef short length_t; typedef union { struct sockaddr sa; struct sockaddr_in in; +#ifdef HAVE_STRUCT_SOCKADDR_IN6 struct sockaddr_in6 in6; +#endif } sockaddr_t; #ifdef SA_LEN #define SALEN(s) SA_LEN(&s) #else +#ifdef HAVE_STRUCT_SOCKADDR_IN6 #define SALEN(s) (s.sa_family==AF_INET?sizeof(struct sockaddr_in):sizeof(struct sockaddr_in6)) +#else +#define SALEN(s) (sizeof sockaddr_in) +#endif #endif typedef struct vpn_packet_t { diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 134e0f06..962f6811 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.19 2003/01/17 00:37:20 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.20 2003/07/06 17:15:25 guus Exp $ */ #include "config.h" @@ -37,10 +37,6 @@ #include #include -#ifndef HAVE_RAND_PSEUDO_BYTES -#define RAND_pseudo_bytes RAND_bytes -#endif - #include "conf.h" #include "net.h" #include "netutl.h" diff --git a/src/route.c b/src/route.c index 261462e2..3a1cbdfe 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.51 2003/06/11 19:40:43 guus Exp $ + $Id: route.c,v 1.1.2.52 2003/07/06 17:15:25 guus Exp $ */ #include "config.h" @@ -60,10 +60,24 @@ #include "system.h" +/* Missing definitions */ + #ifndef ETHER_ADDR_LEN #define ETHER_ADDR_LEN 6 #endif +#ifndef ICMP_DEST_UNREACH +#define ICMP_DEST_UNREACH 3 +#endif + +#ifndef ICMP_NET_UNKNOWN +#define ICMP_NET_UNKNOWN 6 +#endif + +#ifndef ICMP_NET_UNREACH +#define ICMP_NET_UNREACH 0 +#endif + int routing_mode = RMODE_ROUTER; int priorityinheritance = 0; int macexpire = 600; @@ -210,8 +224,8 @@ void route_ipv4_unreachable(vpn_packet_t *packet, uint8_t code) memcpy(&ip_dst, &hdr->ip_dst, 4); oldlen = packet->len - 14; - if(oldlen >= IP_MSS - sizeof(*hdr) - sizeof(struct icmphdr)) - oldlen = IP_MSS - sizeof(*hdr) - sizeof(struct icmphdr); + if(oldlen >= IP_MSS - sizeof(*hdr) - sizeof(*icmp)) + oldlen = IP_MSS - sizeof(*hdr) - sizeof(*icmp); /* Copy first part of original contents to ICMP message */ diff --git a/src/tincd.c b/src/tincd.c index 7e28bcb2..989eb76d 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.68 2003/06/11 19:07:56 guus Exp $ + $Id: tincd.c,v 1.10.4.69 2003/07/06 17:15:25 guus Exp $ */ #include "config.h" @@ -395,19 +395,7 @@ int main(int argc, char **argv, char **envp) RAND_load_file("/dev/urandom", 1024); -#ifdef HAVE_OPENSSL_ADD_ALL_ALGORITHMS_NOCONF - OPENSSL_add_all_algorithms_noconf(); -#else -#ifdef HAVE_OPENSSL_ADD_ALL_ALGORITHMS OpenSSL_add_all_algorithms(); -#else -#ifdef HAVE_SSLEAY_ADD_ALL_ALGORITHMS - SSLeay_add_all_algorithms(); -#else -#error No add_all_algorithms function available! -#endif -#endif -#endif if(generate_keys) { read_server_config(); From 868104703003605711582c984b57f8933bf361ee Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 6 Jul 2003 17:49:49 +0000 Subject: [PATCH 749/923] Check for IPv6 header files. --- configure.in | 4 ++-- src/route.c | 20 ++++++++++++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/configure.in b/configure.in index 0e767601..fb131893 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.62 2003/07/06 17:15:24 guus Exp $ +dnl $Id: configure.in,v 1.13.2.63 2003/07/06 17:49:49 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -87,7 +87,7 @@ dnl Checks for header files. AC_HEADER_STDC AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \ sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h]) -AC_CHECK_HEADERS([net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h], [], [], +AC_CHECK_HEADERS([net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h netinet/ip6.h], [], [], [#include #include #ifdef HAVE_NETINET_IN_SYSTM_H diff --git a/src/route.c b/src/route.c index 3a1cbdfe..b6ec0dc0 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.52 2003/07/06 17:15:25 guus Exp $ + $Id: route.c,v 1.1.2.53 2003/07/06 17:49:49 guus Exp $ */ #include "config.h" @@ -38,8 +38,10 @@ #endif #include #include +#ifdef HAVE_NETINET_IP6_H #include #include +#endif #include #include #include @@ -288,6 +290,8 @@ node_t *route_ipv4(vpn_packet_t *packet) return subnet->owner; } +#ifdef HAVE_NETINET_IP6_H + /* RFC 2463 */ void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) @@ -356,6 +360,8 @@ void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) write_packet(packet); } +#endif + node_t *route_ipv6(vpn_packet_t *packet) { subnet_t *subnet; @@ -376,17 +382,23 @@ node_t *route_ipv6(vpn_packet_t *packet) ntohs(*(uint16_t *) & packet->data[50]), ntohs(*(uint16_t *) & packet->data[52])); } +#ifdef HAVE_NETINET_IP6_H route_ipv6_unreachable(packet, ICMP6_DST_UNREACH_ADDR); +#endif return NULL; } +#ifdef HAVE_NETINET_IP6_H if(!subnet->owner->status.reachable) route_ipv6_unreachable(packet, ICMP6_DST_UNREACH_NOROUTE); - +#endif + return subnet->owner; } +#ifdef HAVE_NETINET_IP6_H + /* RFC 2461 */ void route_neighborsol(vpn_packet_t *packet) @@ -503,6 +515,8 @@ void route_neighborsol(vpn_packet_t *packet) write_packet(packet); } +#endif + /* RFC 826 */ void route_arp(vpn_packet_t *packet) @@ -586,10 +600,12 @@ void route_outgoing(vpn_packet_t *packet) break; case 0x86DD: +#ifdef HAVE_NETINET_IP6_H if(packet->data[20] == IPPROTO_ICMPV6 && packet->data[54] == ND_NEIGHBOR_SOLICIT) { route_neighborsol(packet); return; } +#endif n = route_ipv6(packet); break; From 0b9175e998c2180e5d73ef3d644a49d620c68cad Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 6 Jul 2003 22:11:37 +0000 Subject: [PATCH 750/923] Define logger(), cleans up source code and allows us to write log entries to a separate file. --- configure.in | 4 +- lib/utils.h | 12 ------ src/Makefile.am | 6 +-- src/conf.c | 42 +++++++++--------- src/conf.h | 3 +- src/connection.c | 10 ++--- src/cygwin/device.c | 26 +++++------ src/darwin/device.c | 25 +++++------ src/edge.c | 10 ++--- src/freebsd/device.c | 25 +++++------ src/graph.c | 27 +++++------- src/linux/device.c | 36 +++++++--------- src/logger.c | 95 +++++++++++++++++++++++++++++++++++++++++ src/logger.h | 43 +++++++++++++++++++ src/meta.c | 20 ++++----- src/net.c | 33 ++++++-------- src/net_packet.c | 59 ++++++++++--------------- src/net_setup.c | 50 +++++++++++----------- src/net_socket.c | 56 +++++++++++------------- src/netbsd/device.c | 25 +++++------ src/netutl.c | 16 +++---- src/node.c | 11 ++--- src/openbsd/device.c | 34 ++++++--------- src/process.c | 92 ++++++++++++++++++--------------------- src/protocol.c | 49 +++++++++++---------- src/protocol_auth.c | 61 +++++++++++++------------- src/protocol_edge.c | 37 +++++++--------- src/protocol_key.c | 30 ++++++------- src/protocol_misc.c | 18 +++----- src/protocol_subnet.c | 16 +++---- src/raw_socket/device.c | 29 ++++++------- src/route.c | 41 ++++++------------ src/solaris/device.c | 38 ++++++++--------- src/subnet.c | 14 +++--- src/tincd.c | 49 ++++++++++++--------- 35 files changed, 582 insertions(+), 560 deletions(-) create mode 100644 src/logger.c create mode 100644 src/logger.h diff --git a/configure.in b/configure.in index fb131893..ddff0926 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.63 2003/07/06 17:49:49 guus Exp $ +dnl $Id: configure.in,v 1.13.2.64 2003/07/06 22:11:31 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -114,7 +114,7 @@ AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime get_current_dir_name \ -putenv select strdup strerror strsignal strtol unsetenv mlockall]) +putenv select strdup strerror strsignal strtol unsetenv mlockall vsyslog]) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/lib/utils.h b/lib/utils.h index 7a953a3e..ec93e8c2 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -26,18 +26,6 @@ #include "fake-getaddrinfo.h" #include "fake-getnameinfo.h" -enum { - DEBUG_NOTHING = 0, /* Quiet mode, only show starting/stopping of the daemon */ - DEBUG_CONNECTIONS = 1, /* Show (dis)connects of other tinc daemons via TCP */ - DEBUG_ERROR = 2, /* Show error messages received from other hosts */ - DEBUG_STATUS = 2, /* Show status messages received from other hosts */ - DEBUG_PROTOCOL = 3, /* Show the requests that are sent/received */ - DEBUG_META = 4, /* Show contents of every request that is sent/received */ - DEBUG_TRAFFIC = 5, /* Show network traffic information */ - DEBUG_PACKET = 6, /* Show contents of each packet that is being sent/received */ - DEBUG_SCARY_THINGS = 10 /* You have been warned */ -}; - #define min(a,b) (((a)<(b))?(a):(b)) #ifdef ENABLE_TRACING diff --git a/src/Makefile.am b/src/Makefile.am index bc34d532..0b7c8cd0 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,17 +1,17 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.29 2003/06/07 13:18:31 guus Exp $ +# $Id: Makefile.am,v 1.4.4.30 2003/07/06 22:11:31 guus Exp $ sbin_PROGRAMS = tincd EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c netbsd/device.c darwin/device.c cygwin/device.c -tincd_SOURCES = conf.c connection.c device.c edge.c event.c graph.c meta.c net.c net_packet.c net_setup.c \ +tincd_SOURCES = conf.c connection.c device.c edge.c event.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \ net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \ protocol_key.c protocol_subnet.c route.c subnet.c tincd.c INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib -noinst_HEADERS = conf.h connection.h device.h edge.h event.h graph.h meta.h net.h netutl.h node.h process.h \ +noinst_HEADERS = conf.h connection.h device.h edge.h event.h graph.h logger.h meta.h net.h netutl.h node.h process.h \ protocol.h route.h subnet.h LIBS = @LIBS@ @LIBINTL@ diff --git a/src/conf.c b/src/conf.c index de39cf97..ef1ee50f 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.61 2002/09/15 12:26:24 guus Exp $ + $Id: conf.c,v 1.9.4.62 2003/07/06 22:11:31 guus Exp $ */ #include "config.h" @@ -30,11 +30,9 @@ #include #include #include -#include #include #include #include -#include #include #include @@ -43,12 +41,12 @@ #include "conf.h" #include "netutl.h" /* for str2address */ +#include "logger.h" #include "system.h" avl_tree_t *config_tree; -int debug_lvl = 0; int pingtimeout = 0; /* seconds before timeout */ char *confbase = NULL; /* directory in which all config files are */ char *netname = NULL; /* name of the vpn network */ @@ -172,7 +170,7 @@ int get_config_bool(config_t *cfg, int *result) return 1; } - syslog(LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"), + logger(DEBUG_ALWAYS, LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); return 0; @@ -188,7 +186,7 @@ int get_config_int(config_t *cfg, int *result) if(sscanf(cfg->value, "%d", result) == 1) return 1; - syslog(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); return 0; @@ -222,7 +220,7 @@ int get_config_address(config_t *cfg, struct addrinfo **result) return 1; } - syslog(LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); return 0; @@ -240,7 +238,7 @@ int get_config_subnet(config_t *cfg, subnet_t ** result) subnet = str2net(cfg->value); if(!subnet) { - syslog(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); return 0; } @@ -251,7 +249,7 @@ int get_config_subnet(config_t *cfg, subnet_t ** result) && maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) || ((subnet->type == SUBNET_IPV6) && maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) { - syslog(LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"), + logger(DEBUG_ALWAYS, LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); free(subnet); return 0; @@ -350,7 +348,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) fp = fopen(fname, "r"); if(!fp) { - syslog(LOG_ERR, _("Cannot open config file %s: %s"), fname, + logger(DEBUG_ALWAYS, LOG_ERR, _("Cannot open config file %s: %s"), fname, strerror(errno)); return -3; } @@ -388,7 +386,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) value = strtok(NULL, "\t\n\r ="); if(!value || value[0] == '#') { - syslog(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), variable, lineno, fname); break; } @@ -423,7 +421,7 @@ int read_server_config() x = read_config_file(config_tree, fname); if(x == -1) { /* System error: complain */ - syslog(LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno)); } free(fname); @@ -450,7 +448,7 @@ int is_safe_path(const char *file) char l[MAXBUFSIZE]; if(*file != '/') { - syslog(LOG_ERR, _("`%s' is not an absolute path"), file); + logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' is not an absolute path"), file); return 0; } @@ -466,21 +464,21 @@ int is_safe_path(const char *file) check1: if(lstat(f, &s) < 0) { - syslog(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); return 0; } if(s.st_uid != geteuid()) { - syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), + logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' is owned by UID %d instead of %d"), f, s.st_uid, geteuid()); return 0; } if(S_ISLNK(s.st_mode)) { - syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), f); + logger(DEBUG_ALWAYS, LOG_WARNING, _("Warning: `%s' is a symlink"), f); if(readlink(f, l, MAXBUFSIZE) < 0) { - syslog(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, + logger(DEBUG_ALWAYS, LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, strerror(errno)); return 0; } @@ -494,7 +492,7 @@ check1: check2: if(lstat(f, &s) < 0 && errno != ENOENT) { - syslog(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); return 0; } @@ -502,16 +500,16 @@ check2: return 1; if(s.st_uid != geteuid()) { - syslog(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), + logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' is owned by UID %d instead of %d"), f, s.st_uid, geteuid()); return 0; } if(S_ISLNK(s.st_mode)) { - syslog(LOG_WARNING, _("Warning: `%s' is a symlink"), f); + logger(DEBUG_ALWAYS, LOG_WARNING, _("Warning: `%s' is a symlink"), f); if(readlink(f, l, MAXBUFSIZE) < 0) { - syslog(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, + logger(DEBUG_ALWAYS, LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, strerror(errno)); return 0; } @@ -522,7 +520,7 @@ check2: if(s.st_mode & 0007) { /* Accessible by others */ - syslog(LOG_ERR, _("`%s' has unsecure permissions"), f); + logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' has unsecure permissions"), f); return 0; } diff --git a/src/conf.h b/src/conf.h index 77ec5c97..64c87753 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.35 2002/09/15 12:26:24 guus Exp $ + $Id: conf.h,v 1.6.4.36 2003/07/06 22:11:31 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -40,7 +40,6 @@ typedef struct config_t { extern avl_tree_t *config_tree; -extern int debug_lvl; extern int pingtimeout; extern int maxtimeout; extern int bypass_security; diff --git a/src/connection.c b/src/connection.c index e4e8fad8..4d6e30b2 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,13 +17,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.36 2003/06/25 20:55:05 guus Exp $ + $Id: connection.c,v 1.1.2.37 2003/07/06 22:11:31 guus Exp $ */ #include "config.h" #include -#include #include #include @@ -35,6 +34,7 @@ #include "conf.h" #include #include "subnet.h" +#include "logger.h" #include "xalloc.h" #include "system.h" @@ -124,15 +124,15 @@ void dump_connections(void) cp(); - syslog(LOG_DEBUG, _("Connections:")); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Connections:")); for(node = connection_tree->head; node; node = node->next) { c = (connection_t *) node->data; - syslog(LOG_DEBUG, _(" %s at %s options %lx socket %d status %04x"), + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" %s at %s options %lx socket %d status %04x"), c->name, c->hostname, c->options, c->socket, c->status); } - syslog(LOG_DEBUG, _("End of connections.")); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("End of connections.")); } int read_connection_config(connection_t *c) diff --git a/src/cygwin/device.c b/src/cygwin/device.c index 9b06d4d1..e706d57f 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.5 2003/06/11 19:28:36 guus Exp $ + $Id: device.c,v 1.1.2.6 2003/07/06 22:11:33 guus Exp $ */ #include "config.h" @@ -28,13 +28,12 @@ #include #include #include -#include #include #include #include "conf.h" #include "net.h" -#include "subnet.h" +#include "logger.h" #include "system.h" @@ -60,13 +59,13 @@ int setup_device(void) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } device_info = _("Stub device for Cygwin environment"); - syslog(LOG_INFO, _("%s is a %s"), device, device_info); + logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -85,7 +84,7 @@ int read_packet(vpn_packet_t *packet) cp(); if((lenin = read(device_fd, packet->data, MTU)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -94,10 +93,8 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - } return 0; } @@ -106,12 +103,11 @@ int write_packet(vpn_packet_t *packet) { cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); if(write(device_fd, packet->data, packet->len) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -125,7 +121,7 @@ void dump_device_stats(void) { cp(); - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/darwin/device.c b/src/darwin/device.c index c08153fe..c919de72 100644 --- a/src/darwin/device.c +++ b/src/darwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.6 2003/06/11 19:28:36 guus Exp $ + $Id: device.c,v 1.1.2.7 2003/07/06 22:11:33 guus Exp $ */ #include "config.h" @@ -31,13 +31,12 @@ #include #include #include -#include #include #include #include "conf.h" #include "net.h" -#include "subnet.h" +#include "logger.h" #include "system.h" @@ -65,13 +64,13 @@ int setup_device(void) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } device_info = _("MacOS/X tun device"); - syslog(LOG_INFO, _("%s is a %s"), device, device_info); + logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -94,7 +93,7 @@ int read_packet(vpn_packet_t *packet) cp(); if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -106,8 +105,7 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); return 0; @@ -117,12 +115,11 @@ int write_packet(vpn_packet_t *packet) { cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { - syslog(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while writing to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -134,7 +131,7 @@ void dump_device_stats(void) { cp(); - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/edge.c b/src/edge.c index 0a47f8c8..f9d4d98d 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,13 +17,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.18 2002/09/10 22:12:33 guus Exp $ + $Id: edge.c,v 1.1.2.19 2003/07/06 22:11:31 guus Exp $ */ #include "config.h" #include -#include #include #include @@ -36,6 +35,7 @@ #include "subnet.h" #include "edge.h" #include "node.h" +#include "logger.h" #include "xalloc.h" #include "system.h" @@ -154,18 +154,18 @@ void dump_edges(void) cp(); - syslog(LOG_DEBUG, _("Edges:")); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Edges:")); for(node = node_tree->head; node; node = node->next) { n = (node_t *) node->data; for(node2 = n->edge_tree->head; node2; node2 = node2->next) { e = (edge_t *) node2->data; address = sockaddr2hostname(&e->address); - syslog(LOG_DEBUG, _(" %s to %s at %s options %lx weight %d"), + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" %s to %s at %s options %lx weight %d"), e->from->name, e->to->name, address, e->options, e->weight); free(address); } } - syslog(LOG_DEBUG, _("End of edges.")); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("End of edges.")); } diff --git a/src/freebsd/device.c b/src/freebsd/device.c index 86ed951b..91aa4611 100644 --- a/src/freebsd/device.c +++ b/src/freebsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.9 2003/06/11 19:28:37 guus Exp $ + $Id: device.c,v 1.1.2.10 2003/07/06 22:11:34 guus Exp $ */ #include "config.h" @@ -31,13 +31,12 @@ #include #include #include -#include #include #include #include "conf.h" #include "net.h" -#include "subnet.h" +#include "logger.h" #include "system.h" @@ -65,13 +64,13 @@ int setup_device(void) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } device_info = _("FreeBSD tap device"); - syslog(LOG_INFO, _("%s is a %s"), device, device_info); + logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -94,7 +93,7 @@ int read_packet(vpn_packet_t *packet) cp(); if((lenin = read(device_fd, packet->data, MTU)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -103,8 +102,7 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); return 0; @@ -114,12 +112,11 @@ int write_packet(vpn_packet_t *packet) { cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); if(write(device_fd, packet->data, packet->len) < 0) { - syslog(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while writing to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -131,7 +128,7 @@ void dump_device_stats(void) { cp(); - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/graph.c b/src/graph.c index f0a93aee..cb064a12 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.22 2003/01/17 00:37:17 guus Exp $ + $Id: graph.c,v 1.1.2.23 2003/07/06 22:11:31 guus Exp $ */ /* We need to generate two trees from the graph: @@ -47,7 +47,6 @@ #include "config.h" #include -#include #include #ifdef HAVE_SYS_PARAM_H #include @@ -63,6 +62,7 @@ #include "connection.h" #include "process.h" #include "device.h" +#include "logger.h" #include "system.h" @@ -95,8 +95,7 @@ void mst_kruskal(void) if(!edge_weight_tree->head) return; - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, "Running Kruskal's algorithm:"); + logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Running Kruskal's algorithm:"); /* Clear visited status on nodes */ @@ -132,8 +131,7 @@ void mst_kruskal(void) safe_edges++; - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name, + logger(DEBUG_SCARY_THINGS, LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name, e->to->name, e->weight); if(skipped) { @@ -143,8 +141,7 @@ void mst_kruskal(void) } } - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, "Done, counted %d nodes and %d safe edges.", nodes, + logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Done, counted %d nodes and %d safe edges.", nodes, safe_edges); } @@ -262,14 +259,12 @@ void sssp_bfs(void) if(n->status.visited != n->status.reachable) { n->status.reachable = !n->status.reachable; - if(debug_lvl >= DEBUG_TRAFFIC) { - if(n->status.reachable) - syslog(LOG_DEBUG, _("Node %s (%s) became reachable"), - n->name, n->hostname); - else - syslog(LOG_DEBUG, _("Node %s (%s) became unreachable"), - n->name, n->hostname); - } + if(n->status.reachable) + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Node %s (%s) became reachable"), + n->name, n->hostname); + else + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Node %s (%s) became unreachable"), + n->name, n->hostname); n->status.validkey = 0; n->status.waitingforkey = 0; diff --git a/src/linux/device.c b/src/linux/device.c index ea663846..686db6ab 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.15 2003/06/11 19:28:37 guus Exp $ + $Id: device.c,v 1.1.2.16 2003/07/06 22:11:35 guus Exp $ */ #include "config.h" @@ -29,7 +29,6 @@ #include #include #include -#include #include #include @@ -47,8 +46,8 @@ #include #include "conf.h" #include "net.h" -#include "subnet.h" #include "route.h" +#include "logger.h" #include "system.h" @@ -89,7 +88,7 @@ int setup_device(void) device_fd = open(device, O_RDWR | O_NONBLOCK); if(device_fd < 0) { - syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } @@ -114,7 +113,7 @@ int setup_device(void) strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); interface = ifrname; } else if(!ioctl(device_fd, (('T' << 8) | 202), (void *) &ifr)) { - syslog(LOG_WARNING, _("Old ioctl() request was needed for %s"), device); + logger(DEBUG_ALWAYS, LOG_WARNING, _("Old ioctl() request was needed for %s"), device); strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); interface = ifrname; } else @@ -127,7 +126,7 @@ int setup_device(void) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; } - syslog(LOG_INFO, _("%s is a %s"), device, device_info); + logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -154,7 +153,7 @@ int read_packet(vpn_packet_t *packet) lenin = read(device_fd, packet->data + 10, MTU - 10); if(lenin <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -165,7 +164,7 @@ int read_packet(vpn_packet_t *packet) lenin = read(device_fd, packet->data, MTU); if(lenin <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -176,7 +175,7 @@ int read_packet(vpn_packet_t *packet) lenin = read(device_fd, packet->data - 2, MTU + 2); if(lenin <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -187,10 +186,8 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - } return 0; } @@ -199,22 +196,21 @@ int write_packet(vpn_packet_t *packet) { cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); switch(device_type) { case DEVICE_TYPE_TUN: packet->data[10] = packet->data[11] = 0; if(write(device_fd, packet->data + 10, packet->len - 10) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } break; case DEVICE_TYPE_TAP: if(write(device_fd, packet->data, packet->len) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -223,7 +219,7 @@ int write_packet(vpn_packet_t *packet) *(short int *)(packet->data - 2) = packet->len; if(write(device_fd, packet->data - 2, packet->len + 2) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -239,7 +235,7 @@ void dump_device_stats(void) { cp(); - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/logger.c b/src/logger.c new file mode 100644 index 00000000..de662270 --- /dev/null +++ b/src/logger.c @@ -0,0 +1,95 @@ +/* + logger.c -- logging code + Copyright (C) 2003 Guus Sliepen + 2003 Ivo Timmermans + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: logger.c,v 1.1.2.1 2003/07/06 22:11:31 guus Exp $ +*/ + +#include +#include +#include + +#include "conf.h" +#include "logger.h" + +#include "system.h" + +volatile int debug_level = DEBUG_NOTHING; +int logmode = LOGMODE_STDERR; +pid_t logpid; +extern char *logfilename; +FILE *logfile = NULL; +const char *logident = NULL; + +void openlogger(const char *ident, int mode) { + char *fname; + + logident = ident; + logmode = mode; + + switch(mode) { + case LOGMODE_STDERR: + logpid = getpid(); + break; + case LOGMODE_FILE: + logpid = getpid(); + logfile = fopen(logfilename, "a"); + if(!logfile) + logmode = LOGMODE_NULL; + break; + case LOGMODE_SYSLOG: + openlog(logident, LOG_CONS | LOG_PID, LOG_DAEMON); + break; + } +} + +void vlogger(int priority, const char *format, va_list ap) { + switch(logmode) { + case LOGMODE_STDERR: + vfprintf(stderr, format, ap); + fprintf(stderr, "\n"); + break; + case LOGMODE_FILE: + fprintf(logfile, "%d %s[%d]: ", time(NULL), logident, logpid); + vfprintf(logfile, format, ap); + fprintf(logfile, "\n"); + break; + case LOGMODE_SYSLOG: +#ifdef HAVE_VSYSLOG + vsyslog(priority, format, ap); +#else + { + char message[4096]; + vsnprintf(message, sizeof(message), format, ap); + syslog(priority, "%s", message); + } +#endif + break; + } +} + +void closelogger(void) { + switch(logmode) { + case LOGMODE_FILE: + fclose(logfile); + break; + case LOGMODE_SYSLOG: + closelog(); + break; + } +} diff --git a/src/logger.h b/src/logger.h new file mode 100644 index 00000000..ec5f52f0 --- /dev/null +++ b/src/logger.h @@ -0,0 +1,43 @@ +#ifndef __TINC_LOGGER_H__ + +#include +#include + +enum { + DEBUG_NOTHING = 0, /* Quiet mode, only show starting/stopping of the daemon */ + DEBUG_ALWAYS = 0, + DEBUG_CONNECTIONS = 1, /* Show (dis)connects of other tinc daemons via TCP */ + DEBUG_ERROR = 2, /* Show error messages received from other hosts */ + DEBUG_STATUS = 2, /* Show status messages received from other hosts */ + DEBUG_PROTOCOL = 3, /* Show the requests that are sent/received */ + DEBUG_META = 4, /* Show contents of every request that is sent/received */ + DEBUG_TRAFFIC = 5, /* Show network traffic information */ + DEBUG_PACKET = 6, /* Show contents of each packet that is being sent/received */ + DEBUG_SCARY_THINGS = 10 /* You have been warned */ +}; + +enum { + LOGMODE_NULL, + LOGMODE_STDERR, + LOGMODE_FILE, + LOGMODE_SYSLOG +}; + +extern volatile int debug_level; +extern void openlogger(const char *, int); +extern void vlogger(int, const char *, va_list ap); +extern void closelogger(void); + +/* Inline logger function because it's used quite often */ + +static inline void logger(int level, int priority, const char *format, ...) { + va_list ap; + + if(level == DEBUG_ALWAYS || debug_level >= level) { + va_start(ap, format); + vlogger(priority, format, ap); + va_end(ap); + } +} + +#endif /* __TINC_LOGGER_H__ */ diff --git a/src/meta.c b/src/meta.c index e1e1c677..f7450fdf 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.33 2003/03/19 11:45:05 guus Exp $ + $Id: meta.c,v 1.1.2.34 2003/07/06 22:11:31 guus Exp $ */ #include "config.h" @@ -25,7 +25,6 @@ #include #include -#include #include #include /* This line must be below the rest for FreeBSD */ @@ -38,6 +37,7 @@ #include "connection.h" #include "system.h" #include "protocol.h" +#include "logger.h" int send_meta(connection_t *c, char *buffer, int length) { @@ -48,8 +48,7 @@ int send_meta(connection_t *c, char *buffer, int length) cp(); - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s)"), length, + logger(DEBUG_META, LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s)"), length, c->name, c->hostname); if(c->status.encryptout) { @@ -64,7 +63,7 @@ int send_meta(connection_t *c, char *buffer, int length) if(result <= 0) { if(errno == EINTR) continue; - syslog(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, c->hostname, strerror(errno)); return -1; } @@ -102,13 +101,13 @@ int receive_meta(connection_t *c) cp(); if(getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s %s (%s)"), __FILE__, + logger(DEBUG_ALWAYS, LOG_ERR, _("This is a bug: %s:%d: %d:%s %s (%s)"), __FILE__, __LINE__, c->socket, strerror(errno), c->name, c->hostname); return -1; } if(x) { - syslog(LOG_ERR, _("Metadata socket error for %s (%s): %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Metadata socket error for %s (%s): %s"), c->name, c->hostname, strerror(x)); return -1; } @@ -126,13 +125,12 @@ int receive_meta(connection_t *c) if(lenin <= 0) { if(lenin == 0) { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection closed by %s (%s)"), + logger(DEBUG_CONNECTIONS, LOG_NOTICE, _("Connection closed by %s (%s)"), c->name, c->hostname); } else if(errno == EINTR) return 0; else - syslog(LOG_ERR, _("Metadata socket read error for %s (%s): %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Metadata socket read error for %s (%s): %s"), c->name, c->hostname, strerror(errno)); return -1; @@ -195,7 +193,7 @@ int receive_meta(connection_t *c) } if(c->buflen >= MAXBUFSIZE) { - syslog(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), c->name, c->hostname); return -1; } diff --git a/src/net.c b/src/net.c index 52e9bf88..0f354cd7 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.187 2003/07/06 17:15:25 guus Exp $ + $Id: net.c,v 1.35.4.188 2003/07/06 22:11:32 guus Exp $ */ #include "config.h" @@ -32,7 +32,6 @@ #include #include #include -#include #include #include /* SunOS really wants sys/socket.h BEFORE net/if.h, @@ -71,6 +70,7 @@ #include "route.h" #include "device.h" #include "event.h" +#include "logger.h" #include "system.h" @@ -91,16 +91,14 @@ void purge(void) cp(); - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_DEBUG, _("Purging unreachable nodes")); + logger(DEBUG_PROTOCOL, LOG_DEBUG, _("Purging unreachable nodes")); for(nnode = node_tree->head; nnode; nnode = nnext) { nnext = nnode->next; n = (node_t *) nnode->data; if(!n->status.reachable) { - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, _("Purging node %s (%s)"), n->name, + logger(DEBUG_SCARY_THINGS, LOG_DEBUG, _("Purging node %s (%s)"), n->name, n->hostname); for(snode = n->subnet_tree->head; snode; snode = snext) { @@ -181,8 +179,7 @@ void terminate_connection(connection_t *c, int report) if(c->status.remove) return; - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Closing connection with %s (%s)"), + logger(DEBUG_CONNECTIONS, LOG_NOTICE, _("Closing connection with %s (%s)"), c->name, c->hostname); c->status.remove = 1; @@ -235,8 +232,7 @@ void check_dead_connections(void) if(c->last_ping_time + pingtimeout < now) { if(c->status.active) { if(c->status.pinged) { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_INFO, _("%s (%s) didn't respond to PING"), + logger(DEBUG_CONNECTIONS, LOG_INFO, _("%s (%s) didn't respond to PING"), c->name, c->hostname); c->status.timeout = 1; terminate_connection(c, 1); @@ -245,13 +241,12 @@ void check_dead_connections(void) } } else { if(c->status.remove) { - syslog(LOG_WARNING, _("Old connection_t for %s (%s) status %04x still lingering, deleting..."), + logger(DEBUG_ALWAYS, LOG_WARNING, _("Old connection_t for %s (%s) status %04x still lingering, deleting..."), c->name, c->hostname, c->status); connection_del(c); continue; } - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_WARNING, _("Timeout from %s (%s) during authentication"), + logger(DEBUG_CONNECTIONS, LOG_WARNING, _("Timeout from %s (%s) during authentication"), c->name, c->hostname); terminate_connection(c, 0); } @@ -292,8 +287,7 @@ void check_network_activity(fd_set * f) if(!result) finish_connecting(c); else { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_DEBUG, + logger(DEBUG_CONNECTIONS, LOG_DEBUG, _("Error while connecting to %s (%s): %s"), c->name, c->hostname, strerror(result)); close(c->socket); @@ -347,7 +341,7 @@ void main_loop(void) if(r < 0) { if(errno != EINTR && errno != EAGAIN) { - syslog(LOG_ERR, _("Error while waiting for input: %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while waiting for input: %s"), strerror(errno)); cp_trace(); dump_connections(); @@ -378,8 +372,7 @@ void main_loop(void) /* Should we regenerate our key? */ if(keyexpires < now) { - if(debug_lvl >= DEBUG_STATUS) - syslog(LOG_INFO, _("Regenerating symmetric key")); + logger(DEBUG_STATUS, LOG_INFO, _("Regenerating symmetric key")); RAND_pseudo_bytes(myself->key, myself->keylength); EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); @@ -395,7 +388,7 @@ void main_loop(void) } if(sigalrm) { - syslog(LOG_INFO, _("Flushing event queue")); + logger(DEBUG_ALWAYS, LOG_INFO, _("Flushing event queue")); while(event_tree->head) { event = (event_t *) event_tree->head->data; @@ -419,7 +412,7 @@ void main_loop(void) init_configuration(&config_tree); if(read_server_config()) { - syslog(LOG_ERR, _("Unable to reread configuration file, exitting.")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Unable to reread configuration file, exitting.")); exit(1); } diff --git a/src/net_packet.c b/src/net_packet.c index fff877bc..98151d16 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.30 2003/05/07 11:21:58 guus Exp $ + $Id: net_packet.c,v 1.1.2.31 2003/07/06 22:11:32 guus Exp $ */ #include "config.h" @@ -32,7 +32,6 @@ #include #include #include -#include #include #include /* SunOS really wants sys/socket.h BEFORE net/if.h, @@ -76,6 +75,7 @@ #include "route.h" #include "device.h" #include "event.h" +#include "logger.h" #include "system.h" @@ -149,8 +149,7 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) (char *) &inpkt->seqno, inpkt->len, hmac, NULL); if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), n->name, n->hostname); return; } @@ -179,14 +178,13 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) if(inpkt->seqno != n->received_seqno + 1) { if(inpkt->seqno >= n->received_seqno + sizeof(n->late) * 8) { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_WARNING, _("Lost %d packets from %s (%s)"), + logger(DEBUG_ALWAYS, LOG_WARNING, _("Lost %d packets from %s (%s)"), inpkt->seqno - n->received_seqno - 1, n->name, n->hostname); memset(n->late, 0, sizeof(n->late)); } else if (inpkt->seqno <= n->received_seqno) { if(inpkt->seqno <= n->received_seqno - sizeof(n->late) * 8 || !(n->late[(inpkt->seqno / 8) % sizeof(n->late)] & (1 << inpkt->seqno % 8))) { - syslog(LOG_WARNING, _("Got late or replayed packet from %s (%s), seqno %d, last received %d"), + logger(DEBUG_ALWAYS, LOG_WARNING, _("Got late or replayed packet from %s (%s), seqno %d, last received %d"), n->name, n->hostname, inpkt->seqno, n->received_seqno); } else for(i = n->received_seqno + 1; i < inpkt->seqno; i++) @@ -206,7 +204,7 @@ void receive_udppacket(node_t *n, vpn_packet_t *inpkt) outpkt = pkt[nextpkt++]; if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, myself->compression)) < 0) { - syslog(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while uncompressing packet from %s (%s)"), n->name, n->hostname); return; } @@ -233,8 +231,7 @@ void receive_packet(node_t *n, vpn_packet_t *packet) { cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, n->name, n->hostname); route_incoming(n, packet); @@ -258,8 +255,7 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) /* Make sure we have a valid key */ if(!n->status.validkey) { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, + logger(DEBUG_TRAFFIC, LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), n->name, n->hostname); @@ -290,7 +286,7 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) outpkt = pkt[nextpkt++]; if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->compression)) < 0) { - syslog(LOG_ERR, _("Error while compressing packet to %s (%s)"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname); return; } @@ -341,17 +337,15 @@ void send_udppacket(node_t *n, vpn_packet_t *inpkt) if(priorityinheritance && origpriority != priority && listen_socket[sock].sa.sa.sa_family == AF_INET) { priority = origpriority; - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Setting outgoing packet priority to %d"), - priority); + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority); if(setsockopt(listen_socket[sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ - syslog(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", + logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno)); } #endif if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { - syslog(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); return; } @@ -368,29 +362,24 @@ void send_packet(node_t *n, vpn_packet_t *packet) cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), + logger(DEBUG_TRAFFIC, LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), packet->len, n->name, n->hostname); if(n == myself) { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_NOTICE, _("Packet is looping back to us!")); - + logger(DEBUG_TRAFFIC, LOG_NOTICE, _("Packet is looping back to us!")); return; } if(!n->status.reachable) { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Node %s (%s) is not reachable"), + logger(DEBUG_TRAFFIC, LOG_INFO, _("Node %s (%s) is not reachable"), n->name, n->hostname); - return; } via = (n->via == myself) ? n->nexthop : n->via; - if(via != n && debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, _("Sending packet to %s via %s (%s)"), + if(via != n) + logger(DEBUG_TRAFFIC, LOG_ERR, _("Sending packet to %s via %s (%s)"), n->name, via->name, n->via->hostname); if((myself->options | via->options) & OPTION_TCPONLY) { @@ -409,8 +398,7 @@ void broadcast_packet(node_t *from, vpn_packet_t *packet) cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), + logger(DEBUG_TRAFFIC, LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), packet->len, from->name, from->hostname); for(node = connection_tree->head; node; node = node->next) { @@ -427,8 +415,7 @@ void flush_queue(node_t *n) cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); + logger(DEBUG_TRAFFIC, LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); for(node = n->queue->head; node; node = next) { next = node->next; @@ -449,21 +436,21 @@ void handle_incoming_vpn_data(int sock) cp(); if(getsockopt(sock, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - syslog(LOG_ERR, _("This is a bug: %s:%d: %d:%s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("This is a bug: %s:%d: %d:%s"), __FILE__, __LINE__, sock, strerror(errno)); cp_trace(); exit(1); } if(x) { - syslog(LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); return; } pkt.len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); if(pkt.len <= 0) { - syslog(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); return; } @@ -473,7 +460,7 @@ void handle_incoming_vpn_data(int sock) if(!n) { hostname = sockaddr2hostname(&from); - syslog(LOG_WARNING, _("Received UDP packet from unknown source %s"), + logger(DEBUG_ALWAYS, LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname); free(hostname); return; diff --git a/src/net_setup.c b/src/net_setup.c index e279d374..5462c04b 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.32 2003/06/25 20:52:59 guus Exp $ + $Id: net_setup.c,v 1.1.2.33 2003/07/06 22:11:32 guus Exp $ */ #include "config.h" @@ -32,7 +32,6 @@ #include #include #include -#include #include #include /* SunOS really wants sys/socket.h BEFORE net/if.h, @@ -72,6 +71,7 @@ #include "route.h" #include "device.h" #include "event.h" +#include "logger.h" #include "system.h" @@ -107,7 +107,7 @@ int read_rsa_public_key(connection_t *c) fp = fopen(fname, "r"); if(!fp) { - syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Error reading RSA public key file `%s': %s"), fname, strerror(errno)); free(fname); return -1; @@ -124,7 +124,7 @@ int read_rsa_public_key(connection_t *c) fp = fopen(fname, "r"); if(!fp) { - syslog(LOG_ERR, _("Error reading RSA public key file `%s': %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Error reading RSA public key file `%s': %s"), fname, strerror(errno)); free(fname); return -1; @@ -139,7 +139,7 @@ int read_rsa_public_key(connection_t *c) return 0; } - syslog(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), fname, strerror(errno)); return -1; } else { @@ -179,7 +179,7 @@ int read_rsa_public_key(connection_t *c) if(c->rsa_key) return 0; - syslog(LOG_ERR, _("No public key for %s specified!"), c->name); + logger(DEBUG_ALWAYS, LOG_ERR, _("No public key for %s specified!"), c->name); return -1; } @@ -207,7 +207,7 @@ int read_rsa_private_key(void) fp = fopen(fname, "r"); if(!fp) { - syslog(LOG_ERR, _("Error reading RSA private key file `%s': %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Error reading RSA private key file `%s': %s"), fname, strerror(errno)); free(fname); return -1; @@ -219,7 +219,7 @@ int read_rsa_private_key(void) fclose(fp); if(!myself->connection->rsa_key) { - syslog(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), fname, strerror(errno)); return -1; } @@ -256,12 +256,12 @@ int setup_myself(void) myself->connection->protocol_version = PROT_CURRENT; if(!get_config_string(lookup_config(config_tree, "Name"), &name)) { /* Not acceptable */ - syslog(LOG_ERR, _("Name for tinc daemon required!")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Name for tinc daemon required!")); return -1; } if(check_id(name)) { - syslog(LOG_ERR, _("Invalid name for myself!")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Invalid name for myself!")); free(name); return -1; } @@ -273,7 +273,7 @@ int setup_myself(void) return -1; if(read_connection_config(myself->connection)) { - syslog(LOG_ERR, _("Cannot open host configuration file for myself!")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Cannot open host configuration file for myself!")); return -1; } @@ -329,7 +329,7 @@ int setup_myself(void) else if(!strcasecmp(mode, "hub")) routing_mode = RMODE_HUB; else { - syslog(LOG_ERR, _("Invalid routing mode!")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Invalid routing mode!")); return -1; } free(mode); @@ -340,7 +340,7 @@ int setup_myself(void) &priorityinheritance); #if !defined(SOL_IP) || !defined(IP_TOS) if(priorityinheritance) - syslog(LOG_WARNING, _("PriorityInheritance not supported on this platform")); + logger(DEBUG_ALWAYS, LOG_WARNING, _("PriorityInheritance not supported on this platform")); #endif if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) @@ -350,7 +350,7 @@ int setup_myself(void) (lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) { if(maxtimeout <= 0) { - syslog(LOG_ERR, _("Bogus maximum timeout!")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Bogus maximum timeout!")); return -1; } } else @@ -364,7 +364,7 @@ int setup_myself(void) else if(!strcasecmp(afname, "any")) addressfamily = AF_UNSPEC; else { - syslog(LOG_ERR, _("Invalid address family!")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Invalid address family!")); return -1; } free(afname); @@ -382,7 +382,7 @@ int setup_myself(void) myself->cipher = EVP_get_cipherbyname(cipher); if(!myself->cipher) { - syslog(LOG_ERR, _("Unrecognized cipher type!")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Unrecognized cipher type!")); return -1; } } @@ -417,7 +417,7 @@ int setup_myself(void) myself->digest = EVP_get_digestbyname(digest); if(!myself->digest) { - syslog(LOG_ERR, _("Unrecognized digest type!")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Unrecognized digest type!")); return -1; } } @@ -431,10 +431,10 @@ int setup_myself(void) &myself->maclength)) { if(myself->digest) { if(myself->maclength > myself->digest->md_size) { - syslog(LOG_ERR, _("MAC length exceeds size of digest!")); + logger(DEBUG_ALWAYS, LOG_ERR, _("MAC length exceeds size of digest!")); return -1; } else if(myself->maclength < 0) { - syslog(LOG_ERR, _("Bogus MAC length!")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Bogus MAC length!")); return -1; } } @@ -449,7 +449,7 @@ int setup_myself(void) (lookup_config(myself->connection->config_tree, "Compression"), &myself->compression)) { if(myself->compression < 0 || myself->compression > 11) { - syslog(LOG_ERR, _("Bogus compression level!")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Bogus compression level!")); return -1; } } else @@ -481,7 +481,7 @@ int setup_myself(void) err = getaddrinfo(address, myport, &hint, &ai); if(err || !ai) { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", + logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err)); return -1; } @@ -501,9 +501,9 @@ int setup_myself(void) if(listen_socket[listen_sockets].udp < 0) continue; - if(debug_lvl >= DEBUG_CONNECTIONS) { + if(debug_level >= DEBUG_CONNECTIONS) { hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr); - syslog(LOG_NOTICE, _("Listening on %s"), hostname); + logger(DEBUG_ALWAYS, LOG_NOTICE, _("Listening on %s"), hostname); free(hostname); } @@ -514,9 +514,9 @@ int setup_myself(void) freeaddrinfo(ai); if(listen_sockets) - syslog(LOG_NOTICE, _("Ready")); + logger(DEBUG_ALWAYS, LOG_NOTICE, _("Ready")); else { - syslog(LOG_ERR, _("Unable to create any listening socket!")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Unable to create any listening socket!")); return -1; } diff --git a/src/net_socket.c b/src/net_socket.c index 26636566..ffc6572b 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.24 2003/06/11 19:27:35 guus Exp $ + $Id: net_socket.c,v 1.1.2.25 2003/07/06 22:11:32 guus Exp $ */ #include "config.h" @@ -32,7 +32,6 @@ #include #include #include -#include #include #include /* SunOS really wants sys/socket.h BEFORE net/if.h, @@ -68,6 +67,7 @@ #include "route.h" #include "device.h" #include "event.h" +#include "logger.h" #include "system.h" @@ -99,7 +99,7 @@ int setup_listen_socket(sockaddr_t *sa) nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP); if(nfd < 0) { - syslog(LOG_ERR, _("Creating metasocket failed: %s"), strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Creating metasocket failed: %s"), strerror(errno)); return -1; } @@ -107,7 +107,7 @@ int setup_listen_socket(sockaddr_t *sa) if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", + logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "fcntl", strerror(errno)); return -1; } @@ -134,19 +134,19 @@ int setup_listen_socket(sockaddr_t *sa) if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) { close(nfd); - syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); return -1; } #else - syslog(LOG_WARNING, _("BindToInterface not supported on this platform")); + logger(DEBUG_ALWAYS, LOG_WARNING, _("BindToInterface not supported on this platform")); #endif } if(bind(nfd, &sa->sa, SALEN(sa->sa))) { close(nfd); addrstr = sockaddr2hostname(sa); - syslog(LOG_ERR, _("Can't bind to %s/tcp: %s"), addrstr, + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't bind to %s/tcp: %s"), addrstr, strerror(errno)); free(addrstr); return -1; @@ -154,7 +154,7 @@ int setup_listen_socket(sockaddr_t *sa) if(listen(nfd, 3)) { close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %s"), "listen", + logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "listen", strerror(errno)); return -1; } @@ -177,14 +177,14 @@ int setup_vpn_in_socket(sockaddr_t *sa) nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP); if(nfd < 0) { - syslog(LOG_ERR, _("Creating UDP socket failed: %s"), strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Creating UDP socket failed: %s"), strerror(errno)); return -1; } flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { close(nfd); - syslog(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", + logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "fcntl", strerror(errno)); return -1; } @@ -200,7 +200,7 @@ int setup_vpn_in_socket(sockaddr_t *sa) if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) { close(nfd); - syslog(LOG_ERR, _("Can't bind to interface %s: %s"), interface, + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); return -1; } @@ -210,7 +210,7 @@ int setup_vpn_in_socket(sockaddr_t *sa) if(bind(nfd, &sa->sa, SALEN(sa->sa))) { close(nfd); addrstr = sockaddr2hostname(sa); - syslog(LOG_ERR, _("Can't bind to %s/udp: %s"), addrstr, + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't bind to %s/udp: %s"), addrstr, strerror(errno)); free(addrstr); return -1; @@ -236,8 +236,7 @@ void retry_outgoing(outgoing_t *outgoing) event->data = outgoing; event_add(event); - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, + logger(DEBUG_CONNECTIONS, LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), outgoing->timeout); } @@ -246,8 +245,7 @@ void finish_connecting(connection_t *c) { cp(); - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); + logger(DEBUG_CONNECTIONS, LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); c->last_ping_time = now; @@ -264,8 +262,7 @@ void do_outgoing_connection(connection_t *c) begin: if(!c->outgoing->ai) { if(!c->outgoing->cfg) { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_ERR, _("Could not set up a meta connection to %s"), + logger(DEBUG_CONNECTIONS, LOG_ERR, _("Could not set up a meta connection to %s"), c->name); c->status.remove = 1; retry_outgoing(c->outgoing); @@ -300,15 +297,13 @@ begin: c->hostname = sockaddr2hostname(&c->address); - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, + logger(DEBUG_CONNECTIONS, LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); if(c->socket == -1) { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, + logger(DEBUG_CONNECTIONS, LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, strerror(errno)); goto begin; @@ -331,7 +326,7 @@ begin: flags = fcntl(c->socket, F_GETFL); if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) { - syslog(LOG_ERR, _("fcntl for %s: %s"), c->hostname, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("fcntl for %s: %s"), c->hostname, strerror(errno)); } /* Connect */ @@ -346,8 +341,7 @@ begin: close(c->socket); - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_ERR, _("%s: %s"), c->hostname, strerror(errno)); + logger(DEBUG_CONNECTIONS, LOG_ERR, _("%s: %s"), c->hostname, strerror(errno)); goto begin; } @@ -368,8 +362,7 @@ void setup_outgoing_connection(outgoing_t *outgoing) if(n) if(n->connection) { - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_INFO, _("Already connected to %s"), outgoing->name); + logger(DEBUG_CONNECTIONS, LOG_INFO, _("Already connected to %s"), outgoing->name); n->connection->outgoing = outgoing; return; @@ -388,7 +381,7 @@ void setup_outgoing_connection(outgoing_t *outgoing) outgoing->cfg = lookup_config(c->config_tree, "Address"); if(!outgoing->cfg) { - syslog(LOG_ERR, _("No address specified for %s"), c->name); + logger(DEBUG_ALWAYS, LOG_ERR, _("No address specified for %s"), c->name); free_connection(c); free(outgoing->name); free(outgoing); @@ -418,7 +411,7 @@ int handle_new_meta_connection(int sock) fd = accept(sock, &sa.sa, &len); if(fd < 0) { - syslog(LOG_ERR, _("Accepting a new connection failed: %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Accepting a new connection failed: %s"), strerror(errno)); return -1; } @@ -436,8 +429,7 @@ int handle_new_meta_connection(int sock) c->socket = fd; c->last_ping_time = now; - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection from %s"), c->hostname); + logger(DEBUG_CONNECTIONS, LOG_NOTICE, _("Connection from %s"), c->hostname); connection_add(c); @@ -460,7 +452,7 @@ void try_outgoing_connections(void) get_config_string(cfg, &name); if(check_id(name)) { - syslog(LOG_ERR, + logger(DEBUG_ALWAYS, LOG_ERR, _("Invalid name for outgoing connection in %s line %d"), cfg->file, cfg->line); free(name); diff --git a/src/netbsd/device.c b/src/netbsd/device.c index b9400358..83877262 100644 --- a/src/netbsd/device.c +++ b/src/netbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.8 2003/06/11 19:28:37 guus Exp $ + $Id: device.c,v 1.1.2.9 2003/07/06 22:11:35 guus Exp $ */ #include "config.h" @@ -32,13 +32,12 @@ #include #include #include -#include #include #include #include "conf.h" #include "net.h" -#include "subnet.h" +#include "logger.h" #include "system.h" @@ -69,13 +68,13 @@ int setup_device(void) if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } device_info = _("NetBSD tun device"); - syslog(LOG_INFO, _("%s is a %s"), device, device_info); + logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -94,7 +93,7 @@ int read_packet(vpn_packet_t *packet) cp(); if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -106,8 +105,7 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); } @@ -118,12 +116,11 @@ int write_packet(vpn_packet_t *packet) { cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -135,7 +132,7 @@ void dump_device_stats(void) { cp(); - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/netutl.c b/src/netutl.c index c977316a..7d32e21c 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.44 2002/09/09 22:32:44 guus Exp $ + $Id: netutl.c,v 1.12.4.45 2003/07/06 22:11:32 guus Exp $ */ #include "config.h" @@ -33,7 +33,6 @@ #include #include #include -#include #include #include @@ -43,6 +42,7 @@ #include "conf.h" #include "net.h" #include "netutl.h" +#include "logger.h" #include "system.h" @@ -67,10 +67,8 @@ struct addrinfo *str2addrinfo(char *address, char *service, int socktype) err = getaddrinfo(address, service, &hint, &ai); if(err) { - if(debug_lvl >= DEBUG_ERROR) - syslog(LOG_WARNING, _("Error looking up %s port %s: %s\n"), address, + logger(DEBUG_ALWAYS, LOG_WARNING, _("Error looking up %s port %s: %s\n"), address, service, gai_strerror(err)); - cp_trace(); return NULL; } @@ -94,7 +92,7 @@ sockaddr_t str2sockaddr(char *address, char *port) err = getaddrinfo(address, port, &hint, &ai); if(err || !ai) { - syslog(LOG_ERR, _("Error looking up %s port %s: %s\n"), address, port, + logger(DEBUG_ALWAYS, LOG_ERR, _("Error looking up %s port %s: %s\n"), address, port, gai_strerror(err)); cp_trace(); raise(SIGFPE); @@ -119,7 +117,7 @@ void sockaddr2str(sockaddr_t *sa, char **addrstr, char **portstr) err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV); if(err) { - syslog(LOG_ERR, _("Error while translating addresses: %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while translating addresses: %s"), gai_strerror(err)); cp_trace(); raise(SIGFPE); @@ -147,7 +145,7 @@ char *sockaddr2hostname(sockaddr_t *sa) err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), hostnames ? 0 : (NI_NUMERICHOST | NI_NUMERICSERV)); if(err) { - syslog(LOG_ERR, _("Error while looking up hostname: %s"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while looking up hostname: %s"), gai_strerror(err)); } @@ -188,7 +186,7 @@ int sockaddrcmp(sockaddr_t *a, sockaddr_t *b) return memcmp(&a->in6.sin6_port, &b->in6.sin6_port, sizeof(a->in6.sin6_port)); default: - syslog(LOG_ERR, _("sockaddrcmp() was called with unknown address family %d, exitting!"), + logger(DEBUG_ALWAYS, LOG_ERR, _("sockaddrcmp() was called with unknown address family %d, exitting!"), a->sa.sa_family); cp_trace(); raise(SIGFPE); diff --git a/src/node.c b/src/node.c index 48a4ebd8..edad62bb 100644 --- a/src/node.c +++ b/src/node.c @@ -17,18 +17,19 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.19 2003/05/06 21:13:17 guus Exp $ + $Id: node.c,v 1.1.2.20 2003/07/06 22:11:32 guus Exp $ */ #include "config.h" #include -#include #include #include "node.h" #include "netutl.h" #include "net.h" +#include "logger.h" + #include #include @@ -172,16 +173,16 @@ void dump_nodes(void) cp(); - syslog(LOG_DEBUG, _("Nodes:")); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Nodes:")); for(node = node_tree->head; node; node = node->next) { n = (node_t *) node->data; - syslog(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), n->name, n->hostname, n->cipher ? n->cipher->nid : 0, n->digest ? n->digest->type : 0, n->maclength, n->compression, n->options, n->status, n->nexthop ? n->nexthop->name : "-", n->via ? n->via->name : "-"); } - syslog(LOG_DEBUG, _("End of nodes.")); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("End of nodes.")); } diff --git a/src/openbsd/device.c b/src/openbsd/device.c index b1a30d22..e2201c99 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.13 2003/06/11 19:28:37 guus Exp $ + $Id: device.c,v 1.1.2.14 2003/07/06 22:11:37 guus Exp $ */ #include "config.h" @@ -32,13 +32,12 @@ #include #include #include -#include #include #include #include "conf.h" #include "net.h" -#include "subnet.h" +#include "logger.h" #include "system.h" @@ -69,13 +68,13 @@ int setup_device(void) if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } device_info = _("OpenBSD tun device"); - syslog(LOG_INFO, _("%s is a %s"), device, device_info); + logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -96,7 +95,7 @@ int read_packet(vpn_packet_t *packet) cp(); if((lenin = readv(device_fd, vector, 2)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -113,10 +112,8 @@ int read_packet(vpn_packet_t *packet) break; default: - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, - _ - ("Unknown address family %d while reading packet from %s %s"), + logger(DEBUG_TRAFFIC, LOG_ERR, + _ ("Unknown address family %d while reading packet from %s %s"), ntohl(type), device_info, device); return -1; } @@ -125,8 +122,7 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); } @@ -141,8 +137,7 @@ int write_packet(vpn_packet_t *packet) cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); af = (packet->data[12] << 8) + packet->data[13]; @@ -155,8 +150,7 @@ int write_packet(vpn_packet_t *packet) type = htonl(AF_INET6); break; default: - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_ERR, + logger(DEBUG_TRAFFIC, LOG_ERR, _("Unknown address family %d while writing packet to %s %s"), af, device_info, device); return -1; @@ -168,7 +162,7 @@ int write_packet(vpn_packet_t *packet) vector[1].iov_len = packet->len - 14; if(writev(device_fd, vector, 2) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -180,7 +174,7 @@ void dump_device_stats(void) { cp(); - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/process.c b/src/process.c index 4626d745..e43d9f86 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.50 2002/09/30 19:04:37 zarq Exp $ + $Id: process.c,v 1.1.2.51 2003/07/06 22:11:32 guus Exp $ */ #include "config.h" @@ -27,7 +27,6 @@ #include #include #include -#include #include #include #include @@ -46,6 +45,7 @@ #include "device.h" #include "connection.h" #include "device.h" +#include "logger.h" #include "system.h" @@ -55,10 +55,11 @@ int do_detach = 1; extern char *identname; extern char *pidfilename; extern char **g_argv; +extern int use_logfile; sigset_t emptysigset; -static int saved_debug_lvl = -1; +static int saved_debug_level = -1; extern int sighup; extern int sigalrm; @@ -66,7 +67,7 @@ extern int do_purge; void memory_full(int size) { - syslog(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exitting."), size); + logger(DEBUG_ALWAYS, LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exitting."), size); cp_trace(); exit(1); } @@ -95,10 +96,10 @@ void cleanup_and_exit(int c) close_network_connections(); - if(debug_lvl > DEBUG_NOTHING) + if(debug_level > DEBUG_NOTHING) dump_device_stats(); - syslog(LOG_NOTICE, _("Terminating")); + logger(DEBUG_ALWAYS, LOG_NOTICE, _("Terminating")); closelog(); exit(c); @@ -199,13 +200,10 @@ int detach(void) return -1; } - openlog(identname, LOG_CONS | LOG_PID, LOG_DAEMON); + openlogger(identname, use_logfile?LOGMODE_FILE:(do_detach?LOGMODE_SYSLOG:LOGMODE_STDERR)); - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d"), - VERSION, __DATE__, __TIME__, debug_lvl); - else - syslog(LOG_NOTICE, _("tincd %s starting"), VERSION); + logger(DEBUG_ALWAYS, LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d"), + VERSION, __DATE__, __TIME__, debug_level); xalloc_fail_func = memory_full; @@ -213,8 +211,7 @@ int detach(void) } /* - Execute the program name, with sane environment. All output will be - redirected to syslog. + Execute the program name, with sane environment. */ void _execute_script(const char *scriptname, char **envp) __attribute__ ((noreturn)); @@ -227,15 +224,16 @@ void _execute_script(const char *scriptname, char **envp) chdir("/"); + closelogger(); + /* Close all file descriptors */ - closelog(); /* <- this means we cannot use syslog() here anymore! */ fcloseall(); execl(scriptname, NULL); /* No return on success */ - openlog("tinc", LOG_CONS | LOG_PID, LOG_DAEMON); - syslog(LOG_ERR, _("Could not execute `%s': %s"), scriptname, + openlogger(identname, use_logfile?LOGMODE_FILE:(do_detach?LOGMODE_SYSLOG:LOGMODE_STDERR)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Could not execute `%s': %s"), scriptname, strerror(errno)); exit(errno); } @@ -262,37 +260,35 @@ int execute_script(const char *name, char **envp) pid = fork(); if(pid < 0) { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "fork", + logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "fork", strerror(errno)); return -1; } if(pid) { - if(debug_lvl >= DEBUG_STATUS) - syslog(LOG_INFO, _("Executing script %s"), name); + logger(DEBUG_STATUS, LOG_INFO, _("Executing script %s"), name); free(scriptname); if(waitpid(pid, &status, 0) == pid) { if(WIFEXITED(status)) { /* Child exited by itself */ if(WEXITSTATUS(status)) { - syslog(LOG_ERR, _("Process %d (%s) exited with non-zero status %d"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Process %d (%s) exited with non-zero status %d"), pid, name, WEXITSTATUS(status)); return -1; } else return 0; } else if(WIFSIGNALED(status)) { /* Child was killed by a signal */ - syslog(LOG_ERR, _("Process %d (%s) was killed by signal %d (%s)"), pid, + logger(DEBUG_ALWAYS, LOG_ERR, _("Process %d (%s) was killed by signal %d (%s)"), pid, name, WTERMSIG(status), strsignal(WTERMSIG(status))); return -1; } else { /* Something strange happened */ - - syslog(LOG_ERR, _("Process %d (%s) terminated abnormally"), pid, + logger(DEBUG_ALWAYS, LOG_ERR, _("Process %d (%s) terminated abnormally"), pid, name); return -1; } } else { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "waitpid", + logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "waitpid", strerror(errno)); return -1; } @@ -310,22 +306,20 @@ int execute_script(const char *name, char **envp) RETSIGTYPE sigterm_handler(int a) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got TERM signal")); + logger(DEBUG_ALWAYS, LOG_NOTICE, _("Got TERM signal")); cleanup_and_exit(0); } RETSIGTYPE sigquit_handler(int a) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got QUIT signal")); + logger(DEBUG_ALWAYS, LOG_NOTICE, _("Got QUIT signal")); cleanup_and_exit(0); } RETSIGTYPE fatal_signal_square(int a) { - syslog(LOG_ERR, _("Got another fatal signal %d (%s): not restarting."), a, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got another fatal signal %d (%s): not restarting."), a, strsignal(a)); cp_trace(); exit(1); @@ -334,11 +328,11 @@ RETSIGTYPE fatal_signal_square(int a) RETSIGTYPE fatal_signal_handler(int a) { struct sigaction act; - syslog(LOG_ERR, _("Got fatal signal %d (%s)"), a, strsignal(a)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Got fatal signal %d (%s)"), a, strsignal(a)); cp_trace(); if(do_detach) { - syslog(LOG_NOTICE, _("Trying to re-execute in 5 seconds...")); + logger(DEBUG_ALWAYS, LOG_NOTICE, _("Trying to re-execute in 5 seconds...")); act.sa_handler = fatal_signal_square; act.sa_mask = emptysigset; @@ -350,37 +344,36 @@ RETSIGTYPE fatal_signal_handler(int a) remove_pid(pidfilename); execvp(g_argv[0], g_argv); } else { - syslog(LOG_NOTICE, _("Not restarting.")); + logger(DEBUG_ALWAYS, LOG_NOTICE, _("Not restarting.")); exit(1); } } RETSIGTYPE sighup_handler(int a) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got HUP signal")); + logger(DEBUG_ALWAYS, LOG_NOTICE, _("Got HUP signal")); sighup = 1; } RETSIGTYPE sigint_handler(int a) { - if(saved_debug_lvl != -1) { - syslog(LOG_NOTICE, _("Reverting to old debug level (%d)"), - saved_debug_lvl); - debug_lvl = saved_debug_lvl; - saved_debug_lvl = -1; + if(saved_debug_level != -1) { + logger(DEBUG_ALWAYS, LOG_NOTICE, _("Reverting to old debug level (%d)"), + saved_debug_level); + debug_level = saved_debug_level; + saved_debug_level = -1; } else { - syslog(LOG_NOTICE, _("Temporarily setting debug level to 5. Kill me with SIGINT again to go back to level %d."), - debug_lvl); - saved_debug_lvl = debug_lvl; - debug_lvl = 5; + logger(DEBUG_ALWAYS, LOG_NOTICE, + _("Temporarily setting debug level to 5. Kill me with SIGINT again to go back to level %d."), + debug_level); + saved_debug_level = debug_level; + debug_level = 5; } } RETSIGTYPE sigalrm_handler(int a) { - if(debug_lvl > DEBUG_NOTHING) - syslog(LOG_NOTICE, _("Got ALRM signal")); + logger(DEBUG_ALWAYS, LOG_NOTICE, _("Got ALRM signal")); sigalrm = 1; } @@ -405,16 +398,13 @@ RETSIGTYPE sigwinch_handler(int a) RETSIGTYPE unexpected_signal_handler(int a) { - syslog(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); + logger(DEBUG_ALWAYS, LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); cp_trace(); } RETSIGTYPE ignore_signal_handler(int a) { - if(debug_lvl >= DEBUG_SCARY_THINGS) { - syslog(LOG_DEBUG, _("Ignored signal %d (%s)"), a, strsignal(a)); - cp_trace(); - } + logger(DEBUG_SCARY_THINGS, LOG_DEBUG, _("Ignored signal %d (%s)"), a, strsignal(a)); } struct { diff --git a/src/protocol.c b/src/protocol.c index b499c487..9ac5a1fb 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.137 2002/09/09 22:32:49 guus Exp $ + $Id: protocol.c,v 1.28.4.138 2003/07/06 22:11:32 guus Exp $ */ #include "config.h" @@ -26,7 +26,6 @@ #include #include -#include #include #include #include @@ -38,6 +37,7 @@ #include "protocol.h" #include "meta.h" #include "connection.h" +#include "logger.h" #include "system.h" @@ -74,18 +74,18 @@ int send_request(connection_t *c, const char *format, ...) va_end(args); if(len < 0 || len > MAXBUFSIZE - 1) { - syslog(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), c->name, c->hostname); return -1; } - if(debug_lvl >= DEBUG_PROTOCOL) { + if(debug_level >= DEBUG_PROTOCOL) { sscanf(buffer, "%d", &request); - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Sending %s to %s (%s): %s"), + if(debug_level >= DEBUG_META) + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], c->name, c->hostname, buffer); else - syslog(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], c->name, c->hostname); } @@ -104,14 +104,14 @@ int forward_request(connection_t *from) cp(); - if(debug_lvl >= DEBUG_PROTOCOL) { + if(debug_level >= DEBUG_PROTOCOL) { sscanf(from->buffer, "%d", &request); - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Forwarding %s from %s (%s): %s"), + if(debug_level >= DEBUG_META) + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Forwarding %s from %s (%s): %s"), request_name[request], from->name, from->hostname, from->buffer); else - syslog(LOG_DEBUG, _("Forwarding %s from %s (%s)"), + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Forwarding %s from %s (%s)"), request_name[request], from->name, from->hostname); } @@ -128,28 +128,28 @@ int receive_request(connection_t *c) if(sscanf(c->buffer, "%d", &request) == 1) { if((request < 0) || (request >= LAST) || !request_handlers[request]) { - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Unknown request from %s (%s): %s"), + if(debug_level >= DEBUG_META) + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Unknown request from %s (%s): %s"), c->name, c->hostname, c->buffer); else - syslog(LOG_ERR, _("Unknown request from %s (%s)"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Unknown request from %s (%s)"), c->name, c->hostname); return -1; } else { - if(debug_lvl >= DEBUG_PROTOCOL) { - if(debug_lvl >= DEBUG_META) - syslog(LOG_DEBUG, _("Got %s from %s (%s): %s"), + if(debug_level >= DEBUG_PROTOCOL) { + if(debug_level >= DEBUG_META) + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Got %s from %s (%s): %s"), request_name[request], c->name, c->hostname, c->buffer); else - syslog(LOG_DEBUG, _("Got %s from %s (%s)"), + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Got %s from %s (%s)"), request_name[request], c->name, c->hostname); } } if((c->allow_request != ALL) && (c->allow_request != request)) { - syslog(LOG_ERR, _("Unauthorized request from %s (%s)"), c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Unauthorized request from %s (%s)"), c->name, c->hostname); return -1; } @@ -157,12 +157,12 @@ int receive_request(connection_t *c) if(request_handlers[request] (c)) /* Something went wrong. Probably scriptkiddies. Terminate. */ { - syslog(LOG_ERR, _("Error while processing %s from %s (%s)"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while processing %s from %s (%s)"), request_name[request], c->name, c->hostname); return -1; } } else { - syslog(LOG_ERR, _("Bogus data received from %s (%s)"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Bogus data received from %s (%s)"), c->name, c->hostname); return -1; } @@ -208,8 +208,7 @@ int seen_request(char *request) p.request = request; if(avl_search(past_request_tree, &p)) { - if(debug_lvl >= DEBUG_SCARY_THINGS) - syslog(LOG_DEBUG, _("Already seen request")); + logger(DEBUG_SCARY_THINGS, LOG_DEBUG, _("Already seen request")); return 1; } else { new = (past_request_t *) xmalloc(sizeof(*new)); @@ -238,8 +237,8 @@ void age_past_requests(void) left++; } - if(debug_lvl >= DEBUG_SCARY_THINGS && left + deleted) - syslog(LOG_DEBUG, _("Aging past requests: deleted %d, left %d\n"), + if(left || deleted) + logger(DEBUG_SCARY_THINGS, LOG_DEBUG, _("Aging past requests: deleted %d, left %d\n"), deleted, left); } diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 962f6811..f117550d 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,14 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.20 2003/07/06 17:15:25 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.21 2003/07/06 22:11:32 guus Exp $ */ #include "config.h" #include #include -#include #include #include #include @@ -46,6 +45,7 @@ #include "node.h" #include "edge.h" #include "graph.h" +#include "logger.h" #include "system.h" @@ -65,7 +65,7 @@ int id_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d " MAX_STRING " %d", name, &c->protocol_version) != 2) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, c->hostname); return -1; } @@ -73,7 +73,7 @@ int id_h(connection_t *c) /* Check if identity is a valid name */ if(check_id(name)) { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, c->hostname, "invalid name"); return -1; } @@ -82,7 +82,7 @@ int id_h(connection_t *c) if(c->name) { if(strcmp(c->name, name)) { - syslog(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, c->name); return -1; } @@ -92,7 +92,7 @@ int id_h(connection_t *c) /* Check if version matches */ if(c->protocol_version != myself->connection->protocol_version) { - syslog(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), c->name, c->hostname, c->protocol_version); return -1; } @@ -110,7 +110,7 @@ int id_h(connection_t *c) bla = read_connection_config(c); if(bla) { - syslog(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, + logger(DEBUG_ALWAYS, LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name); return -1; } @@ -166,10 +166,10 @@ int send_metakey(connection_t *c) c->outkey[0] &= 0x7F; - if(debug_lvl >= DEBUG_SCARY_THINGS) { + if(debug_level >= DEBUG_SCARY_THINGS) { bin2hex(c->outkey, buffer, len); buffer[len * 2] = '\0'; - syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer); } @@ -181,7 +181,7 @@ int send_metakey(connection_t *c) */ if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) { - syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); return -1; } @@ -221,7 +221,7 @@ int metakey_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); return -1; } @@ -231,7 +231,7 @@ int metakey_h(connection_t *c) /* Check if the length of the meta key is all right */ if(strlen(buffer) != len * 2) { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); + logger(DEBUG_ALWAYS, LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); return -1; } @@ -250,15 +250,15 @@ int metakey_h(connection_t *c) /* Decrypt the meta key */ if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */ - syslog(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); return -1; } - if(debug_lvl >= DEBUG_SCARY_THINGS) { + if(debug_level >= DEBUG_SCARY_THINGS) { bin2hex(c->inkey, buffer, len); buffer[len * 2] = '\0'; - syslog(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); } /* All incoming requests will now be encrypted. */ @@ -269,7 +269,7 @@ int metakey_h(connection_t *c) c->incipher = EVP_get_cipherbynid(cipher); if(!c->incipher) { - syslog(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); + logger(DEBUG_ALWAYS, LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); return -1; } @@ -289,12 +289,12 @@ int metakey_h(connection_t *c) c->indigest = EVP_get_digestbynid(digest); if(!c->indigest) { - syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); + logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); return -1; } if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) { - syslog(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); + logger(DEBUG_ALWAYS, LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); return -1; } } else { @@ -348,7 +348,7 @@ int challenge_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d " MAX_STRING, buffer) != 1) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, c->hostname); return -1; } @@ -358,7 +358,7 @@ int challenge_h(connection_t *c) /* Check if the length of the challenge is all right */ if(strlen(buffer) != len * 2) { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong challenge length"); return -1; } @@ -412,7 +412,7 @@ int chal_reply_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d " MAX_STRING, hishash) != 1) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, c->hostname); return -1; } @@ -420,7 +420,7 @@ int chal_reply_h(connection_t *c) /* Check if the length of the hash is all right */ if(strlen(hishash) != c->outdigest->md_size * 2) { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply length")); return -1; } @@ -438,13 +438,13 @@ int chal_reply_h(connection_t *c) /* Verify the incoming hash with the calculated hash */ if(memcmp(hishash, myhash, c->outdigest->md_size)) { - syslog(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply")); - if(debug_lvl >= DEBUG_SCARY_THINGS) { + if(debug_level >= DEBUG_SCARY_THINGS) { bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); hishash[SHA_DIGEST_LENGTH * 2] = '\0'; - syslog(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Expected challenge reply: %s"), hishash); } return -1; @@ -515,9 +515,8 @@ int ack_h(connection_t *c) cp(); - if(sscanf - (c->buffer, "%*d " MAX_STRING " %d %lx", hisport, &weight, &options) != 3) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, + if(sscanf(c->buffer, "%*d " MAX_STRING " %d %lx", hisport, &weight, &options) != 3) { + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); return -1; } @@ -533,8 +532,7 @@ int ack_h(connection_t *c) } else { if(n->connection) { /* Oh dear, we already have a connection to this node. */ - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), + logger(DEBUG_CONNECTIONS, LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); terminate_connection(n->connection, 0); /* Run graph algorithm to purge key and make sure up/down scripts are rerun with new IP addresses and stuff */ @@ -551,8 +549,7 @@ int ack_h(connection_t *c) c->allow_request = ALL; c->status.active = 1; - if(debug_lvl >= DEBUG_CONNECTIONS) - syslog(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, + logger(DEBUG_CONNECTIONS, LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); /* Send him everything we know */ diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 37176714..f97be3ef 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,14 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.15 2002/09/24 11:43:34 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.16 2003/07/06 22:11:32 guus Exp $ */ #include "config.h" #include #include -#include #include #include #include @@ -42,6 +41,7 @@ #include "node.h" #include "edge.h" #include "graph.h" +#include "logger.h" #include "system.h" @@ -79,7 +79,7 @@ int add_edge_h(connection_t *c) if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", from_name, to_name, to_address, to_port, &options, &weight) != 6) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, c->hostname); return -1; } @@ -87,13 +87,13 @@ int add_edge_h(connection_t *c) /* Check if names are valid */ if(check_id(from_name)) { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); return -1; } if(check_id(to_name)) { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); return -1; } @@ -130,14 +130,12 @@ int add_edge_h(connection_t *c) if(e) { if(e->weight != weight || e->options != options || sockaddrcmp(&e->address, &address)) { if(from == myself) { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not match existing entry"), + logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) for ourself which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); send_add_edge(c, e); return 0; } else { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) which does not match existing entry"), + logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); edge_del(e); graph(); @@ -145,8 +143,7 @@ int add_edge_h(connection_t *c) } else return 0; } else if(from == myself) { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not exist"), + logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) for ourself which does not exist"), "ADD_EDGE", c->name, c->hostname); e = new_edge(); e->from = from; @@ -193,7 +190,7 @@ int del_edge_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, from_name, to_name) != 2) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", c->name, c->hostname); return -1; } @@ -201,13 +198,13 @@ int del_edge_h(connection_t *c) /* Check if names are valid */ if(check_id(from_name)) { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); return -1; } if(check_id(to_name)) { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); return -1; } @@ -220,8 +217,7 @@ int del_edge_h(connection_t *c) from = lookup_node(from_name); if(!from) { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), + logger(DEBUG_PROTOCOL, LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); return 0; } @@ -229,8 +225,7 @@ int del_edge_h(connection_t *c) to = lookup_node(to_name); if(!to) { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), + logger(DEBUG_PROTOCOL, LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); return 0; } @@ -240,15 +235,13 @@ int del_edge_h(connection_t *c) e = lookup_edge(from, to); if(!e) { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) which does not appear in the edge tree"), + logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); return 0; } if(e->from == myself) { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), + logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_EDGE", c->name, c->hostname); send_add_edge(c, e); /* Send back a correction */ return 0; diff --git a/src/protocol_key.c b/src/protocol_key.c index 0ecad9ba..88695c79 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,14 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.16 2003/05/06 21:13:18 guus Exp $ + $Id: protocol_key.c,v 1.1.4.17 2003/07/06 22:11:32 guus Exp $ */ #include "config.h" #include #include -#include #include #include #include @@ -40,6 +39,7 @@ #include "meta.h" #include "connection.h" #include "node.h" +#include "logger.h" #include "system.h" @@ -67,7 +67,7 @@ int key_changed_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d %*x " MAX_STRING, name) != 1) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", c->name, c->hostname); return -1; } @@ -78,7 +78,7 @@ int key_changed_h(connection_t *c) n = lookup_node(name); if(!n) { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), "KEY_CHANGED", c->name, c->hostname, name); return -1; } @@ -109,7 +109,7 @@ int req_key_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d " MAX_STRING " " MAX_STRING, from_name, to_name) != 2) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", c->name, c->hostname); return -1; } @@ -117,7 +117,7 @@ int req_key_h(connection_t *c) from = lookup_node(from_name); if(!from) { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "REQ_KEY", c->name, c->hostname, from_name); return -1; } @@ -125,7 +125,7 @@ int req_key_h(connection_t *c) to = lookup_node(to_name); if(!to) { - syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "REQ_KEY", c->name, c->hostname, to_name); return -1; } @@ -173,7 +173,7 @@ int ans_key_h(connection_t *c) if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d", from_name, to_name, key, &cipher, &digest, &maclength, &compression) != 7) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", c->name, c->hostname); return -1; } @@ -181,7 +181,7 @@ int ans_key_h(connection_t *c) from = lookup_node(from_name); if(!from) { - syslog(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "ANS_KEY", c->name, c->hostname, from_name); return -1; } @@ -189,7 +189,7 @@ int ans_key_h(connection_t *c) to = lookup_node(to_name); if(!to) { - syslog(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "ANS_KEY", c->name, c->hostname, to_name); return -1; } @@ -220,13 +220,13 @@ int ans_key_h(connection_t *c) from->cipher = EVP_get_cipherbynid(cipher); if(!from->cipher) { - syslog(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, from->hostname); return -1; } if(from->keylength != from->cipher->key_len + from->cipher->iv_len) { - syslog(LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name, from->hostname); return -1; } @@ -240,13 +240,13 @@ int ans_key_h(connection_t *c) from->digest = EVP_get_digestbynid(digest); if(!from->digest) { - syslog(LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, from->hostname); return -1; } if(from->maclength > from->digest->md_size || from->maclength < 0) { - syslog(LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), + logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), from->name, from->hostname); return -1; } @@ -255,7 +255,7 @@ int ans_key_h(connection_t *c) } if(compression < 0 || compression > 11) { - syslog(LOG_ERR, _("Node %s (%s) uses bogus compression level!"), from->name, from->hostname); + logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses bogus compression level!"), from->name, from->hostname); return -1; } diff --git a/src/protocol_misc.c b/src/protocol_misc.c index 363c8c3f..36054f0a 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -17,14 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_misc.c,v 1.1.4.7 2002/09/09 22:33:04 guus Exp $ + $Id: protocol_misc.c,v 1.1.4.8 2003/07/06 22:11:33 guus Exp $ */ #include "config.h" #include #include -#include #include #include #include @@ -37,6 +36,7 @@ #include "protocol.h" #include "meta.h" #include "connection.h" +#include "logger.h" #include "system.h" @@ -60,15 +60,13 @@ int status_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d %d " MAX_STRING, &statusno, statusstring) != 2) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "STATUS", + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "STATUS", c->name, c->hostname); return -1; } - if(debug_lvl >= DEBUG_STATUS) { - syslog(LOG_NOTICE, _("Status message from %s (%s): %s: %s"), + logger(DEBUG_STATUS, LOG_NOTICE, _("Status message from %s (%s): %s: %s"), c->name, c->hostname, status_text[statusno], statusstring); - } return 0; } @@ -91,15 +89,13 @@ int error_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d %d " MAX_STRING, &err, errorstring) != 2) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ERROR", + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "ERROR", c->name, c->hostname); return -1; } - if(debug_lvl >= DEBUG_ERROR) { - syslog(LOG_NOTICE, _("Error message from %s (%s): %s: %s"), + logger(DEBUG_ERROR, LOG_NOTICE, _("Error message from %s (%s): %s: %s"), c->name, c->hostname, strerror(err), errorstring); - } terminate_connection(c, c->status.active); @@ -185,7 +181,7 @@ int tcppacket_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d %hd", &len) != 1) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "PACKET", c->name, + logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "PACKET", c->name, c->hostname); return -1; } diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index b426a8e9..16cf1885 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,14 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.9 2002/09/09 22:33:13 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.10 2003/07/06 22:11:33 guus Exp $ */ #include "config.h" #include #include -#include #include #include #include @@ -40,6 +39,7 @@ #include "meta.h" #include "connection.h" #include "node.h" +#include "logger.h" #include "system.h" @@ -114,8 +114,7 @@ int add_subnet_h(connection_t *c) /* If we don't know this subnet, but we are the owner, retaliate with a DEL_SUBNET */ if(owner == myself) { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), + logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) for ourself"), "ADD_SUBNET", c->name, c->hostname); s->owner = myself; send_del_subnet(c, s); @@ -177,8 +176,7 @@ int del_subnet_h(connection_t *c) owner = lookup_node(name); if(!owner) { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which is not in our node tree"), + logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) for %s which is not in our node tree"), "DEL_SUBNET", c->name, c->hostname, name); return 0; } @@ -205,8 +203,7 @@ int del_subnet_h(connection_t *c) free_subnet(s); if(!find) { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), + logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), "DEL_SUBNET", c->name, c->hostname, name); return 0; } @@ -214,8 +211,7 @@ int del_subnet_h(connection_t *c) /* If we are the owner of this subnet, retaliate with an ADD_SUBNET */ if(owner == myself) { - if(debug_lvl >= DEBUG_PROTOCOL) - syslog(LOG_WARNING, _("Got %s from %s (%s) for ourself"), + logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_SUBNET", c->name, c->hostname); send_add_subnet(c, find); return 0; diff --git a/src/raw_socket/device.c b/src/raw_socket/device.c index 1b9d8949..3cb62c0d 100644 --- a/src/raw_socket/device.c +++ b/src/raw_socket/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.5 2003/06/11 19:28:38 guus Exp $ + $Id: device.c,v 1.1.2.6 2003/07/06 22:11:37 guus Exp $ */ #include "config.h" @@ -29,7 +29,6 @@ #include #include #include -#include #include #include #include @@ -39,7 +38,7 @@ #include #include "conf.h" #include "net.h" -#include "subnet.h" +#include "logger.h" #include "system.h" @@ -73,7 +72,7 @@ int setup_device(void) device_info = _("raw socket"); if((device_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0) { - syslog(LOG_ERR, _("Could not open %s: %s"), device_info, + logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device_info, strerror(errno)); return -1; } @@ -82,7 +81,7 @@ int setup_device(void) strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); if(ioctl(device_fd, SIOCGIFINDEX, &ifr)) { close(device_fd); - syslog(LOG_ERR, _("Can't find interface %s: %s"), interface, + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't find interface %s: %s"), interface, strerror(errno)); return -1; } @@ -93,11 +92,11 @@ int setup_device(void) sa.sll_ifindex = ifr.ifr_ifindex; if(bind(device_fd, (struct sockaddr *) &sa, (socklen_t) sizeof(sa))) { - syslog(LOG_ERR, _("Could not bind to %s: %s"), device, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Could not bind to %s: %s"), device, strerror(errno)); return -1; } - syslog(LOG_INFO, _("%s is a %s"), device, device_info); + logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -120,7 +119,7 @@ int read_packet(vpn_packet_t *packet) cp(); if((lenin = read(device_fd, packet->data, MTU)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -129,8 +128,7 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); } @@ -141,12 +139,11 @@ int write_packet(vpn_packet_t *packet) { cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); if(write(device_fd, packet->data, packet->len) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -160,7 +157,7 @@ void dump_device_stats(void) { cp(); - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/route.c b/src/route.c index b6ec0dc0..1fd1d8ef 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.53 2003/07/06 17:49:49 guus Exp $ + $Id: route.c,v 1.1.2.54 2003/07/06 22:11:33 guus Exp $ */ #include "config.h" @@ -45,7 +45,6 @@ #include #include #include -#include #include #ifdef HAVE_INTTYPES_H #include @@ -59,6 +58,7 @@ #include "route.h" #include "protocol.h" #include "device.h" +#include "logger.h" #include "system.h" @@ -130,8 +130,7 @@ void learn_mac(mac_t *address) /* If we don't know this MAC address yet, store it */ if(!subnet || subnet->owner != myself) { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx"), + logger(DEBUG_TRAFFIC, LOG_INFO, _("Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx"), address->x[0], address->x[1], address->x[2], address->x[3], address->x[4], address->x[5]); @@ -164,8 +163,7 @@ void age_mac(void) next = node->next; s = (subnet_t *) node->data; if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now) { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"), + logger(DEBUG_TRAFFIC, LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"), s->net.mac.address.x[0], s->net.mac.address.x[1], s->net.mac.address.x[2], s->net.mac.address.x[3], s->net.mac.address.x[4], s->net.mac.address.x[5]); @@ -274,11 +272,9 @@ node_t *route_ipv4(vpn_packet_t *packet) subnet = lookup_subnet_ipv4((ipv4_t *) & packet->data[30]); if(!subnet) { - if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_WARNING, _("Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"), + logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"), packet->data[30], packet->data[31], packet->data[32], packet->data[33]); - } route_ipv4_unreachable(packet, ICMP_NET_UNKNOWN); return NULL; @@ -371,8 +367,7 @@ node_t *route_ipv6(vpn_packet_t *packet) subnet = lookup_subnet_ipv6((ipv6_t *) & packet->data[38]); if(!subnet) { - if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), + logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), ntohs(*(uint16_t *) & packet->data[38]), ntohs(*(uint16_t *) & packet->data[40]), ntohs(*(uint16_t *) & packet->data[42]), @@ -381,7 +376,6 @@ node_t *route_ipv6(vpn_packet_t *packet) ntohs(*(uint16_t *) & packet->data[48]), ntohs(*(uint16_t *) & packet->data[50]), ntohs(*(uint16_t *) & packet->data[52])); - } #ifdef HAVE_NETINET_IP6_H route_ipv6_unreachable(packet, ICMP6_DST_UNREACH_ADDR); #endif @@ -431,9 +425,7 @@ void route_neighborsol(vpn_packet_t *packet) if(ns->nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT || opt->nd_opt_type != ND_OPT_SOURCE_LINKADDR) { - if(debug_lvl > DEBUG_TRAFFIC) { - syslog(LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request")); - } + logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request")); return; } @@ -450,8 +442,7 @@ void route_neighborsol(vpn_packet_t *packet) checksum = inet_checksum(ns, sizeof(*ns) + 8, checksum); if(checksum) { - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request")); + logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request")); return; } @@ -460,8 +451,7 @@ void route_neighborsol(vpn_packet_t *packet) subnet = lookup_subnet_ipv6((ipv6_t *) & ns->nd_ns_target); if(!subnet) { - if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_WARNING, _("Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), + logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), ntohs(((uint16_t *) & ns->nd_ns_target)[0]), ntohs(((uint16_t *) & ns->nd_ns_target)[1]), ntohs(((uint16_t *) & ns->nd_ns_target)[2]), @@ -470,7 +460,6 @@ void route_neighborsol(vpn_packet_t *packet) ntohs(((uint16_t *) & ns->nd_ns_target)[5]), ntohs(((uint16_t *) & ns->nd_ns_target)[6]), ntohs(((uint16_t *) & ns->nd_ns_target)[7])); - } return; } @@ -543,9 +532,7 @@ void route_arp(vpn_packet_t *packet) if(ntohs(arp->arp_hrd) != ARPHRD_ETHER || ntohs(arp->arp_pro) != ETHERTYPE_IP || arp->arp_hln != ETHER_ADDR_LEN || arp->arp_pln != 4 || ntohs(arp->arp_op) != ARPOP_REQUEST) { - if(debug_lvl > DEBUG_TRAFFIC) { - syslog(LOG_WARNING, _("Cannot route packet: received unknown type ARP request")); - } + logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: received unknown type ARP request")); return; } @@ -554,12 +541,9 @@ void route_arp(vpn_packet_t *packet) subnet = lookup_subnet_ipv4((ipv4_t *) arp->arp_tpa); if(!subnet) { - if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_WARNING, _("Cannot route packet: ARP request for unknown address %d.%d.%d.%d"), + logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: ARP request for unknown address %d.%d.%d.%d"), arp->arp_tpa[0], arp->arp_tpa[1], arp->arp_tpa[2], arp->arp_tpa[3]); - } - return; } @@ -614,8 +598,7 @@ void route_outgoing(vpn_packet_t *packet) return; default: - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_WARNING, _("Cannot route packet: unknown type %hx"), type); + logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: unknown type %hx"), type); return; } if(n) diff --git a/src/solaris/device.c b/src/solaris/device.c index 3054a98f..30887d7f 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.12 2003/06/11 19:28:38 guus Exp $ + $Id: device.c,v 1.1.2.13 2003/07/06 22:11:37 guus Exp $ */ @@ -31,7 +31,6 @@ #include #include #include -#include #include #include #include @@ -43,7 +42,7 @@ #include #include "conf.h" #include "net.h" -#include "subnet.h" +#include "logger.h" #include "system.h" @@ -69,7 +68,7 @@ int setup_device(void) device = DEFAULT_DEVICE; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - syslog(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } @@ -81,35 +80,35 @@ int setup_device(void) ppa = atoi(ptr); if((ip_fd = open("/dev/ip", O_RDWR, 0)) < 0) { - syslog(LOG_ERR, _("Could not open /dev/ip: %s"), strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open /dev/ip: %s"), strerror(errno)); return -1; } /* Assign a new PPA and get its unit number. */ if((ppa = ioctl(device_fd, TUNNEWPPA, ppa)) < 0) { - syslog(LOG_ERR, _("Can't assign new interface: %s"), strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't assign new interface: %s"), strerror(errno)); return -1; } if((if_fd = open(device, O_RDWR, 0)) < 0) { - syslog(LOG_ERR, _("Could not open %s twice: %s"), device, + logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s twice: %s"), device, strerror(errno)); return -1; } if(ioctl(if_fd, I_PUSH, "ip") < 0) { - syslog(LOG_ERR, _("Can't push IP module: %s"), strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't push IP module: %s"), strerror(errno)); return -1; } /* Assign ppa according to the unit number returned by tun device */ if(ioctl(if_fd, IF_UNITSEL, (char *) &ppa) < 0) { - syslog(LOG_ERR, _("Can't set PPA %d: %s"), ppa, strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't set PPA %d: %s"), ppa, strerror(errno)); return -1; } if(ioctl(ip_fd, I_LINK, if_fd) < 0) { - syslog(LOG_ERR, _("Can't link TUN device to IP: %s"), strerror(errno)); + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't link TUN device to IP: %s"), strerror(errno)); return -1; } @@ -118,7 +117,7 @@ int setup_device(void) device_info = _("Solaris tun device"); - syslog(LOG_INFO, _("%s is a %s"), device, device_info); + logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -137,7 +136,7 @@ int read_packet(vpn_packet_t *packet) cp(); if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { - syslog(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -149,10 +148,8 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - if(debug_lvl >= DEBUG_TRAFFIC) { - syslog(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - } return 0; } @@ -161,12 +158,11 @@ int write_packet(vpn_packet_t *packet) { cp(); - if(debug_lvl >= DEBUG_TRAFFIC) - syslog(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { - syslog(LOG_ERR, _("Can't write to %s %s: %s"), device_info, packet->len, + logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, packet->len, strerror(errno)); return -1; } @@ -180,7 +176,7 @@ void dump_device_stats(void) { cp(); - syslog(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - syslog(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - syslog(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/subnet.c b/src/subnet.c index 4e528e1a..ed5e1ac8 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,13 +17,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.43 2002/09/15 14:55:54 guus Exp $ + $Id: subnet.c,v 1.1.2.44 2003/07/06 22:11:33 guus Exp $ */ #include "config.h" #include -#include #include #include #include @@ -39,6 +38,7 @@ #include "node.h" #include "subnet.h" #include "netutl.h" +#include "logger.h" #include "system.h" @@ -111,7 +111,7 @@ int subnet_compare(subnet_t *a, subnet_t *b) case SUBNET_IPV6: return subnet_compare_ipv6(a, b); default: - syslog(LOG_ERR, _("subnet_compare() was called with unknown subnet type %d, exitting!"), + logger(DEBUG_ALWAYS, LOG_ERR, _("subnet_compare() was called with unknown subnet type %d, exitting!"), a->type); cp_trace(); exit(0); @@ -295,7 +295,7 @@ char *net2str(subnet_t *subnet) break; default: - syslog(LOG_ERR, + logger(DEBUG_ALWAYS, LOG_ERR, _("net2str() was called with unknown subnet type %d, exiting!"), subnet->type); cp_trace(); @@ -411,14 +411,14 @@ void dump_subnets(void) cp(); - syslog(LOG_DEBUG, _("Subnet list:")); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("Subnet list:")); for(node = subnet_tree->head; node; node = node->next) { subnet = (subnet_t *) node->data; netstr = net2str(subnet); - syslog(LOG_DEBUG, _(" %s owner %s"), netstr, subnet->owner->name); + logger(DEBUG_ALWAYS, LOG_DEBUG, _(" %s owner %s"), netstr, subnet->owner->name); free(netstr); } - syslog(LOG_DEBUG, _("End of subnet list.")); + logger(DEBUG_ALWAYS, LOG_DEBUG, _("End of subnet list.")); } diff --git a/src/tincd.c b/src/tincd.c index 989eb76d..6d1f4e2d 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.69 2003/07/06 17:15:25 guus Exp $ + $Id: tincd.c,v 1.10.4.70 2003/07/06 22:11:33 guus Exp $ */ #include "config.h" @@ -28,7 +28,6 @@ #include #include #include -#include #include #include #include @@ -61,6 +60,7 @@ #include "process.h" #include "protocol.h" #include "subnet.h" +#include "logger.h" #include "system.h" @@ -85,8 +85,12 @@ int bypass_security = 0; /* If nonzero, disable swapping for this process. */ int do_mlock = 0; +/* If nonzero, write log entries to a separate file. */ +int use_logfile = 0; + char *identname = NULL; /* program name for syslog */ char *pidfilename = NULL; /* pid file location */ +char *logfilename = NULL; /* log file location */ char **g_argv; /* a copy of the cmdline arguments */ char **environment; /* A pointer to the environment on startup */ @@ -102,6 +106,7 @@ static struct option const long_options[] = { {"debug", optional_argument, NULL, 'd'}, {"bypass-security", no_argument, &bypass_security, 1}, {"mlock", no_argument, &do_mlock, 1}, + {"logfile", optional_argument, NULL, 'F'}, {NULL, 0, NULL, 0} }; @@ -119,6 +124,7 @@ static void usage(int status) " -n, --net=NETNAME Connect to net NETNAME.\n" " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" " -L, --mlock Lock tinc into main memory.\n" + " -F, --logfile[=FILENAME] Write log entries to a logfile.\n" " --help Display this help and exit.\n" " --version Output version information and exit.\n\n")); printf(_("Report bugs to tinc@nl.linux.org.\n")); @@ -132,7 +138,7 @@ void parse_options(int argc, char **argv, char **envp) int r; int option_index = 0; - while((r = getopt_long(argc, argv, "c:DLd::k::n:K::", long_options, &option_index)) != EOF) { + while((r = getopt_long(argc, argv, "c:DLd::k::n:K::F::", long_options, &option_index)) != EOF) { switch (r) { case 0: /* long option */ break; @@ -152,9 +158,9 @@ void parse_options(int argc, char **argv, char **envp) case 'd': /* inc debug level */ if(optarg) - debug_lvl = atoi(optarg); + debug_level = atoi(optarg); else - debug_lvl++; + debug_level++; break; case 'k': /* kill old tincds */ @@ -189,8 +195,7 @@ void parse_options(int argc, char **argv, char **envp) break; case 'n': /* net name given */ - netname = xmalloc(strlen(optarg) + 1); - strcpy(netname, optarg); + netname = xstrdup(optarg); break; case 'K': /* generate public/private keypair */ @@ -208,6 +213,12 @@ void parse_options(int argc, char **argv, char **envp) generate_keys = 1024; break; + case 'F': /* write log entries to a file */ + use_logfile = 1; + if(optarg) + logfilename = xstrdup(optarg); + break; + case '?': usage(1); @@ -317,17 +328,21 @@ void make_names(void) if(netname) { if(!pidfilename) asprintf(&pidfilename, LOCALSTATEDIR "/run/tinc.%s.pid", netname); + if(!logfilename) + asprintf(&logfilename, LOCALSTATEDIR "/log/tinc.%s.log", netname); if(!confbase) asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); else - syslog(LOG_INFO, _("Both netname and configuration directory given, using the latter...")); + logger(DEBUG_ALWAYS, LOG_INFO, _("Both netname and configuration directory given, using the latter...")); if(!identname) asprintf(&identname, "tinc.%s", netname); } else { if(!pidfilename) pidfilename = LOCALSTATEDIR "/run/tinc.pid"; + if(!logfilename) + logfilename = LOCALSTATEDIR "/log/tinc.log"; if(!confbase) asprintf(&confbase, "%s/tinc", CONFDIR); @@ -367,22 +382,18 @@ int main(int argc, char **argv, char **envp) if(kill_tincd) exit(kill_other(kill_tincd)); -#ifndef LOG_PERROR - openlog("tinc", LOG_CONS, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ -#else - openlog("tinc", LOG_PERROR, LOG_DAEMON); /* Catch all syslog() calls issued before detaching */ -#endif + openlogger("tinc", LOGMODE_STDERR); /* Lock all pages into memory if requested */ if(do_mlock) #ifdef HAVE_MLOCKALL if(mlockall(MCL_CURRENT | MCL_FUTURE)) { - syslog(LOG_ERR, _("System call `%s' failed: %s"), "mlockall", + logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "mlockall", strerror(errno)); #else { - syslog(LOG_ERR, _("mlockall() not supported on this platform!")); + logger(DEBUG_ALWAYS, LOG_ERR, _("mlockall() not supported on this platform!")); #endif return -1; } @@ -406,7 +417,7 @@ int main(int argc, char **argv, char **envp) exit(1); if(lzo_init() != LZO_E_OK) { - syslog(LOG_ERR, _("Error initializing LZO compressor!")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Error initializing LZO compressor!")); exit(1); } @@ -419,14 +430,14 @@ int main(int argc, char **argv, char **envp) cleanup_and_exit(1); } - syslog(LOG_ERR, _("Unrecoverable error")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Unrecoverable error")); cp_trace(); if(do_detach) { - syslog(LOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout); + logger(DEBUG_ALWAYS, LOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout); sleep(maxtimeout); } else { - syslog(LOG_ERR, _("Not restarting.")); + logger(DEBUG_ALWAYS, LOG_ERR, _("Not restarting.")); exit(1); } } From 1401faf608e1c8af0d0754e545b0ec79d2bd5d93 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 6 Jul 2003 23:16:29 +0000 Subject: [PATCH 751/923] Sprinkling the source with static and attributes. --- lib/avl_tree.c | 10 +++++---- lib/fake-getaddrinfo.h | 6 ++++- lib/list.h | 4 ++-- lib/xalloc.h | 8 +++---- src/conf.c | 8 +++---- src/conf.h | 4 ++-- src/connection.c | 4 ++-- src/connection.h | 4 ++-- src/edge.c | 6 ++--- src/edge.h | 6 ++--- src/event.c | 4 ++-- src/event.h | 6 ++--- src/logger.c | 15 ++++++------- src/net.c | 10 ++++----- src/net.h | 6 +---- src/net_packet.c | 32 +++++++++++++-------------- src/node.c | 6 ++--- src/node.h | 4 ++-- src/process.c | 38 ++++++++++++++++---------------- src/process.h | 4 ++-- src/protocol.c | 50 +++++++++++++++++++++--------------------- src/protocol.h | 4 +--- src/protocol_auth.c | 4 ++-- src/protocol_misc.c | 26 +++++++++++----------- src/route.c | 24 ++++++++++---------- src/subnet.c | 10 ++++----- src/subnet.h | 6 ++--- src/tincd.c | 10 ++++----- 28 files changed, 159 insertions(+), 160 deletions(-) diff --git a/lib/avl_tree.c b/lib/avl_tree.c index 7bacc20e..53d82eb4 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.13 2003/06/11 19:39:02 guus Exp $ + $Id: avl_tree.c,v 1.1.2.14 2003/07/06 23:16:27 guus Exp $ */ #include @@ -53,7 +53,9 @@ #endif #ifndef AVL_DEPTH -int lg(unsigned int u) +static int lg(unsigned int u) __attribute__ ((const)); + +static int lg(unsigned int u) { int r = 1; @@ -89,7 +91,7 @@ int lg(unsigned int u) /* Internal helper functions */ -int avl_check_balance(avl_node_t *node) +static int avl_check_balance(avl_node_t *node) { #ifdef AVL_DEPTH int d; @@ -117,7 +119,7 @@ int avl_check_balance(avl_node_t *node) #endif } -void avl_rebalance(avl_tree_t *tree, avl_node_t *node) +static void avl_rebalance(avl_tree_t *tree, avl_node_t *node) { avl_node_t *child; avl_node_t *gchild; diff --git a/lib/fake-getaddrinfo.h b/lib/fake-getaddrinfo.h index 6b1744c9..3f24375c 100644 --- a/lib/fake-getaddrinfo.h +++ b/lib/fake-getaddrinfo.h @@ -1,4 +1,4 @@ -/* $Id: fake-getaddrinfo.h,v 1.1.2.1 2002/07/12 11:45:21 guus Exp $ */ +/* $Id: fake-getaddrinfo.h,v 1.1.2.2 2003/07/06 23:16:27 guus Exp $ */ #ifndef _FAKE_GETADDRINFO_H #define _FAKE_GETADDRINFO_H @@ -22,6 +22,10 @@ # define NI_NUMERICSERV 8 #endif +#ifndef AI_NUMERICHOST +#define AI_NUMERICHOST 4 +#endif + #ifndef HAVE_STRUCT_ADDRINFO struct addrinfo { int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ diff --git a/lib/list.h b/lib/list.h index df08e492..175d640e 100644 --- a/lib/list.h +++ b/lib/list.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.h,v 1.1.2.8 2002/09/09 22:32:27 guus Exp $ + $Id: list.h,v 1.1.2.9 2003/07/06 23:16:28 guus Exp $ */ #ifndef __TINC_LIST_H__ @@ -47,7 +47,7 @@ typedef struct list_t { /* (De)constructors */ -extern list_t *list_alloc(list_action_t); +extern list_t *list_alloc(list_action_t) __attribute__ ((malloc)); extern void list_free(list_t *); extern list_node_t *list_alloc_node(void); extern void list_free_node(list_t *, list_node_t *); diff --git a/lib/xalloc.h b/lib/xalloc.h index caf0f37d..dbba254a 100644 --- a/lib/xalloc.h +++ b/lib/xalloc.h @@ -18,9 +18,9 @@ extern char *const xalloc_msg_memory_exhausted; /* FIXME: describe */ extern void (*xalloc_fail_func) (); -void *xmalloc PARAMS ((size_t n)); -void *xmalloc_and_zero PARAMS ((size_t n)); +void *xmalloc PARAMS ((size_t n)) __attribute__ ((malloc)); +void *xmalloc_and_zero PARAMS ((size_t n)) __attribute__ ((malloc)); void *xcalloc PARAMS ((size_t n, size_t s)); -void *xrealloc PARAMS ((void *p, size_t n)); +void *xrealloc PARAMS ((void *p, size_t n)) __attribute__ ((malloc)); -char *xstrdup PARAMS ((const char *s)); +char *xstrdup PARAMS ((const char *s)) __attribute__ ((malloc)); diff --git a/src/conf.c b/src/conf.c index ef1ee50f..09e72a5b 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.62 2003/07/06 22:11:31 guus Exp $ + $Id: conf.c,v 1.9.4.63 2003/07/06 23:16:28 guus Exp $ */ #include "config.h" @@ -51,7 +51,7 @@ int pingtimeout = 0; /* seconds before timeout */ char *confbase = NULL; /* directory in which all config files are */ char *netname = NULL; /* name of the vpn network */ -int config_compare(config_t *a, config_t *b) +static int config_compare(config_t *a, config_t *b) { int result; @@ -270,7 +270,7 @@ int get_config_subnet(config_t *cfg, subnet_t ** result) given, and buf needs to be expanded, the var pointed to by buflen will be increased. */ -char *readline(FILE * fp, char **buf, size_t *buflen) +static char *readline(FILE * fp, char **buf, size_t *buflen) { char *newline = NULL; char *p; @@ -429,7 +429,7 @@ int read_server_config() return x; } -int isadir(const char *f) +static int isadir(const char *f) { struct stat s; diff --git a/src/conf.h b/src/conf.h index 64c87753..5dc4c930 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.36 2003/07/06 22:11:31 guus Exp $ + $Id: conf.h,v 1.6.4.37 2003/07/06 23:16:28 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -48,7 +48,7 @@ extern char *netname; extern void init_configuration(avl_tree_t **); extern void exit_configuration(avl_tree_t **); -extern config_t *new_config(void); +extern config_t *new_config(void) __attribute__ ((malloc)); extern void free_config(config_t *); extern void config_add(avl_tree_t *, config_t *); extern config_t *lookup_config(avl_tree_t *, char *); diff --git a/src/connection.c b/src/connection.c index 4d6e30b2..adfe73b5 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.37 2003/07/06 22:11:31 guus Exp $ + $Id: connection.c,v 1.1.2.38 2003/07/06 23:16:28 guus Exp $ */ #include "config.h" @@ -42,7 +42,7 @@ avl_tree_t *connection_tree; /* Meta connections */ connection_t *broadcast; -int connection_compare(connection_t *a, connection_t *b) +static int connection_compare(connection_t *a, connection_t *b) { return (void *)a - (void *)b; } diff --git a/src/connection.h b/src/connection.h index 97552275..bcf0708d 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.31 2002/09/09 21:24:31 guus Exp $ + $Id: connection.h,v 1.1.2.32 2003/07/06 23:16:28 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -113,7 +113,7 @@ extern connection_t *broadcast; extern void init_connections(void); extern void exit_connections(void); -extern connection_t *new_connection(void); +extern connection_t *new_connection(void) __attribute__ ((malloc)); extern void free_connection(connection_t *); extern void connection_add(connection_t *); extern void connection_del(connection_t *); diff --git a/src/edge.c b/src/edge.c index f9d4d98d..88fbd1c0 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.19 2003/07/06 22:11:31 guus Exp $ + $Id: edge.c,v 1.1.2.20 2003/07/06 23:16:28 guus Exp $ */ #include "config.h" @@ -42,12 +42,12 @@ avl_tree_t *edge_weight_tree; /* Tree with all edges, sorted on weight */ -int edge_compare(edge_t *a, edge_t *b) +static int edge_compare(edge_t *a, edge_t *b) { return strcmp(a->to->name, b->to->name); } -int edge_weight_compare(edge_t *a, edge_t *b) +static int edge_weight_compare(edge_t *a, edge_t *b) { int result; diff --git a/src/edge.h b/src/edge.h index 875b1aa2..8e42385c 100644 --- a/src/edge.h +++ b/src/edge.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.11 2002/09/09 21:24:31 guus Exp $ + $Id: edge.h,v 1.1.2.12 2003/07/06 23:16:28 guus Exp $ */ #ifndef __TINC_EDGE_H__ @@ -45,9 +45,9 @@ extern avl_tree_t *edge_weight_tree; /* Tree with all known edges sorted on weig extern void init_edges(void); extern void exit_edges(void); -extern edge_t *new_edge(void); +extern edge_t *new_edge(void) __attribute__ ((malloc)); extern void free_edge(edge_t *); -extern avl_tree_t *new_edge_tree(void); +extern avl_tree_t *new_edge_tree(void) __attribute__ ((malloc)); extern void free_edge_tree(avl_tree_t *); extern void edge_add(edge_t *); extern void edge_del(edge_t *); diff --git a/src/event.c b/src/event.c index a91be86d..5663170c 100644 --- a/src/event.c +++ b/src/event.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.c,v 1.1.4.6 2002/09/09 22:32:30 guus Exp $ + $Id: event.c,v 1.1.4.7 2003/07/06 23:16:28 guus Exp $ */ #include "config.h" @@ -38,7 +38,7 @@ extern time_t now; int id; -int event_compare(event_t *a, event_t *b) +static int event_compare(event_t *a, event_t *b) { if(a->time > b->time) return 1; diff --git a/src/event.h b/src/event.h index 25eb9667..ad31e15b 100644 --- a/src/event.h +++ b/src/event.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.h,v 1.1.4.4 2002/09/09 22:32:36 guus Exp $ + $Id: event.h,v 1.1.4.5 2003/07/06 23:16:28 guus Exp $ */ #ifndef __TINC_EVENT_H__ @@ -26,7 +26,7 @@ #include #include -avl_tree_t *event_tree; +extern avl_tree_t *event_tree; typedef void (*event_handler_t)(void *); @@ -39,7 +39,7 @@ typedef struct { extern void init_events(void); extern void exit_events(void); -extern event_t *new_event(void); +extern event_t *new_event(void) __attribute__ ((malloc)); extern void free_event(event_t *); extern void event_add(event_t *); extern void event_del(event_t *); diff --git a/src/logger.c b/src/logger.c index de662270..8029565f 100644 --- a/src/logger.c +++ b/src/logger.c @@ -17,12 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: logger.c,v 1.1.2.1 2003/07/06 22:11:31 guus Exp $ + $Id: logger.c,v 1.1.2.2 2003/07/06 23:16:28 guus Exp $ */ #include #include #include +#include #include "conf.h" #include "logger.h" @@ -30,15 +31,13 @@ #include "system.h" volatile int debug_level = DEBUG_NOTHING; -int logmode = LOGMODE_STDERR; -pid_t logpid; +static int logmode = LOGMODE_STDERR; +static pid_t logpid; extern char *logfilename; -FILE *logfile = NULL; -const char *logident = NULL; +static FILE *logfile = NULL; +static const char *logident = NULL; void openlogger(const char *ident, int mode) { - char *fname; - logident = ident; logmode = mode; @@ -65,7 +64,7 @@ void vlogger(int priority, const char *format, va_list ap) { fprintf(stderr, "\n"); break; case LOGMODE_FILE: - fprintf(logfile, "%d %s[%d]: ", time(NULL), logident, logpid); + fprintf(logfile, "%ld %s[%d]: ", time(NULL), logident, logpid); vfprintf(logfile, format, ap); fprintf(logfile, "\n"); break; diff --git a/src/net.c b/src/net.c index 0f354cd7..fa798f8d 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.188 2003/07/06 22:11:32 guus Exp $ + $Id: net.c,v 1.35.4.189 2003/07/06 23:16:28 guus Exp $ */ #include "config.h" @@ -82,7 +82,7 @@ time_t now = 0; /* Purge edges and subnets of unreachable nodes. Use carefully. */ -void purge(void) +static void purge(void) { avl_node_t *nnode, *nnext, *enode, *enext, *snode, *snext; node_t *n; @@ -124,7 +124,7 @@ void purge(void) put all file descriptors in an fd_set array While we're at it, purge stuff that needs to be removed. */ -int build_fdset(fd_set * fs) +static int build_fdset(fd_set * fs) { avl_node_t *node, *next; connection_t *c; @@ -218,7 +218,7 @@ void terminate_connection(connection_t *c, int report) end does not reply in time, we consider them dead and close the connection. */ -void check_dead_connections(void) +static void check_dead_connections(void) { avl_node_t *node, *next; connection_t *c; @@ -258,7 +258,7 @@ void check_dead_connections(void) check all connections to see if anything happened on their sockets */ -void check_network_activity(fd_set * f) +static void check_network_activity(fd_set * f) { connection_t *c; avl_node_t *node; diff --git a/src/net.h b/src/net.h index 083cb235..48516492 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.59 2003/07/06 17:15:25 guus Exp $ + $Id: net.h,v 1.9.4.60 2003/07/06 23:16:28 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -121,9 +121,6 @@ extern int maxtimeout; extern int seconds_till_retry; extern int addressfamily; -extern char *request_name[]; -extern char *status_text[]; - #include "connection.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ extern listen_socket_t listen_socket[MAXSOCKETS]; @@ -144,7 +141,6 @@ extern int handle_new_meta_connection(int); extern int setup_listen_socket(sockaddr_t *); extern int setup_vpn_in_socket(sockaddr_t *); extern void send_packet(struct node_t *, vpn_packet_t *); -extern void receive_packet(struct node_t *, vpn_packet_t *); extern void receive_tcppacket(struct connection_t *, char *, int); extern void broadcast_packet(struct node_t *, vpn_packet_t *); extern int setup_network_connections(void); diff --git a/src/net_packet.c b/src/net_packet.c index 98151d16..79d3b18a 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.31 2003/07/06 22:11:32 guus Exp $ + $Id: net_packet.c,v 1.1.2.32 2003/07/06 23:16:28 guus Exp $ */ #include "config.h" @@ -82,12 +82,12 @@ int keylifetime = 0; int keyexpires = 0; EVP_CIPHER_CTX packet_ctx; -char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS]; +static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS]; #define MAX_SEQNO 1073741824 -length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) +static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) { if(level == 10) { lzo_uint lzolen = MAXSIZE; @@ -108,7 +108,7 @@ length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int return -1; } -length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) +static length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) { if(level > 9) { lzo_uint lzolen = MAXSIZE; @@ -129,7 +129,17 @@ length_t uncompress_packet(uint8_t *dest, const uint8_t *source, length_t len, i /* VPN packet I/O */ -void receive_udppacket(node_t *n, vpn_packet_t *inpkt) +static void receive_packet(node_t *n, vpn_packet_t *packet) +{ + cp(); + + logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), + packet->len, n->name, n->hostname); + + route_incoming(n, packet); +} + +static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { vpn_packet_t pkt1, pkt2; vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; @@ -227,17 +237,7 @@ void receive_tcppacket(connection_t *c, char *buffer, int len) receive_packet(c->node, &outpkt); } -void receive_packet(node_t *n, vpn_packet_t *packet) -{ - cp(); - - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), - packet->len, n->name, n->hostname); - - route_incoming(n, packet); -} - -void send_udppacket(node_t *n, vpn_packet_t *inpkt) +static void send_udppacket(node_t *n, vpn_packet_t *inpkt) { vpn_packet_t pkt1, pkt2; vpn_packet_t *pkt[] = { &pkt1, &pkt2, &pkt1, &pkt2 }; diff --git a/src/node.c b/src/node.c index edad62bb..350d02d8 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.20 2003/07/06 22:11:32 guus Exp $ + $Id: node.c,v 1.1.2.21 2003/07/06 23:16:28 guus Exp $ */ #include "config.h" @@ -40,12 +40,12 @@ avl_tree_t *node_udp_tree; /* Known nodes, sorted by address and port */ node_t *myself; -int node_compare(node_t *a, node_t *b) +static int node_compare(node_t *a, node_t *b) { return strcmp(a->name, b->name); } -int node_udp_compare(node_t *a, node_t *b) +static int node_udp_compare(node_t *a, node_t *b) { int result; diff --git a/src/node.h b/src/node.h index 800c6dee..b5cd8a74 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.22 2003/05/06 21:13:18 guus Exp $ + $Id: node.h,v 1.1.2.23 2003/07/06 23:16:28 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -83,7 +83,7 @@ extern avl_tree_t *node_udp_tree; extern void init_nodes(void); extern void exit_nodes(void); -extern node_t *new_node(void); +extern node_t *new_node(void) __attribute__ ((malloc)); extern void free_node(node_t *); extern void node_add(node_t *); extern void node_del(node_t *); diff --git a/src/process.c b/src/process.c index e43d9f86..45acc5c2 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.51 2003/07/06 22:11:32 guus Exp $ + $Id: process.c,v 1.1.2.52 2003/07/06 23:16:28 guus Exp $ */ #include "config.h" @@ -65,7 +65,7 @@ extern int sighup; extern int sigalrm; extern int do_purge; -void memory_full(int size) +static void memory_full(int size) { logger(DEBUG_ALWAYS, LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exitting."), size); cp_trace(); @@ -75,7 +75,7 @@ void memory_full(int size) /* Some functions the less gifted operating systems might lack... */ #ifndef HAVE_FCLOSEALL -int fcloseall(void) +static int fcloseall(void) { fflush(stdin); fflush(stdout); @@ -108,7 +108,7 @@ void cleanup_and_exit(int c) /* check for an existing tinc for this net, and write pid to pidfile */ -int write_pidfile(void) +static int write_pidfile(void) { int pid; @@ -213,9 +213,9 @@ int detach(void) /* Execute the program name, with sane environment. */ -void _execute_script(const char *scriptname, char **envp) +static void _execute_script(const char *scriptname, char **envp) __attribute__ ((noreturn)); -void _execute_script(const char *scriptname, char **envp) +static void _execute_script(const char *scriptname, char **envp) { cp(); @@ -304,20 +304,20 @@ int execute_script(const char *name, char **envp) Signal handlers. */ -RETSIGTYPE sigterm_handler(int a) +static RETSIGTYPE sigterm_handler(int a) { logger(DEBUG_ALWAYS, LOG_NOTICE, _("Got TERM signal")); cleanup_and_exit(0); } -RETSIGTYPE sigquit_handler(int a) +static RETSIGTYPE sigquit_handler(int a) { logger(DEBUG_ALWAYS, LOG_NOTICE, _("Got QUIT signal")); cleanup_and_exit(0); } -RETSIGTYPE fatal_signal_square(int a) +static RETSIGTYPE fatal_signal_square(int a) { logger(DEBUG_ALWAYS, LOG_ERR, _("Got another fatal signal %d (%s): not restarting."), a, strsignal(a)); @@ -325,7 +325,7 @@ RETSIGTYPE fatal_signal_square(int a) exit(1); } -RETSIGTYPE fatal_signal_handler(int a) +static RETSIGTYPE fatal_signal_handler(int a) { struct sigaction act; logger(DEBUG_ALWAYS, LOG_ERR, _("Got fatal signal %d (%s)"), a, strsignal(a)); @@ -349,13 +349,13 @@ RETSIGTYPE fatal_signal_handler(int a) } } -RETSIGTYPE sighup_handler(int a) +static RETSIGTYPE sighup_handler(int a) { logger(DEBUG_ALWAYS, LOG_NOTICE, _("Got HUP signal")); sighup = 1; } -RETSIGTYPE sigint_handler(int a) +static RETSIGTYPE sigint_handler(int a) { if(saved_debug_level != -1) { logger(DEBUG_ALWAYS, LOG_NOTICE, _("Reverting to old debug level (%d)"), @@ -371,18 +371,18 @@ RETSIGTYPE sigint_handler(int a) } } -RETSIGTYPE sigalrm_handler(int a) +static RETSIGTYPE sigalrm_handler(int a) { logger(DEBUG_ALWAYS, LOG_NOTICE, _("Got ALRM signal")); sigalrm = 1; } -RETSIGTYPE sigusr1_handler(int a) +static RETSIGTYPE sigusr1_handler(int a) { dump_connections(); } -RETSIGTYPE sigusr2_handler(int a) +static RETSIGTYPE sigusr2_handler(int a) { dump_device_stats(); dump_nodes(); @@ -390,24 +390,24 @@ RETSIGTYPE sigusr2_handler(int a) dump_subnets(); } -RETSIGTYPE sigwinch_handler(int a) +static RETSIGTYPE sigwinch_handler(int a) { extern int do_purge; do_purge = 1; } -RETSIGTYPE unexpected_signal_handler(int a) +static RETSIGTYPE unexpected_signal_handler(int a) { logger(DEBUG_ALWAYS, LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); cp_trace(); } -RETSIGTYPE ignore_signal_handler(int a) +static RETSIGTYPE ignore_signal_handler(int a) { logger(DEBUG_SCARY_THINGS, LOG_DEBUG, _("Ignored signal %d (%s)"), a, strsignal(a)); } -struct { +static struct { int signal; void (*handler)(int); } sighandlers[] = { diff --git a/src/process.h b/src/process.h index dd794e40..0844ed20 100644 --- a/src/process.h +++ b/src/process.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.13 2002/09/09 21:24:41 guus Exp $ + $Id: process.h,v 1.1.2.14 2003/07/06 23:16:28 guus Exp $ */ #ifndef __TINC_PROCESS_H__ @@ -31,6 +31,6 @@ extern void setup_signals(void); extern int execute_script(const char *, char **); extern int detach(void); extern int kill_other(int); -extern void cleanup_and_exit(int); +extern void cleanup_and_exit(int) __attribute__ ((noreturn)); #endif /* __TINC_PROCESS_H__ */ diff --git a/src/protocol.c b/src/protocol.c index 9ac5a1fb..a6485475 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.138 2003/07/06 22:11:32 guus Exp $ + $Id: protocol.c,v 1.28.4.139 2003/07/06 23:16:28 guus Exp $ */ #include "config.h" @@ -41,7 +41,28 @@ #include "system.h" -avl_tree_t *past_request_tree; +/* Jumptable for the request handlers */ + +static int (*request_handlers[])(connection_t *) = { + id_h, metakey_h, challenge_h, chal_reply_h, ack_h, + status_h, error_h, termreq_h, + ping_h, pong_h, + add_subnet_h, del_subnet_h, + add_edge_h, del_edge_h, + key_changed_h, req_key_h, ans_key_h, tcppacket_h, +}; + +/* Request names */ + +static char (*request_name[]) = { + "ID", "METAKEY", "CHALLENGE", "CHAL_REPLY", "ACK", + "STATUS", "ERROR", "TERMREQ", + "PING", "PONG", + "ADD_SUBNET", "DEL_SUBNET", + "ADD_EDGE", "DEL_EDGE", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", "PACKET", +}; + +static avl_tree_t *past_request_tree; int check_id(char *id) { @@ -170,12 +191,12 @@ int receive_request(connection_t *c) return 0; } -int past_request_compare(past_request_t *a, past_request_t *b) +static int past_request_compare(past_request_t *a, past_request_t *b) { return strcmp(a->request, b->request); } -void free_past_request(past_request_t *r) +static void free_past_request(past_request_t *r) { cp(); @@ -241,24 +262,3 @@ void age_past_requests(void) logger(DEBUG_SCARY_THINGS, LOG_DEBUG, _("Aging past requests: deleted %d, left %d\n"), deleted, left); } - -/* Jumptable for the request handlers */ - -int (*request_handlers[])(connection_t *) = { - id_h, metakey_h, challenge_h, chal_reply_h, ack_h, - status_h, error_h, termreq_h, - ping_h, pong_h, - add_subnet_h, del_subnet_h, - add_edge_h, del_edge_h, - key_changed_h, req_key_h, ans_key_h, tcppacket_h, -}; - -/* Request names */ - -char (*request_name[]) = { - "ID", "METAKEY", "CHALLENGE", "CHAL_REPLY", "ACK", - "STATUS", "ERROR", "TERMREQ", - "PING", "PONG", - "ADD_SUBNET", "DEL_SUBNET", - "ADD_EDGE", "DEL_EDGE", "KEY_CHANGED", "REQ_KEY", "ANS_KEY", "PACKET", -}; diff --git a/src/protocol.h b/src/protocol.h index 67fcb325..6e71f810 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.37 2002/09/09 22:41:56 guus Exp $ + $Id: protocol.h,v 1.5.4.38 2003/07/06 23:16:28 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -93,8 +93,6 @@ extern int send_tcppacket(connection_t *, vpn_packet_t *); /* Request handlers */ -extern int (*request_handlers[])(connection_t *); - extern int id_h(connection_t *); extern int metakey_h(connection_t *); extern int challenge_h(connection_t *); diff --git a/src/protocol_auth.c b/src/protocol_auth.c index f117550d..28c6fea0 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.21 2003/07/06 22:11:32 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.22 2003/07/06 23:16:29 guus Exp $ */ #include "config.h" @@ -481,7 +481,7 @@ int send_ack(connection_t *c) return x; } -void send_everything(connection_t *c) +static void send_everything(connection_t *c) { avl_node_t *node, *node2; node_t *n; diff --git a/src/protocol_misc.c b/src/protocol_misc.c index 36054f0a..18155e94 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_misc.c,v 1.1.4.8 2003/07/06 22:11:33 guus Exp $ + $Id: protocol_misc.c,v 1.1.4.9 2003/07/06 23:16:29 guus Exp $ */ #include "config.h" @@ -40,6 +40,18 @@ #include "system.h" +/* Status strings */ + +static char (*status_text[]) = { + "Warning", +}; + +/* Error strings */ + +static char (*error_text[]) = { + "Error", +}; + /* Status and error notification routines */ int send_status(connection_t *c, int statusno, char *statusstring) @@ -192,15 +204,3 @@ int tcppacket_h(connection_t *c) return 0; } - -/* Status strings */ - -char (*status_text[]) = { - "Warning", -}; - -/* Error strings */ - -char (*error_text[]) = { - "Error", -}; diff --git a/src/route.c b/src/route.c index 1fd1d8ef..1cdf964a 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.54 2003/07/06 22:11:33 guus Exp $ + $Id: route.c,v 1.1.2.55 2003/07/06 23:16:29 guus Exp $ */ #include "config.h" @@ -84,11 +84,11 @@ int routing_mode = RMODE_ROUTER; int priorityinheritance = 0; int macexpire = 600; int overwrite_mac = 0; -mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}}; +static mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}}; /* RFC 1071 */ -uint16_t inet_checksum(void *data, int len, uint16_t prevsum) +static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) { uint16_t *p = data; uint32_t checksum = prevsum ^ 0xFFFF; @@ -107,7 +107,7 @@ uint16_t inet_checksum(void *data, int len, uint16_t prevsum) return ~checksum; } -int ratelimit(void) { +static int ratelimit(void) { static time_t lasttime = 0; if(lasttime == now) @@ -117,7 +117,7 @@ int ratelimit(void) { return 0; } -void learn_mac(mac_t *address) +static void learn_mac(mac_t *address) { subnet_t *subnet; avl_node_t *node; @@ -179,7 +179,7 @@ void age_mac(void) } } -node_t *route_mac(vpn_packet_t *packet) +static node_t *route_mac(vpn_packet_t *packet) { subnet_t *subnet; @@ -201,7 +201,7 @@ node_t *route_mac(vpn_packet_t *packet) /* RFC 792 */ -void route_ipv4_unreachable(vpn_packet_t *packet, uint8_t code) +static void route_ipv4_unreachable(vpn_packet_t *packet, uint8_t code) { struct ip *hdr; struct icmp *icmp; @@ -260,7 +260,7 @@ void route_ipv4_unreachable(vpn_packet_t *packet, uint8_t code) write_packet(packet); } -node_t *route_ipv4(vpn_packet_t *packet) +static node_t *route_ipv4(vpn_packet_t *packet) { subnet_t *subnet; @@ -290,7 +290,7 @@ node_t *route_ipv4(vpn_packet_t *packet) /* RFC 2463 */ -void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) +static void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) { struct ip6_hdr *hdr; struct icmp6_hdr *icmp; @@ -358,7 +358,7 @@ void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) #endif -node_t *route_ipv6(vpn_packet_t *packet) +static node_t *route_ipv6(vpn_packet_t *packet) { subnet_t *subnet; @@ -395,7 +395,7 @@ node_t *route_ipv6(vpn_packet_t *packet) /* RFC 2461 */ -void route_neighborsol(vpn_packet_t *packet) +static void route_neighborsol(vpn_packet_t *packet) { struct ip6_hdr *hdr; struct nd_neighbor_solicit *ns; @@ -508,7 +508,7 @@ void route_neighborsol(vpn_packet_t *packet) /* RFC 826 */ -void route_arp(vpn_packet_t *packet) +static void route_arp(vpn_packet_t *packet) { struct ether_arp *arp; subnet_t *subnet; diff --git a/src/subnet.c b/src/subnet.c index ed5e1ac8..6a7cf78e 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.44 2003/07/06 22:11:33 guus Exp $ + $Id: subnet.c,v 1.1.2.45 2003/07/06 23:16:29 guus Exp $ */ #include "config.h" @@ -48,7 +48,7 @@ avl_tree_t *subnet_tree; /* Subnet comparison */ -int subnet_compare_mac(subnet_t *a, subnet_t *b) +static int subnet_compare_mac(subnet_t *a, subnet_t *b) { int result; @@ -60,7 +60,7 @@ int subnet_compare_mac(subnet_t *a, subnet_t *b) return strcmp(a->owner->name, b->owner->name); } -int subnet_compare_ipv4(subnet_t *a, subnet_t *b) +static int subnet_compare_ipv4(subnet_t *a, subnet_t *b) { int result; @@ -77,7 +77,7 @@ int subnet_compare_ipv4(subnet_t *a, subnet_t *b) return strcmp(a->owner->name, b->owner->name); } -int subnet_compare_ipv6(subnet_t *a, subnet_t *b) +static int subnet_compare_ipv6(subnet_t *a, subnet_t *b) { int result; @@ -94,7 +94,7 @@ int subnet_compare_ipv6(subnet_t *a, subnet_t *b) return strcmp(a->owner->name, b->owner->name); } -int subnet_compare(subnet_t *a, subnet_t *b) +static int subnet_compare(subnet_t *a, subnet_t *b) { int result; diff --git a/src/subnet.h b/src/subnet.h index 30d13ca4..a7acbae0 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.20 2002/09/09 21:25:16 guus Exp $ + $Id: subnet.h,v 1.1.2.21 2003/07/06 23:16:29 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -64,11 +64,11 @@ typedef struct subnet_t { } net; } subnet_t; -extern subnet_t *new_subnet(void); +extern subnet_t *new_subnet(void) __attribute__ ((malloc)); extern void free_subnet(subnet_t *); extern void init_subnets(void); extern void exit_subnets(void); -extern avl_tree_t *new_subnet_tree(void); +extern avl_tree_t *new_subnet_tree(void) __attribute__ ((malloc)); extern void free_subnet_tree(avl_tree_t *); extern void subnet_add(struct node_t *, subnet_t *); extern void subnet_del(struct node_t *, subnet_t *); diff --git a/src/tincd.c b/src/tincd.c index 6d1f4e2d..bcbd54a6 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.70 2003/07/06 22:11:33 guus Exp $ + $Id: tincd.c,v 1.10.4.71 2003/07/06 23:16:29 guus Exp $ */ #include "config.h" @@ -133,7 +133,7 @@ static void usage(int status) exit(status); } -void parse_options(int argc, char **argv, char **envp) +static void parse_options(int argc, char **argv, char **envp) { int r; int option_index = 0; @@ -230,7 +230,7 @@ void parse_options(int argc, char **argv, char **envp) /* This function prettyprints the key generation process */ -void indicator(int a, int b, void *p) +static void indicator(int a, int b, void *p) { switch (a) { case 0: @@ -269,7 +269,7 @@ void indicator(int a, int b, void *p) Generate a public/private RSA keypair, and ask for a file to store them in. */ -int keygen(int bits) +static int keygen(int bits) { RSA *rsa_key; FILE *f; @@ -323,7 +323,7 @@ int keygen(int bits) /* Set all files and paths according to netname */ -void make_names(void) +static void make_names(void) { if(netname) { if(!pidfilename) From 30c0381d71d333a99f6c83ff9d03ef4a0857f423 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 7 Jul 2003 11:11:33 +0000 Subject: [PATCH 752/923] Provide all missing IPv6 definitions in lib/ipv6.h. --- configure.in | 4 ++-- lib/utils.h | 1 + src/net.h | 14 +++----------- src/route.c | 16 +--------------- 4 files changed, 7 insertions(+), 28 deletions(-) diff --git a/configure.in b/configure.in index ddff0926..41c1aaf9 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.64 2003/07/06 22:11:31 guus Exp $ +dnl $Id: configure.in,v 1.13.2.65 2003/07/07 11:11:33 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -101,7 +101,7 @@ AC_TYPE_SIZE_T AC_HEADER_TIME AC_STRUCT_TM -AC_CHECK_TYPES([socklen_t, struct addrinfo, struct sockaddr_in6], , , +AC_CHECK_TYPES([socklen_t, struct addrinfo, struct in6_addr, struct sockaddr_in6], , , [#include #include #include diff --git a/lib/utils.h b/lib/utils.h index ec93e8c2..6f3b18f4 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -25,6 +25,7 @@ #include "fake-getaddrinfo.h" #include "fake-getnameinfo.h" +#include "ipv6.h" #define min(a,b) (((a)<(b))?(a):(b)) diff --git a/src/net.h b/src/net.h index 48516492..2a1e79ef 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.60 2003/07/06 23:16:28 guus Exp $ + $Id: net.h,v 1.9.4.61 2003/07/07 11:11:33 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -56,11 +56,6 @@ typedef struct ipv4_t { uint8_t x[4]; } ipv4_t; -typedef struct ip_mask_t { - ipv4_t address; - ipv4_t mask; -} ip_mask_t; - typedef struct ipv6_t { uint16_t x[8]; } ipv6_t; @@ -70,19 +65,16 @@ typedef short length_t; typedef union { struct sockaddr sa; struct sockaddr_in in; -#ifdef HAVE_STRUCT_SOCKADDR_IN6 struct sockaddr_in6 in6; +#ifdef HAVE_STRUCT_SOCKADDR_STORAGE + struct sockaddr_storage storage; #endif } sockaddr_t; #ifdef SA_LEN #define SALEN(s) SA_LEN(&s) #else -#ifdef HAVE_STRUCT_SOCKADDR_IN6 #define SALEN(s) (s.sa_family==AF_INET?sizeof(struct sockaddr_in):sizeof(struct sockaddr_in6)) -#else -#define SALEN(s) (sizeof sockaddr_in) -#endif #endif typedef struct vpn_packet_t { diff --git a/src/route.c b/src/route.c index 1cdf964a..89271ba8 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.55 2003/07/06 23:16:29 guus Exp $ + $Id: route.c,v 1.1.2.56 2003/07/07 11:11:33 guus Exp $ */ #include "config.h" @@ -286,8 +286,6 @@ static node_t *route_ipv4(vpn_packet_t *packet) return subnet->owner; } -#ifdef HAVE_NETINET_IP6_H - /* RFC 2463 */ static void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) @@ -356,8 +354,6 @@ static void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) write_packet(packet); } -#endif - static node_t *route_ipv6(vpn_packet_t *packet) { subnet_t *subnet; @@ -376,23 +372,17 @@ static node_t *route_ipv6(vpn_packet_t *packet) ntohs(*(uint16_t *) & packet->data[48]), ntohs(*(uint16_t *) & packet->data[50]), ntohs(*(uint16_t *) & packet->data[52])); -#ifdef HAVE_NETINET_IP6_H route_ipv6_unreachable(packet, ICMP6_DST_UNREACH_ADDR); -#endif return NULL; } -#ifdef HAVE_NETINET_IP6_H if(!subnet->owner->status.reachable) route_ipv6_unreachable(packet, ICMP6_DST_UNREACH_NOROUTE); -#endif return subnet->owner; } -#ifdef HAVE_NETINET_IP6_H - /* RFC 2461 */ static void route_neighborsol(vpn_packet_t *packet) @@ -504,8 +494,6 @@ static void route_neighborsol(vpn_packet_t *packet) write_packet(packet); } -#endif - /* RFC 826 */ static void route_arp(vpn_packet_t *packet) @@ -584,12 +572,10 @@ void route_outgoing(vpn_packet_t *packet) break; case 0x86DD: -#ifdef HAVE_NETINET_IP6_H if(packet->data[20] == IPPROTO_ICMPV6 && packet->data[54] == ND_NEIGHBOR_SOLICIT) { route_neighborsol(packet); return; } -#endif n = route_ipv6(packet); break; From a88f1edf297152580a7729c6f3d274ba2bff7360 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 7 Jul 2003 11:13:31 +0000 Subject: [PATCH 753/923] Actually add ipv6.h. --- lib/ipv6.h | 107 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 lib/ipv6.h diff --git a/lib/ipv6.h b/lib/ipv6.h new file mode 100644 index 00000000..1e4b873f --- /dev/null +++ b/lib/ipv6.h @@ -0,0 +1,107 @@ +/* + ipv6.h -- missing IPv6 related definitions + Copyright (C) 2003 Ivo Timmermans + 2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: ipv6.h,v 1.1.2.1 2003/07/07 11:13:31 guus Exp $ +*/ + +#ifndef __TINC_IPV6_H__ +#define __TINC_IPV6_H__ + +#include "config.h" + +#include +#ifdef HAVE_INTTYPES_H +#include +#endif + +#ifndef AF_INET6 +#define AF_INET6 10 +#endif + +#ifndef IPPROTO_ICMPV6 +#define IPPROTO_ICMPV6 58 +#endif + +#ifndef HAVE_STRUCT_IN6_ADDR +struct in6_addr { + union { + uint8_t u6_addr8[16]; + uint16_t u6_addr16[8]; + uint32_t u6_addr32[4]; + } in6_u; +}; +#define s6_addr in6_u.u6_addr8 +#define s6_addr16 in6_u.u6_addr16 +#define s6_addr32 in6_u.u6_addr32 +#endif + +#ifndef HAVE_STRUCT_SOCKADDR_IN6 +struct sockaddr_in6 { + in_port_t sin6_port; + uint32_t sin6_flowinfo; + struct in6_addr sin6_addr; + uint32_t sin6_scope_id; +}; +#endif + +#ifndef HAVE_NETINET_IP6_H +struct ip6_hdr { + union { + struct ip6_hdrctl { + uint32_t ip6_un1_flow; + uint16_t ip6_un1_plen; + uint8_t ip6_un1_nxt; + uint8_t ip6_un1_hlim; + } ip6_un1; + uint8_t ip6_un2_vfc; + } ip6_ctlun; + struct in6_addr ip6_src; + struct in6_addr ip6_dst; +}; + +struct icmp6_hdr { + uint8_t icmp6_type; + uint8_t icmp6_code; + uint16_t icmp6_cksum; + union { + uint32_t icmp6_un_data32[1]; + uint16_t icmp6_un_data16[2]; + uint8_t icmp6_un_data8[4]; + } icmp6_dataun; +}; +#define ICMP6_DST_UNREACH_NOROUTE 0 +#define ICMP6_DST_UNREACH 1 +#define ICMP6_DST_UNREACH_ADDR 3 +#define ND_NEIGHBOR_SOLICIT 135 +#define ND_NEIGHBOR_ADVERT 136 + +struct nd_neighbor_solicit { + struct icmp6_hdr nd_ns_hdr; + struct in6_addr nd_ns_target; +}; +#define ND_OPT_SOURCE_LINKADDR 1 +#define ND_OPT_TARGET_LINKADDR 2 + +struct nd_opt_hdr { + uint8_t nd_opt_type; + uint8_t nd_opt_len; +}; +#endif + +#endif /* __TINC_IPV6_H__ */ From 71f8124ea49f2a0e00e0cedbb1b76e49e9f1425d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 7 Jul 2003 11:50:52 +0000 Subject: [PATCH 754/923] More missing definitions. --- lib/Makefile.am | 4 ++-- lib/ipv6.h | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/Makefile.am b/lib/Makefile.am index 369042e3..35e1baf6 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,5 +1,5 @@ ## Process this file with automake to produce Makefile.in -# $Id: Makefile.am,v 1.2.4.11 2002/09/04 23:05:49 guus Exp $ +# $Id: Makefile.am,v 1.2.4.12 2003/07/07 11:50:52 guus Exp $ noinst_LIBRARIES = libvpn.a @@ -10,6 +10,6 @@ libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c avl_tre libvpn_a_LIBADD = @LIBOBJS@ @ALLOCA@ libvpn_a_DEPENDENCIES = $(libvpn_a_LIBADD) -noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h avl_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h gettext.h +noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h avl_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h gettext.h ipv6.h EXTRA_DIST = diff --git a/lib/ipv6.h b/lib/ipv6.h index 1e4b873f..8851d6d2 100644 --- a/lib/ipv6.h +++ b/lib/ipv6.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ipv6.h,v 1.1.2.1 2003/07/07 11:13:31 guus Exp $ + $Id: ipv6.h,v 1.1.2.2 2003/07/07 11:50:52 guus Exp $ */ #ifndef __TINC_IPV6_H__ @@ -74,6 +74,12 @@ struct ip6_hdr { struct in6_addr ip6_src; struct in6_addr ip6_dst; }; +#define ip6_vfc ip6_ctlun.ip6_un2_vfc +#define ip6_flow ip6_ctlun.ip6_un1.ip6_un1_flow +#define ip6_plen ip6_ctlun.ip6_un1.ip6_un1_plen +#define ip6_nxt ip6_ctlun.ip6_un1.ip6_un1_nxt +#define ip6_hlim ip6_ctlun.ip6_un1.ip6_un1_hlim +#define ip6_hops ip6_ctlun.ip6_un1.ip6_un1_hlim struct icmp6_hdr { uint8_t icmp6_type; From 2a7f11c0e90f5f0465bbc3c75de715454066ff72 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 11 Jul 2003 16:13:00 +0000 Subject: [PATCH 755/923] More missing IPv6 definitions and autoconf checks to make sure it compiles under Solaris 2.6. --- configure.in | 4 +- lib/fake-getaddrinfo.c | 5 +- lib/ipv6.h | 9 +- po/nl.po | 484 ++++++++++++++++++++--------------------- src/conf.c | 12 +- src/net.h | 4 +- src/process.c | 7 +- 7 files changed, 265 insertions(+), 260 deletions(-) diff --git a/configure.in b/configure.in index 41c1aaf9..a51bd296 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.65 2003/07/07 11:11:33 guus Exp $ +dnl $Id: configure.in,v 1.13.2.66 2003/07/11 16:12:58 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -127,7 +127,7 @@ AC_CHECK_FUNC(gethostbyname, [], [ AC_CHECK_LIB(nsl, gethostbyname) ]) -AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo]) +AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo inet_aton]) AC_CACHE_SAVE diff --git a/lib/fake-getaddrinfo.c b/lib/fake-getaddrinfo.c index d831732d..5e95a2a2 100644 --- a/lib/fake-getaddrinfo.c +++ b/lib/fake-getaddrinfo.c @@ -13,8 +13,9 @@ #include #include -#include #include +#include +#include #include #include @@ -97,12 +98,14 @@ int getaddrinfo(const char *hostname, const char *servname, return EAI_MEMORY; } +#ifdef HAVE_INET_ATON if (inet_aton(hostname, &in)) { if (NULL != (*res = malloc_ai(port, in.s_addr))) return 0; else return EAI_MEMORY; } +#endif hp = gethostbyname(hostname); if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { diff --git a/lib/ipv6.h b/lib/ipv6.h index 8851d6d2..c04ada25 100644 --- a/lib/ipv6.h +++ b/lib/ipv6.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ipv6.h,v 1.1.2.2 2003/07/07 11:50:52 guus Exp $ + $Id: ipv6.h,v 1.1.2.3 2003/07/11 16:12:59 guus Exp $ */ #ifndef __TINC_IPV6_H__ @@ -60,6 +60,13 @@ struct sockaddr_in6 { }; #endif +#ifndef IN6_IS_ADDR_V4MAPPED +#define IN6_IS_ADDR_V4MAPPED(a) \ + ((((__const uint32_t *) (a))[0] == 0) \ + && (((__const uint32_t *) (a))[1] == 0) \ + && (((__const uint32_t *) (a))[2] == htonl (0xffff))) +#endif + #ifndef HAVE_NETINET_IP6_H struct ip6_hdr { union { diff --git a/po/nl.po b/po/nl.po index da4bf6f9..cecd3109 100644 --- a/po/nl.po +++ b/po/nl.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2003-06-11 22:14+0200\n" +"POT-Creation-Date: 2003-07-07 13:41+0200\n" "PO-Revision-Date: 2003-05-06 23:10+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -14,30 +14,30 @@ msgstr "" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -#: src/conf.c:175 +#: src/conf.c:173 #, c-format msgid "\"yes\" or \"no\" expected for configuration variable %s in %s line %d" msgstr "" "\"ja\" of \"nee\" verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:191 +#: src/conf.c:189 #, c-format msgid "Integer expected for configuration variable %s in %s line %d" msgstr "Geheel getal verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:225 +#: src/conf.c:223 #, c-format msgid "" "Hostname or IP address expected for configuration variable %s in %s line %d" msgstr "" "Hostnaam of IP adres verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:243 +#: src/conf.c:241 #, c-format msgid "Subnet expected for configuration variable %s in %s line %d" msgstr "Subnet verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:254 +#: src/conf.c:252 #, c-format msgid "" "Network address and prefix length do not match for configuration variable %s " @@ -46,69 +46,69 @@ msgstr "" "Netwerk adres en prefix lengte komen niet overeen bij configuratievariabele %" "s in %s regel %d" -#: src/conf.c:353 +#: src/conf.c:351 #, c-format msgid "Cannot open config file %s: %s" msgstr "Kan configuratie bestand %s niet openen: %s" -#: src/conf.c:391 +#: src/conf.c:389 #, c-format msgid "No value for variable `%s' on line %d while reading config file %s" msgstr "" "Geen waarde voor variabele `%s' op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/conf.c:426 +#: src/conf.c:424 #, c-format msgid "Failed to read `%s': %s" msgstr "Lezen van `%s' mislukte: %s" -#: src/conf.c:453 +#: src/conf.c:451 #, c-format msgid "`%s' is not an absolute path" msgstr "`%s' is geen absoluut pad" -#: src/conf.c:469 src/conf.c:497 +#: src/conf.c:467 src/conf.c:495 #, c-format msgid "Couldn't stat `%s': %s" msgstr "Kon `%s' niet statten: %s" -#: src/conf.c:474 src/conf.c:505 +#: src/conf.c:472 src/conf.c:503 #, c-format msgid "`%s' is owned by UID %d instead of %d" msgstr "`%s' is eigendom van UID %d in plaats van %d" -#: src/conf.c:480 src/conf.c:511 +#: src/conf.c:478 src/conf.c:509 #, c-format msgid "Warning: `%s' is a symlink" msgstr "Waarschuwing: `%s' is een symbolische link" -#: src/conf.c:483 src/conf.c:514 +#: src/conf.c:481 src/conf.c:512 #, c-format msgid "Unable to read symbolic link `%s': %s" msgstr "Kan symbolische link `%s' niet lezen: %s" -#: src/conf.c:525 +#: src/conf.c:523 #, c-format msgid "`%s' has unsecure permissions" msgstr "`%s' heeft onveilige permissies" -#: src/conf.c:547 +#: src/conf.c:545 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "Geef een bestand om de %s naar de schrijven [%s]: " -#: src/conf.c:554 +#: src/conf.c:552 #, c-format msgid "Error while reading stdin: %s\n" msgstr "Fout tijdens lezen van standaardinvoer: %s\n" -#: src/conf.c:582 +#: src/conf.c:580 #, c-format msgid "Error opening file `%s': %s\n" msgstr "Fout bij het openen van het bestand `%s': %s\n" -#: src/conf.c:590 +#: src/conf.c:588 #, c-format msgid "" "The file `%s' (or any of the leading directories) has unsafe permissions.\n" @@ -139,193 +139,193 @@ msgstr " %s op %s opties %lx socket %d status %04x" msgid "End of connections." msgstr "Einde van verbindingen." -#: src/meta.c:52 +#: src/meta.c:51 #, c-format msgid "Sending %d bytes of metadata to %s (%s)" msgstr "Verzenden van %d bytes metadata naar %s (%s)" -#: src/meta.c:67 +#: src/meta.c:66 #, c-format msgid "Sending meta data to %s (%s) failed: %s" msgstr "Fout tijdens verzenden metadata naar %s (%s): %s" -#: src/meta.c:105 +#: src/meta.c:104 #, c-format msgid "This is a bug: %s:%d: %d:%s %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%s %s (%s)" -#: src/meta.c:111 +#: src/meta.c:110 #, c-format msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s): %s" -#: src/meta.c:130 +#: src/meta.c:128 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:135 +#: src/meta.c:133 #, c-format msgid "Metadata socket read error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" -#: src/meta.c:198 +#: src/meta.c:196 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:98 +#: src/net.c:94 msgid "Purging unreachable nodes" msgstr "Verwijderen onbereikbare nodes" -#: src/net.c:106 +#: src/net.c:101 #, c-format msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:188 +#: src/net.c:182 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:242 +#: src/net.c:235 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:251 +#: src/net.c:244 #, c-format msgid "Old connection_t for %s (%s) status %04x still lingering, deleting..." msgstr "" "Oude connection_t voor %s (%s) status %04x nog steeds aanwezig, wordt " "verwijderd..." -#: src/net.c:257 +#: src/net.c:249 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:300 +#: src/net.c:291 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:353 +#: src/net.c:344 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:385 +#: src/net.c:375 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:401 +#: src/net.c:391 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:425 +#: src/net.c:415 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." -#: src/net_packet.c:153 +#: src/net_packet.c:136 +#, c-format +msgid "Received packet of %d bytes from %s (%s)" +msgstr "Ontvangst pakket van %d bytes van %s (%s)" + +#: src/net_packet.c:162 #, c-format msgid "Got unauthenticated packet from %s (%s)" msgstr "Kreeg niet-geauthenticeerd pakket van %s (%s)" -#: src/net_packet.c:183 +#: src/net_packet.c:191 #, c-format msgid "Lost %d packets from %s (%s)" msgstr "%d pakketten van %s (%s) verloren" -#: src/net_packet.c:189 +#: src/net_packet.c:197 #, c-format msgid "Got late or replayed packet from %s (%s), seqno %d, last received %d" msgstr "" "Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d, laatste ontvangen %d" -#: src/net_packet.c:209 +#: src/net_packet.c:217 #, c-format msgid "Error while uncompressing packet from %s (%s)" msgstr "Fout tijdens decomprimeren pakket van %s (%s)" -#: src/net_packet.c:237 -#, c-format -msgid "Received packet of %d bytes from %s (%s)" -msgstr "Ontvangst pakket van %d bytes van %s (%s)" - -#: src/net_packet.c:263 +#: src/net_packet.c:259 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net_packet.c:293 +#: src/net_packet.c:289 #, c-format msgid "Error while compressing packet to %s (%s)" msgstr "Fout tijdens comprimeren pakket naar %s (%s)" -#: src/net_packet.c:345 +#: src/net_packet.c:340 #, c-format msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" -#: src/net_packet.c:348 src/net_setup.c:485 src/net_socket.c:110 -#: src/net_socket.c:157 src/net_socket.c:187 src/tincd.c:381 src/process.c:265 -#: src/process.c:295 +#: src/net_packet.c:342 src/net_setup.c:484 src/net_socket.c:110 +#: src/net_socket.c:157 src/net_socket.c:187 src/tincd.c:392 src/process.c:263 +#: src/process.c:291 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" -#: src/net_packet.c:354 +#: src/net_packet.c:348 #, c-format msgid "Error sending packet to %s (%s): %s" msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net_packet.c:372 +#: src/net_packet.c:365 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net_packet.c:377 +#: src/net_packet.c:369 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net_packet.c:384 +#: src/net_packet.c:374 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net_packet.c:393 +#: src/net_packet.c:382 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net_packet.c:413 +#: src/net_packet.c:401 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net_packet.c:431 +#: src/net_packet.c:418 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:452 +#: src/net_packet.c:439 #, c-format msgid "This is a bug: %s:%d: %d:%s" msgstr "Dit is een programmeerfout: %s:%d: %d:%s" -#: src/net_packet.c:459 +#: src/net_packet.c:446 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net_packet.c:466 +#: src/net_packet.c:453 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:476 +#: src/net_packet.c:463 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" @@ -387,36 +387,36 @@ msgstr "Onzinnige maximum timeout!" msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:386 +#: src/net_setup.c:385 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:421 +#: src/net_setup.c:420 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:435 +#: src/net_setup.c:434 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:438 +#: src/net_setup.c:437 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:453 +#: src/net_setup.c:452 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:507 +#: src/net_setup.c:506 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:518 +#: src/net_setup.c:517 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:520 +#: src/net_setup.c:519 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" @@ -449,279 +449,279 @@ msgstr "Aanmaak UDP socket mislukte: %s" msgid "Can't bind to %s/udp: %s" msgstr "Kan niet aan %s/udp binden: %s" -#: src/net_socket.c:241 +#: src/net_socket.c:240 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net_socket.c:250 +#: src/net_socket.c:248 #, c-format msgid "Connected to %s (%s)" msgstr "Verbonden met %s (%s)" -#: src/net_socket.c:268 +#: src/net_socket.c:265 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net_socket.c:304 +#: src/net_socket.c:300 #, c-format msgid "Trying to connect to %s (%s)" msgstr "Poging tot verbinden met %s (%s)" -#: src/net_socket.c:311 +#: src/net_socket.c:306 #, c-format msgid "Creating socket for %s failed: %s" msgstr "Aanmaken socket voor %s mislukt: %s" -#: src/net_socket.c:334 +#: src/net_socket.c:329 #, c-format msgid "fcntl for %s: %s" msgstr "fcntl voor %s: %s" -#: src/net_socket.c:350 +#: src/net_socket.c:344 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/net_socket.c:372 +#: src/net_socket.c:365 #, c-format msgid "Already connected to %s" msgstr "Reeds verbonden met %s" -#: src/net_socket.c:391 +#: src/net_socket.c:384 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net_socket.c:421 +#: src/net_socket.c:414 #, c-format msgid "Accepting a new connection failed: %s" msgstr "Aanname van nieuwe verbinding is mislukt: %s" -#: src/net_socket.c:440 +#: src/net_socket.c:432 #, c-format msgid "Connection from %s" msgstr "Verbinding van %s" -#: src/net_socket.c:464 +#: src/net_socket.c:456 #, c-format msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" -#: src/netutl.c:71 src/netutl.c:97 +#: src/netutl.c:70 src/netutl.c:95 #, c-format msgid "Error looking up %s port %s: %s\n" msgstr "Fout bij het opzoeken van %s poort %s: %s\n" -#: src/netutl.c:122 +#: src/netutl.c:120 #, c-format msgid "Error while translating addresses: %s" msgstr "Fout tijdens vertalen adressen: %s" -#: src/netutl.c:150 +#: src/netutl.c:148 #, c-format msgid "Error while looking up hostname: %s" msgstr "Fout bij het opzoeken van hostnaam: %s" -#: src/netutl.c:154 +#: src/netutl.c:152 #, c-format msgid "%s port %s" msgstr "%s poort %s" -#: src/netutl.c:191 +#: src/netutl.c:189 #, c-format msgid "sockaddrcmp() was called with unknown address family %d, exitting!" msgstr "" "sockaddrcmp() werd aangeroepen met onbekende adresfamilie %d, beëindigen!" -#: src/protocol.c:77 +#: src/protocol.c:98 #, c-format msgid "Output buffer overflow while sending request to %s (%s)" msgstr "Uitvoer buffer overvol tijdens zenden verzoek naar %s (%s)" -#: src/protocol.c:85 +#: src/protocol.c:106 #, c-format msgid "Sending %s to %s (%s): %s" msgstr "Verzending %s naar %s (%s): %s" -#: src/protocol.c:88 +#: src/protocol.c:109 #, c-format msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:110 +#: src/protocol.c:131 #, c-format msgid "Forwarding %s from %s (%s): %s" msgstr "Doorsturen %s van %s (%s): %s" -#: src/protocol.c:114 +#: src/protocol.c:135 #, c-format msgid "Forwarding %s from %s (%s)" msgstr "Doorsturen %s van %s (%s)" -#: src/protocol.c:132 +#: src/protocol.c:153 #, c-format msgid "Unknown request from %s (%s): %s" msgstr "Onbekend verzoek van %s (%s): %s" -#: src/protocol.c:135 +#: src/protocol.c:156 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:142 +#: src/protocol.c:163 #, c-format msgid "Got %s from %s (%s): %s" msgstr "Kreeg %s van %s (%s): %s" -#: src/protocol.c:146 +#: src/protocol.c:167 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:152 +#: src/protocol.c:173 #, c-format msgid "Unauthorized request from %s (%s)" msgstr "Niet toegestaan verzoek van %s (%s)" -#: src/protocol.c:160 +#: src/protocol.c:181 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:165 +#: src/protocol.c:186 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:212 +#: src/protocol.c:232 msgid "Already seen request" msgstr "Verzoek reeds gezien" -#: src/protocol.c:242 +#: src/protocol.c:262 #, c-format msgid "Aging past requests: deleted %d, left %d\n" msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven\n" -#: src/protocol_auth.c:72 src/protocol_auth.c:228 src/protocol_auth.c:355 -#: src/protocol_auth.c:419 src/protocol_auth.c:524 src/protocol_edge.c:82 -#: src/protocol_edge.c:196 src/protocol_key.c:70 src/protocol_key.c:112 -#: src/protocol_key.c:176 src/protocol_misc.c:63 src/protocol_misc.c:94 -#: src/protocol_misc.c:188 src/protocol_subnet.c:71 src/protocol_subnet.c:162 +#: src/protocol_auth.c:68 src/protocol_auth.c:224 src/protocol_auth.c:351 +#: src/protocol_auth.c:415 src/protocol_auth.c:519 src/protocol_edge.c:82 +#: src/protocol_edge.c:193 src/protocol_key.c:70 src/protocol_key.c:112 +#: src/protocol_key.c:176 src/protocol_misc.c:75 src/protocol_misc.c:104 +#: src/protocol_misc.c:196 src/protocol_subnet.c:71 src/protocol_subnet.c:161 #, c-format msgid "Got bad %s from %s (%s)" msgstr "Kreeg verkeerde %s van %s (%s)" -#: src/protocol_auth.c:80 src/protocol_edge.c:90 src/protocol_edge.c:96 -#: src/protocol_edge.c:204 src/protocol_edge.c:210 src/protocol_subnet.c:79 -#: src/protocol_subnet.c:89 src/protocol_subnet.c:170 -#: src/protocol_subnet.c:191 +#: src/protocol_auth.c:76 src/protocol_edge.c:90 src/protocol_edge.c:96 +#: src/protocol_edge.c:201 src/protocol_edge.c:207 src/protocol_subnet.c:79 +#: src/protocol_subnet.c:89 src/protocol_subnet.c:169 +#: src/protocol_subnet.c:189 #, c-format msgid "Got bad %s from %s (%s): %s" msgstr "Kreeg verkeerde %s van %s (%s): %s" -#: src/protocol_auth.c:89 +#: src/protocol_auth.c:85 #, c-format msgid "Peer %s is %s instead of %s" msgstr "Ander %s is %s in plaats van %s" -#: src/protocol_auth.c:99 +#: src/protocol_auth.c:95 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt incompatibele versie %d" -#: src/protocol_auth.c:117 +#: src/protocol_auth.c:113 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft onbekende identiteit (%s)" -#: src/protocol_auth.c:176 +#: src/protocol_auth.c:172 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "Willekeurige meta sleutel aangemaakt (niet versleuteld): %s" -#: src/protocol_auth.c:188 src/protocol_auth.c:257 +#: src/protocol_auth.c:184 src/protocol_auth.c:253 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleutelen van meta key voor %s (%s)" -#: src/protocol_auth.c:238 src/protocol_auth.c:365 src/protocol_auth.c:427 -#: src/protocol_auth.c:445 +#: src/protocol_auth.c:234 src/protocol_auth.c:361 src/protocol_auth.c:423 +#: src/protocol_auth.c:441 #, c-format msgid "Possible intruder %s (%s): %s" msgstr "Mogelijke indringer %s (%s): %s" -#: src/protocol_auth.c:265 +#: src/protocol_auth.c:261 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Ontving willekeurige meta key (niet versleuteld): %s" -#: src/protocol_auth.c:276 +#: src/protocol_auth.c:272 #, c-format msgid "%s (%s) uses unknown cipher!" msgstr "%s (%s) gebruikt onbekende cipher!" -#: src/protocol_auth.c:296 src/protocol_key.c:243 +#: src/protocol_auth.c:292 src/protocol_key.c:243 #, c-format msgid "Node %s (%s) uses unknown digest!" msgstr "Node %s (%s) gebruikt onbekende digest!" -#: src/protocol_auth.c:301 +#: src/protocol_auth.c:297 #, c-format msgid "%s (%s) uses bogus MAC length!" msgstr "%s (%s) gebruikt onzinnige MAC lengte!" -#: src/protocol_auth.c:428 +#: src/protocol_auth.c:424 msgid "wrong challenge reply length" msgstr "verkeerde lengte antwoord op uitdaging" -#: src/protocol_auth.c:446 +#: src/protocol_auth.c:442 msgid "wrong challenge reply" msgstr "verkeerd antwoord op uitdaging" -#: src/protocol_auth.c:451 +#: src/protocol_auth.c:447 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwachtte antwoord op uitdaging: %s" -#: src/protocol_auth.c:541 +#: src/protocol_auth.c:535 #, c-format msgid "Established a second connection with %s (%s), closing old connection" msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" -#: src/protocol_auth.c:559 +#: src/protocol_auth.c:552 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol_edge.c:91 src/protocol_edge.c:97 src/protocol_edge.c:205 -#: src/protocol_edge.c:211 src/protocol_subnet.c:80 src/protocol_subnet.c:171 +#: src/protocol_edge.c:91 src/protocol_edge.c:97 src/protocol_edge.c:202 +#: src/protocol_edge.c:208 src/protocol_subnet.c:80 src/protocol_subnet.c:170 msgid "invalid name" msgstr "ongeldige naam" -#: src/protocol_edge.c:134 +#: src/protocol_edge.c:133 #, c-format msgid "Got %s from %s (%s) for ourself which does not match existing entry" msgstr "" "Kreeg %s van %s (%s) voor onszelf welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:140 +#: src/protocol_edge.c:138 #, c-format msgid "Got %s from %s (%s) which does not match existing entry" msgstr "Kreeg %s van %s (%s) welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:149 +#: src/protocol_edge.c:146 #, c-format msgid "Got %s from %s (%s) for ourself which does not exist" msgstr "Kreeg %s van %s (%s) voor onszelf welke niet bestaat" -#: src/protocol_edge.c:224 src/protocol_edge.c:233 src/protocol_edge.c:244 +#: src/protocol_edge.c:220 src/protocol_edge.c:228 src/protocol_edge.c:238 #, c-format msgid "Got %s from %s (%s) which does not appear in the edge tree" msgstr "Kreeg %s van %s (%s) welke niet voorkomt in de edge tree" -#: src/protocol_edge.c:251 src/protocol_subnet.c:118 src/protocol_subnet.c:218 +#: src/protocol_edge.c:244 src/protocol_subnet.c:117 src/protocol_subnet.c:214 #, c-format msgid "Got %s from %s (%s) for ourself" msgstr "Kreeg %s van %s (%s) voor onszelf" @@ -766,26 +766,26 @@ msgstr "Node %s (%s) gebruikt onzinnige MAC lengte!" msgid "Node %s (%s) uses bogus compression level!" msgstr "Node %s (%s) gebruikt onzinnig compressieniveau!" -#: src/protocol_misc.c:69 +#: src/protocol_misc.c:80 #, c-format msgid "Status message from %s (%s): %s: %s" msgstr "Statusmelding van %s (%s): %s: %s" -#: src/protocol_misc.c:100 +#: src/protocol_misc.c:109 #, c-format msgid "Error message from %s (%s): %s: %s" msgstr "Foutmelding van %s (%s): %s: %s" -#: src/protocol_subnet.c:90 src/protocol_subnet.c:192 +#: src/protocol_subnet.c:90 src/protocol_subnet.c:190 msgid "invalid subnet string" msgstr "ongeldige subnet string" -#: src/protocol_subnet.c:181 +#: src/protocol_subnet.c:179 #, c-format msgid "Got %s from %s (%s) for %s which is not in our node tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in de node boom" -#: src/protocol_subnet.c:209 +#: src/protocol_subnet.c:206 #, c-format msgid "Got %s from %s (%s) for %s which does not appear in his subnet tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in zijn subnet boom" @@ -814,12 +814,12 @@ msgstr " %s eigenaar %s" msgid "End of subnet list." msgstr "Einde van subnet lijst." -#: src/tincd.c:111 +#: src/tincd.c:116 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:114 +#: src/tincd.c:119 #, c-format msgid "" "Usage: %s [option]...\n" @@ -828,7 +828,8 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:115 +#: src/tincd.c:120 +#, fuzzy msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" @@ -837,6 +838,7 @@ msgid "" " -n, --net=NETNAME Connect to net NETNAME.\n" " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" " -L, --mlock Lock tinc into main memory.\n" +" -F, --logfile[=FILENAME] Write log entries to a logfile.\n" " --help Display this help and exit.\n" " --version Output version information and exit.\n" "\n" @@ -853,13 +855,13 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:124 +#: src/tincd.c:130 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:182 +#: src/tincd.c:188 #, c-format msgid "" "Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, " @@ -868,7 +870,7 @@ msgstr "" "Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, " "KILL, USR1, USR2, WINCH, INT of ALRM.\n" -#: src/tincd.c:201 +#: src/tincd.c:206 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" @@ -876,24 +878,24 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:268 +#: src/tincd.c:279 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:272 +#: src/tincd.c:283 msgid "Error during key generation!\n" msgstr "Fout tijdens genereren sleutel!\n" -#: src/tincd.c:275 +#: src/tincd.c:286 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:284 +#: src/tincd.c:295 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:290 src/tincd.c:303 +#: src/tincd.c:301 src/tincd.c:314 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -901,21 +903,21 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:297 +#: src/tincd.c:308 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:324 +#: src/tincd.c:337 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:353 +#: src/tincd.c:368 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:355 +#: src/tincd.c:370 msgid "" "Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -932,69 +934,69 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:385 +#: src/tincd.c:396 msgid "mlockall() not supported on this platform!" msgstr "mlockall() wordt niet ondersteund op dit platform!" -#: src/tincd.c:421 +#: src/tincd.c:420 msgid "Error initializing LZO compressor!" msgstr "Fout tijdens initialiseren LZO compressor!" -#: src/tincd.c:434 +#: src/tincd.c:433 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:438 +#: src/tincd.c:437 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:441 src/process.c:353 +#: src/tincd.c:440 src/process.c:347 msgid "Not restarting." msgstr "Geen herstart." -#: src/process.c:69 +#: src/process.c:70 #, c-format msgid "Memory exhausted (couldn't allocate %d bytes), exitting." msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." -#: src/process.c:101 +#: src/process.c:102 msgid "Terminating" msgstr "Beëindigen" -#: src/process.c:120 +#: src/process.c:121 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd draait al voor net `%s' met pid %d.\n" -#: src/process.c:123 +#: src/process.c:124 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met pid %d.\n" -#: src/process.c:147 +#: src/process.c:148 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:150 +#: src/process.c:151 msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:159 +#: src/process.c:160 #, c-format msgid "The tincd for net `%s' is no longer running. " msgstr "De tincd voor net `%s' draait niet meer. " -#: src/process.c:162 +#: src/process.c:163 msgid "The tincd is no longer running. " msgstr "De tincd draait niet meer. " -#: src/process.c:164 +#: src/process.c:165 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:191 +#: src/process.c:192 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" @@ -1004,68 +1006,63 @@ msgstr "Kon niet ontkoppelen van terminal: %s" msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:208 -#, c-format -msgid "tincd %s starting" -msgstr "tincd %s wordt gestart" - -#: src/process.c:238 +#: src/process.c:236 #, c-format msgid "Could not execute `%s': %s" msgstr "Kon `%s' niet uitvoeren: %s" -#: src/process.c:272 +#: src/process.c:269 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:279 +#: src/process.c:276 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:285 +#: src/process.c:282 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:290 +#: src/process.c:286 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:314 +#: src/process.c:309 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:322 +#: src/process.c:316 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:328 +#: src/process.c:322 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart." -#: src/process.c:337 +#: src/process.c:331 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:341 +#: src/process.c:335 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:361 +#: src/process.c:354 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:368 +#: src/process.c:361 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:373 +#: src/process.c:367 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1074,41 +1071,41 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:383 +#: src/process.c:376 msgid "Got ALRM signal" msgstr "Kreeg ALRM signaal" -#: src/process.c:408 +#: src/process.c:401 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:415 +#: src/process.c:407 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:470 +#: src/process.c:460 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:118 +#: src/route.c:133 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:152 +#: src/route.c:166 #, c-format msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" -#: src/route.c:262 +#: src/route.c:275 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:355 +#: src/route.c:366 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1117,19 +1114,19 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:409 +#: src/route.c:418 msgid "" "Cannot route packet: received unknown type neighbor solicitation request" msgstr "" "Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation " "verzoek" -#: src/route.c:428 +#: src/route.c:435 msgid "Cannot route packet: checksum error for neighbor solicitation request" msgstr "" "Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek" -#: src/route.c:438 +#: src/route.c:444 #, c-format msgid "" "Cannot route packet: neighbor solicitation request for unknown address %hx:%" @@ -1138,25 +1135,25 @@ msgstr "" "Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres %" "hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx" -#: src/route.c:519 +#: src/route.c:523 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:530 +#: src/route.c:532 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:588 +#: src/route.c:587 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" -#: src/node.c:175 +#: src/node.c:176 msgid "Nodes:" msgstr "Nodes:" -#: src/node.c:179 +#: src/node.c:180 #, c-format msgid "" " %s at %s cipher %d digest %d maclength %d compression %d options %lx status " @@ -1165,7 +1162,7 @@ msgstr "" " %s op %s cipher %d digest %d maclengte %d compressie %d opties %lx status %" "04x nexthop %s via %s" -#: src/node.c:186 +#: src/node.c:187 msgid "End of nodes." msgstr "Einde van nodes." @@ -1182,145 +1179,148 @@ msgstr " %s naar %s op %s opties %lx gewicht %d" msgid "End of edges." msgstr "Einde van edges." -#: src/graph.c:267 +#: src/graph.c:263 #, c-format msgid "Node %s (%s) became reachable" msgstr "Node %s (%s) werd bereikbaar" -#: src/graph.c:270 +#: src/graph.c:266 #, c-format msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" -#: src/linux/device.c:92 src/freebsd/device.c:68 src/solaris/device.c:72 -#: src/netbsd/device.c:72 src/openbsd/device.c:72 +#: src/linux/device.c:91 src/freebsd/device.c:67 src/solaris/device.c:71 +#: src/netbsd/device.c:71 src/openbsd/device.c:71 #, c-format msgid "Could not open %s: %s" msgstr "Kon `%s' niet openen: %s" -#: src/linux/device.c:103 +#: src/linux/device.c:102 msgid "Linux tun/tap device (tun mode)" msgstr "Linux tun/tap apparaat (tun modus)" -#: src/linux/device.c:107 +#: src/linux/device.c:106 msgid "Linux tun/tap device (tap mode)" msgstr "Linux tun/tap apparaat (tap modus)" -#: src/linux/device.c:117 +#: src/linux/device.c:116 #, c-format msgid "Old ioctl() request was needed for %s" msgstr "Oud ioctl() verzoek was nodig voor %s" -#: src/linux/device.c:125 +#: src/linux/device.c:124 msgid "Linux ethertap device" msgstr "Linux ethertap apparaat" -#: src/linux/device.c:130 src/freebsd/device.c:74 src/solaris/device.c:121 -#: src/netbsd/device.c:78 src/openbsd/device.c:78 +#: src/linux/device.c:129 src/freebsd/device.c:73 src/solaris/device.c:120 +#: src/netbsd/device.c:77 src/openbsd/device.c:77 #, c-format msgid "%s is a %s" msgstr "%s is een %s" -#: src/linux/device.c:157 src/linux/device.c:168 src/linux/device.c:179 -#: src/freebsd/device.c:97 src/solaris/device.c:140 src/netbsd/device.c:97 -#: src/openbsd/device.c:99 +#: src/linux/device.c:156 src/linux/device.c:167 src/linux/device.c:178 +#: src/freebsd/device.c:96 src/solaris/device.c:139 src/netbsd/device.c:96 +#: src/openbsd/device.c:98 #, c-format msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" -#: src/linux/device.c:191 src/freebsd/device.c:107 src/solaris/device.c:153 -#: src/netbsd/device.c:110 src/openbsd/device.c:129 +#: src/linux/device.c:189 src/freebsd/device.c:105 src/solaris/device.c:151 +#: src/netbsd/device.c:108 src/openbsd/device.c:125 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" -#: src/linux/device.c:203 src/freebsd/device.c:118 src/solaris/device.c:165 -#: src/netbsd/device.c:122 src/openbsd/device.c:145 +#: src/linux/device.c:199 src/freebsd/device.c:115 src/solaris/device.c:161 +#: src/netbsd/device.c:119 src/openbsd/device.c:140 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" -#: src/linux/device.c:210 src/linux/device.c:217 src/linux/device.c:226 -#: src/solaris/device.c:169 src/netbsd/device.c:126 src/openbsd/device.c:171 +#: src/linux/device.c:206 src/linux/device.c:213 src/linux/device.c:222 +#: src/solaris/device.c:165 src/netbsd/device.c:123 src/openbsd/device.c:165 #, c-format msgid "Can't write to %s %s: %s" msgstr "Kan niet schrijven naar %s %s: %s" -#: src/linux/device.c:242 src/freebsd/device.c:134 src/solaris/device.c:183 -#: src/netbsd/device.c:138 src/openbsd/device.c:183 +#: src/linux/device.c:238 src/freebsd/device.c:131 src/solaris/device.c:179 +#: src/netbsd/device.c:135 src/openbsd/device.c:177 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" -#: src/linux/device.c:243 src/freebsd/device.c:135 src/solaris/device.c:184 -#: src/netbsd/device.c:139 src/openbsd/device.c:184 +#: src/linux/device.c:239 src/freebsd/device.c:132 src/solaris/device.c:180 +#: src/netbsd/device.c:136 src/openbsd/device.c:178 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" -#: src/linux/device.c:244 src/freebsd/device.c:136 src/solaris/device.c:185 -#: src/netbsd/device.c:140 src/openbsd/device.c:185 +#: src/linux/device.c:240 src/freebsd/device.c:133 src/solaris/device.c:181 +#: src/netbsd/device.c:137 src/openbsd/device.c:179 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" -#: src/freebsd/device.c:72 +#: src/freebsd/device.c:71 msgid "FreeBSD tap device" msgstr "FreeBSD tap apparaat" -#: src/freebsd/device.c:122 +#: src/freebsd/device.c:119 #, c-format msgid "Error while writing to %s %s: %s" msgstr "Fout tijdens schrijven naar %s %s: %s" -#: src/solaris/device.c:84 +#: src/solaris/device.c:83 #, c-format msgid "Could not open /dev/ip: %s" msgstr "Kon /dev/ip niet openen: %s" -#: src/solaris/device.c:90 +#: src/solaris/device.c:89 #, c-format msgid "Can't assign new interface: %s" msgstr "Kan geen nieuwe interface toekennen: %s" -#: src/solaris/device.c:95 +#: src/solaris/device.c:94 #, c-format msgid "Could not open %s twice: %s" msgstr "Kon `%s' niet twee keer openen: %s" -#: src/solaris/device.c:101 +#: src/solaris/device.c:100 #, c-format msgid "Can't push IP module: %s" msgstr "Kan IP module niet invoegen: %s" -#: src/solaris/device.c:107 +#: src/solaris/device.c:106 #, c-format msgid "Can't set PPA %d: %s" msgstr "Kon PPA %d niet instellen: %s" -#: src/solaris/device.c:112 +#: src/solaris/device.c:111 #, c-format msgid "Can't link TUN device to IP: %s" msgstr "Kan TUN apparaat niet koppelen aan IP: %s" -#: src/solaris/device.c:119 +#: src/solaris/device.c:118 msgid "Solaris tun device" msgstr "Solaris tun apparaat" -#: src/netbsd/device.c:76 +#: src/netbsd/device.c:75 msgid "NetBSD tun device" msgstr "NetBSD tun apparaat" -#: src/openbsd/device.c:76 +#: src/openbsd/device.c:75 msgid "OpenBSD tun device" msgstr "OpenBSD tun apparaat" -#: src/openbsd/device.c:119 +#: src/openbsd/device.c:116 #, c-format msgid "Unknown address family %d while reading packet from %s %s" msgstr "Onbekende adresfamilie %d tijdens lezen pakket van %s %s" -#: src/openbsd/device.c:160 +#: src/openbsd/device.c:154 #, c-format msgid "Unknown address family %d while writing packet to %s %s" msgstr "Onbekende adresfamilie %d tijdens schrijven pakket naar %s %s" + +#~ msgid "tincd %s starting" +#~ msgstr "tincd %s wordt gestart" diff --git a/src/conf.c b/src/conf.c index 09e72a5b..75d7ebec 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.63 2003/07/06 23:16:28 guus Exp $ + $Id: conf.c,v 1.9.4.64 2003/07/11 16:12:59 guus Exp $ */ #include "config.h" @@ -429,16 +429,6 @@ int read_server_config() return x; } -static int isadir(const char *f) -{ - struct stat s; - - if(stat(f, &s) < 0) - return 0; - else - return S_ISDIR(s.st_mode); -} - int is_safe_path(const char *file) { char *p; diff --git a/src/net.h b/src/net.h index 2a1e79ef..142d867e 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.61 2003/07/07 11:11:33 guus Exp $ + $Id: net.h,v 1.9.4.62 2003/07/11 16:13:00 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -35,6 +35,8 @@ #include #endif +#include "utils.h" + #ifdef ENABLE_JUMBOGRAMS #define MTU 9014 /* 9000 bytes payload + 14 bytes ethernet header */ #else diff --git a/src/process.c b/src/process.c index 45acc5c2..46d6067f 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.52 2003/07/06 23:16:28 guus Exp $ + $Id: process.c,v 1.1.2.53 2003/07/11 16:13:00 guus Exp $ */ #include "config.h" @@ -287,11 +287,14 @@ int execute_script(const char *name, char **envp) name); return -1; } - } else { + } else if (errno != EINTR) { logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "waitpid", strerror(errno)); return -1; } + + /* Why do we get EINTR? */ + return 0; } /* Child here */ From 5db596c6844169f1eb5f804b72abe99d067aaa5a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 12 Jul 2003 17:41:48 +0000 Subject: [PATCH 756/923] Simplify logging, update copyrights and some minor cleanups. --- THANKS | 3 +- doc/sample-config/tinc-up | 11 ++----- doc/sample-config/tinc.conf | 5 +--- doc/tinc.texi | 10 +++---- lib/avl_tree.h | 2 +- lib/dropin.c | 2 +- lib/dropin.h | 2 +- lib/fake-gai-errnos.h | 2 +- lib/fake-getnameinfo.h | 2 +- lib/gettext.h | 2 +- lib/list.c | 2 +- src/conf.c | 42 +++++++++++++------------- src/conf.h | 6 ++-- src/connection.c | 12 ++++---- src/connection.h | 6 ++-- src/cygwin/device.c | 24 +++++++-------- src/darwin/device.c | 31 ++++++++----------- src/device.h | 6 ++-- src/edge.c | 12 ++++---- src/edge.h | 6 ++-- src/event.c | 6 ++-- src/event.h | 6 ++-- src/freebsd/device.c | 31 ++++++++----------- src/graph.c | 21 ++++++------- src/graph.h | 6 ++-- src/linux/device.c | 41 +++++++++++-------------- src/logger.c | 12 ++++++-- src/logger.h | 16 ++-------- src/meta.c | 20 ++++++------- src/meta.h | 6 ++-- src/net.c | 28 ++++++++--------- src/net.h | 6 ++-- src/net_packet.c | 46 ++++++++++++++-------------- src/net_setup.c | 52 ++++++++++++++++---------------- src/net_socket.c | 50 +++++++++++++++---------------- src/netbsd/device.c | 27 ++++++++--------- src/netutl.c | 16 +++++----- src/netutl.h | 6 ++-- src/node.c | 12 ++++---- src/node.h | 6 ++-- src/openbsd/device.c | 31 +++++++++---------- src/process.c | 60 ++++++++++++++++++++----------------- src/process.h | 6 ++-- src/protocol.c | 44 +++++++++++++-------------- src/protocol_auth.c | 58 +++++++++++++++++------------------ src/protocol_edge.c | 32 ++++++++++---------- src/protocol_key.c | 32 ++++++++++---------- src/protocol_misc.c | 36 ++++++++-------------- src/protocol_subnet.c | 14 ++++----- src/raw_socket/device.c | 35 +++++++++------------- src/route.c | 26 ++++++++-------- src/route.h | 6 ++-- src/solaris/device.c | 36 +++++++++++----------- src/subnet.c | 16 +++++----- src/tincd.c | 22 +++++++------- 55 files changed, 501 insertions(+), 555 deletions(-) diff --git a/THANKS b/THANKS index 9eef8a57..cbdc5a52 100644 --- a/THANKS +++ b/THANKS @@ -23,8 +23,9 @@ We would like to thank * Ivo van Dong (for help during the early versions of tinc) * Jeroen Ubbink (for help testing tinc on Free- and NetBSD) * LarstiQ (for help testing tinc on MacOS/X) - * Marc A. Lehmann (for bitching and valid criticism) + * Marc A. Lehmann (for criticism) * Teemu Kiviniemi (for his lzo compression patch) + * Flynn Marquardt (for help testing tinc on Solaris 2.6) for their help, support and ideas. Thank you guys! diff --git a/doc/sample-config/tinc-up b/doc/sample-config/tinc-up index 739afd81..2d8b4d6b 100644 --- a/doc/sample-config/tinc-up +++ b/doc/sample-config/tinc-up @@ -2,17 +2,10 @@ # This file sets up the tap device. # It gives you the freedom to do anything you want with it. # Use the correct name for the tap device: -# For the Linux tun/tap device $INTERFACE is set to the right name, -# but for ethertap and FreeBSD this is tap0, tap1, tap2 etcetera, -# for Solaris and OpenBSD it is tun0, tun1, etcetera. - -# Set hardware ethernet address, needed on Linux when in router mode -ifconfig $INTERFACE hw ether fe:fd:0:0:0:0 +# The environment variable $INTERFACE is set to the right name +# on most platforms, but if it doesn't work try to set it manually. # Give it the right ip and netmask. Remember, the subnet of the # tap device must be larger than that of the individual Subnets # as defined in the host configuration file! ifconfig $INTERFACE 192.168.1.1 netmask 255.255.0.0 - -# Disable ARP, needed on Linux when in router mode -ifconfig $INTERFACE -arp diff --git a/doc/sample-config/tinc.conf b/doc/sample-config/tinc.conf index 0307e75b..25a61a72 100644 --- a/doc/sample-config/tinc.conf +++ b/doc/sample-config/tinc.conf @@ -15,11 +15,8 @@ Name = alpha # May be used multiple times for redundance. ConnectTo = beta -# The tap device tinc will use. Required. +# The tap device tinc will use. # Default is /dev/tap0 for ethertap or FreeBSD, # /dev/tun0 for Solaris and OpenBSD, # and /dev/net/tun for Linux tun/tap device. Device = /dev/net/tun - -# The file in which the private key for this host is stored. Required. -PrivateKeyFile = /etc/tinc/example/rsa_key.priv diff --git a/doc/tinc.texi b/doc/tinc.texi index 838226bc..5015ac4a 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.37 2003/06/12 11:08:40 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.38 2003/07/12 17:41:45 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -14,11 +14,11 @@ This is the info manual for tinc, a Virtual Private Network daemon. -Copyright @copyright{} 1998-2002 Ivo Timmermans +Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.37 2003/06/12 11:08:40 guus Exp $ +$Id: tinc.texi,v 1.8.4.38 2003/07/12 17:41:45 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -39,11 +39,11 @@ permission notice identical to this one. @page @vskip 0pt plus 1filll @cindex copyright -Copyright @copyright{} 1998-2002 Ivo Timmermans +Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.37 2003/06/12 11:08:40 guus Exp $ +$Id: tinc.texi,v 1.8.4.38 2003/07/12 17:41:45 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are diff --git a/lib/avl_tree.h b/lib/avl_tree.h index f4eddaa3..9a531ad9 100644 --- a/lib/avl_tree.h +++ b/lib/avl_tree.h @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.h,v 1.1.2.7 2002/09/09 22:32:27 guus Exp $ + $Id: avl_tree.h,v 1.1.2.8 2003/07/12 17:41:45 guus Exp $ */ diff --git a/lib/dropin.c b/lib/dropin.c index 22bc812f..2dd09108 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.12 2002/09/09 21:49:16 guus Exp $ + $Id: dropin.c,v 1.1.2.13 2003/07/12 17:41:45 guus Exp $ */ #include "config.h" diff --git a/lib/dropin.h b/lib/dropin.h index 0d10c367..b26a86dc 100644 --- a/lib/dropin.h +++ b/lib/dropin.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.h,v 1.1.2.9 2002/09/09 21:49:16 guus Exp $ + $Id: dropin.h,v 1.1.2.10 2003/07/12 17:41:45 guus Exp $ */ #ifndef __DROPIN_H__ diff --git a/lib/fake-gai-errnos.h b/lib/fake-gai-errnos.h index 8edab9ef..fc65fa74 100644 --- a/lib/fake-gai-errnos.h +++ b/lib/fake-gai-errnos.h @@ -5,7 +5,7 @@ * See getaddrinfo.c and getnameinfo.c. */ -/* $Id: fake-gai-errnos.h,v 1.1.2.1 2002/07/12 11:45:21 guus Exp $ */ +/* $Id: fake-gai-errnos.h,v 1.1.2.2 2003/07/12 17:41:45 guus Exp $ */ /* for old netdb.h */ #ifndef EAI_NODATA diff --git a/lib/fake-getnameinfo.h b/lib/fake-getnameinfo.h index 3f215e1b..20889a6e 100644 --- a/lib/fake-getnameinfo.h +++ b/lib/fake-getnameinfo.h @@ -1,4 +1,4 @@ -/* $Id: fake-getnameinfo.h,v 1.1.2.1 2002/07/12 11:45:21 guus Exp $ */ +/* $Id: fake-getnameinfo.h,v 1.1.2.2 2003/07/12 17:41:45 guus Exp $ */ #ifndef _FAKE_GETNAMEINFO_H #define _FAKE_GETNAMEINFO_H diff --git a/lib/gettext.h b/lib/gettext.h index 2b9a16df..a9074031 100644 --- a/lib/gettext.h +++ b/lib/gettext.h @@ -1,5 +1,5 @@ /* Convenience header for conditional use of GNU . - Copyright (C) 1995-1998, 2000-2002 Free Software Foundation, Inc. + Copyright (C) 1995-1998, 2000-2003 Free Software Foundation, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published diff --git a/lib/list.c b/lib/list.c index 4c4a3f62..699b27e4 100644 --- a/lib/list.c +++ b/lib/list.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.13 2002/09/09 22:32:27 guus Exp $ + $Id: list.c,v 1.1.2.14 2003/07/12 17:41:45 guus Exp $ */ #include "config.h" diff --git a/src/conf.c b/src/conf.c index 75d7ebec..b6d2b0af 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1,8 +1,8 @@ /* conf.c -- configuration code Copyright (C) 1998 Robert van der Meulen - 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + 1998-2003 Ivo Timmermans + 2000-2003 Guus Sliepen 2000 Cris van Pelt This program is free software; you can redistribute it and/or modify @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.64 2003/07/11 16:12:59 guus Exp $ + $Id: conf.c,v 1.9.4.65 2003/07/12 17:41:45 guus Exp $ */ #include "config.h" @@ -170,7 +170,7 @@ int get_config_bool(config_t *cfg, int *result) return 1; } - logger(DEBUG_ALWAYS, LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"), + logger(LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); return 0; @@ -186,7 +186,7 @@ int get_config_int(config_t *cfg, int *result) if(sscanf(cfg->value, "%d", result) == 1) return 1; - logger(DEBUG_ALWAYS, LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), + logger(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); return 0; @@ -220,7 +220,7 @@ int get_config_address(config_t *cfg, struct addrinfo **result) return 1; } - logger(DEBUG_ALWAYS, LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"), + logger(LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); return 0; @@ -238,7 +238,7 @@ int get_config_subnet(config_t *cfg, subnet_t ** result) subnet = str2net(cfg->value); if(!subnet) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"), + logger(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); return 0; } @@ -249,7 +249,7 @@ int get_config_subnet(config_t *cfg, subnet_t ** result) && maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) || ((subnet->type == SUBNET_IPV6) && maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) { - logger(DEBUG_ALWAYS, LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"), + logger(LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); free(subnet); return 0; @@ -348,7 +348,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) fp = fopen(fname, "r"); if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Cannot open config file %s: %s"), fname, + logger(LOG_ERR, _("Cannot open config file %s: %s"), fname, strerror(errno)); return -3; } @@ -386,7 +386,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) value = strtok(NULL, "\t\n\r ="); if(!value || value[0] == '#') { - logger(DEBUG_ALWAYS, LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), + logger(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), variable, lineno, fname); break; } @@ -421,7 +421,7 @@ int read_server_config() x = read_config_file(config_tree, fname); if(x == -1) { /* System error: complain */ - logger(DEBUG_ALWAYS, LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno)); + logger(LOG_ERR, _("Failed to read `%s': %s"), fname, strerror(errno)); } free(fname); @@ -438,7 +438,7 @@ int is_safe_path(const char *file) char l[MAXBUFSIZE]; if(*file != '/') { - logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' is not an absolute path"), file); + logger(LOG_ERR, _("`%s' is not an absolute path"), file); return 0; } @@ -454,21 +454,21 @@ int is_safe_path(const char *file) check1: if(lstat(f, &s) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); + logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); return 0; } if(s.st_uid != geteuid()) { - logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' is owned by UID %d instead of %d"), + logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), f, s.st_uid, geteuid()); return 0; } if(S_ISLNK(s.st_mode)) { - logger(DEBUG_ALWAYS, LOG_WARNING, _("Warning: `%s' is a symlink"), f); + logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f); if(readlink(f, l, MAXBUFSIZE) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, + logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, strerror(errno)); return 0; } @@ -482,7 +482,7 @@ check1: check2: if(lstat(f, &s) < 0 && errno != ENOENT) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); + logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); return 0; } @@ -490,16 +490,16 @@ check2: return 1; if(s.st_uid != geteuid()) { - logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' is owned by UID %d instead of %d"), + logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), f, s.st_uid, geteuid()); return 0; } if(S_ISLNK(s.st_mode)) { - logger(DEBUG_ALWAYS, LOG_WARNING, _("Warning: `%s' is a symlink"), f); + logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f); if(readlink(f, l, MAXBUFSIZE) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, + logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, strerror(errno)); return 0; } @@ -510,7 +510,7 @@ check2: if(s.st_mode & 0007) { /* Accessible by others */ - logger(DEBUG_ALWAYS, LOG_ERR, _("`%s' has unsecure permissions"), f); + logger(LOG_ERR, _("`%s' has unsecure permissions"), f); return 0; } diff --git a/src/conf.h b/src/conf.h index 5dc4c930..76e38932 100644 --- a/src/conf.h +++ b/src/conf.h @@ -1,7 +1,7 @@ /* conf.h -- header for conf.c - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.37 2003/07/06 23:16:28 guus Exp $ + $Id: conf.h,v 1.6.4.38 2003/07/12 17:41:45 guus Exp $ */ #ifndef __TINC_CONF_H__ diff --git a/src/connection.c b/src/connection.c index adfe73b5..dbfe6d65 100644 --- a/src/connection.c +++ b/src/connection.c @@ -1,7 +1,7 @@ /* connection.c -- connection list management - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans + Copyright (C) 2000-2003 Guus Sliepen , + 2000-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.38 2003/07/06 23:16:28 guus Exp $ + $Id: connection.c,v 1.1.2.39 2003/07/12 17:41:45 guus Exp $ */ #include "config.h" @@ -124,15 +124,15 @@ void dump_connections(void) cp(); - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Connections:")); + logger(LOG_DEBUG, _("Connections:")); for(node = connection_tree->head; node; node = node->next) { c = (connection_t *) node->data; - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" %s at %s options %lx socket %d status %04x"), + logger(LOG_DEBUG, _(" %s at %s options %lx socket %d status %04x"), c->name, c->hostname, c->options, c->socket, c->status); } - logger(DEBUG_ALWAYS, LOG_DEBUG, _("End of connections.")); + logger(LOG_DEBUG, _("End of connections.")); } int read_connection_config(connection_t *c) diff --git a/src/connection.h b/src/connection.h index bcf0708d..30102f2c 100644 --- a/src/connection.h +++ b/src/connection.h @@ -1,7 +1,7 @@ /* connection.h -- header for connection.c - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans + Copyright (C) 2000-2003 Guus Sliepen , + 2000-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.32 2003/07/06 23:16:28 guus Exp $ + $Id: connection.h,v 1.1.2.33 2003/07/12 17:41:45 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ diff --git a/src/cygwin/device.c b/src/cygwin/device.c index e706d57f..19ca204c 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -1,7 +1,7 @@ /* device.c -- Stub for Cygwin environment - Copyright (C) 2002 Ivo Timmermans , - 2002 Guus Sliepen + Copyright (C) 2002-2003 Ivo Timmermans , + 2002-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.6 2003/07/06 22:11:33 guus Exp $ + $Id: device.c,v 1.1.2.7 2003/07/12 17:41:47 guus Exp $ */ #include "config.h" @@ -59,13 +59,13 @@ int setup_device(void) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } device_info = _("Stub device for Cygwin environment"); - logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); + logger(LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -84,7 +84,7 @@ int read_packet(vpn_packet_t *packet) cp(); if((lenin = read(device_fd, packet->data, MTU)) <= 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -93,7 +93,7 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); return 0; @@ -103,11 +103,11 @@ int write_packet(vpn_packet_t *packet) { cp(); - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); if(write(device_fd, packet->data, packet->len) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -121,7 +121,7 @@ void dump_device_stats(void) { cp(); - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/darwin/device.c b/src/darwin/device.c index c919de72..3da6726e 100644 --- a/src/darwin/device.c +++ b/src/darwin/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with MacOS/X tun device - Copyright (C) 2001-2002 Ivo Timmermans , - 2001-2002 Guus Sliepen + Copyright (C) 2001-2003 Ivo Timmermans , + 2001-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.7 2003/07/06 22:11:33 guus Exp $ + $Id: device.c,v 1.1.2.8 2003/07/12 17:41:47 guus Exp $ */ #include "config.h" @@ -50,9 +50,6 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -/* - open the local ethertap device -*/ int setup_device(void) { cp(); @@ -64,13 +61,13 @@ int setup_device(void) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } device_info = _("MacOS/X tun device"); - logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); + logger(LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -82,10 +79,6 @@ void close_device(void) close(device_fd); } -/* - read, encrypt and send data that is - available through the ethertap device -*/ int read_packet(vpn_packet_t *packet) { int lenin; @@ -93,7 +86,7 @@ int read_packet(vpn_packet_t *packet) cp(); if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -105,7 +98,7 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); return 0; @@ -115,11 +108,11 @@ int write_packet(vpn_packet_t *packet) { cp(); - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while writing to %s %s: %s"), device_info, + logger(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -131,7 +124,7 @@ void dump_device_stats(void) { cp(); - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/device.h b/src/device.h index 04225dd3..8c31d801 100644 --- a/src/device.h +++ b/src/device.h @@ -1,7 +1,7 @@ /* net.h -- generic header for device.c - Copyright (C) 2001-2002 Ivo Timmermans - 2001-2002 Guus Sliepen + Copyright (C) 2001-2003 Ivo Timmermans + 2001-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.h,v 1.1.2.7 2002/09/09 21:24:31 guus Exp $ + $Id: device.h,v 1.1.2.8 2003/07/12 17:41:45 guus Exp $ */ #ifndef __TINC_DEVICE_H__ diff --git a/src/edge.c b/src/edge.c index 88fbd1c0..3bceb004 100644 --- a/src/edge.c +++ b/src/edge.c @@ -1,7 +1,7 @@ /* edge.c -- edge tree management - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans + Copyright (C) 2000-2003 Guus Sliepen , + 2000-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.20 2003/07/06 23:16:28 guus Exp $ + $Id: edge.c,v 1.1.2.21 2003/07/12 17:41:45 guus Exp $ */ #include "config.h" @@ -154,18 +154,18 @@ void dump_edges(void) cp(); - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Edges:")); + logger(LOG_DEBUG, _("Edges:")); for(node = node_tree->head; node; node = node->next) { n = (node_t *) node->data; for(node2 = n->edge_tree->head; node2; node2 = node2->next) { e = (edge_t *) node2->data; address = sockaddr2hostname(&e->address); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" %s to %s at %s options %lx weight %d"), + logger(LOG_DEBUG, _(" %s to %s at %s options %lx weight %d"), e->from->name, e->to->name, address, e->options, e->weight); free(address); } } - logger(DEBUG_ALWAYS, LOG_DEBUG, _("End of edges.")); + logger(LOG_DEBUG, _("End of edges.")); } diff --git a/src/edge.h b/src/edge.h index 8e42385c..3fe8645a 100644 --- a/src/edge.h +++ b/src/edge.h @@ -1,7 +1,7 @@ /* edge.h -- header for edge.c - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans + Copyright (C) 2001-2003 Guus Sliepen , + 2001-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.12 2003/07/06 23:16:28 guus Exp $ + $Id: edge.h,v 1.1.2.13 2003/07/12 17:41:45 guus Exp $ */ #ifndef __TINC_EDGE_H__ diff --git a/src/event.c b/src/event.c index 5663170c..45961659 100644 --- a/src/event.c +++ b/src/event.c @@ -1,7 +1,7 @@ /* event.c -- event queue - Copyright (C) 2002 Guus Sliepen , - 2002 Ivo Timmermans + Copyright (C) 2002-2003 Guus Sliepen , + 2002-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.c,v 1.1.4.7 2003/07/06 23:16:28 guus Exp $ + $Id: event.c,v 1.1.4.8 2003/07/12 17:41:45 guus Exp $ */ #include "config.h" diff --git a/src/event.h b/src/event.h index ad31e15b..fb10c4a0 100644 --- a/src/event.h +++ b/src/event.h @@ -1,7 +1,7 @@ /* event.h -- header for event.c - Copyright (C) 2002 Guus Sliepen , - 2002 Ivo Timmermans + Copyright (C) 2002-2003 Guus Sliepen , + 2002-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.h,v 1.1.4.5 2003/07/06 23:16:28 guus Exp $ + $Id: event.h,v 1.1.4.6 2003/07/12 17:41:45 guus Exp $ */ #ifndef __TINC_EVENT_H__ diff --git a/src/freebsd/device.c b/src/freebsd/device.c index 91aa4611..2850fd6d 100644 --- a/src/freebsd/device.c +++ b/src/freebsd/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with FreeBSD tap device - Copyright (C) 2001-2002 Ivo Timmermans , - 2001-2002 Guus Sliepen + Copyright (C) 2001-2003 Ivo Timmermans , + 2001-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.10 2003/07/06 22:11:34 guus Exp $ + $Id: device.c,v 1.1.2.11 2003/07/12 17:41:47 guus Exp $ */ #include "config.h" @@ -50,9 +50,6 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -/* - open the local ethertap device -*/ int setup_device(void) { cp(); @@ -64,13 +61,13 @@ int setup_device(void) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } device_info = _("FreeBSD tap device"); - logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); + logger(LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -82,10 +79,6 @@ void close_device(void) close(device_fd); } -/* - read, encrypt and send data that is - available through the ethertap device -*/ int read_packet(vpn_packet_t *packet) { int lenin; @@ -93,7 +86,7 @@ int read_packet(vpn_packet_t *packet) cp(); if((lenin = read(device_fd, packet->data, MTU)) <= 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -102,7 +95,7 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); return 0; @@ -112,11 +105,11 @@ int write_packet(vpn_packet_t *packet) { cp(); - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); if(write(device_fd, packet->data, packet->len) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while writing to %s %s: %s"), device_info, + logger(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -128,7 +121,7 @@ void dump_device_stats(void) { cp(); - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/graph.c b/src/graph.c index cb064a12..3692f446 100644 --- a/src/graph.c +++ b/src/graph.c @@ -1,7 +1,7 @@ /* graph.c -- graph algorithms - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans + Copyright (C) 2001-2003 Guus Sliepen , + 2001-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.23 2003/07/06 22:11:31 guus Exp $ + $Id: graph.c,v 1.1.2.24 2003/07/12 17:41:45 guus Exp $ */ /* We need to generate two trees from the graph: @@ -95,7 +95,7 @@ void mst_kruskal(void) if(!edge_weight_tree->head) return; - logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Running Kruskal's algorithm:"); + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, "Running Kruskal's algorithm:"); /* Clear visited status on nodes */ @@ -131,7 +131,7 @@ void mst_kruskal(void) safe_edges++; - logger(DEBUG_SCARY_THINGS, LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name, + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, " Adding edge %s - %s weight %d", e->from->name, e->to->name, e->weight); if(skipped) { @@ -141,7 +141,7 @@ void mst_kruskal(void) } } - logger(DEBUG_SCARY_THINGS, LOG_DEBUG, "Done, counted %d nodes and %d safe edges.", nodes, + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, "Done, counted %d nodes and %d safe edges.", nodes, safe_edges); } @@ -259,12 +259,13 @@ void sssp_bfs(void) if(n->status.visited != n->status.reachable) { n->status.reachable = !n->status.reachable; - if(n->status.reachable) - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Node %s (%s) became reachable"), + if(n->status.reachable) { + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Node %s (%s) became reachable"), n->name, n->hostname); - else - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Node %s (%s) became unreachable"), + } else { + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Node %s (%s) became unreachable"), n->name, n->hostname); + } n->status.validkey = 0; n->status.waitingforkey = 0; diff --git a/src/graph.h b/src/graph.h index 372cbfbe..1b796406 100644 --- a/src/graph.h +++ b/src/graph.h @@ -1,7 +1,7 @@ /* graph.h -- header for graph.c - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans + Copyright (C) 2001-2003 Guus Sliepen , + 2001-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.h,v 1.1.2.4 2002/06/21 10:11:12 guus Exp $ + $Id: graph.h,v 1.1.2.5 2003/07/12 17:41:45 guus Exp $ */ extern void graph(void); diff --git a/src/linux/device.c b/src/linux/device.c index 686db6ab..f9105e65 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with Linux ethertap and tun/tap device - Copyright (C) 2001-2002 Ivo Timmermans , - 2001-2002 Guus Sliepen + Copyright (C) 2001-2003 Ivo Timmermans , + 2001-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.16 2003/07/06 22:11:35 guus Exp $ + $Id: device.c,v 1.1.2.17 2003/07/12 17:41:48 guus Exp $ */ #include "config.h" @@ -67,9 +67,6 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -/* - open the local ethertap device -*/ int setup_device(void) { struct ifreq ifr; @@ -88,7 +85,7 @@ int setup_device(void) device_fd = open(device, O_RDWR | O_NONBLOCK); if(device_fd < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } @@ -113,7 +110,7 @@ int setup_device(void) strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); interface = ifrname; } else if(!ioctl(device_fd, (('T' << 8) | 202), (void *) &ifr)) { - logger(DEBUG_ALWAYS, LOG_WARNING, _("Old ioctl() request was needed for %s"), device); + logger(LOG_WARNING, _("Old ioctl() request was needed for %s"), device); strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); interface = ifrname; } else @@ -126,7 +123,7 @@ int setup_device(void) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; } - logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); + logger(LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -138,10 +135,6 @@ void close_device(void) close(device_fd); } -/* - read, encrypt and send data that is - available through the ethertap device -*/ int read_packet(vpn_packet_t *packet) { int lenin; @@ -153,7 +146,7 @@ int read_packet(vpn_packet_t *packet) lenin = read(device_fd, packet->data + 10, MTU - 10); if(lenin <= 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -164,7 +157,7 @@ int read_packet(vpn_packet_t *packet) lenin = read(device_fd, packet->data, MTU); if(lenin <= 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -175,7 +168,7 @@ int read_packet(vpn_packet_t *packet) lenin = read(device_fd, packet->data - 2, MTU + 2); if(lenin <= 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -186,7 +179,7 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); return 0; @@ -196,21 +189,21 @@ int write_packet(vpn_packet_t *packet) { cp(); - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); switch(device_type) { case DEVICE_TYPE_TUN: packet->data[10] = packet->data[11] = 0; if(write(device_fd, packet->data + 10, packet->len - 10) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } break; case DEVICE_TYPE_TAP: if(write(device_fd, packet->data, packet->len) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -219,7 +212,7 @@ int write_packet(vpn_packet_t *packet) *(short int *)(packet->data - 2) = packet->len; if(write(device_fd, packet->data - 2, packet->len + 2) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -235,7 +228,7 @@ void dump_device_stats(void) { cp(); - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/logger.c b/src/logger.c index 8029565f..012f19d0 100644 --- a/src/logger.c +++ b/src/logger.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: logger.c,v 1.1.2.2 2003/07/06 23:16:28 guus Exp $ + $Id: logger.c,v 1.1.2.3 2003/07/12 17:41:45 guus Exp $ */ #include @@ -30,7 +30,7 @@ #include "system.h" -volatile int debug_level = DEBUG_NOTHING; +int debug_level = DEBUG_NOTHING; static int logmode = LOGMODE_STDERR; static pid_t logpid; extern char *logfilename; @@ -57,7 +57,11 @@ void openlogger(const char *ident, int mode) { } } -void vlogger(int priority, const char *format, va_list ap) { +void logger(int priority, const char *format, ...) { + va_list ap; + + va_start(ap, format); + switch(logmode) { case LOGMODE_STDERR: vfprintf(stderr, format, ap); @@ -80,6 +84,8 @@ void vlogger(int priority, const char *format, va_list ap) { #endif break; } + + va_end(ap); } void closelogger(void) { diff --git a/src/logger.h b/src/logger.h index ec5f52f0..f7507707 100644 --- a/src/logger.h +++ b/src/logger.h @@ -23,21 +23,11 @@ enum { LOGMODE_SYSLOG }; -extern volatile int debug_level; +extern int debug_level; extern void openlogger(const char *, int); -extern void vlogger(int, const char *, va_list ap); +extern void logger(int, const char *, ...); extern void closelogger(void); -/* Inline logger function because it's used quite often */ - -static inline void logger(int level, int priority, const char *format, ...) { - va_list ap; - - if(level == DEBUG_ALWAYS || debug_level >= level) { - va_start(ap, format); - vlogger(priority, format, ap); - va_end(ap); - } -} +#define ifdebug(l) if(debug_level >= DEBUG_##l) #endif /* __TINC_LOGGER_H__ */ diff --git a/src/meta.c b/src/meta.c index f7450fdf..939f76b8 100644 --- a/src/meta.c +++ b/src/meta.c @@ -1,7 +1,7 @@ /* meta.c -- handle the meta communication - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans + Copyright (C) 2000-2003 Guus Sliepen , + 2000-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.34 2003/07/06 22:11:31 guus Exp $ + $Id: meta.c,v 1.1.2.35 2003/07/12 17:41:45 guus Exp $ */ #include "config.h" @@ -48,7 +48,7 @@ int send_meta(connection_t *c, char *buffer, int length) cp(); - logger(DEBUG_META, LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s)"), length, + ifdebug(META) logger(LOG_DEBUG, _("Sending %d bytes of metadata to %s (%s)"), length, c->name, c->hostname); if(c->status.encryptout) { @@ -63,7 +63,7 @@ int send_meta(connection_t *c, char *buffer, int length) if(result <= 0) { if(errno == EINTR) continue; - logger(DEBUG_ALWAYS, LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, + logger(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, c->hostname, strerror(errno)); return -1; } @@ -101,13 +101,13 @@ int receive_meta(connection_t *c) cp(); if(getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("This is a bug: %s:%d: %d:%s %s (%s)"), __FILE__, + logger(LOG_ERR, _("This is a bug: %s:%d: %d:%s %s (%s)"), __FILE__, __LINE__, c->socket, strerror(errno), c->name, c->hostname); return -1; } if(x) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Metadata socket error for %s (%s): %s"), + logger(LOG_ERR, _("Metadata socket error for %s (%s): %s"), c->name, c->hostname, strerror(x)); return -1; } @@ -125,12 +125,12 @@ int receive_meta(connection_t *c) if(lenin <= 0) { if(lenin == 0) { - logger(DEBUG_CONNECTIONS, LOG_NOTICE, _("Connection closed by %s (%s)"), + ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection closed by %s (%s)"), c->name, c->hostname); } else if(errno == EINTR) return 0; else - logger(DEBUG_ALWAYS, LOG_ERR, _("Metadata socket read error for %s (%s): %s"), + logger(LOG_ERR, _("Metadata socket read error for %s (%s): %s"), c->name, c->hostname, strerror(errno)); return -1; @@ -193,7 +193,7 @@ int receive_meta(connection_t *c) } if(c->buflen >= MAXBUFSIZE) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), + logger(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), c->name, c->hostname); return -1; } diff --git a/src/meta.h b/src/meta.h index dedabb1b..8177e13b 100644 --- a/src/meta.h +++ b/src/meta.h @@ -1,7 +1,7 @@ /* meta.h -- header for meta.c - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans + Copyright (C) 2000-2003 Guus Sliepen , + 2000-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.h,v 1.1.2.8 2002/09/09 21:24:34 guus Exp $ + $Id: meta.h,v 1.1.2.9 2003/07/12 17:41:45 guus Exp $ */ #ifndef __TINC_META_H__ diff --git a/src/net.c b/src/net.c index fa798f8d..8b2c9f03 100644 --- a/src/net.c +++ b/src/net.c @@ -1,7 +1,7 @@ /* net.c -- most of the network code - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.189 2003/07/06 23:16:28 guus Exp $ + $Id: net.c,v 1.35.4.190 2003/07/12 17:41:45 guus Exp $ */ #include "config.h" @@ -91,14 +91,14 @@ static void purge(void) cp(); - logger(DEBUG_PROTOCOL, LOG_DEBUG, _("Purging unreachable nodes")); + ifdebug(PROTOCOL) logger(LOG_DEBUG, _("Purging unreachable nodes")); for(nnode = node_tree->head; nnode; nnode = nnext) { nnext = nnode->next; n = (node_t *) nnode->data; if(!n->status.reachable) { - logger(DEBUG_SCARY_THINGS, LOG_DEBUG, _("Purging node %s (%s)"), n->name, + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Purging node %s (%s)"), n->name, n->hostname); for(snode = n->subnet_tree->head; snode; snode = snext) { @@ -179,7 +179,7 @@ void terminate_connection(connection_t *c, int report) if(c->status.remove) return; - logger(DEBUG_CONNECTIONS, LOG_NOTICE, _("Closing connection with %s (%s)"), + ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Closing connection with %s (%s)"), c->name, c->hostname); c->status.remove = 1; @@ -232,7 +232,7 @@ static void check_dead_connections(void) if(c->last_ping_time + pingtimeout < now) { if(c->status.active) { if(c->status.pinged) { - logger(DEBUG_CONNECTIONS, LOG_INFO, _("%s (%s) didn't respond to PING"), + ifdebug(CONNECTIONS) logger(LOG_INFO, _("%s (%s) didn't respond to PING"), c->name, c->hostname); c->status.timeout = 1; terminate_connection(c, 1); @@ -241,12 +241,12 @@ static void check_dead_connections(void) } } else { if(c->status.remove) { - logger(DEBUG_ALWAYS, LOG_WARNING, _("Old connection_t for %s (%s) status %04x still lingering, deleting..."), + logger(LOG_WARNING, _("Old connection_t for %s (%s) status %04x still lingering, deleting..."), c->name, c->hostname, c->status); connection_del(c); continue; } - logger(DEBUG_CONNECTIONS, LOG_WARNING, _("Timeout from %s (%s) during authentication"), + ifdebug(CONNECTIONS) logger(LOG_WARNING, _("Timeout from %s (%s) during authentication"), c->name, c->hostname); terminate_connection(c, 0); } @@ -287,7 +287,7 @@ static void check_network_activity(fd_set * f) if(!result) finish_connecting(c); else { - logger(DEBUG_CONNECTIONS, LOG_DEBUG, + ifdebug(CONNECTIONS) logger(LOG_DEBUG, _("Error while connecting to %s (%s): %s"), c->name, c->hostname, strerror(result)); close(c->socket); @@ -341,7 +341,7 @@ void main_loop(void) if(r < 0) { if(errno != EINTR && errno != EAGAIN) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while waiting for input: %s"), + logger(LOG_ERR, _("Error while waiting for input: %s"), strerror(errno)); cp_trace(); dump_connections(); @@ -372,7 +372,7 @@ void main_loop(void) /* Should we regenerate our key? */ if(keyexpires < now) { - logger(DEBUG_STATUS, LOG_INFO, _("Regenerating symmetric key")); + ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key")); RAND_pseudo_bytes(myself->key, myself->keylength); EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); @@ -388,7 +388,7 @@ void main_loop(void) } if(sigalrm) { - logger(DEBUG_ALWAYS, LOG_INFO, _("Flushing event queue")); + logger(LOG_INFO, _("Flushing event queue")); while(event_tree->head) { event = (event_t *) event_tree->head->data; @@ -412,7 +412,7 @@ void main_loop(void) init_configuration(&config_tree); if(read_server_config()) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Unable to reread configuration file, exitting.")); + logger(LOG_ERR, _("Unable to reread configuration file, exitting.")); exit(1); } diff --git a/src/net.h b/src/net.h index 142d867e..8ad89947 100644 --- a/src/net.h +++ b/src/net.h @@ -1,7 +1,7 @@ /* net.h -- header for net.c - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.62 2003/07/11 16:13:00 guus Exp $ + $Id: net.h,v 1.9.4.63 2003/07/12 17:41:46 guus Exp $ */ #ifndef __TINC_NET_H__ diff --git a/src/net_packet.c b/src/net_packet.c index 79d3b18a..c0bd2476 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -1,7 +1,7 @@ /* net_packet.c -- Handles in- and outgoing VPN packets - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.32 2003/07/06 23:16:28 guus Exp $ + $Id: net_packet.c,v 1.1.2.33 2003/07/12 17:41:46 guus Exp $ */ #include "config.h" @@ -133,7 +133,7 @@ static void receive_packet(node_t *n, vpn_packet_t *packet) { cp(); - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, n->name, n->hostname); route_incoming(n, packet); @@ -159,7 +159,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) (char *) &inpkt->seqno, inpkt->len, hmac, NULL); if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) { - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), n->name, n->hostname); return; } @@ -188,13 +188,13 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) if(inpkt->seqno != n->received_seqno + 1) { if(inpkt->seqno >= n->received_seqno + sizeof(n->late) * 8) { - logger(DEBUG_ALWAYS, LOG_WARNING, _("Lost %d packets from %s (%s)"), + logger(LOG_WARNING, _("Lost %d packets from %s (%s)"), inpkt->seqno - n->received_seqno - 1, n->name, n->hostname); memset(n->late, 0, sizeof(n->late)); } else if (inpkt->seqno <= n->received_seqno) { if(inpkt->seqno <= n->received_seqno - sizeof(n->late) * 8 || !(n->late[(inpkt->seqno / 8) % sizeof(n->late)] & (1 << inpkt->seqno % 8))) { - logger(DEBUG_ALWAYS, LOG_WARNING, _("Got late or replayed packet from %s (%s), seqno %d, last received %d"), + logger(LOG_WARNING, _("Got late or replayed packet from %s (%s), seqno %d, last received %d"), n->name, n->hostname, inpkt->seqno, n->received_seqno); } else for(i = n->received_seqno + 1; i < inpkt->seqno; i++) @@ -214,7 +214,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) outpkt = pkt[nextpkt++]; if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, myself->compression)) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while uncompressing packet from %s (%s)"), + logger(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), n->name, n->hostname); return; } @@ -255,7 +255,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) /* Make sure we have a valid key */ if(!n->status.validkey) { - logger(DEBUG_TRAFFIC, LOG_INFO, + ifdebug(TRAFFIC) logger(LOG_INFO, _("No valid key known yet for %s (%s), queueing packet"), n->name, n->hostname); @@ -286,7 +286,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) outpkt = pkt[nextpkt++]; if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->compression)) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while compressing packet to %s (%s)"), + logger(LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname); return; } @@ -337,15 +337,15 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) if(priorityinheritance && origpriority != priority && listen_socket[sock].sa.sa.sa_family == AF_INET) { priority = origpriority; - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority); + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority); if(setsockopt(listen_socket[sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ - logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", + logger(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno)); } #endif if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, + logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); return; } @@ -362,16 +362,16 @@ void send_packet(node_t *n, vpn_packet_t *packet) cp(); - logger(DEBUG_TRAFFIC, LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), + ifdebug(TRAFFIC) logger(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), packet->len, n->name, n->hostname); if(n == myself) { - logger(DEBUG_TRAFFIC, LOG_NOTICE, _("Packet is looping back to us!")); + ifdebug(TRAFFIC) logger(LOG_NOTICE, _("Packet is looping back to us!")); return; } if(!n->status.reachable) { - logger(DEBUG_TRAFFIC, LOG_INFO, _("Node %s (%s) is not reachable"), + ifdebug(TRAFFIC) logger(LOG_INFO, _("Node %s (%s) is not reachable"), n->name, n->hostname); return; } @@ -379,7 +379,7 @@ void send_packet(node_t *n, vpn_packet_t *packet) via = (n->via == myself) ? n->nexthop : n->via; if(via != n) - logger(DEBUG_TRAFFIC, LOG_ERR, _("Sending packet to %s via %s (%s)"), + ifdebug(TRAFFIC) logger(LOG_ERR, _("Sending packet to %s via %s (%s)"), n->name, via->name, n->via->hostname); if((myself->options | via->options) & OPTION_TCPONLY) { @@ -398,7 +398,7 @@ void broadcast_packet(node_t *from, vpn_packet_t *packet) cp(); - logger(DEBUG_TRAFFIC, LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), + ifdebug(TRAFFIC) logger(LOG_INFO, _("Broadcasting packet of %d bytes from %s (%s)"), packet->len, from->name, from->hostname); for(node = connection_tree->head; node; node = node->next) { @@ -415,7 +415,7 @@ void flush_queue(node_t *n) cp(); - logger(DEBUG_TRAFFIC, LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); + ifdebug(TRAFFIC) logger(LOG_INFO, _("Flushing queue for %s (%s)"), n->name, n->hostname); for(node = n->queue->head; node; node = next) { next = node->next; @@ -436,21 +436,21 @@ void handle_incoming_vpn_data(int sock) cp(); if(getsockopt(sock, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("This is a bug: %s:%d: %d:%s"), + logger(LOG_ERR, _("This is a bug: %s:%d: %d:%s"), __FILE__, __LINE__, sock, strerror(errno)); cp_trace(); exit(1); } if(x) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); + logger(LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); return; } pkt.len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); if(pkt.len <= 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); + logger(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); return; } @@ -460,7 +460,7 @@ void handle_incoming_vpn_data(int sock) if(!n) { hostname = sockaddr2hostname(&from); - logger(DEBUG_ALWAYS, LOG_WARNING, _("Received UDP packet from unknown source %s"), + logger(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname); free(hostname); return; diff --git a/src/net_setup.c b/src/net_setup.c index 5462c04b..4c258abb 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -1,7 +1,7 @@ /* net_setup.c -- Setup. - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.33 2003/07/06 22:11:32 guus Exp $ + $Id: net_setup.c,v 1.1.2.34 2003/07/12 17:41:46 guus Exp $ */ #include "config.h" @@ -107,7 +107,7 @@ int read_rsa_public_key(connection_t *c) fp = fopen(fname, "r"); if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error reading RSA public key file `%s': %s"), + logger(LOG_ERR, _("Error reading RSA public key file `%s': %s"), fname, strerror(errno)); free(fname); return -1; @@ -124,7 +124,7 @@ int read_rsa_public_key(connection_t *c) fp = fopen(fname, "r"); if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error reading RSA public key file `%s': %s"), + logger(LOG_ERR, _("Error reading RSA public key file `%s': %s"), fname, strerror(errno)); free(fname); return -1; @@ -139,7 +139,7 @@ int read_rsa_public_key(connection_t *c) return 0; } - logger(DEBUG_ALWAYS, LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), + logger(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), fname, strerror(errno)); return -1; } else { @@ -179,7 +179,7 @@ int read_rsa_public_key(connection_t *c) if(c->rsa_key) return 0; - logger(DEBUG_ALWAYS, LOG_ERR, _("No public key for %s specified!"), c->name); + logger(LOG_ERR, _("No public key for %s specified!"), c->name); return -1; } @@ -207,7 +207,7 @@ int read_rsa_private_key(void) fp = fopen(fname, "r"); if(!fp) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error reading RSA private key file `%s': %s"), + logger(LOG_ERR, _("Error reading RSA private key file `%s': %s"), fname, strerror(errno)); free(fname); return -1; @@ -219,7 +219,7 @@ int read_rsa_private_key(void) fclose(fp); if(!myself->connection->rsa_key) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), + logger(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), fname, strerror(errno)); return -1; } @@ -256,12 +256,12 @@ int setup_myself(void) myself->connection->protocol_version = PROT_CURRENT; if(!get_config_string(lookup_config(config_tree, "Name"), &name)) { /* Not acceptable */ - logger(DEBUG_ALWAYS, LOG_ERR, _("Name for tinc daemon required!")); + logger(LOG_ERR, _("Name for tinc daemon required!")); return -1; } if(check_id(name)) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Invalid name for myself!")); + logger(LOG_ERR, _("Invalid name for myself!")); free(name); return -1; } @@ -273,7 +273,7 @@ int setup_myself(void) return -1; if(read_connection_config(myself->connection)) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Cannot open host configuration file for myself!")); + logger(LOG_ERR, _("Cannot open host configuration file for myself!")); return -1; } @@ -329,7 +329,7 @@ int setup_myself(void) else if(!strcasecmp(mode, "hub")) routing_mode = RMODE_HUB; else { - logger(DEBUG_ALWAYS, LOG_ERR, _("Invalid routing mode!")); + logger(LOG_ERR, _("Invalid routing mode!")); return -1; } free(mode); @@ -340,7 +340,7 @@ int setup_myself(void) &priorityinheritance); #if !defined(SOL_IP) || !defined(IP_TOS) if(priorityinheritance) - logger(DEBUG_ALWAYS, LOG_WARNING, _("PriorityInheritance not supported on this platform")); + logger(LOG_WARNING, _("PriorityInheritance not supported on this platform")); #endif if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) @@ -350,7 +350,7 @@ int setup_myself(void) (lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) { if(maxtimeout <= 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Bogus maximum timeout!")); + logger(LOG_ERR, _("Bogus maximum timeout!")); return -1; } } else @@ -364,7 +364,7 @@ int setup_myself(void) else if(!strcasecmp(afname, "any")) addressfamily = AF_UNSPEC; else { - logger(DEBUG_ALWAYS, LOG_ERR, _("Invalid address family!")); + logger(LOG_ERR, _("Invalid address family!")); return -1; } free(afname); @@ -382,7 +382,7 @@ int setup_myself(void) myself->cipher = EVP_get_cipherbyname(cipher); if(!myself->cipher) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Unrecognized cipher type!")); + logger(LOG_ERR, _("Unrecognized cipher type!")); return -1; } } @@ -417,7 +417,7 @@ int setup_myself(void) myself->digest = EVP_get_digestbyname(digest); if(!myself->digest) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Unrecognized digest type!")); + logger(LOG_ERR, _("Unrecognized digest type!")); return -1; } } @@ -431,10 +431,10 @@ int setup_myself(void) &myself->maclength)) { if(myself->digest) { if(myself->maclength > myself->digest->md_size) { - logger(DEBUG_ALWAYS, LOG_ERR, _("MAC length exceeds size of digest!")); + logger(LOG_ERR, _("MAC length exceeds size of digest!")); return -1; } else if(myself->maclength < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Bogus MAC length!")); + logger(LOG_ERR, _("Bogus MAC length!")); return -1; } } @@ -449,7 +449,7 @@ int setup_myself(void) (lookup_config(myself->connection->config_tree, "Compression"), &myself->compression)) { if(myself->compression < 0 || myself->compression > 11) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Bogus compression level!")); + logger(LOG_ERR, _("Bogus compression level!")); return -1; } } else @@ -481,7 +481,7 @@ int setup_myself(void) err = getaddrinfo(address, myport, &hint, &ai); if(err || !ai) { - logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", + logger(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err)); return -1; } @@ -501,9 +501,9 @@ int setup_myself(void) if(listen_socket[listen_sockets].udp < 0) continue; - if(debug_level >= DEBUG_CONNECTIONS) { + ifdebug(CONNECTIONS) { hostname = sockaddr2hostname((sockaddr_t *) aip->ai_addr); - logger(DEBUG_ALWAYS, LOG_NOTICE, _("Listening on %s"), hostname); + logger(LOG_NOTICE, _("Listening on %s"), hostname); free(hostname); } @@ -514,9 +514,9 @@ int setup_myself(void) freeaddrinfo(ai); if(listen_sockets) - logger(DEBUG_ALWAYS, LOG_NOTICE, _("Ready")); + logger(LOG_NOTICE, _("Ready")); else { - logger(DEBUG_ALWAYS, LOG_ERR, _("Unable to create any listening socket!")); + logger(LOG_ERR, _("Unable to create any listening socket!")); return -1; } diff --git a/src/net_socket.c b/src/net_socket.c index ffc6572b..1b5c18fe 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -1,7 +1,7 @@ /* net_socket.c -- Handle various kinds of sockets. - Copyright (C) 1998-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.25 2003/07/06 22:11:32 guus Exp $ + $Id: net_socket.c,v 1.1.2.26 2003/07/12 17:41:46 guus Exp $ */ #include "config.h" @@ -99,7 +99,7 @@ int setup_listen_socket(sockaddr_t *sa) nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP); if(nfd < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Creating metasocket failed: %s"), strerror(errno)); + logger(LOG_ERR, _("Creating metasocket failed: %s"), strerror(errno)); return -1; } @@ -107,7 +107,7 @@ int setup_listen_socket(sockaddr_t *sa) if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { close(nfd); - logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "fcntl", + logger(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", strerror(errno)); return -1; } @@ -134,19 +134,19 @@ int setup_listen_socket(sockaddr_t *sa) if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) { close(nfd); - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't bind to interface %s: %s"), interface, + logger(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); return -1; } #else - logger(DEBUG_ALWAYS, LOG_WARNING, _("BindToInterface not supported on this platform")); + logger(LOG_WARNING, _("BindToInterface not supported on this platform")); #endif } if(bind(nfd, &sa->sa, SALEN(sa->sa))) { close(nfd); addrstr = sockaddr2hostname(sa); - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't bind to %s/tcp: %s"), addrstr, + logger(LOG_ERR, _("Can't bind to %s/tcp: %s"), addrstr, strerror(errno)); free(addrstr); return -1; @@ -154,7 +154,7 @@ int setup_listen_socket(sockaddr_t *sa) if(listen(nfd, 3)) { close(nfd); - logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "listen", + logger(LOG_ERR, _("System call `%s' failed: %s"), "listen", strerror(errno)); return -1; } @@ -177,14 +177,14 @@ int setup_vpn_in_socket(sockaddr_t *sa) nfd = socket(sa->sa.sa_family, SOCK_DGRAM, IPPROTO_UDP); if(nfd < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Creating UDP socket failed: %s"), strerror(errno)); + logger(LOG_ERR, _("Creating UDP socket failed: %s"), strerror(errno)); return -1; } flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { close(nfd); - logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "fcntl", + logger(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", strerror(errno)); return -1; } @@ -200,7 +200,7 @@ int setup_vpn_in_socket(sockaddr_t *sa) if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) { close(nfd); - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't bind to interface %s: %s"), interface, + logger(LOG_ERR, _("Can't bind to interface %s: %s"), interface, strerror(errno)); return -1; } @@ -210,7 +210,7 @@ int setup_vpn_in_socket(sockaddr_t *sa) if(bind(nfd, &sa->sa, SALEN(sa->sa))) { close(nfd); addrstr = sockaddr2hostname(sa); - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't bind to %s/udp: %s"), addrstr, + logger(LOG_ERR, _("Can't bind to %s/udp: %s"), addrstr, strerror(errno)); free(addrstr); return -1; @@ -236,7 +236,7 @@ void retry_outgoing(outgoing_t *outgoing) event->data = outgoing; event_add(event); - logger(DEBUG_CONNECTIONS, LOG_NOTICE, + ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Trying to re-establish outgoing connection in %d seconds"), outgoing->timeout); } @@ -245,7 +245,7 @@ void finish_connecting(connection_t *c) { cp(); - logger(DEBUG_CONNECTIONS, LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); + ifdebug(CONNECTIONS) logger(LOG_INFO, _("Connected to %s (%s)"), c->name, c->hostname); c->last_ping_time = now; @@ -262,7 +262,7 @@ void do_outgoing_connection(connection_t *c) begin: if(!c->outgoing->ai) { if(!c->outgoing->cfg) { - logger(DEBUG_CONNECTIONS, LOG_ERR, _("Could not set up a meta connection to %s"), + ifdebug(CONNECTIONS) logger(LOG_ERR, _("Could not set up a meta connection to %s"), c->name); c->status.remove = 1; retry_outgoing(c->outgoing); @@ -297,13 +297,13 @@ begin: c->hostname = sockaddr2hostname(&c->address); - logger(DEBUG_CONNECTIONS, LOG_INFO, _("Trying to connect to %s (%s)"), c->name, + ifdebug(CONNECTIONS) logger(LOG_INFO, _("Trying to connect to %s (%s)"), c->name, c->hostname); c->socket = socket(c->address.sa.sa_family, SOCK_STREAM, IPPROTO_TCP); if(c->socket == -1) { - logger(DEBUG_CONNECTIONS, LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, + ifdebug(CONNECTIONS) logger(LOG_ERR, _("Creating socket for %s failed: %s"), c->hostname, strerror(errno)); goto begin; @@ -326,7 +326,7 @@ begin: flags = fcntl(c->socket, F_GETFL); if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("fcntl for %s: %s"), c->hostname, strerror(errno)); + logger(LOG_ERR, _("fcntl for %s: %s"), c->hostname, strerror(errno)); } /* Connect */ @@ -341,7 +341,7 @@ begin: close(c->socket); - logger(DEBUG_CONNECTIONS, LOG_ERR, _("%s: %s"), c->hostname, strerror(errno)); + ifdebug(CONNECTIONS) logger(LOG_ERR, _("%s: %s"), c->hostname, strerror(errno)); goto begin; } @@ -362,7 +362,7 @@ void setup_outgoing_connection(outgoing_t *outgoing) if(n) if(n->connection) { - logger(DEBUG_CONNECTIONS, LOG_INFO, _("Already connected to %s"), outgoing->name); + ifdebug(CONNECTIONS) logger(LOG_INFO, _("Already connected to %s"), outgoing->name); n->connection->outgoing = outgoing; return; @@ -381,7 +381,7 @@ void setup_outgoing_connection(outgoing_t *outgoing) outgoing->cfg = lookup_config(c->config_tree, "Address"); if(!outgoing->cfg) { - logger(DEBUG_ALWAYS, LOG_ERR, _("No address specified for %s"), c->name); + logger(LOG_ERR, _("No address specified for %s"), c->name); free_connection(c); free(outgoing->name); free(outgoing); @@ -411,7 +411,7 @@ int handle_new_meta_connection(int sock) fd = accept(sock, &sa.sa, &len); if(fd < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Accepting a new connection failed: %s"), + logger(LOG_ERR, _("Accepting a new connection failed: %s"), strerror(errno)); return -1; } @@ -429,7 +429,7 @@ int handle_new_meta_connection(int sock) c->socket = fd; c->last_ping_time = now; - logger(DEBUG_CONNECTIONS, LOG_NOTICE, _("Connection from %s"), c->hostname); + ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection from %s"), c->hostname); connection_add(c); @@ -452,7 +452,7 @@ void try_outgoing_connections(void) get_config_string(cfg, &name); if(check_id(name)) { - logger(DEBUG_ALWAYS, LOG_ERR, + logger(LOG_ERR, _("Invalid name for outgoing connection in %s line %d"), cfg->file, cfg->line); free(name); diff --git a/src/netbsd/device.c b/src/netbsd/device.c index 83877262..3f076392 100644 --- a/src/netbsd/device.c +++ b/src/netbsd/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with NetBSD tun device - Copyright (C) 2001-2002 Ivo Timmermans , - 2001-2002 Guus Sliepen + Copyright (C) 2001-2003 Ivo Timmermans , + 2001-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.9 2003/07/06 22:11:35 guus Exp $ + $Id: device.c,v 1.1.2.10 2003/07/12 17:41:48 guus Exp $ */ #include "config.h" @@ -55,9 +55,6 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -/* - open the local ethertap device -*/ int setup_device(void) { cp(); @@ -68,13 +65,13 @@ int setup_device(void) if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } device_info = _("NetBSD tun device"); - logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); + logger(LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -93,7 +90,7 @@ int read_packet(vpn_packet_t *packet) cp(); if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -105,7 +102,7 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); } @@ -116,11 +113,11 @@ int write_packet(vpn_packet_t *packet) { cp(); - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -132,7 +129,7 @@ void dump_device_stats(void) { cp(); - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/netutl.c b/src/netutl.c index 7d32e21c..1f5e4afc 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -1,7 +1,7 @@ /* netutl.c -- some supporting network utility code - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.45 2003/07/06 22:11:32 guus Exp $ + $Id: netutl.c,v 1.12.4.46 2003/07/12 17:41:46 guus Exp $ */ #include "config.h" @@ -67,7 +67,7 @@ struct addrinfo *str2addrinfo(char *address, char *service, int socktype) err = getaddrinfo(address, service, &hint, &ai); if(err) { - logger(DEBUG_ALWAYS, LOG_WARNING, _("Error looking up %s port %s: %s\n"), address, + logger(LOG_WARNING, _("Error looking up %s port %s: %s\n"), address, service, gai_strerror(err)); return NULL; } @@ -92,7 +92,7 @@ sockaddr_t str2sockaddr(char *address, char *port) err = getaddrinfo(address, port, &hint, &ai); if(err || !ai) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error looking up %s port %s: %s\n"), address, port, + logger(LOG_ERR, _("Error looking up %s port %s: %s\n"), address, port, gai_strerror(err)); cp_trace(); raise(SIGFPE); @@ -117,7 +117,7 @@ void sockaddr2str(sockaddr_t *sa, char **addrstr, char **portstr) err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV); if(err) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while translating addresses: %s"), + logger(LOG_ERR, _("Error while translating addresses: %s"), gai_strerror(err)); cp_trace(); raise(SIGFPE); @@ -145,7 +145,7 @@ char *sockaddr2hostname(sockaddr_t *sa) err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), hostnames ? 0 : (NI_NUMERICHOST | NI_NUMERICSERV)); if(err) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while looking up hostname: %s"), + logger(LOG_ERR, _("Error while looking up hostname: %s"), gai_strerror(err)); } @@ -186,7 +186,7 @@ int sockaddrcmp(sockaddr_t *a, sockaddr_t *b) return memcmp(&a->in6.sin6_port, &b->in6.sin6_port, sizeof(a->in6.sin6_port)); default: - logger(DEBUG_ALWAYS, LOG_ERR, _("sockaddrcmp() was called with unknown address family %d, exitting!"), + logger(LOG_ERR, _("sockaddrcmp() was called with unknown address family %d, exitting!"), a->sa.sa_family); cp_trace(); raise(SIGFPE); diff --git a/src/netutl.h b/src/netutl.h index 5554b275..b946b77d 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -1,7 +1,7 @@ /* netutl.h -- header file for netutl.c - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.14 2002/09/09 21:24:41 guus Exp $ + $Id: netutl.h,v 1.2.4.15 2003/07/12 17:41:46 guus Exp $ */ #ifndef __TINC_NETUTL_H__ diff --git a/src/node.c b/src/node.c index 350d02d8..6dba7f28 100644 --- a/src/node.c +++ b/src/node.c @@ -1,7 +1,7 @@ /* node.c -- node tree management - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans + Copyright (C) 2001-2003 Guus Sliepen , + 2001-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.21 2003/07/06 23:16:28 guus Exp $ + $Id: node.c,v 1.1.2.22 2003/07/12 17:41:46 guus Exp $ */ #include "config.h" @@ -173,16 +173,16 @@ void dump_nodes(void) cp(); - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Nodes:")); + logger(LOG_DEBUG, _("Nodes:")); for(node = node_tree->head; node; node = node->next) { n = (node_t *) node->data; - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), + logger(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), n->name, n->hostname, n->cipher ? n->cipher->nid : 0, n->digest ? n->digest->type : 0, n->maclength, n->compression, n->options, n->status, n->nexthop ? n->nexthop->name : "-", n->via ? n->via->name : "-"); } - logger(DEBUG_ALWAYS, LOG_DEBUG, _("End of nodes.")); + logger(LOG_DEBUG, _("End of nodes.")); } diff --git a/src/node.h b/src/node.h index b5cd8a74..085d6a4f 100644 --- a/src/node.h +++ b/src/node.h @@ -1,7 +1,7 @@ /* node.h -- header for node.c - Copyright (C) 2001-2002 Guus Sliepen , - 2001-2002 Ivo Timmermans + Copyright (C) 2001-2003 Guus Sliepen , + 2001-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.23 2003/07/06 23:16:28 guus Exp $ + $Id: node.h,v 1.1.2.24 2003/07/12 17:41:46 guus Exp $ */ #ifndef __TINC_NODE_H__ diff --git a/src/openbsd/device.c b/src/openbsd/device.c index e2201c99..e9b4bbdd 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with OpenBSD tun device - Copyright (C) 2001-2002 Ivo Timmermans , - 2001-2002 Guus Sliepen + Copyright (C) 2001-2003 Ivo Timmermans , + 2001-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.14 2003/07/06 22:11:37 guus Exp $ + $Id: device.c,v 1.1.2.15 2003/07/12 17:41:48 guus Exp $ */ #include "config.h" @@ -55,9 +55,6 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -/* - open the local ethertap device -*/ int setup_device(void) { cp(); @@ -68,13 +65,13 @@ int setup_device(void) if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } device_info = _("OpenBSD tun device"); - logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); + logger(LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -95,7 +92,7 @@ int read_packet(vpn_packet_t *packet) cp(); if((lenin = readv(device_fd, vector, 2)) <= 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -112,7 +109,7 @@ int read_packet(vpn_packet_t *packet) break; default: - logger(DEBUG_TRAFFIC, LOG_ERR, + ifdebug(TRAFFIC) logger(LOG_ERR, _ ("Unknown address family %d while reading packet from %s %s"), ntohl(type), device_info, device); return -1; @@ -122,7 +119,7 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); } @@ -137,7 +134,7 @@ int write_packet(vpn_packet_t *packet) cp(); - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); af = (packet->data[12] << 8) + packet->data[13]; @@ -150,7 +147,7 @@ int write_packet(vpn_packet_t *packet) type = htonl(AF_INET6); break; default: - logger(DEBUG_TRAFFIC, LOG_ERR, + ifdebug(TRAFFIC) logger(LOG_ERR, _("Unknown address family %d while writing packet to %s %s"), af, device_info, device); return -1; @@ -162,7 +159,7 @@ int write_packet(vpn_packet_t *packet) vector[1].iov_len = packet->len - 14; if(writev(device_fd, vector, 2) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -174,7 +171,7 @@ void dump_device_stats(void) { cp(); - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/process.c b/src/process.c index 46d6067f..326d3ff9 100644 --- a/src/process.c +++ b/src/process.c @@ -1,7 +1,7 @@ /* process.c -- process management functions - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.53 2003/07/11 16:13:00 guus Exp $ + $Id: process.c,v 1.1.2.54 2003/07/12 17:41:46 guus Exp $ */ #include "config.h" @@ -67,7 +67,7 @@ extern int do_purge; static void memory_full(int size) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exitting."), size); + logger(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exitting."), size); cp_trace(); exit(1); } @@ -96,10 +96,10 @@ void cleanup_and_exit(int c) close_network_connections(); - if(debug_level > DEBUG_NOTHING) + ifdebug(CONNECTIONS) dump_device_stats(); - logger(DEBUG_ALWAYS, LOG_NOTICE, _("Terminating")); + logger(LOG_NOTICE, _("Terminating")); closelog(); exit(c); @@ -202,7 +202,7 @@ int detach(void) openlogger(identname, use_logfile?LOGMODE_FILE:(do_detach?LOGMODE_SYSLOG:LOGMODE_STDERR)); - logger(DEBUG_ALWAYS, LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d"), + logger(LOG_NOTICE, _("tincd %s (%s %s) starting, debug level %d"), VERSION, __DATE__, __TIME__, debug_level); xalloc_fail_func = memory_full; @@ -217,6 +217,8 @@ static void _execute_script(const char *scriptname, char **envp) __attribute__ ((noreturn)); static void _execute_script(const char *scriptname, char **envp) { + int save_errno; + cp(); while(*envp) @@ -232,10 +234,12 @@ static void _execute_script(const char *scriptname, char **envp) execl(scriptname, NULL); /* No return on success */ + save_errno = errno; + openlogger(identname, use_logfile?LOGMODE_FILE:(do_detach?LOGMODE_SYSLOG:LOGMODE_STDERR)); - logger(DEBUG_ALWAYS, LOG_ERR, _("Could not execute `%s': %s"), scriptname, - strerror(errno)); - exit(errno); + logger(LOG_ERR, _("Could not execute `%s': %s"), scriptname, + strerror(save_errno)); + exit(save_errno); } /* @@ -260,35 +264,35 @@ int execute_script(const char *name, char **envp) pid = fork(); if(pid < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "fork", + logger(LOG_ERR, _("System call `%s' failed: %s"), "fork", strerror(errno)); return -1; } if(pid) { - logger(DEBUG_STATUS, LOG_INFO, _("Executing script %s"), name); + ifdebug(STATUS) logger(LOG_INFO, _("Executing script %s"), name); free(scriptname); if(waitpid(pid, &status, 0) == pid) { if(WIFEXITED(status)) { /* Child exited by itself */ if(WEXITSTATUS(status)) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Process %d (%s) exited with non-zero status %d"), + logger(LOG_ERR, _("Process %d (%s) exited with non-zero status %d"), pid, name, WEXITSTATUS(status)); return -1; } else return 0; } else if(WIFSIGNALED(status)) { /* Child was killed by a signal */ - logger(DEBUG_ALWAYS, LOG_ERR, _("Process %d (%s) was killed by signal %d (%s)"), pid, + logger(LOG_ERR, _("Process %d (%s) was killed by signal %d (%s)"), pid, name, WTERMSIG(status), strsignal(WTERMSIG(status))); return -1; } else { /* Something strange happened */ - logger(DEBUG_ALWAYS, LOG_ERR, _("Process %d (%s) terminated abnormally"), pid, + logger(LOG_ERR, _("Process %d (%s) terminated abnormally"), pid, name); return -1; } } else if (errno != EINTR) { - logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "waitpid", + logger(LOG_ERR, _("System call `%s' failed: %s"), "waitpid", strerror(errno)); return -1; } @@ -309,20 +313,20 @@ int execute_script(const char *name, char **envp) static RETSIGTYPE sigterm_handler(int a) { - logger(DEBUG_ALWAYS, LOG_NOTICE, _("Got TERM signal")); + logger(LOG_NOTICE, _("Got TERM signal")); cleanup_and_exit(0); } static RETSIGTYPE sigquit_handler(int a) { - logger(DEBUG_ALWAYS, LOG_NOTICE, _("Got QUIT signal")); + logger(LOG_NOTICE, _("Got QUIT signal")); cleanup_and_exit(0); } static RETSIGTYPE fatal_signal_square(int a) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got another fatal signal %d (%s): not restarting."), a, + logger(LOG_ERR, _("Got another fatal signal %d (%s): not restarting."), a, strsignal(a)); cp_trace(); exit(1); @@ -331,11 +335,11 @@ static RETSIGTYPE fatal_signal_square(int a) static RETSIGTYPE fatal_signal_handler(int a) { struct sigaction act; - logger(DEBUG_ALWAYS, LOG_ERR, _("Got fatal signal %d (%s)"), a, strsignal(a)); + logger(LOG_ERR, _("Got fatal signal %d (%s)"), a, strsignal(a)); cp_trace(); if(do_detach) { - logger(DEBUG_ALWAYS, LOG_NOTICE, _("Trying to re-execute in 5 seconds...")); + logger(LOG_NOTICE, _("Trying to re-execute in 5 seconds...")); act.sa_handler = fatal_signal_square; act.sa_mask = emptysigset; @@ -347,26 +351,26 @@ static RETSIGTYPE fatal_signal_handler(int a) remove_pid(pidfilename); execvp(g_argv[0], g_argv); } else { - logger(DEBUG_ALWAYS, LOG_NOTICE, _("Not restarting.")); + logger(LOG_NOTICE, _("Not restarting.")); exit(1); } } static RETSIGTYPE sighup_handler(int a) { - logger(DEBUG_ALWAYS, LOG_NOTICE, _("Got HUP signal")); + logger(LOG_NOTICE, _("Got HUP signal")); sighup = 1; } static RETSIGTYPE sigint_handler(int a) { if(saved_debug_level != -1) { - logger(DEBUG_ALWAYS, LOG_NOTICE, _("Reverting to old debug level (%d)"), + logger(LOG_NOTICE, _("Reverting to old debug level (%d)"), saved_debug_level); debug_level = saved_debug_level; saved_debug_level = -1; } else { - logger(DEBUG_ALWAYS, LOG_NOTICE, + logger(LOG_NOTICE, _("Temporarily setting debug level to 5. Kill me with SIGINT again to go back to level %d."), debug_level); saved_debug_level = debug_level; @@ -376,7 +380,7 @@ static RETSIGTYPE sigint_handler(int a) static RETSIGTYPE sigalrm_handler(int a) { - logger(DEBUG_ALWAYS, LOG_NOTICE, _("Got ALRM signal")); + logger(LOG_NOTICE, _("Got ALRM signal")); sigalrm = 1; } @@ -401,13 +405,13 @@ static RETSIGTYPE sigwinch_handler(int a) static RETSIGTYPE unexpected_signal_handler(int a) { - logger(DEBUG_ALWAYS, LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); + logger(LOG_WARNING, _("Got unexpected signal %d (%s)"), a, strsignal(a)); cp_trace(); } static RETSIGTYPE ignore_signal_handler(int a) { - logger(DEBUG_SCARY_THINGS, LOG_DEBUG, _("Ignored signal %d (%s)"), a, strsignal(a)); + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Ignored signal %d (%s)"), a, strsignal(a)); } static struct { diff --git a/src/process.h b/src/process.h index 0844ed20..cae136c6 100644 --- a/src/process.h +++ b/src/process.h @@ -1,7 +1,7 @@ /* process.h -- header file for process.c - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.14 2003/07/06 23:16:28 guus Exp $ + $Id: process.h,v 1.1.2.15 2003/07/12 17:41:46 guus Exp $ */ #ifndef __TINC_PROCESS_H__ diff --git a/src/protocol.c b/src/protocol.c index a6485475..c8b868ca 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.139 2003/07/06 23:16:28 guus Exp $ + $Id: protocol.c,v 1.28.4.140 2003/07/12 17:41:46 guus Exp $ */ #include "config.h" @@ -95,18 +95,18 @@ int send_request(connection_t *c, const char *format, ...) va_end(args); if(len < 0 || len > MAXBUFSIZE - 1) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), + logger(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), c->name, c->hostname); return -1; } - if(debug_level >= DEBUG_PROTOCOL) { + ifdebug(PROTOCOL) { sscanf(buffer, "%d", &request); - if(debug_level >= DEBUG_META) - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Sending %s to %s (%s): %s"), + ifdebug(META) + logger(LOG_DEBUG, _("Sending %s to %s (%s): %s"), request_name[request], c->name, c->hostname, buffer); else - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], + logger(LOG_DEBUG, _("Sending %s to %s (%s)"), request_name[request], c->name, c->hostname); } @@ -125,14 +125,14 @@ int forward_request(connection_t *from) cp(); - if(debug_level >= DEBUG_PROTOCOL) { + ifdebug(PROTOCOL) { sscanf(from->buffer, "%d", &request); - if(debug_level >= DEBUG_META) - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Forwarding %s from %s (%s): %s"), + ifdebug(META) + logger(LOG_DEBUG, _("Forwarding %s from %s (%s): %s"), request_name[request], from->name, from->hostname, from->buffer); else - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Forwarding %s from %s (%s)"), + logger(LOG_DEBUG, _("Forwarding %s from %s (%s)"), request_name[request], from->name, from->hostname); } @@ -149,28 +149,28 @@ int receive_request(connection_t *c) if(sscanf(c->buffer, "%d", &request) == 1) { if((request < 0) || (request >= LAST) || !request_handlers[request]) { - if(debug_level >= DEBUG_META) - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Unknown request from %s (%s): %s"), + ifdebug(META) + logger(LOG_DEBUG, _("Unknown request from %s (%s): %s"), c->name, c->hostname, c->buffer); else - logger(DEBUG_ALWAYS, LOG_ERR, _("Unknown request from %s (%s)"), + logger(LOG_ERR, _("Unknown request from %s (%s)"), c->name, c->hostname); return -1; } else { - if(debug_level >= DEBUG_PROTOCOL) { - if(debug_level >= DEBUG_META) - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Got %s from %s (%s): %s"), + ifdebug(PROTOCOL) { + ifdebug(META) + logger(LOG_DEBUG, _("Got %s from %s (%s): %s"), request_name[request], c->name, c->hostname, c->buffer); else - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Got %s from %s (%s)"), + logger(LOG_DEBUG, _("Got %s from %s (%s)"), request_name[request], c->name, c->hostname); } } if((c->allow_request != ALL) && (c->allow_request != request)) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Unauthorized request from %s (%s)"), c->name, + logger(LOG_ERR, _("Unauthorized request from %s (%s)"), c->name, c->hostname); return -1; } @@ -178,12 +178,12 @@ int receive_request(connection_t *c) if(request_handlers[request] (c)) /* Something went wrong. Probably scriptkiddies. Terminate. */ { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while processing %s from %s (%s)"), + logger(LOG_ERR, _("Error while processing %s from %s (%s)"), request_name[request], c->name, c->hostname); return -1; } } else { - logger(DEBUG_ALWAYS, LOG_ERR, _("Bogus data received from %s (%s)"), + logger(LOG_ERR, _("Bogus data received from %s (%s)"), c->name, c->hostname); return -1; } @@ -229,7 +229,7 @@ int seen_request(char *request) p.request = request; if(avl_search(past_request_tree, &p)) { - logger(DEBUG_SCARY_THINGS, LOG_DEBUG, _("Already seen request")); + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Already seen request")); return 1; } else { new = (past_request_t *) xmalloc(sizeof(*new)); @@ -259,6 +259,6 @@ void age_past_requests(void) } if(left || deleted) - logger(DEBUG_SCARY_THINGS, LOG_DEBUG, _("Aging past requests: deleted %d, left %d\n"), + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Aging past requests: deleted %d, left %d\n"), deleted, left); } diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 28c6fea0..1b8794d1 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -1,7 +1,7 @@ /* protocol_auth.c -- handle the meta-protocol, authentication - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.22 2003/07/06 23:16:29 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.23 2003/07/12 17:41:47 guus Exp $ */ #include "config.h" @@ -65,7 +65,7 @@ int id_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d " MAX_STRING " %d", name, &c->protocol_version) != 2) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, c->hostname); return -1; } @@ -73,7 +73,7 @@ int id_h(connection_t *c) /* Check if identity is a valid name */ if(check_id(name)) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, c->hostname, "invalid name"); return -1; } @@ -82,7 +82,7 @@ int id_h(connection_t *c) if(c->name) { if(strcmp(c->name, name)) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, + logger(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, c->name); return -1; } @@ -92,7 +92,7 @@ int id_h(connection_t *c) /* Check if version matches */ if(c->protocol_version != myself->connection->protocol_version) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), + logger(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), c->name, c->hostname, c->protocol_version); return -1; } @@ -110,7 +110,7 @@ int id_h(connection_t *c) bla = read_connection_config(c); if(bla) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, + logger(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name); return -1; } @@ -166,10 +166,10 @@ int send_metakey(connection_t *c) c->outkey[0] &= 0x7F; - if(debug_level >= DEBUG_SCARY_THINGS) { + ifdebug(SCARY_THINGS) { bin2hex(c->outkey, buffer, len); buffer[len * 2] = '\0'; - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), + logger(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer); } @@ -181,7 +181,7 @@ int send_metakey(connection_t *c) */ if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error during encryption of meta key for %s (%s)"), + logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); return -1; } @@ -221,7 +221,7 @@ int metakey_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); return -1; } @@ -231,7 +231,7 @@ int metakey_h(connection_t *c) /* Check if the length of the meta key is all right */ if(strlen(buffer) != len * 2) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); + logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); return -1; } @@ -250,15 +250,15 @@ int metakey_h(connection_t *c) /* Decrypt the meta key */ if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */ - logger(DEBUG_ALWAYS, LOG_ERR, _("Error during encryption of meta key for %s (%s)"), + logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); return -1; } - if(debug_level >= DEBUG_SCARY_THINGS) { + ifdebug(SCARY_THINGS) { bin2hex(c->inkey, buffer, len); buffer[len * 2] = '\0'; - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); + logger(LOG_DEBUG, _("Received random meta key (unencrypted): %s"), buffer); } /* All incoming requests will now be encrypted. */ @@ -269,7 +269,7 @@ int metakey_h(connection_t *c) c->incipher = EVP_get_cipherbynid(cipher); if(!c->incipher) { - logger(DEBUG_ALWAYS, LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); + logger(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); return -1; } @@ -289,12 +289,12 @@ int metakey_h(connection_t *c) c->indigest = EVP_get_digestbynid(digest); if(!c->indigest) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); + logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); return -1; } if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); + logger(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); return -1; } } else { @@ -348,7 +348,7 @@ int challenge_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d " MAX_STRING, buffer) != 1) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, c->hostname); return -1; } @@ -358,7 +358,7 @@ int challenge_h(connection_t *c) /* Check if the length of the challenge is all right */ if(strlen(buffer) != len * 2) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, + logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong challenge length"); return -1; } @@ -412,7 +412,7 @@ int chal_reply_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d " MAX_STRING, hishash) != 1) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, c->hostname); return -1; } @@ -420,7 +420,7 @@ int chal_reply_h(connection_t *c) /* Check if the length of the hash is all right */ if(strlen(hishash) != c->outdigest->md_size * 2) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, + logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply length")); return -1; } @@ -438,13 +438,13 @@ int chal_reply_h(connection_t *c) /* Verify the incoming hash with the calculated hash */ if(memcmp(hishash, myhash, c->outdigest->md_size)) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, + logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply")); - if(debug_level >= DEBUG_SCARY_THINGS) { + ifdebug(SCARY_THINGS) { bin2hex(myhash, hishash, SHA_DIGEST_LENGTH); hishash[SHA_DIGEST_LENGTH * 2] = '\0'; - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Expected challenge reply: %s"), hishash); + logger(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); } return -1; @@ -516,7 +516,7 @@ int ack_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d " MAX_STRING " %d %lx", hisport, &weight, &options) != 3) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); return -1; } @@ -532,7 +532,7 @@ int ack_h(connection_t *c) } else { if(n->connection) { /* Oh dear, we already have a connection to this node. */ - logger(DEBUG_CONNECTIONS, LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), + ifdebug(CONNECTIONS) logger(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); terminate_connection(n->connection, 0); /* Run graph algorithm to purge key and make sure up/down scripts are rerun with new IP addresses and stuff */ @@ -549,7 +549,7 @@ int ack_h(connection_t *c) c->allow_request = ALL; c->status.active = 1; - logger(DEBUG_CONNECTIONS, LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, + ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); /* Send him everything we know */ diff --git a/src/protocol_edge.c b/src/protocol_edge.c index f97be3ef..d81fc878 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -1,7 +1,7 @@ /* protocol_edge.c -- handle the meta-protocol, edges - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.16 2003/07/06 22:11:32 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.17 2003/07/12 17:41:47 guus Exp $ */ #include "config.h" @@ -79,7 +79,7 @@ int add_edge_h(connection_t *c) if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING" "MAX_STRING" "MAX_STRING" %lx %d", from_name, to_name, to_address, to_port, &options, &weight) != 6) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, c->hostname); return -1; } @@ -87,13 +87,13 @@ int add_edge_h(connection_t *c) /* Check if names are valid */ if(check_id(from_name)) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); return -1; } if(check_id(to_name)) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); return -1; } @@ -130,12 +130,12 @@ int add_edge_h(connection_t *c) if(e) { if(e->weight != weight || e->options != options || sockaddrcmp(&e->address, &address)) { if(from == myself) { - logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) for ourself which does not match existing entry"), + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); send_add_edge(c, e); return 0; } else { - logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) which does not match existing entry"), + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); edge_del(e); graph(); @@ -143,7 +143,7 @@ int add_edge_h(connection_t *c) } else return 0; } else if(from == myself) { - logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) for ourself which does not exist"), + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not exist"), "ADD_EDGE", c->name, c->hostname); e = new_edge(); e->from = from; @@ -190,7 +190,7 @@ int del_edge_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, from_name, to_name) != 2) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", c->name, c->hostname); return -1; } @@ -198,13 +198,13 @@ int del_edge_h(connection_t *c) /* Check if names are valid */ if(check_id(from_name)) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); return -1; } if(check_id(to_name)) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); return -1; } @@ -217,7 +217,7 @@ int del_edge_h(connection_t *c) from = lookup_node(from_name); if(!from) { - logger(DEBUG_PROTOCOL, LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), + ifdebug(PROTOCOL) logger(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); return 0; } @@ -225,7 +225,7 @@ int del_edge_h(connection_t *c) to = lookup_node(to_name); if(!to) { - logger(DEBUG_PROTOCOL, LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), + ifdebug(PROTOCOL) logger(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); return 0; } @@ -235,13 +235,13 @@ int del_edge_h(connection_t *c) e = lookup_edge(from, to); if(!e) { - logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) which does not appear in the edge tree"), + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); return 0; } if(e->from == myself) { - logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) for ourself"), + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_EDGE", c->name, c->hostname); send_add_edge(c, e); /* Send back a correction */ return 0; diff --git a/src/protocol_key.c b/src/protocol_key.c index 88695c79..1a6804a4 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -1,7 +1,7 @@ /* protocol_key.c -- handle the meta-protocol, key exchange - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.17 2003/07/06 22:11:32 guus Exp $ + $Id: protocol_key.c,v 1.1.4.18 2003/07/12 17:41:47 guus Exp $ */ #include "config.h" @@ -67,7 +67,7 @@ int key_changed_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d %*x " MAX_STRING, name) != 1) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", c->name, c->hostname); return -1; } @@ -78,7 +78,7 @@ int key_changed_h(connection_t *c) n = lookup_node(name); if(!n) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), + logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), "KEY_CHANGED", c->name, c->hostname, name); return -1; } @@ -109,7 +109,7 @@ int req_key_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d " MAX_STRING " " MAX_STRING, from_name, to_name) != 2) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", c->name, c->hostname); return -1; } @@ -117,7 +117,7 @@ int req_key_h(connection_t *c) from = lookup_node(from_name); if(!from) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), + logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "REQ_KEY", c->name, c->hostname, from_name); return -1; } @@ -125,7 +125,7 @@ int req_key_h(connection_t *c) to = lookup_node(to_name); if(!to) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), + logger(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "REQ_KEY", c->name, c->hostname, to_name); return -1; } @@ -173,7 +173,7 @@ int ans_key_h(connection_t *c) if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d", from_name, to_name, key, &cipher, &digest, &maclength, &compression) != 7) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", c->name, c->hostname); return -1; } @@ -181,7 +181,7 @@ int ans_key_h(connection_t *c) from = lookup_node(from_name); if(!from) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), + logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "ANS_KEY", c->name, c->hostname, from_name); return -1; } @@ -189,7 +189,7 @@ int ans_key_h(connection_t *c) to = lookup_node(to_name); if(!to) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), + logger(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "ANS_KEY", c->name, c->hostname, to_name); return -1; } @@ -220,13 +220,13 @@ int ans_key_h(connection_t *c) from->cipher = EVP_get_cipherbynid(cipher); if(!from->cipher) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, + logger(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, from->hostname); return -1; } if(from->keylength != from->cipher->key_len + from->cipher->iv_len) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name, + logger(LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name, from->hostname); return -1; } @@ -240,13 +240,13 @@ int ans_key_h(connection_t *c) from->digest = EVP_get_digestbynid(digest); if(!from->digest) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, + logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, from->hostname); return -1; } if(from->maclength > from->digest->md_size || from->maclength < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), + logger(LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), from->name, from->hostname); return -1; } @@ -255,7 +255,7 @@ int ans_key_h(connection_t *c) } if(compression < 0 || compression > 11) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Node %s (%s) uses bogus compression level!"), from->name, from->hostname); + logger(LOG_ERR, _("Node %s (%s) uses bogus compression level!"), from->name, from->hostname); return -1; } diff --git a/src/protocol_misc.c b/src/protocol_misc.c index 18155e94..d5c9aeb0 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -1,7 +1,7 @@ /* protocol_misc.c -- handle the meta-protocol, miscellaneous functions - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_misc.c,v 1.1.4.9 2003/07/06 23:16:29 guus Exp $ + $Id: protocol_misc.c,v 1.1.4.10 2003/07/12 17:41:47 guus Exp $ */ #include "config.h" @@ -40,18 +40,6 @@ #include "system.h" -/* Status strings */ - -static char (*status_text[]) = { - "Warning", -}; - -/* Error strings */ - -static char (*error_text[]) = { - "Error", -}; - /* Status and error notification routines */ int send_status(connection_t *c, int statusno, char *statusstring) @@ -59,7 +47,7 @@ int send_status(connection_t *c, int statusno, char *statusstring) cp(); if(!statusstring) - statusstring = status_text[statusno]; + statusstring = "Status"; return send_request(c, "%d %d %s", STATUS, statusno, statusstring); } @@ -72,13 +60,13 @@ int status_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d %d " MAX_STRING, &statusno, statusstring) != 2) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "STATUS", + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "STATUS", c->name, c->hostname); return -1; } - logger(DEBUG_STATUS, LOG_NOTICE, _("Status message from %s (%s): %s: %s"), - c->name, c->hostname, status_text[statusno], statusstring); + ifdebug(STATUS) logger(LOG_NOTICE, _("Status message from %s (%s): %d: %s"), + c->name, c->hostname, statusno, statusstring); return 0; } @@ -88,7 +76,7 @@ int send_error(connection_t *c, int err, char *errstring) cp(); if(!errstring) - errstring = strerror(err); + errstring = "Error"; return send_request(c, "%d %d %s", ERROR, err, errstring); } @@ -101,13 +89,13 @@ int error_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d %d " MAX_STRING, &err, errorstring) != 2) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "ERROR", + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ERROR", c->name, c->hostname); return -1; } - logger(DEBUG_ERROR, LOG_NOTICE, _("Error message from %s (%s): %s: %s"), - c->name, c->hostname, strerror(err), errorstring); + ifdebug(ERROR) logger(LOG_NOTICE, _("Error message from %s (%s): %d: %s"), + c->name, c->hostname, err, errorstring); terminate_connection(c, c->status.active); @@ -193,7 +181,7 @@ int tcppacket_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d %hd", &len) != 1) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Got bad %s from %s (%s)"), "PACKET", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "PACKET", c->name, c->hostname); return -1; } diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index 16cf1885..c0a351f2 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -1,7 +1,7 @@ /* protocol_subnet.c -- handle the meta-protocol, subnets - Copyright (C) 1999-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.10 2003/07/06 22:11:33 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.11 2003/07/12 17:41:47 guus Exp $ */ #include "config.h" @@ -114,7 +114,7 @@ int add_subnet_h(connection_t *c) /* If we don't know this subnet, but we are the owner, retaliate with a DEL_SUBNET */ if(owner == myself) { - logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) for ourself"), + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "ADD_SUBNET", c->name, c->hostname); s->owner = myself; send_del_subnet(c, s); @@ -176,7 +176,7 @@ int del_subnet_h(connection_t *c) owner = lookup_node(name); if(!owner) { - logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) for %s which is not in our node tree"), + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for %s which is not in our node tree"), "DEL_SUBNET", c->name, c->hostname, name); return 0; } @@ -203,7 +203,7 @@ int del_subnet_h(connection_t *c) free_subnet(s); if(!find) { - logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), "DEL_SUBNET", c->name, c->hostname, name); return 0; } @@ -211,7 +211,7 @@ int del_subnet_h(connection_t *c) /* If we are the owner of this subnet, retaliate with an ADD_SUBNET */ if(owner == myself) { - logger(DEBUG_PROTOCOL, LOG_WARNING, _("Got %s from %s (%s) for ourself"), + ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_SUBNET", c->name, c->hostname); send_add_subnet(c, find); return 0; diff --git a/src/raw_socket/device.c b/src/raw_socket/device.c index 3cb62c0d..6a94ce38 100644 --- a/src/raw_socket/device.c +++ b/src/raw_socket/device.c @@ -1,7 +1,7 @@ /* device.c -- raw socket - Copyright (C) 2002 Ivo Timmermans , - 2002 Guus Sliepen + Copyright (C) 2002-2003 Ivo Timmermans , + 2002-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.6 2003/07/06 22:11:37 guus Exp $ + $Id: device.c,v 1.1.2.7 2003/07/12 17:41:48 guus Exp $ */ #include "config.h" @@ -52,9 +52,6 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -/* - open the local ethertap device -*/ int setup_device(void) { struct ifreq ifr; @@ -72,7 +69,7 @@ int setup_device(void) device_info = _("raw socket"); if((device_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device_info, + logger(LOG_ERR, _("Could not open %s: %s"), device_info, strerror(errno)); return -1; } @@ -81,7 +78,7 @@ int setup_device(void) strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); if(ioctl(device_fd, SIOCGIFINDEX, &ifr)) { close(device_fd); - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't find interface %s: %s"), interface, + logger(LOG_ERR, _("Can't find interface %s: %s"), interface, strerror(errno)); return -1; } @@ -92,11 +89,11 @@ int setup_device(void) sa.sll_ifindex = ifr.ifr_ifindex; if(bind(device_fd, (struct sockaddr *) &sa, (socklen_t) sizeof(sa))) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Could not bind to %s: %s"), device, strerror(errno)); + logger(LOG_ERR, _("Could not bind to %s: %s"), device, strerror(errno)); return -1; } - logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); + logger(LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -108,10 +105,6 @@ void close_device(void) close(device_fd); } -/* - read, encrypt and send data that is - available through the ethertap device -*/ int read_packet(vpn_packet_t *packet) { int lenin; @@ -119,7 +112,7 @@ int read_packet(vpn_packet_t *packet) cp(); if((lenin = read(device_fd, packet->data, MTU)) <= 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -128,7 +121,7 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); } @@ -139,11 +132,11 @@ int write_packet(vpn_packet_t *packet) { cp(); - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); if(write(device_fd, packet->data, packet->len) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, + logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -157,7 +150,7 @@ void dump_device_stats(void) { cp(); - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/route.c b/src/route.c index 89271ba8..382a6dde 100644 --- a/src/route.c +++ b/src/route.c @@ -1,7 +1,7 @@ /* route.c -- routing - Copyright (C) 2000-2002 Ivo Timmermans , - 2000-2002 Guus Sliepen + Copyright (C) 2000-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.56 2003/07/07 11:11:33 guus Exp $ + $Id: route.c,v 1.1.2.57 2003/07/12 17:41:47 guus Exp $ */ #include "config.h" @@ -130,7 +130,7 @@ static void learn_mac(mac_t *address) /* If we don't know this MAC address yet, store it */ if(!subnet || subnet->owner != myself) { - logger(DEBUG_TRAFFIC, LOG_INFO, _("Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx"), + ifdebug(TRAFFIC) logger(LOG_INFO, _("Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx"), address->x[0], address->x[1], address->x[2], address->x[3], address->x[4], address->x[5]); @@ -163,7 +163,7 @@ void age_mac(void) next = node->next; s = (subnet_t *) node->data; if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now) { - logger(DEBUG_TRAFFIC, LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"), + ifdebug(TRAFFIC) logger(LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"), s->net.mac.address.x[0], s->net.mac.address.x[1], s->net.mac.address.x[2], s->net.mac.address.x[3], s->net.mac.address.x[4], s->net.mac.address.x[5]); @@ -272,7 +272,7 @@ static node_t *route_ipv4(vpn_packet_t *packet) subnet = lookup_subnet_ipv4((ipv4_t *) & packet->data[30]); if(!subnet) { - logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"), + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"), packet->data[30], packet->data[31], packet->data[32], packet->data[33]); @@ -363,7 +363,7 @@ static node_t *route_ipv6(vpn_packet_t *packet) subnet = lookup_subnet_ipv6((ipv6_t *) & packet->data[38]); if(!subnet) { - logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), ntohs(*(uint16_t *) & packet->data[38]), ntohs(*(uint16_t *) & packet->data[40]), ntohs(*(uint16_t *) & packet->data[42]), @@ -415,7 +415,7 @@ static void route_neighborsol(vpn_packet_t *packet) if(ns->nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT || opt->nd_opt_type != ND_OPT_SOURCE_LINKADDR) { - logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request")); + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request")); return; } @@ -432,7 +432,7 @@ static void route_neighborsol(vpn_packet_t *packet) checksum = inet_checksum(ns, sizeof(*ns) + 8, checksum); if(checksum) { - logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request")); + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request")); return; } @@ -441,7 +441,7 @@ static void route_neighborsol(vpn_packet_t *packet) subnet = lookup_subnet_ipv6((ipv6_t *) & ns->nd_ns_target); if(!subnet) { - logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), ntohs(((uint16_t *) & ns->nd_ns_target)[0]), ntohs(((uint16_t *) & ns->nd_ns_target)[1]), ntohs(((uint16_t *) & ns->nd_ns_target)[2]), @@ -520,7 +520,7 @@ static void route_arp(vpn_packet_t *packet) if(ntohs(arp->arp_hrd) != ARPHRD_ETHER || ntohs(arp->arp_pro) != ETHERTYPE_IP || arp->arp_hln != ETHER_ADDR_LEN || arp->arp_pln != 4 || ntohs(arp->arp_op) != ARPOP_REQUEST) { - logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: received unknown type ARP request")); + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: received unknown type ARP request")); return; } @@ -529,7 +529,7 @@ static void route_arp(vpn_packet_t *packet) subnet = lookup_subnet_ipv4((ipv4_t *) arp->arp_tpa); if(!subnet) { - logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: ARP request for unknown address %d.%d.%d.%d"), + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: ARP request for unknown address %d.%d.%d.%d"), arp->arp_tpa[0], arp->arp_tpa[1], arp->arp_tpa[2], arp->arp_tpa[3]); return; @@ -584,7 +584,7 @@ void route_outgoing(vpn_packet_t *packet) return; default: - logger(DEBUG_TRAFFIC, LOG_WARNING, _("Cannot route packet: unknown type %hx"), type); + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: unknown type %hx"), type); return; } if(n) diff --git a/src/route.h b/src/route.h index 0e23486f..3ac2c95e 100644 --- a/src/route.h +++ b/src/route.h @@ -1,7 +1,7 @@ /* route.h -- header file for route.c - Copyright (C) 2000-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + Copyright (C) 2000-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.h,v 1.1.2.10 2003/06/11 19:28:35 guus Exp $ + $Id: route.h,v 1.1.2.11 2003/07/12 17:41:47 guus Exp $ */ #ifndef __TINC_ROUTE_H__ diff --git a/src/solaris/device.c b/src/solaris/device.c index 30887d7f..5183721c 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -1,7 +1,7 @@ /* device.c -- Interaction with Solaris tun device - Copyright (C) 2001-2002 Ivo Timmermans , - 2001-2002 Guus Sliepen + Copyright (C) 2001-2003 Ivo Timmermans , + 2001-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.13 2003/07/06 22:11:37 guus Exp $ + $Id: device.c,v 1.1.2.14 2003/07/12 17:41:48 guus Exp $ */ @@ -68,7 +68,7 @@ int setup_device(void) device = DEFAULT_DEVICE; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); + logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; } @@ -80,35 +80,35 @@ int setup_device(void) ppa = atoi(ptr); if((ip_fd = open("/dev/ip", O_RDWR, 0)) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open /dev/ip: %s"), strerror(errno)); + logger(LOG_ERR, _("Could not open /dev/ip: %s"), strerror(errno)); return -1; } /* Assign a new PPA and get its unit number. */ if((ppa = ioctl(device_fd, TUNNEWPPA, ppa)) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't assign new interface: %s"), strerror(errno)); + logger(LOG_ERR, _("Can't assign new interface: %s"), strerror(errno)); return -1; } if((if_fd = open(device, O_RDWR, 0)) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Could not open %s twice: %s"), device, + logger(LOG_ERR, _("Could not open %s twice: %s"), device, strerror(errno)); return -1; } if(ioctl(if_fd, I_PUSH, "ip") < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't push IP module: %s"), strerror(errno)); + logger(LOG_ERR, _("Can't push IP module: %s"), strerror(errno)); return -1; } /* Assign ppa according to the unit number returned by tun device */ if(ioctl(if_fd, IF_UNITSEL, (char *) &ppa) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't set PPA %d: %s"), ppa, strerror(errno)); + logger(LOG_ERR, _("Can't set PPA %d: %s"), ppa, strerror(errno)); return -1; } if(ioctl(ip_fd, I_LINK, if_fd) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't link TUN device to IP: %s"), strerror(errno)); + logger(LOG_ERR, _("Can't link TUN device to IP: %s"), strerror(errno)); return -1; } @@ -117,7 +117,7 @@ int setup_device(void) device_info = _("Solaris tun device"); - logger(DEBUG_ALWAYS, LOG_INFO, _("%s is a %s"), device, device_info); + logger(LOG_INFO, _("%s is a %s"), device, device_info); return 0; } @@ -136,7 +136,7 @@ int read_packet(vpn_packet_t *packet) cp(); if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return -1; } @@ -148,7 +148,7 @@ int read_packet(vpn_packet_t *packet) device_total_in += packet->len; - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); return 0; @@ -158,11 +158,11 @@ int write_packet(vpn_packet_t *packet) { cp(); - logger(DEBUG_TRAFFIC, LOG_DEBUG, _("Writing packet of %d bytes to %s"), + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Can't write to %s %s: %s"), device_info, packet->len, + logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, packet->len, strerror(errno)); return -1; } @@ -176,7 +176,7 @@ void dump_device_stats(void) { cp(); - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); } diff --git a/src/subnet.c b/src/subnet.c index 6a7cf78e..2aab91d1 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -1,7 +1,7 @@ /* subnet.c -- handle subnet lookups and lists - Copyright (C) 2000-2002 Guus Sliepen , - 2000-2002 Ivo Timmermans + Copyright (C) 2000-2003 Guus Sliepen , + 2000-2003 Ivo Timmermans This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.45 2003/07/06 23:16:29 guus Exp $ + $Id: subnet.c,v 1.1.2.46 2003/07/12 17:41:47 guus Exp $ */ #include "config.h" @@ -111,7 +111,7 @@ static int subnet_compare(subnet_t *a, subnet_t *b) case SUBNET_IPV6: return subnet_compare_ipv6(a, b); default: - logger(DEBUG_ALWAYS, LOG_ERR, _("subnet_compare() was called with unknown subnet type %d, exitting!"), + logger(LOG_ERR, _("subnet_compare() was called with unknown subnet type %d, exitting!"), a->type); cp_trace(); exit(0); @@ -295,7 +295,7 @@ char *net2str(subnet_t *subnet) break; default: - logger(DEBUG_ALWAYS, LOG_ERR, + logger(LOG_ERR, _("net2str() was called with unknown subnet type %d, exiting!"), subnet->type); cp_trace(); @@ -411,14 +411,14 @@ void dump_subnets(void) cp(); - logger(DEBUG_ALWAYS, LOG_DEBUG, _("Subnet list:")); + logger(LOG_DEBUG, _("Subnet list:")); for(node = subnet_tree->head; node; node = node->next) { subnet = (subnet_t *) node->data; netstr = net2str(subnet); - logger(DEBUG_ALWAYS, LOG_DEBUG, _(" %s owner %s"), netstr, subnet->owner->name); + logger(LOG_DEBUG, _(" %s owner %s"), netstr, subnet->owner->name); free(netstr); } - logger(DEBUG_ALWAYS, LOG_DEBUG, _("End of subnet list.")); + logger(LOG_DEBUG, _("End of subnet list.")); } diff --git a/src/tincd.c b/src/tincd.c index bcbd54a6..185a96a6 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -1,7 +1,7 @@ /* tincd.c -- the main file for tincd - Copyright (C) 1998-2002 Ivo Timmermans - 2000-2002 Guus Sliepen + Copyright (C) 1998-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.71 2003/07/06 23:16:29 guus Exp $ + $Id: tincd.c,v 1.10.4.72 2003/07/12 17:41:47 guus Exp $ */ #include "config.h" @@ -334,7 +334,7 @@ static void make_names(void) if(!confbase) asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); else - logger(DEBUG_ALWAYS, LOG_INFO, _("Both netname and configuration directory given, using the latter...")); + logger(LOG_INFO, _("Both netname and configuration directory given, using the latter...")); if(!identname) asprintf(&identname, "tinc.%s", netname); @@ -367,7 +367,7 @@ int main(int argc, char **argv, char **envp) if(show_version) { printf(_("%s version %s (built %s %s, protocol %d)\n"), PACKAGE, VERSION, __DATE__, __TIME__, PROT_CURRENT); - printf(_("Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" + printf(_("Copyright (C) 1998-2003 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" "and you are welcome to redistribute it under certain conditions;\n" @@ -389,11 +389,11 @@ int main(int argc, char **argv, char **envp) if(do_mlock) #ifdef HAVE_MLOCKALL if(mlockall(MCL_CURRENT | MCL_FUTURE)) { - logger(DEBUG_ALWAYS, LOG_ERR, _("System call `%s' failed: %s"), "mlockall", + logger(LOG_ERR, _("System call `%s' failed: %s"), "mlockall", strerror(errno)); #else { - logger(DEBUG_ALWAYS, LOG_ERR, _("mlockall() not supported on this platform!")); + logger(LOG_ERR, _("mlockall() not supported on this platform!")); #endif return -1; } @@ -417,7 +417,7 @@ int main(int argc, char **argv, char **envp) exit(1); if(lzo_init() != LZO_E_OK) { - logger(DEBUG_ALWAYS, LOG_ERR, _("Error initializing LZO compressor!")); + logger(LOG_ERR, _("Error initializing LZO compressor!")); exit(1); } @@ -430,14 +430,14 @@ int main(int argc, char **argv, char **envp) cleanup_and_exit(1); } - logger(DEBUG_ALWAYS, LOG_ERR, _("Unrecoverable error")); + logger(LOG_ERR, _("Unrecoverable error")); cp_trace(); if(do_detach) { - logger(DEBUG_ALWAYS, LOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout); + logger(LOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout); sleep(maxtimeout); } else { - logger(DEBUG_ALWAYS, LOG_ERR, _("Not restarting.")); + logger(LOG_ERR, _("Not restarting.")); exit(1); } } From 085d33e6265e139bb08cdfda3d7498993190d187 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 12 Jul 2003 17:48:38 +0000 Subject: [PATCH 757/923] Update copyrights. --- lib/avl_tree.c | 8 ++++---- lib/avl_tree.h | 8 ++++---- lib/dropin.c | 6 +++--- lib/dropin.h | 6 +++--- lib/list.c | 6 +++--- lib/list.h | 6 +++--- lib/utils.c | 4 ++-- lib/utils.h | 4 ++-- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/lib/avl_tree.c b/lib/avl_tree.c index 53d82eb4..fc3c27e7 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -1,9 +1,9 @@ /* avl_tree.c -- avl_ tree and linked list convenience Copyright (C) 1998 Michael H. Buselli - 2000,2001 Ivo Timmermans , - 2000,2001 Guus Sliepen - 2000,2001 Wessel Dankers + 2000-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen + 2000-2003 Wessel Dankers This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.14 2003/07/06 23:16:27 guus Exp $ + $Id: avl_tree.c,v 1.1.2.15 2003/07/12 17:48:38 guus Exp $ */ #include diff --git a/lib/avl_tree.h b/lib/avl_tree.h index 9a531ad9..b026e1e7 100644 --- a/lib/avl_tree.h +++ b/lib/avl_tree.h @@ -1,9 +1,9 @@ /* avl_tree.h -- header file for avl_tree.c Copyright (C) 1998 Michael H. Buselli - 2000,2001 Ivo Timmermans , - 2000,2001 Guus Sliepen - 2000,2001 Wessel Dankers + 2000-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen + 2000-2003 Wessel Dankers This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.h,v 1.1.2.8 2003/07/12 17:41:45 guus Exp $ + $Id: avl_tree.h,v 1.1.2.9 2003/07/12 17:48:38 guus Exp $ */ diff --git a/lib/dropin.c b/lib/dropin.c index 2dd09108..24d25ca5 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -1,7 +1,7 @@ /* dropin.c -- a set of drop-in replacements for libc functions - Copyright (C) 2000,2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 2000-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.13 2003/07/12 17:41:45 guus Exp $ + $Id: dropin.c,v 1.1.2.14 2003/07/12 17:48:38 guus Exp $ */ #include "config.h" diff --git a/lib/dropin.h b/lib/dropin.h index b26a86dc..e4aa7021 100644 --- a/lib/dropin.h +++ b/lib/dropin.h @@ -1,7 +1,7 @@ /* dropin.h -- header file for dropin.c - Copyright (C) 2000,2001 Ivo Timmermans , - 2000,2001 Guus Sliepen + Copyright (C) 2000-2003 Ivo Timmermans , + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.h,v 1.1.2.10 2003/07/12 17:41:45 guus Exp $ + $Id: dropin.h,v 1.1.2.11 2003/07/12 17:48:38 guus Exp $ */ #ifndef __DROPIN_H__ diff --git a/lib/list.c b/lib/list.c index 699b27e4..0b516c88 100644 --- a/lib/list.c +++ b/lib/list.c @@ -1,7 +1,7 @@ /* list.c -- functions to deal with double linked lists - Copyright (C) 2000,2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 2000-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.14 2003/07/12 17:41:45 guus Exp $ + $Id: list.c,v 1.1.2.15 2003/07/12 17:48:38 guus Exp $ */ #include "config.h" diff --git a/lib/list.h b/lib/list.h index 175d640e..ff540928 100644 --- a/lib/list.h +++ b/lib/list.h @@ -1,7 +1,7 @@ /* list.h -- header file for list.c - Copyright (C) 2000,2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 2000-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.h,v 1.1.2.9 2003/07/06 23:16:28 guus Exp $ + $Id: list.h,v 1.1.2.10 2003/07/12 17:48:38 guus Exp $ */ #ifndef __TINC_LIST_H__ diff --git a/lib/utils.c b/lib/utils.c index 79e32080..9552c5c0 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -1,7 +1,7 @@ /* utils.c -- gathering of some stupid small functions - Copyright (C) 1999-2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/lib/utils.h b/lib/utils.h index 6f3b18f4..2a56ef5a 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -1,7 +1,7 @@ /* utils.h -- header file for utils.c - Copyright (C) 1999-2001 Ivo Timmermans - 2000,2001 Guus Sliepen + Copyright (C) 1999-2003 Ivo Timmermans + 2000-2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by From a438ac911e7e60e54d7d1fc4f84373fab7e055af Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 12 Jul 2003 20:19:22 +0000 Subject: [PATCH 758/923] Removing distribution specific files from CVS. --- redhat/.cvsignore | 1 - redhat/README | 14 ---- redhat/tinc | 163 ---------------------------------------------- redhat/tinc.spec | 91 -------------------------- 4 files changed, 269 deletions(-) delete mode 100644 redhat/.cvsignore delete mode 100644 redhat/README delete mode 100644 redhat/tinc delete mode 100644 redhat/tinc.spec diff --git a/redhat/.cvsignore b/redhat/.cvsignore deleted file mode 100644 index 6179e0db..00000000 --- a/redhat/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile Makefile.in diff --git a/redhat/README b/redhat/README deleted file mode 100644 index e8ed0dfa..00000000 --- a/redhat/README +++ /dev/null @@ -1,14 +0,0 @@ -To make tinc RPMs: - -copy tinc-???.tar.gz to /usr/src/redhat/SOURCES/ and run - - rpm -ba tinc.spec - -- and tinc.spec can be found in this directory. - -The rpm's will be placed in /usr/src/redhat/RPMS/i386 (e.g.). - - -Happy Hacking! - -Mads Kiilerich diff --git a/redhat/tinc b/redhat/tinc deleted file mode 100644 index 9fce4174..00000000 --- a/redhat/tinc +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/sh -# -# tinc tincd VPN setup script -# -# chkconfig: 2345 46 54 -# -# version: 1.0.8 -# authors: Lubomir Bulej -# Mads Kiilerich -# -# description: This script parses tinc configuration files for networks given \ -# in /etc/tinc/nets.boot and for each of the networks it sets up \ -# the interface and static routes and starts the tinc daemon. -# -# processname: tincd - -# Source function library. -. /etc/rc.d/init.d/functions - -# Source networking configuration. -. /etc/sysconfig/network - -# Check that networking is up. -[ ${NETWORKING} = "no" ] && exit 0 - -############################################################################# -# configuration & sanity checks - -TINCD=/usr/sbin/tincd -TCONF=/etc/tinc -TPIDS=/var/run -#DEBUG=-dddd - -NETSFILE=$TCONF/nets.boot - -# Check the daemon -if [ ! -x $TINCD ]; then - echo "**tinc: $TINCD does not exist or is not executable!" >&2 - exit -fi - -# Check the configuration directory -if [ ! -d $TCONF ]; then - echo "**tinc: configuration directory ($TCONF) not found!" >&2 - exit -fi - -# Check nets.boot -if [ ! -f $NETSFILE ]; then - echo "**tinc: file with list of VPNs to start ($NETSFILE) not found!" >&2 - exit -fi - -# Load names of networks to be started -NETS="$(sed -e 's/#.*//; s/[[:space:]]//g; /^$/ d' $NETSFILE)" - - -############################################################################## -# vpn_start () starts specified VPN -# -# $1 ... VPN to start - -vpn_start () { - # start tincd - $TINCD --net="$1" $DEBUG || \ - { MSG="could not start daemon for network $1"; return 3; } - return 0 -} # vpn_start - - -############################################################################## -# vpn_stop () Stops specified VPN -# -# $1 ... VPN to stop - -vpn_stop () { - # kill the tincd daemon - PID="$TPIDS/tinc.$1.pid" - if [ -f $PID ]; then - $TINCD --net="$1" --kill &> /dev/null - RET=$? - - if [ $RET -eq 0 ]; then - dly=0 - while [ $dly -le 5 ]; do - [ -f $PID ] || break - sleep 1; dly=$((dly + 1)) - done - fi - - # remove stale PID file - [ -f $PID ] && rm -f $PID - fi - return 0 -} # vpn_stop - - -# Check if there is anything to start -if [ ! -z "$1" -a "$1" != "status" -a -z "$NETS" ]; then - echo "**tinc: no networks found in $NETSFILE!" >&2 - exit -fi - - -# See how we were called. -case "$1" in - start) - for vpn in $NETS; do - echo -n "Bringing up TINC network $vpn: " - vpn_start $vpn && \ - success "startup of network $vpn" || \ - failure "startup of network $vpn" - echo - - if [ ! -z "$MSG" ]; then - [ ! -z "$ERR" ] && echo "$ERR" >&2 - echo "**tinc: $MSG" >&2 - fi - done - - touch /var/lock/subsys/tinc - ;; - - stop) - for vpn in $NETS; do - echo -n "Shutting down TINC network $vpn: " - vpn_stop $vpn && \ - success "shutdown of network $vpn" || \ - failure "shutdown of network $vpn" - echo - - if [ ! -z "$MSG" ]; then - [ ! -z "$ERR" ] && echo "$ERR" >&2 - echo "**tinc: $MSG" >&2 - fi - done - - rm -f /var/lock/subsys/tinc - ;; - - status) - echo -n "Configured VPNs: " - for vpn in $NETS; do - PID="$TPIDS/tinc.$vpn.pid" - - [ -f $PID ] && PID="$(cat $PID)" || PID="-dead-" - ps ax | grep "^[[:space:]]*$PID" && STS="OK" || STS="DEAD" - echo -n "$vpn:$STS " - done - echo - ;; - - restart) - $0 stop - $0 start - ;; - - *) - echo "Usage: tinc {start|stop|status|restart}" - exit 1 -esac - -exit 0 diff --git a/redhat/tinc.spec b/redhat/tinc.spec deleted file mode 100644 index b7357d93..00000000 --- a/redhat/tinc.spec +++ /dev/null @@ -1,91 +0,0 @@ -Summary: tinc Virtual Private Network daemon -Name: tinc -Version: 1.0 -Release: cvs -Copyright: GPL -Group: System Environment/Daemons -URL: http://tinc.nl.linux.org/ -Source0: %{name}-%{version}-%{release}.tar.gz -Buildroot: /var/tmp/%{name} -#-%{version}-%{release} -#Requires: iproute -# for building the package the following is required: -# /usr/bin/texi2html /usr/bin/patch - -%description -# taken from doc/tinc.texi -tinc is a Virtual Private Network (VPN) daemon that uses tunneling and -encryption to create a secure private network between hosts on the -Internet. - -Because the tunnel appears to the IP level network code as a normal -network device, there is no need to adapt any existing software. - -This tunneling allows VPN sites to share information with each other -over the Internet without exposing any information to others. - -See http://tinc.nl.linux.org/ - -%prep - -%setup -q -n %{name}-%{version}-%{release} - -%build -./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var -make -/usr/bin/texi2html doc/tinc.texi - -%install -rm -rf $RPM_BUILD_ROOT -make install DESTDIR=$RPM_BUILD_ROOT -gzip $RPM_BUILD_ROOT/usr/info/tinc.info - -mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d/ -cp redhat/tinc $RPM_BUILD_ROOT/etc/rc.d/init.d/ - -mkdir -p $RPM_BUILD_ROOT/etc/tinc/ -touch $RPM_BUILD_ROOT/etc/tinc/nets.boot - -%clean -rm -rf $RPM_BUILD_ROOT - -%pre -%post - -/sbin/chkconfig --add tinc - -grep -q '^tinc[[:space:]]' /etc/services || patch -s /etc/services << END -*** services.org Tue Apr 18 13:22:22 2000 ---- services Tue Apr 18 13:24:19 2000 -*************** -*** 145,148 **** ---- 145,150 ---- - hmmp-ind 612/tcp dqs313_intercell# HMMP Indication / DQS - hmmp-ind 612/udp dqs313_intercell# HMMP Indication / DQS -+ tinc 655/tcp TINC # tinc vpn -+ tinc 655/udp TINC # http://tinc.nl.linux.org/ - # - # UNIX specific services -END - -grep -q '^alias tap0' /etc/conf.modules || cat >> /etc/conf.modules << END -# tinc uses ethertap/netlink -alias tap0 ethertap -alias char-major-36 netlink_dev -alias char-major-10-200 tun -END -/sbin/install-info /usr/info/tinc.info.gz /usr/info/dir - -%preun -/sbin/install-info --delete /usr/info/tinc.info.gz /usr/info/dir - -%postun - -%files -%doc AUTHORS ChangeLog NEWS README THANKS *.html -%config /etc/tinc/ -%attr(0755,root,root) /etc/rc.d/init.d/tinc -/usr/sbin/tincd -/usr/man/man5/tinc.conf.5 -/usr/man/man8/tincd.8 -/usr/info/tinc.info.gz From 784db4e70d2573468c82ff5dfee723b77a20322f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 12 Jul 2003 20:24:04 +0000 Subject: [PATCH 759/923] Format string checking for logger(). --- src/logger.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/logger.h b/src/logger.h index f7507707..edd0d933 100644 --- a/src/logger.h +++ b/src/logger.h @@ -25,7 +25,7 @@ enum { extern int debug_level; extern void openlogger(const char *, int); -extern void logger(int, const char *, ...); +extern void logger(int, const char *, ...) __attribute__ ((format(printf, 2, 3))); extern void closelogger(void); #define ifdebug(l) if(debug_level >= DEBUG_##l) From d26a4af4561ce4236b8224919cf4f3636f57b4c1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 15 Jul 2003 16:26:18 +0000 Subject: [PATCH 760/923] Export mymac. --- src/route.c | 4 ++-- src/route.h | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/route.c b/src/route.c index 382a6dde..f00728c7 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.57 2003/07/12 17:41:47 guus Exp $ + $Id: route.c,v 1.1.2.58 2003/07/15 16:26:18 guus Exp $ */ #include "config.h" @@ -84,7 +84,7 @@ int routing_mode = RMODE_ROUTER; int priorityinheritance = 0; int macexpire = 600; int overwrite_mac = 0; -static mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}}; +mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}}; /* RFC 1071 */ diff --git a/src/route.h b/src/route.h index 3ac2c95e..8daef5a4 100644 --- a/src/route.h +++ b/src/route.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.h,v 1.1.2.11 2003/07/12 17:41:47 guus Exp $ + $Id: route.h,v 1.1.2.12 2003/07/15 16:26:18 guus Exp $ */ #ifndef __TINC_ROUTE_H__ @@ -34,6 +34,8 @@ extern int overwrite_mac; extern int priorityinheritance; extern int macexpire; +extern mac_t mymac; + extern void age_mac(void); extern void route_incoming(node_t *, vpn_packet_t *); extern void route_outgoing(vpn_packet_t *); From 4c52febc57f2e34f5a187f0e57782903fe1eb95e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 15 Jul 2003 16:27:39 +0000 Subject: [PATCH 761/923] Make use of the CIPE driver. Woohoo, tinc for Windows! --- src/cygwin/device.c | 440 +++++++++++++++++++++++++++++++------------- 1 file changed, 313 insertions(+), 127 deletions(-) diff --git a/src/cygwin/device.c b/src/cygwin/device.c index 19ca204c..39efbb0c 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -1,127 +1,313 @@ -/* - device.c -- Stub for Cygwin environment - Copyright (C) 2002-2003 Ivo Timmermans , - 2002-2003 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: device.c,v 1.1.2.7 2003/07/12 17:41:47 guus Exp $ -*/ - -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include - -#include -#include "conf.h" -#include "net.h" -#include "logger.h" - -#include "system.h" - -int device_fd = -1; -int device_type; -char *device; -char *interface; -char *device_info; - -int device_total_in = 0; -int device_total_out = 0; - -int setup_device(void) -{ - struct ifreq ifr; - - cp(); - - if(!get_config_string(lookup_config(config_tree, "Device"), &device)) - device = DEFAULT_DEVICE; - - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; - - if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { - logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); - return -1; - } - - device_info = _("Stub device for Cygwin environment"); - - logger(LOG_INFO, _("%s is a %s"), device, device_info); - - return 0; -} - -void close_device(void) -{ - cp(); - - close(device_fd); -} - -int read_packet(vpn_packet_t *packet) -{ - int lenin; - - cp(); - - if((lenin = read(device_fd, packet->data, MTU)) <= 0) { - logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, - device, strerror(errno)); - return -1; - } - - packet->len = lenin; - - device_total_in += packet->len; - - ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, - device_info); - - return 0; -} - -int write_packet(vpn_packet_t *packet) -{ - cp(); - - ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), - packet->len, device_info); - - if(write(device_fd, packet->data, packet->len) < 0) { - logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, - strerror(errno)); - return -1; - } - - device_total_out += packet->len; - - return 0; -} - -void dump_device_stats(void) -{ - cp(); - - logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -} +/* + device.c -- Interaction with CIPE driver in a Cygwin environment + Copyright (C) 2002-2003 Ivo Timmermans , + 2002-2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.1.2.8 2003/07/15 16:27:39 guus Exp $ +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +// #include +#include "conf.h" +#include "net.h" +#include "logger.h" +#include "route.h" + +#include "system.h" + +/* Definitions from CIPE */ + +#define NETCARD_REG_KEY_2000 "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}" +#define NETCARD_REG_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards" +#define REG_SERVICE_KEY "SYSTEM\\CurrentControlSet\\Services" + +#define USERMODEDEVICEDIR "\\\\.\\" +#define SYSDEVICEDIR "\\Device\\" +#define USERDEVICEDIR "\\??\\" +#define TAPSUFFIX ".tap" + +#define PRODUCT_STRING "DKW Heavy Industries VPN Adapter." +#define CIPE_SERVICE_NAME "CIPE_Daemon" +#define CIPE_DRIVER_NAME "CIPE" + +#define CIPE_NDIS_MAJOR_VERSION 4 +#define CIPE_NDIS_MINOR_VERSION 0 + +#ifndef CIPE_DRIVER_MAJOR_VERSION +# define CIPE_DRIVER_MAJOR_VERSION 2 +#endif + +#ifndef CIPE_DRIVER_MINOR_VERSION +# define CIPE_DRIVER_MINOR_VERSION 1 +#endif + +#ifndef CIPE_MAC_ROOT_ADDRESS +# define CIPE_MAC_ROOT_ADDRESS "8:0:58:0:0:1" +#endif + +#define CIPE_CONTROL_CODE(request,method) CTL_CODE (FILE_DEVICE_PHYSICAL_NETCARD | 8000, request, method, FILE_ANY_ACCESS) + +#define CIPE_IOCTL_GET_LASTMAC CIPE_CONTROL_CODE (0, METHOD_BUFFERED) +#define CIPE_IOCTL_GET_MAC CIPE_CONTROL_CODE (1, METHOD_BUFFERED) +#define CIPE_IOCTL_SET_STATISTICS CIPE_CONTROL_CODE (2, METHOD_BUFFERED) + +/* Windows 2000 */ +#define OSTYPE 5 + +int device_fd = -1; +char *device = NULL; +char *iface = NULL; +char *device_info = NULL; + +int device_total_in = 0; +int device_total_out = 0; + +HANDLE handle; + +pid_t reader_pid; +int sp[2]; + +int setup_device(void) +{ + HKEY key, key2, adapterkey; + int i; + + char adapterid[1024]; + char manufacturer[1024]; + char productname[1024]; + char adaptername[1024]; + char tapname[1024]; + char gelukt = 0; + long len; + + FILETIME filetime; + bool found = false; + + cp(); + + get_config_string(lookup_config(config_tree, "Device"), &device); + + /* Open registry and look for network adapters */ + + if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, (OSTYPE > 4 ? NETCARD_REG_KEY_2000 : NETCARD_REG_KEY), 0, KEY_READ, &key)) { + logger(LOG_ERR, _("Unable to read registry")); + return -1; + } + + for (i = 0; ; i++) { + len = sizeof(adapterid); + if(RegEnumKeyEx (key, i, adapterid, &len, 0, 0, 0, &filetime)) + break; + + /* Find out more about this adapter */ + + if(RegOpenKeyEx (key, adapterid, 0, KEY_READ, &adapterkey)) { + logger(LOG_ERR, _("Unable to read registry")); + return -1; + } + + len = sizeof(productname); + if(RegQueryValueEx(adapterkey, "ProductName", 0, 0, productname, &len)) + goto skip; + + len = sizeof(manufacturer); + if(RegQueryValueEx(adapterkey, "Manufacturer", 0, 0, manufacturer, &len)) + goto skip; + + if(!strcmp(productname, "CIPE") && !strcmp(manufacturer, "DKWHeavyIndustries")) { + if(device && strcmp(adapterid, device)) + continue; + if(!device) + device = xstrdup(adapterid); + found = true; + break; + } + +skip: + RegCloseKey (adapterkey); + } + + if(!found) { + logger(LOG_ERR, _("No CIPE adapters found!")); + return -1; + } + + /* Get adapter name */ + + len = sizeof(adaptername); + RegQueryValueEx(adapterkey, (OSTYPE > 4 ? "NetCfgInstanceId" : "ServiceName"), 0, 0, adaptername, &len); + + /* FIXME? cipsrvr checks if the device is in use at this point */ + + /* Try to open the corresponding tap device */ + + snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, adaptername); + + /* Now we are going to open this device twice: once for reading and once for writing. + We do this because apparently it isn't possible to check for activity in the select() loop. + Furthermore I don't really know how to do it the "Windows" way. */ + + if(socketpair(AF_UNIX, SOCK_DGRAM, PF_UNIX, sp)) { + logger(LOG_DEBUG, _("System call `%s' failed: %s"), "socketpair", strerror(errno)); + return -1; + } + + reader_pid = fork(); + + if(reader_pid == -1) { + logger(LOG_DEBUG, _("System call `%s' failed: %s"), "fork", strerror(errno)); + return -1; + } + + if(!reader_pid) { + /* The child opens the tap device for reading, blocking. + It passes everything it reads to the socket. */ + + char buf[MTU]; + int lenin; + + handle = CreateFile(tapname, GENERIC_READ, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); + + if(handle == INVALID_HANDLE_VALUE) { + logger(LOG_ERR, _("Could not open CIPE tap device for reading!")); + buf[0] = 0; + write(sp[1], buf, 1); + exit(1); + } + + logger(LOG_DEBUG, _("Tap reader forked and running.")); + + /* Notify success */ + + buf[0] = 1; + write(sp[1], buf, 1); + + /* Pass packets */ + + for(;;) { + ReadFile (handle, buf, MTU, &lenin, NULL); + write(sp[1], buf, lenin); + } + } + + /* The parent opens the tap device for writing. */ + + handle = CreateFile(tapname, GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); + + if(handle == INVALID_HANDLE_VALUE) { + logger(LOG_ERR, _("Could not open CIPE tap device for writing!")); + return -1; + } + + device_fd = sp[0]; + + /* Get MAC address from tap device */ + + if(routing_mode == RMODE_ROUTER) { + DeviceIoControl (handle, CIPE_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0); + overwrite_mac = 1; + } + + read(device_fd, &gelukt, 1); + if(gelukt != 1) { + logger(LOG_DEBUG, "Tap reader failed!"); + return -1; + } + + if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) + iface = device; + + device_info = _("Cygwin CIPE device"); + + logger(LOG_INFO, _("%s is a %s"), device, device_info); + + return 0; +} + +void close_device(void) +{ + cp(); + + close(sp[0]); + close(sp[1]); + CloseHandle(handle); + + kill(reader_pid, SIGKILL); +} + +int read_packet(vpn_packet_t *packet) +{ + int lenin; + + cp(); + + if((lenin = read(sp[0], packet->data, MTU)) <= 0) { + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return -1; + } + + packet->len = lenin; + + device_total_in += packet->len; + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + device_info); + + return 0; +} + +int write_packet(vpn_packet_t *packet) +{ + int lenout; + + cp(); + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + if(!WriteFile (handle, packet->data, packet->len, &lenout, NULL)) { + logger(LOG_ERR, "Error while writing to %s %s", device_info, device); + return -1; + } + + device_total_out += packet->len; + + return 0; +} + +void dump_device_stats(void) +{ + cp(); + + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +} From 47721be760c495ec13d68181bc03b151ffc1399c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 15 Jul 2003 16:38:18 +0000 Subject: [PATCH 762/923] Windows headers declare a struct interface somewhere. --- src/device.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/device.h b/src/device.h index 8c31d801..4982cbab 100644 --- a/src/device.h +++ b/src/device.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.h,v 1.1.2.8 2003/07/12 17:41:45 guus Exp $ + $Id: device.h,v 1.1.2.9 2003/07/15 16:38:18 guus Exp $ */ #ifndef __TINC_DEVICE_H__ @@ -25,7 +25,13 @@ extern int device_fd; extern char *device; + +#ifdef HAVE_CYGWIN +extern char *iface; +#define interface iface +#else extern char *interface; +#endif extern int setup_device(void); extern void close_device(void); From e449d94caef963809d417f16497f6f978e10d731 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 17 Jul 2003 15:06:27 +0000 Subject: [PATCH 763/923] Big header file cleanup: everything that has to do with standard system libraries is moved to system.h. --- configure.in | 26 +++++++---- lib/avl_tree.c | 7 ++- lib/dropin.c | 17 +------ lib/dropin.h | 4 +- lib/fake-getaddrinfo.c | 12 +---- lib/fake-getaddrinfo.h | 8 +--- lib/fake-getnameinfo.c | 12 +---- lib/fake-getnameinfo.h | 7 +-- lib/ipv6.h | 9 +--- lib/list.c | 10 ++-- lib/pidfile.c | 11 +---- lib/utils.c | 13 ++---- lib/utils.h | 8 ---- src/conf.c | 30 ++++-------- src/conf.h | 10 +--- src/connection.c | 21 +++------ src/connection.h | 27 +++-------- src/edge.c | 28 ++++------- src/edge.h | 7 ++- src/event.c | 18 +++---- src/event.h | 5 +- src/graph.c | 26 ++++------- src/linux/device.c | 20 ++------ src/logger.c | 9 +--- src/logger.h | 3 -- src/meta.c | 21 +++------ src/net.c | 52 ++++----------------- src/net.h | 28 ++++------- src/net_packet.c | 57 +++++----------------- src/net_setup.c | 53 ++++----------------- src/net_socket.c | 65 +++++--------------------- src/netutl.c | 26 ++--------- src/netutl.h | 6 +-- src/node.c | 23 ++++----- src/node.h | 12 ++--- src/process.c | 33 ++++--------- src/process.h | 4 +- src/protocol.c | 23 +++------ src/protocol.h | 4 +- src/protocol_auth.c | 28 ++++------- src/protocol_edge.c | 29 ++++-------- src/protocol_key.c | 27 ++++------- src/protocol_misc.c | 21 +++------ src/protocol_subnet.c | 26 ++++------- src/route.c | 41 ++++++---------- src/subnet.c | 25 +++------- src/tincd.c | 29 ++---------- system.h | 104 +++++++++++++++++++++++++++++++++++++++-- 48 files changed, 359 insertions(+), 726 deletions(-) diff --git a/configure.in b/configure.in index a51bd296..52b9196b 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.66 2003/07/11 16:12:58 guus Exp $ +dnl $Id: configure.in,v 1.13.2.67 2003/07/17 15:06:25 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -67,6 +67,10 @@ case $host_os in AC_DEFINE(HAVE_CYGWIN, 1, [Cygwin]) [ rm -f src/device.c; ln -sf cygwin/device.c src/device.c ] ;; + *mingw*) + AC_DEFINE(HAVE_CYGWIN, 1, [MinGW]) + [ rm -f src/device.c; ln -sf mingw/device.c src/device.c ] + ;; *) AC_MSG_ERROR("Unknown operating system.") ;; @@ -85,14 +89,18 @@ dnl Checks for libraries. dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS([fcntl.h inttypes.h limits.h malloc.h stdint.h strings.h syslog.h unistd.h \ - sys/file.h sys/ioctl.h sys/param.h sys/time.h netinet/in_systm.h]) -AC_CHECK_HEADERS([net/ethernet.h net/if.h netinet/ip.h netinet/tcp.h netinet/ip6.h], [], [], - [#include - #include - #ifdef HAVE_NETINET_IN_SYSTM_H - #include - #endif]) +AC_CHECK_HEADERS([syslog.h sys/file.h sys/ioctl.h sys/param.h \ + sys/time.h sys/socket.h sys/wait.h netdb.h arpa/inet.h netinet/in_systm.h]) +AC_CHECK_HEADERS([net/ethernet.h net/if.h net/if_arp.h netinet/if_ether.h netinet/ip.h \ + netinet/tcp.h netinet/ip_icmp.h netinet/ip6.h netinet/icmp6.h], + [], [], + [#include + #include + #ifdef HAVE_NETINET_IN_SYSTM_H + #include + #endif + ] +) dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST diff --git a/lib/avl_tree.c b/lib/avl_tree.c index fc3c27e7..65df7b79 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -29,14 +29,13 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.15 2003/07/12 17:48:38 guus Exp $ + $Id: avl_tree.c,v 1.1.2.16 2003/07/17 15:06:25 guus Exp $ */ -#include -#include -#include +#include "system.h" #include "avl_tree.h" +#include "xalloc.h" #ifdef AVL_COUNT #define AVL_NODE_COUNT(n) ((n) ? (n)->count : 0) diff --git a/lib/dropin.c b/lib/dropin.c index 24d25ca5..0efa5f2b 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -17,23 +17,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.14 2003/07/12 17:48:38 guus Exp $ + $Id: dropin.c,v 1.1.2.15 2003/07/17 15:06:25 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include - -#include - -#include -#include +#include "system.h" #ifndef HAVE_DAEMON /* diff --git a/lib/dropin.h b/lib/dropin.h index e4aa7021..c0bf14da 100644 --- a/lib/dropin.h +++ b/lib/dropin.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.h,v 1.1.2.11 2003/07/12 17:48:38 guus Exp $ + $Id: dropin.h,v 1.1.2.12 2003/07/17 15:06:25 guus Exp $ */ #ifndef __DROPIN_H__ @@ -36,8 +36,6 @@ extern int asprintf(char **, const char *, ...); #endif #ifndef HAVE_GETNAMEINFO -#include -#include extern int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, size_t hostlen, char *serv, size_t servlen, int flags); #endif diff --git a/lib/fake-getaddrinfo.c b/lib/fake-getaddrinfo.c index 5e95a2a2..e1706802 100644 --- a/lib/fake-getaddrinfo.c +++ b/lib/fake-getaddrinfo.c @@ -9,17 +9,7 @@ * that ai_family is AF_INET. Don't use it for another purpose. */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include - -#include +#include "system.h" #include "fake-getaddrinfo.h" diff --git a/lib/fake-getaddrinfo.h b/lib/fake-getaddrinfo.h index 3f24375c..db7b1470 100644 --- a/lib/fake-getaddrinfo.h +++ b/lib/fake-getaddrinfo.h @@ -1,14 +1,8 @@ -/* $Id: fake-getaddrinfo.h,v 1.1.2.2 2003/07/06 23:16:27 guus Exp $ */ +/* $Id: fake-getaddrinfo.h,v 1.1.2.3 2003/07/17 15:06:25 guus Exp $ */ #ifndef _FAKE_GETADDRINFO_H #define _FAKE_GETADDRINFO_H -#include "config.h" - -#include -#include -#include - #include "fake-gai-errnos.h" #ifndef AI_PASSIVE diff --git a/lib/fake-getnameinfo.c b/lib/fake-getnameinfo.c index 50d0722f..8774da27 100644 --- a/lib/fake-getnameinfo.c +++ b/lib/fake-getnameinfo.c @@ -9,17 +9,7 @@ * that ai_family is AF_INET. Don't use it for another purpose. */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include - -#include +#include "system.h" #include "fake-getnameinfo.h" #include "fake-getaddrinfo.h" diff --git a/lib/fake-getnameinfo.h b/lib/fake-getnameinfo.h index 20889a6e..1d7b0db7 100644 --- a/lib/fake-getnameinfo.h +++ b/lib/fake-getnameinfo.h @@ -1,13 +1,8 @@ -/* $Id: fake-getnameinfo.h,v 1.1.2.2 2003/07/12 17:41:45 guus Exp $ */ +/* $Id: fake-getnameinfo.h,v 1.1.2.3 2003/07/17 15:06:25 guus Exp $ */ #ifndef _FAKE_GETNAMEINFO_H #define _FAKE_GETNAMEINFO_H -#include "config.h" - -#include -#include - #ifndef HAVE_GETNAMEINFO int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, size_t hostlen, char *serv, size_t servlen, int flags); diff --git a/lib/ipv6.h b/lib/ipv6.h index c04ada25..92a0ae09 100644 --- a/lib/ipv6.h +++ b/lib/ipv6.h @@ -17,19 +17,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ipv6.h,v 1.1.2.3 2003/07/11 16:12:59 guus Exp $ + $Id: ipv6.h,v 1.1.2.4 2003/07/17 15:06:25 guus Exp $ */ #ifndef __TINC_IPV6_H__ #define __TINC_IPV6_H__ -#include "config.h" - -#include -#ifdef HAVE_INTTYPES_H -#include -#endif - #ifndef AF_INET6 #define AF_INET6 10 #endif diff --git a/lib/list.c b/lib/list.c index 0b516c88..573bc9e1 100644 --- a/lib/list.c +++ b/lib/list.c @@ -17,17 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.15 2003/07/12 17:48:38 guus Exp $ + $Id: list.c,v 1.1.2.16 2003/07/17 15:06:25 guus Exp $ */ -#include "config.h" - -#include - -#include -#include +#include "system.h" #include "list.h" +#include "xalloc.h" /* (De)constructors */ diff --git a/lib/pidfile.c b/lib/pidfile.c index 250f67b7..2dea70b9 100644 --- a/lib/pidfile.c +++ b/lib/pidfile.c @@ -25,16 +25,7 @@ * First version (v0.2) released */ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "system.h" /* read_pid * diff --git a/lib/utils.c b/lib/utils.c index 9552c5c0..9ffad702 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -18,15 +18,10 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -#include "config.h" +#include "system.h" -#include -#include -#include - -#include -#include -#include +#include "../src/logger.h" +#include "utils.h" #ifdef ENABLE_TRACING volatile int (cp_line[]) = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; @@ -64,7 +59,7 @@ void bin2hex(char *src, char *dst, int length) #ifdef ENABLE_TRACING void cp_trace() { - syslog(LOG_DEBUG, "Checkpoint trace: %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d...", + logger(LOG_DEBUG, "Checkpoint trace: %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d <- %s:%d...", cp_file[(cp_index + 15) % 16], cp_line[(cp_index + 15) % 16], cp_file[(cp_index + 14) % 16], cp_line[(cp_index + 14) % 16], cp_file[(cp_index + 13) % 16], cp_line[(cp_index + 13) % 16], diff --git a/lib/utils.h b/lib/utils.h index 2a56ef5a..caf6e6f6 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -21,14 +21,6 @@ #ifndef __TINC_UTILS_H__ #define __TINC_UTILS_H__ -#include - -#include "fake-getaddrinfo.h" -#include "fake-getnameinfo.h" -#include "ipv6.h" - -#define min(a,b) (((a)<(b))?(a):(b)) - #ifdef ENABLE_TRACING extern volatile int cp_line[]; extern volatile char *cp_file[]; diff --git a/src/conf.c b/src/conf.c index b6d2b0af..f7019d14 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,32 +19,18 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.65 2003/07/12 17:41:45 guus Exp $ + $Id: conf.c,v 1.9.4.66 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include /* for cp */ -#include - -#include "conf.h" -#include "netutl.h" /* for str2address */ -#include "logger.h" - #include "system.h" +#include "avl_tree.h" +#include "conf.h" +#include "logger.h" +#include "netutl.h" /* for str2address */ +#include "utils.h" /* for cp */ +#include "xalloc.h" + avl_tree_t *config_tree; int pingtimeout = 0; /* seconds before timeout */ diff --git a/src/conf.h b/src/conf.h index 76e38932..32bb9091 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,18 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.38 2003/07/12 17:41:45 guus Exp $ + $Id: conf.h,v 1.6.4.39 2003/07/17 15:06:26 guus Exp $ */ #ifndef __TINC_CONF_H__ #define __TINC_CONF_H__ -#include -#include -#include - -#include -#include "net.h" +#include "avl_tree.h" #include "subnet.h" typedef struct config_t { @@ -57,7 +52,6 @@ extern int get_config_bool(config_t *, int *); extern int get_config_int(config_t *, int *); extern int get_config_string(config_t *, char **); extern int get_config_address(config_t *, struct addrinfo **); -struct subnet_t; /* Needed for next line. */ extern int get_config_subnet(config_t *, struct subnet_t **); extern int read_config_file(avl_tree_t *, const char *); diff --git a/src/connection.c b/src/connection.c index dbfe6d65..9890f51f 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,27 +17,20 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.39 2003/07/12 17:41:45 guus Exp $ + $Id: connection.c,v 1.1.2.40 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" - -#include -#include -#include - -#include -#include +#include "system.h" +#include "avl_tree.h" +#include "conf.h" +#include "list.h" +#include "logger.h" #include "net.h" /* Don't ask. */ #include "netutl.h" -#include "conf.h" -#include #include "subnet.h" -#include "logger.h" - +#include "utils.h" #include "xalloc.h" -#include "system.h" avl_tree_t *connection_tree; /* Meta connections */ connection_t *broadcast; diff --git a/src/connection.h b/src/connection.h index 30102f2c..1b3ca367 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,34 +17,21 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.33 2003/07/12 17:41:45 guus Exp $ + $Id: connection.h,v 1.1.2.34 2003/07/17 15:06:26 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ #define __TINC_CONNECTION_H__ -#include +#include +#include -#include -#include - -#ifdef HAVE_OPENSSL_EVP_H -# include -#else -# include -#endif - -#ifdef HAVE_OPENSSL_RSA_H -# include -#else -# include -#endif - -#include "net.h" +#include "avl_tree.h" #include "conf.h" - -#include "node.h" #include "edge.h" +#include "list.h" +#include "net.h" +#include "node.h" #define OPTION_INDIRECT 0x0001 #define OPTION_TCPONLY 0x0002 diff --git a/src/edge.c b/src/edge.c index 3bceb004..48ead007 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,29 +17,19 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.21 2003/07/12 17:41:45 guus Exp $ + $Id: edge.c,v 1.1.2.22 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" - -#include -#include - -#include -#include - -#include "net.h" /* Don't ask. */ -#include "netutl.h" -#include "conf.h" -#include -#include "subnet.h" -#include "edge.h" -#include "node.h" -#include "logger.h" - -#include "xalloc.h" #include "system.h" +#include "avl_tree.h" +#include "edge.h" +#include "logger.h" +#include "netutl.h" +#include "node.h" +#include "utils.h" +#include "xalloc.h" + avl_tree_t *edge_weight_tree; /* Tree with all edges, sorted on weight */ static int edge_compare(edge_t *a, edge_t *b) diff --git a/src/edge.h b/src/edge.h index 3fe8645a..b841bc9b 100644 --- a/src/edge.h +++ b/src/edge.h @@ -17,17 +17,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.13 2003/07/12 17:41:45 guus Exp $ + $Id: edge.h,v 1.1.2.14 2003/07/17 15:06:26 guus Exp $ */ #ifndef __TINC_EDGE_H__ #define __TINC_EDGE_H__ -#include - +#include "avl_tree.h" +#include "connection.h" #include "net.h" #include "node.h" -#include "connection.h" typedef struct edge_t { struct node_t *from; diff --git a/src/event.c b/src/event.c index 45961659..4eae34d1 100644 --- a/src/event.c +++ b/src/event.c @@ -17,22 +17,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.c,v 1.1.4.8 2003/07/12 17:41:45 guus Exp $ + $Id: event.c,v 1.1.4.9 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include - -#include "event.h" - #include "system.h" +#include "avl_tree.h" +#include "event.h" +#include "utils.h" +#include "xalloc.h" + avl_tree_t *event_tree; extern time_t now; diff --git a/src/event.h b/src/event.h index fb10c4a0..71aae18d 100644 --- a/src/event.h +++ b/src/event.h @@ -17,14 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.h,v 1.1.4.6 2003/07/12 17:41:45 guus Exp $ + $Id: event.h,v 1.1.4.7 2003/07/17 15:06:26 guus Exp $ */ #ifndef __TINC_EVENT_H__ #define __TINC_EVENT_H__ -#include -#include +#include "avl_tree.h" extern avl_tree_t *event_tree; diff --git a/src/graph.c b/src/graph.c index 3692f446..2c6ad22e 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.24 2003/07/12 17:41:45 guus Exp $ + $Id: graph.c,v 1.1.2.25 2003/07/17 15:06:26 guus Exp $ */ /* We need to generate two trees from the graph: @@ -44,27 +44,17 @@ destination address and port of a node if possible. */ -#include "config.h" - -#include -#include -#ifdef HAVE_SYS_PARAM_H -#include -#endif -#include - -#include -#include +#include "system.h" +#include "avl_tree.h" +#include "connection.h" +#include "device.h" +#include "edge.h" +#include "logger.h" #include "netutl.h" #include "node.h" -#include "edge.h" -#include "connection.h" #include "process.h" -#include "device.h" -#include "logger.h" - -#include "system.h" +#include "utils.h" /* Implementation of Kruskal's algorithm. Running time: O(EN) diff --git a/src/linux/device.c b/src/linux/device.c index f9105e65..08d9364d 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,20 +17,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.17 2003/07/12 17:41:48 guus Exp $ + $Id: device.c,v 1.1.2.18 2003/07/17 15:06:27 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "system.h" #ifdef HAVE_TUNTAP #ifdef LINUX_IF_TUN_H @@ -43,13 +33,11 @@ #define DEFAULT_DEVICE "/dev/tap0" #endif -#include #include "conf.h" +#include "logger.h" #include "net.h" #include "route.h" -#include "logger.h" - -#include "system.h" +#include "utils.h" enum { DEVICE_TYPE_ETHERTAP, diff --git a/src/logger.c b/src/logger.c index 012f19d0..b8ea0922 100644 --- a/src/logger.c +++ b/src/logger.c @@ -17,19 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: logger.c,v 1.1.2.3 2003/07/12 17:41:45 guus Exp $ + $Id: logger.c,v 1.1.2.4 2003/07/17 15:06:26 guus Exp $ */ -#include -#include -#include -#include +#include "system.h" #include "conf.h" #include "logger.h" -#include "system.h" - int debug_level = DEBUG_NOTHING; static int logmode = LOGMODE_STDERR; static pid_t logpid; diff --git a/src/logger.h b/src/logger.h index edd0d933..615d0c3a 100644 --- a/src/logger.h +++ b/src/logger.h @@ -1,8 +1,5 @@ #ifndef __TINC_LOGGER_H__ -#include -#include - enum { DEBUG_NOTHING = 0, /* Quiet mode, only show starting/stopping of the daemon */ DEBUG_ALWAYS = 0, diff --git a/src/meta.c b/src/meta.c index 939f76b8..967477b5 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,27 +17,20 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.35 2003/07/12 17:41:45 guus Exp $ + $Id: meta.c,v 1.1.2.36 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" -#include -#include - -#include -#include -#include -/* This line must be below the rest for FreeBSD */ -#include -#include +#include "system.h" #include -#include "net.h" +#include "avl_tree.h" #include "connection.h" -#include "system.h" -#include "protocol.h" #include "logger.h" +#include "net.h" +#include "protocol.h" +#include "system.h" +#include "utils.h" int send_meta(connection_t *c, char *buffer, int length) { diff --git a/src/net.c b/src/net.c index 8b2c9f03..d43aede4 100644 --- a/src/net.c +++ b/src/net.c @@ -17,62 +17,28 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.190 2003/07/12 17:41:45 guus Exp $ + $Id: net.c,v 1.35.4.191 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -/* SunOS really wants sys/socket.h BEFORE net/if.h, - and FreeBSD wants these lines below the rest. */ -#include -#include -#include -#ifdef HAVE_NETINET_IN_SYSTM_H -#include -#endif -#include -#ifdef HAVE_NETINET_IP_H -#include -#endif -#ifdef HAVE_NETINET_TCP_H -#include -#endif +#include "system.h" #include -#include -#include -#include -#include - +#include "utils.h" +#include "avl_tree.h" #include "conf.h" #include "connection.h" +#include "device.h" +#include "event.h" +#include "graph.h" +#include "logger.h" #include "meta.h" #include "net.h" #include "netutl.h" #include "process.h" #include "protocol.h" -#include "subnet.h" -#include "graph.h" -#include "process.h" #include "route.h" -#include "device.h" -#include "event.h" -#include "logger.h" - -#include "system.h" +#include "subnet.h" int do_purge = 0; int sighup = 0; diff --git a/src/net.h b/src/net.h index 8ad89947..43371adb 100644 --- a/src/net.h +++ b/src/net.h @@ -17,26 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.63 2003/07/12 17:41:46 guus Exp $ + $Id: net.h,v 1.9.4.64 2003/07/17 15:06:26 guus Exp $ */ #ifndef __TINC_NET_H__ #define __TINC_NET_H__ -#include "config.h" - -#include -#include -#include -#include #include -#ifdef HAVE_INTTYPES_H -#include -#endif - -#include "utils.h" - #ifdef ENABLE_JUMBOGRAMS #define MTU 9014 /* 9000 bytes payload + 14 bytes ethernet header */ #else @@ -97,6 +85,8 @@ typedef struct packet_queue_t { queue_element_t *tail; } packet_queue_t; +#include "conf.h" + typedef struct outgoing_t { char *name; int timeout; @@ -115,8 +105,6 @@ extern int maxtimeout; extern int seconds_till_retry; extern int addressfamily; -#include "connection.h" /* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ - extern listen_socket_t listen_socket[MAXSOCKETS]; extern int listen_sockets; extern int keyexpires; @@ -127,10 +115,14 @@ extern char *myport; extern time_t now; extern EVP_CIPHER_CTX packet_ctx; +/* Yes, very strange placement indeed, but otherwise the typedefs get all tangled up */ +#include "connection.h" +#include "node.h" + extern void retry_outgoing(outgoing_t *); extern void handle_incoming_vpn_data(int); -extern void finish_connecting(connection_t *); -extern void do_outgoing_connection(connection_t *); +extern void finish_connecting(struct connection_t *); +extern void do_outgoing_connection(struct connection_t *); extern int handle_new_meta_connection(int); extern int setup_listen_socket(sockaddr_t *); extern int setup_vpn_in_socket(sockaddr_t *); @@ -142,7 +134,7 @@ extern void setup_outgoing_connection(struct outgoing_t *); extern void try_outgoing_connections(void); extern void close_network_connections(void); extern void main_loop(void); -extern void terminate_connection(connection_t *, int); +extern void terminate_connection(struct connection_t *, int); extern void flush_queue(struct node_t *); extern int read_rsa_public_key(struct connection_t *); diff --git a/src/net_packet.c b/src/net_packet.c index c0bd2476..e858daa0 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,37 +17,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.33 2003/07/12 17:41:46 guus Exp $ + $Id: net_packet.c,v 1.1.2.34 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -/* SunOS really wants sys/socket.h BEFORE net/if.h, - and FreeBSD wants these lines below the rest. */ -#include -#include -#include -#ifdef HAVE_NETINET_IN_SYSTM_H -#include -#endif -#ifdef HAVE_NETINET_IP_H -#include -#endif -#ifdef HAVE_NETINET_TCP_H -#include -#endif +#include "system.h" #include #include @@ -57,27 +30,21 @@ #include #include -#include -#include -#include -#include - +#include "avl_tree.h" #include "conf.h" #include "connection.h" -#include "meta.h" -#include "net.h" -#include "netutl.h" -#include "process.h" -#include "protocol.h" -#include "subnet.h" -#include "graph.h" -#include "process.h" -#include "route.h" #include "device.h" #include "event.h" +#include "graph.h" +#include "list.h" #include "logger.h" - -#include "system.h" +#include "net.h" +#include "netutl.h" +#include "protocol.h" +#include "process.h" +#include "route.h" +#include "utils.h" +#include "xalloc.h" int keylifetime = 0; int keyexpires = 0; diff --git a/src/net_setup.c b/src/net_setup.c index 4c258abb..ca7aa61e 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,63 +17,30 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.34 2003/07/12 17:41:46 guus Exp $ + $Id: net_setup.c,v 1.1.2.35 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -/* SunOS really wants sys/socket.h BEFORE net/if.h, - and FreeBSD wants these lines below the rest. */ -#include -#include -#include -#ifdef HAVE_NETINET_IN_SYSTM_H -#include -#endif -#ifdef HAVE_NETINET_IP_H -#include -#endif -#ifdef HAVE_NETINET_TCP_H -#include -#endif +#include "system.h" #include #include #include -#include -#include -#include -#include - +#include "avl_tree.h" #include "conf.h" #include "connection.h" -#include "meta.h" +#include "device.h" +#include "event.h" +#include "graph.h" +#include "logger.h" #include "net.h" #include "netutl.h" #include "process.h" #include "protocol.h" -#include "subnet.h" -#include "graph.h" -#include "process.h" #include "route.h" -#include "device.h" -#include "event.h" -#include "logger.h" - -#include "system.h" +#include "subnet.h" +#include "utils.h" +#include "xalloc.h" char *myport; diff --git a/src/net_socket.c b/src/net_socket.c index 1b5c18fe..bb5208f8 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,63 +17,22 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.26 2003/07/12 17:41:46 guus Exp $ + $Id: net_socket.c,v 1.1.2.27 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -/* SunOS really wants sys/socket.h BEFORE net/if.h, - and FreeBSD wants these lines below the rest. */ -#include -#include -#include -#ifdef HAVE_NETINET_IN_SYSTM_H -#include -#endif -#ifdef HAVE_NETINET_IP_H -#include -#endif -#ifdef HAVE_NETINET_TCP_H -#include -#endif - -#include -#include -#include -#include - -#include "conf.h" -#include "connection.h" -#include "meta.h" -#include "net.h" -#include "netutl.h" -#include "process.h" -#include "protocol.h" -#include "subnet.h" -#include "graph.h" -#include "process.h" -#include "route.h" -#include "device.h" -#include "event.h" -#include "logger.h" - #include "system.h" -#ifndef HAVE_RAND_PSEUDO_BYTES -#define RAND_pseudo_bytes RAND_bytes -#endif +#include "avl_tree.h" +#include "conf.h" +#include "connection.h" +#include "event.h" +#include "logger.h" +#include "meta.h" +#include "net.h" +#include "netutl.h" +#include "protocol.h" +#include "utils.h" +#include "xalloc.h" int addressfamily = AF_UNSPEC; int maxtimeout = 900; diff --git a/src/netutl.c b/src/netutl.c index 1f5e4afc..6784833d 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,34 +17,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.46 2003/07/12 17:41:46 guus Exp $ + $Id: netutl.c,v 1.12.4.47 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" +#include "system.h" -#include -#include -#include -#include -#include -#ifdef HAVE_INTTYPES_H -#include -#endif -#include -#include -#include -#include - -#include -#include - -#include "errno.h" -#include "conf.h" #include "net.h" #include "netutl.h" #include "logger.h" - -#include "system.h" +#include "utils.h" +#include "xalloc.h" int hostnames = 0; diff --git a/src/netutl.h b/src/netutl.h index b946b77d..eb5aeebc 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -17,16 +17,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.15 2003/07/12 17:41:46 guus Exp $ + $Id: netutl.h,v 1.2.4.16 2003/07/17 15:06:26 guus Exp $ */ #ifndef __TINC_NETUTL_H__ #define __TINC_NETUTL_H__ -#include -#include -#include - #include "net.h" extern int hostnames; diff --git a/src/node.c b/src/node.c index 6dba7f28..5fc94a94 100644 --- a/src/node.c +++ b/src/node.c @@ -17,24 +17,19 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.22 2003/07/12 17:41:46 guus Exp $ + $Id: node.c,v 1.1.2.23 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" - -#include - -#include -#include "node.h" -#include "netutl.h" -#include "net.h" -#include "logger.h" - -#include -#include - #include "system.h" +#include "avl_tree.h" +#include "logger.h" +#include "net.h" +#include "netutl.h" +#include "node.h" +#include "utils.h" +#include "xalloc.h" + avl_tree_t *node_tree; /* Known nodes, sorted by name */ avl_tree_t *node_udp_tree; /* Known nodes, sorted by address and port */ diff --git a/src/node.h b/src/node.h index 085d6a4f..a4e439a7 100644 --- a/src/node.h +++ b/src/node.h @@ -17,20 +17,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.24 2003/07/12 17:41:46 guus Exp $ + $Id: node.h,v 1.1.2.25 2003/07/17 15:06:26 guus Exp $ */ #ifndef __TINC_NODE_H__ #define __TINC_NODE_H__ -#ifdef HAVE_INTTYPES_H -#include -#endif - -#include - -#include "subnet.h" +#include "avl_tree.h" #include "connection.h" +#include "list.h" +#include "subnet.h" typedef struct node_status_t { int active:1; /* 1 if active.. */ diff --git a/src/process.c b/src/process.c index 326d3ff9..b0e1e63f 100644 --- a/src/process.c +++ b/src/process.c @@ -17,37 +17,22 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.54 2003/07/12 17:41:46 guus Exp $ + $Id: process.c,v 1.1.2.55 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include +#include "system.h" #include "conf.h" -#include "process.h" -#include "subnet.h" -#include "device.h" #include "connection.h" #include "device.h" +#include "edge.h" #include "logger.h" - -#include "system.h" +#include "node.h" +#include "pidfile.h" +#include "process.h" +#include "subnet.h" +#include "utils.h" +#include "xalloc.h" /* If zero, don't detach from the terminal. */ int do_detach = 1; diff --git a/src/process.h b/src/process.h index cae136c6..cb5f7c7c 100644 --- a/src/process.h +++ b/src/process.h @@ -17,14 +17,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.15 2003/07/12 17:41:46 guus Exp $ + $Id: process.h,v 1.1.2.16 2003/07/17 15:06:26 guus Exp $ */ #ifndef __TINC_PROCESS_H__ #define __TINC_PROCESS_H__ -#include "config.h" - extern int do_detach; extern void setup_signals(void); diff --git a/src/protocol.c b/src/protocol.c index c8b868ca..47cc9487 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,29 +17,18 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.140 2003/07/12 17:41:46 guus Exp $ + $Id: protocol.c,v 1.28.4.141 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" - -#include - -#include -#include -#include -#include -#include - -#include -#include +#include "system.h" #include "conf.h" -#include "protocol.h" -#include "meta.h" #include "connection.h" #include "logger.h" - -#include "system.h" +#include "meta.h" +#include "protocol.h" +#include "utils.h" +#include "xalloc.h" /* Jumptable for the request handlers */ diff --git a/src/protocol.h b/src/protocol.h index 6e71f810..6f01a76c 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,15 +17,15 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.38 2003/07/06 23:16:28 guus Exp $ + $Id: protocol.h,v 1.5.4.39 2003/07/17 15:06:26 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ #define __TINC_PROTOCOL_H__ +#include "edge.h" #include "net.h" #include "node.h" -#include "edge.h" #include "subnet.h" /* Protocol version. Different versions are incompatible, diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 1b8794d1..88fba266 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,37 +17,27 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.23 2003/07/12 17:41:47 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.24 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include - -#include -#include -#include +#include "system.h" #include #include #include +#include "avl_tree.h" #include "conf.h" -#include "net.h" -#include "netutl.h" -#include "protocol.h" -#include "meta.h" #include "connection.h" -#include "node.h" #include "edge.h" #include "graph.h" #include "logger.h" - -#include "system.h" +#include "net.h" +#include "netutl.h" +#include "node.h" +#include "protocol.h" +#include "utils.h" +#include "xalloc.h" int send_id(connection_t *c) { diff --git a/src/protocol_edge.c b/src/protocol_edge.c index d81fc878..75b49950 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,33 +17,24 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.17 2003/07/12 17:41:47 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.18 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include - -#include -#include -#include +#include "system.h" +#include "avl_tree.h" #include "conf.h" -#include "net.h" -#include "netutl.h" -#include "protocol.h" -#include "meta.h" #include "connection.h" -#include "node.h" #include "edge.h" #include "graph.h" #include "logger.h" - -#include "system.h" +#include "meta.h" +#include "net.h" +#include "netutl.h" +#include "node.h" +#include "protocol.h" +#include "utils.h" +#include "xalloc.h" int send_add_edge(connection_t *c, edge_t *e) { diff --git a/src/protocol_key.c b/src/protocol_key.c index 1a6804a4..832b2af0 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,31 +17,20 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.18 2003/07/12 17:41:47 guus Exp $ + $Id: protocol_key.c,v 1.1.4.19 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" +#include "system.h" -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "conf.h" +#include "avl_tree.h" +#include "connection.h" +#include "logger.h" #include "net.h" #include "netutl.h" -#include "protocol.h" -#include "meta.h" -#include "connection.h" #include "node.h" -#include "logger.h" - -#include "system.h" +#include "protocol.h" +#include "utils.h" +#include "xalloc.h" int mykeyused = 0; diff --git a/src/protocol_misc.c b/src/protocol_misc.c index d5c9aeb0..934a1820 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -17,28 +17,19 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_misc.c,v 1.1.4.10 2003/07/12 17:41:47 guus Exp $ + $Id: protocol_misc.c,v 1.1.4.11 2003/07/17 15:06:26 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include - -#include +#include "system.h" #include "conf.h" +#include "connection.h" +#include "logger.h" +#include "meta.h" #include "net.h" #include "netutl.h" #include "protocol.h" -#include "meta.h" -#include "connection.h" -#include "logger.h" - -#include "system.h" +#include "utils.h" /* Status and error notification routines */ diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index c0a351f2..f29bdbe7 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,31 +17,21 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.11 2003/07/12 17:41:47 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.12 2003/07/17 15:06:27 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include - -#include -#include -#include +#include "system.h" #include "conf.h" +#include "connection.h" +#include "logger.h" #include "net.h" #include "netutl.h" -#include "protocol.h" -#include "meta.h" -#include "connection.h" #include "node.h" -#include "logger.h" - -#include "system.h" +#include "protocol.h" +#include "subnet.h" +#include "utils.h" +#include "xalloc.h" int send_add_subnet(connection_t *c, subnet_t *subnet) { diff --git a/src/route.c b/src/route.c index f00728c7..3d9b28bd 100644 --- a/src/route.c +++ b/src/route.c @@ -17,50 +17,39 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.58 2003/07/15 16:26:18 guus Exp $ + $Id: route.c,v 1.1.2.59 2003/07/17 15:06:27 guus Exp $ */ -#include "config.h" +#include "system.h" -#ifdef HAVE_SYS_PARAM_H -#include -#endif -#include -#include -#ifdef HAVE_NET_IF_H -#include -#endif #ifdef HAVE_NET_ETHERNET_H #include #endif -#ifdef HAVE_NETINET_IN_SYSTM_H -#include +#ifdef HAVE_NET_IF_ARP_H +#include #endif -#include +#ifdef HAVE_NETINET_IP_ICMP_H #include +#endif #ifdef HAVE_NETINET_IP6_H #include +#endif +#ifdef HAVE_NETINET_ICMP6_H #include #endif +#ifdef HAVE_NETINET_IF_ETHER_H #include -#include -#include -#include -#ifdef HAVE_INTTYPES_H -#include #endif -#include - -#include "net.h" +#include "avl_tree.h" #include "connection.h" -#include "subnet.h" -#include "route.h" -#include "protocol.h" #include "device.h" #include "logger.h" - -#include "system.h" +#include "net.h" +#include "protocol.h" +#include "route.h" +#include "subnet.h" +#include "utils.h" /* Missing definitions */ diff --git a/src/subnet.c b/src/subnet.c index 2aab91d1..f5a8bd4b 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,30 +17,19 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.46 2003/07/12 17:41:47 guus Exp $ + $Id: subnet.c,v 1.1.2.47 2003/07/17 15:06:27 guus Exp $ */ -#include "config.h" +#include "system.h" -#include -#include -#include -#include -#include -#include - -#include -#include -#include - -#include "conf.h" +#include "avl_tree.h" +#include "logger.h" #include "net.h" +#include "netutl.h" #include "node.h" #include "subnet.h" -#include "netutl.h" -#include "logger.h" - -#include "system.h" +#include "utils.h" +#include "xalloc.h" /* lists type of subnet */ diff --git a/src/tincd.c b/src/tincd.c index 185a96a6..8ef8c514 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,21 +17,10 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.72 2003/07/12 17:41:47 guus Exp $ + $Id: tincd.c,v 1.10.4.73 2003/07/17 15:06:27 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include "system.h" /* Darwin (MacOS/X) needs the following definition... */ #ifndef _P1003_1B_VISIBLE @@ -40,10 +29,6 @@ #include -#ifdef HAVE_SYS_IOCTL_H -# include -#endif - #include #include #include @@ -51,18 +36,14 @@ #include -#include -#include - #include "conf.h" +#include "logger.h" #include "net.h" #include "netutl.h" #include "process.h" #include "protocol.h" -#include "subnet.h" -#include "logger.h" - -#include "system.h" +#include "utils.h" +#include "xalloc.h" /* The name this program was run with. */ char *program_name = NULL; diff --git a/system.h b/system.h index 6391c398..c4dd0d14 100644 --- a/system.h +++ b/system.h @@ -1,6 +1,7 @@ /* - system.h -- header for locale settings - Copyright (C) 1998,99,2000 Ivo Timmermans + system.h -- system headers + Copyright (C) 1998-2003 Ivo Timmermans + 2003 Guus Sliepen This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,6 +21,102 @@ #ifndef __TINC_SYSTEM_H__ #define __TINC_SYSTEM_H__ +#include "config.h" + +/* Include standard headers */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_INTTYPES_H +#include +#endif + +/* Include system specific headers */ + +#ifdef HAVE_SYSLOG_H +#include +#endif + +#ifdef HAVE_SYS_TIME_H +#include +#endif + +#ifdef HAVE_SYS_TYPES_H +#include +#endif + +#ifdef HAVE_SYS_STAT_H +#include +#endif + +#ifdef HAVE_SYS_FILE_H +#include +#endif + +#ifdef HAVE_SYS_WAIT_H +#include +#endif + +#ifdef HAVE_SYS_IOCTL_H +#include +#endif + +#ifdef HAVE_SYS_PARAM_H +#include +#endif + +/* SunOS really wants sys/socket.h BEFORE net/if.h, + and FreeBSD wants these lines below the rest. */ + +#ifdef HAVE_NETDB_H +#include +#endif + +#ifdef HAVE_ARPA_INET_H +#include +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +#ifdef HAVE_NET_IF_H +#include +#endif + +#ifdef HAVE_NETINET_IN_SYSTM_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#ifdef HAVE_NETINET_IP_H +#include +#endif + +#ifdef HAVE_NETINET_TCP_H +#include +#endif + +#ifdef HAVE_MINGW +#include +#include +#endif + +/* Include localisation support */ + #include "gettext.h" #ifndef HAVE_STRSIGNAL @@ -27,7 +124,8 @@ #endif /* Other functions */ -#include + +#include "dropin.h" #ifndef HAVE_SOCKLEN_T typedef int socklen_t; From b0a4f7b5551cae6fb5af2eb4bcb0dfb3443f7d89 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 18 Jul 2003 12:16:24 +0000 Subject: [PATCH 764/923] Even more missing definitions. --- lib/Makefile.am | 4 +- lib/ethernet.h | 75 ++++++++++++++++++++++++++ lib/ipv4.h | 136 ++++++++++++++++++++++++++++++++++++++++++++++++ src/net.h | 4 +- src/route.c | 5 +- 5 files changed, 220 insertions(+), 4 deletions(-) create mode 100644 lib/ethernet.h create mode 100644 lib/ipv4.h diff --git a/lib/Makefile.am b/lib/Makefile.am index 35e1baf6..9fd96180 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -1,5 +1,5 @@ ## Process this file with automake to produce Makefile.in -# $Id: Makefile.am,v 1.2.4.12 2003/07/07 11:50:52 guus Exp $ +# $Id: Makefile.am,v 1.2.4.13 2003/07/18 12:16:23 guus Exp $ noinst_LIBRARIES = libvpn.a @@ -10,6 +10,6 @@ libvpn_a_SOURCES = xmalloc.c pidfile.c utils.c getopt.c getopt1.c list.c avl_tre libvpn_a_LIBADD = @LIBOBJS@ @ALLOCA@ libvpn_a_DEPENDENCIES = $(libvpn_a_LIBADD) -noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h avl_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h gettext.h ipv6.h +noinst_HEADERS = xalloc.h pidfile.h utils.h getopt.h list.h avl_tree.h dropin.h fake-getaddrinfo.h fake-getnameinfo.h fake-gai-errnos.h gettext.h ipv6.h ipv4.h ethernet.h EXTRA_DIST = diff --git a/lib/ethernet.h b/lib/ethernet.h new file mode 100644 index 00000000..98e70478 --- /dev/null +++ b/lib/ethernet.h @@ -0,0 +1,75 @@ +/* + ethernet.h -- missing Ethernet related definitions + Copyright (C) 2003 Ivo Timmermans + 2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: ethernet.h,v 1.1.2.1 2003/07/18 12:16:23 guus Exp $ +*/ + +#ifndef __TINC_ETHERNET_H__ +#define __TINC_ETHERNET_H__ + +#ifndef ETH_ALEN +#define ETH_ALEN 6 +#endif + +#ifndef ARPHRD_ETHER +#define ARPHRD_ETHER 1 +#endif + +#ifndef ETHERTYPE_IP +#define ETHERTYPE_IP 0x0800 +#endif + +#ifndef HAVE_NET_IF_ARP_H + +struct arphdr { + unsigned short int ar_hrd; + unsigned short int ar_pro; + unsigned char ar_hln; + unsigned char ar_pln; + unsigned short int ar_op; +}; + +#define ARPOP_REQUEST 1 +#define ARPOP_REPLY 2 +#define ARPOP_RREQUEST 3 +#define ARPOP_RREPLY 4 +#define ARPOP_InREQUEST 8 +#define ARPOP_InREPLY 9 +#define ARPOP_NAK 10 + +#endif + +#ifndef HAVE_NETINET_IF_ETHER_H + +struct ether_arp { + struct arphdr ea_hdr; + uint8_t arp_sha[ETH_ALEN]; + uint8_t arp_spa[4]; + uint8_t arp_tha[ETH_ALEN]; + uint8_t arp_tpa[4]; +}; +#define arp_hrd ea_hdr.ar_hrd +#define arp_pro ea_hdr.ar_pro +#define arp_hln ea_hdr.ar_hln +#define arp_pln ea_hdr.ar_pln +#define arp_op ea_hdr.ar_op + +#endif + +#endif /* __TINC_ETHERNET_H__ */ diff --git a/lib/ipv4.h b/lib/ipv4.h new file mode 100644 index 00000000..ec3c5115 --- /dev/null +++ b/lib/ipv4.h @@ -0,0 +1,136 @@ +/* + ipv4.h -- missing IPv4 related definitions + Copyright (C) 2003 Ivo Timmermans + 2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: ipv4.h,v 1.1.2.1 2003/07/18 12:16:23 guus Exp $ +*/ + +#ifndef __TINC_IPV4_H__ +#define __TINC_IPV4_H__ + +#ifndef AF_INET +#define AF_INET 2 +#endif + +#ifndef IPPROTO_ICMP +#define IPPROTO_ICMP 1 +#endif + +#ifndef ICMP_DEST_UNREACH +#define ICMP_DEST_UNREACH 3 +#endif + +#ifndef ICMP_NET_UNKNOWN +#define ICMP_NET_UNKNOWN 6 +#endif + +#ifndef ICMP_NET_UNREACH +#define ICMP_NET_UNREACH 0 +#endif + +#ifndef IP_MSS +#define IP_MSS 576 +#endif + +#ifndef HAVE_NETINET_IP_H + +struct ip { +#if __BYTE_ORDER == __LITTLE_ENDIAN + unsigned int ip_hl:4; + unsigned int ip_v:4; +#else + unsigned int ip_v:4; + unsigned int ip_hl:4; +#endif + uint8_t ip_tos; + u_short ip_len; + u_short ip_id; + u_short ip_off; +#define IP_RF 0x8000 +#define IP_DF 0x4000 +#define IP_MF 0x2000 +#define IP_OFFMASK 0x1fff + uint8_t ip_ttl; + uint8_t ip_p; + u_short ip_sum; + struct in_addr ip_src, ip_dst; +}; + +#endif + +#ifndef HAVE_NETINET_IP_ICMP_H + +struct icmp { + uint8_t icmp_type; + uint8_t icmp_code; + uint16_t icmp_cksum; + union { + u_char ih_pptr; + struct in_addr ih_gwaddr; + struct ih_idseq { + uint16_t icd_id; + uint16_t icd_seq; + } ih_idseq; + uint32_t ih_void; + + + struct ih_pmtu { + uint16_t ipm_void; + uint16_t ipm_nextmtu; + } ih_pmtu; + + struct ih_rtradv { + uint8_t irt_num_addrs; + uint8_t irt_wpa; + uint16_t irt_lifetime; + } ih_rtradv; + } icmp_hun; +#define icmp_pptr icmp_hun.ih_pptr +#define icmp_gwaddr icmp_hun.ih_gwaddr +#define icmp_id icmp_hun.ih_idseq.icd_id +#define icmp_seq icmp_hun.ih_idseq.icd_seq +#define icmp_void icmp_hun.ih_void +#define icmp_pmvoid icmp_hun.ih_pmtu.ipm_void +#define icmp_nextmtu icmp_hun.ih_pmtu.ipm_nextmtu +#define icmp_num_addrs icmp_hun.ih_rtradv.irt_num_addrs +#define icmp_wpa icmp_hun.ih_rtradv.irt_wpa +#define icmp_lifetime icmp_hun.ih_rtradv.irt_lifetime + union { + struct { + uint32_t its_otime; + uint32_t its_rtime; + uint32_t its_ttime; + } id_ts; + struct { + struct ip idi_ip; + } id_ip; + uint32_t id_mask; + uint8_t id_data[1]; + } icmp_dun; +#define icmp_otime icmp_dun.id_ts.its_otime +#define icmp_rtime icmp_dun.id_ts.its_rtime +#define icmp_ttime icmp_dun.id_ts.its_ttime +#define icmp_ip icmp_dun.id_ip.idi_ip +#define icmp_radv icmp_dun.id_radv +#define icmp_mask icmp_dun.id_mask +#define icmp_data icmp_dun.id_data +}; + +#endif + +#endif /* __TINC_IPV4_H__ */ diff --git a/src/net.h b/src/net.h index 43371adb..28dd4eaf 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.64 2003/07/17 15:06:26 guus Exp $ + $Id: net.h,v 1.9.4.65 2003/07/18 12:16:24 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -25,6 +25,8 @@ #include +#include "ipv6.h" + #ifdef ENABLE_JUMBOGRAMS #define MTU 9014 /* 9000 bytes payload + 14 bytes ethernet header */ #else diff --git a/src/route.c b/src/route.c index 3d9b28bd..a6f6e463 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.59 2003/07/17 15:06:27 guus Exp $ + $Id: route.c,v 1.1.2.60 2003/07/18 12:16:24 guus Exp $ */ #include "system.h" @@ -44,6 +44,9 @@ #include "avl_tree.h" #include "connection.h" #include "device.h" +#include "ethernet.h" +#include "ipv4.h" +#include "ipv6.h" #include "logger.h" #include "net.h" #include "protocol.h" From 271d3537fed28b3e76cf0e76082b44c8771ac5da Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 18 Jul 2003 12:21:03 +0000 Subject: [PATCH 765/923] Remove all #ifndefs from route.c --- lib/ethernet.h | 6 +++++- src/route.c | 20 +------------------- 2 files changed, 6 insertions(+), 20 deletions(-) diff --git a/lib/ethernet.h b/lib/ethernet.h index 98e70478..5f6bcd0f 100644 --- a/lib/ethernet.h +++ b/lib/ethernet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ethernet.h,v 1.1.2.1 2003/07/18 12:16:23 guus Exp $ + $Id: ethernet.h,v 1.1.2.2 2003/07/18 12:21:02 guus Exp $ */ #ifndef __TINC_ETHERNET_H__ @@ -27,6 +27,10 @@ #define ETH_ALEN 6 #endif +#ifndef ETHER_ADDR_LEN +#define ETHER_ADDR_LEN 6 +#endif + #ifndef ARPHRD_ETHER #define ARPHRD_ETHER 1 #endif diff --git a/src/route.c b/src/route.c index a6f6e463..323edec2 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.60 2003/07/18 12:16:24 guus Exp $ + $Id: route.c,v 1.1.2.61 2003/07/18 12:21:03 guus Exp $ */ #include "system.h" @@ -54,24 +54,6 @@ #include "subnet.h" #include "utils.h" -/* Missing definitions */ - -#ifndef ETHER_ADDR_LEN -#define ETHER_ADDR_LEN 6 -#endif - -#ifndef ICMP_DEST_UNREACH -#define ICMP_DEST_UNREACH 3 -#endif - -#ifndef ICMP_NET_UNKNOWN -#define ICMP_NET_UNKNOWN 6 -#endif - -#ifndef ICMP_NET_UNREACH -#define ICMP_NET_UNREACH 0 -#endif - int routing_mode = RMODE_ROUTER; int priorityinheritance = 0; int macexpire = 600; From 00ddbf5723511d80fbd2522fc503bd409dc6189a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 18 Jul 2003 13:41:37 +0000 Subject: [PATCH 766/923] Update all device.c files. --- src/cygwin/device.c | 20 +++++--------------- src/darwin/device.c | 31 +++++++++---------------------- src/freebsd/device.c | 31 +++++++++---------------------- src/linux/device.c | 20 ++++++++++---------- src/net_socket.c | 4 +--- src/netbsd/device.c | 32 +++++++++----------------------- src/openbsd/device.c | 32 +++++++++----------------------- src/solaris/device.c | 28 ++++++++-------------------- 8 files changed, 60 insertions(+), 138 deletions(-) diff --git a/src/cygwin/device.c b/src/cygwin/device.c index 39efbb0c..4e73e4c4 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -17,30 +17,20 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.8 2003/07/15 16:27:39 guus Exp $ + $Id: device.c,v 1.1.2.9 2003/07/18 13:41:35 guus Exp $ */ -#include "config.h" +#include "system.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include #include #include -// #include #include "conf.h" -#include "net.h" #include "logger.h" +#include "net.h" #include "route.h" - -#include "system.h" +#include "utils.h" +#include "xalloc.h" /* Definitions from CIPE */ diff --git a/src/darwin/device.c b/src/darwin/device.c index 3da6726e..ef6c7777 100644 --- a/src/darwin/device.c +++ b/src/darwin/device.c @@ -17,35 +17,22 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.8 2003/07/12 17:41:47 guus Exp $ + $Id: device.c,v 1.1.2.9 2003/07/18 13:41:36 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include "conf.h" -#include "net.h" -#include "logger.h" - #include "system.h" +#include "conf.h" +#include "logger.h" +#include "net.h" +#include "utils.h" + #define DEFAULT_DEVICE "/dev/tun0" int device_fd = -1; int device_type; char *device; -char *interface; +char *iface; char *device_info; int device_total_in = 0; int device_total_out = 0; @@ -57,8 +44,8 @@ int setup_device(void) if(!get_config_string(lookup_config(config_tree, "Device"), &device)) device = DEFAULT_DEVICE; - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; + if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) + iface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); diff --git a/src/freebsd/device.c b/src/freebsd/device.c index 2850fd6d..b85923b4 100644 --- a/src/freebsd/device.c +++ b/src/freebsd/device.c @@ -17,35 +17,22 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.11 2003/07/12 17:41:47 guus Exp $ + $Id: device.c,v 1.1.2.12 2003/07/18 13:41:36 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include "conf.h" -#include "net.h" -#include "logger.h" - #include "system.h" +#include "conf.h" +#include "logger.h" +#include "net.h" +#include "utils.h" + #define DEFAULT_DEVICE "/dev/tap0" int device_fd = -1; int device_type; char *device; -char *interface; +char *iface; char *device_info; int device_total_in = 0; int device_total_out = 0; @@ -57,8 +44,8 @@ int setup_device(void) if(!get_config_string(lookup_config(config_tree, "Device"), &device)) device = DEFAULT_DEVICE; - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; + if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) + iface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); diff --git a/src/linux/device.c b/src/linux/device.c index 08d9364d..caee2548 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.18 2003/07/17 15:06:27 guus Exp $ + $Id: device.c,v 1.1.2.19 2003/07/18 13:41:36 guus Exp $ */ #include "system.h" @@ -48,7 +48,7 @@ enum { int device_fd = -1; int device_type; char *device; -char *interface; +char *iface; char ifrname[IFNAMSIZ]; char *device_info; @@ -64,11 +64,11 @@ int setup_device(void) if(!get_config_string(lookup_config(config_tree, "Device"), &device)) device = DEFAULT_DEVICE; - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) + if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) #ifdef HAVE_TUNTAP - interface = netname; + iface = netname; #else - interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; + iface = rindex(device, '/') ? rindex(device, '/') + 1 : device; #endif device_fd = open(device, O_RDWR | O_NONBLOCK); @@ -91,16 +91,16 @@ int setup_device(void) device_info = _("Linux tun/tap device (tap mode)"); } - if(interface) - strncpy(ifr.ifr_name, interface, IFNAMSIZ); + if(iface) + strncpy(ifr.ifr_name, iface, IFNAMSIZ); if(!ioctl(device_fd, TUNSETIFF, (void *) &ifr)) { strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); - interface = ifrname; + iface = ifrname; } else if(!ioctl(device_fd, (('T' << 8) | 202), (void *) &ifr)) { logger(LOG_WARNING, _("Old ioctl() request was needed for %s"), device); strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); - interface = ifrname; + iface = ifrname; } else #endif { @@ -108,7 +108,7 @@ int setup_device(void) overwrite_mac = 1; device_info = _("Linux ethertap device"); device_type = DEVICE_TYPE_ETHERTAP; - interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; + iface = rindex(device, '/') ? rindex(device, '/') + 1 : device; } logger(LOG_INFO, _("%s is a %s"), device, device_info); diff --git a/src/net_socket.c b/src/net_socket.c index bb5208f8..90458d28 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.27 2003/07/17 15:06:26 guus Exp $ + $Id: net_socket.c,v 1.1.2.28 2003/07/18 13:41:35 guus Exp $ */ #include "system.h" @@ -48,10 +48,8 @@ int setup_listen_socket(sockaddr_t *sa) int nfd, flags; char *addrstr; int option; -#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) char *interface; struct ifreq ifr; -#endif cp(); diff --git a/src/netbsd/device.c b/src/netbsd/device.c index 3f076392..0064fdef 100644 --- a/src/netbsd/device.c +++ b/src/netbsd/device.c @@ -17,30 +17,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.10 2003/07/12 17:41:48 guus Exp $ + $Id: device.c,v 1.1.2.11 2003/07/18 13:41:36 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include "conf.h" -#include "net.h" -#include "logger.h" - #include "system.h" +#include "conf.h" +#include "logger.h" +#include "net.h" +#include "utils.h" + #define DEFAULT_DEVICE "/dev/tun0" #define DEVICE_TYPE_ETHERTAP 0 @@ -49,7 +35,7 @@ int device_fd = -1; int device_type; char *device; -char *interface; +char *iface; char *device_info; int device_total_in = 0; @@ -62,8 +48,8 @@ int setup_device(void) if(!get_config_string(lookup_config(config_tree, "Device"), &device)) device = DEFAULT_DEVICE; - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; + if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) + iface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; diff --git a/src/openbsd/device.c b/src/openbsd/device.c index e9b4bbdd..9af2e3e3 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,30 +17,16 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.15 2003/07/12 17:41:48 guus Exp $ + $Id: device.c,v 1.1.2.16 2003/07/18 13:41:36 guus Exp $ */ -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include "conf.h" -#include "net.h" -#include "logger.h" - #include "system.h" +#include "conf.h" +#include "logger.h" +#include "net.h" +#include "utils.h" + #define DEFAULT_DEVICE "/dev/tun0" #define DEVICE_TYPE_ETHERTAP 0 @@ -49,7 +35,7 @@ int device_fd = -1; int device_type; char *device; -char *interface; +char *iface; char *device_info; int device_total_in = 0; @@ -62,8 +48,8 @@ int setup_device(void) if(!get_config_string(lookup_config(config_tree, "Device"), &device)) device = DEFAULT_DEVICE; - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - interface = rindex(device, '/') ? rindex(device, '/') + 1 : device; + if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) + iface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); return -1; diff --git a/src/solaris/device.c b/src/solaris/device.c index 5183721c..3cafa238 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -17,39 +17,27 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.14 2003/07/12 17:41:48 guus Exp $ + $Id: device.c,v 1.1.2.15 2003/07/18 13:41:37 guus Exp $ */ -#include "config.h" +#include "system.h" -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include #include #include #include -#define DEFAULT_DEVICE "/dev/tun" - -#include #include "conf.h" -#include "net.h" #include "logger.h" +#include "net.h" +#include "utils.h" -#include "system.h" +#define DEFAULT_DEVICE "/dev/tun" int device_fd = -1; int device_type; char *device = NULL; -char *interface = NULL; +char *iface = NULL; char ifrname[IFNAMSIZ]; char *device_info = NULL; @@ -112,8 +100,8 @@ int setup_device(void) return -1; } - if(!get_config_string(lookup_config(config_tree, "Interface"), &interface)) - asprintf(&interface, "tun%d", ppa); + if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) + asprintf(&iface, "tun%d", ppa); device_info = _("Solaris tun device"); From 96ee04b678143defa1040f2defdd3424efedea11 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 18 Jul 2003 13:42:35 +0000 Subject: [PATCH 767/923] Check for ethernet/ipv4/ipv6 related structures. --- configure.in | 53 ++++- lib/dropin.h | 5 +- lib/ethernet.h | 10 +- lib/ipv4.h | 10 +- lib/ipv6.h | 10 +- po/nl.po | 559 +++++++++++++++++++++++++------------------------ 6 files changed, 341 insertions(+), 306 deletions(-) diff --git a/configure.in b/configure.in index 52b9196b..a4b29b85 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.67 2003/07/17 15:06:25 guus Exp $ +dnl $Id: configure.in,v 1.13.2.68 2003/07/18 13:42:35 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -89,16 +89,21 @@ dnl Checks for libraries. dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS([syslog.h sys/file.h sys/ioctl.h sys/param.h \ - sys/time.h sys/socket.h sys/wait.h netdb.h arpa/inet.h netinet/in_systm.h]) -AC_CHECK_HEADERS([net/ethernet.h net/if.h net/if_arp.h netinet/if_ether.h netinet/ip.h \ - netinet/tcp.h netinet/ip_icmp.h netinet/ip6.h netinet/icmp6.h], +AC_CHECK_HEADERS([syslog.h sys/file.h sys/ioctl.h sys/param.h sys/time.h sys/socket.h sys/wait.h netdb.h arpa/inet.h netinet/in_systm.h netinet/in.h]) +AC_CHECK_HEADERS([net/ethernet.h net/if.h net/if_arp.h netinet/if_ether.h netinet/ip.h netinet/tcp.h netinet/ip_icmp.h netinet/ip6.h netinet/icmp6.h], [], [], - [#include + [#ifdef HAVE_SYS_TYPES_H + #include + #endif + #ifdef HAVE_SYS_SOCKET_H #include + #endif #ifdef HAVE_NETINET_IN_SYSTM_H #include #endif + #ifdef HAVE_NETINET_IN_H + #include + #endif ] ) @@ -109,11 +114,40 @@ AC_TYPE_SIZE_T AC_HEADER_TIME AC_STRUCT_TM -AC_CHECK_TYPES([socklen_t, struct addrinfo, struct in6_addr, struct sockaddr_in6], , , - [#include +AC_CHECK_TYPES([socklen_t, struct arphdr, struct ether_arp, struct in_addr, struct addrinfo, struct ip, struct icmp, struct in6_addr, struct sockaddr_in6, struct ip6_hdr, struct icmp6_hdr, struct nd_neighbor_solicit, struct nd_opt_hdr], , , + [#ifdef HAVE_SYS_TYPES_H + #include + #endif + #ifdef HAVE_SYS_SOCKET_H #include + #endif + #ifdef HAVE_NETDB_H #include + #endif + #ifdef HAVE_NET_IF_ARP_H + #include + #endif + #ifdef HAVE_NETINET_IF_ETHER_H + #include + #endif + #ifdef HAVE_NETINET_IN_SYSTM_H + #include + #endif + #ifdef HAVE_NETINET_IN_H #include + #endif + #ifdef HAVE_NETINET_IP_H + #include + #endif + #ifdef HAVE_NETINET_IP_ICMP_H + #include + #endif + #ifdef HAVE_NETINET_IP6_H + #include + #endif + #ifdef HAVE_NETINET_ICMP6_H + #include + #endif ] ) @@ -121,8 +155,7 @@ dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL -AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime get_current_dir_name \ -putenv select strdup strerror strsignal strtol unsetenv mlockall vsyslog]) +AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime get_current_dir_name putenv select strdup strerror strsignal strtol unsetenv mlockall vsyslog]) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/lib/dropin.h b/lib/dropin.h index c0bf14da..3afa69cc 100644 --- a/lib/dropin.h +++ b/lib/dropin.h @@ -17,12 +17,15 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.h,v 1.1.2.12 2003/07/17 15:06:25 guus Exp $ + $Id: dropin.h,v 1.1.2.13 2003/07/18 13:42:35 guus Exp $ */ #ifndef __DROPIN_H__ #define __DROPIN_H__ +#include "fake-getaddrinfo.h" +#include "fake-getnameinfo.h" + #ifndef HAVE_DAEMON extern int daemon(int, int); #endif diff --git a/lib/ethernet.h b/lib/ethernet.h index 5f6bcd0f..85649bc2 100644 --- a/lib/ethernet.h +++ b/lib/ethernet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ethernet.h,v 1.1.2.2 2003/07/18 12:21:02 guus Exp $ + $Id: ethernet.h,v 1.1.2.3 2003/07/18 13:42:35 guus Exp $ */ #ifndef __TINC_ETHERNET_H__ @@ -39,8 +39,7 @@ #define ETHERTYPE_IP 0x0800 #endif -#ifndef HAVE_NET_IF_ARP_H - +#ifndef HAVE_STRUCT_ARPHDR struct arphdr { unsigned short int ar_hrd; unsigned short int ar_pro; @@ -56,11 +55,9 @@ struct arphdr { #define ARPOP_InREQUEST 8 #define ARPOP_InREPLY 9 #define ARPOP_NAK 10 - #endif -#ifndef HAVE_NETINET_IF_ETHER_H - +#ifndef HAVE_STRUCT_ETHER_ARP struct ether_arp { struct arphdr ea_hdr; uint8_t arp_sha[ETH_ALEN]; @@ -73,7 +70,6 @@ struct ether_arp { #define arp_hln ea_hdr.ar_hln #define arp_pln ea_hdr.ar_pln #define arp_op ea_hdr.ar_op - #endif #endif /* __TINC_ETHERNET_H__ */ diff --git a/lib/ipv4.h b/lib/ipv4.h index ec3c5115..39d914ef 100644 --- a/lib/ipv4.h +++ b/lib/ipv4.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ipv4.h,v 1.1.2.1 2003/07/18 12:16:23 guus Exp $ + $Id: ipv4.h,v 1.1.2.2 2003/07/18 13:42:35 guus Exp $ */ #ifndef __TINC_IPV4_H__ @@ -47,8 +47,7 @@ #define IP_MSS 576 #endif -#ifndef HAVE_NETINET_IP_H - +#ifndef HAVE_STRUCT_IP struct ip { #if __BYTE_ORDER == __LITTLE_ENDIAN unsigned int ip_hl:4; @@ -70,11 +69,9 @@ struct ip { u_short ip_sum; struct in_addr ip_src, ip_dst; }; - #endif -#ifndef HAVE_NETINET_IP_ICMP_H - +#ifndef HAVE_STRUCT_ICMP struct icmp { uint8_t icmp_type; uint8_t icmp_code; @@ -130,7 +127,6 @@ struct icmp { #define icmp_mask icmp_dun.id_mask #define icmp_data icmp_dun.id_data }; - #endif #endif /* __TINC_IPV4_H__ */ diff --git a/lib/ipv6.h b/lib/ipv6.h index 92a0ae09..d8cb4cf5 100644 --- a/lib/ipv6.h +++ b/lib/ipv6.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ipv6.h,v 1.1.2.4 2003/07/17 15:06:25 guus Exp $ + $Id: ipv6.h,v 1.1.2.5 2003/07/18 13:42:35 guus Exp $ */ #ifndef __TINC_IPV6_H__ @@ -60,7 +60,7 @@ struct sockaddr_in6 { && (((__const uint32_t *) (a))[2] == htonl (0xffff))) #endif -#ifndef HAVE_NETINET_IP6_H +#ifndef HAVE_STRUCT_IP6_HDR struct ip6_hdr { union { struct ip6_hdrctl { @@ -80,7 +80,9 @@ struct ip6_hdr { #define ip6_nxt ip6_ctlun.ip6_un1.ip6_un1_nxt #define ip6_hlim ip6_ctlun.ip6_un1.ip6_un1_hlim #define ip6_hops ip6_ctlun.ip6_un1.ip6_un1_hlim +#endif +#ifndef HAVE_STRUCT_ICMP6_HDR struct icmp6_hdr { uint8_t icmp6_type; uint8_t icmp6_code; @@ -96,14 +98,18 @@ struct icmp6_hdr { #define ICMP6_DST_UNREACH_ADDR 3 #define ND_NEIGHBOR_SOLICIT 135 #define ND_NEIGHBOR_ADVERT 136 +#endif +#ifndef HAVE_STRUCT_ND_NEIGHBOR_SOLICIT struct nd_neighbor_solicit { struct icmp6_hdr nd_ns_hdr; struct in6_addr nd_ns_target; }; #define ND_OPT_SOURCE_LINKADDR 1 #define ND_OPT_TARGET_LINKADDR 2 +#endif +#ifndef HAVE_STRUCT_ND_OPT_HDR struct nd_opt_hdr { uint8_t nd_opt_type; uint8_t nd_opt_len; diff --git a/po/nl.po b/po/nl.po index cecd3109..b8e1ad5d 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,39 +5,39 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2003-07-07 13:41+0200\n" +"POT-Creation-Date: 2003-07-18 13:31-0800\n" "PO-Revision-Date: 2003-05-06 23:10+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" +"Report-Msgid-Bugs-To: \n" -#: src/conf.c:173 +#: src/conf.c:159 #, c-format msgid "\"yes\" or \"no\" expected for configuration variable %s in %s line %d" msgstr "" "\"ja\" of \"nee\" verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:189 +#: src/conf.c:175 #, c-format msgid "Integer expected for configuration variable %s in %s line %d" msgstr "Geheel getal verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:223 +#: src/conf.c:209 #, c-format msgid "" "Hostname or IP address expected for configuration variable %s in %s line %d" msgstr "" "Hostnaam of IP adres verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:241 +#: src/conf.c:227 #, c-format msgid "Subnet expected for configuration variable %s in %s line %d" msgstr "Subnet verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:252 +#: src/conf.c:238 #, c-format msgid "" "Network address and prefix length do not match for configuration variable %s " @@ -46,69 +46,69 @@ msgstr "" "Netwerk adres en prefix lengte komen niet overeen bij configuratievariabele %" "s in %s regel %d" -#: src/conf.c:351 +#: src/conf.c:337 #, c-format msgid "Cannot open config file %s: %s" msgstr "Kan configuratie bestand %s niet openen: %s" -#: src/conf.c:389 +#: src/conf.c:375 #, c-format msgid "No value for variable `%s' on line %d while reading config file %s" msgstr "" "Geen waarde voor variabele `%s' op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/conf.c:424 +#: src/conf.c:410 #, c-format msgid "Failed to read `%s': %s" msgstr "Lezen van `%s' mislukte: %s" -#: src/conf.c:451 +#: src/conf.c:427 #, c-format msgid "`%s' is not an absolute path" msgstr "`%s' is geen absoluut pad" -#: src/conf.c:467 src/conf.c:495 +#: src/conf.c:443 src/conf.c:471 #, c-format msgid "Couldn't stat `%s': %s" msgstr "Kon `%s' niet statten: %s" -#: src/conf.c:472 src/conf.c:503 +#: src/conf.c:448 src/conf.c:479 #, c-format msgid "`%s' is owned by UID %d instead of %d" msgstr "`%s' is eigendom van UID %d in plaats van %d" -#: src/conf.c:478 src/conf.c:509 +#: src/conf.c:454 src/conf.c:485 #, c-format msgid "Warning: `%s' is a symlink" msgstr "Waarschuwing: `%s' is een symbolische link" -#: src/conf.c:481 src/conf.c:512 +#: src/conf.c:457 src/conf.c:488 #, c-format msgid "Unable to read symbolic link `%s': %s" msgstr "Kan symbolische link `%s' niet lezen: %s" -#: src/conf.c:523 +#: src/conf.c:499 #, c-format msgid "`%s' has unsecure permissions" msgstr "`%s' heeft onveilige permissies" -#: src/conf.c:545 +#: src/conf.c:521 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "Geef een bestand om de %s naar de schrijven [%s]: " -#: src/conf.c:552 +#: src/conf.c:528 #, c-format msgid "Error while reading stdin: %s\n" msgstr "Fout tijdens lezen van standaardinvoer: %s\n" -#: src/conf.c:580 +#: src/conf.c:556 #, c-format msgid "Error opening file `%s': %s\n" msgstr "Fout bij het openen van het bestand `%s': %s\n" -#: src/conf.c:588 +#: src/conf.c:564 #, c-format msgid "" "The file `%s' (or any of the leading directories) has unsafe permissions.\n" @@ -118,627 +118,627 @@ msgstr "" "bescherming.\n" "Ik maak of overschrijf dit bestand niet.\n" -#: src/connection.c:56 +#: src/connection.c:49 msgid "everyone" msgstr "iedereen" -#: src/connection.c:57 +#: src/connection.c:50 msgid "BROADCAST" msgstr "BROADCAST" -#: src/connection.c:127 +#: src/connection.c:120 msgid "Connections:" msgstr "Verbindingen:" -#: src/connection.c:131 +#: src/connection.c:124 #, c-format msgid " %s at %s options %lx socket %d status %04x" msgstr " %s op %s opties %lx socket %d status %04x" -#: src/connection.c:135 +#: src/connection.c:128 msgid "End of connections." msgstr "Einde van verbindingen." -#: src/meta.c:51 +#: src/meta.c:44 #, c-format msgid "Sending %d bytes of metadata to %s (%s)" msgstr "Verzenden van %d bytes metadata naar %s (%s)" -#: src/meta.c:66 +#: src/meta.c:59 #, c-format msgid "Sending meta data to %s (%s) failed: %s" msgstr "Fout tijdens verzenden metadata naar %s (%s): %s" -#: src/meta.c:104 +#: src/meta.c:97 #, c-format msgid "This is a bug: %s:%d: %d:%s %s (%s)" msgstr "Dit is een programmeerfout: %s:%d: %d:%s %s (%s)" -#: src/meta.c:110 +#: src/meta.c:103 #, c-format msgid "Metadata socket error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s): %s" -#: src/meta.c:128 +#: src/meta.c:121 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:133 +#: src/meta.c:126 #, c-format msgid "Metadata socket read error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" -#: src/meta.c:196 +#: src/meta.c:189 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:94 +#: src/net.c:60 msgid "Purging unreachable nodes" msgstr "Verwijderen onbereikbare nodes" -#: src/net.c:101 +#: src/net.c:67 #, c-format msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:182 +#: src/net.c:148 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:235 +#: src/net.c:201 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:244 +#: src/net.c:210 #, c-format msgid "Old connection_t for %s (%s) status %04x still lingering, deleting..." msgstr "" "Oude connection_t voor %s (%s) status %04x nog steeds aanwezig, wordt " "verwijderd..." -#: src/net.c:249 +#: src/net.c:215 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:291 +#: src/net.c:257 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:344 +#: src/net.c:310 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:375 +#: src/net.c:341 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:391 +#: src/net.c:357 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:415 +#: src/net.c:381 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." -#: src/net_packet.c:136 +#: src/net_packet.c:103 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net_packet.c:162 +#: src/net_packet.c:129 #, c-format msgid "Got unauthenticated packet from %s (%s)" msgstr "Kreeg niet-geauthenticeerd pakket van %s (%s)" -#: src/net_packet.c:191 +#: src/net_packet.c:158 #, c-format msgid "Lost %d packets from %s (%s)" msgstr "%d pakketten van %s (%s) verloren" -#: src/net_packet.c:197 +#: src/net_packet.c:164 #, c-format msgid "Got late or replayed packet from %s (%s), seqno %d, last received %d" msgstr "" "Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d, laatste ontvangen %d" -#: src/net_packet.c:217 +#: src/net_packet.c:184 #, c-format msgid "Error while uncompressing packet from %s (%s)" msgstr "Fout tijdens decomprimeren pakket van %s (%s)" -#: src/net_packet.c:259 +#: src/net_packet.c:226 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net_packet.c:289 +#: src/net_packet.c:256 #, c-format msgid "Error while compressing packet to %s (%s)" msgstr "Fout tijdens comprimeren pakket naar %s (%s)" -#: src/net_packet.c:340 +#: src/net_packet.c:307 #, c-format msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" -#: src/net_packet.c:342 src/net_setup.c:484 src/net_socket.c:110 -#: src/net_socket.c:157 src/net_socket.c:187 src/tincd.c:392 src/process.c:263 -#: src/process.c:291 +#: src/net_packet.c:309 src/net_setup.c:451 src/net_socket.c:67 +#: src/net_socket.c:114 src/net_socket.c:144 src/tincd.c:373 src/process.c:252 +#: src/process.c:280 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" -#: src/net_packet.c:348 +#: src/net_packet.c:315 #, c-format msgid "Error sending packet to %s (%s): %s" msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net_packet.c:365 +#: src/net_packet.c:332 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net_packet.c:369 +#: src/net_packet.c:336 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net_packet.c:374 +#: src/net_packet.c:341 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net_packet.c:382 +#: src/net_packet.c:349 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net_packet.c:401 +#: src/net_packet.c:368 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net_packet.c:418 +#: src/net_packet.c:385 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:439 +#: src/net_packet.c:406 #, c-format msgid "This is a bug: %s:%d: %d:%s" msgstr "Dit is een programmeerfout: %s:%d: %d:%s" -#: src/net_packet.c:446 +#: src/net_packet.c:413 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net_packet.c:453 +#: src/net_packet.c:420 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:463 +#: src/net_packet.c:430 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" -#: src/net_setup.c:110 src/net_setup.c:127 +#: src/net_setup.c:77 src/net_setup.c:94 #, c-format msgid "Error reading RSA public key file `%s': %s" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %s" -#: src/net_setup.c:142 +#: src/net_setup.c:109 #, c-format msgid "Reading RSA public key file `%s' failed: %s" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %s" -#: src/net_setup.c:182 +#: src/net_setup.c:149 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net_setup.c:210 +#: src/net_setup.c:177 #, c-format msgid "Error reading RSA private key file `%s': %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:222 +#: src/net_setup.c:189 #, c-format msgid "Reading RSA private key file `%s' failed: %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:252 src/net_setup.c:253 +#: src/net_setup.c:219 src/net_setup.c:220 msgid "MYSELF" msgstr "MIJZELF" -#: src/net_setup.c:259 +#: src/net_setup.c:226 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net_setup.c:264 +#: src/net_setup.c:231 msgid "Invalid name for myself!" msgstr "Ongeldige naam voor mijzelf!" -#: src/net_setup.c:276 +#: src/net_setup.c:243 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net_setup.c:332 +#: src/net_setup.c:299 msgid "Invalid routing mode!" msgstr "Ongeldige routing modus!" -#: src/net_setup.c:343 +#: src/net_setup.c:310 msgid "PriorityInheritance not supported on this platform" msgstr "PriorityInheritance wordt niet ondersteund op dit platform" -#: src/net_setup.c:353 +#: src/net_setup.c:320 msgid "Bogus maximum timeout!" msgstr "Onzinnige maximum timeout!" -#: src/net_setup.c:367 +#: src/net_setup.c:334 msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:385 +#: src/net_setup.c:352 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:420 +#: src/net_setup.c:387 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:434 +#: src/net_setup.c:401 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:437 +#: src/net_setup.c:404 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:452 +#: src/net_setup.c:419 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:506 +#: src/net_setup.c:473 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:517 +#: src/net_setup.c:484 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:519 +#: src/net_setup.c:486 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" -#: src/net_socket.c:102 +#: src/net_socket.c:59 #, c-format msgid "Creating metasocket failed: %s" msgstr "Aanmaak van metasocket mislukt: %s" -#: src/net_socket.c:137 src/net_socket.c:203 +#: src/net_socket.c:94 src/net_socket.c:160 #, c-format msgid "Can't bind to interface %s: %s" msgstr "Kan niet aan interface %s binden: %s" -#: src/net_socket.c:142 +#: src/net_socket.c:99 msgid "BindToInterface not supported on this platform" msgstr "BindToInterface wordt niet ondersteund op dit platform" -#: src/net_socket.c:149 +#: src/net_socket.c:106 #, c-format msgid "Can't bind to %s/tcp: %s" msgstr "Kan niet aan %s/tcp binden: %s" -#: src/net_socket.c:180 +#: src/net_socket.c:137 #, c-format msgid "Creating UDP socket failed: %s" msgstr "Aanmaak UDP socket mislukte: %s" -#: src/net_socket.c:213 +#: src/net_socket.c:170 #, c-format msgid "Can't bind to %s/udp: %s" msgstr "Kan niet aan %s/udp binden: %s" -#: src/net_socket.c:240 +#: src/net_socket.c:197 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net_socket.c:248 +#: src/net_socket.c:205 #, c-format msgid "Connected to %s (%s)" msgstr "Verbonden met %s (%s)" -#: src/net_socket.c:265 +#: src/net_socket.c:222 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net_socket.c:300 +#: src/net_socket.c:257 #, c-format msgid "Trying to connect to %s (%s)" msgstr "Poging tot verbinden met %s (%s)" -#: src/net_socket.c:306 +#: src/net_socket.c:263 #, c-format msgid "Creating socket for %s failed: %s" msgstr "Aanmaken socket voor %s mislukt: %s" -#: src/net_socket.c:329 +#: src/net_socket.c:286 #, c-format msgid "fcntl for %s: %s" msgstr "fcntl voor %s: %s" -#: src/net_socket.c:344 +#: src/net_socket.c:301 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/net_socket.c:365 +#: src/net_socket.c:322 #, c-format msgid "Already connected to %s" msgstr "Reeds verbonden met %s" -#: src/net_socket.c:384 +#: src/net_socket.c:341 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net_socket.c:414 +#: src/net_socket.c:371 #, c-format msgid "Accepting a new connection failed: %s" msgstr "Aanname van nieuwe verbinding is mislukt: %s" -#: src/net_socket.c:432 +#: src/net_socket.c:389 #, c-format msgid "Connection from %s" msgstr "Verbinding van %s" -#: src/net_socket.c:456 +#: src/net_socket.c:413 #, c-format msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" -#: src/netutl.c:70 src/netutl.c:95 +#: src/netutl.c:52 src/netutl.c:77 #, c-format msgid "Error looking up %s port %s: %s\n" msgstr "Fout bij het opzoeken van %s poort %s: %s\n" -#: src/netutl.c:120 +#: src/netutl.c:102 #, c-format msgid "Error while translating addresses: %s" msgstr "Fout tijdens vertalen adressen: %s" -#: src/netutl.c:148 +#: src/netutl.c:130 #, c-format msgid "Error while looking up hostname: %s" msgstr "Fout bij het opzoeken van hostnaam: %s" -#: src/netutl.c:152 +#: src/netutl.c:134 #, c-format msgid "%s port %s" msgstr "%s poort %s" -#: src/netutl.c:189 +#: src/netutl.c:171 #, c-format msgid "sockaddrcmp() was called with unknown address family %d, exitting!" msgstr "" "sockaddrcmp() werd aangeroepen met onbekende adresfamilie %d, beëindigen!" -#: src/protocol.c:98 +#: src/protocol.c:87 #, c-format msgid "Output buffer overflow while sending request to %s (%s)" msgstr "Uitvoer buffer overvol tijdens zenden verzoek naar %s (%s)" -#: src/protocol.c:106 +#: src/protocol.c:95 #, c-format msgid "Sending %s to %s (%s): %s" msgstr "Verzending %s naar %s (%s): %s" -#: src/protocol.c:109 +#: src/protocol.c:98 #, c-format msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:131 +#: src/protocol.c:120 #, c-format msgid "Forwarding %s from %s (%s): %s" msgstr "Doorsturen %s van %s (%s): %s" -#: src/protocol.c:135 +#: src/protocol.c:124 #, c-format msgid "Forwarding %s from %s (%s)" msgstr "Doorsturen %s van %s (%s)" -#: src/protocol.c:153 +#: src/protocol.c:142 #, c-format msgid "Unknown request from %s (%s): %s" msgstr "Onbekend verzoek van %s (%s): %s" -#: src/protocol.c:156 +#: src/protocol.c:145 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:163 +#: src/protocol.c:152 #, c-format msgid "Got %s from %s (%s): %s" msgstr "Kreeg %s van %s (%s): %s" -#: src/protocol.c:167 +#: src/protocol.c:156 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:173 +#: src/protocol.c:162 #, c-format msgid "Unauthorized request from %s (%s)" msgstr "Niet toegestaan verzoek van %s (%s)" -#: src/protocol.c:181 +#: src/protocol.c:170 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:186 +#: src/protocol.c:175 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:232 +#: src/protocol.c:221 msgid "Already seen request" msgstr "Verzoek reeds gezien" -#: src/protocol.c:262 +#: src/protocol.c:251 #, c-format msgid "Aging past requests: deleted %d, left %d\n" msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven\n" -#: src/protocol_auth.c:68 src/protocol_auth.c:224 src/protocol_auth.c:351 -#: src/protocol_auth.c:415 src/protocol_auth.c:519 src/protocol_edge.c:82 -#: src/protocol_edge.c:193 src/protocol_key.c:70 src/protocol_key.c:112 -#: src/protocol_key.c:176 src/protocol_misc.c:75 src/protocol_misc.c:104 -#: src/protocol_misc.c:196 src/protocol_subnet.c:71 src/protocol_subnet.c:161 +#: src/protocol_auth.c:58 src/protocol_auth.c:214 src/protocol_auth.c:341 +#: src/protocol_auth.c:405 src/protocol_auth.c:509 src/protocol_edge.c:73 +#: src/protocol_edge.c:184 src/protocol_key.c:59 src/protocol_key.c:101 +#: src/protocol_key.c:165 src/protocol_misc.c:54 src/protocol_misc.c:83 +#: src/protocol_misc.c:175 src/protocol_subnet.c:61 src/protocol_subnet.c:151 #, c-format msgid "Got bad %s from %s (%s)" msgstr "Kreeg verkeerde %s van %s (%s)" -#: src/protocol_auth.c:76 src/protocol_edge.c:90 src/protocol_edge.c:96 -#: src/protocol_edge.c:201 src/protocol_edge.c:207 src/protocol_subnet.c:79 -#: src/protocol_subnet.c:89 src/protocol_subnet.c:169 -#: src/protocol_subnet.c:189 +#: src/protocol_auth.c:66 src/protocol_edge.c:81 src/protocol_edge.c:87 +#: src/protocol_edge.c:192 src/protocol_edge.c:198 src/protocol_subnet.c:69 +#: src/protocol_subnet.c:79 src/protocol_subnet.c:159 +#: src/protocol_subnet.c:179 #, c-format msgid "Got bad %s from %s (%s): %s" msgstr "Kreeg verkeerde %s van %s (%s): %s" -#: src/protocol_auth.c:85 +#: src/protocol_auth.c:75 #, c-format msgid "Peer %s is %s instead of %s" msgstr "Ander %s is %s in plaats van %s" -#: src/protocol_auth.c:95 +#: src/protocol_auth.c:85 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt incompatibele versie %d" -#: src/protocol_auth.c:113 +#: src/protocol_auth.c:103 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft onbekende identiteit (%s)" -#: src/protocol_auth.c:172 +#: src/protocol_auth.c:162 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "Willekeurige meta sleutel aangemaakt (niet versleuteld): %s" -#: src/protocol_auth.c:184 src/protocol_auth.c:253 +#: src/protocol_auth.c:174 src/protocol_auth.c:243 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleutelen van meta key voor %s (%s)" -#: src/protocol_auth.c:234 src/protocol_auth.c:361 src/protocol_auth.c:423 -#: src/protocol_auth.c:441 +#: src/protocol_auth.c:224 src/protocol_auth.c:351 src/protocol_auth.c:413 +#: src/protocol_auth.c:431 #, c-format msgid "Possible intruder %s (%s): %s" msgstr "Mogelijke indringer %s (%s): %s" -#: src/protocol_auth.c:261 +#: src/protocol_auth.c:251 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Ontving willekeurige meta key (niet versleuteld): %s" -#: src/protocol_auth.c:272 +#: src/protocol_auth.c:262 #, c-format msgid "%s (%s) uses unknown cipher!" msgstr "%s (%s) gebruikt onbekende cipher!" -#: src/protocol_auth.c:292 src/protocol_key.c:243 +#: src/protocol_auth.c:282 src/protocol_key.c:232 #, c-format msgid "Node %s (%s) uses unknown digest!" msgstr "Node %s (%s) gebruikt onbekende digest!" -#: src/protocol_auth.c:297 +#: src/protocol_auth.c:287 #, c-format msgid "%s (%s) uses bogus MAC length!" msgstr "%s (%s) gebruikt onzinnige MAC lengte!" -#: src/protocol_auth.c:424 +#: src/protocol_auth.c:414 msgid "wrong challenge reply length" msgstr "verkeerde lengte antwoord op uitdaging" -#: src/protocol_auth.c:442 +#: src/protocol_auth.c:432 msgid "wrong challenge reply" msgstr "verkeerd antwoord op uitdaging" -#: src/protocol_auth.c:447 +#: src/protocol_auth.c:437 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwachtte antwoord op uitdaging: %s" -#: src/protocol_auth.c:535 +#: src/protocol_auth.c:525 #, c-format msgid "Established a second connection with %s (%s), closing old connection" msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" -#: src/protocol_auth.c:552 +#: src/protocol_auth.c:542 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol_edge.c:91 src/protocol_edge.c:97 src/protocol_edge.c:202 -#: src/protocol_edge.c:208 src/protocol_subnet.c:80 src/protocol_subnet.c:170 +#: src/protocol_edge.c:82 src/protocol_edge.c:88 src/protocol_edge.c:193 +#: src/protocol_edge.c:199 src/protocol_subnet.c:70 src/protocol_subnet.c:160 msgid "invalid name" msgstr "ongeldige naam" -#: src/protocol_edge.c:133 +#: src/protocol_edge.c:124 #, c-format msgid "Got %s from %s (%s) for ourself which does not match existing entry" msgstr "" "Kreeg %s van %s (%s) voor onszelf welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:138 +#: src/protocol_edge.c:129 #, c-format msgid "Got %s from %s (%s) which does not match existing entry" msgstr "Kreeg %s van %s (%s) welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:146 +#: src/protocol_edge.c:137 #, c-format msgid "Got %s from %s (%s) for ourself which does not exist" msgstr "Kreeg %s van %s (%s) voor onszelf welke niet bestaat" -#: src/protocol_edge.c:220 src/protocol_edge.c:228 src/protocol_edge.c:238 +#: src/protocol_edge.c:211 src/protocol_edge.c:219 src/protocol_edge.c:229 #, c-format msgid "Got %s from %s (%s) which does not appear in the edge tree" msgstr "Kreeg %s van %s (%s) welke niet voorkomt in de edge tree" -#: src/protocol_edge.c:244 src/protocol_subnet.c:117 src/protocol_subnet.c:214 +#: src/protocol_edge.c:235 src/protocol_subnet.c:107 src/protocol_subnet.c:204 #, c-format msgid "Got %s from %s (%s) for ourself" msgstr "Kreeg %s van %s (%s) voor onszelf" -#: src/protocol_key.c:81 +#: src/protocol_key.c:70 #, c-format msgid "Got %s from %s (%s) origin %s which does not exist" msgstr "Kreeg %s van %s (%s) herkomst %s welke niet bestaat" -#: src/protocol_key.c:120 src/protocol_key.c:184 +#: src/protocol_key.c:109 src/protocol_key.c:173 #, c-format msgid "" "Got %s from %s (%s) origin %s which does not exist in our connection list" msgstr "" "Kreeg %s van %s (%s) herkomst %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:128 src/protocol_key.c:192 +#: src/protocol_key.c:117 src/protocol_key.c:181 #, c-format msgid "" "Got %s from %s (%s) destination %s which does not exist in our connection " @@ -746,80 +746,80 @@ msgid "" msgstr "" "Kreeg %s van %s (%s) doel %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:223 +#: src/protocol_key.c:212 #, c-format msgid "Node %s (%s) uses unknown cipher!" msgstr "Node %s (%s) gebruikt onbekende cipher!" -#: src/protocol_key.c:229 +#: src/protocol_key.c:218 #, c-format msgid "Node %s (%s) uses wrong keylength!" msgstr "Node %s (%s) gebruikt verkeerde lengte sleutel!" -#: src/protocol_key.c:249 +#: src/protocol_key.c:238 #, c-format msgid "Node %s (%s) uses bogus MAC length!" msgstr "Node %s (%s) gebruikt onzinnige MAC lengte!" -#: src/protocol_key.c:258 +#: src/protocol_key.c:247 #, c-format msgid "Node %s (%s) uses bogus compression level!" msgstr "Node %s (%s) gebruikt onzinnig compressieniveau!" -#: src/protocol_misc.c:80 -#, c-format -msgid "Status message from %s (%s): %s: %s" +#: src/protocol_misc.c:59 +#, fuzzy, c-format +msgid "Status message from %s (%s): %d: %s" msgstr "Statusmelding van %s (%s): %s: %s" -#: src/protocol_misc.c:109 -#, c-format -msgid "Error message from %s (%s): %s: %s" +#: src/protocol_misc.c:88 +#, fuzzy, c-format +msgid "Error message from %s (%s): %d: %s" msgstr "Foutmelding van %s (%s): %s: %s" -#: src/protocol_subnet.c:90 src/protocol_subnet.c:190 +#: src/protocol_subnet.c:80 src/protocol_subnet.c:180 msgid "invalid subnet string" msgstr "ongeldige subnet string" -#: src/protocol_subnet.c:179 +#: src/protocol_subnet.c:169 #, c-format msgid "Got %s from %s (%s) for %s which is not in our node tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in de node boom" -#: src/protocol_subnet.c:206 +#: src/protocol_subnet.c:196 #, c-format msgid "Got %s from %s (%s) for %s which does not appear in his subnet tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in zijn subnet boom" -#: src/subnet.c:114 +#: src/subnet.c:103 #, c-format msgid "subnet_compare() was called with unknown subnet type %d, exitting!" msgstr "" "subnet_compare() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:299 +#: src/subnet.c:288 #, c-format msgid "net2str() was called with unknown subnet type %d, exiting!" msgstr "net2str() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:414 +#: src/subnet.c:403 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:419 +#: src/subnet.c:408 #, c-format msgid " %s owner %s" msgstr " %s eigenaar %s" -#: src/subnet.c:423 +#: src/subnet.c:412 msgid "End of subnet list." msgstr "Einde van subnet lijst." -#: src/tincd.c:116 +#: src/tincd.c:97 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:119 +#: src/tincd.c:100 #, c-format msgid "" "Usage: %s [option]...\n" @@ -828,7 +828,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:120 +#: src/tincd.c:101 #, fuzzy msgid "" " -c, --config=DIR Read configuration options from DIR.\n" @@ -855,13 +855,13 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:130 +#: src/tincd.c:111 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:188 +#: src/tincd.c:169 #, c-format msgid "" "Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, " @@ -870,7 +870,7 @@ msgstr "" "Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, " "KILL, USR1, USR2, WINCH, INT of ALRM.\n" -#: src/tincd.c:206 +#: src/tincd.c:187 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" @@ -878,24 +878,24 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:279 +#: src/tincd.c:260 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:283 +#: src/tincd.c:264 msgid "Error during key generation!\n" msgstr "Fout tijdens genereren sleutel!\n" -#: src/tincd.c:286 +#: src/tincd.c:267 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:295 +#: src/tincd.c:276 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:301 src/tincd.c:314 +#: src/tincd.c:282 src/tincd.c:295 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -903,23 +903,24 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:308 +#: src/tincd.c:289 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:337 +#: src/tincd.c:318 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:368 +#: src/tincd.c:349 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:370 +#: src/tincd.c:351 +#, fuzzy msgid "" -"Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen and others.\n" +"Copyright (C) 1998-2003 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" "\n" "tinc comes with ABSOLUTELY NO WARRANTY. This is free software,\n" @@ -934,135 +935,135 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:396 +#: src/tincd.c:377 msgid "mlockall() not supported on this platform!" msgstr "mlockall() wordt niet ondersteund op dit platform!" -#: src/tincd.c:420 +#: src/tincd.c:401 msgid "Error initializing LZO compressor!" msgstr "Fout tijdens initialiseren LZO compressor!" -#: src/tincd.c:433 +#: src/tincd.c:414 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:437 +#: src/tincd.c:418 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:440 src/process.c:347 +#: src/tincd.c:421 src/process.c:339 msgid "Not restarting." msgstr "Geen herstart." -#: src/process.c:70 +#: src/process.c:55 #, c-format msgid "Memory exhausted (couldn't allocate %d bytes), exitting." msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." -#: src/process.c:102 +#: src/process.c:87 msgid "Terminating" msgstr "Beëindigen" -#: src/process.c:121 +#: src/process.c:106 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd draait al voor net `%s' met pid %d.\n" -#: src/process.c:124 +#: src/process.c:109 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met pid %d.\n" -#: src/process.c:148 +#: src/process.c:133 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:151 +#: src/process.c:136 msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:160 +#: src/process.c:145 #, c-format msgid "The tincd for net `%s' is no longer running. " msgstr "De tincd voor net `%s' draait niet meer. " -#: src/process.c:163 +#: src/process.c:148 msgid "The tincd is no longer running. " msgstr "De tincd draait niet meer. " -#: src/process.c:165 +#: src/process.c:150 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:192 +#: src/process.c:177 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:205 +#: src/process.c:190 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:236 +#: src/process.c:225 #, c-format msgid "Could not execute `%s': %s" msgstr "Kon `%s' niet uitvoeren: %s" -#: src/process.c:269 +#: src/process.c:258 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:276 +#: src/process.c:265 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:282 +#: src/process.c:271 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:286 +#: src/process.c:275 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:309 +#: src/process.c:301 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:316 +#: src/process.c:308 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:322 +#: src/process.c:314 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart." -#: src/process.c:331 +#: src/process.c:323 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:335 +#: src/process.c:327 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:354 +#: src/process.c:346 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:361 +#: src/process.c:353 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:367 +#: src/process.c:359 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1071,41 +1072,41 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:376 +#: src/process.c:368 msgid "Got ALRM signal" msgstr "Kreeg ALRM signaal" -#: src/process.c:401 +#: src/process.c:393 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:407 +#: src/process.c:399 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:460 +#: src/process.c:452 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:133 +#: src/route.c:107 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:166 +#: src/route.c:140 #, c-format msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" -#: src/route.c:275 +#: src/route.c:249 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:366 +#: src/route.c:340 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1114,19 +1115,19 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:418 +#: src/route.c:392 msgid "" "Cannot route packet: received unknown type neighbor solicitation request" msgstr "" "Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation " "verzoek" -#: src/route.c:435 +#: src/route.c:409 msgid "Cannot route packet: checksum error for neighbor solicitation request" msgstr "" "Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek" -#: src/route.c:444 +#: src/route.c:418 #, c-format msgid "" "Cannot route packet: neighbor solicitation request for unknown address %hx:%" @@ -1135,25 +1136,25 @@ msgstr "" "Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres %" "hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx" -#: src/route.c:523 +#: src/route.c:497 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:532 +#: src/route.c:506 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:587 +#: src/route.c:561 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" -#: src/node.c:176 +#: src/node.c:171 msgid "Nodes:" msgstr "Nodes:" -#: src/node.c:180 +#: src/node.c:175 #, c-format msgid "" " %s at %s cipher %d digest %d maclength %d compression %d options %lx status " @@ -1162,162 +1163,162 @@ msgstr "" " %s op %s cipher %d digest %d maclengte %d compressie %d opties %lx status %" "04x nexthop %s via %s" -#: src/node.c:187 +#: src/node.c:182 msgid "End of nodes." msgstr "Einde van nodes." -#: src/edge.c:157 +#: src/edge.c:147 msgid "Edges:" msgstr "Edges:" -#: src/edge.c:164 +#: src/edge.c:154 #, c-format msgid " %s to %s at %s options %lx weight %d" msgstr " %s naar %s op %s opties %lx gewicht %d" -#: src/edge.c:170 +#: src/edge.c:160 msgid "End of edges." msgstr "Einde van edges." -#: src/graph.c:263 +#: src/graph.c:253 #, c-format msgid "Node %s (%s) became reachable" msgstr "Node %s (%s) werd bereikbaar" -#: src/graph.c:266 +#: src/graph.c:256 #, c-format msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" -#: src/linux/device.c:91 src/freebsd/device.c:67 src/solaris/device.c:71 -#: src/netbsd/device.c:71 src/openbsd/device.c:71 +#: src/linux/device.c:76 src/freebsd/device.c:51 src/solaris/device.c:59 +#: src/netbsd/device.c:54 src/openbsd/device.c:54 #, c-format msgid "Could not open %s: %s" msgstr "Kon `%s' niet openen: %s" -#: src/linux/device.c:102 +#: src/linux/device.c:87 msgid "Linux tun/tap device (tun mode)" msgstr "Linux tun/tap apparaat (tun modus)" -#: src/linux/device.c:106 +#: src/linux/device.c:91 msgid "Linux tun/tap device (tap mode)" msgstr "Linux tun/tap apparaat (tap modus)" -#: src/linux/device.c:116 +#: src/linux/device.c:101 #, c-format msgid "Old ioctl() request was needed for %s" msgstr "Oud ioctl() verzoek was nodig voor %s" -#: src/linux/device.c:124 +#: src/linux/device.c:109 msgid "Linux ethertap device" msgstr "Linux ethertap apparaat" -#: src/linux/device.c:129 src/freebsd/device.c:73 src/solaris/device.c:120 -#: src/netbsd/device.c:77 src/openbsd/device.c:77 +#: src/linux/device.c:114 src/freebsd/device.c:57 src/solaris/device.c:108 +#: src/netbsd/device.c:60 src/openbsd/device.c:60 #, c-format msgid "%s is a %s" msgstr "%s is een %s" -#: src/linux/device.c:156 src/linux/device.c:167 src/linux/device.c:178 -#: src/freebsd/device.c:96 src/solaris/device.c:139 src/netbsd/device.c:96 -#: src/openbsd/device.c:98 +#: src/linux/device.c:137 src/linux/device.c:148 src/linux/device.c:159 +#: src/freebsd/device.c:76 src/solaris/device.c:127 src/netbsd/device.c:79 +#: src/openbsd/device.c:81 #, c-format msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" -#: src/linux/device.c:189 src/freebsd/device.c:105 src/solaris/device.c:151 -#: src/netbsd/device.c:108 src/openbsd/device.c:125 +#: src/linux/device.c:170 src/freebsd/device.c:85 src/solaris/device.c:139 +#: src/netbsd/device.c:91 src/openbsd/device.c:108 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" -#: src/linux/device.c:199 src/freebsd/device.c:115 src/solaris/device.c:161 -#: src/netbsd/device.c:119 src/openbsd/device.c:140 +#: src/linux/device.c:180 src/freebsd/device.c:95 src/solaris/device.c:149 +#: src/netbsd/device.c:102 src/openbsd/device.c:123 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" -#: src/linux/device.c:206 src/linux/device.c:213 src/linux/device.c:222 -#: src/solaris/device.c:165 src/netbsd/device.c:123 src/openbsd/device.c:165 +#: src/linux/device.c:187 src/linux/device.c:194 src/linux/device.c:203 +#: src/solaris/device.c:153 src/netbsd/device.c:106 src/openbsd/device.c:148 #, c-format msgid "Can't write to %s %s: %s" msgstr "Kan niet schrijven naar %s %s: %s" -#: src/linux/device.c:238 src/freebsd/device.c:131 src/solaris/device.c:179 -#: src/netbsd/device.c:135 src/openbsd/device.c:177 +#: src/linux/device.c:219 src/freebsd/device.c:111 src/solaris/device.c:167 +#: src/netbsd/device.c:118 src/openbsd/device.c:160 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" -#: src/linux/device.c:239 src/freebsd/device.c:132 src/solaris/device.c:180 -#: src/netbsd/device.c:136 src/openbsd/device.c:178 +#: src/linux/device.c:220 src/freebsd/device.c:112 src/solaris/device.c:168 +#: src/netbsd/device.c:119 src/openbsd/device.c:161 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" -#: src/linux/device.c:240 src/freebsd/device.c:133 src/solaris/device.c:181 -#: src/netbsd/device.c:137 src/openbsd/device.c:179 +#: src/linux/device.c:221 src/freebsd/device.c:113 src/solaris/device.c:169 +#: src/netbsd/device.c:120 src/openbsd/device.c:162 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" -#: src/freebsd/device.c:71 +#: src/freebsd/device.c:55 msgid "FreeBSD tap device" msgstr "FreeBSD tap apparaat" -#: src/freebsd/device.c:119 +#: src/freebsd/device.c:99 #, c-format msgid "Error while writing to %s %s: %s" msgstr "Fout tijdens schrijven naar %s %s: %s" -#: src/solaris/device.c:83 +#: src/solaris/device.c:71 #, c-format msgid "Could not open /dev/ip: %s" msgstr "Kon /dev/ip niet openen: %s" -#: src/solaris/device.c:89 +#: src/solaris/device.c:77 #, c-format msgid "Can't assign new interface: %s" msgstr "Kan geen nieuwe interface toekennen: %s" -#: src/solaris/device.c:94 +#: src/solaris/device.c:82 #, c-format msgid "Could not open %s twice: %s" msgstr "Kon `%s' niet twee keer openen: %s" -#: src/solaris/device.c:100 +#: src/solaris/device.c:88 #, c-format msgid "Can't push IP module: %s" msgstr "Kan IP module niet invoegen: %s" -#: src/solaris/device.c:106 +#: src/solaris/device.c:94 #, c-format msgid "Can't set PPA %d: %s" msgstr "Kon PPA %d niet instellen: %s" -#: src/solaris/device.c:111 +#: src/solaris/device.c:99 #, c-format msgid "Can't link TUN device to IP: %s" msgstr "Kan TUN apparaat niet koppelen aan IP: %s" -#: src/solaris/device.c:118 +#: src/solaris/device.c:106 msgid "Solaris tun device" msgstr "Solaris tun apparaat" -#: src/netbsd/device.c:75 +#: src/netbsd/device.c:58 msgid "NetBSD tun device" msgstr "NetBSD tun apparaat" -#: src/openbsd/device.c:75 +#: src/openbsd/device.c:58 msgid "OpenBSD tun device" msgstr "OpenBSD tun apparaat" -#: src/openbsd/device.c:116 +#: src/openbsd/device.c:99 #, c-format msgid "Unknown address family %d while reading packet from %s %s" msgstr "Onbekende adresfamilie %d tijdens lezen pakket van %s %s" -#: src/openbsd/device.c:154 +#: src/openbsd/device.c:137 #, c-format msgid "Unknown address family %d while writing packet to %s %s" msgstr "Onbekende adresfamilie %d tijdens schrijven pakket naar %s %s" From 123bb765d10453fdccbe363a02e3042c588729cc Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 18 Jul 2003 13:45:06 +0000 Subject: [PATCH 768/923] Use iface instead of interface because it might already be declared in system header files. --- src/device.h | 7 +------ src/graph.c | 4 ++-- src/net_setup.c | 6 +++--- src/net_socket.c | 18 +++++++++--------- 4 files changed, 15 insertions(+), 20 deletions(-) diff --git a/src/device.h b/src/device.h index 4982cbab..4dce250e 100644 --- a/src/device.h +++ b/src/device.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.h,v 1.1.2.9 2003/07/15 16:38:18 guus Exp $ + $Id: device.h,v 1.1.2.10 2003/07/18 13:45:06 guus Exp $ */ #ifndef __TINC_DEVICE_H__ @@ -26,12 +26,7 @@ extern int device_fd; extern char *device; -#ifdef HAVE_CYGWIN extern char *iface; -#define interface iface -#else -extern char *interface; -#endif extern int setup_device(void); extern void close_device(void); diff --git a/src/graph.c b/src/graph.c index 2c6ad22e..147586e5 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.25 2003/07/17 15:06:26 guus Exp $ + $Id: graph.c,v 1.1.2.26 2003/07/18 13:45:06 guus Exp $ */ /* We need to generate two trees from the graph: @@ -262,7 +262,7 @@ void sssp_bfs(void) asprintf(&envp[0], "NETNAME=%s", netname ? : ""); asprintf(&envp[1], "DEVICE=%s", device ? : ""); - asprintf(&envp[2], "INTERFACE=%s", interface ? : ""); + asprintf(&envp[2], "INTERFACE=%s", iface ? : ""); asprintf(&envp[3], "NODE=%s", n->name); sockaddr2str(&n->address, &address, &port); asprintf(&envp[4], "REMOTEADDRESS=%s", address); diff --git a/src/net_setup.c b/src/net_setup.c index ca7aa61e..b3c565ba 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.35 2003/07/17 15:06:26 guus Exp $ + $Id: net_setup.c,v 1.1.2.36 2003/07/18 13:45:06 guus Exp $ */ #include "system.h" @@ -525,7 +525,7 @@ int setup_network_connections(void) /* Run tinc-up script to further initialize the tap interface */ asprintf(&envp[0], "NETNAME=%s", netname ? : ""); asprintf(&envp[1], "DEVICE=%s", device ? : ""); - asprintf(&envp[2], "INTERFACE=%s", interface ? : ""); + asprintf(&envp[2], "INTERFACE=%s", iface ? : ""); asprintf(&envp[3], "NAME=%s", myself->name); envp[4] = NULL; @@ -577,7 +577,7 @@ void close_network_connections(void) asprintf(&envp[0], "NETNAME=%s", netname ? : ""); asprintf(&envp[1], "DEVICE=%s", device ? : ""); - asprintf(&envp[2], "INTERFACE=%s", interface ? : ""); + asprintf(&envp[2], "INTERFACE=%s", iface ? : ""); asprintf(&envp[3], "NAME=%s", myself->name); envp[4] = NULL; diff --git a/src/net_socket.c b/src/net_socket.c index 90458d28..82875bba 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.28 2003/07/18 13:41:35 guus Exp $ + $Id: net_socket.c,v 1.1.2.29 2003/07/18 13:45:06 guus Exp $ */ #include "system.h" @@ -48,7 +48,7 @@ int setup_listen_socket(sockaddr_t *sa) int nfd, flags; char *addrstr; int option; - char *interface; + char *iface; struct ifreq ifr; cp(); @@ -84,14 +84,14 @@ int setup_listen_socket(sockaddr_t *sa) #endif if(get_config_string - (lookup_config(config_tree, "BindToInterface"), &interface)) { + (lookup_config(config_tree, "BindToInterface"), &iface)) { #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); + strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ); if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) { close(nfd); - logger(LOG_ERR, _("Can't bind to interface %s: %s"), interface, + logger(LOG_ERR, _("Can't bind to interface %s: %s"), iface, strerror(errno)); return -1; } @@ -125,7 +125,7 @@ int setup_vpn_in_socket(sockaddr_t *sa) char *addrstr; int option; #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - char *interface; + char *iface; struct ifreq ifr; #endif @@ -151,13 +151,13 @@ int setup_vpn_in_socket(sockaddr_t *sa) #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) if(get_config_string - (lookup_config(config_tree, "BindToInterface"), &interface)) { + (lookup_config(config_tree, "BindToInterface"), &iface)) { memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_ifrn.ifrn_name, interface, IFNAMSIZ); + strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ); if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) { close(nfd); - logger(LOG_ERR, _("Can't bind to interface %s: %s"), interface, + logger(LOG_ERR, _("Can't bind to interface %s: %s"), iface, strerror(errno)); return -1; } From 38aa0319ef79124e59b587e6d55f37a79a9d847c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 18 Jul 2003 14:09:47 +0000 Subject: [PATCH 769/923] Oops. --- configure.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index a4b29b85..b192177b 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.68 2003/07/18 13:42:35 guus Exp $ +dnl $Id: configure.in,v 1.13.2.69 2003/07/18 14:09:47 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -143,10 +143,10 @@ AC_CHECK_TYPES([socklen_t, struct arphdr, struct ether_arp, struct in_addr, stru #include #endif #ifdef HAVE_NETINET_IP6_H - #include + #include #endif #ifdef HAVE_NETINET_ICMP6_H - #include + #include #endif ] ) From b657f0519456d05bcea5742017165793f79e56df Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 18 Jul 2003 14:10:27 +0000 Subject: [PATCH 770/923] No UNIX style permissions under Windows. --- src/conf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/conf.c b/src/conf.c index f7019d14..f5211521 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.66 2003/07/17 15:06:26 guus Exp $ + $Id: conf.c,v 1.9.4.67 2003/07/18 14:10:27 guus Exp $ */ #include "system.h" @@ -417,6 +417,7 @@ int read_server_config() int is_safe_path(const char *file) { +#if !(defined(HAVE_CYGWIN) || defined(HAVE_MINGW)) char *p; const char *f; char x; @@ -499,6 +500,7 @@ check2: logger(LOG_ERR, _("`%s' has unsecure permissions"), f); return 0; } +#endif return 1; } From c1e8152f4fe5e4557784d8411e50006d461b8786 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 21 Jul 2003 13:14:02 +0000 Subject: [PATCH 771/923] Be consistent. --- lib/dropin.c | 4 +++- lib/fake-getaddrinfo.c | 4 +++- lib/ipv4.h | 12 ++++++------ lib/ipv6.h | 5 +++-- 4 files changed, 15 insertions(+), 10 deletions(-) diff --git a/lib/dropin.c b/lib/dropin.c index 0efa5f2b..0a8ae6ef 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -17,11 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.15 2003/07/17 15:06:25 guus Exp $ + $Id: dropin.c,v 1.1.2.16 2003/07/21 13:14:02 guus Exp $ */ #include "system.h" +#include "xalloc.h" + #ifndef HAVE_DAEMON /* Replacement for the daemon() function. diff --git a/lib/fake-getaddrinfo.c b/lib/fake-getaddrinfo.c index e1706802..29b3f9b0 100644 --- a/lib/fake-getaddrinfo.c +++ b/lib/fake-getaddrinfo.c @@ -11,6 +11,8 @@ #include "system.h" +#include "ipv4.h" +#include "ipv6.h" #include "fake-getaddrinfo.h" #ifndef HAVE_GAI_STRERROR @@ -40,7 +42,7 @@ void freeaddrinfo(struct addrinfo *ai) #endif /* !HAVE_FREEADDRINFO */ #ifndef HAVE_GETADDRINFO -static struct addrinfo *malloc_ai(int port, u_long addr) +static struct addrinfo *malloc_ai(int port, uint32_t addr) { struct addrinfo *ai; diff --git a/lib/ipv4.h b/lib/ipv4.h index 39d914ef..4be432f7 100644 --- a/lib/ipv4.h +++ b/lib/ipv4.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ipv4.h,v 1.1.2.2 2003/07/18 13:42:35 guus Exp $ + $Id: ipv4.h,v 1.1.2.3 2003/07/21 13:14:02 guus Exp $ */ #ifndef __TINC_IPV4_H__ @@ -57,16 +57,16 @@ struct ip { unsigned int ip_hl:4; #endif uint8_t ip_tos; - u_short ip_len; - u_short ip_id; - u_short ip_off; + uint16_t ip_len; + uint16_t ip_id; + uint16_t ip_off; #define IP_RF 0x8000 #define IP_DF 0x4000 #define IP_MF 0x2000 #define IP_OFFMASK 0x1fff uint8_t ip_ttl; uint8_t ip_p; - u_short ip_sum; + uint16_t ip_sum; struct in_addr ip_src, ip_dst; }; #endif @@ -77,7 +77,7 @@ struct icmp { uint8_t icmp_code; uint16_t icmp_cksum; union { - u_char ih_pptr; + uint8_t ih_pptr; struct in_addr ih_gwaddr; struct ih_idseq { uint16_t icd_id; diff --git a/lib/ipv6.h b/lib/ipv6.h index d8cb4cf5..0db5d011 100644 --- a/lib/ipv6.h +++ b/lib/ipv6.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ipv6.h,v 1.1.2.5 2003/07/18 13:42:35 guus Exp $ + $Id: ipv6.h,v 1.1.2.6 2003/07/21 13:14:02 guus Exp $ */ #ifndef __TINC_IPV6_H__ @@ -46,7 +46,8 @@ struct in6_addr { #ifndef HAVE_STRUCT_SOCKADDR_IN6 struct sockaddr_in6 { - in_port_t sin6_port; + uint16_t sin6_family; + uint16_t sin6_port; uint32_t sin6_flowinfo; struct in6_addr sin6_addr; uint32_t sin6_scope_id; From 64fd25aa6b794bb1d957b50d48705f30ed47c878 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 21 Jul 2003 13:15:36 +0000 Subject: [PATCH 772/923] Oops. --- system.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/system.h b/system.h index c4dd0d14..d4381dc5 100644 --- a/system.h +++ b/system.h @@ -35,7 +35,10 @@ #include #include #include + +#ifdef HAVE_TERMIOS_H #include +#endif #ifdef HAVE_INTTYPES_H #include @@ -72,7 +75,7 @@ #endif #ifdef HAVE_SYS_PARAM_H -#include +#include #endif /* SunOS really wants sys/socket.h BEFORE net/if.h, From 2f2defc4525befd5b5cb69d03b7887db35e9e46c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 21 Jul 2003 13:18:44 +0000 Subject: [PATCH 773/923] Check for sys/mman.h. --- configure.in | 4 ++-- src/tincd.c | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index b192177b..92f62a9d 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.69 2003/07/18 14:09:47 guus Exp $ +dnl $Id: configure.in,v 1.13.2.70 2003/07/21 13:18:43 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -89,7 +89,7 @@ dnl Checks for libraries. dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS([syslog.h sys/file.h sys/ioctl.h sys/param.h sys/time.h sys/socket.h sys/wait.h netdb.h arpa/inet.h netinet/in_systm.h netinet/in.h]) +AC_CHECK_HEADERS([syslog.h sys/file.h sys/ioctl.h sys/param.h sys/time.h sys/socket.h sys/wait.h sys/mman.h netdb.h arpa/inet.h netinet/in_systm.h netinet/in.h]) AC_CHECK_HEADERS([net/ethernet.h net/if.h net/if_arp.h netinet/if_ether.h netinet/ip.h netinet/tcp.h netinet/ip_icmp.h netinet/ip6.h netinet/icmp6.h], [], [], [#ifdef HAVE_SYS_TYPES_H diff --git a/src/tincd.c b/src/tincd.c index 8ef8c514..da5eed6e 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.73 2003/07/17 15:06:27 guus Exp $ + $Id: tincd.c,v 1.10.4.74 2003/07/21 13:18:44 guus Exp $ */ #include "system.h" @@ -27,7 +27,9 @@ #define _P1003_1B_VISIBLE #endif +#ifdef HAVE_SYS_MMAN_H #include +#endif #include #include From e169244e4b10dbcc1910c0f7fd811304d5b1a5a5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 21 Jul 2003 14:47:43 +0000 Subject: [PATCH 774/923] Use functions from logger.c --- src/process.c | 6 +++--- src/protocol_subnet.c | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/process.c b/src/process.c index b0e1e63f..9a918158 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.55 2003/07/17 15:06:26 guus Exp $ + $Id: process.c,v 1.1.2.56 2003/07/21 14:47:43 guus Exp $ */ #include "system.h" @@ -86,7 +86,7 @@ void cleanup_and_exit(int c) logger(LOG_NOTICE, _("Terminating")); - closelog(); + closelogger(); exit(c); } @@ -170,7 +170,7 @@ int detach(void) /* If we succeeded in doing that, detach */ - closelog(); + closelogger(); if(do_detach) { if(daemon(0, 0) < 0) { diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index f29bdbe7..79fbb417 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.12 2003/07/17 15:06:27 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.13 2003/07/21 14:47:43 guus Exp $ */ #include "system.h" @@ -58,7 +58,7 @@ int add_subnet_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d %*x " MAX_STRING " " MAX_STRING, name, subnetstr) != 2) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_SUBNET", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_SUBNET", c->name, c->hostname); return -1; } @@ -66,7 +66,7 @@ int add_subnet_h(connection_t *c) /* Check if owner name is a valid */ if(check_id(name)) { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid name")); return -1; } @@ -76,7 +76,7 @@ int add_subnet_h(connection_t *c) s = str2net(subnetstr); if(!s) { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid subnet string")); return -1; } @@ -148,7 +148,7 @@ int del_subnet_h(connection_t *c) cp(); if(sscanf(c->buffer, "%*d %*x " MAX_STRING " " MAX_STRING, name, subnetstr) != 2) { - syslog(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_SUBNET", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_SUBNET", c->name, c->hostname); return -1; } @@ -156,7 +156,7 @@ int del_subnet_h(connection_t *c) /* Check if owner name is a valid */ if(check_id(name)) { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid name")); return -1; } @@ -176,7 +176,7 @@ int del_subnet_h(connection_t *c) s = str2net(subnetstr); if(!s) { - syslog(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, + logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid subnet string")); return -1; } From bad82522ecfc1f3c72c600cbca6e8fa7e950c3bf Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 21 Jul 2003 15:51:00 +0000 Subject: [PATCH 775/923] Copy cygwin driver to mingw directory. It doesn't work (yet). --- configure.in | 4 +- src/mingw/device.c | 304 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 306 insertions(+), 2 deletions(-) create mode 100644 src/mingw/device.c diff --git a/configure.in b/configure.in index 92f62a9d..7850ac97 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.70 2003/07/21 13:18:43 guus Exp $ +dnl $Id: configure.in,v 1.13.2.71 2003/07/21 15:51:00 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -68,7 +68,7 @@ case $host_os in [ rm -f src/device.c; ln -sf cygwin/device.c src/device.c ] ;; *mingw*) - AC_DEFINE(HAVE_CYGWIN, 1, [MinGW]) + AC_DEFINE(HAVE_MINGW, 1, [MinGW]) [ rm -f src/device.c; ln -sf mingw/device.c src/device.c ] ;; *) diff --git a/src/mingw/device.c b/src/mingw/device.c new file mode 100644 index 00000000..c2cdca84 --- /dev/null +++ b/src/mingw/device.c @@ -0,0 +1,304 @@ +/* + device.c -- Interaction with CIPE driver in a MinGW environment + Copyright (C) 2002-2003 Ivo Timmermans , + 2002-2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.1.2.1 2003/07/21 15:51:00 guus Exp $ +*/ + +#error "Device driver for MinGW environment not written yet!" + +#include "system.h" + +#include + +#include "conf.h" +#include "logger.h" +#include "net.h" +#include "route.h" +#include "utils.h" +#include "xalloc.h" + +/* Definitions from CIPE */ + +#define NETCARD_REG_KEY_2000 "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}" +#define NETCARD_REG_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards" +#define REG_SERVICE_KEY "SYSTEM\\CurrentControlSet\\Services" + +#define USERMODEDEVICEDIR "\\\\.\\" +#define SYSDEVICEDIR "\\Device\\" +#define USERDEVICEDIR "\\??\\" +#define TAPSUFFIX ".tap" + +#define PRODUCT_STRING "DKW Heavy Industries VPN Adapter." +#define CIPE_SERVICE_NAME "CIPE_Daemon" +#define CIPE_DRIVER_NAME "CIPE" + +#define CIPE_NDIS_MAJOR_VERSION 4 +#define CIPE_NDIS_MINOR_VERSION 0 + +#ifndef CIPE_DRIVER_MAJOR_VERSION +# define CIPE_DRIVER_MAJOR_VERSION 2 +#endif + +#ifndef CIPE_DRIVER_MINOR_VERSION +# define CIPE_DRIVER_MINOR_VERSION 1 +#endif + +#ifndef CIPE_MAC_ROOT_ADDRESS +# define CIPE_MAC_ROOT_ADDRESS "8:0:58:0:0:1" +#endif + +#define CIPE_CONTROL_CODE(request,method) CTL_CODE (FILE_DEVICE_PHYSICAL_NETCARD | 8000, request, method, FILE_ANY_ACCESS) + +#define CIPE_IOCTL_GET_LASTMAC CIPE_CONTROL_CODE (0, METHOD_BUFFERED) +#define CIPE_IOCTL_GET_MAC CIPE_CONTROL_CODE (1, METHOD_BUFFERED) +#define CIPE_IOCTL_SET_STATISTICS CIPE_CONTROL_CODE (2, METHOD_BUFFERED) + +/* Windows 2000 */ +#define OSTYPE 5 + +int device_fd = -1; +char *device = NULL; +char *iface = NULL; +char *device_info = NULL; + +int device_total_in = 0; +int device_total_out = 0; + +HANDLE handle; + +pid_t reader_pid; +int sp[2]; + +int setup_device(void) +{ + HKEY key, key2, adapterkey; + int i; + + char adapterid[1024]; + char manufacturer[1024]; + char productname[1024]; + char adaptername[1024]; + char tapname[1024]; + char gelukt = 0; + long len; + + FILETIME filetime; + bool found = false; + + cp(); + + get_config_string(lookup_config(config_tree, "Device"), &device); + + /* Open registry and look for network adapters */ + + if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, (OSTYPE > 4 ? NETCARD_REG_KEY_2000 : NETCARD_REG_KEY), 0, KEY_READ, &key)) { + logger(LOG_ERR, _("Unable to read registry")); + return -1; + } + + for (i = 0; ; i++) { + len = sizeof(adapterid); + if(RegEnumKeyEx (key, i, adapterid, &len, 0, 0, 0, &filetime)) + break; + + /* Find out more about this adapter */ + + if(RegOpenKeyEx (key, adapterid, 0, KEY_READ, &adapterkey)) { + logger(LOG_ERR, _("Unable to read registry")); + return -1; + } + + len = sizeof(productname); + if(RegQueryValueEx(adapterkey, "ProductName", 0, 0, productname, &len)) + goto skip; + + len = sizeof(manufacturer); + if(RegQueryValueEx(adapterkey, "Manufacturer", 0, 0, manufacturer, &len)) + goto skip; + + if(!strcmp(productname, "CIPE") && !strcmp(manufacturer, "DKWHeavyIndustries")) { + if(device && strcmp(adapterid, device)) + continue; + if(!device) + device = xstrdup(adapterid); + found = true; + break; + } + +skip: + RegCloseKey (adapterkey); + } + + if(!found) { + logger(LOG_ERR, _("No CIPE adapters found!")); + return -1; + } + + /* Get adapter name */ + + len = sizeof(adaptername); + RegQueryValueEx(adapterkey, (OSTYPE > 4 ? "NetCfgInstanceId" : "ServiceName"), 0, 0, adaptername, &len); + + /* FIXME? cipsrvr checks if the device is in use at this point */ + + /* Try to open the corresponding tap device */ + + snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, adaptername); + + /* Now we are going to open this device twice: once for reading and once for writing. + We do this because apparently it isn't possible to check for activity in the select() loop. + Furthermore I don't really know how to do it the "Windows" way. */ + + if(socketpair(AF_UNIX, SOCK_DGRAM, PF_UNIX, sp)) { + logger(LOG_DEBUG, _("System call `%s' failed: %s"), "socketpair", strerror(errno)); + return -1; + } + + reader_pid = fork(); + + if(reader_pid == -1) { + logger(LOG_DEBUG, _("System call `%s' failed: %s"), "fork", strerror(errno)); + return -1; + } + + if(!reader_pid) { + /* The child opens the tap device for reading, blocking. + It passes everything it reads to the socket. */ + + char buf[MTU]; + int lenin; + + handle = CreateFile(tapname, GENERIC_READ, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); + + if(handle == INVALID_HANDLE_VALUE) { + logger(LOG_ERR, _("Could not open CIPE tap device for reading!")); + buf[0] = 0; + write(sp[1], buf, 1); + exit(1); + } + + logger(LOG_DEBUG, _("Tap reader forked and running.")); + + /* Notify success */ + + buf[0] = 1; + write(sp[1], buf, 1); + + /* Pass packets */ + + for(;;) { + ReadFile (handle, buf, MTU, &lenin, NULL); + write(sp[1], buf, lenin); + } + } + + /* The parent opens the tap device for writing. */ + + handle = CreateFile(tapname, GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); + + if(handle == INVALID_HANDLE_VALUE) { + logger(LOG_ERR, _("Could not open CIPE tap device for writing!")); + return -1; + } + + device_fd = sp[0]; + + /* Get MAC address from tap device */ + + if(routing_mode == RMODE_ROUTER) { + DeviceIoControl (handle, CIPE_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0); + overwrite_mac = 1; + } + + read(device_fd, &gelukt, 1); + if(gelukt != 1) { + logger(LOG_DEBUG, "Tap reader failed!"); + return -1; + } + + if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) + iface = device; + + device_info = _("Cygwin CIPE device"); + + logger(LOG_INFO, _("%s is a %s"), device, device_info); + + return 0; +} + +void close_device(void) +{ + cp(); + + close(sp[0]); + close(sp[1]); + CloseHandle(handle); + + kill(reader_pid, SIGKILL); +} + +int read_packet(vpn_packet_t *packet) +{ + int lenin; + + cp(); + + if((lenin = read(sp[0], packet->data, MTU)) <= 0) { + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return -1; + } + + packet->len = lenin; + + device_total_in += packet->len; + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + device_info); + + return 0; +} + +int write_packet(vpn_packet_t *packet) +{ + int lenout; + + cp(); + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + if(!WriteFile (handle, packet->data, packet->len, &lenout, NULL)) { + logger(LOG_ERR, "Error while writing to %s %s", device_info, device); + return -1; + } + + device_total_out += packet->len; + + return 0; +} + +void dump_device_stats(void) +{ + cp(); + + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +} From c96900f378966ca1be96ddb1c43f855c74083b70 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 21 Jul 2003 19:58:58 +0000 Subject: [PATCH 776/923] Add section about configuring Cygwin and CIPE on Windows. --- doc/tinc.texi | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 5015ac4a..7f8225c8 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.38 2003/07/12 17:41:45 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.39 2003/07/21 19:58:58 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.38 2003/07/12 17:41:45 guus Exp $ +$Id: tinc.texi,v 1.8.4.39 2003/07/21 19:58:58 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.38 2003/07/12 17:41:45 guus Exp $ +$Id: tinc.texi,v 1.8.4.39 2003/07/21 19:58:58 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -177,8 +177,8 @@ available too. @section Supported platforms @cindex platforms -tinc has been verified to work under Linux, FreeBSD, OpenBSD and Solaris, with -various hardware architectures. These are some of the platforms +tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X (Darwin), Solaris, and Windows (in a Cygwin environment), +with various hardware architectures. These are some of the platforms that are supported by the universal tun/tap device driver or other virtual network device drivers. Without such a driver, tinc will most likely compile and run, but it will not be able to send or receive data @@ -258,6 +258,15 @@ downloaded from @uref{http://chrisp.de/en/projects/tunnel.html}. IPv6 packets cannot be tunneled on Darwin. +@c ================================================================== +@subsection Cygwin (Windows) + +@cindex Cygwin +@cindex Windows +tinc on Windows, in a Cygwin environment, relies on the CIPE driver for its data +acquisition from the kernel. This driver is not part of Windows but can be +downloaded from @uref{http://cipe-win32.sourceforge.net/}. + @c @c @@ -317,6 +326,7 @@ you should read the @uref{http://howto.linuxberg.com/LDP/HOWTO/Kernel-HOWTO.html * Configuration of NetBSD kernels:: * Configuration of Solaris kernels:: * Configuration of Darwin (MacOS/X) kernels:: +* Configuration of Cygwin (Windows):: @end menu @@ -433,7 +443,7 @@ Unfortunately somebody still has to write the text. @c ================================================================== -@node Configuration of Darwin (MacOS/X) kernels, , Configuration of Solaris kernels, Configuring the kernel +@node Configuration of Darwin (MacOS/X) kernels, Configuration of Cygwin (Windows), Configuration of Solaris kernels, Configuring the kernel @subsection Configuration of Darwin (MacOS/X) kernels Darwin does not come with a tunnel driver. You must download it at @@ -449,6 +459,16 @@ Once loaded, the tunnel driver will automatically create @file{/dev/tun0}..@file and the corresponding network interfaces. +@c ================================================================== +@node Configuration of Cygwin (Windows), , Configuration of Darwin (MacOS/X) kernels, Configuring the kernel +@subsection Configuration of Cygwin (Windows) + +If Cygwin hasn't already been installed, install it directly from +@uref{http://www.cygwin.com/}. You will also need to install the +CIPE driver, you can download it from @uref{http://cipe-win32.sourceforge.net}. +Configure the CIPE network device in the same way as you would do from the tinc-up script. + + @c ================================================================== @node Libraries, , Configuring the kernel, Preparations @section Libraries From 471308e1636e7a06e1d9ebc98e82b1c0c5150dde Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 22 Jul 2003 12:58:34 +0000 Subject: [PATCH 777/923] Option to specify pidfile location. --- src/tincd.c | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/src/tincd.c b/src/tincd.c index da5eed6e..e71c3211 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.74 2003/07/21 13:18:44 guus Exp $ + $Id: tincd.c,v 1.10.4.75 2003/07/22 12:58:34 guus Exp $ */ #include "system.h" @@ -90,6 +90,7 @@ static struct option const long_options[] = { {"bypass-security", no_argument, &bypass_security, 1}, {"mlock", no_argument, &do_mlock, 1}, {"logfile", optional_argument, NULL, 'F'}, + {"pidfile", required_argument, NULL, 'P'}, {NULL, 0, NULL, 0} }; @@ -107,7 +108,8 @@ static void usage(int status) " -n, --net=NETNAME Connect to net NETNAME.\n" " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" " -L, --mlock Lock tinc into main memory.\n" - " -F, --logfile[=FILENAME] Write log entries to a logfile.\n" + " --logfile[=FILENAME] Write log entries to a logfile.\n" + " --pidfile=FILENAME Write PID to FILENAME.\n" " --help Display this help and exit.\n" " --version Output version information and exit.\n\n")); printf(_("Report bugs to tinc@nl.linux.org.\n")); @@ -121,14 +123,13 @@ static void parse_options(int argc, char **argv, char **envp) int r; int option_index = 0; - while((r = getopt_long(argc, argv, "c:DLd::k::n:K::F::", long_options, &option_index)) != EOF) { + while((r = getopt_long(argc, argv, "c:DLd::k::n:K::", long_options, &option_index)) != EOF) { switch (r) { case 0: /* long option */ break; case 'c': /* config file */ - confbase = xmalloc(strlen(optarg) + 1); - strcpy(confbase, optarg); + confbase = xstrdup(optarg); break; case 'D': /* no detach */ @@ -202,6 +203,10 @@ static void parse_options(int argc, char **argv, char **envp) logfilename = xstrdup(optarg); break; + case 'P': /* write PID to a file */ + pidfilename = xstrdup(optarg); + break; + case '?': usage(1); @@ -308,30 +313,25 @@ static int keygen(int bits) */ static void make_names(void) { - if(netname) { - if(!pidfilename) - asprintf(&pidfilename, LOCALSTATEDIR "/run/tinc.%s.pid", netname); - if(!logfilename) - asprintf(&logfilename, LOCALSTATEDIR "/log/tinc.%s.log", netname); + if(netname) + asprintf(&identname, "tinc.%s", netname); + else + identname = xstrdup("tinc"); + if(!pidfilename) + asprintf(&pidfilename, LOCALSTATEDIR "/run/%s.pid", identname); + + if(!logfilename) + asprintf(&logfilename, LOCALSTATEDIR "/log/%s.log", identname); + + if(netname) { if(!confbase) asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); else logger(LOG_INFO, _("Both netname and configuration directory given, using the latter...")); - - if(!identname) - asprintf(&identname, "tinc.%s", netname); } else { - if(!pidfilename) - pidfilename = LOCALSTATEDIR "/run/tinc.pid"; - if(!logfilename) - logfilename = LOCALSTATEDIR "/log/tinc.log"; - if(!confbase) asprintf(&confbase, "%s/tinc", CONFDIR); - - if(!identname) - identname = "tinc"; } } From eefa28059ab989c915a7d95fb4ae728abd7ce713 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 22 Jul 2003 20:55:21 +0000 Subject: [PATCH 778/923] Use bools and enums where appropriate. --- src/conf.c | 102 +++++++++++----------- src/conf.h | 23 ++--- src/connection.c | 6 +- src/connection.h | 16 ++-- src/cygwin/device.c | 32 +++---- src/darwin/device.c | 21 ++--- src/device.h | 10 ++- src/freebsd/device.c | 21 ++--- src/graph.c | 40 ++++----- src/linux/device.c | 36 ++++---- src/logger.c | 15 +++- src/logger.h | 12 +-- src/meta.c | 30 +++---- src/meta.h | 8 +- src/mingw/device.c | 32 +++---- src/net.c | 34 ++++---- src/net.h | 28 +++---- src/net_packet.c | 8 +- src/net_setup.c | 182 +++++++++++++++++++--------------------- src/net_socket.c | 14 ++-- src/netbsd/device.c | 21 ++--- src/netutl.c | 12 +-- src/netutl.h | 6 +- src/node.h | 4 +- src/openbsd/device.c | 25 +++--- src/process.c | 94 ++++++++++----------- src/process.h | 12 +-- src/protocol.c | 48 +++++------ src/protocol.h | 98 +++++++++++----------- src/protocol_auth.c | 102 +++++++++++----------- src/protocol_edge.c | 54 ++++++------ src/protocol_key.c | 62 +++++++------- src/protocol_misc.c | 54 ++++++------ src/protocol_subnet.c | 48 +++++------ src/raw_socket/device.c | 25 +++--- src/route.c | 14 ++-- src/route.h | 19 +++-- src/solaris/device.c | 33 ++++---- src/subnet.h | 8 +- src/tincd.c | 123 ++++++++++++++------------- 40 files changed, 767 insertions(+), 765 deletions(-) diff --git a/src/conf.c b/src/conf.c index f5211521..d34a087c 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.67 2003/07/18 14:10:27 guus Exp $ + $Id: conf.c,v 1.9.4.68 2003/07/22 20:55:19 guus Exp $ */ #include "system.h" @@ -141,109 +141,109 @@ config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg) return NULL; } -int get_config_bool(config_t *cfg, int *result) +bool get_config_bool(config_t *cfg, bool *result) { cp(); if(!cfg) - return 0; + return false; if(!strcasecmp(cfg->value, "yes")) { - *result = 1; - return 1; + *result = true; + return true; } else if(!strcasecmp(cfg->value, "no")) { - *result = 0; - return 1; + *result = false; + return true; } logger(LOG_ERR, _("\"yes\" or \"no\" expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); - return 0; + return false; } -int get_config_int(config_t *cfg, int *result) +bool get_config_int(config_t *cfg, int *result) { cp(); if(!cfg) - return 0; + return false; if(sscanf(cfg->value, "%d", result) == 1) - return 1; + return true; logger(LOG_ERR, _("Integer expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); - return 0; + return false; } -int get_config_string(config_t *cfg, char **result) +bool get_config_string(config_t *cfg, char **result) { cp(); if(!cfg) - return 0; + return false; *result = xstrdup(cfg->value); - return 1; + return true; } -int get_config_address(config_t *cfg, struct addrinfo **result) +bool get_config_address(config_t *cfg, struct addrinfo **result) { struct addrinfo *ai; cp(); if(!cfg) - return 0; + return false; ai = str2addrinfo(cfg->value, NULL, 0); if(ai) { *result = ai; - return 1; + return true; } logger(LOG_ERR, _("Hostname or IP address expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); - return 0; + return false; } -int get_config_subnet(config_t *cfg, subnet_t ** result) +bool get_config_subnet(config_t *cfg, subnet_t ** result) { subnet_t *subnet; cp(); if(!cfg) - return 0; + return false; subnet = str2net(cfg->value); if(!subnet) { logger(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); - return 0; + return false; } /* Teach newbies what subnets are... */ if(((subnet->type == SUBNET_IPV4) - && maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) + && !maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) || ((subnet->type == SUBNET_IPV6) - && maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) { + && !maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) { logger(LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); free(subnet); - return 0; + return false; } *result = subnet; - return 1; + return true; } /* @@ -325,7 +325,8 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) FILE *fp; char *buffer, *line; char *variable, *value; - int lineno = 0, ignore = 0; + int lineno = 0; + bool ignore = false; config_t *cfg; size_t bufsize; @@ -366,7 +367,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) continue; /* comment: ignore */ if(!strcmp(variable, "-----BEGIN")) - ignore = 1; + ignore = true; if(!ignore) { value = strtok(NULL, "\t\n\r ="); @@ -387,7 +388,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) } if(!strcmp(variable, "-----END")) - ignore = 0; + ignore = false; } free(buffer); @@ -396,7 +397,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) return err; } -int read_server_config() +bool read_server_config() { char *fname; int x; @@ -412,10 +413,10 @@ int read_server_config() free(fname); - return x; + return x == 0; } -int is_safe_path(const char *file) +bool is_safe_path(const char *file) { #if !(defined(HAVE_CYGWIN) || defined(HAVE_MINGW)) char *p; @@ -426,7 +427,7 @@ int is_safe_path(const char *file) if(*file != '/') { logger(LOG_ERR, _("`%s' is not an absolute path"), file); - return 0; + return false; } p = strrchr(file, '/'); @@ -442,13 +443,13 @@ int is_safe_path(const char *file) check1: if(lstat(f, &s) < 0) { logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); - return 0; + return false; } if(s.st_uid != geteuid()) { logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), f, s.st_uid, geteuid()); - return 0; + return false; } if(S_ISLNK(s.st_mode)) { @@ -457,7 +458,7 @@ check1: if(readlink(f, l, MAXBUFSIZE) < 0) { logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, strerror(errno)); - return 0; + return false; } f = l; @@ -470,16 +471,16 @@ check1: check2: if(lstat(f, &s) < 0 && errno != ENOENT) { logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); - return 0; + return false; } if(errno == ENOENT) - return 1; + return true; if(s.st_uid != geteuid()) { logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), f, s.st_uid, geteuid()); - return 0; + return false; } if(S_ISLNK(s.st_mode)) { @@ -488,7 +489,7 @@ check2: if(readlink(f, l, MAXBUFSIZE) < 0) { logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, strerror(errno)); - return 0; + return false; } f = l; @@ -498,15 +499,14 @@ check2: if(s.st_mode & 0007) { /* Accessible by others */ logger(LOG_ERR, _("`%s' has unsecure permissions"), f); - return 0; + return false; } #endif - return 1; + return true; } -FILE *ask_and_safe_open(const char *filename, const char *what, - const char *mode) +FILE *ask_and_safe_open(const char *filename, const char *what, bool safe, const char *mode) { FILE *r; char *directory; @@ -562,12 +562,14 @@ FILE *ask_and_safe_open(const char *filename, const char *what, } /* Then check the file for nasty attacks */ - if(!is_safe_path(fn)) { /* Do not permit any directories that are readable or writeable by other users. */ - fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" - "I will not create or overwrite this file.\n"), fn); - fclose(r); - free(fn); - return NULL; + if(safe) { + if(!is_safe_path(fn)) { /* Do not permit any directories that are readable or writeable by other users. */ + fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" + "I will not create or overwrite this file.\n"), fn); + fclose(r); + free(fn); + return NULL; + } } free(fn); diff --git a/src/conf.h b/src/conf.h index 32bb9091..b4064cd1 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,14 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.39 2003/07/17 15:06:26 guus Exp $ + $Id: conf.h,v 1.6.4.40 2003/07/22 20:55:19 guus Exp $ */ #ifndef __TINC_CONF_H__ #define __TINC_CONF_H__ #include "avl_tree.h" -#include "subnet.h" typedef struct config_t { char *variable; @@ -33,11 +32,13 @@ typedef struct config_t { int line; } config_t; +#include "subnet.h" + extern avl_tree_t *config_tree; extern int pingtimeout; extern int maxtimeout; -extern int bypass_security; +extern bool bypass_security; extern char *confbase; extern char *netname; @@ -48,15 +49,15 @@ extern void free_config(config_t *); extern void config_add(avl_tree_t *, config_t *); extern config_t *lookup_config(avl_tree_t *, char *); extern config_t *lookup_config_next(avl_tree_t *, config_t *); -extern int get_config_bool(config_t *, int *); -extern int get_config_int(config_t *, int *); -extern int get_config_string(config_t *, char **); -extern int get_config_address(config_t *, struct addrinfo **); -extern int get_config_subnet(config_t *, struct subnet_t **); +extern bool get_config_bool(config_t *, bool *); +extern bool get_config_int(config_t *, int *); +extern bool get_config_string(config_t *, char **); +extern bool get_config_address(config_t *, struct addrinfo **); +extern bool get_config_subnet(config_t *, struct subnet_t **); extern int read_config_file(avl_tree_t *, const char *); -extern int read_server_config(void); -extern FILE *ask_and_safe_open(const char *, const char *, const char *); -extern int is_safe_path(const char *); +extern bool read_server_config(void); +extern FILE *ask_and_safe_open(const char *, const char *, bool, const char *); +extern bool is_safe_path(const char *); #endif /* __TINC_CONF_H__ */ diff --git a/src/connection.c b/src/connection.c index 9890f51f..eba74ae4 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.40 2003/07/17 15:06:26 guus Exp $ + $Id: connection.c,v 1.1.2.41 2003/07/22 20:55:19 guus Exp $ */ #include "system.h" @@ -128,7 +128,7 @@ void dump_connections(void) logger(LOG_DEBUG, _("End of connections.")); } -int read_connection_config(connection_t *c) +bool read_connection_config(connection_t *c) { char *fname; int x; @@ -139,5 +139,5 @@ int read_connection_config(connection_t *c) x = read_config_file(c->config_tree, fname); free(fname); - return x; + return x == 0; } diff --git a/src/connection.h b/src/connection.h index 1b3ca367..0092f04e 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.34 2003/07/17 15:06:26 guus Exp $ + $Id: connection.h,v 1.1.2.35 2003/07/22 20:55:19 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -27,11 +27,6 @@ #include #include "avl_tree.h" -#include "conf.h" -#include "edge.h" -#include "list.h" -#include "net.h" -#include "node.h" #define OPTION_INDIRECT 0x0001 #define OPTION_TCPONLY 0x0002 @@ -49,10 +44,15 @@ typedef struct connection_status_t { int unused:18; } connection_status_t; +#include "edge.h" +#include "list.h" +#include "net.h" +#include "node.h" + typedef struct connection_t { char *name; /* name he claims to have */ - sockaddr_t address; /* his real (internet) ip */ + union sockaddr_t address; /* his real (internet) ip */ char *hostname; /* the hostname of its real ip */ int protocol_version; /* used protocol */ @@ -105,6 +105,6 @@ extern void free_connection(connection_t *); extern void connection_add(connection_t *); extern void connection_del(connection_t *); extern void dump_connections(void); -extern int read_connection_config(connection_t *); +extern bool read_connection_config(connection_t *); #endif /* __TINC_CONNECTION_H__ */ diff --git a/src/cygwin/device.c b/src/cygwin/device.c index 4e73e4c4..49bbbea3 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.9 2003/07/18 13:41:35 guus Exp $ + $Id: device.c,v 1.1.2.10 2003/07/22 20:55:20 guus Exp $ */ #include "system.h" @@ -84,7 +84,7 @@ HANDLE handle; pid_t reader_pid; int sp[2]; -int setup_device(void) +bool setup_device(void) { HKEY key, key2, adapterkey; int i; @@ -108,7 +108,7 @@ int setup_device(void) if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, (OSTYPE > 4 ? NETCARD_REG_KEY_2000 : NETCARD_REG_KEY), 0, KEY_READ, &key)) { logger(LOG_ERR, _("Unable to read registry")); - return -1; + return false; } for (i = 0; ; i++) { @@ -120,7 +120,7 @@ int setup_device(void) if(RegOpenKeyEx (key, adapterid, 0, KEY_READ, &adapterkey)) { logger(LOG_ERR, _("Unable to read registry")); - return -1; + return false; } len = sizeof(productname); @@ -146,7 +146,7 @@ skip: if(!found) { logger(LOG_ERR, _("No CIPE adapters found!")); - return -1; + return false; } /* Get adapter name */ @@ -166,14 +166,14 @@ skip: if(socketpair(AF_UNIX, SOCK_DGRAM, PF_UNIX, sp)) { logger(LOG_DEBUG, _("System call `%s' failed: %s"), "socketpair", strerror(errno)); - return -1; + return false; } reader_pid = fork(); if(reader_pid == -1) { logger(LOG_DEBUG, _("System call `%s' failed: %s"), "fork", strerror(errno)); - return -1; + return false; } if(!reader_pid) { @@ -213,7 +213,7 @@ skip: if(handle == INVALID_HANDLE_VALUE) { logger(LOG_ERR, _("Could not open CIPE tap device for writing!")); - return -1; + return false; } device_fd = sp[0]; @@ -228,7 +228,7 @@ skip: read(device_fd, &gelukt, 1); if(gelukt != 1) { logger(LOG_DEBUG, "Tap reader failed!"); - return -1; + return false; } if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) @@ -238,7 +238,7 @@ skip: logger(LOG_INFO, _("%s is a %s"), device, device_info); - return 0; + return false; } void close_device(void) @@ -252,7 +252,7 @@ void close_device(void) kill(reader_pid, SIGKILL); } -int read_packet(vpn_packet_t *packet) +bool read_packet(vpn_packet_t *packet) { int lenin; @@ -261,7 +261,7 @@ int read_packet(vpn_packet_t *packet) if((lenin = read(sp[0], packet->data, MTU)) <= 0) { logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } packet->len = lenin; @@ -271,10 +271,10 @@ int read_packet(vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - return 0; + return true; } -int write_packet(vpn_packet_t *packet) +bool write_packet(vpn_packet_t *packet) { int lenout; @@ -285,12 +285,12 @@ int write_packet(vpn_packet_t *packet) if(!WriteFile (handle, packet->data, packet->len, &lenout, NULL)) { logger(LOG_ERR, "Error while writing to %s %s", device_info, device); - return -1; + return false; } device_total_out += packet->len; - return 0; + return true; } void dump_device_stats(void) diff --git a/src/darwin/device.c b/src/darwin/device.c index ef6c7777..00381a5f 100644 --- a/src/darwin/device.c +++ b/src/darwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.9 2003/07/18 13:41:36 guus Exp $ + $Id: device.c,v 1.1.2.10 2003/07/22 20:55:21 guus Exp $ */ #include "system.h" @@ -30,14 +30,13 @@ #define DEFAULT_DEVICE "/dev/tun0" int device_fd = -1; -int device_type; char *device; char *iface; char *device_info; int device_total_in = 0; int device_total_out = 0; -int setup_device(void) +bool setup_device(void) { cp(); @@ -49,14 +48,14 @@ int setup_device(void) if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); - return -1; + return false; } device_info = _("MacOS/X tun device"); logger(LOG_INFO, _("%s is a %s"), device, device_info); - return 0; + return true; } void close_device(void) @@ -66,7 +65,7 @@ void close_device(void) close(device_fd); } -int read_packet(vpn_packet_t *packet) +bool read_packet(vpn_packet_t *packet) { int lenin; @@ -75,7 +74,7 @@ int read_packet(vpn_packet_t *packet) if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } packet->data[12] = 0x08; @@ -88,10 +87,10 @@ int read_packet(vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - return 0; + return true; } -int write_packet(vpn_packet_t *packet) +bool write_packet(vpn_packet_t *packet) { cp(); @@ -101,10 +100,12 @@ int write_packet(vpn_packet_t *packet) if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { logger(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } device_total_out += packet->len; + + return true; } void dump_device_stats(void) diff --git a/src/device.h b/src/device.h index 4dce250e..55a0c449 100644 --- a/src/device.h +++ b/src/device.h @@ -17,21 +17,23 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.h,v 1.1.2.10 2003/07/18 13:45:06 guus Exp $ + $Id: device.h,v 1.1.2.11 2003/07/22 20:55:19 guus Exp $ */ #ifndef __TINC_DEVICE_H__ #define __TINC_DEVICE_H__ +#include "net.h" + extern int device_fd; extern char *device; extern char *iface; -extern int setup_device(void); +extern bool setup_device(void); extern void close_device(void); -extern int read_packet(vpn_packet_t *); -extern int write_packet(vpn_packet_t *); +extern bool read_packet(struct vpn_packet_t *); +extern bool write_packet(struct vpn_packet_t *); extern void dump_device_stats(void); #endif /* __TINC_DEVICE_H__ */ diff --git a/src/freebsd/device.c b/src/freebsd/device.c index b85923b4..4ebdac2b 100644 --- a/src/freebsd/device.c +++ b/src/freebsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.12 2003/07/18 13:41:36 guus Exp $ + $Id: device.c,v 1.1.2.13 2003/07/22 20:55:21 guus Exp $ */ #include "system.h" @@ -30,14 +30,13 @@ #define DEFAULT_DEVICE "/dev/tap0" int device_fd = -1; -int device_type; char *device; char *iface; char *device_info; int device_total_in = 0; int device_total_out = 0; -int setup_device(void) +bool setup_device(void) { cp(); @@ -49,14 +48,14 @@ int setup_device(void) if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); - return -1; + return false; } device_info = _("FreeBSD tap device"); logger(LOG_INFO, _("%s is a %s"), device, device_info); - return 0; + return true; } void close_device(void) @@ -66,7 +65,7 @@ void close_device(void) close(device_fd); } -int read_packet(vpn_packet_t *packet) +bool read_packet(vpn_packet_t *packet) { int lenin; @@ -75,7 +74,7 @@ int read_packet(vpn_packet_t *packet) if((lenin = read(device_fd, packet->data, MTU)) <= 0) { logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } packet->len = lenin; @@ -85,10 +84,10 @@ int read_packet(vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - return 0; + return true; } -int write_packet(vpn_packet_t *packet) +bool write_packet(vpn_packet_t *packet) { cp(); @@ -98,10 +97,12 @@ int write_packet(vpn_packet_t *packet) if(write(device_fd, packet->data, packet->len) < 0) { logger(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } device_total_out += packet->len; + + return true; } void dump_device_stats(void) diff --git a/src/graph.c b/src/graph.c index 147586e5..e57ffe50 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.26 2003/07/18 13:45:06 guus Exp $ + $Id: graph.c,v 1.1.2.27 2003/07/22 20:55:19 guus Exp $ */ /* We need to generate two trees from the graph: @@ -69,7 +69,7 @@ void mst_kruskal(void) connection_t *c; int nodes = 0; int safe_edges = 0; - int skipped; + bool skipped; cp(); @@ -77,7 +77,7 @@ void mst_kruskal(void) for(node = connection_tree->head; node; node = node->next) { c = (connection_t *) node->data; - c->status.mst = 0; + c->status.mst = false; } /* Do we have something to do at all? */ @@ -91,33 +91,33 @@ void mst_kruskal(void) for(node = node_tree->head; node; node = node->next) { n = (node_t *) node->data; - n->status.visited = 0; + n->status.visited = false; nodes++; } /* Starting point */ - ((edge_t *) edge_weight_tree->head->data)->from->status.visited = 1; + ((edge_t *) edge_weight_tree->head->data)->from->status.visited = true; /* Add safe edges */ - for(skipped = 0, node = edge_weight_tree->head; node; node = next) { + for(skipped = false, node = edge_weight_tree->head; node; node = next) { next = node->next; e = (edge_t *) node->data; if(!e->reverse || e->from->status.visited == e->to->status.visited) { - skipped = 1; + skipped = true; continue; } - e->from->status.visited = 1; - e->to->status.visited = 1; + e->from->status.visited = true; + e->to->status.visited = true; if(e->connection) - e->connection->status.mst = 1; + e->connection->status.mst = true; if(e->reverse->connection) - e->reverse->connection->status.mst = 1; + e->reverse->connection->status.mst = true; safe_edges++; @@ -125,7 +125,7 @@ void mst_kruskal(void) e->to->name, e->weight); if(skipped) { - skipped = 0; + skipped = false; next = edge_weight_tree->head; continue; } @@ -145,7 +145,7 @@ void sssp_bfs(void) edge_t *e; node_t *n; avl_tree_t *todo_tree; - int indirect; + bool indirect; char *name; char *address, *port; char *envp[7]; @@ -159,14 +159,14 @@ void sssp_bfs(void) for(node = node_tree->head; node; node = node->next) { n = (node_t *) node->data; - n->status.visited = 0; - n->status.indirect = 1; + n->status.visited = false; + n->status.indirect = true; } /* Begin with myself */ - myself->status.visited = 1; - myself->status.indirect = 0; + myself->status.visited = true; + myself->status.indirect = false; myself->nexthop = myself; myself->via = myself; node = avl_alloc_node(); @@ -212,7 +212,7 @@ void sssp_bfs(void) && (!e->to->status.indirect || indirect)) continue; - e->to->status.visited = 1; + e->to->status.visited = true; e->to->status.indirect = indirect; e->to->nexthop = (n->nexthop == myself) ? e->to : n->nexthop; e->to->via = indirect ? n->via : e->to; @@ -257,8 +257,8 @@ void sssp_bfs(void) n->name, n->hostname); } - n->status.validkey = 0; - n->status.waitingforkey = 0; + n->status.validkey = false; + n->status.waitingforkey = false; asprintf(&envp[0], "NETNAME=%s", netname ? : ""); asprintf(&envp[1], "DEVICE=%s", device ? : ""); diff --git a/src/linux/device.c b/src/linux/device.c index caee2548..904c36cb 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.19 2003/07/18 13:41:36 guus Exp $ + $Id: device.c,v 1.1.2.20 2003/07/22 20:55:21 guus Exp $ */ #include "system.h" @@ -39,14 +39,14 @@ #include "route.h" #include "utils.h" -enum { +typedef enum device_type_t { DEVICE_TYPE_ETHERTAP, DEVICE_TYPE_TUN, DEVICE_TYPE_TAP, -}; +} device_type_t; int device_fd = -1; -int device_type; +device_type_t device_type; char *device; char *iface; char ifrname[IFNAMSIZ]; @@ -55,7 +55,7 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -int setup_device(void) +bool setup_device(void) { struct ifreq ifr; @@ -74,7 +74,7 @@ int setup_device(void) if(device_fd < 0) { logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); - return -1; + return false; } #ifdef HAVE_TUNTAP @@ -105,7 +105,7 @@ int setup_device(void) #endif { if(routing_mode == RMODE_ROUTER) - overwrite_mac = 1; + overwrite_mac = true; device_info = _("Linux ethertap device"); device_type = DEVICE_TYPE_ETHERTAP; iface = rindex(device, '/') ? rindex(device, '/') + 1 : device; @@ -113,7 +113,7 @@ int setup_device(void) logger(LOG_INFO, _("%s is a %s"), device, device_info); - return 0; + return true; } void close_device(void) @@ -123,7 +123,7 @@ void close_device(void) close(device_fd); } -int read_packet(vpn_packet_t *packet) +bool read_packet(vpn_packet_t *packet) { int lenin; @@ -136,7 +136,7 @@ int read_packet(vpn_packet_t *packet) if(lenin <= 0) { logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } packet->len = lenin + 10; @@ -147,7 +147,7 @@ int read_packet(vpn_packet_t *packet) if(lenin <= 0) { logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } packet->len = lenin; @@ -158,7 +158,7 @@ int read_packet(vpn_packet_t *packet) if(lenin <= 0) { logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } packet->len = lenin - 2; @@ -170,10 +170,10 @@ int read_packet(vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - return 0; + return true; } -int write_packet(vpn_packet_t *packet) +bool write_packet(vpn_packet_t *packet) { cp(); @@ -186,14 +186,14 @@ int write_packet(vpn_packet_t *packet) if(write(device_fd, packet->data + 10, packet->len - 10) < 0) { logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } break; case DEVICE_TYPE_TAP: if(write(device_fd, packet->data, packet->len) < 0) { logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } break; case DEVICE_TYPE_ETHERTAP: @@ -202,14 +202,14 @@ int write_packet(vpn_packet_t *packet) if(write(device_fd, packet->data - 2, packet->len + 2) < 0) { logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } break; } device_total_out += packet->len; - return 0; + return true; } void dump_device_stats(void) diff --git a/src/logger.c b/src/logger.c index b8ea0922..032349d1 100644 --- a/src/logger.c +++ b/src/logger.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: logger.c,v 1.1.2.4 2003/07/17 15:06:26 guus Exp $ + $Id: logger.c,v 1.1.2.5 2003/07/22 20:55:19 guus Exp $ */ #include "system.h" @@ -25,18 +25,20 @@ #include "conf.h" #include "logger.h" -int debug_level = DEBUG_NOTHING; -static int logmode = LOGMODE_STDERR; +debug_t debug_level = DEBUG_NOTHING; +static logmode_t logmode = LOGMODE_STDERR; static pid_t logpid; extern char *logfilename; static FILE *logfile = NULL; static const char *logident = NULL; -void openlogger(const char *ident, int mode) { +void openlogger(const char *ident, logmode_t mode) { logident = ident; logmode = mode; switch(mode) { + case LOGMODE_NULL: + break; case LOGMODE_STDERR: logpid = getpid(); break; @@ -58,6 +60,8 @@ void logger(int priority, const char *format, ...) { va_start(ap, format); switch(logmode) { + case LOGMODE_NULL: + break; case LOGMODE_STDERR: vfprintf(stderr, format, ap); fprintf(stderr, "\n"); @@ -85,6 +89,9 @@ void logger(int priority, const char *format, ...) { void closelogger(void) { switch(logmode) { + case LOGMODE_NULL: + case LOGMODE_STDERR: + break; case LOGMODE_FILE: fclose(logfile); break; diff --git a/src/logger.h b/src/logger.h index 615d0c3a..eb02fb87 100644 --- a/src/logger.h +++ b/src/logger.h @@ -1,6 +1,6 @@ #ifndef __TINC_LOGGER_H__ -enum { +typedef enum debug_t { DEBUG_NOTHING = 0, /* Quiet mode, only show starting/stopping of the daemon */ DEBUG_ALWAYS = 0, DEBUG_CONNECTIONS = 1, /* Show (dis)connects of other tinc daemons via TCP */ @@ -11,17 +11,17 @@ enum { DEBUG_TRAFFIC = 5, /* Show network traffic information */ DEBUG_PACKET = 6, /* Show contents of each packet that is being sent/received */ DEBUG_SCARY_THINGS = 10 /* You have been warned */ -}; +} debug_t; -enum { +typedef enum logmode_t { LOGMODE_NULL, LOGMODE_STDERR, LOGMODE_FILE, LOGMODE_SYSLOG -}; +} logmode_t; -extern int debug_level; -extern void openlogger(const char *, int); +extern debug_t debug_level; +extern void openlogger(const char *, logmode_t); extern void logger(int, const char *, ...) __attribute__ ((format(printf, 2, 3))); extern void closelogger(void); diff --git a/src/meta.c b/src/meta.c index 967477b5..e818b0b4 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.36 2003/07/17 15:06:26 guus Exp $ + $Id: meta.c,v 1.1.2.37 2003/07/22 20:55:19 guus Exp $ */ #include "system.h" @@ -32,7 +32,7 @@ #include "system.h" #include "utils.h" -int send_meta(connection_t *c, char *buffer, int length) +bool send_meta(connection_t *c, char *buffer, int length) { char *bufp; int outlen; @@ -58,13 +58,13 @@ int send_meta(connection_t *c, char *buffer, int length) continue; logger(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, c->hostname, strerror(errno)); - return -1; + return false; } bufp += result; length -= result; } - return 0; + return true; } void broadcast_meta(connection_t *from, char *buffer, int length) @@ -82,13 +82,13 @@ void broadcast_meta(connection_t *from, char *buffer, int length) } } -int receive_meta(connection_t *c) +bool receive_meta(connection_t *c) { int x; socklen_t l = sizeof(x); int oldlen, i; int lenin, reqlen; - int decrypted = 0; + bool decrypted = false; char inbuf[MAXBUFSIZE]; cp(); @@ -96,13 +96,13 @@ int receive_meta(connection_t *c) if(getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { logger(LOG_ERR, _("This is a bug: %s:%d: %d:%s %s (%s)"), __FILE__, __LINE__, c->socket, strerror(errno), c->name, c->hostname); - return -1; + return false; } if(x) { logger(LOG_ERR, _("Metadata socket error for %s (%s): %s"), c->name, c->hostname, strerror(x)); - return -1; + return false; } /* Strategy: @@ -121,12 +121,12 @@ int receive_meta(connection_t *c) ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection closed by %s (%s)"), c->name, c->hostname); } else if(errno == EINTR) - return 0; + return true; else logger(LOG_ERR, _("Metadata socket read error for %s (%s): %s"), c->name, c->hostname, strerror(errno)); - return -1; + return false; } oldlen = c->buflen; @@ -138,7 +138,7 @@ int receive_meta(connection_t *c) if(c->status.decryptin && !decrypted) { EVP_DecryptUpdate(c->inctx, inbuf, &lenin, c->buffer + oldlen, lenin); memcpy(c->buffer + oldlen, inbuf, lenin); - decrypted = 1; + decrypted = true; } /* Are we receiving a TCPpacket? */ @@ -172,8 +172,8 @@ int receive_meta(connection_t *c) if(reqlen) { c->reqlen = reqlen; - if(receive_request(c)) - return -1; + if(!receive_request(c)) + return false; c->buflen -= reqlen; lenin -= reqlen; @@ -188,10 +188,10 @@ int receive_meta(connection_t *c) if(c->buflen >= MAXBUFSIZE) { logger(LOG_ERR, _("Metadata read buffer overflow for %s (%s)"), c->name, c->hostname); - return -1; + return false; } c->last_ping_time = now; - return 0; + return true; } diff --git a/src/meta.h b/src/meta.h index 8177e13b..f882f146 100644 --- a/src/meta.h +++ b/src/meta.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.h,v 1.1.2.9 2003/07/12 17:41:45 guus Exp $ + $Id: meta.h,v 1.1.2.10 2003/07/22 20:55:19 guus Exp $ */ #ifndef __TINC_META_H__ @@ -25,8 +25,8 @@ #include "connection.h" -extern int send_meta(connection_t *, const char *, int); -extern int broadcast_meta(connection_t *, const char *, int); -extern int receive_meta(connection_t *); +extern bool send_meta(struct connection_t *, const char *, int); +extern bool broadcast_meta(struct connection_t *, const char *, int); +extern bool receive_meta(struct connection_t *); #endif /* __TINC_META_H__ */ diff --git a/src/mingw/device.c b/src/mingw/device.c index c2cdca84..d8aabcc4 100644 --- a/src/mingw/device.c +++ b/src/mingw/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.1 2003/07/21 15:51:00 guus Exp $ + $Id: device.c,v 1.1.2.2 2003/07/22 20:55:21 guus Exp $ */ #error "Device driver for MinGW environment not written yet!" @@ -85,7 +85,7 @@ HANDLE handle; pid_t reader_pid; int sp[2]; -int setup_device(void) +bool setup_device(void) { HKEY key, key2, adapterkey; int i; @@ -109,7 +109,7 @@ int setup_device(void) if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, (OSTYPE > 4 ? NETCARD_REG_KEY_2000 : NETCARD_REG_KEY), 0, KEY_READ, &key)) { logger(LOG_ERR, _("Unable to read registry")); - return -1; + return false; } for (i = 0; ; i++) { @@ -121,7 +121,7 @@ int setup_device(void) if(RegOpenKeyEx (key, adapterid, 0, KEY_READ, &adapterkey)) { logger(LOG_ERR, _("Unable to read registry")); - return -1; + return false; } len = sizeof(productname); @@ -147,7 +147,7 @@ skip: if(!found) { logger(LOG_ERR, _("No CIPE adapters found!")); - return -1; + return false; } /* Get adapter name */ @@ -167,14 +167,14 @@ skip: if(socketpair(AF_UNIX, SOCK_DGRAM, PF_UNIX, sp)) { logger(LOG_DEBUG, _("System call `%s' failed: %s"), "socketpair", strerror(errno)); - return -1; + return false; } reader_pid = fork(); if(reader_pid == -1) { logger(LOG_DEBUG, _("System call `%s' failed: %s"), "fork", strerror(errno)); - return -1; + return false; } if(!reader_pid) { @@ -214,7 +214,7 @@ skip: if(handle == INVALID_HANDLE_VALUE) { logger(LOG_ERR, _("Could not open CIPE tap device for writing!")); - return -1; + return false; } device_fd = sp[0]; @@ -229,7 +229,7 @@ skip: read(device_fd, &gelukt, 1); if(gelukt != 1) { logger(LOG_DEBUG, "Tap reader failed!"); - return -1; + return false; } if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) @@ -239,7 +239,7 @@ skip: logger(LOG_INFO, _("%s is a %s"), device, device_info); - return 0; + return true; } void close_device(void) @@ -253,7 +253,7 @@ void close_device(void) kill(reader_pid, SIGKILL); } -int read_packet(vpn_packet_t *packet) +bool read_packet(vpn_packet_t *packet) { int lenin; @@ -262,7 +262,7 @@ int read_packet(vpn_packet_t *packet) if((lenin = read(sp[0], packet->data, MTU)) <= 0) { logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } packet->len = lenin; @@ -272,10 +272,10 @@ int read_packet(vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - return 0; + return true; } -int write_packet(vpn_packet_t *packet) +bool write_packet(vpn_packet_t *packet) { int lenout; @@ -286,12 +286,12 @@ int write_packet(vpn_packet_t *packet) if(!WriteFile (handle, packet->data, packet->len, &lenout, NULL)) { logger(LOG_ERR, "Error while writing to %s %s", device_info, device); - return -1; + return false; } device_total_out += packet->len; - return 0; + return true; } void dump_device_stats(void) diff --git a/src/net.c b/src/net.c index d43aede4..475ea0c9 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.191 2003/07/17 15:06:26 guus Exp $ + $Id: net.c,v 1.35.4.192 2003/07/22 20:55:19 guus Exp $ */ #include "system.h" @@ -40,9 +40,7 @@ #include "route.h" #include "subnet.h" -int do_purge = 0; -int sighup = 0; -int sigalrm = 0; +bool do_purge = false; time_t now = 0; @@ -134,11 +132,11 @@ static int build_fdset(fd_set * fs) /* Terminate a connection: - Close the socket - - Remove associated edge and tell other connections about it if report = 1 + - Remove associated edge and tell other connections about it if report = true - Check if we need to retry making an outgoing connection - Deactivate the host */ -void terminate_connection(connection_t *c, int report) +void terminate_connection(connection_t *c, bool report) { cp(); @@ -148,8 +146,8 @@ void terminate_connection(connection_t *c, int report) ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Closing connection with %s (%s)"), c->name, c->hostname); - c->status.remove = 1; - c->status.active = 0; + c->status.remove = true; + c->status.active = false; if(c->node) c->node->connection = NULL; @@ -200,8 +198,8 @@ static void check_dead_connections(void) if(c->status.pinged) { ifdebug(CONNECTIONS) logger(LOG_INFO, _("%s (%s) didn't respond to PING"), c->name, c->hostname); - c->status.timeout = 1; - terminate_connection(c, 1); + c->status.timeout = true; + terminate_connection(c, true); } else { send_ping(c); } @@ -214,7 +212,7 @@ static void check_dead_connections(void) } ifdebug(CONNECTIONS) logger(LOG_WARNING, _("Timeout from %s (%s) during authentication"), c->name, c->hostname); - terminate_connection(c, 0); + terminate_connection(c, false); } } } @@ -235,7 +233,7 @@ static void check_network_activity(fd_set * f) cp(); if(FD_ISSET(device_fd, f)) { - if(!read_packet(&packet)) + if(read_packet(&packet)) route_outgoing(&packet); } @@ -247,7 +245,7 @@ static void check_network_activity(fd_set * f) if(FD_ISSET(c->socket, f)) { if(c->status.connecting) { - c->status.connecting = 0; + c->status.connecting = false; getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &result, &len); if(!result) @@ -262,7 +260,7 @@ static void check_network_activity(fd_set * f) } } - if(receive_meta(c) < 0) { + if(!receive_meta(c)) { terminate_connection(c, c->status.active); continue; } @@ -321,7 +319,7 @@ void main_loop(void) if(do_purge) { purge(); - do_purge = 0; + do_purge = false; } /* Let's check if everybody is still alive */ @@ -361,7 +359,7 @@ void main_loop(void) event->handler(event->data); event_del(event); } - sigalrm = 0; + sigalrm = false; } if(sighup) { @@ -370,14 +368,14 @@ void main_loop(void) char *fname; struct stat s; - sighup = 0; + sighup = false; /* Reread our own configuration file */ exit_configuration(&config_tree); init_configuration(&config_tree); - if(read_server_config()) { + if(!read_server_config()) { logger(LOG_ERR, _("Unable to reread configuration file, exitting.")); exit(1); } diff --git a/src/net.h b/src/net.h index 28dd4eaf..22d78b2b 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.65 2003/07/18 12:16:24 guus Exp $ + $Id: net.h,v 1.9.4.66 2003/07/22 20:55:20 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -54,7 +54,7 @@ typedef struct ipv6_t { typedef short length_t; -typedef union { +typedef union sockaddr_t { struct sockaddr sa; struct sockaddr_in in; struct sockaddr_in6 in6; @@ -87,6 +87,12 @@ typedef struct packet_queue_t { queue_element_t *tail; } packet_queue_t; +typedef struct listen_socket_t { + int tcp; + int udp; + sockaddr_t sa; +} listen_socket_t; + #include "conf.h" typedef struct outgoing_t { @@ -97,12 +103,6 @@ typedef struct outgoing_t { struct addrinfo *aip; } outgoing_t; -typedef struct listen_socket_t { - int tcp; - int udp; - sockaddr_t sa; -} listen_socket_t; - extern int maxtimeout; extern int seconds_till_retry; extern int addressfamily; @@ -111,8 +111,8 @@ extern listen_socket_t listen_socket[MAXSOCKETS]; extern int listen_sockets; extern int keyexpires; extern int keylifetime; -extern int do_prune; -extern int do_purge; +extern bool do_prune; +extern bool do_purge; extern char *myport; extern time_t now; extern EVP_CIPHER_CTX packet_ctx; @@ -125,19 +125,19 @@ extern void retry_outgoing(outgoing_t *); extern void handle_incoming_vpn_data(int); extern void finish_connecting(struct connection_t *); extern void do_outgoing_connection(struct connection_t *); -extern int handle_new_meta_connection(int); +extern bool handle_new_meta_connection(int); extern int setup_listen_socket(sockaddr_t *); extern int setup_vpn_in_socket(sockaddr_t *); extern void send_packet(struct node_t *, vpn_packet_t *); extern void receive_tcppacket(struct connection_t *, char *, int); extern void broadcast_packet(struct node_t *, vpn_packet_t *); -extern int setup_network_connections(void); +extern bool setup_network_connections(void); extern void setup_outgoing_connection(struct outgoing_t *); extern void try_outgoing_connections(void); extern void close_network_connections(void); extern void main_loop(void); -extern void terminate_connection(struct connection_t *, int); +extern void terminate_connection(struct connection_t *, bool); extern void flush_queue(struct node_t *); -extern int read_rsa_public_key(struct connection_t *); +extern bool read_rsa_public_key(struct connection_t *); #endif /* __TINC_NET_H__ */ diff --git a/src/net_packet.c b/src/net_packet.c index e858daa0..cac24ee6 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.34 2003/07/17 15:06:26 guus Exp $ + $Id: net_packet.c,v 1.1.2.35 2003/07/22 20:55:20 guus Exp $ */ #include "system.h" @@ -239,7 +239,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) if(!n->status.waitingforkey) send_req_key(n->nexthop->connection, myself, n); - n->status.waitingforkey = 1; + n->status.waitingforkey = true; return; } @@ -350,8 +350,8 @@ void send_packet(node_t *n, vpn_packet_t *packet) n->name, via->name, n->via->hostname); if((myself->options | via->options) & OPTION_TCPONLY) { - if(send_tcppacket(via->connection, packet)) - terminate_connection(via->connection, 1); + if(!send_tcppacket(via->connection, packet)) + terminate_connection(via->connection, true); } else send_udppacket(via, packet); } diff --git a/src/net_setup.c b/src/net_setup.c index b3c565ba..5a5564e9 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.36 2003/07/18 13:45:06 guus Exp $ + $Id: net_setup.c,v 1.1.2.37 2003/07/22 20:55:20 guus Exp $ */ #include "system.h" @@ -44,7 +44,7 @@ char *myport; -int read_rsa_public_key(connection_t *c) +bool read_rsa_public_key(connection_t *c) { FILE *fp; char *fname; @@ -63,56 +63,50 @@ int read_rsa_public_key(connection_t *c) BN_hex2bn(&c->rsa_key->n, key); BN_hex2bn(&c->rsa_key->e, "FFFF"); free(key); - return 0; + return true; } /* Else, check for PublicKeyFile statement and read it */ - if(get_config_string - (lookup_config(c->config_tree, "PublicKeyFile"), &fname)) { - if(is_safe_path(fname)) { - fp = fopen(fname, "r"); + if(get_config_string(lookup_config(c->config_tree, "PublicKeyFile"), &fname)) { + fp = fopen(fname, "r"); - if(!fp) { - logger(LOG_ERR, _("Error reading RSA public key file `%s': %s"), - fname, strerror(errno)); - free(fname); - return -1; - } - - free(fname); - c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); - fclose(fp); - - if(c->rsa_key) - return 0; /* Woohoo. */ - - /* If it fails, try PEM_read_RSA_PUBKEY. */ - fp = fopen(fname, "r"); - - if(!fp) { - logger(LOG_ERR, _("Error reading RSA public key file `%s': %s"), - fname, strerror(errno)); - free(fname); - return -1; - } - - free(fname); - c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); - fclose(fp); - - if(c->rsa_key) { -// RSA_blinding_on(c->rsa_key, NULL); - return 0; - } - - logger(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), + if(!fp) { + logger(LOG_ERR, _("Error reading RSA public key file `%s': %s"), fname, strerror(errno)); - return -1; - } else { free(fname); - return -1; + return false; } + + free(fname); + c->rsa_key = PEM_read_RSAPublicKey(fp, &c->rsa_key, NULL, NULL); + fclose(fp); + + if(c->rsa_key) + return true; /* Woohoo. */ + + /* If it fails, try PEM_read_RSA_PUBKEY. */ + fp = fopen(fname, "r"); + + if(!fp) { + logger(LOG_ERR, _("Error reading RSA public key file `%s': %s"), + fname, strerror(errno)); + free(fname); + return false; + } + + free(fname); + c->rsa_key = PEM_read_RSA_PUBKEY(fp, &c->rsa_key, NULL, NULL); + fclose(fp); + + if(c->rsa_key) { +// RSA_blinding_on(c->rsa_key, NULL); + return true; + } + + logger(LOG_ERR, _("Reading RSA public key file `%s' failed: %s"), + fname, strerror(errno)); + return false; } /* Else, check if a harnessed public key is in the config file */ @@ -128,7 +122,7 @@ int read_rsa_public_key(connection_t *c) free(fname); if(c->rsa_key) - return 0; + return true; /* Try again with PEM_read_RSA_PUBKEY. */ @@ -144,14 +138,14 @@ int read_rsa_public_key(connection_t *c) free(fname); if(c->rsa_key) - return 0; + return true; logger(LOG_ERR, _("No public key for %s specified!"), c->name); - return -1; + return false; } -int read_rsa_private_key(void) +bool read_rsa_private_key(void) { FILE *fp; char *fname, *key; @@ -164,7 +158,7 @@ int read_rsa_private_key(void) BN_hex2bn(&myself->connection->rsa_key->d, key); BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); free(key); - return 0; + return true; } if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) @@ -177,7 +171,7 @@ int read_rsa_private_key(void) logger(LOG_ERR, _("Error reading RSA private key file `%s': %s"), fname, strerror(errno)); free(fname); - return -1; + return false; } free(fname); @@ -188,27 +182,28 @@ int read_rsa_private_key(void) if(!myself->connection->rsa_key) { logger(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), fname, strerror(errno)); - return -1; + return false; } - return 0; + return true; } free(fname); - return -1; + return false; } /* Configure node_t myself and set up the local sockets (listen only) */ -int setup_myself(void) +bool setup_myself(void) { config_t *cfg; subnet_t *subnet; char *name, *hostname, *mode, *afname, *cipher, *digest; char *address = NULL; struct addrinfo hint, *ai, *aip; - int choice, err; + bool choice; + int err; cp(); @@ -224,28 +219,28 @@ int setup_myself(void) if(!get_config_string(lookup_config(config_tree, "Name"), &name)) { /* Not acceptable */ logger(LOG_ERR, _("Name for tinc daemon required!")); - return -1; + return false; } - if(check_id(name)) { + if(!check_id(name)) { logger(LOG_ERR, _("Invalid name for myself!")); free(name); - return -1; + return false; } myself->name = name; myself->connection->name = xstrdup(name); - if(read_rsa_private_key()) - return -1; + if(!read_rsa_private_key()) + return false; - if(read_connection_config(myself->connection)) { + if(!read_connection_config(myself->connection)) { logger(LOG_ERR, _("Cannot open host configuration file for myself!")); - return -1; + return false; } - if(read_rsa_public_key(myself->connection)) - return -1; + if(!read_rsa_public_key(myself->connection)) + return false; if(!get_config_string (lookup_config(myself->connection->config_tree, "Port"), &myport)) @@ -257,7 +252,7 @@ int setup_myself(void) while(cfg) { if(!get_config_subnet(cfg, &subnet)) - return -1; + return false; subnet_add(myself, subnet); @@ -274,14 +269,11 @@ int setup_myself(void) if(choice) myself->options |= OPTION_TCPONLY; - if(get_config_bool - (lookup_config(myself->connection->config_tree, "IndirectData"), - &choice)) + if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice)) if(choice) myself->options |= OPTION_INDIRECT; - if(get_config_bool - (lookup_config(myself->connection->config_tree, "TCPOnly"), &choice)) + if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice)) if(choice) myself->options |= OPTION_TCPONLY; @@ -297,14 +289,14 @@ int setup_myself(void) routing_mode = RMODE_HUB; else { logger(LOG_ERR, _("Invalid routing mode!")); - return -1; + return false; } free(mode); } else routing_mode = RMODE_ROUTER; - get_config_bool(lookup_config(config_tree, "PriorityInheritance"), - &priorityinheritance); + get_config_bool(lookup_config(config_tree, "PriorityInheritance"), &priorityinheritance); + #if !defined(SOL_IP) || !defined(IP_TOS) if(priorityinheritance) logger(LOG_WARNING, _("PriorityInheritance not supported on this platform")); @@ -313,12 +305,10 @@ int setup_myself(void) if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) macexpire = 600; - if(get_config_int - (lookup_config(myself->connection->config_tree, "MaxTimeout"), - &maxtimeout)) { + if(get_config_int(lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) { if(maxtimeout <= 0) { logger(LOG_ERR, _("Bogus maximum timeout!")); - return -1; + return false; } } else maxtimeout = 900; @@ -332,7 +322,7 @@ int setup_myself(void) addressfamily = AF_UNSPEC; else { logger(LOG_ERR, _("Invalid address family!")); - return -1; + return false; } free(afname); } @@ -350,7 +340,7 @@ int setup_myself(void) if(!myself->cipher) { logger(LOG_ERR, _("Unrecognized cipher type!")); - return -1; + return false; } } } else @@ -385,7 +375,7 @@ int setup_myself(void) if(!myself->digest) { logger(LOG_ERR, _("Unrecognized digest type!")); - return -1; + return false; } } } else @@ -399,10 +389,10 @@ int setup_myself(void) if(myself->digest) { if(myself->maclength > myself->digest->md_size) { logger(LOG_ERR, _("MAC length exceeds size of digest!")); - return -1; + return false; } else if(myself->maclength < 0) { logger(LOG_ERR, _("Bogus MAC length!")); - return -1; + return false; } } } else @@ -417,7 +407,7 @@ int setup_myself(void) &myself->compression)) { if(myself->compression < 0 || myself->compression > 11) { logger(LOG_ERR, _("Bogus compression level!")); - return -1; + return false; } } else myself->compression = 0; @@ -428,8 +418,8 @@ int setup_myself(void) myself->nexthop = myself; myself->via = myself; - myself->status.active = 1; - myself->status.reachable = 1; + myself->status.active = true; + myself->status.reachable = true; node_add(myself); graph(); @@ -450,7 +440,7 @@ int setup_myself(void) if(err || !ai) { logger(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(err)); - return -1; + return false; } listen_sockets = 0; @@ -484,16 +474,16 @@ int setup_myself(void) logger(LOG_NOTICE, _("Ready")); else { logger(LOG_ERR, _("Unable to create any listening socket!")); - return -1; + return false; } - return 0; + return true; } /* setup all initial network connections */ -int setup_network_connections(void) +bool setup_network_connections(void) { char *envp[5]; int i; @@ -516,11 +506,11 @@ int setup_network_connections(void) } else pingtimeout = 60; - if(setup_device() < 0) - return -1; + if(!setup_device()) + return false; - if(setup_myself() < 0) - return -1; + if(!setup_myself()) + return false; /* Run tinc-up script to further initialize the tap interface */ asprintf(&envp[0], "NETNAME=%s", netname ? : ""); @@ -536,7 +526,7 @@ int setup_network_connections(void) try_outgoing_connections(); - return 0; + return true; } /* @@ -557,11 +547,11 @@ void close_network_connections(void) if(c->outgoing) free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL; - terminate_connection(c, 0); + terminate_connection(c, false); } if(myself && myself->connection) - terminate_connection(myself->connection, 0); + terminate_connection(myself->connection, false); for(i = 0; i < listen_sockets; i++) { close(listen_socket[i].tcp); diff --git a/src/net_socket.c b/src/net_socket.c index 82875bba..98f5d1a2 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.29 2003/07/18 13:45:06 guus Exp $ + $Id: net_socket.c,v 1.1.2.30 2003/07/22 20:55:20 guus Exp $ */ #include "system.h" @@ -221,7 +221,7 @@ begin: if(!c->outgoing->cfg) { ifdebug(CONNECTIONS) logger(LOG_ERR, _("Could not set up a meta connection to %s"), c->name); - c->status.remove = 1; + c->status.remove = true; retry_outgoing(c->outgoing); return; } @@ -292,7 +292,7 @@ begin: if(result == -1) { if(errno == EINPROGRESS) { - c->status.connecting = 1; + c->status.connecting = true; return; } @@ -357,7 +357,7 @@ void setup_outgoing_connection(outgoing_t *outgoing) accept a new tcp connect and create a new connection */ -int handle_new_meta_connection(int sock) +bool handle_new_meta_connection(int sock) { connection_t *c; sockaddr_t sa; @@ -370,7 +370,7 @@ int handle_new_meta_connection(int sock) if(fd < 0) { logger(LOG_ERR, _("Accepting a new connection failed: %s"), strerror(errno)); - return -1; + return false; } sockaddrunmap(&sa); @@ -393,7 +393,7 @@ int handle_new_meta_connection(int sock) c->allow_request = ID; send_id(c); - return 0; + return true; } void try_outgoing_connections(void) @@ -408,7 +408,7 @@ void try_outgoing_connections(void) cfg = lookup_config_next(config_tree, cfg)) { get_config_string(cfg, &name); - if(check_id(name)) { + if(!check_id(name)) { logger(LOG_ERR, _("Invalid name for outgoing connection in %s line %d"), cfg->file, cfg->line); diff --git a/src/netbsd/device.c b/src/netbsd/device.c index 0064fdef..d0998339 100644 --- a/src/netbsd/device.c +++ b/src/netbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.11 2003/07/18 13:41:36 guus Exp $ + $Id: device.c,v 1.1.2.12 2003/07/22 20:55:21 guus Exp $ */ #include "system.h" @@ -33,7 +33,6 @@ #define DEVICE_TYPE_TUNTAP 1 int device_fd = -1; -int device_type; char *device; char *iface; char *device_info; @@ -41,7 +40,7 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -int setup_device(void) +bool setup_device(void) { cp(); @@ -52,14 +51,14 @@ int setup_device(void) iface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); - return -1; + return false; } device_info = _("NetBSD tun device"); logger(LOG_INFO, _("%s is a %s"), device, device_info); - return 0; + return true; } void close_device(void) @@ -69,7 +68,7 @@ void close_device(void) close(device_fd); } -int read_packet(vpn_packet_t *packet) +bool read_packet(vpn_packet_t *packet) { int lenin; @@ -78,7 +77,7 @@ int read_packet(vpn_packet_t *packet) if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } packet->data[12] = 0x08; @@ -92,10 +91,10 @@ int read_packet(vpn_packet_t *packet) device_info); } - return 0; + return true; } -int write_packet(vpn_packet_t *packet) +bool write_packet(vpn_packet_t *packet) { cp(); @@ -105,10 +104,12 @@ int write_packet(vpn_packet_t *packet) if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } device_total_out += packet->len; + + return true; } void dump_device_stats(void) diff --git a/src/netutl.c b/src/netutl.c index 6784833d..0d34d8d6 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.47 2003/07/17 15:06:26 guus Exp $ + $Id: netutl.c,v 1.12.4.48 2003/07/22 20:55:20 guus Exp $ */ #include "system.h" @@ -28,7 +28,7 @@ #include "utils.h" #include "xalloc.h" -int hostnames = 0; +bool hostnames = false; /* Turn a string into a struct addrinfo. @@ -244,7 +244,7 @@ void maskcpy(void *va, void *vb, int masklen, int len) a[i] = 0; } -int maskcheck(void *va, int masklen, int len) +bool maskcheck(void *va, int masklen, int len) { int i; char *a = va; @@ -255,11 +255,11 @@ int maskcheck(void *va, int masklen, int len) masklen %= 8; if(masklen && a[i++] & (0xff >> masklen)) - return -1; + return false; for(; i < len; i++) if(a[i] != 0) - return -2; + return false; - return 0; + return true; } diff --git a/src/netutl.h b/src/netutl.h index eb5aeebc..66a7c972 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.16 2003/07/17 15:06:26 guus Exp $ + $Id: netutl.h,v 1.2.4.17 2003/07/22 20:55:20 guus Exp $ */ #ifndef __TINC_NETUTL_H__ @@ -25,7 +25,7 @@ #include "net.h" -extern int hostnames; +extern bool hostnames; extern struct addrinfo *str2addrinfo(char *, char *, int); extern sockaddr_t str2sockaddr(char *, char *); @@ -36,6 +36,6 @@ extern void sockaddrunmap(sockaddr_t *); extern int maskcmp(void *, void *, int, int); extern void maskcpy(void *, void *, int, int); extern void mask(void *, int, int); -extern int maskcheck(void *, int, int); +extern bool maskcheck(void *, int, int); #endif /* __TINC_NETUTL_H__ */ diff --git a/src/node.h b/src/node.h index a4e439a7..3dd112e6 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.25 2003/07/17 15:06:26 guus Exp $ + $Id: node.h,v 1.1.2.26 2003/07/22 20:55:20 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -45,7 +45,7 @@ typedef struct node_t { sockaddr_t address; /* his real (internet) ip to send UDP packets to */ char *hostname; /* the hostname of its real ip */ - struct node_status_t status; + node_status_t status; const EVP_CIPHER *cipher; /* Cipher type for UDP packets */ char *key; /* Cipher key and iv */ diff --git a/src/openbsd/device.c b/src/openbsd/device.c index 9af2e3e3..e7670300 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.16 2003/07/18 13:41:36 guus Exp $ + $Id: device.c,v 1.1.2.17 2003/07/22 20:55:21 guus Exp $ */ #include "system.h" @@ -33,7 +33,6 @@ #define DEVICE_TYPE_TUNTAP 1 int device_fd = -1; -int device_type; char *device; char *iface; char *device_info; @@ -41,7 +40,7 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -int setup_device(void) +bool setup_device(void) { cp(); @@ -52,14 +51,14 @@ int setup_device(void) iface = rindex(device, '/') ? rindex(device, '/') + 1 : device; if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); - return -1; + return false; } device_info = _("OpenBSD tun device"); logger(LOG_INFO, _("%s is a %s"), device, device_info); - return 0; + return true; } void close_device(void) @@ -69,7 +68,7 @@ void close_device(void) close(device_fd); } -int read_packet(vpn_packet_t *packet) +bool read_packet(vpn_packet_t *packet) { int lenin; u_int32_t type; @@ -80,7 +79,7 @@ int read_packet(vpn_packet_t *packet) if((lenin = readv(device_fd, vector, 2)) <= 0) { logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } switch (ntohl(type)) { @@ -98,7 +97,7 @@ int read_packet(vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_ERR, _ ("Unknown address family %d while reading packet from %s %s"), ntohl(type), device_info, device); - return -1; + return false; } packet->len = lenin + 10; @@ -109,10 +108,10 @@ int read_packet(vpn_packet_t *packet) device_info); } - return 0; + return true; } -int write_packet(vpn_packet_t *packet) +bool write_packet(vpn_packet_t *packet) { u_int32_t type; struct iovec vector[2]; @@ -136,7 +135,7 @@ int write_packet(vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_ERR, _("Unknown address family %d while writing packet to %s %s"), af, device_info, device); - return -1; + return false; } vector[0].iov_base = &type; @@ -147,10 +146,12 @@ int write_packet(vpn_packet_t *packet) if(writev(device_fd, vector, 2) < 0) { logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } device_total_out += packet->len; + + return true; } void dump_device_stats(void) diff --git a/src/process.c b/src/process.c index 9a918158..218df760 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.56 2003/07/21 14:47:43 guus Exp $ + $Id: process.c,v 1.1.2.57 2003/07/22 20:55:20 guus Exp $ */ #include "system.h" @@ -35,21 +35,19 @@ #include "xalloc.h" /* If zero, don't detach from the terminal. */ -int do_detach = 1; +bool do_detach = true; +bool sighup = false; +bool sigalrm = false; extern char *identname; extern char *pidfilename; extern char **g_argv; -extern int use_logfile; +extern bool use_logfile; sigset_t emptysigset; static int saved_debug_level = -1; -extern int sighup; -extern int sigalrm; -extern int do_purge; - static void memory_full(int size) { logger(LOG_ERR, _("Memory exhausted (couldn't allocate %d bytes), exitting."), size); @@ -93,7 +91,7 @@ void cleanup_and_exit(int c) /* check for an existing tinc for this net, and write pid to pidfile */ -static int write_pidfile(void) +static bool write_pidfile(void) { int pid; @@ -107,20 +105,20 @@ static int write_pidfile(void) netname, pid); else fprintf(stderr, _("A tincd is already running with pid %d.\n"), pid); - return 1; + return false; } /* if it's locked, write-protected, or whatever */ if(!write_pid(pidfilename)) - return 1; + return false; - return 0; + return true; } /* kill older tincd for this net */ -int kill_other(int signal) +bool kill_other(int signal) { int pid; @@ -134,7 +132,7 @@ int kill_other(int signal) netname); else fprintf(stderr, _("No other tincd is running.\n")); - return 1; + return false; } errno = 0; /* No error, sometimes errno is only changed on error */ @@ -151,13 +149,13 @@ int kill_other(int signal) remove_pid(pidfilename); } - return 0; + return true; } /* Detach from current terminal, write pidfile, kill parent */ -int detach(void) +bool detach(void) { cp(); @@ -165,24 +163,24 @@ int detach(void) /* First check if we can open a fresh new pidfile */ - if(write_pidfile()) - return -1; + if(!write_pidfile()) + return false; /* If we succeeded in doing that, detach */ closelogger(); if(do_detach) { - if(daemon(0, 0) < 0) { + if(daemon(0, 0)) { fprintf(stderr, _("Couldn't detach from terminal: %s"), strerror(errno)); - return -1; + return false; } /* Now UPDATE the pid in the pidfile, because we changed it... */ if(!write_pid(pidfilename)) - return -1; + return false; } openlogger(identname, use_logfile?LOGMODE_FILE:(do_detach?LOGMODE_SYSLOG:LOGMODE_STDERR)); @@ -192,7 +190,7 @@ int detach(void) xalloc_fail_func = memory_full; - return 0; + return true; } /* @@ -230,7 +228,7 @@ static void _execute_script(const char *scriptname, char **envp) /* Fork and execute the program pointed to by name. */ -int execute_script(const char *name, char **envp) +bool execute_script(const char *name, char **envp) { pid_t pid; int status; @@ -244,14 +242,14 @@ int execute_script(const char *name, char **envp) /* First check if there is a script */ if(stat(scriptname, &s)) - return 0; + return true; pid = fork(); if(pid < 0) { logger(LOG_ERR, _("System call `%s' failed: %s"), "fork", strerror(errno)); - return -1; + return false; } if(pid) { @@ -264,26 +262,26 @@ int execute_script(const char *name, char **envp) if(WEXITSTATUS(status)) { logger(LOG_ERR, _("Process %d (%s) exited with non-zero status %d"), pid, name, WEXITSTATUS(status)); - return -1; + return false; } else - return 0; + return true; } else if(WIFSIGNALED(status)) { /* Child was killed by a signal */ logger(LOG_ERR, _("Process %d (%s) was killed by signal %d (%s)"), pid, name, WTERMSIG(status), strsignal(WTERMSIG(status))); - return -1; + return false; } else { /* Something strange happened */ logger(LOG_ERR, _("Process %d (%s) terminated abnormally"), pid, name); - return -1; + return false; } } else if (errno != EINTR) { logger(LOG_ERR, _("System call `%s' failed: %s"), "waitpid", strerror(errno)); - return -1; + return false; } /* Why do we get EINTR? */ - return 0; + return true; } /* Child here */ @@ -344,7 +342,7 @@ static RETSIGTYPE fatal_signal_handler(int a) static RETSIGTYPE sighup_handler(int a) { logger(LOG_NOTICE, _("Got HUP signal")); - sighup = 1; + sighup = true; } static RETSIGTYPE sigint_handler(int a) @@ -366,7 +364,7 @@ static RETSIGTYPE sigint_handler(int a) static RETSIGTYPE sigalrm_handler(int a) { logger(LOG_NOTICE, _("Got ALRM signal")); - sigalrm = 1; + sigalrm = true; } static RETSIGTYPE sigusr1_handler(int a) @@ -384,8 +382,7 @@ static RETSIGTYPE sigusr2_handler(int a) static RETSIGTYPE sigwinch_handler(int a) { - extern int do_purge; - do_purge = 1; + do_purge = true; } static RETSIGTYPE unexpected_signal_handler(int a) @@ -403,21 +400,20 @@ static struct { int signal; void (*handler)(int); } sighandlers[] = { - { - SIGHUP, sighup_handler}, { - SIGTERM, sigterm_handler}, { - SIGQUIT, sigquit_handler}, { - SIGSEGV, fatal_signal_handler}, { - SIGBUS, fatal_signal_handler}, { - SIGILL, fatal_signal_handler}, { - SIGPIPE, ignore_signal_handler}, { - SIGINT, sigint_handler}, { - SIGUSR1, sigusr1_handler}, { - SIGUSR2, sigusr2_handler}, { - SIGCHLD, ignore_signal_handler}, { - SIGALRM, sigalrm_handler}, { - SIGWINCH, sigwinch_handler}, { - 0, NULL} + {SIGHUP, sighup_handler}, + {SIGTERM, sigterm_handler}, + {SIGQUIT, sigquit_handler}, + {SIGSEGV, fatal_signal_handler}, + {SIGBUS, fatal_signal_handler}, + {SIGILL, fatal_signal_handler}, + {SIGPIPE, ignore_signal_handler}, + {SIGINT, sigint_handler}, + {SIGUSR1, sigusr1_handler}, + {SIGUSR2, sigusr2_handler}, + {SIGCHLD, ignore_signal_handler}, + {SIGALRM, sigalrm_handler}, + {SIGWINCH, sigwinch_handler}, + {0, NULL} }; void setup_signals(void) diff --git a/src/process.h b/src/process.h index cb5f7c7c..9b0b123f 100644 --- a/src/process.h +++ b/src/process.h @@ -17,18 +17,20 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.16 2003/07/17 15:06:26 guus Exp $ + $Id: process.h,v 1.1.2.17 2003/07/22 20:55:20 guus Exp $ */ #ifndef __TINC_PROCESS_H__ #define __TINC_PROCESS_H__ -extern int do_detach; +extern bool do_detach; +extern bool sighup; +extern bool sigalrm; extern void setup_signals(void); -extern int execute_script(const char *, char **); -extern int detach(void); -extern int kill_other(int); +extern bool execute_script(const char *, char **); +extern bool detach(void); +extern bool kill_other(int); extern void cleanup_and_exit(int) __attribute__ ((noreturn)); #endif /* __TINC_PROCESS_H__ */ diff --git a/src/protocol.c b/src/protocol.c index 47cc9487..ad7c57d7 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.141 2003/07/17 15:06:26 guus Exp $ + $Id: protocol.c,v 1.28.4.142 2003/07/22 20:55:20 guus Exp $ */ #include "system.h" @@ -32,7 +32,7 @@ /* Jumptable for the request handlers */ -static int (*request_handlers[])(connection_t *) = { +static bool (*request_handlers[])(connection_t *) = { id_h, metakey_h, challenge_h, chal_reply_h, ack_h, status_h, error_h, termreq_h, ping_h, pong_h, @@ -53,21 +53,21 @@ static char (*request_name[]) = { static avl_tree_t *past_request_tree; -int check_id(char *id) +bool check_id(char *id) { int i; for(i = 0; i < strlen(id); i++) if(!isalnum(id[i]) && id[i] != '_') - return -1; + return false; - return 0; + return true; } /* Generic request routines - takes care of logging and error detection as well */ -int send_request(connection_t *c, const char *format, ...) +bool send_request(connection_t *c, const char *format, ...) { va_list args; char buffer[MAXBUFSIZE]; @@ -86,7 +86,7 @@ int send_request(connection_t *c, const char *format, ...) if(len < 0 || len > MAXBUFSIZE - 1) { logger(LOG_ERR, _("Output buffer overflow while sending request to %s (%s)"), c->name, c->hostname); - return -1; + return false; } ifdebug(PROTOCOL) { @@ -101,16 +101,16 @@ int send_request(connection_t *c, const char *format, ...) buffer[len++] = '\n'; - if(c == broadcast) - return broadcast_meta(NULL, buffer, len); - else + if(c == broadcast) { + broadcast_meta(NULL, buffer, len); + return true; + } else return send_meta(c, buffer, len); } -int forward_request(connection_t *from) +void forward_request(connection_t *from) { int request; - cp(); cp(); @@ -127,10 +127,10 @@ int forward_request(connection_t *from) from->buffer[from->reqlen - 1] = '\n'; - return broadcast_meta(from, from->buffer, from->reqlen); + broadcast_meta(from, from->buffer, from->reqlen); } -int receive_request(connection_t *c) +bool receive_request(connection_t *c) { int request; @@ -145,7 +145,7 @@ int receive_request(connection_t *c) logger(LOG_ERR, _("Unknown request from %s (%s)"), c->name, c->hostname); - return -1; + return false; } else { ifdebug(PROTOCOL) { ifdebug(META) @@ -161,23 +161,23 @@ int receive_request(connection_t *c) if((c->allow_request != ALL) && (c->allow_request != request)) { logger(LOG_ERR, _("Unauthorized request from %s (%s)"), c->name, c->hostname); - return -1; + return false; } - if(request_handlers[request] (c)) + if(!request_handlers[request](c)) { /* Something went wrong. Probably scriptkiddies. Terminate. */ - { + logger(LOG_ERR, _("Error while processing %s from %s (%s)"), request_name[request], c->name, c->hostname); - return -1; + return false; } } else { logger(LOG_ERR, _("Bogus data received from %s (%s)"), c->name, c->hostname); - return -1; + return false; } - return 0; + return true; } static int past_request_compare(past_request_t *a, past_request_t *b) @@ -209,7 +209,7 @@ void exit_requests(void) avl_delete_tree(past_request_tree); } -int seen_request(char *request) +bool seen_request(char *request) { past_request_t p, *new; @@ -219,13 +219,13 @@ int seen_request(char *request) if(avl_search(past_request_tree, &p)) { ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Already seen request")); - return 1; + return true; } else { new = (past_request_t *) xmalloc(sizeof(*new)); new->request = xstrdup(request); new->firstseen = now; avl_insert(past_request_tree, new); - return 0; + return false; } } diff --git a/src/protocol.h b/src/protocol.h index 6f01a76c..132a8e6e 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,17 +17,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.39 2003/07/17 15:06:26 guus Exp $ + $Id: protocol.h,v 1.5.4.40 2003/07/22 20:55:20 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ #define __TINC_PROTOCOL_H__ -#include "edge.h" -#include "net.h" -#include "node.h" -#include "subnet.h" - /* Protocol version. Different versions are incompatible, incompatible version have different protocols. */ @@ -36,7 +31,7 @@ /* Request numbers */ -enum { +typedef enum request_t { ALL = -1, /* Guardian for allow_request */ ID = 0, METAKEY, CHALLENGE, CHAL_REPLY, ACK, STATUS, ERROR, TERMREQ, @@ -46,7 +41,7 @@ enum { KEY_CHANGED, REQ_KEY, ANS_KEY, PACKET, LAST /* Guardian for the highest request number */ -}; +} request_t; typedef struct past_request_t { char *request; @@ -58,58 +53,63 @@ typedef struct past_request_t { #define MAX_STRING_SIZE 2048 #define MAX_STRING "%2048s" +#include "edge.h" +#include "net.h" +#include "node.h" +#include "subnet.h" + /* Basic functions */ -extern int send_request(connection_t *, const char *, ...) __attribute__ ((format(printf, 2, 3))); -extern int forward_request(connection_t *); -extern int receive_request(connection_t *); -extern int check_id(char *); +extern bool send_request(struct connection_t *, const char *, ...) __attribute__ ((format(printf, 2, 3))); +extern void forward_request(struct connection_t *); +extern bool receive_request(struct connection_t *); +extern bool check_id(char *); extern void init_requests(void); extern void exit_requests(void); -extern int seen_request(char *); +extern bool seen_request(char *); extern void age_past_requests(void); /* Requests */ -extern int send_id(connection_t *); -extern int send_metakey(connection_t *); -extern int send_challenge(connection_t *); -extern int send_chal_reply(connection_t *); -extern int send_ack(connection_t *); -extern int send_status(connection_t *, int, char *); -extern int send_error(connection_t *, int, char *); -extern int send_termreq(connection_t *); -extern int send_ping(connection_t *); -extern int send_pong(connection_t *); -extern int send_add_subnet(connection_t *, subnet_t *); -extern int send_del_subnet(connection_t *, subnet_t *); -extern int send_add_edge(connection_t *, edge_t *); -extern int send_del_edge(connection_t *, edge_t *); -extern int send_key_changed(connection_t *, node_t *); -extern int send_req_key(connection_t *, node_t *, node_t *); -extern int send_ans_key(connection_t *, node_t *, node_t *); -extern int send_tcppacket(connection_t *, vpn_packet_t *); +extern bool send_id(struct connection_t *); +extern bool send_metakey(struct connection_t *); +extern bool send_challenge(struct connection_t *); +extern bool send_chal_reply(struct connection_t *); +extern bool send_ack(struct connection_t *); +extern bool send_status(struct connection_t *, int, char *); +extern bool send_error(struct connection_t *, int, char *); +extern bool send_termreq(struct connection_t *); +extern bool send_ping(struct connection_t *); +extern bool send_pong(struct connection_t *); +extern bool send_add_subnet(struct connection_t *, struct subnet_t *); +extern bool send_del_subnet(struct connection_t *, struct subnet_t *); +extern bool send_add_edge(struct connection_t *, struct edge_t *); +extern bool send_del_edge(struct connection_t *, struct edge_t *); +extern bool send_key_changed(struct connection_t *, struct node_t *); +extern bool send_req_key(struct connection_t *, struct node_t *, struct node_t *); +extern bool send_ans_key(struct connection_t *, struct node_t *, struct node_t *); +extern bool send_tcppacket(struct connection_t *, struct vpn_packet_t *); /* Request handlers */ -extern int id_h(connection_t *); -extern int metakey_h(connection_t *); -extern int challenge_h(connection_t *); -extern int chal_reply_h(connection_t *); -extern int ack_h(connection_t *); -extern int status_h(connection_t *); -extern int error_h(connection_t *); -extern int termreq_h(connection_t *); -extern int ping_h(connection_t *); -extern int pong_h(connection_t *); -extern int add_subnet_h(connection_t *); -extern int del_subnet_h(connection_t *); -extern int add_edge_h(connection_t *); -extern int del_edge_h(connection_t *); -extern int key_changed_h(connection_t *); -extern int req_key_h(connection_t *); -extern int ans_key_h(connection_t *); -extern int tcppacket_h(connection_t *); +extern bool id_h(struct connection_t *); +extern bool metakey_h(struct connection_t *); +extern bool challenge_h(struct connection_t *); +extern bool chal_reply_h(struct connection_t *); +extern bool ack_h(struct connection_t *); +extern bool status_h(struct connection_t *); +extern bool error_h(struct connection_t *); +extern bool termreq_h(struct connection_t *); +extern bool ping_h(struct connection_t *); +extern bool pong_h(struct connection_t *); +extern bool add_subnet_h(struct connection_t *); +extern bool del_subnet_h(struct connection_t *); +extern bool add_edge_h(struct connection_t *); +extern bool del_edge_h(struct connection_t *); +extern bool key_changed_h(struct connection_t *); +extern bool req_key_h(struct connection_t *); +extern bool ans_key_h(struct connection_t *); +extern bool tcppacket_h(struct connection_t *); #endif /* __TINC_PROTOCOL_H__ */ diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 88fba266..d2962e72 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.24 2003/07/17 15:06:26 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.25 2003/07/22 20:55:20 guus Exp $ */ #include "system.h" @@ -39,7 +39,7 @@ #include "utils.h" #include "xalloc.h" -int send_id(connection_t *c) +bool send_id(connection_t *c) { cp(); @@ -47,25 +47,25 @@ int send_id(connection_t *c) myself->connection->protocol_version); } -int id_h(connection_t *c) +bool id_h(connection_t *c) { char name[MAX_STRING_SIZE]; - int bla; + bool choice; cp(); if(sscanf(c->buffer, "%*d " MAX_STRING " %d", name, &c->protocol_version) != 2) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ID", c->name, c->hostname); - return -1; + return false; } /* Check if identity is a valid name */ - if(check_id(name)) { + if(!check_id(name)) { logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ID", c->name, c->hostname, "invalid name"); - return -1; + return false; } /* If we set c->name in advance, make sure we are connected to the right host */ @@ -74,7 +74,7 @@ int id_h(connection_t *c) if(strcmp(c->name, name)) { logger(LOG_ERR, _("Peer %s is %s instead of %s"), c->hostname, name, c->name); - return -1; + return false; } } else c->name = xstrdup(name); @@ -84,7 +84,7 @@ int id_h(connection_t *c) if(c->protocol_version != myself->connection->protocol_version) { logger(LOG_ERR, _("Peer %s (%s) uses incompatible version %d"), c->name, c->hostname, c->protocol_version); - return -1; + return false; } if(bypass_security) { @@ -97,25 +97,23 @@ int id_h(connection_t *c) if(!c->config_tree) { init_configuration(&c->config_tree); - bla = read_connection_config(c); - - if(bla) { + if(!read_connection_config(c)) { logger(LOG_ERR, _("Peer %s had unknown identity (%s)"), c->hostname, c->name); - return -1; + return false; } } - if(read_rsa_public_key(c)) { - return -1; + if(!read_rsa_public_key(c)) { + return false; } /* Check some options */ - if((get_config_bool(lookup_config(c->config_tree, "IndirectData"), &bla) && bla) || myself->options & OPTION_INDIRECT) + if((get_config_bool(lookup_config(c->config_tree, "IndirectData"), &choice) && choice) || myself->options & OPTION_INDIRECT) c->options |= OPTION_INDIRECT; - if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &bla) && bla) || myself->options & OPTION_TCPONLY) + if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &choice) && choice) || myself->options & OPTION_TCPONLY) c->options |= OPTION_TCPONLY | OPTION_INDIRECT; c->allow_request = METAKEY; @@ -123,10 +121,11 @@ int id_h(connection_t *c) return send_metakey(c); } -int send_metakey(connection_t *c) +bool send_metakey(connection_t *c) { char buffer[MAX_STRING_SIZE]; - int len, x; + int len; + bool x; cp(); @@ -173,7 +172,7 @@ int send_metakey(connection_t *c) if(RSA_public_encrypt(len, c->outkey, buffer, c->rsa_key, RSA_NO_PADDING) != len) { logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); - return -1; + return false; } /* Convert the encrypted random data to a hexadecimal formatted string */ @@ -196,13 +195,13 @@ int send_metakey(connection_t *c) c->outkey + len - c->outcipher->key_len - c->outcipher->iv_len); - c->status.encryptout = 1; + c->status.encryptout = true; } return x; } -int metakey_h(connection_t *c) +bool metakey_h(connection_t *c) { char buffer[MAX_STRING_SIZE]; int cipher, digest, maclength, compression; @@ -213,7 +212,7 @@ int metakey_h(connection_t *c) if(sscanf(c->buffer, "%*d %d %d %d %d " MAX_STRING, &cipher, &digest, &maclength, &compression, buffer) != 5) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "METAKEY", c->name, c->hostname); - return -1; + return false; } len = RSA_size(myself->connection->rsa_key); @@ -222,7 +221,7 @@ int metakey_h(connection_t *c) if(strlen(buffer) != len * 2) { logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong keylength"); - return -1; + return false; } /* Allocate buffers for the meta key */ @@ -242,7 +241,7 @@ int metakey_h(connection_t *c) if(RSA_private_decrypt(len, buffer, c->inkey, myself->connection->rsa_key, RSA_NO_PADDING) != len) { /* See challenge() */ logger(LOG_ERR, _("Error during encryption of meta key for %s (%s)"), c->name, c->hostname); - return -1; + return false; } ifdebug(SCARY_THINGS) { @@ -260,7 +259,7 @@ int metakey_h(connection_t *c) if(!c->incipher) { logger(LOG_ERR, _("%s (%s) uses unknown cipher!"), c->name, c->hostname); - return -1; + return false; } EVP_DecryptInit(c->inctx, c->incipher, @@ -268,7 +267,7 @@ int metakey_h(connection_t *c) c->inkey + len - c->incipher->key_len - c->incipher->iv_len); - c->status.decryptin = 1; + c->status.decryptin = true; } else { c->incipher = NULL; } @@ -280,12 +279,12 @@ int metakey_h(connection_t *c) if(!c->indigest) { logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), c->name, c->hostname); - return -1; + return false; } if(c->inmaclength > c->indigest->md_size || c->inmaclength < 0) { logger(LOG_ERR, _("%s (%s) uses bogus MAC length!"), c->name, c->hostname); - return -1; + return false; } } else { c->indigest = NULL; @@ -298,10 +297,10 @@ int metakey_h(connection_t *c) return send_challenge(c); } -int send_challenge(connection_t *c) +bool send_challenge(connection_t *c) { char buffer[MAX_STRING_SIZE]; - int len, x; + int len; cp(); @@ -325,12 +324,10 @@ int send_challenge(connection_t *c) /* Send the challenge */ - x = send_request(c, "%d %s", CHALLENGE, buffer); - - return x; + return send_request(c, "%d %s", CHALLENGE, buffer); } -int challenge_h(connection_t *c) +bool challenge_h(connection_t *c) { char buffer[MAX_STRING_SIZE]; int len; @@ -340,7 +337,7 @@ int challenge_h(connection_t *c) if(sscanf(c->buffer, "%*d " MAX_STRING, buffer) != 1) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "CHALLENGE", c->name, c->hostname); - return -1; + return false; } len = RSA_size(myself->connection->rsa_key); @@ -350,7 +347,7 @@ int challenge_h(connection_t *c) if(strlen(buffer) != len * 2) { logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, "wrong challenge length"); - return -1; + return false; } /* Allocate buffers for the challenge */ @@ -369,7 +366,7 @@ int challenge_h(connection_t *c) return send_chal_reply(c); } -int send_chal_reply(connection_t *c) +bool send_chal_reply(connection_t *c) { char hash[EVP_MAX_MD_SIZE * 2 + 1]; EVP_MD_CTX ctx; @@ -393,7 +390,7 @@ int send_chal_reply(connection_t *c) return send_request(c, "%d %s", CHAL_REPLY, hash); } -int chal_reply_h(connection_t *c) +bool chal_reply_h(connection_t *c) { char hishash[MAX_STRING_SIZE]; char myhash[EVP_MAX_MD_SIZE]; @@ -404,7 +401,7 @@ int chal_reply_h(connection_t *c) if(sscanf(c->buffer, "%*d " MAX_STRING, hishash) != 1) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "CHAL_REPLY", c->name, c->hostname); - return -1; + return false; } /* Check if the length of the hash is all right */ @@ -412,7 +409,7 @@ int chal_reply_h(connection_t *c) if(strlen(hishash) != c->outdigest->md_size * 2) { logger(LOG_ERR, _("Possible intruder %s (%s): %s"), c->name, c->hostname, _("wrong challenge reply length")); - return -1; + return false; } /* Convert the hash to binary format */ @@ -437,7 +434,7 @@ int chal_reply_h(connection_t *c) logger(LOG_DEBUG, _("Expected challenge reply: %s"), hishash); } - return -1; + return false; } /* Identity has now been positively verified. @@ -449,12 +446,11 @@ int chal_reply_h(connection_t *c) return send_ack(c); } -int send_ack(connection_t *c) +bool send_ack(connection_t *c) { /* ACK message contains rest of the information the other end needs to create node_t and edge_t structures. */ - int x; struct timeval now; cp(); @@ -462,13 +458,9 @@ int send_ack(connection_t *c) /* Estimate weight */ gettimeofday(&now, NULL); - c->estimated_weight = - (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - - c->start.tv_usec) / 1000; - x = send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, - c->options); + c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; - return x; + return send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options); } static void send_everything(connection_t *c) @@ -495,7 +487,7 @@ static void send_everything(connection_t *c) } } -int ack_h(connection_t *c) +bool ack_h(connection_t *c) { char hisport[MAX_STRING_SIZE]; char *hisaddress, *dummy; @@ -508,7 +500,7 @@ int ack_h(connection_t *c) if(sscanf(c->buffer, "%*d " MAX_STRING " %d %lx", hisport, &weight, &options) != 3) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ACK", c->name, c->hostname); - return -1; + return false; } /* Check if we already have a node_t for him */ @@ -524,7 +516,7 @@ int ack_h(connection_t *c) /* Oh dear, we already have a connection to this node. */ ifdebug(CONNECTIONS) logger(LOG_DEBUG, _("Established a second connection with %s (%s), closing old connection"), n->name, n->hostname); - terminate_connection(n->connection, 0); + terminate_connection(n->connection, false); /* Run graph algorithm to purge key and make sure up/down scripts are rerun with new IP addresses and stuff */ graph(); } @@ -537,7 +529,7 @@ int ack_h(connection_t *c) /* Activate this connection */ c->allow_request = ALL; - c->status.active = 1; + c->status.active = true; ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection with %s (%s) activated"), c->name, c->hostname); @@ -570,5 +562,5 @@ int ack_h(connection_t *c) graph(); - return 0; + return true; } diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 75b49950..e1e2ca01 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.18 2003/07/17 15:06:26 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.19 2003/07/22 20:55:20 guus Exp $ */ #include "system.h" @@ -36,9 +36,9 @@ #include "utils.h" #include "xalloc.h" -int send_add_edge(connection_t *c, edge_t *e) +bool send_add_edge(connection_t *c, edge_t *e) { - int x; + bool x; char *address, *port; cp(); @@ -54,7 +54,7 @@ int send_add_edge(connection_t *c, edge_t *e) return x; } -int add_edge_h(connection_t *c) +bool add_edge_h(connection_t *c) { edge_t *e; node_t *from, *to; @@ -72,25 +72,25 @@ int add_edge_h(connection_t *c) from_name, to_name, to_address, to_port, &options, &weight) != 6) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_EDGE", c->name, c->hostname); - return -1; + return false; } /* Check if names are valid */ - if(check_id(from_name)) { + if(!check_id(from_name)) { logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); - return -1; + return false; } - if(check_id(to_name)) { + if(!check_id(to_name)) { logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_EDGE", c->name, c->hostname, _("invalid name")); - return -1; + return false; } if(seen_request(c->buffer)) - return 0; + return true; /* Lookup nodes */ @@ -124,7 +124,7 @@ int add_edge_h(connection_t *c) ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); send_add_edge(c, e); - return 0; + return true; } else { ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) which does not match existing entry"), "ADD_EDGE", c->name, c->hostname); @@ -132,7 +132,7 @@ int add_edge_h(connection_t *c) graph(); } } else - return 0; + return true; } else if(from == myself) { ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself which does not exist"), "ADD_EDGE", c->name, c->hostname); @@ -141,7 +141,7 @@ int add_edge_h(connection_t *c) e->to = to; send_del_edge(c, e); free_edge(e); - return 0; + return true; } e = new_edge(); @@ -160,10 +160,10 @@ int add_edge_h(connection_t *c) graph(); - return 0; + return true; } -int send_del_edge(connection_t *c, edge_t *e) +bool send_del_edge(connection_t *c, edge_t *e) { cp(); @@ -171,7 +171,7 @@ int send_del_edge(connection_t *c, edge_t *e) e->from->name, e->to->name); } -int del_edge_h(connection_t *c) +bool del_edge_h(connection_t *c) { edge_t *e; char from_name[MAX_STRING_SIZE]; @@ -183,25 +183,25 @@ int del_edge_h(connection_t *c) if(sscanf(c->buffer, "%*d %*x "MAX_STRING" "MAX_STRING, from_name, to_name) != 2) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_EDGE", c->name, c->hostname); - return -1; + return false; } /* Check if names are valid */ - if(check_id(from_name)) { + if(!check_id(from_name)) { logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); - return -1; + return false; } - if(check_id(to_name)) { + if(!check_id(to_name)) { logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_EDGE", c->name, c->hostname, _("invalid name")); - return -1; + return false; } if(seen_request(c->buffer)) - return 0; + return true; /* Lookup nodes */ @@ -210,7 +210,7 @@ int del_edge_h(connection_t *c) if(!from) { ifdebug(PROTOCOL) logger(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); - return 0; + return true; } to = lookup_node(to_name); @@ -218,7 +218,7 @@ int del_edge_h(connection_t *c) if(!to) { ifdebug(PROTOCOL) logger(LOG_ERR, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); - return 0; + return true; } /* Check if edge exists */ @@ -228,14 +228,14 @@ int del_edge_h(connection_t *c) if(!e) { ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) which does not appear in the edge tree"), "DEL_EDGE", c->name, c->hostname); - return 0; + return true; } if(e->from == myself) { ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_EDGE", c->name, c->hostname); send_add_edge(c, e); /* Send back a correction */ - return 0; + return true; } /* Tell the rest about the deleted edge */ @@ -250,5 +250,5 @@ int del_edge_h(connection_t *c) graph(); - return 0; + return true; } diff --git a/src/protocol_key.c b/src/protocol_key.c index 832b2af0..3b5cd467 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.19 2003/07/17 15:06:26 guus Exp $ + $Id: protocol_key.c,v 1.1.4.20 2003/07/22 20:55:20 guus Exp $ */ #include "system.h" @@ -32,9 +32,9 @@ #include "utils.h" #include "xalloc.h" -int mykeyused = 0; +bool mykeyused = false; -int send_key_changed(connection_t *c, node_t *n) +bool send_key_changed(connection_t *c, node_t *n) { cp(); @@ -43,12 +43,12 @@ int send_key_changed(connection_t *c, node_t *n) */ if(n == myself && !mykeyused) - return 0; + return true; return send_request(c, "%d %lx %s", KEY_CHANGED, random(), n->name); } -int key_changed_h(connection_t *c) +bool key_changed_h(connection_t *c) { char name[MAX_STRING_SIZE]; node_t *n; @@ -58,38 +58,38 @@ int key_changed_h(connection_t *c) if(sscanf(c->buffer, "%*d %*x " MAX_STRING, name) != 1) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "KEY_CHANGED", c->name, c->hostname); - return -1; + return false; } if(seen_request(c->buffer)) - return 0; + return true; n = lookup_node(name); if(!n) { logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist"), "KEY_CHANGED", c->name, c->hostname, name); - return -1; + return false; } - n->status.validkey = 0; - n->status.waitingforkey = 0; + n->status.validkey = false; + n->status.waitingforkey = false; /* Tell the others */ forward_request(c); - return 0; + return true; } -int send_req_key(connection_t *c, node_t *from, node_t *to) +bool send_req_key(connection_t *c, node_t *from, node_t *to) { cp(); return send_request(c, "%d %s %s", REQ_KEY, from->name, to->name); } -int req_key_h(connection_t *c) +bool req_key_h(connection_t *c) { char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; @@ -100,7 +100,7 @@ int req_key_h(connection_t *c) if(sscanf(c->buffer, "%*d " MAX_STRING " " MAX_STRING, from_name, to_name) != 2) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "REQ_KEY", c->name, c->hostname); - return -1; + return false; } from = lookup_node(from_name); @@ -108,7 +108,7 @@ int req_key_h(connection_t *c) if(!from) { logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "REQ_KEY", c->name, c->hostname, from_name); - return -1; + return false; } to = lookup_node(to_name); @@ -116,13 +116,13 @@ int req_key_h(connection_t *c) if(!to) { logger(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "REQ_KEY", c->name, c->hostname, to_name); - return -1; + return false; } /* Check if this key request is for us */ if(to == myself) { /* Yes, send our own key back */ - mykeyused = 1; + mykeyused = true; from->received_seqno = 0; memset(from->late, 0, sizeof(from->late)); send_ans_key(c, myself, from); @@ -130,10 +130,10 @@ int req_key_h(connection_t *c) send_req_key(to->nexthop->connection, from, to); } - return 0; + return true; } -int send_ans_key(connection_t *c, node_t *from, node_t *to) +bool send_ans_key(connection_t *c, node_t *from, node_t *to) { char key[MAX_STRING_SIZE]; @@ -149,7 +149,7 @@ int send_ans_key(connection_t *c, node_t *from, node_t *to) from->compression); } -int ans_key_h(connection_t *c) +bool ans_key_h(connection_t *c) { char from_name[MAX_STRING_SIZE]; char to_name[MAX_STRING_SIZE]; @@ -164,7 +164,7 @@ int ans_key_h(connection_t *c) &compression) != 7) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ANS_KEY", c->name, c->hostname); - return -1; + return false; } from = lookup_node(from_name); @@ -172,7 +172,7 @@ int ans_key_h(connection_t *c) if(!from) { logger(LOG_ERR, _("Got %s from %s (%s) origin %s which does not exist in our connection list"), "ANS_KEY", c->name, c->hostname, from_name); - return -1; + return false; } to = lookup_node(to_name); @@ -180,7 +180,7 @@ int ans_key_h(connection_t *c) if(!to) { logger(LOG_ERR, _("Got %s from %s (%s) destination %s which does not exist in our connection list"), "ANS_KEY", c->name, c->hostname, to_name); - return -1; + return false; } /* Forward it if necessary */ @@ -199,8 +199,8 @@ int ans_key_h(connection_t *c) hex2bin(from->key, from->key, from->keylength); from->key[from->keylength] = '\0'; - from->status.validkey = 1; - from->status.waitingforkey = 0; + from->status.validkey = true; + from->status.waitingforkey = false; from->sent_seqno = 0; /* Check and lookup cipher and digest algorithms */ @@ -211,13 +211,13 @@ int ans_key_h(connection_t *c) if(!from->cipher) { logger(LOG_ERR, _("Node %s (%s) uses unknown cipher!"), from->name, from->hostname); - return -1; + return false; } if(from->keylength != from->cipher->key_len + from->cipher->iv_len) { logger(LOG_ERR, _("Node %s (%s) uses wrong keylength!"), from->name, from->hostname); - return -1; + return false; } } else { from->cipher = NULL; @@ -231,13 +231,13 @@ int ans_key_h(connection_t *c) if(!from->digest) { logger(LOG_ERR, _("Node %s (%s) uses unknown digest!"), from->name, from->hostname); - return -1; + return false; } if(from->maclength > from->digest->md_size || from->maclength < 0) { logger(LOG_ERR, _("Node %s (%s) uses bogus MAC length!"), from->name, from->hostname); - return -1; + return false; } } else { from->digest = NULL; @@ -245,7 +245,7 @@ int ans_key_h(connection_t *c) if(compression < 0 || compression > 11) { logger(LOG_ERR, _("Node %s (%s) uses bogus compression level!"), from->name, from->hostname); - return -1; + return false; } from->compression = compression; @@ -254,5 +254,5 @@ int ans_key_h(connection_t *c) flush_queue(from); - return 0; + return true; } diff --git a/src/protocol_misc.c b/src/protocol_misc.c index 934a1820..25a86abe 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_misc.c,v 1.1.4.11 2003/07/17 15:06:26 guus Exp $ + $Id: protocol_misc.c,v 1.1.4.12 2003/07/22 20:55:20 guus Exp $ */ #include "system.h" @@ -33,7 +33,7 @@ /* Status and error notification routines */ -int send_status(connection_t *c, int statusno, char *statusstring) +bool send_status(connection_t *c, int statusno, char *statusstring) { cp(); @@ -43,7 +43,7 @@ int send_status(connection_t *c, int statusno, char *statusstring) return send_request(c, "%d %d %s", STATUS, statusno, statusstring); } -int status_h(connection_t *c) +bool status_h(connection_t *c) { int statusno; char statusstring[MAX_STRING_SIZE]; @@ -53,16 +53,16 @@ int status_h(connection_t *c) if(sscanf(c->buffer, "%*d %d " MAX_STRING, &statusno, statusstring) != 2) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "STATUS", c->name, c->hostname); - return -1; + return false; } ifdebug(STATUS) logger(LOG_NOTICE, _("Status message from %s (%s): %d: %s"), c->name, c->hostname, statusno, statusstring); - return 0; + return true; } -int send_error(connection_t *c, int err, char *errstring) +bool send_error(connection_t *c, int err, char *errstring) { cp(); @@ -72,7 +72,7 @@ int send_error(connection_t *c, int err, char *errstring) return send_request(c, "%d %d %s", ERROR, err, errstring); } -int error_h(connection_t *c) +bool error_h(connection_t *c) { int err; char errorstring[MAX_STRING_SIZE]; @@ -82,7 +82,7 @@ int error_h(connection_t *c) if(sscanf(c->buffer, "%*d %d " MAX_STRING, &err, errorstring) != 2) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ERROR", c->name, c->hostname); - return -1; + return false; } ifdebug(ERROR) logger(LOG_NOTICE, _("Error message from %s (%s): %d: %s"), @@ -90,82 +90,78 @@ int error_h(connection_t *c) terminate_connection(c, c->status.active); - return 0; + return true; } -int send_termreq(connection_t *c) +bool send_termreq(connection_t *c) { cp(); return send_request(c, "%d", TERMREQ); } -int termreq_h(connection_t *c) +bool termreq_h(connection_t *c) { cp(); terminate_connection(c, c->status.active); - return 0; + return true; } -int send_ping(connection_t *c) +bool send_ping(connection_t *c) { cp(); - c->status.pinged = 1; + c->status.pinged = true; c->last_ping_time = now; return send_request(c, "%d", PING); } -int ping_h(connection_t *c) +bool ping_h(connection_t *c) { cp(); return send_pong(c); } -int send_pong(connection_t *c) +bool send_pong(connection_t *c) { cp(); return send_request(c, "%d", PONG); } -int pong_h(connection_t *c) +bool pong_h(connection_t *c) { cp(); - c->status.pinged = 0; + c->status.pinged = false; /* Succesful connection, reset timeout if this is an outgoing connection. */ if(c->outgoing) c->outgoing->timeout = 0; - return 0; + return true; } /* Sending and receiving packets via TCP */ -int send_tcppacket(connection_t *c, vpn_packet_t *packet) +bool send_tcppacket(connection_t *c, vpn_packet_t *packet) { - int x; - cp(); /* Evil hack. */ - x = send_request(c, "%d %hd", PACKET, packet->len); - - if(x) - return x; + if(!send_request(c, "%d %hd", PACKET, packet->len)) + return false; return send_meta(c, packet->data, packet->len); } -int tcppacket_h(connection_t *c) +bool tcppacket_h(connection_t *c) { short int len; @@ -174,12 +170,12 @@ int tcppacket_h(connection_t *c) if(sscanf(c->buffer, "%*d %hd", &len) != 1) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "PACKET", c->name, c->hostname); - return -1; + return false; } /* Set reqlen to len, this will tell receive_meta() that a tcppacket is coming. */ c->tcplen = len; - return 0; + return true; } diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index 79fbb417..48b5efef 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.13 2003/07/21 14:47:43 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.14 2003/07/22 20:55:20 guus Exp $ */ #include "system.h" @@ -33,9 +33,9 @@ #include "utils.h" #include "xalloc.h" -int send_add_subnet(connection_t *c, subnet_t *subnet) +bool send_add_subnet(connection_t *c, subnet_t *subnet) { - int x; + bool x; char *netstr; cp(); @@ -48,7 +48,7 @@ int send_add_subnet(connection_t *c, subnet_t *subnet) return x; } -int add_subnet_h(connection_t *c) +bool add_subnet_h(connection_t *c) { char subnetstr[MAX_STRING_SIZE]; char name[MAX_STRING_SIZE]; @@ -60,15 +60,15 @@ int add_subnet_h(connection_t *c) if(sscanf(c->buffer, "%*d %*x " MAX_STRING " " MAX_STRING, name, subnetstr) != 2) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "ADD_SUBNET", c->name, c->hostname); - return -1; + return false; } /* Check if owner name is a valid */ - if(check_id(name)) { + if(!check_id(name)) { logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid name")); - return -1; + return false; } /* Check if subnet string is valid */ @@ -78,11 +78,11 @@ int add_subnet_h(connection_t *c) if(!s) { logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid subnet string")); - return -1; + return false; } if(seen_request(c->buffer)) - return 0; + return true; /* Check if the owner of the new subnet is in the connection list */ @@ -98,7 +98,7 @@ int add_subnet_h(connection_t *c) if(lookup_subnet(owner, s)) { free_subnet(s); - return 0; + return true; } /* If we don't know this subnet, but we are the owner, retaliate with a DEL_SUBNET */ @@ -108,7 +108,7 @@ int add_subnet_h(connection_t *c) "ADD_SUBNET", c->name, c->hostname); s->owner = myself; send_del_subnet(c, s); - return 0; + return true; } /* If everything is correct, add the subnet to the list of the owner */ @@ -119,12 +119,12 @@ int add_subnet_h(connection_t *c) forward_request(c); - return 0; + return true; } -int send_del_subnet(connection_t *c, subnet_t *s) +bool send_del_subnet(connection_t *c, subnet_t *s) { - int x; + bool x; char *netstr; cp(); @@ -138,7 +138,7 @@ int send_del_subnet(connection_t *c, subnet_t *s) return x; } -int del_subnet_h(connection_t *c) +bool del_subnet_h(connection_t *c) { char subnetstr[MAX_STRING_SIZE]; char name[MAX_STRING_SIZE]; @@ -150,15 +150,15 @@ int del_subnet_h(connection_t *c) if(sscanf(c->buffer, "%*d %*x " MAX_STRING " " MAX_STRING, name, subnetstr) != 2) { logger(LOG_ERR, _("Got bad %s from %s (%s)"), "DEL_SUBNET", c->name, c->hostname); - return -1; + return false; } /* Check if owner name is a valid */ - if(check_id(name)) { + if(!check_id(name)) { logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid name")); - return -1; + return false; } /* Check if the owner of the new subnet is in the connection list */ @@ -168,7 +168,7 @@ int del_subnet_h(connection_t *c) if(!owner) { ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for %s which is not in our node tree"), "DEL_SUBNET", c->name, c->hostname, name); - return 0; + return true; } /* Check if subnet string is valid */ @@ -178,11 +178,11 @@ int del_subnet_h(connection_t *c) if(!s) { logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid subnet string")); - return -1; + return false; } if(seen_request(c->buffer)) - return 0; + return true; /* If everything is correct, delete the subnet from the list of the owner */ @@ -195,7 +195,7 @@ int del_subnet_h(connection_t *c) if(!find) { ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), "DEL_SUBNET", c->name, c->hostname, name); - return 0; + return true; } /* If we are the owner of this subnet, retaliate with an ADD_SUBNET */ @@ -204,7 +204,7 @@ int del_subnet_h(connection_t *c) ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "DEL_SUBNET", c->name, c->hostname); send_add_subnet(c, find); - return 0; + return true; } /* Tell the rest */ @@ -215,5 +215,5 @@ int del_subnet_h(connection_t *c) subnet_del(owner, find); - return 0; + return true; } diff --git a/src/raw_socket/device.c b/src/raw_socket/device.c index 6a94ce38..77e0540d 100644 --- a/src/raw_socket/device.c +++ b/src/raw_socket/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.7 2003/07/12 17:41:48 guus Exp $ + $Id: device.c,v 1.1.2.8 2003/07/22 20:55:21 guus Exp $ */ #include "config.h" @@ -43,7 +43,6 @@ #include "system.h" int device_fd = -1; -int device_type; char *device; char *interface; char ifrname[IFNAMSIZ]; @@ -52,7 +51,7 @@ char *device_info; int device_total_in = 0; int device_total_out = 0; -int setup_device(void) +bool setup_device(void) { struct ifreq ifr; struct sockaddr_ll sa; @@ -71,7 +70,7 @@ int setup_device(void) if((device_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < 0) { logger(LOG_ERR, _("Could not open %s: %s"), device_info, strerror(errno)); - return -1; + return false; } memset(&ifr, 0, sizeof(ifr)); @@ -80,7 +79,7 @@ int setup_device(void) close(device_fd); logger(LOG_ERR, _("Can't find interface %s: %s"), interface, strerror(errno)); - return -1; + return false; } memset(&sa, '0', sizeof(sa)); @@ -90,12 +89,12 @@ int setup_device(void) if(bind(device_fd, (struct sockaddr *) &sa, (socklen_t) sizeof(sa))) { logger(LOG_ERR, _("Could not bind to %s: %s"), device, strerror(errno)); - return -1; + return false; } logger(LOG_INFO, _("%s is a %s"), device, device_info); - return 0; + return true; } void close_device(void) @@ -105,7 +104,7 @@ void close_device(void) close(device_fd); } -int read_packet(vpn_packet_t *packet) +bool read_packet(vpn_packet_t *packet) { int lenin; @@ -114,7 +113,7 @@ int read_packet(vpn_packet_t *packet) if((lenin = read(device_fd, packet->data, MTU)) <= 0) { logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } packet->len = lenin; @@ -125,10 +124,10 @@ int read_packet(vpn_packet_t *packet) device_info); } - return 0; + return true; } -int write_packet(vpn_packet_t *packet) +bool write_packet(vpn_packet_t *packet) { cp(); @@ -138,12 +137,12 @@ int write_packet(vpn_packet_t *packet) if(write(device_fd, packet->data, packet->len) < 0) { logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } device_total_out += packet->len; - return 0; + return true; } void dump_device_stats(void) diff --git a/src/route.c b/src/route.c index 323edec2..7dd7635f 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.61 2003/07/18 12:21:03 guus Exp $ + $Id: route.c,v 1.1.2.62 2003/07/22 20:55:20 guus Exp $ */ #include "system.h" @@ -54,10 +54,10 @@ #include "subnet.h" #include "utils.h" -int routing_mode = RMODE_ROUTER; -int priorityinheritance = 0; +rmode_t routing_mode = RMODE_ROUTER; +bool priorityinheritance = false; int macexpire = 600; -int overwrite_mac = 0; +bool overwrite_mac = false; mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}}; /* RFC 1071 */ @@ -81,14 +81,14 @@ static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) return ~checksum; } -static int ratelimit(void) { +static bool ratelimit(void) { static time_t lasttime = 0; if(lasttime == now) - return 1; + return true; lasttime = now; - return 0; + return false; } static void learn_mac(mac_t *address) diff --git a/src/route.h b/src/route.h index 8daef5a4..6d1c034d 100644 --- a/src/route.h +++ b/src/route.h @@ -17,27 +17,30 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.h,v 1.1.2.12 2003/07/15 16:26:18 guus Exp $ + $Id: route.h,v 1.1.2.13 2003/07/22 20:55:20 guus Exp $ */ #ifndef __TINC_ROUTE_H__ #define __TINC_ROUTE_H__ -enum { +#include "net.h" +#include "node.h" + +typedef enum rmode_t { RMODE_HUB = 0, RMODE_SWITCH, RMODE_ROUTER, -}; +} rmode_t; -extern int routing_mode; -extern int overwrite_mac; -extern int priorityinheritance; +extern rmode_t routing_mode; +extern bool overwrite_mac; +extern bool priorityinheritance; extern int macexpire; extern mac_t mymac; extern void age_mac(void); -extern void route_incoming(node_t *, vpn_packet_t *); -extern void route_outgoing(vpn_packet_t *); +extern void route_incoming(struct node_t *, struct vpn_packet_t *); +extern void route_outgoing(struct vpn_packet_t *); #endif /* __TINC_ROUTE_H__ */ diff --git a/src/solaris/device.c b/src/solaris/device.c index 3cafa238..6b657273 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.15 2003/07/18 13:41:37 guus Exp $ + $Id: device.c,v 1.1.2.16 2003/07/22 20:55:21 guus Exp $ */ @@ -35,7 +35,6 @@ #define DEFAULT_DEVICE "/dev/tun" int device_fd = -1; -int device_type; char *device = NULL; char *iface = NULL; char ifrname[IFNAMSIZ]; @@ -44,7 +43,7 @@ char *device_info = NULL; int device_total_in = 0; int device_total_out = 0; -int setup_device(void) +bool setup_device(void) { int ip_fd = -1, if_fd = -1; int ppa; @@ -57,7 +56,7 @@ int setup_device(void) if((device_fd = open(device, O_RDWR | O_NONBLOCK)) < 0) { logger(LOG_ERR, _("Could not open %s: %s"), device, strerror(errno)); - return -1; + return false; } ppa = 0; @@ -69,35 +68,35 @@ int setup_device(void) if((ip_fd = open("/dev/ip", O_RDWR, 0)) < 0) { logger(LOG_ERR, _("Could not open /dev/ip: %s"), strerror(errno)); - return -1; + return false; } /* Assign a new PPA and get its unit number. */ if((ppa = ioctl(device_fd, TUNNEWPPA, ppa)) < 0) { logger(LOG_ERR, _("Can't assign new interface: %s"), strerror(errno)); - return -1; + return false; } if((if_fd = open(device, O_RDWR, 0)) < 0) { logger(LOG_ERR, _("Could not open %s twice: %s"), device, strerror(errno)); - return -1; + return false; } if(ioctl(if_fd, I_PUSH, "ip") < 0) { logger(LOG_ERR, _("Can't push IP module: %s"), strerror(errno)); - return -1; + return false; } /* Assign ppa according to the unit number returned by tun device */ if(ioctl(if_fd, IF_UNITSEL, (char *) &ppa) < 0) { logger(LOG_ERR, _("Can't set PPA %d: %s"), ppa, strerror(errno)); - return -1; + return false; } if(ioctl(ip_fd, I_LINK, if_fd) < 0) { logger(LOG_ERR, _("Can't link TUN device to IP: %s"), strerror(errno)); - return -1; + return false; } if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) @@ -107,7 +106,7 @@ int setup_device(void) logger(LOG_INFO, _("%s is a %s"), device, device_info); - return 0; + return true; } void close_device(void) @@ -117,7 +116,7 @@ void close_device(void) close(device_fd); } -int read_packet(vpn_packet_t *packet) +bool read_packet(vpn_packet_t *packet) { int lenin; @@ -126,7 +125,7 @@ int read_packet(vpn_packet_t *packet) if((lenin = read(device_fd, packet->data + 14, MTU - 14)) <= 0) { logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); - return -1; + return false; } packet->data[12] = 0x08; @@ -139,10 +138,10 @@ int read_packet(vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - return 0; + return true; } -int write_packet(vpn_packet_t *packet) +bool write_packet(vpn_packet_t *packet) { cp(); @@ -152,12 +151,12 @@ int write_packet(vpn_packet_t *packet) if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, packet->len, strerror(errno)); - return -1; + return false; } device_total_out += packet->len; - return 0; + return true; } void dump_device_stats(void) diff --git a/src/subnet.h b/src/subnet.h index a7acbae0..7cb0e9bb 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.21 2003/07/06 23:16:29 guus Exp $ + $Id: subnet.h,v 1.1.2.22 2003/07/22 20:55:20 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -25,12 +25,12 @@ #include "net.h" -enum { +typedef enum subnet_type_t { SUBNET_MAC = 0, SUBNET_IPV4, SUBNET_IPV6, SUBNET_TYPES /* Guardian */ -}; +} subnet_type_t; typedef struct subnet_mac_t { mac_t address; @@ -53,7 +53,7 @@ typedef struct subnet_t { struct node_t *owner; /* the owner of this subnet */ struct node_t *uplink; /* the uplink which we should send packets to for this subnet */ - int type; /* subnet type (IPv4? IPv6? MAC? something even weirder?) */ + subnet_type_t type; /* subnet type (IPv4? IPv6? MAC? something even weirder?) */ /* And now for the actual subnet: */ diff --git a/src/tincd.c b/src/tincd.c index e71c3211..b9f9f4f4 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.75 2003/07/22 12:58:34 guus Exp $ + $Id: tincd.c,v 1.10.4.76 2003/07/22 20:55:20 guus Exp $ */ #include "system.h" @@ -51,10 +51,10 @@ char *program_name = NULL; /* If nonzero, display usage information and exit. */ -int show_help = 0; +bool show_help = false; /* If nonzero, print the version on standard output and exit. */ -int show_version = 0; +bool show_version = false; /* If nonzero, it will attempt to kill a running tincd and exit. */ int kill_tincd = 0; @@ -63,40 +63,39 @@ int kill_tincd = 0; int generate_keys = 0; /* If nonzero, use null ciphers and skip all key exchanges. */ -int bypass_security = 0; +bool bypass_security = false; /* If nonzero, disable swapping for this process. */ -int do_mlock = 0; +bool do_mlock = false; /* If nonzero, write log entries to a separate file. */ -int use_logfile = 0; +bool use_logfile = false; char *identname = NULL; /* program name for syslog */ char *pidfilename = NULL; /* pid file location */ char *logfilename = NULL; /* log file location */ char **g_argv; /* a copy of the cmdline arguments */ -char **environment; /* A pointer to the environment on - startup */ +char **environment; /* A pointer to the environment on startup */ static struct option const long_options[] = { {"config", required_argument, NULL, 'c'}, {"kill", optional_argument, NULL, 'k'}, {"net", required_argument, NULL, 'n'}, - {"help", no_argument, &show_help, 1}, - {"version", no_argument, &show_version, 1}, - {"no-detach", no_argument, &do_detach, 0}, + {"help", no_argument, NULL, 1}, + {"version", no_argument, NULL, 2}, + {"no-detach", no_argument, NULL, 'D'}, {"generate-keys", optional_argument, NULL, 'K'}, {"debug", optional_argument, NULL, 'd'}, - {"bypass-security", no_argument, &bypass_security, 1}, - {"mlock", no_argument, &do_mlock, 1}, - {"logfile", optional_argument, NULL, 'F'}, - {"pidfile", required_argument, NULL, 'P'}, + {"bypass-security", no_argument, NULL, 3}, + {"mlock", no_argument, NULL, 'L'}, + {"logfile", optional_argument, NULL, 4}, + {"pidfile", required_argument, NULL, 5}, {NULL, 0, NULL, 0} }; -static void usage(int status) +static void usage(bool status) { - if(status != 0) + if(status) fprintf(stderr, _("Try `%s --help\' for more information.\n"), program_name); else { @@ -133,11 +132,11 @@ static void parse_options(int argc, char **argv, char **envp) break; case 'D': /* no detach */ - do_detach = 0; + do_detach = false; break; case 'L': /* no detach */ - do_mlock = 1; + do_mlock = true; break; case 'd': /* inc debug level */ @@ -171,7 +170,7 @@ static void parse_options(int argc, char **argv, char **envp) if(!kill_tincd) { fprintf(stderr, _("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), optarg); - usage(1); + usage(true); } } } else @@ -189,7 +188,7 @@ static void parse_options(int argc, char **argv, char **envp) if(generate_keys < 512) { fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"), optarg); - usage(1); + usage(true); } generate_keys &= ~7; /* Round it to bytes */ @@ -197,18 +196,30 @@ static void parse_options(int argc, char **argv, char **envp) generate_keys = 1024; break; - case 'F': /* write log entries to a file */ - use_logfile = 1; + case 1: /* show help */ + show_help = true; + break; + + case 2: /* show version */ + show_version = true; + break; + + case 3: /* bypass security */ + bypass_security = true; + break; + + case 4: /* write log entries to a file */ + use_logfile = true; if(optarg) logfilename = xstrdup(optarg); break; - case 'P': /* write PID to a file */ + case 5: /* write PID to a file */ pidfilename = xstrdup(optarg); break; case '?': - usage(1); + usage(true); default: break; @@ -257,7 +268,7 @@ static void indicator(int a, int b, void *p) Generate a public/private RSA keypair, and ask for a file to store them in. */ -static int keygen(int bits) +static bool keygen(int bits) { RSA *rsa_key; FILE *f; @@ -269,34 +280,15 @@ static int keygen(int bits) if(!rsa_key) { fprintf(stderr, _("Error during key generation!\n")); - return -1; + return false; } else fprintf(stderr, _("Done.\n")); - get_config_string(lookup_config(config_tree, "Name"), &name); - - if(name) - asprintf(&filename, "%s/hosts/%s", confbase, name); - else - asprintf(&filename, "%s/rsa_key.pub", confbase); - - f = ask_and_safe_open(filename, _("public RSA key"), "a"); - - if(!f) - return -1; - - if(ftell(f)) - fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); - - PEM_write_RSAPublicKey(f, rsa_key); - fclose(f); - free(filename); - asprintf(&filename, "%s/rsa_key.priv", confbase); - f = ask_and_safe_open(filename, _("private RSA key"), "a"); + f = ask_and_safe_open(filename, _("private RSA key"), true, "a"); if(!f) - return -1; + return false; if(ftell(f)) fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); @@ -305,7 +297,26 @@ static int keygen(int bits) fclose(f); free(filename); - return 0; + get_config_string(lookup_config(config_tree, "Name"), &name); + + if(name) + asprintf(&filename, "%s/hosts/%s", confbase, name); + else + asprintf(&filename, "%s/rsa_key.pub", confbase); + + f = ask_and_safe_open(filename, _("public RSA key"), false, "a"); + + if(!f) + return false; + + if(ftell(f)) + fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); + + PEM_write_RSAPublicKey(f, rsa_key); + fclose(f); + free(filename); + + return true; } /* @@ -360,10 +371,10 @@ int main(int argc, char **argv, char **envp) } if(show_help) - usage(0); + usage(false); if(kill_tincd) - exit(kill_other(kill_tincd)); + exit(!kill_other(kill_tincd)); openlogger("tinc", LOGMODE_STDERR); @@ -393,10 +404,10 @@ int main(int argc, char **argv, char **envp) if(generate_keys) { read_server_config(); - exit(keygen(generate_keys)); + exit(!keygen(generate_keys)); } - if(read_server_config()) + if(!read_server_config()) exit(1); if(lzo_init() != LZO_E_OK) { @@ -404,11 +415,11 @@ int main(int argc, char **argv, char **envp) exit(1); } - if(detach()) - exit(0); + if(!detach()) + exit(1); for(;;) { - if(!setup_network_connections()) { + if(setup_network_connections()) { main_loop(); cleanup_and_exit(1); } From 4aadb9500d9198f9c271deb048a2d36000bfae34 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 22 Jul 2003 21:13:23 +0000 Subject: [PATCH 779/923] Run setup_device() after parsing configuration but before claiming we're ready. --- src/net_setup.c | 46 ++++++++++++++++++++++------------------------ 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index 5a5564e9..e101d9de 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.37 2003/07/22 20:55:20 guus Exp $ + $Id: net_setup.c,v 1.1.2.38 2003/07/22 21:13:23 guus Exp $ */ #include "system.h" @@ -201,9 +201,10 @@ bool setup_myself(void) subnet_t *subnet; char *name, *hostname, *mode, *afname, *cipher, *digest; char *address = NULL; + char *envp[5]; struct addrinfo hint, *ai, *aip; bool choice; - int err; + int i, err; cp(); @@ -383,8 +384,7 @@ bool setup_myself(void) myself->connection->outdigest = EVP_sha1(); - if(get_config_int - (lookup_config(myself->connection->config_tree, "MACLength"), + if(get_config_int(lookup_config(myself->connection->config_tree, "MACLength"), &myself->maclength)) { if(myself->digest) { if(myself->maclength > myself->digest->md_size) { @@ -402,8 +402,7 @@ bool setup_myself(void) /* Compression */ - if(get_config_int - (lookup_config(myself->connection->config_tree, "Compression"), + if(get_config_int(lookup_config(myself->connection->config_tree, "Compression"), &myself->compression)) { if(myself->compression < 0 || myself->compression > 11) { logger(LOG_ERR, _("Bogus compression level!")); @@ -424,6 +423,23 @@ bool setup_myself(void) graph(); + /* Open device */ + + if(!setup_device()) + return false; + + /* Run tinc-up script to further initialize the tap interface */ + asprintf(&envp[0], "NETNAME=%s", netname ? : ""); + asprintf(&envp[1], "DEVICE=%s", device ? : ""); + asprintf(&envp[2], "INTERFACE=%s", iface ? : ""); + asprintf(&envp[3], "NAME=%s", myself->name); + envp[4] = NULL; + + execute_script("tinc-up", envp); + + for(i = 0; i < 5; i++) + free(envp[i]); + /* Open sockets */ memset(&hint, 0, sizeof(hint)); @@ -485,9 +501,6 @@ bool setup_myself(void) */ bool setup_network_connections(void) { - char *envp[5]; - int i; - cp(); now = time(NULL); @@ -506,24 +519,9 @@ bool setup_network_connections(void) } else pingtimeout = 60; - if(!setup_device()) - return false; - if(!setup_myself()) return false; - /* Run tinc-up script to further initialize the tap interface */ - asprintf(&envp[0], "NETNAME=%s", netname ? : ""); - asprintf(&envp[1], "DEVICE=%s", device ? : ""); - asprintf(&envp[2], "INTERFACE=%s", iface ? : ""); - asprintf(&envp[3], "NAME=%s", myself->name); - envp[4] = NULL; - - execute_script("tinc-up", envp); - - for(i = 0; i < 5; i++) - free(envp[i]); - try_outgoing_connections(); return true; From 5cb147135184e3748c6f5e6e6203d22ab9f904f8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 23 Jul 2003 22:17:31 +0000 Subject: [PATCH 780/923] Don't initialise a CIPHER_CTX if cipher == NULL. --- src/net.c | 5 +++-- src/net_setup.c | 8 +++++--- src/protocol_key.c | 5 +++-- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/net.c b/src/net.c index 475ea0c9..89c6efc3 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.192 2003/07/22 20:55:19 guus Exp $ + $Id: net.c,v 1.35.4.193 2003/07/23 22:17:31 guus Exp $ */ #include "system.h" @@ -339,7 +339,8 @@ void main_loop(void) ifdebug(STATUS) logger(LOG_INFO, _("Regenerating symmetric key")); RAND_pseudo_bytes(myself->key, myself->keylength); - EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); + if(myself->cipher) + EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); send_key_changed(broadcast, myself); keyexpires = now + keylifetime; } diff --git a/src/net_setup.c b/src/net_setup.c index e101d9de..6f7f70ad 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.38 2003/07/22 21:13:23 guus Exp $ + $Id: net_setup.c,v 1.1.2.39 2003/07/23 22:17:31 guus Exp $ */ #include "system.h" @@ -362,8 +362,10 @@ bool setup_myself(void) keyexpires = now + keylifetime; - EVP_CIPHER_CTX_init(&packet_ctx); - EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); + if(myself->cipher) { + EVP_CIPHER_CTX_init(&packet_ctx); + EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); + } /* Check if we want to use message authentication codes... */ diff --git a/src/protocol_key.c b/src/protocol_key.c index 3b5cd467..421e2a30 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.20 2003/07/22 20:55:20 guus Exp $ + $Id: protocol_key.c,v 1.1.4.21 2003/07/23 22:17:31 guus Exp $ */ #include "system.h" @@ -250,7 +250,8 @@ bool ans_key_h(connection_t *c) from->compression = compression; - EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len); + if(from->cipher) + EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len); flush_queue(from); From 83263b74460656ba557fd9bb84dc27258549e9cd Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 24 Jul 2003 12:08:16 +0000 Subject: [PATCH 781/923] Sprinkle around a lot of const and some C99 initialisers. --- lib/avl_tree.c | 12 ++++----- lib/avl_tree.h | 10 ++++---- src/conf.c | 18 ++++++------- src/conf.h | 16 ++++++------ src/connection.c | 4 +-- src/edge.c | 16 ++++++------ src/edge.h | 4 +-- src/event.c | 4 +-- src/net.h | 10 ++++---- src/net_packet.c | 6 ++--- src/net_socket.c | 6 ++--- src/netutl.c | 26 +++++++++---------- src/netutl.h | 18 ++++++------- src/node.c | 25 ++++++++++-------- src/node.h | 6 ++--- src/protocol.c | 21 ++++++++------- src/protocol.h | 24 +++++++++--------- src/protocol_edge.c | 6 ++--- src/protocol_key.c | 8 +++--- src/protocol_misc.c | 6 ++--- src/protocol_subnet.c | 6 ++--- src/subnet.c | 59 +++++++++++++++++++++++-------------------- src/subnet.h | 14 +++++----- 23 files changed, 166 insertions(+), 159 deletions(-) diff --git a/lib/avl_tree.c b/lib/avl_tree.c index 65df7b79..be35b969 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.16 2003/07/17 15:06:25 guus Exp $ + $Id: avl_tree.c,v 1.1.2.17 2003/07/24 12:08:14 guus Exp $ */ #include "system.h" @@ -90,7 +90,7 @@ static int lg(unsigned int u) /* Internal helper functions */ -static int avl_check_balance(avl_node_t *node) +static int avl_check_balance(const avl_node_t *node) { #ifdef AVL_DEPTH int d; @@ -666,7 +666,7 @@ void avl_delete_tree(avl_tree_t *tree) /* Tree walking */ -void avl_foreach(avl_tree_t *tree, avl_action_t action) +void avl_foreach(const avl_tree_t *tree, avl_action_t action) { avl_node_t *node, *next; @@ -676,7 +676,7 @@ void avl_foreach(avl_tree_t *tree, avl_action_t action) } } -void avl_foreach_node(avl_tree_t *tree, avl_action_t action) +void avl_foreach_node(const avl_tree_t *tree, avl_action_t action) { avl_node_t *node, *next; @@ -689,7 +689,7 @@ void avl_foreach_node(avl_tree_t *tree, avl_action_t action) /* Indexing */ #ifdef AVL_COUNT -unsigned int avl_count(avl_tree_t *tree) +unsigned int avl_count(const avl_tree_t *tree) { return AVL_NODE_COUNT(tree->root); } @@ -734,7 +734,7 @@ unsigned int avl_index(const avl_node_t *node) } #endif #ifdef AVL_DEPTH -unsigned int avl_depth(avl_tree_t *tree) +unsigned int avl_depth(const avl_tree_t *tree) { return AVL_NODE_DEPTH(tree->root); } diff --git a/lib/avl_tree.h b/lib/avl_tree.h index b026e1e7..8007a516 100644 --- a/lib/avl_tree.h +++ b/lib/avl_tree.h @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.h,v 1.1.2.9 2003/07/12 17:48:38 guus Exp $ + $Id: avl_tree.h,v 1.1.2.10 2003/07/24 12:08:15 guus Exp $ */ @@ -128,18 +128,18 @@ extern avl_node_t *avl_search_closest_greater_node(const avl_tree_t *, const voi /* Tree walking */ -extern void avl_foreach(avl_tree_t *, avl_action_t); -extern void avl_foreach_node(avl_tree_t *, avl_action_t); +extern void avl_foreach(const avl_tree_t *, avl_action_t); +extern void avl_foreach_node(const avl_tree_t *, avl_action_t); /* Indexing */ #ifdef AVL_COUNT -extern unsigned int avl_count(avl_tree_t *); +extern unsigned int avl_count(const avl_tree_t *); extern avl_node_t *avl_get_node(const avl_tree_t *, unsigned int); extern unsigned int avl_index(const avl_node_t *); #endif #ifdef AVL_DEPTH -extern unsigned int avl_depth(avl_tree_t *); +extern unsigned int avl_depth(const avl_tree_t *); #endif #endif /* __AVL_TREE_H__ */ diff --git a/src/conf.c b/src/conf.c index d34a087c..4a444433 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.68 2003/07/22 20:55:19 guus Exp $ + $Id: conf.c,v 1.9.4.69 2003/07/24 12:08:15 guus Exp $ */ #include "system.h" @@ -37,7 +37,7 @@ int pingtimeout = 0; /* seconds before timeout */ char *confbase = NULL; /* directory in which all config files are */ char *netname = NULL; /* name of the vpn network */ -static int config_compare(config_t *a, config_t *b) +static int config_compare(const config_t *a, const config_t *b) { int result; @@ -99,7 +99,7 @@ void config_add(avl_tree_t *config_tree, config_t *cfg) avl_insert(config_tree, cfg); } -config_t *lookup_config(avl_tree_t *config_tree, char *variable) +config_t *lookup_config(const avl_tree_t *config_tree, char *variable) { config_t cfg, *found; @@ -120,7 +120,7 @@ config_t *lookup_config(avl_tree_t *config_tree, char *variable) return found; } -config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg) +config_t *lookup_config_next(const avl_tree_t *config_tree, const config_t *cfg) { avl_node_t *node; config_t *found; @@ -141,7 +141,7 @@ config_t *lookup_config_next(avl_tree_t *config_tree, config_t *cfg) return NULL; } -bool get_config_bool(config_t *cfg, bool *result) +bool get_config_bool(const config_t *cfg, bool *result) { cp(); @@ -162,7 +162,7 @@ bool get_config_bool(config_t *cfg, bool *result) return false; } -bool get_config_int(config_t *cfg, int *result) +bool get_config_int(const config_t *cfg, int *result) { cp(); @@ -178,7 +178,7 @@ bool get_config_int(config_t *cfg, int *result) return false; } -bool get_config_string(config_t *cfg, char **result) +bool get_config_string(const config_t *cfg, char **result) { cp(); @@ -190,7 +190,7 @@ bool get_config_string(config_t *cfg, char **result) return true; } -bool get_config_address(config_t *cfg, struct addrinfo **result) +bool get_config_address(const config_t *cfg, struct addrinfo **result) { struct addrinfo *ai; @@ -212,7 +212,7 @@ bool get_config_address(config_t *cfg, struct addrinfo **result) return false; } -bool get_config_subnet(config_t *cfg, subnet_t ** result) +bool get_config_subnet(const config_t *cfg, subnet_t ** result) { subnet_t *subnet; diff --git a/src/conf.h b/src/conf.h index b4064cd1..8ceb111e 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.40 2003/07/22 20:55:19 guus Exp $ + $Id: conf.h,v 1.6.4.41 2003/07/24 12:08:15 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -47,13 +47,13 @@ extern void exit_configuration(avl_tree_t **); extern config_t *new_config(void) __attribute__ ((malloc)); extern void free_config(config_t *); extern void config_add(avl_tree_t *, config_t *); -extern config_t *lookup_config(avl_tree_t *, char *); -extern config_t *lookup_config_next(avl_tree_t *, config_t *); -extern bool get_config_bool(config_t *, bool *); -extern bool get_config_int(config_t *, int *); -extern bool get_config_string(config_t *, char **); -extern bool get_config_address(config_t *, struct addrinfo **); -extern bool get_config_subnet(config_t *, struct subnet_t **); +extern config_t *lookup_config(const avl_tree_t *, char *); +extern config_t *lookup_config_next(const avl_tree_t *, const config_t *); +extern bool get_config_bool(const config_t *, bool *); +extern bool get_config_int(const config_t *, int *); +extern bool get_config_string(const config_t *, char **); +extern bool get_config_address(const config_t *, struct addrinfo **); +extern bool get_config_subnet(const config_t *, struct subnet_t **); extern int read_config_file(avl_tree_t *, const char *); extern bool read_server_config(void); diff --git a/src/connection.c b/src/connection.c index eba74ae4..ccec2ed8 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.41 2003/07/22 20:55:19 guus Exp $ + $Id: connection.c,v 1.1.2.42 2003/07/24 12:08:15 guus Exp $ */ #include "system.h" @@ -35,7 +35,7 @@ avl_tree_t *connection_tree; /* Meta connections */ connection_t *broadcast; -static int connection_compare(connection_t *a, connection_t *b) +static int connection_compare(const connection_t *a, const connection_t *b) { return (void *)a - (void *)b; } diff --git a/src/edge.c b/src/edge.c index 48ead007..76bdc41b 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.22 2003/07/17 15:06:26 guus Exp $ + $Id: edge.c,v 1.1.2.23 2003/07/24 12:08:15 guus Exp $ */ #include "system.h" @@ -32,12 +32,12 @@ avl_tree_t *edge_weight_tree; /* Tree with all edges, sorted on weight */ -static int edge_compare(edge_t *a, edge_t *b) +static int edge_compare(const edge_t *a, const edge_t *b) { return strcmp(a->to->name, b->to->name); } -static int edge_weight_compare(edge_t *a, edge_t *b) +static int edge_weight_compare(const edge_t *a, const edge_t *b) { int result; @@ -123,15 +123,15 @@ void edge_del(edge_t *e) avl_delete(edge_weight_tree, e); } -edge_t *lookup_edge(node_t *from, node_t *to) +edge_t *lookup_edge(const node_t *from, const node_t *to) { - edge_t v; + edge_t v = { + .from = from, + .to = to + }; cp(); - v.from = from; - v.to = to; - return avl_search(from->edge_tree, &v); } diff --git a/src/edge.h b/src/edge.h index b841bc9b..0f723132 100644 --- a/src/edge.h +++ b/src/edge.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.14 2003/07/17 15:06:26 guus Exp $ + $Id: edge.h,v 1.1.2.15 2003/07/24 12:08:15 guus Exp $ */ #ifndef __TINC_EDGE_H__ @@ -50,7 +50,7 @@ extern avl_tree_t *new_edge_tree(void) __attribute__ ((malloc)); extern void free_edge_tree(avl_tree_t *); extern void edge_add(edge_t *); extern void edge_del(edge_t *); -extern edge_t *lookup_edge(struct node_t *, struct node_t *); +extern edge_t *lookup_edge(const struct node_t *, const struct node_t *); extern void dump_edges(void); #endif /* __TINC_EDGE_H__ */ diff --git a/src/event.c b/src/event.c index 4eae34d1..4e0f6a09 100644 --- a/src/event.c +++ b/src/event.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.c,v 1.1.4.9 2003/07/17 15:06:26 guus Exp $ + $Id: event.c,v 1.1.4.10 2003/07/24 12:08:15 guus Exp $ */ #include "system.h" @@ -32,7 +32,7 @@ extern time_t now; int id; -static int event_compare(event_t *a, event_t *b) +static int event_compare(const event_t *a, const event_t *b) { if(a->time > b->time) return 1; diff --git a/src/net.h b/src/net.h index 22d78b2b..8ab33615 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.66 2003/07/22 20:55:20 guus Exp $ + $Id: net.h,v 1.9.4.67 2003/07/24 12:08:15 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -126,11 +126,11 @@ extern void handle_incoming_vpn_data(int); extern void finish_connecting(struct connection_t *); extern void do_outgoing_connection(struct connection_t *); extern bool handle_new_meta_connection(int); -extern int setup_listen_socket(sockaddr_t *); -extern int setup_vpn_in_socket(sockaddr_t *); -extern void send_packet(struct node_t *, vpn_packet_t *); +extern int setup_listen_socket(const sockaddr_t *); +extern int setup_vpn_in_socket(const sockaddr_t *); +extern void send_packet(const struct node_t *, vpn_packet_t *); extern void receive_tcppacket(struct connection_t *, char *, int); -extern void broadcast_packet(struct node_t *, vpn_packet_t *); +extern void broadcast_packet(const struct node_t *, vpn_packet_t *); extern bool setup_network_connections(void); extern void setup_outgoing_connection(struct outgoing_t *); extern void try_outgoing_connections(void); diff --git a/src/net_packet.c b/src/net_packet.c index cac24ee6..ff57753f 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.35 2003/07/22 20:55:20 guus Exp $ + $Id: net_packet.c,v 1.1.2.36 2003/07/24 12:08:15 guus Exp $ */ #include "system.h" @@ -323,7 +323,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) /* send a packet to the given vpn ip. */ -void send_packet(node_t *n, vpn_packet_t *packet) +void send_packet(const node_t *n, vpn_packet_t *packet) { node_t *via; @@ -358,7 +358,7 @@ void send_packet(node_t *n, vpn_packet_t *packet) /* Broadcast a packet using the minimum spanning tree */ -void broadcast_packet(node_t *from, vpn_packet_t *packet) +void broadcast_packet(const node_t *from, vpn_packet_t *packet) { avl_node_t *node; connection_t *c; diff --git a/src/net_socket.c b/src/net_socket.c index 98f5d1a2..aa7d3d99 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.30 2003/07/22 20:55:20 guus Exp $ + $Id: net_socket.c,v 1.1.2.31 2003/07/24 12:08:15 guus Exp $ */ #include "system.h" @@ -43,7 +43,7 @@ int listen_sockets; /* Setup sockets */ -int setup_listen_socket(sockaddr_t *sa) +int setup_listen_socket(const sockaddr_t *sa) { int nfd, flags; char *addrstr; @@ -119,7 +119,7 @@ int setup_listen_socket(sockaddr_t *sa) return nfd; } -int setup_vpn_in_socket(sockaddr_t *sa) +int setup_vpn_in_socket(const sockaddr_t *sa) { int nfd, flags; char *addrstr; diff --git a/src/netutl.c b/src/netutl.c index 0d34d8d6..cd50792f 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.48 2003/07/22 20:55:20 guus Exp $ + $Id: netutl.c,v 1.12.4.49 2003/07/24 12:08:15 guus Exp $ */ #include "system.h" @@ -34,7 +34,7 @@ bool hostnames = false; Turn a string into a struct addrinfo. Return NULL on failure. */ -struct addrinfo *str2addrinfo(char *address, char *service, int socktype) +struct addrinfo *str2addrinfo(const char *address, const char *service, int socktype) { struct addrinfo hint, *ai; int err; @@ -57,7 +57,7 @@ struct addrinfo *str2addrinfo(char *address, char *service, int socktype) return ai; } -sockaddr_t str2sockaddr(char *address, char *port) +sockaddr_t str2sockaddr(const char *address, const char *port) { struct addrinfo hint, *ai; sockaddr_t result; @@ -87,7 +87,7 @@ sockaddr_t str2sockaddr(char *address, char *port) return result; } -void sockaddr2str(sockaddr_t *sa, char **addrstr, char **portstr) +void sockaddr2str(const sockaddr_t *sa, char **addrstr, char **portstr) { char address[NI_MAXHOST]; char port[NI_MAXSERV]; @@ -115,7 +115,7 @@ void sockaddr2str(sockaddr_t *sa, char **addrstr, char **portstr) *portstr = xstrdup(port); } -char *sockaddr2hostname(sockaddr_t *sa) +char *sockaddr2hostname(const sockaddr_t *sa) { char *str; char address[NI_MAXHOST] = "unknown"; @@ -136,7 +136,7 @@ char *sockaddr2hostname(sockaddr_t *sa) return str; } -int sockaddrcmp(sockaddr_t *a, sockaddr_t *b) +int sockaddrcmp(const sockaddr_t *a, const sockaddr_t *b) { int result; @@ -186,11 +186,11 @@ void sockaddrunmap(sockaddr_t *sa) /* Subnet mask handling */ -int maskcmp(void *va, void *vb, int masklen, int len) +int maskcmp(const void *va, const void *vb, int masklen, int len) { int i, m, result; - char *a = va; - char *b = vb; + const char *a = va; + const char *b = vb; cp(); @@ -224,11 +224,11 @@ void mask(void *va, int masklen, int len) a[i] = 0; } -void maskcpy(void *va, void *vb, int masklen, int len) +void maskcpy(void *va, const void *vb, int masklen, int len) { int i, m; char *a = va; - char *b = vb; + const char *b = vb; cp(); @@ -244,10 +244,10 @@ void maskcpy(void *va, void *vb, int masklen, int len) a[i] = 0; } -bool maskcheck(void *va, int masklen, int len) +bool maskcheck(const void *va, int masklen, int len) { int i; - char *a = va; + const char *a = va; cp(); diff --git a/src/netutl.h b/src/netutl.h index 66a7c972..d5a7feb8 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.17 2003/07/22 20:55:20 guus Exp $ + $Id: netutl.h,v 1.2.4.18 2003/07/24 12:08:15 guus Exp $ */ #ifndef __TINC_NETUTL_H__ @@ -27,15 +27,15 @@ extern bool hostnames; -extern struct addrinfo *str2addrinfo(char *, char *, int); -extern sockaddr_t str2sockaddr(char *, char *); -extern void sockaddr2str(sockaddr_t *, char **, char **); -extern char *sockaddr2hostname(sockaddr_t *); -extern int sockaddrcmp(sockaddr_t *, sockaddr_t *); +extern struct addrinfo *str2addrinfo(const char *, const char *, int); +extern sockaddr_t str2sockaddr(const char *, const char *); +extern void sockaddr2str(const sockaddr_t *, char **, char **); +extern char *sockaddr2hostname(const sockaddr_t *); +extern int sockaddrcmp(const sockaddr_t *, const sockaddr_t *); extern void sockaddrunmap(sockaddr_t *); -extern int maskcmp(void *, void *, int, int); -extern void maskcpy(void *, void *, int, int); +extern int maskcmp(const void *, const void *, int, int); +extern void maskcpy(void *, const void *, int, int); extern void mask(void *, int, int); -extern bool maskcheck(void *, int, int); +extern bool maskcheck(const void *, int, int); #endif /* __TINC_NETUTL_H__ */ diff --git a/src/node.c b/src/node.c index 5fc94a94..0401144f 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.23 2003/07/17 15:06:26 guus Exp $ + $Id: node.c,v 1.1.2.24 2003/07/24 12:08:15 guus Exp $ */ #include "system.h" @@ -35,12 +35,12 @@ avl_tree_t *node_udp_tree; /* Known nodes, sorted by address and port */ node_t *myself; -static int node_compare(node_t *a, node_t *b) +static int node_compare(const node_t *a, const node_t *b) { return strcmp(a->name, b->name); } -static int node_udp_compare(node_t *a, node_t *b) +static int node_udp_compare(const node_t *a, const node_t *b) { int result; @@ -143,20 +143,25 @@ void node_del(node_t *n) avl_delete(node_udp_tree, n); } -node_t *lookup_node(char *name) +node_t *lookup_node(const char *name) { - node_t n; + node_t n = { + .name = name, + }; + cp(); - n.name = name; + return avl_search(node_tree, &n); } -node_t *lookup_node_udp(sockaddr_t *sa) +node_t *lookup_node_udp(const sockaddr_t *sa) { - node_t n; + node_t n = { + .address = *sa, + .name = NULL, + }; + cp(); - n.address = *sa; - n.name = NULL; return avl_search(node_udp_tree, &n); } diff --git a/src/node.h b/src/node.h index 3dd112e6..02d84976 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.26 2003/07/22 20:55:20 guus Exp $ + $Id: node.h,v 1.1.2.27 2003/07/24 12:08:15 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -83,8 +83,8 @@ extern node_t *new_node(void) __attribute__ ((malloc)); extern void free_node(node_t *); extern void node_add(node_t *); extern void node_del(node_t *); -extern node_t *lookup_node(char *); -extern node_t *lookup_node_udp(sockaddr_t *); +extern node_t *lookup_node(const char *); +extern node_t *lookup_node_udp(const sockaddr_t *); extern void dump_nodes(void); #endif /* __TINC_NODE_H__ */ diff --git a/src/protocol.c b/src/protocol.c index ad7c57d7..dad7ccb6 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.142 2003/07/22 20:55:20 guus Exp $ + $Id: protocol.c,v 1.28.4.143 2003/07/24 12:08:15 guus Exp $ */ #include "system.h" @@ -53,12 +53,10 @@ static char (*request_name[]) = { static avl_tree_t *past_request_tree; -bool check_id(char *id) +bool check_id(const char *id) { - int i; - - for(i = 0; i < strlen(id); i++) - if(!isalnum(id[i]) && id[i] != '_') + for(; *id; id++) + if(!isalnum(*id) && *id != '_') return false; return true; @@ -180,7 +178,7 @@ bool receive_request(connection_t *c) return true; } -static int past_request_compare(past_request_t *a, past_request_t *b) +static int past_request_compare(const past_request_t *a, const past_request_t *b) { return strcmp(a->request, b->request); } @@ -209,14 +207,15 @@ void exit_requests(void) avl_delete_tree(past_request_tree); } -bool seen_request(char *request) +bool seen_request(const char *request) { - past_request_t p, *new; + past_request_t p = { + .request = request, + }; + past_request_t *new; cp(); - p.request = request; - if(avl_search(past_request_tree, &p)) { ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Already seen request")); return true; diff --git a/src/protocol.h b/src/protocol.h index 132a8e6e..fbbe0335 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.40 2003/07/22 20:55:20 guus Exp $ + $Id: protocol.h,v 1.5.4.41 2003/07/24 12:08:16 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -63,11 +63,11 @@ typedef struct past_request_t { extern bool send_request(struct connection_t *, const char *, ...) __attribute__ ((format(printf, 2, 3))); extern void forward_request(struct connection_t *); extern bool receive_request(struct connection_t *); -extern bool check_id(char *); +extern bool check_id(const char *); extern void init_requests(void); extern void exit_requests(void); -extern bool seen_request(char *); +extern bool seen_request(const char *); extern void age_past_requests(void); /* Requests */ @@ -77,18 +77,18 @@ extern bool send_metakey(struct connection_t *); extern bool send_challenge(struct connection_t *); extern bool send_chal_reply(struct connection_t *); extern bool send_ack(struct connection_t *); -extern bool send_status(struct connection_t *, int, char *); -extern bool send_error(struct connection_t *, int, char *); +extern bool send_status(struct connection_t *, int, const char *); +extern bool send_error(struct connection_t *, int,const char *); extern bool send_termreq(struct connection_t *); extern bool send_ping(struct connection_t *); extern bool send_pong(struct connection_t *); -extern bool send_add_subnet(struct connection_t *, struct subnet_t *); -extern bool send_del_subnet(struct connection_t *, struct subnet_t *); -extern bool send_add_edge(struct connection_t *, struct edge_t *); -extern bool send_del_edge(struct connection_t *, struct edge_t *); -extern bool send_key_changed(struct connection_t *, struct node_t *); -extern bool send_req_key(struct connection_t *, struct node_t *, struct node_t *); -extern bool send_ans_key(struct connection_t *, struct node_t *, struct node_t *); +extern bool send_add_subnet(struct connection_t *, const struct subnet_t *); +extern bool send_del_subnet(struct connection_t *, const struct subnet_t *); +extern bool send_add_edge(struct connection_t *, const struct edge_t *); +extern bool send_del_edge(struct connection_t *, const struct edge_t *); +extern bool send_key_changed(struct connection_t *, const struct node_t *); +extern bool send_req_key(struct connection_t *, const struct node_t *, const struct node_t *); +extern bool send_ans_key(struct connection_t *, const struct node_t *, const struct node_t *); extern bool send_tcppacket(struct connection_t *, struct vpn_packet_t *); /* Request handlers */ diff --git a/src/protocol_edge.c b/src/protocol_edge.c index e1e2ca01..4552a528 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.19 2003/07/22 20:55:20 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.20 2003/07/24 12:08:16 guus Exp $ */ #include "system.h" @@ -36,7 +36,7 @@ #include "utils.h" #include "xalloc.h" -bool send_add_edge(connection_t *c, edge_t *e) +bool send_add_edge(connection_t *c, const edge_t *e) { bool x; char *address, *port; @@ -163,7 +163,7 @@ bool add_edge_h(connection_t *c) return true; } -bool send_del_edge(connection_t *c, edge_t *e) +bool send_del_edge(connection_t *c, const edge_t *e) { cp(); diff --git a/src/protocol_key.c b/src/protocol_key.c index 421e2a30..cb652c1e 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.21 2003/07/23 22:17:31 guus Exp $ + $Id: protocol_key.c,v 1.1.4.22 2003/07/24 12:08:16 guus Exp $ */ #include "system.h" @@ -34,7 +34,7 @@ bool mykeyused = false; -bool send_key_changed(connection_t *c, node_t *n) +bool send_key_changed(connection_t *c, const node_t *n) { cp(); @@ -82,7 +82,7 @@ bool key_changed_h(connection_t *c) return true; } -bool send_req_key(connection_t *c, node_t *from, node_t *to) +bool send_req_key(connection_t *c, const node_t *from, const node_t *to) { cp(); @@ -133,7 +133,7 @@ bool req_key_h(connection_t *c) return true; } -bool send_ans_key(connection_t *c, node_t *from, node_t *to) +bool send_ans_key(connection_t *c, const node_t *from, const node_t *to) { char key[MAX_STRING_SIZE]; diff --git a/src/protocol_misc.c b/src/protocol_misc.c index 25a86abe..66f8980a 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_misc.c,v 1.1.4.12 2003/07/22 20:55:20 guus Exp $ + $Id: protocol_misc.c,v 1.1.4.13 2003/07/24 12:08:16 guus Exp $ */ #include "system.h" @@ -33,7 +33,7 @@ /* Status and error notification routines */ -bool send_status(connection_t *c, int statusno, char *statusstring) +bool send_status(connection_t *c, int statusno, const char *statusstring) { cp(); @@ -62,7 +62,7 @@ bool status_h(connection_t *c) return true; } -bool send_error(connection_t *c, int err, char *errstring) +bool send_error(connection_t *c, int err, const char *errstring) { cp(); diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index 48b5efef..bb2f2def 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.14 2003/07/22 20:55:20 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.15 2003/07/24 12:08:16 guus Exp $ */ #include "system.h" @@ -33,7 +33,7 @@ #include "utils.h" #include "xalloc.h" -bool send_add_subnet(connection_t *c, subnet_t *subnet) +bool send_add_subnet(connection_t *c, const subnet_t *subnet) { bool x; char *netstr; @@ -122,7 +122,7 @@ bool add_subnet_h(connection_t *c) return true; } -bool send_del_subnet(connection_t *c, subnet_t *s) +bool send_del_subnet(connection_t *c, const subnet_t *s) { bool x; char *netstr; diff --git a/src/subnet.c b/src/subnet.c index f5a8bd4b..4541594d 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.47 2003/07/17 15:06:27 guus Exp $ + $Id: subnet.c,v 1.1.2.48 2003/07/24 12:08:16 guus Exp $ */ #include "system.h" @@ -37,7 +37,7 @@ avl_tree_t *subnet_tree; /* Subnet comparison */ -static int subnet_compare_mac(subnet_t *a, subnet_t *b) +static int subnet_compare_mac(const subnet_t *a, const subnet_t *b) { int result; @@ -49,7 +49,7 @@ static int subnet_compare_mac(subnet_t *a, subnet_t *b) return strcmp(a->owner->name, b->owner->name); } -static int subnet_compare_ipv4(subnet_t *a, subnet_t *b) +static int subnet_compare_ipv4(const subnet_t *a, const subnet_t *b) { int result; @@ -66,7 +66,7 @@ static int subnet_compare_ipv4(subnet_t *a, subnet_t *b) return strcmp(a->owner->name, b->owner->name); } -static int subnet_compare_ipv6(subnet_t *a, subnet_t *b) +static int subnet_compare_ipv6(const subnet_t *a, const subnet_t *b) { int result; @@ -83,7 +83,7 @@ static int subnet_compare_ipv6(subnet_t *a, subnet_t *b) return strcmp(a->owner->name, b->owner->name); } -static int subnet_compare(subnet_t *a, subnet_t *b) +static int subnet_compare(const subnet_t *a, const subnet_t *b) { int result; @@ -177,7 +177,7 @@ void subnet_del(node_t *n, subnet_t *subnet) /* Ascii representation of subnets */ -subnet_t *str2net(char *subnetstr) +subnet_t *str2net(const char *subnetstr) { int i, l; subnet_t *subnet; @@ -246,7 +246,7 @@ subnet_t *str2net(char *subnetstr) return NULL; } -char *net2str(subnet_t *subnet) +char *net2str(const subnet_t *subnet) { char *netstr; @@ -296,39 +296,41 @@ char *net2str(subnet_t *subnet) /* Subnet lookup routines */ -subnet_t *lookup_subnet(node_t *owner, subnet_t *subnet) +subnet_t *lookup_subnet(const node_t *owner, const subnet_t *subnet) { cp(); return avl_search(owner->subnet_tree, subnet); } -subnet_t *lookup_subnet_mac(mac_t *address) +subnet_t *lookup_subnet_mac(const mac_t *address) { - subnet_t subnet, *p; + subnet_t subnet = { + .type = SUBNET_MAC, + .net.mac.address = *address, + .owner = NULL + }; + subnet_t *p; cp(); - subnet.type = SUBNET_MAC; - memcpy(&subnet.net.mac.address, address, sizeof(mac_t)); - subnet.owner = NULL; - p = (subnet_t *) avl_search(subnet_tree, &subnet); return p; } -subnet_t *lookup_subnet_ipv4(ipv4_t *address) +subnet_t *lookup_subnet_ipv4(const ipv4_t *address) { - subnet_t subnet, *p; + subnet_t subnet = { + .type = SUBNET_IPV4, + .net.ipv4.address = *address, + .net.ipv4.prefixlength = 32, + .owner = NULL + }; + subnet_t *p; cp(); - subnet.type = SUBNET_IPV4; - memcpy(&subnet.net.ipv4.address, address, sizeof(ipv4_t)); - subnet.net.ipv4.prefixlength = 32; - subnet.owner = NULL; - do { /* Go find subnet */ @@ -356,17 +358,18 @@ subnet_t *lookup_subnet_ipv4(ipv4_t *address) return p; } -subnet_t *lookup_subnet_ipv6(ipv6_t *address) +subnet_t *lookup_subnet_ipv6(const ipv6_t *address) { - subnet_t subnet, *p; + subnet_t subnet = { + .type = SUBNET_IPV6, + .net.ipv6.address = *address, + .net.ipv6.prefixlength = 128, + .owner = NULL + }; + subnet_t *p; cp(); - subnet.type = SUBNET_IPV6; - memcpy(&subnet.net.ipv6.address, address, sizeof(ipv6_t)); - subnet.net.ipv6.prefixlength = 128; - subnet.owner = NULL; - do { /* Go find subnet */ diff --git a/src/subnet.h b/src/subnet.h index 7cb0e9bb..edca1c74 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.22 2003/07/22 20:55:20 guus Exp $ + $Id: subnet.h,v 1.1.2.23 2003/07/24 12:08:16 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -72,12 +72,12 @@ extern avl_tree_t *new_subnet_tree(void) __attribute__ ((malloc)); extern void free_subnet_tree(avl_tree_t *); extern void subnet_add(struct node_t *, subnet_t *); extern void subnet_del(struct node_t *, subnet_t *); -extern char *net2str(subnet_t *); -extern subnet_t *str2net(char *); -extern subnet_t *lookup_subnet(struct node_t *, subnet_t *); -extern subnet_t *lookup_subnet_mac(mac_t *); -extern subnet_t *lookup_subnet_ipv4(ipv4_t *); -extern subnet_t *lookup_subnet_ipv6(ipv6_t *); +extern char *net2str(const subnet_t *); +extern subnet_t *str2net(const char *); +extern subnet_t *lookup_subnet(const struct node_t *, const subnet_t *); +extern subnet_t *lookup_subnet_mac(const mac_t *); +extern subnet_t *lookup_subnet_ipv4(const ipv4_t *); +extern subnet_t *lookup_subnet_ipv6(const ipv6_t *); extern void dump_subnets(void); #endif /* __TINC_SUBNET_H__ */ From c15e8a96bf7e45adf750b7a36b0e8446ea049468 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 28 Jul 2003 21:54:03 +0000 Subject: [PATCH 782/923] More generic handling of tap device under Windows. --- src/cygwin/device.c | 594 ++++++++++++++++++++++---------------------- src/mingw/device.c | 529 +++++++++++++++++---------------------- 2 files changed, 516 insertions(+), 607 deletions(-) diff --git a/src/cygwin/device.c b/src/cygwin/device.c index 49bbbea3..131a786b 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -1,303 +1,291 @@ -/* - device.c -- Interaction with CIPE driver in a Cygwin environment - Copyright (C) 2002-2003 Ivo Timmermans , - 2002-2003 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: device.c,v 1.1.2.10 2003/07/22 20:55:20 guus Exp $ -*/ - -#include "system.h" - -#include -#include - -#include "conf.h" -#include "logger.h" -#include "net.h" -#include "route.h" -#include "utils.h" -#include "xalloc.h" - -/* Definitions from CIPE */ - -#define NETCARD_REG_KEY_2000 "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}" -#define NETCARD_REG_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards" -#define REG_SERVICE_KEY "SYSTEM\\CurrentControlSet\\Services" - -#define USERMODEDEVICEDIR "\\\\.\\" -#define SYSDEVICEDIR "\\Device\\" -#define USERDEVICEDIR "\\??\\" -#define TAPSUFFIX ".tap" - -#define PRODUCT_STRING "DKW Heavy Industries VPN Adapter." -#define CIPE_SERVICE_NAME "CIPE_Daemon" -#define CIPE_DRIVER_NAME "CIPE" - -#define CIPE_NDIS_MAJOR_VERSION 4 -#define CIPE_NDIS_MINOR_VERSION 0 - -#ifndef CIPE_DRIVER_MAJOR_VERSION -# define CIPE_DRIVER_MAJOR_VERSION 2 -#endif - -#ifndef CIPE_DRIVER_MINOR_VERSION -# define CIPE_DRIVER_MINOR_VERSION 1 -#endif - -#ifndef CIPE_MAC_ROOT_ADDRESS -# define CIPE_MAC_ROOT_ADDRESS "8:0:58:0:0:1" -#endif - -#define CIPE_CONTROL_CODE(request,method) CTL_CODE (FILE_DEVICE_PHYSICAL_NETCARD | 8000, request, method, FILE_ANY_ACCESS) - -#define CIPE_IOCTL_GET_LASTMAC CIPE_CONTROL_CODE (0, METHOD_BUFFERED) -#define CIPE_IOCTL_GET_MAC CIPE_CONTROL_CODE (1, METHOD_BUFFERED) -#define CIPE_IOCTL_SET_STATISTICS CIPE_CONTROL_CODE (2, METHOD_BUFFERED) - -/* Windows 2000 */ -#define OSTYPE 5 - -int device_fd = -1; -char *device = NULL; -char *iface = NULL; -char *device_info = NULL; - -int device_total_in = 0; -int device_total_out = 0; - -HANDLE handle; - -pid_t reader_pid; -int sp[2]; - -bool setup_device(void) -{ - HKEY key, key2, adapterkey; - int i; - - char adapterid[1024]; - char manufacturer[1024]; - char productname[1024]; - char adaptername[1024]; - char tapname[1024]; - char gelukt = 0; - long len; - - FILETIME filetime; - bool found = false; - - cp(); - - get_config_string(lookup_config(config_tree, "Device"), &device); - - /* Open registry and look for network adapters */ - - if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, (OSTYPE > 4 ? NETCARD_REG_KEY_2000 : NETCARD_REG_KEY), 0, KEY_READ, &key)) { - logger(LOG_ERR, _("Unable to read registry")); - return false; - } - - for (i = 0; ; i++) { - len = sizeof(adapterid); - if(RegEnumKeyEx (key, i, adapterid, &len, 0, 0, 0, &filetime)) - break; - - /* Find out more about this adapter */ - - if(RegOpenKeyEx (key, adapterid, 0, KEY_READ, &adapterkey)) { - logger(LOG_ERR, _("Unable to read registry")); - return false; - } - - len = sizeof(productname); - if(RegQueryValueEx(adapterkey, "ProductName", 0, 0, productname, &len)) - goto skip; - - len = sizeof(manufacturer); - if(RegQueryValueEx(adapterkey, "Manufacturer", 0, 0, manufacturer, &len)) - goto skip; - - if(!strcmp(productname, "CIPE") && !strcmp(manufacturer, "DKWHeavyIndustries")) { - if(device && strcmp(adapterid, device)) - continue; - if(!device) - device = xstrdup(adapterid); - found = true; - break; - } - -skip: - RegCloseKey (adapterkey); - } - - if(!found) { - logger(LOG_ERR, _("No CIPE adapters found!")); - return false; - } - - /* Get adapter name */ - - len = sizeof(adaptername); - RegQueryValueEx(adapterkey, (OSTYPE > 4 ? "NetCfgInstanceId" : "ServiceName"), 0, 0, adaptername, &len); - - /* FIXME? cipsrvr checks if the device is in use at this point */ - - /* Try to open the corresponding tap device */ - - snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, adaptername); - - /* Now we are going to open this device twice: once for reading and once for writing. - We do this because apparently it isn't possible to check for activity in the select() loop. - Furthermore I don't really know how to do it the "Windows" way. */ - - if(socketpair(AF_UNIX, SOCK_DGRAM, PF_UNIX, sp)) { - logger(LOG_DEBUG, _("System call `%s' failed: %s"), "socketpair", strerror(errno)); - return false; - } - - reader_pid = fork(); - - if(reader_pid == -1) { - logger(LOG_DEBUG, _("System call `%s' failed: %s"), "fork", strerror(errno)); - return false; - } - - if(!reader_pid) { - /* The child opens the tap device for reading, blocking. - It passes everything it reads to the socket. */ - - char buf[MTU]; - int lenin; - - handle = CreateFile(tapname, GENERIC_READ, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); - - if(handle == INVALID_HANDLE_VALUE) { - logger(LOG_ERR, _("Could not open CIPE tap device for reading!")); - buf[0] = 0; - write(sp[1], buf, 1); - exit(1); - } - - logger(LOG_DEBUG, _("Tap reader forked and running.")); - - /* Notify success */ - - buf[0] = 1; - write(sp[1], buf, 1); - - /* Pass packets */ - - for(;;) { - ReadFile (handle, buf, MTU, &lenin, NULL); - write(sp[1], buf, lenin); - } - } - - /* The parent opens the tap device for writing. */ - - handle = CreateFile(tapname, GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); - - if(handle == INVALID_HANDLE_VALUE) { - logger(LOG_ERR, _("Could not open CIPE tap device for writing!")); - return false; - } - - device_fd = sp[0]; - - /* Get MAC address from tap device */ - - if(routing_mode == RMODE_ROUTER) { - DeviceIoControl (handle, CIPE_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0); - overwrite_mac = 1; - } - - read(device_fd, &gelukt, 1); - if(gelukt != 1) { - logger(LOG_DEBUG, "Tap reader failed!"); - return false; - } - - if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) - iface = device; - - device_info = _("Cygwin CIPE device"); - - logger(LOG_INFO, _("%s is a %s"), device, device_info); - - return false; -} - -void close_device(void) -{ - cp(); - - close(sp[0]); - close(sp[1]); - CloseHandle(handle); - - kill(reader_pid, SIGKILL); -} - -bool read_packet(vpn_packet_t *packet) -{ - int lenin; - - cp(); - - if((lenin = read(sp[0], packet->data, MTU)) <= 0) { - logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, - device, strerror(errno)); - return false; - } - - packet->len = lenin; - - device_total_in += packet->len; - - ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, - device_info); - - return true; -} - -bool write_packet(vpn_packet_t *packet) -{ - int lenout; - - cp(); - - ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), - packet->len, device_info); - - if(!WriteFile (handle, packet->data, packet->len, &lenout, NULL)) { - logger(LOG_ERR, "Error while writing to %s %s", device_info, device); - return false; - } - - device_total_out += packet->len; - - return true; -} - -void dump_device_stats(void) -{ - cp(); - - logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -} +/* + device.c -- Interaction with CIPE driver in a Cygwin environment + Copyright (C) 2002-2003 Ivo Timmermans , + 2002-2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.1.2.11 2003/07/28 21:54:03 guus Exp $ +*/ + +#include "system.h" + +#include +#include + +#include "conf.h" +#include "logger.h" +#include "net.h" +#include "route.h" +#include "utils.h" +#include "xalloc.h" + +#define NETCARD_REG_KEY_2000 "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}" +#define NETCARD_REG_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards" +#define REG_SERVICE_KEY "SYSTEM\\CurrentControlSet\\Services" +#define REG_CONTROL_NET "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}" + +#define USERMODEDEVICEDIR "\\\\.\\" +#define SYSDEVICEDIR "\\Device\\" +#define USERDEVICEDIR "\\??\\" +#define TAPSUFFIX ".tap" + +#define TAP_CONTROL_CODE(request,method) CTL_CODE(FILE_DEVICE_PHYSICAL_NETCARD | 8000, request, method, FILE_ANY_ACCESS) + +#define TAP_IOCTL_GET_LASTMAC TAP_CONTROL_CODE(0, METHOD_BUFFERED) +#define TAP_IOCTL_GET_MAC TAP_CONTROL_CODE(1, METHOD_BUFFERED) +#define TAP_IOCTL_SET_STATISTICS TAP_CONTROL_CODE(2, METHOD_BUFFERED) + +/* FIXME: This only works for Windows 2000 */ +#define OSTYPE 5 + +int device_fd = -1; +char *device = NULL; +char *iface = NULL; +char *device_info = NULL; + +int device_total_in = 0; +int device_total_out = 0; + +HANDLE handle; + +pid_t reader_pid; +int sp[2]; + +bool setup_device(void) +{ + HKEY key, key2; + int i; + + char regpath[1024]; + char adapterid[1024]; + char adaptername[1024]; + char tapname[1024]; + char gelukt = 0; + long len; + + bool found = false; + + cp(); + + get_config_string(lookup_config(config_tree, "Device"), &device); + get_config_string(lookup_config(config_tree, "Interface"), &iface); + + /* Open registry and look for network adapters */ + + if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CONTROL_NET, 0, KEY_READ, &key)) { + logger(LOG_ERR, _("Unable to read registry")); + return false; + } + + for (i = 0; ; i++) { + len = sizeof(adapterid); + if(RegEnumKeyEx(key, i, adapterid, &len, 0, 0, 0, NULL)) + break; + + if(device) { + if(!strcmp(device, adapterid)) { + found = true; + break; + } else + continue; + } + + /* Find out more about this adapter */ + + snprintf(regpath, sizeof(regpath), "%s\\%s\\Connection", REG_CONTROL_NET, adapterid); + + if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, regpath, 0, KEY_READ, &key2)) { + logger(LOG_ERR, _("Unable to read registry")); + return false; + } + + len = sizeof(adaptername); + RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); + + if(iface) { + if(!strcmp(iface, adaptername)) { + found = true; + break; + } else + continue; + } + + snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, adapterid); + handle = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0); + if(handle != INVALID_HANDLE_VALUE) { + CloseHandle(handle); + found = true; + break; + } + } + + if(!found) { + logger(LOG_ERR, _("No Windows tap device found!")); + return false; + } + + device = adapterid; + iface = adaptername; + + snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, device); + + /* Now we are going to open this device twice: once for reading and once for writing. + We do this because apparently it isn't possible to check for activity in the select() loop. + Furthermore I don't really know how to do it the "Windows" way. */ + + if(socketpair(AF_UNIX, SOCK_DGRAM, PF_UNIX, sp)) { + logger(LOG_DEBUG, _("System call `%s' failed: %s"), "socketpair", strerror(errno)); + return false; + } + + /* The parent opens the tap device for writing. */ + + handle = CreateFile(tapname, GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); + + if(handle == INVALID_HANDLE_VALUE) { + logger(LOG_ERR, _("Could not open CIPE tap device for writing!")); + return false; + } + + device_fd = sp[0]; + + /* Get MAC address from tap device */ + + if(DeviceIoControl(device_fd, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) { + logger(LOG_ERR, _("Could not get MAC address from Windows tap device!")); + return false; + } + + if(routing_mode == RMODE_ROUTER) { + overwrite_mac = 1; + } + + /* Now we start the child */ + + reader_pid = fork(); + + if(reader_pid == -1) { + logger(LOG_DEBUG, _("System call `%s' failed: %s"), "fork", strerror(errno)); + return false; + } + + if(!reader_pid) { + /* The child opens the tap device for reading, blocking. + It passes everything it reads to the socket. */ + + char buf[MTU]; + int lenin; + + handle = CreateFile(tapname, GENERIC_READ, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); + + if(handle == INVALID_HANDLE_VALUE) { + logger(LOG_ERR, _("Could not open CIPE tap device for reading!")); + buf[0] = 0; + write(sp[1], buf, 1); + exit(1); + } + + logger(LOG_DEBUG, _("Tap reader forked and running.")); + + /* Notify success */ + + buf[0] = 1; + write(sp[1], buf, 1); + + /* Pass packets */ + + for(;;) { + ReadFile (handle, buf, MTU, &lenin, NULL); + write(sp[1], buf, lenin); + } + } + + read(device_fd, &gelukt, 1); + if(gelukt != 1) { + logger(LOG_DEBUG, "Tap reader failed!"); + return false; + } + + if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) + iface = device; + + device_info = _("Windows tap device"); + + logger(LOG_INFO, _("%s (%s) is a %s"), device, iface, device_info); + + return false; +} + +void close_device(void) +{ + cp(); + + close(sp[0]); + close(sp[1]); + CloseHandle(handle); + + kill(reader_pid, SIGKILL); +} + +bool read_packet(vpn_packet_t *packet) +{ + int lenin; + + cp(); + + if((lenin = read(sp[0], packet->data, MTU)) <= 0) { + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return false; + } + + packet->len = lenin; + + device_total_in += packet->len; + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + device_info); + + return true; +} + +bool write_packet(vpn_packet_t *packet) +{ + int lenout; + + cp(); + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + if(!WriteFile (handle, packet->data, packet->len, &lenout, NULL)) { + logger(LOG_ERR, "Error while writing to %s %s", device_info, device); + return false; + } + + device_total_out += packet->len; + + return true; +} + +void dump_device_stats(void) +{ + cp(); + + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +} diff --git a/src/mingw/device.c b/src/mingw/device.c index d8aabcc4..4a962fe4 100644 --- a/src/mingw/device.c +++ b/src/mingw/device.c @@ -1,304 +1,225 @@ -/* - device.c -- Interaction with CIPE driver in a MinGW environment - Copyright (C) 2002-2003 Ivo Timmermans , - 2002-2003 Guus Sliepen - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - $Id: device.c,v 1.1.2.2 2003/07/22 20:55:21 guus Exp $ -*/ - -#error "Device driver for MinGW environment not written yet!" - -#include "system.h" - -#include - -#include "conf.h" -#include "logger.h" -#include "net.h" -#include "route.h" -#include "utils.h" -#include "xalloc.h" - -/* Definitions from CIPE */ - -#define NETCARD_REG_KEY_2000 "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}" -#define NETCARD_REG_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards" -#define REG_SERVICE_KEY "SYSTEM\\CurrentControlSet\\Services" - -#define USERMODEDEVICEDIR "\\\\.\\" -#define SYSDEVICEDIR "\\Device\\" -#define USERDEVICEDIR "\\??\\" -#define TAPSUFFIX ".tap" - -#define PRODUCT_STRING "DKW Heavy Industries VPN Adapter." -#define CIPE_SERVICE_NAME "CIPE_Daemon" -#define CIPE_DRIVER_NAME "CIPE" - -#define CIPE_NDIS_MAJOR_VERSION 4 -#define CIPE_NDIS_MINOR_VERSION 0 - -#ifndef CIPE_DRIVER_MAJOR_VERSION -# define CIPE_DRIVER_MAJOR_VERSION 2 -#endif - -#ifndef CIPE_DRIVER_MINOR_VERSION -# define CIPE_DRIVER_MINOR_VERSION 1 -#endif - -#ifndef CIPE_MAC_ROOT_ADDRESS -# define CIPE_MAC_ROOT_ADDRESS "8:0:58:0:0:1" -#endif - -#define CIPE_CONTROL_CODE(request,method) CTL_CODE (FILE_DEVICE_PHYSICAL_NETCARD | 8000, request, method, FILE_ANY_ACCESS) - -#define CIPE_IOCTL_GET_LASTMAC CIPE_CONTROL_CODE (0, METHOD_BUFFERED) -#define CIPE_IOCTL_GET_MAC CIPE_CONTROL_CODE (1, METHOD_BUFFERED) -#define CIPE_IOCTL_SET_STATISTICS CIPE_CONTROL_CODE (2, METHOD_BUFFERED) - -/* Windows 2000 */ -#define OSTYPE 5 - -int device_fd = -1; -char *device = NULL; -char *iface = NULL; -char *device_info = NULL; - -int device_total_in = 0; -int device_total_out = 0; - -HANDLE handle; - -pid_t reader_pid; -int sp[2]; - -bool setup_device(void) -{ - HKEY key, key2, adapterkey; - int i; - - char adapterid[1024]; - char manufacturer[1024]; - char productname[1024]; - char adaptername[1024]; - char tapname[1024]; - char gelukt = 0; - long len; - - FILETIME filetime; - bool found = false; - - cp(); - - get_config_string(lookup_config(config_tree, "Device"), &device); - - /* Open registry and look for network adapters */ - - if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, (OSTYPE > 4 ? NETCARD_REG_KEY_2000 : NETCARD_REG_KEY), 0, KEY_READ, &key)) { - logger(LOG_ERR, _("Unable to read registry")); - return false; - } - - for (i = 0; ; i++) { - len = sizeof(adapterid); - if(RegEnumKeyEx (key, i, adapterid, &len, 0, 0, 0, &filetime)) - break; - - /* Find out more about this adapter */ - - if(RegOpenKeyEx (key, adapterid, 0, KEY_READ, &adapterkey)) { - logger(LOG_ERR, _("Unable to read registry")); - return false; - } - - len = sizeof(productname); - if(RegQueryValueEx(adapterkey, "ProductName", 0, 0, productname, &len)) - goto skip; - - len = sizeof(manufacturer); - if(RegQueryValueEx(adapterkey, "Manufacturer", 0, 0, manufacturer, &len)) - goto skip; - - if(!strcmp(productname, "CIPE") && !strcmp(manufacturer, "DKWHeavyIndustries")) { - if(device && strcmp(adapterid, device)) - continue; - if(!device) - device = xstrdup(adapterid); - found = true; - break; - } - -skip: - RegCloseKey (adapterkey); - } - - if(!found) { - logger(LOG_ERR, _("No CIPE adapters found!")); - return false; - } - - /* Get adapter name */ - - len = sizeof(adaptername); - RegQueryValueEx(adapterkey, (OSTYPE > 4 ? "NetCfgInstanceId" : "ServiceName"), 0, 0, adaptername, &len); - - /* FIXME? cipsrvr checks if the device is in use at this point */ - - /* Try to open the corresponding tap device */ - - snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, adaptername); - - /* Now we are going to open this device twice: once for reading and once for writing. - We do this because apparently it isn't possible to check for activity in the select() loop. - Furthermore I don't really know how to do it the "Windows" way. */ - - if(socketpair(AF_UNIX, SOCK_DGRAM, PF_UNIX, sp)) { - logger(LOG_DEBUG, _("System call `%s' failed: %s"), "socketpair", strerror(errno)); - return false; - } - - reader_pid = fork(); - - if(reader_pid == -1) { - logger(LOG_DEBUG, _("System call `%s' failed: %s"), "fork", strerror(errno)); - return false; - } - - if(!reader_pid) { - /* The child opens the tap device for reading, blocking. - It passes everything it reads to the socket. */ - - char buf[MTU]; - int lenin; - - handle = CreateFile(tapname, GENERIC_READ, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); - - if(handle == INVALID_HANDLE_VALUE) { - logger(LOG_ERR, _("Could not open CIPE tap device for reading!")); - buf[0] = 0; - write(sp[1], buf, 1); - exit(1); - } - - logger(LOG_DEBUG, _("Tap reader forked and running.")); - - /* Notify success */ - - buf[0] = 1; - write(sp[1], buf, 1); - - /* Pass packets */ - - for(;;) { - ReadFile (handle, buf, MTU, &lenin, NULL); - write(sp[1], buf, lenin); - } - } - - /* The parent opens the tap device for writing. */ - - handle = CreateFile(tapname, GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); - - if(handle == INVALID_HANDLE_VALUE) { - logger(LOG_ERR, _("Could not open CIPE tap device for writing!")); - return false; - } - - device_fd = sp[0]; - - /* Get MAC address from tap device */ - - if(routing_mode == RMODE_ROUTER) { - DeviceIoControl (handle, CIPE_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0); - overwrite_mac = 1; - } - - read(device_fd, &gelukt, 1); - if(gelukt != 1) { - logger(LOG_DEBUG, "Tap reader failed!"); - return false; - } - - if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) - iface = device; - - device_info = _("Cygwin CIPE device"); - - logger(LOG_INFO, _("%s is a %s"), device, device_info); - - return true; -} - -void close_device(void) -{ - cp(); - - close(sp[0]); - close(sp[1]); - CloseHandle(handle); - - kill(reader_pid, SIGKILL); -} - -bool read_packet(vpn_packet_t *packet) -{ - int lenin; - - cp(); - - if((lenin = read(sp[0], packet->data, MTU)) <= 0) { - logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, - device, strerror(errno)); - return false; - } - - packet->len = lenin; - - device_total_in += packet->len; - - ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, - device_info); - - return true; -} - -bool write_packet(vpn_packet_t *packet) -{ - int lenout; - - cp(); - - ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), - packet->len, device_info); - - if(!WriteFile (handle, packet->data, packet->len, &lenout, NULL)) { - logger(LOG_ERR, "Error while writing to %s %s", device_info, device); - return false; - } - - device_total_out += packet->len; - - return true; -} - -void dump_device_stats(void) -{ - cp(); - - logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); - logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); - logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); -} +/* + device.c -- Interaction with CIPE driver in a MinGW environment + Copyright (C) 2002-2003 Ivo Timmermans , + 2002-2003 Guus Sliepen + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + + $Id: device.c,v 1.1.2.3 2003/07/28 21:54:03 guus Exp $ +*/ + +#include "system.h" + +#include +#include + +#include "conf.h" +#include "logger.h" +#include "net.h" +#include "route.h" +#include "utils.h" +#include "xalloc.h" + +#define NETCARD_REG_KEY_2000 "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}" +#define NETCARD_REG_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards" +#define REG_SERVICE_KEY "SYSTEM\\CurrentControlSet\\Services" +#define REG_CONTROL_NET "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}" + +#define USERMODEDEVICEDIR "\\\\.\\" +#define SYSDEVICEDIR "\\Device\\" +#define USERDEVICEDIR "\\??\\" +#define TAPSUFFIX ".tap" + +#define TAP_CONTROL_CODE(request,method) CTL_CODE(FILE_DEVICE_PHYSICAL_NETCARD | 8000, request, method, FILE_ANY_ACCESS) + +#define TAP_IOCTL_GET_LASTMAC TAP_CONTROL_CODE(0, METHOD_BUFFERED) +#define TAP_IOCTL_GET_MAC TAP_CONTROL_CODE(1, METHOD_BUFFERED) +#define TAP_IOCTL_SET_STATISTICS TAP_CONTROL_CODE(2, METHOD_BUFFERED) + +/* FIXME: This only works for Windows 2000 */ +#define OSTYPE 5 + +HANDLE device_fd = INVALID_HANDLE_VALUE; +char *device = NULL; +char *iface = NULL; +char *device_info = NULL; + +int device_total_in = 0; +int device_total_out = 0; + +bool setup_device(void) +{ + HKEY key, key2; + int i; + + char regpath[1024]; + char adapterid[1024]; + char adaptername[1024]; + char tapname[1024]; + char gelukt = 0; + long len; + + bool found = false; + + cp(); + + get_config_string(lookup_config(config_tree, "Device"), &device); + get_config_string(lookup_config(config_tree, "Interface"), &iface); + + /* Open registry and look for network adapters */ + + if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CONTROL_NET, 0, KEY_READ, &key)) { + logger(LOG_ERR, _("Unable to read registry")); + return false; + } + + for (i = 0; ; i++) { + len = sizeof(adapterid); + if(RegEnumKeyEx(key, i, adapterid, &len, 0, 0, 0, NULL)) + break; + + if(device) { + if(!strcmp(device, adapterid)) { + found = true; + break; + } else + continue; + } + + /* Find out more about this adapter */ + + snprintf(regpath, sizeof(regpath), "%s\\%s\\Connection", REG_CONTROL_NET, adapterid); + + if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, regpath, 0, KEY_READ, &key2)) { + logger(LOG_ERR, _("Unable to read registry")); + return false; + } + + len = sizeof(adaptername); + RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); + + if(iface) { + if(!strcmp(iface, adaptername)) { + found = true; + break; + } else + continue; + } + + snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, adapterid); + device_fd = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0); + if(device_fd != INVALID_HANDLE_VALUE) { + found = true; + break; + } + } + + if(!found) { + logger(LOG_ERR, _("No Windows tap device found!")); + return false; + } + + device = adapterid; + iface = adaptername; + + /* Try to open the corresponding tap device */ + + if(device_fd == INVALID_HANDLE_VALUE) { + snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, device); + device_fd = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0); + } + + if(device_fd == INVALID_HANDLE_VALUE) { + logger(LOG_ERR, _("%s (%s) is no a usable Windows tap device!"), device, iface); + return false; + } + + /* Get MAC address from tap device */ + + if(DeviceIoControl(device_fd, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) { + logger(LOG_ERR, _("Could not get MAC address from Windows tap device!")); + return false; + } + + if(routing_mode == RMODE_ROUTER) { + overwrite_mac = 1; + } + + if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) + iface = device; + + device_info = _("Windows tap device"); + + logger(LOG_INFO, _("%s (%s) is a %s"), device, iface, device_info); + + return true; +} + +void close_device(void) +{ + cp(); + + CloseHandle(device_fd); +} + +bool read_packet(vpn_packet_t *packet) +{ + int lenin; + + cp(); + + if(!ReadFile(device_fd, packet->data, MTU, &lenin, NULL)) { + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return false; + } + + packet->len = lenin; + + device_total_in += packet->len; + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, + device_info); + + return true; +} + +bool write_packet(vpn_packet_t *packet) +{ + int lenout; + + cp(); + + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), + packet->len, device_info); + + if(!WriteFile(device_fd, packet->data, packet->len, &lenout, NULL)) { + logger(LOG_ERR, "Error while writing to %s %s", device_info, device); + return false; + } + + device_total_out += packet->len; + + return true; +} + +void dump_device_stats(void) +{ + cp(); + + logger(LOG_DEBUG, _("Statistics for %s %s:"), device_info, device); + logger(LOG_DEBUG, _(" total bytes in: %10d"), device_total_in); + logger(LOG_DEBUG, _(" total bytes out: %10d"), device_total_out); +} From 0e945413315c9d15a3eb013fa3731dd978a8c7b8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 28 Jul 2003 22:06:09 +0000 Subject: [PATCH 783/923] More checks for missing functions. --- configure.in | 4 ++-- lib/dropin.c | 14 +++++++++++++- lib/pidfile.c | 4 +++- lib/pidfile.h | 2 ++ src/logger.c | 23 +++++++++++++++-------- src/logger.h | 13 +++++++++++++ src/net_socket.c | 14 +++++++++++++- src/process.c | 20 +++++++++++++++++++- src/tincd.c | 4 +++- 9 files changed, 83 insertions(+), 15 deletions(-) diff --git a/configure.in b/configure.in index 7850ac97..def2423a 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.71 2003/07/21 15:51:00 guus Exp $ +dnl $Id: configure.in,v 1.13.2.72 2003/07/28 22:06:08 guus Exp $ AC_PREREQ(2.53) AC_INIT(src/tincd.c) @@ -155,7 +155,7 @@ dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL -AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime get_current_dir_name putenv select strdup strerror strsignal strtol unsetenv mlockall vsyslog]) +AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime fork get_current_dir_name gettimeofday mlockall putenv select strdup strerror strsignal strtol unsetenv vsyslog]) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/lib/dropin.c b/lib/dropin.c index 0a8ae6ef..c92c0b81 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.16 2003/07/21 13:14:02 guus Exp $ + $Id: dropin.c,v 1.1.2.17 2003/07/28 22:06:09 guus Exp $ */ #include "system.h" @@ -40,6 +40,7 @@ */ int daemon(int nochdir, int noclose) { +#ifdef HAVE_FORK pid_t pid; int fd; @@ -82,6 +83,9 @@ int daemon(int nochdir, int noclose) } return 0; +#else + return -1; +#endif } #endif @@ -147,3 +151,11 @@ int asprintf(char **buf, const char *fmt, ...) return status; } #endif + +#ifndef HAVE_GETTIMEOFDAY +int gettimeofday(struct timeval *tv, void *tz) { + tv->tv_sec = time(NULL); + tv->tv_usec = 0; + return 0; +} +#endif diff --git a/lib/pidfile.c b/lib/pidfile.c index 2dea70b9..4a7276de 100644 --- a/lib/pidfile.c +++ b/lib/pidfile.c @@ -27,6 +27,7 @@ #include "system.h" +#ifndef HAVE_MINGW /* read_pid * * Reads the specified pidfile and returns the read pid. @@ -68,6 +69,7 @@ int check_pid (char *pidfile) errno = 0; if (kill(pid, 0) && errno == ESRCH) return(0); +#endif return pid; } @@ -127,4 +129,4 @@ int remove_pid (char *pidfile) { return unlink (pidfile); } - +#endif diff --git a/lib/pidfile.h b/lib/pidfile.h index 19d19c16..d428d48c 100644 --- a/lib/pidfile.h +++ b/lib/pidfile.h @@ -19,6 +19,7 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA. */ +#ifndef HAVE_MINGW /* read_pid * * Reads the specified pidfile and returns the read pid. @@ -48,3 +49,4 @@ int write_pid (char *pidfile); * is returned */ int remove_pid (char *pidfile); +#endif diff --git a/src/logger.c b/src/logger.c index 032349d1..1f7785f2 100644 --- a/src/logger.c +++ b/src/logger.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: logger.c,v 1.1.2.5 2003/07/22 20:55:19 guus Exp $ + $Id: logger.c,v 1.1.2.6 2003/07/28 22:06:09 guus Exp $ */ #include "system.h" @@ -37,8 +37,6 @@ void openlogger(const char *ident, logmode_t mode) { logmode = mode; switch(mode) { - case LOGMODE_NULL: - break; case LOGMODE_STDERR: logpid = getpid(); break; @@ -49,8 +47,12 @@ void openlogger(const char *ident, logmode_t mode) { logmode = LOGMODE_NULL; break; case LOGMODE_SYSLOG: +#ifdef HAVE_SYSLOG openlog(logident, LOG_CONS | LOG_PID, LOG_DAEMON); break; +#endif + case LOGMODE_NULL: + break; } } @@ -60,8 +62,6 @@ void logger(int priority, const char *format, ...) { va_start(ap, format); switch(logmode) { - case LOGMODE_NULL: - break; case LOGMODE_STDERR: vfprintf(stderr, format, ap); fprintf(stderr, "\n"); @@ -72,6 +72,7 @@ void logger(int priority, const char *format, ...) { fprintf(logfile, "\n"); break; case LOGMODE_SYSLOG: +#ifdef HAVE_SYSLOG #ifdef HAVE_VSYSLOG vsyslog(priority, format, ap); #else @@ -82,6 +83,9 @@ void logger(int priority, const char *format, ...) { } #endif break; +#endif + case LOGMODE_NULL: + break; } va_end(ap); @@ -89,14 +93,17 @@ void logger(int priority, const char *format, ...) { void closelogger(void) { switch(logmode) { - case LOGMODE_NULL: - case LOGMODE_STDERR: - break; case LOGMODE_FILE: fclose(logfile); break; case LOGMODE_SYSLOG: +#ifdef HAVE_SYSLOG closelog(); break; +#endif + case LOGMODE_NULL: + case LOGMODE_STDERR: + break; + break; } } diff --git a/src/logger.h b/src/logger.h index eb02fb87..c2672c66 100644 --- a/src/logger.h +++ b/src/logger.h @@ -20,6 +20,19 @@ typedef enum logmode_t { LOGMODE_SYSLOG } logmode_t; +#ifndef HAVE_SYSLOG +enum { + LOG_EMERG, + LOG_ALERT, + LOG_CRIT, + LOG_ERR, + LOG_WARNING, + LOG_NOTICE, + LOG_INFO, + LOG_DEBUG, +}; +#endif + extern debug_t debug_level; extern void openlogger(const char *, logmode_t); extern void logger(int, const char *, ...) __attribute__ ((format(printf, 2, 3))); diff --git a/src/net_socket.c b/src/net_socket.c index aa7d3d99..5f9e2173 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.31 2003/07/24 12:08:15 guus Exp $ + $Id: net_socket.c,v 1.1.2.32 2003/07/28 22:06:09 guus Exp $ */ #include "system.h" @@ -34,6 +34,10 @@ #include "utils.h" #include "xalloc.h" +#ifdef WSAEINPROGRESS +#define EINPROGRESS WSAEINPROGRESS +#endif + int addressfamily = AF_UNSPEC; int maxtimeout = 900; int seconds_till_retry = 5; @@ -49,7 +53,9 @@ int setup_listen_socket(const sockaddr_t *sa) char *addrstr; int option; char *iface; +#ifdef SO_BINDTODEVICE struct ifreq ifr; +#endif cp(); @@ -60,6 +66,7 @@ int setup_listen_socket(const sockaddr_t *sa) return -1; } +#ifdef O_NONBLOCK flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { @@ -68,6 +75,7 @@ int setup_listen_socket(const sockaddr_t *sa) strerror(errno)); return -1; } +#endif /* Optimize TCP settings */ @@ -138,6 +146,7 @@ int setup_vpn_in_socket(const sockaddr_t *sa) return -1; } +#ifdef O_NONBLOCK flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { close(nfd); @@ -145,6 +154,7 @@ int setup_vpn_in_socket(const sockaddr_t *sa) strerror(errno)); return -1; } +#endif option = 1; setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); @@ -280,11 +290,13 @@ begin: /* Non-blocking */ +#ifdef O_NONBLOCK flags = fcntl(c->socket, F_GETFL); if(fcntl(c->socket, F_SETFL, flags | O_NONBLOCK) < 0) { logger(LOG_ERR, _("fcntl for %s: %s"), c->hostname, strerror(errno)); } +#endif /* Connect */ diff --git a/src/process.c b/src/process.c index 218df760..36b21461 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.57 2003/07/22 20:55:20 guus Exp $ + $Id: process.c,v 1.1.2.58 2003/07/28 22:06:09 guus Exp $ */ #include "system.h" @@ -88,6 +88,7 @@ void cleanup_and_exit(int c) exit(c); } +#ifndef HAVE_MINGW /* check for an existing tinc for this net, and write pid to pidfile */ @@ -114,12 +115,14 @@ static bool write_pidfile(void) return true; } +#endif /* kill older tincd for this net */ bool kill_other(int signal) { +#ifndef HAVE_MINGW int pid; cp(); @@ -148,6 +151,7 @@ bool kill_other(int signal) fprintf(stderr, _("Removing stale lock file.\n")); remove_pid(pidfilename); } +#endif return true; } @@ -163,13 +167,16 @@ bool detach(void) /* First check if we can open a fresh new pidfile */ +#ifndef HAVE_MINGW if(!write_pidfile()) return false; +#endif /* If we succeeded in doing that, detach */ closelogger(); +#ifdef HAVE_FORK if(do_detach) { if(daemon(0, 0)) { fprintf(stderr, _("Couldn't detach from terminal: %s"), @@ -182,6 +189,7 @@ bool detach(void) if(!write_pid(pidfilename)) return false; } +#endif openlogger(identname, use_logfile?LOGMODE_FILE:(do_detach?LOGMODE_SYSLOG:LOGMODE_STDERR)); @@ -193,6 +201,7 @@ bool detach(void) return true; } +#ifdef HAVE_FORK /* Execute the program name, with sane environment. */ @@ -224,12 +233,14 @@ static void _execute_script(const char *scriptname, char **envp) strerror(save_errno)); exit(save_errno); } +#endif /* Fork and execute the program pointed to by name. */ bool execute_script(const char *name, char **envp) { +#ifdef HAVE_FORK pid_t pid; int status; struct stat s; @@ -287,6 +298,9 @@ bool execute_script(const char *name, char **envp) /* Child here */ _execute_script(scriptname, envp); +#else + return true; +#endif } @@ -294,6 +308,7 @@ bool execute_script(const char *name, char **envp) Signal handlers. */ +#ifndef HAVE_MINGW static RETSIGTYPE sigterm_handler(int a) { logger(LOG_NOTICE, _("Got TERM signal")); @@ -415,9 +430,11 @@ static struct { {SIGWINCH, sigwinch_handler}, {0, NULL} }; +#endif void setup_signals(void) { +#ifndef HAVE_MINGW int i; struct sigaction act; @@ -449,4 +466,5 @@ void setup_signals(void) sighandlers[i].signal, strsignal(sighandlers[i].signal), strerror(errno)); } +#endif } diff --git a/src/tincd.c b/src/tincd.c index b9f9f4f4..d2179ab1 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.76 2003/07/22 20:55:20 guus Exp $ + $Id: tincd.c,v 1.10.4.77 2003/07/28 22:06:09 guus Exp $ */ #include "system.h" @@ -147,6 +147,7 @@ static void parse_options(int argc, char **argv, char **envp) break; case 'k': /* kill old tincds */ +#ifndef HAVE_MINGW if(optarg) { if(!strcasecmp(optarg, "HUP")) kill_tincd = SIGHUP; @@ -175,6 +176,7 @@ static void parse_options(int argc, char **argv, char **envp) } } else kill_tincd = SIGTERM; +#endif break; case 'n': /* net name given */ From 714fb32d0377ed9f5643ed8f0bd914843d12266b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 29 Jul 2003 10:50:15 +0000 Subject: [PATCH 784/923] Fix compile errors and warnings. --- lib/pidfile.c | 1 - po/nl.po | 341 ++++++++++++++++++++++++----------------------- src/connection.c | 4 +- src/edge.c | 4 +- src/edge.h | 4 +- src/logger.c | 8 +- src/logger.h | 2 +- src/net.c | 4 +- src/node.c | 6 +- src/node.h | 4 +- src/protocol.c | 4 +- src/protocol.h | 4 +- 12 files changed, 193 insertions(+), 193 deletions(-) diff --git a/lib/pidfile.c b/lib/pidfile.c index 4a7276de..368dad45 100644 --- a/lib/pidfile.c +++ b/lib/pidfile.c @@ -69,7 +69,6 @@ int check_pid (char *pidfile) errno = 0; if (kill(pid, 0) && errno == ESRCH) return(0); -#endif return pid; } diff --git a/po/nl.po b/po/nl.po index b8e1ad5d..60d3a0ac 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,14 +5,14 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"POT-Creation-Date: 2003-07-18 13:31-0800\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2003-07-28 16:38+0200\n" "PO-Revision-Date: 2003-05-06 23:10+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -"Report-Msgid-Bugs-To: \n" #: src/conf.c:159 #, c-format @@ -46,69 +46,69 @@ msgstr "" "Netwerk adres en prefix lengte komen niet overeen bij configuratievariabele %" "s in %s regel %d" -#: src/conf.c:337 +#: src/conf.c:338 #, c-format msgid "Cannot open config file %s: %s" msgstr "Kan configuratie bestand %s niet openen: %s" -#: src/conf.c:375 +#: src/conf.c:376 #, c-format msgid "No value for variable `%s' on line %d while reading config file %s" msgstr "" "Geen waarde voor variabele `%s' op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/conf.c:410 +#: src/conf.c:411 #, c-format msgid "Failed to read `%s': %s" msgstr "Lezen van `%s' mislukte: %s" -#: src/conf.c:427 +#: src/conf.c:429 #, c-format msgid "`%s' is not an absolute path" msgstr "`%s' is geen absoluut pad" -#: src/conf.c:443 src/conf.c:471 +#: src/conf.c:445 src/conf.c:473 #, c-format msgid "Couldn't stat `%s': %s" msgstr "Kon `%s' niet statten: %s" -#: src/conf.c:448 src/conf.c:479 +#: src/conf.c:450 src/conf.c:481 #, c-format msgid "`%s' is owned by UID %d instead of %d" msgstr "`%s' is eigendom van UID %d in plaats van %d" -#: src/conf.c:454 src/conf.c:485 +#: src/conf.c:456 src/conf.c:487 #, c-format msgid "Warning: `%s' is a symlink" msgstr "Waarschuwing: `%s' is een symbolische link" -#: src/conf.c:457 src/conf.c:488 +#: src/conf.c:459 src/conf.c:490 #, c-format msgid "Unable to read symbolic link `%s': %s" msgstr "Kan symbolische link `%s' niet lezen: %s" -#: src/conf.c:499 +#: src/conf.c:501 #, c-format msgid "`%s' has unsecure permissions" msgstr "`%s' heeft onveilige permissies" -#: src/conf.c:521 +#: src/conf.c:523 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "Geef een bestand om de %s naar de schrijven [%s]: " -#: src/conf.c:528 +#: src/conf.c:530 #, c-format msgid "Error while reading stdin: %s\n" msgstr "Fout tijdens lezen van standaardinvoer: %s\n" -#: src/conf.c:556 +#: src/conf.c:558 #, c-format msgid "Error opening file `%s': %s\n" msgstr "Fout bij het openen van het bestand `%s': %s\n" -#: src/conf.c:564 +#: src/conf.c:567 #, c-format msgid "" "The file `%s' (or any of the leading directories) has unsafe permissions.\n" @@ -174,56 +174,56 @@ msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:60 +#: src/net.c:58 msgid "Purging unreachable nodes" msgstr "Verwijderen onbereikbare nodes" -#: src/net.c:67 +#: src/net.c:65 #, c-format msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:148 +#: src/net.c:146 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:201 +#: src/net.c:199 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:210 +#: src/net.c:208 #, c-format msgid "Old connection_t for %s (%s) status %04x still lingering, deleting..." msgstr "" "Oude connection_t voor %s (%s) status %04x nog steeds aanwezig, wordt " "verwijderd..." -#: src/net.c:215 +#: src/net.c:213 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:257 +#: src/net.c:255 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:310 +#: src/net.c:308 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:341 +#: src/net.c:339 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:357 +#: src/net.c:356 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:381 +#: src/net.c:380 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." @@ -269,9 +269,9 @@ msgstr "Fout tijdens comprimeren pakket naar %s (%s)" msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" -#: src/net_packet.c:309 src/net_setup.c:451 src/net_socket.c:67 -#: src/net_socket.c:114 src/net_socket.c:144 src/tincd.c:373 src/process.c:252 -#: src/process.c:280 +#: src/net_packet.c:309 src/net_setup.c:459 src/net_socket.c:67 +#: src/net_socket.c:114 src/net_socket.c:144 src/tincd.c:386 src/process.c:250 +#: src/process.c:278 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" @@ -330,93 +330,93 @@ msgstr "Ontvangst pakket mislukt: %s" msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" -#: src/net_setup.c:77 src/net_setup.c:94 +#: src/net_setup.c:75 src/net_setup.c:92 #, c-format msgid "Error reading RSA public key file `%s': %s" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %s" -#: src/net_setup.c:109 +#: src/net_setup.c:107 #, c-format msgid "Reading RSA public key file `%s' failed: %s" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %s" -#: src/net_setup.c:149 +#: src/net_setup.c:143 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net_setup.c:177 +#: src/net_setup.c:171 #, c-format msgid "Error reading RSA private key file `%s': %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:189 +#: src/net_setup.c:183 #, c-format msgid "Reading RSA private key file `%s' failed: %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:219 src/net_setup.c:220 +#: src/net_setup.c:215 src/net_setup.c:216 msgid "MYSELF" msgstr "MIJZELF" -#: src/net_setup.c:226 +#: src/net_setup.c:222 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net_setup.c:231 +#: src/net_setup.c:227 msgid "Invalid name for myself!" msgstr "Ongeldige naam voor mijzelf!" -#: src/net_setup.c:243 +#: src/net_setup.c:239 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net_setup.c:299 +#: src/net_setup.c:292 msgid "Invalid routing mode!" msgstr "Ongeldige routing modus!" -#: src/net_setup.c:310 +#: src/net_setup.c:303 msgid "PriorityInheritance not supported on this platform" msgstr "PriorityInheritance wordt niet ondersteund op dit platform" -#: src/net_setup.c:320 +#: src/net_setup.c:311 msgid "Bogus maximum timeout!" msgstr "Onzinnige maximum timeout!" -#: src/net_setup.c:334 +#: src/net_setup.c:325 msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:352 +#: src/net_setup.c:343 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:387 +#: src/net_setup.c:380 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:401 +#: src/net_setup.c:393 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:404 +#: src/net_setup.c:396 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:419 +#: src/net_setup.c:410 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:473 +#: src/net_setup.c:481 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:484 +#: src/net_setup.c:492 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:486 +#: src/net_setup.c:494 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" @@ -535,80 +535,80 @@ msgid "sockaddrcmp() was called with unknown address family %d, exitting!" msgstr "" "sockaddrcmp() werd aangeroepen met onbekende adresfamilie %d, beëindigen!" -#: src/protocol.c:87 +#: src/protocol.c:85 #, c-format msgid "Output buffer overflow while sending request to %s (%s)" msgstr "Uitvoer buffer overvol tijdens zenden verzoek naar %s (%s)" -#: src/protocol.c:95 +#: src/protocol.c:93 #, c-format msgid "Sending %s to %s (%s): %s" msgstr "Verzending %s naar %s (%s): %s" -#: src/protocol.c:98 +#: src/protocol.c:96 #, c-format msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:120 +#: src/protocol.c:118 #, c-format msgid "Forwarding %s from %s (%s): %s" msgstr "Doorsturen %s van %s (%s): %s" -#: src/protocol.c:124 +#: src/protocol.c:122 #, c-format msgid "Forwarding %s from %s (%s)" msgstr "Doorsturen %s van %s (%s)" -#: src/protocol.c:142 +#: src/protocol.c:140 #, c-format msgid "Unknown request from %s (%s): %s" msgstr "Onbekend verzoek van %s (%s): %s" -#: src/protocol.c:145 +#: src/protocol.c:143 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:152 +#: src/protocol.c:150 #, c-format msgid "Got %s from %s (%s): %s" msgstr "Kreeg %s van %s (%s): %s" -#: src/protocol.c:156 +#: src/protocol.c:154 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:162 +#: src/protocol.c:160 #, c-format msgid "Unauthorized request from %s (%s)" msgstr "Niet toegestaan verzoek van %s (%s)" -#: src/protocol.c:170 +#: src/protocol.c:168 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:175 +#: src/protocol.c:173 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:221 +#: src/protocol.c:220 msgid "Already seen request" msgstr "Verzoek reeds gezien" -#: src/protocol.c:251 +#: src/protocol.c:250 #, c-format msgid "Aging past requests: deleted %d, left %d\n" msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven\n" -#: src/protocol_auth.c:58 src/protocol_auth.c:214 src/protocol_auth.c:341 -#: src/protocol_auth.c:405 src/protocol_auth.c:509 src/protocol_edge.c:73 +#: src/protocol_auth.c:58 src/protocol_auth.c:213 src/protocol_auth.c:338 +#: src/protocol_auth.c:402 src/protocol_auth.c:501 src/protocol_edge.c:73 #: src/protocol_edge.c:184 src/protocol_key.c:59 src/protocol_key.c:101 #: src/protocol_key.c:165 src/protocol_misc.c:54 src/protocol_misc.c:83 -#: src/protocol_misc.c:175 src/protocol_subnet.c:61 src/protocol_subnet.c:151 +#: src/protocol_misc.c:171 src/protocol_subnet.c:61 src/protocol_subnet.c:151 #, c-format msgid "Got bad %s from %s (%s)" msgstr "Kreeg verkeerde %s van %s (%s)" @@ -631,66 +631,66 @@ msgstr "Ander %s is %s in plaats van %s" msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt incompatibele versie %d" -#: src/protocol_auth.c:103 +#: src/protocol_auth.c:101 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft onbekende identiteit (%s)" -#: src/protocol_auth.c:162 +#: src/protocol_auth.c:161 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "Willekeurige meta sleutel aangemaakt (niet versleuteld): %s" -#: src/protocol_auth.c:174 src/protocol_auth.c:243 +#: src/protocol_auth.c:173 src/protocol_auth.c:242 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleutelen van meta key voor %s (%s)" -#: src/protocol_auth.c:224 src/protocol_auth.c:351 src/protocol_auth.c:413 -#: src/protocol_auth.c:431 +#: src/protocol_auth.c:223 src/protocol_auth.c:348 src/protocol_auth.c:410 +#: src/protocol_auth.c:428 #, c-format msgid "Possible intruder %s (%s): %s" msgstr "Mogelijke indringer %s (%s): %s" -#: src/protocol_auth.c:251 +#: src/protocol_auth.c:250 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Ontving willekeurige meta key (niet versleuteld): %s" -#: src/protocol_auth.c:262 +#: src/protocol_auth.c:261 #, c-format msgid "%s (%s) uses unknown cipher!" msgstr "%s (%s) gebruikt onbekende cipher!" -#: src/protocol_auth.c:282 src/protocol_key.c:232 +#: src/protocol_auth.c:281 src/protocol_key.c:232 #, c-format msgid "Node %s (%s) uses unknown digest!" msgstr "Node %s (%s) gebruikt onbekende digest!" -#: src/protocol_auth.c:287 +#: src/protocol_auth.c:286 #, c-format msgid "%s (%s) uses bogus MAC length!" msgstr "%s (%s) gebruikt onzinnige MAC lengte!" -#: src/protocol_auth.c:414 +#: src/protocol_auth.c:411 msgid "wrong challenge reply length" msgstr "verkeerde lengte antwoord op uitdaging" -#: src/protocol_auth.c:432 +#: src/protocol_auth.c:429 msgid "wrong challenge reply" msgstr "verkeerd antwoord op uitdaging" -#: src/protocol_auth.c:437 +#: src/protocol_auth.c:434 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwachtte antwoord op uitdaging: %s" -#: src/protocol_auth.c:525 +#: src/protocol_auth.c:517 #, c-format msgid "Established a second connection with %s (%s), closing old connection" msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" -#: src/protocol_auth.c:542 +#: src/protocol_auth.c:534 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" @@ -801,25 +801,25 @@ msgstr "" msgid "net2str() was called with unknown subnet type %d, exiting!" msgstr "net2str() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:403 +#: src/subnet.c:406 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:408 +#: src/subnet.c:411 #, c-format msgid " %s owner %s" msgstr " %s eigenaar %s" -#: src/subnet.c:412 +#: src/subnet.c:415 msgid "End of subnet list." msgstr "Einde van subnet lijst." -#: src/tincd.c:97 +#: src/tincd.c:99 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:100 +#: src/tincd.c:102 #, c-format msgid "" "Usage: %s [option]...\n" @@ -828,7 +828,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:101 +#: src/tincd.c:103 #, fuzzy msgid "" " -c, --config=DIR Read configuration options from DIR.\n" @@ -838,7 +838,8 @@ msgid "" " -n, --net=NETNAME Connect to net NETNAME.\n" " -K, --generate-keys[=BITS] Generate public/private RSA keypair.\n" " -L, --mlock Lock tinc into main memory.\n" -" -F, --logfile[=FILENAME] Write log entries to a logfile.\n" +" --logfile[=FILENAME] Write log entries to a logfile.\n" +" --pidfile=FILENAME Write PID to FILENAME.\n" " --help Display this help and exit.\n" " --version Output version information and exit.\n" "\n" @@ -855,13 +856,13 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:111 +#: src/tincd.c:114 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:169 +#: src/tincd.c:171 #, c-format msgid "" "Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, " @@ -870,7 +871,7 @@ msgstr "" "Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, " "KILL, USR1, USR2, WINCH, INT of ALRM.\n" -#: src/tincd.c:187 +#: src/tincd.c:189 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" @@ -878,24 +879,24 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:260 +#: src/tincd.c:278 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:264 +#: src/tincd.c:282 msgid "Error during key generation!\n" msgstr "Fout tijdens genereren sleutel!\n" -#: src/tincd.c:267 +#: src/tincd.c:285 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:276 -msgid "public RSA key" -msgstr "openbare RSA sleutel" +#: src/tincd.c:288 +msgid "private RSA key" +msgstr "geheime RSA sleutel" -#: src/tincd.c:282 src/tincd.c:295 +#: src/tincd.c:294 src/tincd.c:313 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -903,21 +904,21 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:289 -msgid "private RSA key" -msgstr "geheime RSA sleutel" +#: src/tincd.c:307 +msgid "public RSA key" +msgstr "openbare RSA sleutel" -#: src/tincd.c:318 +#: src/tincd.c:342 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:349 +#: src/tincd.c:362 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:351 +#: src/tincd.c:364 #, fuzzy msgid "" "Copyright (C) 1998-2003 Ivo Timmermans, Guus Sliepen and others.\n" @@ -935,135 +936,135 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:377 +#: src/tincd.c:390 msgid "mlockall() not supported on this platform!" msgstr "mlockall() wordt niet ondersteund op dit platform!" -#: src/tincd.c:401 +#: src/tincd.c:414 msgid "Error initializing LZO compressor!" msgstr "Fout tijdens initialiseren LZO compressor!" -#: src/tincd.c:414 +#: src/tincd.c:427 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:418 +#: src/tincd.c:431 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:421 src/process.c:339 +#: src/tincd.c:434 src/process.c:337 msgid "Not restarting." msgstr "Geen herstart." -#: src/process.c:55 +#: src/process.c:53 #, c-format msgid "Memory exhausted (couldn't allocate %d bytes), exitting." msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." -#: src/process.c:87 +#: src/process.c:85 msgid "Terminating" msgstr "Beëindigen" -#: src/process.c:106 +#: src/process.c:104 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd draait al voor net `%s' met pid %d.\n" -#: src/process.c:109 +#: src/process.c:107 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met pid %d.\n" -#: src/process.c:133 +#: src/process.c:131 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:136 +#: src/process.c:134 msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:145 +#: src/process.c:143 #, c-format msgid "The tincd for net `%s' is no longer running. " msgstr "De tincd voor net `%s' draait niet meer. " -#: src/process.c:148 +#: src/process.c:146 msgid "The tincd is no longer running. " msgstr "De tincd draait niet meer. " -#: src/process.c:150 +#: src/process.c:148 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:177 +#: src/process.c:175 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:190 +#: src/process.c:188 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:225 +#: src/process.c:223 #, c-format msgid "Could not execute `%s': %s" msgstr "Kon `%s' niet uitvoeren: %s" -#: src/process.c:258 +#: src/process.c:256 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:265 +#: src/process.c:263 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:271 +#: src/process.c:269 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:275 +#: src/process.c:273 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:301 +#: src/process.c:299 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:308 +#: src/process.c:306 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:314 +#: src/process.c:312 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart." -#: src/process.c:323 +#: src/process.c:321 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:327 +#: src/process.c:325 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:346 +#: src/process.c:344 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:353 +#: src/process.c:351 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:359 +#: src/process.c:357 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1072,21 +1073,21 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:368 +#: src/process.c:366 msgid "Got ALRM signal" msgstr "Kreeg ALRM signaal" -#: src/process.c:393 +#: src/process.c:390 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:399 +#: src/process.c:396 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:452 +#: src/process.c:448 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" @@ -1150,11 +1151,11 @@ msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" -#: src/node.c:171 +#: src/node.c:176 msgid "Nodes:" msgstr "Nodes:" -#: src/node.c:175 +#: src/node.c:180 #, c-format msgid "" " %s at %s cipher %d digest %d maclength %d compression %d options %lx status " @@ -1163,7 +1164,7 @@ msgstr "" " %s op %s cipher %d digest %d maclengte %d compressie %d opties %lx status %" "04x nexthop %s via %s" -#: src/node.c:182 +#: src/node.c:187 msgid "End of nodes." msgstr "Einde van nodes." @@ -1190,8 +1191,8 @@ msgstr "Node %s (%s) werd bereikbaar" msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" -#: src/linux/device.c:76 src/freebsd/device.c:51 src/solaris/device.c:59 -#: src/netbsd/device.c:54 src/openbsd/device.c:54 +#: src/linux/device.c:76 src/freebsd/device.c:50 src/solaris/device.c:58 +#: src/netbsd/device.c:53 src/openbsd/device.c:53 #, c-format msgid "Could not open %s: %s" msgstr "Kon `%s' niet openen: %s" @@ -1213,112 +1214,112 @@ msgstr "Oud ioctl() verzoek was nodig voor %s" msgid "Linux ethertap device" msgstr "Linux ethertap apparaat" -#: src/linux/device.c:114 src/freebsd/device.c:57 src/solaris/device.c:108 -#: src/netbsd/device.c:60 src/openbsd/device.c:60 +#: src/linux/device.c:114 src/freebsd/device.c:56 src/solaris/device.c:107 +#: src/netbsd/device.c:59 src/openbsd/device.c:59 #, c-format msgid "%s is a %s" msgstr "%s is een %s" #: src/linux/device.c:137 src/linux/device.c:148 src/linux/device.c:159 -#: src/freebsd/device.c:76 src/solaris/device.c:127 src/netbsd/device.c:79 -#: src/openbsd/device.c:81 +#: src/freebsd/device.c:75 src/solaris/device.c:126 src/netbsd/device.c:78 +#: src/openbsd/device.c:80 #, c-format msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" -#: src/linux/device.c:170 src/freebsd/device.c:85 src/solaris/device.c:139 -#: src/netbsd/device.c:91 src/openbsd/device.c:108 +#: src/linux/device.c:170 src/freebsd/device.c:84 src/solaris/device.c:138 +#: src/netbsd/device.c:90 src/openbsd/device.c:107 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" -#: src/linux/device.c:180 src/freebsd/device.c:95 src/solaris/device.c:149 -#: src/netbsd/device.c:102 src/openbsd/device.c:123 +#: src/linux/device.c:180 src/freebsd/device.c:94 src/solaris/device.c:148 +#: src/netbsd/device.c:101 src/openbsd/device.c:122 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" #: src/linux/device.c:187 src/linux/device.c:194 src/linux/device.c:203 -#: src/solaris/device.c:153 src/netbsd/device.c:106 src/openbsd/device.c:148 +#: src/solaris/device.c:152 src/netbsd/device.c:105 src/openbsd/device.c:147 #, c-format msgid "Can't write to %s %s: %s" msgstr "Kan niet schrijven naar %s %s: %s" -#: src/linux/device.c:219 src/freebsd/device.c:111 src/solaris/device.c:167 -#: src/netbsd/device.c:118 src/openbsd/device.c:160 +#: src/linux/device.c:219 src/freebsd/device.c:112 src/solaris/device.c:166 +#: src/netbsd/device.c:119 src/openbsd/device.c:161 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" -#: src/linux/device.c:220 src/freebsd/device.c:112 src/solaris/device.c:168 -#: src/netbsd/device.c:119 src/openbsd/device.c:161 +#: src/linux/device.c:220 src/freebsd/device.c:113 src/solaris/device.c:167 +#: src/netbsd/device.c:120 src/openbsd/device.c:162 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" -#: src/linux/device.c:221 src/freebsd/device.c:113 src/solaris/device.c:169 -#: src/netbsd/device.c:120 src/openbsd/device.c:162 +#: src/linux/device.c:221 src/freebsd/device.c:114 src/solaris/device.c:168 +#: src/netbsd/device.c:121 src/openbsd/device.c:163 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" -#: src/freebsd/device.c:55 +#: src/freebsd/device.c:54 msgid "FreeBSD tap device" msgstr "FreeBSD tap apparaat" -#: src/freebsd/device.c:99 +#: src/freebsd/device.c:98 #, c-format msgid "Error while writing to %s %s: %s" msgstr "Fout tijdens schrijven naar %s %s: %s" -#: src/solaris/device.c:71 +#: src/solaris/device.c:70 #, c-format msgid "Could not open /dev/ip: %s" msgstr "Kon /dev/ip niet openen: %s" -#: src/solaris/device.c:77 +#: src/solaris/device.c:76 #, c-format msgid "Can't assign new interface: %s" msgstr "Kan geen nieuwe interface toekennen: %s" -#: src/solaris/device.c:82 +#: src/solaris/device.c:81 #, c-format msgid "Could not open %s twice: %s" msgstr "Kon `%s' niet twee keer openen: %s" -#: src/solaris/device.c:88 +#: src/solaris/device.c:87 #, c-format msgid "Can't push IP module: %s" msgstr "Kan IP module niet invoegen: %s" -#: src/solaris/device.c:94 +#: src/solaris/device.c:93 #, c-format msgid "Can't set PPA %d: %s" msgstr "Kon PPA %d niet instellen: %s" -#: src/solaris/device.c:99 +#: src/solaris/device.c:98 #, c-format msgid "Can't link TUN device to IP: %s" msgstr "Kan TUN apparaat niet koppelen aan IP: %s" -#: src/solaris/device.c:106 +#: src/solaris/device.c:105 msgid "Solaris tun device" msgstr "Solaris tun apparaat" -#: src/netbsd/device.c:58 +#: src/netbsd/device.c:57 msgid "NetBSD tun device" msgstr "NetBSD tun apparaat" -#: src/openbsd/device.c:58 +#: src/openbsd/device.c:57 msgid "OpenBSD tun device" msgstr "OpenBSD tun apparaat" -#: src/openbsd/device.c:99 +#: src/openbsd/device.c:98 #, c-format msgid "Unknown address family %d while reading packet from %s %s" msgstr "Onbekende adresfamilie %d tijdens lezen pakket van %s %s" -#: src/openbsd/device.c:137 +#: src/openbsd/device.c:136 #, c-format msgid "Unknown address family %d while writing packet to %s %s" msgstr "Onbekende adresfamilie %d tijdens schrijven pakket naar %s %s" diff --git a/src/connection.c b/src/connection.c index ccec2ed8..65bf8966 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.42 2003/07/24 12:08:15 guus Exp $ + $Id: connection.c,v 1.1.2.43 2003/07/29 10:50:15 guus Exp $ */ #include "system.h" @@ -122,7 +122,7 @@ void dump_connections(void) for(node = connection_tree->head; node; node = node->next) { c = (connection_t *) node->data; logger(LOG_DEBUG, _(" %s at %s options %lx socket %d status %04x"), - c->name, c->hostname, c->options, c->socket, c->status); + c->name, c->hostname, c->options, c->socket, *(uint32_t *)&c->status); } logger(LOG_DEBUG, _("End of connections.")); diff --git a/src/edge.c b/src/edge.c index 76bdc41b..95e7f7e0 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.23 2003/07/24 12:08:15 guus Exp $ + $Id: edge.c,v 1.1.2.24 2003/07/29 10:50:15 guus Exp $ */ #include "system.h" @@ -123,7 +123,7 @@ void edge_del(edge_t *e) avl_delete(edge_weight_tree, e); } -edge_t *lookup_edge(const node_t *from, const node_t *to) +edge_t *lookup_edge(node_t *from, node_t *to) { edge_t v = { .from = from, diff --git a/src/edge.h b/src/edge.h index 0f723132..0e951fa6 100644 --- a/src/edge.h +++ b/src/edge.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.15 2003/07/24 12:08:15 guus Exp $ + $Id: edge.h,v 1.1.2.16 2003/07/29 10:50:15 guus Exp $ */ #ifndef __TINC_EDGE_H__ @@ -50,7 +50,7 @@ extern avl_tree_t *new_edge_tree(void) __attribute__ ((malloc)); extern void free_edge_tree(avl_tree_t *); extern void edge_add(edge_t *); extern void edge_del(edge_t *); -extern edge_t *lookup_edge(const struct node_t *, const struct node_t *); +extern edge_t *lookup_edge(struct node_t *, struct node_t *); extern void dump_edges(void); #endif /* __TINC_EDGE_H__ */ diff --git a/src/logger.c b/src/logger.c index 1f7785f2..871f2c14 100644 --- a/src/logger.c +++ b/src/logger.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: logger.c,v 1.1.2.6 2003/07/28 22:06:09 guus Exp $ + $Id: logger.c,v 1.1.2.7 2003/07/29 10:50:15 guus Exp $ */ #include "system.h" @@ -47,7 +47,7 @@ void openlogger(const char *ident, logmode_t mode) { logmode = LOGMODE_NULL; break; case LOGMODE_SYSLOG: -#ifdef HAVE_SYSLOG +#ifdef HAVE_SYSLOG_H openlog(logident, LOG_CONS | LOG_PID, LOG_DAEMON); break; #endif @@ -72,7 +72,7 @@ void logger(int priority, const char *format, ...) { fprintf(logfile, "\n"); break; case LOGMODE_SYSLOG: -#ifdef HAVE_SYSLOG +#ifdef HAVE_SYSLOG_H #ifdef HAVE_VSYSLOG vsyslog(priority, format, ap); #else @@ -97,7 +97,7 @@ void closelogger(void) { fclose(logfile); break; case LOGMODE_SYSLOG: -#ifdef HAVE_SYSLOG +#ifdef HAVE_SYSLOG_H closelog(); break; #endif diff --git a/src/logger.h b/src/logger.h index c2672c66..da849c40 100644 --- a/src/logger.h +++ b/src/logger.h @@ -20,7 +20,7 @@ typedef enum logmode_t { LOGMODE_SYSLOG } logmode_t; -#ifndef HAVE_SYSLOG +#ifndef HAVE_SYSLOG_H enum { LOG_EMERG, LOG_ALERT, diff --git a/src/net.c b/src/net.c index 89c6efc3..c4637dab 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.193 2003/07/23 22:17:31 guus Exp $ + $Id: net.c,v 1.35.4.194 2003/07/29 10:50:15 guus Exp $ */ #include "system.h" @@ -206,7 +206,7 @@ static void check_dead_connections(void) } else { if(c->status.remove) { logger(LOG_WARNING, _("Old connection_t for %s (%s) status %04x still lingering, deleting..."), - c->name, c->hostname, c->status); + c->name, c->hostname, *(uint32_t *)&c->status); connection_del(c); continue; } diff --git a/src/node.c b/src/node.c index 0401144f..5fb3d0d7 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.24 2003/07/24 12:08:15 guus Exp $ + $Id: node.c,v 1.1.2.25 2003/07/29 10:50:15 guus Exp $ */ #include "system.h" @@ -143,7 +143,7 @@ void node_del(node_t *n) avl_delete(node_udp_tree, n); } -node_t *lookup_node(const char *name) +node_t *lookup_node(char *name) { node_t n = { .name = name, @@ -180,7 +180,7 @@ void dump_nodes(void) logger(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), n->name, n->hostname, n->cipher ? n->cipher->nid : 0, n->digest ? n->digest->type : 0, n->maclength, n->compression, - n->options, n->status, n->nexthop ? n->nexthop->name : "-", + n->options, *(uint32_t *)&n->status, n->nexthop ? n->nexthop->name : "-", n->via ? n->via->name : "-"); } diff --git a/src/node.h b/src/node.h index 02d84976..4f1406ca 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.27 2003/07/24 12:08:15 guus Exp $ + $Id: node.h,v 1.1.2.28 2003/07/29 10:50:15 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -83,7 +83,7 @@ extern node_t *new_node(void) __attribute__ ((malloc)); extern void free_node(node_t *); extern void node_add(node_t *); extern void node_del(node_t *); -extern node_t *lookup_node(const char *); +extern node_t *lookup_node(char *); extern node_t *lookup_node_udp(const sockaddr_t *); extern void dump_nodes(void); diff --git a/src/protocol.c b/src/protocol.c index dad7ccb6..c2d92898 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.143 2003/07/24 12:08:15 guus Exp $ + $Id: protocol.c,v 1.28.4.144 2003/07/29 10:50:15 guus Exp $ */ #include "system.h" @@ -207,7 +207,7 @@ void exit_requests(void) avl_delete_tree(past_request_tree); } -bool seen_request(const char *request) +bool seen_request(char *request) { past_request_t p = { .request = request, diff --git a/src/protocol.h b/src/protocol.h index fbbe0335..0eae830d 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.41 2003/07/24 12:08:16 guus Exp $ + $Id: protocol.h,v 1.5.4.42 2003/07/29 10:50:15 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -67,7 +67,7 @@ extern bool check_id(const char *); extern void init_requests(void); extern void exit_requests(void); -extern bool seen_request(const char *); +extern bool seen_request(char *); extern void age_past_requests(void); /* Requests */ From ae50b0077e27c4c4d81a98da46c66865ffa069be Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 29 Jul 2003 11:06:23 +0000 Subject: [PATCH 785/923] Update dutch translation and make sure all device drivers are included in the translation and distribution. --- po/POTFILES.in | 5 +- po/nl.po | 240 +++++++++++++++++++++++++++----------------- src/Makefile.am | 4 +- src/cygwin/device.c | 12 +-- src/mingw/device.c | 6 +- 5 files changed, 163 insertions(+), 104 deletions(-) diff --git a/po/POTFILES.in b/po/POTFILES.in index 4e52a3ae..6e77d65f 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -30,4 +30,7 @@ src/linux/device.c src/freebsd/device.c src/solaris/device.c src/netbsd/device.c -src/openbsd/device.c +src/darwin/device.c +src/cygwin/device.c +src/mingw/device.c +src/raw_socket/device.c diff --git a/po/nl.po b/po/nl.po index 60d3a0ac..2ff394e5 100644 --- a/po/nl.po +++ b/po/nl.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2003-07-28 16:38+0200\n" +"POT-Creation-Date: 2003-07-29 13:04+0200\n" "PO-Revision-Date: 2003-05-06 23:10+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -269,9 +269,9 @@ msgstr "Fout tijdens comprimeren pakket naar %s (%s)" msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" -#: src/net_packet.c:309 src/net_setup.c:459 src/net_socket.c:67 -#: src/net_socket.c:114 src/net_socket.c:144 src/tincd.c:386 src/process.c:250 -#: src/process.c:278 +#: src/net_packet.c:309 src/net_setup.c:459 src/net_socket.c:74 +#: src/net_socket.c:122 src/net_socket.c:153 src/tincd.c:388 src/process.c:261 +#: src/process.c:289 src/cygwin/device.c:150 src/cygwin/device.c:181 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" @@ -420,91 +420,91 @@ msgstr "Gereed" msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" -#: src/net_socket.c:59 +#: src/net_socket.c:65 #, c-format msgid "Creating metasocket failed: %s" msgstr "Aanmaak van metasocket mislukt: %s" -#: src/net_socket.c:94 src/net_socket.c:160 +#: src/net_socket.c:102 src/net_socket.c:170 #, c-format msgid "Can't bind to interface %s: %s" msgstr "Kan niet aan interface %s binden: %s" -#: src/net_socket.c:99 +#: src/net_socket.c:107 msgid "BindToInterface not supported on this platform" msgstr "BindToInterface wordt niet ondersteund op dit platform" -#: src/net_socket.c:106 +#: src/net_socket.c:114 #, c-format msgid "Can't bind to %s/tcp: %s" msgstr "Kan niet aan %s/tcp binden: %s" -#: src/net_socket.c:137 +#: src/net_socket.c:145 #, c-format msgid "Creating UDP socket failed: %s" msgstr "Aanmaak UDP socket mislukte: %s" -#: src/net_socket.c:170 +#: src/net_socket.c:180 #, c-format msgid "Can't bind to %s/udp: %s" msgstr "Kan niet aan %s/udp binden: %s" -#: src/net_socket.c:197 +#: src/net_socket.c:207 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net_socket.c:205 +#: src/net_socket.c:215 #, c-format msgid "Connected to %s (%s)" msgstr "Verbonden met %s (%s)" -#: src/net_socket.c:222 +#: src/net_socket.c:232 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net_socket.c:257 +#: src/net_socket.c:267 #, c-format msgid "Trying to connect to %s (%s)" msgstr "Poging tot verbinden met %s (%s)" -#: src/net_socket.c:263 +#: src/net_socket.c:273 #, c-format msgid "Creating socket for %s failed: %s" msgstr "Aanmaken socket voor %s mislukt: %s" -#: src/net_socket.c:286 +#: src/net_socket.c:297 #, c-format msgid "fcntl for %s: %s" msgstr "fcntl voor %s: %s" -#: src/net_socket.c:301 +#: src/net_socket.c:313 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/net_socket.c:322 +#: src/net_socket.c:334 #, c-format msgid "Already connected to %s" msgstr "Reeds verbonden met %s" -#: src/net_socket.c:341 +#: src/net_socket.c:353 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net_socket.c:371 +#: src/net_socket.c:383 #, c-format msgid "Accepting a new connection failed: %s" msgstr "Aanname van nieuwe verbinding is mislukt: %s" -#: src/net_socket.c:389 +#: src/net_socket.c:401 #, c-format msgid "Connection from %s" msgstr "Verbinding van %s" -#: src/net_socket.c:413 +#: src/net_socket.c:425 #, c-format msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" @@ -767,14 +767,14 @@ msgid "Node %s (%s) uses bogus compression level!" msgstr "Node %s (%s) gebruikt onzinnig compressieniveau!" #: src/protocol_misc.c:59 -#, fuzzy, c-format +#, c-format msgid "Status message from %s (%s): %d: %s" -msgstr "Statusmelding van %s (%s): %s: %s" +msgstr "Statusmelding van %s (%s): %d: %s" #: src/protocol_misc.c:88 -#, fuzzy, c-format +#, c-format msgid "Error message from %s (%s): %d: %s" -msgstr "Foutmelding van %s (%s): %s: %s" +msgstr "Foutmelding van %s (%s): %d: %s" #: src/protocol_subnet.c:80 src/protocol_subnet.c:180 msgid "invalid subnet string" @@ -829,7 +829,6 @@ msgstr "" "\n" #: src/tincd.c:103 -#, fuzzy msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" @@ -852,6 +851,8 @@ msgstr "" " -n, --net=NETNAAM Verbind met net NETNAAM.\n" " -K, --generate-keys[=BITS] Genereer publiek/privé RSA sleutelpaar.\n" " -L, --mlock Houd tinc vast in het centrale geheugen.\n" +" --logfile[=BESTAND] Schrijf log naar BESTAND.\n" +" --pidfile=BESTAND Schrijf PID naar BESTAND.\n" " --help Geef deze hulp en beëindig.\n" " --version Geef versie informatie en beëindig.\n" "\n" @@ -862,7 +863,7 @@ msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:171 +#: src/tincd.c:172 #, c-format msgid "" "Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, " @@ -871,7 +872,7 @@ msgstr "" "Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, " "KILL, USR1, USR2, WINCH, INT of ALRM.\n" -#: src/tincd.c:189 +#: src/tincd.c:191 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" @@ -879,24 +880,24 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:278 +#: src/tincd.c:280 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:282 +#: src/tincd.c:284 msgid "Error during key generation!\n" msgstr "Fout tijdens genereren sleutel!\n" -#: src/tincd.c:285 +#: src/tincd.c:287 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:288 +#: src/tincd.c:290 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:294 src/tincd.c:313 +#: src/tincd.c:296 src/tincd.c:315 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -904,22 +905,21 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:307 +#: src/tincd.c:309 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:342 +#: src/tincd.c:344 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:362 +#: src/tincd.c:364 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:364 -#, fuzzy +#: src/tincd.c:366 msgid "" "Copyright (C) 1998-2003 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -928,7 +928,7 @@ msgid "" "and you are welcome to redistribute it under certain conditions;\n" "see the file COPYING for details.\n" msgstr "" -"Copyright (C) 1998-2002 Ivo Timmermans, Guus Sliepen en anderen.\n" +"Copyright (C) 1998-2003 Ivo Timmermans, Guus Sliepen en anderen.\n" "Zie het bestand AUTHORS voor een volledige lijst.\n" "\n" "tinc wordt gedistribueerd ZONDER ENIGE GARANTIE. Dit is vrije " @@ -936,24 +936,24 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:390 +#: src/tincd.c:392 msgid "mlockall() not supported on this platform!" msgstr "mlockall() wordt niet ondersteund op dit platform!" -#: src/tincd.c:414 +#: src/tincd.c:416 msgid "Error initializing LZO compressor!" msgstr "Fout tijdens initialiseren LZO compressor!" -#: src/tincd.c:427 +#: src/tincd.c:429 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:431 +#: src/tincd.c:433 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:434 src/process.c:337 +#: src/tincd.c:436 src/process.c:352 msgid "Not restarting." msgstr "Geen herstart." @@ -966,105 +966,105 @@ msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." msgid "Terminating" msgstr "Beëindigen" -#: src/process.c:104 +#: src/process.c:105 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd draait al voor net `%s' met pid %d.\n" -#: src/process.c:107 +#: src/process.c:108 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met pid %d.\n" -#: src/process.c:131 +#: src/process.c:134 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:134 +#: src/process.c:137 msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:143 +#: src/process.c:146 #, c-format msgid "The tincd for net `%s' is no longer running. " msgstr "De tincd voor net `%s' draait niet meer. " -#: src/process.c:146 +#: src/process.c:149 msgid "The tincd is no longer running. " msgstr "De tincd draait niet meer. " -#: src/process.c:148 +#: src/process.c:151 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:175 +#: src/process.c:182 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:188 +#: src/process.c:196 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:223 +#: src/process.c:232 #, c-format msgid "Could not execute `%s': %s" msgstr "Kon `%s' niet uitvoeren: %s" -#: src/process.c:256 +#: src/process.c:267 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:263 +#: src/process.c:274 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:269 +#: src/process.c:280 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:273 +#: src/process.c:284 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:299 +#: src/process.c:314 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:306 +#: src/process.c:321 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:312 +#: src/process.c:327 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart." -#: src/process.c:321 +#: src/process.c:336 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:325 +#: src/process.c:340 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:344 +#: src/process.c:359 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:351 +#: src/process.c:366 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:357 +#: src/process.c:372 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1073,21 +1073,21 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:366 +#: src/process.c:381 msgid "Got ALRM signal" msgstr "Kreeg ALRM signaal" -#: src/process.c:390 +#: src/process.c:405 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:396 +#: src/process.c:411 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:448 +#: src/process.c:465 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" @@ -1192,7 +1192,7 @@ msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" #: src/linux/device.c:76 src/freebsd/device.c:50 src/solaris/device.c:58 -#: src/netbsd/device.c:53 src/openbsd/device.c:53 +#: src/netbsd/device.c:53 src/darwin/device.c:50 src/raw_socket/device.c:71 #, c-format msgid "Could not open %s: %s" msgstr "Kon `%s' niet openen: %s" @@ -1215,50 +1215,57 @@ msgid "Linux ethertap device" msgstr "Linux ethertap apparaat" #: src/linux/device.c:114 src/freebsd/device.c:56 src/solaris/device.c:107 -#: src/netbsd/device.c:59 src/openbsd/device.c:59 +#: src/netbsd/device.c:59 src/darwin/device.c:56 src/raw_socket/device.c:95 #, c-format msgid "%s is a %s" msgstr "%s is een %s" #: src/linux/device.c:137 src/linux/device.c:148 src/linux/device.c:159 #: src/freebsd/device.c:75 src/solaris/device.c:126 src/netbsd/device.c:78 -#: src/openbsd/device.c:80 +#: src/darwin/device.c:75 src/cygwin/device.c:250 src/mingw/device.c:184 +#: src/raw_socket/device.c:114 #, c-format msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" #: src/linux/device.c:170 src/freebsd/device.c:84 src/solaris/device.c:138 -#: src/netbsd/device.c:90 src/openbsd/device.c:107 +#: src/netbsd/device.c:90 src/darwin/device.c:87 src/cygwin/device.c:259 +#: src/mingw/device.c:193 src/raw_socket/device.c:123 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" #: src/linux/device.c:180 src/freebsd/device.c:94 src/solaris/device.c:148 -#: src/netbsd/device.c:101 src/openbsd/device.c:122 +#: src/netbsd/device.c:101 src/darwin/device.c:97 src/cygwin/device.c:271 +#: src/mingw/device.c:205 src/raw_socket/device.c:134 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" #: src/linux/device.c:187 src/linux/device.c:194 src/linux/device.c:203 -#: src/solaris/device.c:152 src/netbsd/device.c:105 src/openbsd/device.c:147 +#: src/solaris/device.c:152 src/netbsd/device.c:105 +#: src/raw_socket/device.c:138 #, c-format msgid "Can't write to %s %s: %s" msgstr "Kan niet schrijven naar %s %s: %s" #: src/linux/device.c:219 src/freebsd/device.c:112 src/solaris/device.c:166 -#: src/netbsd/device.c:119 src/openbsd/device.c:161 +#: src/netbsd/device.c:119 src/darwin/device.c:115 src/cygwin/device.c:288 +#: src/mingw/device.c:222 src/raw_socket/device.c:152 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" #: src/linux/device.c:220 src/freebsd/device.c:113 src/solaris/device.c:167 -#: src/netbsd/device.c:120 src/openbsd/device.c:162 +#: src/netbsd/device.c:120 src/darwin/device.c:116 src/cygwin/device.c:289 +#: src/mingw/device.c:223 src/raw_socket/device.c:153 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" #: src/linux/device.c:221 src/freebsd/device.c:114 src/solaris/device.c:168 -#: src/netbsd/device.c:121 src/openbsd/device.c:163 +#: src/netbsd/device.c:121 src/darwin/device.c:117 src/cygwin/device.c:290 +#: src/mingw/device.c:224 src/raw_socket/device.c:154 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" @@ -1267,7 +1274,7 @@ msgstr " totaal aantal bytes uit: %10d" msgid "FreeBSD tap device" msgstr "FreeBSD tap apparaat" -#: src/freebsd/device.c:98 +#: src/freebsd/device.c:98 src/darwin/device.c:101 #, c-format msgid "Error while writing to %s %s: %s" msgstr "Fout tijdens schrijven naar %s %s: %s" @@ -1310,19 +1317,68 @@ msgstr "Solaris tun apparaat" msgid "NetBSD tun device" msgstr "NetBSD tun apparaat" -#: src/openbsd/device.c:57 -msgid "OpenBSD tun device" -msgstr "OpenBSD tun apparaat" +#: src/darwin/device.c:54 +msgid "MacOS/X tun device" +msgstr "MaxOS/X tun apparaat" -#: src/openbsd/device.c:98 +#: src/cygwin/device.c:89 src/cygwin/device.c:111 src/mingw/device.c:84 +#: src/mingw/device.c:106 +msgid "Unable to read registry" +msgstr "Kon registry niet lezen" + +#: src/cygwin/device.c:136 src/mingw/device.c:130 +msgid "No Windows tap device found!" +msgstr "Geen Windows tap apparaat gevonden!" + +#: src/cygwin/device.c:159 +msgid "Could not open Windows tap device for writing!" +msgstr "Kon Windows tap apparaat niet openen om te schrijven!" + +#: src/cygwin/device.c:168 src/mingw/device.c:152 +msgid "Could not get MAC address from Windows tap device!" +msgstr "Kon MAC adres niet achterhalen van Windows tap apparaat!" + +#: src/cygwin/device.c:195 +msgid "Could not open Windows tap device for reading!" +msgstr "Kon Windows tap apparaat niet openen om te lezen!" + +#: src/cygwin/device.c:201 +msgid "Tap reader forked and running." +msgstr "Taplezer is geforked en draait." + +#: src/cygwin/device.c:218 +msgid "Tap reader failed!" +msgstr "Taplezer faalde!" + +#: src/cygwin/device.c:225 src/mingw/device.c:163 +msgid "Windows tap device" +msgstr "Windows tap apparaat" + +#: src/cygwin/device.c:227 src/mingw/device.c:165 #, c-format -msgid "Unknown address family %d while reading packet from %s %s" -msgstr "Onbekende adresfamilie %d tijdens lezen pakket van %s %s" +msgid "%s (%s) is a %s" +msgstr "%s (%s) is een %s" -#: src/openbsd/device.c:136 +#: src/cygwin/device.c:275 src/mingw/device.c:209 #, c-format -msgid "Unknown address family %d while writing packet to %s %s" -msgstr "Onbekende adresfamilie %d tijdens schrijven pakket naar %s %s" +msgid "Error while writing to %s %s" +msgstr "Fout tijdens schrijven naar %s %s" -#~ msgid "tincd %s starting" -#~ msgstr "tincd %s wordt gestart" +#: src/mingw/device.c:145 +#, c-format +msgid "%s (%s) is no a usable Windows tap device!" +msgstr "%s (%s) is geen bruikbaar Windows tap apparaat!" + +#: src/raw_socket/device.c:68 +msgid "raw socket" +msgstr "raw socket" + +#: src/raw_socket/device.c:80 +#, c-format +msgid "Can't find interface %s: %s" +msgstr "Kan interface %s niet vinden: %s" + +#: src/raw_socket/device.c:91 +#, c-format +msgid "Could not bind to %s: %s" +msgstr "Kon niet aan interface `%s' binden: %s" diff --git a/src/Makefile.am b/src/Makefile.am index 0b7c8cd0..76bb60c1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,9 +1,9 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.30 2003/07/06 22:11:31 guus Exp $ +# $Id: Makefile.am,v 1.4.4.31 2003/07/29 11:06:22 guus Exp $ sbin_PROGRAMS = tincd -EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c netbsd/device.c darwin/device.c cygwin/device.c +EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c netbsd/device.c darwin/device.c cygwin/device.c mingw/device.c raw_socket/device.c tincd_SOURCES = conf.c connection.c device.c edge.c event.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \ net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \ diff --git a/src/cygwin/device.c b/src/cygwin/device.c index 131a786b..ca8c5f35 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -1,5 +1,5 @@ /* - device.c -- Interaction with CIPE driver in a Cygwin environment + device.c -- Interaction with Windows tap driver in a Cygwin environment Copyright (C) 2002-2003 Ivo Timmermans , 2002-2003 Guus Sliepen @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.11 2003/07/28 21:54:03 guus Exp $ + $Id: device.c,v 1.1.2.12 2003/07/29 11:06:23 guus Exp $ */ #include "system.h" @@ -156,7 +156,7 @@ bool setup_device(void) handle = CreateFile(tapname, GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); if(handle == INVALID_HANDLE_VALUE) { - logger(LOG_ERR, _("Could not open CIPE tap device for writing!")); + logger(LOG_ERR, _("Could not open Windows tap device for writing!")); return false; } @@ -192,7 +192,7 @@ bool setup_device(void) handle = CreateFile(tapname, GENERIC_READ, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); if(handle == INVALID_HANDLE_VALUE) { - logger(LOG_ERR, _("Could not open CIPE tap device for reading!")); + logger(LOG_ERR, _("Could not open Windows tap device for reading!")); buf[0] = 0; write(sp[1], buf, 1); exit(1); @@ -215,7 +215,7 @@ bool setup_device(void) read(device_fd, &gelukt, 1); if(gelukt != 1) { - logger(LOG_DEBUG, "Tap reader failed!"); + logger(LOG_DEBUG, _("Tap reader failed!")); return false; } @@ -272,7 +272,7 @@ bool write_packet(vpn_packet_t *packet) packet->len, device_info); if(!WriteFile (handle, packet->data, packet->len, &lenout, NULL)) { - logger(LOG_ERR, "Error while writing to %s %s", device_info, device); + logger(LOG_ERR, _("Error while writing to %s %s"), device_info, device); return false; } diff --git a/src/mingw/device.c b/src/mingw/device.c index 4a962fe4..e49ab998 100644 --- a/src/mingw/device.c +++ b/src/mingw/device.c @@ -1,5 +1,5 @@ /* - device.c -- Interaction with CIPE driver in a MinGW environment + device.c -- Interaction with Windows tap driver in a MinGW environment Copyright (C) 2002-2003 Ivo Timmermans , 2002-2003 Guus Sliepen @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.3 2003/07/28 21:54:03 guus Exp $ + $Id: device.c,v 1.1.2.4 2003/07/29 11:06:23 guus Exp $ */ #include "system.h" @@ -206,7 +206,7 @@ bool write_packet(vpn_packet_t *packet) packet->len, device_info); if(!WriteFile(device_fd, packet->data, packet->len, &lenout, NULL)) { - logger(LOG_ERR, "Error while writing to %s %s", device_info, device); + logger(LOG_ERR, _("Error while writing to %s %s"), device_info, device); return false; } From 4370b98bb1dfa9eb1e400549cb6fcb6711aa1b29 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 29 Jul 2003 11:50:39 +0000 Subject: [PATCH 786/923] Update configure scripts. --- configure.in | 18 ++++++++++----- m4/lzo.m4 | 12 ++++++++-- m4/openssl.m4 | 46 +++++++++++++++++++++++++------------ m4/tuntap.m4 | 63 +++++++++++++++++++++++++-------------------------- m4/zlib.m4 | 12 ++++++++-- 5 files changed, 95 insertions(+), 56 deletions(-) diff --git a/configure.in b/configure.in index def2423a..1e2b802c 100644 --- a/configure.in +++ b/configure.in @@ -1,8 +1,8 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.72 2003/07/28 22:06:08 guus Exp $ +dnl $Id: configure.in,v 1.13.2.73 2003/07/29 11:50:39 guus Exp $ -AC_PREREQ(2.53) +AC_PREREQ(2.57) AC_INIT(src/tincd.c) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) AM_CONFIG_HEADER(config.h) @@ -12,7 +12,7 @@ dnl Include the macros from the m4/ directory AM_ACLOCAL_INCLUDE(m4) AM_GNU_GETTEXT([external]) -AM_GNU_GETTEXT_VERSION(0.11.5) +AM_GNU_GETTEXT_VERSION(0.12.1) # Enable GNU extensions. # Define this here, not in acconfig's @TOP@ section, since definitions @@ -173,20 +173,26 @@ AC_CHECK_FUNCS([freeaddrinfo gai_strerror getaddrinfo getnameinfo inet_aton]) AC_CACHE_SAVE dnl These are defined in files in m4/ -tinc_TUNTAP + +case $host_os in + *linux*) + tinc_TUNTAP + ;; +esac + tinc_OPENSSL tinc_ZLIB tinc_LZO dnl Check if support for jumbograms is requested AC_ARG_ENABLE(jumbograms, - [ --enable-jumbograms enable support for jumbograms (packets up to 9000 bytes)], + AC_HELP_STRING([--enable-jumbograms], [enable support for jumbograms (packets up to 9000 bytes)]), [ AC_DEFINE(ENABLE_JUMBOGRAMS, 1, [Support for jumbograms (packets up to 9000 bytes)]) ] ) dnl Check if checkpoint tracing has to be enabled AC_ARG_ENABLE(tracing, - [ --enable-tracing enable checkpoint tracing (debugging only)], + AC_HELP_STRING([--enable-tracing], [enable checkpoint tracing (debugging only)]), [ AC_DEFINE(ENABLE_TRACING, 1, [Checkpoint tracing]) ] ) diff --git a/m4/lzo.m4 b/m4/lzo.m4 index 58011f1a..147318fe 100644 --- a/m4/lzo.m4 +++ b/m4/lzo.m4 @@ -4,15 +4,23 @@ AC_DEFUN(tinc_LZO, [ tinc_ac_save_CPPFLAGS="$CPPFLAGS" + AC_ARG_WITH(lzo, + AC_HELP_STRING([--with-lzo=DIR], [lzo base directory, or:]), + [lzo="$withval" + CFLAGS="$CFLAGS -I$withval/include" + CPPFLAGS="$CPPFLAGS -I$withval/include" + LIBS="$LIBS -L$withval/lib"] + ) + AC_ARG_WITH(lzo-include, - [ --with-lzo-include=DIR lzo headers directory], + AC_HELP_STRING([--with-lzo-include=DIR], [lzo headers directory]), [lzo_include="$withval" CFLAGS="$CFLAGS -I$withval" CPPFLAGS="$CPPFLAGS -I$withval"] ) AC_ARG_WITH(lzo-lib, - [ --with-lzo-lib=DIR lzo library directory], + AC_HELP_STRING([--with-lzo-lib=DIR], [lzo library directory]), [lzo_lib="$withval" LIBS="$LIBS -L$withval"] ) diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 1a61a8b5..32e41de7 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -4,15 +4,23 @@ AC_DEFUN(tinc_OPENSSL, [ tinc_ac_save_CPPFLAGS="$CPPFLAGS" + AC_ARG_WITH(openssl, + AC_HELP_STRING([--with-openssl=DIR], [OpenSSL base directory, or:]), + [openssl="$withval" + CFLAGS="$CFLAGS -I$withval/include" + CPPFLAGS="$CPPFLAGS -I$withval/include" + LIBS="$LIBS -L$withval/lib"] + ) + AC_ARG_WITH(openssl-include, - [ --with-openssl-include=DIR OpenSSL headers directory (without trailing /openssl)], + AC_HELP_STRING([--with-openssl-include=DIR], [OpenSSL headers directory (without trailing /openssl)]), [openssl_include="$withval" CFLAGS="$CFLAGS -I$withval" CPPFLAGS="$CPPFLAGS -I$withval"] ) AC_ARG_WITH(openssl-lib, - [ --with-openssl-lib=DIR OpenSSL library directory], + AC_HELP_STRING([--with-openssl-lib=DIR], [OpenSSL library directory]), [openssl_lib="$withval" LIBS="$LIBS -L$withval"] ) @@ -24,10 +32,28 @@ AC_DEFUN(tinc_OPENSSL, CPPFLAGS="$tinc_ac_save_CPPFLAGS" - AC_CHECK_LIB(crypto, SHA1_version, - [LIBS="$LIBS -lcrypto"], - [AC_MSG_ERROR([OpenSSL libraries not found.])] - ) +case $host_os in + *mingw*) + AC_CHECK_LIB(crypto, SHA1_version, + [LIBS="$LIBS -lcrypto -lgdi32"], + [AC_MSG_ERROR([OpenSSL libraries not found.])] + ) + ;; + *) + AC_CHECK_LIB(crypto, SHA1_version, + [LIBS="$LIBS -lcrypto"], + [AC_MSG_ERROR([OpenSSL libraries not found.])] + ) + + AC_CHECK_FUNC(dlopen, + [], + [AC_CHECK_LIB(dl, dlopen, + [LIBS="$LIBS -ldl"], + [AC_MSG_ERROR([OpenSSL depends on libdl.]); break] + )] + ) + ;; +esac AC_CHECK_FUNCS([RAND_pseudo_bytes EVP_EncryptInit_ex], , [AC_MSG_ERROR([Missing OpenSSL functionality, make sure you have installed the latest version.]); break], @@ -37,12 +63,4 @@ AC_DEFUN(tinc_OPENSSL, [AC_MSG_ERROR([Missing OpenSSL functionality, make sure you have installed the latest version.]); break], [#include ] ) - - AC_CHECK_FUNC(dlopen, - [], - [AC_CHECK_LIB(dl, dlopen, - [LIBS="$LIBS -ldl"], - [AC_MSG_ERROR([OpenSSL depends on libdl.]); break] - )] - ) ]) diff --git a/m4/tuntap.m4 b/m4/tuntap.m4 index cd3a485a..dcf3a152 100644 --- a/m4/tuntap.m4 +++ b/m4/tuntap.m4 @@ -2,38 +2,37 @@ dnl Check to find out whether the running kernel has support for TUN/TAP AC_DEFUN(tinc_TUNTAP, [ -AC_ARG_WITH(kernel, - [ --with-kernel=dir give the directory with kernel sources] - [ (default: /usr/src/linux)], - kerneldir="$withval", - kerneldir="/usr/src/linux" -) - -AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, -[ - AC_TRY_COMPILE([#include "$kerneldir/include/linux/if_tun.h"], - [int a = IFF_TAP;], - if_tun_h="\"$kerneldir/include/linux/if_tun.h\"", - [AC_TRY_COMPILE([#include ], - [int a = IFF_TAP;], - if_tun_h="default", - if_tun_h="no" - )] + AC_ARG_WITH(kernel, + AC_HELP_STRING([--with-kernel=DIR], [give the directory with kernel sources (default: /usr/src/linux)]), + kerneldir="$withval", + kerneldir="/usr/src/linux" ) - - if test $if_tun_h = no; then - tinc_cv_linux_if_tun_h=none - else - tinc_cv_linux_if_tun_h="$if_tun_h" + + AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, + [ + AC_TRY_COMPILE([#include "$kerneldir/include/linux/if_tun.h"], + [int a = IFF_TAP;], + if_tun_h="\"$kerneldir/include/linux/if_tun.h\"", + [AC_TRY_COMPILE([#include ], + [int a = IFF_TAP;], + if_tun_h="default", + if_tun_h="no" + )] + ) + + if test $if_tun_h = no; then + tinc_cv_linux_if_tun_h=none + else + tinc_cv_linux_if_tun_h="$if_tun_h" + fi + ]) + + if test $tinc_cv_linux_if_tun_h != none; then + AC_DEFINE(HAVE_TUNTAP, 1, [Universal tun/tap driver present]) + if test $tinc_cv_linux_if_tun_h != default; then + AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, $tinc_cv_linux_if_tun_h, [Location of if_tun.h]) + fi fi -]) - -if test $tinc_cv_linux_if_tun_h != none; then - AC_DEFINE(HAVE_TUNTAP, 1, [Universal tun/tap driver present]) - if test $tinc_cv_linux_if_tun_h != default; then - AC_DEFINE_UNQUOTED(LINUX_IF_TUN_H, $tinc_cv_linux_if_tun_h, [Location of if_tun.h]) - fi -fi -AC_SUBST(LINUX_IF_TUN_H) -AC_SUBST(HAVE_TUNTAP) + AC_SUBST(LINUX_IF_TUN_H) + AC_SUBST(HAVE_TUNTAP) ]) diff --git a/m4/zlib.m4 b/m4/zlib.m4 index d5fbc675..d6913263 100644 --- a/m4/zlib.m4 +++ b/m4/zlib.m4 @@ -4,15 +4,23 @@ AC_DEFUN(tinc_ZLIB, [ tinc_ac_save_CPPFLAGS="$CPPFLAGS" + AC_ARG_WITH(zlib, + AC_HELP_STRING([--with-zlib=DIR], [zlib base directory, or:]), + [zlib="$withval" + CFLAGS="$CFLAGS -I$withval/include" + CPPFLAGS="$CPPFLAGS -I$withval/include" + LIBS="$LIBS -L$withval/lib"] + ) + AC_ARG_WITH(zlib-include, - [ --with-zlib-include=DIR zlib headers directory], + AC_HELP_STRING([--with-zlib-include=DIR], [zlib headers directory]), [zlib_include="$withval" CFLAGS="$CFLAGS -I$withval" CPPFLAGS="$CPPFLAGS -I$withval"] ) AC_ARG_WITH(zlib-lib, - [ --with-zlib-lib=DIR zlib library directory], + AC_HELP_STRING([--with-zlib-lib=DIR], [zlib library directory]), [zlib_lib="$withval" LIBS="$LIBS -L$withval"] ) From 6f7cce69479f9b2796d81f458bf836287b74462e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 29 Jul 2003 12:18:35 +0000 Subject: [PATCH 787/923] Make sure it works. --- src/cygwin/device.c | 45 +++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/src/cygwin/device.c b/src/cygwin/device.c index ca8c5f35..f7db4c23 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.12 2003/07/29 11:06:23 guus Exp $ + $Id: device.c,v 1.1.2.13 2003/07/29 12:18:35 guus Exp $ */ #include "system.h" @@ -95,6 +95,18 @@ bool setup_device(void) if(RegEnumKeyEx(key, i, adapterid, &len, 0, 0, 0, NULL)) break; + /* Find out more about this adapter */ + + snprintf(regpath, sizeof(regpath), "%s\\%s\\Connection", REG_CONTROL_NET, adapterid); + + if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, regpath, 0, KEY_READ, &key2)) + continue; + + len = sizeof(adaptername); + RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); + + RegCloseKey(key2); + if(device) { if(!strcmp(device, adapterid)) { found = true; @@ -103,18 +115,6 @@ bool setup_device(void) continue; } - /* Find out more about this adapter */ - - snprintf(regpath, sizeof(regpath), "%s\\%s\\Connection", REG_CONTROL_NET, adapterid); - - if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, regpath, 0, KEY_READ, &key2)) { - logger(LOG_ERR, _("Unable to read registry")); - return false; - } - - len = sizeof(adaptername); - RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); - if(iface) { if(!strcmp(iface, adaptername)) { found = true; @@ -132,6 +132,8 @@ bool setup_device(void) } } + RegCloseKey(key); + if(!found) { logger(LOG_ERR, _("No Windows tap device found!")); return false; @@ -164,7 +166,7 @@ bool setup_device(void) /* Get MAC address from tap device */ - if(DeviceIoControl(device_fd, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) { + if(!DeviceIoControl(handle, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) { logger(LOG_ERR, _("Could not get MAC address from Windows tap device!")); return false; } @@ -187,9 +189,11 @@ bool setup_device(void) It passes everything it reads to the socket. */ char buf[MTU]; - int lenin; + long lenin; - handle = CreateFile(tapname, GENERIC_READ, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); + CloseHandle(handle); + + handle = CreateFile(tapname, GENERIC_READ, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0); if(handle == INVALID_HANDLE_VALUE) { logger(LOG_ERR, _("Could not open Windows tap device for reading!")); @@ -208,7 +212,7 @@ bool setup_device(void) /* Pass packets */ for(;;) { - ReadFile (handle, buf, MTU, &lenin, NULL); + ReadFile(handle, buf, MTU, &lenin, NULL); write(sp[1], buf, lenin); } } @@ -219,14 +223,11 @@ bool setup_device(void) return false; } - if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) - iface = device; - device_info = _("Windows tap device"); logger(LOG_INFO, _("%s (%s) is a %s"), device, iface, device_info); - return false; + return true; } void close_device(void) @@ -264,7 +265,7 @@ bool read_packet(vpn_packet_t *packet) bool write_packet(vpn_packet_t *packet) { - int lenout; + long lenout; cp(); From 586f15ed20682413d1bddbb4518dd2714c96b255 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 29 Jul 2003 12:38:49 +0000 Subject: [PATCH 788/923] Make sure (at least) the MinGW device driver works. --- src/mingw/device.c | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/src/mingw/device.c b/src/mingw/device.c index e49ab998..d005a63b 100644 --- a/src/mingw/device.c +++ b/src/mingw/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.4 2003/07/29 11:06:23 guus Exp $ + $Id: device.c,v 1.1.2.5 2003/07/29 12:38:49 guus Exp $ */ #include "system.h" @@ -90,6 +90,16 @@ bool setup_device(void) if(RegEnumKeyEx(key, i, adapterid, &len, 0, 0, 0, NULL)) break; + /* Find out more about this adapter */ + + snprintf(regpath, sizeof(regpath), "%s\\%s\\Connection", REG_CONTROL_NET, adapterid); + + if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, regpath, 0, KEY_READ, &key2)) + continue; + + len = sizeof(adaptername); + RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); + if(device) { if(!strcmp(device, adapterid)) { found = true; @@ -98,18 +108,6 @@ bool setup_device(void) continue; } - /* Find out more about this adapter */ - - snprintf(regpath, sizeof(regpath), "%s\\%s\\Connection", REG_CONTROL_NET, adapterid); - - if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, regpath, 0, KEY_READ, &key2)) { - logger(LOG_ERR, _("Unable to read registry")); - return false; - } - - len = sizeof(adaptername); - RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); - if(iface) { if(!strcmp(iface, adaptername)) { found = true; @@ -148,7 +146,7 @@ bool setup_device(void) /* Get MAC address from tap device */ - if(DeviceIoControl(device_fd, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) { + if(!DeviceIoControl(device_fd, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) { logger(LOG_ERR, _("Could not get MAC address from Windows tap device!")); return false; } @@ -157,9 +155,6 @@ bool setup_device(void) overwrite_mac = 1; } - if(!get_config_string(lookup_config(config_tree, "Interface"), &iface)) - iface = device; - device_info = _("Windows tap device"); logger(LOG_INFO, _("%s (%s) is a %s"), device, iface, device_info); @@ -176,7 +171,7 @@ void close_device(void) bool read_packet(vpn_packet_t *packet) { - int lenin; + long lenin; cp(); @@ -198,7 +193,7 @@ bool read_packet(vpn_packet_t *packet) bool write_packet(vpn_packet_t *packet) { - int lenout; + long lenout; cp(); From 721e4caee0f7c6e003c297c95fb6d93bd4102219 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 29 Jul 2003 22:59:01 +0000 Subject: [PATCH 789/923] Native Windows support. --- lib/dropin.c | 16 ++++- lib/dropin.h | 10 ++- src/logger.c | 3 +- src/meta.c | 6 +- src/mingw/device.c | 157 ++++++++++++++++++++++++++++++++++++++++----- src/net.c | 7 +- src/net.h | 6 +- src/net_setup.c | 14 ++-- src/net_socket.c | 18 +++--- src/netutl.c | 26 ++++---- src/protocol.h | 8 ++- src/tincd.c | 13 +++- system.h | 2 +- 13 files changed, 227 insertions(+), 59 deletions(-) diff --git a/lib/dropin.c b/lib/dropin.c index c92c0b81..d4756010 100644 --- a/lib/dropin.c +++ b/lib/dropin.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.c,v 1.1.2.17 2003/07/28 22:06:09 guus Exp $ + $Id: dropin.c,v 1.1.2.18 2003/07/29 22:59:00 guus Exp $ */ #include "system.h" @@ -139,7 +139,7 @@ int asprintf(char **buf, const char *fmt, ...) va_end(ap); if(status >= 0) - *buf = xrealloc(*buf, status); + *buf = xrealloc(*buf, status + 1); if(status > len - 1) { len = status; @@ -159,3 +159,15 @@ int gettimeofday(struct timeval *tv, void *tz) { return 0; } #endif + +#ifndef HAVE_RANDOM +#include + +long int random(void) { + long int x; + + RAND_pseudo_bytes((unsigned char *)&x, sizeof(x)); + + return x; +} +#endif diff --git a/lib/dropin.h b/lib/dropin.h index 3afa69cc..a3afa719 100644 --- a/lib/dropin.h +++ b/lib/dropin.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: dropin.h,v 1.1.2.13 2003/07/18 13:42:35 guus Exp $ + $Id: dropin.h,v 1.1.2.14 2003/07/29 22:59:00 guus Exp $ */ #ifndef __DROPIN_H__ @@ -43,4 +43,12 @@ extern int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, size_t hostlen, char *serv, size_t servlen, int flags); #endif +#ifndef HAVE_GETTIMEOFDAY +extern int gettimeofday(struct timeval *, void *); +#endif + +#ifndef HAVE_RANDOM +extern long int random(void); +#endif + #endif /* __DROPIN_H__ */ diff --git a/src/logger.c b/src/logger.c index 871f2c14..f85bd152 100644 --- a/src/logger.c +++ b/src/logger.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: logger.c,v 1.1.2.7 2003/07/29 10:50:15 guus Exp $ + $Id: logger.c,v 1.1.2.8 2003/07/29 22:59:00 guus Exp $ */ #include "system.h" @@ -65,6 +65,7 @@ void logger(int priority, const char *format, ...) { case LOGMODE_STDERR: vfprintf(stderr, format, ap); fprintf(stderr, "\n"); + fflush(stderr); break; case LOGMODE_FILE: fprintf(logfile, "%ld %s[%d]: ", time(NULL), logident, logpid); diff --git a/src/meta.c b/src/meta.c index e818b0b4..0d103c03 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.37 2003/07/22 20:55:19 guus Exp $ + $Id: meta.c,v 1.1.2.38 2003/07/29 22:59:00 guus Exp $ */ #include "system.h" @@ -52,7 +52,7 @@ bool send_meta(connection_t *c, char *buffer, int length) bufp = buffer; while(length) { - result = write(c->socket, bufp, length); + result = send(c->socket, bufp, length, 0); if(result <= 0) { if(errno == EINTR) continue; @@ -114,7 +114,7 @@ bool receive_meta(connection_t *c) - If not, keep stuff in buffer and exit. */ - lenin = read(c->socket, c->buffer + c->buflen, MAXBUFSIZE - c->buflen); + lenin = recv(c->socket, c->buffer + c->buflen, MAXBUFSIZE - c->buflen, 0); if(lenin <= 0) { if(lenin == 0) { diff --git a/src/mingw/device.c b/src/mingw/device.c index d005a63b..dfda0895 100644 --- a/src/mingw/device.c +++ b/src/mingw/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.5 2003/07/29 12:38:49 guus Exp $ + $Id: device.c,v 1.1.2.6 2003/07/29 22:59:01 guus Exp $ */ #include "system.h" @@ -51,7 +51,8 @@ /* FIXME: This only works for Windows 2000 */ #define OSTYPE 5 -HANDLE device_fd = INVALID_HANDLE_VALUE; +int device_fd = 0; +HANDLE device_handle = INVALID_HANDLE_VALUE; char *device = NULL; char *iface = NULL; char *device_info = NULL; @@ -59,6 +60,72 @@ char *device_info = NULL; int device_total_in = 0; int device_total_out = 0; +DWORD WINAPI tapreader(void *bla) { + int sock, err, status; + struct addrinfo *ai; + struct addrinfo hint = { + .ai_family = AF_UNSPEC, + .ai_socktype = SOCK_DGRAM, + .ai_protocol = IPPROTO_UDP, + .ai_flags = 0, + }; + char buf[MTU]; + long len; + OVERLAPPED overlapped; + + /* Open a socket to the parent process */ + + err = getaddrinfo(NULL, "12345", &hint, &ai); + + if(err || !ai) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(errno)); + return -1; + } + + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + + freeaddrinfo(ai); + + if(sock < 0) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "socket", strerror(errno)); + return -1; + } + + if(connect(sock, ai->ai_addr, ai->ai_addrlen)) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "connect", strerror(errno)); + return -1; + } + + logger(LOG_DEBUG, _("Tap reader running")); + + /* Read from tap device and send to parent */ + + overlapped.hEvent = CreateEvent(NULL, TRUE, FALSE, NULL); + + for(;;) { + overlapped.Offset = 0; + overlapped.OffsetHigh = 0; + ResetEvent(overlapped.hEvent); + + status = ReadFile(device_handle, buf, sizeof(buf), &len, &overlapped); + + if(!status) { + if(GetLastError() == ERROR_IO_PENDING) { + WaitForSingleObject(overlapped.hEvent, INFINITE); + if(!GetOverlappedResult(device_handle, &overlapped, &len, FALSE)) + continue; + } else { + logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, + device, strerror(errno)); + return -1; + } + } + + if(send(sock, buf, len, 0) <= 0) + return -1; + } +} + bool setup_device(void) { HKEY key, key2; @@ -68,11 +135,21 @@ bool setup_device(void) char adapterid[1024]; char adaptername[1024]; char tapname[1024]; - char gelukt = 0; long len; bool found = false; + int sock, err; + HANDLE thread; + + struct addrinfo *ai; + struct addrinfo hint = { + .ai_family = AF_UNSPEC, + .ai_socktype = SOCK_DGRAM, + .ai_protocol = IPPROTO_UDP, + .ai_flags = AI_PASSIVE, + }; + cp(); get_config_string(lookup_config(config_tree, "Device"), &device); @@ -117,8 +194,8 @@ bool setup_device(void) } snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, adapterid); - device_fd = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0); - if(device_fd != INVALID_HANDLE_VALUE) { + device_handle = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED, 0); + if(device_handle != INVALID_HANDLE_VALUE) { found = true; break; } @@ -129,24 +206,27 @@ bool setup_device(void) return false; } - device = adapterid; - iface = adaptername; + if(!device) + device = xstrdup(adapterid); + + if(!iface) + iface = xstrdup(adaptername); /* Try to open the corresponding tap device */ - if(device_fd == INVALID_HANDLE_VALUE) { + if(device_handle == INVALID_HANDLE_VALUE) { snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, device); - device_fd = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0); + device_handle = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM | FILE_FLAG_OVERLAPPED, 0); } - if(device_fd == INVALID_HANDLE_VALUE) { + if(device_handle == INVALID_HANDLE_VALUE) { logger(LOG_ERR, _("%s (%s) is no a usable Windows tap device!"), device, iface); return false; } /* Get MAC address from tap device */ - if(!DeviceIoControl(device_fd, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) { + if(!DeviceIoControl(device_handle, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) { logger(LOG_ERR, _("Could not get MAC address from Windows tap device!")); return false; } @@ -155,6 +235,52 @@ bool setup_device(void) overwrite_mac = 1; } + /* Create a listening socket */ + + err = getaddrinfo(NULL, "12345", &hint, &ai); + + if(err || !ai) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(errno)); + return false; + } + + sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); + + if(sock < 0) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "socket", strerror(errno)); + return false; + } + + if(bind(sock, ai->ai_addr, ai->ai_addrlen)) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "bind", strerror(errno)); + return false; + } + + freeaddrinfo(ai); + + if(listen(sock, 1)) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "listen", strerror(errno)); + return false; + } + + /* Start the tap reader */ + + thread = CreateThread(NULL, 0, tapreader, NULL, 0, NULL); + + if(!thread) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "CreateThread", strerror(errno)); + return false; + } + + /* Wait for the tap reader to connect back to us */ + + if((device_fd = accept(sock, NULL, 0)) == -1) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "accept", strerror(errno)); + return false; + } + + closesocket(sock); + device_info = _("Windows tap device"); logger(LOG_INFO, _("%s (%s) is a %s"), device, iface, device_info); @@ -166,16 +292,16 @@ void close_device(void) { cp(); - CloseHandle(device_fd); + CloseHandle(device_handle); } bool read_packet(vpn_packet_t *packet) { - long lenin; + int lenin; cp(); - if(!ReadFile(device_fd, packet->data, MTU, &lenin, NULL)) { + if((lenin = recv(device_fd, packet->data, MTU, 0)) <= 0) { logger(LOG_ERR, _("Error while reading from %s %s: %s"), device_info, device, strerror(errno)); return false; @@ -194,13 +320,14 @@ bool read_packet(vpn_packet_t *packet) bool write_packet(vpn_packet_t *packet) { long lenout; + OVERLAPPED overlapped = {0}; cp(); ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); - if(!WriteFile(device_fd, packet->data, packet->len, &lenout, NULL)) { + if(!WriteFile(device_handle, packet->data, packet->len, &lenout, &overlapped)) { logger(LOG_ERR, _("Error while writing to %s %s"), device_info, device); return false; } diff --git a/src/net.c b/src/net.c index c4637dab..e1580e65 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.194 2003/07/29 10:50:15 guus Exp $ + $Id: net.c,v 1.35.4.195 2003/07/29 22:59:00 guus Exp $ */ #include "system.h" @@ -39,6 +39,7 @@ #include "protocol.h" #include "route.h" #include "subnet.h" +#include "xalloc.h" bool do_purge = false; @@ -153,7 +154,7 @@ void terminate_connection(connection_t *c, bool report) c->node->connection = NULL; if(c->socket) - close(c->socket); + closesocket(c->socket); if(c->edge) { if(report) @@ -254,7 +255,7 @@ static void check_network_activity(fd_set * f) ifdebug(CONNECTIONS) logger(LOG_DEBUG, _("Error while connecting to %s (%s): %s"), c->name, c->hostname, strerror(result)); - close(c->socket); + closesocket(c->socket); do_outgoing_connection(c); continue; } diff --git a/src/net.h b/src/net.h index 8ab33615..f1494666 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.67 2003/07/24 12:08:15 guus Exp $ + $Id: net.h,v 1.9.4.68 2003/07/29 22:59:00 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -140,4 +140,8 @@ extern void terminate_connection(struct connection_t *, bool); extern void flush_queue(struct node_t *); extern bool read_rsa_public_key(struct connection_t *); +#ifndef HAVE_MINGW +#define closesocket(s) close(s) +#endif + #endif /* __TINC_NET_H__ */ diff --git a/src/net_setup.c b/src/net_setup.c index 6f7f70ad..3695e18e 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.39 2003/07/23 22:17:31 guus Exp $ + $Id: net_setup.c,v 1.1.2.40 2003/07/29 22:59:00 guus Exp $ */ #include "system.h" @@ -444,14 +444,14 @@ bool setup_myself(void) /* Open sockets */ - memset(&hint, 0, sizeof(hint)); - get_config_string(lookup_config(config_tree, "BindToAddress"), &address); - hint.ai_family = addressfamily; - hint.ai_socktype = SOCK_STREAM; - hint.ai_protocol = IPPROTO_TCP; - hint.ai_flags = AI_PASSIVE; + hint = (struct addrinfo) { + .ai_family = addressfamily, + .ai_socktype = SOCK_STREAM, + .ai_protocol = IPPROTO_TCP, + .ai_flags = AI_PASSIVE, + }; err = getaddrinfo(address, myport, &hint, &ai); diff --git a/src/net_socket.c b/src/net_socket.c index 5f9e2173..78e1ad2c 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.32 2003/07/28 22:06:09 guus Exp $ + $Id: net_socket.c,v 1.1.2.33 2003/07/29 22:59:00 guus Exp $ */ #include "system.h" @@ -70,7 +70,7 @@ int setup_listen_socket(const sockaddr_t *sa) flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - close(nfd); + closesocket(nfd); logger(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", strerror(errno)); return -1; @@ -98,7 +98,7 @@ int setup_listen_socket(const sockaddr_t *sa) strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ); if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) { - close(nfd); + closesocket(nfd); logger(LOG_ERR, _("Can't bind to interface %s: %s"), iface, strerror(errno)); return -1; @@ -109,7 +109,7 @@ int setup_listen_socket(const sockaddr_t *sa) } if(bind(nfd, &sa->sa, SALEN(sa->sa))) { - close(nfd); + closesocket(nfd); addrstr = sockaddr2hostname(sa); logger(LOG_ERR, _("Can't bind to %s/tcp: %s"), addrstr, strerror(errno)); @@ -118,7 +118,7 @@ int setup_listen_socket(const sockaddr_t *sa) } if(listen(nfd, 3)) { - close(nfd); + closesocket(nfd); logger(LOG_ERR, _("System call `%s' failed: %s"), "listen", strerror(errno)); return -1; @@ -149,7 +149,7 @@ int setup_vpn_in_socket(const sockaddr_t *sa) #ifdef O_NONBLOCK flags = fcntl(nfd, F_GETFL); if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - close(nfd); + closesocket(nfd); logger(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", strerror(errno)); return -1; @@ -166,7 +166,7 @@ int setup_vpn_in_socket(const sockaddr_t *sa) strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ); if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) { - close(nfd); + closesocket(nfd); logger(LOG_ERR, _("Can't bind to interface %s: %s"), iface, strerror(errno)); return -1; @@ -175,7 +175,7 @@ int setup_vpn_in_socket(const sockaddr_t *sa) #endif if(bind(nfd, &sa->sa, SALEN(sa->sa))) { - close(nfd); + closesocket(nfd); addrstr = sockaddr2hostname(sa); logger(LOG_ERR, _("Can't bind to %s/udp: %s"), addrstr, strerror(errno)); @@ -308,7 +308,7 @@ begin: return; } - close(c->socket); + closesocket(c->socket); ifdebug(CONNECTIONS) logger(LOG_ERR, _("%s: %s"), c->hostname, strerror(errno)); diff --git a/src/netutl.c b/src/netutl.c index cd50792f..1ec6e5a8 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.49 2003/07/24 12:08:15 guus Exp $ + $Id: netutl.c,v 1.12.4.50 2003/07/29 22:59:00 guus Exp $ */ #include "system.h" @@ -36,16 +36,15 @@ bool hostnames = false; */ struct addrinfo *str2addrinfo(const char *address, const char *service, int socktype) { - struct addrinfo hint, *ai; + struct addrinfo *ai; + struct addrinfo hint = { + .ai_family = addressfamily, + .ai_socktype = socktype, + }; int err; cp(); - memset(&hint, 0, sizeof(hint)); - - hint.ai_family = addressfamily; - hint.ai_socktype = socktype; - err = getaddrinfo(address, service, &hint, &ai); if(err) { @@ -59,18 +58,17 @@ struct addrinfo *str2addrinfo(const char *address, const char *service, int sock sockaddr_t str2sockaddr(const char *address, const char *port) { - struct addrinfo hint, *ai; + struct addrinfo *ai; + struct addrinfo hint = { + .ai_family = AF_UNSPEC, + .ai_flags = AI_NUMERICHOST, + .ai_socktype = SOCK_STREAM, + }; sockaddr_t result; int err; cp(); - memset(&hint, 0, sizeof(hint)); - - hint.ai_family = AF_UNSPEC; - hint.ai_flags = AI_NUMERICHOST; - hint.ai_socktype = SOCK_STREAM; - err = getaddrinfo(address, port, &hint, &ai); if(err || !ai) { diff --git a/src/protocol.h b/src/protocol.h index 0eae830d..7a32a17a 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.42 2003/07/29 10:50:15 guus Exp $ + $Id: protocol.h,v 1.5.4.43 2003/07/29 22:59:00 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -29,6 +29,12 @@ #define PROT_CURRENT 17 +/* Silly Windows */ + +#ifdef ERROR +#undef ERROR +#endif + /* Request numbers */ typedef enum request_t { diff --git a/src/tincd.c b/src/tincd.c index d2179ab1..6b90de76 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.77 2003/07/28 22:06:09 guus Exp $ + $Id: tincd.c,v 1.10.4.78 2003/07/29 22:59:00 guus Exp $ */ #include "system.h" @@ -93,6 +93,10 @@ static struct option const long_options[] = { {NULL, 0, NULL, 0} }; +#ifdef HAVE_MINGW +static struct WSAData wsa_state; +#endif + static void usage(bool status) { if(status) @@ -417,6 +421,13 @@ int main(int argc, char **argv, char **envp) exit(1); } +#ifdef HAVE_MINGW + if(WSAStartup(MAKEWORD(2, 2), &wsa_state)) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "WSAStartup", strerror(errno)); + exit(1); + } +#endif + if(!detach()) exit(1); diff --git a/system.h b/system.h index d4381dc5..73f7aeb1 100644 --- a/system.h +++ b/system.h @@ -115,7 +115,7 @@ #ifdef HAVE_MINGW #include -#include +#include #endif /* Include localisation support */ From 2ed154e73192d5e162544bc570abbb3a1df3ec83 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 29 Jul 2003 23:21:01 +0000 Subject: [PATCH 790/923] Cleanups. --- configure.in | 4 ++-- src/cygwin/device.c | 9 ++++++--- src/mingw/device.c | 6 +++++- 3 files changed, 13 insertions(+), 6 deletions(-) diff --git a/configure.in b/configure.in index 1e2b802c..9287c01a 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.73 2003/07/29 11:50:39 guus Exp $ +dnl $Id: configure.in,v 1.13.2.74 2003/07/29 23:21:00 guus Exp $ AC_PREREQ(2.57) AC_INIT(src/tincd.c) @@ -155,7 +155,7 @@ dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL -AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime fork get_current_dir_name gettimeofday mlockall putenv select strdup strerror strsignal strtol unsetenv vsyslog]) +AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol unsetenv vsyslog]) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/src/cygwin/device.c b/src/cygwin/device.c index f7db4c23..cbfebc23 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.13 2003/07/29 12:18:35 guus Exp $ + $Id: device.c,v 1.1.2.14 2003/07/29 23:21:01 guus Exp $ */ #include "system.h" @@ -139,8 +139,11 @@ bool setup_device(void) return false; } - device = adapterid; - iface = adaptername; + if(!device) + device = xstrdup(adapterid); + + if(!iface) + iface = xstrdup(adaptername); snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, device); diff --git a/src/mingw/device.c b/src/mingw/device.c index dfda0895..e1fbf220 100644 --- a/src/mingw/device.c +++ b/src/mingw/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.6 2003/07/29 22:59:01 guus Exp $ + $Id: device.c,v 1.1.2.7 2003/07/29 23:21:01 guus Exp $ */ #include "system.h" @@ -177,6 +177,8 @@ bool setup_device(void) len = sizeof(adaptername); RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); + RegKeyClose(key2); + if(device) { if(!strcmp(device, adapterid)) { found = true; @@ -201,6 +203,8 @@ bool setup_device(void) } } + RegKeyClose(key); + if(!found) { logger(LOG_ERR, _("No Windows tap device found!")); return false; From 63568bb6bca20b4d2b2068a6367084a273eabac8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 30 Jul 2003 09:22:29 +0000 Subject: [PATCH 791/923] Update documentation and remove stuff that's too outdated. --- doc/HOWTO | 175 -------- doc/Makefile.am | 11 + doc/es/.cvsignore | 1 - doc/es/Makefile.am | 3 - doc/es/tinc-es.html | 960 ---------------------------------------- doc/es/tinc_toc-es.html | 63 --- doc/tinc.conf.5 | 8 +- doc/tinc.texi | 138 ++++-- doc/tincd.8 | 60 ++- 9 files changed, 146 insertions(+), 1273 deletions(-) delete mode 100644 doc/HOWTO delete mode 100644 doc/es/.cvsignore delete mode 100644 doc/es/Makefile.am delete mode 100644 doc/es/tinc-es.html delete mode 100644 doc/es/tinc_toc-es.html diff --git a/doc/HOWTO b/doc/HOWTO deleted file mode 100644 index d645285f..00000000 --- a/doc/HOWTO +++ /dev/null @@ -1,175 +0,0 @@ - ============== - The TINC HOWTO - ============== - - Wessel Dankers - wsl@nl.linux.org - -Introduction ------------- -Tinc is a system to create a virtual ethernet network on top of an existing -infrastructure. This infrastructure can be anything from modem lines to -gigabit ethernet networks, as long as they talk IP. Once you install and -configure tinc, your host will get an extra IP address, just like it would -when you stick an extra ethernet card into it. Using this IP address, it can -communicate with all hosts in its virtual network using strong encryption. - -If you install Tinc on a router (and pick your numbers correctly) you can -have the router forward all packets. This way you can---instead of -connecting hosts---connect entire sites together! Now you need only one -outgoing network connection for both internet and intranet. - -Architecture ------------- -When a few Tinc daemons are running they will try to seek contact with -eachother. A daemon is all the time connected to a few other daemons, -but if traffic is required with a daemon it doesn't know yet, it will -instantly contact it and exchange keys. These so-called meta-connections -are made over TCP, using encryption of course. - -When actual traffic has to be sent, a daemon checks his connection list to -see if the addressee is known (and makes contact with it if neccessary). -All packets are then sent using UDP to the other host, just like in a real -network. If a packet gets lost, the connection layer of Linux will resend -the packet, just like it would over a normal network. - -Once in a while the daemons will renegotiate keys so that even if a cracker -breaks one, it'll be of limited use. - -Getting Tinc ------------- -Before you fetch the latest tarball, you might want to check if there's a -package for your Linux distribution. One of the main authors is a Debian -Developer, so you can expect the Debian packages to be very up to date. - -The official website for Tinc can be found at http://tinc.nl.linux.org/. -There you can find Debian packages, RPM's and of course... the tarball! -Since we run Doohickey Linux Pro 1.0, for which no package exists (or -indeed the distribution itself) we shall compile the package ourselves. - -Building --------- -The Tinc source adheres to so many standards it makes you head spin. -Even the debug messages have been localized! Amazing. Tinc also comes -with a configuration script. If you like to see what is there to -configure run ./configure --help | more. If you don't have time for such -nonsense: - - ./configure --sysconfdir=/etc - -This will see if your system is nice enough to run tinc on, and will -create some Makefiles and other stuff which will together build tinc. - - make - make install - -The first will do the actual build, the second copies all files into place. - -The kernel ----------- -Next you will have to configure the kernel to support the tap device. -It is important that you run a recent kernel, but anything after 2.2.16 -will do. You have to enable both the netlink device AND the ethertap -device (in that order). Enable them as modules! -Compile, install =) You don't even have to reboot. - -Picking your numbers --------------------- -The first thing we should do is pick network numbers. Tinc has a very -peculiar taste for network numbers, which is caused by the way it routes -traffic. However, it turns out to be really handy if you want to use -your tinc host as a router for a site. - -The numbers have to be in a range that is not yet in use in your existing, -real network! In this example we will use numbers from the 192.168.0/16 -range. This is standard CIDR notation for all IP addresses from 192.168.0.0 -to 192.168.255.255. The /16 means that the first 16 bits form the network -part. - -It is common practice for Tinc networks to use private (RFC 1918) addresses. -This is not necessary, but it would be a waste to use official addresses -for a private network! - -In the example we will connect three machines: f00f, fdiv and hlt. We will -give each an address, but not just that, also a slice of our address space -to play with. - - Host Real address Tinc network - --------------------------------------------------- - f00f 126.202.37.20 192.168.1.1/24 - fdiv 126.202.37.81 192.168.2.1/24 - hlt 103.22.1.218 192.168.3.1/24 - -It is very important that none of the Tinc netmasks overlap! Note how the -192.168.0/16 network covers the entire address space of the three hosts. -We will refer to the 192.168.0/16 network as the `umbrella' from now on. -As you can see we can fit 256 hosts into this umbrella this way, which is -also the practical maximum for tinc. Let's name our VPN 'fubar'. - -The configuration file ----------------------- -Let's create a configuration file for f00f. We have to put it in -/etc/tinc/fubar because that's how we named our VPN. - - MyOwnVPNIP = 192.168.1.1/24 - VpnMask = 255.255.0.0 - ConnectTo = 126.202.37.81 - ConnectTo = 103.22.1.218 - TapDevice = /dev/tap0 - -The first two lines tell Tinc about the numbers we have chosen above. -Using the ConnectTo lines, the daemon will seek contact with the rest of -the umbrella. It's possible to configure any number of ConnectTo lines, -you can even omit them so that it just sits and waits until someone else -contacts it. Until someone does, the poor daemon won't be able to send -any data because it doesn't know where everybody is. -The TapDevice is where the tinc daemon will interface with the kernel. - -The passphrases ---------------- -We will have to generate keys for ourselves, and get a key from everybody -we want to ConnectTo. All of these go into a directory named -/etc/tinc/fubar/passphrases. PROTECT THIS DIRECTORY! - - mkdir -m 700 /etc/tinc/fubar/passphrases - -To generate our own key: - - genauth 1024 >/etc/tinc/fubar/passphrases/local - -You should then proceed to give this key to anyone who wants to ConnectTo -you. DO THIS IN A SECURE MANNER! Anyone who has this number can do icky -things to the umbrella network! Encrypt it using PGP, GPG or another -program using asymmetric keys. Read it over the phone (without anyone -listening of course). Send it by snailmail. Write the key down and bring -it to your partners personally! - -If you get any keys from your partners, store them under their network -number. For example, the key we get from fdiv's network administrator -will be stored in /etc/tinc/fubar/passphrases/192.168.2.0 (note the 0). - -Running the daemon ------------------- -If you use a package manager to install Tinc, the startup scripts use a file -called /etc/tinc/nets.boot to see which umbrella's exist. It has a line -per VPN, and lines starting with a # are ignored. Ours will contain: - - # Example VPN from the HOWTO - fubar - -In Debian, /etc/init.d/tinc start will start the daemons. - -If you use Doohickey Linux just like we do, you'll have to edit the systems -startup scripts by hand. It should contain something along the lines of: - - insmod ethertap -s --name=tap0 unit=0 - ifconfig tap0 hw ether fe:fd:c0:a8:01:01 - ifconfig tap0 192.168.1.1 netmask 255.255.0.0 broadcast 192.168.255.255 -arp - -There are two things to note here! First, the MAC address of the ethertap -device is very important. It must start with fe:fd, and end in the -hexadecimal representation of the VPN IP number. -Second, the netmask of the tap device is set to that of the umbrella! - --- -$Id: HOWTO,v 1.2.2.3 2000/07/01 07:29:32 wsl Exp $ diff --git a/doc/Makefile.am b/doc/Makefile.am index b62feb7e..6714dbae 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -23,3 +23,14 @@ transform = s/ginstall/install/; @program_transform_name@ # For additional rules usually of interest only to the maintainer, # see GNUmakefile and Makefile.maint. + +tinc.pdf: tinc.texi + texi2pdf -o tinc.pdf tinc.texi + +texi2html: tinc.texi + mkdir -p html + rm -f html/*.html + cd html && texi2html -split=chapter ../tinc.texi + +%.html: % + w3mman2html $< > $@ diff --git a/doc/es/.cvsignore b/doc/es/.cvsignore deleted file mode 100644 index 6179e0db..00000000 --- a/doc/es/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile Makefile.in diff --git a/doc/es/Makefile.am b/doc/es/Makefile.am deleted file mode 100644 index 756d6707..00000000 --- a/doc/es/Makefile.am +++ /dev/null @@ -1,3 +0,0 @@ -## Process this file with automake to get Makefile.in - -# Nothing to see here, go away! diff --git a/doc/es/tinc-es.html b/doc/es/tinc-es.html deleted file mode 100644 index ccaa9d27..00000000 --- a/doc/es/tinc-es.html +++ /dev/null @@ -1,960 +0,0 @@ - - - -Manual DE tinc - - -

      Manual de tinc

      -

      Preparando una Red Privada Virtual con tinc

      -
      Ivo Timmermans <ivo@o2w.nl>
      -

      -

      - -

      Introducción

      - -

      -Tinc es un demonio de Red Privada Virtual (VPN) que usa túnel y -cifrado de datos para crear una red privada segura entre hosts en -Internet. - - -

      -El túnel se realiza en la capa del protocolo IP como un dispositivo de -red normal, por lo cual hay necesidad de adaptar el software existente. - - -

      -Este túnel permite que sitios VPN compartan información entre ellos en -Internet sin exponer esta información a otros. - - -

      -Este documento es el manual de tinc. Incluye capítulos sobre cómo configurar -su computadora para usar tinc, así como el proceso de configuración de tinc. - - - - - -

      Redes Privadas Virtuales

      - -

      -Una Red Privada Virtual o VPN es una red que sólo puede ser accedida por -computadoras elegidas para participar. Esta meta es alcanzable en más de una -manera. - - -

      - -Por ejemplo, una VPN puede consistir en una ethernet LAN. O incluso dos -computadoras conectadas usando un cable módem nulo(1). En estos casos, es obvio que la red es privada, nadie puede acceder a esta desde afuera. Pero si estas si estas computadoras están conectadas a internet, la red deja de ser privada, a menos que use cortafuego para bloquear el trafico privado. Pero entonces, no hay manera de enviar datos privado a una computadora de confianza en otro lugar de internet. - - -

      - -Este problema puede resolverse usando redes virtuales. Las redes virtuales pueden vivir arriba de otras redes, pero no interfieren interfieren entre ellas. En su mayor parte, las redes virtuales se ven como simples LAN, aun cuando pueden extenderse a lo largo del mundo. Pero las redes virtuales pueden no ser seguras aunque se uso cortafuegos, porque el trafico que fluye a traves de estas hacia internet puede ser visto por otras personas. - - -

      -Cuando se introduce cifrado de datos, podemos formar una verdadera VPN, Otras personas pueden ver el trafico cifrado, pero no pueden saber como decifrar este (necesitan conocer la llave para esto), no pueden leer la información que fluye a traves de la VPN, Esto es para lo que tinc fue hecho. - - -

      - -Tinc usa datagramas IP normales para encapsular datos que viajan sobre el enlace -de red VPN. En este caso está también claro que la red es virtual, porque ningún enlace de red directo tiene que existir entre los participantes. - - -

      -Como es el caso con cualquier tipo de VPN, alguien podría escuchar secretamente, -o peor, alterar datos. Aquí es probablemente aconsejable el cifrar los datos que fluyen sobre la red. - - - - -

      TINC

      - -

      -Yo realmente no recuerdo lo que nos llevó a empezar, pero debe de haber sido idea de Guus. Él escribió una aplicación simple (aproximadamente 50 líneas en C) que usó el dispositivo ethertap que linux tiene desde el núcleo 2.1.60. No funcionó inmediatamente y él la mejoró un poco. En esta fase, el proyecto se llamó simplemente `vpnd'. - - -

      -Desde entonces, mucho ha cambiado -- por así decirlo. - - -

      - -Tinc ahora soporta cifrado, consiste en un solo demonio (tincd) para la -recepción y el envío de información, se ha vuelto un paquete profesional completo. - - -

      -Mucho puede ser, y será, mejorado. Hay varias cosas que me gustaría ver en las -futuras versiones de tinc. No todo estará disponible en el futuro cercano. Nuestro primer objetivo es hacer que tinc trabaje perfectamente, y luego agregar rasgos más avanzados. - - -

      -Entretanto, siempre estaremos abiertos y disponibles hacia las nuevas ideas. - - - - -

      Configurando un sistema Linux

      - -

      -Este capítulo contiene información sobre cómo configurar un sistema Linux para el uso de tinc. - - - - -

      Configurando el Núcleo

      - -

      -Dado que esta implementación particular sólo corre en núcleos 2.1 o mayores, -debería conseguir uno (los 2.2 son actuales en este momento). Una migración a 2.0 no es posible, a menos que alguien migre los dispositivos ethertap y netlink a 2.0. - - -

      -Si no esta familiarizado con el proceso de configurar y compilar un nuevo núcleo, debería leer primero el Núcleo COMO. ¡Haga eso ahora! - - -

      -Aquí están las opciones que usted tiene que activar al configurar un nuevo núcleo. - - - -

      -Code maturity level options 
-[*] Prompt for development and/or incomplete code/drivers 
-Networking options 
-[*] Kernel/User netlink socket 
-<*> Netlink device emulation 
-Network device support 
-<*> Ethertap network tap 
-
      - -

      -Cualquier otra opción no mencionada aquí no es relevante a tinc. Si usted decide -construirlos como módulos dinámicos, es una buena idea agregar estas líneas en -`/etc/modules.conf'. - - - -

      -alias tap0 ethertap 
-alias char-major-36 netlink_dev
-
      - -

      Finalmente, construya el núcleo y reinicie la maquina. Desgraciadamente no es -posible insertar estos módulos en un Núcleo que se esta ejecutando. - - - - -

      Archivos Necesarios

      - - -

      Archivos de dispositivos

      - -

      -Primero, necesitará el archivo de dispositivo especial que forma la interfaz entre el Núcleo y el demonio. - - - -

      -mknod -m 600 /dev/tap0 c 36 16 
-chown 0.0 /dev/tap0 
-
      - -

      -Los permisos serán ahora tales que sólo el super usuario(root) puede leer y escribir en este archivo. Esto debería ser así, porque es más fácil que se filtre información por aquí. Esto, sin embargo, implica que usted tendría que ejecutar tincd como root. - - -

      -Si usted quiere, también se puede crear más archivos de dispositivos que se -numerarían de 0 a 15 con números menores de dispositivos de 16 a 31. Todos deben -pertenecer al root y deben tener permisos 600. - - - -

      `/etc/networks'

      - -

      -Puede agregar una línea en `/etc/networks' para que sus vpn tengan nombres simbólicos. Por ejemplo: - - - -

      -Mi_vpn 10.0.0.0 
-
      - - -

      `/etc/services'

      - -

      -Puede agregar estas líneas en `/etc/services'. El resultado es que puede proporcionar a una `tinc' como un número de puerto válido a algunos programas. El número 655 esta registrado en el IANA. - - - -

      -tinc            655/tcp    TINC 
-tinc            655/udp   TINC 
-#               Ivo Timmermans <ivo@o2w.nl>
-62;
-
      - - - -

      Preparando los dispositivos

      - -

      -Antes de que pueda empezar a transmitir datos sobre el túnel tinc, debe preparar los dispositivos de red ethertap. - - -

      -Primero, decida qué direcciones IP quiere asociar con estos dispositivos, y qué -máscara de red deben tener. También necesitara estos números cuando configure tinc. Vea la sección section Configurando tinc. - - -

      -No importa mucho que se hace primero, si preparar los dispositivos red o configurar tinc. Pero deben hacerse ante de usar tincd. - - -

      -La configuración de dispositivo ethertap es bastante simple, simplemente escriba -esto: - - - -

      -ifconfig tapn hw ether fe:fd:xx:xx:xx:xx 
-
      - -

      -El n aquí es el número del dispositivo ethertap que quiere usar. Debe ser uno de los mismos n que uso para `/dev/tapn'. Las xxs son cuatro números hexadecimales (0--ff). En las versiones anteriores de tincd no importaban lo que eran, pero los nuevos Núcleos -requieren que sean puestas las direcciones de ethernet. De hecho, el comportamiento estaba equivocado, se requiere que los xxs mapeen Mi_IP_VPN. - - - -

      -ifconfig tapn IP netmask mask
-
      - -

      -Esto activará el dispositivo con una dirección red IP y con una máscara de red mask. - - - - -

      Instalando Tinc

      - -

      -Primero consígalo. Esta es la página principal, que tiene las suma de verificación (checksums) de los archivos listados; puede desear verificar éstos con md5sum antes de continuar. - - -

      -Tinc viene en un paquete autoconf/automake, que simplemente puede tratar como -cualquier otro paquete. Sólo tiene que descomprimirlo, escribir "Configure" y luego "Make". - - -

      -Las instrucciones más detalladas están en el archivo `INSTALL', que es incluido en la distribución fuente. - - - - -

      Configurando Tinc

      - - - -

      Redes múltiples

      - -

      -Es perfectamente aceptable correr más de un demonio tinc. Sin embargo, en su -forma predefinida, pronto notará que no puede usar dos archivos diferentes de -configuración sin la opción -c. - - -

      -Hemos pensado en otra manera de tratar esto: nombres de red. Esto significa que -usted llama a tincd con el argumento -n que asignará un nombre a este demonio. - - -

      -El efecto de esto es que los demonios buscaran su configuración en /etc/tinc/nn/, donde nn es un argumento a la opción -n. Notará que aparece en syslog como "tincd.nn." - - -

      -Sin embargo, no es estrictamente un requisito llamar a tinc con la opción -n. En este caso, el nombre de la red estaría simplemente vacío, y se usará como tal. Tinc busca archivos ahora en /etc/tinc/, en lugar de /etc/tinc/nn/; el archivo de configuración debe ser /etc/tinc/tincd.conf, y se espera ahora que los passphrases (N.T. passphrases es una contraseña o palabra de paso(password), que al ser bastante larga se le llama frase de paso) estén en /etc/tinc/passphrases/. - - -

      -Es recomendable usar este rasgo de tinc, porque será él quien decida con que -demonio hablar. Asumiremos que lo usa. - - - - -

      Cómo trabajan las conexiones

      - -

      -Antes de seguir, primero un poco de cómo tinc ve las conexiones. - - -

      -Cuando tinc se pone en marcha, lee en el archivo la configuración y analiza las -opciones de la línea de comandos. Si ve un valor "ConnectTo" en el archivo, intentará conectarse a ese servidor, en el puerto dado. Si esto falla, tinc termina. - - - - -

      Archivo de configuración

      - -

      -La configuración actual del demonio se hace en el archivo `/etc/tinc/nn/tinc.conf'. - - -

      -Este archivo consiste en comentarios (las líneas empiezan con #) o asignaciones de la forma: - - - -

      -Variable = Valor. 
-
      - -

      -En los nombres de variables se distingue entre mayúsculas o minúsculas, y se -ignora cualquier espacio, etiquetas, nueva línea y retorno de carro. Nota: no se requiere que ponga "=", pero se usa para mejorar la legibilidad. Si lo omite, recuerde reemplazarlo con por lo menos un carácter espacial. - - - - -

      Variables

      - -

      -Aquí está todas las variables válidas, listadas en orden alfabético: - - -

      - -
      ConnectPort = port -
      -Conéctese al host (dado en la directiva ConnectTo) en el puerto "port". El puerto puede darse en decimal (valor por defecto), octal (cuando es precedido por un solo cero) o hexadecimal (prefijó con 0x). El puerto es el número del puerto para las conexiones UDP y TCP (meta). - -
      ConnectTo = (IP address|hostname) -
      -Especifica a qué host conectarse al arrancar. Si la variable "ConnectPort" se -omite, entonces tinc intentará conectarse al puerto 655. - -Si usted no especifica un host con "ConnectTo", sin tener en cuenta si un valor para "ConnectPort" se da, tinc no se conectará en absoluto, y escuchará en cambio simplemente las conexiones entrantes. Sólo el iniciador de un tinc VPN puede necesitar esto. - -
      ListenPort = port -
      -Escuche en el puerto local "port". La computadora que se conecta a este demonio debe usar este número como el argumento para su "ConnectPort". De nuevo, el -valor por defecto es 655. - -
      MyOwnVPNIP = local address[/maskbits] -
      -La dirección local es el número que los demonios propagarán a otro demonios en la red cuando se identifican. Aquí será el nombre del archivo de passphrase que el otro extremo espera encontrar en el passphrase. - -La dirección local es la dirección IP del dispositivo Tap, no la dirección IP real del host donde tincd esta corriendo. Debido a los cambios en recientes núcleos, es también necesario que usted haga coincidir la dirección ethernet (también conocida como MAC) y la dirección de IP (vea el ejemplo). - -maskbits es el número de bits en 1 en la parte de la netmask(mascara de red). - -
      MyVirtualIP = local address[/maskbits] -
      -Esto es un alias para "MyOwnVPNIP". - -
      Passphrases = directory -
      -El directorio donde tinc buscara las passphrases cuando alguien intenta -conectarse. Por favor vea la pagina del manual de genauth(8) para más información sobre el passphrases usado por tinc. - -
      PingTimeout = number -
      -El número de segundos de inactividad que tinc esperara antes de enviar una -sonda(ping) al otro extremo. Si el otro extremo no contesta dentro de esa misma cantidad de segundos, la conexión se termina, y se notificara de esto. - -
      TapDevice = device -
      -El dispositivo ethertap a usar. Note que se puede usar sólo un dispositivo por -demonio. La paginas info del paquete tinc contiene más información sobre como -configurar un dispositivo ethertap en linux. - -
      VpnMask = mask -
      -La mascara de red que define el alcance de la VPN, Esta opción no es usada por el demonio tinc sino por los script de inicio(startup)para sonigurar los dispositivos ethertap correctamente -
      - - - -

      Ejemplo

      - -

      -Imagine la situación siguiente. Una compañía A-base quiere conectar tres oficinas en B, C y D usando internet. Las cuatro oficinas tienen una 24/7 (24 horas los 7 días) conexión a internet. - - -

      - A va a servir como el centro de la red. B y C conectarán a A, y D se -conectará a C. Cada oficina asignará sus propios IP de red, 10.x.0.0. - - - -

      -A: red 10.1.0.0 máscara 255.255.0.0 gateway 10.1.54.1 internet IP 1.2.3.4 
-B: red 10.2.0.0 máscara 255.255.0.0 gateway 10.2.1.12 internet IP 2.3.4.5 
-C: red 10.3.0.0 máscara 255.255.0.0 gateway 10.3.69.254 internet IP 3.4.5.6 
-D: red 10.4.0.0 máscara 255.255.0.0 gateway 10.4.3.32 internet IP 4.5.6.7 
-
      - -

      -"gateway" es la dirección IP VPN_IP de la máquina que está ejecutando el tincd. -"internet IP" es la dirección IP del cortafuego que no necesita ejecutar tincd pero debe tener un puerto de forwarding de TCP y UDP en 655 (a menos que configure otro). - - -

      -En este ejemplo, se asume que eth0 es la interfaz que apunta a la LAN interna de la oficina. Esto podría ser igual que la interfaz que lleva a internet. - - - -

      Para A

      - -

      -Ase configuraría como esto: - - - -

      -ifconfig tap0 hw ether fe:fd:0a:01:36:01 
-ifconfig tap0 10.1.54.1 netmask 255.0.0.0 
-ifconfig eth0 10.1.54.1 netmask 255.255.0.0 broadcast 10.1.255.255 
-
      - -

      -y en /etc/tinc/tincd.conf: - - - -

      -TapDevice = /dev/tap0 
-MyVirtualIP = 10.1.54.1/16 
-VpnMask = 255.0.0.0
-
      - - -

      Para B

      - - -
      -ifconfig tap0 hw ether fe:fd:0a:02:01:0c 
-ifconfig tap0 10.2.1.12 netmask 255.0.0.0 
-ifconfig eth0 10.2.43.8 netmask 255.255.0.0 broadcast 10.2.255.255 
-
      - -

      -y en /etc/tinc/tincd.conf: - - - -

      -TapDevice = /dev/tap0 
-MyVirtualIP = 10.2.1.12/16 
-ConnectTo = 1.2.3.4 
-VpnMask = 255.0.0.0
-
      - -

      -Note aquí que la dirección interna (en eth0) no tiene por que ser igual que el -dispositivo tap0. También, ConnectTo se da para que nadie pueda conectarse a -este nodo. - - - -

      Para C

      - - -
      -ifconfig tap0 hw ether fe:fd:0a:03:45:fe 
-ifconfig tap0 10.3.69.254 netmask 255.0.0.0 
-ifconfig eth0 10.3.69.254 netmask 255.255.0.0 broadcast 10.3.255.255 
-
      - -

      -y en /etc/tinc/A/tincd.conf: - - - -

      -MyVirtualIP = 10.3.69.254/16 
-ConnectTo = 1.2.3.4 
-ListenPort = 2000 
-VpnMask = 255.0.0.0
-
      - -

      -C ya tiene otro demonio que corre en el puerto 655, entonces se reservar otro puerto para los que se conecten. Se usa el nombre de red para distinguir entre los dos. tinc se ejecuta con "tincd -n A". - - - -

      Para D

      - - -
      -ifconfig tap0 hw ether fe:fd:0a:04:03:20 
-ifconfig tap0 10.4.3.32 netmask 255.0.0.0 
-ifconfig tap0 10.4.3.32 netmask 255.255.0.0 broadcast 10.4.255.255 
-
      - -

      -y en /etc/tinc/tincd.conf: - - - -

      -MyVirtualIP = 10.4.3.32/16 
-ConnectTo = 3.4.5.6 
-ConnectPort = 2000 
-VpnMask=255.0.0.0
-
      - -

      -D estará conectando a C que tiene un tincd que corre para esta red en el puerto -2000. Aquí se debe poner un ConnectPort. - - - -

      Autenticación

      - -

      -A, B, C y D generan su passphrase con genauth 2048, la salida se guarda en -/etc/tinc/passphrases/local, salvo C, donde debe ser /etc/tinc/A/passphrases/local. - - -

      -A guarda una copia del passphrase de B en /etc/tinc/passphrases/10.2.0.0 - - -

      -A guarda una copia del passphrase de C en /etc/tinc/passphrases/10.3.0.0 - - -

      -B guarda una copia del passphrase de A en /etc/tinc/passphrases/10.1.0.0 - - -

      -C guarda una copia del passphrase de A en /etc/tinc/A/passphrases/10.1.0.0 - - -

      -C guarda una copia del passphrase de D en /etc/tinc/A/passphrases/10.4.0.0 - - -

      -D guarda una copia del passphrase de C en /etc/tinc/passphrases/10.3.0.0 - - - -

      Ejecución

      - -

      -A tiene que ejecutar su tincd primero. Entonces viene B y C, donde C tiene que -proporcionar la opción "-n A", porque aquí se tiene más de una red del tinc. Finalmente, el tincd de D se ejecuta. - - - - -

      Corriendo Tinc

      - -

      -Ejecutar tinc no es así de fácil como teclear "tincd" y esperar que todo funcione de la manera que se quiso. En cambio, el uso de tinc es un proyecto que involucra relaciones de confianza en más de una computadora. - - - - -

      Manejo Llaves

      - -

      -Antes de intentar ejecutar tinc, se tienen que crear los passphrases. Cuando tinc intenta hacer una conexión, intercambia algunos datos sensibles. Antes de hacer esto, le gusta saber si el otro extremo es confiable. - - -

      -Para hacer esto, ambos extremos deben tener un poco de conocimiento sobre el -otro. En el caso de tinc éste es la autenticación passphrase. - - -

      -Este passphrase es un número que es escogido al azar. Este número se envía -entonces a las otras computadoras que quieren hablar directamente con nosotros. Para evitar romper seguridad, esto debe hacerse sobre un cauce seguro conocido (como ssh o similar). - - -

      -Todos los passphrases se guardan en el directorio de passphrases que -normalmente es /etc/tinc/nn/passphrases/, pero este puede cambiarse usando la opción "Passphrases" en el archivo de configuración. - - -

      -Para generar un passphrase, ejecute "genauth". genauth toma un argumento que es -la longitud del passphrase en bits. La longitud del passphrase debe estar en el rango de 1024--2048 para una llave de 128 bits. genauth crea un número al azar de la longitud especificada, y lo pone en la salida estándar. - - -

      -Cada computadora que quiere participar en el VPN debe hacer esto, y guardar la -salida en el directorio de passrasphes, en el archivo `local'. - - -

      -Cuando cada computadora tiene su propia llave local, debe copiarlo a la -computadora con la que quiere hablar directamente. Esto debe hacerse vía un cauce seguro, porque es información sensible. Si esto no se hace con seguridad, alguien podría forzar la entrada después de usted. - - -

      -Esos archivos de passphrase no locales deben tener el nombre de la dirección IP -VPN con la que ellos se anuncian. Por ejemplo, si una computadora nos dice que es 10.1.1.3 con netmask 255.255.0.0, el archivo debería llamarse 10.1.1.3, y no 10.1.0.0. - - - - -

      Opciones en Tiempo de Ejecución

      - -

      -Además de las opciones en el archivo de configuración, tinc también acepta algunas opciones de línea de comandos. - - -

      -Esta lista es una versión más larga que la de la pagina del manual. Lo ultimo se -genera automáticamente, para que pueda ser más actualizable. - - -

      - -
      -c, --config=FILE -
      -Lee opciones de configuración desde el archivo FILE. El valor por defecto es -`/etc/tinc/nn/tinc.conf'. - -
      -d -
      -Incrementa el nivel de depuración. El más alto conseguido es en el que más se -registra en los logs, todo vía syslog. - -0 es el valor por defecto, sólo información básica de algunos intentos de conexión se registran. Poniéndolo a 1 se registra un poco más, todavía no muy alentador. Con dos opciones -d, tincd registrara información protocolar que puede ponerse bastante ruidosa. Tres o más opciones -d, harían que cada paquete -que sale o entra probablemente genere más datos que los paquetes en si. - -
      -k, --kill -
      -Intente matar un tincd y termina. Una señal TERM(15) se envía al demonio que tiene su PID en /var/run/tincd.nn.pid. - -Como mata sólo un tincd, usted debe usar -n aquí si normalmente lo usa. - -
      -n, --net=NETNAME -
      -Conectar a la red NETNAME. Vea la sección redes Múltiples. - -
      -t, --timeout=TIMEOUT -
      -Segundos a esperar antes de dar una interrupción. No debe ponerse demasiado -bajo, porque a cada rato tincd dará interrupción, se desconectara y re-conectara de nuevo, lo que causará tráfico de la red innecesario y mensajes de log. - -
      --help -
      -Despliegue un recordatorio corto de estas opciones de tiempo de ejecución y -termina. - -
      --version -
      -Muestra información de versión y termina. - -
      - - - -

      Información técnica

      - - - -

      Filosofía básica del modo de trabajo de tinc

      -

      - - - -

      -Tinc es un demonio que toma datos VPN y transmite estos a otra computadora Host -sobre la infraestructura existente de Internet. - - - - -

      Una vista previa del modo de trabajo de tinc

      - -

      - - -Los propios datos se leen de un archivo de dispositivo de caracteres, el dispositivo llamado ethertap. Este dispositivo es asociado con una interfaz de la red. Puede leerse cualquier dato enviado a la interfaz de dispositivo, y cualquier dato escrito al dispositivo se envía a la interfaz. Datos a y desde el dispositivo se estructuran como si fuera una tarjeta ethernet -normal, cada marco es precedido por dos direcciones MAC y un campo de tipo de marco. - -

      -Para que cuando tinc lea un marco del dispositivo ethernet determine su tipo. -Actualmente, tinc puede manejar sólo marcos del Protocolo Internet versión 4 (IPv4), están haciéndose planes para soportar otros protocolos. Cuando tinc sabe que qué tipo de marco ha leído, también puede leer la dirección de origen y de destino de este. - -

      -Ahora es cuando el marco se cifra. Actualmente el único algoritmo de cifrado disponible es blowfish. - - -

      - -Cuando el cifrado está listo, es tiempo de transportar el paquete realmente a la -computadora de destino. Se hace esto enviando el paquete sobre una conexión UDP al host de destino. Esto se llama encapsulación, el paquete de VPN (aunque ahora cifrado) se encapsula en otro datagrama IP. - - -

      -Cuando el destino recibe este paquete, ocurre lo mismo, sólo que al revés. Así que realiza un descifrado del contenido del datagrama UDP, y escribe la información descifrada en su propio dispositivo ethertap. - - - - -

      La meta-conexión

      - -

      -Teniendo sólo una conexión de UDP disponible no es bastante. Aunque conveniente -para transmitir datos, queremos poder enviar otra información confiablemente, como rutear y cifrar información a alguien. - - -

      -TCP es una alternativa mejor, porque ya contiene protección contra información que es perdida, no como UDP. - - -

      -Así que nosotros establecemos dos conexiones. Una para los datos cifrados de -VPN, y una para la otra información, los meta-datos. Aquí, llamamos a la segunda -conexión la meta-conexión. Podemos estar ahora seguros que la meta-información no se pierde en el camino a la otra computadora. - - -

      - - -Como con cualquier comunicación, debemos tener un protocolo, para que todos -sepan como comunicarse y cómo se debe reaccionar. Como tenemos dos conexiones, -también tenemos dos protocolos. El protocolo usado para los datos de UDP es el "data-protocolo" y el otro es el "meta-protocolo". - - -

      -La razon por la que no se usa TCP para ambos protocolos es que UDP es mucho mejor para encapsulación, includo mistra este es menos confiable. El problema real es que cuando TCP es usado para encapsular un stream TCP que esta sobre la red privada, para cada paquete enviado habria tres ACK's enviados en lugar de uno. Aun mas, si se da un timeout, ambos TCP streams serian sencibles al timeout, y ambos reenviarian los paquetes. - - - - -

      Algo de cifrado en tinc y otros problemas de seguridad relacionados.

      - -

      - - -tinc consiguio su nombre de "TINC", iniciales de There Is No Cabal (Allí No Hay -Conspiración); el hubo/hay de la Conspiración alega a una organización que se decía que tenia ojos en Internet. Como esto es exactamente lo que usted no quiere, nombramos al proyecto tinc después de TINC. - - -

      - -Pero para ser "inmune" a las escuchas secretas, usted tendrá que cifrar sus -datos. Como tinc es un demonio VPN Seguro (SVPN), hace eso exactamente: cifrar. - - -

      -Este capítulo es una mezcla de ideas, razonamientos y explicaciones, por favor no lo tome demasiado en serio. - - - - -

      Manejo de Llaves

      - -

      - -Usted no puede enviar simplemente una llave de cifrado privada a su par, -porque alguien podría estar escuchando. De modo que tendrá que negociar sobre una llave compartida pero confidencial. Una manera de hacer esto es usar el protocolo de "Intercambio de Llaves Diffie-Hellman" (http://www.rsa.com/rsalabs/faq/html/3-6-1.html). -La idea es como sigue. - - -

      -Usted tiene dos participantes A y B que quiere estar de acuerdo sobre una llave de cifrado confidencial compartida. Ambas parte tienen algún número primo grande p y un generador g. Estos números pueden conocerse al mundo externo, y pueden ser incluidos en la distribución de la fuente. - - -

      - -Ambas partes generan una llave confidencial entonces. A genera a, y calcula g^a -mod p. Este es entonces mandado a B; mientras B calcula g^b mod p, y transmite este a A. a y b deben ser mayores que p-1. - - -

      -Estas llaves privadas se generan en el inicio, y ellas no se cambian mientras la -conexión existe. Un posible rasgo en el futuro es cambiar las llaves dinámicamente, todas las horas por ejemplo. - - -

      -Ambas partes calculan g^ab mod p = k, k es la nueva llave compartida, pero -secreta. - - -

      -Para obtener un k importante de una longitud suficiente (128 bits en nuestro vpnd), p debe tener 2^129-1 o más. - - - - -

      Autenticación

      - -

      - -Como el protocolo de Diffie-Hellman es en sí mismo vulnerable al "el ataque del -hombre-en-el-medio," nosotros debemos introducir un sistema de autenticación. - - -

      -Nosotros permitiremos que A transmita un passphrase que también conoce B -cifrado con g^a, antes que A le envíe esto a B. De esta manera, B puede verificar si A realmente es A o simplemente alguien más. - - -

      - -Este passphrase deben ser de 2304 bits para un sistema de cifrado simétrico. Pero como un sistema asimétrico es más seguro, nosotros podríamos hacerlo con 2048 bits. Esto sólo sirve si el passphrase es muy el azar. - - -

      -Estos passphrases podrían guardarse en un archivo solo leíble por el root; ej. -`/etc/vpn/passphrases'. - - -

      -La única cosa que necesita tener en cuidado es cómo A le anuncia su passphrase a -B. - - - - -

      Protegiendo sus datos

      - -

      -Ahora nosotros hemos escondido nuestros datos firmemente. Pero un cracker -malévolo todavía puede molestarnos alterando los datos cifrados al azar que el intercepta. - - - - -

      Sobre Nosotros

      - - - -

      Informacion de Contacto

      - -

      -La página principal de tinc está en http://tinc.nl.linux.org/, este servidor se localiza en los Países Bajos. - - -

      -Nosotros tenemos un canal IRC en la red IRC de Open Projects. Conectarse a -irc.openprojects.net, y entrar en el canal #tinc. - - - - -

      Autores

      - -
      - -
      Ivo Timmermans (zarq) (ivo@o2w.nl) -
      -El codificador/hacker principal y el que mantiene el paquete. - -
      Guus Sliepen (guus) -
      -Originador de todo esto, coautor. - -
      Wessel Dankers (Ubiq) -
      -Ofuscador general del código. - -
      - -

      -Gracias a: Dekan, Emphyrio, vDong - - -

      -Saludos a: braque, Fluor, giggles, macro, smoke, tribbel - -

      -Traductor -

      -Carrasco Matias (mcarrasco@softwork.com.ar) - - -

      Indice de Conceptos

      - -

      -Ir a: -a -- -c -- -d -- -e -- -m -- -p -- -s -- -t -- -v -

      -

      a

      - -
    • ataque hombre-en-el-medio -
      •  -

      c

      - -
    • Cabal -
    • Clave secreta -
    • Conexión -
      •  -

      d

      - -
    • data-protocol -
    • Diffie-Hellman -
      •  -

      e

      - -
    • encapsulación -
    • ethertap -
      •  -

      m

      - -
    • meta-protocol -
      •  -

      p

      - -
    • passphrase -
    • privado -
      •  -

      s

      - -
    • SVPN -
      •  -

      t

      - -
    • tinc -
    • tincd -
    • Tipo de Marco -
      •  -

      v

      - -
    • virtual, virtual -
      •  - - -

      - - diff --git a/doc/es/tinc_toc-es.html b/doc/es/tinc_toc-es.html deleted file mode 100644 index 858434f4..00000000 --- a/doc/es/tinc_toc-es.html +++ /dev/null @@ -1,63 +0,0 @@ - - - -Manual de tinc - Tabla de Contenidos - - -

      Manual de tinc

      -

      Preparando una Red Privada Virtual con tinc

      -
      Ivo Timmermans <ivo@o2w.nl>
      -

      -

      -

      -

      - - diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5 index ad4fa1d7..40b688a8 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5 @@ -153,8 +153,8 @@ This does not affect resolving hostnames to IP addresses from the host configuration files. .It Va Interface Li = Ar interface Defines the name of the interface corresponding to the virtual network device. -Depending on the operating system and the type of device this may or may not actually set the name. -Currently this option only affects the Linux tun/tap device. +Depending on the operating system and the type of device this may or may not actually set the name of the interface +or choose the device corresponding to this interface. .It Va KeyExpire Li = Ar period Pq 3600 This option controls the period the encryption keys used to encrypt the data are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, @@ -175,11 +175,15 @@ In this mode .Va Subnet variables in the host configuration files will be used to form a routing table. Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode. +.Pp +This is the default mode, and unless you really know you need another mode, don't change it. .It switch In this mode the MAC addresses of the packets on the VPN will be used to dynamically create a routing table just like an Ethernet switch does. Unicast, multicast and broadcast packets of every protocol that runs over Ethernet are supported in this mode at the cost of frequent broadcast ARP requests and routing table updates. +.Pp +This mode is primarily useful if you want to bridge Ethernet segments. .It hub This mode is almost the same as the switch mode, but instead every packet will be broadcast to the other daemons diff --git a/doc/tinc.texi b/doc/tinc.texi index 7f8225c8..2abc86c5 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.39 2003/07/21 19:58:58 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.40 2003/07/30 09:22:29 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.39 2003/07/21 19:58:58 guus Exp $ +$Id: tinc.texi,v 1.8.4.40 2003/07/30 09:22:29 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.39 2003/07/21 19:58:58 guus Exp $ +$Id: tinc.texi,v 1.8.4.40 2003/07/30 09:22:29 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -267,6 +267,15 @@ tinc on Windows, in a Cygwin environment, relies on the CIPE driver for its data acquisition from the kernel. This driver is not part of Windows but can be downloaded from @uref{http://cipe-win32.sourceforge.net/}. +@c ================================================================== +@subsection MinGW (Windows) + +@cindex MinGW +@cindex Windows +tinc on Windows, compiled using MinGW, relies on the CIPE driver for its data +acquisition from the kernel. This driver is not part of Windows but can be +downloaded from @uref{http://cipe-win32.sourceforge.net/}. + @c @c @@ -327,6 +336,7 @@ you should read the @uref{http://howto.linuxberg.com/LDP/HOWTO/Kernel-HOWTO.html * Configuration of Solaris kernels:: * Configuration of Darwin (MacOS/X) kernels:: * Configuration of Cygwin (Windows):: +* Configuration of MinGW (Windows):: @end menu @@ -400,46 +410,33 @@ alias char-major-10-200 tun @node Configuration of FreeBSD kernels, Configuration of OpenBSD kernels, Configuration of Linux kernels 2.4.0 and higher, Configuring the kernel @subsection Configuration of FreeBSD kernels -This section will contain information on how to configure your FreeBSD -kernel to support the universal tun/tap device. For 4.1 and higher -versions, this is included in the default kernel configuration, for earlier +For FreeBSD version 4.1 and higher, the tap driver is included in the default kernel configuration, for earlier systems (4.0 and earlier), you need to install the universal tun/tap driver yourself. -Unfortunately somebody still has to write the text. - @c ================================================================== @node Configuration of OpenBSD kernels, Configuration of NetBSD kernels, Configuration of FreeBSD kernels, Configuring the kernel @subsection Configuration of OpenBSD kernels -This section will contain information on how to configure your OpenBSD -kernel to support the tun device. For 2.9 and 3.0 systems, -this is included in the default kernel configuration. - -Unfortunately somebody still has to write the text. +For OpenBSD version 2.9 and higher, +the tun driver is included in the default kernel configuration. @c ================================================================== @node Configuration of NetBSD kernels, Configuration of Solaris kernels, Configuration of OpenBSD kernels, Configuring the kernel @subsection Configuration of NetBSD kernels -This section will contain information on how to configure your NetBSD -kernel to support the tun device. For 1.5.2 systems, -this is included in the default kernel configuration. - -Unfortunately somebody still has to write the text. +For NetBSD version 1.5.2 and higher, +the tun driver is included in the default kernel configuration. @c ================================================================== @node Configuration of Solaris kernels, Configuration of Darwin (MacOS/X) kernels, Configuration of NetBSD kernels, Configuring the kernel @subsection Configuration of Solaris kernels -This section will contain information on how to configure your Solaris -kernel to support the universal tun/tap device. For Solaris 8 (SunOS 5.8), -this is included in the default kernel configuration. - -Unfortunately somebody still has to write the text. +For Solaris 8 (SunOS 5.8) and higher, +the tun driver is included in the default kernel configuration. @c ================================================================== @@ -460,13 +457,21 @@ and the corresponding network interfaces. @c ================================================================== -@node Configuration of Cygwin (Windows), , Configuration of Darwin (MacOS/X) kernels, Configuring the kernel +@node Configuration of Cygwin (Windows), Configuration of MinGW (Windows), Configuration of Darwin (MacOS/X) kernels, Configuring the kernel @subsection Configuration of Cygwin (Windows) -If Cygwin hasn't already been installed, install it directly from -@uref{http://www.cygwin.com/}. You will also need to install the -CIPE driver, you can download it from @uref{http://cipe-win32.sourceforge.net}. -Configure the CIPE network device in the same way as you would do from the tinc-up script. +You will need to install the CIPE driver, you can download it from +@uref{http://cipe-win32.sourceforge.net}. Configure the CIPE network device in +the same way as you would do from the tinc-up script. + + +@c ================================================================== +@node Configuration of MinGW (Windows), , Configuration of Cygwin (Windows), Configuring the kernel +@subsection Configuration of MinGW (Windows) + +You will need to install the CIPE driver, you can download it from +@uref{http://cipe-win32.sourceforge.net}. Configure the CIPE network device in +the same way as you would do from the tinc-up script. @c ================================================================== @@ -632,11 +637,13 @@ The documentation that comes along with your distribution will tell you how to d @menu * Darwin (MacOS/X) build environment:: +* Cygwin (Windows) build environment:: +* MinGW (Windows) build environment:: @end menu @c ================================================================== -@node Darwin (MacOS/X) build environment, , , Building and installing tinc +@node Darwin (MacOS/X) build environment, Cygwin (Windows) build environment, , Building and installing tinc @subsection Darwin (MacOS/X) build environment In order to build tinc on Darwin, you need to install the MacOS/X Developer Tools @@ -646,6 +653,28 @@ a recent version of Fink from @uref{http://fink.sourceforge.net/}. After installation use fink to download and install the following packages: autoconf25, automake, dlcompat, m4, openssl, zlib and lzo. +@c ================================================================== +@node Cygwin (Windows) build environment, MinGW (Windows) build environment, Darwin (MacOS/X) build environment, Building and installing tinc +@subsection Cygwin (Windows) build environment + +If Cygwin hasn't already been installed, install it directly from +@uref{http://www.cygwin.com/}. + +When tinc is compiled in a Cygwin environment, it can only be run in this environment, +but all programs, including those started outside the Cygwin environment, will be able to use the VPN. +It will also support all features. + +@c ================================================================== +@node MinGW (Windows) build environment, , Cygwin (Windows) build environment, Building and installing tinc +@subsection MinGW (Windows) build environment + +You will need to install the MinGW environment from @uref{http://www.mingw.org}. + +When tinc is compiled using MinGW it runs natively under Windows, +it is not necessary to keep MinGW installed. +However, when compiled using MinGW, tinc will not be able to start +scripts or be able to receive signals. + @c ================================================================== @node System files, , Building and installing tinc, Installation @@ -926,8 +955,8 @@ configuration file. @cindex Interface @item Interface = Defines the name of the interface corresponding to the virtual network device. -Depending on the operating system and the type of device this may or may not actually set the name. -Currently this option only affects the Linux tun/tap device. +Depending on the operating system and the type of device this may or may not actually set the name of the interface +or choose the device corresponding to this interface. @cindex Mode @item Mode = (router) @@ -940,6 +969,8 @@ In this mode Subnet variables in the host configuration files will be used to form a routing table. Only unicast packets of routable protocols (IPv4 and IPv6) are supported in this mode. +This is the default mode, and unless you really know you need another mode, don't change it. + @cindex switch @item switch In this mode the MAC addresses of the packets on the VPN will be used to @@ -947,6 +978,8 @@ dynamically create a routing table just like an Ethernet switch does. Unicast, multicast and broadcast packets of every protocol that runs over Ethernet are supported in this mode at the cost of frequent broadcast ARP requests and routing table updates. +This mode is primarily useful if you want to bridge Ethernet segments. + @cindex hub @item hub This mode is almost the same as the switch mode, but instead @@ -1421,28 +1454,19 @@ command line options. @cindex options @c from the manpage @table @samp -@item --bypass-security -Disables encryption and authentication. -Only useful for debugging. - @item -c, --config=PATH Read configuration options from the directory PATH. The default is @file{/etc/tinc/netname/}. +@item -D, --no-detach +Don't fork and detach. +This will also disable the automatic restart mechanism for fatal errors. + @cindex debug level @item -d, --debug=LEVEL Set debug level to LEVEL. The higher the debug level, the more gets logged. Everything goes via syslog. -@item -K, --generate-keys[=BITS] -Generate public/private keypair of BITS length. If BITS is not specified, -1024 is the default. tinc will ask where you want to store the files, -but will default to the configuration directory (you can use the -c or -n option -in combination with -K). After that, tinc will quit. - -@item --help -Display a short reminder of these runtime options and terminate. - @item -k, --kill[=SIGNAL] Attempt to kill a running tincd (optionally with the specified SIGNAL instead of SIGTERM) and exit. Use it in conjunction with the -n option to make sure you kill the right tinc daemon. @@ -1450,14 +1474,30 @@ Use it in conjunction with the -n option to make sure you kill the right tinc da @item -n, --net=NETNAME Connect to net NETNAME. @xref{Multiple networks}. -@item -D, --no-detach -Don't fork and detach. -This will also disable the automatic restart mechanism for fatal errors. +@item -K, --generate-keys[=BITS] +Generate public/private keypair of BITS length. If BITS is not specified, +1024 is the default. tinc will ask where you want to store the files, +but will default to the configuration directory (you can use the -c or -n option +in combination with -K). After that, tinc will quit. @item -L, --mlock Lock tinc into main memory. This will prevent sensitive data like shared private keys to be written to the system swap files/partitions. +@item --logfile[=FILE] +Write log entries to a file instead of to the system logging facility. +If FILE is omitted, the default is /var/log/tinc.NETNAME.log. + +@item --pidfile=FILE +Write PID to FILE instead of /var/run/tinc.NETNAME.pid. + +@item --bypass-security +Disables encryption and authentication. +Only useful for debugging. + +@item --help +Display a short reminder of these runtime options and terminate. + @item --version Output version information and exit. @@ -1962,8 +2002,10 @@ tinc's website is at @url{http://tinc.nl.linux.org/}, this server is located in the Netherlands. @cindex IRC -We have an IRC channel on the FreeNode IRC network. Connect to +We have an IRC channel on the FreeNode and OFTC IRC networks. Connect to @uref{http://www.freenode.net/, irc.freenode.net} +or +@uref{http://www.oftc.net/, irc.oftc.net} and join channel #tinc. diff --git a/doc/tincd.8 b/doc/tincd.8 index 23d692b0..ec8a147d 100644 --- a/doc/tincd.8 +++ b/doc/tincd.8 @@ -8,15 +8,18 @@ .Nd tinc VPN daemon .Sh SYNOPSIS .Nm -.Op Fl cdDkKn -.Op Fl -bypass-security +.Op Fl cdDkKnL .Op Fl -config Ns = Ns Ar DIR -.Op Fl -debug Ns = Ns Ar LEVEL -.Op Fl -generate-keys Ns Op = Ns Ar BITS -.Op Fl -help -.Op Fl -kill Ns = Ns Ar SIGNAL -.Op Fl -net Ns = Ns Ar NETNAME .Op Fl -no-detach +.Op Fl -debug Ns Op = Ns Ar LEVEL +.Op Fl -kill Ns Op = Ns Ar SIGNAL +.Op Fl -net Ns = Ns Ar NETNAME +.Op Fl -generate-keys Ns Op = Ns Ar BITS +.Op Fl -mlock +.Op Fl -logfile Ns Op = Ns Ar FILE +.Op Fl -pidfile Ns = Ns Ar FILE +.Op Fl -bypass-security +.Op Fl -help .Op Fl -version .Sh DESCRIPTION This is the daemon of tinc, a secure virtual private network (VPN) project. @@ -33,23 +36,16 @@ accepting and setting up connections to other tinc daemons that are part of the virtual private network. .Sh OPTIONS .Bl -tag -width indent -.It Fl -bypass-security -Disables encryption and authentication. -Only useful for debugging. .It Fl c, -config Ns = Ns Ar DIR Read configuration options from .Ar DIR . +.It Fl D, -no-detach +Don't fork and detach. +This will also disable the automatic restart mechanism for fatal errors. .It Fl d, -debug Ns Op = Ns Ar LEVEL Increase debug level or set it to .Ar LEVEL (see below). -.It Fl K, -generate-keys Ns Op = Ns Ar BITS -Generate public/private RSA keypair and exit. -If -.Ar BITS -is omitted, the default length will be 1024 bits. -.It Fl -help -Display short list of options. .It Fl k, -kill Ns Op = Ns Ar SIGNAL Attempt to kill a running .Nm @@ -59,12 +55,30 @@ instead of SIGTERM) and exit. .It Fl n, -net Ns = Ns Ar NETNAME Connect to net .Ar NETNAME . -.It Fl D, -no-detach -Don't fork and detach. -This will also disable the automatic restart mechanism for fatal errors. +.It Fl K, -generate-keys Ns Op = Ns Ar BITS +Generate public/private RSA keypair and exit. +If +.Ar BITS +is omitted, the default length will be 1024 bits. .It Fl L, -mlock Lock tinc into main memory. This will prevent sensitive data like shared private keys to be written to the system swap files/partitions. +.It Fl -logfile Ns Op = Ns Ar FILE +Write log entries to a file instead of to the system logging facility. +If +.Ar FILE +is omitted, the default is +.Pa /var/log/tinc. Ns Ar NETNAME Ns Pa .log. +.It Fl -pidfile Ns = Ns Ar FILE +Write PID to +.Ar FILE +instead of +.Pa /var/run/tinc. Ns Ar NETNAME Ns Pa .pid. +.It Fl -bypass-security +Disables encryption and authentication of the meta protocol. +Only useful for debugging. +.It Fl -help +Display short list of options. .It Fl -version Output version information and exit. .El @@ -83,7 +97,11 @@ and if didn't succeed to connect to an uplink the first time after it started, it defaults to the maximum time of 15 minutes. .It HUP -Closes all connections, rereads the configuration file and restarts the daemon. +Partially rereads configuration files. +Connections to hosts whose host config file are removed are closed. +New outgoing connections specified in +.Pa tinc.conf +will be made. .It INT Temporarily increases debug level to 5. Send this signal again to revert to the original level. From de223b51b94c58d1674f1ef56e9d485ff48d366d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 30 Jul 2003 09:45:21 +0000 Subject: [PATCH 792/923] Remove doc/es/ and src/device.c from the distribution. --- configure.in | 3 +-- doc/Makefile.am | 2 -- src/Makefile.am | 6 ++++-- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/configure.in b/configure.in index 9287c01a..91f76dcb 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.74 2003/07/29 23:21:00 guus Exp $ +dnl $Id: configure.in,v 1.13.2.75 2003/07/30 09:45:20 guus Exp $ AC_PREREQ(2.57) AC_INIT(src/tincd.c) @@ -201,7 +201,6 @@ AC_SUBST(INCLUDES) AC_OUTPUT(Makefile src/Makefile doc/Makefile -doc/es/Makefile lib/Makefile po/Makefile.in m4/Makefile diff --git a/doc/Makefile.am b/doc/Makefile.am index 6714dbae..c3b209ff 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,7 +1,5 @@ ## Process this file with automake to get Makefile.in -SUBDIRS = es - info_TEXINFOS = tinc.texi dyn_MANS = diff --git a/src/Makefile.am b/src/Makefile.am index 76bb60c1..c3cd6523 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,14 +1,16 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.31 2003/07/29 11:06:22 guus Exp $ +# $Id: Makefile.am,v 1.4.4.32 2003/07/30 09:45:21 guus Exp $ sbin_PROGRAMS = tincd EXTRA_DIST = linux/device.c freebsd/device.c openbsd/device.c solaris/device.c netbsd/device.c darwin/device.c cygwin/device.c mingw/device.c raw_socket/device.c -tincd_SOURCES = conf.c connection.c device.c edge.c event.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \ +tincd_SOURCES = conf.c connection.c edge.c event.c graph.c logger.c meta.c net.c net_packet.c net_setup.c \ net_socket.c netutl.c node.c process.c protocol.c protocol_auth.c protocol_edge.c protocol_misc.c \ protocol_key.c protocol_subnet.c route.c subnet.c tincd.c +nodist_tincd_SOURCES = device.c + INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib noinst_HEADERS = conf.h connection.h device.h edge.h event.h graph.h logger.h meta.h net.h netutl.h node.h process.h \ From fcbe29bc4cc67530581a36cf1a3a1445c741b8e5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 30 Jul 2003 11:50:45 +0000 Subject: [PATCH 793/923] No C99 initialisers, gcc 2.95.3 doesn't like it. Also make sure getopt.h is included. --- configure.in | 4 ++-- src/edge.c | 12 ++++++------ src/net_setup.c | 14 ++++++-------- src/netutl.c | 22 ++++++++++------------ src/node.c | 16 ++++++++-------- src/protocol.c | 9 ++++----- src/subnet.c | 39 ++++++++++++++++++--------------------- src/tincd.c | 4 +++- 8 files changed, 57 insertions(+), 63 deletions(-) diff --git a/configure.in b/configure.in index 91f76dcb..d7754f90 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.75 2003/07/30 09:45:20 guus Exp $ +dnl $Id: configure.in,v 1.13.2.76 2003/07/30 11:50:44 guus Exp $ AC_PREREQ(2.57) AC_INIT(src/tincd.c) @@ -89,7 +89,7 @@ dnl Checks for libraries. dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS([syslog.h sys/file.h sys/ioctl.h sys/param.h sys/time.h sys/socket.h sys/wait.h sys/mman.h netdb.h arpa/inet.h netinet/in_systm.h netinet/in.h]) +AC_CHECK_HEADERS([stdbool.h syslog.h sys/file.h sys/ioctl.h sys/param.h sys/time.h sys/socket.h sys/wait.h sys/mman.h netdb.h arpa/inet.h netinet/in_systm.h netinet/in.h]) AC_CHECK_HEADERS([net/ethernet.h net/if.h net/if_arp.h netinet/if_ether.h netinet/ip.h netinet/tcp.h netinet/ip_icmp.h netinet/ip6.h netinet/icmp6.h], [], [], [#ifdef HAVE_SYS_TYPES_H diff --git a/src/edge.c b/src/edge.c index 95e7f7e0..9dbb0c89 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.24 2003/07/29 10:50:15 guus Exp $ + $Id: edge.c,v 1.1.2.25 2003/07/30 11:50:45 guus Exp $ */ #include "system.h" @@ -125,13 +125,13 @@ void edge_del(edge_t *e) edge_t *lookup_edge(node_t *from, node_t *to) { - edge_t v = { - .from = from, - .to = to - }; - + edge_t v; + cp(); + v.from = from; + v.to = to; + return avl_search(from->edge_tree, &v); } diff --git a/src/net_setup.c b/src/net_setup.c index 3695e18e..5bbaa799 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.40 2003/07/29 22:59:00 guus Exp $ + $Id: net_setup.c,v 1.1.2.41 2003/07/30 11:50:45 guus Exp $ */ #include "system.h" @@ -202,7 +202,7 @@ bool setup_myself(void) char *name, *hostname, *mode, *afname, *cipher, *digest; char *address = NULL; char *envp[5]; - struct addrinfo hint, *ai, *aip; + struct addrinfo *ai, *aip, hint = {0}; bool choice; int i, err; @@ -446,12 +446,10 @@ bool setup_myself(void) get_config_string(lookup_config(config_tree, "BindToAddress"), &address); - hint = (struct addrinfo) { - .ai_family = addressfamily, - .ai_socktype = SOCK_STREAM, - .ai_protocol = IPPROTO_TCP, - .ai_flags = AI_PASSIVE, - }; + hint.ai_family = addressfamily; + hint.ai_socktype = SOCK_STREAM; + hint.ai_protocol = IPPROTO_TCP; + hint.ai_flags = AI_PASSIVE; err = getaddrinfo(address, myport, &hint, &ai); diff --git a/src/netutl.c b/src/netutl.c index 1ec6e5a8..ef9a6608 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.50 2003/07/29 22:59:00 guus Exp $ + $Id: netutl.c,v 1.12.4.51 2003/07/30 11:50:45 guus Exp $ */ #include "system.h" @@ -36,15 +36,14 @@ bool hostnames = false; */ struct addrinfo *str2addrinfo(const char *address, const char *service, int socktype) { - struct addrinfo *ai; - struct addrinfo hint = { - .ai_family = addressfamily, - .ai_socktype = socktype, - }; + struct addrinfo *ai, hint = {0}; int err; cp(); + hint.ai_family = addressfamily; + hint.ai_socktype = socktype; + err = getaddrinfo(address, service, &hint, &ai); if(err) { @@ -58,17 +57,16 @@ struct addrinfo *str2addrinfo(const char *address, const char *service, int sock sockaddr_t str2sockaddr(const char *address, const char *port) { - struct addrinfo *ai; - struct addrinfo hint = { - .ai_family = AF_UNSPEC, - .ai_flags = AI_NUMERICHOST, - .ai_socktype = SOCK_STREAM, - }; + struct addrinfo *ai, hint = {0}; sockaddr_t result; int err; cp(); + hint.ai_family = AF_UNSPEC; + hint.ai_flags = AI_NUMERICHOST; + hint.ai_socktype = SOCK_STREAM; + err = getaddrinfo(address, port, &hint, &ai); if(err || !ai) { diff --git a/src/node.c b/src/node.c index 5fb3d0d7..b69c5b1c 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.25 2003/07/29 10:50:15 guus Exp $ + $Id: node.c,v 1.1.2.26 2003/07/30 11:50:45 guus Exp $ */ #include "system.h" @@ -145,24 +145,24 @@ void node_del(node_t *n) node_t *lookup_node(char *name) { - node_t n = { - .name = name, - }; + node_t n = {0}; cp(); + n.name = name; + return avl_search(node_tree, &n); } node_t *lookup_node_udp(const sockaddr_t *sa) { - node_t n = { - .address = *sa, - .name = NULL, - }; + node_t n = {0}; cp(); + n.address = *sa; + n.name = NULL; + return avl_search(node_udp_tree, &n); } diff --git a/src/protocol.c b/src/protocol.c index c2d92898..6088740a 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.144 2003/07/29 10:50:15 guus Exp $ + $Id: protocol.c,v 1.28.4.145 2003/07/30 11:50:45 guus Exp $ */ #include "system.h" @@ -209,13 +209,12 @@ void exit_requests(void) bool seen_request(char *request) { - past_request_t p = { - .request = request, - }; - past_request_t *new; + past_request_t *new, p = {0}; cp(); + p.request = request; + if(avl_search(past_request_tree, &p)) { ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Already seen request")); return true; diff --git a/src/subnet.c b/src/subnet.c index 4541594d..36d1627e 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.48 2003/07/24 12:08:16 guus Exp $ + $Id: subnet.c,v 1.1.2.49 2003/07/30 11:50:45 guus Exp $ */ #include "system.h" @@ -305,15 +305,14 @@ subnet_t *lookup_subnet(const node_t *owner, const subnet_t *subnet) subnet_t *lookup_subnet_mac(const mac_t *address) { - subnet_t subnet = { - .type = SUBNET_MAC, - .net.mac.address = *address, - .owner = NULL - }; - subnet_t *p; + subnet_t *p, subnet = {0}; cp(); + subnet.type = SUBNET_MAC; + subnet.net.mac.address = *address; + subnet.owner = NULL; + p = (subnet_t *) avl_search(subnet_tree, &subnet); return p; @@ -321,16 +320,15 @@ subnet_t *lookup_subnet_mac(const mac_t *address) subnet_t *lookup_subnet_ipv4(const ipv4_t *address) { - subnet_t subnet = { - .type = SUBNET_IPV4, - .net.ipv4.address = *address, - .net.ipv4.prefixlength = 32, - .owner = NULL - }; - subnet_t *p; + subnet_t *p, subnet = {0}; cp(); + subnet.type = SUBNET_IPV4; + subnet.net.ipv4.address = *address; + subnet.net.ipv4.prefixlength = 32; + subnet.owner = NULL; + do { /* Go find subnet */ @@ -360,16 +358,15 @@ subnet_t *lookup_subnet_ipv4(const ipv4_t *address) subnet_t *lookup_subnet_ipv6(const ipv6_t *address) { - subnet_t subnet = { - .type = SUBNET_IPV6, - .net.ipv6.address = *address, - .net.ipv6.prefixlength = 128, - .owner = NULL - }; - subnet_t *p; + subnet_t *p, subnet = {0}; cp(); + subnet.type = SUBNET_IPV6; + subnet.net.ipv6.address = *address; + subnet.net.ipv6.prefixlength = 128; + subnet.owner = NULL; + do { /* Go find subnet */ diff --git a/src/tincd.c b/src/tincd.c index 6b90de76..4b303622 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.78 2003/07/29 22:59:00 guus Exp $ + $Id: tincd.c,v 1.10.4.79 2003/07/30 11:50:45 guus Exp $ */ #include "system.h" @@ -38,6 +38,8 @@ #include +#include + #include "conf.h" #include "logger.h" #include "net.h" From 2edc764a333764e7e5c4d3420131c13e9c81ecf7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 30 Jul 2003 16:00:59 +0000 Subject: [PATCH 794/923] Replacement for stdbool.h --- system.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/system.h b/system.h index 73f7aeb1..0d7b3187 100644 --- a/system.h +++ b/system.h @@ -27,7 +27,6 @@ #include #include -#include #include #include #include @@ -36,6 +35,14 @@ #include #include +#ifdef HAVE_STDBOOL_H +#include +#else +typedef int bool; +#define true 1 +#define false 0 +#endif + #ifdef HAVE_TERMIOS_H #include #endif From d798b8b3d832f8c69769e08cfd64a4d8355faf0e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 30 Jul 2003 21:52:41 +0000 Subject: [PATCH 795/923] Prevent definitions from messing up attributes. --- lib/avl_tree.c | 4 ++-- lib/getopt.c | 2 +- lib/xalloc.h | 8 ++++---- src/conf.h | 4 ++-- src/connection.h | 4 ++-- src/edge.h | 6 +++--- src/event.h | 4 ++-- src/logger.h | 2 +- src/node.h | 4 ++-- src/process.c | 4 ++-- src/process.h | 4 ++-- src/protocol.h | 4 ++-- src/subnet.h | 6 +++--- 13 files changed, 28 insertions(+), 28 deletions(-) diff --git a/lib/avl_tree.c b/lib/avl_tree.c index be35b969..95e95e72 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.17 2003/07/24 12:08:14 guus Exp $ + $Id: avl_tree.c,v 1.1.2.18 2003/07/30 21:52:41 guus Exp $ */ #include "system.h" @@ -52,7 +52,7 @@ #endif #ifndef AVL_DEPTH -static int lg(unsigned int u) __attribute__ ((const)); +static int lg(unsigned int u) __attribute__ ((__const__)); static int lg(unsigned int u) { diff --git a/lib/getopt.c b/lib/getopt.c index 264a11be..5e397baa 100644 --- a/lib/getopt.c +++ b/lib/getopt.c @@ -259,7 +259,7 @@ extern pid_t __libc_pid; is valid for the getopt call we must make sure that the ARGV passed to getopt is that one passed to the process. */ static void -__attribute__ ((unused)) +__attribute__ ((__unused__)) store_args_and_env (int argc, char *const *argv) { /* XXX This is no good solution. We should rather copy the args so diff --git a/lib/xalloc.h b/lib/xalloc.h index dbba254a..7cb486a2 100644 --- a/lib/xalloc.h +++ b/lib/xalloc.h @@ -18,9 +18,9 @@ extern char *const xalloc_msg_memory_exhausted; /* FIXME: describe */ extern void (*xalloc_fail_func) (); -void *xmalloc PARAMS ((size_t n)) __attribute__ ((malloc)); -void *xmalloc_and_zero PARAMS ((size_t n)) __attribute__ ((malloc)); +void *xmalloc PARAMS ((size_t n)) __attribute__ ((__malloc__)); +void *xmalloc_and_zero PARAMS ((size_t n)) __attribute__ ((__malloc__)); void *xcalloc PARAMS ((size_t n, size_t s)); -void *xrealloc PARAMS ((void *p, size_t n)) __attribute__ ((malloc)); +void *xrealloc PARAMS ((void *p, size_t n)) __attribute__ ((__malloc__)); -char *xstrdup PARAMS ((const char *s)) __attribute__ ((malloc)); +char *xstrdup PARAMS ((const char *s)) __attribute__ ((__malloc__)); diff --git a/src/conf.h b/src/conf.h index 8ceb111e..8960f087 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.41 2003/07/24 12:08:15 guus Exp $ + $Id: conf.h,v 1.6.4.42 2003/07/30 21:52:41 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -44,7 +44,7 @@ extern char *netname; extern void init_configuration(avl_tree_t **); extern void exit_configuration(avl_tree_t **); -extern config_t *new_config(void) __attribute__ ((malloc)); +extern config_t *new_config(void) __attribute__ ((__malloc__)); extern void free_config(config_t *); extern void config_add(avl_tree_t *, config_t *); extern config_t *lookup_config(const avl_tree_t *, char *); diff --git a/src/connection.h b/src/connection.h index 0092f04e..29bace11 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.35 2003/07/22 20:55:19 guus Exp $ + $Id: connection.h,v 1.1.2.36 2003/07/30 21:52:41 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -100,7 +100,7 @@ extern connection_t *broadcast; extern void init_connections(void); extern void exit_connections(void); -extern connection_t *new_connection(void) __attribute__ ((malloc)); +extern connection_t *new_connection(void) __attribute__ ((__malloc__)); extern void free_connection(connection_t *); extern void connection_add(connection_t *); extern void connection_del(connection_t *); diff --git a/src/edge.h b/src/edge.h index 0e951fa6..ebb83378 100644 --- a/src/edge.h +++ b/src/edge.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.h,v 1.1.2.16 2003/07/29 10:50:15 guus Exp $ + $Id: edge.h,v 1.1.2.17 2003/07/30 21:52:41 guus Exp $ */ #ifndef __TINC_EDGE_H__ @@ -44,9 +44,9 @@ extern avl_tree_t *edge_weight_tree; /* Tree with all known edges sorted on weig extern void init_edges(void); extern void exit_edges(void); -extern edge_t *new_edge(void) __attribute__ ((malloc)); +extern edge_t *new_edge(void) __attribute__ ((__malloc__)); extern void free_edge(edge_t *); -extern avl_tree_t *new_edge_tree(void) __attribute__ ((malloc)); +extern avl_tree_t *new_edge_tree(void) __attribute__ ((__malloc__)); extern void free_edge_tree(avl_tree_t *); extern void edge_add(edge_t *); extern void edge_del(edge_t *); diff --git a/src/event.h b/src/event.h index 71aae18d..6ec986df 100644 --- a/src/event.h +++ b/src/event.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.h,v 1.1.4.7 2003/07/17 15:06:26 guus Exp $ + $Id: event.h,v 1.1.4.8 2003/07/30 21:52:41 guus Exp $ */ #ifndef __TINC_EVENT_H__ @@ -38,7 +38,7 @@ typedef struct { extern void init_events(void); extern void exit_events(void); -extern event_t *new_event(void) __attribute__ ((malloc)); +extern event_t *new_event(void) __attribute__ ((__malloc__)); extern void free_event(event_t *); extern void event_add(event_t *); extern void event_del(event_t *); diff --git a/src/logger.h b/src/logger.h index da849c40..35cc8af3 100644 --- a/src/logger.h +++ b/src/logger.h @@ -35,7 +35,7 @@ enum { extern debug_t debug_level; extern void openlogger(const char *, logmode_t); -extern void logger(int, const char *, ...) __attribute__ ((format(printf, 2, 3))); +extern void logger(int, const char *, ...) __attribute__ ((__format__(printf, 2, 3))); extern void closelogger(void); #define ifdebug(l) if(debug_level >= DEBUG_##l) diff --git a/src/node.h b/src/node.h index 4f1406ca..4407f993 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.28 2003/07/29 10:50:15 guus Exp $ + $Id: node.h,v 1.1.2.29 2003/07/30 21:52:41 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -79,7 +79,7 @@ extern avl_tree_t *node_udp_tree; extern void init_nodes(void); extern void exit_nodes(void); -extern node_t *new_node(void) __attribute__ ((malloc)); +extern node_t *new_node(void) __attribute__ ((__malloc__)); extern void free_node(node_t *); extern void node_add(node_t *); extern void node_del(node_t *); diff --git a/src/process.c b/src/process.c index 36b21461..3071b02a 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.58 2003/07/28 22:06:09 guus Exp $ + $Id: process.c,v 1.1.2.59 2003/07/30 21:52:41 guus Exp $ */ #include "system.h" @@ -206,7 +206,7 @@ bool detach(void) Execute the program name, with sane environment. */ static void _execute_script(const char *scriptname, char **envp) - __attribute__ ((noreturn)); + __attribute__ ((__noreturn__)); static void _execute_script(const char *scriptname, char **envp) { int save_errno; diff --git a/src/process.h b/src/process.h index 9b0b123f..182ed72a 100644 --- a/src/process.h +++ b/src/process.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.17 2003/07/22 20:55:20 guus Exp $ + $Id: process.h,v 1.1.2.18 2003/07/30 21:52:41 guus Exp $ */ #ifndef __TINC_PROCESS_H__ @@ -31,6 +31,6 @@ extern void setup_signals(void); extern bool execute_script(const char *, char **); extern bool detach(void); extern bool kill_other(int); -extern void cleanup_and_exit(int) __attribute__ ((noreturn)); +extern void cleanup_and_exit(int) __attribute__ ((__noreturn__)); #endif /* __TINC_PROCESS_H__ */ diff --git a/src/protocol.h b/src/protocol.h index 7a32a17a..e85db5d1 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.43 2003/07/29 22:59:00 guus Exp $ + $Id: protocol.h,v 1.5.4.44 2003/07/30 21:52:41 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -66,7 +66,7 @@ typedef struct past_request_t { /* Basic functions */ -extern bool send_request(struct connection_t *, const char *, ...) __attribute__ ((format(printf, 2, 3))); +extern bool send_request(struct connection_t *, const char *, ...) __attribute__ ((__format__(printf, 2, 3))); extern void forward_request(struct connection_t *); extern bool receive_request(struct connection_t *); extern bool check_id(const char *); diff --git a/src/subnet.h b/src/subnet.h index edca1c74..b0bc9113 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.23 2003/07/24 12:08:16 guus Exp $ + $Id: subnet.h,v 1.1.2.24 2003/07/30 21:52:41 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -64,11 +64,11 @@ typedef struct subnet_t { } net; } subnet_t; -extern subnet_t *new_subnet(void) __attribute__ ((malloc)); +extern subnet_t *new_subnet(void) __attribute__ ((__malloc__)); extern void free_subnet(subnet_t *); extern void init_subnets(void); extern void exit_subnets(void); -extern avl_tree_t *new_subnet_tree(void) __attribute__ ((malloc)); +extern avl_tree_t *new_subnet_tree(void) __attribute__ ((__malloc__)); extern void free_subnet_tree(avl_tree_t *); extern void subnet_add(struct node_t *, subnet_t *); extern void subnet_del(struct node_t *, subnet_t *); From da3078c63a3b658573f6e2f986f69ed4d7993b3a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 31 Jul 2003 11:17:39 +0000 Subject: [PATCH 796/923] Check if the compiler knows about the __malloc__ attribute. --- configure.in | 5 ++++- lib/list.h | 4 ++-- m4/attribute.m4 | 25 +++++++++++++++++++++++++ 3 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 m4/attribute.m4 diff --git a/configure.in b/configure.in index d7754f90..5fe9f4d4 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.76 2003/07/30 11:50:44 guus Exp $ +dnl $Id: configure.in,v 1.13.2.77 2003/07/31 11:17:39 guus Exp $ AC_PREREQ(2.57) AC_INIT(src/tincd.c) @@ -109,11 +109,14 @@ AC_CHECK_HEADERS([net/ethernet.h net/if.h net/if_arp.h netinet/if_ether.h netine dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST +AC_C_VOLATILE AC_TYPE_PID_T AC_TYPE_SIZE_T AC_HEADER_TIME AC_STRUCT_TM +tinc_ATTRIBUTE(__malloc__) + AC_CHECK_TYPES([socklen_t, struct arphdr, struct ether_arp, struct in_addr, struct addrinfo, struct ip, struct icmp, struct in6_addr, struct sockaddr_in6, struct ip6_hdr, struct icmp6_hdr, struct nd_neighbor_solicit, struct nd_opt_hdr], , , [#ifdef HAVE_SYS_TYPES_H #include diff --git a/lib/list.h b/lib/list.h index ff540928..c53e8013 100644 --- a/lib/list.h +++ b/lib/list.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.h,v 1.1.2.10 2003/07/12 17:48:38 guus Exp $ + $Id: list.h,v 1.1.2.11 2003/07/31 11:17:39 guus Exp $ */ #ifndef __TINC_LIST_H__ @@ -47,7 +47,7 @@ typedef struct list_t { /* (De)constructors */ -extern list_t *list_alloc(list_action_t) __attribute__ ((malloc)); +extern list_t *list_alloc(list_action_t) __attribute__ ((__malloc__)); extern void list_free(list_t *); extern list_node_t *list_alloc_node(void); extern void list_free_node(list_t *, list_node_t *); diff --git a/m4/attribute.m4 b/m4/attribute.m4 new file mode 100644 index 00000000..58b83467 --- /dev/null +++ b/m4/attribute.m4 @@ -0,0 +1,25 @@ +dnl Check to find out whether function attributes are supported. +dnl If they are not, #define them to be nothing. + +AC_DEFUN(tinc_ATTRIBUTE, +[ + AC_CACHE_CHECK([for working $1 attribute], tinc_cv_attribute_$1, + [ + tempcflags="$CFLAGS" + CFLAGS="$CFLAGS -Wall -Werror" + AC_COMPILE_IFELSE( + [AC_LANG_SOURCE( + [void test(void) __attribute__ (($1)); + void test(void) { return; } + ], + )], + [tinc_cv_attribute_$1=yes], + [tinc_cv_attribute_$1=no] + ) + CFLAGS="$tempcflags" + ]) + + if test ${tinc_cv_attribute_$1} = no; then + AC_DEFINE([$1], [], [Defined if the $1 attribute is not supported.]) + fi +]) From 5c29d066688691dd1664597ba1c76195634f06c0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 31 Jul 2003 11:20:32 +0000 Subject: [PATCH 797/923] Wrong argument. --- src/solaris/device.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/solaris/device.c b/src/solaris/device.c index 6b657273..9b92f2e5 100644 --- a/src/solaris/device.c +++ b/src/solaris/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.16 2003/07/22 20:55:21 guus Exp $ + $Id: device.c,v 1.1.2.17 2003/07/31 11:20:32 guus Exp $ */ @@ -149,8 +149,8 @@ bool write_packet(vpn_packet_t *packet) packet->len, device_info); if(write(device_fd, packet->data + 14, packet->len - 14) < 0) { - logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, packet->len, - strerror(errno)); + logger(LOG_ERR, _("Can't write to %s %s: %s"), device_info, + device, strerror(errno)); return false; } From 8eca27e863d9cb139a1e4039f63aaac3c9afc3c6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 31 Jul 2003 11:31:51 +0000 Subject: [PATCH 798/923] Remove forgotten braces. --- src/netbsd/device.c | 3 +-- src/openbsd/device.c | 3 +-- src/raw_socket/device.c | 3 +-- 3 files changed, 3 insertions(+), 6 deletions(-) diff --git a/src/netbsd/device.c b/src/netbsd/device.c index d0998339..9c3b2cd6 100644 --- a/src/netbsd/device.c +++ b/src/netbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.12 2003/07/22 20:55:21 guus Exp $ + $Id: device.c,v 1.1.2.13 2003/07/31 11:31:50 guus Exp $ */ #include "system.h" @@ -89,7 +89,6 @@ bool read_packet(vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - } return true; } diff --git a/src/openbsd/device.c b/src/openbsd/device.c index e7670300..07fa4b9f 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.17 2003/07/22 20:55:21 guus Exp $ + $Id: device.c,v 1.1.2.18 2003/07/31 11:31:51 guus Exp $ */ #include "system.h" @@ -106,7 +106,6 @@ bool read_packet(vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - } return true; } diff --git a/src/raw_socket/device.c b/src/raw_socket/device.c index 77e0540d..1bece597 100644 --- a/src/raw_socket/device.c +++ b/src/raw_socket/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.8 2003/07/22 20:55:21 guus Exp $ + $Id: device.c,v 1.1.2.9 2003/07/31 11:31:51 guus Exp $ */ #include "config.h" @@ -122,7 +122,6 @@ bool read_packet(vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Read packet of %d bytes from %s"), packet->len, device_info); - } return true; } From 1fe56637874a1e93882a2ca6ffb8c50a773f80e4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 31 Jul 2003 13:18:34 +0000 Subject: [PATCH 799/923] No easy way to properly detect header files... --- configure.in | 118 +++++++++++++++++++++++++++++++++++++++++++++------ src/route.c | 5 +-- system.h | 8 ++++ 3 files changed, 115 insertions(+), 16 deletions(-) diff --git a/configure.in b/configure.in index 5fe9f4d4..844999f6 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.77 2003/07/31 11:17:39 guus Exp $ +dnl $Id: configure.in,v 1.13.2.78 2003/07/31 13:18:34 guus Exp $ AC_PREREQ(2.57) AC_INIT(src/tincd.c) @@ -88,22 +88,101 @@ fi dnl Checks for libraries. dnl Checks for header files. +dnl We do this in multiple stages, because unlike Linux all the other operating systems really suck and don't include their own dependencies. + AC_HEADER_STDC -AC_CHECK_HEADERS([stdbool.h syslog.h sys/file.h sys/ioctl.h sys/param.h sys/time.h sys/socket.h sys/wait.h sys/mman.h netdb.h arpa/inet.h netinet/in_systm.h netinet/in.h]) -AC_CHECK_HEADERS([net/ethernet.h net/if.h net/if_arp.h netinet/if_ether.h netinet/ip.h netinet/tcp.h netinet/ip_icmp.h netinet/ip6.h netinet/icmp6.h], +AC_CHECK_HEADERS([stdbool.h syslog.h sys/file.h sys/ioctl.h sys/param.h sys/time.h sys/socket.h sys/wait.h sys/mman.h netdb.h arpa/inet.h]) +AC_CHECK_HEADERS([net/if.h net/ethernet.h net/if_arp.h netinet/in_systm.h netinet/in.h netinet/in6.h], [], [], [#ifdef HAVE_SYS_TYPES_H #include #endif + #ifdef HAVE_NETDB_H + #include + #endif + #ifdef HAVE_ARPA_INET_H + #include + #endif #ifdef HAVE_SYS_SOCKET_H #include #endif + ] +) +AC_CHECK_HEADERS([netinet/if_ether.h netinet/ip.h netinet/ip6.h], + [], [], + [#ifdef HAVE_SYS_TYPES_H + #include + #endif + #ifdef HAVE_NETDB_H + #include + #endif + #ifdef HAVE_ARPA_INET_H + #include + #endif + #ifdef HAVE_SYS_SOCKET_H + #include + #endif + #ifdef HAVE_NET_IF_H + #include + #endif #ifdef HAVE_NETINET_IN_SYSTM_H #include #endif #ifdef HAVE_NETINET_IN_H #include #endif + #ifdef HAVE_NETINET_IN6_H + #include + #endif + #ifdef HAVE_NET_ETHERNET_H + #include + #endif + #ifdef HAVE_NET_IF_ARP_H + #include + #endif + ] +) +AC_CHECK_HEADERS([netinet/tcp.h netinet/ip_icmp.h netinet/icmp6.h], + [], [], + [#ifdef HAVE_SYS_TYPES_H + #include + #endif + #ifdef HAVE_NETDB_H + #include + #endif + #ifdef HAVE_ARPA_INET_H + #include + #endif + #ifdef HAVE_SYS_SOCKET_H + #include + #endif + #ifdef HAVE_NET_IF_H + #include + #endif + #ifdef HAVE_NETINET_IN_SYSTM_H + #include + #endif + #ifdef HAVE_NETINET_IN_H + #include + #endif + #ifdef HAVE_NETINET_IP_H + #include + #endif + #ifdef HAVE_NETINET_IN6_H + #include + #endif + #ifdef HAVE_NETINET_IP6_H + #include + #endif + #ifdef HAVE_NET_ETHERNET_H + #include + #endif + #ifdef HAVE_NET_IF_ARP_H + #include + #endif + #ifdef HAVE_NETINET_IF_ETHER_H + #include + #endif ] ) @@ -121,17 +200,17 @@ AC_CHECK_TYPES([socklen_t, struct arphdr, struct ether_arp, struct in_addr, stru [#ifdef HAVE_SYS_TYPES_H #include #endif - #ifdef HAVE_SYS_SOCKET_H - #include - #endif #ifdef HAVE_NETDB_H #include #endif - #ifdef HAVE_NET_IF_ARP_H - #include + #ifdef HAVE_ARPA_INET_H + #include #endif - #ifdef HAVE_NETINET_IF_ETHER_H - #include + #ifdef HAVE_SYS_SOCKET_H + #include + #endif + #ifdef HAVE_NET_IF_H + #include #endif #ifdef HAVE_NETINET_IN_SYSTM_H #include @@ -142,12 +221,27 @@ AC_CHECK_TYPES([socklen_t, struct arphdr, struct ether_arp, struct in_addr, stru #ifdef HAVE_NETINET_IP_H #include #endif - #ifdef HAVE_NETINET_IP_ICMP_H - #include + #ifdef HAVE_NETINET_TCP_H + #include + #endif + #ifdef HAVE_NETINET_IN6_H + #include #endif #ifdef HAVE_NETINET_IP6_H #include #endif + #ifdef HAVE_NET_ETHERNET_H + #include + #endif + #ifdef HAVE_NET_IF_ARP_H + #include + #endif + #ifdef HAVE_NETINET_IF_ETHER_H + #include + #endif + #ifdef HAVE_NETINET_IP_ICMP_H + #include + #endif #ifdef HAVE_NETINET_ICMP6_H #include #endif diff --git a/src/route.c b/src/route.c index 7dd7635f..5823f379 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.62 2003/07/22 20:55:20 guus Exp $ + $Id: route.c,v 1.1.2.63 2003/07/31 13:18:34 guus Exp $ */ #include "system.h" @@ -31,9 +31,6 @@ #ifdef HAVE_NETINET_IP_ICMP_H #include #endif -#ifdef HAVE_NETINET_IP6_H -#include -#endif #ifdef HAVE_NETINET_ICMP6_H #include #endif diff --git a/system.h b/system.h index 0d7b3187..d3aa8429 100644 --- a/system.h +++ b/system.h @@ -120,6 +120,14 @@ typedef int bool; #include #endif +#ifdef HAVE_NETINET_IN6_H +#include +#endif + +#ifdef HAVE_NETINET_IP6_H +#include +#endif + #ifdef HAVE_MINGW #include #include From 2531ff59b73af3a6de85fdc33d744758a6ab9449 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 31 Jul 2003 14:24:19 +0000 Subject: [PATCH 800/923] Woops! --- src/process.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/process.c b/src/process.c index 3071b02a..44ecf308 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.59 2003/07/30 21:52:41 guus Exp $ + $Id: process.c,v 1.1.2.60 2003/07/31 14:24:19 guus Exp $ */ #include "system.h" @@ -223,7 +223,7 @@ static void _execute_script(const char *scriptname, char **envp) /* Close all file descriptors */ fcloseall(); - execl(scriptname, NULL); + execl(scriptname, scriptname, NULL); /* No return on success */ save_errno = errno; From 998ac634d456567e7caf99fe879d4ef1602f36bf Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 1 Aug 2003 08:18:22 +0000 Subject: [PATCH 801/923] Wrong function... --- src/mingw/device.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/mingw/device.c b/src/mingw/device.c index e1fbf220..23b4c009 100644 --- a/src/mingw/device.c +++ b/src/mingw/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.7 2003/07/29 23:21:01 guus Exp $ + $Id: device.c,v 1.1.2.8 2003/08/01 08:18:22 guus Exp $ */ #include "system.h" @@ -177,7 +177,7 @@ bool setup_device(void) len = sizeof(adaptername); RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); - RegKeyClose(key2); + RegCloseKey(key2); if(device) { if(!strcmp(device, adapterid)) { @@ -203,7 +203,7 @@ bool setup_device(void) } } - RegKeyClose(key); + RegCloseKey(key); if(!found) { logger(LOG_ERR, _("No Windows tap device found!")); From b79e55b183898911e2c2b7b151b281aef8d474e1 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 2 Aug 2003 15:13:08 +0000 Subject: [PATCH 802/923] Prevent system headers from including our own headers. --- src/Makefile.am | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index c3cd6523..a3b72028 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,5 +1,5 @@ ## Produce this file with automake to get Makefile.in -# $Id: Makefile.am,v 1.4.4.32 2003/07/30 09:45:21 guus Exp $ +# $Id: Makefile.am,v 1.4.4.33 2003/08/02 15:13:08 guus Exp $ sbin_PROGRAMS = tincd @@ -11,6 +11,8 @@ tincd_SOURCES = conf.c connection.c edge.c event.c graph.c logger.c meta.c net.c nodist_tincd_SOURCES = device.c +DEFAULT_INCLUDES = + INCLUDES = @INCLUDES@ -I$(top_builddir) -I$(top_srcdir)/lib noinst_HEADERS = conf.h connection.h device.h edge.h event.h graph.h logger.h meta.h net.h netutl.h node.h process.h \ @@ -23,11 +25,7 @@ tincd_LDADD = \ localedir = $(datadir)/locale -AM_CFLAGS = @CFLAGS@ -DPKGLIBDIR=$(pkglibdir) -DCONFDIR=\"$(sysconfdir)\" \ - -DLOCALEDIR=\"$(localedir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" +AM_CFLAGS = @CFLAGS@ -DCONFDIR=\"$(sysconfdir)\" -DLOCALEDIR=\"$(localedir)\" -DLOCALSTATEDIR=\"$(localstatedir)\" dist-hook: rm -f `find . -type l` - -lint: $(tincd_SOURCES) - lclint -nullassign -nullret +trytorecover +posixlib -skipansiheaders -skipposixheaders +gnuextensions -I/usr/include -I/usr/lib/gcc-lib/i386-linux/2.95.2/include -I. -I/home/zarq/p/tinc/cvs/cabal/src -I.. -I.. -I/home/zarq/p/tinc/cvs/cabal/lib -I/home/zarq/p/tinc/cvs/cabal/intl -D_POSIX_SOURCE -D__ELF__ -Dunix -D__i386__ -Dlinux -DHAVE_CONFIG_H -DPKGLIBDIR=/usr/local/lib/tinc -DCONFDIR=\"/usr/local/etc\" -DLOCALEDIR=\"/usr/local/share/locale\" $^ From c7bf64c7946ece3e1a6a7cdd7bce00045bddb9cd Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 2 Aug 2003 15:27:24 +0000 Subject: [PATCH 803/923] Allow whitespace in values. --- src/conf.c | 65 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/src/conf.c b/src/conf.c index 4a444433..e57eb8bd 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.69 2003/07/24 12:08:15 guus Exp $ + $Id: conf.c,v 1.9.4.70 2003/08/02 15:27:24 guus Exp $ */ #include "system.h" @@ -326,6 +326,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) char *buffer, *line; char *variable, *value; int lineno = 0; + int len; bool ignore = false; config_t *cfg; size_t bufsize; @@ -358,37 +359,45 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) lineno++; - variable = strtok(line, "\t ="); + if(*line == '#') + continue; - if(!variable) - continue; /* no tokens on this line */ - - if(variable[0] == '#') - continue; /* comment: ignore */ - - if(!strcmp(variable, "-----BEGIN")) + if(ignore) { + if(!strncmp(variable, "-----END", 8)) + ignore = false; + continue; + } + + if(!strncmp(line, "-----BEGIN", 10)) { ignore = true; - - if(!ignore) { - value = strtok(NULL, "\t\n\r ="); - - if(!value || value[0] == '#') { - logger(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), - variable, lineno, fname); - break; - } - - cfg = new_config(); - cfg->variable = xstrdup(variable); - cfg->value = xstrdup(value); - cfg->file = xstrdup(fname); - cfg->line = lineno; - - config_add(config_tree, cfg); + continue; } - if(!strcmp(variable, "-----END")) - ignore = false; + variable = value = line; + + len = strcspn(value, "\t ="); + value += len; + value += strspn(value, "\t "); + if(*value == '=') { + value++; + value += strspn(value, "\t "); + } + variable[len] = '\0'; + + if(!*value) { + logger(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), + variable, lineno, fname); + break; + } + + logger(LOG_DEBUG, "%s=%s", variable, value); + cfg = new_config(); + cfg->variable = xstrdup(variable); + cfg->value = xstrdup(value); + cfg->file = xstrdup(fname); + cfg->line = lineno; + + config_add(config_tree, cfg); } free(buffer); From 9c2d5d9f9212dee5ee988f4824e5e4afedb7a2dd Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 2 Aug 2003 15:29:06 +0000 Subject: [PATCH 804/923] Oops. --- src/conf.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/conf.c b/src/conf.c index e57eb8bd..8d30e0d5 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.70 2003/08/02 15:27:24 guus Exp $ + $Id: conf.c,v 1.9.4.71 2003/08/02 15:29:06 guus Exp $ */ #include "system.h" @@ -390,7 +390,6 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) break; } - logger(LOG_DEBUG, "%s=%s", variable, value); cfg = new_config(); cfg->variable = xstrdup(variable); cfg->value = xstrdup(value); From 9a491a10eee55b243dd1030ee9016ec510908a10 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 2 Aug 2003 15:32:57 +0000 Subject: [PATCH 805/923] Windows has no symbolic links as we know it. --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 844999f6..79165e8c 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.78 2003/07/31 13:18:34 guus Exp $ +dnl $Id: configure.in,v 1.13.2.79 2003/08/02 15:32:57 guus Exp $ AC_PREREQ(2.57) AC_INIT(src/tincd.c) @@ -69,7 +69,7 @@ case $host_os in ;; *mingw*) AC_DEFINE(HAVE_MINGW, 1, [MinGW]) - [ rm -f src/device.c; ln -sf mingw/device.c src/device.c ] + [ rm -f src/device.c; cp -f src/mingw/device.c src/device.c ] ;; *) AC_MSG_ERROR("Unknown operating system.") From 7c34122af7ed4667748ceae4966bd5b519ac8ad7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 2 Aug 2003 16:05:33 +0000 Subject: [PATCH 806/923] When compiling with MinGW, link with ws2_32. --- configure.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/configure.in b/configure.in index 79165e8c..ce678559 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.79 2003/08/02 15:32:57 guus Exp $ +dnl $Id: configure.in,v 1.13.2.80 2003/08/02 16:05:33 guus Exp $ AC_PREREQ(2.57) AC_INIT(src/tincd.c) @@ -70,6 +70,7 @@ case $host_os in *mingw*) AC_DEFINE(HAVE_MINGW, 1, [MinGW]) [ rm -f src/device.c; cp -f src/mingw/device.c src/device.c ] + LIBS="$LIBS -lws2_32" ;; *) AC_MSG_ERROR("Unknown operating system.") From f08fc359a0b7f638e73a8f866119b016b7dff8de Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 2 Aug 2003 20:50:38 +0000 Subject: [PATCH 807/923] Install tinc as a service under Windows (MinGW). Remove cleanup_and_exit(), either exit() directly on errors or let main_loop() shutdown gracefully. --- lib/utils.c | 14 +++ lib/utils.h | 4 + po/nl.po | 299 +++++++++++++++++++++++++++++--------------------- src/logger.c | 3 +- src/net.c | 17 +-- src/net.h | 4 +- src/process.c | 175 +++++++++++++++++++++++++---- src/process.h | 3 +- src/tincd.c | 66 +++++++---- 9 files changed, 410 insertions(+), 175 deletions(-) diff --git a/lib/utils.c b/lib/utils.c index 9ffad702..6b3dd237 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -79,3 +79,17 @@ void cp_trace() ); } #endif + +#ifdef HAVE_MINGW +char *winerror(int err) { + static char buf[1024]; + + if (!FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), buf, sizeof(buf), NULL)) { + strncpy(buf, _("(unable to format errormessage)"), sizeof(buf)); + }; + + return buf; +} +#endif + diff --git a/lib/utils.h b/lib/utils.h index caf6e6f6..d8dc4768 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -38,4 +38,8 @@ extern void cp_trace(void); extern void hex2bin(char *src, char *dst, int length); extern void bin2hex(char *src, char *dst, int length); +#ifdef HAVE_MINGW +extern char *winerror(int); +#endif + #endif /* __TINC_UTILS_H__ */ diff --git a/po/nl.po b/po/nl.po index 2ff394e5..bc417a83 100644 --- a/po/nl.po +++ b/po/nl.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2003-07-29 13:04+0200\n" +"POT-Creation-Date: 2003-08-02 17:51+0200\n" "PO-Revision-Date: 2003-05-06 23:10+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -46,69 +46,69 @@ msgstr "" "Netwerk adres en prefix lengte komen niet overeen bij configuratievariabele %" "s in %s regel %d" -#: src/conf.c:338 +#: src/conf.c:339 #, c-format msgid "Cannot open config file %s: %s" msgstr "Kan configuratie bestand %s niet openen: %s" -#: src/conf.c:376 +#: src/conf.c:388 #, c-format msgid "No value for variable `%s' on line %d while reading config file %s" msgstr "" "Geen waarde voor variabele `%s' op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/conf.c:411 +#: src/conf.c:419 #, c-format msgid "Failed to read `%s': %s" msgstr "Lezen van `%s' mislukte: %s" -#: src/conf.c:429 +#: src/conf.c:437 #, c-format msgid "`%s' is not an absolute path" msgstr "`%s' is geen absoluut pad" -#: src/conf.c:445 src/conf.c:473 +#: src/conf.c:453 src/conf.c:481 #, c-format msgid "Couldn't stat `%s': %s" msgstr "Kon `%s' niet statten: %s" -#: src/conf.c:450 src/conf.c:481 +#: src/conf.c:458 src/conf.c:489 #, c-format msgid "`%s' is owned by UID %d instead of %d" msgstr "`%s' is eigendom van UID %d in plaats van %d" -#: src/conf.c:456 src/conf.c:487 +#: src/conf.c:464 src/conf.c:495 #, c-format msgid "Warning: `%s' is a symlink" msgstr "Waarschuwing: `%s' is een symbolische link" -#: src/conf.c:459 src/conf.c:490 +#: src/conf.c:467 src/conf.c:498 #, c-format msgid "Unable to read symbolic link `%s': %s" msgstr "Kan symbolische link `%s' niet lezen: %s" -#: src/conf.c:501 +#: src/conf.c:509 #, c-format msgid "`%s' has unsecure permissions" msgstr "`%s' heeft onveilige permissies" -#: src/conf.c:523 +#: src/conf.c:531 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "Geef een bestand om de %s naar de schrijven [%s]: " -#: src/conf.c:530 +#: src/conf.c:538 #, c-format msgid "Error while reading stdin: %s\n" msgstr "Fout tijdens lezen van standaardinvoer: %s\n" -#: src/conf.c:558 +#: src/conf.c:566 #, c-format msgid "Error opening file `%s': %s\n" msgstr "Fout bij het openen van het bestand `%s': %s\n" -#: src/conf.c:567 +#: src/conf.c:575 #, c-format msgid "" "The file `%s' (or any of the leading directories) has unsafe permissions.\n" @@ -174,56 +174,56 @@ msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:58 +#: src/net.c:59 msgid "Purging unreachable nodes" msgstr "Verwijderen onbereikbare nodes" -#: src/net.c:65 +#: src/net.c:66 #, c-format msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:146 +#: src/net.c:147 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:199 +#: src/net.c:200 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:208 +#: src/net.c:209 #, c-format msgid "Old connection_t for %s (%s) status %04x still lingering, deleting..." msgstr "" "Oude connection_t voor %s (%s) status %04x nog steeds aanwezig, wordt " "verwijderd..." -#: src/net.c:213 +#: src/net.c:214 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:255 +#: src/net.c:256 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:308 +#: src/net.c:309 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:339 +#: src/net.c:340 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:356 +#: src/net.c:357 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:380 +#: src/net.c:381 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." @@ -269,9 +269,13 @@ msgstr "Fout tijdens comprimeren pakket naar %s (%s)" msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" -#: src/net_packet.c:309 src/net_setup.c:459 src/net_socket.c:74 -#: src/net_socket.c:122 src/net_socket.c:153 src/tincd.c:388 src/process.c:261 -#: src/process.c:289 src/cygwin/device.c:150 src/cygwin/device.c:181 +#: src/net_packet.c:309 src/net_setup.c:457 src/net_socket.c:74 +#: src/net_socket.c:122 src/net_socket.c:153 src/tincd.c:394 src/tincd.c:428 +#: src/process.c:389 src/process.c:417 src/cygwin/device.c:155 +#: src/cygwin/device.c:186 src/mingw/device.c:81 src/mingw/device.c:90 +#: src/mingw/device.c:95 src/mingw/device.c:247 src/mingw/device.c:254 +#: src/mingw/device.c:259 src/mingw/device.c:266 src/mingw/device.c:275 +#: src/mingw/device.c:282 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" @@ -407,16 +411,16 @@ msgstr "Onzinnige MAC lengte!" msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:481 +#: src/net_setup.c:479 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:492 +#: src/net_setup.c:490 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:494 +#: src/net_setup.c:492 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" @@ -509,27 +513,27 @@ msgstr "Verbinding van %s" msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" -#: src/netutl.c:52 src/netutl.c:77 +#: src/netutl.c:50 src/netutl.c:73 #, c-format msgid "Error looking up %s port %s: %s\n" msgstr "Fout bij het opzoeken van %s poort %s: %s\n" -#: src/netutl.c:102 +#: src/netutl.c:98 #, c-format msgid "Error while translating addresses: %s" msgstr "Fout tijdens vertalen adressen: %s" -#: src/netutl.c:130 +#: src/netutl.c:126 #, c-format msgid "Error while looking up hostname: %s" msgstr "Fout bij het opzoeken van hostnaam: %s" -#: src/netutl.c:134 +#: src/netutl.c:130 #, c-format msgid "%s port %s" msgstr "%s poort %s" -#: src/netutl.c:171 +#: src/netutl.c:167 #, c-format msgid "sockaddrcmp() was called with unknown address family %d, exitting!" msgstr "" @@ -595,11 +599,11 @@ msgstr "Fout tijdens afhandelen %s van %s (%s)" msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:220 +#: src/protocol.c:219 msgid "Already seen request" msgstr "Verzoek reeds gezien" -#: src/protocol.c:250 +#: src/protocol.c:249 #, c-format msgid "Aging past requests: deleted %d, left %d\n" msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven\n" @@ -801,25 +805,25 @@ msgstr "" msgid "net2str() was called with unknown subnet type %d, exiting!" msgstr "net2str() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:406 +#: src/subnet.c:403 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:411 +#: src/subnet.c:408 #, c-format msgid " %s owner %s" msgstr " %s eigenaar %s" -#: src/subnet.c:415 +#: src/subnet.c:412 msgid "End of subnet list." msgstr "Einde van subnet lijst." -#: src/tincd.c:99 +#: src/tincd.c:105 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:102 +#: src/tincd.c:108 #, c-format msgid "" "Usage: %s [option]...\n" @@ -828,7 +832,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:103 +#: src/tincd.c:109 msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" @@ -857,13 +861,13 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:114 +#: src/tincd.c:120 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:172 +#: src/tincd.c:178 #, c-format msgid "" "Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, " @@ -872,7 +876,7 @@ msgstr "" "Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, " "KILL, USR1, USR2, WINCH, INT of ALRM.\n" -#: src/tincd.c:191 +#: src/tincd.c:197 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" @@ -880,24 +884,24 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:280 +#: src/tincd.c:286 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:284 +#: src/tincd.c:290 msgid "Error during key generation!\n" msgstr "Fout tijdens genereren sleutel!\n" -#: src/tincd.c:287 +#: src/tincd.c:293 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:290 +#: src/tincd.c:296 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:296 src/tincd.c:315 +#: src/tincd.c:302 src/tincd.c:321 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -905,21 +909,21 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:309 +#: src/tincd.c:315 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:344 +#: src/tincd.c:350 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:364 +#: src/tincd.c:370 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:366 +#: src/tincd.c:372 msgid "" "Copyright (C) 1998-2003 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -936,24 +940,24 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:392 +#: src/tincd.c:398 msgid "mlockall() not supported on this platform!" msgstr "mlockall() wordt niet ondersteund op dit platform!" -#: src/tincd.c:416 +#: src/tincd.c:422 msgid "Error initializing LZO compressor!" msgstr "Fout tijdens initialiseren LZO compressor!" -#: src/tincd.c:429 +#: src/tincd.c:442 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:433 +#: src/tincd.c:446 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:436 src/process.c:352 +#: src/tincd.c:449 src/process.c:480 msgid "Not restarting." msgstr "Geen herstart." @@ -966,105 +970,150 @@ msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." msgid "Terminating" msgstr "Beëindigen" -#: src/process.c:105 +#: src/process.c:107 src/process.c:148 +#, fuzzy +msgid "Could not open service manager" +msgstr "Kon `%s' niet twee keer openen: %s" + +#: src/process.c:114 +#, c-format +msgid "%s service already installed" +msgstr "" + +#: src/process.c:132 +#, fuzzy, c-format +msgid "Could not create service: %d" +msgstr "Kon `%s' niet twee keer openen: %s" + +#: src/process.c:136 +#, c-format +msgid "%s service installed" +msgstr "" + +#: src/process.c:140 +#, c-format +msgid "%s service started" +msgstr "" + +#: src/process.c:155 +#, fuzzy +msgid "Could not open service" +msgstr "Kon `%s' niet twee keer openen: %s" + +#: src/process.c:160 +#, fuzzy +msgid "Could not remove service" +msgstr "Kon `%s' niet twee keer openen: %s" + +#: src/process.c:164 +#, c-format +msgid "%s service removed" +msgstr "" + +#: src/process.c:203 +#, c-format +msgid "Error starting service control dispatcher: %d" +msgstr "" + +#: src/process.c:226 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd draait al voor net `%s' met pid %d.\n" -#: src/process.c:108 +#: src/process.c:229 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met pid %d.\n" -#: src/process.c:134 +#: src/process.c:255 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:137 +#: src/process.c:258 msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:146 +#: src/process.c:267 #, c-format msgid "The tincd for net `%s' is no longer running. " msgstr "De tincd voor net `%s' draait niet meer. " -#: src/process.c:149 +#: src/process.c:270 msgid "The tincd is no longer running. " msgstr "De tincd draait niet meer. " -#: src/process.c:151 +#: src/process.c:272 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:182 +#: src/process.c:305 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:196 +#: src/process.c:324 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:232 +#: src/process.c:360 #, c-format msgid "Could not execute `%s': %s" msgstr "Kon `%s' niet uitvoeren: %s" -#: src/process.c:267 +#: src/process.c:395 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:274 +#: src/process.c:402 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:280 +#: src/process.c:408 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:284 +#: src/process.c:412 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:314 +#: src/process.c:442 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:321 +#: src/process.c:449 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:327 +#: src/process.c:455 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart." -#: src/process.c:336 +#: src/process.c:464 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:340 +#: src/process.c:468 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:359 +#: src/process.c:487 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:366 +#: src/process.c:494 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:372 +#: src/process.c:500 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1073,41 +1122,41 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:381 +#: src/process.c:509 msgid "Got ALRM signal" msgstr "Kreeg ALRM signaal" -#: src/process.c:405 +#: src/process.c:533 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:411 +#: src/process.c:539 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:465 +#: src/process.c:593 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:107 +#: src/route.c:104 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:140 +#: src/route.c:137 #, c-format msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" -#: src/route.c:249 +#: src/route.c:246 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:340 +#: src/route.c:337 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1116,19 +1165,19 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:392 +#: src/route.c:389 msgid "" "Cannot route packet: received unknown type neighbor solicitation request" msgstr "" "Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation " "verzoek" -#: src/route.c:409 +#: src/route.c:406 msgid "Cannot route packet: checksum error for neighbor solicitation request" msgstr "" "Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek" -#: src/route.c:418 +#: src/route.c:415 #, c-format msgid "" "Cannot route packet: neighbor solicitation request for unknown address %hx:%" @@ -1137,16 +1186,16 @@ msgstr "" "Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres %" "hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx" -#: src/route.c:497 +#: src/route.c:494 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:506 +#: src/route.c:503 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:561 +#: src/route.c:558 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" @@ -1222,50 +1271,50 @@ msgstr "%s is een %s" #: src/linux/device.c:137 src/linux/device.c:148 src/linux/device.c:159 #: src/freebsd/device.c:75 src/solaris/device.c:126 src/netbsd/device.c:78 -#: src/darwin/device.c:75 src/cygwin/device.c:250 src/mingw/device.c:184 -#: src/raw_socket/device.c:114 +#: src/darwin/device.c:75 src/cygwin/device.c:254 src/mingw/device.c:118 +#: src/mingw/device.c:309 src/raw_socket/device.c:114 #, c-format msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" #: src/linux/device.c:170 src/freebsd/device.c:84 src/solaris/device.c:138 -#: src/netbsd/device.c:90 src/darwin/device.c:87 src/cygwin/device.c:259 -#: src/mingw/device.c:193 src/raw_socket/device.c:123 +#: src/netbsd/device.c:90 src/darwin/device.c:87 src/cygwin/device.c:263 +#: src/mingw/device.c:318 src/raw_socket/device.c:123 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" #: src/linux/device.c:180 src/freebsd/device.c:94 src/solaris/device.c:148 -#: src/netbsd/device.c:101 src/darwin/device.c:97 src/cygwin/device.c:271 -#: src/mingw/device.c:205 src/raw_socket/device.c:134 +#: src/netbsd/device.c:100 src/darwin/device.c:97 src/cygwin/device.c:275 +#: src/mingw/device.c:331 src/raw_socket/device.c:133 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" #: src/linux/device.c:187 src/linux/device.c:194 src/linux/device.c:203 -#: src/solaris/device.c:152 src/netbsd/device.c:105 -#: src/raw_socket/device.c:138 +#: src/solaris/device.c:152 src/netbsd/device.c:104 +#: src/raw_socket/device.c:137 #, c-format msgid "Can't write to %s %s: %s" msgstr "Kan niet schrijven naar %s %s: %s" #: src/linux/device.c:219 src/freebsd/device.c:112 src/solaris/device.c:166 -#: src/netbsd/device.c:119 src/darwin/device.c:115 src/cygwin/device.c:288 -#: src/mingw/device.c:222 src/raw_socket/device.c:152 +#: src/netbsd/device.c:118 src/darwin/device.c:115 src/cygwin/device.c:292 +#: src/mingw/device.c:348 src/raw_socket/device.c:151 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" #: src/linux/device.c:220 src/freebsd/device.c:113 src/solaris/device.c:167 -#: src/netbsd/device.c:120 src/darwin/device.c:116 src/cygwin/device.c:289 -#: src/mingw/device.c:223 src/raw_socket/device.c:153 +#: src/netbsd/device.c:119 src/darwin/device.c:116 src/cygwin/device.c:293 +#: src/mingw/device.c:349 src/raw_socket/device.c:152 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" #: src/linux/device.c:221 src/freebsd/device.c:114 src/solaris/device.c:168 -#: src/netbsd/device.c:121 src/darwin/device.c:117 src/cygwin/device.c:290 -#: src/mingw/device.c:224 src/raw_socket/device.c:154 +#: src/netbsd/device.c:120 src/darwin/device.c:117 src/cygwin/device.c:294 +#: src/mingw/device.c:350 src/raw_socket/device.c:153 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" @@ -1321,50 +1370,54 @@ msgstr "NetBSD tun apparaat" msgid "MacOS/X tun device" msgstr "MaxOS/X tun apparaat" -#: src/cygwin/device.c:89 src/cygwin/device.c:111 src/mingw/device.c:84 -#: src/mingw/device.c:106 +#: src/cygwin/device.c:89 src/mingw/device.c:161 msgid "Unable to read registry" msgstr "Kon registry niet lezen" -#: src/cygwin/device.c:136 src/mingw/device.c:130 +#: src/cygwin/device.c:138 src/mingw/device.c:209 msgid "No Windows tap device found!" msgstr "Geen Windows tap apparaat gevonden!" -#: src/cygwin/device.c:159 +#: src/cygwin/device.c:164 msgid "Could not open Windows tap device for writing!" msgstr "Kon Windows tap apparaat niet openen om te schrijven!" -#: src/cygwin/device.c:168 src/mingw/device.c:152 +#: src/cygwin/device.c:173 src/mingw/device.c:234 msgid "Could not get MAC address from Windows tap device!" msgstr "Kon MAC adres niet achterhalen van Windows tap apparaat!" -#: src/cygwin/device.c:195 +#: src/cygwin/device.c:202 msgid "Could not open Windows tap device for reading!" msgstr "Kon Windows tap apparaat niet openen om te lezen!" -#: src/cygwin/device.c:201 +#: src/cygwin/device.c:208 msgid "Tap reader forked and running." msgstr "Taplezer is geforked en draait." -#: src/cygwin/device.c:218 +#: src/cygwin/device.c:225 msgid "Tap reader failed!" msgstr "Taplezer faalde!" -#: src/cygwin/device.c:225 src/mingw/device.c:163 +#: src/cygwin/device.c:229 src/mingw/device.c:288 msgid "Windows tap device" msgstr "Windows tap apparaat" -#: src/cygwin/device.c:227 src/mingw/device.c:165 +#: src/cygwin/device.c:231 src/mingw/device.c:290 #, c-format msgid "%s (%s) is a %s" msgstr "%s (%s) is een %s" -#: src/cygwin/device.c:275 src/mingw/device.c:209 +#: src/cygwin/device.c:279 src/mingw/device.c:335 #, c-format msgid "Error while writing to %s %s" msgstr "Fout tijdens schrijven naar %s %s" -#: src/mingw/device.c:145 +#: src/mingw/device.c:99 +#, fuzzy +msgid "Tap reader running" +msgstr "Taplezer is geforked en draait." + +#: src/mingw/device.c:227 #, c-format msgid "%s (%s) is no a usable Windows tap device!" msgstr "%s (%s) is geen bruikbaar Windows tap apparaat!" diff --git a/src/logger.c b/src/logger.c index f85bd152..2421464a 100644 --- a/src/logger.c +++ b/src/logger.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: logger.c,v 1.1.2.8 2003/07/29 22:59:00 guus Exp $ + $Id: logger.c,v 1.1.2.9 2003/08/02 20:50:38 guus Exp $ */ #include "system.h" @@ -71,6 +71,7 @@ void logger(int priority, const char *format, ...) { fprintf(logfile, "%ld %s[%d]: ", time(NULL), logident, logpid); vfprintf(logfile, format, ap); fprintf(logfile, "\n"); + fflush(logfile); break; case LOGMODE_SYSLOG: #ifdef HAVE_SYSLOG_H diff --git a/src/net.c b/src/net.c index e1580e65..a8d7cc6e 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.195 2003/07/29 22:59:00 guus Exp $ + $Id: net.c,v 1.35.4.196 2003/08/02 20:50:38 guus Exp $ */ #include "system.h" @@ -42,6 +42,7 @@ #include "xalloc.h" bool do_purge = false; +volatile bool running; time_t now = 0; @@ -280,7 +281,7 @@ static void check_network_activity(fd_set * f) /* this is where it all happens... */ -void main_loop(void) +int main_loop(void) { fd_set fset; struct timeval tv; @@ -294,7 +295,9 @@ void main_loop(void) last_config_check = now; srand(now); - for(;;) { + running = true; + + while(running) { now = time(NULL); tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */ @@ -310,7 +313,7 @@ void main_loop(void) strerror(errno)); cp_trace(); dump_connections(); - return; + return 1; } continue; @@ -379,7 +382,7 @@ void main_loop(void) if(!read_server_config()) { logger(LOG_ERR, _("Unable to reread configuration file, exitting.")); - exit(1); + return 1; } /* Close connections to hosts that have a changed or deleted host config file */ @@ -405,8 +408,8 @@ void main_loop(void) /* Try to make outgoing connections */ try_outgoing_connections(); - - continue; } } + + return 0; } diff --git a/src/net.h b/src/net.h index f1494666..06c0504c 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.68 2003/07/29 22:59:00 guus Exp $ + $Id: net.h,v 1.9.4.69 2003/08/02 20:50:38 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -135,7 +135,7 @@ extern bool setup_network_connections(void); extern void setup_outgoing_connection(struct outgoing_t *); extern void try_outgoing_connections(void); extern void close_network_connections(void); -extern void main_loop(void); +extern int main_loop(void); extern void terminate_connection(struct connection_t *, bool); extern void flush_queue(struct node_t *); extern bool read_rsa_public_key(struct connection_t *); diff --git a/src/process.c b/src/process.c index 44ecf308..547c51ad 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.60 2003/07/31 14:24:19 guus Exp $ + $Id: process.c,v 1.1.2.61 2003/08/02 20:50:38 guus Exp $ */ #include "system.h" @@ -43,6 +43,7 @@ extern char *identname; extern char *pidfilename; extern char **g_argv; extern bool use_logfile; +extern volatile bool running; sigset_t emptysigset; @@ -70,24 +71,154 @@ static int fcloseall(void) } #endif -/* - Close network connections, and terminate neatly -*/ -void cleanup_and_exit(int c) -{ - cp(); +#ifdef HAVE_MINGW +extern char *identname; +extern char *program_name; +extern char **g_argv; - close_network_connections(); +static SC_HANDLE manager = NULL; +static SC_HANDLE service = NULL; +static SERVICE_STATUS status = {0}; +static SERVICE_STATUS_HANDLE statushandle = 0; - ifdebug(CONNECTIONS) - dump_device_stats(); +bool install_service(void) { + char command[4096] = ""; + char **argp; - logger(LOG_NOTICE, _("Terminating")); + manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); + if(!manager) { + logger(LOG_ERR, _("Could not open service manager: %s"), winerror(GetLastError())); + return false; + } - closelogger(); - exit(c); + if(!strchr(program_name, '\\')) { + GetCurrentDirectory(sizeof(command), command); + strncat(command, "\\", sizeof(command)); + } + + strncat(command, program_name, sizeof(command)); + for(argp = g_argv + 1; *argp; argp++) { + strncat(command, " ", sizeof(command)); + strncat(command, *argp, sizeof(command)); + } + + service = CreateService(manager, identname, identname, + SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, + command, "NDIS", NULL, NULL, NULL, NULL); + + if(!service) { + logger(LOG_ERR, _("Could not create %s service: %s"), identname, winerror(GetLastError())); + return false; + } + + logger(LOG_INFO, _("%s service installed"), identname); + + if(!StartService(service, 0, NULL)) + logger(LOG_WARNING, _("Could not start %s service: %s"), identname, winerror(GetLastError())); + else + logger(LOG_INFO, _("%s service started"), identname); + + return true; } +bool remove_service(void) { + manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); + if(!manager) { + logger(LOG_ERR, _("Could not open service manager: %s"), winerror(GetLastError())); + return false; + } + + service = OpenService(manager, identname, SERVICE_ALL_ACCESS); + + if(!service) { + logger(LOG_ERR, _("Could not open %s service: %s"), identname, winerror(GetLastError())); + return false; + } + + if(!ControlService(service, SERVICE_CONTROL_STOP, &status)) + logger(LOG_ERR, _("Could not stop %s service: %s"), identname, winerror(GetLastError())); + else + logger(LOG_INFO, _("%s service stopped"), identname); + + if(!DeleteService(service)) { + logger(LOG_ERR, _("Could not remove %s service: %s"), identname, winerror(GetLastError())); + return false; + } + + logger(LOG_INFO, _("%s service removed"), identname); + + return true; +} + +DWORD WINAPI controlhandler(DWORD request, DWORD type, LPVOID boe, LPVOID bah) { + switch(request) { + case SERVICE_CONTROL_STOP: + logger(LOG_NOTICE, _("Got %s request"), "SERVICE_CONTROL_STOP"); + running = false; + break; + case SERVICE_CONTROL_SHUTDOWN: + logger(LOG_NOTICE, _("Got %s request"), "SERVICE_CONTROL_SHUTDOWN"); + running = false; + break; + default: + logger(LOG_WARNING, _("Got unexpected request %d"), request); + return ERROR_CALL_NOT_IMPLEMENTED; + } + + return NO_ERROR; +} + +VOID WINAPI run_service(DWORD argc, LPTSTR* argv) +{ + int err = 1; + extern int main2(int argc, char **argv); + + + status.dwServiceType = SERVICE_WIN32; + status.dwCurrentState = SERVICE_RUNNING; + status.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN; + status.dwWin32ExitCode = 0; + status.dwServiceSpecificExitCode = 0; + status.dwCheckPoint = 0; + status.dwWaitHint = 0; + + statushandle = RegisterServiceCtrlHandlerEx(identname, controlhandler, NULL); + + if (!statushandle) { + logger(LOG_ERR, _("System call `%s' failed: %s"), "RegisterServiceCtrlHandlerEx", winerror(GetLastError())); + err = 1; + } else { + SetServiceStatus(statushandle, &status); + + err = main2(argc, argv); + + status.dwCurrentState = SERVICE_STOPPED; + status.dwWin32ExitCode = err; + + SetServiceStatus(statushandle, &status); + } + + return; +} + +bool init_service(void) { + SERVICE_TABLE_ENTRY services[] = { + {identname, run_service}, + {NULL, NULL} + }; + + if(!StartServiceCtrlDispatcher(services)) { + if(GetLastError() == ERROR_FAILED_SERVICE_CONTROLLER_CONNECT) { + return false; + } + else + logger(LOG_ERR, _("System call `%s' failed: %s"), "StartServiceCtrlDispatcher", winerror(GetLastError())); + } + + return true; +} +#endif + #ifndef HAVE_MINGW /* check for an existing tinc for this net, and write pid to pidfile @@ -151,9 +282,11 @@ bool kill_other(int signal) fprintf(stderr, _("Removing stale lock file.\n")); remove_pid(pidfilename); } -#endif return true; +#else + return remove_service(); +#endif } /* @@ -170,14 +303,14 @@ bool detach(void) #ifndef HAVE_MINGW if(!write_pidfile()) return false; -#endif /* If we succeeded in doing that, detach */ closelogger(); +#endif -#ifdef HAVE_FORK if(do_detach) { +#ifndef HAVE_MINGW if(daemon(0, 0)) { fprintf(stderr, _("Couldn't detach from terminal: %s"), strerror(errno)); @@ -188,8 +321,11 @@ bool detach(void) if(!write_pid(pidfilename)) return false; - } +#else + if(!statushandle) + exit(install_service()); #endif + } openlogger(identname, use_logfile?LOGMODE_FILE:(do_detach?LOGMODE_SYSLOG:LOGMODE_STDERR)); @@ -312,14 +448,13 @@ bool execute_script(const char *name, char **envp) static RETSIGTYPE sigterm_handler(int a) { logger(LOG_NOTICE, _("Got TERM signal")); - - cleanup_and_exit(0); + running = false; } static RETSIGTYPE sigquit_handler(int a) { logger(LOG_NOTICE, _("Got QUIT signal")); - cleanup_and_exit(0); + running = false; } static RETSIGTYPE fatal_signal_square(int a) diff --git a/src/process.h b/src/process.h index 182ed72a..cf51fc82 100644 --- a/src/process.h +++ b/src/process.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.h,v 1.1.2.18 2003/07/30 21:52:41 guus Exp $ + $Id: process.h,v 1.1.2.19 2003/08/02 20:50:38 guus Exp $ */ #ifndef __TINC_PROCESS_H__ @@ -31,6 +31,5 @@ extern void setup_signals(void); extern bool execute_script(const char *, char **); extern bool detach(void); extern bool kill_other(int); -extern void cleanup_and_exit(int) __attribute__ ((__noreturn__)); #endif /* __TINC_PROCESS_H__ */ diff --git a/src/tincd.c b/src/tincd.c index 4b303622..98dea254 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.79 2003/07/30 11:50:45 guus Exp $ + $Id: tincd.c,v 1.10.4.80 2003/08/02 20:50:38 guus Exp $ */ #include "system.h" @@ -77,7 +77,8 @@ char *identname = NULL; /* program name for syslog */ char *pidfilename = NULL; /* pid file location */ char *logfilename = NULL; /* log file location */ char **g_argv; /* a copy of the cmdline arguments */ -char **environment; /* A pointer to the environment on startup */ + +int exitstatus = 0; static struct option const long_options[] = { {"config", required_argument, NULL, 'c'}, @@ -119,11 +120,9 @@ static void usage(bool status) " --version Output version information and exit.\n\n")); printf(_("Report bugs to tinc@nl.linux.org.\n")); } - - exit(status); } -static void parse_options(int argc, char **argv, char **envp) +static bool parse_options(int argc, char **argv) { int r; int option_index = 0; @@ -178,10 +177,13 @@ static void parse_options(int argc, char **argv, char **envp) fprintf(stderr, _("Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, USR1, USR2, WINCH, INT or ALRM.\n"), optarg); usage(true); + return false; } } } else kill_tincd = SIGTERM; +#else + kill_tincd = 1; #endif break; @@ -197,6 +199,7 @@ static void parse_options(int argc, char **argv, char **envp) fprintf(stderr, _("Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n"), optarg); usage(true); + return false; } generate_keys &= ~7; /* Round it to bytes */ @@ -228,11 +231,14 @@ static void parse_options(int argc, char **argv, char **envp) case '?': usage(true); + return false; default: break; } } + + return true; } /* This function prettyprints the key generation process */ @@ -354,7 +360,7 @@ static void make_names(void) } } -int main(int argc, char **argv, char **envp) +int main(int argc, char **argv) { program_name = argv[0]; @@ -362,8 +368,9 @@ int main(int argc, char **argv, char **envp) bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); - environment = envp; - parse_options(argc, argv, envp); + if(!parse_options(argc, argv)) + return 1; + make_names(); if(show_version) { @@ -378,11 +385,13 @@ int main(int argc, char **argv, char **envp) return 0; } - if(show_help) + if(show_help) { usage(false); + return 0; + } if(kill_tincd) - exit(!kill_other(kill_tincd)); + return !kill_other(kill_tincd); openlogger("tinc", LOGMODE_STDERR); @@ -412,31 +421,48 @@ int main(int argc, char **argv, char **envp) if(generate_keys) { read_server_config(); - exit(!keygen(generate_keys)); + return !keygen(generate_keys); } if(!read_server_config()) - exit(1); + return 1; if(lzo_init() != LZO_E_OK) { logger(LOG_ERR, _("Error initializing LZO compressor!")); - exit(1); + return 1; } #ifdef HAVE_MINGW if(WSAStartup(MAKEWORD(2, 2), &wsa_state)) { - logger(LOG_ERR, _("System call `%s' failed: %s"), "WSAStartup", strerror(errno)); - exit(1); + logger(LOG_ERR, _("System call `%s' failed: %s"), "WSAStartup", winerror(GetLastError())); + return 1; } + + if(!do_detach || !init_service()) + return main2(argc, argv); + else + return 1; +} + +int main2(int argc, char **argv) +{ #endif - + if(!detach()) - exit(1); + return 1; for(;;) { if(setup_network_connections()) { - main_loop(); - cleanup_and_exit(1); + int status; + status = main_loop(); + + close_network_connections(); + + ifdebug(CONNECTIONS) + dump_device_stats(); + + logger(LOG_NOTICE, _("Terminating")); + return status; } logger(LOG_ERR, _("Unrecoverable error")); @@ -447,7 +473,7 @@ int main(int argc, char **argv, char **envp) sleep(maxtimeout); } else { logger(LOG_ERR, _("Not restarting.")); - exit(1); + return 1; } } } From 3fd96ebec7e44a0a7288c60da1cdec2d4fe03e8c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 2 Aug 2003 21:01:50 +0000 Subject: [PATCH 808/923] Error messages. --- src/mingw/device.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/mingw/device.c b/src/mingw/device.c index 23b4c009..d2675ef6 100644 --- a/src/mingw/device.c +++ b/src/mingw/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.8 2003/08/01 08:18:22 guus Exp $ + $Id: device.c,v 1.1.2.9 2003/08/02 21:01:50 guus Exp $ */ #include "system.h" @@ -158,7 +158,7 @@ bool setup_device(void) /* Open registry and look for network adapters */ if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CONTROL_NET, 0, KEY_READ, &key)) { - logger(LOG_ERR, _("Unable to read registry")); + logger(LOG_ERR, _("Unable to read registry: %s"), winerror(GetLastError())); return false; } @@ -272,7 +272,7 @@ bool setup_device(void) thread = CreateThread(NULL, 0, tapreader, NULL, 0, NULL); if(!thread) { - logger(LOG_ERR, _("System call `%s' failed: %s"), "CreateThread", strerror(errno)); + logger(LOG_ERR, _("System call `%s' failed: %s"), "CreateThread", winerror(GetLastError())); return false; } @@ -332,7 +332,7 @@ bool write_packet(vpn_packet_t *packet) packet->len, device_info); if(!WriteFile(device_handle, packet->data, packet->len, &lenout, &overlapped)) { - logger(LOG_ERR, _("Error while writing to %s %s"), device_info, device); + logger(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, device, winerror(GetLastError())); return false; } From c044d12dfd54c033bc5ad9fbf9f889724762f76c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 2 Aug 2003 21:33:19 +0000 Subject: [PATCH 809/923] Cleanups and error messages. --- src/cygwin/device.c | 50 +++++++++++++++++++-------------------------- src/mingw/device.c | 9 +------- 2 files changed, 22 insertions(+), 37 deletions(-) diff --git a/src/cygwin/device.c b/src/cygwin/device.c index cbfebc23..e5f5354b 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.14 2003/07/29 23:21:01 guus Exp $ + $Id: device.c,v 1.1.2.15 2003/08/02 21:33:18 guus Exp $ */ #include "system.h" @@ -32,15 +32,11 @@ #include "utils.h" #include "xalloc.h" -#define NETCARD_REG_KEY_2000 "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}" -#define NETCARD_REG_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards" -#define REG_SERVICE_KEY "SYSTEM\\CurrentControlSet\\Services" -#define REG_CONTROL_NET "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}" +#define REG_CONTROL_NET "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}" #define USERMODEDEVICEDIR "\\\\.\\" -#define SYSDEVICEDIR "\\Device\\" #define USERDEVICEDIR "\\??\\" -#define TAPSUFFIX ".tap" +#define TAPSUFFIX ".tap" #define TAP_CONTROL_CODE(request,method) CTL_CODE(FILE_DEVICE_PHYSICAL_NETCARD | 8000, request, method, FILE_ANY_ACCESS) @@ -48,10 +44,8 @@ #define TAP_IOCTL_GET_MAC TAP_CONTROL_CODE(1, METHOD_BUFFERED) #define TAP_IOCTL_SET_STATISTICS TAP_CONTROL_CODE(2, METHOD_BUFFERED) -/* FIXME: This only works for Windows 2000 */ -#define OSTYPE 5 - int device_fd = -1; +static HANDLE device_handle = INVALID_HANDLE_VALUE; char *device = NULL; char *iface = NULL; char *device_info = NULL; @@ -59,8 +53,6 @@ char *device_info = NULL; int device_total_in = 0; int device_total_out = 0; -HANDLE handle; - pid_t reader_pid; int sp[2]; @@ -86,7 +78,7 @@ bool setup_device(void) /* Open registry and look for network adapters */ if(RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CONTROL_NET, 0, KEY_READ, &key)) { - logger(LOG_ERR, _("Unable to read registry")); + logger(LOG_ERR, _("Unable to read registry: %s"), winerror(GetLastError())); return false; } @@ -124,9 +116,9 @@ bool setup_device(void) } snprintf(tapname, sizeof(tapname), USERMODEDEVICEDIR "%s" TAPSUFFIX, adapterid); - handle = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0); - if(handle != INVALID_HANDLE_VALUE) { - CloseHandle(handle); + device_handle = CreateFile(tapname, GENERIC_WRITE | GENERIC_READ, 0, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0); + if(device_handle != INVALID_HANDLE_VALUE) { + CloseHandle(device_handle); found = true; break; } @@ -158,10 +150,10 @@ bool setup_device(void) /* The parent opens the tap device for writing. */ - handle = CreateFile(tapname, GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); + device_handle = CreateFile(tapname, GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); - if(handle == INVALID_HANDLE_VALUE) { - logger(LOG_ERR, _("Could not open Windows tap device for writing!")); + if(device_handle == INVALID_HANDLE_VALUE) { + logger(LOG_ERR, _("Could not open Windows tap device for writing: %s"), winerror(GetLastError())); return false; } @@ -169,8 +161,8 @@ bool setup_device(void) /* Get MAC address from tap device */ - if(!DeviceIoControl(handle, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) { - logger(LOG_ERR, _("Could not get MAC address from Windows tap device!")); + if(!DeviceIoControl(device_handle, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) { + logger(LOG_ERR, _("Could not get MAC address from Windows tap device: %s"), winerror(GetLastError())); return false; } @@ -194,12 +186,12 @@ bool setup_device(void) char buf[MTU]; long lenin; - CloseHandle(handle); + CloseHandle(device_handle); - handle = CreateFile(tapname, GENERIC_READ, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0); + device_handle = CreateFile(tapname, GENERIC_READ, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0); - if(handle == INVALID_HANDLE_VALUE) { - logger(LOG_ERR, _("Could not open Windows tap device for reading!")); + if(device_handle == INVALID_HANDLE_VALUE) { + logger(LOG_ERR, _("Could not open Windows tap device for reading: %s"), winerror(GetLastError())); buf[0] = 0; write(sp[1], buf, 1); exit(1); @@ -215,7 +207,7 @@ bool setup_device(void) /* Pass packets */ for(;;) { - ReadFile(handle, buf, MTU, &lenin, NULL); + ReadFile(device_handle, buf, MTU, &lenin, NULL); write(sp[1], buf, lenin); } } @@ -239,7 +231,7 @@ void close_device(void) close(sp[0]); close(sp[1]); - CloseHandle(handle); + CloseHandle(device_handle); kill(reader_pid, SIGKILL); } @@ -275,8 +267,8 @@ bool write_packet(vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Writing packet of %d bytes to %s"), packet->len, device_info); - if(!WriteFile (handle, packet->data, packet->len, &lenout, NULL)) { - logger(LOG_ERR, _("Error while writing to %s %s"), device_info, device); + if(!WriteFile (device_handle, packet->data, packet->len, &lenout, NULL)) { + logger(LOG_ERR, _("Error while writing to %s %s: %s"), device_info, device, winerror(GetLastError())); return false; } diff --git a/src/mingw/device.c b/src/mingw/device.c index d2675ef6..1f63d0ab 100644 --- a/src/mingw/device.c +++ b/src/mingw/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.9 2003/08/02 21:01:50 guus Exp $ + $Id: device.c,v 1.1.2.10 2003/08/02 21:33:19 guus Exp $ */ #include "system.h" @@ -32,13 +32,9 @@ #include "utils.h" #include "xalloc.h" -#define NETCARD_REG_KEY_2000 "SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}" -#define NETCARD_REG_KEY "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\NetworkCards" -#define REG_SERVICE_KEY "SYSTEM\\CurrentControlSet\\Services" #define REG_CONTROL_NET "SYSTEM\\CurrentControlSet\\Control\\Network\\{4D36E972-E325-11CE-BFC1-08002BE10318}" #define USERMODEDEVICEDIR "\\\\.\\" -#define SYSDEVICEDIR "\\Device\\" #define USERDEVICEDIR "\\??\\" #define TAPSUFFIX ".tap" @@ -48,9 +44,6 @@ #define TAP_IOCTL_GET_MAC TAP_CONTROL_CODE(1, METHOD_BUFFERED) #define TAP_IOCTL_SET_STATISTICS TAP_CONTROL_CODE(2, METHOD_BUFFERED) -/* FIXME: This only works for Windows 2000 */ -#define OSTYPE 5 - int device_fd = 0; HANDLE device_handle = INVALID_HANDLE_VALUE; char *device = NULL; From e6e32814584f82ee61f658a71cb435bbb491bd39 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 2 Aug 2003 21:33:52 +0000 Subject: [PATCH 810/923] Missing include. --- src/tincd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/tincd.c b/src/tincd.c index 98dea254..4aba579f 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.80 2003/08/02 20:50:38 guus Exp $ + $Id: tincd.c,v 1.10.4.81 2003/08/02 21:33:52 guus Exp $ */ #include "system.h" @@ -41,6 +41,7 @@ #include #include "conf.h" +#include "device.h" #include "logger.h" #include "net.h" #include "netutl.h" From f605ec47bed26362e24ffacf71c7ae5aeed3c230 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 2 Aug 2003 21:34:10 +0000 Subject: [PATCH 811/923] Oops. --- src/conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/conf.c b/src/conf.c index 8d30e0d5..0fb18ab1 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.71 2003/08/02 15:29:06 guus Exp $ + $Id: conf.c,v 1.9.4.72 2003/08/02 21:34:10 guus Exp $ */ #include "system.h" @@ -363,7 +363,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) continue; if(ignore) { - if(!strncmp(variable, "-----END", 8)) + if(!strncmp(line, "-----END", 8)) ignore = false; continue; } From 8a1969bc8319761e3821fc76a7c2f7037ffb8850 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 2 Aug 2003 21:39:11 +0000 Subject: [PATCH 812/923] Updated dutch translation. --- po/nl.po | 298 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 160 insertions(+), 138 deletions(-) diff --git a/po/nl.po b/po/nl.po index bc417a83..15f7b68c 100644 --- a/po/nl.po +++ b/po/nl.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2003-08-02 17:51+0200\n" +"POT-Creation-Date: 2003-08-02 23:34+0200\n" "PO-Revision-Date: 2003-05-06 23:10+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -14,6 +14,10 @@ msgstr "" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" +#: lib/utils.c:89 +msgid "(unable to format errormessage)" +msgstr "(kon foutmelding niet samenstellen)" + #: src/conf.c:159 #, c-format msgid "\"yes\" or \"no\" expected for configuration variable %s in %s line %d" @@ -174,56 +178,56 @@ msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" -#: src/net.c:59 +#: src/net.c:60 msgid "Purging unreachable nodes" msgstr "Verwijderen onbereikbare nodes" -#: src/net.c:66 +#: src/net.c:67 #, c-format msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:147 +#: src/net.c:148 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:200 +#: src/net.c:201 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:209 +#: src/net.c:210 #, c-format msgid "Old connection_t for %s (%s) status %04x still lingering, deleting..." msgstr "" "Oude connection_t voor %s (%s) status %04x nog steeds aanwezig, wordt " "verwijderd..." -#: src/net.c:214 +#: src/net.c:215 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:256 +#: src/net.c:257 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:309 +#: src/net.c:312 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:340 +#: src/net.c:343 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:357 +#: src/net.c:360 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:381 +#: src/net.c:384 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." @@ -270,12 +274,12 @@ msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" #: src/net_packet.c:309 src/net_setup.c:457 src/net_socket.c:74 -#: src/net_socket.c:122 src/net_socket.c:153 src/tincd.c:394 src/tincd.c:428 -#: src/process.c:389 src/process.c:417 src/cygwin/device.c:155 -#: src/cygwin/device.c:186 src/mingw/device.c:81 src/mingw/device.c:90 -#: src/mingw/device.c:95 src/mingw/device.c:247 src/mingw/device.c:254 -#: src/mingw/device.c:259 src/mingw/device.c:266 src/mingw/device.c:275 -#: src/mingw/device.c:282 +#: src/net_socket.c:122 src/net_socket.c:153 src/tincd.c:404 src/tincd.c:438 +#: src/process.c:188 src/process.c:215 src/process.c:397 src/process.c:425 +#: src/cygwin/device.c:147 src/cygwin/device.c:178 src/mingw/device.c:74 +#: src/mingw/device.c:83 src/mingw/device.c:88 src/mingw/device.c:240 +#: src/mingw/device.c:247 src/mingw/device.c:252 src/mingw/device.c:259 +#: src/mingw/device.c:268 src/mingw/device.c:275 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" @@ -818,12 +822,12 @@ msgstr " %s eigenaar %s" msgid "End of subnet list." msgstr "Einde van subnet lijst." -#: src/tincd.c:105 +#: src/tincd.c:107 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:108 +#: src/tincd.c:110 #, c-format msgid "" "Usage: %s [option]...\n" @@ -832,7 +836,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:109 +#: src/tincd.c:111 msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" @@ -861,7 +865,7 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:120 +#: src/tincd.c:122 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" @@ -876,7 +880,7 @@ msgstr "" "Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, " "KILL, USR1, USR2, WINCH, INT of ALRM.\n" -#: src/tincd.c:197 +#: src/tincd.c:200 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" @@ -884,24 +888,24 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:286 +#: src/tincd.c:293 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:290 +#: src/tincd.c:297 msgid "Error during key generation!\n" msgstr "Fout tijdens genereren sleutel!\n" -#: src/tincd.c:293 +#: src/tincd.c:300 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:296 +#: src/tincd.c:303 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:302 src/tincd.c:321 +#: src/tincd.c:309 src/tincd.c:328 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -909,21 +913,21 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:315 +#: src/tincd.c:322 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:350 +#: src/tincd.c:357 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:370 +#: src/tincd.c:378 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:372 +#: src/tincd.c:380 msgid "" "Copyright (C) 1998-2003 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -940,180 +944,195 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:398 +#: src/tincd.c:408 msgid "mlockall() not supported on this platform!" msgstr "mlockall() wordt niet ondersteund op dit platform!" -#: src/tincd.c:422 +#: src/tincd.c:432 msgid "Error initializing LZO compressor!" msgstr "Fout tijdens initialiseren LZO compressor!" -#: src/tincd.c:442 +#: src/tincd.c:465 +msgid "Terminating" +msgstr "Beëindigen" + +#: src/tincd.c:469 msgid "Unrecoverable error" msgstr "Onherstelbare fout" -#: src/tincd.c:446 +#: src/tincd.c:473 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:449 src/process.c:480 +#: src/tincd.c:476 src/process.c:487 msgid "Not restarting." msgstr "Geen herstart." -#: src/process.c:53 +#: src/process.c:54 #, c-format msgid "Memory exhausted (couldn't allocate %d bytes), exitting." msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." -#: src/process.c:85 -msgid "Terminating" -msgstr "Beëindigen" +#: src/process.c:90 src/process.c:127 +#, c-format +msgid "Could not open service manager: %s" +msgstr "Kon service manager niet openen: %s" -#: src/process.c:107 src/process.c:148 -#, fuzzy -msgid "Could not open service manager" -msgstr "Kon `%s' niet twee keer openen: %s" +#: src/process.c:110 +#, c-format +msgid "Could not create %s service: %s" +msgstr "Kon %s service niet aanmaken: %s" #: src/process.c:114 #, c-format -msgid "%s service already installed" -msgstr "" - -#: src/process.c:132 -#, fuzzy, c-format -msgid "Could not create service: %d" -msgstr "Kon `%s' niet twee keer openen: %s" - -#: src/process.c:136 -#, c-format msgid "%s service installed" -msgstr "" +msgstr "%s service geïnstalleerd" -#: src/process.c:140 +#: src/process.c:117 +#, c-format +msgid "Could not start %s service: %s" +msgstr "Kon %s service niet starten: %s" + +#: src/process.c:119 #, c-format msgid "%s service started" -msgstr "" +msgstr "%s service gestart" -#: src/process.c:155 -#, fuzzy -msgid "Could not open service" -msgstr "Kon `%s' niet twee keer openen: %s" +#: src/process.c:134 +#, c-format +msgid "Could not open %s service: %s" +msgstr "Kon %s service niet openen: %s" -#: src/process.c:160 -#, fuzzy -msgid "Could not remove service" -msgstr "Kon `%s' niet twee keer openen: %s" +#: src/process.c:139 +#, c-format +msgid "Could not stop %s service: %s" +msgstr "Kon %s service niet stoppen: %s" + +#: src/process.c:141 +#, c-format +msgid "%s service stopped" +msgstr "%s service gestopt" + +#: src/process.c:144 +#, c-format +msgid "Could not remove %s service: %s" +msgstr "Kon %s service niet verwijderen: %s" + +#: src/process.c:148 +#, c-format +msgid "%s service removed" +msgstr "%s service verwijderd" + +#: src/process.c:156 src/process.c:160 +#, c-format +msgid "Got %s request" +msgstr "Kreeg %s verzoek" #: src/process.c:164 #, c-format -msgid "%s service removed" -msgstr "" +msgid "Got unexpected request %d" +msgstr "Kreeg onverwacht verzoek %d" -#: src/process.c:203 -#, c-format -msgid "Error starting service control dispatcher: %d" -msgstr "" - -#: src/process.c:226 +#: src/process.c:236 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd draait al voor net `%s' met pid %d.\n" -#: src/process.c:229 +#: src/process.c:239 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met pid %d.\n" -#: src/process.c:255 +#: src/process.c:265 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:258 +#: src/process.c:268 msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:267 +#: src/process.c:277 #, c-format msgid "The tincd for net `%s' is no longer running. " msgstr "De tincd voor net `%s' draait niet meer. " -#: src/process.c:270 +#: src/process.c:280 msgid "The tincd is no longer running. " msgstr "De tincd draait niet meer. " -#: src/process.c:272 +#: src/process.c:282 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:305 +#: src/process.c:315 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:324 +#: src/process.c:332 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:360 +#: src/process.c:368 #, c-format msgid "Could not execute `%s': %s" msgstr "Kon `%s' niet uitvoeren: %s" -#: src/process.c:395 +#: src/process.c:403 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:402 +#: src/process.c:410 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:408 +#: src/process.c:416 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:412 +#: src/process.c:420 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:442 +#: src/process.c:450 msgid "Got TERM signal" msgstr "Kreeg TERM signaal" -#: src/process.c:449 +#: src/process.c:456 msgid "Got QUIT signal" msgstr "Kreeg QUIT signaal" -#: src/process.c:455 +#: src/process.c:462 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart." -#: src/process.c:464 +#: src/process.c:471 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:468 +#: src/process.c:475 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:487 +#: src/process.c:494 msgid "Got HUP signal" msgstr "Kreeg HUP signaal" -#: src/process.c:494 +#: src/process.c:501 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:500 +#: src/process.c:507 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1122,21 +1141,21 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:509 +#: src/process.c:516 msgid "Got ALRM signal" msgstr "Kreeg ALRM signaal" -#: src/process.c:533 +#: src/process.c:540 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:539 +#: src/process.c:546 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:593 +#: src/process.c:600 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" @@ -1271,22 +1290,22 @@ msgstr "%s is een %s" #: src/linux/device.c:137 src/linux/device.c:148 src/linux/device.c:159 #: src/freebsd/device.c:75 src/solaris/device.c:126 src/netbsd/device.c:78 -#: src/darwin/device.c:75 src/cygwin/device.c:254 src/mingw/device.c:118 -#: src/mingw/device.c:309 src/raw_socket/device.c:114 +#: src/darwin/device.c:75 src/cygwin/device.c:246 src/mingw/device.c:111 +#: src/mingw/device.c:302 src/raw_socket/device.c:114 #, c-format msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" #: src/linux/device.c:170 src/freebsd/device.c:84 src/solaris/device.c:138 -#: src/netbsd/device.c:90 src/darwin/device.c:87 src/cygwin/device.c:263 -#: src/mingw/device.c:318 src/raw_socket/device.c:123 +#: src/netbsd/device.c:90 src/darwin/device.c:87 src/cygwin/device.c:255 +#: src/mingw/device.c:311 src/raw_socket/device.c:123 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" #: src/linux/device.c:180 src/freebsd/device.c:94 src/solaris/device.c:148 -#: src/netbsd/device.c:100 src/darwin/device.c:97 src/cygwin/device.c:275 -#: src/mingw/device.c:331 src/raw_socket/device.c:133 +#: src/netbsd/device.c:100 src/darwin/device.c:97 src/cygwin/device.c:267 +#: src/mingw/device.c:324 src/raw_socket/device.c:133 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" @@ -1299,22 +1318,22 @@ msgid "Can't write to %s %s: %s" msgstr "Kan niet schrijven naar %s %s: %s" #: src/linux/device.c:219 src/freebsd/device.c:112 src/solaris/device.c:166 -#: src/netbsd/device.c:118 src/darwin/device.c:115 src/cygwin/device.c:292 -#: src/mingw/device.c:348 src/raw_socket/device.c:151 +#: src/netbsd/device.c:118 src/darwin/device.c:115 src/cygwin/device.c:284 +#: src/mingw/device.c:341 src/raw_socket/device.c:151 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" #: src/linux/device.c:220 src/freebsd/device.c:113 src/solaris/device.c:167 -#: src/netbsd/device.c:119 src/darwin/device.c:116 src/cygwin/device.c:293 -#: src/mingw/device.c:349 src/raw_socket/device.c:152 +#: src/netbsd/device.c:119 src/darwin/device.c:116 src/cygwin/device.c:285 +#: src/mingw/device.c:342 src/raw_socket/device.c:152 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" #: src/linux/device.c:221 src/freebsd/device.c:114 src/solaris/device.c:168 -#: src/netbsd/device.c:120 src/darwin/device.c:117 src/cygwin/device.c:294 -#: src/mingw/device.c:350 src/raw_socket/device.c:153 +#: src/netbsd/device.c:120 src/darwin/device.c:117 src/cygwin/device.c:286 +#: src/mingw/device.c:343 src/raw_socket/device.c:153 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" @@ -1323,7 +1342,8 @@ msgstr " totaal aantal bytes uit: %10d" msgid "FreeBSD tap device" msgstr "FreeBSD tap apparaat" -#: src/freebsd/device.c:98 src/darwin/device.c:101 +#: src/freebsd/device.c:98 src/darwin/device.c:101 src/cygwin/device.c:271 +#: src/mingw/device.c:328 #, c-format msgid "Error while writing to %s %s: %s" msgstr "Fout tijdens schrijven naar %s %s: %s" @@ -1370,58 +1390,60 @@ msgstr "NetBSD tun apparaat" msgid "MacOS/X tun device" msgstr "MaxOS/X tun apparaat" -#: src/cygwin/device.c:89 src/mingw/device.c:161 -msgid "Unable to read registry" -msgstr "Kon registry niet lezen" +#: src/cygwin/device.c:81 src/mingw/device.c:154 +#, c-format +msgid "Unable to read registry: %s" +msgstr "Kon registry niet lezen: %s" -#: src/cygwin/device.c:138 src/mingw/device.c:209 +#: src/cygwin/device.c:130 src/mingw/device.c:202 msgid "No Windows tap device found!" msgstr "Geen Windows tap apparaat gevonden!" -#: src/cygwin/device.c:164 -msgid "Could not open Windows tap device for writing!" -msgstr "Kon Windows tap apparaat niet openen om te schrijven!" +#: src/cygwin/device.c:156 +#, c-format +msgid "Could not open Windows tap device for writing: %s" +msgstr "Kon Windows tap apparaat niet openen om te schrijven: %s" -#: src/cygwin/device.c:173 src/mingw/device.c:234 -msgid "Could not get MAC address from Windows tap device!" -msgstr "Kon MAC adres niet achterhalen van Windows tap apparaat!" +#: src/cygwin/device.c:165 +#, c-format +msgid "Could not get MAC address from Windows tap device: %s" +msgstr "Kon MAC adres niet achterhalen van Windows tap apparaat: %s" -#: src/cygwin/device.c:202 -msgid "Could not open Windows tap device for reading!" -msgstr "Kon Windows tap apparaat niet openen om te lezen!" +#: src/cygwin/device.c:194 +#, c-format +msgid "Could not open Windows tap device for reading: %s" +msgstr "Kon Windows tap apparaat niet openen om te lezen: %s" -#: src/cygwin/device.c:208 +#: src/cygwin/device.c:200 msgid "Tap reader forked and running." msgstr "Taplezer is geforked en draait." -#: src/cygwin/device.c:225 +#: src/cygwin/device.c:217 msgid "Tap reader failed!" msgstr "Taplezer faalde!" -#: src/cygwin/device.c:229 src/mingw/device.c:288 +#: src/cygwin/device.c:221 src/mingw/device.c:281 msgid "Windows tap device" msgstr "Windows tap apparaat" -#: src/cygwin/device.c:231 src/mingw/device.c:290 +#: src/cygwin/device.c:223 src/mingw/device.c:283 #, c-format msgid "%s (%s) is a %s" msgstr "%s (%s) is een %s" -#: src/cygwin/device.c:279 src/mingw/device.c:335 -#, c-format -msgid "Error while writing to %s %s" -msgstr "Fout tijdens schrijven naar %s %s" - -#: src/mingw/device.c:99 -#, fuzzy +#: src/mingw/device.c:92 msgid "Tap reader running" -msgstr "Taplezer is geforked en draait." +msgstr "Taplezer draait" -#: src/mingw/device.c:227 +#: src/mingw/device.c:220 #, c-format msgid "%s (%s) is no a usable Windows tap device!" msgstr "%s (%s) is geen bruikbaar Windows tap apparaat!" +#: src/mingw/device.c:227 +msgid "Could not get MAC address from Windows tap device!" +msgstr "Kon MAC adres niet achterhalen van Windows tap apparaat!" + #: src/raw_socket/device.c:68 msgid "raw socket" msgstr "raw socket" From 92938c07b17fdd30f4e7f9ae1b884b05c7aa312c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 2 Aug 2003 21:55:12 +0000 Subject: [PATCH 813/923] Explain how tinc detaches and how it is "killed" under Windows. --- doc/tinc.texi | 17 +++++++++++------ doc/tincd.8 | 4 ++++ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 2abc86c5..843074a8 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.40 2003/07/30 09:22:29 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.41 2003/08/02 21:55:12 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.40 2003/07/30 09:22:29 guus Exp $ +$Id: tinc.texi,v 1.8.4.41 2003/08/02 21:55:12 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.40 2003/07/30 09:22:29 guus Exp $ +$Id: tinc.texi,v 1.8.4.41 2003/08/02 21:55:12 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -272,7 +272,7 @@ downloaded from @uref{http://cipe-win32.sourceforge.net/}. @cindex MinGW @cindex Windows -tinc on Windows, compiled using MinGW, relies on the CIPE driver for its data +tinc on Windows (native), compiled using MinGW, relies on the CIPE driver for its data acquisition from the kernel. This driver is not part of Windows but can be downloaded from @uref{http://cipe-win32.sourceforge.net/}. @@ -672,8 +672,11 @@ You will need to install the MinGW environment from @uref{http://www.mingw.org}. When tinc is compiled using MinGW it runs natively under Windows, it is not necessary to keep MinGW installed. -However, when compiled using MinGW, tinc will not be able to start -scripts or be able to receive signals. + +When running natively, tinc is not able to start scripts, +nor is tinc able to receive signals. +When detaching, tinc will install itself as a service, +which will be restarted automatically after reboots. @c ================================================================== @@ -1470,6 +1473,8 @@ logged. Everything goes via syslog. @item -k, --kill[=SIGNAL] Attempt to kill a running tincd (optionally with the specified SIGNAL instead of SIGTERM) and exit. Use it in conjunction with the -n option to make sure you kill the right tinc daemon. +Under native Windows the optional argument is ignored, +the service will always be stopped and removed. @item -n, --net=NETNAME Connect to net NETNAME. @xref{Multiple networks}. diff --git a/doc/tincd.8 b/doc/tincd.8 index ec8a147d..b85ffa9e 100644 --- a/doc/tincd.8 +++ b/doc/tincd.8 @@ -34,6 +34,8 @@ If that succeeds, it will detach from the controlling terminal and continue in the background, accepting and setting up connections to other tinc daemons that are part of the virtual private network. +Under Windows (native) tinc will install itself as a service, +which will be restarted automatically after reboots. .Sh OPTIONS .Bl -tag -width indent .It Fl c, -config Ns = Ns Ar DIR @@ -52,6 +54,8 @@ Attempt to kill a running (optionally with the specified .Ar SIGNAL instead of SIGTERM) and exit. +Under native Windows the optional argument is ignored, +the service will always be stopped and removed. .It Fl n, -net Ns = Ns Ar NETNAME Connect to net .Ar NETNAME . From e20ac7b52da8e3f7da292836c6e2551fc9f64617 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 2 Aug 2003 22:01:50 +0000 Subject: [PATCH 814/923] Typo and another thing to think about. --- doc/tinc.texi | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index 843074a8..26b8dcaa 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.41 2003/08/02 21:55:12 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.42 2003/08/02 22:01:50 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -18,7 +18,7 @@ Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.41 2003/08/02 21:55:12 guus Exp $ +$Id: tinc.texi,v 1.8.4.42 2003/08/02 22:01:50 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -43,7 +43,7 @@ Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.41 2003/08/02 21:55:12 guus Exp $ +$Id: tinc.texi,v 1.8.4.42 2003/08/02 22:01:50 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -797,6 +797,7 @@ What IP addresses/subnets do they have? What is the network mask of the entire VPN? Do you need special firewall rules? Do you have to set up masquerading or forwarding rules? +Do you want to run tinc in router mode or switch mode? These questions can only be answered by yourself, you will not find the answers in this documentation. Make sure you have an adequate understanding of networks in general. @@ -1953,7 +1954,7 @@ known, because a challenge reply can only be sent back if the challenge is decrypted correctly, and that can only be done with knowledge of the private key. -Fourth: the first thing that is send via the symmetric cipher encrypted +Fourth: the first thing that is sent via the symmetric cipher encrypted connection is a totally random string, so that there is no known plaintext (for an attacker) in the beginning of the encrypted stream. From a65011b3c54cd4ddc66f20909ca0e495de0d6eb0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 3 Aug 2003 09:08:52 +0000 Subject: [PATCH 815/923] Clean up last part of main(). --- src/tincd.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/src/tincd.c b/src/tincd.c index 4aba579f..6606b5b5 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.81 2003/08/02 21:33:52 guus Exp $ + $Id: tincd.c,v 1.10.4.82 2003/08/03 09:08:52 guus Exp $ */ #include "system.h" @@ -452,23 +452,10 @@ int main2(int argc, char **argv) if(!detach()) return 1; - for(;;) { - if(setup_network_connections()) { - int status; - status = main_loop(); - close_network_connections(); - - ifdebug(CONNECTIONS) - dump_device_stats(); - - logger(LOG_NOTICE, _("Terminating")); - return status; - } - - logger(LOG_ERR, _("Unrecoverable error")); - cp_trace(); + /* Setup sockets and open device. If it doesn't work, don't give up but try again. */ + while(!setup_network_connections()) { if(do_detach) { logger(LOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout); sleep(maxtimeout); @@ -477,4 +464,19 @@ int main2(int argc, char **argv) return 1; } } + + /* Start main loop. It only exits when tinc is killed. */ + + int status; + status = main_loop(); + + /* Shutdown properly. */ + + close_network_connections(); + + ifdebug(CONNECTIONS) + dump_device_stats(); + + logger(LOG_NOTICE, _("Terminating")); + return status; } From fa9c00733e4b793691bf5a068ff7f2f391854fb4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 3 Aug 2003 09:55:20 +0000 Subject: [PATCH 816/923] Old gcc compilers don't like declarations in the middle of a function. --- src/tincd.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/tincd.c b/src/tincd.c index 6606b5b5..ee3ca1c5 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.82 2003/08/03 09:08:52 guus Exp $ + $Id: tincd.c,v 1.10.4.83 2003/08/03 09:55:20 guus Exp $ */ #include "system.h" @@ -79,7 +79,7 @@ char *pidfilename = NULL; /* pid file location */ char *logfilename = NULL; /* log file location */ char **g_argv; /* a copy of the cmdline arguments */ -int exitstatus = 0; +static int status; static struct option const long_options[] = { {"config", required_argument, NULL, 'c'}, @@ -467,7 +467,6 @@ int main2(int argc, char **argv) /* Start main loop. It only exits when tinc is killed. */ - int status; status = main_loop(); /* Shutdown properly. */ From 7bed2a7099fc7359f6ec24e5f2d7050c7d63b6ac Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 3 Aug 2003 12:37:55 +0000 Subject: [PATCH 817/923] Cygwin needs windows.h. --- lib/utils.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/utils.c b/lib/utils.c index 6b3dd237..43abf96e 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -80,7 +80,11 @@ void cp_trace() } #endif -#ifdef HAVE_MINGW +#if defined(HAVE_MINGW) || defined(HAVE_CYGWIN) +#ifdef HAVE_CYGWIN +#include +#endif + char *winerror(int err) { static char buf[1024]; From 3671ed806d7371fb6b14a5909451b20e54a1b14a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 3 Aug 2003 12:38:18 +0000 Subject: [PATCH 818/923] Keep Windows happy. --- src/process.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/process.c b/src/process.c index 547c51ad..2ec0bcd3 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.61 2003/08/02 20:50:38 guus Exp $ + $Id: process.c,v 1.1.2.62 2003/08/03 12:38:18 guus Exp $ */ #include "system.h" @@ -165,6 +165,11 @@ DWORD WINAPI controlhandler(DWORD request, DWORD type, LPVOID boe, LPVOID bah) { return ERROR_CALL_NOT_IMPLEMENTED; } + if(!running) { + status.dwCurrentState = SERVICE_STOP_PENDING; + SetServiceStatus(statushandle, &status); + } + return NO_ERROR; } @@ -175,7 +180,6 @@ VOID WINAPI run_service(DWORD argc, LPTSTR* argv) status.dwServiceType = SERVICE_WIN32; - status.dwCurrentState = SERVICE_RUNNING; status.dwControlsAccepted = SERVICE_ACCEPT_STOP | SERVICE_ACCEPT_SHUTDOWN; status.dwWin32ExitCode = 0; status.dwServiceSpecificExitCode = 0; @@ -188,13 +192,16 @@ VOID WINAPI run_service(DWORD argc, LPTSTR* argv) logger(LOG_ERR, _("System call `%s' failed: %s"), "RegisterServiceCtrlHandlerEx", winerror(GetLastError())); err = 1; } else { + status.dwCurrentState = SERVICE_START_PENDING; + SetServiceStatus(statushandle, &status); + + status.dwCurrentState = SERVICE_RUNNING; SetServiceStatus(statushandle, &status); err = main2(argc, argv); status.dwCurrentState = SERVICE_STOPPED; - status.dwWin32ExitCode = err; - + //status.dwWin32ExitCode = err; SetServiceStatus(statushandle, &status); } From e220187f484f3549df3ad3a04939b9a38051d1a0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 3 Aug 2003 12:38:43 +0000 Subject: [PATCH 819/923] Remove newlines from log messages. --- src/netutl.c | 6 +++--- src/protocol.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/netutl.c b/src/netutl.c index ef9a6608..7a214702 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.51 2003/07/30 11:50:45 guus Exp $ + $Id: netutl.c,v 1.12.4.52 2003/08/03 12:38:43 guus Exp $ */ #include "system.h" @@ -47,7 +47,7 @@ struct addrinfo *str2addrinfo(const char *address, const char *service, int sock err = getaddrinfo(address, service, &hint, &ai); if(err) { - logger(LOG_WARNING, _("Error looking up %s port %s: %s\n"), address, + logger(LOG_WARNING, _("Error looking up %s port %s: %s"), address, service, gai_strerror(err)); return NULL; } @@ -70,7 +70,7 @@ sockaddr_t str2sockaddr(const char *address, const char *port) err = getaddrinfo(address, port, &hint, &ai); if(err || !ai) { - logger(LOG_ERR, _("Error looking up %s port %s: %s\n"), address, port, + logger(LOG_ERR, _("Error looking up %s port %s: %s"), address, port, gai_strerror(err)); cp_trace(); raise(SIGFPE); diff --git a/src/protocol.c b/src/protocol.c index 6088740a..0d58d6a8 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.145 2003/07/30 11:50:45 guus Exp $ + $Id: protocol.c,v 1.28.4.146 2003/08/03 12:38:43 guus Exp $ */ #include "system.h" @@ -246,6 +246,6 @@ void age_past_requests(void) } if(left || deleted) - ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Aging past requests: deleted %d, left %d\n"), + ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Aging past requests: deleted %d, left %d"), deleted, left); } From 98f97da9d7d80b528d9a2b2f03f710cdd2b293d0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 3 Aug 2003 21:43:19 +0000 Subject: [PATCH 820/923] Update dutch translation --- po/nl.po | 132 +++++++++++++++++++++++++------------------------------ 1 file changed, 59 insertions(+), 73 deletions(-) diff --git a/po/nl.po b/po/nl.po index 15f7b68c..b2b31632 100644 --- a/po/nl.po +++ b/po/nl.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2003-08-02 23:34+0200\n" +"POT-Creation-Date: 2003-08-03 22:09+0200\n" "PO-Revision-Date: 2003-05-06 23:10+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -14,7 +14,7 @@ msgstr "" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -#: lib/utils.c:89 +#: lib/utils.c:93 msgid "(unable to format errormessage)" msgstr "(kon foutmelding niet samenstellen)" @@ -275,11 +275,11 @@ msgstr "Instellen prioriteit uitgaand pakket op %d" #: src/net_packet.c:309 src/net_setup.c:457 src/net_socket.c:74 #: src/net_socket.c:122 src/net_socket.c:153 src/tincd.c:404 src/tincd.c:438 -#: src/process.c:188 src/process.c:215 src/process.c:397 src/process.c:425 -#: src/cygwin/device.c:147 src/cygwin/device.c:178 src/mingw/device.c:74 -#: src/mingw/device.c:83 src/mingw/device.c:88 src/mingw/device.c:240 -#: src/mingw/device.c:247 src/mingw/device.c:252 src/mingw/device.c:259 -#: src/mingw/device.c:268 src/mingw/device.c:275 +#: src/process.c:192 src/process.c:222 src/process.c:404 src/process.c:432 +#: src/cygwin/device.c:147 src/cygwin/device.c:178 src/mingw/device.c:76 +#: src/mingw/device.c:85 src/mingw/device.c:90 src/mingw/device.c:242 +#: src/mingw/device.c:249 src/mingw/device.c:254 src/mingw/device.c:261 +#: src/mingw/device.c:270 src/mingw/device.c:277 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" @@ -519,8 +519,8 @@ msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" #: src/netutl.c:50 src/netutl.c:73 #, c-format -msgid "Error looking up %s port %s: %s\n" -msgstr "Fout bij het opzoeken van %s poort %s: %s\n" +msgid "Error looking up %s port %s: %s" +msgstr "Fout bij het opzoeken van %s poort %s: %s" #: src/netutl.c:98 #, c-format @@ -609,8 +609,8 @@ msgstr "Verzoek reeds gezien" #: src/protocol.c:249 #, c-format -msgid "Aging past requests: deleted %d, left %d\n" -msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven\n" +msgid "Aging past requests: deleted %d, left %d" +msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven" #: src/protocol_auth.c:58 src/protocol_auth.c:213 src/protocol_auth.c:338 #: src/protocol_auth.c:402 src/protocol_auth.c:501 src/protocol_edge.c:73 @@ -952,23 +952,19 @@ msgstr "mlockall() wordt niet ondersteund op dit platform!" msgid "Error initializing LZO compressor!" msgstr "Fout tijdens initialiseren LZO compressor!" -#: src/tincd.c:465 -msgid "Terminating" -msgstr "Beëindigen" - -#: src/tincd.c:469 -msgid "Unrecoverable error" -msgstr "Onherstelbare fout" - -#: src/tincd.c:473 +#: src/tincd.c:460 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:476 src/process.c:487 +#: src/tincd.c:463 src/process.c:494 msgid "Not restarting." msgstr "Geen herstart." +#: src/tincd.c:479 +msgid "Terminating" +msgstr "Beëindigen" + #: src/process.c:54 #, c-format msgid "Memory exhausted (couldn't allocate %d bytes), exitting." @@ -1034,105 +1030,99 @@ msgstr "Kreeg %s verzoek" msgid "Got unexpected request %d" msgstr "Kreeg onverwacht verzoek %d" -#: src/process.c:236 +#: src/process.c:243 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd draait al voor net `%s' met pid %d.\n" -#: src/process.c:239 +#: src/process.c:246 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met pid %d.\n" -#: src/process.c:265 +#: src/process.c:272 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:268 +#: src/process.c:275 msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:277 +#: src/process.c:284 #, c-format msgid "The tincd for net `%s' is no longer running. " msgstr "De tincd voor net `%s' draait niet meer. " -#: src/process.c:280 +#: src/process.c:287 msgid "The tincd is no longer running. " msgstr "De tincd draait niet meer. " -#: src/process.c:282 +#: src/process.c:289 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:315 +#: src/process.c:322 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:332 +#: src/process.c:339 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:368 +#: src/process.c:375 #, c-format msgid "Could not execute `%s': %s" msgstr "Kon `%s' niet uitvoeren: %s" -#: src/process.c:403 +#: src/process.c:410 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:410 +#: src/process.c:417 #, c-format msgid "Process %d (%s) exited with non-zero status %d" msgstr "Proces %d (%s) beëindigde met status %d" -#: src/process.c:416 +#: src/process.c:423 #, c-format msgid "Process %d (%s) was killed by signal %d (%s)" msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" -#: src/process.c:420 +#: src/process.c:427 #, c-format msgid "Process %d (%s) terminated abnormally" msgstr "Proces %d (%s) abnormaal beëindigd" -#: src/process.c:450 -msgid "Got TERM signal" -msgstr "Kreeg TERM signaal" +#: src/process.c:457 src/process.c:463 src/process.c:501 src/process.c:507 +#: src/process.c:525 +#, c-format +msgid "Got %s signal" +msgstr "Kreeg %s signaal" -#: src/process.c:456 -msgid "Got QUIT signal" -msgstr "Kreeg QUIT signaal" - -#: src/process.c:462 +#: src/process.c:469 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart." -#: src/process.c:471 +#: src/process.c:478 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:475 +#: src/process.c:482 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:494 -msgid "Got HUP signal" -msgstr "Kreeg HUP signaal" - -#: src/process.c:501 +#: src/process.c:510 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:507 +#: src/process.c:516 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1141,21 +1131,17 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:516 -msgid "Got ALRM signal" -msgstr "Kreeg ALRM signaal" - -#: src/process.c:540 +#: src/process.c:549 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:546 +#: src/process.c:555 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:600 +#: src/process.c:609 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" @@ -1290,22 +1276,22 @@ msgstr "%s is een %s" #: src/linux/device.c:137 src/linux/device.c:148 src/linux/device.c:159 #: src/freebsd/device.c:75 src/solaris/device.c:126 src/netbsd/device.c:78 -#: src/darwin/device.c:75 src/cygwin/device.c:246 src/mingw/device.c:111 -#: src/mingw/device.c:302 src/raw_socket/device.c:114 +#: src/darwin/device.c:75 src/cygwin/device.c:246 src/mingw/device.c:113 +#: src/mingw/device.c:304 src/raw_socket/device.c:114 #, c-format msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" #: src/linux/device.c:170 src/freebsd/device.c:84 src/solaris/device.c:138 #: src/netbsd/device.c:90 src/darwin/device.c:87 src/cygwin/device.c:255 -#: src/mingw/device.c:311 src/raw_socket/device.c:123 +#: src/mingw/device.c:313 src/raw_socket/device.c:123 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" #: src/linux/device.c:180 src/freebsd/device.c:94 src/solaris/device.c:148 #: src/netbsd/device.c:100 src/darwin/device.c:97 src/cygwin/device.c:267 -#: src/mingw/device.c:324 src/raw_socket/device.c:133 +#: src/mingw/device.c:326 src/raw_socket/device.c:133 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" @@ -1319,21 +1305,21 @@ msgstr "Kan niet schrijven naar %s %s: %s" #: src/linux/device.c:219 src/freebsd/device.c:112 src/solaris/device.c:166 #: src/netbsd/device.c:118 src/darwin/device.c:115 src/cygwin/device.c:284 -#: src/mingw/device.c:341 src/raw_socket/device.c:151 +#: src/mingw/device.c:343 src/raw_socket/device.c:151 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" #: src/linux/device.c:220 src/freebsd/device.c:113 src/solaris/device.c:167 #: src/netbsd/device.c:119 src/darwin/device.c:116 src/cygwin/device.c:285 -#: src/mingw/device.c:342 src/raw_socket/device.c:152 +#: src/mingw/device.c:344 src/raw_socket/device.c:152 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" #: src/linux/device.c:221 src/freebsd/device.c:114 src/solaris/device.c:168 #: src/netbsd/device.c:120 src/darwin/device.c:117 src/cygwin/device.c:286 -#: src/mingw/device.c:343 src/raw_socket/device.c:153 +#: src/mingw/device.c:345 src/raw_socket/device.c:153 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" @@ -1343,7 +1329,7 @@ msgid "FreeBSD tap device" msgstr "FreeBSD tap apparaat" #: src/freebsd/device.c:98 src/darwin/device.c:101 src/cygwin/device.c:271 -#: src/mingw/device.c:328 +#: src/mingw/device.c:330 #, c-format msgid "Error while writing to %s %s: %s" msgstr "Fout tijdens schrijven naar %s %s: %s" @@ -1390,12 +1376,12 @@ msgstr "NetBSD tun apparaat" msgid "MacOS/X tun device" msgstr "MaxOS/X tun apparaat" -#: src/cygwin/device.c:81 src/mingw/device.c:154 +#: src/cygwin/device.c:81 src/mingw/device.c:156 #, c-format msgid "Unable to read registry: %s" msgstr "Kon registry niet lezen: %s" -#: src/cygwin/device.c:130 src/mingw/device.c:202 +#: src/cygwin/device.c:130 src/mingw/device.c:204 msgid "No Windows tap device found!" msgstr "Geen Windows tap apparaat gevonden!" @@ -1422,25 +1408,25 @@ msgstr "Taplezer is geforked en draait." msgid "Tap reader failed!" msgstr "Taplezer faalde!" -#: src/cygwin/device.c:221 src/mingw/device.c:281 +#: src/cygwin/device.c:221 src/mingw/device.c:283 msgid "Windows tap device" msgstr "Windows tap apparaat" -#: src/cygwin/device.c:223 src/mingw/device.c:283 +#: src/cygwin/device.c:223 src/mingw/device.c:285 #, c-format msgid "%s (%s) is a %s" msgstr "%s (%s) is een %s" -#: src/mingw/device.c:92 +#: src/mingw/device.c:94 msgid "Tap reader running" msgstr "Taplezer draait" -#: src/mingw/device.c:220 +#: src/mingw/device.c:222 #, c-format msgid "%s (%s) is no a usable Windows tap device!" msgstr "%s (%s) is geen bruikbaar Windows tap apparaat!" -#: src/mingw/device.c:227 +#: src/mingw/device.c:229 msgid "Could not get MAC address from Windows tap device!" msgstr "Kon MAC adres niet achterhalen van Windows tap apparaat!" From 62a7fa9a7bfd1cd1592fd7c381ea28aac0ed7936 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 3 Aug 2003 21:45:13 +0000 Subject: [PATCH 821/923] Simplify translation --- src/process.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/process.c b/src/process.c index 2ec0bcd3..babdf436 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.62 2003/08/03 12:38:18 guus Exp $ + $Id: process.c,v 1.1.2.63 2003/08/03 21:45:13 guus Exp $ */ #include "system.h" @@ -454,13 +454,13 @@ bool execute_script(const char *name, char **envp) #ifndef HAVE_MINGW static RETSIGTYPE sigterm_handler(int a) { - logger(LOG_NOTICE, _("Got TERM signal")); + logger(LOG_NOTICE, _("Got %s signal"), "TERM"); running = false; } static RETSIGTYPE sigquit_handler(int a) { - logger(LOG_NOTICE, _("Got QUIT signal")); + logger(LOG_NOTICE, _("Got %s signal"), "QUIT"); running = false; } @@ -498,12 +498,14 @@ static RETSIGTYPE fatal_signal_handler(int a) static RETSIGTYPE sighup_handler(int a) { - logger(LOG_NOTICE, _("Got HUP signal")); + logger(LOG_NOTICE, _("Got %s signal"), "HUP"); sighup = true; } static RETSIGTYPE sigint_handler(int a) { + logger(LOG_NOTICE, _("Got %s signal"), "INT"); + if(saved_debug_level != -1) { logger(LOG_NOTICE, _("Reverting to old debug level (%d)"), saved_debug_level); @@ -520,7 +522,7 @@ static RETSIGTYPE sigint_handler(int a) static RETSIGTYPE sigalrm_handler(int a) { - logger(LOG_NOTICE, _("Got ALRM signal")); + logger(LOG_NOTICE, _("Got %s signal"), "ALRM"); sigalrm = true; } From 5193a14ddea4c20ffc708dc629a2f91f1e4ccea3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 3 Aug 2003 21:45:41 +0000 Subject: [PATCH 822/923] Use our own port when connecting to ourself. --- src/mingw/device.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/mingw/device.c b/src/mingw/device.c index 1f63d0ab..0ae0cf27 100644 --- a/src/mingw/device.c +++ b/src/mingw/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.10 2003/08/02 21:33:19 guus Exp $ + $Id: device.c,v 1.1.2.11 2003/08/03 21:45:41 guus Exp $ */ #include "system.h" @@ -53,6 +53,8 @@ char *device_info = NULL; int device_total_in = 0; int device_total_out = 0; +extern char *myport; + DWORD WINAPI tapreader(void *bla) { int sock, err, status; struct addrinfo *ai; @@ -68,7 +70,7 @@ DWORD WINAPI tapreader(void *bla) { /* Open a socket to the parent process */ - err = getaddrinfo(NULL, "12345", &hint, &ai); + err = getaddrinfo(NULL, myport, &hint, &ai); if(err || !ai) { logger(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(errno)); @@ -140,7 +142,7 @@ bool setup_device(void) .ai_family = AF_UNSPEC, .ai_socktype = SOCK_DGRAM, .ai_protocol = IPPROTO_UDP, - .ai_flags = AI_PASSIVE, + .ai_flags = 0, }; cp(); @@ -234,7 +236,7 @@ bool setup_device(void) /* Create a listening socket */ - err = getaddrinfo(NULL, "12345", &hint, &ai); + err = getaddrinfo(NULL, myport, &hint, &ai); if(err || !ai) { logger(LOG_ERR, _("System call `%s' failed: %s"), "getaddrinfo", gai_strerror(errno)); From ef091d1ddb1f7ab5244db96841274dc769e85167 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 11:45:37 +0000 Subject: [PATCH 823/923] Sync CABAL branch with release-1_0 branch. --- NEWS | 13 ++++++++++++ README | 48 +++++++++++++++++++++----------------------- TODO | 4 +--- src/openbsd/device.c | 3 ++- system.h | 8 ++++---- 5 files changed, 43 insertions(+), 33 deletions(-) diff --git a/NEWS b/NEWS index b2b7ab81..190e758c 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,16 @@ +version 1.0 Aug 4 2003 + +* Lots of small bugfixes and code cleanups. + +* Throughput doubled and latency reduced. + +* Added support for LZO compression. + +* No need to set MAC address or disable ARP anymore. + +* Added support for Windows 2000 and XP, both natively and in a Cygwin + environment. + version 1.0pre8 Sep 16 2002 * More fixes for subnets with prefixlength undivisible by 8. diff --git a/README b/README index 688a5543..4b8de362 100644 --- a/README +++ b/README @@ -1,7 +1,7 @@ -This is the README file for tinc version 1.0pre8. Installation +This is the README file for tinc version 1.0. Installation instructions may be found in the INSTALL file. -tinc is Copyright (C) 1998-2002 by: +tinc is Copyright (C) 1998-2003 by: Ivo Timmermans , Guus Sliepen , @@ -47,7 +47,7 @@ should be changed into "Device", and "Device" should be changed into Compatibility ------------- -Version 1.0pre8 is not compatible with older versions of tinc. +Version 1.0 is compatible with 1.0pre8 but not with older versions of tinc. Requirements @@ -55,7 +55,7 @@ Requirements Since 1.0pre3, we use OpenSSL for all cryptographic functions. So you need to install this library first; grab it from -http://www.openssl.org/. We recommend version 0.9.5 or better. If +http://www.openssl.org/. You will need version 0.9.7 or later. If this library is not installed on you system, configure will fail. The manual in doc/tinc.texi contains more detailed information on how to install this library. @@ -65,8 +65,11 @@ library whether or not you plan to enable the compression. You can find it at http://www.gzip.org/zlib/. Because of a possible exploit in earlier versions we recommand that you download version 1.1.4 or later. -In order to compile tinc, you will also need autoconf, automake, GNU make, m4 -and gettext. +Since 1.0, the lzo library is also used for optional compression. You need this +library whether or not you plan to enable compression. You can find it at +http://www.oberhumer.com/opensource/lzo/. + +In order to compile tinc, you will need a GNU C compiler environment. Features @@ -75,17 +78,7 @@ Features This version of tinc supports multiple virtual networks at once. To use this feature, you may supply a netname via the -n or --net options. The standard locations for the config files will then be -/etc/tinc//. Because of this feature, tinc will send packets -directly to their destinations, instead of to the uplink. If this -behaviour is undesirable (for instance because of firewalls or other -restrictions), please use an older version of tinc (I would recommend -tinc-0.2.19). - -In order to force the kernel to accept received packets, the -destination MAC address will be set to FE:FD:00:00:00:00 upon -reception. The MAC address of the ethertap or tun/tap interface must -also be set to this address. See the manual for more detailed -information. +/etc/tinc//. tincd regenerates its encryption key pairs. It does this on the first activity after the keys have expired. This period is adjustable in the @@ -101,7 +94,7 @@ Since pre5, tinc can operate in several routing modes. The default mode, determine the destination of packets. The other two modes, "switch" and "hub", allow the tinc daemons to work together like a single network switch or hub. This is useful for bridging networks. The latter modes only work properly on -Linux and FreeBSD. +Linux, FreeBSD and Windows. The algorithms used for encryption and generating message authentication codes can now be changed in the configuration files. All cipher and digest algorithms @@ -113,11 +106,16 @@ Support for routing IPv6 packets has been added. Just add Subnet lines with IPv6 addresses (without using :: abbreviations) and use ifconfig or ip (from the iproute package) to give the virtual network interface corresponding IPv6 addresses. tinc does not provide autoconfiguration for IPv6 hosts, if you need -it use radvd or zebra. Tunneling IPv6 packets only works on Linux, FreeBSD and -possibly OpenBSD. +it use radvd or zebra. Tunneling IPv6 packets only works on Linux, FreeBSD, +Windows and possibly OpenBSD. + +It is also possible to make tunnels to other tinc daemons over IPv6 networks, +if the operating system supports IPv6. tinc will automatically use both IPv6 +and IPv4 when available, but this can be changed by adding the option +"AddressFamily = ipv4" or "AddressFamily = ipv6" to the tinc.conf file. + +Normally, when started tinc will detach and run in the background. In a native +Windows environment this means tinc will intall itself as a service, which will +restart after reboots. To prevent tinc from detaching or running as a service, +use the -D option. -It is also possible to make tunnels to other tinc daemons over IPv6 networks. -In order to enable this feature the option "AddressFamily = any" or -"AddressFamily = ipv6" must be added to the tinc.conf file. The host -configuration files should contain IPv6 addresses for the "Address" variables, -or hostnames which have an AAAA or A6 record. diff --git a/TODO b/TODO index c0f2ee3f..d6a6df44 100644 --- a/TODO +++ b/TODO @@ -1,5 +1,3 @@ TODO LIST -1.0: - -* A nice, secure and stable release +* Think of new things to do. diff --git a/src/openbsd/device.c b/src/openbsd/device.c index 07fa4b9f..9519bb6e 100644 --- a/src/openbsd/device.c +++ b/src/openbsd/device.c @@ -17,10 +17,11 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.18 2003/07/31 11:31:51 guus Exp $ + $Id: device.c,v 1.1.2.19 2003/08/08 11:45:37 guus Exp $ */ #include "system.h" +#include #include "conf.h" #include "logger.h" diff --git a/system.h b/system.h index d3aa8429..e38fba19 100644 --- a/system.h +++ b/system.h @@ -92,10 +92,6 @@ typedef int bool; #include #endif -#ifdef HAVE_ARPA_INET_H -#include -#endif - #ifdef HAVE_SYS_SOCKET_H #include #endif @@ -112,6 +108,10 @@ typedef int bool; #include #endif +#ifdef HAVE_ARPA_INET_H +#include +#endif + #ifdef HAVE_NETINET_IP_H #include #endif From adb68b9c2aa7ad72dd5c38b95c083c47599cb65a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 12:24:52 +0000 Subject: [PATCH 824/923] Windows uses backslashes... --- src/conf.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/conf.c b/src/conf.c index 0fb18ab1..c95664f7 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.72 2003/08/02 21:34:10 guus Exp $ + $Id: conf.c,v 1.9.4.73 2003/08/08 12:24:52 guus Exp $ */ #include "system.h" @@ -545,7 +545,11 @@ FILE *ask_and_safe_open(const char *filename, const char *what, bool safe, const fn = xstrdup(filename); } - if(!strchr(fn, '/') || fn[0] != '/') { +#ifdef HAVE_MINGW + if(fn[0] != '\\' && fn[0] != '/' && !strchr(fn, ':')) { +#else + if(fn[0] != '/') { +#endif /* The directory is a relative path or a filename. */ char *p; From 070aee3be16b8d8078b049c5bb43dce7b18123df Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 12:55:05 +0000 Subject: [PATCH 825/923] Tell windows to be patient. --- src/process.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/process.c b/src/process.c index babdf436..3c7164be 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.63 2003/08/03 21:45:13 guus Exp $ + $Id: process.c,v 1.1.2.64 2003/08/08 12:55:05 guus Exp $ */ #include "system.h" @@ -166,6 +166,7 @@ DWORD WINAPI controlhandler(DWORD request, DWORD type, LPVOID boe, LPVOID bah) { } if(!running) { + status.dwWaitHint = 30000; status.dwCurrentState = SERVICE_STOP_PENDING; SetServiceStatus(statushandle, &status); } @@ -184,7 +185,6 @@ VOID WINAPI run_service(DWORD argc, LPTSTR* argv) status.dwWin32ExitCode = 0; status.dwServiceSpecificExitCode = 0; status.dwCheckPoint = 0; - status.dwWaitHint = 0; statushandle = RegisterServiceCtrlHandlerEx(identname, controlhandler, NULL); @@ -192,14 +192,17 @@ VOID WINAPI run_service(DWORD argc, LPTSTR* argv) logger(LOG_ERR, _("System call `%s' failed: %s"), "RegisterServiceCtrlHandlerEx", winerror(GetLastError())); err = 1; } else { + status.dwWaitHint = 30000; status.dwCurrentState = SERVICE_START_PENDING; SetServiceStatus(statushandle, &status); + status.dwWaitHint = 0; status.dwCurrentState = SERVICE_RUNNING; SetServiceStatus(statushandle, &status); err = main2(argc, argv); + status.dwWaitHint = 0; status.dwCurrentState = SERVICE_STOPPED; //status.dwWin32ExitCode = err; SetServiceStatus(statushandle, &status); From 0c2256670fc0822cc5a86bca754186c50f943a1c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 14:07:12 +0000 Subject: [PATCH 826/923] Remove unused stuff from doc/. Let configure update pathnames in documentation. --- configure.in | 12 +- doc/GNUmakefile | 23 - doc/Makefile.am | 21 +- doc/Makefile.maint | 38 - doc/Makefile.summ | 2 - doc/help2man | 375 -- doc/texinfo.tex | 5484 --------------------------- doc/{tinc.conf.5 => tinc.conf.5.in} | 30 +- doc/tinc.texi | 76 +- doc/{tincd.8 => tincd.8.in} | 18 +- doc/tincinclude.texi.in | 4 + 11 files changed, 77 insertions(+), 6006 deletions(-) delete mode 100644 doc/GNUmakefile delete mode 100644 doc/Makefile.maint delete mode 100644 doc/Makefile.summ delete mode 100644 doc/help2man delete mode 100644 doc/texinfo.tex rename doc/{tinc.conf.5 => tinc.conf.5.in} (95%) rename doc/{tincd.8 => tincd.8.in} (91%) create mode 100644 doc/tincinclude.texi.in diff --git a/configure.in b/configure.in index ce678559..8f218379 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.80 2003/08/02 16:05:33 guus Exp $ +dnl $Id: configure.in,v 1.13.2.81 2003/08/08 14:07:11 guus Exp $ AC_PREREQ(2.57) AC_INIT(src/tincd.c) @@ -296,10 +296,6 @@ AC_ARG_ENABLE(tracing, AC_SUBST(INCLUDES) -AC_OUTPUT(Makefile -src/Makefile -doc/Makefile -lib/Makefile -po/Makefile.in -m4/Makefile -) +AC_CONFIG_FILES([Makefile src/Makefile doc/Makefile doc/tincd.8 doc/tinc.conf.5 doc/tincinclude.texi lib/Makefile po/Makefile.in m4/Makefile]) + +AC_OUTPUT diff --git a/doc/GNUmakefile b/doc/GNUmakefile deleted file mode 100644 index 8fb7a6b7..00000000 --- a/doc/GNUmakefile +++ /dev/null @@ -1,23 +0,0 @@ -# Having a separate GNUmakefile lets me use features of GNU make -# to generate the man pages. -# This makefile is used only if you run GNU Make. -# It is necessary if you want to build targets usually of interest -# only to the maintainer. - -have-Makefile := $(shell test -f Makefile && echo yes) - -# If the user runs GNU make but has not yet run ./configure, -# give them a diagnostic. -ifeq ($(have-Makefile),yes) - -include Makefile -include $(srcdir)/Makefile.maint - -else - -all: - @echo There seems to be no Makefile in this directory. - @echo "You must run ./configure before running \`make'." - @exit 1 - -endif diff --git a/doc/Makefile.am b/doc/Makefile.am index c3b209ff..dc4c67c2 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -2,17 +2,11 @@ info_TEXINFOS = tinc.texi -dyn_MANS = -man_aux = $(dyn_MANS:.8=.x) +man_MANS = tincd.8 tinc.conf.5 -man_MANS = tincd.8 tinc.conf.5 $(dyn_MANS) +EXTRA_DIST = tincinclude.texi.in tincd.8.in tinc.conf.5.in sample-config.tar.gz -PERL = @PERL@ -HELP2MAN = help2man -MAINTAINERCLEANFILES = $(dyn_MANS) - -EXTRA_DIST = $(man_MANS) $(HELP2MAN) $(man_aux) \ - Makefile.maint GNUmakefile Makefile.summ sample-config.tar.gz +CLEANFILES = *.html # Use `ginstall' in the definition of man_MANS to avoid # confusion with the `install' target. The install rule transforms `ginstall' @@ -22,13 +16,8 @@ transform = s/ginstall/install/; @program_transform_name@ # For additional rules usually of interest only to the maintainer, # see GNUmakefile and Makefile.maint. -tinc.pdf: tinc.texi - texi2pdf -o tinc.pdf tinc.texi - texi2html: tinc.texi - mkdir -p html - rm -f html/*.html - cd html && texi2html -split=chapter ../tinc.texi + texi2html -split=chapter tinc.texi -%.html: % +%.html: $(man_MANS) w3mman2html $< > $@ diff --git a/doc/Makefile.maint b/doc/Makefile.maint deleted file mode 100644 index 75804f0a..00000000 --- a/doc/Makefile.maint +++ /dev/null @@ -1,38 +0,0 @@ -# This -*- Makefile -*- uses features of GNU make. -# It is included via GNUmakefile. - -# The following one line summaries were extracted from the -# original man pages using this bit of sh code: -# for i in *.1; do echo "$i: "|tr -d '\012'; \ -# grep -A1 SH.NAME $i|sed '/SH NAME/d;s/^[^ ][^ ]* .- //'; done - -include Makefile.summ - -HELP2MAN-run = $(PERL) -w -- $(srcdir)/$(HELP2MAN) - -# Depend on configure.in to get version number changes. -$(dyn_MANS): $(top_srcdir)/configure.in - -# Depend on the source file containing the --help text. -# Filter out irregular cases. -regular-men = $(filter-out $(irregular-men),$(dyn_MANS)) -$(regular-men): %.8: $(top_srcdir)/src/%.c - -executable = $(patsubst %/install,%/ginstall, ../src/$(basename $@)) -$(dyn_MANS): %.8: %.x $(HELP2MAN) - @if test -f $(executable); then \ - echo "Updating man page $@"; \ - rm -f $@-t $@; \ - $(HELP2MAN-run) \ - --name="$($(basename $@)-summary)" \ - --include=$(basename $@).x \ - $(executable) > $@-t; \ - chmod -w $@-t; \ - mv $@-t $@; \ - else \ - echo "WARNING: The man page $@ cannot be updated yet."; \ - echo " Retry once the corresponding executable is built."; \ - fi - -sample-config.tar.gz: - GZIP=$(GZIP_ENV) $(AMTAR) chozf sample-config.tar.gz sample-config diff --git a/doc/Makefile.summ b/doc/Makefile.summ deleted file mode 100644 index a97b4924..00000000 --- a/doc/Makefile.summ +++ /dev/null @@ -1,2 +0,0 @@ -# -*- makefile -*- -tincd-summary = tinc VPN daemon diff --git a/doc/help2man b/doc/help2man deleted file mode 100644 index 71778a92..00000000 --- a/doc/help2man +++ /dev/null @@ -1,375 +0,0 @@ -#!/usr/bin/perl -w - -# Generate a short man page from --help and --version output. -# Copyright © 1997, 98 Free Software Foundation, Inc. - -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2, or (at your option) -# any later version. - -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software Foundation, -# Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - -# Written by Brendan O'Dea - -use 5.004; -use strict; -use Getopt::Long; -use POSIX qw(strftime setlocale LC_TIME); - -my $this_program = 'help2man'; -my $this_version = '1.006'; -my $version_info = < -EOT - -my $help_info = < \$opt_name, - 'include=s' => \$include, - 'opt-include=s' => \$opt_include, - 'output=s' => \$opt_output, - 'no-info' => \$opt_no_info, - help => sub { print $help_info; exit }, - version => sub { print $version_info; exit }, -) or die $help_info; - -die $help_info unless @ARGV == 1; - -my %include = (); -my @include = (); # to retain order - -# Process include file (if given). Format is: -# -# [section name] -# verbatim text - -if ($include or $opt_include) -{ - if (open INC, $include || $opt_include) - { - my $sect; - - while () - { - if (/^\[([^]]+)\]/) - { - $sect = uc $1; - $sect =~ s/^\s+//; - $sect =~ s/\s+$//; - next; - } - - # Silently ignore anything before the first - # section--allows for comments and revision info. - next unless $sect; - - push @include, $sect unless $include{$sect}; - $include{$sect} ||= ''; - $include{$sect} .= $_; - } - - close INC; - - die "$this_program: no valid information found in `$include'\n" - unless %include; - - # Compress trailing blank lines. - for (keys %include) - { - $include{$_} =~ s/\n+$//; - $include{$_} .= "\n" unless /^NAME$/; - } - } - else - { - die "$this_program: can't open `$include' ($!)\n" if $include; - } -} - -# Turn off localisation of executable's ouput. -@ENV{qw(LANGUAGE LANG LC_ALL)} = ('C') x 3; - -# Turn off localisation of date (for strftime) -setlocale LC_TIME, 'C'; - -# Grab help and version paragraphs from executable -my @help = split /\n\n+/, `$ARGV[0] --help 2>/dev/null` - or die "$this_program: can't get `--help' info from $ARGV[0]\n"; - -my @version = split /\n\n+/, `$ARGV[0] --version 2>/dev/null` - or die "$this_program: can't get `--version' info from $ARGV[0]\n"; - -my $date = strftime "%B %Y", localtime; -my $program = $ARGV[0]; $program =~ s!.*/!!; -my $package = $program; -my $version; - -if ($opt_output) -{ - unlink $opt_output - or die "$this_program: can't unlink $opt_output ($!)\n" - if -e $opt_output; - - open STDOUT, ">$opt_output" - or die "$this_program: can't create $opt_output ($!)\n"; -} - -# The first line of the --version information is assumed to be in one -# of the following formats: -# -# -# -# GNU -# (GNU ) -# - GNU -# -# and seperated from any copyright/author details by a blank line. - -$_ = shift @version; - -if (/^(\S+)\s+\((GNU\s+[^)]+)\)\s+(.*)/ or - /^(\S+)\s+-\s*(GNU\s+\S+)\s+(.*)/) -{ - $program = $1; - $package = $2; - $version = $3; -} -elsif (/^(GNU\s+)?(\S+)\s+(.*)/) -{ - $program = $2; - $package = $1 ? "$1$2" : $2; - $version = $3; -} -else -{ - $version = $_; -} - -$program =~ s!.*/!!; - -# no info for `info' itself -$opt_no_info = 1 if $program eq 'info'; - -# --name overrides --include contents -$include{NAME} = "$program \\- $opt_name" if $opt_name; - -# Default (useless) NAME paragraph -$include{NAME} ||= "$program \\- manual page for $program $version"; - -# Man pages traditionally have the page title in caps. -my $PROGRAM = uc $program; - -# Header. -print < 0pt - % Only leave this space if the footline is nonempty. - % (We lessened \vsize for it in \oddfootingxxx.) - % The \baselineskip=24pt in plain's \makefootline has no effect. - \vskip 2\baselineskip - \unvbox\footlinebox - \fi - % - \ifcropmarks - \egroup % end of \vbox\bgroup - \hfil\egroup % end of (centering) \line\bgroup - \vskip\topandbottommargin plus1fill minus1fill - \boxmaxdepth = \cornerthick - \vbox to0pt{\vss - \line{% - \vbox{\moveleft\cornerthick\nsbot}% - \hfill - \vbox{\moveright\cornerthick\nsbot}% - }% - \nointerlineskip - \line{\ewbot\hfil\ewbot}% - }% - \egroup % \vbox from first cropmarks clause - \fi - }% end of \shipout\vbox - }% end of group with \turnoffactive - \advancepageno - \ifnum\outputpenalty>-20000 \else\dosupereject\fi -} - -\newinsert\margin \dimen\margin=\maxdimen - -\def\pagebody#1{\vbox to\pageheight{\boxmaxdepth=\maxdepth #1}} -{\catcode`\@ =11 -\gdef\pagecontents#1{\ifvoid\topins\else\unvbox\topins\fi -% marginal hacks, juha@viisa.uucp (Juha Takala) -\ifvoid\margin\else % marginal info is present - \rlap{\kern\hsize\vbox to\z@{\kern1pt\box\margin \vss}}\fi -\dimen@=\dp#1 \unvbox#1 -\ifvoid\footins\else\vskip\skip\footins\footnoterule \unvbox\footins\fi -\ifr@ggedbottom \kern-\dimen@ \vfil \fi} -} - -% Here are the rules for the cropmarks. Note that they are -% offset so that the space between them is truly \outerhsize or \outervsize -% (P. A. MacKay, 12 November, 1986) -% -\def\ewtop{\vrule height\cornerthick depth0pt width\cornerlong} -\def\nstop{\vbox - {\hrule height\cornerthick depth\cornerlong width\cornerthick}} -\def\ewbot{\vrule height0pt depth\cornerthick width\cornerlong} -\def\nsbot{\vbox - {\hrule height\cornerlong depth\cornerthick width\cornerthick}} - -% Parse an argument, then pass it to #1. The argument is the rest of -% the input line (except we remove a trailing comment). #1 should be a -% macro which expects an ordinary undelimited TeX argument. -% -\def\parsearg#1{% - \let\next = #1% - \begingroup - \obeylines - \futurelet\temp\parseargx -} - -% If the next token is an obeyed space (from an @example environment or -% the like), remove it and recurse. Otherwise, we're done. -\def\parseargx{% - % \obeyedspace is defined far below, after the definition of \sepspaces. - \ifx\obeyedspace\temp - \expandafter\parseargdiscardspace - \else - \expandafter\parseargline - \fi -} - -% Remove a single space (as the delimiter token to the macro call). -{\obeyspaces % - \gdef\parseargdiscardspace {\futurelet\temp\parseargx}} - -{\obeylines % - \gdef\parseargline#1^^M{% - \endgroup % End of the group started in \parsearg. - % - % First remove any @c comment, then any @comment. - % Result of each macro is put in \toks0. - \argremovec #1\c\relax % - \expandafter\argremovecomment \the\toks0 \comment\relax % - % - % Call the caller's macro, saved as \next in \parsearg. - \expandafter\next\expandafter{\the\toks0}% - }% -} - -% Since all \c{,omment} does is throw away the argument, we can let TeX -% do that for us. The \relax here is matched by the \relax in the call -% in \parseargline; it could be more or less anything, its purpose is -% just to delimit the argument to the \c. -\def\argremovec#1\c#2\relax{\toks0 = {#1}} -\def\argremovecomment#1\comment#2\relax{\toks0 = {#1}} - -% \argremovec{,omment} might leave us with trailing spaces, though; e.g., -% @end itemize @c foo -% will have two active spaces as part of the argument with the -% `itemize'. Here we remove all active spaces from #1, and assign the -% result to \toks0. -% -% This loses if there are any *other* active characters besides spaces -% in the argument -- _ ^ +, for example -- since they get expanded. -% Fortunately, Texinfo does not define any such commands. (If it ever -% does, the catcode of the characters in questionwill have to be changed -% here.) But this means we cannot call \removeactivespaces as part of -% \argremovec{,omment}, since @c uses \parsearg, and thus the argument -% that \parsearg gets might well have any character at all in it. -% -\def\removeactivespaces#1{% - \begingroup - \ignoreactivespaces - \edef\temp{#1}% - \global\toks0 = \expandafter{\temp}% - \endgroup -} - -% Change the active space to expand to nothing. -% -\begingroup - \obeyspaces - \gdef\ignoreactivespaces{\obeyspaces\let =\empty} -\endgroup - - -\def\flushcr{\ifx\par\lisppar \def\next##1{}\else \let\next=\relax \fi \next} - -%% These are used to keep @begin/@end levels from running away -%% Call \inENV within environments (after a \begingroup) -\newif\ifENV \ENVfalse \def\inENV{\ifENV\relax\else\ENVtrue\fi} -\def\ENVcheck{% -\ifENV\errmessage{Still within an environment; press RETURN to continue} -\endgroup\fi} % This is not perfect, but it should reduce lossage - -% @begin foo is the same as @foo, for now. -\newhelp\EMsimple{Press RETURN to continue.} - -\outer\def\begin{\parsearg\beginxxx} - -\def\beginxxx #1{% -\expandafter\ifx\csname #1\endcsname\relax -{\errhelp=\EMsimple \errmessage{Undefined command @begin #1}}\else -\csname #1\endcsname\fi} - -% @end foo executes the definition of \Efoo. -% -\def\end{\parsearg\endxxx} -\def\endxxx #1{% - \removeactivespaces{#1}% - \edef\endthing{\the\toks0}% - % - \expandafter\ifx\csname E\endthing\endcsname\relax - \expandafter\ifx\csname \endthing\endcsname\relax - % There's no \foo, i.e., no ``environment'' foo. - \errhelp = \EMsimple - \errmessage{Undefined command `@end \endthing'}% - \else - \unmatchedenderror\endthing - \fi - \else - % Everything's ok; the right environment has been started. - \csname E\endthing\endcsname - \fi -} - -% There is an environment #1, but it hasn't been started. Give an error. -% -\def\unmatchedenderror#1{% - \errhelp = \EMsimple - \errmessage{This `@end #1' doesn't have a matching `@#1'}% -} - -% Define the control sequence \E#1 to give an unmatched @end error. -% -\def\defineunmatchedend#1{% - \expandafter\def\csname E#1\endcsname{\unmatchedenderror{#1}}% -} - - -% Single-spacing is done by various environments (specifically, in -% \nonfillstart and \quotations). -\newskip\singlespaceskip \singlespaceskip = 12.5pt -\def\singlespace{% - % Why was this kern here? It messes up equalizing space above and below - % environments. --karl, 6may93 - %{\advance \baselineskip by -\singlespaceskip - %\kern \baselineskip}% - \setleading \singlespaceskip -} - -%% Simple single-character @ commands - -% @@ prints an @ -% Kludge this until the fonts are right (grr). -\def\@{{\tt\char64}} - -% This is turned off because it was never documented -% and you can use @w{...} around a quote to suppress ligatures. -%% Define @` and @' to be the same as ` and ' -%% but suppressing ligatures. -%\def\`{{`}} -%\def\'{{'}} - -% Used to generate quoted braces. -\def\mylbrace {{\tt\char123}} -\def\myrbrace {{\tt\char125}} -\let\{=\mylbrace -\let\}=\myrbrace -\begingroup - % Definitions to produce actual \{ & \} command in an index. - \catcode`\{ = 12 \catcode`\} = 12 - \catcode`\[ = 1 \catcode`\] = 2 - \catcode`\@ = 0 \catcode`\\ = 12 - @gdef@lbracecmd[\{]% - @gdef@rbracecmd[\}]% -@endgroup - -% Accents: @, @dotaccent @ringaccent @ubaraccent @udotaccent -% Others are defined by plain TeX: @` @' @" @^ @~ @= @v @H. -\let\, = \c -\let\dotaccent = \. -\def\ringaccent#1{{\accent23 #1}} -\let\tieaccent = \t -\let\ubaraccent = \b -\let\udotaccent = \d - -% Other special characters: @questiondown @exclamdown -% Plain TeX defines: @AA @AE @O @OE @L (and lowercase versions) @ss. -\def\questiondown{?`} -\def\exclamdown{!`} - -% Dotless i and dotless j, used for accents. -\def\imacro{i} -\def\jmacro{j} -\def\dotless#1{% - \def\temp{#1}% - \ifx\temp\imacro \ptexi - \else\ifx\temp\jmacro \j - \else \errmessage{@dotless can be used only with i or j}% - \fi\fi -} - -% Be sure we're in horizontal mode when doing a tie, since we make space -% equivalent to this in @example-like environments. Otherwise, a space -% at the beginning of a line will start with \penalty -- and -% since \penalty is valid in vertical mode, we'd end up putting the -% penalty on the vertical list instead of in the new paragraph. -{\catcode`@ = 11 - % Avoid using \@M directly, because that causes trouble - % if the definition is written into an index file. - \global\let\tiepenalty = \@M - \gdef\tie{\leavevmode\penalty\tiepenalty\ } -} - -% @: forces normal size whitespace following. -\def\:{\spacefactor=1000 } - -% @* forces a line break. -\def\*{\hfil\break\hbox{}\ignorespaces} - -% @. is an end-of-sentence period. -\def\.{.\spacefactor=3000 } - -% @! is an end-of-sentence bang. -\def\!{!\spacefactor=3000 } - -% @? is an end-of-sentence query. -\def\?{?\spacefactor=3000 } - -% @w prevents a word break. Without the \leavevmode, @w at the -% beginning of a paragraph, when TeX is still in vertical mode, would -% produce a whole line of output instead of starting the paragraph. -\def\w#1{\leavevmode\hbox{#1}} - -% @group ... @end group forces ... to be all on one page, by enclosing -% it in a TeX vbox. We use \vtop instead of \vbox to construct the box -% to keep its height that of a normal line. According to the rules for -% \topskip (p.114 of the TeXbook), the glue inserted is -% max (\topskip - \ht (first item), 0). If that height is large, -% therefore, no glue is inserted, and the space between the headline and -% the text is small, which looks bad. -% -\def\group{\begingroup - \ifnum\catcode13=\active \else - \errhelp = \groupinvalidhelp - \errmessage{@group invalid in context where filling is enabled}% - \fi - % - % The \vtop we start below produces a box with normal height and large - % depth; thus, TeX puts \baselineskip glue before it, and (when the - % next line of text is done) \lineskip glue after it. (See p.82 of - % the TeXbook.) Thus, space below is not quite equal to space - % above. But it's pretty close. - \def\Egroup{% - \egroup % End the \vtop. - \endgroup % End the \group. - }% - % - \vtop\bgroup - % We have to put a strut on the last line in case the @group is in - % the midst of an example, rather than completely enclosing it. - % Otherwise, the interline space between the last line of the group - % and the first line afterwards is too small. But we can't put the - % strut in \Egroup, since there it would be on a line by itself. - % Hence this just inserts a strut at the beginning of each line. - \everypar = {\strut}% - % - % Since we have a strut on every line, we don't need any of TeX's - % normal interline spacing. - \offinterlineskip - % - % OK, but now we have to do something about blank - % lines in the input in @example-like environments, which normally - % just turn into \lisppar, which will insert no space now that we've - % turned off the interline space. Simplest is to make them be an - % empty paragraph. - \ifx\par\lisppar - \edef\par{\leavevmode \par}% - % - % Reset ^^M's definition to new definition of \par. - \obeylines - \fi - % - % Do @comment since we are called inside an environment such as - % @example, where each end-of-line in the input causes an - % end-of-line in the output. We don't want the end-of-line after - % the `@group' to put extra space in the output. Since @group - % should appear on a line by itself (according to the Texinfo - % manual), we don't worry about eating any user text. - \comment -} -% -% TeX puts in an \escapechar (i.e., `@') at the beginning of the help -% message, so this ends up printing `@group can only ...'. -% -\newhelp\groupinvalidhelp{% -group can only be used in environments such as @example,^^J% -where each line of input produces a line of output.} - -% @need space-in-mils -% forces a page break if there is not space-in-mils remaining. - -\newdimen\mil \mil=0.001in - -\def\need{\parsearg\needx} - -% Old definition--didn't work. -%\def\needx #1{\par % -%% This method tries to make TeX break the page naturally -%% if the depth of the box does not fit. -%{\baselineskip=0pt% -%\vtop to #1\mil{\vfil}\kern -#1\mil\nobreak -%\prevdepth=-1000pt -%}} - -\def\needx#1{% - % Go into vertical mode, so we don't make a big box in the middle of a - % paragraph. - \par - % - % Don't add any leading before our big empty box, but allow a page - % break, since the best break might be right here. - \allowbreak - \nointerlineskip - \vtop to #1\mil{\vfil}% - % - % TeX does not even consider page breaks if a penalty added to the - % main vertical list is 10000 or more. But in order to see if the - % empty box we just added fits on the page, we must make it consider - % page breaks. On the other hand, we don't want to actually break the - % page after the empty box. So we use a penalty of 9999. - % - % There is an extremely small chance that TeX will actually break the - % page at this \penalty, if there are no other feasible breakpoints in - % sight. (If the user is using lots of big @group commands, which - % almost-but-not-quite fill up a page, TeX will have a hard time doing - % good page breaking, for example.) However, I could not construct an - % example where a page broke at this \penalty; if it happens in a real - % document, then we can reconsider our strategy. - \penalty9999 - % - % Back up by the size of the box, whether we did a page break or not. - \kern -#1\mil - % - % Do not allow a page break right after this kern. - \nobreak -} - -% @br forces paragraph break - -\let\br = \par - -% @dots{} output an ellipsis using the current font. -% We do .5em per period so that it has the same spacing in a typewriter -% font as three actual period characters. -% -\def\dots{% - \leavevmode - \hbox to 1.5em{% - \hskip 0pt plus 0.25fil minus 0.25fil - .\hss.\hss.% - \hskip 0pt plus 0.5fil minus 0.5fil - }% -} - -% @enddots{} is an end-of-sentence ellipsis. -% -\def\enddots{% - \leavevmode - \hbox to 2em{% - \hskip 0pt plus 0.25fil minus 0.25fil - .\hss.\hss.\hss.% - \hskip 0pt plus 0.5fil minus 0.5fil - }% - \spacefactor=3000 -} - - -% @page forces the start of a new page -% -\def\page{\par\vfill\supereject} - -% @exdent text.... -% outputs text on separate line in roman font, starting at standard page margin - -% This records the amount of indent in the innermost environment. -% That's how much \exdent should take out. -\newskip\exdentamount - -% This defn is used inside fill environments such as @defun. -\def\exdent{\parsearg\exdentyyy} -\def\exdentyyy #1{{\hfil\break\hbox{\kern -\exdentamount{\rm#1}}\hfil\break}} - -% This defn is used inside nofill environments such as @example. -\def\nofillexdent{\parsearg\nofillexdentyyy} -\def\nofillexdentyyy #1{{\advance \leftskip by -\exdentamount -\leftline{\hskip\leftskip{\rm#1}}}} - -% @inmargin{TEXT} puts TEXT in the margin next to the current paragraph. - -\def\inmargin#1{% -\strut\vadjust{\nobreak\kern-\strutdepth - \vtop to \strutdepth{\baselineskip\strutdepth\vss - \llap{\rightskip=\inmarginspacing \vbox{\noindent #1}}\null}}} -\newskip\inmarginspacing \inmarginspacing=1cm -\def\strutdepth{\dp\strutbox} - -%\hbox{{\rm#1}}\hfil\break}} - -% @include file insert text of that file as input. -% Allow normal characters that we make active in the argument (a file name). -\def\include{\begingroup - \catcode`\\=12 - \catcode`~=12 - \catcode`^=12 - \catcode`_=12 - \catcode`|=12 - \catcode`<=12 - \catcode`>=12 - \catcode`+=12 - \parsearg\includezzz} -% Restore active chars for included file. -\def\includezzz#1{\endgroup\begingroup - % Read the included file in a group so nested @include's work. - \def\thisfile{#1}% - \input\thisfile -\endgroup} - -\def\thisfile{} - -% @center line outputs that line, centered - -\def\center{\parsearg\centerzzz} -\def\centerzzz #1{{\advance\hsize by -\leftskip -\advance\hsize by -\rightskip -\centerline{#1}}} - -% @sp n outputs n lines of vertical space - -\def\sp{\parsearg\spxxx} -\def\spxxx #1{\vskip #1\baselineskip} - -% @comment ...line which is ignored... -% @c is the same as @comment -% @ignore ... @end ignore is another way to write a comment - -\def\comment{\begingroup \catcode`\^^M=\other% -\catcode`\@=\other \catcode`\{=\other \catcode`\}=\other% -\commentxxx} -{\catcode`\^^M=\other \gdef\commentxxx#1^^M{\endgroup}} - -\let\c=\comment - -% @paragraphindent is defined for the Info formatting commands only. -\let\paragraphindent=\comment - -% Prevent errors for section commands. -% Used in @ignore and in failing conditionals. -\def\ignoresections{% -\let\chapter=\relax -\let\unnumbered=\relax -\let\top=\relax -\let\unnumberedsec=\relax -\let\unnumberedsection=\relax -\let\unnumberedsubsec=\relax -\let\unnumberedsubsection=\relax -\let\unnumberedsubsubsec=\relax -\let\unnumberedsubsubsection=\relax -\let\section=\relax -\let\subsec=\relax -\let\subsubsec=\relax -\let\subsection=\relax -\let\subsubsection=\relax -\let\appendix=\relax -\let\appendixsec=\relax -\let\appendixsection=\relax -\let\appendixsubsec=\relax -\let\appendixsubsection=\relax -\let\appendixsubsubsec=\relax -\let\appendixsubsubsection=\relax -\let\contents=\relax -\let\smallbook=\relax -\let\titlepage=\relax -} - -% Used in nested conditionals, where we have to parse the Texinfo source -% and so want to turn off most commands, in case they are used -% incorrectly. -% -\def\ignoremorecommands{% - \let\defcodeindex = \relax - \let\defcv = \relax - \let\deffn = \relax - \let\deffnx = \relax - \let\defindex = \relax - \let\defivar = \relax - \let\defmac = \relax - \let\defmethod = \relax - \let\defop = \relax - \let\defopt = \relax - \let\defspec = \relax - \let\deftp = \relax - \let\deftypefn = \relax - \let\deftypefun = \relax - \let\deftypevar = \relax - \let\deftypevr = \relax - \let\defun = \relax - \let\defvar = \relax - \let\defvr = \relax - \let\ref = \relax - \let\xref = \relax - \let\printindex = \relax - \let\pxref = \relax - \let\settitle = \relax - \let\setchapternewpage = \relax - \let\setchapterstyle = \relax - \let\everyheading = \relax - \let\evenheading = \relax - \let\oddheading = \relax - \let\everyfooting = \relax - \let\evenfooting = \relax - \let\oddfooting = \relax - \let\headings = \relax - \let\include = \relax - \let\lowersections = \relax - \let\down = \relax - \let\raisesections = \relax - \let\up = \relax - \let\set = \relax - \let\clear = \relax - \let\item = \relax -} - -% Ignore @ignore ... @end ignore. -% -\def\ignore{\doignore{ignore}} - -% Ignore @ifinfo, @ifhtml, @ifnottex, @html, @menu, and @direntry text. -% -\def\ifinfo{\doignore{ifinfo}} -\def\ifhtml{\doignore{ifhtml}} -\def\ifnottex{\doignore{ifnottex}} -\def\html{\doignore{html}} -\def\menu{\doignore{menu}} -\def\direntry{\doignore{direntry}} - -% @dircategory CATEGORY -- specify a category of the dir file -% which this file should belong to. Ignore this in TeX. -\let\dircategory = \comment - -% Ignore text until a line `@end #1'. -% -\def\doignore#1{\begingroup - % Don't complain about control sequences we have declared \outer. - \ignoresections - % - % Define a command to swallow text until we reach `@end #1'. - % This @ is a catcode 12 token (that is the normal catcode of @ in - % this texinfo.tex file). We change the catcode of @ below to match. - \long\def\doignoretext##1@end #1{\enddoignore}% - % - % Make sure that spaces turn into tokens that match what \doignoretext wants. - \catcode32 = 10 - % - % Ignore braces, too, so mismatched braces don't cause trouble. - \catcode`\{ = 9 - \catcode`\} = 9 - % - % We must not have @c interpreted as a control sequence. - \catcode`\@ = 12 - % - % Make the letter c a comment character so that the rest of the line - % will be ignored. This way, the document can have (for example) - % @c @end ifinfo - % and the @end ifinfo will be properly ignored. - % (We've just changed @ to catcode 12.) - \catcode`\c = 14 - % - % And now expand that command. - \doignoretext -} - -% What we do to finish off ignored text. -% -\def\enddoignore{\endgroup\ignorespaces}% - -\newif\ifwarnedobs\warnedobsfalse -\def\obstexwarn{% - \ifwarnedobs\relax\else - % We need to warn folks that they may have trouble with TeX 3.0. - % This uses \immediate\write16 rather than \message to get newlines. - \immediate\write16{} - \immediate\write16{***WARNING*** for users of Unix TeX 3.0!} - \immediate\write16{This manual trips a bug in TeX version 3.0 (tex hangs).} - \immediate\write16{If you are running another version of TeX, relax.} - \immediate\write16{If you are running Unix TeX 3.0, kill this TeX process.} - \immediate\write16{ Then upgrade your TeX installation if you can.} - \immediate\write16{ (See ftp://ftp.gnu.org/pub/gnu/TeX.README.)} - \immediate\write16{If you are stuck with version 3.0, run the} - \immediate\write16{ script ``tex3patch'' from the Texinfo distribution} - \immediate\write16{ to use a workaround.} - \immediate\write16{} - \global\warnedobstrue - \fi -} - -% **In TeX 3.0, setting text in \nullfont hangs tex. For a -% workaround (which requires the file ``dummy.tfm'' to be installed), -% uncomment the following line: -%%%%%\font\nullfont=dummy\let\obstexwarn=\relax - -% Ignore text, except that we keep track of conditional commands for -% purposes of nesting, up to an `@end #1' command. -% -\def\nestedignore#1{% - \obstexwarn - % We must actually expand the ignored text to look for the @end - % command, so that nested ignore constructs work. Thus, we put the - % text into a \vbox and then do nothing with the result. To minimize - % the change of memory overflow, we follow the approach outlined on - % page 401 of the TeXbook: make the current font be a dummy font. - % - \setbox0 = \vbox\bgroup - % Don't complain about control sequences we have declared \outer. - \ignoresections - % - % Define `@end #1' to end the box, which will in turn undefine the - % @end command again. - \expandafter\def\csname E#1\endcsname{\egroup\ignorespaces}% - % - % We are going to be parsing Texinfo commands. Most cause no - % trouble when they are used incorrectly, but some commands do - % complicated argument parsing or otherwise get confused, so we - % undefine them. - % - % We can't do anything about stray @-signs, unfortunately; - % they'll produce `undefined control sequence' errors. - \ignoremorecommands - % - % Set the current font to be \nullfont, a TeX primitive, and define - % all the font commands to also use \nullfont. We don't use - % dummy.tfm, as suggested in the TeXbook, because not all sites - % might have that installed. Therefore, math mode will still - % produce output, but that should be an extremely small amount of - % stuff compared to the main input. - % - \nullfont - \let\tenrm = \nullfont \let\tenit = \nullfont \let\tensl = \nullfont - \let\tenbf = \nullfont \let\tentt = \nullfont \let\smallcaps = \nullfont - \let\tensf = \nullfont - % Similarly for index fonts (mostly for their use in - % smallexample) - \let\indrm = \nullfont \let\indit = \nullfont \let\indsl = \nullfont - \let\indbf = \nullfont \let\indtt = \nullfont \let\indsc = \nullfont - \let\indsf = \nullfont - % - % Don't complain when characters are missing from the fonts. - \tracinglostchars = 0 - % - % Don't bother to do space factor calculations. - \frenchspacing - % - % Don't report underfull hboxes. - \hbadness = 10000 - % - % Do minimal line-breaking. - \pretolerance = 10000 - % - % Do not execute instructions in @tex - \def\tex{\doignore{tex}}% - % Do not execute macro definitions. - % `c' is a comment character, so the word `macro' will get cut off. - \def\macro{\doignore{ma}}% -} - -% @set VAR sets the variable VAR to an empty value. -% @set VAR REST-OF-LINE sets VAR to the value REST-OF-LINE. -% -% Since we want to separate VAR from REST-OF-LINE (which might be -% empty), we can't just use \parsearg; we have to insert a space of our -% own to delimit the rest of the line, and then take it out again if we -% didn't need it. Make sure the catcode of space is correct to avoid -% losing inside @example, for instance. -% -\def\set{\begingroup\catcode` =10 - \catcode`\-=12 \catcode`\_=12 % Allow - and _ in VAR. - \parsearg\setxxx} -\def\setxxx#1{\setyyy#1 \endsetyyy} -\def\setyyy#1 #2\endsetyyy{% - \def\temp{#2}% - \ifx\temp\empty \global\expandafter\let\csname SET#1\endcsname = \empty - \else \setzzz{#1}#2\endsetzzz % Remove the trailing space \setxxx inserted. - \fi - \endgroup -} -% Can't use \xdef to pre-expand #2 and save some time, since \temp or -% \next or other control sequences that we've defined might get us into -% an infinite loop. Consider `@set foo @cite{bar}'. -\def\setzzz#1#2 \endsetzzz{\expandafter\gdef\csname SET#1\endcsname{#2}} - -% @clear VAR clears (i.e., unsets) the variable VAR. -% -\def\clear{\parsearg\clearxxx} -\def\clearxxx#1{\global\expandafter\let\csname SET#1\endcsname=\relax} - -% @value{foo} gets the text saved in variable foo. -% -{ - \catcode`\_ = \active - % - % We might end up with active _ or - characters in the argument if - % we're called from @code, as @code{@value{foo-bar_}}. So \let any - % such active characters to their normal equivalents. - \gdef\value{\begingroup - \catcode`\-=12 \catcode`\_=12 - \indexbreaks \let_\normalunderscore - \valuexxx} -} -\def\valuexxx#1{\expandablevalue{#1}\endgroup} - -% We have this subroutine so that we can handle at least some @value's -% properly in indexes (we \let\value to this in \indexdummies). Ones -% whose names contain - or _ still won't work, but we can't do anything -% about that. The command has to be fully expandable, since the result -% winds up in the index file. This means that if the variable's value -% contains other Texinfo commands, it's almost certain it will fail -% (although perhaps we could fix that with sufficient work to do a -% one-level expansion on the result, instead of complete). -% -\def\expandablevalue#1{% - \expandafter\ifx\csname SET#1\endcsname\relax - {[No value for ``#1'']}% - \else - \csname SET#1\endcsname - \fi -} - -% @ifset VAR ... @end ifset reads the `...' iff VAR has been defined -% with @set. -% -\def\ifset{\parsearg\ifsetxxx} -\def\ifsetxxx #1{% - \expandafter\ifx\csname SET#1\endcsname\relax - \expandafter\ifsetfail - \else - \expandafter\ifsetsucceed - \fi -} -\def\ifsetsucceed{\conditionalsucceed{ifset}} -\def\ifsetfail{\nestedignore{ifset}} -\defineunmatchedend{ifset} - -% @ifclear VAR ... @end ifclear reads the `...' iff VAR has never been -% defined with @set, or has been undefined with @clear. -% -\def\ifclear{\parsearg\ifclearxxx} -\def\ifclearxxx #1{% - \expandafter\ifx\csname SET#1\endcsname\relax - \expandafter\ifclearsucceed - \else - \expandafter\ifclearfail - \fi -} -\def\ifclearsucceed{\conditionalsucceed{ifclear}} -\def\ifclearfail{\nestedignore{ifclear}} -\defineunmatchedend{ifclear} - -% @iftex, @ifnothtml, @ifnotinfo always succeed; we read the text -% following, through the first @end iftex (etc.). Make `@end iftex' -% (etc.) valid only after an @iftex. -% -\def\iftex{\conditionalsucceed{iftex}} -\def\ifnothtml{\conditionalsucceed{ifnothtml}} -\def\ifnotinfo{\conditionalsucceed{ifnotinfo}} -\defineunmatchedend{iftex} -\defineunmatchedend{ifnothtml} -\defineunmatchedend{ifnotinfo} - -% We can't just want to start a group at @iftex (for example) and end it -% at @end iftex, since then @set commands inside the conditional have no -% effect (they'd get reverted at the end of the group). So we must -% define \Eiftex to redefine itself to be its previous value. (We can't -% just define it to fail again with an ``unmatched end'' error, since -% the @ifset might be nested.) -% -\def\conditionalsucceed#1{% - \edef\temp{% - % Remember the current value of \E#1. - \let\nece{prevE#1} = \nece{E#1}% - % - % At the `@end #1', redefine \E#1 to be its previous value. - \def\nece{E#1}{\let\nece{E#1} = \nece{prevE#1}}% - }% - \temp -} - -% We need to expand lots of \csname's, but we don't want to expand the -% control sequences after we've constructed them. -% -\def\nece#1{\expandafter\noexpand\csname#1\endcsname} - -% @asis just yields its argument. Used with @table, for example. -% -\def\asis#1{#1} - -% @math means output in math mode. -% We don't use $'s directly in the definition of \math because control -% sequences like \math are expanded when the toc file is written. Then, -% we read the toc file back, the $'s will be normal characters (as they -% should be, according to the definition of Texinfo). So we must use a -% control sequence to switch into and out of math mode. -% -% This isn't quite enough for @math to work properly in indices, but it -% seems unlikely it will ever be needed there. -% -\let\implicitmath = $ -\def\math#1{\implicitmath #1\implicitmath} - -% @bullet and @minus need the same treatment as @math, just above. -\def\bullet{\implicitmath\ptexbullet\implicitmath} -\def\minus{\implicitmath-\implicitmath} - -% @refill is a no-op. -\let\refill=\relax - -% If working on a large document in chapters, it is convenient to -% be able to disable indexing, cross-referencing, and contents, for test runs. -% This is done with @novalidate (before @setfilename). -% -\newif\iflinks \linkstrue % by default we want the aux files. -\let\novalidate = \linksfalse - -% @setfilename is done at the beginning of every texinfo file. -% So open here the files we need to have open while reading the input. -% This makes it possible to make a .fmt file for texinfo. -\def\setfilename{% - \iflinks - \readauxfile - \fi % \openindices needs to do some work in any case. - \openindices - \fixbackslash % Turn off hack to swallow `\input texinfo'. - \global\let\setfilename=\comment % Ignore extra @setfilename cmds. - % - % If texinfo.cnf is present on the system, read it. - % Useful for site-wide @afourpaper, etc. - % Just to be on the safe side, close the input stream before the \input. - \openin 1 texinfo.cnf - \ifeof1 \let\temp=\relax \else \def\temp{\input texinfo.cnf }\fi - \closein1 - \temp - % - \comment % Ignore the actual filename. -} - -% Called from \setfilename. -% -\def\openindices{% - \newindex{cp}% - \newcodeindex{fn}% - \newcodeindex{vr}% - \newcodeindex{tp}% - \newcodeindex{ky}% - \newcodeindex{pg}% -} - -% @bye. -\outer\def\bye{\pagealignmacro\tracingstats=1\ptexend} - - -\message{fonts,} -% Font-change commands. - -% Texinfo sort of supports the sans serif font style, which plain TeX does not. -% So we set up a \sf analogous to plain's \rm, etc. -\newfam\sffam -\def\sf{\fam=\sffam \tensf} -\let\li = \sf % Sometimes we call it \li, not \sf. - -% We don't need math for this one. -\def\ttsl{\tenttsl} - -% Use Computer Modern fonts at \magstephalf (11pt). -\newcount\mainmagstep -\mainmagstep=\magstephalf - -% Set the font macro #1 to the font named #2, adding on the -% specified font prefix (normally `cm'). -% #3 is the font's design size, #4 is a scale factor -\def\setfont#1#2#3#4{\font#1=\fontprefix#2#3 scaled #4} - -% Use cm as the default font prefix. -% To specify the font prefix, you must define \fontprefix -% before you read in texinfo.tex. -\ifx\fontprefix\undefined -\def\fontprefix{cm} -\fi -% Support font families that don't use the same naming scheme as CM. -\def\rmshape{r} -\def\rmbshape{bx} %where the normal face is bold -\def\bfshape{b} -\def\bxshape{bx} -\def\ttshape{tt} -\def\ttbshape{tt} -\def\ttslshape{sltt} -\def\itshape{ti} -\def\itbshape{bxti} -\def\slshape{sl} -\def\slbshape{bxsl} -\def\sfshape{ss} -\def\sfbshape{ss} -\def\scshape{csc} -\def\scbshape{csc} - -\ifx\bigger\relax -\let\mainmagstep=\magstep1 -\setfont\textrm\rmshape{12}{1000} -\setfont\texttt\ttshape{12}{1000} -\else -\setfont\textrm\rmshape{10}{\mainmagstep} -\setfont\texttt\ttshape{10}{\mainmagstep} -\fi -% Instead of cmb10, you many want to use cmbx10. -% cmbx10 is a prettier font on its own, but cmb10 -% looks better when embedded in a line with cmr10. -\setfont\textbf\bfshape{10}{\mainmagstep} -\setfont\textit\itshape{10}{\mainmagstep} -\setfont\textsl\slshape{10}{\mainmagstep} -\setfont\textsf\sfshape{10}{\mainmagstep} -\setfont\textsc\scshape{10}{\mainmagstep} -\setfont\textttsl\ttslshape{10}{\mainmagstep} -\font\texti=cmmi10 scaled \mainmagstep -\font\textsy=cmsy10 scaled \mainmagstep - -% A few fonts for @defun, etc. -\setfont\defbf\bxshape{10}{\magstep1} %was 1314 -\setfont\deftt\ttshape{10}{\magstep1} -\def\df{\let\tentt=\deftt \let\tenbf = \defbf \bf} - -% Fonts for indices and small examples (9pt). -% We actually use the slanted font rather than the italic, -% because texinfo normally uses the slanted fonts for that. -% Do not make many font distinctions in general in the index, since they -% aren't very useful. -\setfont\ninett\ttshape{9}{1000} -\setfont\ninettsl\ttslshape{10}{900} -\setfont\indrm\rmshape{9}{1000} -\setfont\indit\itshape{9}{1000} -\setfont\indsl\slshape{9}{1000} -\let\indtt=\ninett -\let\indttsl=\ninettsl -\let\indsf=\indrm -\let\indbf=\indrm -\setfont\indsc\scshape{10}{900} -\font\indi=cmmi9 -\font\indsy=cmsy9 - -% Fonts for title page: -\setfont\titlerm\rmbshape{12}{\magstep3} -\setfont\titleit\itbshape{10}{\magstep4} -\setfont\titlesl\slbshape{10}{\magstep4} -\setfont\titlett\ttbshape{12}{\magstep3} -\setfont\titlettsl\ttslshape{10}{\magstep4} -\setfont\titlesf\sfbshape{17}{\magstep1} -\let\titlebf=\titlerm -\setfont\titlesc\scbshape{10}{\magstep4} -\font\titlei=cmmi12 scaled \magstep3 -\font\titlesy=cmsy10 scaled \magstep4 -\def\authorrm{\secrm} - -% Chapter (and unnumbered) fonts (17.28pt). -\setfont\chaprm\rmbshape{12}{\magstep2} -\setfont\chapit\itbshape{10}{\magstep3} -\setfont\chapsl\slbshape{10}{\magstep3} -\setfont\chaptt\ttbshape{12}{\magstep2} -\setfont\chapttsl\ttslshape{10}{\magstep3} -\setfont\chapsf\sfbshape{17}{1000} -\let\chapbf=\chaprm -\setfont\chapsc\scbshape{10}{\magstep3} -\font\chapi=cmmi12 scaled \magstep2 -\font\chapsy=cmsy10 scaled \magstep3 - -% Section fonts (14.4pt). -\setfont\secrm\rmbshape{12}{\magstep1} -\setfont\secit\itbshape{10}{\magstep2} -\setfont\secsl\slbshape{10}{\magstep2} -\setfont\sectt\ttbshape{12}{\magstep1} -\setfont\secttsl\ttslshape{10}{\magstep2} -\setfont\secsf\sfbshape{12}{\magstep1} -\let\secbf\secrm -\setfont\secsc\scbshape{10}{\magstep2} -\font\seci=cmmi12 scaled \magstep1 -\font\secsy=cmsy10 scaled \magstep2 - -% \setfont\ssecrm\bxshape{10}{\magstep1} % This size an font looked bad. -% \setfont\ssecit\itshape{10}{\magstep1} % The letters were too crowded. -% \setfont\ssecsl\slshape{10}{\magstep1} -% \setfont\ssectt\ttshape{10}{\magstep1} -% \setfont\ssecsf\sfshape{10}{\magstep1} - -%\setfont\ssecrm\bfshape{10}{1315} % Note the use of cmb rather than cmbx. -%\setfont\ssecit\itshape{10}{1315} % Also, the size is a little larger than -%\setfont\ssecsl\slshape{10}{1315} % being scaled magstep1. -%\setfont\ssectt\ttshape{10}{1315} -%\setfont\ssecsf\sfshape{10}{1315} - -%\let\ssecbf=\ssecrm - -% Subsection fonts (13.15pt). -\setfont\ssecrm\rmbshape{12}{\magstephalf} -\setfont\ssecit\itbshape{10}{1315} -\setfont\ssecsl\slbshape{10}{1315} -\setfont\ssectt\ttbshape{12}{\magstephalf} -\setfont\ssecttsl\ttslshape{10}{1315} -\setfont\ssecsf\sfbshape{12}{\magstephalf} -\let\ssecbf\ssecrm -\setfont\ssecsc\scbshape{10}{\magstep1} -\font\sseci=cmmi12 scaled \magstephalf -\font\ssecsy=cmsy10 scaled 1315 -% The smallcaps and symbol fonts should actually be scaled \magstep1.5, -% but that is not a standard magnification. - -% In order for the font changes to affect most math symbols and letters, -% we have to define the \textfont of the standard families. Since -% texinfo doesn't allow for producing subscripts and superscripts, we -% don't bother to reset \scriptfont and \scriptscriptfont (which would -% also require loading a lot more fonts). -% -\def\resetmathfonts{% - \textfont0 = \tenrm \textfont1 = \teni \textfont2 = \tensy - \textfont\itfam = \tenit \textfont\slfam = \tensl \textfont\bffam = \tenbf - \textfont\ttfam = \tentt \textfont\sffam = \tensf -} - - -% The font-changing commands redefine the meanings of \tenSTYLE, instead -% of just \STYLE. We do this so that font changes will continue to work -% in math mode, where it is the current \fam that is relevant in most -% cases, not the current font. Plain TeX does \def\bf{\fam=\bffam -% \tenbf}, for example. By redefining \tenbf, we obviate the need to -% redefine \bf itself. -\def\textfonts{% - \let\tenrm=\textrm \let\tenit=\textit \let\tensl=\textsl - \let\tenbf=\textbf \let\tentt=\texttt \let\smallcaps=\textsc - \let\tensf=\textsf \let\teni=\texti \let\tensy=\textsy \let\tenttsl=\textttsl - \resetmathfonts} -\def\titlefonts{% - \let\tenrm=\titlerm \let\tenit=\titleit \let\tensl=\titlesl - \let\tenbf=\titlebf \let\tentt=\titlett \let\smallcaps=\titlesc - \let\tensf=\titlesf \let\teni=\titlei \let\tensy=\titlesy - \let\tenttsl=\titlettsl - \resetmathfonts \setleading{25pt}} -\def\titlefont#1{{\titlefonts\rm #1}} -\def\chapfonts{% - \let\tenrm=\chaprm \let\tenit=\chapit \let\tensl=\chapsl - \let\tenbf=\chapbf \let\tentt=\chaptt \let\smallcaps=\chapsc - \let\tensf=\chapsf \let\teni=\chapi \let\tensy=\chapsy \let\tenttsl=\chapttsl - \resetmathfonts \setleading{19pt}} -\def\secfonts{% - \let\tenrm=\secrm \let\tenit=\secit \let\tensl=\secsl - \let\tenbf=\secbf \let\tentt=\sectt \let\smallcaps=\secsc - \let\tensf=\secsf \let\teni=\seci \let\tensy=\secsy \let\tenttsl=\secttsl - \resetmathfonts \setleading{16pt}} -\def\subsecfonts{% - \let\tenrm=\ssecrm \let\tenit=\ssecit \let\tensl=\ssecsl - \let\tenbf=\ssecbf \let\tentt=\ssectt \let\smallcaps=\ssecsc - \let\tensf=\ssecsf \let\teni=\sseci \let\tensy=\ssecsy \let\tenttsl=\ssecttsl - \resetmathfonts \setleading{15pt}} -\let\subsubsecfonts = \subsecfonts % Maybe make sssec fonts scaled magstephalf? -\def\indexfonts{% - \let\tenrm=\indrm \let\tenit=\indit \let\tensl=\indsl - \let\tenbf=\indbf \let\tentt=\indtt \let\smallcaps=\indsc - \let\tensf=\indsf \let\teni=\indi \let\tensy=\indsy \let\tenttsl=\indttsl - \resetmathfonts \setleading{12pt}} - -% Set up the default fonts, so we can use them for creating boxes. -% -\textfonts - -% Define these so they can be easily changed for other fonts. -\def\angleleft{$\langle$} -\def\angleright{$\rangle$} - -% Count depth in font-changes, for error checks -\newcount\fontdepth \fontdepth=0 - -% Fonts for short table of contents. -\setfont\shortcontrm\rmshape{12}{1000} -\setfont\shortcontbf\bxshape{12}{1000} -\setfont\shortcontsl\slshape{12}{1000} - -%% Add scribe-like font environments, plus @l for inline lisp (usually sans -%% serif) and @ii for TeX italic - -% \smartitalic{ARG} outputs arg in italics, followed by an italic correction -% unless the following character is such as not to need one. -\def\smartitalicx{\ifx\next,\else\ifx\next-\else\ifx\next.\else\/\fi\fi\fi} -\def\smartslanted#1{{\sl #1}\futurelet\next\smartitalicx} -\def\smartitalic#1{{\it #1}\futurelet\next\smartitalicx} - -\let\i=\smartitalic -\let\var=\smartslanted -\let\dfn=\smartslanted -\let\emph=\smartitalic -\let\cite=\smartslanted - -\def\b#1{{\bf #1}} -\let\strong=\b - -% We can't just use \exhyphenpenalty, because that only has effect at -% the end of a paragraph. Restore normal hyphenation at the end of the -% group within which \nohyphenation is presumably called. -% -\def\nohyphenation{\hyphenchar\font = -1 \aftergroup\restorehyphenation} -\def\restorehyphenation{\hyphenchar\font = `- } - -\def\t#1{% - {\tt \rawbackslash \frenchspacing #1}% - \null -} -\let\ttfont=\t -\def\samp#1{`\tclose{#1}'\null} -\setfont\smallrm\rmshape{8}{1000} -\font\smallsy=cmsy9 -\def\key#1{{\smallrm\textfont2=\smallsy \leavevmode\hbox{% - \raise0.4pt\hbox{\angleleft}\kern-.08em\vtop{% - \vbox{\hrule\kern-0.4pt - \hbox{\raise0.4pt\hbox{\vphantom{\angleleft}}#1}}% - \kern-0.4pt\hrule}% - \kern-.06em\raise0.4pt\hbox{\angleright}}}} -% The old definition, with no lozenge: -%\def\key #1{{\ttsl \nohyphenation \uppercase{#1}}\null} -\def\ctrl #1{{\tt \rawbackslash \hat}#1} - -% @file, @option are the same as @samp. -\let\file=\samp -\let\option=\samp - -% @code is a modification of @t, -% which makes spaces the same size as normal in the surrounding text. -\def\tclose#1{% - {% - % Change normal interword space to be same as for the current font. - \spaceskip = \fontdimen2\font - % - % Switch to typewriter. - \tt - % - % But `\ ' produces the large typewriter interword space. - \def\ {{\spaceskip = 0pt{} }}% - % - % Turn off hyphenation. - \nohyphenation - % - \rawbackslash - \frenchspacing - #1% - }% - \null -} - -% We *must* turn on hyphenation at `-' and `_' in \code. -% Otherwise, it is too hard to avoid overfull hboxes -% in the Emacs manual, the Library manual, etc. - -% Unfortunately, TeX uses one parameter (\hyphenchar) to control -% both hyphenation at - and hyphenation within words. -% We must therefore turn them both off (\tclose does that) -% and arrange explicitly to hyphenate at a dash. -% -- rms. -{ - \catcode`\-=\active - \catcode`\_=\active - % - \global\def\code{\begingroup - \catcode`\-=\active \let-\codedash - \catcode`\_=\active \let_\codeunder - \codex - } - % - % If we end up with any active - characters when handling the index, - % just treat them as a normal -. - \global\def\indexbreaks{\catcode`\-=\active \let-\realdash} -} - -\def\realdash{-} -\def\codedash{-\discretionary{}{}{}} -\def\codeunder{\ifusingtt{\normalunderscore\discretionary{}{}{}}{\_}} -\def\codex #1{\tclose{#1}\endgroup} - -%\let\exp=\tclose %Was temporary - -% @kbd is like @code, except that if the argument is just one @key command, -% then @kbd has no effect. - -% @kbdinputstyle -- arg is `distinct' (@kbd uses slanted tty font always), -% `example' (@kbd uses ttsl only inside of @example and friends), -% or `code' (@kbd uses normal tty font always). -\def\kbdinputstyle{\parsearg\kbdinputstylexxx} -\def\kbdinputstylexxx#1{% - \def\arg{#1}% - \ifx\arg\worddistinct - \gdef\kbdexamplefont{\ttsl}\gdef\kbdfont{\ttsl}% - \else\ifx\arg\wordexample - \gdef\kbdexamplefont{\ttsl}\gdef\kbdfont{\tt}% - \else\ifx\arg\wordcode - \gdef\kbdexamplefont{\tt}\gdef\kbdfont{\tt}% - \fi\fi\fi -} -\def\worddistinct{distinct} -\def\wordexample{example} -\def\wordcode{code} - -% Default is kbdinputdistinct. (Too much of a hassle to call the macro, -% the catcodes are wrong for parsearg to work.) -\gdef\kbdexamplefont{\ttsl}\gdef\kbdfont{\ttsl} - -\def\xkey{\key} -\def\kbdfoo#1#2#3\par{\def\one{#1}\def\three{#3}\def\threex{??}% -\ifx\one\xkey\ifx\threex\three \key{#2}% -\else{\tclose{\kbdfont\look}}\fi -\else{\tclose{\kbdfont\look}}\fi} - -% For @url, @env, @command quotes seem unnecessary, so use \code. -\let\url=\code -\let\env=\code -\let\command=\code - -% @uref (abbreviation for `urlref') takes an optional second argument -% specifying the text to display. First (mandatory) arg is the url. -% Perhaps eventually put in a hypertex \special here. -% -\def\uref#1{\urefxxx #1,,\finish} -\def\urefxxx#1,#2,#3\finish{% - \setbox0 = \hbox{\ignorespaces #2}% - \ifdim\wd0 > 0pt - \unhbox0\ (\code{#1})% - \else - \code{#1}% - \fi -} - -% rms does not like the angle brackets --karl, 17may97. -% So now @email is just like @uref. -%\def\email#1{\angleleft{\tt #1}\angleright} -\let\email=\uref - -% Check if we are currently using a typewriter font. Since all the -% Computer Modern typewriter fonts have zero interword stretch (and -% shrink), and it is reasonable to expect all typewriter fonts to have -% this property, we can check that font parameter. -% -\def\ifmonospace{\ifdim\fontdimen3\font=0pt } - -% Typeset a dimension, e.g., `in' or `pt'. The only reason for the -% argument is to make the input look right: @dmn{pt} instead of @dmn{}pt. -% -\def\dmn#1{\thinspace #1} - -\def\kbd#1{\def\look{#1}\expandafter\kbdfoo\look??\par} - -% @l was never documented to mean ``switch to the Lisp font'', -% and it is not used as such in any manual I can find. We need it for -% Polish suppressed-l. --karl, 22sep96. -%\def\l#1{{\li #1}\null} - -% Explicit font changes: @r, @sc, undocumented @ii. -\def\r#1{{\rm #1}} % roman font -\def\sc#1{{\smallcaps#1}} % smallcaps font -\def\ii#1{{\it #1}} % italic font - -% @acronym downcases the argument and prints in smallcaps. -\def\acronym#1{{\smallcaps \lowercase{#1}}} - -% @pounds{} is a sterling sign. -\def\pounds{{\it\$}} - - -\message{page headings,} - -\newskip\titlepagetopglue \titlepagetopglue = 1.5in -\newskip\titlepagebottomglue \titlepagebottomglue = 2pc - -% First the title page. Must do @settitle before @titlepage. -\newif\ifseenauthor -\newif\iffinishedtitlepage - -% Do an implicit @contents or @shortcontents after @end titlepage if the -% user says @setcontentsaftertitlepage or @setshortcontentsaftertitlepage. -% -\newif\ifsetcontentsaftertitlepage - \let\setcontentsaftertitlepage = \setcontentsaftertitlepagetrue -\newif\ifsetshortcontentsaftertitlepage - \let\setshortcontentsaftertitlepage = \setshortcontentsaftertitlepagetrue - -\def\shorttitlepage{\parsearg\shorttitlepagezzz} -\def\shorttitlepagezzz #1{\begingroup\hbox{}\vskip 1.5in \chaprm \centerline{#1}% - \endgroup\page\hbox{}\page} - -\def\titlepage{\begingroup \parindent=0pt \textfonts - \let\subtitlerm=\tenrm - \def\subtitlefont{\subtitlerm \normalbaselineskip = 13pt \normalbaselines}% - % - \def\authorfont{\authorrm \normalbaselineskip = 16pt \normalbaselines}% - % - % Leave some space at the very top of the page. - \vglue\titlepagetopglue - % - % Now you can print the title using @title. - \def\title{\parsearg\titlezzz}% - \def\titlezzz##1{\leftline{\titlefonts\rm ##1} - % print a rule at the page bottom also. - \finishedtitlepagefalse - \vskip4pt \hrule height 4pt width \hsize \vskip4pt}% - % No rule at page bottom unless we print one at the top with @title. - \finishedtitlepagetrue - % - % Now you can put text using @subtitle. - \def\subtitle{\parsearg\subtitlezzz}% - \def\subtitlezzz##1{{\subtitlefont \rightline{##1}}}% - % - % @author should come last, but may come many times. - \def\author{\parsearg\authorzzz}% - \def\authorzzz##1{\ifseenauthor\else\vskip 0pt plus 1filll\seenauthortrue\fi - {\authorfont \leftline{##1}}}% - % - % Most title ``pages'' are actually two pages long, with space - % at the top of the second. We don't want the ragged left on the second. - \let\oldpage = \page - \def\page{% - \iffinishedtitlepage\else - \finishtitlepage - \fi - \oldpage - \let\page = \oldpage - \hbox{}}% -% \def\page{\oldpage \hbox{}} -} - -\def\Etitlepage{% - \iffinishedtitlepage\else - \finishtitlepage - \fi - % It is important to do the page break before ending the group, - % because the headline and footline are only empty inside the group. - % If we use the new definition of \page, we always get a blank page - % after the title page, which we certainly don't want. - \oldpage - \endgroup - % - % If they want short, they certainly want long too. - \ifsetshortcontentsaftertitlepage - \shortcontents - \contents - \global\let\shortcontents = \relax - \global\let\contents = \relax - \fi - % - \ifsetcontentsaftertitlepage - \contents - \global\let\contents = \relax - \global\let\shortcontents = \relax - \fi - % - \HEADINGSon -} - -\def\finishtitlepage{% - \vskip4pt \hrule height 2pt width \hsize - \vskip\titlepagebottomglue - \finishedtitlepagetrue -} - -%%% Set up page headings and footings. - -\let\thispage=\folio - -\newtoks\evenheadline % headline on even pages -\newtoks\oddheadline % headline on odd pages -\newtoks\evenfootline % footline on even pages -\newtoks\oddfootline % footline on odd pages - -% Now make Tex use those variables -\headline={{\textfonts\rm \ifodd\pageno \the\oddheadline - \else \the\evenheadline \fi}} -\footline={{\textfonts\rm \ifodd\pageno \the\oddfootline - \else \the\evenfootline \fi}\HEADINGShook} -\let\HEADINGShook=\relax - -% Commands to set those variables. -% For example, this is what @headings on does -% @evenheading @thistitle|@thispage|@thischapter -% @oddheading @thischapter|@thispage|@thistitle -% @evenfooting @thisfile|| -% @oddfooting ||@thisfile - -\def\evenheading{\parsearg\evenheadingxxx} -\def\oddheading{\parsearg\oddheadingxxx} -\def\everyheading{\parsearg\everyheadingxxx} - -\def\evenfooting{\parsearg\evenfootingxxx} -\def\oddfooting{\parsearg\oddfootingxxx} -\def\everyfooting{\parsearg\everyfootingxxx} - -{\catcode`\@=0 % - -\gdef\evenheadingxxx #1{\evenheadingyyy #1@|@|@|@|\finish} -\gdef\evenheadingyyy #1@|#2@|#3@|#4\finish{% -\global\evenheadline={\rlap{\centerline{#2}}\line{#1\hfil#3}}} - -\gdef\oddheadingxxx #1{\oddheadingyyy #1@|@|@|@|\finish} -\gdef\oddheadingyyy #1@|#2@|#3@|#4\finish{% -\global\oddheadline={\rlap{\centerline{#2}}\line{#1\hfil#3}}} - -\gdef\everyheadingxxx#1{\oddheadingxxx{#1}\evenheadingxxx{#1}}% - -\gdef\evenfootingxxx #1{\evenfootingyyy #1@|@|@|@|\finish} -\gdef\evenfootingyyy #1@|#2@|#3@|#4\finish{% -\global\evenfootline={\rlap{\centerline{#2}}\line{#1\hfil#3}}} - -\gdef\oddfootingxxx #1{\oddfootingyyy #1@|@|@|@|\finish} -\gdef\oddfootingyyy #1@|#2@|#3@|#4\finish{% - \global\oddfootline = {\rlap{\centerline{#2}}\line{#1\hfil#3}}% - % - % Leave some space for the footline. Hopefully ok to assume - % @evenfooting will not be used by itself. - \global\advance\pageheight by -\baselineskip - \global\advance\vsize by -\baselineskip -} - -\gdef\everyfootingxxx#1{\oddfootingxxx{#1}\evenfootingxxx{#1}} -% -}% unbind the catcode of @. - -% @headings double turns headings on for double-sided printing. -% @headings single turns headings on for single-sided printing. -% @headings off turns them off. -% @headings on same as @headings double, retained for compatibility. -% @headings after turns on double-sided headings after this page. -% @headings doubleafter turns on double-sided headings after this page. -% @headings singleafter turns on single-sided headings after this page. -% By default, they are off at the start of a document, -% and turned `on' after @end titlepage. - -\def\headings #1 {\csname HEADINGS#1\endcsname} - -\def\HEADINGSoff{ -\global\evenheadline={\hfil} \global\evenfootline={\hfil} -\global\oddheadline={\hfil} \global\oddfootline={\hfil}} -\HEADINGSoff -% When we turn headings on, set the page number to 1. -% For double-sided printing, put current file name in lower left corner, -% chapter name on inside top of right hand pages, document -% title on inside top of left hand pages, and page numbers on outside top -% edge of all pages. -\def\HEADINGSdouble{ -\global\pageno=1 -\global\evenfootline={\hfil} -\global\oddfootline={\hfil} -\global\evenheadline={\line{\folio\hfil\thistitle}} -\global\oddheadline={\line{\thischapter\hfil\folio}} -\global\let\contentsalignmacro = \chapoddpage -} -\let\contentsalignmacro = \chappager - -% For single-sided printing, chapter title goes across top left of page, -% page number on top right. -\def\HEADINGSsingle{ -\global\pageno=1 -\global\evenfootline={\hfil} -\global\oddfootline={\hfil} -\global\evenheadline={\line{\thischapter\hfil\folio}} -\global\oddheadline={\line{\thischapter\hfil\folio}} -\global\let\contentsalignmacro = \chappager -} -\def\HEADINGSon{\HEADINGSdouble} - -\def\HEADINGSafter{\let\HEADINGShook=\HEADINGSdoublex} -\let\HEADINGSdoubleafter=\HEADINGSafter -\def\HEADINGSdoublex{% -\global\evenfootline={\hfil} -\global\oddfootline={\hfil} -\global\evenheadline={\line{\folio\hfil\thistitle}} -\global\oddheadline={\line{\thischapter\hfil\folio}} -\global\let\contentsalignmacro = \chapoddpage -} - -\def\HEADINGSsingleafter{\let\HEADINGShook=\HEADINGSsinglex} -\def\HEADINGSsinglex{% -\global\evenfootline={\hfil} -\global\oddfootline={\hfil} -\global\evenheadline={\line{\thischapter\hfil\folio}} -\global\oddheadline={\line{\thischapter\hfil\folio}} -\global\let\contentsalignmacro = \chappager -} - -% Subroutines used in generating headings -% Produces Day Month Year style of output. -\def\today{\number\day\space -\ifcase\month\or -January\or February\or March\or April\or May\or June\or -July\or August\or September\or October\or November\or December\fi -\space\number\year} - -% Use this if you want the Month Day, Year style of output. -%\def\today{\ifcase\month\or -%January\or February\or March\or April\or May\or June\or -%July\or August\or September\or October\or November\or December\fi -%\space\number\day, \number\year} - -% @settitle line... specifies the title of the document, for headings -% It generates no output of its own - -\def\thistitle{No Title} -\def\settitle{\parsearg\settitlezzz} -\def\settitlezzz #1{\gdef\thistitle{#1}} - - -\message{tables,} -% Tables -- @table, @ftable, @vtable, @item(x), @kitem(x), @xitem(x). - -% default indentation of table text -\newdimen\tableindent \tableindent=.8in -% default indentation of @itemize and @enumerate text -\newdimen\itemindent \itemindent=.3in -% margin between end of table item and start of table text. -\newdimen\itemmargin \itemmargin=.1in - -% used internally for \itemindent minus \itemmargin -\newdimen\itemmax - -% Note @table, @vtable, and @vtable define @item, @itemx, etc., with -% these defs. -% They also define \itemindex -% to index the item name in whatever manner is desired (perhaps none). - -\newif\ifitemxneedsnegativevskip - -\def\itemxpar{\par\ifitemxneedsnegativevskip\nobreak\vskip-\parskip\nobreak\fi} - -\def\internalBitem{\smallbreak \parsearg\itemzzz} -\def\internalBitemx{\itemxpar \parsearg\itemzzz} - -\def\internalBxitem "#1"{\def\xitemsubtopix{#1} \smallbreak \parsearg\xitemzzz} -\def\internalBxitemx "#1"{\def\xitemsubtopix{#1} \itemxpar \parsearg\xitemzzz} - -\def\internalBkitem{\smallbreak \parsearg\kitemzzz} -\def\internalBkitemx{\itemxpar \parsearg\kitemzzz} - -\def\kitemzzz #1{\dosubind {kw}{\code{#1}}{for {\bf \lastfunction}}% - \itemzzz {#1}} - -\def\xitemzzz #1{\dosubind {kw}{\code{#1}}{for {\bf \xitemsubtopic}}% - \itemzzz {#1}} - -\def\itemzzz #1{\begingroup % - \advance\hsize by -\rightskip - \advance\hsize by -\tableindent - \setbox0=\hbox{\itemfont{#1}}% - \itemindex{#1}% - \nobreak % This prevents a break before @itemx. - % - % If the item text does not fit in the space we have, put it on a line - % by itself, and do not allow a page break either before or after that - % line. We do not start a paragraph here because then if the next - % command is, e.g., @kindex, the whatsit would get put into the - % horizontal list on a line by itself, resulting in extra blank space. - \ifdim \wd0>\itemmax - % - % Make this a paragraph so we get the \parskip glue and wrapping, - % but leave it ragged-right. - \begingroup - \advance\leftskip by-\tableindent - \advance\hsize by\tableindent - \advance\rightskip by0pt plus1fil - \leavevmode\unhbox0\par - \endgroup - % - % We're going to be starting a paragraph, but we don't want the - % \parskip glue -- logically it's part of the @item we just started. - \nobreak \vskip-\parskip - % - % Stop a page break at the \parskip glue coming up. Unfortunately - % we can't prevent a possible page break at the following - % \baselineskip glue. - \nobreak - \endgroup - \itemxneedsnegativevskipfalse - \else - % The item text fits into the space. Start a paragraph, so that the - % following text (if any) will end up on the same line. - \noindent - % Do this with kerns and \unhbox so that if there is a footnote in - % the item text, it can migrate to the main vertical list and - % eventually be printed. - \nobreak\kern-\tableindent - \dimen0 = \itemmax \advance\dimen0 by \itemmargin \advance\dimen0 by -\wd0 - \unhbox0 - \nobreak\kern\dimen0 - \endgroup - \itemxneedsnegativevskiptrue - \fi -} - -\def\item{\errmessage{@item while not in a table}} -\def\itemx{\errmessage{@itemx while not in a table}} -\def\kitem{\errmessage{@kitem while not in a table}} -\def\kitemx{\errmessage{@kitemx while not in a table}} -\def\xitem{\errmessage{@xitem while not in a table}} -\def\xitemx{\errmessage{@xitemx while not in a table}} - -% Contains a kludge to get @end[description] to work. -\def\description{\tablez{\dontindex}{1}{}{}{}{}} - -% @table, @ftable, @vtable. -\def\table{\begingroup\inENV\obeylines\obeyspaces\tablex} -{\obeylines\obeyspaces% -\gdef\tablex #1^^M{% -\tabley\dontindex#1 \endtabley}} - -\def\ftable{\begingroup\inENV\obeylines\obeyspaces\ftablex} -{\obeylines\obeyspaces% -\gdef\ftablex #1^^M{% -\tabley\fnitemindex#1 \endtabley -\def\Eftable{\endgraf\afterenvbreak\endgroup}% -\let\Etable=\relax}} - -\def\vtable{\begingroup\inENV\obeylines\obeyspaces\vtablex} -{\obeylines\obeyspaces% -\gdef\vtablex #1^^M{% -\tabley\vritemindex#1 \endtabley -\def\Evtable{\endgraf\afterenvbreak\endgroup}% -\let\Etable=\relax}} - -\def\dontindex #1{} -\def\fnitemindex #1{\doind {fn}{\code{#1}}}% -\def\vritemindex #1{\doind {vr}{\code{#1}}}% - -{\obeyspaces % -\gdef\tabley#1#2 #3 #4 #5 #6 #7\endtabley{\endgroup% -\tablez{#1}{#2}{#3}{#4}{#5}{#6}}} - -\def\tablez #1#2#3#4#5#6{% -\aboveenvbreak % -\begingroup % -\def\Edescription{\Etable}% Necessary kludge. -\let\itemindex=#1% -\ifnum 0#3>0 \advance \leftskip by #3\mil \fi % -\ifnum 0#4>0 \tableindent=#4\mil \fi % -\ifnum 0#5>0 \advance \rightskip by #5\mil \fi % -\def\itemfont{#2}% -\itemmax=\tableindent % -\advance \itemmax by -\itemmargin % -\advance \leftskip by \tableindent % -\exdentamount=\tableindent -\parindent = 0pt -\parskip = \smallskipamount -\ifdim \parskip=0pt \parskip=2pt \fi% -\def\Etable{\endgraf\afterenvbreak\endgroup}% -\let\item = \internalBitem % -\let\itemx = \internalBitemx % -\let\kitem = \internalBkitem % -\let\kitemx = \internalBkitemx % -\let\xitem = \internalBxitem % -\let\xitemx = \internalBxitemx % -} - -% This is the counter used by @enumerate, which is really @itemize - -\newcount \itemno - -\def\itemize{\parsearg\itemizezzz} - -\def\itemizezzz #1{% - \begingroup % ended by the @end itemize - \itemizey {#1}{\Eitemize} -} - -\def\itemizey #1#2{% -\aboveenvbreak % -\itemmax=\itemindent % -\advance \itemmax by -\itemmargin % -\advance \leftskip by \itemindent % -\exdentamount=\itemindent -\parindent = 0pt % -\parskip = \smallskipamount % -\ifdim \parskip=0pt \parskip=2pt \fi% -\def#2{\endgraf\afterenvbreak\endgroup}% -\def\itemcontents{#1}% -\let\item=\itemizeitem} - -% Set sfcode to normal for the chars that usually have another value. -% These are `.?!:;,' -\def\frenchspacing{\sfcode46=1000 \sfcode63=1000 \sfcode33=1000 - \sfcode58=1000 \sfcode59=1000 \sfcode44=1000 } - -% \splitoff TOKENS\endmark defines \first to be the first token in -% TOKENS, and \rest to be the remainder. -% -\def\splitoff#1#2\endmark{\def\first{#1}\def\rest{#2}}% - -% Allow an optional argument of an uppercase letter, lowercase letter, -% or number, to specify the first label in the enumerated list. No -% argument is the same as `1'. -% -\def\enumerate{\parsearg\enumeratezzz} -\def\enumeratezzz #1{\enumeratey #1 \endenumeratey} -\def\enumeratey #1 #2\endenumeratey{% - \begingroup % ended by the @end enumerate - % - % If we were given no argument, pretend we were given `1'. - \def\thearg{#1}% - \ifx\thearg\empty \def\thearg{1}\fi - % - % Detect if the argument is a single token. If so, it might be a - % letter. Otherwise, the only valid thing it can be is a number. - % (We will always have one token, because of the test we just made. - % This is a good thing, since \splitoff doesn't work given nothing at - % all -- the first parameter is undelimited.) - \expandafter\splitoff\thearg\endmark - \ifx\rest\empty - % Only one token in the argument. It could still be anything. - % A ``lowercase letter'' is one whose \lccode is nonzero. - % An ``uppercase letter'' is one whose \lccode is both nonzero, and - % not equal to itself. - % Otherwise, we assume it's a number. - % - % We need the \relax at the end of the \ifnum lines to stop TeX from - % continuing to look for a . - % - \ifnum\lccode\expandafter`\thearg=0\relax - \numericenumerate % a number (we hope) - \else - % It's a letter. - \ifnum\lccode\expandafter`\thearg=\expandafter`\thearg\relax - \lowercaseenumerate % lowercase letter - \else - \uppercaseenumerate % uppercase letter - \fi - \fi - \else - % Multiple tokens in the argument. We hope it's a number. - \numericenumerate - \fi -} - -% An @enumerate whose labels are integers. The starting integer is -% given in \thearg. -% -\def\numericenumerate{% - \itemno = \thearg - \startenumeration{\the\itemno}% -} - -% The starting (lowercase) letter is in \thearg. -\def\lowercaseenumerate{% - \itemno = \expandafter`\thearg - \startenumeration{% - % Be sure we're not beyond the end of the alphabet. - \ifnum\itemno=0 - \errmessage{No more lowercase letters in @enumerate; get a bigger - alphabet}% - \fi - \char\lccode\itemno - }% -} - -% The starting (uppercase) letter is in \thearg. -\def\uppercaseenumerate{% - \itemno = \expandafter`\thearg - \startenumeration{% - % Be sure we're not beyond the end of the alphabet. - \ifnum\itemno=0 - \errmessage{No more uppercase letters in @enumerate; get a bigger - alphabet} - \fi - \char\uccode\itemno - }% -} - -% Call itemizey, adding a period to the first argument and supplying the -% common last two arguments. Also subtract one from the initial value in -% \itemno, since @item increments \itemno. -% -\def\startenumeration#1{% - \advance\itemno by -1 - \itemizey{#1.}\Eenumerate\flushcr -} - -% @alphaenumerate and @capsenumerate are abbreviations for giving an arg -% to @enumerate. -% -\def\alphaenumerate{\enumerate{a}} -\def\capsenumerate{\enumerate{A}} -\def\Ealphaenumerate{\Eenumerate} -\def\Ecapsenumerate{\Eenumerate} - -% Definition of @item while inside @itemize. - -\def\itemizeitem{% -\advance\itemno by 1 -{\let\par=\endgraf \smallbreak}% -\ifhmode \errmessage{In hmode at itemizeitem}\fi -{\parskip=0in \hskip 0pt -\hbox to 0pt{\hss \itemcontents\hskip \itemmargin}% -\vadjust{\penalty 1200}}% -\flushcr} - -% @multitable macros -% Amy Hendrickson, 8/18/94, 3/6/96 -% -% @multitable ... @end multitable will make as many columns as desired. -% Contents of each column will wrap at width given in preamble. Width -% can be specified either with sample text given in a template line, -% or in percent of \hsize, the current width of text on page. - -% Table can continue over pages but will only break between lines. - -% To make preamble: -% -% Either define widths of columns in terms of percent of \hsize: -% @multitable @columnfractions .25 .3 .45 -% @item ... -% -% Numbers following @columnfractions are the percent of the total -% current hsize to be used for each column. You may use as many -% columns as desired. - - -% Or use a template: -% @multitable {Column 1 template} {Column 2 template} {Column 3 template} -% @item ... -% using the widest term desired in each column. -% -% For those who want to use more than one line's worth of words in -% the preamble, break the line within one argument and it -% will parse correctly, i.e., -% -% @multitable {Column 1 template} {Column 2 template} {Column 3 -% template} -% Not: -% @multitable {Column 1 template} {Column 2 template} -% {Column 3 template} - -% Each new table line starts with @item, each subsequent new column -% starts with @tab. Empty columns may be produced by supplying @tab's -% with nothing between them for as many times as empty columns are needed, -% ie, @tab@tab@tab will produce two empty columns. - -% @item, @tab, @multitable or @end multitable do not need to be on their -% own lines, but it will not hurt if they are. - -% Sample multitable: - -% @multitable {Column 1 template} {Column 2 template} {Column 3 template} -% @item first col stuff @tab second col stuff @tab third col -% @item -% first col stuff -% @tab -% second col stuff -% @tab -% third col -% @item first col stuff @tab second col stuff -% @tab Many paragraphs of text may be used in any column. -% -% They will wrap at the width determined by the template. -% @item@tab@tab This will be in third column. -% @end multitable - -% Default dimensions may be reset by user. -% @multitableparskip is vertical space between paragraphs in table. -% @multitableparindent is paragraph indent in table. -% @multitablecolmargin is horizontal space to be left between columns. -% @multitablelinespace is space to leave between table items, baseline -% to baseline. -% 0pt means it depends on current normal line spacing. -% -\newskip\multitableparskip -\newskip\multitableparindent -\newdimen\multitablecolspace -\newskip\multitablelinespace -\multitableparskip=0pt -\multitableparindent=6pt -\multitablecolspace=12pt -\multitablelinespace=0pt - -% Macros used to set up halign preamble: -% -\let\endsetuptable\relax -\def\xendsetuptable{\endsetuptable} -\let\columnfractions\relax -\def\xcolumnfractions{\columnfractions} -\newif\ifsetpercent - -% #1 is the part of the @columnfraction before the decimal point, which -% is presumably either 0 or the empty string (but we don't check, we -% just throw it away). #2 is the decimal part, which we use as the -% percent of \hsize for this column. -\def\pickupwholefraction#1.#2 {% - \global\advance\colcount by 1 - \expandafter\xdef\csname col\the\colcount\endcsname{.#2\hsize}% - \setuptable -} - -\newcount\colcount -\def\setuptable#1{% - \def\firstarg{#1}% - \ifx\firstarg\xendsetuptable - \let\go = \relax - \else - \ifx\firstarg\xcolumnfractions - \global\setpercenttrue - \else - \ifsetpercent - \let\go\pickupwholefraction - \else - \global\advance\colcount by 1 - \setbox0=\hbox{#1\unskip }% Add a normal word space as a separator; - % typically that is always in the input, anyway. - \expandafter\xdef\csname col\the\colcount\endcsname{\the\wd0}% - \fi - \fi - \ifx\go\pickupwholefraction - % Put the argument back for the \pickupwholefraction call, so - % we'll always have a period there to be parsed. - \def\go{\pickupwholefraction#1}% - \else - \let\go = \setuptable - \fi% - \fi - \go -} - -% multitable syntax -\def\tab{&\hskip1sp\relax} % 2/2/96 - % tiny skip here makes sure this column space is - % maintained, even if it is never used. - -% @multitable ... @end multitable definitions: -% -\def\multitable{\parsearg\dotable} -\def\dotable#1{\bgroup - \vskip\parskip - \let\item\crcr - \tolerance=9500 - \hbadness=9500 - \setmultitablespacing - \parskip=\multitableparskip - \parindent=\multitableparindent - \overfullrule=0pt - \global\colcount=0 - \def\Emultitable{\global\setpercentfalse\cr\egroup\egroup}% - % - % To parse everything between @multitable and @item: - \setuptable#1 \endsetuptable - % - % \everycr will reset column counter, \colcount, at the end of - % each line. Every column entry will cause \colcount to advance by one. - % The table preamble - % looks at the current \colcount to find the correct column width. - \everycr{\noalign{% - % - % \filbreak%% keeps underfull box messages off when table breaks over pages. - % Maybe so, but it also creates really weird page breaks when the table - % breaks over pages. Wouldn't \vfil be better? Wait until the problem - % manifests itself, so it can be fixed for real --karl. - \global\colcount=0\relax}}% - % - % This preamble sets up a generic column definition, which will - % be used as many times as user calls for columns. - % \vtop will set a single line and will also let text wrap and - % continue for many paragraphs if desired. - \halign\bgroup&\global\advance\colcount by 1\relax - \multistrut\vtop{\hsize=\expandafter\csname col\the\colcount\endcsname - % - % In order to keep entries from bumping into each other - % we will add a \leftskip of \multitablecolspace to all columns after - % the first one. - % - % If a template has been used, we will add \multitablecolspace - % to the width of each template entry. - % - % If the user has set preamble in terms of percent of \hsize we will - % use that dimension as the width of the column, and the \leftskip - % will keep entries from bumping into each other. Table will start at - % left margin and final column will justify at right margin. - % - % Make sure we don't inherit \rightskip from the outer environment. - \rightskip=0pt - \ifnum\colcount=1 - % The first column will be indented with the surrounding text. - \advance\hsize by\leftskip - \else - \ifsetpercent \else - % If user has not set preamble in terms of percent of \hsize - % we will advance \hsize by \multitablecolspace. - \advance\hsize by \multitablecolspace - \fi - % In either case we will make \leftskip=\multitablecolspace: - \leftskip=\multitablecolspace - \fi - % Ignoring space at the beginning and end avoids an occasional spurious - % blank line, when TeX decides to break the line at the space before the - % box from the multistrut, so the strut ends up on a line by itself. - % For example: - % @multitable @columnfractions .11 .89 - % @item @code{#} - % @tab Legal holiday which is valid in major parts of the whole country. - % Is automatically provided with highlighting sequences respectively marking - % characters. - \noindent\ignorespaces##\unskip\multistrut}\cr -} - -\def\setmultitablespacing{% test to see if user has set \multitablelinespace. -% If so, do nothing. If not, give it an appropriate dimension based on -% current baselineskip. -\ifdim\multitablelinespace=0pt -%% strut to put in table in case some entry doesn't have descenders, -%% to keep lines equally spaced -\let\multistrut = \strut -%% Test to see if parskip is larger than space between lines of -%% table. If not, do nothing. -%% If so, set to same dimension as multitablelinespace. -\else -\gdef\multistrut{\vrule height\multitablelinespace depth\dp0 -width0pt\relax} \fi -\ifdim\multitableparskip>\multitablelinespace -\global\multitableparskip=\multitablelinespace -\global\advance\multitableparskip-7pt %% to keep parskip somewhat smaller - %% than skip between lines in the table. -\fi% -\ifdim\multitableparskip=0pt -\global\multitableparskip=\multitablelinespace -\global\advance\multitableparskip-7pt %% to keep parskip somewhat smaller - %% than skip between lines in the table. -\fi} - - -\message{indexing,} -% Index generation facilities - -% Define \newwrite to be identical to plain tex's \newwrite -% except not \outer, so it can be used within \newindex. -{\catcode`\@=11 -\gdef\newwrite{\alloc@7\write\chardef\sixt@@n}} - -% \newindex {foo} defines an index named foo. -% It automatically defines \fooindex such that -% \fooindex ...rest of line... puts an entry in the index foo. -% It also defines \fooindfile to be the number of the output channel for -% the file that accumulates this index. The file's extension is foo. -% The name of an index should be no more than 2 characters long -% for the sake of vms. -% -\def\newindex#1{% - \iflinks - \expandafter\newwrite \csname#1indfile\endcsname - \openout \csname#1indfile\endcsname \jobname.#1 % Open the file - \fi - \expandafter\xdef\csname#1index\endcsname{% % Define @#1index - \noexpand\doindex{#1}} -} - -% @defindex foo == \newindex{foo} - -\def\defindex{\parsearg\newindex} - -% Define @defcodeindex, like @defindex except put all entries in @code. - -\def\newcodeindex#1{% - \iflinks - \expandafter\newwrite \csname#1indfile\endcsname - \openout \csname#1indfile\endcsname \jobname.#1 - \fi - \expandafter\xdef\csname#1index\endcsname{% - \noexpand\docodeindex{#1}} -} - -\def\defcodeindex{\parsearg\newcodeindex} - -% @synindex foo bar makes index foo feed into index bar. -% Do this instead of @defindex foo if you don't want it as a separate index. -% The \closeout helps reduce unnecessary open files; the limit on the -% Acorn RISC OS is a mere 16 files. -\def\synindex#1 #2 {% - \expandafter\let\expandafter\synindexfoo\expandafter=\csname#2indfile\endcsname - \expandafter\closeout\csname#1indfile\endcsname - \expandafter\let\csname#1indfile\endcsname=\synindexfoo - \expandafter\xdef\csname#1index\endcsname{% define \xxxindex - \noexpand\doindex{#2}}% -} - -% @syncodeindex foo bar similar, but put all entries made for index foo -% inside @code. -\def\syncodeindex#1 #2 {% - \expandafter\let\expandafter\synindexfoo\expandafter=\csname#2indfile\endcsname - \expandafter\closeout\csname#1indfile\endcsname - \expandafter\let\csname#1indfile\endcsname=\synindexfoo - \expandafter\xdef\csname#1index\endcsname{% define \xxxindex - \noexpand\docodeindex{#2}}% -} - -% Define \doindex, the driver for all \fooindex macros. -% Argument #1 is generated by the calling \fooindex macro, -% and it is "foo", the name of the index. - -% \doindex just uses \parsearg; it calls \doind for the actual work. -% This is because \doind is more useful to call from other macros. - -% There is also \dosubind {index}{topic}{subtopic} -% which makes an entry in a two-level index such as the operation index. - -\def\doindex#1{\edef\indexname{#1}\parsearg\singleindexer} -\def\singleindexer #1{\doind{\indexname}{#1}} - -% like the previous two, but they put @code around the argument. -\def\docodeindex#1{\edef\indexname{#1}\parsearg\singlecodeindexer} -\def\singlecodeindexer #1{\doind{\indexname}{\code{#1}}} - -\def\indexdummies{% -\def\ { }% -% Take care of the plain tex accent commands. -\def\"{\realbackslash "}% -\def\`{\realbackslash `}% -\def\'{\realbackslash '}% -\def\^{\realbackslash ^}% -\def\~{\realbackslash ~}% -\def\={\realbackslash =}% -\def\b{\realbackslash b}% -\def\c{\realbackslash c}% -\def\d{\realbackslash d}% -\def\u{\realbackslash u}% -\def\v{\realbackslash v}% -\def\H{\realbackslash H}% -% Take care of the plain tex special European modified letters. -\def\oe{\realbackslash oe}% -\def\ae{\realbackslash ae}% -\def\aa{\realbackslash aa}% -\def\OE{\realbackslash OE}% -\def\AE{\realbackslash AE}% -\def\AA{\realbackslash AA}% -\def\o{\realbackslash o}% -\def\O{\realbackslash O}% -\def\l{\realbackslash l}% -\def\L{\realbackslash L}% -\def\ss{\realbackslash ss}% -% Take care of texinfo commands likely to appear in an index entry. -% (Must be a way to avoid doing expansion at all, and thus not have to -% laboriously list every single command here.) -\def\@{@}% will be @@ when we switch to @ as escape char. -% Need these in case \tex is in effect and \{ is a \delimiter again. -% But can't use \lbracecmd and \rbracecmd because texindex assumes -% braces and backslashes are used only as delimiters. -\let\{ = \mylbrace -\let\} = \myrbrace -\def\_{{\realbackslash _}}% -\def\w{\realbackslash w }% -\def\bf{\realbackslash bf }% -%\def\rm{\realbackslash rm }% -\def\sl{\realbackslash sl }% -\def\sf{\realbackslash sf}% -\def\tt{\realbackslash tt}% -\def\gtr{\realbackslash gtr}% -\def\less{\realbackslash less}% -\def\hat{\realbackslash hat}% -\def\TeX{\realbackslash TeX}% -\def\dots{\realbackslash dots }% -\def\result{\realbackslash result}% -\def\equiv{\realbackslash equiv}% -\def\expansion{\realbackslash expansion}% -\def\print{\realbackslash print}% -\def\error{\realbackslash error}% -\def\point{\realbackslash point}% -\def\copyright{\realbackslash copyright}% -\def\tclose##1{\realbackslash tclose {##1}}% -\def\code##1{\realbackslash code {##1}}% -\def\uref##1{\realbackslash uref {##1}}% -\def\url##1{\realbackslash url {##1}}% -\def\env##1{\realbackslash env {##1}}% -\def\command##1{\realbackslash command {##1}}% -\def\option##1{\realbackslash option {##1}}% -\def\dotless##1{\realbackslash dotless {##1}}% -\def\samp##1{\realbackslash samp {##1}}% -\def\,##1{\realbackslash ,{##1}}% -\def\t##1{\realbackslash t {##1}}% -\def\r##1{\realbackslash r {##1}}% -\def\i##1{\realbackslash i {##1}}% -\def\b##1{\realbackslash b {##1}}% -\def\sc##1{\realbackslash sc {##1}}% -\def\cite##1{\realbackslash cite {##1}}% -\def\key##1{\realbackslash key {##1}}% -\def\file##1{\realbackslash file {##1}}% -\def\var##1{\realbackslash var {##1}}% -\def\kbd##1{\realbackslash kbd {##1}}% -\def\dfn##1{\realbackslash dfn {##1}}% -\def\emph##1{\realbackslash emph {##1}}% -\def\acronym##1{\realbackslash acronym {##1}}% -% -% Handle some cases of @value -- where the variable name does not -% contain - or _, and the value does not contain any -% (non-fully-expandable) commands. -\let\value = \expandablevalue -% -\unsepspaces -} - -% If an index command is used in an @example environment, any spaces -% therein should become regular spaces in the raw index file, not the -% expansion of \tie (\\leavevmode \penalty \@M \ ). -{\obeyspaces - \gdef\unsepspaces{\obeyspaces\let =\space}} - -% \indexnofonts no-ops all font-change commands. -% This is used when outputting the strings to sort the index by. -\def\indexdummyfont#1{#1} -\def\indexdummytex{TeX} -\def\indexdummydots{...} - -\def\indexnofonts{% -% Just ignore accents. -\let\,=\indexdummyfont -\let\"=\indexdummyfont -\let\`=\indexdummyfont -\let\'=\indexdummyfont -\let\^=\indexdummyfont -\let\~=\indexdummyfont -\let\==\indexdummyfont -\let\b=\indexdummyfont -\let\c=\indexdummyfont -\let\d=\indexdummyfont -\let\u=\indexdummyfont -\let\v=\indexdummyfont -\let\H=\indexdummyfont -\let\dotless=\indexdummyfont -% Take care of the plain tex special European modified letters. -\def\oe{oe}% -\def\ae{ae}% -\def\aa{aa}% -\def\OE{OE}% -\def\AE{AE}% -\def\AA{AA}% -\def\o{o}% -\def\O{O}% -\def\l{l}% -\def\L{L}% -\def\ss{ss}% -\let\w=\indexdummyfont -\let\t=\indexdummyfont -\let\r=\indexdummyfont -\let\i=\indexdummyfont -\let\b=\indexdummyfont -\let\emph=\indexdummyfont -\let\strong=\indexdummyfont -\let\cite=\indexdummyfont -\let\sc=\indexdummyfont -%Don't no-op \tt, since it isn't a user-level command -% and is used in the definitions of the active chars like <, >, |... -%\let\tt=\indexdummyfont -\let\tclose=\indexdummyfont -\let\code=\indexdummyfont -\let\url=\indexdummyfont -\let\uref=\indexdummyfont -\let\env=\indexdummyfont -\let\command=\indexdummyfont -\let\option=\indexdummyfont -\let\file=\indexdummyfont -\let\samp=\indexdummyfont -\let\kbd=\indexdummyfont -\let\key=\indexdummyfont -\let\var=\indexdummyfont -\let\TeX=\indexdummytex -\let\dots=\indexdummydots -\def\@{@}% -} - -% To define \realbackslash, we must make \ not be an escape. -% We must first make another character (@) an escape -% so we do not become unable to do a definition. - -{\catcode`\@=0 \catcode`\\=\other - @gdef@realbackslash{\}} - -\let\indexbackslash=0 %overridden during \printindex. -\let\SETmarginindex=\relax % put index entries in margin (undocumented)? - -% For \ifx comparisons. -\def\emptymacro{\empty} - -% Most index entries go through here, but \dosubind is the general case. -% -\def\doind#1#2{\dosubind{#1}{#2}\empty} - -% Workhorse for all \fooindexes. -% #1 is name of index, #2 is stuff to put there, #3 is subentry -- -% \empty if called from \doind, as we usually are. The main exception -% is with defuns, which call us directly. -% -\def\dosubind#1#2#3{% - % Put the index entry in the margin if desired. - \ifx\SETmarginindex\relax\else - \insert\margin{\hbox{\vrule height8pt depth3pt width0pt #2}}% - \fi - {% - \count255=\lastpenalty - {% - \indexdummies % Must do this here, since \bf, etc expand at this stage - \escapechar=`\\ - {% - \let\folio = 0% We will expand all macros now EXCEPT \folio. - \def\rawbackslashxx{\indexbackslash}% \indexbackslash isn't defined now - % so it will be output as is; and it will print as backslash. - % - \def\thirdarg{#3}% - % - % If third arg is present, precede it with space in sort key. - \ifx\thirdarg\emptymacro - \let\subentry = \empty - \else - \def\subentry{ #3}% - \fi - % - % First process the index-string with all font commands turned off - % to get the string to sort by. - {\indexnofonts \xdef\indexsorttmp{#2\subentry}}% - % - % Now produce the complete index entry, with both the sort key and the - % original text, including any font commands. - \toks0 = {#2}% - \edef\temp{% - \write\csname#1indfile\endcsname{% - \realbackslash entry{\indexsorttmp}{\folio}{\the\toks0}}% - }% - % - % If third (subentry) arg is present, add it to the index string. - \ifx\thirdarg\emptymacro \else - \toks0 = {#3}% - \edef\temp{\temp{\the\toks0}}% - \fi - % - % If a skip is the last thing on the list now, preserve it - % by backing up by \lastskip, doing the \write, then inserting - % the skip again. Otherwise, the whatsit generated by the - % \write will make \lastskip zero. The result is that sequences - % like this: - % @end defun - % @tindex whatever - % @defun ... - % will have extra space inserted, because the \medbreak in the - % start of the @defun won't see the skip inserted by the @end of - % the previous defun. - % - % But don't do any of this if we're not in vertical mode. We - % don't want to do a \vskip and prematurely end a paragraph. - % - % Avoid page breaks due to these extra skips, too. - % - \iflinks - \ifvmode - \skip0 = \lastskip - \ifdim\lastskip = 0pt \else \nobreak\vskip-\lastskip \fi - \fi - % - \temp % do the write - % - % - \ifvmode \ifdim\skip0 = 0pt \else \nobreak\vskip\skip0 \fi \fi - \fi - }% - }% - \penalty\count255 - }% -} - -% The index entry written in the file actually looks like -% \entry {sortstring}{page}{topic} -% or -% \entry {sortstring}{page}{topic}{subtopic} -% The texindex program reads in these files and writes files -% containing these kinds of lines: -% \initial {c} -% before the first topic whose initial is c -% \entry {topic}{pagelist} -% for a topic that is used without subtopics -% \primary {topic} -% for the beginning of a topic that is used with subtopics -% \secondary {subtopic}{pagelist} -% for each subtopic. - -% Define the user-accessible indexing commands -% @findex, @vindex, @kindex, @cindex. - -\def\findex {\fnindex} -\def\kindex {\kyindex} -\def\cindex {\cpindex} -\def\vindex {\vrindex} -\def\tindex {\tpindex} -\def\pindex {\pgindex} - -\def\cindexsub {\begingroup\obeylines\cindexsub} -{\obeylines % -\gdef\cindexsub "#1" #2^^M{\endgroup % -\dosubind{cp}{#2}{#1}}} - -% Define the macros used in formatting output of the sorted index material. - -% @printindex causes a particular index (the ??s file) to get printed. -% It does not print any chapter heading (usually an @unnumbered). -% -\def\printindex{\parsearg\doprintindex} -\def\doprintindex#1{\begingroup - \dobreak \chapheadingskip{10000}% - % - \indexfonts \rm - \tolerance = 9500 - \indexbreaks - % - % See if the index file exists and is nonempty. - % Change catcode of @ here so that if the index file contains - % \initial {@} - % as its first line, TeX doesn't complain about mismatched braces - % (because it thinks @} is a control sequence). - \catcode`\@ = 11 - \openin 1 \jobname.#1s - \ifeof 1 - % \enddoublecolumns gets confused if there is no text in the index, - % and it loses the chapter title and the aux file entries for the - % index. The easiest way to prevent this problem is to make sure - % there is some text. - (Index is nonexistent) - \else - % - % If the index file exists but is empty, then \openin leaves \ifeof - % false. We have to make TeX try to read something from the file, so - % it can discover if there is anything in it. - \read 1 to \temp - \ifeof 1 - (Index is empty) - \else - % Index files are almost Texinfo source, but we use \ as the escape - % character. It would be better to use @, but that's too big a change - % to make right now. - \def\indexbackslash{\rawbackslashxx}% - \catcode`\\ = 0 - \escapechar = `\\ - \begindoublecolumns - \input \jobname.#1s - \enddoublecolumns - \fi - \fi - \closein 1 -\endgroup} - -% These macros are used by the sorted index file itself. -% Change them to control the appearance of the index. - -\def\initial#1{{% - % Some minor font changes for the special characters. - \let\tentt=\sectt \let\tt=\sectt \let\sf=\sectt - % - % Remove any glue we may have, we'll be inserting our own. - \removelastskip - % - % We like breaks before the index initials, so insert a bonus. - \penalty -300 - % - % Typeset the initial. Making this add up to a whole number of - % baselineskips increases the chance of the dots lining up from column - % to column. It still won't often be perfect, because of the stretch - % we need before each entry, but it's better. - % - % No shrink because it confuses \balancecolumns. - \vskip 1.67\baselineskip plus .5\baselineskip - \leftline{\secbf #1}% - \vskip .33\baselineskip plus .1\baselineskip - % - % Do our best not to break after the initial. - \nobreak -}} - -% This typesets a paragraph consisting of #1, dot leaders, and then #2 -% flush to the right margin. It is used for index and table of contents -% entries. The paragraph is indented by \leftskip. -% -\def\entry#1#2{\begingroup - % - % Start a new paragraph if necessary, so our assignments below can't - % affect previous text. - \par - % - % Do not fill out the last line with white space. - \parfillskip = 0in - % - % No extra space above this paragraph. - \parskip = 0in - % - % Do not prefer a separate line ending with a hyphen to fewer lines. - \finalhyphendemerits = 0 - % - % \hangindent is only relevant when the entry text and page number - % don't both fit on one line. In that case, bob suggests starting the - % dots pretty far over on the line. Unfortunately, a large - % indentation looks wrong when the entry text itself is broken across - % lines. So we use a small indentation and put up with long leaders. - % - % \hangafter is reset to 1 (which is the value we want) at the start - % of each paragraph, so we need not do anything with that. - \hangindent = 2em - % - % When the entry text needs to be broken, just fill out the first line - % with blank space. - \rightskip = 0pt plus1fil - % - % A bit of stretch before each entry for the benefit of balancing columns. - \vskip 0pt plus1pt - % - % Start a ``paragraph'' for the index entry so the line breaking - % parameters we've set above will have an effect. - \noindent - % - % Insert the text of the index entry. TeX will do line-breaking on it. - #1% - % The following is kludged to not output a line of dots in the index if - % there are no page numbers. The next person who breaks this will be - % cursed by a Unix daemon. - \def\tempa{{\rm }}% - \def\tempb{#2}% - \edef\tempc{\tempa}% - \edef\tempd{\tempb}% - \ifx\tempc\tempd\ \else% - % - % If we must, put the page number on a line of its own, and fill out - % this line with blank space. (The \hfil is overwhelmed with the - % fill leaders glue in \indexdotfill if the page number does fit.) - \hfil\penalty50 - \null\nobreak\indexdotfill % Have leaders before the page number. - % - % The `\ ' here is removed by the implicit \unskip that TeX does as - % part of (the primitive) \par. Without it, a spurious underfull - % \hbox ensues. - \ #2% The page number ends the paragraph. - \fi% - \par -\endgroup} - -% Like \dotfill except takes at least 1 em. -\def\indexdotfill{\cleaders - \hbox{$\mathsurround=0pt \mkern1.5mu ${\it .}$ \mkern1.5mu$}\hskip 1em plus 1fill} - -\def\primary #1{\line{#1\hfil}} - -\newskip\secondaryindent \secondaryindent=0.5cm - -\def\secondary #1#2{ -{\parfillskip=0in \parskip=0in -\hangindent =1in \hangafter=1 -\noindent\hskip\secondaryindent\hbox{#1}\indexdotfill #2\par -}} - -% Define two-column mode, which we use to typeset indexes. -% Adapted from the TeXbook, page 416, which is to say, -% the manmac.tex format used to print the TeXbook itself. -\catcode`\@=11 - -\newbox\partialpage -\newdimen\doublecolumnhsize - -\def\begindoublecolumns{\begingroup % ended by \enddoublecolumns - % Grab any single-column material above us. - \output = {\global\setbox\partialpage = \vbox{% - % - % Here is a possibility not foreseen in manmac: if we accumulate a - % whole lot of material, we might end up calling this \output - % routine twice in a row (see the doublecol-lose test, which is - % essentially a couple of indexes with @setchapternewpage off). In - % that case, we must prevent the second \partialpage from - % simply overwriting the first, causing us to lose the page. - % This will preserve it until a real output routine can ship it - % out. Generally, \partialpage will be empty when this runs and - % this will be a no-op. - \unvbox\partialpage - % - % Unvbox the main output page. - \unvbox255 - \kern-\topskip \kern\baselineskip - }}% - \eject % run that output routine to set \partialpage - % - % Use the double-column output routine for subsequent pages. - \output = {\doublecolumnout}% - % - % Change the page size parameters. We could do this once outside this - % routine, in each of @smallbook, @afourpaper, and the default 8.5x11 - % format, but then we repeat the same computation. Repeating a couple - % of assignments once per index is clearly meaningless for the - % execution time, so we may as well do it in one place. - % - % First we halve the line length, less a little for the gutter between - % the columns. We compute the gutter based on the line length, so it - % changes automatically with the paper format. The magic constant - % below is chosen so that the gutter has the same value (well, +-<1pt) - % as it did when we hard-coded it. - % - % We put the result in a separate register, \doublecolumhsize, so we - % can restore it in \pagesofar, after \hsize itself has (potentially) - % been clobbered. - % - \doublecolumnhsize = \hsize - \advance\doublecolumnhsize by -.04154\hsize - \divide\doublecolumnhsize by 2 - \hsize = \doublecolumnhsize - % - % Double the \vsize as well. (We don't need a separate register here, - % since nobody clobbers \vsize.) - \advance\vsize by -\ht\partialpage - \vsize = 2\vsize -} - -% The double-column output routine for all double-column pages except -% the last. -% -\def\doublecolumnout{% - \splittopskip=\topskip \splitmaxdepth=\maxdepth - % Get the available space for the double columns -- the normal - % (undoubled) page height minus any material left over from the - % previous page. - \dimen@ = \vsize - \divide\dimen@ by 2 - % - % box0 will be the left-hand column, box2 the right. - \setbox0=\vsplit255 to\dimen@ \setbox2=\vsplit255 to\dimen@ - \onepageout\pagesofar - \unvbox255 - \penalty\outputpenalty -} -\def\pagesofar{% - % Re-output the contents of the output page -- any previous material, - % followed by the two boxes we just split, in box0 and box2. - \advance\vsize by \ht\partialpage - \unvbox\partialpage - % - \hsize = \doublecolumnhsize - \wd0=\hsize \wd2=\hsize - \hbox to\pagewidth{\box0\hfil\box2}% -} -\def\enddoublecolumns{% - \output = {% - % Split the last of the double-column material. Leave it on the - % current page, no automatic page break. - \balancecolumns - % - % If we end up splitting too much material for the current page, - % though, there will be another page break right after this \output - % invocation ends. Having called \balancecolumns once, we do not - % want to call it again. Therefore, reset \output to its normal - % definition right away. (We hope \balancecolumns will never be - % called on to balance too much material, but if it is, this makes - % the output somewhat more palatable.) - \global\output = {\onepageout{\pagecontents\PAGE}}% - }% - \eject - \endgroup % started in \begindoublecolumns - % - % \pagegoal was set to the doubled \vsize above, since we restarted - % the current page. We're now back to normal single-column - % typesetting, so reset \pagegoal to the normal \vsize (after the - % \endgroup where \vsize got restored). - \pagegoal = \vsize -} -\def\balancecolumns{% - % Called at the end of the double column material. - \setbox0 = \vbox{\unvbox255}% like \box255 but more efficient, see p.120. - \dimen@ = \ht0 - \advance\dimen@ by \topskip - \advance\dimen@ by-\baselineskip - \divide\dimen@ by 2 % target to split to - %debug\message{final 2-column material height=\the\ht0, target=\the\dimen@.}% - \splittopskip = \topskip - % Loop until we get a decent breakpoint. - {% - \vbadness = 10000 - \loop - \global\setbox3 = \copy0 - \global\setbox1 = \vsplit3 to \dimen@ - \ifdim\ht3>\dimen@ - \global\advance\dimen@ by 1pt - \repeat - }% - %debug\message{split to \the\dimen@, column heights: \the\ht1, \the\ht3.}% - \setbox0=\vbox to\dimen@{\unvbox1}% - \setbox2=\vbox to\dimen@{\unvbox3}% - % - \pagesofar -} -\catcode`\@ = \other - - -\message{sectioning,} -% Define chapters, sections, etc. - -\newcount\chapno -\newcount\secno \secno=0 -\newcount\subsecno \subsecno=0 -\newcount\subsubsecno \subsubsecno=0 - -% This counter is funny since it counts through charcodes of letters A, B, ... -\newcount\appendixno \appendixno = `\@ -\def\appendixletter{\char\the\appendixno} - -% Each @chapter defines this as the name of the chapter. -% page headings and footings can use it. @section does likewise. -\def\thischapter{} -\def\thissection{} - -\newcount\absseclevel % used to calculate proper heading level -\newcount\secbase\secbase=0 % @raise/lowersections modify this count - -% @raisesections: treat @section as chapter, @subsection as section, etc. -\def\raisesections{\global\advance\secbase by -1} -\let\up=\raisesections % original BFox name - -% @lowersections: treat @chapter as section, @section as subsection, etc. -\def\lowersections{\global\advance\secbase by 1} -\let\down=\lowersections % original BFox name - -% Choose a numbered-heading macro -% #1 is heading level if unmodified by @raisesections or @lowersections -% #2 is text for heading -\def\numhead#1#2{\absseclevel=\secbase\advance\absseclevel by #1 -\ifcase\absseclevel - \chapterzzz{#2} -\or - \seczzz{#2} -\or - \numberedsubseczzz{#2} -\or - \numberedsubsubseczzz{#2} -\else - \ifnum \absseclevel<0 - \chapterzzz{#2} - \else - \numberedsubsubseczzz{#2} - \fi -\fi -} - -% like \numhead, but chooses appendix heading levels -\def\apphead#1#2{\absseclevel=\secbase\advance\absseclevel by #1 -\ifcase\absseclevel - \appendixzzz{#2} -\or - \appendixsectionzzz{#2} -\or - \appendixsubseczzz{#2} -\or - \appendixsubsubseczzz{#2} -\else - \ifnum \absseclevel<0 - \appendixzzz{#2} - \else - \appendixsubsubseczzz{#2} - \fi -\fi -} - -% like \numhead, but chooses numberless heading levels -\def\unnmhead#1#2{\absseclevel=\secbase\advance\absseclevel by #1 -\ifcase\absseclevel - \unnumberedzzz{#2} -\or - \unnumberedseczzz{#2} -\or - \unnumberedsubseczzz{#2} -\or - \unnumberedsubsubseczzz{#2} -\else - \ifnum \absseclevel<0 - \unnumberedzzz{#2} - \else - \unnumberedsubsubseczzz{#2} - \fi -\fi -} - -% @chapter, @appendix, @unnumbered. -\def\thischaptername{No Chapter Title} -\outer\def\chapter{\parsearg\chapteryyy} -\def\chapteryyy #1{\numhead0{#1}} % normally numhead0 calls chapterzzz -\def\chapterzzz #1{% -\secno=0 \subsecno=0 \subsubsecno=0 -\global\advance \chapno by 1 \message{\putwordChapter\space \the\chapno}% -\chapmacro {#1}{\the\chapno}% -\gdef\thissection{#1}% -\gdef\thischaptername{#1}% -% We don't substitute the actual chapter name into \thischapter -% because we don't want its macros evaluated now. -\xdef\thischapter{\putwordChapter{} \the\chapno: \noexpand\thischaptername}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash chapentry{\the\toks0}% - {\the\chapno}}}% -\temp -\donoderef -\global\let\section = \numberedsec -\global\let\subsection = \numberedsubsec -\global\let\subsubsection = \numberedsubsubsec -} - -\outer\def\appendix{\parsearg\appendixyyy} -\def\appendixyyy #1{\apphead0{#1}} % normally apphead0 calls appendixzzz -\def\appendixzzz #1{% -\secno=0 \subsecno=0 \subsubsecno=0 -\global\advance \appendixno by 1 -\message{\putwordAppendix\space \appendixletter}% -\chapmacro {#1}{\putwordAppendix{} \appendixletter}% -\gdef\thissection{#1}% -\gdef\thischaptername{#1}% -\xdef\thischapter{\putwordAppendix{} \appendixletter: \noexpand\thischaptername}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash chapentry{\the\toks0}% - {\putwordAppendix{} \appendixletter}}}% -\temp -\appendixnoderef -\global\let\section = \appendixsec -\global\let\subsection = \appendixsubsec -\global\let\subsubsection = \appendixsubsubsec -} - -% @centerchap is like @unnumbered, but the heading is centered. -\outer\def\centerchap{\parsearg\centerchapyyy} -\def\centerchapyyy #1{{\let\unnumbchapmacro=\centerchapmacro \unnumberedyyy{#1}}} - -% @top is like @unnumbered. -\outer\def\top{\parsearg\unnumberedyyy} - -\outer\def\unnumbered{\parsearg\unnumberedyyy} -\def\unnumberedyyy #1{\unnmhead0{#1}} % normally unnmhead0 calls unnumberedzzz -\def\unnumberedzzz #1{% -\secno=0 \subsecno=0 \subsubsecno=0 -% -% This used to be simply \message{#1}, but TeX fully expands the -% argument to \message. Therefore, if #1 contained @-commands, TeX -% expanded them. For example, in `@unnumbered The @cite{Book}', TeX -% expanded @cite (which turns out to cause errors because \cite is meant -% to be executed, not expanded). -% -% Anyway, we don't want the fully-expanded definition of @cite to appear -% as a result of the \message, we just want `@cite' itself. We use -% \the to achieve this: TeX expands \the only once, -% simply yielding the contents of . (We also do this for -% the toc entries.) -\toks0 = {#1}\message{(\the\toks0)}% -% -\unnumbchapmacro {#1}% -\gdef\thischapter{#1}\gdef\thissection{#1}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash unnumbchapentry{\the\toks0}}}% -\temp -\unnumbnoderef -\global\let\section = \unnumberedsec -\global\let\subsection = \unnumberedsubsec -\global\let\subsubsection = \unnumberedsubsubsec -} - -% Sections. -\outer\def\numberedsec{\parsearg\secyyy} -\def\secyyy #1{\numhead1{#1}} % normally calls seczzz -\def\seczzz #1{% -\subsecno=0 \subsubsecno=0 \global\advance \secno by 1 % -\gdef\thissection{#1}\secheading {#1}{\the\chapno}{\the\secno}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash secentry{\the\toks0}% - {\the\chapno}{\the\secno}}}% -\temp -\donoderef -\nobreak -} - -\outer\def\appendixsection{\parsearg\appendixsecyyy} -\outer\def\appendixsec{\parsearg\appendixsecyyy} -\def\appendixsecyyy #1{\apphead1{#1}} % normally calls appendixsectionzzz -\def\appendixsectionzzz #1{% -\subsecno=0 \subsubsecno=0 \global\advance \secno by 1 % -\gdef\thissection{#1}\secheading {#1}{\appendixletter}{\the\secno}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash secentry{\the\toks0}% - {\appendixletter}{\the\secno}}}% -\temp -\appendixnoderef -\nobreak -} - -\outer\def\unnumberedsec{\parsearg\unnumberedsecyyy} -\def\unnumberedsecyyy #1{\unnmhead1{#1}} % normally calls unnumberedseczzz -\def\unnumberedseczzz #1{% -\plainsecheading {#1}\gdef\thissection{#1}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash unnumbsecentry{\the\toks0}}}% -\temp -\unnumbnoderef -\nobreak -} - -% Subsections. -\outer\def\numberedsubsec{\parsearg\numberedsubsecyyy} -\def\numberedsubsecyyy #1{\numhead2{#1}} % normally calls numberedsubseczzz -\def\numberedsubseczzz #1{% -\gdef\thissection{#1}\subsubsecno=0 \global\advance \subsecno by 1 % -\subsecheading {#1}{\the\chapno}{\the\secno}{\the\subsecno}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash subsecentry{\the\toks0}% - {\the\chapno}{\the\secno}{\the\subsecno}}}% -\temp -\donoderef -\nobreak -} - -\outer\def\appendixsubsec{\parsearg\appendixsubsecyyy} -\def\appendixsubsecyyy #1{\apphead2{#1}} % normally calls appendixsubseczzz -\def\appendixsubseczzz #1{% -\gdef\thissection{#1}\subsubsecno=0 \global\advance \subsecno by 1 % -\subsecheading {#1}{\appendixletter}{\the\secno}{\the\subsecno}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash subsecentry{\the\toks0}% - {\appendixletter}{\the\secno}{\the\subsecno}}}% -\temp -\appendixnoderef -\nobreak -} - -\outer\def\unnumberedsubsec{\parsearg\unnumberedsubsecyyy} -\def\unnumberedsubsecyyy #1{\unnmhead2{#1}} %normally calls unnumberedsubseczzz -\def\unnumberedsubseczzz #1{% -\plainsubsecheading {#1}\gdef\thissection{#1}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash unnumbsubsecentry% - {\the\toks0}}}% -\temp -\unnumbnoderef -\nobreak -} - -% Subsubsections. -\outer\def\numberedsubsubsec{\parsearg\numberedsubsubsecyyy} -\def\numberedsubsubsecyyy #1{\numhead3{#1}} % normally numberedsubsubseczzz -\def\numberedsubsubseczzz #1{% -\gdef\thissection{#1}\global\advance \subsubsecno by 1 % -\subsubsecheading {#1} - {\the\chapno}{\the\secno}{\the\subsecno}{\the\subsubsecno}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash subsubsecentry{\the\toks0}% - {\the\chapno}{\the\secno}{\the\subsecno}{\the\subsubsecno}}}% -\temp -\donoderef -\nobreak -} - -\outer\def\appendixsubsubsec{\parsearg\appendixsubsubsecyyy} -\def\appendixsubsubsecyyy #1{\apphead3{#1}} % normally appendixsubsubseczzz -\def\appendixsubsubseczzz #1{% -\gdef\thissection{#1}\global\advance \subsubsecno by 1 % -\subsubsecheading {#1} - {\appendixletter}{\the\secno}{\the\subsecno}{\the\subsubsecno}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash subsubsecentry{\the\toks0}% - {\appendixletter}{\the\secno}{\the\subsecno}{\the\subsubsecno}}}% -\temp -\appendixnoderef -\nobreak -} - -\outer\def\unnumberedsubsubsec{\parsearg\unnumberedsubsubsecyyy} -\def\unnumberedsubsubsecyyy #1{\unnmhead3{#1}} %normally unnumberedsubsubseczzz -\def\unnumberedsubsubseczzz #1{% -\plainsubsubsecheading {#1}\gdef\thissection{#1}% -\toks0 = {#1}% -\edef\temp{\noexpand\writetocentry{\realbackslash unnumbsubsubsecentry% - {\the\toks0}}}% -\temp -\unnumbnoderef -\nobreak -} - -% These are variants which are not "outer", so they can appear in @ifinfo. -% Actually, they should now be obsolete; ordinary section commands should work. -\def\infotop{\parsearg\unnumberedzzz} -\def\infounnumbered{\parsearg\unnumberedzzz} -\def\infounnumberedsec{\parsearg\unnumberedseczzz} -\def\infounnumberedsubsec{\parsearg\unnumberedsubseczzz} -\def\infounnumberedsubsubsec{\parsearg\unnumberedsubsubseczzz} - -\def\infoappendix{\parsearg\appendixzzz} -\def\infoappendixsec{\parsearg\appendixseczzz} -\def\infoappendixsubsec{\parsearg\appendixsubseczzz} -\def\infoappendixsubsubsec{\parsearg\appendixsubsubseczzz} - -\def\infochapter{\parsearg\chapterzzz} -\def\infosection{\parsearg\sectionzzz} -\def\infosubsection{\parsearg\subsectionzzz} -\def\infosubsubsection{\parsearg\subsubsectionzzz} - -% These macros control what the section commands do, according -% to what kind of chapter we are in (ordinary, appendix, or unnumbered). -% Define them by default for a numbered chapter. -\global\let\section = \numberedsec -\global\let\subsection = \numberedsubsec -\global\let\subsubsection = \numberedsubsubsec - -% Define @majorheading, @heading and @subheading - -% NOTE on use of \vbox for chapter headings, section headings, and such: -% 1) We use \vbox rather than the earlier \line to permit -% overlong headings to fold. -% 2) \hyphenpenalty is set to 10000 because hyphenation in a -% heading is obnoxious; this forbids it. -% 3) Likewise, headings look best if no \parindent is used, and -% if justification is not attempted. Hence \raggedright. - - -\def\majorheading{\parsearg\majorheadingzzz} -\def\majorheadingzzz #1{% -{\advance\chapheadingskip by 10pt \chapbreak }% -{\chapfonts \vbox{\hyphenpenalty=10000\tolerance=5000 - \parindent=0pt\raggedright - \rm #1\hfill}}\bigskip \par\penalty 200} - -\def\chapheading{\parsearg\chapheadingzzz} -\def\chapheadingzzz #1{\chapbreak % -{\chapfonts \vbox{\hyphenpenalty=10000\tolerance=5000 - \parindent=0pt\raggedright - \rm #1\hfill}}\bigskip \par\penalty 200} - -% @heading, @subheading, @subsubheading. -\def\heading{\parsearg\plainsecheading} -\def\subheading{\parsearg\plainsubsecheading} -\def\subsubheading{\parsearg\plainsubsubsecheading} - -% These macros generate a chapter, section, etc. heading only -% (including whitespace, linebreaking, etc. around it), -% given all the information in convenient, parsed form. - -%%% Args are the skip and penalty (usually negative) -\def\dobreak#1#2{\par\ifdim\lastskip<#1\removelastskip\penalty#2\vskip#1\fi} - -\def\setchapterstyle #1 {\csname CHAPF#1\endcsname} - -%%% Define plain chapter starts, and page on/off switching for it -% Parameter controlling skip before chapter headings (if needed) - -\newskip\chapheadingskip - -\def\chapbreak{\dobreak \chapheadingskip {-4000}} -\def\chappager{\par\vfill\supereject} -\def\chapoddpage{\chappager \ifodd\pageno \else \hbox to 0pt{} \chappager\fi} - -\def\setchapternewpage #1 {\csname CHAPPAG#1\endcsname} - -\def\CHAPPAGoff{% -\global\let\contentsalignmacro = \chappager -\global\let\pchapsepmacro=\chapbreak -\global\let\pagealignmacro=\chappager} - -\def\CHAPPAGon{% -\global\let\contentsalignmacro = \chappager -\global\let\pchapsepmacro=\chappager -\global\let\pagealignmacro=\chappager -\global\def\HEADINGSon{\HEADINGSsingle}} - -\def\CHAPPAGodd{ -\global\let\contentsalignmacro = \chapoddpage -\global\let\pchapsepmacro=\chapoddpage -\global\let\pagealignmacro=\chapoddpage -\global\def\HEADINGSon{\HEADINGSdouble}} - -\CHAPPAGon - -\def\CHAPFplain{ -\global\let\chapmacro=\chfplain -\global\let\unnumbchapmacro=\unnchfplain -\global\let\centerchapmacro=\centerchfplain} - -% Plain chapter opening. -% #1 is the text, #2 the chapter number or empty if unnumbered. -\def\chfplain#1#2{% - \pchapsepmacro - {% - \chapfonts \rm - \def\chapnum{#2}% - \setbox0 = \hbox{#2\ifx\chapnum\empty\else\enspace\fi}% - \vbox{\hyphenpenalty=10000 \tolerance=5000 \parindent=0pt \raggedright - \hangindent = \wd0 \centerparametersmaybe - \unhbox0 #1\par}% - }% - \nobreak\bigskip % no page break after a chapter title - \nobreak -} - -% Plain opening for unnumbered. -\def\unnchfplain#1{\chfplain{#1}{}} - -% @centerchap -- centered and unnumbered. -\let\centerparametersmaybe = \relax -\def\centerchfplain#1{{% - \def\centerparametersmaybe{% - \advance\rightskip by 3\rightskip - \leftskip = \rightskip - \parfillskip = 0pt - }% - \chfplain{#1}{}% -}} - -\CHAPFplain % The default - -\def\unnchfopen #1{% -\chapoddpage {\chapfonts \vbox{\hyphenpenalty=10000\tolerance=5000 - \parindent=0pt\raggedright - \rm #1\hfill}}\bigskip \par\nobreak -} - -\def\chfopen #1#2{\chapoddpage {\chapfonts -\vbox to 3in{\vfil \hbox to\hsize{\hfil #2} \hbox to\hsize{\hfil #1} \vfil}}% -\par\penalty 5000 % -} - -\def\centerchfopen #1{% -\chapoddpage {\chapfonts \vbox{\hyphenpenalty=10000\tolerance=5000 - \parindent=0pt - \hfill {\rm #1}\hfill}}\bigskip \par\nobreak -} - -\def\CHAPFopen{ -\global\let\chapmacro=\chfopen -\global\let\unnumbchapmacro=\unnchfopen -\global\let\centerchapmacro=\centerchfopen} - - -% Section titles. -\newskip\secheadingskip -\def\secheadingbreak{\dobreak \secheadingskip {-1000}} -\def\secheading#1#2#3{\sectionheading{sec}{#2.#3}{#1}} -\def\plainsecheading#1{\sectionheading{sec}{}{#1}} - -% Subsection titles. -\newskip \subsecheadingskip -\def\subsecheadingbreak{\dobreak \subsecheadingskip {-500}} -\def\subsecheading#1#2#3#4{\sectionheading{subsec}{#2.#3.#4}{#1}} -\def\plainsubsecheading#1{\sectionheading{subsec}{}{#1}} - -% Subsubsection titles. -\let\subsubsecheadingskip = \subsecheadingskip -\let\subsubsecheadingbreak = \subsecheadingbreak -\def\subsubsecheading#1#2#3#4#5{\sectionheading{subsubsec}{#2.#3.#4.#5}{#1}} -\def\plainsubsubsecheading#1{\sectionheading{subsubsec}{}{#1}} - - -% Print any size section title. -% -% #1 is the section type (sec/subsec/subsubsec), #2 is the section -% number (maybe empty), #3 the text. -\def\sectionheading#1#2#3{% - {% - \expandafter\advance\csname #1headingskip\endcsname by \parskip - \csname #1headingbreak\endcsname - }% - {% - % Switch to the right set of fonts. - \csname #1fonts\endcsname \rm - % - % Only insert the separating space if we have a section number. - \def\secnum{#2}% - \setbox0 = \hbox{#2\ifx\secnum\empty\else\enspace\fi}% - % - \vbox{\hyphenpenalty=10000 \tolerance=5000 \parindent=0pt \raggedright - \hangindent = \wd0 % zero if no section number - \unhbox0 #3}% - }% - \ifdim\parskip<10pt \nobreak\kern10pt\nobreak\kern-\parskip\fi \nobreak -} - - -\message{toc,} -\newwrite\tocfile - -% Write an entry to the toc file, opening it if necessary. -% Called from @chapter, etc. We supply {\folio} at the end of the -% argument, which will end up as the last argument to the \...entry macro. -% -% We open the .toc file here instead of at @setfilename or any other -% given time so that @contents can be put in the document anywhere. -% -\newif\iftocfileopened -\def\writetocentry#1{% - \iftocfileopened\else - \immediate\openout\tocfile = \jobname.toc - \global\tocfileopenedtrue - \fi - \iflinks \write\tocfile{#1{\folio}}\fi -} - -\newskip\contentsrightmargin \contentsrightmargin=1in -\newcount\savepageno -\newcount\lastnegativepageno \lastnegativepageno = -1 - -% Finish up the main text and prepare to read what we've written -% to \tocfile. -% -\def\startcontents#1{% - % If @setchapternewpage on, and @headings double, the contents should - % start on an odd page, unlike chapters. Thus, we maintain - % \contentsalignmacro in parallel with \pagealignmacro. - % From: Torbjorn Granlund - \contentsalignmacro - \immediate\closeout\tocfile - % - % Don't need to put `Contents' or `Short Contents' in the headline. - % It is abundantly clear what they are. - \unnumbchapmacro{#1}\def\thischapter{}% - \savepageno = \pageno - \begingroup % Set up to handle contents files properly. - \catcode`\\=0 \catcode`\{=1 \catcode`\}=2 \catcode`\@=11 - % We can't do this, because then an actual ^ in a section - % title fails, e.g., @chapter ^ -- exponentiation. --karl, 9jul97. - %\catcode`\^=7 % to see ^^e4 as \"a etc. juha@piuha.ydi.vtt.fi - \raggedbottom % Worry more about breakpoints than the bottom. - \advance\hsize by -\contentsrightmargin % Don't use the full line length. - % - % Roman numerals for page numbers. - \ifnum \pageno>0 \pageno = \lastnegativepageno \fi -} - - -% Normal (long) toc. -\def\contents{% - \startcontents{\putwordTableofContents}% - \openin 1 \jobname.toc - \ifeof 1 \else - \closein 1 - \input \jobname.toc - \fi - \vfill \eject - \endgroup - \lastnegativepageno = \pageno - \pageno = \savepageno -} - -% And just the chapters. -\def\summarycontents{% - \startcontents{\putwordShortContents}% - % - \let\chapentry = \shortchapentry - \let\unnumbchapentry = \shortunnumberedentry - % We want a true roman here for the page numbers. - \secfonts - \let\rm=\shortcontrm \let\bf=\shortcontbf \let\sl=\shortcontsl - \rm - \hyphenpenalty = 10000 - \advance\baselineskip by 1pt % Open it up a little. - \def\secentry ##1##2##3##4{} - \def\unnumbsecentry ##1##2{} - \def\subsecentry ##1##2##3##4##5{} - \def\unnumbsubsecentry ##1##2{} - \def\subsubsecentry ##1##2##3##4##5##6{} - \def\unnumbsubsubsecentry ##1##2{} - \openin 1 \jobname.toc - \ifeof 1 \else - \closein 1 - \input \jobname.toc - \fi - \vfill \eject - \endgroup - \lastnegativepageno = \pageno - \pageno = \savepageno -} -\let\shortcontents = \summarycontents - -% These macros generate individual entries in the table of contents. -% The first argument is the chapter or section name. -% The last argument is the page number. -% The arguments in between are the chapter number, section number, ... - -% Chapter-level things, for both the long and short contents. -\def\chapentry#1#2#3{\dochapentry{#2\labelspace#1}{#3}} - -% See comments in \dochapentry re vbox and related settings -\def\shortchapentry#1#2#3{% - \tocentry{\shortchaplabel{#2}\labelspace #1}{\doshortpageno{#3}}% -} - -% Typeset the label for a chapter or appendix for the short contents. -% The arg is, e.g. `Appendix A' for an appendix, or `3' for a chapter. -% We could simplify the code here by writing out an \appendixentry -% command in the toc file for appendices, instead of using \chapentry -% for both, but it doesn't seem worth it. -\setbox0 = \hbox{\shortcontrm \putwordAppendix } -\newdimen\shortappendixwidth \shortappendixwidth = \wd0 - -\def\shortchaplabel#1{% - % We typeset #1 in a box of constant width, regardless of the text of - % #1, so the chapter titles will come out aligned. - \setbox0 = \hbox{#1}% - \dimen0 = \ifdim\wd0 > \shortappendixwidth \shortappendixwidth \else 0pt \fi - % - % This space should be plenty, since a single number is .5em, and the - % widest letter (M) is 1em, at least in the Computer Modern fonts. - % (This space doesn't include the extra space that gets added after - % the label; that gets put in by \shortchapentry above.) - \advance\dimen0 by 1.1em - \hbox to \dimen0{#1\hfil}% -} - -\def\unnumbchapentry#1#2{\dochapentry{#1}{#2}} -\def\shortunnumberedentry#1#2{\tocentry{#1}{\doshortpageno{#2}}} - -% Sections. -\def\secentry#1#2#3#4{\dosecentry{#2.#3\labelspace#1}{#4}} -\def\unnumbsecentry#1#2{\dosecentry{#1}{#2}} - -% Subsections. -\def\subsecentry#1#2#3#4#5{\dosubsecentry{#2.#3.#4\labelspace#1}{#5}} -\def\unnumbsubsecentry#1#2{\dosubsecentry{#1}{#2}} - -% And subsubsections. -\def\subsubsecentry#1#2#3#4#5#6{% - \dosubsubsecentry{#2.#3.#4.#5\labelspace#1}{#6}} -\def\unnumbsubsubsecentry#1#2{\dosubsubsecentry{#1}{#2}} - -% This parameter controls the indentation of the various levels. -\newdimen\tocindent \tocindent = 3pc - -% Now for the actual typesetting. In all these, #1 is the text and #2 is the -% page number. -% -% If the toc has to be broken over pages, we want it to be at chapters -% if at all possible; hence the \penalty. -\def\dochapentry#1#2{% - \penalty-300 \vskip1\baselineskip plus.33\baselineskip minus.25\baselineskip - \begingroup - \chapentryfonts - \tocentry{#1}{\dopageno{#2}}% - \endgroup - \nobreak\vskip .25\baselineskip plus.1\baselineskip -} - -\def\dosecentry#1#2{\begingroup - \secentryfonts \leftskip=\tocindent - \tocentry{#1}{\dopageno{#2}}% -\endgroup} - -\def\dosubsecentry#1#2{\begingroup - \subsecentryfonts \leftskip=2\tocindent - \tocentry{#1}{\dopageno{#2}}% -\endgroup} - -\def\dosubsubsecentry#1#2{\begingroup - \subsubsecentryfonts \leftskip=3\tocindent - \tocentry{#1}{\dopageno{#2}}% -\endgroup} - -% Final typesetting of a toc entry; we use the same \entry macro as for -% the index entries, but we want to suppress hyphenation here. (We -% can't do that in the \entry macro, since index entries might consist -% of hyphenated-identifiers-that-do-not-fit-on-a-line-and-nothing-else.) -\def\tocentry#1#2{\begingroup - \vskip 0pt plus1pt % allow a little stretch for the sake of nice page breaks - % Do not use \turnoffactive in these arguments. Since the toc is - % typeset in cmr, so characters such as _ would come out wrong; we - % have to do the usual translation tricks. - \entry{#1}{#2}% -\endgroup} - -% Space between chapter (or whatever) number and the title. -\def\labelspace{\hskip1em \relax} - -\def\dopageno#1{{\rm #1}} -\def\doshortpageno#1{{\rm #1}} - -\def\chapentryfonts{\secfonts \rm} -\def\secentryfonts{\textfonts} -\let\subsecentryfonts = \textfonts -\let\subsubsecentryfonts = \textfonts - - -\message{environments,} - -% Since these characters are used in examples, it should be an even number of -% \tt widths. Each \tt character is 1en, so two makes it 1em. -% Furthermore, these definitions must come after we define our fonts. -\newbox\dblarrowbox \newbox\longdblarrowbox -\newbox\pushcharbox \newbox\bullbox -\newbox\equivbox \newbox\errorbox - -%{\tentt -%\global\setbox\dblarrowbox = \hbox to 1em{\hfil$\Rightarrow$\hfil} -%\global\setbox\longdblarrowbox = \hbox to 1em{\hfil$\mapsto$\hfil} -%\global\setbox\pushcharbox = \hbox to 1em{\hfil$\dashv$\hfil} -%\global\setbox\equivbox = \hbox to 1em{\hfil$\ptexequiv$\hfil} -% Adapted from the manmac format (p.420 of TeXbook) -%\global\setbox\bullbox = \hbox to 1em{\kern.15em\vrule height .75ex width .85ex -% depth .1ex\hfil} -%} - -% @point{}, @result{}, @expansion{}, @print{}, @equiv{}. -\def\point{$\star$} -\def\result{\leavevmode\raise.15ex\hbox to 1em{\hfil$\Rightarrow$\hfil}} -\def\expansion{\leavevmode\raise.1ex\hbox to 1em{\hfil$\mapsto$\hfil}} -\def\print{\leavevmode\lower.1ex\hbox to 1em{\hfil$\dashv$\hfil}} -\def\equiv{\leavevmode\lower.1ex\hbox to 1em{\hfil$\ptexequiv$\hfil}} - -% Adapted from the TeXbook's \boxit. -{\tentt \global\dimen0 = 3em}% Width of the box. -\dimen2 = .55pt % Thickness of rules -% The text. (`r' is open on the right, `e' somewhat less so on the left.) -\setbox0 = \hbox{\kern-.75pt \tensf error\kern-1.5pt} - -\global\setbox\errorbox=\hbox to \dimen0{\hfil - \hsize = \dimen0 \advance\hsize by -5.8pt % Space to left+right. - \advance\hsize by -2\dimen2 % Rules. - \vbox{ - \hrule height\dimen2 - \hbox{\vrule width\dimen2 \kern3pt % Space to left of text. - \vtop{\kern2.4pt \box0 \kern2.4pt}% Space above/below. - \kern3pt\vrule width\dimen2}% Space to right. - \hrule height\dimen2} - \hfil} - -% The @error{} command. -\def\error{\leavevmode\lower.7ex\copy\errorbox} - -% @tex ... @end tex escapes into raw Tex temporarily. -% One exception: @ is still an escape character, so that @end tex works. -% But \@ or @@ will get a plain tex @ character. - -\def\tex{\begingroup - \catcode `\\=0 \catcode `\{=1 \catcode `\}=2 - \catcode `\$=3 \catcode `\&=4 \catcode `\#=6 - \catcode `\^=7 \catcode `\_=8 \catcode `\~=13 \let~=\tie - \catcode `\%=14 - \catcode 43=12 % plus - \catcode`\"=12 - \catcode`\==12 - \catcode`\|=12 - \catcode`\<=12 - \catcode`\>=12 - \escapechar=`\\ - % - \let\b=\ptexb - \let\bullet=\ptexbullet - \let\c=\ptexc - \let\,=\ptexcomma - \let\.=\ptexdot - \let\dots=\ptexdots - \let\equiv=\ptexequiv - \let\!=\ptexexclam - \let\i=\ptexi - \let\{=\ptexlbrace - \let\+=\tabalign - \let\}=\ptexrbrace - \let\*=\ptexstar - \let\t=\ptext - % - \def\endldots{\mathinner{\ldots\ldots\ldots\ldots}}% - \def\enddots{\relax\ifmmode\endldots\else$\mathsurround=0pt \endldots\,$\fi}% - \def\@{@}% -\let\Etex=\endgroup} - -% Define @lisp ... @endlisp. -% @lisp does a \begingroup so it can rebind things, -% including the definition of @endlisp (which normally is erroneous). - -% Amount to narrow the margins by for @lisp. -\newskip\lispnarrowing \lispnarrowing=0.4in - -% This is the definition that ^^M gets inside @lisp, @example, and other -% such environments. \null is better than a space, since it doesn't -% have any width. -\def\lisppar{\null\endgraf} - -% Make each space character in the input produce a normal interword -% space in the output. Don't allow a line break at this space, as this -% is used only in environments like @example, where each line of input -% should produce a line of output anyway. -% -{\obeyspaces % -\gdef\sepspaces{\obeyspaces\let =\tie}} - -% Define \obeyedspace to be our active space, whatever it is. This is -% for use in \parsearg. -{\sepspaces% -\global\let\obeyedspace= } - -% This space is always present above and below environments. -\newskip\envskipamount \envskipamount = 0pt - -% Make spacing and below environment symmetrical. We use \parskip here -% to help in doing that, since in @example-like environments \parskip -% is reset to zero; thus the \afterenvbreak inserts no space -- but the -% start of the next paragraph will insert \parskip -% -\def\aboveenvbreak{{\advance\envskipamount by \parskip -\endgraf \ifdim\lastskip<\envskipamount -\removelastskip \penalty-50 \vskip\envskipamount \fi}} - -\let\afterenvbreak = \aboveenvbreak - -% \nonarrowing is a flag. If "set", @lisp etc don't narrow margins. -\let\nonarrowing=\relax - -% @cartouche ... @end cartouche: draw rectangle w/rounded corners around -% environment contents. -\font\circle=lcircle10 -\newdimen\circthick -\newdimen\cartouter\newdimen\cartinner -\newskip\normbskip\newskip\normpskip\newskip\normlskip -\circthick=\fontdimen8\circle -% -\def\ctl{{\circle\char'013\hskip -6pt}}% 6pt from pl file: 1/2charwidth -\def\ctr{{\hskip 6pt\circle\char'010}} -\def\cbl{{\circle\char'012\hskip -6pt}} -\def\cbr{{\hskip 6pt\circle\char'011}} -\def\carttop{\hbox to \cartouter{\hskip\lskip - \ctl\leaders\hrule height\circthick\hfil\ctr - \hskip\rskip}} -\def\cartbot{\hbox to \cartouter{\hskip\lskip - \cbl\leaders\hrule height\circthick\hfil\cbr - \hskip\rskip}} -% -\newskip\lskip\newskip\rskip - -\long\def\cartouche{% -\begingroup - \lskip=\leftskip \rskip=\rightskip - \leftskip=0pt\rightskip=0pt %we want these *outside*. - \cartinner=\hsize \advance\cartinner by-\lskip - \advance\cartinner by-\rskip - \cartouter=\hsize - \advance\cartouter by 18.4pt % allow for 3pt kerns on either -% side, and for 6pt waste from -% each corner char, and rule thickness - \normbskip=\baselineskip \normpskip=\parskip \normlskip=\lineskip - % Flag to tell @lisp, etc., not to narrow margin. - \let\nonarrowing=\comment - \vbox\bgroup - \baselineskip=0pt\parskip=0pt\lineskip=0pt - \carttop - \hbox\bgroup - \hskip\lskip - \vrule\kern3pt - \vbox\bgroup - \hsize=\cartinner - \kern3pt - \begingroup - \baselineskip=\normbskip - \lineskip=\normlskip - \parskip=\normpskip - \vskip -\parskip -\def\Ecartouche{% - \endgroup - \kern3pt - \egroup - \kern3pt\vrule - \hskip\rskip - \egroup - \cartbot - \egroup -\endgroup -}} - - -% This macro is called at the beginning of all the @example variants, -% inside a group. -\def\nonfillstart{% - \aboveenvbreak - \inENV % This group ends at the end of the body - \hfuzz = 12pt % Don't be fussy - \sepspaces % Make spaces be word-separators rather than space tokens. - \singlespace - \let\par = \lisppar % don't ignore blank lines - \obeylines % each line of input is a line of output - \parskip = 0pt - \parindent = 0pt - \emergencystretch = 0pt % don't try to avoid overfull boxes - % @cartouche defines \nonarrowing to inhibit narrowing - % at next level down. - \ifx\nonarrowing\relax - \advance \leftskip by \lispnarrowing - \exdentamount=\lispnarrowing - \let\exdent=\nofillexdent - \let\nonarrowing=\relax - \fi -} - -% Define the \E... control sequence only if we are inside the particular -% environment, so the error checking in \end will work. -% -% To end an @example-like environment, we first end the paragraph (via -% \afterenvbreak's vertical glue), and then the group. That way we keep -% the zero \parskip that the environments set -- \parskip glue will be -% inserted at the beginning of the next paragraph in the document, after -% the environment. -% -\def\nonfillfinish{\afterenvbreak\endgroup} - -% @lisp: indented, narrowed, typewriter font. -\def\lisp{\begingroup - \nonfillstart - \let\Elisp = \nonfillfinish - \tt - \let\kbdfont = \kbdexamplefont % Allow @kbd to do something special. - \gobble % eat return -} - -% @example: Same as @lisp. -\def\example{\begingroup \def\Eexample{\nonfillfinish\endgroup}\lisp} - -% @small... is usually equivalent to the non-small (@smallbook -% redefines). We must call \example (or whatever) last in the -% definition, since it reads the return following the @example (or -% whatever) command. -% -% This actually allows (for example) @end display inside an -% @smalldisplay. Too bad, but makeinfo will catch the error anyway. -% -\def\smalldisplay{\begingroup\def\Esmalldisplay{\nonfillfinish\endgroup}\display} -\def\smallexample{\begingroup\def\Esmallexample{\nonfillfinish\endgroup}\lisp} -\def\smallformat{\begingroup\def\Esmallformat{\nonfillfinish\endgroup}\format} -\def\smalllisp{\begingroup\def\Esmalllisp{\nonfillfinish\endgroup}\lisp} - -% Real @smallexample and @smalllisp (when @smallbook): use smaller fonts. -% Originally contributed by Pavel@xerox. -\def\smalllispx{\begingroup - \def\Esmalllisp{\nonfillfinish\endgroup}% - \def\Esmallexample{\nonfillfinish\endgroup}% - \indexfonts - \lisp -} - -% @display: same as @lisp except keep current font. -% -\def\display{\begingroup - \nonfillstart - \let\Edisplay = \nonfillfinish - \gobble -} - -% @smalldisplay (when @smallbook): @display plus smaller fonts. -% -\def\smalldisplayx{\begingroup - \def\Esmalldisplay{\nonfillfinish\endgroup}% - \indexfonts \rm - \display -} - -% @format: same as @display except don't narrow margins. -% -\def\format{\begingroup - \let\nonarrowing = t - \nonfillstart - \let\Eformat = \nonfillfinish - \gobble -} - -% @smallformat (when @smallbook): @format plus smaller fonts. -% -\def\smallformatx{\begingroup - \def\Esmallformat{\nonfillfinish\endgroup}% - \indexfonts \rm - \format -} - -% @flushleft (same as @format). -% -\def\flushleft{\begingroup \def\Eflushleft{\nonfillfinish\endgroup}\format} - -% @flushright. -% -\def\flushright{\begingroup - \let\nonarrowing = t - \nonfillstart - \let\Eflushright = \nonfillfinish - \advance\leftskip by 0pt plus 1fill - \gobble -} - -% @quotation does normal linebreaking (hence we can't use \nonfillstart) -% and narrows the margins. -% -\def\quotation{% - \begingroup\inENV %This group ends at the end of the @quotation body - {\parskip=0pt \aboveenvbreak}% because \aboveenvbreak inserts \parskip - \singlespace - \parindent=0pt - % We have retained a nonzero parskip for the environment, since we're - % doing normal filling. So to avoid extra space below the environment... - \def\Equotation{\parskip = 0pt \nonfillfinish}% - % - % @cartouche defines \nonarrowing to inhibit narrowing at next level down. - \ifx\nonarrowing\relax - \advance\leftskip by \lispnarrowing - \advance\rightskip by \lispnarrowing - \exdentamount = \lispnarrowing - \let\nonarrowing = \relax - \fi -} - - -\message{defuns,} -% Define formatter for defuns -% First, allow user to change definition object font (\df) internally -\def\setdeffont #1 {\csname DEF#1\endcsname} - -\newskip\defbodyindent \defbodyindent=.4in -\newskip\defargsindent \defargsindent=50pt -\newskip\deftypemargin \deftypemargin=12pt -\newskip\deflastargmargin \deflastargmargin=18pt - -\newcount\parencount -% define \functionparens, which makes ( and ) and & do special things. -% \functionparens affects the group it is contained in. -\def\activeparens{% -\catcode`\(=\active \catcode`\)=\active \catcode`\&=\active -\catcode`\[=\active \catcode`\]=\active} - -% Make control sequences which act like normal parenthesis chars. -\let\lparen = ( \let\rparen = ) - -{\activeparens % Now, smart parens don't turn on until &foo (see \amprm) - -% Be sure that we always have a definition for `(', etc. For example, -% if the fn name has parens in it, \boldbrax will not be in effect yet, -% so TeX would otherwise complain about undefined control sequence. -\global\let(=\lparen \global\let)=\rparen -\global\let[=\lbrack \global\let]=\rbrack - -\gdef\functionparens{\boldbrax\let&=\amprm\parencount=0 } -\gdef\boldbrax{\let(=\opnr\let)=\clnr\let[=\lbrb\let]=\rbrb} -% This is used to turn on special parens -% but make & act ordinary (given that it's active). -\gdef\boldbraxnoamp{\let(=\opnr\let)=\clnr\let[=\lbrb\let]=\rbrb\let&=\ampnr} - -% Definitions of (, ) and & used in args for functions. -% This is the definition of ( outside of all parentheses. -\gdef\oprm#1 {{\rm\char`\(}#1 \bf \let(=\opnested - \global\advance\parencount by 1 -} -% -% This is the definition of ( when already inside a level of parens. -\gdef\opnested{\char`\(\global\advance\parencount by 1 } -% -\gdef\clrm{% Print a paren in roman if it is taking us back to depth of 0. - % also in that case restore the outer-level definition of (. - \ifnum \parencount=1 {\rm \char `\)}\sl \let(=\oprm \else \char `\) \fi - \global\advance \parencount by -1 } -% If we encounter &foo, then turn on ()-hacking afterwards -\gdef\amprm#1 {{\rm\}\let(=\oprm \let)=\clrm\ } -% -\gdef\normalparens{\boldbrax\let&=\ampnr} -} % End of definition inside \activeparens -%% These parens (in \boldbrax) actually are a little bolder than the -%% contained text. This is especially needed for [ and ] -\def\opnr{{\sf\char`\(}\global\advance\parencount by 1 } -\def\clnr{{\sf\char`\)}\global\advance\parencount by -1 } -\def\ampnr{\&} -\def\lbrb{{\bf\char`\[}} -\def\rbrb{{\bf\char`\]}} - -% First, defname, which formats the header line itself. -% #1 should be the function name. -% #2 should be the type of definition, such as "Function". - -\def\defname #1#2{% -% Get the values of \leftskip and \rightskip as they were -% outside the @def... -\dimen2=\leftskip -\advance\dimen2 by -\defbodyindent -\noindent -\setbox0=\hbox{\hskip \deflastargmargin{\rm #2}\hskip \deftypemargin}% -\dimen0=\hsize \advance \dimen0 by -\wd0 % compute size for first line -\dimen1=\hsize \advance \dimen1 by -\defargsindent %size for continuations -\parshape 2 0in \dimen0 \defargsindent \dimen1 -% Now output arg 2 ("Function" or some such) -% ending at \deftypemargin from the right margin, -% but stuck inside a box of width 0 so it does not interfere with linebreaking -{% Adjust \hsize to exclude the ambient margins, -% so that \rightline will obey them. -\advance \hsize by -\dimen2 -\rlap{\rightline{{\rm #2}\hskip -1.25pc }}}% -% Make all lines underfull and no complaints: -\tolerance=10000 \hbadness=10000 -\advance\leftskip by -\defbodyindent -\exdentamount=\defbodyindent -{\df #1}\enskip % Generate function name -} - -% Actually process the body of a definition -% #1 should be the terminating control sequence, such as \Edefun. -% #2 should be the "another name" control sequence, such as \defunx. -% #3 should be the control sequence that actually processes the header, -% such as \defunheader. - -\def\defparsebody #1#2#3{\begingroup\inENV% Environment for definitionbody -\medbreak % -% Define the end token that this defining construct specifies -% so that it will exit this group. -\def#1{\endgraf\endgroup\medbreak}% -\def#2{\begingroup\obeylines\activeparens\spacesplit#3}% -\parindent=0in -\advance\leftskip by \defbodyindent -\exdentamount=\defbodyindent -\begingroup % -\catcode 61=\active % 61 is `=' -\obeylines\activeparens\spacesplit#3} - -% #1 is the \E... control sequence to end the definition (which we define). -% #2 is the \...x control sequence for consecutive fns (which we define). -% #3 is the control sequence to call to resume processing. -% #4, delimited by the space, is the class name. -% -\def\defmethparsebody#1#2#3#4 {\begingroup\inENV % -\medbreak % -% Define the end token that this defining construct specifies -% so that it will exit this group. -\def#1{\endgraf\endgroup\medbreak}% -\def#2##1 {\begingroup\obeylines\activeparens\spacesplit{#3{##1}}}% -\parindent=0in -\advance\leftskip by \defbodyindent -\exdentamount=\defbodyindent -\begingroup\obeylines\activeparens\spacesplit{#3{#4}}} - -% @deftypemethod has an extra argument that nothing else does. Sigh. -% #1 is the \E... control sequence to end the definition (which we define). -% #2 is the \...x control sequence for consecutive fns (which we define). -% #3 is the control sequence to call to resume processing. -% #4, delimited by the space, is the class name. -% #5 is the method's return type. -% -\def\deftypemethparsebody#1#2#3#4 #5 {\begingroup\inENV % -\medbreak % -% Define the end token that this defining construct specifies -% so that it will exit this group. -\def#1{\endgraf\endgroup\medbreak}% -\def#2##1 ##2 {\begingroup\obeylines\activeparens\spacesplit{#3{##1}{##2}}}% -\parindent=0in -\advance\leftskip by \defbodyindent -\exdentamount=\defbodyindent -\begingroup\obeylines\activeparens\spacesplit{#3{#4}{#5}}} - -\def\defopparsebody #1#2#3#4#5 {\begingroup\inENV % -\medbreak % -% Define the end token that this defining construct specifies -% so that it will exit this group. -\def#1{\endgraf\endgroup\medbreak}% -\def#2##1 ##2 {\def#4{##1}% -\begingroup\obeylines\activeparens\spacesplit{#3{##2}}}% -\parindent=0in -\advance\leftskip by \defbodyindent -\exdentamount=\defbodyindent -\begingroup\obeylines\activeparens\spacesplit{#3{#5}}} - -% These parsing functions are similar to the preceding ones -% except that they do not make parens into active characters. -% These are used for "variables" since they have no arguments. - -\def\defvarparsebody #1#2#3{\begingroup\inENV% Environment for definitionbody -\medbreak % -% Define the end token that this defining construct specifies -% so that it will exit this group. -\def#1{\endgraf\endgroup\medbreak}% -\def#2{\begingroup\obeylines\spacesplit#3}% -\parindent=0in -\advance\leftskip by \defbodyindent -\exdentamount=\defbodyindent -\begingroup % -\catcode 61=\active % -\obeylines\spacesplit#3} - -% This is used for \def{tp,vr}parsebody. It could probably be used for -% some of the others, too, with some judicious conditionals. -% -\def\parsebodycommon#1#2#3{% - \begingroup\inENV % - \medbreak % - % Define the end token that this defining construct specifies - % so that it will exit this group. - \def#1{\endgraf\endgroup\medbreak}% - \def#2##1 {\begingroup\obeylines\spacesplit{#3{##1}}}% - \parindent=0in - \advance\leftskip by \defbodyindent - \exdentamount=\defbodyindent - \begingroup\obeylines -} - -\def\defvrparsebody#1#2#3#4 {% - \parsebodycommon{#1}{#2}{#3}% - \spacesplit{#3{#4}}% -} - -% This loses on `@deftp {Data Type} {struct termios}' -- it thinks the -% type is just `struct', because we lose the braces in `{struct -% termios}' when \spacesplit reads its undelimited argument. Sigh. -% \let\deftpparsebody=\defvrparsebody -% -% So, to get around this, we put \empty in with the type name. That -% way, TeX won't find exactly `{...}' as an undelimited argument, and -% won't strip off the braces. -% -\def\deftpparsebody #1#2#3#4 {% - \parsebodycommon{#1}{#2}{#3}% - \spacesplit{\parsetpheaderline{#3{#4}}}\empty -} - -% Fine, but then we have to eventually remove the \empty *and* the -% braces (if any). That's what this does. -% -\def\removeemptybraces\empty#1\relax{#1} - -% After \spacesplit has done its work, this is called -- #1 is the final -% thing to call, #2 the type name (which starts with \empty), and #3 -% (which might be empty) the arguments. -% -\def\parsetpheaderline#1#2#3{% - #1{\removeemptybraces#2\relax}{#3}% -}% - -\def\defopvarparsebody #1#2#3#4#5 {\begingroup\inENV % -\medbreak % -% Define the end token that this defining construct specifies -% so that it will exit this group. -\def#1{\endgraf\endgroup\medbreak}% -\def#2##1 ##2 {\def#4{##1}% -\begingroup\obeylines\spacesplit{#3{##2}}}% -\parindent=0in -\advance\leftskip by \defbodyindent -\exdentamount=\defbodyindent -\begingroup\obeylines\spacesplit{#3{#5}}} - -% Split up #2 at the first space token. -% call #1 with two arguments: -% the first is all of #2 before the space token, -% the second is all of #2 after that space token. -% If #2 contains no space token, all of it is passed as the first arg -% and the second is passed as empty. - -{\obeylines -\gdef\spacesplit#1#2^^M{\endgroup\spacesplitfoo{#1}#2 \relax\spacesplitfoo}% -\long\gdef\spacesplitfoo#1#2 #3#4\spacesplitfoo{% -\ifx\relax #3% -#1{#2}{}\else #1{#2}{#3#4}\fi}} - -% So much for the things common to all kinds of definitions. - -% Define @defun. - -% First, define the processing that is wanted for arguments of \defun -% Use this to expand the args and terminate the paragraph they make up - -\def\defunargs #1{\functionparens \sl -% Expand, preventing hyphenation at `-' chars. -% Note that groups don't affect changes in \hyphenchar. -\hyphenchar\tensl=0 -#1% -\hyphenchar\tensl=45 -\ifnum\parencount=0 \else \errmessage{Unbalanced parentheses in @def}\fi% -\interlinepenalty=10000 -\advance\rightskip by 0pt plus 1fil -\endgraf\nobreak\vskip -\parskip\nobreak -} - -\def\deftypefunargs #1{% -% Expand, preventing hyphenation at `-' chars. -% Note that groups don't affect changes in \hyphenchar. -% Use \boldbraxnoamp, not \functionparens, so that & is not special. -\boldbraxnoamp -\tclose{#1}% avoid \code because of side effects on active chars -\interlinepenalty=10000 -\advance\rightskip by 0pt plus 1fil -\endgraf\nobreak\vskip -\parskip\nobreak -} - -% Do complete processing of one @defun or @defunx line already parsed. - -% @deffn Command forward-char nchars - -\def\deffn{\defmethparsebody\Edeffn\deffnx\deffnheader} - -\def\deffnheader #1#2#3{\doind {fn}{\code{#2}}% -\begingroup\defname {#2}{#1}\defunargs{#3}\endgroup % -\catcode 61=\other % Turn off change made in \defparsebody -} - -% @defun == @deffn Function - -\def\defun{\defparsebody\Edefun\defunx\defunheader} - -\def\defunheader #1#2{\doind {fn}{\code{#1}}% Make entry in function index -\begingroup\defname {#1}{Function}% -\defunargs {#2}\endgroup % -\catcode 61=\other % Turn off change made in \defparsebody -} - -% @deftypefun int foobar (int @var{foo}, float @var{bar}) - -\def\deftypefun{\defparsebody\Edeftypefun\deftypefunx\deftypefunheader} - -% #1 is the data type. #2 is the name and args. -\def\deftypefunheader #1#2{\deftypefunheaderx{#1}#2 \relax} -% #1 is the data type, #2 the name, #3 the args. -\def\deftypefunheaderx #1#2 #3\relax{% -\doind {fn}{\code{#2}}% Make entry in function index -\begingroup\defname {\defheaderxcond#1\relax$$$#2}{Function}% -\deftypefunargs {#3}\endgroup % -\catcode 61=\other % Turn off change made in \defparsebody -} - -% @deftypefn {Library Function} int foobar (int @var{foo}, float @var{bar}) - -\def\deftypefn{\defmethparsebody\Edeftypefn\deftypefnx\deftypefnheader} - -% \defheaderxcond#1\relax$$$ -% puts #1 in @code, followed by a space, but does nothing if #1 is null. -\def\defheaderxcond#1#2$$${\ifx#1\relax\else\code{#1#2} \fi} - -% #1 is the classification. #2 is the data type. #3 is the name and args. -\def\deftypefnheader #1#2#3{\deftypefnheaderx{#1}{#2}#3 \relax} -% #1 is the classification, #2 the data type, #3 the name, #4 the args. -\def\deftypefnheaderx #1#2#3 #4\relax{% -\doind {fn}{\code{#3}}% Make entry in function index -\begingroup -\normalparens % notably, turn off `&' magic, which prevents -% at least some C++ text from working -\defname {\defheaderxcond#2\relax$$$#3}{#1}% -\deftypefunargs {#4}\endgroup % -\catcode 61=\other % Turn off change made in \defparsebody -} - -% @defmac == @deffn Macro - -\def\defmac{\defparsebody\Edefmac\defmacx\defmacheader} - -\def\defmacheader #1#2{\doind {fn}{\code{#1}}% Make entry in function index -\begingroup\defname {#1}{Macro}% -\defunargs {#2}\endgroup % -\catcode 61=\other % Turn off change made in \defparsebody -} - -% @defspec == @deffn Special Form - -\def\defspec{\defparsebody\Edefspec\defspecx\defspecheader} - -\def\defspecheader #1#2{\doind {fn}{\code{#1}}% Make entry in function index -\begingroup\defname {#1}{Special Form}% -\defunargs {#2}\endgroup % -\catcode 61=\other % Turn off change made in \defparsebody -} - -% This definition is run if you use @defunx -% anywhere other than immediately after a @defun or @defunx. - -\def\deffnx #1 {\errmessage{@deffnx in invalid context}} -\def\defunx #1 {\errmessage{@defunx in invalid context}} -\def\defmacx #1 {\errmessage{@defmacx in invalid context}} -\def\defspecx #1 {\errmessage{@defspecx in invalid context}} -\def\deftypefnx #1 {\errmessage{@deftypefnx in invalid context}} -\def\deftypemethodx #1 {\errmessage{@deftypemethodx in invalid context}} -\def\deftypefunx #1 {\errmessage{@deftypefunx in invalid context}} - -% @defmethod, and so on - -% @defop CATEGORY CLASS OPERATION ARG... - -\def\defop #1 {\def\defoptype{#1}% -\defopparsebody\Edefop\defopx\defopheader\defoptype} - -\def\defopheader #1#2#3{% -\dosubind {fn}{\code{#2}}{\putwordon\ #1}% Make entry in function index -\begingroup\defname {#2}{\defoptype{} on #1}% -\defunargs {#3}\endgroup % -} - -% @deftypemethod CLASS RETURN-TYPE METHOD ARG... -% -\def\deftypemethod{% - \deftypemethparsebody\Edeftypemethod\deftypemethodx\deftypemethodheader} -% -% #1 is the class name, #2 the data type, #3 the method name, #4 the args. -\def\deftypemethodheader#1#2#3#4{% - \dosubind{fn}{\code{#3}}{\putwordon\ \code{#1}}% entry in function index - \begingroup - \defname{\defheaderxcond#2\relax$$$#3}{\putwordMethodon\ \code{#1}}% - \deftypefunargs{#4}% - \endgroup -} - -% @defmethod == @defop Method -% -\def\defmethod{\defmethparsebody\Edefmethod\defmethodx\defmethodheader} -% -% #1 is the class name, #2 the method name, #3 the args. -\def\defmethodheader#1#2#3{% - \dosubind{fn}{\code{#2}}{\putwordon\ \code{#1}}% entry in function index - \begingroup - \defname{#2}{\putwordMethodon\ \code{#1}}% - \defunargs{#3}% - \endgroup -} - -% @defcv {Class Option} foo-class foo-flag - -\def\defcv #1 {\def\defcvtype{#1}% -\defopvarparsebody\Edefcv\defcvx\defcvarheader\defcvtype} - -\def\defcvarheader #1#2#3{% -\dosubind {vr}{\code{#2}}{of #1}% Make entry in var index -\begingroup\defname {#2}{\defcvtype{} of #1}% -\defvarargs {#3}\endgroup % -} - -% @defivar == @defcv {Instance Variable} - -\def\defivar{\defvrparsebody\Edefivar\defivarx\defivarheader} - -\def\defivarheader #1#2#3{% -\dosubind {vr}{\code{#2}}{of #1}% Make entry in var index -\begingroup\defname {#2}{Instance Variable of #1}% -\defvarargs {#3}\endgroup % -} - -% These definitions are run if you use @defmethodx, etc., -% anywhere other than immediately after a @defmethod, etc. - -\def\defopx #1 {\errmessage{@defopx in invalid context}} -\def\defmethodx #1 {\errmessage{@defmethodx in invalid context}} -\def\defcvx #1 {\errmessage{@defcvx in invalid context}} -\def\defivarx #1 {\errmessage{@defivarx in invalid context}} - -% Now @defvar - -% First, define the processing that is wanted for arguments of @defvar. -% This is actually simple: just print them in roman. -% This must expand the args and terminate the paragraph they make up -\def\defvarargs #1{\normalparens #1% -\interlinepenalty=10000 -\endgraf\nobreak\vskip -\parskip\nobreak} - -% @defvr Counter foo-count - -\def\defvr{\defvrparsebody\Edefvr\defvrx\defvrheader} - -\def\defvrheader #1#2#3{\doind {vr}{\code{#2}}% -\begingroup\defname {#2}{#1}\defvarargs{#3}\endgroup} - -% @defvar == @defvr Variable - -\def\defvar{\defvarparsebody\Edefvar\defvarx\defvarheader} - -\def\defvarheader #1#2{\doind {vr}{\code{#1}}% Make entry in var index -\begingroup\defname {#1}{Variable}% -\defvarargs {#2}\endgroup % -} - -% @defopt == @defvr {User Option} - -\def\defopt{\defvarparsebody\Edefopt\defoptx\defoptheader} - -\def\defoptheader #1#2{\doind {vr}{\code{#1}}% Make entry in var index -\begingroup\defname {#1}{User Option}% -\defvarargs {#2}\endgroup % -} - -% @deftypevar int foobar - -\def\deftypevar{\defvarparsebody\Edeftypevar\deftypevarx\deftypevarheader} - -% #1 is the data type. #2 is the name, perhaps followed by text that -% is actually part of the data type, which should not be put into the index. -\def\deftypevarheader #1#2{% -\dovarind#2 \relax% Make entry in variables index -\begingroup\defname {\defheaderxcond#1\relax$$$#2}{Variable}% -\interlinepenalty=10000 -\endgraf\nobreak\vskip -\parskip\nobreak -\endgroup} -\def\dovarind#1 #2\relax{\doind{vr}{\code{#1}}} - -% @deftypevr {Global Flag} int enable - -\def\deftypevr{\defvrparsebody\Edeftypevr\deftypevrx\deftypevrheader} - -\def\deftypevrheader #1#2#3{\dovarind#3 \relax% -\begingroup\defname {\defheaderxcond#2\relax$$$#3}{#1} -\interlinepenalty=10000 -\endgraf\nobreak\vskip -\parskip\nobreak -\endgroup} - -% This definition is run if you use @defvarx -% anywhere other than immediately after a @defvar or @defvarx. - -\def\defvrx #1 {\errmessage{@defvrx in invalid context}} -\def\defvarx #1 {\errmessage{@defvarx in invalid context}} -\def\defoptx #1 {\errmessage{@defoptx in invalid context}} -\def\deftypevarx #1 {\errmessage{@deftypevarx in invalid context}} -\def\deftypevrx #1 {\errmessage{@deftypevrx in invalid context}} - -% Now define @deftp -% Args are printed in bold, a slight difference from @defvar. - -\def\deftpargs #1{\bf \defvarargs{#1}} - -% @deftp Class window height width ... - -\def\deftp{\deftpparsebody\Edeftp\deftpx\deftpheader} - -\def\deftpheader #1#2#3{\doind {tp}{\code{#2}}% -\begingroup\defname {#2}{#1}\deftpargs{#3}\endgroup} - -% This definition is run if you use @deftpx, etc -% anywhere other than immediately after a @deftp, etc. - -\def\deftpx #1 {\errmessage{@deftpx in invalid context}} - - -\message{macros,} -% @macro. - -% To do this right we need a feature of e-TeX, \scantokens, -% which we arrange to emulate with a temporary file in ordinary TeX. -\ifx\eTeXversion\undefined - \newwrite\macscribble - \def\scanmacro#1{% - \begingroup \newlinechar`\^^M - \immediate\openout\macscribble=\jobname.tmp - \immediate\write\macscribble{#1}% - \immediate\closeout\macscribble - \let\xeatspaces\eatspaces - \input \jobname.tmp - \endgroup -} -\else -\def\scanmacro#1{% -\begingroup \newlinechar`\^^M -\let\xeatspaces\eatspaces\scantokens{#1}\endgroup} -\fi - -\newcount\paramno % Count of parameters -\newtoks\macname % Macro name -\newif\ifrecursive % Is it recursive? - -% Utility routines. -% Thisdoes \let #1 = #2, except with \csnames. -\def\cslet#1#2{% -\expandafter\expandafter -\expandafter\let -\expandafter\expandafter -\csname#1\endcsname -\csname#2\endcsname} - -% Trim leading and trailing spaces off a string. -% Concepts from aro-bend problem 15 (see CTAN). -{\catcode`\@=11 -\gdef\eatspaces #1{\expandafter\trim@\expandafter{#1 }} -\gdef\trim@ #1{\trim@@ @#1 @ #1 @ @@} -\gdef\trim@@ #1@ #2@ #3@@{\trim@@@\empty #2 @} -\def\unbrace#1{#1} -\unbrace{\gdef\trim@@@ #1 } #2@{#1} -} - -% Trim a single trailing ^^M off a string. -{\catcode`\^^M=12\catcode`\Q=3% -\gdef\eatcr #1{\eatcra #1Q^^MQ}% -\gdef\eatcra#1^^MQ{\eatcrb#1Q}% -\gdef\eatcrb#1Q#2Q{#1}% -} - -% Macro bodies are absorbed as an argument in a context where -% all characters are catcode 10, 11 or 12, except \ which is active -% (as in normal texinfo). It is necessary to change the definition of \. - -% It's necessary to have hard CRs when the macro is executed. This is -% done by making ^^M (\endlinechar) catcode 12 when reading the macro -% body, and then making it the \newlinechar in \scanmacro. - -\def\macrobodyctxt{% - \catcode`\~=12 - \catcode`\^=12 - \catcode`\_=12 - \catcode`\|=12 - \catcode`\<=12 - \catcode`\>=12 - \catcode`\+=12 - \catcode`\{=12 - \catcode`\}=12 - \catcode`\@=12 - \catcode`\^^M=12 - \usembodybackslash} - -\def\macroargctxt{% - \catcode`\~=12 - \catcode`\^=12 - \catcode`\_=12 - \catcode`\|=12 - \catcode`\<=12 - \catcode`\>=12 - \catcode`\+=12 - \catcode`\@=12 - \catcode`\\=12} - -% \mbodybackslash is the definition of \ in @macro bodies. -% It maps \foo\ => \csname macarg.foo\endcsname => #N -% where N is the macro parameter number. -% We define \csname macarg.\endcsname to be \realbackslash, so -% \\ in macro replacement text gets you a backslash. - -{\catcode`@=0 @catcode`@\=@active - @gdef@usembodybackslash{@let\=@mbodybackslash} - @gdef@mbodybackslash#1\{@csname macarg.#1@endcsname} -} -\expandafter\def\csname macarg.\endcsname{\realbackslash} - -\def\macro{\recursivefalse\parsearg\macroxxx} -\def\rmacro{\recursivetrue\parsearg\macroxxx} - -\def\macroxxx#1{% - \getargs{#1}% now \macname is the macname and \argl the arglist - \ifx\argl\empty % no arguments - \paramno=0% - \else - \expandafter\parsemargdef \argl;% - \fi - \expandafter\ifx \csname macsave.\the\macname\endcsname \relax - \cslet{macsave.\the\macname}{\the\macname}% - \else - \message{Warning: redefining \the\macname}% - \fi - \begingroup \macrobodyctxt - \ifrecursive \expandafter\parsermacbody - \else \expandafter\parsemacbody - \fi} - -\def\unmacro{\parsearg\unmacroxxx} -\def\unmacroxxx#1{% - \expandafter\ifx \csname macsave.\the\macname\endcsname \relax - \errmessage{Macro \the\macname\ not defined.}% - \else - \cslet{#1}{macsave.#1}% - \expandafter\let \csname macsave.\the\macname\endcsname \undefined - \fi -} - -% This makes use of the obscure feature that if the last token of a -% is #, then the preceding argument is delimited by -% an opening brace, and that opening brace is not consumed. -\def\getargs#1{\getargsxxx#1{}} -\def\getargsxxx#1#{\getmacname #1 \relax\getmacargs} -\def\getmacname #1 #2\relax{\macname={#1}} -\def\getmacargs#1{\def\argl{#1}} - -% Parse the optional {params} list. Set up \paramno and \paramlist -% so \defmacro knows what to do. Define \macarg.blah for each blah -% in the params list, to be ##N where N is the position in that list. -% That gets used by \mbodybackslash (above). - -% We need to get `macro parameter char #' into several definitions. -% The technique used is stolen from LaTeX: let \hash be something -% unexpandable, insert that wherever you need a #, and then redefine -% it to # just before using the token list produced. -% -% The same technique is used to protect \eatspaces till just before -% the macro is used. - -\def\parsemargdef#1;{\paramno=0\def\paramlist{}% - \let\hash\relax\let\xeatspaces\relax\parsemargdefxxx#1,;,} -\def\parsemargdefxxx#1,{% - \if#1;\let\next=\relax - \else \let\next=\parsemargdefxxx - \advance\paramno by 1% - \expandafter\edef\csname macarg.\eatspaces{#1}\endcsname - {\xeatspaces{\hash\the\paramno}}% - \edef\paramlist{\paramlist\hash\the\paramno,}% - \fi\next} - -% These two commands read recursive and nonrecursive macro bodies. -% (They're different since rec and nonrec macros end differently.) - -\long\def\parsemacbody#1@end macro% -{\xdef\temp{\eatcr{#1}}\endgroup\defmacro}% -\long\def\parsermacbody#1@end rmacro% -{\xdef\temp{\eatcr{#1}}\endgroup\defmacro}% - -% This defines the macro itself. There are six cases: recursive and -% nonrecursive macros of zero, one, and many arguments. -% Much magic with \expandafter here. -% \xdef is used so that macro definitions will survive the file -% they're defined in; @include reads the file inside a group. -\def\defmacro{% - \let\hash=##% convert placeholders to macro parameter chars - \ifrecursive - \ifcase\paramno - % 0 - \expandafter\xdef\csname\the\macname\endcsname{% - \noexpand\scanmacro{\temp}}% - \or % 1 - \expandafter\xdef\csname\the\macname\endcsname{% - \bgroup\noexpand\macroargctxt - \noexpand\braceorline\csname\the\macname xxx\endcsname}% - \expandafter\xdef\csname\the\macname xxx\endcsname##1{% - \egroup\noexpand\scanmacro{\temp}}% - \else % many - \expandafter\xdef\csname\the\macname\endcsname{% - \bgroup\noexpand\macroargctxt - \noexpand\csname\the\macname xx\endcsname} - \expandafter\xdef\csname\the\macname xx\endcsname##1{% - \csname\the\macname xxx\endcsname ##1,}% - \expandafter\expandafter - \expandafter\xdef - \expandafter\expandafter - \csname\the\macname xxx\endcsname - \paramlist{\egroup\noexpand\scanmacro{\temp}}% - \fi - \else - \ifcase\paramno - % 0 - \expandafter\xdef\csname\the\macname\endcsname{% - \noexpand\norecurse{\the\macname}% - \noexpand\scanmacro{\temp}\egroup}% - \or % 1 - \expandafter\xdef\csname\the\macname\endcsname{% - \bgroup\noexpand\macroargctxt - \noexpand\braceorline\csname\the\macname xxx\endcsname}% - \expandafter\xdef\csname\the\macname xxx\endcsname##1{% - \egroup - \noexpand\norecurse{\the\macname}% - \noexpand\scanmacro{\temp}\egroup}% - \else % many - \expandafter\xdef\csname\the\macname\endcsname{% - \bgroup\noexpand\macroargctxt - \noexpand\csname\the\macname xx\endcsname} - \expandafter\xdef\csname\the\macname xx\endcsname##1{% - \csname\the\macname xxx\endcsname ##1,}% - \expandafter\expandafter - \expandafter\xdef - \expandafter\expandafter - \csname\the\macname xxx\endcsname - \paramlist{% - \egroup - \noexpand\norecurse{\the\macname}% - \noexpand\scanmacro{\temp}\egroup}% - \fi - \fi} - -\def\norecurse#1{\bgroup\cslet{#1}{macsave.#1}} - -% \braceorline decides whether the next nonwhitespace character is a -% {. If so it reads up to the closing }, if not, it reads the whole -% line. Whatever was read is then fed to the next control sequence -% as an argument (by \parsebrace or \parsearg) -\def\braceorline#1{\let\next=#1\futurelet\nchar\braceorlinexxx} -\def\braceorlinexxx{% - \ifx\nchar\bgroup\else - \expandafter\parsearg - \fi \next} - - -\message{cross references,} -\newwrite\auxfile - -\newif\ifhavexrefs % True if xref values are known. -\newif\ifwarnedxrefs % True if we warned once that they aren't known. - -% @inforef is relatively simple. -\def\inforef #1{\inforefzzz #1,,,,**} -\def\inforefzzz #1,#2,#3,#4**{\putwordSee{} \putwordInfo{} \putwordfile{} \file{\ignorespaces #3{}}, - node \samp{\ignorespaces#1{}}} - -% @node's job is to define \lastnode. -\def\node{\ENVcheck\parsearg\nodezzz} -\def\nodezzz#1{\nodexxx [#1,]} -\def\nodexxx[#1,#2]{\gdef\lastnode{#1}} -\let\nwnode=\node -\let\lastnode=\relax - -% The sectioning commands (@chapter, etc.) call these. -\def\donoderef{% - \ifx\lastnode\relax\else - \expandafter\expandafter\expandafter\setref{\lastnode}% - {Ysectionnumberandtype}% - \global\let\lastnode=\relax - \fi -} -\def\unnumbnoderef{% - \ifx\lastnode\relax\else - \expandafter\expandafter\expandafter\setref{\lastnode}{Ynothing}% - \global\let\lastnode=\relax - \fi -} -\def\appendixnoderef{% - \ifx\lastnode\relax\else - \expandafter\expandafter\expandafter\setref{\lastnode}% - {Yappendixletterandtype}% - \global\let\lastnode=\relax - \fi -} - - -% @anchor{NAME} -- define xref target at arbitrary point. -% -\def\anchor#1{\setref{#1}{Ynothing}} - - -% \setref{NAME}{SNT} defines a cross-reference point NAME, namely -% NAME-title, NAME-pg, and NAME-SNT. Called from \foonoderef. We have -% to set \indexdummies so commands such as @code in a section title -% aren't expanded. It would be nicer not to expand the titles in the -% first place, but there's so many layers that that is hard to do. -% -\def\setref#1#2{{% - \indexdummies - \dosetq{#1-title}{Ytitle}% - \dosetq{#1-pg}{Ypagenumber}% - \dosetq{#1-snt}{#2} -}} - -% @xref, @pxref, and @ref generate cross-references. For \xrefX, #1 is -% the node name, #2 the name of the Info cross-reference, #3 the printed -% node name, #4 the name of the Info file, #5 the name of the printed -% manual. All but the node name can be omitted. -% -\def\pxref#1{\putwordsee{} \xrefX[#1,,,,,,,]} -\def\xref#1{\putwordSee{} \xrefX[#1,,,,,,,]} -\def\ref#1{\xrefX[#1,,,,,,,]} -\def\xrefX[#1,#2,#3,#4,#5,#6]{\begingroup - \def\printedmanual{\ignorespaces #5}% - \def\printednodename{\ignorespaces #3}% - \setbox1=\hbox{\printedmanual}% - \setbox0=\hbox{\printednodename}% - \ifdim \wd0 = 0pt - % No printed node name was explicitly given. - \expandafter\ifx\csname SETxref-automatic-section-title\endcsname\relax - % Use the node name inside the square brackets. - \def\printednodename{\ignorespaces #1}% - \else - % Use the actual chapter/section title appear inside - % the square brackets. Use the real section title if we have it. - \ifdim \wd1 > 0pt - % It is in another manual, so we don't have it. - \def\printednodename{\ignorespaces #1}% - \else - \ifhavexrefs - % We know the real title if we have the xref values. - \def\printednodename{\refx{#1-title}{}}% - \else - % Otherwise just copy the Info node name. - \def\printednodename{\ignorespaces #1}% - \fi% - \fi - \fi - \fi - % - % If we use \unhbox0 and \unhbox1 to print the node names, TeX does not - % insert empty discretionaries after hyphens, which means that it will - % not find a line break at a hyphen in a node names. Since some manuals - % are best written with fairly long node names, containing hyphens, this - % is a loss. Therefore, we give the text of the node name again, so it - % is as if TeX is seeing it for the first time. - \ifdim \wd1 > 0pt - \putwordsection{} ``\printednodename'' in \cite{\printedmanual}% - \else - % _ (for example) has to be the character _ for the purposes of the - % control sequence corresponding to the node, but it has to expand - % into the usual \leavevmode...\vrule stuff for purposes of - % printing. So we \turnoffactive for the \refx-snt, back on for the - % printing, back off for the \refx-pg. - {\normalturnoffactive - % Only output a following space if the -snt ref is nonempty; for - % @unnumbered and @anchor, it won't be. - \setbox2 = \hbox{\ignorespaces \refx{#1-snt}{}}% - \ifdim \wd2 > 0pt \refx{#1-snt}\space\fi - }% - % [mynode], - [\printednodename],\space - % page 3 - \turnoffactive \putwordpage\tie\refx{#1-pg}{}% - \fi -\endgroup} - -% \dosetq is the interface for calls from other macros - -% Use \normalturnoffactive so that punctuation chars such as underscore -% and backslash work in node names. (\turnoffactive doesn't do \.) -\def\dosetq#1#2{% - {\let\folio=0 - \normalturnoffactive - \edef\next{\write\auxfile{\internalsetq{#1}{#2}}}% - \iflinks - \next - \fi - }% -} - -% \internalsetq {foo}{page} expands into -% CHARACTERS 'xrdef {foo}{...expansion of \Ypage...} -% When the aux file is read, ' is the escape character - -\def\internalsetq #1#2{'xrdef {#1}{\csname #2\endcsname}} - -% Things to be expanded by \internalsetq - -\def\Ypagenumber{\folio} - -\def\Ytitle{\thissection} - -\def\Ynothing{} - -\def\Ysectionnumberandtype{% -\ifnum\secno=0 \putwordChapter\xreftie\the\chapno % -\else \ifnum \subsecno=0 \putwordSection\xreftie\the\chapno.\the\secno % -\else \ifnum \subsubsecno=0 % -\putwordSection\xreftie\the\chapno.\the\secno.\the\subsecno % -\else % -\putwordSection\xreftie\the\chapno.\the\secno.\the\subsecno.\the\subsubsecno % -\fi \fi \fi } - -\def\Yappendixletterandtype{% -\ifnum\secno=0 \putwordAppendix\xreftie'char\the\appendixno{}% -\else \ifnum \subsecno=0 \putwordSection\xreftie'char\the\appendixno.\the\secno % -\else \ifnum \subsubsecno=0 % -\putwordSection\xreftie'char\the\appendixno.\the\secno.\the\subsecno % -\else % -\putwordSection\xreftie'char\the\appendixno.\the\secno.\the\subsecno.\the\subsubsecno % -\fi \fi \fi } - -\gdef\xreftie{'tie} - -% Use TeX 3.0's \inputlineno to get the line number, for better error -% messages, but if we're using an old version of TeX, don't do anything. -% -\ifx\inputlineno\thisisundefined - \let\linenumber = \empty % Non-3.0. -\else - \def\linenumber{\the\inputlineno:\space} -\fi - -% Define \refx{NAME}{SUFFIX} to reference a cross-reference string named NAME. -% If its value is nonempty, SUFFIX is output afterward. - -\def\refx#1#2{% - \expandafter\ifx\csname X#1\endcsname\relax - % If not defined, say something at least. - \angleleft un\-de\-fined\angleright - \iflinks - \ifhavexrefs - \message{\linenumber Undefined cross reference `#1'.}% - \else - \ifwarnedxrefs\else - \global\warnedxrefstrue - \message{Cross reference values unknown; you must run TeX again.}% - \fi - \fi - \fi - \else - % It's defined, so just use it. - \csname X#1\endcsname - \fi - #2% Output the suffix in any case. -} - -% This is the macro invoked by entries in the aux file. -% -\def\xrdef#1{\begingroup - % Reenable \ as an escape while reading the second argument. - \catcode`\\ = 0 - \afterassignment\endgroup - \expandafter\gdef\csname X#1\endcsname -} - -% Read the last existing aux file, if any. No error if none exists. -\def\readauxfile{\begingroup - \catcode`\^^@=\other - \catcode`\^^A=\other - \catcode`\^^B=\other - \catcode`\^^C=\other - \catcode`\^^D=\other - \catcode`\^^E=\other - \catcode`\^^F=\other - \catcode`\^^G=\other - \catcode`\^^H=\other - \catcode`\^^K=\other - \catcode`\^^L=\other - \catcode`\^^N=\other - \catcode`\^^P=\other - \catcode`\^^Q=\other - \catcode`\^^R=\other - \catcode`\^^S=\other - \catcode`\^^T=\other - \catcode`\^^U=\other - \catcode`\^^V=\other - \catcode`\^^W=\other - \catcode`\^^X=\other - \catcode`\^^Z=\other - \catcode`\^^[=\other - \catcode`\^^\=\other - \catcode`\^^]=\other - \catcode`\^^^=\other - \catcode`\^^_=\other - \catcode`\@=\other - \catcode`\^=\other - % It was suggested to define this as 7, which would allow ^^e4 etc. - % in xref tags, i.e., node names. But since ^^e4 notation isn't - % supported in the main text, it doesn't seem desirable. Furthermore, - % that is not enough: for node names that actually contain a ^ - % character, we would end up writing a line like this: 'xrdef {'hat - % b-title}{'hat b} and \xrdef does a \csname...\endcsname on the first - % argument, and \hat is not an expandable control sequence. It could - % all be worked out, but why? Either we support ^^ or we don't. - % - % The other change necessary for this was to define \auxhat: - % \def\auxhat{\def^{'hat }}% extra space so ok if followed by letter - % and then to call \auxhat in \setq. - % - \catcode`\~=\other - \catcode`\[=\other - \catcode`\]=\other - \catcode`\"=\other - \catcode`\_=\other - \catcode`\|=\other - \catcode`\<=\other - \catcode`\>=\other - \catcode`\$=\other - \catcode`\#=\other - \catcode`\&=\other - \catcode`+=\other % avoid \+ for paranoia even though we've turned it off - % Make the characters 128-255 be printing characters - {% - \count 1=128 - \def\loop{% - \catcode\count 1=\other - \advance\count 1 by 1 - \ifnum \count 1<256 \loop \fi - }% - }% - % The aux file uses ' as the escape (for now). - % Turn off \ as an escape so we do not lose on - % entries which were dumped with control sequences in their names. - % For example, 'xrdef {$\leq $-fun}{page ...} made by @defun ^^ - % Reference to such entries still does not work the way one would wish, - % but at least they do not bomb out when the aux file is read in. - \catcode`\{=1 - \catcode`\}=2 - \catcode`\%=\other - \catcode`\'=0 - \catcode`\\=\other - % - \openin 1 \jobname.aux - \ifeof 1 \else - \closein 1 - \input \jobname.aux - \global\havexrefstrue - \global\warnedobstrue - \fi - % Open the new aux file. TeX will close it automatically at exit. - \openout\auxfile=\jobname.aux -\endgroup} - - -% Footnotes. - -\newcount \footnoteno - -% The trailing space in the following definition for supereject is -% vital for proper filling; pages come out unaligned when you do a -% pagealignmacro call if that space before the closing brace is -% removed. (Generally, numeric constants should always be followed by a -% space to prevent strange expansion errors.) -\def\supereject{\par\penalty -20000\footnoteno =0 } - -% @footnotestyle is meaningful for info output only. -\let\footnotestyle=\comment - -\let\ptexfootnote=\footnote - -{\catcode `\@=11 -% -% Auto-number footnotes. Otherwise like plain. -\gdef\footnote{% - \global\advance\footnoteno by \@ne - \edef\thisfootno{$^{\the\footnoteno}$}% - % - % In case the footnote comes at the end of a sentence, preserve the - % extra spacing after we do the footnote number. - \let\@sf\empty - \ifhmode\edef\@sf{\spacefactor\the\spacefactor}\/\fi - % - % Remove inadvertent blank space before typesetting the footnote number. - \unskip - \thisfootno\@sf - \footnotezzz -}% - -% Don't bother with the trickery in plain.tex to not require the -% footnote text as a parameter. Our footnotes don't need to be so general. -% -% Oh yes, they do; otherwise, @ifset and anything else that uses -% \parseargline fail inside footnotes because the tokens are fixed when -% the footnote is read. --karl, 16nov96. -% -\long\gdef\footnotezzz{\insert\footins\bgroup - % We want to typeset this text as a normal paragraph, even if the - % footnote reference occurs in (for example) a display environment. - % So reset some parameters. - \interlinepenalty\interfootnotelinepenalty - \splittopskip\ht\strutbox % top baseline for broken footnotes - \splitmaxdepth\dp\strutbox - \floatingpenalty\@MM - \leftskip\z@skip - \rightskip\z@skip - \spaceskip\z@skip - \xspaceskip\z@skip - \parindent\defaultparindent - % - % Hang the footnote text off the number. - \hang - \textindent{\thisfootno}% - % - % Don't crash into the line above the footnote text. Since this - % expands into a box, it must come within the paragraph, lest it - % provide a place where TeX can split the footnote. - \footstrut - \futurelet\next\fo@t -} -\def\fo@t{\ifcat\bgroup\noexpand\next \let\next\f@@t - \else\let\next\f@t\fi \next} -\def\f@@t{\bgroup\aftergroup\@foot\let\next} -\def\f@t#1{#1\@foot} -\def\@foot{\strut\egroup} - -}%end \catcode `\@=11 - -% Set the baselineskip to #1, and the lineskip and strut size -% correspondingly. There is no deep meaning behind these magic numbers -% used as factors; they just match (closely enough) what Knuth defined. -% -\def\lineskipfactor{.08333} -\def\strutheightpercent{.70833} -\def\strutdepthpercent {.29167} -% -\def\setleading#1{% - \normalbaselineskip = #1\relax - \normallineskip = \lineskipfactor\normalbaselineskip - \normalbaselines - \setbox\strutbox =\hbox{% - \vrule width0pt height\strutheightpercent\baselineskip - depth \strutdepthpercent \baselineskip - }% -} - -% @| inserts a changebar to the left of the current line. It should -% surround any changed text. This approach does *not* work if the -% change spans more than two lines of output. To handle that, we would -% have adopt a much more difficult approach (putting marks into the main -% vertical list for the beginning and end of each change). -% -\def\|{% - % \vadjust can only be used in horizontal mode. - \leavevmode - % - % Append this vertical mode material after the current line in the output. - \vadjust{% - % We want to insert a rule with the height and depth of the current - % leading; that is exactly what \strutbox is supposed to record. - \vskip-\baselineskip - % - % \vadjust-items are inserted at the left edge of the type. So - % the \llap here moves out into the left-hand margin. - \llap{% - % - % For a thicker or thinner bar, change the `1pt'. - \vrule height\baselineskip width1pt - % - % This is the space between the bar and the text. - \hskip 12pt - }% - }% -} - -% For a final copy, take out the rectangles -% that mark overfull boxes (in case you have decided -% that the text looks ok even though it passes the margin). -% -\def\finalout{\overfullrule=0pt} - -% @image. We use the macros from epsf.tex to support this. -% If epsf.tex is not installed and @image is used, we complain. -% -% Check for and read epsf.tex up front. If we read it only at @image -% time, we might be inside a group, and then its definitions would get -% undone and the next image would fail. -\openin 1 = epsf.tex -\ifeof 1 \else - \closein 1 - % Do not bother showing banner with post-v2.7 epsf.tex (available in - % doc/epsf.tex until it shows up on ctan). - \def\epsfannounce{\toks0 = }% - \input epsf.tex -\fi -% -\newif\ifwarnednoepsf -\newhelp\noepsfhelp{epsf.tex must be installed for images to - work. It is also included in the Texinfo distribution, or you can get - it from ftp://ftp.tug.org/tex/epsf.tex.} -% -% Only complain once about lack of epsf.tex. -\def\image#1{% - \ifx\epsfbox\undefined - \ifwarnednoepsf \else - \errhelp = \noepsfhelp - \errmessage{epsf.tex not found, images will be ignored}% - \global\warnednoepsftrue - \fi - \else - \imagexxx #1,,,\finish - \fi -} -% -% Arguments to @image: -% #1 is (mandatory) image filename; we tack on .eps extension. -% #2 is (optional) width, #3 is (optional) height. -% #4 is just the usual extra ignored arg for parsing this stuff. -\def\imagexxx#1,#2,#3,#4\finish{% - % \epsfbox itself resets \epsf?size at each figure. - \setbox0 = \hbox{\ignorespaces #2}\ifdim\wd0 > 0pt \epsfxsize=#2\relax \fi - \setbox0 = \hbox{\ignorespaces #3}\ifdim\wd0 > 0pt \epsfysize=#3\relax \fi - % If the image is by itself, center it. - \ifvmode - \nobreak\medskip - \nobreak - \centerline{\epsfbox{#1.eps}}% - \bigbreak - \else - \epsfbox{#1.eps}% - \fi -} - - -\message{paper sizes,} -% And other related parameters. - -\newdimen\defaultparindent \defaultparindent = 15pt - -\chapheadingskip = 15pt plus 4pt minus 2pt -\secheadingskip = 12pt plus 3pt minus 2pt -\subsecheadingskip = 9pt plus 2pt minus 2pt - -% Prevent underfull vbox error messages. -\vbadness = 10000 - -% Don't be so finicky about underfull hboxes, either. -\hbadness = 2000 - -% Following George Bush, just get rid of widows and orphans. -\widowpenalty=10000 -\clubpenalty=10000 - -% Use TeX 3.0's \emergencystretch to help line breaking, but if we're -% using an old version of TeX, don't do anything. We want the amount of -% stretch added to depend on the line length, hence the dependence on -% \hsize. This makes it come to about 9pt for the 8.5x11 format. We -% call this whenever the paper size is set. -% -\def\setemergencystretch{% - \ifx\emergencystretch\thisisundefined - % Allow us to assign to \emergencystretch anyway. - \def\emergencystretch{\dimen0}% - \else - \emergencystretch = \hsize - \divide\emergencystretch by 45 - \fi -} - -% Parameters in order: 1) textheight; 2) textwidth; 3) voffset; -% 4) hoffset; 5) binding offset; 6) topskip. Then whoever calls us can -% set \parskip and call \setleading for \baselineskip. -% -\def\internalpagesizes#1#2#3#4#5#6{% - \voffset = #3\relax - \topskip = #6\relax - \splittopskip = \topskip - % - \vsize = #1\relax - \advance\vsize by \topskip - \outervsize = \vsize - \advance\outervsize by 2\topandbottommargin - \pageheight = \vsize - % - \hsize = #2\relax - \outerhsize = \hsize - \advance\outerhsize by 0.5in - \pagewidth = \hsize - % - \normaloffset = #4\relax - \bindingoffset = #5\relax - % - \parindent = \defaultparindent - \setemergencystretch -} - -% @letterpaper (the default). -\def\letterpaper{{\globaldefs = 1 - \parskip = 3pt plus 2pt minus 1pt - \setleading{13.2pt}% - % - % If page is nothing but text, make it come out even. - \internalpagesizes{46\baselineskip}{6in}{\voffset}{.25in}{\bindingoffset}{36pt}% -}} - -% Use @smallbook to reset parameters for 7x9.5 (or so) format. -\def\smallbook{{\globaldefs = 1 - \parskip = 2pt plus 1pt - \setleading{12pt}% - % - \internalpagesizes{7.5in}{5.in}{\voffset}{.25in}{\bindingoffset}{16pt}% - % - \lispnarrowing = 0.3in - \tolerance = 700 - \hfuzz = 1pt - \contentsrightmargin = 0pt - \deftypemargin = 0pt - \defbodyindent = .5cm - % - \let\smalldisplay = \smalldisplayx - \let\smallexample = \smalllispx - \let\smallformat = \smallformatx - \let\smalllisp = \smalllispx -}} - -% Use @afourpaper to print on European A4 paper. -\def\afourpaper{{\globaldefs = 1 - \setleading{12pt}% - \parskip = 3pt plus 2pt minus 1pt - % - \internalpagesizes{53\baselineskip}{160mm}{\voffset}{4mm}{\bindingoffset}{44pt}% - % - \tolerance = 700 - \hfuzz = 1pt -}} - -% A specific text layout, 24x15cm overall, intended for A4 paper. Top margin -% 29mm, hence bottom margin 28mm, nominal side margin 3cm. -\def\afourlatex{{\globaldefs = 1 - \setleading{13.6pt}% - % - \afourpaper - \internalpagesizes{237mm}{150mm}{3.6mm}{3.6mm}{3mm}{7mm}% - % - \globaldefs = 0 -}} - -% Use @afourwide to print on European A4 paper in wide format. -\def\afourwide{% - \afourpaper - \internalpagesizes{9.5in}{6.5in}{\hoffset}{\normaloffset}{\bindingoffset}{7mm}% - % - \globaldefs = 0 -} - -% @pagesizes TEXTHEIGHT[,TEXTWIDTH] -% Perhaps we should allow setting the margins, \topskip, \parskip, -% and/or leading, also. Or perhaps we should compute them somehow. -% -\def\pagesizes{\parsearg\pagesizesxxx} -\def\pagesizesxxx#1{\pagesizesyyy #1,,\finish} -\def\pagesizesyyy#1,#2,#3\finish{{% - \setbox0 = \hbox{\ignorespaces #2}\ifdim\wd0 > 0pt \hsize=#2\relax \fi - \globaldefs = 1 - % - \parskip = 3pt plus 2pt minus 1pt - \setleading{13.2pt}% - % - \internalpagesizes{#1}{\hsize}{\voffset}{\normaloffset}{\bindingoffset}{44pt}% -}} - -% Set default to letter. -% -\letterpaper - -\message{and turning on texinfo input format.} - -% Define macros to output various characters with catcode for normal text. -\catcode`\"=\other -\catcode`\~=\other -\catcode`\^=\other -\catcode`\_=\other -\catcode`\|=\other -\catcode`\<=\other -\catcode`\>=\other -\catcode`\+=\other -\def\normaldoublequote{"} -\def\normaltilde{~} -\def\normalcaret{^} -\def\normalunderscore{_} -\def\normalverticalbar{|} -\def\normalless{<} -\def\normalgreater{>} -\def\normalplus{+} - -% This macro is used to make a character print one way in ttfont -% where it can probably just be output, and another way in other fonts, -% where something hairier probably needs to be done. -% -% #1 is what to print if we are indeed using \tt; #2 is what to print -% otherwise. Since all the Computer Modern typewriter fonts have zero -% interword stretch (and shrink), and it is reasonable to expect all -% typewriter fonts to have this, we can check that font parameter. -% -\def\ifusingtt#1#2{\ifdim \fontdimen3\the\font=0pt #1\else #2\fi} - -% Turn off all special characters except @ -% (and those which the user can use as if they were ordinary). -% Most of these we simply print from the \tt font, but for some, we can -% use math or other variants that look better in normal text. - -\catcode`\"=\active -\def\activedoublequote{{\tt\char34}} -\let"=\activedoublequote -\catcode`\~=\active -\def~{{\tt\char126}} -\chardef\hat=`\^ -\catcode`\^=\active -\def^{{\tt \hat}} - -\catcode`\_=\active -\def_{\ifusingtt\normalunderscore\_} -% Subroutine for the previous macro. -\def\_{\leavevmode \kern.06em \vbox{\hrule width.3em height.1ex}} - -\catcode`\|=\active -\def|{{\tt\char124}} -\chardef \less=`\< -\catcode`\<=\active -\def<{{\tt \less}} -\chardef \gtr=`\> -\catcode`\>=\active -\def>{{\tt \gtr}} -\catcode`\+=\active -\def+{{\tt \char 43}} -%\catcode 27=\active -%\def^^[{$\diamondsuit$} - -% Set up an active definition for =, but don't enable it most of the time. -{\catcode`\==\active -\global\def={{\tt \char 61}}} - -\catcode`+=\active -\catcode`\_=\active - -% If a .fmt file is being used, characters that might appear in a file -% name cannot be active until we have parsed the command line. -% So turn them off again, and have \everyjob (or @setfilename) turn them on. -% \otherifyactive is called near the end of this file. -\def\otherifyactive{\catcode`+=\other \catcode`\_=\other} - -\catcode`\@=0 - -% \rawbackslashxx output one backslash character in current font -\global\chardef\rawbackslashxx=`\\ -%{\catcode`\\=\other -%@gdef@rawbackslashxx{\}} - -% \rawbackslash redefines \ as input to do \rawbackslashxx. -{\catcode`\\=\active -@gdef@rawbackslash{@let\=@rawbackslashxx }} - -% \normalbackslash outputs one backslash in fixed width font. -\def\normalbackslash{{\tt\rawbackslashxx}} - -% Say @foo, not \foo, in error messages. -\escapechar=`\@ - -% \catcode 17=0 % Define control-q -\catcode`\\=\active - -% Used sometimes to turn off (effectively) the active characters -% even after parsing them. -@def@turnoffactive{@let"=@normaldoublequote -@let\=@realbackslash -@let~=@normaltilde -@let^=@normalcaret -@let_=@normalunderscore -@let|=@normalverticalbar -@let<=@normalless -@let>=@normalgreater -@let+=@normalplus} - -@def@normalturnoffactive{@let"=@normaldoublequote -@let\=@normalbackslash -@let~=@normaltilde -@let^=@normalcaret -@let_=@normalunderscore -@let|=@normalverticalbar -@let<=@normalless -@let>=@normalgreater -@let+=@normalplus} - -% Make _ and + \other characters, temporarily. -% This is canceled by @fixbackslash. -@otherifyactive - -% If a .fmt file is being used, we don't want the `\input texinfo' to show up. -% That is what \eatinput is for; after that, the `\' should revert to printing -% a backslash. -% -@gdef@eatinput input texinfo{@fixbackslash} -@global@let\ = @eatinput - -% On the other hand, perhaps the file did not have a `\input texinfo'. Then -% the first `\{ in the file would cause an error. This macro tries to fix -% that, assuming it is called before the first `\' could plausibly occur. -% Also back turn on active characters that might appear in the input -% file name, in case not using a pre-dumped format. -% -@gdef@fixbackslash{@ifx\@eatinput @let\ = @normalbackslash @fi - @catcode`+=@active @catcode`@_=@active} - -% These look ok in all fonts, so just make them not special. The @rm below -% makes sure that the current font starts out as the newly loaded cmr10 -@catcode`@$=@other @catcode`@%=@other @catcode`@&=@other @catcode`@#=@other - -@textfonts -@rm - -@c Local variables: -@c eval: (add-hook 'write-file-hooks 'time-stamp) -@c page-delimiter: "^\\\\message" -@c time-stamp-start: "def\\\\texinfoversion{" -@c time-stamp-format: "%:y-%02m-%02d" -@c time-stamp-end: "}" -@c End: diff --git a/doc/tinc.conf.5 b/doc/tinc.conf.5.in similarity index 95% rename from doc/tinc.conf.5 rename to doc/tinc.conf.5.in index 40b688a8..0e323b2d 100644 --- a/doc/tinc.conf.5 +++ b/doc/tinc.conf.5.in @@ -8,7 +8,7 @@ .Nd tinc daemon configuration .Sh DESCRIPTION The files in the -.Pa /etc/tinc/ +.Pa @sysconfdir@/tinc/ directory contain runtime and security information for the tinc daemon. .Sh NETWORKS It is perfectly ok for you to run more than one tinc daemon. @@ -25,7 +25,7 @@ with the option, which will assign a name to this daemon. .Pp The effect of this is that the daemon will set its configuration root to -.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa / , +.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa / , where .Ar NETNAME is your argument to the @@ -41,13 +41,13 @@ In this case, the network name would just be empty, and it will be used as such. .Nm tinc now looks for files in -.Pa /etc/tinc/ , +.Pa @sysconfdir@/tinc/ , instead of -.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa / ; +.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa / ; the configuration file should be -.Pa /etc/tinc/tinc.conf , +.Pa @sysconfdir@/tinc/tinc.conf , and the host configuration files are now expected to be in -.Pa /etc/tinc/hosts/ . +.Pa @sysconfdir@/tinc/hosts/ . .Pp But it is highly recommended that you use this feature of .Nm tinc , @@ -57,7 +57,7 @@ Hence, we will assume that you use it. Each tinc daemon should have a name that is unique in the network which it will be part of. The name will be used by other tinc daemons for identification. The name has to be declared in the -.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf +.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf file. .Pp To make things easy, @@ -69,21 +69,21 @@ You should use to generate public/private keypairs. It will generate two keys. The private key should be stored in a separate file -.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /rsa_key.priv +.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /rsa_key.priv \-\- where .Ar NETNAME stands for the network (see .Sx NETWORKS ) above. The public key should be stored in the host configuration file -.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Va NAME +.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Va NAME \-\- where .Va NAME stands for the name of the local tinc daemon (see .Sx NAMES ) . .Sh SERVER CONFIGURATION The server configuration of the daemon is done in the file -.Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf . +.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf . This file consists of comments (lines started with a .Li # ) or assignments in the form of: @@ -306,14 +306,14 @@ Setting this options also implicitly sets IndirectData. .El .Sh FILES .Bl -tag -width indent -.It Pa /etc/tinc/ +.It Pa @sysconfdir@/tinc/ The top directory for configuration files. -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf The default name of the server configuration file for net .Ar NETNAME . -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Host configuration files are kept in this directory. -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-up +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up If an executable file with this name exists, it will be executed right after the tinc daemon has connected to the virtual network device. It can be used to set up the corresponding network interface. @@ -328,7 +328,7 @@ or if the virtual network device is a Linux tun/tap device, the environment variable .Ev $INTERFACE will be set to the name of the network interface. -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-down If an executable file with this name exists, it will be executed right before the tinc daemon is going to close its connection to the virtual network device. diff --git a/doc/tinc.texi b/doc/tinc.texi index 26b8dcaa..555017a7 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,24 +1,26 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.42 2003/08/02 22:01:50 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.43 2003/08/08 14:07:12 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @setchapternewpage odd @c %**end of header +@include tincinclude.texi + @ifinfo @dircategory Networking tools @direntry * tinc: (tinc). The tinc Manual. @end direntry -This is the info manual for tinc, a Virtual Private Network daemon. +This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.42 2003/08/02 22:01:50 guus Exp $ +$Id: tinc.texi,v 1.8.4.43 2003/08/08 14:07:12 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -39,11 +41,13 @@ permission notice identical to this one. @page @vskip 0pt plus 1filll @cindex copyright +This is the info manual for @value{PACKAGE} version @value{VERSION}, a Virtual Private Network daemon. + Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.42 2003/08/02 22:01:50 guus Exp $ +$Id: tinc.texi,v 1.8.4.43 2003/08/08 14:07:12 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -830,14 +834,14 @@ This means that you call tincd with the -n argument, which will assign a netname to this daemon. The effect of this is that the daemon will set its configuration -``root'' to /etc/tinc/netname/, where netname is your argument to the -n -option. You'll notice that it appears in syslog as ``tinc.netname''. +``root'' to @value{sysconfdir}/tinc/@emph{netname}/, where @emph{netname} is your argument to the -n +option. You'll notice that it appears in syslog as ``tinc.@emph{netname}''. However, it is not strictly necessary that you call tinc with the -n option. In this case, the network name would just be empty, and it will -be used as such. tinc now looks for files in /etc/tinc/, instead of -/etc/tinc/netname/; the configuration file should be /etc/tinc/tinc.conf, -and the host configuration files are now expected to be in /etc/tinc/hosts/. +be used as such. tinc now looks for files in @value{sysconfdir}/tinc/, instead of +@value{sysconfdir}/tinc/@emph{netname}/; the configuration file should be @value{sysconfdir}/tinc/tinc.conf, +and the host configuration files are now expected to be in @value{sysconfdir}/tinc/hosts/. But it is highly recommended that you use this feature of tinc, because it will be so much clearer whom your daemon talks to. Hence, we will @@ -874,8 +878,8 @@ It does not matter if two tinc daemons have a `ConnectTo' value pointing to each @section Configuration files The actual configuration of the daemon is done in the file -@file{/etc/tinc/netname/tinc.conf} and at least one other file in the directory -@file{/etc/tinc/netname/hosts/}. +@file{@value{sysconfdir}/tinc/@emph{netname}/tinc.conf} and at least one other file in the directory +@file{@value{sysconfdir}/tinc/@emph{netname}/hosts/}. These file consists of comments (lines started with a #) or assignments in the form of @@ -1144,13 +1148,13 @@ Setting this options also implicitly sets IndirectData. @subsubheading Step 1. Creating the main configuration file -The main configuration file will be called @file{/etc/tinc/netname/tinc.conf}. +The main configuration file will be called @file{@value{sysconfdir}/tinc/@emph{netname}/tinc.conf}. Adapt the following example to create a basic configuration file: @example Name = @emph{yourname} Device = @emph{/dev/tap0} -PrivateKeyFile = /etc/tinc/@emph{netname}/rsa_key.priv +PrivateKeyFile = @value{sysconfdir}/tinc/@emph{netname}/rsa_key.priv @end example Then, if you know to which other tinc daemon(s) yours is going to connect, @@ -1159,7 +1163,7 @@ add `ConnectTo' values. @subsubheading Step 2. Creating your host configuration file If you added a line containing `Name = yourname' in the main configuarion file, -you will need to create a host configuration file @file{/etc/tinc/netname/hosts/yourname}. +you will need to create a host configuration file @file{@value{sysconfdir}/tinc/@emph{netname}/hosts/yourname}. Adapt the following example to create a host configuration file: @example @@ -1205,9 +1209,9 @@ if you are using the Linux tun/tap driver, the network interface will by default @cindex tinc-up You can configure the network interface by putting ordinary ifconfig, route, and other commands -to a script named @file{/etc/tinc/netname/tinc-up}. When tinc starts, this script +to a script named @file{@value{sysconfdir}/tinc/@emph{netname}/tinc-up}. When tinc starts, this script will be executed. When tinc exits, it will execute the script named -@file{/etc/tinc/netname/tinc-down}, but normally you don't need to create that script. +@file{@value{sysconfdir}/tinc/@emph{netname}/tinc-down}, but normally you don't need to create that script. An example @file{tinc-up} script: @@ -1262,7 +1266,7 @@ for this particular VPN. @emph{BranchA} would be configured like this: -In @file{/etc/tinc/company/tinc-up}: +In @file{@value{sysconfdir}/tinc/company/tinc-up}: @example # Real interface of internal network: @@ -1271,15 +1275,15 @@ In @file{/etc/tinc/company/tinc-up}: ifconfig $INTERFACE 10.1.54.1 netmask 255.0.0.0 @end example -and in @file{/etc/tinc/company/tinc.conf}: +and in @file{@value{sysconfdir}/tinc/company/tinc.conf}: @example Name = BranchA -PrivateKeyFile = /etc/tinc/company/rsa_key.priv +PrivateKeyFile = @value{sysconfdir}/tinc/company/rsa_key.priv Device = /dev/tap0 @end example -On all hosts, /etc/tinc/company/hosts/BranchA contains: +On all hosts, @value{sysconfdir}/tinc/company/hosts/BranchA contains: @example Subnet = 10.1.0.0/16 @@ -1298,7 +1302,7 @@ since that will make things a lot easier to remember and set up. @subsubheading For Branch B -In @file{/etc/tinc/company/tinc-up}: +In @file{@value{sysconfdir}/tinc/company/tinc-up}: @example # Real interface of internal network: @@ -1307,19 +1311,19 @@ In @file{/etc/tinc/company/tinc-up}: ifconfig $INTERFACE 10.2.1.12 netmask 255.0.0.0 @end example -and in @file{/etc/tinc/company/tinc.conf}: +and in @file{@value{sysconfdir}/tinc/company/tinc.conf}: @example Name = BranchB ConnectTo = BranchA -PrivateKeyFile = /etc/tinc/company/rsa_key.priv +PrivateKeyFile = @value{sysconfdir}/tinc/company/rsa_key.priv @end example Note here that the internal address (on eth0) doesn't have to be the same as on the tap0 device. Also, ConnectTo is given so that no-one can connect to this node. -On all hosts, in @file{/etc/tinc/company/hosts/BranchB}: +On all hosts, in @file{@value{sysconfdir}/tinc/company/hosts/BranchB}: @example Subnet = 10.2.0.0/16 @@ -1333,7 +1337,7 @@ Address = 2.3.4.5 @subsubheading For Branch C -In @file{/etc/tinc/company/tinc-up}: +In @file{@value{sysconfdir}/tinc/company/tinc-up}: @example # Real interface of internal network: @@ -1342,7 +1346,7 @@ In @file{/etc/tinc/company/tinc-up}: ifconfig $INTERFACE 10.3.69.254 netmask 255.0.0.0 @end example -and in @file{/etc/tinc/company/tinc.conf}: +and in @file{@value{sysconfdir}/tinc/company/tinc.conf}: @example Name = BranchC @@ -1354,7 +1358,7 @@ C already has another daemon that runs on port 655, so they have to reserve another port for tinc. It knows the portnumber it has to listen on from it's own host configuration file. -On all hosts, in @file{/etc/tinc/company/hosts/BranchC}: +On all hosts, in @file{@value{sysconfdir}/tinc/company/hosts/BranchC}: @example Address = 3.4.5.6 @@ -1369,7 +1373,7 @@ Port = 2000 @subsubheading For Branch D -In @file{/etc/tinc/company/tinc-up}: +In @file{@value{sysconfdir}/tinc/company/tinc-up}: @example # Real interface of internal network: @@ -1378,13 +1382,13 @@ In @file{/etc/tinc/company/tinc-up}: ifconfig $INTERFACE 10.4.3.32 netmask 255.0.0.0 @end example -and in @file{/etc/tinc/company/tinc.conf}: +and in @file{@value{sysconfdir}/tinc/company/tinc.conf}: @example Name = BranchD ConnectTo = BranchC Device = /dev/net/tun -PrivateKeyFile = /etc/tinc/company/rsa_key.priv +PrivateKeyFile = @value{sysconfdir}/tinc/company/rsa_key.priv @end example D will be connecting to C, which has a tincd running for this network on @@ -1393,7 +1397,7 @@ Also note that since D uses the tun/tap driver, the network interface will not be called `tun' or `tap0' or something like that, but will have the same name as netname. -On all hosts, in @file{/etc/tinc/company/hosts/BranchD}: +On all hosts, in @file{@value{sysconfdir}/tinc/company/hosts/BranchD}: @example Subnet = 10.4.0.0/16 @@ -1412,8 +1416,8 @@ A, B, C and D all have generated a public/private keypair with the following com tincd -n company -K @end example -The private key is stored in @file{/etc/tinc/company/rsa_key.priv}, -the public key is put into the host configuration file in the @file{/etc/tinc/company/hosts/} directory. +The private key is stored in @file{@value{sysconfdir}/tinc/company/rsa_key.priv}, +the public key is put into the host configuration file in the @file{@value{sysconfdir}/tinc/company/hosts/} directory. During key generation, tinc automatically guesses the right filenames based on the -n option and the Name directive in the @file{tinc.conf} file (if it is available). @@ -1460,7 +1464,7 @@ command line options. @table @samp @item -c, --config=PATH Read configuration options from the directory PATH. The default is -@file{/etc/tinc/netname/}. +@file{@value{sysconfdir}/tinc/@emph{netname}/}. @item -D, --no-detach Don't fork and detach. @@ -1492,10 +1496,10 @@ This will prevent sensitive data like shared private keys to be written to the s @item --logfile[=FILE] Write log entries to a file instead of to the system logging facility. -If FILE is omitted, the default is /var/log/tinc.NETNAME.log. +If FILE is omitted, the default is @value{localstatedir}/log/tinc.NETNAME.log. @item --pidfile=FILE -Write PID to FILE instead of /var/run/tinc.NETNAME.pid. +Write PID to FILE instead of @value{localstatedir}/run/tinc.NETNAME.pid. @item --bypass-security Disables encryption and authentication. diff --git a/doc/tincd.8 b/doc/tincd.8.in similarity index 91% rename from doc/tincd.8 rename to doc/tincd.8.in index b85ffa9e..a2957ef2 100644 --- a/doc/tincd.8 +++ b/doc/tincd.8.in @@ -72,12 +72,12 @@ Write log entries to a file instead of to the system logging facility. If .Ar FILE is omitted, the default is -.Pa /var/log/tinc. Ns Ar NETNAME Ns Pa .log. +.Pa @localstatedir@/log/tinc. Ns Ar NETNAME Ns Pa .log. .It Fl -pidfile Ns = Ns Ar FILE Write PID to .Ar FILE instead of -.Pa /var/run/tinc. Ns Ar NETNAME Ns Pa .pid. +.Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid. .It Fl -bypass-security Disables encryption and authentication of the meta protocol. Only useful for debugging. @@ -141,29 +141,29 @@ This will log all network traffic over the virtual private network. .El .Sh FILES .Bl -tag -width indent -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf The configuration file for .Nm . -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-up +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up Script which is executed as soon as the virtual network device has been allocated. Purpose is to further configure that device. -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /tinc-down +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-down Script which is executed when .Nm exits. Purpose is to cleanly shut down the virtual network device before it will be deallocated. -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/* +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/* The directory containing the host configuration files used to authenticate other tinc daemons. -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -up +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -up Script which is executed as soon as host .Ar NAME becomes reachable. -.It Pa /etc/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -down +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -down Script which is executed as soon as host .Ar NAME becomes unreachable. -.It Pa /var/run/tinc. Ns Ar NETNAME Ns Pa .pid +.It Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid The PID of the currently running .Nm is stored in this file. diff --git a/doc/tincinclude.texi.in b/doc/tincinclude.texi.in new file mode 100644 index 00000000..da4adc57 --- /dev/null +++ b/doc/tincinclude.texi.in @@ -0,0 +1,4 @@ +@set VERSION @VERSION@ +@set PACKAGE @PACKAGE@ +@set sysconfdir @sysconfdir@ +@set localstatedir @localstatedir@ From deba3ed900eb4453d27412606cecfaf89b5a5643 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 14:24:09 +0000 Subject: [PATCH 827/923] Correct error message when remote host closed connection. --- src/meta.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/meta.c b/src/meta.c index 0d103c03..18315ad1 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.38 2003/07/29 22:59:00 guus Exp $ + $Id: meta.c,v 1.1.2.39 2003/08/08 14:24:09 guus Exp $ */ #include "system.h" @@ -54,10 +54,14 @@ bool send_meta(connection_t *c, char *buffer, int length) while(length) { result = send(c->socket, bufp, length, 0); if(result <= 0) { - if(errno == EINTR) + if(!errno || errno == EPIPE) + ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection closed by %s (%s)"), + c->name, c->hostname); + else if(errno == EINTR) continue; - logger(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, - c->hostname, strerror(errno)); + else + logger(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, + c->hostname, strerror(errno)); return false; } bufp += result; @@ -117,10 +121,10 @@ bool receive_meta(connection_t *c) lenin = recv(c->socket, c->buffer + c->buflen, MAXBUFSIZE - c->buflen, 0); if(lenin <= 0) { - if(lenin == 0) { + if(!lenin || !errno) ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection closed by %s (%s)"), c->name, c->hostname); - } else if(errno == EINTR) + else if(errno == EINTR) return true; else logger(LOG_ERR, _("Metadata socket read error for %s (%s): %s"), From 863349638beb1eaab09e2a3d537c20a7913aef30 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 14:48:33 +0000 Subject: [PATCH 828/923] Simplify execute_script(). It will probably work under Windows as well. --- configure.in | 4 +- src/process.c | 113 +++++++++++++++----------------------------------- 2 files changed, 35 insertions(+), 82 deletions(-) diff --git a/configure.in b/configure.in index 8f218379..377bc165 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.81 2003/08/08 14:07:11 guus Exp $ +dnl $Id: configure.in,v 1.13.2.82 2003/08/08 14:48:33 guus Exp $ AC_PREREQ(2.57) AC_INIT(src/tincd.c) @@ -253,7 +253,7 @@ dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL -AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol unsetenv vsyslog]) +AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol system unsetenv vsyslog]) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/src/process.c b/src/process.c index 3c7164be..c989532e 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.64 2003/08/08 12:55:05 guus Exp $ + $Id: process.c,v 1.1.2.65 2003/08/08 14:48:33 guus Exp $ */ #include "system.h" @@ -347,46 +347,9 @@ bool detach(void) return true; } -#ifdef HAVE_FORK -/* - Execute the program name, with sane environment. -*/ -static void _execute_script(const char *scriptname, char **envp) - __attribute__ ((__noreturn__)); -static void _execute_script(const char *scriptname, char **envp) -{ - int save_errno; - - cp(); - - while(*envp) - putenv(*envp++); - - chdir("/"); - - closelogger(); - - /* Close all file descriptors */ - fcloseall(); - - execl(scriptname, scriptname, NULL); - /* No return on success */ - - save_errno = errno; - - openlogger(identname, use_logfile?LOGMODE_FILE:(do_detach?LOGMODE_SYSLOG:LOGMODE_STDERR)); - logger(LOG_ERR, _("Could not execute `%s': %s"), scriptname, - strerror(save_errno)); - exit(save_errno); -} -#endif - -/* - Fork and execute the program pointed to by name. -*/ bool execute_script(const char *name, char **envp) { -#ifdef HAVE_FORK +#ifdef HAVE_SYSTEM pid_t pid; int status; struct stat s; @@ -401,52 +364,42 @@ bool execute_script(const char *name, char **envp) if(stat(scriptname, &s)) return true; - pid = fork(); + /* Set environment */ + + while(*envp) + putenv(*envp++); - if(pid < 0) { - logger(LOG_ERR, _("System call `%s' failed: %s"), "fork", + ifdebug(STATUS) logger(LOG_INFO, _("Executing script %s"), name); + + status = system(scriptname); + + free(scriptname); + + /* Unset environment? */ + + if(status != -1) { + if(WIFEXITED(status)) { /* Child exited by itself */ + if(WEXITSTATUS(status)) { + logger(LOG_ERR, _("Process %d (%s) exited with non-zero status %d"), + pid, name, WEXITSTATUS(status)); + return false; + } + } else if(WIFSIGNALED(status)) { /* Child was killed by a signal */ + logger(LOG_ERR, _("Process %d (%s) was killed by signal %d (%s)"), pid, + name, WTERMSIG(status), strsignal(WTERMSIG(status))); + return false; + } else { /* Something strange happened */ + logger(LOG_ERR, _("Process %d (%s) terminated abnormally"), pid, + name); + return false; + } + } else { + logger(LOG_ERR, _("System call `%s' failed: %s"), "system", strerror(errno)); return false; } - - if(pid) { - ifdebug(STATUS) logger(LOG_INFO, _("Executing script %s"), name); - - free(scriptname); - - if(waitpid(pid, &status, 0) == pid) { - if(WIFEXITED(status)) { /* Child exited by itself */ - if(WEXITSTATUS(status)) { - logger(LOG_ERR, _("Process %d (%s) exited with non-zero status %d"), - pid, name, WEXITSTATUS(status)); - return false; - } else - return true; - } else if(WIFSIGNALED(status)) { /* Child was killed by a signal */ - logger(LOG_ERR, _("Process %d (%s) was killed by signal %d (%s)"), pid, - name, WTERMSIG(status), strsignal(WTERMSIG(status))); - return false; - } else { /* Something strange happened */ - logger(LOG_ERR, _("Process %d (%s) terminated abnormally"), pid, - name); - return false; - } - } else if (errno != EINTR) { - logger(LOG_ERR, _("System call `%s' failed: %s"), "waitpid", - strerror(errno)); - return false; - } - - /* Why do we get EINTR? */ - return true; - } - - /* Child here */ - - _execute_script(scriptname, envp); -#else - return true; #endif + return true; } From 7e74e00d167da659ba6c3db3e8822008d27c081b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 14:59:27 +0000 Subject: [PATCH 829/923] Allow empty lines in config files. --- src/conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/conf.c b/src/conf.c index c95664f7..e927abdb 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.73 2003/08/08 12:24:52 guus Exp $ + $Id: conf.c,v 1.9.4.74 2003/08/08 14:59:27 guus Exp $ */ #include "system.h" @@ -359,7 +359,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) lineno++; - if(*line == '#') + if(!*line || *line == '#') continue; if(ignore) { From f956a28147ec8596c9a51b0c1535bb4b8c87692c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 16:49:29 +0000 Subject: [PATCH 830/923] Make rule for sample-config.tar.gz. --- doc/Makefile.am | 3 +++ 1 file changed, 3 insertions(+) diff --git a/doc/Makefile.am b/doc/Makefile.am index dc4c67c2..f1aa7fb5 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -16,6 +16,9 @@ transform = s/ginstall/install/; @program_transform_name@ # For additional rules usually of interest only to the maintainer, # see GNUmakefile and Makefile.maint. +sample-config.tar.gz: sample-config + GZIP=$(GZIP_ENV) $(AMTAR) chozf sample-config.tar.gz sample-config + texi2html: tinc.texi texi2html -split=chapter tinc.texi From 691907caaeb348dee3dbe8a85f3590241f2cc992 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 17:17:13 +0000 Subject: [PATCH 831/923] Readd quotes. --- src/process.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/process.c b/src/process.c index c989532e..5566510d 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.65 2003/08/08 14:48:33 guus Exp $ + $Id: process.c,v 1.1.2.66 2003/08/08 17:17:13 guus Exp $ */ #include "system.h" @@ -84,6 +84,7 @@ static SERVICE_STATUS_HANDLE statushandle = 0; bool install_service(void) { char command[4096] = ""; char **argp; + bool space; manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if(!manager) { @@ -98,8 +99,13 @@ bool install_service(void) { strncat(command, program_name, sizeof(command)); for(argp = g_argv + 1; *argp; argp++) { + space = strchr(*argp, " "); strncat(command, " ", sizeof(command)); + if(space) + strncat(command, "\"", sizeof(command)); strncat(command, *argp, sizeof(command)); + if(space) + strncat(command, "\"", sizeof(command)); } service = CreateService(manager, identname, identname, From 6f3099595530280028f6ec3d0b310df523e75f98 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 17:20:12 +0000 Subject: [PATCH 832/923] Typo. --- src/mingw/device.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/mingw/device.c b/src/mingw/device.c index 0ae0cf27..b156cef7 100644 --- a/src/mingw/device.c +++ b/src/mingw/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.11 2003/08/03 21:45:41 guus Exp $ + $Id: device.c,v 1.1.2.12 2003/08/08 17:20:12 guus Exp $ */ #include "system.h" @@ -219,7 +219,7 @@ bool setup_device(void) } if(device_handle == INVALID_HANDLE_VALUE) { - logger(LOG_ERR, _("%s (%s) is no a usable Windows tap device!"), device, iface); + logger(LOG_ERR, _("%s (%s) is not a usable Windows tap device!"), device, iface); return false; } From b0825f36b7b5dade1693fdbddfec7eef3f5ed86f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 19:39:41 +0000 Subject: [PATCH 833/923] Better error messages under Windows. --- lib/utils.c | 5 ++++- lib/utils.h | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/utils.c b/lib/utils.c index 43abf96e..2e40ef58 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -86,13 +86,16 @@ void cp_trace() #endif char *winerror(int err) { - static char buf[1024]; + static char buf[1024], *newline; if (!FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), buf, sizeof(buf), NULL)) { strncpy(buf, _("(unable to format errormessage)"), sizeof(buf)); }; + if((newline = strchr(buf, '\r'))) + *newline = '\0'; + return buf; } #endif diff --git a/lib/utils.h b/lib/utils.h index d8dc4768..af654274 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -40,6 +40,7 @@ extern void bin2hex(char *src, char *dst, int length); #ifdef HAVE_MINGW extern char *winerror(int); +#define strerror(x) (x>0?strerror(x):winerror(GetLastError())) #endif #endif /* __TINC_UTILS_H__ */ From b4c913aaa926d80a72aeb97459f84f992b65d1ed Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 19:42:35 +0000 Subject: [PATCH 834/923] Log error first, try to close later. --- src/net_packet.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/net_packet.c b/src/net_packet.c index ff57753f..aa5bea34 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.36 2003/07/24 12:08:15 guus Exp $ + $Id: net_packet.c,v 1.1.2.37 2003/08/08 19:42:35 guus Exp $ */ #include "system.h" @@ -306,14 +306,12 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) priority = origpriority; ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Setting outgoing packet priority to %d"), priority); if(setsockopt(listen_socket[sock].udp, SOL_IP, IP_TOS, &priority, sizeof(priority))) /* SO_PRIORITY doesn't seem to work */ - logger(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", - strerror(errno)); + logger(LOG_ERR, _("System call `%s' failed: %s"), "setsockopt", strerror(errno)); } #endif if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { - logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, - n->hostname, strerror(errno)); + logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); return; } From 7f05445047c6479b81b7d393543ff73a95ee0dc8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 19:43:47 +0000 Subject: [PATCH 835/923] Quote when needed and don't try stuff that doesn't work under Windows. --- src/process.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/process.c b/src/process.c index 5566510d..43ce5bde 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.66 2003/08/08 17:17:13 guus Exp $ + $Id: process.c,v 1.1.2.67 2003/08/08 19:43:47 guus Exp $ */ #include "system.h" @@ -99,10 +99,8 @@ bool install_service(void) { strncat(command, program_name, sizeof(command)); for(argp = g_argv + 1; *argp; argp++) { - space = strchr(*argp, " "); - strncat(command, " ", sizeof(command)); - if(space) - strncat(command, "\"", sizeof(command)); + space = strchr(*argp, ' '); + strncat(command, space?" \"":" ", sizeof(command)); strncat(command, *argp, sizeof(command)); if(space) strncat(command, "\"", sizeof(command)); @@ -363,26 +361,29 @@ bool execute_script(const char *name, char **envp) cp(); - asprintf(&scriptname, "%s/%s", confbase, name); + asprintf(&scriptname, "\"%s/%s\"", confbase, name); +#ifndef HAVE_MINGW /* First check if there is a script */ if(stat(scriptname, &s)) return true; + ifdebug(STATUS) logger(LOG_INFO, _("Executing script %s"), name); +#endif + /* Set environment */ while(*envp) putenv(*envp++); - ifdebug(STATUS) logger(LOG_INFO, _("Executing script %s"), name); - status = system(scriptname); free(scriptname); /* Unset environment? */ +#ifdef WEXITSTATUS if(status != -1) { if(WIFEXITED(status)) { /* Child exited by itself */ if(WEXITSTATUS(status)) { @@ -404,6 +405,7 @@ bool execute_script(const char *name, char **envp) strerror(errno)); return false; } +#endif #endif return true; } From bb2f18a3fc8acb7802f30e06153def30eb97a994 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 19:45:21 +0000 Subject: [PATCH 836/923] Under Windows, the installation directory can be found in the registry. --- src/tincd.c | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/src/tincd.c b/src/tincd.c index ee3ca1c5..a37a6125 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.83 2003/08/03 09:55:20 guus Exp $ + $Id: tincd.c,v 1.10.4.84 2003/08/08 19:45:21 guus Exp $ */ #include "system.h" @@ -339,11 +339,35 @@ static bool keygen(int bits) */ static void make_names(void) { +#ifdef HAVE_MINGW + HKEY key; + char installdir[1024] = ""; + long len = sizeof(installdir); +#endif + if(netname) asprintf(&identname, "tinc.%s", netname); else identname = xstrdup("tinc"); +#ifdef HAVE_MINGW + if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) { + if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) { + if(!pidfilename) + asprintf(&logfilename, "%s/log/%s.log", identname); + if(!confbase) { + if(netname) + asprintf(&confbase, "%s/%s", installdir, netname); + else + asprintf(&confbase, "%s", installdir); + } + } + RegCloseKey(key); + if(*installdir) + return; + } +#endif + if(!pidfilename) asprintf(&pidfilename, LOCALSTATEDIR "/run/%s.pid", identname); @@ -352,12 +376,12 @@ static void make_names(void) if(netname) { if(!confbase) - asprintf(&confbase, "%s/tinc/%s", CONFDIR, netname); + asprintf(&confbase, CONFDIR "/tinc/%s", netname); else logger(LOG_INFO, _("Both netname and configuration directory given, using the latter...")); } else { if(!confbase) - asprintf(&confbase, "%s/tinc", CONFDIR); + asprintf(&confbase, CONFDIR "/tinc"); } } @@ -394,7 +418,7 @@ int main(int argc, char **argv) if(kill_tincd) return !kill_other(kill_tincd); - openlogger("tinc", LOGMODE_STDERR); + openlogger("tinc", use_logfile?LOGMODE_FILE:LOGMODE_STDERR); /* Lock all pages into memory if requested */ From ef65a64443f740e3b22d9e903f764d9a58ce0ff0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 19:49:47 +0000 Subject: [PATCH 837/923] Better error checking and reporting. --- src/cygwin/device.c | 13 ++++++++----- src/mingw/device.c | 11 +++++++---- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/src/cygwin/device.c b/src/cygwin/device.c index e5f5354b..c8f288ca 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.15 2003/08/02 21:33:18 guus Exp $ + $Id: device.c,v 1.1.2.16 2003/08/08 19:49:47 guus Exp $ */ #include "system.h" @@ -95,10 +95,13 @@ bool setup_device(void) continue; len = sizeof(adaptername); - RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); + err = RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); RegCloseKey(key2); + if(err) + continue; + if(device) { if(!strcmp(device, adapterid)) { found = true; @@ -153,7 +156,7 @@ bool setup_device(void) device_handle = CreateFile(tapname, GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM , 0); if(device_handle == INVALID_HANDLE_VALUE) { - logger(LOG_ERR, _("Could not open Windows tap device for writing: %s"), winerror(GetLastError())); + logger(LOG_ERR, _("Could not open Windows tap device %s (%s) for writing: %s"), device, iface, winerror(GetLastError())); return false; } @@ -162,7 +165,7 @@ bool setup_device(void) /* Get MAC address from tap device */ if(!DeviceIoControl(device_handle, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) { - logger(LOG_ERR, _("Could not get MAC address from Windows tap device: %s"), winerror(GetLastError())); + logger(LOG_ERR, _("Could not get MAC address from Windows tap device %s (%s): %s"), device, iface, winerror(GetLastError())); return false; } @@ -191,7 +194,7 @@ bool setup_device(void) device_handle = CreateFile(tapname, GENERIC_READ, FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_ATTRIBUTE_SYSTEM, 0); if(device_handle == INVALID_HANDLE_VALUE) { - logger(LOG_ERR, _("Could not open Windows tap device for reading: %s"), winerror(GetLastError())); + logger(LOG_ERR, _("Could not open Windows tap device %s (%s) for reading: %s"), device, iface, winerror(GetLastError())); buf[0] = 0; write(sp[1], buf, 1); exit(1); diff --git a/src/mingw/device.c b/src/mingw/device.c index b156cef7..01854d67 100644 --- a/src/mingw/device.c +++ b/src/mingw/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.12 2003/08/08 17:20:12 guus Exp $ + $Id: device.c,v 1.1.2.13 2003/08/08 19:49:47 guus Exp $ */ #include "system.h" @@ -170,10 +170,13 @@ bool setup_device(void) continue; len = sizeof(adaptername); - RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); + err = RegQueryValueEx(key2, "Name", 0, 0, adaptername, &len); RegCloseKey(key2); + if(err) + continue; + if(device) { if(!strcmp(device, adapterid)) { found = true; @@ -219,14 +222,14 @@ bool setup_device(void) } if(device_handle == INVALID_HANDLE_VALUE) { - logger(LOG_ERR, _("%s (%s) is not a usable Windows tap device!"), device, iface); + logger(LOG_ERR, _("%s (%s) is not a usable Windows tap device: %s"), device, iface, winerror(GetLastError())); return false; } /* Get MAC address from tap device */ if(!DeviceIoControl(device_handle, TAP_IOCTL_GET_MAC, mymac.x, sizeof(mymac.x), mymac.x, sizeof(mymac.x), &len, 0)) { - logger(LOG_ERR, _("Could not get MAC address from Windows tap device!")); + logger(LOG_ERR, _("Could not get MAC address from Windows tap device %s (%s): %s"), device, iface, winerror(GetLastError())); return false; } From 96f5d98fc299a53fcdad304a56eb3a77a2c229e7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 19:56:11 +0000 Subject: [PATCH 838/923] Small things. --- lib/utils.h | 2 +- src/process.c | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/utils.h b/lib/utils.h index af654274..4b0ab3dd 100644 --- a/lib/utils.h +++ b/lib/utils.h @@ -40,7 +40,7 @@ extern void bin2hex(char *src, char *dst, int length); #ifdef HAVE_MINGW extern char *winerror(int); -#define strerror(x) (x>0?strerror(x):winerror(GetLastError())) +#define strerror(x) ((x)>0?strerror(x):winerror(GetLastError())) #endif #endif /* __TINC_UTILS_H__ */ diff --git a/src/process.c b/src/process.c index 43ce5bde..d81fdd69 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.67 2003/08/08 19:43:47 guus Exp $ + $Id: process.c,v 1.1.2.68 2003/08/08 19:56:11 guus Exp $ */ #include "system.h" @@ -100,8 +100,13 @@ bool install_service(void) { strncat(command, program_name, sizeof(command)); for(argp = g_argv + 1; *argp; argp++) { space = strchr(*argp, ' '); - strncat(command, space?" \"":" ", sizeof(command)); + strncat(command, " ", sizeof(command)); + + if(space) + strncat(command, "\"", sizeof(command)); + strncat(command, *argp, sizeof(command)); + if(space) strncat(command, "\"", sizeof(command)); } @@ -372,10 +377,12 @@ bool execute_script(const char *name, char **envp) ifdebug(STATUS) logger(LOG_INFO, _("Executing script %s"), name); #endif +#ifdef HAVE_PUTENV /* Set environment */ while(*envp) putenv(*envp++); +#endif status = system(scriptname); From 9bde92ce97d5503ff2d31dcc6f0648902580ec14 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 22:11:54 +0000 Subject: [PATCH 839/923] Simpler checking of permissions on private RSA key and other fixes. --- src/conf.c | 105 +----------------------------------------------- src/conf.h | 4 +- src/meta.c | 10 ++--- src/net_setup.c | 48 +++++++++++++--------- src/process.c | 15 +++---- src/tincd.c | 13 ++++-- 6 files changed, 52 insertions(+), 143 deletions(-) diff --git a/src/conf.c b/src/conf.c index e927abdb..3feb1503 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.74 2003/08/08 14:59:27 guus Exp $ + $Id: conf.c,v 1.9.4.75 2003/08/08 22:11:54 guus Exp $ */ #include "system.h" @@ -424,97 +424,7 @@ bool read_server_config() return x == 0; } -bool is_safe_path(const char *file) -{ -#if !(defined(HAVE_CYGWIN) || defined(HAVE_MINGW)) - char *p; - const char *f; - char x; - struct stat s; - char l[MAXBUFSIZE]; - - if(*file != '/') { - logger(LOG_ERR, _("`%s' is not an absolute path"), file); - return false; - } - - p = strrchr(file, '/'); - - if(p == file) /* It's in the root */ - p++; - - x = *p; - *p = '\0'; - - f = file; - -check1: - if(lstat(f, &s) < 0) { - logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); - return false; - } - - if(s.st_uid != geteuid()) { - logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), - f, s.st_uid, geteuid()); - return false; - } - - if(S_ISLNK(s.st_mode)) { - logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f); - - if(readlink(f, l, MAXBUFSIZE) < 0) { - logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, - strerror(errno)); - return false; - } - - f = l; - goto check1; - } - - *p = x; - f = file; - -check2: - if(lstat(f, &s) < 0 && errno != ENOENT) { - logger(LOG_ERR, _("Couldn't stat `%s': %s"), f, strerror(errno)); - return false; - } - - if(errno == ENOENT) - return true; - - if(s.st_uid != geteuid()) { - logger(LOG_ERR, _("`%s' is owned by UID %d instead of %d"), - f, s.st_uid, geteuid()); - return false; - } - - if(S_ISLNK(s.st_mode)) { - logger(LOG_WARNING, _("Warning: `%s' is a symlink"), f); - - if(readlink(f, l, MAXBUFSIZE) < 0) { - logger(LOG_ERR, _("Unable to read symbolic link `%s': %s"), f, - strerror(errno)); - return false; - } - - f = l; - goto check2; - } - - if(s.st_mode & 0007) { - /* Accessible by others */ - logger(LOG_ERR, _("`%s' has unsecure permissions"), f); - return false; - } -#endif - - return true; -} - -FILE *ask_and_safe_open(const char *filename, const char *what, bool safe, const char *mode) +FILE *ask_and_open(const char *filename, const char *what, const char *mode) { FILE *r; char *directory; @@ -573,17 +483,6 @@ FILE *ask_and_safe_open(const char *filename, const char *what, bool safe, const return NULL; } - /* Then check the file for nasty attacks */ - if(safe) { - if(!is_safe_path(fn)) { /* Do not permit any directories that are readable or writeable by other users. */ - fprintf(stderr, _("The file `%s' (or any of the leading directories) has unsafe permissions.\n" - "I will not create or overwrite this file.\n"), fn); - fclose(r); - free(fn); - return NULL; - } - } - free(fn); return r; diff --git a/src/conf.h b/src/conf.h index 8960f087..ba235c3d 100644 --- a/src/conf.h +++ b/src/conf.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.h,v 1.6.4.42 2003/07/30 21:52:41 guus Exp $ + $Id: conf.h,v 1.6.4.43 2003/08/08 22:11:54 guus Exp $ */ #ifndef __TINC_CONF_H__ @@ -57,7 +57,7 @@ extern bool get_config_subnet(const config_t *, struct subnet_t **); extern int read_config_file(avl_tree_t *, const char *); extern bool read_server_config(void); -extern FILE *ask_and_safe_open(const char *, const char *, bool, const char *); +extern FILE *ask_and_open(const char *, const char *, const char *); extern bool is_safe_path(const char *); #endif /* __TINC_CONF_H__ */ diff --git a/src/meta.c b/src/meta.c index 18315ad1..c2fbd7ed 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.39 2003/08/08 14:24:09 guus Exp $ + $Id: meta.c,v 1.1.2.40 2003/08/08 22:11:54 guus Exp $ */ #include "system.h" @@ -54,10 +54,10 @@ bool send_meta(connection_t *c, char *buffer, int length) while(length) { result = send(c->socket, bufp, length, 0); if(result <= 0) { - if(!errno || errno == EPIPE) + if(!errno || errno == EPIPE) { ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection closed by %s (%s)"), c->name, c->hostname); - else if(errno == EINTR) + } else if(errno == EINTR) continue; else logger(LOG_ERR, _("Sending meta data to %s (%s) failed: %s"), c->name, @@ -121,10 +121,10 @@ bool receive_meta(connection_t *c) lenin = recv(c->socket, c->buffer + c->buflen, MAXBUFSIZE - c->buflen, 0); if(lenin <= 0) { - if(!lenin || !errno) + if(!lenin || !errno) { ifdebug(CONNECTIONS) logger(LOG_NOTICE, _("Connection closed by %s (%s)"), c->name, c->hostname); - else if(errno == EINTR) + } else if(errno == EINTR) return true; else logger(LOG_ERR, _("Metadata socket read error for %s (%s): %s"), diff --git a/src/net_setup.c b/src/net_setup.c index 5bbaa799..c7c12505 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.41 2003/07/30 11:50:45 guus Exp $ + $Id: net_setup.c,v 1.1.2.42 2003/08/08 22:11:54 guus Exp $ */ #include "system.h" @@ -149,6 +149,7 @@ bool read_rsa_private_key(void) { FILE *fp; char *fname, *key; + struct stat s; cp(); @@ -164,32 +165,39 @@ bool read_rsa_private_key(void) if(!get_config_string(lookup_config(config_tree, "PrivateKeyFile"), &fname)) asprintf(&fname, "%s/rsa_key.priv", confbase); - if(is_safe_path(fname)) { - fp = fopen(fname, "r"); - - if(!fp) { - logger(LOG_ERR, _("Error reading RSA private key file `%s': %s"), - fname, strerror(errno)); - free(fname); - return false; - } + fp = fopen(fname, "r"); + if(!fp) { + logger(LOG_ERR, _("Error reading RSA private key file `%s': %s"), + fname, strerror(errno)); free(fname); - myself->connection->rsa_key = - PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); - fclose(fp); + return false; + } - if(!myself->connection->rsa_key) { - logger(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), - fname, strerror(errno)); - return false; - } +#if !defined(HAVE_MINGW) && !defined(HAVE_CYGWIN) + if(fstat(fileno(fp), &s)) { + logger(LOG_ERR, _("Could not stat RSA private key file `%s': %s'"), + fname, strerror(errno)); + free(fname); + return false; + } - return true; + if(s.st_mode & ~0700) + logger(LOG_WARNING, _("Warning: insecure file permissions for RSA private key file `%s'!"), fname); +#endif + + myself->connection->rsa_key = PEM_read_RSAPrivateKey(fp, NULL, NULL, NULL); + fclose(fp); + + if(!myself->connection->rsa_key) { + logger(LOG_ERR, _("Reading RSA private key file `%s' failed: %s"), + fname, strerror(errno)); + free(fname); + return false; } free(fname); - return false; + return true; } /* diff --git a/src/process.c b/src/process.c index d81fdd69..0ec98802 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.68 2003/08/08 19:56:11 guus Exp $ + $Id: process.c,v 1.1.2.69 2003/08/08 22:11:54 guus Exp $ */ #include "system.h" @@ -359,7 +359,6 @@ bool detach(void) bool execute_script(const char *name, char **envp) { #ifdef HAVE_SYSTEM - pid_t pid; int status; struct stat s; char *scriptname; @@ -394,22 +393,20 @@ bool execute_script(const char *name, char **envp) if(status != -1) { if(WIFEXITED(status)) { /* Child exited by itself */ if(WEXITSTATUS(status)) { - logger(LOG_ERR, _("Process %d (%s) exited with non-zero status %d"), - pid, name, WEXITSTATUS(status)); + logger(LOG_ERR, _("Script %s exited with non-zero status %d"), + name, WEXITSTATUS(status)); return false; } } else if(WIFSIGNALED(status)) { /* Child was killed by a signal */ - logger(LOG_ERR, _("Process %d (%s) was killed by signal %d (%s)"), pid, + logger(LOG_ERR, _("Script %s was killed by signal %d (%s)"), name, WTERMSIG(status), strsignal(WTERMSIG(status))); return false; } else { /* Something strange happened */ - logger(LOG_ERR, _("Process %d (%s) terminated abnormally"), pid, - name); + logger(LOG_ERR, _("Script %s terminated abnormally"), name); return false; } } else { - logger(LOG_ERR, _("System call `%s' failed: %s"), "system", - strerror(errno)); + logger(LOG_ERR, _("System call `%s' failed: %s"), "system", strerror(errno)); return false; } #endif diff --git a/src/tincd.c b/src/tincd.c index a37a6125..cec0ee5e 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.84 2003/08/08 19:45:21 guus Exp $ + $Id: tincd.c,v 1.10.4.85 2003/08/08 22:11:54 guus Exp $ */ #include "system.h" @@ -300,11 +300,16 @@ static bool keygen(int bits) fprintf(stderr, _("Done.\n")); asprintf(&filename, "%s/rsa_key.priv", confbase); - f = ask_and_safe_open(filename, _("private RSA key"), true, "a"); + f = ask_and_open(filename, _("private RSA key"), "a"); if(!f) return false; - + +#ifdef HAVE_FCHMOD + /* Make it unreadable for others. */ + fchmod(fileno(f), 0600); +#endif + if(ftell(f)) fprintf(stderr, _("Appending key to existing contents.\nMake sure only one key is stored in the file.\n")); @@ -319,7 +324,7 @@ static bool keygen(int bits) else asprintf(&filename, "%s/rsa_key.pub", confbase); - f = ask_and_safe_open(filename, _("public RSA key"), false, "a"); + f = ask_and_open(filename, _("public RSA key"), "a"); if(!f) return false; From 91f65c277483b47343b1b64d0f4edd497a8045a3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 22:13:50 +0000 Subject: [PATCH 840/923] Check for fchmod(). --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index 377bc165..38886115 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.82 2003/08/08 14:48:33 guus Exp $ +dnl $Id: configure.in,v 1.13.2.83 2003/08/08 22:13:50 guus Exp $ AC_PREREQ(2.57) AC_INIT(src/tincd.c) @@ -253,7 +253,7 @@ dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL -AC_CHECK_FUNCS([asprintf daemon fcloseall flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol system unsetenv vsyslog]) +AC_CHECK_FUNCS([asprintf daemon fchmod fcloseall flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol system unsetenv vsyslog]) jm_FUNC_MALLOC jm_FUNC_REALLOC From 7eed829d288d0fdec2f31709a18ec420e489c2e4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 8 Aug 2003 22:45:46 +0000 Subject: [PATCH 841/923] Only system() needs script name quoted. --- src/process.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/process.c b/src/process.c index 0ec98802..1a8592d3 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.69 2003/08/08 22:11:54 guus Exp $ + $Id: process.c,v 1.1.2.70 2003/08/08 22:45:46 guus Exp $ */ #include "system.h" @@ -365,15 +365,17 @@ bool execute_script(const char *name, char **envp) cp(); - asprintf(&scriptname, "\"%s/%s\"", confbase, name); - #ifndef HAVE_MINGW + asprintf(&scriptname, "%s/%s", confbase, name); + /* First check if there is a script */ if(stat(scriptname, &s)) return true; ifdebug(STATUS) logger(LOG_INFO, _("Executing script %s"), name); + + free(scriptname); #endif #ifdef HAVE_PUTENV @@ -383,6 +385,7 @@ bool execute_script(const char *name, char **envp) putenv(*envp++); #endif + asprintf(&scriptname, "\"%s/%s\"", confbase, name); status = system(scriptname); free(scriptname); From 9b579eb9ffdc1fd4a3d0cacb0728ec0796526bc5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 9 Aug 2003 00:53:22 +0000 Subject: [PATCH 842/923] Update documentation. --- doc/tinc.conf.5.in | 87 ++++++++++++---- doc/tinc.texi | 254 +++++++++++++++++++++++++++------------------ doc/tincd.8.in | 40 +++---- 3 files changed, 233 insertions(+), 148 deletions(-) diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in index 0e323b2d..7257bfe0 100644 --- a/doc/tinc.conf.5.in +++ b/doc/tinc.conf.5.in @@ -136,11 +136,15 @@ If you don't specify a host with .Nm tinc won't try to connect to other daemons at all, and will instead just listen for incoming connections. -.It Va Device Li = Ar device Po /dev/tap0 or /dev/net/tun Pc +.It Va Device Li = Ar device Po Pa /dev/tap0 , Pa /dev/net/tun No or other depending on platform Pc The virtual network device to use. .Nm tinc will automatically detect what kind of device it is. Note that you can only use one device per daemon. +Under Windows, use +.Va Interface +instead of +.Va Device . The info pages of the tinc package contain more information about configuring the virtual network device. .It Va Hostnames Li = yes | no Pq no @@ -153,19 +157,22 @@ This does not affect resolving hostnames to IP addresses from the host configuration files. .It Va Interface Li = Ar interface Defines the name of the interface corresponding to the virtual network device. -Depending on the operating system and the type of device this may or may not actually set the name of the interface -or choose the device corresponding to this interface. -.It Va KeyExpire Li = Ar period Pq 3600 +Depending on the operating system and the type of device this may or may not actually set the name of the interface. +Under Windows, this variable is used to select which network interface will be used. +If you specified a +.Va Device , +this variable is almost always already correctly set. +.It Va KeyExpire Li = Ar seconds Pq 3600 This option controls the period the encryption keys used to encrypt the data are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, even though it is thought to be nearly impossible to crack a single key. -.It Va MACExpire Li = Ar period Pq 600 +.It Va MACExpire Li = Ar seconds Pq 600 This option controls the amount of time MAC addresses are kept before they are removed. This only has effect when .Va Mode is set to .Qq switch . -.It Va MaxTimeout Li = Ar period Pq 900 +.It Va MaxTimeout Li = Ar seconds Pq 900 This is the maximum delay before trying to reconnect to other tinc daemons. .It Va Mode Li = router | switch | hub Pq router This option selects the way packets are routed to other daemons. @@ -192,7 +199,7 @@ while no routing table is managed. .It Va Name Li = Ar name Bq required This is the name which identifies this tinc daemon. It must be unique for the virtual private network this daemon will connect to. -.It Va PingTimeout Li = Ar period Pq 60 +.It Va PingTimeout Li = Ar seconds Pq 60 The number of seconds of inactivity that .Nm tinc will wait before sending a probe to the other end. @@ -205,7 +212,7 @@ will be inherited by the UDP packets that are sent out. .It Va PrivateKey Li = Ar key Bq obsolete The private RSA key of this tinc daemon. It will allow this tinc daemon to authenticate itself to other daemons. -.It Va PrivateKeyFile Li = Ar filename Bq recommended +.It Va PrivateKeyFile Li = Ar filename Po Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /rsa_key.priv Pc The file in which the private RSA key of this tinc daemon resides. Note that there must be exactly one of .Va PrivateKey @@ -304,7 +311,59 @@ from behind a masquerading firewall, or if UDP packet routing is disabled somehow. Setting this options also implicitly sets IndirectData. .El +.Sh SCRIPTS +Apart from reading the server and host configuration files, +tinc can also run scripts at certain moments. +On Windows (not Cygwin), the scripts should have the extension +.Pa .bat . +.Bl -tag -width indent +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up +This is the most important script. +If it is present it will be executed right after the tinc daemon has been started and has connected to the virtual network device. +It should be used to set up the corresponding network interface, +but can also be used to start other things. +Under Windows you can use the Network Connections control panel instead of creating this script. +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-down +This script is started right before the tinc daemon quits. +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar HOST Ns Pa -up +This script is started when the tinc daemon with name +.Ar HOST +becomes reachable. +.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar HOST Ns Pa -down +This script is started when the tinc daemon with name +.Ar HOST +becomes unreachable. +.El +.Pp +The scripts are started without command line arguments, but can make use of certain environment variables. +Under UNIX like operating systems the names of environment variables must be preceded by a +.Li $ +in scripts. +Under Windows, in +.Pa .bat +files, they have to be put between +.Li % +signs. +.Bl -tag -width indent +.It Ev NETNAME +If a netname was specified, this environment variable contains it. +.It Ev NAME +Contains the name of this tinc daemon. +.It Ev DEVICE +Contains the name of the virtual network device that tinc uses. +.It Ev INTERFACE +Contains the name of the virtual network interface that tinc uses. +This should be used for commands like +.Pa ifconfig . +.It Ev NODE +When a host becomes (un)reachable, this is set to its name. +.It Ev REMOTEADDRESS +When a host becomes (un)reachable, this is set to its real address. +.It Ev REMOTEPORT +When a host becomes (un)reachable, this is set to the port number it uses for communication with other tinc daemons. +.El .Sh FILES +The most important files are: .Bl -tag -width indent .It Pa @sysconfdir@/tinc/ The top directory for configuration files. @@ -317,22 +376,10 @@ Host configuration files are kept in this directory. If an executable file with this name exists, it will be executed right after the tinc daemon has connected to the virtual network device. It can be used to set up the corresponding network interface. -.Pp -The environment variable -.Ev $NETNAME -will be passed to the executable. -If specified with the -.Va Interface -configuration variable, -or if the virtual network device is a Linux tun/tap device, -the environment variable -.Ev $INTERFACE -will be set to the name of the network interface. .It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-down If an executable file with this name exists, it will be executed right before the tinc daemon is going to close its connection to the virtual network device. -The same environment variables will be passed as mentioned above. .El .Sh SEE ALSO .Xr tincd 8 , diff --git a/doc/tinc.texi b/doc/tinc.texi index 555017a7..dd114355 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.43 2003/08/08 14:07:12 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.44 2003/08/09 00:53:22 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -20,7 +20,7 @@ Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.43 2003/08/08 14:07:12 guus Exp $ +$Id: tinc.texi,v 1.8.4.44 2003/08/09 00:53:22 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -47,7 +47,7 @@ Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.43 2003/08/08 14:07:12 guus Exp $ +$Id: tinc.texi,v 1.8.4.44 2003/08/09 00:53:22 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -64,7 +64,7 @@ permission notice identical to this one. @node Top, Introduction, (dir), (dir) @menu -* Introduction:: Introduction +* Introduction:: * Preparations:: * Installation:: * Configuration:: @@ -96,13 +96,13 @@ configure your computer to use tinc, as well as the configuration process of tinc itself. @menu -* VPNs:: Virtual Private Networks in general -* tinc:: about tinc +* Virtual Private Networks:: +* tinc:: About tinc * Supported platforms:: @end menu @c ================================================================== -@node VPNs, tinc, Introduction, Introduction +@node Virtual Private Networks, tinc, Introduction, Introduction @section Virtual Private Networks @cindex VPN @@ -140,7 +140,7 @@ through the VPN. This is what tinc was made for. @c ================================================================== -@node tinc, Supported platforms, VPNs, Introduction +@node tinc, Supported platforms, Virtual Private Networks, Introduction @section tinc @cindex vpnd @@ -181,7 +181,7 @@ available too. @section Supported platforms @cindex platforms -tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X (Darwin), Solaris, and Windows (in a Cygwin environment), +tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X (Darwin), Solaris, and Windows (both natively and in a Cygwin environment), with various hardware architectures. These are some of the platforms that are supported by the universal tun/tap device driver or other virtual network device drivers. Without such a driver, tinc will most @@ -263,20 +263,10 @@ downloaded from @uref{http://chrisp.de/en/projects/tunnel.html}. IPv6 packets cannot be tunneled on Darwin. @c ================================================================== -@subsection Cygwin (Windows) +@subsection Windows -@cindex Cygwin @cindex Windows -tinc on Windows, in a Cygwin environment, relies on the CIPE driver for its data -acquisition from the kernel. This driver is not part of Windows but can be -downloaded from @uref{http://cipe-win32.sourceforge.net/}. - -@c ================================================================== -@subsection MinGW (Windows) - -@cindex MinGW -@cindex Windows -tinc on Windows (native), compiled using MinGW, relies on the CIPE driver for its data +tinc on Windows, in a Cygwin environment, relies on the CIPE driver or the TAP-Win32 driver for its data acquisition from the kernel. This driver is not part of Windows but can be downloaded from @uref{http://cipe-win32.sourceforge.net/}. @@ -339,8 +329,7 @@ you should read the @uref{http://howto.linuxberg.com/LDP/HOWTO/Kernel-HOWTO.html * Configuration of NetBSD kernels:: * Configuration of Solaris kernels:: * Configuration of Darwin (MacOS/X) kernels:: -* Configuration of Cygwin (Windows):: -* Configuration of MinGW (Windows):: +* Configuration of Windows:: @end menu @@ -444,7 +433,7 @@ the tun driver is included in the default kernel configuration. @c ================================================================== -@node Configuration of Darwin (MacOS/X) kernels, Configuration of Cygwin (Windows), Configuration of Solaris kernels, Configuring the kernel +@node Configuration of Darwin (MacOS/X) kernels, Configuration of Windows, Configuration of Solaris kernels, Configuring the kernel @subsection Configuration of Darwin (MacOS/X) kernels Darwin does not come with a tunnel driver. You must download it at @@ -461,21 +450,13 @@ and the corresponding network interfaces. @c ================================================================== -@node Configuration of Cygwin (Windows), Configuration of MinGW (Windows), Configuration of Darwin (MacOS/X) kernels, Configuring the kernel -@subsection Configuration of Cygwin (Windows) +@node Configuration of Windows, , Configuration of Darwin (MacOS/X) kernels, Configuring the kernel +@subsection Configuration of Windows -You will need to install the CIPE driver, you can download it from -@uref{http://cipe-win32.sourceforge.net}. Configure the CIPE network device in -the same way as you would do from the tinc-up script. - - -@c ================================================================== -@node Configuration of MinGW (Windows), , Configuration of Cygwin (Windows), Configuring the kernel -@subsection Configuration of MinGW (Windows) - -You will need to install the CIPE driver, you can download it from -@uref{http://cipe-win32.sourceforge.net}. Configure the CIPE network device in -the same way as you would do from the tinc-up script. +You will need to install the CIPE driver or the TAP-Win32 driver. You can download the CIPE driver from +@uref{http://cipe-win32.sourceforge.net}. Using the Network Connections control panel, +configure the CIPE network device in the same way as you would do from the tinc-up script +as explained in the rest of the documentation. @c ================================================================== @@ -647,7 +628,7 @@ The documentation that comes along with your distribution will tell you how to d @c ================================================================== -@node Darwin (MacOS/X) build environment, Cygwin (Windows) build environment, , Building and installing tinc +@node Darwin (MacOS/X) build environment, Cygwin (Windows) build environment, Building and installing tinc, Building and installing tinc @subsection Darwin (MacOS/X) build environment In order to build tinc on Darwin, you need to install the MacOS/X Developer Tools @@ -669,7 +650,7 @@ but all programs, including those started outside the Cygwin environment, will b It will also support all features. @c ================================================================== -@node MinGW (Windows) build environment, , Cygwin (Windows) build environment, Building and installing tinc +@node MinGW (Windows) build environment, , Cygwin (Windows) build environment, Building and installing tinc @subsection MinGW (Windows) build environment You will need to install the MinGW environment from @uref{http://www.mingw.org}. @@ -677,8 +658,6 @@ You will need to install the MinGW environment from @uref{http://www.mingw.org}. When tinc is compiled using MinGW it runs natively under Windows, it is not necessary to keep MinGW installed. -When running natively, tinc is not able to start scripts, -nor is tinc able to receive signals. When detaching, tinc will install itself as a service, which will be restarted automatically after reboots. @@ -792,7 +771,6 @@ tinc 655/udp TINC @node Configuration introduction, Multiple networks, Configuration, Configuration @section Configuration introduction -@cindex Network Administrators Guide Before actually starting to configure tinc and editing files, make sure you have read this entire section so you know what to expect. Then, make it clear to yourself how you want to organize your VPN: @@ -805,6 +783,7 @@ Do you want to run tinc in router mode or switch mode? These questions can only be answered by yourself, you will not find the answers in this documentation. Make sure you have an adequate understanding of networks in general. +@cindex Network Administrators Guide A good resource on networking is the @uref{http://www.linuxdoc.org/LDP/nag2/, Linux Network Administrators Guide}. @@ -834,13 +813,13 @@ This means that you call tincd with the -n argument, which will assign a netname to this daemon. The effect of this is that the daemon will set its configuration -``root'' to @value{sysconfdir}/tinc/@emph{netname}/, where @emph{netname} is your argument to the -n -option. You'll notice that it appears in syslog as ``tinc.@emph{netname}''. +``root'' to @value{sysconfdir}/tinc/@var{netname}/, where @var{netname} is your argument to the -n +option. You'll notice that it appears in syslog as ``tinc.@var{netname}''. However, it is not strictly necessary that you call tinc with the -n option. In this case, the network name would just be empty, and it will be used as such. tinc now looks for files in @value{sysconfdir}/tinc/, instead of -@value{sysconfdir}/tinc/@emph{netname}/; the configuration file should be @value{sysconfdir}/tinc/tinc.conf, +@value{sysconfdir}/tinc/@var{netname}/; the configuration file should be @value{sysconfdir}/tinc/tinc.conf, and the host configuration files are now expected to be in @value{sysconfdir}/tinc/hosts/. But it is highly recommended that you use this feature of tinc, because @@ -878,8 +857,8 @@ It does not matter if two tinc daemons have a `ConnectTo' value pointing to each @section Configuration files The actual configuration of the daemon is done in the file -@file{@value{sysconfdir}/tinc/@emph{netname}/tinc.conf} and at least one other file in the directory -@file{@value{sysconfdir}/tinc/@emph{netname}/hosts/}. +@file{@value{sysconfdir}/tinc/@var{netname}/tinc.conf} and at least one other file in the directory +@file{@value{sysconfdir}/tinc/@var{netname}/hosts/}. These file consists of comments (lines started with a #) or assignments in the form of @@ -895,29 +874,29 @@ out, remember to replace it with at least one space character. In this section all valid variables are listed in alphabetical order. The default value is given between parentheses, -other comments are between square brackets and -required directives are given in @strong{bold}. +other comments are between square brackets. @menu * Main configuration variables:: * Host configuration variables:: +* Scripts:: * How to configure:: @end menu @c ================================================================== -@node Main configuration variables, Host configuration variables, Configuration files, Configuration files +@node Main configuration variables, Host configuration variables, Configuration files, Configuration files @subsection Main configuration variables @table @asis @cindex AddressFamily -@item AddressFamily = (any) +@item @var{AddressFamily} = (any) This option affects the address family of listening and outgoing sockets. If "any" is selected, then depending on the operating system both IPv4 and IPv6 or just IPv6 listening sockets will be created. @cindex BindToAddress -@item BindToAddress =

      [experimental] +@item @var{BindToAddress} =
      [experimental] If your computer has more than one IPv4 or IPv6 address, tinc will by default listen on all of them for incoming connections. It is possible to bind only to a single address with this variable. @@ -925,7 +904,7 @@ It is possible to bind only to a single address with this variable. This option may not work on all platforms. @cindex BindToInterface -@item BindToInterface = [experimental] +@item @var{BindToInterface} = [experimental] If you have more than one network interface in your computer, tinc will by default listen on all of them for incoming connections. It is possible to bind tinc to a single interface like eth0 or ppp0 with this @@ -934,7 +913,7 @@ variable. This option may not work on all platforms. @cindex ConnectTo -@item @strong{ConnectTo = } +@item @var{ConnectTo} = Specifies which other tinc daemon to connect to on startup. Multiple ConnectTo variables may be specified, in which case outgoing connections to each specified tinc daemon are made. @@ -946,12 +925,16 @@ tinc won't try to connect to other daemons at all, and will instead just listen for incoming connections. @cindex Device -@item @strong{Device = } (/dev/tap0 or /dev/net/tun) -The virtual network device to use. Note that you can only use one device per -daemon. See also @ref{Device files}. +@item @var{Device} = (@file{/dev/tap0}, @file{/dev/net/tun} or other depending on platform) +The virtual network device to use. +tinc will automatically detect what kind of device it is. +Note that you can only use one device per daemon. +Under Windows, use @var{Interface} instead of @var{Device}. +Note that you can only use one device per daemon. +See also @ref{Device files}. @cindex Hostnames -@item Hostnames = (no) +@item @var{Hostnames} = (no) This option selects whether IP addresses (both real and on the VPN) should be resolved. Since DNS lookups are blocking, it might affect tinc's efficiency, even stopping the daemon for a few seconds everytime @@ -961,13 +944,14 @@ This does not affect resolving hostnames to IP addresses from the configuration file. @cindex Interface -@item Interface = +@item @var{Interface} = Defines the name of the interface corresponding to the virtual network device. -Depending on the operating system and the type of device this may or may not actually set the name of the interface -or choose the device corresponding to this interface. +Depending on the operating system and the type of device this may or may not actually set the name of the interface. +Under Windows, this variable is used to select which network interface will be used. +If you specified a Device, this variable is almost always already correctly set. @cindex Mode -@item Mode = (router) +@item @var{Mode} = (router) This option selects the way packets are routed to other daemons. @table @asis @@ -996,82 +980,82 @@ while no routing table is managed. @end table @cindex KeyExpire -@item KeyExpire = (3600) +@item @var{KeyExpire} = (3600) This option controls the time the encryption keys used to encrypt the data are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, even though it is thought to be nearly impossible to crack a single key. @cindex MACExpire -@item MACExpire = (600) +@item @var{MACExpire} = (600) This option controls the amount of time MAC addresses are kept before they are removed. This only has effect when Mode is set to "switch". @cindex Name -@item @strong{Name = } +@item @var{Name} = [required] This is a symbolic name for this connection. It can be anything @cindex PingTimeout -@item PingTimeout = (60) +@item @var{PingTimeout} = (60) The number of seconds of inactivity that tinc will wait before sending a probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. @cindex PriorityInheritance -@item PriorityInheritance = (no) [experimental] +@item @var{PriorityInheritance} = (no) [experimental] When this option is enabled the value of the TOS field of tunneled IPv4 packets will be inherited by the UDP packets that are sent out. @cindex PrivateKey -@item PrivateKey = [obsolete] +@item @var{PrivateKey} = [obsolete] This is the RSA private key for tinc. However, for safety reasons it is advised to store private keys of any kind in separate files. This prevents accidental eavesdropping if you are editting the configuration file. @cindex PrivateKeyFile -@item @strong{PrivateKeyFile = } [recommended] +@item @var{PrivateKeyFile} = (@file{@value{sysconfdir}/tinc/@var{netname}/rsa_key.priv}) This is the full path name of the RSA private key file that was generated by ``tincd --generate-keys''. It must be a full path, not a relative directory. -Note that there must be exactly one of PrivateKey -or PrivateKeyFile +Note that there must be exactly one of @var{PrivateKey} +or @var{PrivateKeyFile} specified in the configuration file. @end table @c ================================================================== -@node Host configuration variables, How to configure, Main configuration variables, Configuration files +@node Host configuration variables, Scripts, Main configuration variables, Configuration files @subsection Host configuration variables @table @asis @cindex Address -@item @strong{Address = } [recommended] +@item @var{Address} = [recommended] This variable is only required if you want to connect to this host. It must resolve to the external IP address where the host can be reached, not the one that is internal to the VPN. @cindex Cipher -@item Cipher = (blowfish) +@item @var{Cipher} = (blowfish) The symmetric cipher algorithm used to encrypt UDP packets. Any cipher supported by OpenSSL is recognized. @cindex Compression -@item Compression = (0) +@item @var{Compression} = (0) This option sets the level of compression used for UDP packets. Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), 10 (fast lzo) and 11 (best lzo). @cindex Digest -@item Digest = (sha1) +@item @var{Digest} = (sha1) The digest algorithm used to authenticate UDP packets. Any digest supported by OpenSSL is recognized. Furthermore, specifying "none" will turn off packet authentication. @cindex IndirectData -@item IndirectData = (no) +@item @var{IndirectData} = (no) This option specifies whether other tinc daemons besides the one you specified with ConnectTo can make a direct connection to you. This is especially useful if you are behind a firewall and it is impossible to @@ -1079,22 +1063,22 @@ make a connection from the outside to your tinc daemon. Otherwise, it is best to leave this option out or set it to no. @cindex MACLength -@item MACLength = (4) +@item @var{MACLength} = (4) The length of the message authentication code used to authenticate UDP packets. Can be anything from 0 up to the length of the digest produced by the digest algorithm. @cindex Port -@item Port = (655) +@item @var{Port} = (655) This is the port this tinc daemon listens on. You can use decimal portnumbers or symbolic names (as listed in /etc/services). @cindex PublicKey -@item PublicKey = [obsolete] +@item @var{PublicKey} = [obsolete] This is the RSA public key for this host. @cindex PublicKeyFile -@item PublicKeyFile = [obsolete] +@item @var{PublicKeyFile} = [obsolete] This is the full path name of the RSA public key file that was generated by ``tincd --generate-keys''. It must be a full path, not a relative directory. @@ -1108,7 +1092,7 @@ in each host configuration file, if you want to be able to establish a connection with that host. @cindex Subnet -@item Subnet = +@item @var{Subnet} = The subnet which this tinc daemon will serve. tinc tries to look up which other daemon it should send a packet to by searching the appropiate subnet. If the packet matches a subnet, @@ -1133,7 +1117,7 @@ example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes @uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519} @cindex TCPonly -@item TCPonly = (no) [experimental] +@item @var{TCPonly} = (no) [experimental] If this variable is set to yes, then the packets are tunnelled over a TCP connection instead of a UDP connection. This is especially useful for those who want to run a tinc daemon from behind a masquerading @@ -1143,18 +1127,86 @@ Setting this options also implicitly sets IndirectData. @c ================================================================== -@node How to configure, , Host configuration variables, Configuration files +@node Scripts, How to configure, Host configuration variables, Configuration files +@subsection Scripts + +@cindex scripts +Apart from reading the server and host configuration files, +tinc can also run scripts at certain moments. +On Windows (not Cygwin), the scripts should have the extension .bat. + +@table @file +@cindex tinc-up +@item @value{sysconfdir}/tinc/@var{netname}/tinc-up +This is the most important script. +If it is present it will be executed right after the tinc daemon has been +started and has connected to the virtual network device. +It should be used to set up the corresponding network interface, +but can also be used to start other things. +Under Windows you can use the Network Connections control panel instead of creating this script. + +@cindex tinc-down +@item @value{sysconfdir}/tinc/@var{netname}/tinc-down +This script is started right before the tinc daemon quits. + +@item @value{sysconfdir}/tinc/@var{netname}/hosts/@var{host}-up +This script is started when the tinc daemon with name @var{host} becomes reachable. + +@item @value{sysconfdir}/tinc/@var{netname}/hosts/@var{host}-down +This script is started when the tinc daemon with name @var{host} becomes unreachable. +@end table + +@cindex environment variables +The scripts are started without command line arguments, +but can make use of certain environment variables. +Under UNIX like operating systems the names of environment variables must be preceded by a $ in scripts. +Under Windows, in @file{.bat} files, they have to be put between % signs. + +@table @env +@cindex NETNAME +@item NETNAME +If a netname was specified, this environment variable contains it. + +@cindex NAME +@item NAME +Contains the name of this tinc daemon. + +@cindex DEVICE +@item DEVICE +Contains the name of the virtual network device that tinc uses. + +@cindex INTERFACE +@item INTERFACE +Contains the name of the virtual network interface that tinc uses. +This should be used for commands like ifconfig. + +@cindex NODE +@item NODE +When a host becomes (un)reachable, this is set to its name. + +@cindex REMOTEADDRESS +@item REMOTEADDRESS +When a host becomes (un)reachable, this is set to its real address. + +@cindex REMOTEPORT +@item REMOTEPORT +When a host becomes (un)reachable, +this is set to the port number it uses for communication with other tinc daemons. +@end table + + +@c ================================================================== +@node How to configure, , Scripts, Configuration files @subsection How to configure @subsubheading Step 1. Creating the main configuration file -The main configuration file will be called @file{@value{sysconfdir}/tinc/@emph{netname}/tinc.conf}. +The main configuration file will be called @file{@value{sysconfdir}/tinc/@var{netname}/tinc.conf}. Adapt the following example to create a basic configuration file: @example -Name = @emph{yourname} -Device = @emph{/dev/tap0} -PrivateKeyFile = @value{sysconfdir}/tinc/@emph{netname}/rsa_key.priv +Name = @var{yourname} +Device = @file{/dev/tap0} @end example Then, if you know to which other tinc daemon(s) yours is going to connect, @@ -1163,12 +1215,12 @@ add `ConnectTo' values. @subsubheading Step 2. Creating your host configuration file If you added a line containing `Name = yourname' in the main configuarion file, -you will need to create a host configuration file @file{@value{sysconfdir}/tinc/@emph{netname}/hosts/yourname}. +you will need to create a host configuration file @file{@value{sysconfdir}/tinc/@var{netname}/hosts/yourname}. Adapt the following example to create a host configuration file: @example -Address = @emph{your.real.hostname.org} -Subnet = @emph{192.168.1.0/24} +Address = your.real.hostname.org +Subnet = 192.168.1.0/24 @end example You can also use an IP address instead of a hostname. @@ -1186,7 +1238,7 @@ Now that you have already created the main configuration file and your host conf you can easily create a public/private keypair by entering the following command: @example -tincd -n @emph{netname} -K +tincd -n @var{netname} -K @end example tinc will generate a public and a private key and ask you where to put them. @@ -1209,9 +1261,9 @@ if you are using the Linux tun/tap driver, the network interface will by default @cindex tinc-up You can configure the network interface by putting ordinary ifconfig, route, and other commands -to a script named @file{@value{sysconfdir}/tinc/@emph{netname}/tinc-up}. When tinc starts, this script +to a script named @file{@value{sysconfdir}/tinc/@var{netname}/tinc-up}. When tinc starts, this script will be executed. When tinc exits, it will execute the script named -@file{@value{sysconfdir}/tinc/@emph{netname}/tinc-down}, but normally you don't need to create that script. +@file{@value{sysconfdir}/tinc/@var{netname}/tinc-down}, but normally you don't need to create that script. An example @file{tinc-up} script: @@ -1436,7 +1488,7 @@ their daemons, tinc will try connecting until they are available. If everything else is done, you can start tinc by typing the following command: @example -tincd -n @emph{netname} +tincd -n @var{netname} @end example @cindex daemon @@ -1451,7 +1503,7 @@ and look in the syslog to find out what the problems are. @c ================================================================== -@node Runtime options, Error messages, , Running tinc +@node Runtime options, Error messages, Running tinc, Running tinc @section Runtime options Besides the settings in the configuration file, tinc also accepts some @@ -1461,10 +1513,10 @@ command line options. @cindex runtime options @cindex options @c from the manpage -@table @samp +@table @option @item -c, --config=PATH Read configuration options from the directory PATH. The default is -@file{@value{sysconfdir}/tinc/@emph{netname}/}. +@file{@value{sysconfdir}/tinc/@var{netname}/}. @item -D, --no-detach Don't fork and detach. @@ -1850,7 +1902,7 @@ encryption algorithm is always the default length used by OpenSSL. @c ================================================================== -@node Authentication protocol, Encryption of network packets, Security, Security +@node Authentication protocol, Encryption of network packets, Security, Security @subsection Authentication protocol @cindex authentication @@ -1964,7 +2016,7 @@ an attacker) in the beginning of the encrypted stream. @c ================================================================== -@node Encryption of network packets, , Authentication protocol, Security +@node Encryption of network packets, , Authentication protocol, Security @subsection Encryption of network packet @cindex encryption diff --git a/doc/tincd.8.in b/doc/tincd.8.in index a2957ef2..577e33a8 100644 --- a/doc/tincd.8.in +++ b/doc/tincd.8.in @@ -34,16 +34,19 @@ If that succeeds, it will detach from the controlling terminal and continue in the background, accepting and setting up connections to other tinc daemons that are part of the virtual private network. -Under Windows (native) tinc will install itself as a service, +Under Windows (not Cygwin) tinc will install itself as a service, which will be restarted automatically after reboots. .Sh OPTIONS .Bl -tag -width indent .It Fl c, -config Ns = Ns Ar DIR -Read configuration options from -.Ar DIR . +Read configuration files from +.Ar DIR +instead of +.Pa @sysconfdir@/tinc/ . .It Fl D, -no-detach Don't fork and detach. This will also disable the automatic restart mechanism for fatal errors. +If not mentioned otherwise, this will show log messages on the standard error output. .It Fl d, -debug Ns Op = Ns Ar LEVEL Increase debug level or set it to .Ar LEVEL @@ -54,7 +57,7 @@ Attempt to kill a running (optionally with the specified .Ar SIGNAL instead of SIGTERM) and exit. -Under native Windows the optional argument is ignored, +Under Windows (not Cygwin) the optional argument is ignored, the service will always be stopped and removed. .It Fl n, -net Ns = Ns Ar NETNAME Connect to net @@ -78,6 +81,7 @@ Write PID to .Ar FILE instead of .Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid. +Under Windows this option will be ignored. .It Fl -bypass-security Disables encryption and authentication of the meta protocol. Only useful for debugging. @@ -130,7 +134,7 @@ It will also any serious error. .It 1 This will log all connections that are made with other tinc daemons. .It 2 -This will log status and error messages from other tinc daemons. +This will log status and error messages from scripts and other tinc daemons. .It 3 This will log all requests that are exchanged with other tinc daemons. These include authentication, key exchange and connection list updates. @@ -141,28 +145,10 @@ This will log all network traffic over the virtual private network. .El .Sh FILES .Bl -tag -width indent -.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc.conf -The configuration file for -.Nm . -.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up -Script which is executed as soon as the virtual network device has been allocated. -Purpose is to further configure that device. -.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-down -Script which is executed when -.Nm -exits. -Purpose is to cleanly shut down the virtual network device before it will be deallocated. -.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/* -The directory containing the host configuration files -used to authenticate other tinc daemons. -.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -up -Script which is executed as soon as host -.Ar NAME -becomes reachable. -.It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ Ns Ar NAME Ns Pa -down -Script which is executed as soon as host -.Ar NAME -becomes unreachable. +.It Pa @sysconfdir@/tinc/ +Directory containing the configuration files tinc uses. +For more information, see +.Xr tinc.conf 5 . .It Pa @localstatedir@/run/tinc. Ns Ar NETNAME Ns Pa .pid The PID of the currently running .Nm From ae070b917066f612e9aba8611c7a5da88e19a51a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 10 Aug 2003 13:35:05 +0000 Subject: [PATCH 843/923] Add a description for the Service control panel. --- src/process.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/process.c b/src/process.c index 1a8592d3..d08f70ff 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.70 2003/08/08 22:45:46 guus Exp $ + $Id: process.c,v 1.1.2.71 2003/08/10 13:35:05 guus Exp $ */ #include "system.h" @@ -85,6 +85,7 @@ bool install_service(void) { char command[4096] = ""; char **argp; bool space; + SERVICE_DESCRIPTION description = {"Virtual Private Network daemon"}; manager = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if(!manager) { @@ -120,6 +121,8 @@ bool install_service(void) { return false; } + ChangeServiceConfig2(service, SERVICE_CONFIG_DESCRIPTION, &description); + logger(LOG_INFO, _("%s service installed"), identname); if(!StartService(service, 0, NULL)) From b038e8db376969e70f1315840428b8a14ec8420f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 12 Aug 2003 12:35:53 +0000 Subject: [PATCH 844/923] Updated dutch translation. --- po/nl.po | 338 ++++++++++++++++++++++++------------------------------- 1 file changed, 150 insertions(+), 188 deletions(-) diff --git a/po/nl.po b/po/nl.po index b2b31632..9c3d23a7 100644 --- a/po/nl.po +++ b/po/nl.po @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2003-08-03 22:09+0200\n" +"POT-Creation-Date: 2003-08-09 20:57+0200\n" "PO-Revision-Date: 2003-05-06 23:10+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -67,61 +67,21 @@ msgstr "" msgid "Failed to read `%s': %s" msgstr "Lezen van `%s' mislukte: %s" -#: src/conf.c:437 -#, c-format -msgid "`%s' is not an absolute path" -msgstr "`%s' is geen absoluut pad" - -#: src/conf.c:453 src/conf.c:481 -#, c-format -msgid "Couldn't stat `%s': %s" -msgstr "Kon `%s' niet statten: %s" - -#: src/conf.c:458 src/conf.c:489 -#, c-format -msgid "`%s' is owned by UID %d instead of %d" -msgstr "`%s' is eigendom van UID %d in plaats van %d" - -#: src/conf.c:464 src/conf.c:495 -#, c-format -msgid "Warning: `%s' is a symlink" -msgstr "Waarschuwing: `%s' is een symbolische link" - -#: src/conf.c:467 src/conf.c:498 -#, c-format -msgid "Unable to read symbolic link `%s': %s" -msgstr "Kan symbolische link `%s' niet lezen: %s" - -#: src/conf.c:509 -#, c-format -msgid "`%s' has unsecure permissions" -msgstr "`%s' heeft onveilige permissies" - -#: src/conf.c:531 +#: src/conf.c:441 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "Geef een bestand om de %s naar de schrijven [%s]: " -#: src/conf.c:538 +#: src/conf.c:448 #, c-format msgid "Error while reading stdin: %s\n" msgstr "Fout tijdens lezen van standaardinvoer: %s\n" -#: src/conf.c:566 +#: src/conf.c:480 #, c-format msgid "Error opening file `%s': %s\n" msgstr "Fout bij het openen van het bestand `%s': %s\n" -#: src/conf.c:575 -#, c-format -msgid "" -"The file `%s' (or any of the leading directories) has unsafe permissions.\n" -"I will not create or overwrite this file.\n" -msgstr "" -"Het bestand `%s' (of een van de voorgaande mappen) heeft onvoldoende " -"bescherming.\n" -"Ik maak of overschrijf dit bestand niet.\n" - #: src/connection.c:49 msgid "everyone" msgstr "iedereen" @@ -148,32 +108,32 @@ msgstr "Einde van verbindingen." msgid "Sending %d bytes of metadata to %s (%s)" msgstr "Verzenden van %d bytes metadata naar %s (%s)" -#: src/meta.c:59 -#, c-format -msgid "Sending meta data to %s (%s) failed: %s" -msgstr "Fout tijdens verzenden metadata naar %s (%s): %s" - -#: src/meta.c:97 -#, c-format -msgid "This is a bug: %s:%d: %d:%s %s (%s)" -msgstr "Dit is een programmeerfout: %s:%d: %d:%s %s (%s)" - -#: src/meta.c:103 -#, c-format -msgid "Metadata socket error for %s (%s): %s" -msgstr "Fout op metadata socket voor %s (%s): %s" - -#: src/meta.c:121 +#: src/meta.c:58 src/meta.c:125 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:126 +#: src/meta.c:63 +#, c-format +msgid "Sending meta data to %s (%s) failed: %s" +msgstr "Fout tijdens verzenden metadata naar %s (%s): %s" + +#: src/meta.c:101 +#, c-format +msgid "This is a bug: %s:%d: %d:%s %s (%s)" +msgstr "Dit is een programmeerfout: %s:%d: %d:%s %s (%s)" + +#: src/meta.c:107 +#, c-format +msgid "Metadata socket error for %s (%s): %s" +msgstr "Fout op metadata socket voor %s (%s): %s" + +#: src/meta.c:130 #, c-format msgid "Metadata socket read error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" -#: src/meta.c:189 +#: src/meta.c:193 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" @@ -273,67 +233,67 @@ msgstr "Fout tijdens comprimeren pakket naar %s (%s)" msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" -#: src/net_packet.c:309 src/net_setup.c:457 src/net_socket.c:74 -#: src/net_socket.c:122 src/net_socket.c:153 src/tincd.c:404 src/tincd.c:438 -#: src/process.c:192 src/process.c:222 src/process.c:404 src/process.c:432 -#: src/cygwin/device.c:147 src/cygwin/device.c:178 src/mingw/device.c:76 -#: src/mingw/device.c:85 src/mingw/device.c:90 src/mingw/device.c:242 -#: src/mingw/device.c:249 src/mingw/device.c:254 src/mingw/device.c:261 -#: src/mingw/device.c:270 src/mingw/device.c:277 +#: src/net_packet.c:309 src/net_setup.c:465 src/net_socket.c:74 +#: src/net_socket.c:122 src/net_socket.c:153 src/tincd.c:433 src/tincd.c:467 +#: src/process.c:204 src/process.c:237 src/process.c:415 +#: src/cygwin/device.c:150 src/cygwin/device.c:181 src/mingw/device.c:76 +#: src/mingw/device.c:85 src/mingw/device.c:90 src/mingw/device.c:245 +#: src/mingw/device.c:252 src/mingw/device.c:257 src/mingw/device.c:264 +#: src/mingw/device.c:273 src/mingw/device.c:280 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" -#: src/net_packet.c:315 +#: src/net_packet.c:314 #, c-format msgid "Error sending packet to %s (%s): %s" msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net_packet.c:332 +#: src/net_packet.c:330 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net_packet.c:336 +#: src/net_packet.c:334 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net_packet.c:341 +#: src/net_packet.c:339 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net_packet.c:349 +#: src/net_packet.c:347 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net_packet.c:368 +#: src/net_packet.c:366 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net_packet.c:385 +#: src/net_packet.c:383 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:406 +#: src/net_packet.c:404 #, c-format msgid "This is a bug: %s:%d: %d:%s" msgstr "Dit is een programmeerfout: %s:%d: %d:%s" -#: src/net_packet.c:413 +#: src/net_packet.c:411 #, c-format msgid "Incoming data socket error: %s" msgstr "Fout op socket voor inkomend verkeer: %s" -#: src/net_packet.c:420 +#: src/net_packet.c:418 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:430 +#: src/net_packet.c:428 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" @@ -358,73 +318,84 @@ msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" msgid "Error reading RSA private key file `%s': %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:183 +#: src/net_setup.c:179 +#, c-format +msgid "Could not stat RSA private key file `%s': %s'" +msgstr "Kon gegevens RSA privé sleutel bestand `%s' niet opvragen: %s" + +#: src/net_setup.c:186 +#, c-format +msgid "Warning: insecure file permissions for RSA private key file `%s'!" +msgstr "" +"Waarschuwing: onveilige permissies voor RSA privé sleutel bestand `%s'!" + +#: src/net_setup.c:193 #, c-format msgid "Reading RSA private key file `%s' failed: %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:215 src/net_setup.c:216 +#: src/net_setup.c:223 src/net_setup.c:224 msgid "MYSELF" msgstr "MIJZELF" -#: src/net_setup.c:222 +#: src/net_setup.c:230 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net_setup.c:227 +#: src/net_setup.c:235 msgid "Invalid name for myself!" msgstr "Ongeldige naam voor mijzelf!" -#: src/net_setup.c:239 +#: src/net_setup.c:247 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net_setup.c:292 +#: src/net_setup.c:300 msgid "Invalid routing mode!" msgstr "Ongeldige routing modus!" -#: src/net_setup.c:303 +#: src/net_setup.c:311 msgid "PriorityInheritance not supported on this platform" msgstr "PriorityInheritance wordt niet ondersteund op dit platform" -#: src/net_setup.c:311 +#: src/net_setup.c:319 msgid "Bogus maximum timeout!" msgstr "Onzinnige maximum timeout!" -#: src/net_setup.c:325 +#: src/net_setup.c:333 msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:343 +#: src/net_setup.c:351 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:380 +#: src/net_setup.c:388 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:393 +#: src/net_setup.c:401 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:396 +#: src/net_setup.c:404 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:410 +#: src/net_setup.c:418 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:479 +#: src/net_setup.c:487 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:490 +#: src/net_setup.c:498 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:492 +#: src/net_setup.c:500 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" @@ -905,7 +876,7 @@ msgstr "Klaar.\n" msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:309 src/tincd.c:328 +#: src/tincd.c:314 src/tincd.c:333 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -913,21 +884,21 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:322 +#: src/tincd.c:327 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:357 +#: src/tincd.c:386 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:378 +#: src/tincd.c:407 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:380 +#: src/tincd.c:409 msgid "" "Copyright (C) 1998-2003 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -944,24 +915,24 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:408 +#: src/tincd.c:437 msgid "mlockall() not supported on this platform!" msgstr "mlockall() wordt niet ondersteund op dit platform!" -#: src/tincd.c:432 +#: src/tincd.c:461 msgid "Error initializing LZO compressor!" msgstr "Fout tijdens initialiseren LZO compressor!" -#: src/tincd.c:460 +#: src/tincd.c:489 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:463 src/process.c:494 +#: src/tincd.c:492 src/process.c:468 msgid "Not restarting." msgstr "Geen herstart." -#: src/tincd.c:479 +#: src/tincd.c:508 msgid "Terminating" msgstr "Beëindigen" @@ -970,159 +941,154 @@ msgstr "Beëindigen" msgid "Memory exhausted (couldn't allocate %d bytes), exitting." msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." -#: src/process.c:90 src/process.c:127 +#: src/process.c:92 src/process.c:139 #, c-format msgid "Could not open service manager: %s" msgstr "Kon service manager niet openen: %s" -#: src/process.c:110 +#: src/process.c:120 #, c-format msgid "Could not create %s service: %s" msgstr "Kon %s service niet aanmaken: %s" -#: src/process.c:114 +#: src/process.c:126 #, c-format msgid "%s service installed" msgstr "%s service geïnstalleerd" -#: src/process.c:117 +#: src/process.c:129 #, c-format msgid "Could not start %s service: %s" msgstr "Kon %s service niet starten: %s" -#: src/process.c:119 +#: src/process.c:131 #, c-format msgid "%s service started" msgstr "%s service gestart" -#: src/process.c:134 +#: src/process.c:146 #, c-format msgid "Could not open %s service: %s" msgstr "Kon %s service niet openen: %s" -#: src/process.c:139 +#: src/process.c:151 #, c-format msgid "Could not stop %s service: %s" msgstr "Kon %s service niet stoppen: %s" -#: src/process.c:141 +#: src/process.c:153 #, c-format msgid "%s service stopped" msgstr "%s service gestopt" -#: src/process.c:144 +#: src/process.c:156 #, c-format msgid "Could not remove %s service: %s" msgstr "Kon %s service niet verwijderen: %s" -#: src/process.c:148 +#: src/process.c:160 #, c-format msgid "%s service removed" msgstr "%s service verwijderd" -#: src/process.c:156 src/process.c:160 +#: src/process.c:168 src/process.c:172 #, c-format msgid "Got %s request" msgstr "Kreeg %s verzoek" -#: src/process.c:164 +#: src/process.c:176 #, c-format msgid "Got unexpected request %d" msgstr "Kreeg onverwacht verzoek %d" -#: src/process.c:243 +#: src/process.c:258 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd draait al voor net `%s' met pid %d.\n" -#: src/process.c:246 +#: src/process.c:261 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met pid %d.\n" -#: src/process.c:272 +#: src/process.c:287 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:275 +#: src/process.c:290 msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:284 +#: src/process.c:299 #, c-format msgid "The tincd for net `%s' is no longer running. " msgstr "De tincd voor net `%s' draait niet meer. " -#: src/process.c:287 +#: src/process.c:302 msgid "The tincd is no longer running. " msgstr "De tincd draait niet meer. " -#: src/process.c:289 +#: src/process.c:304 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:322 +#: src/process.c:337 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:339 +#: src/process.c:354 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:375 -#, c-format -msgid "Could not execute `%s': %s" -msgstr "Kon `%s' niet uitvoeren: %s" - -#: src/process.c:410 +#: src/process.c:379 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:417 +#: src/process.c:402 #, c-format -msgid "Process %d (%s) exited with non-zero status %d" -msgstr "Proces %d (%s) beëindigde met status %d" +msgid "Script %s exited with non-zero status %d" +msgstr "Script %s beëindigde met status %d" -#: src/process.c:423 +#: src/process.c:407 #, c-format -msgid "Process %d (%s) was killed by signal %d (%s)" -msgstr "Proces %d (%s) was gestopt door signaal %d (%s)" +msgid "Script %s was killed by signal %d (%s)" +msgstr "Script %s was gestopt door signaal %d (%s)" -#: src/process.c:427 +#: src/process.c:411 #, c-format -msgid "Process %d (%s) terminated abnormally" -msgstr "Proces %d (%s) abnormaal beëindigd" +msgid "Script %s terminated abnormally" +msgstr "Script %s abnormaal beëindigd" -#: src/process.c:457 src/process.c:463 src/process.c:501 src/process.c:507 -#: src/process.c:525 +#: src/process.c:431 src/process.c:437 src/process.c:475 src/process.c:481 +#: src/process.c:499 #, c-format msgid "Got %s signal" msgstr "Kreeg %s signaal" -#: src/process.c:469 +#: src/process.c:443 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart." -#: src/process.c:478 +#: src/process.c:452 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:482 +#: src/process.c:456 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:510 +#: src/process.c:484 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:516 +#: src/process.c:490 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1131,17 +1097,17 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:549 +#: src/process.c:523 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:555 +#: src/process.c:529 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:609 +#: src/process.c:583 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" @@ -1276,22 +1242,22 @@ msgstr "%s is een %s" #: src/linux/device.c:137 src/linux/device.c:148 src/linux/device.c:159 #: src/freebsd/device.c:75 src/solaris/device.c:126 src/netbsd/device.c:78 -#: src/darwin/device.c:75 src/cygwin/device.c:246 src/mingw/device.c:113 -#: src/mingw/device.c:304 src/raw_socket/device.c:114 +#: src/darwin/device.c:75 src/cygwin/device.c:249 src/mingw/device.c:113 +#: src/mingw/device.c:307 src/raw_socket/device.c:114 #, c-format msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" #: src/linux/device.c:170 src/freebsd/device.c:84 src/solaris/device.c:138 -#: src/netbsd/device.c:90 src/darwin/device.c:87 src/cygwin/device.c:255 -#: src/mingw/device.c:313 src/raw_socket/device.c:123 +#: src/netbsd/device.c:90 src/darwin/device.c:87 src/cygwin/device.c:258 +#: src/mingw/device.c:316 src/raw_socket/device.c:123 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" #: src/linux/device.c:180 src/freebsd/device.c:94 src/solaris/device.c:148 -#: src/netbsd/device.c:100 src/darwin/device.c:97 src/cygwin/device.c:267 -#: src/mingw/device.c:326 src/raw_socket/device.c:133 +#: src/netbsd/device.c:100 src/darwin/device.c:97 src/cygwin/device.c:270 +#: src/mingw/device.c:329 src/raw_socket/device.c:133 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" @@ -1304,22 +1270,22 @@ msgid "Can't write to %s %s: %s" msgstr "Kan niet schrijven naar %s %s: %s" #: src/linux/device.c:219 src/freebsd/device.c:112 src/solaris/device.c:166 -#: src/netbsd/device.c:118 src/darwin/device.c:115 src/cygwin/device.c:284 -#: src/mingw/device.c:343 src/raw_socket/device.c:151 +#: src/netbsd/device.c:118 src/darwin/device.c:115 src/cygwin/device.c:287 +#: src/mingw/device.c:346 src/raw_socket/device.c:151 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" #: src/linux/device.c:220 src/freebsd/device.c:113 src/solaris/device.c:167 -#: src/netbsd/device.c:119 src/darwin/device.c:116 src/cygwin/device.c:285 -#: src/mingw/device.c:344 src/raw_socket/device.c:152 +#: src/netbsd/device.c:119 src/darwin/device.c:116 src/cygwin/device.c:288 +#: src/mingw/device.c:347 src/raw_socket/device.c:152 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" #: src/linux/device.c:221 src/freebsd/device.c:114 src/solaris/device.c:168 -#: src/netbsd/device.c:120 src/darwin/device.c:117 src/cygwin/device.c:286 -#: src/mingw/device.c:345 src/raw_socket/device.c:153 +#: src/netbsd/device.c:120 src/darwin/device.c:117 src/cygwin/device.c:289 +#: src/mingw/device.c:348 src/raw_socket/device.c:153 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" @@ -1328,8 +1294,8 @@ msgstr " totaal aantal bytes uit: %10d" msgid "FreeBSD tap device" msgstr "FreeBSD tap apparaat" -#: src/freebsd/device.c:98 src/darwin/device.c:101 src/cygwin/device.c:271 -#: src/mingw/device.c:330 +#: src/freebsd/device.c:98 src/darwin/device.c:101 src/cygwin/device.c:274 +#: src/mingw/device.c:333 #, c-format msgid "Error while writing to %s %s: %s" msgstr "Fout tijdens schrijven naar %s %s: %s" @@ -1381,38 +1347,38 @@ msgstr "MaxOS/X tun apparaat" msgid "Unable to read registry: %s" msgstr "Kon registry niet lezen: %s" -#: src/cygwin/device.c:130 src/mingw/device.c:204 +#: src/cygwin/device.c:133 src/mingw/device.c:207 msgid "No Windows tap device found!" msgstr "Geen Windows tap apparaat gevonden!" -#: src/cygwin/device.c:156 +#: src/cygwin/device.c:159 #, c-format -msgid "Could not open Windows tap device for writing: %s" -msgstr "Kon Windows tap apparaat niet openen om te schrijven: %s" +msgid "Could not open Windows tap device %s (%s) for writing: %s" +msgstr "Kon Windows tap apparaat %s (%s) niet openen om te schrijven: %s" -#: src/cygwin/device.c:165 +#: src/cygwin/device.c:168 src/mingw/device.c:232 #, c-format -msgid "Could not get MAC address from Windows tap device: %s" -msgstr "Kon MAC adres niet achterhalen van Windows tap apparaat: %s" +msgid "Could not get MAC address from Windows tap device %s (%s): %s" +msgstr "Kon MAC adres niet achterhalen van Windows tap apparaat %s (%s): %s" -#: src/cygwin/device.c:194 +#: src/cygwin/device.c:197 #, c-format -msgid "Could not open Windows tap device for reading: %s" -msgstr "Kon Windows tap apparaat niet openen om te lezen: %s" +msgid "Could not open Windows tap device %s (%s) for reading: %s" +msgstr "Kon Windows tap apparaat %s (%s) niet openen om te lezen: %s" -#: src/cygwin/device.c:200 +#: src/cygwin/device.c:203 msgid "Tap reader forked and running." msgstr "Taplezer is geforked en draait." -#: src/cygwin/device.c:217 +#: src/cygwin/device.c:220 msgid "Tap reader failed!" msgstr "Taplezer faalde!" -#: src/cygwin/device.c:221 src/mingw/device.c:283 +#: src/cygwin/device.c:224 src/mingw/device.c:286 msgid "Windows tap device" msgstr "Windows tap apparaat" -#: src/cygwin/device.c:223 src/mingw/device.c:285 +#: src/cygwin/device.c:226 src/mingw/device.c:288 #, c-format msgid "%s (%s) is a %s" msgstr "%s (%s) is een %s" @@ -1421,14 +1387,10 @@ msgstr "%s (%s) is een %s" msgid "Tap reader running" msgstr "Taplezer draait" -#: src/mingw/device.c:222 +#: src/mingw/device.c:225 #, c-format -msgid "%s (%s) is no a usable Windows tap device!" -msgstr "%s (%s) is geen bruikbaar Windows tap apparaat!" - -#: src/mingw/device.c:229 -msgid "Could not get MAC address from Windows tap device!" -msgstr "Kon MAC adres niet achterhalen van Windows tap apparaat!" +msgid "%s (%s) is not a usable Windows tap device: %s" +msgstr "%s (%s) is geen bruikbaar Windows tap apparaat: %s" #: src/raw_socket/device.c:68 msgid "raw socket" From 1f2670aab295dfd09c8c655611d2a5b820cb00fc Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 12 Aug 2003 14:48:13 +0000 Subject: [PATCH 845/923] Small fixes. --- src/logger.h | 1 + src/meta.c | 9 +++++---- src/meta.h | 4 ++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/logger.h b/src/logger.h index 35cc8af3..fb8ec0b7 100644 --- a/src/logger.h +++ b/src/logger.h @@ -1,4 +1,5 @@ #ifndef __TINC_LOGGER_H__ +#define __TINC_LOGGER_H__ typedef enum debug_t { DEBUG_NOTHING = 0, /* Quiet mode, only show starting/stopping of the daemon */ diff --git a/src/meta.c b/src/meta.c index c2fbd7ed..e6e76d37 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.40 2003/08/08 22:11:54 guus Exp $ + $Id: meta.c,v 1.1.2.41 2003/08/12 14:48:12 guus Exp $ */ #include "system.h" @@ -27,14 +27,15 @@ #include "avl_tree.h" #include "connection.h" #include "logger.h" +#include "meta.h" #include "net.h" #include "protocol.h" #include "system.h" #include "utils.h" -bool send_meta(connection_t *c, char *buffer, int length) +bool send_meta(connection_t *c, const char *buffer, int length) { - char *bufp; + const char *bufp; int outlen; char outbuf[MAXBUFSIZE]; int result; @@ -71,7 +72,7 @@ bool send_meta(connection_t *c, char *buffer, int length) return true; } -void broadcast_meta(connection_t *from, char *buffer, int length) +void broadcast_meta(connection_t *from, const char *buffer, int length) { avl_node_t *node; connection_t *c; diff --git a/src/meta.h b/src/meta.h index f882f146..15439b7c 100644 --- a/src/meta.h +++ b/src/meta.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.h,v 1.1.2.10 2003/07/22 20:55:19 guus Exp $ + $Id: meta.h,v 1.1.2.11 2003/08/12 14:48:13 guus Exp $ */ #ifndef __TINC_META_H__ @@ -26,7 +26,7 @@ #include "connection.h" extern bool send_meta(struct connection_t *, const char *, int); -extern bool broadcast_meta(struct connection_t *, const char *, int); +extern void broadcast_meta(struct connection_t *, const char *, int); extern bool receive_meta(struct connection_t *); #endif /* __TINC_META_H__ */ From 7ed25590257b6ed33dfa879d187a09b0d790794f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 14 Aug 2003 14:21:35 +0000 Subject: [PATCH 846/923] Fix permissions check for rsa_key.priv. --- src/net_setup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index c7c12505..3ab91a05 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.42 2003/08/08 22:11:54 guus Exp $ + $Id: net_setup.c,v 1.1.2.43 2003/08/14 14:21:35 guus Exp $ */ #include "system.h" @@ -182,7 +182,7 @@ bool read_rsa_private_key(void) return false; } - if(s.st_mode & ~0700) + if(s.st_mode & ~0100700) logger(LOG_WARNING, _("Warning: insecure file permissions for RSA private key file `%s'!"), fname); #endif From dbfd6f284e0ff0aa04e6d6e62b902966912da516 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 14 Aug 2003 14:32:34 +0000 Subject: [PATCH 847/923] Update. --- NEWS | 10 ++++++++++ README | 5 +++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 190e758c..4c7c9397 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,13 @@ +version 1.0.1 Aug 14 2003 + +* Allow empty lines in config files. + +* Fix handling of spaces and backslashes in filenames under native Windows. + +* Allow scripts to be executed under native Windows. + +* Update documentation, make it less Linux specific. + version 1.0 Aug 4 2003 * Lots of small bugfixes and code cleanups. diff --git a/README b/README index 4b8de362..1024d608 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is the README file for tinc version 1.0. Installation +This is the README file for tinc version 1.0.1. Installation instructions may be found in the INSTALL file. tinc is Copyright (C) 1998-2003 by: @@ -47,7 +47,8 @@ should be changed into "Device", and "Device" should be changed into Compatibility ------------- -Version 1.0 is compatible with 1.0pre8 but not with older versions of tinc. +Version 1.0.1 is compatible with 1.0 and 1.0pre8 but not with older versions +of tinc. Requirements From 03995ca52ee31ed505902a3c8c3d1119988c8497 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 16 Aug 2003 12:10:28 +0000 Subject: [PATCH 848/923] Simplify fake getname/addrinfo() functions, possibly fixing freeing a NULL pointer. --- lib/fake-getaddrinfo.c | 89 +++++++++++++++--------------------------- lib/fake-getnameinfo.c | 46 +++++++++------------- 2 files changed, 50 insertions(+), 85 deletions(-) diff --git a/lib/fake-getaddrinfo.c b/lib/fake-getaddrinfo.c index 29b3f9b0..0c9fae94 100644 --- a/lib/fake-getaddrinfo.c +++ b/lib/fake-getaddrinfo.c @@ -20,11 +20,11 @@ char *gai_strerror(int ecode) { switch (ecode) { case EAI_NODATA: - return "no address associated with hostname."; + return "No address associated with hostname"; case EAI_MEMORY: - return "memory allocation failure."; + return "Memory allocation failure"; default: - return "unknown error."; + return "Unknown error"; } } #endif /* !HAVE_GAI_STRERROR */ @@ -34,91 +34,66 @@ void freeaddrinfo(struct addrinfo *ai) { struct addrinfo *next; - do { + while(ai) { next = ai->ai_next; free(ai); - } while (NULL != (ai = next)); + ai = next; + } } #endif /* !HAVE_FREEADDRINFO */ #ifndef HAVE_GETADDRINFO -static struct addrinfo *malloc_ai(int port, uint32_t addr) +static struct addrinfo *malloc_ai(uint16_t port, uint32_t addr) { struct addrinfo *ai; - ai = malloc(sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); - if (ai == NULL) - return(NULL); - - memset(ai, 0, sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); + ai = xmalloc_and_zero(sizeof(struct addrinfo) + sizeof(struct sockaddr_in)); ai->ai_addr = (struct sockaddr *)(ai + 1); - /* XXX -- ssh doesn't use sa_len */ ai->ai_addrlen = sizeof(struct sockaddr_in); ai->ai_addr->sa_family = ai->ai_family = AF_INET; ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; - return(ai); + return ai; } -int getaddrinfo(const char *hostname, const char *servname, - const struct addrinfo *hints, struct addrinfo **res) +int getaddrinfo(const char *hostname, const char *servname, const struct addrinfo *hints, struct addrinfo **res) { - struct addrinfo *cur, *prev = NULL; + struct addrinfo *prev = NULL; struct hostent *hp; - struct in_addr in; - int i, port; + struct in_addr in = {0}; + int i; + uint16_t port = 0; if (servname) port = htons(atoi(servname)); - else - port = 0; if (hints && hints->ai_flags & AI_PASSIVE) { - if (NULL != (*res = malloc_ai(port, htonl(0x00000000)))) - return 0; - else - return EAI_MEMORY; + *res = malloc_ai(port, htonl(0x00000000)); + return 0; } if (!hostname) { - if (NULL != (*res = malloc_ai(port, htonl(0x7f000001)))) - return 0; - else - return EAI_MEMORY; - } - -#ifdef HAVE_INET_ATON - if (inet_aton(hostname, &in)) { - if (NULL != (*res = malloc_ai(port, in.s_addr))) - return 0; - else - return EAI_MEMORY; - } -#endif - - hp = gethostbyname(hostname); - if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { - for (i = 0; hp->h_addr_list[i]; i++) { - cur = malloc_ai(port, ((struct in_addr *)hp->h_addr_list[i])->s_addr); - if (cur == NULL) { - if (*res) - freeaddrinfo(*res); - return EAI_MEMORY; - } - - if (prev) - prev->ai_next = cur; - else - *res = cur; - - prev = cur; - } + *res = malloc_ai(port, htonl(0x7f000001)); return 0; } - return EAI_NODATA; + hp = gethostbyname(hostname); + + if(!hp || !hp->h_addr_list[0]) + return EAI_NODATA; + + for (i = 0; hp->h_addr_list[i]; i++) { + *res = malloc_ai(port, ((struct in_addr *)hp->h_addr_list[i])->s_addr); + + if(prev) + prev->ai_next = *res; + + prev = *res; + } + + return 0; } #endif /* !HAVE_GETADDRINFO */ diff --git a/lib/fake-getnameinfo.c b/lib/fake-getnameinfo.c index 8774da27..6630decc 100644 --- a/lib/fake-getnameinfo.c +++ b/lib/fake-getnameinfo.c @@ -16,41 +16,31 @@ #ifndef HAVE_GETNAMEINFO -int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, - size_t hostlen, char *serv, size_t servlen, int flags) +int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, size_t hostlen, char *serv, size_t servlen, int flags) { struct sockaddr_in *sin = (struct sockaddr_in *)sa; struct hostent *hp; - char tmpserv[16]; - if (serv) { - snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port)); - if (strlen(tmpserv) >= servlen) - return EAI_MEMORY; - else - strcpy(serv, tmpserv); + if(serv) + snprintf(serv, sizeof(tmpserv), "%d", ntohs(sin->sin_port)); + + if(!host) + return 0; + + if(flags & NI_NUMERICHOST) { + strncpy(host, inet_ntoa(sin->sin_addr), sizeof(host)); + return 0; } - if (host) { - if (flags & NI_NUMERICHOST) { - if (strlen(inet_ntoa(sin->sin_addr)) >= hostlen) - return EAI_MEMORY; + hp = gethostbyaddr((char *)&sin->sin_addr, sizeof(struct in_addr), AF_INET); + + if(!hp || !hp->h_name) + return EAI_NODATA; + + if(strlen(hp->h_name) >= hostlen) + return EAI_MEMORY; - strcpy(host, inet_ntoa(sin->sin_addr)); - return 0; - } else { - hp = gethostbyaddr((char *)&sin->sin_addr, - sizeof(struct in_addr), AF_INET); - if (hp == NULL) - return EAI_NODATA; - - if (strlen(hp->h_name) >= hostlen) - return EAI_MEMORY; - - strcpy(host, hp->h_name); - return 0; - } - } + strncpy(host, hp->h_name, hostlen); return 0; } #endif /* !HAVE_GETNAMEINFO */ From fd40130eb6bbba34176d34936a01bb6a6f9121d4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 16 Aug 2003 12:11:11 +0000 Subject: [PATCH 849/923] stat() batch files under Windows. --- src/process.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/src/process.c b/src/process.c index d08f70ff..fd19f4d2 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.71 2003/08/10 13:35:05 guus Exp $ + $Id: process.c,v 1.1.2.72 2003/08/16 12:11:11 guus Exp $ */ #include "system.h" @@ -93,12 +93,17 @@ bool install_service(void) { return false; } + strncat(command, "\"", sizeof(command)); + if(!strchr(program_name, '\\')) { GetCurrentDirectory(sizeof(command), command); strncat(command, "\\", sizeof(command)); } strncat(command, program_name, sizeof(command)); + + strncat(command, "\"", sizeof(command)); + for(argp = g_argv + 1; *argp; argp++) { space = strchr(*argp, ' '); strncat(command, " ", sizeof(command)); @@ -362,25 +367,29 @@ bool detach(void) bool execute_script(const char *name, char **envp) { #ifdef HAVE_SYSTEM - int status; + int status, len; struct stat s; char *scriptname; cp(); #ifndef HAVE_MINGW - asprintf(&scriptname, "%s/%s", confbase, name); + len = asprintf(&scriptname, "\"%s/%s\"", confbase, name); +#else + len = asprintf(&scriptname, "\"%s/%s.bat\"", confbase, name); +#endif + if(len < 0) + return false; + + scriptname[len - 1] = '\0'; /* First check if there is a script */ - if(stat(scriptname, &s)) + if(stat(scriptname + 1, &s)) return true; ifdebug(STATUS) logger(LOG_INFO, _("Executing script %s"), name); - free(scriptname); -#endif - #ifdef HAVE_PUTENV /* Set environment */ @@ -388,7 +397,7 @@ bool execute_script(const char *name, char **envp) putenv(*envp++); #endif - asprintf(&scriptname, "\"%s/%s\"", confbase, name); + scriptname[len - 1] = '\"'; status = system(scriptname); free(scriptname); From f4e80cc5e0d1689bcdd828ac7f158bd634b7dd20 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 16 Aug 2003 12:40:01 +0000 Subject: [PATCH 850/923] Don't getsockopt() SO_ERROR. We get the error from send()/recv() anyway. --- src/meta.c | 14 +------------- src/net_packet.c | 14 +------------- 2 files changed, 2 insertions(+), 26 deletions(-) diff --git a/src/meta.c b/src/meta.c index e6e76d37..0e4b0d22 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.41 2003/08/12 14:48:12 guus Exp $ + $Id: meta.c,v 1.1.2.42 2003/08/16 12:40:00 guus Exp $ */ #include "system.h" @@ -98,18 +98,6 @@ bool receive_meta(connection_t *c) cp(); - if(getsockopt(c->socket, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - logger(LOG_ERR, _("This is a bug: %s:%d: %d:%s %s (%s)"), __FILE__, - __LINE__, c->socket, strerror(errno), c->name, c->hostname); - return false; - } - - if(x) { - logger(LOG_ERR, _("Metadata socket error for %s (%s): %s"), - c->name, c->hostname, strerror(x)); - return false; - } - /* Strategy: - Read as much as possible from the TCP socket in one go. - Decrypt it. diff --git a/src/net_packet.c b/src/net_packet.c index aa5bea34..0828525f 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.37 2003/08/08 19:42:35 guus Exp $ + $Id: net_packet.c,v 1.1.2.38 2003/08/16 12:40:01 guus Exp $ */ #include "system.h" @@ -400,18 +400,6 @@ void handle_incoming_vpn_data(int sock) cp(); - if(getsockopt(sock, SOL_SOCKET, SO_ERROR, &x, &l) < 0) { - logger(LOG_ERR, _("This is a bug: %s:%d: %d:%s"), - __FILE__, __LINE__, sock, strerror(errno)); - cp_trace(); - exit(1); - } - - if(x) { - logger(LOG_ERR, _("Incoming data socket error: %s"), strerror(x)); - return; - } - pkt.len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); if(pkt.len <= 0) { From 2236e05e518c9e317d82c027596bea5228725214 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 17 Aug 2003 08:32:39 +0000 Subject: [PATCH 851/923] Fix fake getnameinfo() and check more arguments. --- lib/fake-gai-errnos.h | 3 ++- lib/fake-getaddrinfo.c | 7 ++++++- lib/fake-getnameinfo.c | 23 ++++++++++++++++------- 3 files changed, 24 insertions(+), 9 deletions(-) diff --git a/lib/fake-gai-errnos.h b/lib/fake-gai-errnos.h index fc65fa74..f54cf55c 100644 --- a/lib/fake-gai-errnos.h +++ b/lib/fake-gai-errnos.h @@ -5,10 +5,11 @@ * See getaddrinfo.c and getnameinfo.c. */ -/* $Id: fake-gai-errnos.h,v 1.1.2.2 2003/07/12 17:41:45 guus Exp $ */ +/* $Id: fake-gai-errnos.h,v 1.1.2.3 2003/08/17 08:32:38 guus Exp $ */ /* for old netdb.h */ #ifndef EAI_NODATA #define EAI_NODATA 1 #define EAI_MEMORY 2 +#define EAI_FAMILY 3 #endif diff --git a/lib/fake-getaddrinfo.c b/lib/fake-getaddrinfo.c index 0c9fae94..161c826f 100644 --- a/lib/fake-getaddrinfo.c +++ b/lib/fake-getaddrinfo.c @@ -23,6 +23,8 @@ char *gai_strerror(int ecode) return "No address associated with hostname"; case EAI_MEMORY: return "Memory allocation failure"; + case EAI_FAMILY: + return "Address family not supported"; default: return "Unknown error"; } @@ -67,6 +69,9 @@ int getaddrinfo(const char *hostname, const char *servname, const struct addrinf int i; uint16_t port = 0; + if(hints && hints->ai_family != AF_INET && hints->ai_family != AF_UNSPEC) + return EAI_FAMILY; + if (servname) port = htons(atoi(servname)); @@ -82,7 +87,7 @@ int getaddrinfo(const char *hostname, const char *servname, const struct addrinf hp = gethostbyname(hostname); - if(!hp || !hp->h_addr_list[0]) + if(!hp || !hp->h_addr_list || !hp->h_addr_list[0]) return EAI_NODATA; for (i = 0; hp->h_addr_list[i]; i++) { diff --git a/lib/fake-getnameinfo.c b/lib/fake-getnameinfo.c index 6630decc..a0e1df33 100644 --- a/lib/fake-getnameinfo.c +++ b/lib/fake-getnameinfo.c @@ -20,27 +20,36 @@ int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, size_t host { struct sockaddr_in *sin = (struct sockaddr_in *)sa; struct hostent *hp; + int len; - if(serv) - snprintf(serv, sizeof(tmpserv), "%d", ntohs(sin->sin_port)); + if(sa->sa_family != AF_INET) + return EAI_FAMILY; - if(!host) + if(serv && servlen) { + len = snprintf(serv, servlen, "%d", ntohs(sin->sin_port)); + if(len < 0 || len >= servlen) + return EAI_MEMORY; + } + + if(!host || !hostlen) return 0; if(flags & NI_NUMERICHOST) { - strncpy(host, inet_ntoa(sin->sin_addr), sizeof(host)); + len = snprintf((host, hostlen, "%s", inet_ntoa(sin->sin_addr)); + if(len < 0 || len >= hostlen) + return EAI_MEMORY; return 0; } hp = gethostbyaddr((char *)&sin->sin_addr, sizeof(struct in_addr), AF_INET); - if(!hp || !hp->h_name) + if(!hp || !hp->h_name || !hp->h_name[0]) return EAI_NODATA; - if(strlen(hp->h_name) >= hostlen) + len = snprintf((host, hostlen, "%s", hp->h_name); + if(len < 0 || len >= hostlen) return EAI_MEMORY; - strncpy(host, hp->h_name, hostlen); return 0; } #endif /* !HAVE_GETNAMEINFO */ From 5e7c52610f8c8b9c38e437ef166a08372d5b8a61 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 17 Aug 2003 09:03:30 +0000 Subject: [PATCH 852/923] Fix --logfile under Windows. --- src/tincd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tincd.c b/src/tincd.c index cec0ee5e..9e0ad4aa 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.85 2003/08/08 22:11:54 guus Exp $ + $Id: tincd.c,v 1.10.4.86 2003/08/17 09:03:30 guus Exp $ */ #include "system.h" @@ -358,7 +358,7 @@ static void make_names(void) #ifdef HAVE_MINGW if(!RegOpenKeyEx(HKEY_LOCAL_MACHINE, "SOFTWARE\\tinc", 0, KEY_READ, &key)) { if(!RegQueryValueEx(key, NULL, 0, 0, installdir, &len)) { - if(!pidfilename) + if(!logfilename) asprintf(&logfilename, "%s/log/%s.log", identname); if(!confbase) { if(netname) From 3112e6a863b4421eb1a0b32632b86c55e47f989e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 17 Aug 2003 09:04:00 +0000 Subject: [PATCH 853/923] Use the event log under Windows. --- src/logger.c | 25 ++++++++++++++++++++++++- src/logger.h | 11 +++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/src/logger.c b/src/logger.c index 2421464a..52a5bb27 100644 --- a/src/logger.c +++ b/src/logger.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: logger.c,v 1.1.2.9 2003/08/02 20:50:38 guus Exp $ + $Id: logger.c,v 1.1.2.10 2003/08/17 09:04:00 guus Exp $ */ #include "system.h" @@ -30,6 +30,9 @@ static logmode_t logmode = LOGMODE_STDERR; static pid_t logpid; extern char *logfilename; static FILE *logfile = NULL; +#ifdef HAVE_MINGW +static HANDLE loghandle = NULL; +#endif static const char *logident = NULL; void openlogger(const char *ident, logmode_t mode) { @@ -47,9 +50,16 @@ void openlogger(const char *ident, logmode_t mode) { logmode = LOGMODE_NULL; break; case LOGMODE_SYSLOG: +#ifdef HAVE_MINGW + loghandle = OpenEventLog(NULL, identname); + if(!loghandle) + logmode = LOGMODE_NULL; + break; +#else #ifdef HAVE_SYSLOG_H openlog(logident, LOG_CONS | LOG_PID, LOG_DAEMON); break; +#endif #endif case LOGMODE_NULL: break; @@ -74,6 +84,13 @@ void logger(int priority, const char *format, ...) { fflush(logfile); break; case LOGMODE_SYSLOG: +#ifdef HAVE_MINGW + { + char message[4096]; + vsnprintf(message, sizeof(message), format, ap); + ReportEvent(loghandle, priority, 0, 0, NULL, 1, 0, &message, NULL); + } +#else #ifdef HAVE_SYSLOG_H #ifdef HAVE_VSYSLOG vsyslog(priority, format, ap); @@ -85,6 +102,7 @@ void logger(int priority, const char *format, ...) { } #endif break; +#endif #endif case LOGMODE_NULL: break; @@ -99,9 +117,14 @@ void closelogger(void) { fclose(logfile); break; case LOGMODE_SYSLOG: +#ifdef HAVE_MINGW + CloseEventLog(loghandle); + break; +#else #ifdef HAVE_SYSLOG_H closelog(); break; +#endif #endif case LOGMODE_NULL: case LOGMODE_STDERR: diff --git a/src/logger.h b/src/logger.h index fb8ec0b7..9c20eada 100644 --- a/src/logger.h +++ b/src/logger.h @@ -21,6 +21,16 @@ typedef enum logmode_t { LOGMODE_SYSLOG } logmode_t; +#ifdef HAVE_MINGW +#define LOG_EMERG EVENTLOG_ERROR_TYPE +#define LOG_ALERT EVENTLOG_ERROR_TYPE +#define LOG_CRIT EVENTLOG_ERROR_TYPE +#define LOG_ERR EVENTLOG_ERROR_TYPE +#define LOG_WARNING EVENTLOG_WARNING_TYPE +#define LOG_NOTICE EVENTLOG_INFORMATION_TYPE +#define LOG_INFO EVENTLOG_INFORMATION_TYPE +#define LOG_DEBUG EVENTLOG_INFORMATION_TYPE +#else #ifndef HAVE_SYSLOG_H enum { LOG_EMERG, @@ -33,6 +43,7 @@ enum { LOG_DEBUG, }; #endif +#endif extern debug_t debug_level; extern void openlogger(const char *, logmode_t); From 107448698fc078bbd4cdbacdfbf51298ddc9ea65 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 17 Aug 2003 12:03:40 +0000 Subject: [PATCH 854/923] Compilation fix. --- lib/fake-getnameinfo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/fake-getnameinfo.c b/lib/fake-getnameinfo.c index a0e1df33..796efdf8 100644 --- a/lib/fake-getnameinfo.c +++ b/lib/fake-getnameinfo.c @@ -35,7 +35,7 @@ int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, size_t host return 0; if(flags & NI_NUMERICHOST) { - len = snprintf((host, hostlen, "%s", inet_ntoa(sin->sin_addr)); + len = snprintf(host, hostlen, "%s", inet_ntoa(sin->sin_addr)); if(len < 0 || len >= hostlen) return EAI_MEMORY; return 0; @@ -46,7 +46,7 @@ int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, size_t host if(!hp || !hp->h_name || !hp->h_name[0]) return EAI_NODATA; - len = snprintf((host, hostlen, "%s", hp->h_name); + len = snprintf(host, hostlen, "%s", hp->h_name); if(len < 0 || len >= hostlen) return EAI_MEMORY; From 46cfe6199449a86eb58abaeac45b4021ffa7e178 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 17 Aug 2003 12:04:35 +0000 Subject: [PATCH 855/923] Do what the SDK documentation tells. --- src/logger.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/logger.c b/src/logger.c index 52a5bb27..02f3f0f8 100644 --- a/src/logger.c +++ b/src/logger.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: logger.c,v 1.1.2.10 2003/08/17 09:04:00 guus Exp $ + $Id: logger.c,v 1.1.2.11 2003/08/17 12:04:35 guus Exp $ */ #include "system.h" @@ -51,7 +51,7 @@ void openlogger(const char *ident, logmode_t mode) { break; case LOGMODE_SYSLOG: #ifdef HAVE_MINGW - loghandle = OpenEventLog(NULL, identname); + loghandle = RegisterEventSource(NULL, logident); if(!loghandle) logmode = LOGMODE_NULL; break; @@ -87,8 +87,9 @@ void logger(int priority, const char *format, ...) { #ifdef HAVE_MINGW { char message[4096]; + char *messages[] = {message}; vsnprintf(message, sizeof(message), format, ap); - ReportEvent(loghandle, priority, 0, 0, NULL, 1, 0, &message, NULL); + ReportEvent(loghandle, priority, 0, 0, NULL, 1, 0, messages, NULL); } #else #ifdef HAVE_SYSLOG_H @@ -118,7 +119,7 @@ void closelogger(void) { break; case LOGMODE_SYSLOG: #ifdef HAVE_MINGW - CloseEventLog(loghandle); + DeregisterEventSource(loghandle); break; #else #ifdef HAVE_SYSLOG_H From 5ac4179df66747a7013a10d576c23531d2b4fc58 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 17 Aug 2003 12:05:08 +0000 Subject: [PATCH 856/923] If we're not in main_loop() and the service is stopped, exit immediately. --- src/net.c | 4 ++-- src/process.c | 14 +++++++++----- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/net.c b/src/net.c index a8d7cc6e..7d8c58c0 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.196 2003/08/02 20:50:38 guus Exp $ + $Id: net.c,v 1.35.4.197 2003/08/17 12:05:08 guus Exp $ */ #include "system.h" @@ -42,7 +42,7 @@ #include "xalloc.h" bool do_purge = false; -volatile bool running; +volatile bool running = false; time_t now = 0; diff --git a/src/process.c b/src/process.c index fd19f4d2..35296f04 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.72 2003/08/16 12:11:11 guus Exp $ + $Id: process.c,v 1.1.2.73 2003/08/17 12:05:08 guus Exp $ */ #include "system.h" @@ -171,24 +171,28 @@ DWORD WINAPI controlhandler(DWORD request, DWORD type, LPVOID boe, LPVOID bah) { switch(request) { case SERVICE_CONTROL_STOP: logger(LOG_NOTICE, _("Got %s request"), "SERVICE_CONTROL_STOP"); - running = false; break; case SERVICE_CONTROL_SHUTDOWN: logger(LOG_NOTICE, _("Got %s request"), "SERVICE_CONTROL_SHUTDOWN"); - running = false; break; default: logger(LOG_WARNING, _("Got unexpected request %d"), request); return ERROR_CALL_NOT_IMPLEMENTED; } - if(!running) { + if(running) { + running = false; status.dwWaitHint = 30000; status.dwCurrentState = SERVICE_STOP_PENDING; SetServiceStatus(statushandle, &status); + return NO_ERROR; + } else { + status.dwWaitHint = 0; + status.dwCurrentState = SERVICE_STOPPED; + SetServiceStatus(statushandle, &status); + exit(1); } - return NO_ERROR; } VOID WINAPI run_service(DWORD argc, LPTSTR* argv) From 72bdc05cb7e246e56ed21a25256d441c45fccca8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 22 Aug 2003 11:18:42 +0000 Subject: [PATCH 857/923] Allow tinc to handle unknown type addresses from other tinc daemons. --- src/edge.c | 11 ++++++----- src/graph.c | 5 +++-- src/meta.c | 4 +--- src/net.h | 13 ++++++++++++- src/net_packet.c | 3 +-- src/netutl.c | 49 ++++++++++++++++++++++++++++++++++++++++++------ src/netutl.h | 4 +++- src/node.c | 8 +++++--- 8 files changed, 74 insertions(+), 23 deletions(-) diff --git a/src/edge.c b/src/edge.c index 9dbb0c89..69f2c7f5 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.25 2003/07/30 11:50:45 guus Exp $ + $Id: edge.c,v 1.1.2.26 2003/08/22 11:18:42 guus Exp $ */ #include "system.h" @@ -58,15 +58,14 @@ void init_edges(void) { cp(); - edge_weight_tree = - avl_alloc_tree((avl_compare_t) edge_weight_compare, NULL); + edge_weight_tree = avl_alloc_tree((avl_compare_t) edge_weight_compare, NULL); } avl_tree_t *new_edge_tree(void) { cp(); - return avl_alloc_tree((avl_compare_t) edge_compare, NULL); + return avl_alloc_tree((avl_compare_t) edge_compare, (avl_action_t) free_edge); } void free_edge_tree(avl_tree_t *edge_tree) @@ -95,6 +94,8 @@ edge_t *new_edge(void) void free_edge(edge_t *e) { cp(); + + sockaddrfree(&e->address); free(e); } @@ -119,8 +120,8 @@ void edge_del(edge_t *e) if(e->reverse) e->reverse->reverse = NULL; - avl_delete(e->from->edge_tree, e); avl_delete(edge_weight_tree, e); + avl_delete(e->from->edge_tree, e); } edge_t *lookup_edge(node_t *from, node_t *to) diff --git a/src/graph.c b/src/graph.c index e57ffe50..6ec3724e 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.27 2003/07/22 20:55:19 guus Exp $ + $Id: graph.c,v 1.1.2.28 2003/08/22 11:18:42 guus Exp $ */ /* We need to generate two trees from the graph: @@ -220,7 +220,8 @@ void sssp_bfs(void) if(sockaddrcmp(&e->to->address, &e->address)) { node = avl_unlink(node_udp_tree, e->to); - e->to->address = e->address; + sockaddrfree(&e->to->address); + sockaddrcpy(&e->to->address, &e->address); if(e->to->hostname) free(e->to->hostname); diff --git a/src/meta.c b/src/meta.c index 0e4b0d22..d6bf135a 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.42 2003/08/16 12:40:00 guus Exp $ + $Id: meta.c,v 1.1.2.43 2003/08/22 11:18:42 guus Exp $ */ #include "system.h" @@ -89,8 +89,6 @@ void broadcast_meta(connection_t *from, const char *buffer, int length) bool receive_meta(connection_t *c) { - int x; - socklen_t l = sizeof(x); int oldlen, i; int lenin, reqlen; bool decrypted = false; diff --git a/src/net.h b/src/net.h index 06c0504c..d295fed9 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.69 2003/08/02 20:50:38 guus Exp $ + $Id: net.h,v 1.9.4.70 2003/08/22 11:18:42 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -54,10 +54,21 @@ typedef struct ipv6_t { typedef short length_t; +#define AF_UNKNOWN 0xFFFF + +struct sockaddr_unknown { + uint16_t family; + uint16_t pad1; + uint32_t pad2; + char *address; + char *port; +}; + typedef union sockaddr_t { struct sockaddr sa; struct sockaddr_in in; struct sockaddr_in6 in6; + struct sockaddr_unknown unknown; #ifdef HAVE_STRUCT_SOCKADDR_STORAGE struct sockaddr_storage storage; #endif diff --git a/src/net_packet.c b/src/net_packet.c index 0828525f..8f47f23f 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.38 2003/08/16 12:40:01 guus Exp $ + $Id: net_packet.c,v 1.1.2.39 2003/08/22 11:18:42 guus Exp $ */ #include "system.h" @@ -392,7 +392,6 @@ void flush_queue(node_t *n) void handle_incoming_vpn_data(int sock) { vpn_packet_t pkt; - int x, l = sizeof(x); char *hostname; sockaddr_t from; socklen_t fromlen = sizeof(from); diff --git a/src/netutl.c b/src/netutl.c index 7a214702..1ab4c2cb 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.52 2003/08/03 12:38:43 guus Exp $ + $Id: netutl.c,v 1.12.4.53 2003/08/22 11:18:42 guus Exp $ */ #include "system.h" @@ -70,11 +70,12 @@ sockaddr_t str2sockaddr(const char *address, const char *port) err = getaddrinfo(address, port, &hint, &ai); if(err || !ai) { - logger(LOG_ERR, _("Error looking up %s port %s: %s"), address, port, - gai_strerror(err)); - cp_trace(); - raise(SIGFPE); - exit(0); + ifdebug(SCARY_THINGS) + logger(LOG_DEBUG, "Unknown type address %s port %s", address, port); + result.sa.sa_family = AF_UNKNOWN; + result.unknown.address = xstrdup(address); + result.unknown.port = xstrdup(port); + return result; } result = *(sockaddr_t *) ai->ai_addr; @@ -92,6 +93,12 @@ void sockaddr2str(const sockaddr_t *sa, char **addrstr, char **portstr) cp(); + if(sa->sa.sa_family == AF_UNKNOWN) { + *addrstr = xstrdup(sa->unknown.address); + *portstr = xstrdup(sa->unknown.port); + return; + } + err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), NI_NUMERICHOST | NI_NUMERICSERV); if(err) { @@ -120,6 +127,11 @@ char *sockaddr2hostname(const sockaddr_t *sa) cp(); + if(sa->sa.sa_family == AF_UNKNOWN) { + asprintf(&str, _("%s port %s"), sa->unknown.address, sa->unknown.port); + return str; + } + err = getnameinfo(&sa->sa, SALEN(sa->sa), address, sizeof(address), port, sizeof(port), hostnames ? 0 : (NI_NUMERICHOST | NI_NUMERICSERV)); if(err) { @@ -147,6 +159,14 @@ int sockaddrcmp(const sockaddr_t *a, const sockaddr_t *b) case AF_UNSPEC: return 0; + case AF_UNKNOWN: + result = strcmp(a->unknown.address, b->unknown.address); + + if(result) + return result; + + return strcmp(a->unknown.port, b->unknown.port); + case AF_INET: result = memcmp(&a->in.sin_addr, &b->in.sin_addr, sizeof(a->in.sin_addr)); @@ -172,6 +192,23 @@ int sockaddrcmp(const sockaddr_t *a, const sockaddr_t *b) } } +void sockaddrcpy(sockaddr_t *a, const sockaddr_t *b) { + if(b->sa.sa_family != AF_UNKNOWN) { + *a = *b; + } else { + a->unknown.family = AF_UNKNOWN; + a->unknown.address = xstrdup(b->unknown.address); + a->unknown.port = xstrdup(b->unknown.port); + } +} + +void sockaddrfree(sockaddr_t *a) { + if(a->sa.sa_family == AF_UNKNOWN) { + free(a->unknown.address); + free(a->unknown.port); + } +} + void sockaddrunmap(sockaddr_t *sa) { if(sa->sa.sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sa->in6.sin6_addr)) { diff --git a/src/netutl.h b/src/netutl.h index d5a7feb8..ff557efd 100644 --- a/src/netutl.h +++ b/src/netutl.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.h,v 1.2.4.18 2003/07/24 12:08:15 guus Exp $ + $Id: netutl.h,v 1.2.4.19 2003/08/22 11:18:42 guus Exp $ */ #ifndef __TINC_NETUTL_H__ @@ -33,6 +33,8 @@ extern void sockaddr2str(const sockaddr_t *, char **, char **); extern char *sockaddr2hostname(const sockaddr_t *); extern int sockaddrcmp(const sockaddr_t *, const sockaddr_t *); extern void sockaddrunmap(sockaddr_t *); +extern void sockaddrfree(sockaddr_t *); +extern void sockaddrcpy(sockaddr_t *, const sockaddr_t *); extern int maskcmp(const void *, const void *, int, int); extern void maskcpy(void *, const void *, int, int); extern void mask(void *, int, int); diff --git a/src/node.c b/src/node.c index b69c5b1c..f40fb19e 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.26 2003/07/30 11:50:45 guus Exp $ + $Id: node.c,v 1.1.2.27 2003/08/22 11:18:42 guus Exp $ */ #include "system.h" @@ -58,7 +58,7 @@ void init_nodes(void) { cp(); - node_tree = avl_alloc_tree((avl_compare_t) node_compare, NULL); + node_tree = avl_alloc_tree((avl_compare_t) node_compare, (avl_action_t) free_node); node_udp_tree = avl_alloc_tree((avl_compare_t) node_udp_compare, NULL); } @@ -66,8 +66,8 @@ void exit_nodes(void) { cp(); - avl_delete_tree(node_tree); avl_delete_tree(node_udp_tree); + avl_delete_tree(node_tree); } node_t *new_node(void) @@ -106,6 +106,8 @@ void free_node(node_t *n) if(n->edge_tree) free_edge_tree(n->edge_tree); + sockaddrfree(&n->address); + EVP_CIPHER_CTX_cleanup(&n->packet_ctx); free(n); From 570e7e9c615388cfba263c7a7c66cbc3d092d6e7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 22 Aug 2003 15:05:01 +0000 Subject: [PATCH 858/923] Don't overwrite the first " when installing a service. --- src/process.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/process.c b/src/process.c index 35296f04..d1bebcd7 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.73 2003/08/17 12:05:08 guus Exp $ + $Id: process.c,v 1.1.2.74 2003/08/22 15:05:01 guus Exp $ */ #include "system.h" @@ -82,7 +82,7 @@ static SERVICE_STATUS status = {0}; static SERVICE_STATUS_HANDLE statushandle = 0; bool install_service(void) { - char command[4096] = ""; + char command[4096] = "\""; char **argp; bool space; SERVICE_DESCRIPTION description = {"Virtual Private Network daemon"}; @@ -93,10 +93,8 @@ bool install_service(void) { return false; } - strncat(command, "\"", sizeof(command)); - if(!strchr(program_name, '\\')) { - GetCurrentDirectory(sizeof(command), command); + GetCurrentDirectory(sizeof(command) - 1, command + 1); strncat(command, "\\", sizeof(command)); } @@ -117,6 +115,8 @@ bool install_service(void) { strncat(command, "\"", sizeof(command)); } + logger(LOG_DEBUG, "Command: '%s'", command); + service = CreateService(manager, identname, identname, SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, command, "NDIS", NULL, NULL, NULL, NULL); From 22dd23b650eb9b760bc68ab3a9227caf3b449140 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 22 Aug 2003 15:03:59 +0000 Subject: [PATCH 859/923] Add checkpoints. --- src/netutl.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/netutl.c b/src/netutl.c index 1ab4c2cb..c12ed93c 100644 --- a/src/netutl.c +++ b/src/netutl.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: netutl.c,v 1.12.4.53 2003/08/22 11:18:42 guus Exp $ + $Id: netutl.c,v 1.12.4.54 2003/08/22 15:03:59 guus Exp $ */ #include "system.h" @@ -193,6 +193,8 @@ int sockaddrcmp(const sockaddr_t *a, const sockaddr_t *b) } void sockaddrcpy(sockaddr_t *a, const sockaddr_t *b) { + cp(); + if(b->sa.sa_family != AF_UNKNOWN) { *a = *b; } else { @@ -203,6 +205,8 @@ void sockaddrcpy(sockaddr_t *a, const sockaddr_t *b) { } void sockaddrfree(sockaddr_t *a) { + cp(); + if(a->sa.sa_family == AF_UNKNOWN) { free(a->unknown.address); free(a->unknown.port); @@ -211,6 +215,8 @@ void sockaddrfree(sockaddr_t *a) { void sockaddrunmap(sockaddr_t *sa) { + cp(); + if(sa->sa.sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&sa->in6.sin6_addr)) { sa->in.sin_addr.s_addr = ((uint32_t *) & sa->in6.sin6_addr)[3]; sa->in.sin_family = AF_INET; From 89c9f3ed8fddb316d0f9ef7de30bdc76fba39e41 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 22 Aug 2003 15:04:26 +0000 Subject: [PATCH 860/923] When purging nodes, only delete them if nobody references them anymore. --- src/net.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/src/net.c b/src/net.c index 7d8c58c0..1f0655bb 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.197 2003/08/17 12:05:08 guus Exp $ + $Id: net.c,v 1.35.4.198 2003/08/22 15:04:26 guus Exp $ */ #include "system.h" @@ -59,6 +59,8 @@ static void purge(void) ifdebug(PROTOCOL) logger(LOG_DEBUG, _("Purging unreachable nodes")); + /* Remove all edges and subnets owned by unreachable nodes. */ + for(nnode = node_tree->head; nnode; nnode = nnext) { nnext = nnode->next; n = (node_t *) nnode->data; @@ -80,8 +82,26 @@ static void purge(void) send_del_edge(broadcast, e); edge_del(e); } + } + } - node_del(n); + /* Check if anyone else claims to have an edge to an unreachable node. If not, delete node. */ + + for(nnode = node_tree->head; nnode; nnode = nnext) { + nnext = nnode->next; + n = (node_t *) nnode->data; + + if(!n->status.reachable) { + for(enode = edge_weight_tree->head; enode; enode = enext) { + enext = enode->next; + e = (edge_t *) enode->data; + + if(e->to == n) + break; + } + + if(!enode) + node_del(n); } } } From 3e0b28b0c4d874934dde7b487a56cfacc956e3b4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 22 Aug 2003 15:07:57 +0000 Subject: [PATCH 861/923] Remove debug message. --- src/process.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/process.c b/src/process.c index d1bebcd7..2050c059 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.74 2003/08/22 15:05:01 guus Exp $ + $Id: process.c,v 1.1.2.75 2003/08/22 15:07:57 guus Exp $ */ #include "system.h" @@ -115,8 +115,6 @@ bool install_service(void) { strncat(command, "\"", sizeof(command)); } - logger(LOG_DEBUG, "Command: '%s'", command); - service = CreateService(manager, identname, identname, SERVICE_ALL_ACCESS, SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, command, "NDIS", NULL, NULL, NULL, NULL); From ffb55e6904426a31c03b56c3bd87bb60db0624c6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 22 Aug 2003 21:32:45 +0000 Subject: [PATCH 862/923] Add license exception from Markus Oberhumer. --- COPYING.README | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/COPYING.README b/COPYING.README index 144207e5..26b4b1db 100644 --- a/COPYING.README +++ b/COPYING.README @@ -1,4 +1,14 @@ -This program is released under the GPL with the additional exemption -that compiling, linking, and/or using OpenSSL is allowed. You may -provide binary packages linked to the OpenSSL libraries, provided that -all other requirements of the GPL are met. +The following applies to tinc: + +This program is released under the GPL with the additional exemption that +compiling, linking, and/or using OpenSSL is allowed. You may provide binary +packages linked to the OpenSSL libraries, provided that all other requirements +of the GPL are met. + +The following applies to the LZO library: + +Hereby I grant a special exception to the tinc VPN project +(http://tinc.nl.linux.org/) to link the LZO library with the OpenSSL library +(http://www.openssl.org). + +Markus F.X.J. Oberhumer From 762cc2d2797d62ab593ea64d8ceeb4fe96be2a0d Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 28 Aug 2003 15:27:12 +0000 Subject: [PATCH 863/923] Remove old edges from unreachable nodes to us. This prevents the hosts/NAME-up script from being called twice in some situations. --- src/net.c | 13 ++++++++++++- src/protocol_edge.c | 12 +++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/src/net.c b/src/net.c index 1f0655bb..d6f4403b 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.198 2003/08/22 15:04:26 guus Exp $ + $Id: net.c,v 1.35.4.199 2003/08/28 15:27:11 guus Exp $ */ #include "system.h" @@ -186,6 +186,17 @@ void terminate_connection(connection_t *c, bool report) /* Run MST and SSSP algorithms */ graph(); + + /* If the node is not reachable anymore but we remember it had an edge to us, clean it up */ + + if(report && !c->node->status.reachable) { + edge_t *e; + e = lookup_edge(c->node, myself); + if(e) { + send_del_edge(broadcast, e); + edge_del(e); + } + } } /* Check if this was our outgoing connection */ diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 4552a528..5949a38e 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.20 2003/07/24 12:08:16 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.21 2003/08/28 15:27:12 guus Exp $ */ #include "system.h" @@ -250,5 +250,15 @@ bool del_edge_h(connection_t *c) graph(); + /* If the node is not reachable anymore but we remember it had an edge to us, clean it up */ + + if(!to->status.reachable) { + e = lookup_edge(to, myself); + if(e) { + send_del_edge(broadcast, e); + edge_del(e); + } + } + return true; } From 6c5f3d8b74ffea1522a727ef189a5ba65a939e07 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 28 Aug 2003 21:05:11 +0000 Subject: [PATCH 864/923] We don't have to tell GCC how to cast. --- lib/avl_tree.c | 4 ++-- lib/list.c | 4 ++-- src/conf.c | 6 +++--- src/connection.c | 6 +++--- src/edge.c | 8 ++++---- src/event.c | 6 +++--- src/graph.c | 16 ++++++++-------- src/linux/device.c | 6 +++--- src/meta.c | 4 ++-- src/net.c | 22 +++++++++++----------- src/net_packet.c | 6 +++--- src/net_setup.c | 6 +++--- src/node.c | 10 +++++----- src/protocol.c | 6 +++--- src/protocol_auth.c | 8 ++++---- src/route.c | 46 ++++++++++++++++++++++----------------------- src/subnet.c | 12 ++++++------ 17 files changed, 88 insertions(+), 88 deletions(-) diff --git a/lib/avl_tree.c b/lib/avl_tree.c index 95e95e72..24f4a083 100644 --- a/lib/avl_tree.c +++ b/lib/avl_tree.c @@ -29,7 +29,7 @@ library for inclusion into tinc (http://tinc.nl.linux.org/) by Guus Sliepen . - $Id: avl_tree.c,v 1.1.2.18 2003/07/30 21:52:41 guus Exp $ + $Id: avl_tree.c,v 1.1.2.19 2003/08/28 21:05:09 guus Exp $ */ #include "system.h" @@ -280,7 +280,7 @@ void avl_free_tree(avl_tree_t *tree) avl_node_t *avl_alloc_node(void) { - return (avl_node_t *)xmalloc_and_zero(sizeof(avl_node_t)); + return xmalloc_and_zero(sizeof(avl_node_t)); } void avl_free_node(avl_tree_t *tree, avl_node_t *node) diff --git a/lib/list.c b/lib/list.c index 573bc9e1..98a30197 100644 --- a/lib/list.c +++ b/lib/list.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: list.c,v 1.1.2.16 2003/07/17 15:06:25 guus Exp $ + $Id: list.c,v 1.1.2.17 2003/08/28 21:05:09 guus Exp $ */ #include "system.h" @@ -44,7 +44,7 @@ void list_free(list_t *list) list_node_t *list_alloc_node(void) { - return (list_node_t *)xmalloc_and_zero(sizeof(list_node_t)); + return xmalloc_and_zero(sizeof(list_node_t)); } void list_free_node(list_t *list, list_node_t *node) diff --git a/src/conf.c b/src/conf.c index 3feb1503..57bee094 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.75 2003/08/08 22:11:54 guus Exp $ + $Id: conf.c,v 1.9.4.76 2003/08/28 21:05:10 guus Exp $ */ #include "system.h" @@ -73,7 +73,7 @@ config_t *new_config(void) { cp(); - return (config_t *) xmalloc_and_zero(sizeof(config_t)); + return xmalloc_and_zero(sizeof(config_t)); } void free_config(config_t *cfg) @@ -131,7 +131,7 @@ config_t *lookup_config_next(const avl_tree_t *config_tree, const config_t *cfg) if(node) { if(node->next) { - found = (config_t *) node->next->data; + found = node->next->data; if(!strcasecmp(found->variable, cfg->variable)) return found; diff --git a/src/connection.c b/src/connection.c index 65bf8966..b4a17ad3 100644 --- a/src/connection.c +++ b/src/connection.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.c,v 1.1.2.43 2003/07/29 10:50:15 guus Exp $ + $Id: connection.c,v 1.1.2.44 2003/08/28 21:05:10 guus Exp $ */ #include "system.h" @@ -64,7 +64,7 @@ connection_t *new_connection(void) cp(); - c = (connection_t *) xmalloc_and_zero(sizeof(connection_t)); + c = xmalloc_and_zero(sizeof(connection_t)); if(!c) return NULL; @@ -120,7 +120,7 @@ void dump_connections(void) logger(LOG_DEBUG, _("Connections:")); for(node = connection_tree->head; node; node = node->next) { - c = (connection_t *) node->data; + c = node->data; logger(LOG_DEBUG, _(" %s at %s options %lx socket %d status %04x"), c->name, c->hostname, c->options, c->socket, *(uint32_t *)&c->status); } diff --git a/src/edge.c b/src/edge.c index 69f2c7f5..bf43d304 100644 --- a/src/edge.c +++ b/src/edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: edge.c,v 1.1.2.26 2003/08/22 11:18:42 guus Exp $ + $Id: edge.c,v 1.1.2.27 2003/08/28 21:05:10 guus Exp $ */ #include "system.h" @@ -88,7 +88,7 @@ edge_t *new_edge(void) { cp(); - return (edge_t *) xmalloc_and_zero(sizeof(edge_t)); + return xmalloc_and_zero(sizeof(edge_t)); } void free_edge(edge_t *e) @@ -148,9 +148,9 @@ void dump_edges(void) logger(LOG_DEBUG, _("Edges:")); for(node = node_tree->head; node; node = node->next) { - n = (node_t *) node->data; + n = node->data; for(node2 = n->edge_tree->head; node2; node2 = node2->next) { - e = (edge_t *) node2->data; + e = node2->data; address = sockaddr2hostname(&e->address); logger(LOG_DEBUG, _(" %s to %s at %s options %lx weight %d"), e->from->name, e->to->name, address, e->options, e->weight); diff --git a/src/event.c b/src/event.c index 4e0f6a09..4d6431cb 100644 --- a/src/event.c +++ b/src/event.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: event.c,v 1.1.4.10 2003/07/24 12:08:15 guus Exp $ + $Id: event.c,v 1.1.4.11 2003/08/28 21:05:10 guus Exp $ */ #include "system.h" @@ -61,7 +61,7 @@ event_t *new_event(void) { cp(); - return (event_t *) xmalloc_and_zero(sizeof(event_t)); + return xmalloc_and_zero(sizeof(event_t)); } void free_event(event_t *event) @@ -93,7 +93,7 @@ event_t *get_expired_event(void) cp(); if(event_tree->head) { - event = (event_t *) event_tree->head->data; + event = event_tree->head->data; if(event->time < now) { avl_delete(event_tree, event); diff --git a/src/graph.c b/src/graph.c index 6ec3724e..b6e60e05 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.28 2003/08/22 11:18:42 guus Exp $ + $Id: graph.c,v 1.1.2.29 2003/08/28 21:05:10 guus Exp $ */ /* We need to generate two trees from the graph: @@ -76,7 +76,7 @@ void mst_kruskal(void) /* Clear MST status on connections */ for(node = connection_tree->head; node; node = node->next) { - c = (connection_t *) node->data; + c = node->data; c->status.mst = false; } @@ -90,7 +90,7 @@ void mst_kruskal(void) /* Clear visited status on nodes */ for(node = node_tree->head; node; node = node->next) { - n = (node_t *) node->data; + n = node->data; n->status.visited = false; nodes++; } @@ -103,7 +103,7 @@ void mst_kruskal(void) for(skipped = false, node = edge_weight_tree->head; node; node = next) { next = node->next; - e = (edge_t *) node->data; + e = node->data; if(!e->reverse || e->from->status.visited == e->to->status.visited) { skipped = true; @@ -158,7 +158,7 @@ void sssp_bfs(void) /* Clear visited status on nodes */ for(node = node_tree->head; node; node = node->next) { - n = (node_t *) node->data; + n = node->data; n->status.visited = false; n->status.indirect = true; } @@ -178,10 +178,10 @@ void sssp_bfs(void) while(todo_tree->head) { for(from = todo_tree->head; from; from = next) { /* "from" is the node from which we start */ next = from->next; - n = (node_t *) from->data; + n = from->data; for(to = n->edge_tree->head; to; to = to->next) { /* "to" is the edge connected to "from" */ - e = (edge_t *) to->data; + e = to->data; if(!e->reverse) continue; @@ -245,7 +245,7 @@ void sssp_bfs(void) for(node = node_tree->head; node; node = next) { next = node->next; - n = (node_t *) node->data; + n = node->data; if(n->status.visited != n->status.reachable) { n->status.reachable = !n->status.reachable; diff --git a/src/linux/device.c b/src/linux/device.c index 904c36cb..0461278e 100644 --- a/src/linux/device.c +++ b/src/linux/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.20 2003/07/22 20:55:21 guus Exp $ + $Id: device.c,v 1.1.2.21 2003/08/28 21:05:11 guus Exp $ */ #include "system.h" @@ -94,10 +94,10 @@ bool setup_device(void) if(iface) strncpy(ifr.ifr_name, iface, IFNAMSIZ); - if(!ioctl(device_fd, TUNSETIFF, (void *) &ifr)) { + if(!ioctl(device_fd, TUNSETIFF, &ifr)) { strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); iface = ifrname; - } else if(!ioctl(device_fd, (('T' << 8) | 202), (void *) &ifr)) { + } else if(!ioctl(device_fd, (('T' << 8) | 202), &ifr)) { logger(LOG_WARNING, _("Old ioctl() request was needed for %s"), device); strncpy(ifrname, ifr.ifr_name, IFNAMSIZ); iface = ifrname; diff --git a/src/meta.c b/src/meta.c index d6bf135a..dacb1df9 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.43 2003/08/22 11:18:42 guus Exp $ + $Id: meta.c,v 1.1.2.44 2003/08/28 21:05:10 guus Exp $ */ #include "system.h" @@ -80,7 +80,7 @@ void broadcast_meta(connection_t *from, const char *buffer, int length) cp(); for(node = connection_tree->head; node; node = node->next) { - c = (connection_t *) node->data; + c = node->data; if(c != from && c->status.active) send_meta(c, buffer, length); diff --git a/src/net.c b/src/net.c index d6f4403b..7bf39897 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.199 2003/08/28 15:27:11 guus Exp $ + $Id: net.c,v 1.35.4.200 2003/08/28 21:05:10 guus Exp $ */ #include "system.h" @@ -63,7 +63,7 @@ static void purge(void) for(nnode = node_tree->head; nnode; nnode = nnext) { nnext = nnode->next; - n = (node_t *) nnode->data; + n = nnode->data; if(!n->status.reachable) { ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Purging node %s (%s)"), n->name, @@ -71,14 +71,14 @@ static void purge(void) for(snode = n->subnet_tree->head; snode; snode = snext) { snext = snode->next; - s = (subnet_t *) snode->data; + s = snode->data; send_del_subnet(broadcast, s); subnet_del(n, s); } for(enode = n->edge_tree->head; enode; enode = enext) { enext = enode->next; - e = (edge_t *) enode->data; + e = enode->data; send_del_edge(broadcast, e); edge_del(e); } @@ -89,12 +89,12 @@ static void purge(void) for(nnode = node_tree->head; nnode; nnode = nnext) { nnext = nnode->next; - n = (node_t *) nnode->data; + n = nnode->data; if(!n->status.reachable) { for(enode = edge_weight_tree->head; enode; enode = enext) { enext = enode->next; - e = (edge_t *) enode->data; + e = enode->data; if(e->to == n) break; @@ -122,7 +122,7 @@ static int build_fdset(fd_set * fs) for(node = connection_tree->head; node; node = next) { next = node->next; - c = (connection_t *) node->data; + c = node->data; if(c->status.remove) { connection_del(c); @@ -224,7 +224,7 @@ static void check_dead_connections(void) for(node = connection_tree->head; node; node = next) { next = node->next; - c = (connection_t *) node->data; + c = node->data; if(c->last_ping_time + pingtimeout < now) { if(c->status.active) { @@ -271,7 +271,7 @@ static void check_network_activity(fd_set * f) } for(node = connection_tree->head; node; node = node->next) { - c = (connection_t *) node->data; + c = node->data; if(c->status.remove) continue; @@ -391,7 +391,7 @@ int main_loop(void) logger(LOG_INFO, _("Flushing event queue")); while(event_tree->head) { - event = (event_t *) event_tree->head->data; + event = event_tree->head->data; event->handler(event->data); event_del(event); } @@ -419,7 +419,7 @@ int main_loop(void) /* Close connections to hosts that have a changed or deleted host config file */ for(node = connection_tree->head; node; node = node->next) { - c = (connection_t *) node->data; + c = node->data; if(c->outgoing) { free(c->outgoing->name); diff --git a/src/net_packet.c b/src/net_packet.c index 8f47f23f..43b8e7cd 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.39 2003/08/22 11:18:42 guus Exp $ + $Id: net_packet.c,v 1.1.2.40 2003/08/28 21:05:10 guus Exp $ */ #include "system.h" @@ -367,7 +367,7 @@ void broadcast_packet(const node_t *from, vpn_packet_t *packet) packet->len, from->name, from->hostname); for(node = connection_tree->head; node; node = node->next) { - c = (connection_t *) node->data; + c = node->data; if(c->status.active && c->status.mst && c != from->nexthop->connection) send_packet(c->node, packet); @@ -384,7 +384,7 @@ void flush_queue(node_t *n) for(node = n->queue->head; node; node = next) { next = node->next; - send_udppacket(n, (vpn_packet_t *) node->data); + send_udppacket(n, node->data); list_delete_node(n->queue, node); } } diff --git a/src/net_setup.c b/src/net_setup.c index 3ab91a05..c3cfb0fc 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.43 2003/08/14 14:21:35 guus Exp $ + $Id: net_setup.c,v 1.1.2.44 2003/08/28 21:05:10 guus Exp $ */ #include "system.h" @@ -362,7 +362,7 @@ bool setup_myself(void) myself->connection->outcipher = EVP_bf_ofb(); - myself->key = (char *) xmalloc(myself->keylength); + myself->key = xmalloc(myself->keylength); RAND_pseudo_bytes(myself->key, myself->keylength); if(!get_config_int(lookup_config(config_tree, "KeyExpire"), &keylifetime)) @@ -549,7 +549,7 @@ void close_network_connections(void) for(node = connection_tree->head; node; node = next) { next = node->next; - c = (connection_t *) node->data; + c = node->data; if(c->outgoing) free(c->outgoing->name), free(c->outgoing), c->outgoing = NULL; diff --git a/src/node.c b/src/node.c index f40fb19e..0fdc1dcc 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.27 2003/08/22 11:18:42 guus Exp $ + $Id: node.c,v 1.1.2.28 2003/08/28 21:05:10 guus Exp $ */ #include "system.h" @@ -72,7 +72,7 @@ void exit_nodes(void) node_t *new_node(void) { - node_t *n = (node_t *) xmalloc_and_zero(sizeof(*n)); + node_t *n = xmalloc_and_zero(sizeof(*n)); cp(); @@ -131,13 +131,13 @@ void node_del(node_t *n) for(node = n->subnet_tree->head; node; node = next) { next = node->next; - s = (subnet_t *) node->data; + s = node->data; subnet_del(n, s); } for(node = n->edge_tree->head; node; node = next) { next = node->next; - e = (edge_t *) node->data; + e = node->data; edge_del(e); } @@ -178,7 +178,7 @@ void dump_nodes(void) logger(LOG_DEBUG, _("Nodes:")); for(node = node_tree->head; node; node = node->next) { - n = (node_t *) node->data; + n = node->data; logger(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), n->name, n->hostname, n->cipher ? n->cipher->nid : 0, n->digest ? n->digest->type : 0, n->maclength, n->compression, diff --git a/src/protocol.c b/src/protocol.c index 0d58d6a8..4e37bf55 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.146 2003/08/03 12:38:43 guus Exp $ + $Id: protocol.c,v 1.28.4.147 2003/08/28 21:05:10 guus Exp $ */ #include "system.h" @@ -219,7 +219,7 @@ bool seen_request(char *request) ifdebug(SCARY_THINGS) logger(LOG_DEBUG, _("Already seen request")); return true; } else { - new = (past_request_t *) xmalloc(sizeof(*new)); + new = xmalloc(sizeof(*new)); new->request = xstrdup(request); new->firstseen = now; avl_insert(past_request_tree, new); @@ -237,7 +237,7 @@ void age_past_requests(void) for(node = past_request_tree->head; node; node = next) { next = node->next; - p = (past_request_t *) node->data; + p = node->data; if(p->firstseen + pingtimeout < now) avl_delete_node(past_request_tree, node), deleted++; diff --git a/src/protocol_auth.c b/src/protocol_auth.c index d2962e72..dafcc20c 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.25 2003/07/22 20:55:20 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.26 2003/08/28 21:05:11 guus Exp $ */ #include "system.h" @@ -473,15 +473,15 @@ static void send_everything(connection_t *c) /* Send all known subnets and edges */ for(node = node_tree->head; node; node = node->next) { - n = (node_t *) node->data; + n = node->data; for(node2 = n->subnet_tree->head; node2; node2 = node2->next) { - s = (subnet_t *) node2->data; + s = node2->data; send_add_subnet(c, s); } for(node2 = n->edge_tree->head; node2; node2 = node2->next) { - e = (edge_t *) node2->data; + e = node2->data; send_add_edge(c, e); } } diff --git a/src/route.c b/src/route.c index 5823f379..16d932d3 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.63 2003/07/31 13:18:34 guus Exp $ + $Id: route.c,v 1.1.2.64 2003/08/28 21:05:11 guus Exp $ */ #include "system.h" @@ -113,7 +113,7 @@ static void learn_mac(mac_t *address) /* And tell all other tinc daemons it's our MAC */ for(node = connection_tree->head; node; node = node->next) { - c = (connection_t *) node->data; + c = node->data; if(c->status.active) send_add_subnet(c, subnet); } @@ -132,7 +132,7 @@ void age_mac(void) for(node = myself->subnet_tree->head; node; node = next) { next = node->next; - s = (subnet_t *) node->data; + s = node->data; if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now) { ifdebug(TRAFFIC) logger(LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"), s->net.mac.address.x[0], s->net.mac.address.x[1], @@ -140,7 +140,7 @@ void age_mac(void) s->net.mac.address.x[4], s->net.mac.address.x[5]); for(node2 = connection_tree->head; node2; node2 = node2->next) { - c = (connection_t *) node2->data; + c = node2->data; if(c->status.active) send_del_subnet(c, s); } @@ -240,7 +240,7 @@ static node_t *route_ipv4(vpn_packet_t *packet) if(priorityinheritance) packet->priority = packet->data[15]; - subnet = lookup_subnet_ipv4((ipv4_t *) & packet->data[30]); + subnet = lookup_subnet_ipv4((ipv4_t *) &packet->data[30]); if(!subnet) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"), @@ -331,18 +331,18 @@ static node_t *route_ipv6(vpn_packet_t *packet) cp(); - subnet = lookup_subnet_ipv6((ipv6_t *) & packet->data[38]); + subnet = lookup_subnet_ipv6((ipv6_t *) &packet->data[38]); if(!subnet) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), - ntohs(*(uint16_t *) & packet->data[38]), - ntohs(*(uint16_t *) & packet->data[40]), - ntohs(*(uint16_t *) & packet->data[42]), - ntohs(*(uint16_t *) & packet->data[44]), - ntohs(*(uint16_t *) & packet->data[46]), - ntohs(*(uint16_t *) & packet->data[48]), - ntohs(*(uint16_t *) & packet->data[50]), - ntohs(*(uint16_t *) & packet->data[52])); + ntohs(*(uint16_t *) &packet->data[38]), + ntohs(*(uint16_t *) &packet->data[40]), + ntohs(*(uint16_t *) &packet->data[42]), + ntohs(*(uint16_t *) &packet->data[44]), + ntohs(*(uint16_t *) &packet->data[46]), + ntohs(*(uint16_t *) &packet->data[48]), + ntohs(*(uint16_t *) &packet->data[50]), + ntohs(*(uint16_t *) &packet->data[52])); route_ipv6_unreachable(packet, ICMP6_DST_UNREACH_ADDR); return NULL; @@ -409,18 +409,18 @@ static void route_neighborsol(vpn_packet_t *packet) /* Check if the IPv6 address exists on the VPN */ - subnet = lookup_subnet_ipv6((ipv6_t *) & ns->nd_ns_target); + subnet = lookup_subnet_ipv6((ipv6_t *) &ns->nd_ns_target); if(!subnet) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), - ntohs(((uint16_t *) & ns->nd_ns_target)[0]), - ntohs(((uint16_t *) & ns->nd_ns_target)[1]), - ntohs(((uint16_t *) & ns->nd_ns_target)[2]), - ntohs(((uint16_t *) & ns->nd_ns_target)[3]), - ntohs(((uint16_t *) & ns->nd_ns_target)[4]), - ntohs(((uint16_t *) & ns->nd_ns_target)[5]), - ntohs(((uint16_t *) & ns->nd_ns_target)[6]), - ntohs(((uint16_t *) & ns->nd_ns_target)[7])); + ntohs(((uint16_t *) &ns->nd_ns_target)[0]), + ntohs(((uint16_t *) &ns->nd_ns_target)[1]), + ntohs(((uint16_t *) &ns->nd_ns_target)[2]), + ntohs(((uint16_t *) &ns->nd_ns_target)[3]), + ntohs(((uint16_t *) &ns->nd_ns_target)[4]), + ntohs(((uint16_t *) &ns->nd_ns_target)[5]), + ntohs(((uint16_t *) &ns->nd_ns_target)[6]), + ntohs(((uint16_t *) &ns->nd_ns_target)[7])); return; } diff --git a/src/subnet.c b/src/subnet.c index 36d1627e..5d88ca68 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.49 2003/07/30 11:50:45 guus Exp $ + $Id: subnet.c,v 1.1.2.50 2003/08/28 21:05:11 guus Exp $ */ #include "system.h" @@ -145,7 +145,7 @@ subnet_t *new_subnet(void) { cp(); - return (subnet_t *) xmalloc_and_zero(sizeof(subnet_t)); + return xmalloc_and_zero(sizeof(subnet_t)); } void free_subnet(subnet_t *subnet) @@ -313,7 +313,7 @@ subnet_t *lookup_subnet_mac(const mac_t *address) subnet.net.mac.address = *address; subnet.owner = NULL; - p = (subnet_t *) avl_search(subnet_tree, &subnet); + p = avl_search(subnet_tree, &subnet); return p; } @@ -332,7 +332,7 @@ subnet_t *lookup_subnet_ipv4(const ipv4_t *address) do { /* Go find subnet */ - p = (subnet_t *) avl_search_closest_smaller(subnet_tree, &subnet); + p = avl_search_closest_smaller(subnet_tree, &subnet); /* Check if the found subnet REALLY matches */ @@ -370,7 +370,7 @@ subnet_t *lookup_subnet_ipv6(const ipv6_t *address) do { /* Go find subnet */ - p = (subnet_t *) avl_search_closest_smaller(subnet_tree, &subnet); + p = avl_search_closest_smaller(subnet_tree, &subnet); /* Check if the found subnet REALLY matches */ @@ -403,7 +403,7 @@ void dump_subnets(void) logger(LOG_DEBUG, _("Subnet list:")); for(node = subnet_tree->head; node; node = node->next) { - subnet = (subnet_t *) node->data; + subnet = node->data; netstr = net2str(subnet); logger(LOG_DEBUG, _(" %s owner %s"), netstr, subnet->owner->name); free(netstr); From 0dba26267c76982a422984b61a3196ed2cd2b04a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 3 Sep 2003 16:20:33 +0000 Subject: [PATCH 865/923] Prevent multiple inclusions. --- src/graph.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/graph.h b/src/graph.h index 1b796406..3ce02f38 100644 --- a/src/graph.h +++ b/src/graph.h @@ -17,9 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.h,v 1.1.2.5 2003/07/12 17:41:45 guus Exp $ + $Id: graph.h,v 1.1.2.6 2003/09/03 16:20:33 guus Exp $ */ +#ifndef __TINC_GRAPH_H__ +#define __TINC_GRAPH_H__ + extern void graph(void); extern void mst_kruskal(void); extern void sssp_bfs(void); + +#endif /* __TINC_GRAPH_H__ */ From cbf5a741aa2af937b3db606f0894990703f77bcb Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 8 Sep 2003 21:52:47 +0000 Subject: [PATCH 866/923] Remove pidfile when exitting. --- src/tincd.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/tincd.c b/src/tincd.c index 9e0ad4aa..299e5160 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.86 2003/08/17 09:03:30 guus Exp $ + $Id: tincd.c,v 1.10.4.87 2003/09/08 21:52:47 guus Exp $ */ #include "system.h" @@ -506,5 +506,10 @@ int main2(int argc, char **argv) dump_device_stats(); logger(LOG_NOTICE, _("Terminating")); + +#ifndef HAVE_MINGW + remove_pid(pidfilename); +#endif + return status; } From 4e80612ac0f38daa0f2280c293427c7f25dac278 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 9 Sep 2003 15:47:59 +0000 Subject: [PATCH 867/923] Update translations. --- po/Makevars | 16 +++++ po/nl.po | 166 +++++++++++++++++++++++----------------------------- 2 files changed, 89 insertions(+), 93 deletions(-) diff --git a/po/Makevars b/po/Makevars index f7335a34..93e471ed 100644 --- a/po/Makevars +++ b/po/Makevars @@ -20,6 +20,22 @@ XGETTEXT_OPTIONS = --keyword=_ --keyword=N_ # their copyright. COPYRIGHT_HOLDER = Ivo Timmermans and Guus Sliepen +# This is the email address or URL to which the translators shall report +# bugs in the untranslated strings: +# - Strings which are not entire sentences, see the maintainer guidelines +# in the GNU gettext documentation, section 'Preparing Strings'. +# - Strings which use unclear terms or require additional context to be +# understood. +# - Strings which make invalid assumptions about notation of date, time or +# money. +# - Pluralisation problems. +# - Incorrect English spelling. +# - Incorrect formatting. +# It can be your email address, or a mailing list address where translators +# can write to without being subscribed, or the URL of a web page through +# which the translators can contact you. +MSGID_BUGS_ADDRESS = tinc-devel@nl.linux.org + # This is the list of locale categories, beyond LC_MESSAGES, for which the # message catalogs shall be used. It is usually empty. EXTRA_LOCALE_CATEGORIES = diff --git a/po/nl.po b/po/nl.po index 9c3d23a7..a226fa8a 100644 --- a/po/nl.po +++ b/po/nl.po @@ -5,8 +5,8 @@ msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" -"Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2003-08-09 20:57+0200\n" +"Report-Msgid-Bugs-To: tinc-devel@nl.linux.org\n" +"POT-Creation-Date: 2003-09-09 17:47+0200\n" "PO-Revision-Date: 2003-05-06 23:10+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" @@ -103,37 +103,27 @@ msgstr " %s op %s opties %lx socket %d status %04x" msgid "End of connections." msgstr "Einde van verbindingen." -#: src/meta.c:44 +#: src/meta.c:45 #, c-format msgid "Sending %d bytes of metadata to %s (%s)" msgstr "Verzenden van %d bytes metadata naar %s (%s)" -#: src/meta.c:58 src/meta.c:125 +#: src/meta.c:59 src/meta.c:112 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:63 +#: src/meta.c:64 #, c-format msgid "Sending meta data to %s (%s) failed: %s" msgstr "Fout tijdens verzenden metadata naar %s (%s): %s" -#: src/meta.c:101 -#, c-format -msgid "This is a bug: %s:%d: %d:%s %s (%s)" -msgstr "Dit is een programmeerfout: %s:%d: %d:%s %s (%s)" - -#: src/meta.c:107 -#, c-format -msgid "Metadata socket error for %s (%s): %s" -msgstr "Fout op metadata socket voor %s (%s): %s" - -#: src/meta.c:130 +#: src/meta.c:117 #, c-format msgid "Metadata socket read error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" -#: src/meta.c:193 +#: src/meta.c:180 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" @@ -142,52 +132,52 @@ msgstr "Metadata leesbuffer overloop voor %s (%s)" msgid "Purging unreachable nodes" msgstr "Verwijderen onbereikbare nodes" -#: src/net.c:67 +#: src/net.c:69 #, c-format msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:148 +#: src/net.c:168 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:201 +#: src/net.c:232 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:210 +#: src/net.c:241 #, c-format msgid "Old connection_t for %s (%s) status %04x still lingering, deleting..." msgstr "" "Oude connection_t voor %s (%s) status %04x nog steeds aanwezig, wordt " "verwijderd..." -#: src/net.c:215 +#: src/net.c:246 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:257 +#: src/net.c:288 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:312 +#: src/net.c:343 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:343 +#: src/net.c:374 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:360 +#: src/net.c:391 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:384 +#: src/net.c:415 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." @@ -235,7 +225,7 @@ msgstr "Instellen prioriteit uitgaand pakket op %d" #: src/net_packet.c:309 src/net_setup.c:465 src/net_socket.c:74 #: src/net_socket.c:122 src/net_socket.c:153 src/tincd.c:433 src/tincd.c:467 -#: src/process.c:204 src/process.c:237 src/process.c:415 +#: src/process.c:211 src/process.c:244 src/process.c:426 #: src/cygwin/device.c:150 src/cygwin/device.c:181 src/mingw/device.c:76 #: src/mingw/device.c:85 src/mingw/device.c:90 src/mingw/device.c:245 #: src/mingw/device.c:252 src/mingw/device.c:257 src/mingw/device.c:264 @@ -278,22 +268,12 @@ msgstr "Verspreiding pakket van %d bytes van %s (%s)" msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:404 -#, c-format -msgid "This is a bug: %s:%d: %d:%s" -msgstr "Dit is een programmeerfout: %s:%d: %d:%s" - -#: src/net_packet.c:411 -#, c-format -msgid "Incoming data socket error: %s" -msgstr "Fout op socket voor inkomend verkeer: %s" - -#: src/net_packet.c:418 +#: src/net_packet.c:405 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:428 +#: src/net_packet.c:415 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" @@ -488,27 +468,27 @@ msgstr "Verbinding van %s" msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" -#: src/netutl.c:50 src/netutl.c:73 +#: src/netutl.c:50 #, c-format msgid "Error looking up %s port %s: %s" msgstr "Fout bij het opzoeken van %s poort %s: %s" -#: src/netutl.c:98 +#: src/netutl.c:105 #, c-format msgid "Error while translating addresses: %s" msgstr "Fout tijdens vertalen adressen: %s" -#: src/netutl.c:126 -#, c-format -msgid "Error while looking up hostname: %s" -msgstr "Fout bij het opzoeken van hostnaam: %s" - -#: src/netutl.c:130 +#: src/netutl.c:131 src/netutl.c:142 #, c-format msgid "%s port %s" msgstr "%s poort %s" -#: src/netutl.c:167 +#: src/netutl.c:138 +#, c-format +msgid "Error while looking up hostname: %s" +msgstr "Fout bij het opzoeken van hostnaam: %s" + +#: src/netutl.c:187 #, c-format msgid "sockaddrcmp() was called with unknown address family %d, exitting!" msgstr "" @@ -928,7 +908,7 @@ msgstr "Fout tijdens initialiseren LZO compressor!" msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:492 src/process.c:468 +#: src/tincd.c:492 src/process.c:479 msgid "Not restarting." msgstr "Geen herstart." @@ -941,154 +921,154 @@ msgstr "Beëindigen" msgid "Memory exhausted (couldn't allocate %d bytes), exitting." msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." -#: src/process.c:92 src/process.c:139 +#: src/process.c:92 src/process.c:142 #, c-format msgid "Could not open service manager: %s" msgstr "Kon service manager niet openen: %s" -#: src/process.c:120 +#: src/process.c:123 #, c-format msgid "Could not create %s service: %s" msgstr "Kon %s service niet aanmaken: %s" -#: src/process.c:126 +#: src/process.c:129 #, c-format msgid "%s service installed" msgstr "%s service geïnstalleerd" -#: src/process.c:129 +#: src/process.c:132 #, c-format msgid "Could not start %s service: %s" msgstr "Kon %s service niet starten: %s" -#: src/process.c:131 +#: src/process.c:134 #, c-format msgid "%s service started" msgstr "%s service gestart" -#: src/process.c:146 +#: src/process.c:149 #, c-format msgid "Could not open %s service: %s" msgstr "Kon %s service niet openen: %s" -#: src/process.c:151 +#: src/process.c:154 #, c-format msgid "Could not stop %s service: %s" msgstr "Kon %s service niet stoppen: %s" -#: src/process.c:153 +#: src/process.c:156 #, c-format msgid "%s service stopped" msgstr "%s service gestopt" -#: src/process.c:156 +#: src/process.c:159 #, c-format msgid "Could not remove %s service: %s" msgstr "Kon %s service niet verwijderen: %s" -#: src/process.c:160 +#: src/process.c:163 #, c-format msgid "%s service removed" msgstr "%s service verwijderd" -#: src/process.c:168 src/process.c:172 +#: src/process.c:171 src/process.c:174 #, c-format msgid "Got %s request" msgstr "Kreeg %s verzoek" -#: src/process.c:176 +#: src/process.c:177 #, c-format msgid "Got unexpected request %d" msgstr "Kreeg onverwacht verzoek %d" -#: src/process.c:258 +#: src/process.c:265 #, c-format msgid "A tincd is already running for net `%s' with pid %d.\n" msgstr "Een tincd draait al voor net `%s' met pid %d.\n" -#: src/process.c:261 +#: src/process.c:268 #, c-format msgid "A tincd is already running with pid %d.\n" msgstr "Een tincd draait al met pid %d.\n" -#: src/process.c:287 +#: src/process.c:294 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:290 +#: src/process.c:297 msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:299 +#: src/process.c:306 #, c-format msgid "The tincd for net `%s' is no longer running. " msgstr "De tincd voor net `%s' draait niet meer. " -#: src/process.c:302 +#: src/process.c:309 msgid "The tincd is no longer running. " msgstr "De tincd draait niet meer. " -#: src/process.c:304 +#: src/process.c:311 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:337 +#: src/process.c:344 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:354 +#: src/process.c:361 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:379 +#: src/process.c:393 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:402 +#: src/process.c:413 #, c-format msgid "Script %s exited with non-zero status %d" msgstr "Script %s beëindigde met status %d" -#: src/process.c:407 +#: src/process.c:418 #, c-format msgid "Script %s was killed by signal %d (%s)" msgstr "Script %s was gestopt door signaal %d (%s)" -#: src/process.c:411 +#: src/process.c:422 #, c-format msgid "Script %s terminated abnormally" msgstr "Script %s abnormaal beëindigd" -#: src/process.c:431 src/process.c:437 src/process.c:475 src/process.c:481 -#: src/process.c:499 +#: src/process.c:442 src/process.c:448 src/process.c:486 src/process.c:492 +#: src/process.c:510 #, c-format msgid "Got %s signal" msgstr "Kreeg %s signaal" -#: src/process.c:443 +#: src/process.c:454 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart." -#: src/process.c:452 +#: src/process.c:463 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:456 +#: src/process.c:467 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:484 +#: src/process.c:495 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:490 +#: src/process.c:501 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1097,17 +1077,17 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:523 +#: src/process.c:534 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:529 +#: src/process.c:540 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:583 +#: src/process.c:594 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" @@ -1171,11 +1151,11 @@ msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" -#: src/node.c:176 +#: src/node.c:178 msgid "Nodes:" msgstr "Nodes:" -#: src/node.c:180 +#: src/node.c:182 #, c-format msgid "" " %s at %s cipher %d digest %d maclength %d compression %d options %lx status " @@ -1184,29 +1164,29 @@ msgstr "" " %s op %s cipher %d digest %d maclengte %d compressie %d opties %lx status %" "04x nexthop %s via %s" -#: src/node.c:187 +#: src/node.c:189 msgid "End of nodes." msgstr "Einde van nodes." -#: src/edge.c:147 +#: src/edge.c:148 msgid "Edges:" msgstr "Edges:" -#: src/edge.c:154 +#: src/edge.c:155 #, c-format msgid " %s to %s at %s options %lx weight %d" msgstr " %s naar %s op %s opties %lx gewicht %d" -#: src/edge.c:160 +#: src/edge.c:161 msgid "End of edges." msgstr "Einde van edges." -#: src/graph.c:253 +#: src/graph.c:254 #, c-format msgid "Node %s (%s) became reachable" msgstr "Node %s (%s) werd bereikbaar" -#: src/graph.c:256 +#: src/graph.c:257 #, c-format msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" From 288d956728ab4d4aabe9bc59b87991420dbda151 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Tue, 23 Sep 2003 20:59:01 +0000 Subject: [PATCH 868/923] Check for short packets from the tun/tap device and from other tinc daemons. --- src/net_packet.c | 18 +++++++++++++----- src/route.c | 13 ++++++++++++- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/src/net_packet.c b/src/net_packet.c index 43b8e7cd..a989b09f 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.40 2003/08/28 21:05:10 guus Exp $ + $Id: net_packet.c,v 1.1.2.41 2003/09/23 20:59:01 guus Exp $ */ #include "system.h" @@ -118,6 +118,14 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) cp(); + /* Check packet length */ + + if(inpkt->len < sizeof(inpkt->seqno) + myself->maclength) { + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got too short packet from %s (%s)"), + n->name, n->hostname); + return; + } + /* Check the message authentication code */ if(myself->digest && myself->maclength) { @@ -189,6 +197,9 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) inpkt = outpkt; } + if(n->connection) + n->connection->last_ping_time = now; + receive_packet(n, inpkt); } @@ -401,7 +412,7 @@ void handle_incoming_vpn_data(int sock) pkt.len = recvfrom(sock, (char *) &pkt.seqno, MAXSIZE, 0, &from.sa, &fromlen); - if(pkt.len <= 0) { + if(pkt.len < 0) { logger(LOG_ERR, _("Receiving packet failed: %s"), strerror(errno)); return; } @@ -418,8 +429,5 @@ void handle_incoming_vpn_data(int sock) return; } - if(n->connection) - n->connection->last_ping_time = now; - receive_udppacket(n, &pkt); } diff --git a/src/route.c b/src/route.c index 16d932d3..ab6a4534 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.64 2003/08/28 21:05:11 guus Exp $ + $Id: route.c,v 1.1.2.65 2003/09/23 20:59:01 guus Exp $ */ #include "system.h" @@ -532,6 +532,11 @@ void route_outgoing(vpn_packet_t *packet) cp(); + if(packet->len < 64) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); + return; + } + /* FIXME: multicast? */ switch (routing_mode) { @@ -578,6 +583,12 @@ void route_outgoing(vpn_packet_t *packet) void route_incoming(node_t *source, vpn_packet_t *packet) { + if(packet->len < 64) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Got too short packet from %s (%s)"), + source->name, source->hostname); + return; + } + switch (routing_mode) { case RMODE_ROUTER: { From eeb97e3ef4eb9089851f7b71d5393df24313c993 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 25 Sep 2003 10:34:16 +0000 Subject: [PATCH 869/923] Generate keys with 0x10001 as public exponent, which has less prime factors than 0xFFFF. --- src/tincd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tincd.c b/src/tincd.c index 299e5160..ebee1b3b 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.87 2003/09/08 21:52:47 guus Exp $ + $Id: tincd.c,v 1.10.4.88 2003/09/25 10:34:16 guus Exp $ */ #include "system.h" @@ -291,7 +291,7 @@ static bool keygen(int bits) char *filename; fprintf(stderr, _("Generating %d bits keys:\n"), bits); - rsa_key = RSA_generate_key(bits, 0xFFFF, indicator, NULL); + rsa_key = RSA_generate_key(bits, 0x10001, indicator, NULL); if(!rsa_key) { fprintf(stderr, _("Error during key generation!\n")); From acbb9d6692614539260749c7b763eca5a6f81f07 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 1 Oct 2003 09:14:01 +0000 Subject: [PATCH 870/923] Better length checks. --- src/route.c | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/src/route.c b/src/route.c index ab6a4534..e9e07f67 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.65 2003/09/23 20:59:01 guus Exp $ + $Id: route.c,v 1.1.2.66 2003/10/01 09:14:01 guus Exp $ */ #include "system.h" @@ -532,7 +532,7 @@ void route_outgoing(vpn_packet_t *packet) cp(); - if(packet->len < 64) { + if(packet->len < 14) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); return; } @@ -544,11 +544,21 @@ void route_outgoing(vpn_packet_t *packet) type = ntohs(*((uint16_t *)(&packet->data[12]))); switch (type) { case 0x0800: + if(packet->len < 34) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); + return; + } + n = route_ipv4(packet); break; case 0x86DD: - if(packet->data[20] == IPPROTO_ICMPV6 && packet->data[54] == ND_NEIGHBOR_SOLICIT) { + if(packet->len < 54) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); + return; + } + + if(packet->data[20] == IPPROTO_ICMPV6 && packet->len >= 62 && packet->data[54] == ND_NEIGHBOR_SOLICIT) { route_neighborsol(packet); return; } @@ -556,6 +566,11 @@ void route_outgoing(vpn_packet_t *packet) break; case 0x0806: + if(packet->len < 42) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); + return; + } + route_arp(packet); return; @@ -583,7 +598,7 @@ void route_outgoing(vpn_packet_t *packet) void route_incoming(node_t *source, vpn_packet_t *packet) { - if(packet->len < 64) { + if(packet->len < 14) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Got too short packet from %s (%s)"), source->name, source->hostname); return; @@ -598,10 +613,20 @@ void route_incoming(node_t *source, vpn_packet_t *packet) type = ntohs(*((uint16_t *)(&packet->data[12]))); switch (type) { case 0x0800: + if(packet->len < 34) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); + return; + } + n = route_ipv4(packet); break; case 0x86DD: + if(packet->len < 54) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); + return; + } + n = route_ipv6(packet); break; From 60943122f7b3a5896ce64c9000e119931484c12c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 6 Oct 2003 13:49:57 +0000 Subject: [PATCH 871/923] Copy structs from packets to the stack before using them, to prevent alignment issues. --- src/route.c | 307 +++++++++++++++++++++++++++++----------------------- 1 file changed, 174 insertions(+), 133 deletions(-) diff --git a/src/route.c b/src/route.c index e9e07f67..d38b08e4 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.66 2003/10/01 09:14:01 guus Exp $ + $Id: route.c,v 1.1.2.67 2003/10/06 13:49:57 guus Exp $ */ #include "system.h" @@ -57,6 +57,17 @@ int macexpire = 600; bool overwrite_mac = false; mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}}; +/* Sizes of various headers */ + +static size_t ether_size = sizeof(struct ether_header); +static size_t arp_size = sizeof(struct ether_arp); +static size_t ip_size = sizeof(struct ip); +static size_t icmp_size = sizeof(struct icmp) - sizeof(struct ip); +static size_t ip6_size = sizeof(struct ip6_hdr); +static size_t icmp6_size = sizeof(struct icmp6_hdr); +static size_t ns_size = sizeof(struct nd_neighbor_solicit); +static size_t opt_size = sizeof(struct nd_opt_hdr); + /* RFC 1071 */ static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) @@ -78,13 +89,18 @@ static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) return ~checksum; } -static bool ratelimit(void) { +static bool ratelimit(int frequency) { static time_t lasttime = 0; + static int count = 0; - if(lasttime == now) - return true; + if(lasttime == now) { + if(++count > frequency) + return true; + } else { + lasttime = now; + count = 0; + } - lasttime = now; return false; } @@ -174,59 +190,68 @@ static node_t *route_mac(vpn_packet_t *packet) static void route_ipv4_unreachable(vpn_packet_t *packet, uint8_t code) { - struct ip *hdr; - struct icmp *icmp; + struct ip ip; + struct icmp icmp; struct in_addr ip_src; struct in_addr ip_dst; uint32_t oldlen; - if(ratelimit()) + if(ratelimit(3)) return; cp(); - hdr = (struct ip *)(packet->data + 14); - icmp = (struct icmp *)(packet->data + 14 + 20); + /* Copy headers from packet into properly aligned structs on the stack */ + + memcpy(&ip, packet->data + ether_size, ip_size); + memcpy(&icmp, packet->data + ether_size + ip_size, icmp_size); /* Remember original source and destination */ - memcpy(&ip_src, &hdr->ip_src, 4); - memcpy(&ip_dst, &hdr->ip_dst, 4); - oldlen = packet->len - 14; + memcpy(&ip_src, &ip.ip_src, sizeof(ip_src)); + memcpy(&ip_dst, &ip.ip_dst, sizeof(ip_dst)); + + oldlen = packet->len - ether_size; - if(oldlen >= IP_MSS - sizeof(*hdr) - sizeof(*icmp)) - oldlen = IP_MSS - sizeof(*hdr) - sizeof(*icmp); + if(oldlen >= IP_MSS - ip_size - icmp_size) + oldlen = IP_MSS - ip_size - icmp_size; /* Copy first part of original contents to ICMP message */ - memmove(&icmp->icmp_ip, hdr, oldlen); + memmove(packet->data + ether_size + ip_size + icmp_size, packet->data + ether_size, oldlen); /* Fill in IPv4 header */ - hdr->ip_v = 4; - hdr->ip_hl = sizeof(*hdr) / 4; - hdr->ip_tos = 0; - hdr->ip_len = htons(20 + 8 + oldlen); - hdr->ip_id = 0; - hdr->ip_off = 0; - hdr->ip_ttl = 255; - hdr->ip_p = IPPROTO_ICMP; - hdr->ip_sum = 0; - memcpy(&hdr->ip_src, &ip_dst, 4); - memcpy(&hdr->ip_dst, &ip_src, 4); + ip.ip_v = 4; + ip.ip_hl = ip_size / 4; + ip.ip_tos = 0; + ip.ip_len = htons(ip_size + icmp_size + oldlen); + ip.ip_id = 0; + ip.ip_off = 0; + ip.ip_ttl = 255; + ip.ip_p = IPPROTO_ICMP; + ip.ip_sum = 0; + memcpy(&ip.ip_src, &ip_dst, sizeof(ip_src)); + memcpy(&ip.ip_dst, &ip_src, sizeof(ip_dst)); - hdr->ip_sum = inet_checksum(hdr, 20, ~0); + ip.ip_sum = inet_checksum(&ip, ip_size, ~0); /* Fill in ICMP header */ - icmp->icmp_type = ICMP_DEST_UNREACH; - icmp->icmp_code = code; - icmp->icmp_cksum = 0; + icmp.icmp_type = ICMP_DEST_UNREACH; + icmp.icmp_code = code; + icmp.icmp_cksum = 0; - icmp->icmp_cksum = inet_checksum(icmp, 8 + oldlen, ~0); + icmp.icmp_cksum = inet_checksum(&icmp, icmp_size, ~0); + icmp.icmp_cksum = inet_checksum(packet->data + ether_size + ip_size + icmp_size, oldlen, icmp.icmp_cksum); + + /* Copy structs on stack back to packet */ + + memcpy(packet->data + ether_size, &ip, ip_size); + memcpy(packet->data + ether_size + ip_size, &icmp, icmp_size); - packet->len = 14 + 20 + 8 + oldlen; + packet->len = ether_size + ip_size + icmp_size + oldlen; write_packet(packet); } @@ -261,8 +286,8 @@ static node_t *route_ipv4(vpn_packet_t *packet) static void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) { - struct ip6_hdr *hdr; - struct icmp6_hdr *icmp; + struct ip6_hdr ip6; + struct icmp6_hdr icmp6; uint16_t checksum; struct { @@ -272,55 +297,64 @@ static void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) uint32_t next; } pseudo; - if(ratelimit()) + if(ratelimit(3)) return; cp(); - hdr = (struct ip6_hdr *)(packet->data + 14); - icmp = (struct icmp6_hdr *)(packet->data + 14 + sizeof(*hdr)); + /* Copy headers from packet to structs on the stack */ + + memcpy(&ip6, packet->data + ether_size, ip6_size); + memcpy(&icmp6, packet->data + ether_size + ip6_size, icmp6_size); /* Remember original source and destination */ - memcpy(&pseudo.ip6_src, &hdr->ip6_dst, 16); - memcpy(&pseudo.ip6_dst, &hdr->ip6_src, 16); - pseudo.length = ntohs(hdr->ip6_plen) + sizeof(*hdr); + memcpy(&pseudo.ip6_src, &ip6.ip6_dst, sizeof(ip6.ip6_src)); + memcpy(&pseudo.ip6_dst, &ip6.ip6_src, sizeof(ip6.ip6_dst)); + + pseudo.length = ntohs(ip6.ip6_plen) + ip6_size; - if(pseudo.length >= IP_MSS - sizeof(*hdr) - sizeof(*icmp)) - pseudo.length = IP_MSS - sizeof(*hdr) - sizeof(*icmp); + if(pseudo.length >= IP_MSS - ip6_size - icmp6_size) + pseudo.length = IP_MSS - ip6_size - icmp6_size; /* Copy first part of original contents to ICMP message */ - memmove(((char *)icmp) + sizeof(*icmp), hdr, pseudo.length); + memmove(packet->data + ether_size + ip6_size + icmp6_size, packet->data + ether_size, pseudo.length); /* Fill in IPv6 header */ - hdr->ip6_flow = htonl(0x60000000UL); - hdr->ip6_plen = htons(sizeof(*icmp) + pseudo.length); - hdr->ip6_nxt = IPPROTO_ICMPV6; - hdr->ip6_hlim = 255; - memcpy(&hdr->ip6_dst, &pseudo.ip6_dst, 16); - memcpy(&hdr->ip6_src, &pseudo.ip6_src, 16); + ip6.ip6_flow = htonl(0x60000000UL); + ip6.ip6_plen = htons(icmp6_size + pseudo.length); + ip6.ip6_nxt = IPPROTO_ICMPV6; + ip6.ip6_hlim = 255; + memcpy(&ip6.ip6_src, &pseudo.ip6_src, sizeof(ip6.ip6_src)); + memcpy(&ip6.ip6_dst, &pseudo.ip6_dst, sizeof(ip6.ip6_dst)); /* Fill in ICMP header */ - icmp->icmp6_type = ICMP6_DST_UNREACH; - icmp->icmp6_code = code; - icmp->icmp6_cksum = 0; + icmp6.icmp6_type = ICMP6_DST_UNREACH; + icmp6.icmp6_code = code; + icmp6.icmp6_cksum = 0; /* Create pseudo header */ - pseudo.length = htonl(sizeof(*icmp) + pseudo.length); + pseudo.length = htonl(icmp6_size + pseudo.length); pseudo.next = htonl(IPPROTO_ICMPV6); /* Generate checksum */ checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0); - checksum = inet_checksum(icmp, ntohl(pseudo.length), checksum); + checksum = inet_checksum(&icmp6, icmp6_size, checksum); + checksum = inet_checksum(packet->data + ether_size + ip6_size + icmp6_size, ntohl(pseudo.length) - icmp6_size, checksum); - icmp->icmp6_cksum = checksum; + icmp6.icmp6_cksum = checksum; + + /* Copy structs on stack back to packet */ + + memcpy(packet->data + ether_size, &ip6, ip6_size); + memcpy(packet->data + ether_size + ip6_size, &icmp6, icmp6_size); - packet->len = 14 + sizeof(*hdr) + ntohl(pseudo.length); + packet->len = ether_size + ip6_size + ntohl(pseudo.length); write_packet(packet); } @@ -358,9 +392,9 @@ static node_t *route_ipv6(vpn_packet_t *packet) static void route_neighborsol(vpn_packet_t *packet) { - struct ip6_hdr *hdr; - struct nd_neighbor_solicit *ns; - struct nd_opt_hdr *opt; + struct ip6_hdr ip6; + struct nd_neighbor_solicit ns; + struct nd_opt_hdr opt; subnet_t *subnet; uint16_t checksum; @@ -373,34 +407,37 @@ static void route_neighborsol(vpn_packet_t *packet) cp(); - hdr = (struct ip6_hdr *)(packet->data + 14); - ns = (struct nd_neighbor_solicit *)(packet->data + 14 + sizeof(*hdr)); - opt = (struct nd_opt_hdr *)(packet->data + 14 + sizeof(*hdr) + sizeof(*ns)); + /* Copy headers from packet to structs on the stack */ + + memcpy(&ip6, packet->data + ether_size, ip6_size); + memcpy(&ns, packet->data + ether_size + ip6_size, ns_size); + memcpy(&opt, packet->data + ether_size + ip6_size + ns_size, opt_size); /* First, snatch the source address from the neighbor solicitation packet */ if(overwrite_mac) - memcpy(mymac.x, packet->data + 6, 6); + memcpy(mymac.x, packet->data + ETH_ALEN, ETH_ALEN); /* Check if this is a valid neighbor solicitation request */ - if(ns->nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT || - opt->nd_opt_type != ND_OPT_SOURCE_LINKADDR) { + if(ns.nd_ns_hdr.icmp6_type != ND_NEIGHBOR_SOLICIT || + opt.nd_opt_type != ND_OPT_SOURCE_LINKADDR) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: received unknown type neighbor solicitation request")); return; } /* Create pseudo header */ - memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); - memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); - pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); + memcpy(&pseudo.ip6_src, &ip6.ip6_src, sizeof(ip6.ip6_src)); + memcpy(&pseudo.ip6_dst, &ip6.ip6_dst, sizeof(ip6.ip6_dst)); + pseudo.length = htonl(ns_size + opt_size + ETH_ALEN); pseudo.next = htonl(IPPROTO_ICMPV6); /* Generate checksum */ checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0); - checksum = inet_checksum(ns, sizeof(*ns) + 8, checksum); + checksum = inet_checksum(&ns, ns_size, checksum); + checksum = inet_checksum(&opt, opt_size, checksum); if(checksum) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request")); @@ -409,18 +446,18 @@ static void route_neighborsol(vpn_packet_t *packet) /* Check if the IPv6 address exists on the VPN */ - subnet = lookup_subnet_ipv6((ipv6_t *) &ns->nd_ns_target); + subnet = lookup_subnet_ipv6((ipv6_t *) &ns.nd_ns_target); if(!subnet) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: neighbor solicitation request for unknown address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), - ntohs(((uint16_t *) &ns->nd_ns_target)[0]), - ntohs(((uint16_t *) &ns->nd_ns_target)[1]), - ntohs(((uint16_t *) &ns->nd_ns_target)[2]), - ntohs(((uint16_t *) &ns->nd_ns_target)[3]), - ntohs(((uint16_t *) &ns->nd_ns_target)[4]), - ntohs(((uint16_t *) &ns->nd_ns_target)[5]), - ntohs(((uint16_t *) &ns->nd_ns_target)[6]), - ntohs(((uint16_t *) &ns->nd_ns_target)[7])); + ntohs(((uint16_t *) &ns.nd_ns_target)[0]), + ntohs(((uint16_t *) &ns.nd_ns_target)[1]), + ntohs(((uint16_t *) &ns.nd_ns_target)[2]), + ntohs(((uint16_t *) &ns.nd_ns_target)[3]), + ntohs(((uint16_t *) &ns.nd_ns_target)[4]), + ntohs(((uint16_t *) &ns.nd_ns_target)[5]), + ntohs(((uint16_t *) &ns.nd_ns_target)[6]), + ntohs(((uint16_t *) &ns.nd_ns_target)[7])); return; } @@ -432,35 +469,39 @@ static void route_neighborsol(vpn_packet_t *packet) /* Create neighbor advertation reply */ - memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ - packet->data[ETHER_ADDR_LEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ + memcpy(packet->data, packet->data + ETH_ALEN, ETH_ALEN); /* copy destination address */ + packet->data[ETH_ALEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ - memcpy(&hdr->ip6_dst, &hdr->ip6_src, 16); /* swap destination and source protocol address */ - memcpy(&hdr->ip6_src, &ns->nd_ns_target, 16); /* ... */ + memcpy(&ip6.ip6_src, &ns.nd_ns_target, sizeof(ip6.ip6_src)); /* swap destination and source protocol address */ + memcpy(&ip6.ip6_dst, &ip6.ip6_src, sizeof(ip6.ip6_dst)); /* ... */ - memcpy((char *) opt + sizeof(*opt), packet->data + ETHER_ADDR_LEN, 6); /* add fake source hard addr */ + memcpy(&opt + opt_size, packet->data + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */ - ns->nd_ns_hdr.icmp6_cksum = 0; - ns->nd_ns_hdr.icmp6_type = ND_NEIGHBOR_ADVERT; - ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[0] = 0x40; /* Set solicited flag */ - ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[1] = - ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[2] = - ns->nd_ns_hdr.icmp6_dataun.icmp6_un_data8[3] = 0; - opt->nd_opt_type = ND_OPT_TARGET_LINKADDR; + ns.nd_ns_cksum = 0; + ns.nd_ns_type = ND_NEIGHBOR_ADVERT; + ns.nd_ns_reserved = htonl(0x40000000UL); /* Set solicited flag */ + opt.nd_opt_type = ND_OPT_TARGET_LINKADDR; /* Create pseudo header */ - memcpy(&pseudo.ip6_src, &hdr->ip6_src, 16); - memcpy(&pseudo.ip6_dst, &hdr->ip6_dst, 16); - pseudo.length = htonl(sizeof(*ns) + sizeof(*opt) + 6); + memcpy(&pseudo.ip6_src, &ip6.ip6_src, sizeof(ip6.ip6_src)); + memcpy(&pseudo.ip6_dst, &ip6.ip6_dst, sizeof(ip6.ip6_dst)); + pseudo.length = htonl(ns_size + opt_size + ETH_ALEN); pseudo.next = htonl(IPPROTO_ICMPV6); /* Generate checksum */ checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0); - checksum = inet_checksum(ns, sizeof(*ns) + 8, checksum); + checksum = inet_checksum(&ns, ns_size, checksum); + checksum = inet_checksum(&opt, opt_size, checksum); - ns->nd_ns_hdr.icmp6_cksum = checksum; + ns.nd_ns_hdr.icmp6_cksum = checksum; + + /* Copy structs on stack back to packet */ + + memcpy(packet->data + ether_size, &ip6, ip6_size); + memcpy(packet->data + ether_size + ip6_size, &ns, ns_size); + memcpy(packet->data + ether_size + ip6_size + ns_size, &opt, opt_size); write_packet(packet); } @@ -469,40 +510,37 @@ static void route_neighborsol(vpn_packet_t *packet) static void route_arp(vpn_packet_t *packet) { - struct ether_arp *arp; + struct ether_arp arp; subnet_t *subnet; - uint8_t ipbuf[4]; + struct in_addr addr; cp(); /* First, snatch the source address from the ARP packet */ if(overwrite_mac) - memcpy(mymac.x, packet->data + 6, 6); + memcpy(mymac.x, packet->data + ETH_ALEN, ETH_ALEN); - /* This routine generates replies to ARP requests. - You don't need to set NOARP flag on the interface anymore (which is broken on FreeBSD). - Most of the code here is taken from choparp.c by Takamichi Tateoka (tree@mma.club.uec.ac.jp) - */ + /* Copy headers from packet to structs on the stack */ - arp = (struct ether_arp *)(packet->data + 14); + memcpy(&arp, packet->data + ether_size, arp_size); /* Check if this is a valid ARP request */ - if(ntohs(arp->arp_hrd) != ARPHRD_ETHER || ntohs(arp->arp_pro) != ETHERTYPE_IP || - arp->arp_hln != ETHER_ADDR_LEN || arp->arp_pln != 4 || ntohs(arp->arp_op) != ARPOP_REQUEST) { + if(ntohs(arp.arp_hrd) != ARPHRD_ETHER || ntohs(arp.arp_pro) != ETH_P_IP || + arp.arp_hln != ETH_ALEN || arp.arp_pln != sizeof(addr) || ntohs(arp.arp_op) != ARPOP_REQUEST) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: received unknown type ARP request")); return; } /* Check if the IPv4 address exists on the VPN */ - subnet = lookup_subnet_ipv4((ipv4_t *) arp->arp_tpa); + subnet = lookup_subnet_ipv4((ipv4_t *) &arp.arp_tpa); if(!subnet) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: ARP request for unknown address %d.%d.%d.%d"), - arp->arp_tpa[0], arp->arp_tpa[1], arp->arp_tpa[2], - arp->arp_tpa[3]); + arp.arp_tpa[0], arp.arp_tpa[1], arp.arp_tpa[2], + arp.arp_tpa[3]); return; } @@ -511,16 +549,20 @@ static void route_arp(vpn_packet_t *packet) if(subnet->owner == myself) return; /* silently ignore */ - memcpy(packet->data, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* copy destination address */ - packet->data[ETHER_ADDR_LEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ + memcpy(packet->data, packet->data + ETH_ALEN, ETH_ALEN); /* copy destination address */ + packet->data[ETH_ALEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ - memcpy(ipbuf, arp->arp_tpa, 4); /* save protocol addr */ - memcpy(arp->arp_tpa, arp->arp_spa, 4); /* swap destination and source protocol address */ - memcpy(arp->arp_spa, ipbuf, 4); /* ... */ + memcpy(&addr, arp.arp_tpa, sizeof(addr)); /* save protocol addr */ + memcpy(arp.arp_tpa, arp.arp_spa, sizeof(addr)); /* swap destination and source protocol address */ + memcpy(arp.arp_spa, &addr, sizeof(addr)); /* ... */ - memcpy(arp->arp_tha, arp->arp_sha, 10); /* set target hard/proto addr */ - memcpy(arp->arp_sha, packet->data + ETHER_ADDR_LEN, ETHER_ADDR_LEN); /* add fake source hard addr */ - arp->arp_op = htons(ARPOP_REPLY); + memcpy(arp.arp_tha, arp.arp_sha, ETH_ALEN); /* set target hard/proto addr */ + memcpy(arp.arp_sha, packet->data + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */ + arp.arp_op = htons(ARPOP_REPLY); + + /* Copy structs on stack back to packet */ + + memcpy(packet->data + ether_size, &arp, arp_size); write_packet(packet); } @@ -532,7 +574,7 @@ void route_outgoing(vpn_packet_t *packet) cp(); - if(packet->len < 14) { + if(packet->len < ether_size) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); return; } @@ -543,8 +585,8 @@ void route_outgoing(vpn_packet_t *packet) case RMODE_ROUTER: type = ntohs(*((uint16_t *)(&packet->data[12]))); switch (type) { - case 0x0800: - if(packet->len < 34) { + case ETH_P_IP: + if(packet->len < ether_size + ip_size) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); return; } @@ -552,21 +594,21 @@ void route_outgoing(vpn_packet_t *packet) n = route_ipv4(packet); break; - case 0x86DD: - if(packet->len < 54) { + case ETH_P_IPV6: + if(packet->len < ether_size + ip6_size) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); return; } - if(packet->data[20] == IPPROTO_ICMPV6 && packet->len >= 62 && packet->data[54] == ND_NEIGHBOR_SOLICIT) { + if(packet->data[20] == IPPROTO_ICMPV6 && packet->len >= ether_size + ip6_size + ns_size && packet->data[54] == ND_NEIGHBOR_SOLICIT) { route_neighborsol(packet); return; } n = route_ipv6(packet); break; - case 0x0806: - if(packet->len < 42) { + case ETH_P_ARP: + if(packet->len < ether_size + arp_size) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); return; } @@ -598,9 +640,8 @@ void route_outgoing(vpn_packet_t *packet) void route_incoming(node_t *source, vpn_packet_t *packet) { - if(packet->len < 14) { - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Got too short packet from %s (%s)"), - source->name, source->hostname); + if(packet->len < ether_size) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); return; } @@ -612,8 +653,8 @@ void route_incoming(node_t *source, vpn_packet_t *packet) type = ntohs(*((uint16_t *)(&packet->data[12]))); switch (type) { - case 0x0800: - if(packet->len < 34) { + case ETH_P_IP: + if(packet->len < ether_size + ip_size) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); return; } @@ -621,8 +662,8 @@ void route_incoming(node_t *source, vpn_packet_t *packet) n = route_ipv4(packet); break; - case 0x86DD: - if(packet->len < 54) { + case ETH_P_IPV6: + if(packet->len < ether_size + ip6_size) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); return; } @@ -638,7 +679,7 @@ void route_incoming(node_t *source, vpn_packet_t *packet) if(n) { if(n == myself) { if(overwrite_mac) - memcpy(packet->data, mymac.x, 6); + memcpy(packet->data, mymac.x, ETH_ALEN); write_packet(packet); } else send_packet(n, packet); From c97b8827ed34284535706e8017c962ff8f3a4383 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 6 Oct 2003 13:57:12 +0000 Subject: [PATCH 872/923] const --- src/route.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/route.c b/src/route.c index d38b08e4..9dc296ec 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.67 2003/10/06 13:49:57 guus Exp $ + $Id: route.c,v 1.1.2.68 2003/10/06 13:57:12 guus Exp $ */ #include "system.h" @@ -59,14 +59,14 @@ mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}}; /* Sizes of various headers */ -static size_t ether_size = sizeof(struct ether_header); -static size_t arp_size = sizeof(struct ether_arp); -static size_t ip_size = sizeof(struct ip); -static size_t icmp_size = sizeof(struct icmp) - sizeof(struct ip); -static size_t ip6_size = sizeof(struct ip6_hdr); -static size_t icmp6_size = sizeof(struct icmp6_hdr); -static size_t ns_size = sizeof(struct nd_neighbor_solicit); -static size_t opt_size = sizeof(struct nd_opt_hdr); +static const size_t ether_size = sizeof(struct ether_header); +static const size_t arp_size = sizeof(struct ether_arp); +static const size_t ip_size = sizeof(struct ip); +static const size_t icmp_size = sizeof(struct icmp) - sizeof(struct ip); +static const size_t ip6_size = sizeof(struct ip6_hdr); +static const size_t icmp6_size = sizeof(struct icmp6_hdr); +static const size_t ns_size = sizeof(struct nd_neighbor_solicit); +static const size_t opt_size = sizeof(struct nd_opt_hdr); /* RFC 1071 */ From 77cb10dac0abbfa4389a7588f51797152d91ac22 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 6 Oct 2003 14:16:51 +0000 Subject: [PATCH 873/923] Ethernet protocol types. --- lib/ethernet.h | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/lib/ethernet.h b/lib/ethernet.h index 85649bc2..697aa446 100644 --- a/lib/ethernet.h +++ b/lib/ethernet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ethernet.h,v 1.1.2.3 2003/07/18 13:42:35 guus Exp $ + $Id: ethernet.h,v 1.1.2.4 2003/10/06 14:16:51 guus Exp $ */ #ifndef __TINC_ETHERNET_H__ @@ -27,16 +27,20 @@ #define ETH_ALEN 6 #endif -#ifndef ETHER_ADDR_LEN -#define ETHER_ADDR_LEN 6 -#endif - #ifndef ARPHRD_ETHER #define ARPHRD_ETHER 1 #endif -#ifndef ETHERTYPE_IP -#define ETHERTYPE_IP 0x0800 +#ifndef ETH_P_IP +#define ETH_P_IP 0x0800 +#endif + +#ifndef ETH_P_ARP +#define ETH_P_ARP 0x0806 +#endif + +#ifndef ETH_P_IPV6 +#define ETH_P_IPV6 0x86DD #endif #ifndef HAVE_STRUCT_ARPHDR From 0842998c0bd46855d198923acc2c13cff7430ffe Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 6 Oct 2003 14:33:04 +0000 Subject: [PATCH 874/923] Unused variable in struct. --- src/subnet.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/subnet.h b/src/subnet.h index b0bc9113..0bf3b91c 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.24 2003/07/30 21:52:41 guus Exp $ + $Id: subnet.h,v 1.1.2.25 2003/10/06 14:33:04 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -51,7 +51,6 @@ typedef struct subnet_ipv6_t { typedef struct subnet_t { struct node_t *owner; /* the owner of this subnet */ - struct node_t *uplink; /* the uplink which we should send packets to for this subnet */ subnet_type_t type; /* subnet type (IPv4? IPv6? MAC? something even weirder?) */ From 6350334aa44f85e737c1eb0b55e0392766aa1e84 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 6 Oct 2003 14:41:45 +0000 Subject: [PATCH 875/923] Don't confuse users with "Address family not supported" warnings. --- src/net_socket.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/net_socket.c b/src/net_socket.c index 78e1ad2c..10f2ca01 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.33 2003/07/29 22:59:00 guus Exp $ + $Id: net_socket.c,v 1.1.2.34 2003/10/06 14:41:45 guus Exp $ */ #include "system.h" @@ -62,7 +62,7 @@ int setup_listen_socket(const sockaddr_t *sa) nfd = socket(sa->sa.sa_family, SOCK_STREAM, IPPROTO_TCP); if(nfd < 0) { - logger(LOG_ERR, _("Creating metasocket failed: %s"), strerror(errno)); + ifdebug(STATUS) logger(LOG_ERR, _("Creating metasocket failed: %s"), strerror(errno)); return -1; } From e898b930dcd0694a49dc8cdcf373e0fc125c9fde Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 6 Oct 2003 16:05:30 +0000 Subject: [PATCH 876/923] Use CPPFLAGS, LDFLAGS and LIBS as appropiate. --- m4/lzo.m4 | 10 ++-------- m4/openssl.m4 | 10 ++-------- m4/zlib.m4 | 10 ++-------- 3 files changed, 6 insertions(+), 24 deletions(-) diff --git a/m4/lzo.m4 b/m4/lzo.m4 index 147318fe..33d47d3a 100644 --- a/m4/lzo.m4 +++ b/m4/lzo.m4 @@ -2,27 +2,23 @@ dnl Check to find the lzo headers/libraries AC_DEFUN(tinc_LZO, [ - tinc_ac_save_CPPFLAGS="$CPPFLAGS" - AC_ARG_WITH(lzo, AC_HELP_STRING([--with-lzo=DIR], [lzo base directory, or:]), [lzo="$withval" - CFLAGS="$CFLAGS -I$withval/include" CPPFLAGS="$CPPFLAGS -I$withval/include" - LIBS="$LIBS -L$withval/lib"] + LDFLAGS="$LDFLAGS -L$withval/lib"] ) AC_ARG_WITH(lzo-include, AC_HELP_STRING([--with-lzo-include=DIR], [lzo headers directory]), [lzo_include="$withval" - CFLAGS="$CFLAGS -I$withval" CPPFLAGS="$CPPFLAGS -I$withval"] ) AC_ARG_WITH(lzo-lib, AC_HELP_STRING([--with-lzo-lib=DIR], [lzo library directory]), [lzo_lib="$withval" - LIBS="$LIBS -L$withval"] + LDFLAGS="$LDFLAGS -L$withval"] ) AC_CHECK_HEADERS(lzo1x.h, @@ -30,8 +26,6 @@ AC_DEFUN(tinc_LZO, [AC_MSG_ERROR("lzo header files not found."); break] ) - CPPFLAGS="$tinc_ac_save_CPPFLAGS" - AC_CHECK_LIB(lzo, lzo1x_1_compress, [LIBS="$LIBS -llzo"], [AC_MSG_ERROR("lzo libraries not found.")] diff --git a/m4/openssl.m4 b/m4/openssl.m4 index 32e41de7..f4415cc2 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -2,27 +2,23 @@ dnl Check to find the OpenSSL headers/libraries AC_DEFUN(tinc_OPENSSL, [ - tinc_ac_save_CPPFLAGS="$CPPFLAGS" - AC_ARG_WITH(openssl, AC_HELP_STRING([--with-openssl=DIR], [OpenSSL base directory, or:]), [openssl="$withval" - CFLAGS="$CFLAGS -I$withval/include" CPPFLAGS="$CPPFLAGS -I$withval/include" - LIBS="$LIBS -L$withval/lib"] + LDFLAGS="$LDFLAGS -L$withval/lib"] ) AC_ARG_WITH(openssl-include, AC_HELP_STRING([--with-openssl-include=DIR], [OpenSSL headers directory (without trailing /openssl)]), [openssl_include="$withval" - CFLAGS="$CFLAGS -I$withval" CPPFLAGS="$CPPFLAGS -I$withval"] ) AC_ARG_WITH(openssl-lib, AC_HELP_STRING([--with-openssl-lib=DIR], [OpenSSL library directory]), [openssl_lib="$withval" - LIBS="$LIBS -L$withval"] + LDFLAGS="$LDFLAGS -L$withval"] ) AC_CHECK_HEADERS(openssl/evp.h openssl/rsa.h openssl/rand.h openssl/err.h openssl/sha.h openssl/pem.h, @@ -30,8 +26,6 @@ AC_DEFUN(tinc_OPENSSL, [AC_MSG_ERROR([OpenSSL header files not found.]); break] ) - CPPFLAGS="$tinc_ac_save_CPPFLAGS" - case $host_os in *mingw*) AC_CHECK_LIB(crypto, SHA1_version, diff --git a/m4/zlib.m4 b/m4/zlib.m4 index d6913263..dcf2c3af 100644 --- a/m4/zlib.m4 +++ b/m4/zlib.m4 @@ -2,27 +2,23 @@ dnl Check to find the zlib headers/libraries AC_DEFUN(tinc_ZLIB, [ - tinc_ac_save_CPPFLAGS="$CPPFLAGS" - AC_ARG_WITH(zlib, AC_HELP_STRING([--with-zlib=DIR], [zlib base directory, or:]), [zlib="$withval" - CFLAGS="$CFLAGS -I$withval/include" CPPFLAGS="$CPPFLAGS -I$withval/include" - LIBS="$LIBS -L$withval/lib"] + LDFLAGS="$LDFLAGS -L$withval/lib"] ) AC_ARG_WITH(zlib-include, AC_HELP_STRING([--with-zlib-include=DIR], [zlib headers directory]), [zlib_include="$withval" - CFLAGS="$CFLAGS -I$withval" CPPFLAGS="$CPPFLAGS -I$withval"] ) AC_ARG_WITH(zlib-lib, AC_HELP_STRING([--with-zlib-lib=DIR], [zlib library directory]), [zlib_lib="$withval" - LIBS="$LIBS -L$withval"] + LDFLAGS="$LDFLAGS -L$withval"] ) AC_CHECK_HEADERS(zlib.h, @@ -30,8 +26,6 @@ AC_DEFUN(tinc_ZLIB, [AC_MSG_ERROR("zlib header files not found."); break] ) - CPPFLAGS="$tinc_ac_save_CPPFLAGS" - AC_CHECK_LIB(z, compress2, [LIBS="$LIBS -lz"], [AC_MSG_ERROR("zlib libraries not found.")] From 5900c07fab39d2833ea66429ad652ca49a91a508 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 6 Oct 2003 16:13:08 +0000 Subject: [PATCH 877/923] PIDs are of type pid_t, and use %ld when reading/writing them to the pidfile. --- configure.in | 4 ++-- lib/pidfile.c | 25 ++++++++++--------------- lib/pidfile.h | 6 +++--- src/logger.c | 4 ++-- src/process.c | 25 ++++++------------------- src/tincd.c | 3 ++- 6 files changed, 25 insertions(+), 42 deletions(-) diff --git a/configure.in b/configure.in index 38886115..c66adb6c 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.83 2003/08/08 22:13:50 guus Exp $ +dnl $Id: configure.in,v 1.13.2.84 2003/10/06 16:13:06 guus Exp $ AC_PREREQ(2.57) AC_INIT(src/tincd.c) @@ -253,7 +253,7 @@ dnl Checks for library functions. AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_TYPE_SIGNAL -AC_CHECK_FUNCS([asprintf daemon fchmod fcloseall flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol system unsetenv vsyslog]) +AC_CHECK_FUNCS([asprintf daemon fchmod flock ftime fork get_current_dir_name gettimeofday mlockall putenv random select strdup strerror strsignal strtol system unsetenv vsyslog]) jm_FUNC_MALLOC jm_FUNC_REALLOC diff --git a/lib/pidfile.c b/lib/pidfile.c index 368dad45..61a802f6 100644 --- a/lib/pidfile.c +++ b/lib/pidfile.c @@ -34,14 +34,14 @@ * 0 is returned if either there's no pidfile, it's empty * or no pid can be read. */ -int read_pid (char *pidfile) +pid_t read_pid (char *pidfile) { FILE *f; - int pid; + long pid; if (!(f=fopen(pidfile,"r"))) return 0; - fscanf(f,"%d", &pid); + fscanf(f,"%ld", &pid); fclose(f); return pid; } @@ -50,11 +50,11 @@ int read_pid (char *pidfile) * * Reads the pid using read_pid and looks up the pid in the process * table (using /proc) to determine if the process already exists. If - * so 1 is returned, otherwise 0. + * so the pid is returned, otherwise 0. */ -int check_pid (char *pidfile) +pid_t check_pid (char *pidfile) { - int pid = read_pid(pidfile); + pid_t pid = read_pid(pidfile); /* Amazing ! _I_ am already holding the pid file... */ if ((!pid) || (pid == getpid ())) @@ -68,7 +68,7 @@ int check_pid (char *pidfile) /* But... errno is usually changed only on error.. */ errno = 0; if (kill(pid, 0) && errno == ESRCH) - return(0); + return 0; return pid; } @@ -78,30 +78,26 @@ int check_pid (char *pidfile) * Writes the pid to the specified file. If that fails 0 is * returned, otherwise the pid. */ -int write_pid (char *pidfile) +pid_t write_pid (char *pidfile) { FILE *f; int fd; - int pid; + pid_t pid; if ( ((fd = open(pidfile, O_RDWR|O_CREAT, 0644)) == -1) || ((f = fdopen(fd, "r+")) == NULL) ) { - fprintf(stderr, "Can't open or create %s.\n", pidfile); return 0; } #ifdef HAVE_FLOCK if (flock(fd, LOCK_EX|LOCK_NB) == -1) { - fscanf(f, "%d", &pid); fclose(f); - printf("Can't lock, lock is held by pid %d.\n", pid); return 0; } #endif pid = getpid(); - if (!fprintf(f,"%d\n", pid)) { - printf("Can't write pid , %s.\n", strerror(errno)); + if (!fprintf(f,"%ld\n", (long)pid)) { close(fd); return 0; } @@ -109,7 +105,6 @@ int write_pid (char *pidfile) #ifdef HAVE_FLOCK if (flock(fd, LOCK_UN) == -1) { - printf("Can't unlock pidfile %s, %s.\n", pidfile, strerror(errno)); close(fd); return 0; } diff --git a/lib/pidfile.h b/lib/pidfile.h index d428d48c..152ae2c4 100644 --- a/lib/pidfile.h +++ b/lib/pidfile.h @@ -26,7 +26,7 @@ * 0 is returned if either there's no pidfile, it's empty * or no pid can be read. */ -int read_pid (char *pidfile); +pid_t read_pid (char *pidfile); /* check_pid * @@ -34,14 +34,14 @@ int read_pid (char *pidfile); * table (using /proc) to determine if the process already exists. If * so 1 is returned, otherwise 0. */ -int check_pid (char *pidfile); +pid_t check_pid (char *pidfile); /* write_pid * * Writes the pid to the specified file. If that fails 0 is * returned, otherwise the pid. */ -int write_pid (char *pidfile); +pid_t write_pid (char *pidfile); /* remove_pid * diff --git a/src/logger.c b/src/logger.c index 02f3f0f8..dec88fdc 100644 --- a/src/logger.c +++ b/src/logger.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: logger.c,v 1.1.2.11 2003/08/17 12:04:35 guus Exp $ + $Id: logger.c,v 1.1.2.12 2003/10/06 16:13:07 guus Exp $ */ #include "system.h" @@ -78,7 +78,7 @@ void logger(int priority, const char *format, ...) { fflush(stderr); break; case LOGMODE_FILE: - fprintf(logfile, "%ld %s[%d]: ", time(NULL), logident, logpid); + fprintf(logfile, "%ld %s[%ld]: ", time(NULL), logident, (long)logpid); vfprintf(logfile, format, ap); fprintf(logfile, "\n"); fflush(logfile); diff --git a/src/process.c b/src/process.c index 2050c059..a5abc936 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.75 2003/08/22 15:07:57 guus Exp $ + $Id: process.c,v 1.1.2.76 2003/10/06 16:13:08 guus Exp $ */ #include "system.h" @@ -58,19 +58,6 @@ static void memory_full(int size) /* Some functions the less gifted operating systems might lack... */ -#ifndef HAVE_FCLOSEALL -static int fcloseall(void) -{ - fflush(stdin); - fflush(stdout); - fflush(stderr); - fclose(stdin); - fclose(stdout); - fclose(stderr); - return 0; -} -#endif - #ifdef HAVE_MINGW extern char *identname; extern char *program_name; @@ -254,7 +241,7 @@ bool init_service(void) { */ static bool write_pidfile(void) { - int pid; + pid_t pid; cp(); @@ -262,10 +249,10 @@ static bool write_pidfile(void) if(pid) { if(netname) - fprintf(stderr, _("A tincd is already running for net `%s' with pid %d.\n"), - netname, pid); + fprintf(stderr, _("A tincd is already running for net `%s' with pid %ld.\n"), + netname, (long)pid); else - fprintf(stderr, _("A tincd is already running with pid %d.\n"), pid); + fprintf(stderr, _("A tincd is already running with pid %ld.\n"), (long)pid); return false; } @@ -283,7 +270,7 @@ static bool write_pidfile(void) bool kill_other(int signal) { #ifndef HAVE_MINGW - int pid; + pid_t pid; cp(); diff --git a/src/tincd.c b/src/tincd.c index ebee1b3b..1a5677f1 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.88 2003/09/25 10:34:16 guus Exp $ + $Id: tincd.c,v 1.10.4.89 2003/10/06 16:13:08 guus Exp $ */ #include "system.h" @@ -39,6 +39,7 @@ #include #include +#include #include "conf.h" #include "device.h" From ad39db95fecf760297b4e320ef2f6d6d9fdad605 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 6 Oct 2003 16:49:42 +0000 Subject: [PATCH 878/923] Make sure type of AF_UNKNOWN is sa_family_t. --- src/net.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/net.h b/src/net.h index d295fed9..629e7d8c 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.70 2003/08/22 11:18:42 guus Exp $ + $Id: net.h,v 1.9.4.71 2003/10/06 16:49:42 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -54,7 +54,7 @@ typedef struct ipv6_t { typedef short length_t; -#define AF_UNKNOWN 0xFFFF +#define AF_UNKNOWN ((sa_family_t)-1) struct sockaddr_unknown { uint16_t family; From 5b556c0971e847580b85268e57f0b29dbde5499c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 8 Oct 2003 11:33:54 +0000 Subject: [PATCH 879/923] Forgot to #include "xalloc.h" --- lib/fake-getaddrinfo.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/fake-getaddrinfo.c b/lib/fake-getaddrinfo.c index 161c826f..14420b58 100644 --- a/lib/fake-getaddrinfo.c +++ b/lib/fake-getaddrinfo.c @@ -14,6 +14,7 @@ #include "ipv4.h" #include "ipv6.h" #include "fake-getaddrinfo.h" +#include "xalloc.h" #ifndef HAVE_GAI_STRERROR char *gai_strerror(int ecode) From 1d7706a8506d8073def0965da809960c6ad8bf9a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 8 Oct 2003 11:34:55 +0000 Subject: [PATCH 880/923] Update missing definitions, structs describing headers get __packed__ attribute. --- configure.in | 4 ++-- lib/ethernet.h | 24 ++++++++++++++++-------- lib/ipv4.h | 6 +++--- lib/ipv6.h | 14 +++++++------- 4 files changed, 28 insertions(+), 20 deletions(-) diff --git a/configure.in b/configure.in index c66adb6c..f72229c6 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.84 2003/10/06 16:13:06 guus Exp $ +dnl $Id: configure.in,v 1.13.2.85 2003/10/08 11:34:55 guus Exp $ AC_PREREQ(2.57) AC_INIT(src/tincd.c) @@ -197,7 +197,7 @@ AC_STRUCT_TM tinc_ATTRIBUTE(__malloc__) -AC_CHECK_TYPES([socklen_t, struct arphdr, struct ether_arp, struct in_addr, struct addrinfo, struct ip, struct icmp, struct in6_addr, struct sockaddr_in6, struct ip6_hdr, struct icmp6_hdr, struct nd_neighbor_solicit, struct nd_opt_hdr], , , +AC_CHECK_TYPES([socklen_t, struct ether_header, struct arphdr, struct ether_arp, struct in_addr, struct addrinfo, struct ip, struct icmp, struct in6_addr, struct sockaddr_in6, struct ip6_hdr, struct icmp6_hdr, struct nd_neighbor_solicit, struct nd_opt_hdr], , , [#ifdef HAVE_SYS_TYPES_H #include #endif diff --git a/lib/ethernet.h b/lib/ethernet.h index 697aa446..0784ce1b 100644 --- a/lib/ethernet.h +++ b/lib/ethernet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ethernet.h,v 1.1.2.4 2003/10/06 14:16:51 guus Exp $ + $Id: ethernet.h,v 1.1.2.5 2003/10/08 11:34:55 guus Exp $ */ #ifndef __TINC_ETHERNET_H__ @@ -43,14 +43,22 @@ #define ETH_P_IPV6 0x86DD #endif +#ifndef HAVE_STRUCT_ETHER_HEADER +struct ether_header { + uint8_t ether_dhost[ETH_ALEN]; + uint8_t ether_shost[ETH_ALEN]; + uint16_t ether_type; +} __attribute__ ((__packed__)); +#endif + #ifndef HAVE_STRUCT_ARPHDR struct arphdr { - unsigned short int ar_hrd; - unsigned short int ar_pro; - unsigned char ar_hln; - unsigned char ar_pln; - unsigned short int ar_op; -}; + uint16_t ar_hrd; + uint16_t ar_pro; + uint8_t ar_hln; + uint8_t ar_pln; + uint16_t ar_op; +} __attribute__ ((__packed__)); #define ARPOP_REQUEST 1 #define ARPOP_REPLY 2 @@ -68,7 +76,7 @@ struct ether_arp { uint8_t arp_spa[4]; uint8_t arp_tha[ETH_ALEN]; uint8_t arp_tpa[4]; -}; +} __attribute__ ((__packed__)); #define arp_hrd ea_hdr.ar_hrd #define arp_pro ea_hdr.ar_pro #define arp_hln ea_hdr.ar_hln diff --git a/lib/ipv4.h b/lib/ipv4.h index 4be432f7..0ee46fb2 100644 --- a/lib/ipv4.h +++ b/lib/ipv4.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ipv4.h,v 1.1.2.3 2003/07/21 13:14:02 guus Exp $ + $Id: ipv4.h,v 1.1.2.4 2003/10/08 11:34:55 guus Exp $ */ #ifndef __TINC_IPV4_H__ @@ -68,7 +68,7 @@ struct ip { uint8_t ip_p; uint16_t ip_sum; struct in_addr ip_src, ip_dst; -}; +} __attribute__ ((__packed__)); #endif #ifndef HAVE_STRUCT_ICMP @@ -126,7 +126,7 @@ struct icmp { #define icmp_radv icmp_dun.id_radv #define icmp_mask icmp_dun.id_mask #define icmp_data icmp_dun.id_data -}; +} __attribute__ ((__packed__)); #endif #endif /* __TINC_IPV4_H__ */ diff --git a/lib/ipv6.h b/lib/ipv6.h index 0db5d011..6216cc05 100644 --- a/lib/ipv6.h +++ b/lib/ipv6.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ipv6.h,v 1.1.2.6 2003/07/21 13:14:02 guus Exp $ + $Id: ipv6.h,v 1.1.2.7 2003/10/08 11:34:55 guus Exp $ */ #ifndef __TINC_IPV6_H__ @@ -38,7 +38,7 @@ struct in6_addr { uint16_t u6_addr16[8]; uint32_t u6_addr32[4]; } in6_u; -}; +} __attribute__ ((__packed__)); #define s6_addr in6_u.u6_addr8 #define s6_addr16 in6_u.u6_addr16 #define s6_addr32 in6_u.u6_addr32 @@ -51,7 +51,7 @@ struct sockaddr_in6 { uint32_t sin6_flowinfo; struct in6_addr sin6_addr; uint32_t sin6_scope_id; -}; +} __attribute__ ((__packed__)); #endif #ifndef IN6_IS_ADDR_V4MAPPED @@ -74,7 +74,7 @@ struct ip6_hdr { } ip6_ctlun; struct in6_addr ip6_src; struct in6_addr ip6_dst; -}; +} __attribute__ ((__packed__)); #define ip6_vfc ip6_ctlun.ip6_un2_vfc #define ip6_flow ip6_ctlun.ip6_un1.ip6_un1_flow #define ip6_plen ip6_ctlun.ip6_un1.ip6_un1_plen @@ -93,7 +93,7 @@ struct icmp6_hdr { uint16_t icmp6_un_data16[2]; uint8_t icmp6_un_data8[4]; } icmp6_dataun; -}; +} __attribute__ ((__packed__)); #define ICMP6_DST_UNREACH_NOROUTE 0 #define ICMP6_DST_UNREACH 1 #define ICMP6_DST_UNREACH_ADDR 3 @@ -105,7 +105,7 @@ struct icmp6_hdr { struct nd_neighbor_solicit { struct icmp6_hdr nd_ns_hdr; struct in6_addr nd_ns_target; -}; +} __attribute__ ((__packed__)); #define ND_OPT_SOURCE_LINKADDR 1 #define ND_OPT_TARGET_LINKADDR 2 #endif @@ -114,7 +114,7 @@ struct nd_neighbor_solicit { struct nd_opt_hdr { uint8_t nd_opt_type; uint8_t nd_opt_len; -}; +} __attribute__ ((__packed__)); #endif #endif /* __TINC_IPV6_H__ */ From acf5f9c968d17ad3e31129d2184309de06d72eed Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 8 Oct 2003 11:37:20 +0000 Subject: [PATCH 881/923] Missing declaration. --- src/cygwin/device.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/cygwin/device.c b/src/cygwin/device.c index c8f288ca..b7f49af4 100644 --- a/src/cygwin/device.c +++ b/src/cygwin/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.16 2003/08/08 19:49:47 guus Exp $ + $Id: device.c,v 1.1.2.17 2003/10/08 11:37:20 guus Exp $ */ #include "system.h" @@ -59,7 +59,7 @@ int sp[2]; bool setup_device(void) { HKEY key, key2; - int i; + int i, err; char regpath[1024]; char adapterid[1024]; From f2ebdf75806d8c04138db0eb30727f846541ed75 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 8 Oct 2003 11:37:53 +0000 Subject: [PATCH 882/923] Set media status for newer TAP-Win32 driver. --- src/mingw/device.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/mingw/device.c b/src/mingw/device.c index 01854d67..93c6b78e 100644 --- a/src/mingw/device.c +++ b/src/mingw/device.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: device.c,v 1.1.2.13 2003/08/08 19:49:47 guus Exp $ + $Id: device.c,v 1.1.2.14 2003/10/08 11:37:53 guus Exp $ */ #include "system.h" @@ -40,9 +40,15 @@ #define TAP_CONTROL_CODE(request,method) CTL_CODE(FILE_DEVICE_PHYSICAL_NETCARD | 8000, request, method, FILE_ANY_ACCESS) -#define TAP_IOCTL_GET_LASTMAC TAP_CONTROL_CODE(0, METHOD_BUFFERED) -#define TAP_IOCTL_GET_MAC TAP_CONTROL_CODE(1, METHOD_BUFFERED) -#define TAP_IOCTL_SET_STATISTICS TAP_CONTROL_CODE(2, METHOD_BUFFERED) +#define TAP_IOCTL_GET_LASTMAC TAP_CONTROL_CODE(0, METHOD_BUFFERED) +#define TAP_IOCTL_GET_MAC TAP_CONTROL_CODE(1, METHOD_BUFFERED) +#define TAP_IOCTL_SET_STATISTICS TAP_CONTROL_CODE(2, METHOD_BUFFERED) +#define TAP_IOCTL_GET_VERSION TAP_CONTROL_CODE(3, METHOD_BUFFERED) +#define TAP_IOCTL_GET_MTU TAP_CONTROL_CODE(4, METHOD_BUFFERED) +#define TAP_IOCTL_GET_INFO TAP_CONTROL_CODE(5, METHOD_BUFFERED) +#define TAP_IOCTL_CONFIG_POINT_TO_POINT TAP_CONTROL_CODE(6, METHOD_BUFFERED) +#define TAP_IOCTL_SET_MEDIA_STATUS TAP_CONTROL_CODE(7, METHOD_BUFFERED) + int device_fd = 0; HANDLE device_handle = INVALID_HANDLE_VALUE; @@ -131,6 +137,7 @@ bool setup_device(void) char adaptername[1024]; char tapname[1024]; long len; + unsigned long status; bool found = false; @@ -283,6 +290,11 @@ bool setup_device(void) closesocket(sock); + /* Set media status for newer TAP-Win32 devices */ + + status = true; + DeviceIoControl(device_handle, TAP_IOCTL_SET_MEDIA_STATUS, &status, sizeof(status), &status, sizeof(status), &len, NULL); + device_info = _("Windows tap device"); logger(LOG_INFO, _("%s (%s) is a %s"), device, iface, device_info); From 98edfb14fcc7167d24d440ed2772d0755daac3b7 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 8 Oct 2003 12:09:37 +0000 Subject: [PATCH 883/923] Some platforms don't know sa_family_t or define it other than uint16_t. --- src/net.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/net.h b/src/net.h index 629e7d8c..cadb76e8 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.71 2003/10/06 16:49:42 guus Exp $ + $Id: net.h,v 1.9.4.72 2003/10/08 12:09:37 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -54,7 +54,7 @@ typedef struct ipv6_t { typedef short length_t; -#define AF_UNKNOWN ((sa_family_t)-1) +#define AF_UNKNOWN 255 struct sockaddr_unknown { uint16_t family; From e33307fc9f5354933554d26de618db1b08fc04c0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 9 Oct 2003 21:33:15 +0000 Subject: [PATCH 884/923] Update documentation. --- doc/tinc.texi | 615 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 435 insertions(+), 180 deletions(-) diff --git a/doc/tinc.texi b/doc/tinc.texi index dd114355..79e1ff05 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.44 2003/08/09 00:53:22 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.45 2003/10/09 21:33:15 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -20,7 +20,7 @@ Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.44 2003/08/09 00:53:22 guus Exp $ +$Id: tinc.texi,v 1.8.4.45 2003/10/09 21:33:15 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -47,7 +47,7 @@ Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.44 2003/08/09 00:53:22 guus Exp $ +$Id: tinc.texi,v 1.8.4.45 2003/10/09 21:33:15 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -60,8 +60,10 @@ permission notice identical to this one. @end titlepage +@ifinfo @c ================================================================== -@node Top, Introduction, (dir), (dir) +@node Top +@top Top @menu * Introduction:: @@ -70,19 +72,18 @@ permission notice identical to this one. * Configuration:: * Running tinc:: * Technical information:: +* Platform specific information:: * About us:: * Concept Index:: All used terms explained @end menu - - -@contents +@end ifinfo @c ================================================================== -@node Introduction, Preparations, Top, Top +@node Introduction @chapter Introduction @cindex tinc -tinc is a Virtual Private Network (VPN) daemon that uses tunneling and +Tinc is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet. @@ -102,7 +103,7 @@ process of tinc itself. @end menu @c ================================================================== -@node Virtual Private Networks, tinc, Introduction, Introduction +@node Virtual Private Networks @section Virtual Private Networks @cindex VPN @@ -140,7 +141,7 @@ through the VPN. This is what tinc was made for. @c ================================================================== -@node tinc, Supported platforms, Virtual Private Networks, Introduction +@node tinc @section tinc @cindex vpnd @@ -148,22 +149,22 @@ I really don't quite remember what got us started, but it must have been Guus' idea. He wrote a simple implementation (about 50 lines of C) that used the ethertap device that Linux knows of since somewhere about kernel 2.1.60. It didn't work immediately and he improved it a -bit. At this stage, the project was still simply called @samp{vpnd}. +bit. At this stage, the project was still simply called "vpnd". Since then, a lot has changed---to say the least. @cindex tincd -tinc now supports encryption, it consists of a single daemon (tincd) for +Tinc now supports encryption, it consists of a single daemon (tincd) for both the receiving and sending end, it has become largely runtime-configurable---in short, it has become a full-fledged professional package. @cindex Traditional VPNs @cindex scalability -tinc also allows more than two sites to connect to eachother and form a single VPN. +Tinc also allows more than two sites to connect to eachother and form a single VPN. Traditionally VPNs are created by making tunnels, which only have two endpoints. Larger VPNs with more sites are created by adding more tunnels. -tinc takes another approach: only endpoints are specified, +Tinc takes another approach: only endpoints are specified, the software itself will take care of creating the tunnels. This allows for easier configuration and improved scalability. @@ -177,11 +178,11 @@ available too. @c ================================================================== -@node Supported platforms, , tinc, Introduction +@node Supported platforms @section Supported platforms @cindex platforms -tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X (Darwin), Solaris, and Windows (both natively and in a Cygwin environment), +Tinc has been verified to work under Linux, FreeBSD, OpenBSD, NetBSD, MacOS/X (Darwin), Solaris, and Windows (both natively and in a Cygwin environment), with various hardware architectures. These are some of the platforms that are supported by the universal tun/tap device driver or other virtual network device drivers. Without such a driver, tinc will most @@ -198,14 +199,14 @@ our website: @subsection Linux @cindex Linux -tinc was first written for Linux running on an intel x86 processor, so +Tinc was first written for Linux running on an intel x86 processor, so this is the best supported platform. The protocol however, and actually anything about tinc, has been rewritten to support random byte ordering and arbitrary word length. So in theory it should run on other processors that Linux runs on. It has already been verified to run on alpha and sparc processors as well. -tinc uses the ethertap device or the universal tun/tap driver. The former is provided in the standard kernel +Tinc uses the ethertap device or the universal tun/tap driver. The former is provided in the standard kernel from version 2.1.60 up to 2.3.x, but has been replaced in favour of the tun/tap driver in kernel versions 2.4.0 and later. @@ -213,7 +214,7 @@ from version 2.1.60 up to 2.3.x, but has been replaced in favour of the tun/tap @subsection FreeBSD @cindex FreeBSD -tinc on FreeBSD relies on the universal tun/tap driver for its data +Tinc on FreeBSD relies on the universal tun/tap driver for its data acquisition from the kernel. Therefore, tinc will work on the same platforms as this driver. These are: FreeBSD 3.x, 4.x, 5.x. @@ -222,7 +223,7 @@ as this driver. These are: FreeBSD 3.x, 4.x, 5.x. @subsection OpenBSD @cindex OpenBSD -tinc on OpenBSD relies on the tun driver for its data +Tinc on OpenBSD relies on the tun driver for its data acquisition from the kernel. It has been verified to work under at least OpenBSD 2.9. Tunneling IPv6 packets may not work on OpenBSD. @@ -235,7 +236,7 @@ Tunneling IPv6 packets may not work on OpenBSD. @subsection NetBSD @cindex NetBSD -tinc on NetBSD relies on the tun driver for its data +Tinc on NetBSD relies on the tun driver for its data acquisition from the kernel. It has been verified to work under at least NetBSD 1.5.2. Tunneling IPv6 does not work on OpenBSD. @@ -245,9 +246,9 @@ Tunneling IPv6 does not work on OpenBSD. @subsection Solaris @cindex Solaris -tinc on Solaris relies on the universal tun/tap driver for its data +Tinc on Solaris relies on the universal tun/tap driver for its data acquisition from the kernel. Therefore, tinc will work on the same platforms -as this driver. These are: Solaris 8 (SunOS 5.8). +as this driver. It has been verified to work under Solaris 8 (SunOS 5.8). IPv6 packets cannot be tunneled on Solaris. @@ -256,7 +257,7 @@ IPv6 packets cannot be tunneled on Solaris. @cindex Darwin @cindex MacOS/X -tinc on Darwin relies on the tunnel driver for its data +Tinc on Darwin relies on the tunnel driver for its data acquisition from the kernel. This driver is not part of Darwin but can be downloaded from @uref{http://chrisp.de/en/projects/tunnel.html}. @@ -266,7 +267,7 @@ IPv6 packets cannot be tunneled on Darwin. @subsection Windows @cindex Windows -tinc on Windows, in a Cygwin environment, relies on the CIPE driver or the TAP-Win32 driver for its data +Tinc on Windows, in a Cygwin environment, relies on the CIPE driver or the TAP-Win32 driver for its data acquisition from the kernel. This driver is not part of Windows but can be downloaded from @uref{http://cipe-win32.sourceforge.net/}. @@ -285,7 +286,7 @@ downloaded from @uref{http://cipe-win32.sourceforge.net/}. @c @c ================================================================== -@node Preparations, Installation, Introduction, Top +@node Preparations @chapter Preparations This chapter contains information on how to prepare your system to @@ -298,7 +299,7 @@ support tinc. @c ================================================================== -@node Configuring the kernel, Libraries, Preparations, Preparations +@node Configuring the kernel @section Configuring the kernel @cindex RedHat @@ -334,7 +335,7 @@ you should read the @uref{http://howto.linuxberg.com/LDP/HOWTO/Kernel-HOWTO.html @c ================================================================== -@node Configuration of Linux kernels 2.1.60 up to 2.4.0, Configuration of Linux kernels 2.4.0 and higher, Configuring the kernel, Configuring the kernel +@node Configuration of Linux kernels 2.1.60 up to 2.4.0 @subsection Configuration of Linux kernels 2.1.60 up to 2.4.0 Here are the options you have to turn on when configuring a new kernel: @@ -371,7 +372,7 @@ Add as much alias/options lines as necessary. @c ================================================================== -@node Configuration of Linux kernels 2.4.0 and higher, Configuration of FreeBSD kernels, Configuration of Linux kernels 2.1.60 up to 2.4.0, Configuring the kernel +@node Configuration of Linux kernels 2.4.0 and higher @subsection Configuration of Linux kernels 2.4.0 and higher Here are the options you have to turn on when configuring a new kernel: @@ -400,7 +401,7 @@ alias char-major-10-200 tun @c ================================================================== -@node Configuration of FreeBSD kernels, Configuration of OpenBSD kernels, Configuration of Linux kernels 2.4.0 and higher, Configuring the kernel +@node Configuration of FreeBSD kernels @subsection Configuration of FreeBSD kernels For FreeBSD version 4.1 and higher, the tap driver is included in the default kernel configuration, for earlier @@ -409,7 +410,7 @@ yourself. @c ================================================================== -@node Configuration of OpenBSD kernels, Configuration of NetBSD kernels, Configuration of FreeBSD kernels, Configuring the kernel +@node Configuration of OpenBSD kernels @subsection Configuration of OpenBSD kernels For OpenBSD version 2.9 and higher, @@ -417,7 +418,7 @@ the tun driver is included in the default kernel configuration. @c ================================================================== -@node Configuration of NetBSD kernels, Configuration of Solaris kernels, Configuration of OpenBSD kernels, Configuring the kernel +@node Configuration of NetBSD kernels @subsection Configuration of NetBSD kernels For NetBSD version 1.5.2 and higher, @@ -425,15 +426,18 @@ the tun driver is included in the default kernel configuration. @c ================================================================== -@node Configuration of Solaris kernels, Configuration of Darwin (MacOS/X) kernels, Configuration of NetBSD kernels, Configuring the kernel +@node Configuration of Solaris kernels @subsection Configuration of Solaris kernels For Solaris 8 (SunOS 5.8) and higher, -the tun driver is included in the default kernel configuration. +the tun driver may or may not be included in the default kernel configuration. +If it isn't, the source can be downloaded from @uref{http://vtun.sourceforge.net/tun/}. +For x86 and sparc64 architectures, precompiled versions can be found at @uref{http://www.monkey.org/~dugsong/fragroute/}. +If the @file{net/if_tun.h} header file is missing, install it from the source package. @c ================================================================== -@node Configuration of Darwin (MacOS/X) kernels, Configuration of Windows, Configuration of Solaris kernels, Configuring the kernel +@node Configuration of Darwin (MacOS/X) kernels @subsection Configuration of Darwin (MacOS/X) kernels Darwin does not come with a tunnel driver. You must download it at @@ -450,17 +454,18 @@ and the corresponding network interfaces. @c ================================================================== -@node Configuration of Windows, , Configuration of Darwin (MacOS/X) kernels, Configuring the kernel +@node Configuration of Windows @subsection Configuration of Windows -You will need to install the CIPE driver or the TAP-Win32 driver. You can download the CIPE driver from -@uref{http://cipe-win32.sourceforge.net}. Using the Network Connections control panel, -configure the CIPE network device in the same way as you would do from the tinc-up script -as explained in the rest of the documentation. +You will need to install the CIPE-Win32 driver or the TAP-Win32 driver, it +doesn't matter which one. You can download the CIPE driver from +@uref{http://cipe-win32.sourceforge.net}. Using the Network Connections +control panel, configure the CIPE-Win32 or TAP-Win32 network interface in the same way as you would +do from the tinc-up script as explained in the rest of the documentation. @c ================================================================== -@node Libraries, , Configuring the kernel, Preparations +@node Libraries @section Libraries @cindex requirements @@ -477,7 +482,7 @@ having them installed, configure will give you an error message, and stop. @c ================================================================== -@node OpenSSL, zlib, Libraries, Libraries +@node OpenSSL @subsection OpenSSL @cindex OpenSSL @@ -514,10 +519,12 @@ to let configure know where they are, by passing configure one of the @subsubheading License @cindex license +The complete source code of tinc is covered by the GNU GPL version 2. Since the license under which OpenSSL is distributed is not directly compatible with the terms of the GNU GPL -@uref{http://www.openssl.org/support/faq.html#LEGAL2}, therefore we -include an addition to the GPL (see also the file COPYING.README): +@uref{http://www.openssl.org/support/faq.html#LEGAL2}, we +include an exemption to the GPL (see also the file COPYING.README) to allow +everyone to create a statically or dynamically linked executable: @quotation This program is released under the GPL with the additional exemption @@ -526,9 +533,20 @@ provide binary packages linked to the OpenSSL libraries, provided that all other requirements of the GPL are met. @end quotation +Since the LZO library used by tinc is also covered by the GPL, +we also present the following exemption: + +@quotation +Hereby I grant a special exception to the tinc VPN project +(http://tinc.nl.linux.org/) to link the LZO library with the OpenSSL library +(http://www.openssl.org). + +Markus F.X.J. Oberhumer +@end quotation + @c ================================================================== -@node zlib, lzo, OpenSSL, Libraries +@node zlib @subsection zlib @cindex zlib @@ -551,7 +569,7 @@ default). @c ================================================================== -@node lzo, , zlib, Libraries +@node lzo @subsection lzo @cindex lzo @@ -582,7 +600,7 @@ default). @c @c ================================================================== -@node Installation, Configuration, Preparations, Top +@node Installation @chapter Installation If you use Debian, you may want to install one of the @@ -596,7 +614,7 @@ the GNU General Public License (GPL). Download the source from the the checksums of these files listed; you may wish to check these with md5sum before continuing. -tinc comes in a convenient autoconf/automake package, which you can just +Tinc comes in a convenient autoconf/automake package, which you can just treat the same as any other package. Which is just untar it, type `./configure' and then `make'. More detailed instructions are in the file @file{INSTALL}, which is @@ -609,7 +627,7 @@ included in the source distribution. @c ================================================================== -@node Building and installing tinc, System files, Installation, Installation +@node Building and installing tinc @section Building and installing tinc Detailed instructions on configuring the source, building tinc and installing tinc @@ -628,7 +646,7 @@ The documentation that comes along with your distribution will tell you how to d @c ================================================================== -@node Darwin (MacOS/X) build environment, Cygwin (Windows) build environment, Building and installing tinc, Building and installing tinc +@node Darwin (MacOS/X) build environment @subsection Darwin (MacOS/X) build environment In order to build tinc on Darwin, you need to install the MacOS/X Developer Tools @@ -639,7 +657,7 @@ After installation use fink to download and install the following packages: autoconf25, automake, dlcompat, m4, openssl, zlib and lzo. @c ================================================================== -@node Cygwin (Windows) build environment, MinGW (Windows) build environment, Darwin (MacOS/X) build environment, Building and installing tinc +@node Cygwin (Windows) build environment @subsection Cygwin (Windows) build environment If Cygwin hasn't already been installed, install it directly from @@ -650,7 +668,7 @@ but all programs, including those started outside the Cygwin environment, will b It will also support all features. @c ================================================================== -@node MinGW (Windows) build environment, , Cygwin (Windows) build environment, Building and installing tinc +@node MinGW (Windows) build environment @subsection MinGW (Windows) build environment You will need to install the MinGW environment from @uref{http://www.mingw.org}. @@ -663,7 +681,7 @@ which will be restarted automatically after reboots. @c ================================================================== -@node System files, , Building and installing tinc, Installation +@node System files @section System files Before you can run tinc, you must make sure you have all the needed @@ -676,7 +694,7 @@ files on your system. @c ================================================================== -@node Device files, Other files, System files, System files +@node Device files @subsection Device files @cindex device files @@ -716,7 +734,7 @@ you are planning to run multiple tinc daemons. @c ================================================================== -@node Other files, , Device files, System files +@node Other files @subsection Other files @subsubheading @file{/etc/networks} @@ -754,7 +772,7 @@ tinc 655/udp TINC @c ================================================================== -@node Configuration, Running tinc, Installation, Top +@node Configuration @chapter Configuration @menu @@ -768,7 +786,7 @@ tinc 655/udp TINC @end menu @c ================================================================== -@node Configuration introduction, Multiple networks, Configuration, Configuration +@node Configuration introduction @section Configuration introduction Before actually starting to configure tinc and editing files, @@ -796,14 +814,14 @@ These steps are described in the subsections below. @c ================================================================== -@node Multiple networks, How connections work, Configuration introduction, Configuration +@node Multiple networks @section Multiple networks @cindex multiple networks @cindex netname In order to allow you to run more than one tinc daemon on one computer, for instance if your computer is part of more than one VPN, -you can assign a ``netname'' to your VPN. +you can assign a @var{netname} to your VPN. It is not required if you only run one tinc daemon, it doesn't even have to be the same on all the sites of your VPN, but it is recommended that you choose one anyway. @@ -813,14 +831,14 @@ This means that you call tincd with the -n argument, which will assign a netname to this daemon. The effect of this is that the daemon will set its configuration -``root'' to @value{sysconfdir}/tinc/@var{netname}/, where @var{netname} is your argument to the -n -option. You'll notice that it appears in syslog as ``tinc.@var{netname}''. +root to @file{@value{sysconfdir}/tinc/@var{netname}/}, where @var{netname} is your argument to the -n +option. You'll notice that it appears in syslog as @file{tinc.@var{netname}}. However, it is not strictly necessary that you call tinc with the -n option. In this case, the network name would just be empty, and it will -be used as such. tinc now looks for files in @value{sysconfdir}/tinc/, instead of -@value{sysconfdir}/tinc/@var{netname}/; the configuration file should be @value{sysconfdir}/tinc/tinc.conf, -and the host configuration files are now expected to be in @value{sysconfdir}/tinc/hosts/. +be used as such. tinc now looks for files in @file{@value{sysconfdir}/tinc/}, instead of +@file{@value{sysconfdir}/tinc/@var{netname}/}; the configuration file should be @file{@value{sysconfdir}/tinc/tinc.conf}, +and the host configuration files are now expected to be in @file{@value{sysconfdir}/tinc/hosts/}. But it is highly recommended that you use this feature of tinc, because it will be so much clearer whom your daemon talks to. Hence, we will @@ -828,7 +846,7 @@ assume that you use it. @c ================================================================== -@node How connections work, Configuration files, Multiple networks, Configuration +@node How connections work @section How connections work When tinc starts up, it parses the command-line options and then @@ -853,7 +871,7 @@ It does not matter if two tinc daemons have a `ConnectTo' value pointing to each @c ================================================================== -@node Configuration files, Generating keypairs, How connections work, Configuration +@node Configuration files @section Configuration files The actual configuration of the daemon is done in the file @@ -885,18 +903,18 @@ other comments are between square brackets. @c ================================================================== -@node Main configuration variables, Host configuration variables, Configuration files, Configuration files +@node Main configuration variables @subsection Main configuration variables @table @asis @cindex AddressFamily -@item @var{AddressFamily} = (any) +@item AddressFamily = (any) This option affects the address family of listening and outgoing sockets. -If "any" is selected, then depending on the operating system +If any is selected, then depending on the operating system both IPv4 and IPv6 or just IPv6 listening sockets will be created. @cindex BindToAddress -@item @var{BindToAddress} =
      [experimental] +@item BindToAddress = <@var{address}> [experimental] If your computer has more than one IPv4 or IPv6 address, tinc will by default listen on all of them for incoming connections. It is possible to bind only to a single address with this variable. @@ -904,7 +922,7 @@ It is possible to bind only to a single address with this variable. This option may not work on all platforms. @cindex BindToInterface -@item @var{BindToInterface} = [experimental] +@item BindToInterface = <@var{interface}> [experimental] If you have more than one network interface in your computer, tinc will by default listen on all of them for incoming connections. It is possible to bind tinc to a single interface like eth0 or ppp0 with this @@ -913,7 +931,7 @@ variable. This option may not work on all platforms. @cindex ConnectTo -@item @var{ConnectTo} = +@item ConnectTo = <@var{name}> Specifies which other tinc daemon to connect to on startup. Multiple ConnectTo variables may be specified, in which case outgoing connections to each specified tinc daemon are made. @@ -925,16 +943,16 @@ tinc won't try to connect to other daemons at all, and will instead just listen for incoming connections. @cindex Device -@item @var{Device} = (@file{/dev/tap0}, @file{/dev/net/tun} or other depending on platform) +@item Device = <@var{device}> (@file{/dev/tap0}, @file{/dev/net/tun} or other depending on platform) The virtual network device to use. -tinc will automatically detect what kind of device it is. +Tinc will automatically detect what kind of device it is. Note that you can only use one device per daemon. Under Windows, use @var{Interface} instead of @var{Device}. Note that you can only use one device per daemon. See also @ref{Device files}. @cindex Hostnames -@item @var{Hostnames} = (no) +@item Hostnames = (no) This option selects whether IP addresses (both real and on the VPN) should be resolved. Since DNS lookups are blocking, it might affect tinc's efficiency, even stopping the daemon for a few seconds everytime @@ -944,14 +962,14 @@ This does not affect resolving hostnames to IP addresses from the configuration file. @cindex Interface -@item @var{Interface} = +@item Interface = <@var{interface}> Defines the name of the interface corresponding to the virtual network device. Depending on the operating system and the type of device this may or may not actually set the name of the interface. Under Windows, this variable is used to select which network interface will be used. If you specified a Device, this variable is almost always already correctly set. @cindex Mode -@item @var{Mode} = (router) +@item Mode = (router) This option selects the way packets are routed to other daemons. @table @asis @@ -980,82 +998,84 @@ while no routing table is managed. @end table @cindex KeyExpire -@item @var{KeyExpire} = (3600) +@item KeyExpire = <@var{seconds}> (3600) This option controls the time the encryption keys used to encrypt the data are valid. It is common practice to change keys at regular intervals to make it even harder for crackers, even though it is thought to be nearly impossible to crack a single key. @cindex MACExpire -@item @var{MACExpire} = (600) +@item MACExpire = <@var{seconds}> (600) This option controls the amount of time MAC addresses are kept before they are removed. This only has effect when Mode is set to "switch". @cindex Name -@item @var{Name} = [required] +@item Name = <@var{name}> [required] This is a symbolic name for this connection. It can be anything @cindex PingTimeout -@item @var{PingTimeout} = (60) +@item PingTimeout = <@var{seconds}> (60) The number of seconds of inactivity that tinc will wait before sending a probe to the other end. If that other end doesn't answer within that same amount of seconds, the connection is terminated, and the others will be notified of this. @cindex PriorityInheritance -@item @var{PriorityInheritance} = (no) [experimental] +@item PriorityInheritance = (no) [experimental] When this option is enabled the value of the TOS field of tunneled IPv4 packets will be inherited by the UDP packets that are sent out. @cindex PrivateKey -@item @var{PrivateKey} = [obsolete] +@item PrivateKey = <@var{key}> [obsolete] This is the RSA private key for tinc. However, for safety reasons it is advised to store private keys of any kind in separate files. This prevents accidental eavesdropping if you are editting the configuration file. @cindex PrivateKeyFile -@item @var{PrivateKeyFile} = (@file{@value{sysconfdir}/tinc/@var{netname}/rsa_key.priv}) +@item PrivateKeyFile = <@var{path}> (@file{@value{sysconfdir}/tinc/@var{netname}/rsa_key.priv}) This is the full path name of the RSA private key file that was -generated by ``tincd --generate-keys''. It must be a full path, not a +generated by @samp{tincd --generate-keys}. It must be a full path, not a relative directory. -Note that there must be exactly one of @var{PrivateKey} -or @var{PrivateKeyFile} +Note that there must be exactly one of PrivateKey +or PrivateKeyFile specified in the configuration file. @end table @c ================================================================== -@node Host configuration variables, Scripts, Main configuration variables, Configuration files +@node Host configuration variables @subsection Host configuration variables @table @asis @cindex Address -@item @var{Address} = [recommended] +@item Address = <@var{IP address}|@var{hostname}> [recommended] This variable is only required if you want to connect to this host. It must resolve to the external IP address where the host can be reached, not the one that is internal to the VPN. @cindex Cipher -@item @var{Cipher} = (blowfish) +@item Cipher = <@var{cipher}> (blowfish) The symmetric cipher algorithm used to encrypt UDP packets. Any cipher supported by OpenSSL is recognized. +Furthermore, specifying "none" will turn off packet encryption. +It is best to use only those ciphers which support CBC mode. @cindex Compression -@item @var{Compression} = (0) +@item Compression = <@var{level}> (0) This option sets the level of compression used for UDP packets. Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), 10 (fast lzo) and 11 (best lzo). @cindex Digest -@item @var{Digest} = (sha1) +@item Digest = <@var{digest}> (sha1) The digest algorithm used to authenticate UDP packets. Any digest supported by OpenSSL is recognized. Furthermore, specifying "none" will turn off packet authentication. @cindex IndirectData -@item @var{IndirectData} = (no) +@item IndirectData = (no) This option specifies whether other tinc daemons besides the one you specified with ConnectTo can make a direct connection to you. This is especially useful if you are behind a firewall and it is impossible to @@ -1063,24 +1083,24 @@ make a connection from the outside to your tinc daemon. Otherwise, it is best to leave this option out or set it to no. @cindex MACLength -@item @var{MACLength} = (4) +@item MACLength = <@var{bytes}> (4) The length of the message authentication code used to authenticate UDP packets. Can be anything from 0 up to the length of the digest produced by the digest algorithm. @cindex Port -@item @var{Port} = (655) +@item Port = <@var{port}> (655) This is the port this tinc daemon listens on. -You can use decimal portnumbers or symbolic names (as listed in /etc/services). +You can use decimal portnumbers or symbolic names (as listed in @file{/etc/services}). @cindex PublicKey -@item @var{PublicKey} = [obsolete] +@item PublicKey = <@var{key}> [obsolete] This is the RSA public key for this host. @cindex PublicKeyFile -@item @var{PublicKeyFile} = [obsolete] +@item PublicKeyFile = <@var{path}> [obsolete] This is the full path name of the RSA public key file that was generated -by ``tincd --generate-keys''. It must be a full path, not a relative +by @samp{tincd --generate-keys}. It must be a full path, not a relative directory. @cindex PEM format @@ -1092,9 +1112,9 @@ in each host configuration file, if you want to be able to establish a connection with that host. @cindex Subnet -@item @var{Subnet} = +@item Subnet = <@var{address}[/@var{prefixlength}]> The subnet which this tinc daemon will serve. -tinc tries to look up which other daemon it should send a packet to by searching the appropiate subnet. +Tinc tries to look up which other daemon it should send a packet to by searching the appropiate subnet. If the packet matches a subnet, it will be sent to the daemon who has this subnet in his host configuration file. Multiple subnet lines can be specified for each daemon. @@ -1117,7 +1137,7 @@ example: netmask 255.255.255.0 would become /24, 255.255.252.0 becomes @uref{ftp://ftp.isi.edu/in-notes/rfc1519.txt, RFC1519} @cindex TCPonly -@item @var{TCPonly} = (no) [experimental] +@item TCPonly = (no) [experimental] If this variable is set to yes, then the packets are tunnelled over a TCP connection instead of a UDP connection. This is especially useful for those who want to run a tinc daemon from behind a masquerading @@ -1127,13 +1147,13 @@ Setting this options also implicitly sets IndirectData. @c ================================================================== -@node Scripts, How to configure, Host configuration variables, Configuration files +@node Scripts @subsection Scripts @cindex scripts Apart from reading the server and host configuration files, tinc can also run scripts at certain moments. -On Windows (not Cygwin), the scripts should have the extension .bat. +Under Windows (not Cygwin), the scripts should have the extension .bat. @table @file @cindex tinc-up @@ -1196,7 +1216,7 @@ this is set to the port number it uses for communication with other tinc daemons @c ================================================================== -@node How to configure, , Scripts, Configuration files +@node How to configure @subsection How to configure @subsubheading Step 1. Creating the main configuration file @@ -1230,7 +1250,7 @@ You might also need to add a `Port' if you want your tinc daemon to run on a dif @c ================================================================== -@node Generating keypairs, Network interfaces, Configuration files, Configuration +@node Generating keypairs @section Generating keypairs @cindex key generation @@ -1241,12 +1261,12 @@ you can easily create a public/private keypair by entering the following command tincd -n @var{netname} -K @end example -tinc will generate a public and a private key and ask you where to put them. +Tinc will generate a public and a private key and ask you where to put them. Just press enter to accept the defaults. @c ================================================================== -@node Network interfaces, Example configuration, Generating keypairs, Configuration +@node Network interfaces @section Network interfaces Before tinc can start transmitting data over the tunnel, it must @@ -1255,14 +1275,15 @@ set up the virtual network interface. First, decide which IP addresses you want to have associated with these devices, and what network mask they must have. -tinc will open a virtual network device (@file{/dev/tun}, @file{/dev/tap0} or similar), -which will also create a network interface called something like `tun0', `tap0', or, -if you are using the Linux tun/tap driver, the network interface will by default have the same name as the netname. +Tinc will open a virtual network device (@file{/dev/tun}, @file{/dev/tap0} or similar), +which will also create a network interface called something like @samp{tun0}, @samp{tap0}. +If you are using the Linux tun/tap driver, the network interface will by default have the same name as the @var{netname}. +Under Windows you can change the name of the network interface from the Network Connections control panel. @cindex tinc-up You can configure the network interface by putting ordinary ifconfig, route, and other commands -to a script named @file{@value{sysconfdir}/tinc/@var{netname}/tinc-up}. When tinc starts, this script -will be executed. When tinc exits, it will execute the script named +to a script named @file{@value{sysconfdir}/tinc/@var{netname}/tinc-up}. +When tinc starts, this script will be executed. When tinc exits, it will execute the script named @file{@value{sysconfdir}/tinc/@var{netname}/tinc-down}, but normally you don't need to create that script. An example @file{tinc-up} script: @@ -1280,9 +1301,13 @@ The kernel will also bring the interface up after this command. The netmask is the mask of the @emph{entire} VPN network, not just your own subnet. +The exact syntax of the ifconfig and route commands differs from platform to platform. +You can look up the commands for setting addresses and adding routes in @ref{Platform specific information}, +but it is best to consult the manpages of those utilities on your platform. + @c ================================================================== -@node Example configuration, , Network interfaces, Configuration +@node Example configuration @section Example configuration @@ -1302,9 +1327,9 @@ C: net 10.3.0.0 mask 255.255.0.0 gateway 10.3.69.254 internet IP 3.4.5.6 D: net 10.4.0.0 mask 255.255.0.0 gateway 10.4.3.32 internet IP 4.5.6.7 @end example -``gateway'' is the VPN IP address of the machine that is running the -tincd. ``internet IP'' is the IP address of the firewall, which does not -need to run tincd, but it must do a port forwarding of TCP&UDP on port +Here, ``gateway'' is the VPN IP address of the machine that is running the +tincd, and ``internet IP'' is the IP address of the firewall, which does not +need to run tincd, but it must do a port forwarding of TCP and UDP on port 655 (unless otherwise configured). In this example, it is assumed that eth0 is the interface that points to @@ -1322,7 +1347,7 @@ In @file{@value{sysconfdir}/tinc/company/tinc-up}: @example # Real interface of internal network: -# ifconfig eth0 10.1.54.1 netmask 255.255.0.0 broadcast 10.1.255.255 +# ifconfig eth0 10.1.54.1 netmask 255.255.0.0 ifconfig $INTERFACE 10.1.54.1 netmask 255.0.0.0 @end example @@ -1335,7 +1360,7 @@ PrivateKeyFile = @value{sysconfdir}/tinc/company/rsa_key.priv Device = /dev/tap0 @end example -On all hosts, @value{sysconfdir}/tinc/company/hosts/BranchA contains: +On all hosts, @file{@value{sysconfdir}/tinc/company/hosts/BranchA} contains: @example Subnet = 10.1.0.0/16 @@ -1358,7 +1383,7 @@ In @file{@value{sysconfdir}/tinc/company/tinc-up}: @example # Real interface of internal network: -# ifconfig eth0 10.2.43.8 netmask 255.255.0.0 broadcast 10.2.255.255 +# ifconfig eth0 10.2.43.8 netmask 255.255.0.0 ifconfig $INTERFACE 10.2.1.12 netmask 255.0.0.0 @end example @@ -1393,7 +1418,7 @@ In @file{@value{sysconfdir}/tinc/company/tinc-up}: @example # Real interface of internal network: -# ifconfig eth0 10.3.69.254 netmask 255.255.0.0 broadcast 10.3.255.255 +# ifconfig eth0 10.3.69.254 netmask 255.255.0.0 ifconfig $INTERFACE 10.3.69.254 netmask 255.0.0.0 @end example @@ -1429,7 +1454,7 @@ In @file{@value{sysconfdir}/tinc/company/tinc-up}: @example # Real interface of internal network: -# ifconfig eth0 10.4.3.32 netmask 255.255.0.0 broadcast 10.4.255.255 +# ifconfig eth0 10.4.3.32 netmask 255.255.0.0 ifconfig $INTERFACE 10.4.3.32 netmask 255.0.0.0 @end example @@ -1482,7 +1507,7 @@ their daemons, tinc will try connecting until they are available. @c ================================================================== -@node Running tinc, Technical information, Configuration, Top +@node Running tinc @chapter Running tinc If everything else is done, you can start tinc by typing the following command: @@ -1492,18 +1517,19 @@ tincd -n @var{netname} @end example @cindex daemon -tinc will detach from the terminal and continue to run in the background like a good daemon. +Tinc will detach from the terminal and continue to run in the background like a good daemon. If there are any problems however you can try to increase the debug level and look in the syslog to find out what the problems are. @menu * Runtime options:: +* Solving problems:: * Error messages:: @end menu @c ================================================================== -@node Runtime options, Error messages, Running tinc, Running tinc +@node Runtime options @section Runtime options Besides the settings in the configuration file, tinc also accepts some @@ -1514,8 +1540,8 @@ command line options. @cindex options @c from the manpage @table @option -@item -c, --config=PATH -Read configuration options from the directory PATH. The default is +@item -c, --config=@var{path} +Read configuration options from the directory @var{path}. The default is @file{@value{sysconfdir}/tinc/@var{netname}/}. @item -D, --no-detach @@ -1523,21 +1549,21 @@ Don't fork and detach. This will also disable the automatic restart mechanism for fatal errors. @cindex debug level -@item -d, --debug=LEVEL -Set debug level to LEVEL. The higher the debug level, the more gets +@item -d, --debug=@var{level} +Set debug level to @var{level}. The higher the debug level, the more gets logged. Everything goes via syslog. -@item -k, --kill[=SIGNAL] -Attempt to kill a running tincd (optionally with the specified SIGNAL instead of SIGTERM) and exit. +@item -k, --kill[=@var{signal}] +Attempt to kill a running tincd (optionally with the specified @var{signal} instead of SIGTERM) and exit. Use it in conjunction with the -n option to make sure you kill the right tinc daemon. Under native Windows the optional argument is ignored, the service will always be stopped and removed. -@item -n, --net=NETNAME -Connect to net NETNAME. @xref{Multiple networks}. +@item -n, --net=@var{netname} +Use configuration for net @var{netname}. @xref{Multiple networks}. -@item -K, --generate-keys[=BITS] -Generate public/private keypair of BITS length. If BITS is not specified, +@item -K, --generate-keys[=@var{bits}] +Generate public/private keypair of @var{bits} length. If @var{bits} is not specified, 1024 is the default. tinc will ask where you want to store the files, but will default to the configuration directory (you can use the -c or -n option in combination with -K). After that, tinc will quit. @@ -1546,12 +1572,12 @@ in combination with -K). After that, tinc will quit. Lock tinc into main memory. This will prevent sensitive data like shared private keys to be written to the system swap files/partitions. -@item --logfile[=FILE] +@item --logfile[=@var{file}] Write log entries to a file instead of to the system logging facility. -If FILE is omitted, the default is @value{localstatedir}/log/tinc.NETNAME.log. +If @var{file} is omitted, the default is @file{@value{localstatedir}/log/tinc.@var{netname}.log}. -@item --pidfile=FILE -Write PID to FILE instead of @value{localstatedir}/run/tinc.NETNAME.pid. +@item --pidfile=@var{file} +Write PID to @var{file} instead of @file{@value{localstatedir}/run/tinc.@var{netname}.pid}. @item --bypass-security Disables encryption and authentication. @@ -1565,16 +1591,46 @@ Output version information and exit. @end table +@c ================================================================== +@node Solving problems +@section Solving problems + +If tinc starts without problems, but if the VPN doesn't work, you will have to find the cause of the problem. +The first thing to do is to start tinc with a high debug level in the foreground, +so you can directly see everything tinc logs: + +@example +tincd -n @var{netname} -d5 -D +@end example + +If tinc does not log any error messages, then you might want to check the following things: + +@itemize +@item @file{tinc-up} script +Does this script contain the right commands? +Normally you must give the interface the address of this host on the VPN, and the netmask must be big enough so that the entire VPN is covered. + +@item Subnet +Does the Subnet (or Subnets) in the host configuration file of this host match the portion of the VPN that belongs to this host? + +@item Firewalls and NATs +Do you have a firewall or a NAT device (a masquerading firewall or perhaps an ADSL router that performs masquerading)? +If so, check that it allows TCP and UDP traffic on port 655. +If it masquerades and the host running tinc is behind it, make sure that it forwards TCP and UDP traffic to port 655 to the host running tinc. +You can add @samp{TCPOnly = yes} to your host config file to force tinc to only use a single TCP connection, +this works through most firewalls and NATs. + +@end itemize + @c ================================================================== -@node Error messages, , Runtime options, Running tinc +@node Error messages @section Error messages -What follows is a list of the most common error messages you can see -when configuring tinc. Most of these messages are visible in the syslog -only, so keep an eye on it! +What follows is a list of the most common error messages you might find in the logs. +Some of them will only be visible if the debug level is high enough. -@table @strong +@table @samp @item Could not open /dev/tap0: No such device @itemize @@ -1587,6 +1643,52 @@ only, so keep an eye on it! @itemize @item You forgot to `modprobe tun'. @item You forgot to compile `Universal TUN/TAP driver' in the kernel. +@item The tun device is located somewhere else in @file{/dev/}. +@end itemize + +@item Network address and prefix length do not match! + +@itemize +@item The Subnet field must contain a @emph{network} address, trailing bits should be 0. +@item If you only want to use one IP address, set the netmask to /32. +@end itemize + +@item Error reading RSA key file `rsa_key.priv': No such file or directory + +@itemize +@item You forgot to create a public/private keypair. +@item Specify the complete pathname to the private key file with the @samp{PrivateKeyFile} option. +@end itemize + +@item Warning: insecure file permissions for RSA private key file `rsa_key.priv'! + +@itemize +@item The private key file is readable by users other than root. +Use chmod to correct the file permissions. +@end itemize + +@item Creating metasocket failed: Address family not supported + +@itemize +@item By default tinc tries to create both IPv4 and IPv6 sockets. +On some platforms this might not be implemented. +If the logs show @samp{Ready} later on, then at least one metasocket was created, +and you can ignore this message. +You can add @samp{AddressFamily = ipv4} to @file{tinc.conf} to prevent this from happening. +@end itemize + +@item Cannot route packet: unknown IPv4 destination 1.2.3.4 + +@itemize +@item You try to send traffic to a host on the VPN for which no Subnet is known. +@item If it is a broadcast address (ending in .255), it probably is a samba server or a Windows host sending broadcast packets. +You can ignore it. +@end itemize + +@item Cannot route packet: ARP request for unknown address 1.2.3.4 + +@itemize +@item You try to send traffic to a host on the VPN for which no Subnet is known. @end itemize @item Packet with destination 1.2.3.4 is looping back to us! @@ -1600,40 +1702,55 @@ just as large as the prefix of the virtual network interface. The latter should cases be larger. Rethink your configuration. Note that you will only see this message if you specified a debug level of 5 or higher! -@item Chances are that a `Subnet = ...' line in the host configuration file of this tinc daemon is wrong. +@item Chances are that a @samp{Subnet = ...} line in the host configuration file of this tinc daemon is wrong. Change it to a subnet that is accepted locally by another interface, or if that is not the case, try changing the prefix length into /32. @end itemize -@item Network doesn't work, syslog shows only packets of length 46 - -@item Network address and prefix length do not match! +@item Node foo (1.2.3.4) is not reachable @itemize -@item The Subnet field must contain a @emph{network} address. -@item If you only want to use one IP address, set the netmask to /32. +@item Node foo does not have a connection anymore, its tinc daemon is not running or its connection to the Internet is broken. @end itemize -@item This is a bug: net.c:253: 24: Some error +@item Received UDP packet from unknown source 1.2.3.4 (port 12345) @itemize -@item This is something that should not have happened. -Please report this, and tell us exactly what went wrong before you got -this message. In normal operation, these errors should not occur. +@item If you see this only sporadically, it is harmless and caused by a node sending packets using an old key. +@item If you see this often and another node is not reachable anymore, then a NAT (masquerading firewall) is changing the source address of UDP packets. +You can add @samp{TCPOnly = yes} to host configuration files to force all VPN traffic to go over a TCP connection. @end itemize -@item Error reading RSA key file `rsa_key.priv': No such file or directory +@item Got bad/bogus/unauthorized REQUEST from foo (1.2.3.4 port 12345) @itemize -@item You must specify the complete pathname. -Specifying a relative path does not make sense here. tinc changes its -directory to / when starting (to avoid keeping a mount point busy). +@item Node foo does not have the right public/private keypair. +Generate new keypairs and distribute them again. +@item An attacker tries to gain access to your VPN. +@item A network error caused corruption of metadata sent from foo. @end itemize @end table @c ================================================================== -@node Technical information, About us, Running tinc, Top +@node Sending bug reports +@section Sending bug reports + +If you really can't find the cause of a problem, or if you suspect tinc is not working right, +you can send us a bugreport, see @ref{Contact information}. +Be sure to include the following information in your bugreport: + +@itemize +@item A clear description of what you are trying to achieve and what the problem is. +@item What platform (operating system, version, hardware architecture) and which version of tinc you use. +@item If compiling tinc fails, a copy of @file{config.log} and the error messages you get. +@item Otherwise, a copy of @file{tinc.conf}, @file{tinc-up} and all files in the @file{hosts/} directory. +@item The output of the commands @samp{ifconfig -a} and @samp{route -n} (or @samp{netstat -rn} if that doesn't work). +@item The output of any command that fails to work as it should (like ping or traceroute). +@end itemize + +@c ================================================================== +@node Technical information @chapter Technical information @@ -1645,11 +1762,11 @@ directory to / when starting (to avoid keeping a mount point busy). @c ================================================================== -@node The connection, The meta-protocol, Technical information, Technical information +@node The connection @section The connection @cindex connection -tinc is a daemon that takes VPN data and transmit that to another host +Tinc is a daemon that takes VPN data and transmit that to another host computer over the existing Internet infrastructure. @menu @@ -1659,7 +1776,7 @@ computer over the existing Internet infrastructure. @c ================================================================== -@node The UDP tunnel, The meta-connection, The connection, The connection +@node The UDP tunnel @subsection The UDP tunnel @cindex virtual network device @@ -1706,7 +1823,7 @@ However, if it is a `tap' device (this is the only available type on FreeBSD), the destination MAC address must match that of the virtual network interface. If tinc is in it's default routing mode, ARP does not work, so the correct destination MAC can not be known by the sending host. -tinc solves this by letting the receiving end detect the MAC address of its own virtual network interface +Tinc solves this by letting the receiving end detect the MAC address of its own virtual network interface and overwriting the destination MAC address of the received packet. In switch or hub modes ARP does work so the sender already knows the correct destination MAC address. @@ -1717,7 +1834,7 @@ OpenBSD, NetBSD, Darwin and Solaris. @c ================================================================== -@node The meta-connection, , The UDP tunnel, The connection +@node The meta-connection @subsection The meta-connection Having only a UDP connection available is not enough. Though suitable @@ -1751,7 +1868,7 @@ start re-sending packets. @c ================================================================== -@node The meta-protocol, Security, The connection, Technical information +@node The meta-protocol @section The meta-protocol The meta protocol is used to tie all tinc daemons together, and @@ -1868,17 +1985,16 @@ is also some other traffic. A little bit of salt (random data) is added with each PING and PONG message, to make sure that long sequences of PING/PONG messages without any other traffic won't result in known plaintext. -This basically covers what is sent over the meta connection by -tinc. +This basically covers what is sent over the meta connection by tinc. @c ================================================================== -@node Security, , The meta-protocol, Technical information -@section About tinc's encryption and other security-related issues. +@node Security +@section Security @cindex TINC @cindex Cabal -tinc got its name from ``TINC,'' short for @emph{There Is No Cabal}; the +Tinc got its name from ``TINC,'' short for @emph{There Is No Cabal}; the alleged Cabal was/is an organisation that was said to keep an eye on the entire Internet. As this is exactly what you @emph{don't} want, we named the tinc project after TINC. @@ -1887,7 +2003,7 @@ the tinc project after TINC. But in order to be ``immune'' to eavesdropping, you'll have to encrypt your data. Because tinc is a @emph{Secure} VPN (SVPN) daemon, it does exactly that: encrypt. -tinc by default uses blowfish encryption with 128 bit keys in CBC mode, 32 bit +Tinc by default uses blowfish encryption with 128 bit keys in CBC mode, 32 bit sequence numbers and 4 byte long message authentication codes to make sure eavesdroppers cannot get and cannot change any information at all from the packets they can intercept. The encryption algorithm and message authentication @@ -1898,11 +2014,12 @@ encryption algorithm is always the default length used by OpenSSL. @menu * Authentication protocol:: * Encryption of network packets:: +* Security issues:: @end menu @c ================================================================== -@node Authentication protocol, Encryption of network packets, Security, Security +@node Authentication protocol @subsection Authentication protocol @cindex authentication @@ -2016,7 +2133,7 @@ an attacker) in the beginning of the encrypted stream. @c ================================================================== -@node Encryption of network packets, , Authentication protocol, Security +@node Encryption of network packets @subsection Encryption of network packet @cindex encryption @@ -2045,7 +2162,146 @@ first 4 bytes of the digest are used for this, but this can be changed using the MACLength configuration variable. @c ================================================================== -@node About us, Concept Index, Technical information, Top +@node Security issues +@section Security issues + +In August 2000, we discovered the existence of a security hole in all versions +of tinc up to and including 1.0pre2. This had to do with the way we exchanged +keys. Since then, we have been working on a new authentication scheme to make +tinc as secure as possible. The current version uses the OpenSSL library and +uses strong authentication with RSA keys. + +On the 29th of December 2001, Jerome Etienne posted a security analysis of tinc +1.0pre4. Due to a lack of sequence numbers and a message authentication code +for each packet, an attacker could possibly disrupt certain network services or +launch a denial of service attack by replaying intercepted packets. The current +version adds sequence numbers and message authentication codes to prevent such +attacks. + +On the 15th of September 2003, Peter Gutmann posted a security analysis of tinc +1.0.1. He argues that the 32 bit sequence number used by tinc is not a good IV, +that tinc's default length of 4 bytes for the MAC is too short, and he doesn't +like tinc's use of RSA during authentication. We do not know of a security hole +in this version of tinc, but tinc's security is not as strong as TLS or IPsec. +We will address these issues in tinc 2.0. + +Cryptography is a hard thing to get right. We cannot make any +guarantees. Time, review and feedback are the only things that can +prove the security of any cryptographic product. If you wish to review +tinc or give us feedback, you are stronly encouraged to do so. + + +@c ================================================================== +@node Platform specific information +@chapter Platform specific information + +@menu +* Interface configuration:: +* Routes:: +@end menu + +@c ================================================================== +@node Interface configuration +@section Interface configuration + +When configuring an interface, one normally assigns it an address and a +netmask. The address uniquely identifies the host on the network attached to +the interface. The netmask, combined with the address, forms a subnet. It is +used to add a route to the routing table instructing the kernel to send all +packets which fall into that subnet to that interface. Because all packets for +the entire VPN should go to the virtual network interface used by tinc, the +netmask should be such that it encompasses the entire VPN. + +For IPv4 addresses: + +@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface} +@item Linux +@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask} +@item Linux iproute2 +@tab @code{ip addr add} @var{address}@code{/}@var{prefixlength} @code{dev} @var{interface} +@item FreeBSD +@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask} +@item OpenBSD +@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask} +@item NetBSD +@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask} +@item Solaris +@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask} +@item Darwin (MacOS/X) +@tab @code{ifconfig} @var{interface} @var{address} @code{netmask} @var{netmask} +@item Windows +@tab @code{netsh interface ip set address} @var{interface} @code{static} @var{address} @var{netmask} +@end multitable + + +For IPv6 addresses: + +@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface} +@item Linux +@tab @code{ifconfig} @var{interface} @code{add} @var{address}@code{/}@var{prefixlength} +@item FreeBSD +@tab @code{ifconfig} @var{interface} @code{inet6} @var{address} @code{prefixlen} @var{prefixlength} +@item OpenBSD +@tab @code{ifconfig} @var{interface} @code{inet6} @var{address} @code{prefixlen} @var{prefixlength} +@item NetBSD +@tab @code{ifconfig} @var{interface} @code{inet6} @var{address} @code{prefixlen} @var{prefixlength} +@item Solaris +@tab @code{ifconfig} @var{interface} @code{inet6 addif} @var{address}@code{/}@var{prefixlength} +@item Darwin (MacOS/X) +@tab @code{ifconfig} @var{interface} @code{inet6} @var{address} @code{prefixlen} @var{prefixlength} +@item Windows +@tab @code{netsh interface ipv6 add address} @var{interface} @code{static} @var{address}/@var{prefixlength} +@end multitable + + +@c ================================================================== +@node Routes +@section Routes + +In some cases it might be necessary to add more routes to the virtual network +interface. There are two ways to indicate which interface a packet should go +to, one is to use the name of the interface itself, another way is to specify +the (local) address that is assigned to that interface (@var{local_address}). The +former way is unambiguous and therefore preferable, but not all platforms +support this. + +Adding routes to IPv4 subnets: + +@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface} +@item Linux +@tab @code{route add -net} @var{network_address} @code{netmask} @var{netmask} @var{interface} +@item Linux iproute2 +@tab @code{ip route add} @var{network_address}@code{/}@var{prefixlength} @code{dev} @var{interface} +@item FreeBSD +@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address} +@item OpenBSD +@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address} +@item NetBSD +@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address} +@item Solaris +@item Darwin (MacOS/X) +@tab @code{route add} @var{network_address}@code{/}@var{prefixlength} @var{local_address} +@item Windows +@end multitable + +Adding routes to IPv6 subnets: + +@multitable {Darwin (MacOS/X)} {ifconfig route add -bla network address netmask netmask prefixlength interface} +@item Linux +@tab @code{route add -A inet6} @var{network_address}@code{/}@var{prefixlength} @var{interface} +@item Linux iproute2 +@tab @code{ip route add} @var{network_address}@code{/}@var{prefixlength} @code{dev} @var{interface} +@item OpenBSD +@item NetBSD +@item Solaris +@item Darwin (MacOS/X) +@item Windows +@tab @code{netsh interface ipv6 add route} @var{network address}/@var{prefixlength} @var{interface} +@end multitable + + +@c ================================================================== +@node About us @chapter About us @@ -2056,11 +2312,11 @@ the MACLength configuration variable. @c ================================================================== -@node Contact Information, Authors, About us, About us +@node Contact Information @section Contact information @cindex website -tinc's website is at @url{http://tinc.nl.linux.org/}, +Tinc's website is at @url{http://tinc.nl.linux.org/}, this server is located in the Netherlands. @cindex IRC @@ -2072,7 +2328,7 @@ and join channel #tinc. @c ================================================================== -@node Authors, , Contact Information, About us +@node Authors @section Authors @table @asis @@ -2087,8 +2343,7 @@ the source distribution. @c ================================================================== -@node Concept Index, , About us, Top -@c node-name, next, previous, up +@node Concept Index @unnumbered Concept Index @c ================================================================== From 9d2bf718f233672c11a9740ed2a1539eaab1509b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 10 Oct 2003 16:23:30 +0000 Subject: [PATCH 885/923] Fix ASCII art. --- src/graph.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/graph.c b/src/graph.c index b6e60e05..cd7fbf36 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.29 2003/08/28 21:05:10 guus Exp $ + $Id: graph.c,v 1.1.2.30 2003/10/10 16:23:30 guus Exp $ */ /* We need to generate two trees from the graph: @@ -188,12 +188,13 @@ void sssp_bfs(void) /* Situation: - / - / - ------(n)-----(e->to) - \ - \ + / + / + ----->(n)---e-->(e->to) + \ + \ + Where e is an edge, (n) and (e->to) are nodes. n->address is set to the e->address of the edge left of n to n. We are currently examining the edge e right of n from n: From b0dd705a264f0f72a7afba6de85200598cbe083b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 10 Oct 2003 16:24:24 +0000 Subject: [PATCH 886/923] Check return value of EVP_* functions, and check if length before en/decryption matches that after in meta.c. --- src/meta.c | 20 ++++++++++++++------ src/net_packet.c | 41 +++++++++++++++++++++++++++-------------- 2 files changed, 41 insertions(+), 20 deletions(-) diff --git a/src/meta.c b/src/meta.c index dacb1df9..5048e63b 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.44 2003/08/28 21:05:10 guus Exp $ + $Id: meta.c,v 1.1.2.45 2003/10/10 16:24:24 guus Exp $ */ #include "system.h" @@ -46,7 +46,11 @@ bool send_meta(connection_t *c, const char *buffer, int length) c->name, c->hostname); if(c->status.encryptout) { - EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length); + result = EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length); + if(!result || outlen != length) { + logger(LOG_ERR, _("Error while encrypting metadata to %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL)); + return false; + } bufp = outbuf; length = outlen; } else @@ -89,8 +93,8 @@ void broadcast_meta(connection_t *from, const char *buffer, int length) bool receive_meta(connection_t *c) { - int oldlen, i; - int lenin, reqlen; + int oldlen, i, result; + int lenin, lenout, reqlen; bool decrypted = false; char inbuf[MAXBUFSIZE]; @@ -123,11 +127,15 @@ bool receive_meta(connection_t *c) oldlen = c->buflen; c->buflen += lenin; - while(lenin) { + while(lenin > 0) { /* Decrypt */ if(c->status.decryptin && !decrypted) { - EVP_DecryptUpdate(c->inctx, inbuf, &lenin, c->buffer + oldlen, lenin); + result = EVP_DecryptUpdate(c->inctx, inbuf, &lenout, c->buffer + oldlen, lenin); + if(!result || lenout != lenin) { + logger(LOG_ERR, _("Error while decrypting metadata from %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL)); + return false; + } memcpy(c->buffer + oldlen, inbuf, lenin); decrypted = true; } diff --git a/src/net_packet.c b/src/net_packet.c index a989b09f..00e36fc5 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.41 2003/09/23 20:59:01 guus Exp $ + $Id: net_packet.c,v 1.1.2.42 2003/10/10 16:24:24 guus Exp $ */ #include "system.h" @@ -114,7 +114,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) vpn_packet_t *outpkt = pkt[0]; int outlen, outpad; char hmac[EVP_MAX_MD_SIZE]; - int i; + int i, result; cp(); @@ -145,12 +145,18 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) if(myself->cipher) { outpkt = pkt[nextpkt++]; -// EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, -// myself->key + myself->cipher->key_len); EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL); - EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, - (char *) &inpkt->seqno, inpkt->len); - EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); + if(!EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, + (char *) &inpkt->seqno, inpkt->len)) { + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"), + n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL)); + return; + } + if(!EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) { + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"), + n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL)); + return; + } outpkt->len = outlen + outpad; inpkt = outpkt; @@ -189,8 +195,8 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) outpkt = pkt[nextpkt++]; if((outpkt->len = uncompress_packet(outpkt->data, inpkt->data, inpkt->len, myself->compression)) < 0) { - logger(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), - n->name, n->hostname); + ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while uncompressing packet from %s (%s)"), + n->name, n->hostname); return; } @@ -264,7 +270,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) outpkt = pkt[nextpkt++]; if((outpkt->len = compress_packet(outpkt->data, inpkt->data, inpkt->len, n->compression)) < 0) { - logger(LOG_ERR, _("Error while compressing packet to %s (%s)"), + ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while compressing packet to %s (%s)"), n->name, n->hostname); return; } @@ -282,11 +288,18 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) if(n->cipher) { outpkt = pkt[nextpkt++]; -// EVP_EncryptInit_ex(&packet_ctx, n->cipher, NULL, n->key, n->key + n->cipher->key_len); EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL); - EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen, - (char *) &inpkt->seqno, inpkt->len); - EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad); + if(!EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen, + (char *) &inpkt->seqno, inpkt->len)) { + ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"), + n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL)); + return; + } + if(!EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) { + ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"), + n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL)); + return; + } outpkt->len = outlen + outpad; inpkt = outpkt; From a1ab57e2755df6c1a8fab95a0886fea368200b96 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 11 Oct 2003 12:16:13 +0000 Subject: [PATCH 887/923] Check all EVP_ function calls. --- src/meta.c | 9 +++++--- src/net_packet.c | 29 ++++++++++--------------- src/net_setup.c | 11 ++++++++-- src/protocol_auth.c | 52 +++++++++++++++++++++++++++++---------------- src/protocol_key.c | 12 +++++++++-- 5 files changed, 70 insertions(+), 43 deletions(-) diff --git a/src/meta.c b/src/meta.c index 5048e63b..bc0cda63 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,11 +17,12 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.45 2003/10/10 16:24:24 guus Exp $ + $Id: meta.c,v 1.1.2.46 2003/10/11 12:16:12 guus Exp $ */ #include "system.h" +#include #include #include "avl_tree.h" @@ -48,7 +49,8 @@ bool send_meta(connection_t *c, const char *buffer, int length) if(c->status.encryptout) { result = EVP_EncryptUpdate(c->outctx, outbuf, &outlen, buffer, length); if(!result || outlen != length) { - logger(LOG_ERR, _("Error while encrypting metadata to %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL)); + logger(LOG_ERR, _("Error while encrypting metadata to %s (%s): %s"), + c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); return false; } bufp = outbuf; @@ -133,7 +135,8 @@ bool receive_meta(connection_t *c) if(c->status.decryptin && !decrypted) { result = EVP_DecryptUpdate(c->inctx, inbuf, &lenout, c->buffer + oldlen, lenin); if(!result || lenout != lenin) { - logger(LOG_ERR, _("Error while decrypting metadata from %s (%s): %s"), ERR_error_string(ERR_get_error(), NULL)); + logger(LOG_ERR, _("Error while decrypting metadata from %s (%s): %s"), + c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); return false; } memcpy(c->buffer + oldlen, inbuf, lenin); diff --git a/src/net_packet.c b/src/net_packet.c index 00e36fc5..d64b6bf9 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,12 +17,13 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.42 2003/10/10 16:24:24 guus Exp $ + $Id: net_packet.c,v 1.1.2.43 2003/10/11 12:16:12 guus Exp $ */ #include "system.h" #include +#include #include #include #include @@ -114,7 +115,7 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) vpn_packet_t *outpkt = pkt[0]; int outlen, outpad; char hmac[EVP_MAX_MD_SIZE]; - int i, result; + int i; cp(); @@ -145,14 +146,10 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) if(myself->cipher) { outpkt = pkt[nextpkt++]; - EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL); - if(!EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, - (char *) &inpkt->seqno, inpkt->len)) { - ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"), - n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL)); - return; - } - if(!EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) { + if(!EVP_DecryptInit_ex(&packet_ctx, NULL, NULL, NULL, NULL) + || !EVP_DecryptUpdate(&packet_ctx, (char *) &outpkt->seqno, &outlen, + (char *) &inpkt->seqno, inpkt->len) + || !EVP_DecryptFinal_ex(&packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) { ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Error decrypting packet from %s (%s): %s"), n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL)); return; @@ -288,14 +285,10 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) if(n->cipher) { outpkt = pkt[nextpkt++]; - EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL); - if(!EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen, - (char *) &inpkt->seqno, inpkt->len)) { - ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"), - n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL)); - return; - } - if(!EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) { + if(!EVP_EncryptInit_ex(&n->packet_ctx, NULL, NULL, NULL, NULL) + || !EVP_EncryptUpdate(&n->packet_ctx, (char *) &outpkt->seqno, &outlen, + (char *) &inpkt->seqno, inpkt->len) + || !EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) { ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"), n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL)); return; diff --git a/src/net_setup.c b/src/net_setup.c index c3cfb0fc..3a027487 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.44 2003/08/28 21:05:10 guus Exp $ + $Id: net_setup.c,v 1.1.2.45 2003/10/11 12:16:12 guus Exp $ */ #include "system.h" @@ -25,6 +25,8 @@ #include #include #include +#include +#include #include "avl_tree.h" #include "conf.h" @@ -372,7 +374,12 @@ bool setup_myself(void) if(myself->cipher) { EVP_CIPHER_CTX_init(&packet_ctx); - EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len); + if(!EVP_DecryptInit_ex(&packet_ctx, myself->cipher, NULL, myself->key, myself->key + myself->cipher->key_len)) { + logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), + myself->name, myself->hostname, ERR_error_string(ERR_get_error(), NULL)); + return false; + } + } /* Check if we want to use message authentication codes... */ diff --git a/src/protocol_auth.c b/src/protocol_auth.c index dafcc20c..86ba345d 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,13 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.26 2003/08/28 21:05:11 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.27 2003/10/11 12:16:13 guus Exp $ */ #include "system.h" #include #include +#include #include #include "avl_tree.h" @@ -141,7 +142,7 @@ bool send_metakey(connection_t *c) cp(); /* Copy random data to the buffer */ - RAND_bytes(c->outkey, len); + RAND_pseudo_bytes(c->outkey, len); /* The message we send must be smaller than the modulus of the RSA key. By definition, for a key of k bits, the following formula holds: @@ -190,10 +191,14 @@ bool send_metakey(connection_t *c) /* Further outgoing requests are encrypted with the key we just generated */ if(c->outcipher) { - EVP_EncryptInit(c->outctx, c->outcipher, - c->outkey + len - c->outcipher->key_len, - c->outkey + len - c->outcipher->key_len - - c->outcipher->iv_len); + if(!EVP_EncryptInit(c->outctx, c->outcipher, + c->outkey + len - c->outcipher->key_len, + c->outkey + len - c->outcipher->key_len - + c->outcipher->iv_len)) { + logger(LOG_ERR, _("Error during initialisation of cipher for %s (%s): %s"), + c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); + return false; + } c->status.encryptout = true; } @@ -262,10 +267,14 @@ bool metakey_h(connection_t *c) return false; } - EVP_DecryptInit(c->inctx, c->incipher, - c->inkey + len - c->incipher->key_len, - c->inkey + len - c->incipher->key_len - - c->incipher->iv_len); + if(!EVP_DecryptInit(c->inctx, c->incipher, + c->inkey + len - c->incipher->key_len, + c->inkey + len - c->incipher->key_len - + c->incipher->iv_len)) { + logger(LOG_ERR, _("Error during initialisation of cipher from %s (%s): %s"), + c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); + return false; + } c->status.decryptin = true; } else { @@ -315,7 +324,7 @@ bool send_challenge(connection_t *c) /* Copy random data to the buffer */ - RAND_bytes(c->hischallenge, len); + RAND_pseudo_bytes(c->hischallenge, len); /* Convert to hex */ @@ -375,10 +384,13 @@ bool send_chal_reply(connection_t *c) /* Calculate the hash from the challenge we received */ - EVP_DigestInit(&ctx, c->indigest); - EVP_DigestUpdate(&ctx, c->mychallenge, - RSA_size(myself->connection->rsa_key)); - EVP_DigestFinal(&ctx, hash, NULL); + if(!EVP_DigestInit(&ctx, c->indigest) + || !EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key) + || !EVP_DigestFinal(&ctx, hash, NULL))) { + logger(LOG_ERR, _("Error during calculation of response for %s (%s): %s"), + c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); + return false; + } /* Convert the hash to a hexadecimal formatted string */ @@ -418,9 +430,13 @@ bool chal_reply_h(connection_t *c) /* Calculate the hash from the challenge we sent */ - EVP_DigestInit(&ctx, c->outdigest); - EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key)); - EVP_DigestFinal(&ctx, myhash, NULL); + if(!EVP_DigestInit(&ctx, c->outdigest) + || !EVP_DigestUpdate(&ctx, c->hischallenge, RSA_size(c->rsa_key)) + || !EVP_DigestFinal(&ctx, myhash, NULL)) { + logger(LOG_ERR, _("Error during calculation of response from %s (%s): %s"), + c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); + return false; + } /* Verify the incoming hash with the calculated hash */ diff --git a/src/protocol_key.c b/src/protocol_key.c index cb652c1e..f0c9bcc3 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,11 +17,14 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.22 2003/07/24 12:08:16 guus Exp $ + $Id: protocol_key.c,v 1.1.4.23 2003/10/11 12:16:13 guus Exp $ */ #include "system.h" +#include +#include + #include "avl_tree.h" #include "connection.h" #include "logger.h" @@ -251,7 +254,12 @@ bool ans_key_h(connection_t *c) from->compression = compression; if(from->cipher) - EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len); + if(!EVP_EncryptInit_ex(&from->packet_ctx, from->cipher, NULL, from->key, from->key + from->cipher->key_len)) { + logger(LOG_ERR, _("Error during initialisation of key from %s (%s): %s"), + from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL)); + return false; + } + flush_queue(from); From 258b7ce220607bb3f2a24bb7cab5fcd19e82314a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 11 Oct 2003 12:28:48 +0000 Subject: [PATCH 888/923] Parentheses in the wrong spots. --- src/protocol_auth.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 86ba345d..36de236c 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.27 2003/10/11 12:16:13 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.28 2003/10/11 12:28:48 guus Exp $ */ #include "system.h" @@ -385,8 +385,8 @@ bool send_chal_reply(connection_t *c) /* Calculate the hash from the challenge we received */ if(!EVP_DigestInit(&ctx, c->indigest) - || !EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key) - || !EVP_DigestFinal(&ctx, hash, NULL))) { + || !EVP_DigestUpdate(&ctx, c->mychallenge, RSA_size(myself->connection->rsa_key)) + || !EVP_DigestFinal(&ctx, hash, NULL)) { logger(LOG_ERR, _("Error during calculation of response for %s (%s): %s"), c->name, c->hostname, ERR_error_string(ERR_get_error(), NULL)); return false; From ffb7327c20952cefcb5578e40f9802295172c5c2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 11 Oct 2003 14:18:52 +0000 Subject: [PATCH 889/923] Fix bug that could lead to an assertion failure in libcrypto when multiple requests arrive and TCP packets are heavily fragmented. --- src/meta.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/meta.c b/src/meta.c index bc0cda63..dde0e2a4 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.46 2003/10/11 12:16:12 guus Exp $ + $Id: meta.c,v 1.1.2.47 2003/10/11 14:18:52 guus Exp $ */ #include "system.h" @@ -178,7 +178,7 @@ bool receive_meta(connection_t *c) return false; c->buflen -= reqlen; - lenin -= reqlen; + lenin -= reqlen - oldlen; memmove(c->buffer, c->buffer + reqlen, c->buflen); oldlen = 0; continue; From e88ea7277a97d46fa2c3ba1896cf0d0c62bdf128 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 11 Oct 2003 14:42:30 +0000 Subject: [PATCH 890/923] Small fixes in documentation. --- doc/tinc.conf.5.in | 3 ++- doc/tinc.texi | 17 +++++++++-------- doc/tincd.8.in | 2 +- 3 files changed, 12 insertions(+), 10 deletions(-) diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in index 7257bfe0..2646931a 100644 --- a/doc/tinc.conf.5.in +++ b/doc/tinc.conf.5.in @@ -246,6 +246,7 @@ Any cipher supported by OpenSSL is recognised. Furthermore, specifying .Qq none will turn off packet encryption. +It is best to use only those ciphers which support CBC mode. .It Va Compression Li = Ar level Pq 0 This option sets the level of compression used for UDP packets. Possible values are 0 (off), 1 (fast zlib) and any integer up to 9 (best zlib), @@ -314,7 +315,7 @@ Setting this options also implicitly sets IndirectData. .Sh SCRIPTS Apart from reading the server and host configuration files, tinc can also run scripts at certain moments. -On Windows (not Cygwin), the scripts should have the extension +Under Windows (not Cygwin), the scripts should have the extension .Pa .bat . .Bl -tag -width indent .It Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /tinc-up diff --git a/doc/tinc.texi b/doc/tinc.texi index 79e1ff05..33a3529a 100644 --- a/doc/tinc.texi +++ b/doc/tinc.texi @@ -1,5 +1,5 @@ \input texinfo @c -*-texinfo-*- -@c $Id: tinc.texi,v 1.8.4.45 2003/10/09 21:33:15 guus Exp $ +@c $Id: tinc.texi,v 1.8.4.46 2003/10/11 14:42:29 guus Exp $ @c %**start of header @setfilename tinc.info @settitle tinc Manual @@ -20,7 +20,7 @@ Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.45 2003/10/09 21:33:15 guus Exp $ +$Id: tinc.texi,v 1.8.4.46 2003/10/11 14:42:29 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -47,7 +47,7 @@ Copyright @copyright{} 1998-2003 Ivo Timmermans , Guus Sliepen and Wessel Dankers . -$Id: tinc.texi,v 1.8.4.45 2003/10/09 21:33:15 guus Exp $ +$Id: tinc.texi,v 1.8.4.46 2003/10/11 14:42:29 guus Exp $ Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are @@ -159,7 +159,7 @@ both the receiving and sending end, it has become largely runtime-configurable---in short, it has become a full-fledged professional package. -@cindex Traditional VPNs +@cindex traditional VPNs @cindex scalability Tinc also allows more than two sites to connect to eachother and form a single VPN. Traditionally VPNs are created by making tunnels, which only have two endpoints. @@ -1525,6 +1525,7 @@ and look in the syslog to find out what the problems are. * Runtime options:: * Solving problems:: * Error messages:: +* Sending bug reports:: @end menu @@ -2134,7 +2135,7 @@ an attacker) in the beginning of the encrypted stream. @c ================================================================== @node Encryption of network packets -@subsection Encryption of network packet +@subsection Encryption of network packets @cindex encryption A data packet can only be sent if the encryption key is known to both @@ -2163,7 +2164,7 @@ the MACLength configuration variable. @c ================================================================== @node Security issues -@section Security issues +@subsection Security issues In August 2000, we discovered the existence of a security hole in all versions of tinc up to and including 1.0pre2. This had to do with the way we exchanged @@ -2306,13 +2307,13 @@ Adding routes to IPv6 subnets: @menu -* Contact Information:: +* Contact information:: * Authors:: @end menu @c ================================================================== -@node Contact Information +@node Contact information @section Contact information @cindex website diff --git a/doc/tincd.8.in b/doc/tincd.8.in index 577e33a8..d2391458 100644 --- a/doc/tincd.8.in +++ b/doc/tincd.8.in @@ -130,7 +130,7 @@ Each level inherits all messages of the previous level: This will log a message indicating .Nm has started along with a version number. -It will also any serious error. +It will also log any serious error. .It 1 This will log all connections that are made with other tinc daemons. .It 2 From d35a510fff65a7a3318036f27c11b956526b26f6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 12 Oct 2003 11:40:00 +0000 Subject: [PATCH 891/923] Fix another bug in meta.c. --- src/meta.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/meta.c b/src/meta.c index dde0e2a4..77e19295 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.47 2003/10/11 14:18:52 guus Exp $ + $Id: meta.c,v 1.1.2.48 2003/10/12 11:40:00 guus Exp $ */ #include "system.h" @@ -150,7 +150,7 @@ bool receive_meta(connection_t *c) receive_tcppacket(c, c->buffer, c->tcplen); c->buflen -= c->tcplen; - lenin -= c->tcplen; + lenin -= c->tcplen - oldlen; memmove(c->buffer, c->buffer + c->tcplen, c->buflen); oldlen = 0; c->tcplen = 0; From 0271de0e80459bdebcac50d38c053d4aaf657e9a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 8 Nov 2003 12:56:24 +0000 Subject: [PATCH 892/923] Update dutch translation. --- po/nl.po | 395 +++++++++++++++++++++++++++++++------------------------ 1 file changed, 225 insertions(+), 170 deletions(-) diff --git a/po/nl.po b/po/nl.po index a226fa8a..d9779327 100644 --- a/po/nl.po +++ b/po/nl.po @@ -1,13 +1,13 @@ # Dutch messages for tinc # Copyright (C) 1999-2001 Ivo Timmermans, Guus Sliepen. -# Ivo Timmermans , 1999-2002. -# Guus Sliepen , 2000-2002. +# Ivo Timmermans , 1999-2003. +# Guus Sliepen , 2000-2003. msgid "" msgstr "" "Project-Id-Version: tinc 1.0-cvs\n" "Report-Msgid-Bugs-To: tinc-devel@nl.linux.org\n" -"POT-Creation-Date: 2003-09-09 17:47+0200\n" -"PO-Revision-Date: 2003-05-06 23:10+0200\n" +"POT-Creation-Date: 2003-11-08 13:55+0100\n" +"PO-Revision-Date: 2003-10-11 16:21+0200\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" @@ -103,27 +103,37 @@ msgstr " %s op %s opties %lx socket %d status %04x" msgid "End of connections." msgstr "Einde van verbindingen." -#: src/meta.c:45 +#: src/meta.c:46 #, c-format msgid "Sending %d bytes of metadata to %s (%s)" msgstr "Verzenden van %d bytes metadata naar %s (%s)" -#: src/meta.c:59 src/meta.c:112 +#: src/meta.c:52 +#, c-format +msgid "Error while encrypting metadata to %s (%s): %s" +msgstr "Fout tijdens versleutelen van metadata naar %s (%s): %s" + +#: src/meta.c:65 src/meta.c:118 #, c-format msgid "Connection closed by %s (%s)" msgstr "Verbinding beëindigd door %s (%s)" -#: src/meta.c:64 +#: src/meta.c:70 #, c-format msgid "Sending meta data to %s (%s) failed: %s" msgstr "Fout tijdens verzenden metadata naar %s (%s): %s" -#: src/meta.c:117 +#: src/meta.c:123 #, c-format msgid "Metadata socket read error for %s (%s): %s" msgstr "Fout op metadata socket voor %s (%s) tijdens lezen: %s" -#: src/meta.c:180 +#: src/meta.c:138 +#, c-format +msgid "Error while decrypting metadata from %s (%s): %s" +msgstr "Fout tijdens ontsleutelen van metadata van %s (%s): %s" + +#: src/meta.c:191 #, c-format msgid "Metadata read buffer overflow for %s (%s)" msgstr "Metadata leesbuffer overloop voor %s (%s)" @@ -181,201 +191,221 @@ msgstr "Legen taakrij" msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." -#: src/net_packet.c:103 +#: src/net_packet.c:104 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net_packet.c:129 +#: src/net_packet.c:125 +#, c-format +msgid "Got too short packet from %s (%s)" +msgstr "Kreeg te kort pakket van %s (%s)" + +#: src/net_packet.c:138 #, c-format msgid "Got unauthenticated packet from %s (%s)" msgstr "Kreeg niet-geauthenticeerd pakket van %s (%s)" -#: src/net_packet.c:158 +#: src/net_packet.c:153 +#, c-format +msgid "Error decrypting packet from %s (%s): %s" +msgstr "Fout tijdens ontsleutelen pakket van %s (%s): %s" + +#: src/net_packet.c:169 #, c-format msgid "Lost %d packets from %s (%s)" msgstr "%d pakketten van %s (%s) verloren" -#: src/net_packet.c:164 +#: src/net_packet.c:175 #, c-format msgid "Got late or replayed packet from %s (%s), seqno %d, last received %d" msgstr "" "Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d, laatste ontvangen %d" -#: src/net_packet.c:184 +#: src/net_packet.c:195 #, c-format msgid "Error while uncompressing packet from %s (%s)" msgstr "Fout tijdens decomprimeren pakket van %s (%s)" -#: src/net_packet.c:226 +#: src/net_packet.c:240 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net_packet.c:256 +#: src/net_packet.c:270 #, c-format msgid "Error while compressing packet to %s (%s)" msgstr "Fout tijdens comprimeren pakket naar %s (%s)" -#: src/net_packet.c:307 +#: src/net_packet.c:292 +#, c-format +msgid "Error while encrypting packet to %s (%s): %s" +msgstr "Fout tijdens versleutelen pakket naar %s (%s): %s" + +#: src/net_packet.c:324 #, c-format msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" -#: src/net_packet.c:309 src/net_setup.c:465 src/net_socket.c:74 -#: src/net_socket.c:122 src/net_socket.c:153 src/tincd.c:433 src/tincd.c:467 -#: src/process.c:211 src/process.c:244 src/process.c:426 -#: src/cygwin/device.c:150 src/cygwin/device.c:181 src/mingw/device.c:76 -#: src/mingw/device.c:85 src/mingw/device.c:90 src/mingw/device.c:245 -#: src/mingw/device.c:252 src/mingw/device.c:257 src/mingw/device.c:264 -#: src/mingw/device.c:273 src/mingw/device.c:280 +#: src/net_packet.c:326 src/net_setup.c:472 src/net_socket.c:74 +#: src/net_socket.c:122 src/net_socket.c:153 src/tincd.c:434 src/tincd.c:468 +#: src/process.c:198 src/process.c:231 src/process.c:413 +#: src/cygwin/device.c:150 src/cygwin/device.c:181 src/mingw/device.c:82 +#: src/mingw/device.c:91 src/mingw/device.c:96 src/mingw/device.c:252 +#: src/mingw/device.c:259 src/mingw/device.c:264 src/mingw/device.c:271 +#: src/mingw/device.c:280 src/mingw/device.c:287 #, c-format msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" -#: src/net_packet.c:314 +#: src/net_packet.c:331 #, c-format msgid "Error sending packet to %s (%s): %s" msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net_packet.c:330 +#: src/net_packet.c:347 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net_packet.c:334 +#: src/net_packet.c:351 msgid "Packet is looping back to us!" msgstr "Pakket komt terug naar ons!" -#: src/net_packet.c:339 +#: src/net_packet.c:356 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net_packet.c:347 +#: src/net_packet.c:364 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net_packet.c:366 +#: src/net_packet.c:383 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net_packet.c:383 +#: src/net_packet.c:400 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:405 +#: src/net_packet.c:422 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:415 +#: src/net_packet.c:432 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" -#: src/net_setup.c:75 src/net_setup.c:92 +#: src/net_setup.c:77 src/net_setup.c:94 #, c-format msgid "Error reading RSA public key file `%s': %s" msgstr "Fout tijdens lezen RSA publieke sleutel bestand `%s': %s" -#: src/net_setup.c:107 +#: src/net_setup.c:109 #, c-format msgid "Reading RSA public key file `%s' failed: %s" msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %s" -#: src/net_setup.c:143 +#: src/net_setup.c:145 #, c-format msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net_setup.c:171 +#: src/net_setup.c:173 #, c-format msgid "Error reading RSA private key file `%s': %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:179 +#: src/net_setup.c:181 #, c-format msgid "Could not stat RSA private key file `%s': %s'" msgstr "Kon gegevens RSA privé sleutel bestand `%s' niet opvragen: %s" -#: src/net_setup.c:186 +#: src/net_setup.c:188 #, c-format msgid "Warning: insecure file permissions for RSA private key file `%s'!" msgstr "" "Waarschuwing: onveilige permissies voor RSA privé sleutel bestand `%s'!" -#: src/net_setup.c:193 +#: src/net_setup.c:195 #, c-format msgid "Reading RSA private key file `%s' failed: %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:223 src/net_setup.c:224 +#: src/net_setup.c:225 src/net_setup.c:226 msgid "MYSELF" msgstr "MIJZELF" -#: src/net_setup.c:230 +#: src/net_setup.c:232 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net_setup.c:235 +#: src/net_setup.c:237 msgid "Invalid name for myself!" msgstr "Ongeldige naam voor mijzelf!" -#: src/net_setup.c:247 +#: src/net_setup.c:249 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net_setup.c:300 +#: src/net_setup.c:302 msgid "Invalid routing mode!" msgstr "Ongeldige routing modus!" -#: src/net_setup.c:311 +#: src/net_setup.c:313 msgid "PriorityInheritance not supported on this platform" msgstr "PriorityInheritance wordt niet ondersteund op dit platform" -#: src/net_setup.c:319 +#: src/net_setup.c:321 msgid "Bogus maximum timeout!" msgstr "Onzinnige maximum timeout!" -#: src/net_setup.c:333 +#: src/net_setup.c:335 msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:351 +#: src/net_setup.c:353 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:388 +#: src/net_setup.c:378 src/protocol_auth.c:198 +#, c-format +msgid "Error during initialisation of cipher for %s (%s): %s" +msgstr "Fout tijdens initialisatie van cipher voor %s (%s): %s" + +#: src/net_setup.c:395 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:401 +#: src/net_setup.c:408 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:404 +#: src/net_setup.c:411 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:418 +#: src/net_setup.c:425 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:487 +#: src/net_setup.c:494 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:498 +#: src/net_setup.c:505 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:500 +#: src/net_setup.c:507 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" @@ -563,16 +593,16 @@ msgstr "Verzoek reeds gezien" msgid "Aging past requests: deleted %d, left %d" msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven" -#: src/protocol_auth.c:58 src/protocol_auth.c:213 src/protocol_auth.c:338 -#: src/protocol_auth.c:402 src/protocol_auth.c:501 src/protocol_edge.c:73 -#: src/protocol_edge.c:184 src/protocol_key.c:59 src/protocol_key.c:101 -#: src/protocol_key.c:165 src/protocol_misc.c:54 src/protocol_misc.c:83 +#: src/protocol_auth.c:59 src/protocol_auth.c:218 src/protocol_auth.c:347 +#: src/protocol_auth.c:414 src/protocol_auth.c:517 src/protocol_edge.c:73 +#: src/protocol_edge.c:184 src/protocol_key.c:62 src/protocol_key.c:104 +#: src/protocol_key.c:168 src/protocol_misc.c:54 src/protocol_misc.c:83 #: src/protocol_misc.c:171 src/protocol_subnet.c:61 src/protocol_subnet.c:151 #, c-format msgid "Got bad %s from %s (%s)" msgstr "Kreeg verkeerde %s van %s (%s)" -#: src/protocol_auth.c:66 src/protocol_edge.c:81 src/protocol_edge.c:87 +#: src/protocol_auth.c:67 src/protocol_edge.c:81 src/protocol_edge.c:87 #: src/protocol_edge.c:192 src/protocol_edge.c:198 src/protocol_subnet.c:69 #: src/protocol_subnet.c:79 src/protocol_subnet.c:159 #: src/protocol_subnet.c:179 @@ -580,76 +610,91 @@ msgstr "Kreeg verkeerde %s van %s (%s)" msgid "Got bad %s from %s (%s): %s" msgstr "Kreeg verkeerde %s van %s (%s): %s" -#: src/protocol_auth.c:75 +#: src/protocol_auth.c:76 #, c-format msgid "Peer %s is %s instead of %s" msgstr "Ander %s is %s in plaats van %s" -#: src/protocol_auth.c:85 +#: src/protocol_auth.c:86 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt incompatibele versie %d" -#: src/protocol_auth.c:101 +#: src/protocol_auth.c:102 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft onbekende identiteit (%s)" -#: src/protocol_auth.c:161 +#: src/protocol_auth.c:162 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "Willekeurige meta sleutel aangemaakt (niet versleuteld): %s" -#: src/protocol_auth.c:173 src/protocol_auth.c:242 +#: src/protocol_auth.c:174 src/protocol_auth.c:247 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleutelen van meta key voor %s (%s)" -#: src/protocol_auth.c:223 src/protocol_auth.c:348 src/protocol_auth.c:410 -#: src/protocol_auth.c:428 +#: src/protocol_auth.c:228 src/protocol_auth.c:357 src/protocol_auth.c:422 +#: src/protocol_auth.c:444 #, c-format msgid "Possible intruder %s (%s): %s" msgstr "Mogelijke indringer %s (%s): %s" -#: src/protocol_auth.c:250 +#: src/protocol_auth.c:255 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Ontving willekeurige meta key (niet versleuteld): %s" -#: src/protocol_auth.c:261 +#: src/protocol_auth.c:266 #, c-format msgid "%s (%s) uses unknown cipher!" msgstr "%s (%s) gebruikt onbekende cipher!" -#: src/protocol_auth.c:281 src/protocol_key.c:232 +#: src/protocol_auth.c:274 +#, c-format +msgid "Error during initialisation of cipher from %s (%s): %s" +msgstr "Fout tijdens initalisatie van cipher van %s (%s): %s" + +#: src/protocol_auth.c:290 src/protocol_key.c:235 #, c-format msgid "Node %s (%s) uses unknown digest!" msgstr "Node %s (%s) gebruikt onbekende digest!" -#: src/protocol_auth.c:286 +#: src/protocol_auth.c:295 #, c-format msgid "%s (%s) uses bogus MAC length!" msgstr "%s (%s) gebruikt onzinnige MAC lengte!" -#: src/protocol_auth.c:411 +#: src/protocol_auth.c:390 +#, c-format +msgid "Error during calculation of response for %s (%s): %s" +msgstr "Fout tijdens berekenen van antwoord voor %s (%s): %s" + +#: src/protocol_auth.c:423 msgid "wrong challenge reply length" msgstr "verkeerde lengte antwoord op uitdaging" -#: src/protocol_auth.c:429 +#: src/protocol_auth.c:436 +#, c-format +msgid "Error during calculation of response from %s (%s): %s" +msgstr "Fout tijdens narekenen van antwoord van %s (%s): %s" + +#: src/protocol_auth.c:445 msgid "wrong challenge reply" msgstr "verkeerd antwoord op uitdaging" -#: src/protocol_auth.c:434 +#: src/protocol_auth.c:450 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwachtte antwoord op uitdaging: %s" -#: src/protocol_auth.c:517 +#: src/protocol_auth.c:533 #, c-format msgid "Established a second connection with %s (%s), closing old connection" msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" -#: src/protocol_auth.c:534 +#: src/protocol_auth.c:550 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" @@ -685,19 +730,19 @@ msgstr "Kreeg %s van %s (%s) welke niet voorkomt in de edge tree" msgid "Got %s from %s (%s) for ourself" msgstr "Kreeg %s van %s (%s) voor onszelf" -#: src/protocol_key.c:70 +#: src/protocol_key.c:73 #, c-format msgid "Got %s from %s (%s) origin %s which does not exist" msgstr "Kreeg %s van %s (%s) herkomst %s welke niet bestaat" -#: src/protocol_key.c:109 src/protocol_key.c:173 +#: src/protocol_key.c:112 src/protocol_key.c:176 #, c-format msgid "" "Got %s from %s (%s) origin %s which does not exist in our connection list" msgstr "" "Kreeg %s van %s (%s) herkomst %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:117 src/protocol_key.c:181 +#: src/protocol_key.c:120 src/protocol_key.c:184 #, c-format msgid "" "Got %s from %s (%s) destination %s which does not exist in our connection " @@ -705,26 +750,31 @@ msgid "" msgstr "" "Kreeg %s van %s (%s) doel %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:212 +#: src/protocol_key.c:215 #, c-format msgid "Node %s (%s) uses unknown cipher!" msgstr "Node %s (%s) gebruikt onbekende cipher!" -#: src/protocol_key.c:218 +#: src/protocol_key.c:221 #, c-format msgid "Node %s (%s) uses wrong keylength!" msgstr "Node %s (%s) gebruikt verkeerde lengte sleutel!" -#: src/protocol_key.c:238 +#: src/protocol_key.c:241 #, c-format msgid "Node %s (%s) uses bogus MAC length!" msgstr "Node %s (%s) gebruikt onzinnige MAC lengte!" -#: src/protocol_key.c:247 +#: src/protocol_key.c:250 #, c-format msgid "Node %s (%s) uses bogus compression level!" msgstr "Node %s (%s) gebruikt onzinnig compressieniveau!" +#: src/protocol_key.c:258 +#, c-format +msgid "Error during initialisation of key from %s (%s): %s" +msgstr "Fout tijdens initialisatie van sleutel van %s (%s): %s" + #: src/protocol_misc.c:59 #, c-format msgid "Status message from %s (%s): %d: %s" @@ -773,12 +823,12 @@ msgstr " %s eigenaar %s" msgid "End of subnet list." msgstr "Einde van subnet lijst." -#: src/tincd.c:107 +#: src/tincd.c:108 #, c-format msgid "Try `%s --help' for more information.\n" msgstr "Probeer `%s --help' voor meer informatie.\n" -#: src/tincd.c:110 +#: src/tincd.c:111 #, c-format msgid "" "Usage: %s [option]...\n" @@ -787,7 +837,7 @@ msgstr "" "Gebruik: %s [optie]...\n" "\n" -#: src/tincd.c:111 +#: src/tincd.c:112 msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" @@ -816,13 +866,13 @@ msgstr "" " --version Geef versie informatie en beëindig.\n" "\n" -#: src/tincd.c:122 +#: src/tincd.c:123 msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" "Meld fouten in de vertaling aan vertaling@nl.linux.org.\n" -#: src/tincd.c:178 +#: src/tincd.c:179 #, c-format msgid "" "Invalid argument `%s'; SIGNAL must be a number or one of HUP, TERM, KILL, " @@ -831,7 +881,7 @@ msgstr "" "Ongeldig argument `%s'; SIGNAAL moet een getal zijn of één van HUP, TERM, " "KILL, USR1, USR2, WINCH, INT of ALRM.\n" -#: src/tincd.c:200 +#: src/tincd.c:201 #, c-format msgid "" "Invalid argument `%s'; BITS must be a number equal to or greater than 512.\n" @@ -839,24 +889,24 @@ msgstr "" "Ongeldig argument `%s'; BITS moet een nummer zijn gelijk aan of groter dan " "512.\n" -#: src/tincd.c:293 +#: src/tincd.c:294 #, c-format msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" -#: src/tincd.c:297 +#: src/tincd.c:298 msgid "Error during key generation!\n" msgstr "Fout tijdens genereren sleutel!\n" -#: src/tincd.c:300 +#: src/tincd.c:301 msgid "Done.\n" msgstr "Klaar.\n" -#: src/tincd.c:303 +#: src/tincd.c:304 msgid "private RSA key" msgstr "geheime RSA sleutel" -#: src/tincd.c:314 src/tincd.c:333 +#: src/tincd.c:315 src/tincd.c:334 msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -864,21 +914,21 @@ msgstr "" "Sleutel wordt toegevoegd aan bestaande inhoud.\n" "Let er op dat er slechts één sleutel in het bestand is.\n" -#: src/tincd.c:327 +#: src/tincd.c:328 msgid "public RSA key" msgstr "openbare RSA sleutel" -#: src/tincd.c:386 +#: src/tincd.c:387 msgid "Both netname and configuration directory given, using the latter..." msgstr "" "Zowel netnaam als configuratiemap zijn gegeven, laatste wordt gebruikt..." -#: src/tincd.c:407 +#: src/tincd.c:408 #, c-format msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" -#: src/tincd.c:409 +#: src/tincd.c:410 msgid "" "Copyright (C) 1998-2003 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -895,24 +945,24 @@ msgstr "" "en je bent welkom om het te distribueren onder bepaalde voorwaarden;\n" "zie het bestand COPYING voor details.\n" -#: src/tincd.c:437 +#: src/tincd.c:438 msgid "mlockall() not supported on this platform!" msgstr "mlockall() wordt niet ondersteund op dit platform!" -#: src/tincd.c:461 +#: src/tincd.c:462 msgid "Error initializing LZO compressor!" msgstr "Fout tijdens initialiseren LZO compressor!" -#: src/tincd.c:489 +#: src/tincd.c:490 #, c-format msgid "Restarting in %d seconds!" msgstr "Herstart in %d seconden!" -#: src/tincd.c:492 src/process.c:479 +#: src/tincd.c:493 src/process.c:466 msgid "Not restarting." msgstr "Geen herstart." -#: src/tincd.c:508 +#: src/tincd.c:509 msgid "Terminating" msgstr "Beëindigen" @@ -921,154 +971,154 @@ msgstr "Beëindigen" msgid "Memory exhausted (couldn't allocate %d bytes), exitting." msgstr "Geheugen uitgeput (kon geen %d bytes reserveren), beëindigen." -#: src/process.c:92 src/process.c:142 +#: src/process.c:79 src/process.c:129 #, c-format msgid "Could not open service manager: %s" msgstr "Kon service manager niet openen: %s" -#: src/process.c:123 +#: src/process.c:110 #, c-format msgid "Could not create %s service: %s" msgstr "Kon %s service niet aanmaken: %s" -#: src/process.c:129 +#: src/process.c:116 #, c-format msgid "%s service installed" msgstr "%s service geïnstalleerd" -#: src/process.c:132 +#: src/process.c:119 #, c-format msgid "Could not start %s service: %s" msgstr "Kon %s service niet starten: %s" -#: src/process.c:134 +#: src/process.c:121 #, c-format msgid "%s service started" msgstr "%s service gestart" -#: src/process.c:149 +#: src/process.c:136 #, c-format msgid "Could not open %s service: %s" msgstr "Kon %s service niet openen: %s" -#: src/process.c:154 +#: src/process.c:141 #, c-format msgid "Could not stop %s service: %s" msgstr "Kon %s service niet stoppen: %s" -#: src/process.c:156 +#: src/process.c:143 #, c-format msgid "%s service stopped" msgstr "%s service gestopt" -#: src/process.c:159 +#: src/process.c:146 #, c-format msgid "Could not remove %s service: %s" msgstr "Kon %s service niet verwijderen: %s" -#: src/process.c:163 +#: src/process.c:150 #, c-format msgid "%s service removed" msgstr "%s service verwijderd" -#: src/process.c:171 src/process.c:174 +#: src/process.c:158 src/process.c:161 #, c-format msgid "Got %s request" msgstr "Kreeg %s verzoek" -#: src/process.c:177 +#: src/process.c:164 #, c-format msgid "Got unexpected request %d" msgstr "Kreeg onverwacht verzoek %d" -#: src/process.c:265 +#: src/process.c:252 #, c-format -msgid "A tincd is already running for net `%s' with pid %d.\n" -msgstr "Een tincd draait al voor net `%s' met pid %d.\n" +msgid "A tincd is already running for net `%s' with pid %ld.\n" +msgstr "Een tincd draait al voor net `%s' met pid %ld.\n" -#: src/process.c:268 +#: src/process.c:255 #, c-format -msgid "A tincd is already running with pid %d.\n" -msgstr "Een tincd draait al met pid %d.\n" +msgid "A tincd is already running with pid %ld.\n" +msgstr "Een tincd draait al met pid %ld.\n" -#: src/process.c:294 +#: src/process.c:281 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:297 +#: src/process.c:284 msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:306 +#: src/process.c:293 #, c-format msgid "The tincd for net `%s' is no longer running. " msgstr "De tincd voor net `%s' draait niet meer. " -#: src/process.c:309 +#: src/process.c:296 msgid "The tincd is no longer running. " msgstr "De tincd draait niet meer. " -#: src/process.c:311 +#: src/process.c:298 msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:344 +#: src/process.c:331 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:361 +#: src/process.c:348 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:393 +#: src/process.c:380 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:413 +#: src/process.c:400 #, c-format msgid "Script %s exited with non-zero status %d" msgstr "Script %s beëindigde met status %d" -#: src/process.c:418 +#: src/process.c:405 #, c-format msgid "Script %s was killed by signal %d (%s)" msgstr "Script %s was gestopt door signaal %d (%s)" -#: src/process.c:422 +#: src/process.c:409 #, c-format msgid "Script %s terminated abnormally" msgstr "Script %s abnormaal beëindigd" -#: src/process.c:442 src/process.c:448 src/process.c:486 src/process.c:492 -#: src/process.c:510 +#: src/process.c:429 src/process.c:435 src/process.c:473 src/process.c:479 +#: src/process.c:497 #, c-format msgid "Got %s signal" msgstr "Kreeg %s signaal" -#: src/process.c:454 +#: src/process.c:441 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart." -#: src/process.c:463 +#: src/process.c:450 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:467 +#: src/process.c:454 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:495 +#: src/process.c:482 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:501 +#: src/process.c:488 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1077,37 +1127,37 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:534 +#: src/process.c:521 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:540 +#: src/process.c:527 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:594 +#: src/process.c:582 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:104 +#: src/route.c:120 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:137 +#: src/route.c:153 #, c-format msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" -#: src/route.c:246 +#: src/route.c:271 #, c-format msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:337 +#: src/route.c:371 #, c-format msgid "" "Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" @@ -1116,19 +1166,19 @@ msgstr "" "Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" "hx:%hx" -#: src/route.c:389 +#: src/route.c:425 msgid "" "Cannot route packet: received unknown type neighbor solicitation request" msgstr "" "Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation " "verzoek" -#: src/route.c:406 +#: src/route.c:443 msgid "Cannot route packet: checksum error for neighbor solicitation request" msgstr "" "Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek" -#: src/route.c:415 +#: src/route.c:452 #, c-format msgid "" "Cannot route packet: neighbor solicitation request for unknown address %hx:%" @@ -1137,16 +1187,21 @@ msgstr "" "Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres %" "hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx" -#: src/route.c:494 +#: src/route.c:532 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:503 +#: src/route.c:541 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:558 +#: src/route.c:578 src/route.c:590 src/route.c:599 src/route.c:612 +#: src/route.c:644 src/route.c:658 src/route.c:667 +msgid "Read too short packet" +msgstr "Te kort pakket gelezen" + +#: src/route.c:620 #, c-format msgid "Cannot route packet: unknown type %hx" msgstr "Kan pakket niet routeren: onbekend type %hx" @@ -1181,12 +1236,12 @@ msgstr " %s naar %s op %s opties %lx gewicht %d" msgid "End of edges." msgstr "Einde van edges." -#: src/graph.c:254 +#: src/graph.c:255 #, c-format msgid "Node %s (%s) became reachable" msgstr "Node %s (%s) werd bereikbaar" -#: src/graph.c:257 +#: src/graph.c:258 #, c-format msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" @@ -1222,22 +1277,22 @@ msgstr "%s is een %s" #: src/linux/device.c:137 src/linux/device.c:148 src/linux/device.c:159 #: src/freebsd/device.c:75 src/solaris/device.c:126 src/netbsd/device.c:78 -#: src/darwin/device.c:75 src/cygwin/device.c:249 src/mingw/device.c:113 -#: src/mingw/device.c:307 src/raw_socket/device.c:114 +#: src/darwin/device.c:75 src/cygwin/device.c:249 src/mingw/device.c:119 +#: src/mingw/device.c:319 src/raw_socket/device.c:114 #, c-format msgid "Error while reading from %s %s: %s" msgstr "Fout tijdens lezen van %s %s: %s" #: src/linux/device.c:170 src/freebsd/device.c:84 src/solaris/device.c:138 #: src/netbsd/device.c:90 src/darwin/device.c:87 src/cygwin/device.c:258 -#: src/mingw/device.c:316 src/raw_socket/device.c:123 +#: src/mingw/device.c:328 src/raw_socket/device.c:123 #, c-format msgid "Read packet of %d bytes from %s" msgstr "Pakket van %d bytes gelezen van %s" #: src/linux/device.c:180 src/freebsd/device.c:94 src/solaris/device.c:148 #: src/netbsd/device.c:100 src/darwin/device.c:97 src/cygwin/device.c:270 -#: src/mingw/device.c:329 src/raw_socket/device.c:133 +#: src/mingw/device.c:341 src/raw_socket/device.c:133 #, c-format msgid "Writing packet of %d bytes to %s" msgstr "Pakket van %d bytes geschreven naar %s" @@ -1251,21 +1306,21 @@ msgstr "Kan niet schrijven naar %s %s: %s" #: src/linux/device.c:219 src/freebsd/device.c:112 src/solaris/device.c:166 #: src/netbsd/device.c:118 src/darwin/device.c:115 src/cygwin/device.c:287 -#: src/mingw/device.c:346 src/raw_socket/device.c:151 +#: src/mingw/device.c:358 src/raw_socket/device.c:151 #, c-format msgid "Statistics for %s %s:" msgstr "Statistieken voor %s %s:" #: src/linux/device.c:220 src/freebsd/device.c:113 src/solaris/device.c:167 #: src/netbsd/device.c:119 src/darwin/device.c:116 src/cygwin/device.c:288 -#: src/mingw/device.c:347 src/raw_socket/device.c:152 +#: src/mingw/device.c:359 src/raw_socket/device.c:152 #, c-format msgid " total bytes in: %10d" msgstr " totaal aantal bytes in: %10d" #: src/linux/device.c:221 src/freebsd/device.c:114 src/solaris/device.c:168 #: src/netbsd/device.c:120 src/darwin/device.c:117 src/cygwin/device.c:289 -#: src/mingw/device.c:348 src/raw_socket/device.c:153 +#: src/mingw/device.c:360 src/raw_socket/device.c:153 #, c-format msgid " total bytes out: %10d" msgstr " totaal aantal bytes uit: %10d" @@ -1275,7 +1330,7 @@ msgid "FreeBSD tap device" msgstr "FreeBSD tap apparaat" #: src/freebsd/device.c:98 src/darwin/device.c:101 src/cygwin/device.c:274 -#: src/mingw/device.c:333 +#: src/mingw/device.c:345 #, c-format msgid "Error while writing to %s %s: %s" msgstr "Fout tijdens schrijven naar %s %s: %s" @@ -1322,12 +1377,12 @@ msgstr "NetBSD tun apparaat" msgid "MacOS/X tun device" msgstr "MaxOS/X tun apparaat" -#: src/cygwin/device.c:81 src/mingw/device.c:156 +#: src/cygwin/device.c:81 src/mingw/device.c:163 #, c-format msgid "Unable to read registry: %s" msgstr "Kon registry niet lezen: %s" -#: src/cygwin/device.c:133 src/mingw/device.c:207 +#: src/cygwin/device.c:133 src/mingw/device.c:214 msgid "No Windows tap device found!" msgstr "Geen Windows tap apparaat gevonden!" @@ -1336,7 +1391,7 @@ msgstr "Geen Windows tap apparaat gevonden!" msgid "Could not open Windows tap device %s (%s) for writing: %s" msgstr "Kon Windows tap apparaat %s (%s) niet openen om te schrijven: %s" -#: src/cygwin/device.c:168 src/mingw/device.c:232 +#: src/cygwin/device.c:168 src/mingw/device.c:239 #, c-format msgid "Could not get MAC address from Windows tap device %s (%s): %s" msgstr "Kon MAC adres niet achterhalen van Windows tap apparaat %s (%s): %s" @@ -1354,20 +1409,20 @@ msgstr "Taplezer is geforked en draait." msgid "Tap reader failed!" msgstr "Taplezer faalde!" -#: src/cygwin/device.c:224 src/mingw/device.c:286 +#: src/cygwin/device.c:224 src/mingw/device.c:298 msgid "Windows tap device" msgstr "Windows tap apparaat" -#: src/cygwin/device.c:226 src/mingw/device.c:288 +#: src/cygwin/device.c:226 src/mingw/device.c:300 #, c-format msgid "%s (%s) is a %s" msgstr "%s (%s) is een %s" -#: src/mingw/device.c:94 +#: src/mingw/device.c:100 msgid "Tap reader running" msgstr "Taplezer draait" -#: src/mingw/device.c:225 +#: src/mingw/device.c:232 #, c-format msgid "%s (%s) is not a usable Windows tap device: %s" msgstr "%s (%s) is geen bruikbaar Windows tap apparaat: %s" From 507a83c74635955f803bb26c450f3e83dd4809f9 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 8 Nov 2003 15:09:03 +0000 Subject: [PATCH 893/923] Add missing definitions. --- lib/ipv6.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/ipv6.h b/lib/ipv6.h index 6216cc05..1c3a2494 100644 --- a/lib/ipv6.h +++ b/lib/ipv6.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ipv6.h,v 1.1.2.7 2003/10/08 11:34:55 guus Exp $ + $Id: ipv6.h,v 1.1.2.8 2003/11/08 15:09:03 guus Exp $ */ #ifndef __TINC_IPV6_H__ @@ -99,6 +99,9 @@ struct icmp6_hdr { #define ICMP6_DST_UNREACH_ADDR 3 #define ND_NEIGHBOR_SOLICIT 135 #define ND_NEIGHBOR_ADVERT 136 +#define icmp6_data32 icmp6_dataun.icmp6_un_data32 +#define icmp6_data16 icmp6_dataun.icmp6_un_data16 +#define icmp6_data8 icmp6_dataun.icmp6_un_data8 #endif #ifndef HAVE_STRUCT_ND_NEIGHBOR_SOLICIT @@ -108,6 +111,10 @@ struct nd_neighbor_solicit { } __attribute__ ((__packed__)); #define ND_OPT_SOURCE_LINKADDR 1 #define ND_OPT_TARGET_LINKADDR 2 +#define nd_ns_type nd_ns_hdr.icmp6_type +#define nd_ns_code nd_ns_hdr.icmp6_code +#define nd_ns_cksum nd_ns_hdr.icmp6_cksum +#define nd_ns_reserved nd_ns_hdr.icmp6_data32[0] #endif #ifndef HAVE_STRUCT_ND_OPT_HDR From a8f415e67fd316d929f9b9e6661e0d3d66fc197b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 8 Nov 2003 15:29:40 +0000 Subject: [PATCH 894/923] Release notes for 1.0.2 --- NEWS | 15 +++++++++++++++ README | 12 ++++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 4c7c9397..897719c3 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,18 @@ +version 1.0.2 Nov 8 2003 + +* Fix address and hostname resolving under Windows. + +* Remove warnings about non-existing scripts and unsupported address families. + +* Use the event logger under Windows. + +* Fix quoting of filenames and command line arguments under Windows. + +* Strict checks for length incoming network packets and return values of + cryptographic functions, + +* Fix a bug in metadata handling that made the tinc daemon abort. + version 1.0.1 Aug 14 2003 * Allow empty lines in config files. diff --git a/README b/README index 1024d608..243f0efe 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -This is the README file for tinc version 1.0.1. Installation +This is the README file for tinc version 1.0.2. Installation instructions may be found in the INSTALL file. tinc is Copyright (C) 1998-2003 by: @@ -31,6 +31,14 @@ launch a denial of service attack by replaying intercepted packets. The current version adds sequence numbers and message authentication codes to prevent such attacks. +On September the 15th of 2003, Peter Gutmann contacted us and showed us a +writeup describing various security issues in several VPN daemons. He showed +that tinc lacks perfect forward security, the connection authentication could +be done more properly, that the sequence number we use as an IV is not the best +practice and that the default length of the HMAC for packets is too short in +his opinion. We do not know of a way to exploit these weaknesses, but we will +address these issues in tinc 2.0. + Cryptography is a hard thing to get right. We cannot make any guarantees. Time, review and feedback are the only things that can prove the security of any cryptographic product. If you wish to review @@ -47,7 +55,7 @@ should be changed into "Device", and "Device" should be changed into Compatibility ------------- -Version 1.0.1 is compatible with 1.0 and 1.0pre8 but not with older versions +Version 1.0.2 is compatible with 1.0.1, 1.0 and 1.0pre8 but not with older versions of tinc. From 0e59fb022c6c015a5be7ed70e0378cb011be98b5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 10 Nov 2003 22:31:53 +0000 Subject: [PATCH 895/923] Add Opaque option which prevent information from being forwarded to certain nodes. --- src/connection.h | 6 ++++-- src/meta.c | 4 ++-- src/protocol_auth.c | 41 +++++++++++++++++++++++++++++------------ src/protocol_edge.c | 14 +++++++++++--- src/protocol_subnet.c | 14 +++++++++++--- 5 files changed, 57 insertions(+), 22 deletions(-) diff --git a/src/connection.h b/src/connection.h index 29bace11..f075f19a 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.36 2003/07/30 21:52:41 guus Exp $ + $Id: connection.h,v 1.1.2.37 2003/11/10 22:31:53 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -40,7 +40,9 @@ typedef struct connection_status_t { int timeout:1; /* 1 if gotten timeout */ int encryptout:1; /* 1 if we can encrypt outgoing traffic */ int decryptin:1; /* 1 if we have to decrypt incoming traffic */ - int mst:1; /* 1 if this connection is part of a minimum spanning tree */ + int mst:1; /* 1 if this connection is part of a minimum spanning tree */ + int opaque:1; /* 1 if we do not forward information about other nodes */ + int strict:1; /* 1 if we strictly check edges and subnets received from this connection */ int unused:18; } connection_status_t; diff --git a/src/meta.c b/src/meta.c index 77e19295..2ff272ec 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.48 2003/10/12 11:40:00 guus Exp $ + $Id: meta.c,v 1.1.2.49 2003/11/10 22:31:53 guus Exp $ */ #include "system.h" @@ -88,7 +88,7 @@ void broadcast_meta(connection_t *from, const char *buffer, int length) for(node = connection_tree->head; node; node = node->next) { c = node->data; - if(c != from && c->status.active) + if(c != from && c->status.active && !c->status.opaque) send_meta(c, buffer, length); } } diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 36de236c..920324fe 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.28 2003/10/11 12:28:48 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.29 2003/11/10 22:31:53 guus Exp $ */ #include "system.h" @@ -51,7 +51,6 @@ bool send_id(connection_t *c) bool id_h(connection_t *c) { char name[MAX_STRING_SIZE]; - bool choice; cp(); @@ -109,14 +108,6 @@ bool id_h(connection_t *c) return false; } - /* Check some options */ - - if((get_config_bool(lookup_config(c->config_tree, "IndirectData"), &choice) && choice) || myself->options & OPTION_INDIRECT) - c->options |= OPTION_INDIRECT; - - if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &choice) && choice) || myself->options & OPTION_TCPONLY) - c->options |= OPTION_TCPONLY | OPTION_INDIRECT; - c->allow_request = METAKEY; return send_metakey(c); @@ -468,6 +459,7 @@ bool send_ack(connection_t *c) to create node_t and edge_t structures. */ struct timeval now; + bool choice; cp(); @@ -476,6 +468,27 @@ bool send_ack(connection_t *c) gettimeofday(&now, NULL); c->estimated_weight = (now.tv_sec - c->start.tv_sec) * 1000 + (now.tv_usec - c->start.tv_usec) / 1000; + /* Check some options */ + + if((get_config_bool(lookup_config(c->config_tree, "IndirectData"), &choice) && choice) || myself->options & OPTION_INDIRECT) + c->options |= OPTION_INDIRECT; + + if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &choice) && choice) || myself->options & OPTION_TCPONLY) + c->options |= OPTION_TCPONLY | OPTION_INDIRECT; + + choice = false; + get_config_bool(lookup_config(config_tree, "Opaque"), &choice); + get_config_bool(lookup_config(c->config_tree, "Opaque"), &choice); + c->status.opaque = choice; + + if(c->status.opaque) + c->options |= OPTION_INDIRECT; + + choice = false; + get_config_bool(lookup_config(config_tree, "Strict"), &choice); + get_config_bool(lookup_config(c->config_tree, "Strict"), &choice); + c->status.strict = choice; + return send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options); } @@ -552,7 +565,8 @@ bool ack_h(connection_t *c) /* Send him everything we know */ - send_everything(c); + if(!c->status.opaque) + send_everything(c); /* Create an edge_t for this connection */ @@ -572,7 +586,10 @@ bool ack_h(connection_t *c) /* Notify everyone of the new edge */ - send_add_edge(broadcast, c->edge); + if(c->status.opaque) + send_add_edge(broadcast, c->edge); + else + send_add_edge(c, c->edge); /* Run MST and SSSP algorithms */ diff --git a/src/protocol_edge.c b/src/protocol_edge.c index 5949a38e..af0b2e72 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.21 2003/08/28 15:27:12 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.22 2003/11/10 22:31:53 guus Exp $ */ #include "system.h" @@ -110,6 +110,9 @@ bool add_edge_h(connection_t *c) node_add(to); } + if(c->status.opaque && from != myself && from != c->node && to != myself && to != c->node) + return false; + /* Convert addresses */ address = str2sockaddr(to_address, to_port); @@ -154,7 +157,8 @@ bool add_edge_h(connection_t *c) /* Tell the rest about the new edge */ - forward_request(c); + if(!c->status.opaque) + forward_request(c); /* Run MST before or after we tell the rest? */ @@ -221,6 +225,9 @@ bool del_edge_h(connection_t *c) return true; } + if(c->status.opaque && from != myself && from != c->node && to != myself && to != c->node) + return false; + /* Check if edge exists */ e = lookup_edge(from, to); @@ -240,7 +247,8 @@ bool del_edge_h(connection_t *c) /* Tell the rest about the deleted edge */ - forward_request(c); + if(!c->status.opaque) + forward_request(c); /* Delete the edge */ diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index bb2f2def..cb33ba0a 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.15 2003/07/24 12:08:16 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.16 2003/11/10 22:31:53 guus Exp $ */ #include "system.h" @@ -94,6 +94,9 @@ bool add_subnet_h(connection_t *c) node_add(owner); } + if(c->status.opaque && owner != myself && owner != c->node) + return false; + /* Check if we already know this subnet */ if(lookup_subnet(owner, s)) { @@ -117,7 +120,8 @@ bool add_subnet_h(connection_t *c) /* Tell the rest */ - forward_request(c); + if(!c->status.opaque) + forward_request(c); return true; } @@ -171,6 +175,9 @@ bool del_subnet_h(connection_t *c) return true; } + if(c->status.opaque && owner != myself && owner != c->node) + return false; + /* Check if subnet string is valid */ s = str2net(subnetstr); @@ -209,7 +216,8 @@ bool del_subnet_h(connection_t *c) /* Tell the rest */ - forward_request(c); + if(!c->status.opaque) + forward_request(c); /* Finally, delete it. */ From e3220cacb5bc79fc56167e61b7a342f88a33a479 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 17 Nov 2003 15:30:18 +0000 Subject: [PATCH 896/923] Replace Opaque and Strict options with a TunnelServer option. --- src/connection.h | 6 ++---- src/meta.c | 4 ++-- src/net.c | 13 ++++++++----- src/net_setup.c | 4 +++- src/protocol.c | 4 +++- src/protocol.h | 4 +++- src/protocol_auth.c | 33 ++++++++++++++------------------- src/protocol_edge.c | 13 +++++++------ src/protocol_key.c | 11 +++++++++-- src/protocol_subnet.c | 32 +++++++++++++++++++++++++++----- src/subnet.c | 4 ++-- src/subnet.h | 3 ++- 12 files changed, 82 insertions(+), 49 deletions(-) diff --git a/src/connection.h b/src/connection.h index f075f19a..cc6ff718 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.37 2003/11/10 22:31:53 guus Exp $ + $Id: connection.h,v 1.1.2.38 2003/11/17 15:30:16 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -41,9 +41,7 @@ typedef struct connection_status_t { int encryptout:1; /* 1 if we can encrypt outgoing traffic */ int decryptin:1; /* 1 if we have to decrypt incoming traffic */ int mst:1; /* 1 if this connection is part of a minimum spanning tree */ - int opaque:1; /* 1 if we do not forward information about other nodes */ - int strict:1; /* 1 if we strictly check edges and subnets received from this connection */ - int unused:18; + int unused:23; } connection_status_t; #include "edge.h" diff --git a/src/meta.c b/src/meta.c index 2ff272ec..0071eb55 100644 --- a/src/meta.c +++ b/src/meta.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: meta.c,v 1.1.2.49 2003/11/10 22:31:53 guus Exp $ + $Id: meta.c,v 1.1.2.50 2003/11/17 15:30:17 guus Exp $ */ #include "system.h" @@ -88,7 +88,7 @@ void broadcast_meta(connection_t *from, const char *buffer, int length) for(node = connection_tree->head; node; node = node->next) { c = node->data; - if(c != from && c->status.active && !c->status.opaque) + if(c != from && c->status.active) send_meta(c, buffer, length); } } diff --git a/src/net.c b/src/net.c index 7bf39897..e0b5e6f4 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.200 2003/08/28 21:05:10 guus Exp $ + $Id: net.c,v 1.35.4.201 2003/11/17 15:30:17 guus Exp $ */ #include "system.h" @@ -72,14 +72,16 @@ static void purge(void) for(snode = n->subnet_tree->head; snode; snode = snext) { snext = snode->next; s = snode->data; - send_del_subnet(broadcast, s); + if(!tunnelserver) + send_del_subnet(broadcast, s); subnet_del(n, s); } for(enode = n->edge_tree->head; enode; enode = enext) { enext = enode->next; e = enode->data; - send_del_edge(broadcast, e); + if(!tunnelserver) + send_del_edge(broadcast, e); edge_del(e); } } @@ -178,7 +180,7 @@ void terminate_connection(connection_t *c, bool report) closesocket(c->socket); if(c->edge) { - if(report) + if(report && !tunnelserver) send_del_edge(broadcast, c->edge); edge_del(c->edge); @@ -193,7 +195,8 @@ void terminate_connection(connection_t *c, bool report) edge_t *e; e = lookup_edge(c->node, myself); if(e) { - send_del_edge(broadcast, e); + if(!tunnelserver) + send_del_edge(broadcast, e); edge_del(e); } } diff --git a/src/net_setup.c b/src/net_setup.c index 3a027487..0d49ae91 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.45 2003/10/11 12:16:12 guus Exp $ + $Id: net_setup.c,v 1.1.2.46 2003/11/17 15:30:17 guus Exp $ */ #include "system.h" @@ -291,6 +291,8 @@ bool setup_myself(void) if(myself->options & OPTION_TCPONLY) myself->options |= OPTION_INDIRECT; + get_config_bool(lookup_config(config_tree, "TunnelServer"), &tunnelserver); + if(get_config_string(lookup_config(config_tree, "Mode"), &mode)) { if(!strcasecmp(mode, "router")) routing_mode = RMODE_ROUTER; diff --git a/src/protocol.c b/src/protocol.c index 4e37bf55..e6c13f46 100644 --- a/src/protocol.c +++ b/src/protocol.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.c,v 1.28.4.147 2003/08/28 21:05:10 guus Exp $ + $Id: protocol.c,v 1.28.4.148 2003/11/17 15:30:17 guus Exp $ */ #include "system.h" @@ -30,6 +30,8 @@ #include "utils.h" #include "xalloc.h" +bool tunnelserver = false; + /* Jumptable for the request handlers */ static bool (*request_handlers[])(connection_t *) = { diff --git a/src/protocol.h b/src/protocol.h index e85db5d1..8951cbcd 100644 --- a/src/protocol.h +++ b/src/protocol.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol.h,v 1.5.4.44 2003/07/30 21:52:41 guus Exp $ + $Id: protocol.h,v 1.5.4.45 2003/11/17 15:30:18 guus Exp $ */ #ifndef __TINC_PROTOCOL_H__ @@ -54,6 +54,8 @@ typedef struct past_request_t { time_t firstseen; } past_request_t; +extern bool tunnelserver; + /* Maximum size of strings in a request */ #define MAX_STRING_SIZE 2048 diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 920324fe..8aad5834 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.29 2003/11/10 22:31:53 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.30 2003/11/17 15:30:18 guus Exp $ */ #include "system.h" @@ -476,19 +476,6 @@ bool send_ack(connection_t *c) if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &choice) && choice) || myself->options & OPTION_TCPONLY) c->options |= OPTION_TCPONLY | OPTION_INDIRECT; - choice = false; - get_config_bool(lookup_config(config_tree, "Opaque"), &choice); - get_config_bool(lookup_config(c->config_tree, "Opaque"), &choice); - c->status.opaque = choice; - - if(c->status.opaque) - c->options |= OPTION_INDIRECT; - - choice = false; - get_config_bool(lookup_config(config_tree, "Strict"), &choice); - get_config_bool(lookup_config(c->config_tree, "Strict"), &choice); - c->status.strict = choice; - return send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options); } @@ -501,6 +488,15 @@ static void send_everything(connection_t *c) /* Send all known subnets and edges */ + if(tunnelserver) { + for(node = myself->subnet_tree->head; node; node = node->next) { + s = node->data; + send_add_subnet(c, s); + } + + return; + } + for(node = node_tree->head; node; node = node->next) { n = node->data; @@ -565,8 +561,7 @@ bool ack_h(connection_t *c) /* Send him everything we know */ - if(!c->status.opaque) - send_everything(c); + send_everything(c); /* Create an edge_t for this connection */ @@ -586,10 +581,10 @@ bool ack_h(connection_t *c) /* Notify everyone of the new edge */ - if(c->status.opaque) - send_add_edge(broadcast, c->edge); - else + if(tunnelserver) send_add_edge(c, c->edge); + else + send_add_edge(broadcast, c->edge); /* Run MST and SSSP algorithms */ diff --git a/src/protocol_edge.c b/src/protocol_edge.c index af0b2e72..9d8443c8 100644 --- a/src/protocol_edge.c +++ b/src/protocol_edge.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_edge.c,v 1.1.4.22 2003/11/10 22:31:53 guus Exp $ + $Id: protocol_edge.c,v 1.1.4.23 2003/11/17 15:30:18 guus Exp $ */ #include "system.h" @@ -110,7 +110,7 @@ bool add_edge_h(connection_t *c) node_add(to); } - if(c->status.opaque && from != myself && from != c->node && to != myself && to != c->node) + if(tunnelserver && from != myself && from != c->node && to != myself && to != c->node) return false; /* Convert addresses */ @@ -157,7 +157,7 @@ bool add_edge_h(connection_t *c) /* Tell the rest about the new edge */ - if(!c->status.opaque) + if(!tunnelserver) forward_request(c); /* Run MST before or after we tell the rest? */ @@ -225,7 +225,7 @@ bool del_edge_h(connection_t *c) return true; } - if(c->status.opaque && from != myself && from != c->node && to != myself && to != c->node) + if(tunnelserver && from != myself && from != c->node && to != myself && to != c->node) return false; /* Check if edge exists */ @@ -247,7 +247,7 @@ bool del_edge_h(connection_t *c) /* Tell the rest about the deleted edge */ - if(!c->status.opaque) + if(!tunnelserver) forward_request(c); /* Delete the edge */ @@ -263,7 +263,8 @@ bool del_edge_h(connection_t *c) if(!to->status.reachable) { e = lookup_edge(to, myself); if(e) { - send_del_edge(broadcast, e); + if(!tunnelserver) + send_del_edge(broadcast, e); edge_del(e); } } diff --git a/src/protocol_key.c b/src/protocol_key.c index f0c9bcc3..049fc1e8 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.23 2003/10/11 12:16:13 guus Exp $ + $Id: protocol_key.c,v 1.1.4.24 2003/11/17 15:30:18 guus Exp $ */ #include "system.h" @@ -80,7 +80,8 @@ bool key_changed_h(connection_t *c) /* Tell the others */ - forward_request(c); + if(!tunnelserver) + forward_request(c); return true; } @@ -130,6 +131,9 @@ bool req_key_h(connection_t *c) memset(from->late, 0, sizeof(from->late)); send_ans_key(c, myself, from); } else { + if(tunnelserver) + return false; + send_req_key(to->nexthop->connection, from, to); } @@ -189,6 +193,9 @@ bool ans_key_h(connection_t *c) /* Forward it if necessary */ if(to != myself) { + if(tunnelserver) + return false; + return send_request(to->nexthop->connection, "%s", c->buffer); } diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index cb33ba0a..e0297b99 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.16 2003/11/10 22:31:53 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.17 2003/11/17 15:30:18 guus Exp $ */ #include "system.h" @@ -94,7 +94,7 @@ bool add_subnet_h(connection_t *c) node_add(owner); } - if(c->status.opaque && owner != myself && owner != c->node) + if(tunnelserver && owner != myself && owner != c->node) return false; /* Check if we already know this subnet */ @@ -114,13 +114,35 @@ bool add_subnet_h(connection_t *c) return true; } + /* In tunnel server mode, check if the subnet matches one in the config file of this node */ + + if(tunnelserver) { + config_t *cfg; + subnet_t *allowed; + + for(cfg = lookup_config(c->config_tree, "Subnet"); cfg; cfg = lookup_config_next(c->config_tree, cfg)) { + if(!get_config_subnet(cfg, &allowed)) + return false; + + if(!subnet_compare(s, allowed)) + break; + + free_subnet(allowed); + } + + if(!cfg) + return false; + + free_subnet(allowed); + } + /* If everything is correct, add the subnet to the list of the owner */ subnet_add(owner, s); /* Tell the rest */ - if(!c->status.opaque) + if(!tunnelserver) forward_request(c); return true; @@ -175,7 +197,7 @@ bool del_subnet_h(connection_t *c) return true; } - if(c->status.opaque && owner != myself && owner != c->node) + if(tunnelserver && owner != myself && owner != c->node) return false; /* Check if subnet string is valid */ @@ -216,7 +238,7 @@ bool del_subnet_h(connection_t *c) /* Tell the rest */ - if(!c->status.opaque) + if(!tunnelserver) forward_request(c); /* Finally, delete it. */ diff --git a/src/subnet.c b/src/subnet.c index 5d88ca68..ae8d029e 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.50 2003/08/28 21:05:11 guus Exp $ + $Id: subnet.c,v 1.1.2.51 2003/11/17 15:30:18 guus Exp $ */ #include "system.h" @@ -83,7 +83,7 @@ static int subnet_compare_ipv6(const subnet_t *a, const subnet_t *b) return strcmp(a->owner->name, b->owner->name); } -static int subnet_compare(const subnet_t *a, const subnet_t *b) +int subnet_compare(const subnet_t *a, const subnet_t *b) { int result; diff --git a/src/subnet.h b/src/subnet.h index 0bf3b91c..c055edae 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.25 2003/10/06 14:33:04 guus Exp $ + $Id: subnet.h,v 1.1.2.26 2003/11/17 15:30:18 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -63,6 +63,7 @@ typedef struct subnet_t { } net; } subnet_t; +extern int subnet_compare(const struct subnet_t *, const struct subnet_t *); extern subnet_t *new_subnet(void) __attribute__ ((__malloc__)); extern void free_subnet(subnet_t *); extern void init_subnets(void); From 0b5e6cf04ec0c7e3c54c74a54a32b30e6e3c1f83 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Thu, 27 Nov 2003 23:24:59 +0000 Subject: [PATCH 897/923] Complain if pid file cannot be created. --- src/process.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/process.c b/src/process.c index a5abc936..4eb1cd84 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.76 2003/10/06 16:13:08 guus Exp $ + $Id: process.c,v 1.1.2.77 2003/11/27 23:24:59 guus Exp $ */ #include "system.h" @@ -257,8 +257,10 @@ static bool write_pidfile(void) } /* if it's locked, write-protected, or whatever */ - if(!write_pid(pidfilename)) + if(!write_pid(pidfilename)) { + fprintf(stderr, _("Could write pid file %s: %s\n"), pidfilename, strerror(errno)); return false; + } return true; } @@ -335,8 +337,10 @@ bool detach(void) /* Now UPDATE the pid in the pidfile, because we changed it... */ - if(!write_pid(pidfilename)) + if(!write_pid(pidfilename)) { + fprintf(stderr, _("Could not write pidfile %s: %s\n"), pidfilename, strerror(errno)); return false; + } #else if(!statushandle) exit(install_service()); From 25447b384173cc3c99660c784fd784c787917e80 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 7 Dec 2003 14:28:39 +0000 Subject: [PATCH 898/923] Read MaxTimeout from tinc.conf like the manpage says. --- src/net_setup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index 0d49ae91..2c07ec63 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.46 2003/11/17 15:30:17 guus Exp $ + $Id: net_setup.c,v 1.1.2.47 2003/12/07 14:28:39 guus Exp $ */ #include "system.h" @@ -318,7 +318,7 @@ bool setup_myself(void) if(!get_config_int(lookup_config(config_tree, "MACExpire"), &macexpire)) macexpire = 600; - if(get_config_int(lookup_config(myself->connection->config_tree, "MaxTimeout"), &maxtimeout)) { + if(get_config_int(lookup_config(config_tree, "MaxTimeout"), &maxtimeout)) { if(maxtimeout <= 0) { logger(LOG_ERR, _("Bogus maximum timeout!")); return false; From a3cd273751fdcef90a43108a5d2e669877b0bccb Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 7 Dec 2003 14:29:02 +0000 Subject: [PATCH 899/923] Missing space between words. --- src/process.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/process.c b/src/process.c index 4eb1cd84..b82e951f 100644 --- a/src/process.c +++ b/src/process.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: process.c,v 1.1.2.77 2003/11/27 23:24:59 guus Exp $ + $Id: process.c,v 1.1.2.78 2003/12/07 14:29:02 guus Exp $ */ #include "system.h" @@ -338,7 +338,7 @@ bool detach(void) /* Now UPDATE the pid in the pidfile, because we changed it... */ if(!write_pid(pidfilename)) { - fprintf(stderr, _("Could not write pidfile %s: %s\n"), pidfilename, strerror(errno)); + fprintf(stderr, _("Could not write pid file %s: %s\n"), pidfilename, strerror(errno)); return false; } #else @@ -431,13 +431,19 @@ bool execute_script(const char *name, char **envp) static RETSIGTYPE sigterm_handler(int a) { logger(LOG_NOTICE, _("Got %s signal"), "TERM"); - running = false; + if(running) + running = false; + else + exit(1); } static RETSIGTYPE sigquit_handler(int a) { logger(LOG_NOTICE, _("Got %s signal"), "QUIT"); - running = false; + if(running) + running = false; + else + exit(1); } static RETSIGTYPE fatal_signal_square(int a) From 331cef948db4b3cca245ab62cb0fafb5b1e5ebb3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sun, 7 Dec 2003 14:31:09 +0000 Subject: [PATCH 900/923] Don't retry if configuration is wrong from the beginning. --- src/tincd.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/src/tincd.c b/src/tincd.c index 1a5677f1..dd6b1e74 100644 --- a/src/tincd.c +++ b/src/tincd.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: tincd.c,v 1.10.4.89 2003/10/06 16:13:08 guus Exp $ + $Id: tincd.c,v 1.10.4.90 2003/12/07 14:31:09 guus Exp $ */ #include "system.h" @@ -483,17 +483,10 @@ int main2(int argc, char **argv) return 1; - /* Setup sockets and open device. If it doesn't work, don't give up but try again. */ + /* Setup sockets and open device. */ - while(!setup_network_connections()) { - if(do_detach) { - logger(LOG_NOTICE, _("Restarting in %d seconds!"), maxtimeout); - sleep(maxtimeout); - } else { - logger(LOG_ERR, _("Not restarting.")); - return 1; - } - } + if(!setup_network_connections()) + goto end; /* Start main loop. It only exits when tinc is killed. */ @@ -506,6 +499,7 @@ int main2(int argc, char **argv) ifdebug(CONNECTIONS) dump_device_stats(); +end: logger(LOG_NOTICE, _("Terminating")); #ifndef HAVE_MINGW From 354b7ab20e04736b368985a9e9dfd54ff5b7584e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 8 Dec 2003 12:00:40 +0000 Subject: [PATCH 901/923] Fix proxy-neighborsolicitation. --- src/route.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/route.c b/src/route.c index 9dc296ec..b586157d 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.68 2003/10/06 13:57:12 guus Exp $ + $Id: route.c,v 1.1.2.69 2003/12/08 12:00:40 guus Exp $ */ #include "system.h" @@ -438,6 +438,7 @@ static void route_neighborsol(vpn_packet_t *packet) checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0); checksum = inet_checksum(&ns, ns_size, checksum); checksum = inet_checksum(&opt, opt_size, checksum); + checksum = inet_checksum(packet->data + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum); if(checksum) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: checksum error for neighbor solicitation request")); @@ -472,10 +473,10 @@ static void route_neighborsol(vpn_packet_t *packet) memcpy(packet->data, packet->data + ETH_ALEN, ETH_ALEN); /* copy destination address */ packet->data[ETH_ALEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ - memcpy(&ip6.ip6_src, &ns.nd_ns_target, sizeof(ip6.ip6_src)); /* swap destination and source protocol address */ memcpy(&ip6.ip6_dst, &ip6.ip6_src, sizeof(ip6.ip6_dst)); /* ... */ + memcpy(&ip6.ip6_src, &ns.nd_ns_target, sizeof(ip6.ip6_src)); /* swap destination and source protocol address */ - memcpy(&opt + opt_size, packet->data + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */ + memcpy(packet->data + ether_size + ip6_size + ns_size + opt_size, packet->data + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */ ns.nd_ns_cksum = 0; ns.nd_ns_type = ND_NEIGHBOR_ADVERT; @@ -494,6 +495,7 @@ static void route_neighborsol(vpn_packet_t *packet) checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0); checksum = inet_checksum(&ns, ns_size, checksum); checksum = inet_checksum(&opt, opt_size, checksum); + checksum = inet_checksum(packet->data + ether_size + ip6_size + ns_size + opt_size, ETH_ALEN, checksum); ns.nd_ns_hdr.icmp6_cksum = checksum; From 5a1406adefd8b51981af0da5ac0ebec830eb43b4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Fri, 12 Dec 2003 19:52:25 +0000 Subject: [PATCH 902/923] Code beautification, start of multicast support. --- src/conf.c | 19 +- src/net.c | 6 +- src/net_packet.c | 15 +- src/net_socket.c | 5 +- src/protocol_subnet.c | 56 ++--- src/route.c | 488 ++++++++++++++++++++++++++---------------- src/route.h | 7 +- src/subnet.c | 37 ++-- src/subnet.h | 10 +- 9 files changed, 365 insertions(+), 278 deletions(-) diff --git a/src/conf.c b/src/conf.c index 57bee094..d0a2d2df 100644 --- a/src/conf.c +++ b/src/conf.c @@ -19,7 +19,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: conf.c,v 1.9.4.76 2003/08/28 21:05:10 guus Exp $ + $Id: conf.c,v 1.9.4.77 2003/12/12 19:52:24 guus Exp $ */ #include "system.h" @@ -214,16 +214,14 @@ bool get_config_address(const config_t *cfg, struct addrinfo **result) bool get_config_subnet(const config_t *cfg, subnet_t ** result) { - subnet_t *subnet; + subnet_t subnet = {0}; cp(); if(!cfg) return false; - subnet = str2net(cfg->value); - - if(!subnet) { + if(!str2net(&subnet, cfg->value)) { logger(LOG_ERR, _("Subnet expected for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); return false; @@ -231,17 +229,16 @@ bool get_config_subnet(const config_t *cfg, subnet_t ** result) /* Teach newbies what subnets are... */ - if(((subnet->type == SUBNET_IPV4) - && !maskcheck(&subnet->net.ipv4.address, subnet->net.ipv4.prefixlength, sizeof(ipv4_t))) - || ((subnet->type == SUBNET_IPV6) - && !maskcheck(&subnet->net.ipv6.address, subnet->net.ipv6.prefixlength, sizeof(ipv6_t)))) { + if(((subnet.type == SUBNET_IPV4) + && !maskcheck(&subnet.net.ipv4.address, subnet.net.ipv4.prefixlength, sizeof(ipv4_t))) + || ((subnet.type == SUBNET_IPV6) + && !maskcheck(&subnet.net.ipv6.address, subnet.net.ipv6.prefixlength, sizeof(ipv6_t)))) { logger(LOG_ERR, _ ("Network address and prefix length do not match for configuration variable %s in %s line %d"), cfg->variable, cfg->file, cfg->line); - free(subnet); return false; } - *result = subnet; + *(*result = new_subnet()) = subnet; return true; } diff --git a/src/net.c b/src/net.c index e0b5e6f4..16449768 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.201 2003/11/17 15:30:17 guus Exp $ + $Id: net.c,v 1.35.4.202 2003/12/12 19:52:24 guus Exp $ */ #include "system.h" @@ -270,7 +270,7 @@ static void check_network_activity(fd_set * f) if(FD_ISSET(device_fd, f)) { if(read_packet(&packet)) - route_outgoing(&packet); + route(myself, &packet); } for(node = connection_tree->head; node; node = node->next) { @@ -367,7 +367,7 @@ int main_loop(void) last_ping_check = now; if(routing_mode == RMODE_SWITCH) - age_mac(); + age_subnets(); age_past_requests(); diff --git a/src/net_packet.c b/src/net_packet.c index d64b6bf9..af34d059 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.43 2003/10/11 12:16:12 guus Exp $ + $Id: net_packet.c,v 1.1.2.44 2003/12/12 19:52:25 guus Exp $ */ #include "system.h" @@ -104,7 +104,7 @@ static void receive_packet(node_t *n, vpn_packet_t *packet) ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Received packet of %d bytes from %s (%s)"), packet->len, n->name, n->hostname); - route_incoming(n, packet); + route(n, packet); } static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) @@ -242,8 +242,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) /* Since packet is on the stack of handle_tap_input(), we have to make a copy of it first. */ - copy = xmalloc(sizeof(vpn_packet_t)); - memcpy(copy, inpkt, sizeof(vpn_packet_t)); + *(copy = xmalloc(sizeof(*copy))) = *inpkt; list_insert_tail(n->queue, copy); @@ -344,14 +343,14 @@ void send_packet(const node_t *n, vpn_packet_t *packet) cp(); - ifdebug(TRAFFIC) logger(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), - packet->len, n->name, n->hostname); - if(n == myself) { - ifdebug(TRAFFIC) logger(LOG_NOTICE, _("Packet is looping back to us!")); + write_packet(packet); return; } + ifdebug(TRAFFIC) logger(LOG_ERR, _("Sending packet of %d bytes to %s (%s)"), + packet->len, n->name, n->hostname); + if(!n->status.reachable) { ifdebug(TRAFFIC) logger(LOG_INFO, _("Node %s (%s) is not reachable"), n->name, n->hostname); diff --git a/src/net_socket.c b/src/net_socket.c index 10f2ca01..4e4a0080 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.34 2003/10/06 14:41:45 guus Exp $ + $Id: net_socket.c,v 1.1.2.35 2003/12/12 19:52:25 guus Exp $ */ #include "system.h" @@ -255,8 +255,7 @@ begin: goto begin; } - memcpy(&c->address, c->outgoing->aip->ai_addr, - c->outgoing->aip->ai_addrlen); + memcpy(&c->address, c->outgoing->aip->ai_addr, c->outgoing->aip->ai_addrlen); c->outgoing->aip = c->outgoing->aip->ai_next; if(c->hostname) diff --git a/src/protocol_subnet.c b/src/protocol_subnet.c index e0297b99..76cdd49a 100644 --- a/src/protocol_subnet.c +++ b/src/protocol_subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_subnet.c,v 1.1.4.17 2003/11/17 15:30:18 guus Exp $ + $Id: protocol_subnet.c,v 1.1.4.18 2003/12/12 19:52:25 guus Exp $ */ #include "system.h" @@ -35,17 +35,14 @@ bool send_add_subnet(connection_t *c, const subnet_t *subnet) { - bool x; - char *netstr; + char netstr[MAXNETSTR]; cp(); - x = send_request(c, "%d %lx %s %s", ADD_SUBNET, random(), - subnet->owner->name, netstr = net2str(subnet)); + if(!net2str(netstr, sizeof netstr, subnet)) + return false; - free(netstr); - - return x; + return send_request(c, "%d %lx %s %s", ADD_SUBNET, random(), subnet->owner->name, netstr); } bool add_subnet_h(connection_t *c) @@ -53,7 +50,7 @@ bool add_subnet_h(connection_t *c) char subnetstr[MAX_STRING_SIZE]; char name[MAX_STRING_SIZE]; node_t *owner; - subnet_t *s; + subnet_t s = {0}, *new; cp(); @@ -73,9 +70,7 @@ bool add_subnet_h(connection_t *c) /* Check if subnet string is valid */ - s = str2net(subnetstr); - - if(!s) { + if(!str2net(&s, subnetstr)) { logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "ADD_SUBNET", c->name, c->hostname, _("invalid subnet string")); return false; @@ -99,18 +94,16 @@ bool add_subnet_h(connection_t *c) /* Check if we already know this subnet */ - if(lookup_subnet(owner, s)) { - free_subnet(s); + if(lookup_subnet(owner, &s)) return true; - } /* If we don't know this subnet, but we are the owner, retaliate with a DEL_SUBNET */ if(owner == myself) { ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for ourself"), "ADD_SUBNET", c->name, c->hostname); - s->owner = myself; - send_del_subnet(c, s); + s.owner = myself; + send_del_subnet(c, &s); return true; } @@ -124,7 +117,7 @@ bool add_subnet_h(connection_t *c) if(!get_config_subnet(cfg, &allowed)) return false; - if(!subnet_compare(s, allowed)) + if(!subnet_compare(&s, allowed)) break; free_subnet(allowed); @@ -138,7 +131,8 @@ bool add_subnet_h(connection_t *c) /* If everything is correct, add the subnet to the list of the owner */ - subnet_add(owner, s); + *(new = new_subnet()) = s; + subnet_add(owner, new); /* Tell the rest */ @@ -150,18 +144,14 @@ bool add_subnet_h(connection_t *c) bool send_del_subnet(connection_t *c, const subnet_t *s) { - bool x; - char *netstr; + char netstr[MAXNETSTR]; cp(); - netstr = net2str(s); + if(!net2str(netstr, sizeof netstr, s)) + return false; - x = send_request(c, "%d %lx %s %s", DEL_SUBNET, random(), s->owner->name, netstr); - - free(netstr); - - return x; + return send_request(c, "%d %lx %s %s", DEL_SUBNET, random(), s->owner->name, netstr); } bool del_subnet_h(connection_t *c) @@ -169,7 +159,7 @@ bool del_subnet_h(connection_t *c) char subnetstr[MAX_STRING_SIZE]; char name[MAX_STRING_SIZE]; node_t *owner; - subnet_t *s, *find; + subnet_t s = {0}, *find; cp(); @@ -202,9 +192,7 @@ bool del_subnet_h(connection_t *c) /* Check if subnet string is valid */ - s = str2net(subnetstr); - - if(!s) { + if(!str2net(&s, subnetstr)) { logger(LOG_ERR, _("Got bad %s from %s (%s): %s"), "DEL_SUBNET", c->name, c->hostname, _("invalid subnet string")); return false; @@ -215,11 +203,9 @@ bool del_subnet_h(connection_t *c) /* If everything is correct, delete the subnet from the list of the owner */ - s->owner = owner; + s.owner = owner; - find = lookup_subnet(owner, s); - - free_subnet(s); + find = lookup_subnet(owner, &s); if(!find) { ifdebug(PROTOCOL) logger(LOG_WARNING, _("Got %s from %s (%s) for %s which does not appear in his subnet tree"), diff --git a/src/route.c b/src/route.c index b586157d..6d391cdf 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.69 2003/12/08 12:00:40 guus Exp $ + $Id: route.c,v 1.1.2.70 2003/12/12 19:52:25 guus Exp $ */ #include "system.h" @@ -40,7 +40,6 @@ #include "avl_tree.h" #include "connection.h" -#include "device.h" #include "ethernet.h" #include "ipv4.h" #include "ipv6.h" @@ -54,6 +53,7 @@ rmode_t routing_mode = RMODE_ROUTER; bool priorityinheritance = false; int macexpire = 600; +int multicastexpire = 375; bool overwrite_mac = false; mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}}; @@ -81,7 +81,7 @@ static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) } if(len) - checksum += *(unsigned char *)p; + checksum += *(uint8_t *)p; while(checksum >> 16) checksum = (checksum & 0xFFFF) + (checksum >> 16); @@ -103,6 +103,14 @@ static bool ratelimit(int frequency) { return false; } + +static bool checklength(node_t *source, vpn_packet_t *packet, length_t length) { + if(packet->len < length) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Got too short packet from %s (%s)"), source->name, source->hostname); + return false; + } else + return true; +} static void learn_mac(mac_t *address) { @@ -116,14 +124,15 @@ static void learn_mac(mac_t *address) /* If we don't know this MAC address yet, store it */ - if(!subnet || subnet->owner != myself) { + if(!subnet) { ifdebug(TRAFFIC) logger(LOG_INFO, _("Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx"), address->x[0], address->x[1], address->x[2], address->x[3], address->x[4], address->x[5]); subnet = new_subnet(); subnet->type = SUBNET_MAC; - memcpy(&subnet->net.mac.address, address, sizeof(mac_t)); + subnet->expires = now + macexpire; + subnet->net.mac.address = *address; subnet_add(myself, subnet); /* And tell all other tinc daemons it's our MAC */ @@ -135,10 +144,11 @@ static void learn_mac(mac_t *address) } } - subnet->net.mac.lastseen = now; + if(subnet->expires) + subnet->expires = now + macexpire; } -void age_mac(void) +void age_subnets(void) { subnet_t *s; connection_t *c; @@ -149,11 +159,12 @@ void age_mac(void) for(node = myself->subnet_tree->head; node; node = next) { next = node->next; s = node->data; - if(s->type == SUBNET_MAC && s->net.mac.lastseen && s->net.mac.lastseen + macexpire < now) { - ifdebug(TRAFFIC) logger(LOG_INFO, _("MAC address %hx:%hx:%hx:%hx:%hx:%hx expired"), - s->net.mac.address.x[0], s->net.mac.address.x[1], - s->net.mac.address.x[2], s->net.mac.address.x[3], - s->net.mac.address.x[4], s->net.mac.address.x[5]); + if(s->expires && s->expires < now) { + ifdebug(TRAFFIC) { + char netstr[MAXNETSTR]; + if(net2str(netstr, sizeof netstr, s)) + logger(LOG_INFO, _("Subnet %s expired"), netstr); + } for(node2 = connection_tree->head; node2; node2 = node2->next) { c = node2->data; @@ -166,7 +177,7 @@ void age_mac(void) } } -static node_t *route_mac(vpn_packet_t *packet) +static void route_mac(node_t *source, vpn_packet_t *packet) { subnet_t *subnet; @@ -174,24 +185,32 @@ static node_t *route_mac(vpn_packet_t *packet) /* Learn source address */ - learn_mac((mac_t *)(&packet->data[6])); + if(source == myself) + learn_mac((mac_t *)(&packet->data[6])); /* Lookup destination address */ subnet = lookup_subnet_mac((mac_t *)(&packet->data[0])); - if(subnet) - return subnet->owner; - else - return NULL; + if(!subnet) { + broadcast_packet(source, packet); + return; + } + + if(subnet->owner == source) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Packet looping back to %s (%s)!"), source->name, source->hostname); + return; + } + + send_packet(subnet->owner, packet); } /* RFC 792 */ -static void route_ipv4_unreachable(vpn_packet_t *packet, uint8_t code) +static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t code) { - struct ip ip; - struct icmp icmp; + struct ip ip = {0}; + struct icmp icmp = {0}; struct in_addr ip_src; struct in_addr ip_dst; @@ -205,15 +224,14 @@ static void route_ipv4_unreachable(vpn_packet_t *packet, uint8_t code) /* Copy headers from packet into properly aligned structs on the stack */ memcpy(&ip, packet->data + ether_size, ip_size); - memcpy(&icmp, packet->data + ether_size + ip_size, icmp_size); /* Remember original source and destination */ - - memcpy(&ip_src, &ip.ip_src, sizeof(ip_src)); - memcpy(&ip_dst, &ip.ip_dst, sizeof(ip_dst)); + + ip_src = ip.ip_src; + ip_dst = ip.ip_dst; oldlen = packet->len - ether_size; - + if(oldlen >= IP_MSS - ip_size - icmp_size) oldlen = IP_MSS - ip_size - icmp_size; @@ -232,8 +250,8 @@ static void route_ipv4_unreachable(vpn_packet_t *packet, uint8_t code) ip.ip_ttl = 255; ip.ip_p = IPPROTO_ICMP; ip.ip_sum = 0; - memcpy(&ip.ip_src, &ip_dst, sizeof(ip_src)); - memcpy(&ip.ip_dst, &ip_src, sizeof(ip_dst)); + ip.ip_src = ip_dst; + ip.ip_dst = ip_src; ip.ip_sum = inet_checksum(&ip, ip_size, ~0); @@ -253,41 +271,66 @@ static void route_ipv4_unreachable(vpn_packet_t *packet, uint8_t code) packet->len = ether_size + ip_size + icmp_size + oldlen; - write_packet(packet); + send_packet(source, packet); } -static node_t *route_ipv4(vpn_packet_t *packet) +static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) { subnet_t *subnet; cp(); - if(priorityinheritance) - packet->priority = packet->data[15]; - subnet = lookup_subnet_ipv4((ipv4_t *) &packet->data[30]); if(!subnet) { - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d"), - packet->data[30], packet->data[31], packet->data[32], - packet->data[33]); + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet from %s (%s): unknown IPv4 destination address %d.%d.%d.%d"), + source->name, source->hostname, + packet->data[30], + packet->data[31], + packet->data[32], + packet->data[33]); - route_ipv4_unreachable(packet, ICMP_NET_UNKNOWN); - return NULL; + route_ipv4_unreachable(source, packet, ICMP_NET_UNKNOWN); + return; } - if(!subnet->owner->status.reachable) - route_ipv4_unreachable(packet, ICMP_NET_UNREACH); + if(subnet->owner == source) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Packet looping back to %s (%s)!"), source->name, source->hostname); + return; + } - return subnet->owner; + if(!subnet->owner->status.reachable) + route_ipv4_unreachable(source, packet, ICMP_NET_UNREACH); + + if(priorityinheritance) + packet->priority = packet->data[15]; + + send_packet(subnet->owner, packet); +} + +static void route_ipv4(node_t *source, vpn_packet_t *packet) +{ + cp(); + + if(!checklength(source, packet, ether_size + ip_size)) + return; + +#if 0 + if(packet->data[30] & 0xf0 == 0xe0) { + route_ipv4_multicast(source, packet); + return; + } +#endif + + route_ipv4_unicast(source, packet); } /* RFC 2463 */ -static void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) +static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t code) { struct ip6_hdr ip6; - struct icmp6_hdr icmp6; + struct icmp6_hdr icmp6 = {0}; uint16_t checksum; struct { @@ -305,14 +348,13 @@ static void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) /* Copy headers from packet to structs on the stack */ memcpy(&ip6, packet->data + ether_size, ip6_size); - memcpy(&icmp6, packet->data + ether_size + ip6_size, icmp6_size); /* Remember original source and destination */ - - memcpy(&pseudo.ip6_src, &ip6.ip6_dst, sizeof(ip6.ip6_src)); - memcpy(&pseudo.ip6_dst, &ip6.ip6_src, sizeof(ip6.ip6_dst)); + + pseudo.ip6_src = ip6.ip6_dst; + pseudo.ip6_dst = ip6.ip6_src; - pseudo.length = ntohs(ip6.ip6_plen) + ip6_size; + pseudo.length = packet->len - ether_size; if(pseudo.length >= IP_MSS - ip6_size - icmp6_size) pseudo.length = IP_MSS - ip6_size - icmp6_size; @@ -327,8 +369,8 @@ static void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) ip6.ip6_plen = htons(icmp6_size + pseudo.length); ip6.ip6_nxt = IPPROTO_ICMPV6; ip6.ip6_hlim = 255; - memcpy(&ip6.ip6_src, &pseudo.ip6_src, sizeof(ip6.ip6_src)); - memcpy(&ip6.ip6_dst, &pseudo.ip6_dst, sizeof(ip6.ip6_dst)); + ip6.ip6_src = pseudo.ip6_src; + ip6.ip6_dst = pseudo.ip6_dst; /* Fill in ICMP header */ @@ -356,10 +398,10 @@ static void route_ipv6_unreachable(vpn_packet_t *packet, uint8_t code) packet->len = ether_size + ip6_size + ntohl(pseudo.length); - write_packet(packet); + send_packet(source, packet); } -static node_t *route_ipv6(vpn_packet_t *packet) +static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) { subnet_t *subnet; @@ -368,29 +410,62 @@ static node_t *route_ipv6(vpn_packet_t *packet) subnet = lookup_subnet_ipv6((ipv6_t *) &packet->data[38]); if(!subnet) { - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), - ntohs(*(uint16_t *) &packet->data[38]), - ntohs(*(uint16_t *) &packet->data[40]), - ntohs(*(uint16_t *) &packet->data[42]), - ntohs(*(uint16_t *) &packet->data[44]), - ntohs(*(uint16_t *) &packet->data[46]), - ntohs(*(uint16_t *) &packet->data[48]), - ntohs(*(uint16_t *) &packet->data[50]), - ntohs(*(uint16_t *) &packet->data[52])); - route_ipv6_unreachable(packet, ICMP6_DST_UNREACH_ADDR); + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet from %s (%s): unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), + source->name, source->hostname, + ntohs(*(uint16_t *) &packet->data[38]), + ntohs(*(uint16_t *) &packet->data[40]), + ntohs(*(uint16_t *) &packet->data[42]), + ntohs(*(uint16_t *) &packet->data[44]), + ntohs(*(uint16_t *) &packet->data[46]), + ntohs(*(uint16_t *) &packet->data[48]), + ntohs(*(uint16_t *) &packet->data[50]), + ntohs(*(uint16_t *) &packet->data[52])); - return NULL; + route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH_ADDR); + return; + } + + if(subnet->owner == source) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Packet looping back to %s (%s)!"), source->name, source->hostname); + return; } if(!subnet->owner->status.reachable) - route_ipv6_unreachable(packet, ICMP6_DST_UNREACH_NOROUTE); + route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH_NOROUTE); - return subnet->owner; + send_packet(subnet->owner, packet); } +#ifdef ENABLE_MULTICAST +static void route_ipv6_multicast(node_t *source, vpn_packet_t *packet) +{ + avl_node_t *node; + subnet_t *subnet, search = {0}; + + cp(); + + search.type = SUBNET_IPV6; + search.net.ipv6.address = *(ipv6_t *)(packet->data + ether_size + ip6_size + icmp6_size); + search.net.ipv6.prefixlength = 128; + search.owner = NULL; + + ifdebug(TRAFFIC) logger(LOG_INFO, _("Multicasting packet of %d bytes from %s (%s)"), packet->len, source->name, source->hostname); + + for(node = avl_search_closest_smaller_node(myself->subnet_tree, &search); node; node = node->next) { + subnet = node->data; + + if(subnet->type != SUBNET_IPV6 || memcmp(&subnet->net.ipv6.address, packet->data + ether_size + ip6_size + icmp6_size, sizeof(ipv6_t))) + break; + + if(subnet->owner != source) + send_packet(subnet->owner, packet); + } +} +#endif + /* RFC 2461 */ -static void route_neighborsol(vpn_packet_t *packet) +static void route_neighborsol(node_t *source, vpn_packet_t *packet) { struct ip6_hdr ip6; struct nd_neighbor_solicit ns; @@ -407,6 +482,14 @@ static void route_neighborsol(vpn_packet_t *packet) cp(); + if(!checklength(source, packet, ether_size + ip6_size + ns_size + opt_size + ETH_ALEN)) + return; + + if(source != myself) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Got neighbor solicitation request from %s (%s) while in router mode!"), source->name, source->hostname); + return; + } + /* Copy headers from packet to structs on the stack */ memcpy(&ip6, packet->data + ether_size, ip6_size); @@ -428,8 +511,8 @@ static void route_neighborsol(vpn_packet_t *packet) /* Create pseudo header */ - memcpy(&pseudo.ip6_src, &ip6.ip6_src, sizeof(ip6.ip6_src)); - memcpy(&pseudo.ip6_dst, &ip6.ip6_dst, sizeof(ip6.ip6_dst)); + pseudo.ip6_src = ip6.ip6_src; + pseudo.ip6_dst = ip6.ip6_dst; pseudo.length = htonl(ns_size + opt_size + ETH_ALEN); pseudo.next = htonl(IPPROTO_ICMPV6); @@ -473,8 +556,8 @@ static void route_neighborsol(vpn_packet_t *packet) memcpy(packet->data, packet->data + ETH_ALEN, ETH_ALEN); /* copy destination address */ packet->data[ETH_ALEN * 2 - 1] ^= 0xFF; /* mangle source address so it looks like it's not from us */ - memcpy(&ip6.ip6_dst, &ip6.ip6_src, sizeof(ip6.ip6_dst)); /* ... */ - memcpy(&ip6.ip6_src, &ns.nd_ns_target, sizeof(ip6.ip6_src)); /* swap destination and source protocol address */ + ip6.ip6_dst = ip6.ip6_src; /* swap destination and source protocoll address */ + ip6.ip6_src = ns.nd_ns_target; memcpy(packet->data + ether_size + ip6_size + ns_size + opt_size, packet->data + ETH_ALEN, ETH_ALEN); /* add fake source hard addr */ @@ -485,8 +568,8 @@ static void route_neighborsol(vpn_packet_t *packet) /* Create pseudo header */ - memcpy(&pseudo.ip6_src, &ip6.ip6_src, sizeof(ip6.ip6_src)); - memcpy(&pseudo.ip6_dst, &ip6.ip6_dst, sizeof(ip6.ip6_dst)); + pseudo.ip6_src = ip6.ip6_src; + pseudo.ip6_dst = ip6.ip6_dst; pseudo.length = htonl(ns_size + opt_size + ETH_ALEN); pseudo.next = htonl(IPPROTO_ICMPV6); @@ -505,12 +588,135 @@ static void route_neighborsol(vpn_packet_t *packet) memcpy(packet->data + ether_size + ip6_size, &ns, ns_size); memcpy(packet->data + ether_size + ip6_size + ns_size, &opt, opt_size); - write_packet(packet); + send_packet(source, packet); +} + +/* RFC 2710 */ + +#ifdef ENABLE_MULTICAST +static void route_membershipreport(node_t *source, vpn_packet_t *packet) +{ + struct ip6_hdr ip6; + struct icmp6_hdr icmp6; + subnet_t *subnet, search = {0}; + uint16_t checksum; + + struct { + struct in6_addr ip6_src; /* source address */ + struct in6_addr ip6_dst; /* destination address */ + uint32_t length; + uint32_t next; + } pseudo; + + cp(); + + if(!checklength(source, packet, ether_size + ip6_size + icmp6_size + sizeof(ipv6_t))) + return; + + if(source != myself) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Got membership report from %s (%s) while in router mode!"), source->name, source->hostname); + return; + } + + /* Copy headers from packet to structs on the stack */ + + memcpy(&ip6, packet->data + ether_size, ip6_size); + memcpy(&icmp6, packet->data + ether_size + ip6_size + 8, icmp6_size); + + /* Create pseudo header */ + + pseudo.ip6_src = ip6.ip6_src; + pseudo.ip6_dst = ip6.ip6_dst; + pseudo.length = htonl(icmp6_size + sizeof(ipv6_t)); + pseudo.next = htonl(IPPROTO_ICMPV6); + + /* Generate checksum */ + + checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0); + checksum = inet_checksum(&icmp6, icmp6_size, checksum); + checksum = inet_checksum(packet->data + ether_size + ip6_size + 8 + icmp6_size, sizeof(ipv6_t), checksum); + + if(checksum) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: checksum error for membership report")); + return; + } + + /* Check if the IPv6 address exists on the VPN */ + + search.type = SUBNET_IPV6; + search.net.ipv6.address = *(ipv6_t *)(packet->data + ether_size + ip6_size + 8 + icmp6_size); + search.net.ipv6.prefixlength = 128; + search.owner = myself; + + subnet = avl_search(myself->subnet_tree, &search); + + if(!subnet) { + avl_node_t *node; + connection_t *c; + + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Learned new IPv6 multicast address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), + ntohs(*(uint16_t *) &packet->data[70]), + ntohs(*(uint16_t *) &packet->data[72]), + ntohs(*(uint16_t *) &packet->data[74]), + ntohs(*(uint16_t *) &packet->data[76]), + ntohs(*(uint16_t *) &packet->data[78]), + ntohs(*(uint16_t *) &packet->data[80]), + ntohs(*(uint16_t *) &packet->data[82]), + ntohs(*(uint16_t *) &packet->data[84])); + + subnet = new_subnet(); + subnet->type = SUBNET_IPV6; + subnet->net.ipv6.address = *(ipv6_t *)(packet->data + ether_size + ip6_size + 8 + icmp6_size); + subnet->net.ipv6.prefixlength = 128; + subnet->expires = now + multicastexpire; + subnet_add(myself, subnet); + + /* And tell all other tinc daemons it's ours */ + + for(node = connection_tree->head; node; node = node->next) { + c = node->data; + if(c->status.active) + send_add_subnet(c, subnet); + } + } + + if(subnet->expires) + subnet->expires = now + multicastexpire; +} +#endif + +static void route_ipv6(node_t *source, vpn_packet_t *packet) +{ + cp(); + + if(!checklength(source, packet, ether_size + ip6_size)) + return; + + if(packet->data[20] == IPPROTO_ICMPV6 && checklength(source, packet, ether_size + ip6_size + icmp6_size) && packet->data[54] == ND_NEIGHBOR_SOLICIT) { + route_neighborsol(source, packet); + return; + } + +#ifdef ENABLE_MULTICAST + if(packet->data[20] == IPPROTO_HOPOPTS && checklength(source, packet, ether_size + ip6_size + 8) + && packet->data[54] == IPPROTO_ICMPV6 && checklength(source, packet, ether_size + ip6_size + 8 + icmp6_size) + && packet->data[62] == ICMP6_MEMBERSHIP_REPORT) { + route_membershipreport(source, packet); + return; + } + + if(packet->data[38] == 0xff && packet->data[39] & 0x0c) { + route_ipv6_multicast(source, packet); + return; + } +#endif + + route_ipv6_unicast(source, packet); } /* RFC 826 */ -static void route_arp(vpn_packet_t *packet) +static void route_arp(node_t *source, vpn_packet_t *packet) { struct ether_arp arp; subnet_t *subnet; @@ -518,6 +724,14 @@ static void route_arp(vpn_packet_t *packet) cp(); + if(!checklength(source, packet, ether_size + arp_size)) + return; + + if(source != myself) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Got ARP request from %s (%s) while in router mode!"), source->name, source->hostname); + return; + } + /* First, snatch the source address from the ARP packet */ if(overwrite_mac) @@ -566,150 +780,48 @@ static void route_arp(vpn_packet_t *packet) memcpy(packet->data + ether_size, &arp, arp_size); - write_packet(packet); + send_packet(source, packet); } -void route_outgoing(vpn_packet_t *packet) +void route(node_t *source, vpn_packet_t *packet) { - uint16_t type; - node_t *n = NULL; - cp(); - if(packet->len < ether_size) { - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); + if(!checklength(source, packet, ether_size)) return; - } - - /* FIXME: multicast? */ - - switch (routing_mode) { - case RMODE_ROUTER: - type = ntohs(*((uint16_t *)(&packet->data[12]))); - switch (type) { - case ETH_P_IP: - if(packet->len < ether_size + ip_size) { - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); - return; - } - - n = route_ipv4(packet); - break; - - case ETH_P_IPV6: - if(packet->len < ether_size + ip6_size) { - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); - return; - } - - if(packet->data[20] == IPPROTO_ICMPV6 && packet->len >= ether_size + ip6_size + ns_size && packet->data[54] == ND_NEIGHBOR_SOLICIT) { - route_neighborsol(packet); - return; - } - n = route_ipv6(packet); - break; - - case ETH_P_ARP: - if(packet->len < ether_size + arp_size) { - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); - return; - } - - route_arp(packet); - return; - - default: - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: unknown type %hx"), type); - return; - } - if(n) - send_packet(n, packet); - break; - - case RMODE_SWITCH: - n = route_mac(packet); - if(n) - send_packet(n, packet); - else - broadcast_packet(myself, packet); - break; - - case RMODE_HUB: - broadcast_packet(myself, packet); - break; - } -} - -void route_incoming(node_t *source, vpn_packet_t *packet) -{ - if(packet->len < ether_size) { - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); - return; - } switch (routing_mode) { case RMODE_ROUTER: { - node_t *n = NULL; uint16_t type; type = ntohs(*((uint16_t *)(&packet->data[12]))); switch (type) { - case ETH_P_IP: - if(packet->len < ether_size + ip_size) { - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); - return; - } + case ETH_P_ARP: + route_arp(source, packet); + break; - n = route_ipv4(packet); + case ETH_P_IP: + route_ipv4(source, packet); break; case ETH_P_IPV6: - if(packet->len < ether_size + ip6_size) { - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Read too short packet")); - return; - } - - n = route_ipv6(packet); + route_ipv6(source, packet); break; default: - n = myself; + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet from %s (%s): unknown type %hx"), source->name, source->hostname, type); break; } - - if(n) { - if(n == myself) { - if(overwrite_mac) - memcpy(packet->data, mymac.x, ETH_ALEN); - write_packet(packet); - } else - send_packet(n, packet); - } } break; case RMODE_SWITCH: - { - subnet_t *subnet; - - subnet = lookup_subnet_mac((mac_t *)(&packet->data[0])); - - if(subnet) { - if(subnet->owner == myself) - write_packet(packet); - else - send_packet(subnet->owner, packet); - } else { - broadcast_packet(source, packet); - write_packet(packet); - } - } + route_mac(source, packet); break; case RMODE_HUB: - broadcast_packet(source, packet); /* Spread it on */ - write_packet(packet); + broadcast_packet(source, packet); break; } } diff --git a/src/route.h b/src/route.h index 6d1c034d..a26411aa 100644 --- a/src/route.h +++ b/src/route.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.h,v 1.1.2.13 2003/07/22 20:55:20 guus Exp $ + $Id: route.h,v 1.1.2.14 2003/12/12 19:52:25 guus Exp $ */ #ifndef __TINC_ROUTE_H__ @@ -39,8 +39,7 @@ extern int macexpire; extern mac_t mymac; -extern void age_mac(void); -extern void route_incoming(struct node_t *, struct vpn_packet_t *); -extern void route_outgoing(struct vpn_packet_t *); +extern void age_subnets(void); +extern void route(struct node_t *, struct vpn_packet_t *); #endif /* __TINC_ROUTE_H__ */ diff --git a/src/subnet.c b/src/subnet.c index ae8d029e..d5eca583 100644 --- a/src/subnet.c +++ b/src/subnet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.c,v 1.1.2.51 2003/11/17 15:30:18 guus Exp $ + $Id: subnet.c,v 1.1.2.52 2003/12/12 19:52:25 guus Exp $ */ #include "system.h" @@ -177,16 +177,13 @@ void subnet_del(node_t *n, subnet_t *subnet) /* Ascii representation of subnets */ -subnet_t *str2net(const char *subnetstr) +bool str2net(subnet_t *subnet, const char *subnetstr) { int i, l; - subnet_t *subnet; uint16_t x[8]; cp(); - subnet = new_subnet(); - if(sscanf(subnetstr, "%hu.%hu.%hu.%hu/%d", &x[0], &x[1], &x[2], &x[3], &l) == 5) { subnet->type = SUBNET_IPV4; @@ -195,7 +192,7 @@ subnet_t *str2net(const char *subnetstr) for(i = 0; i < 4; i++) subnet->net.ipv4.address.x[i] = x[i]; - return subnet; + return true; } if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", @@ -207,7 +204,7 @@ subnet_t *str2net(const char *subnetstr) for(i = 0; i < 8; i++) subnet->net.ipv6.address.x[i] = htons(x[i]); - return subnet; + return true; } if(sscanf(subnetstr, "%hu.%hu.%hu.%hu", &x[0], &x[1], &x[2], &x[3]) == 4) { @@ -217,7 +214,7 @@ subnet_t *str2net(const char *subnetstr) for(i = 0; i < 4; i++) subnet->net.ipv4.address.x[i] = x[i]; - return subnet; + return true; } if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx", @@ -228,7 +225,7 @@ subnet_t *str2net(const char *subnetstr) for(i = 0; i < 8; i++) subnet->net.ipv6.address.x[i] = htons(x[i]); - return subnet; + return true; } if(sscanf(subnetstr, "%hx:%hx:%hx:%hx:%hx:%hx", @@ -238,23 +235,19 @@ subnet_t *str2net(const char *subnetstr) for(i = 0; i < 6; i++) subnet->net.mac.address.x[i] = x[i]; - return subnet; + return true; } - free(subnet); - - return NULL; + return false; } -char *net2str(const subnet_t *subnet) +bool net2str(char *netstr, int len, const subnet_t *subnet) { - char *netstr; - cp(); switch (subnet->type) { case SUBNET_MAC: - asprintf(&netstr, "%hx:%hx:%hx:%hx:%hx:%hx", + snprintf(netstr, len, "%hx:%hx:%hx:%hx:%hx:%hx", subnet->net.mac.address.x[0], subnet->net.mac.address.x[1], subnet->net.mac.address.x[2], @@ -263,7 +256,7 @@ char *net2str(const subnet_t *subnet) break; case SUBNET_IPV4: - asprintf(&netstr, "%hu.%hu.%hu.%hu/%d", + snprintf(netstr, len, "%hu.%hu.%hu.%hu/%d", subnet->net.ipv4.address.x[0], subnet->net.ipv4.address.x[1], subnet->net.ipv4.address.x[2], @@ -271,7 +264,7 @@ char *net2str(const subnet_t *subnet) break; case SUBNET_IPV6: - asprintf(&netstr, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", + snprintf(netstr, len, "%hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx/%d", ntohs(subnet->net.ipv6.address.x[0]), ntohs(subnet->net.ipv6.address.x[1]), ntohs(subnet->net.ipv6.address.x[2]), @@ -394,7 +387,7 @@ subnet_t *lookup_subnet_ipv6(const ipv6_t *address) void dump_subnets(void) { - char *netstr; + char netstr[MAXNETSTR]; subnet_t *subnet; avl_node_t *node; @@ -404,9 +397,9 @@ void dump_subnets(void) for(node = subnet_tree->head; node; node = node->next) { subnet = node->data; - netstr = net2str(subnet); + if(!net2str(netstr, sizeof netstr, subnet)) + continue; logger(LOG_DEBUG, _(" %s owner %s"), netstr, subnet->owner->name); - free(netstr); } logger(LOG_DEBUG, _("End of subnet list.")); diff --git a/src/subnet.h b/src/subnet.h index c055edae..d82bfa3e 100644 --- a/src/subnet.h +++ b/src/subnet.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: subnet.h,v 1.1.2.26 2003/11/17 15:30:18 guus Exp $ + $Id: subnet.h,v 1.1.2.27 2003/12/12 19:52:25 guus Exp $ */ #ifndef __TINC_SUBNET_H__ @@ -34,7 +34,6 @@ typedef enum subnet_type_t { typedef struct subnet_mac_t { mac_t address; - time_t lastseen; } subnet_mac_t; typedef struct subnet_ipv4_t { @@ -53,6 +52,7 @@ typedef struct subnet_t { struct node_t *owner; /* the owner of this subnet */ subnet_type_t type; /* subnet type (IPv4? IPv6? MAC? something even weirder?) */ + time_t expires; /* expiry time */ /* And now for the actual subnet: */ @@ -63,6 +63,8 @@ typedef struct subnet_t { } net; } subnet_t; +#define MAXNETSTR 64 + extern int subnet_compare(const struct subnet_t *, const struct subnet_t *); extern subnet_t *new_subnet(void) __attribute__ ((__malloc__)); extern void free_subnet(subnet_t *); @@ -72,8 +74,8 @@ extern avl_tree_t *new_subnet_tree(void) __attribute__ ((__malloc__)); extern void free_subnet_tree(avl_tree_t *); extern void subnet_add(struct node_t *, subnet_t *); extern void subnet_del(struct node_t *, subnet_t *); -extern char *net2str(const subnet_t *); -extern subnet_t *str2net(const char *); +extern bool net2str(char *, int, const subnet_t *); +extern bool str2net(subnet_t *, const char *); extern subnet_t *lookup_subnet(const struct node_t *, const subnet_t *); extern subnet_t *lookup_subnet_mac(const mac_t *); extern subnet_t *lookup_subnet_ipv4(const ipv4_t *); From e8fbef5de653e4df35eee49aae6e1ac92d6466e6 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 13 Dec 2003 21:50:26 +0000 Subject: [PATCH 903/923] Forget multicast. Always inline some function. --- src/route.c | 163 ++++------------------------------------------------ 1 file changed, 10 insertions(+), 153 deletions(-) diff --git a/src/route.c b/src/route.c index 6d391cdf..d300e0c7 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.70 2003/12/12 19:52:25 guus Exp $ + $Id: route.c,v 1.1.2.71 2003/12/13 21:50:26 guus Exp $ */ #include "system.h" @@ -53,7 +53,6 @@ rmode_t routing_mode = RMODE_ROUTER; bool priorityinheritance = false; int macexpire = 600; -int multicastexpire = 375; bool overwrite_mac = false; mac_t mymac = {{0xFE, 0xFD, 0, 0, 0, 0}}; @@ -70,7 +69,7 @@ static const size_t opt_size = sizeof(struct nd_opt_hdr); /* RFC 1071 */ -static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) +static __inline__ uint16_t inet_checksum(void *data, int len, uint16_t prevsum) { uint16_t *p = data; uint32_t checksum = prevsum ^ 0xFFFF; @@ -89,7 +88,7 @@ static uint16_t inet_checksum(void *data, int len, uint16_t prevsum) return ~checksum; } -static bool ratelimit(int frequency) { +static __inline__ bool ratelimit(int frequency) { static time_t lasttime = 0; static int count = 0; @@ -104,7 +103,7 @@ static bool ratelimit(int frequency) { return false; } -static bool checklength(node_t *source, vpn_packet_t *packet, length_t length) { +static __inline__ bool checklength(node_t *source, vpn_packet_t *packet, length_t length) { if(packet->len < length) { ifdebug(TRAFFIC) logger(LOG_WARNING, _("Got too short packet from %s (%s)"), source->name, source->hostname); return false; @@ -112,7 +111,7 @@ static bool checklength(node_t *source, vpn_packet_t *packet, length_t length) { return true; } -static void learn_mac(mac_t *address) +static __inline__ void learn_mac(mac_t *address) { subnet_t *subnet; avl_node_t *node; @@ -177,7 +176,7 @@ void age_subnets(void) } } -static void route_mac(node_t *source, vpn_packet_t *packet) +static __inline__ void route_mac(node_t *source, vpn_packet_t *packet) { subnet_t *subnet; @@ -274,7 +273,7 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t send_packet(source, packet); } -static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) +static __inline__ void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) { subnet_t *subnet; @@ -308,20 +307,13 @@ static void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) send_packet(subnet->owner, packet); } -static void route_ipv4(node_t *source, vpn_packet_t *packet) +static __inline__ void route_ipv4(node_t *source, vpn_packet_t *packet) { cp(); if(!checklength(source, packet, ether_size + ip_size)) return; -#if 0 - if(packet->data[30] & 0xf0 == 0xe0) { - route_ipv4_multicast(source, packet); - return; - } -#endif - route_ipv4_unicast(source, packet); } @@ -401,7 +393,7 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t send_packet(source, packet); } -static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) +static __inline__ void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) { subnet_t *subnet; @@ -436,33 +428,6 @@ static void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) send_packet(subnet->owner, packet); } -#ifdef ENABLE_MULTICAST -static void route_ipv6_multicast(node_t *source, vpn_packet_t *packet) -{ - avl_node_t *node; - subnet_t *subnet, search = {0}; - - cp(); - - search.type = SUBNET_IPV6; - search.net.ipv6.address = *(ipv6_t *)(packet->data + ether_size + ip6_size + icmp6_size); - search.net.ipv6.prefixlength = 128; - search.owner = NULL; - - ifdebug(TRAFFIC) logger(LOG_INFO, _("Multicasting packet of %d bytes from %s (%s)"), packet->len, source->name, source->hostname); - - for(node = avl_search_closest_smaller_node(myself->subnet_tree, &search); node; node = node->next) { - subnet = node->data; - - if(subnet->type != SUBNET_IPV6 || memcmp(&subnet->net.ipv6.address, packet->data + ether_size + ip6_size + icmp6_size, sizeof(ipv6_t))) - break; - - if(subnet->owner != source) - send_packet(subnet->owner, packet); - } -} -#endif - /* RFC 2461 */ static void route_neighborsol(node_t *source, vpn_packet_t *packet) @@ -591,101 +556,7 @@ static void route_neighborsol(node_t *source, vpn_packet_t *packet) send_packet(source, packet); } -/* RFC 2710 */ - -#ifdef ENABLE_MULTICAST -static void route_membershipreport(node_t *source, vpn_packet_t *packet) -{ - struct ip6_hdr ip6; - struct icmp6_hdr icmp6; - subnet_t *subnet, search = {0}; - uint16_t checksum; - - struct { - struct in6_addr ip6_src; /* source address */ - struct in6_addr ip6_dst; /* destination address */ - uint32_t length; - uint32_t next; - } pseudo; - - cp(); - - if(!checklength(source, packet, ether_size + ip6_size + icmp6_size + sizeof(ipv6_t))) - return; - - if(source != myself) { - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Got membership report from %s (%s) while in router mode!"), source->name, source->hostname); - return; - } - - /* Copy headers from packet to structs on the stack */ - - memcpy(&ip6, packet->data + ether_size, ip6_size); - memcpy(&icmp6, packet->data + ether_size + ip6_size + 8, icmp6_size); - - /* Create pseudo header */ - - pseudo.ip6_src = ip6.ip6_src; - pseudo.ip6_dst = ip6.ip6_dst; - pseudo.length = htonl(icmp6_size + sizeof(ipv6_t)); - pseudo.next = htonl(IPPROTO_ICMPV6); - - /* Generate checksum */ - - checksum = inet_checksum(&pseudo, sizeof(pseudo), ~0); - checksum = inet_checksum(&icmp6, icmp6_size, checksum); - checksum = inet_checksum(packet->data + ether_size + ip6_size + 8 + icmp6_size, sizeof(ipv6_t), checksum); - - if(checksum) { - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Cannot route packet: checksum error for membership report")); - return; - } - - /* Check if the IPv6 address exists on the VPN */ - - search.type = SUBNET_IPV6; - search.net.ipv6.address = *(ipv6_t *)(packet->data + ether_size + ip6_size + 8 + icmp6_size); - search.net.ipv6.prefixlength = 128; - search.owner = myself; - - subnet = avl_search(myself->subnet_tree, &search); - - if(!subnet) { - avl_node_t *node; - connection_t *c; - - ifdebug(TRAFFIC) logger(LOG_WARNING, _("Learned new IPv6 multicast address %hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx"), - ntohs(*(uint16_t *) &packet->data[70]), - ntohs(*(uint16_t *) &packet->data[72]), - ntohs(*(uint16_t *) &packet->data[74]), - ntohs(*(uint16_t *) &packet->data[76]), - ntohs(*(uint16_t *) &packet->data[78]), - ntohs(*(uint16_t *) &packet->data[80]), - ntohs(*(uint16_t *) &packet->data[82]), - ntohs(*(uint16_t *) &packet->data[84])); - - subnet = new_subnet(); - subnet->type = SUBNET_IPV6; - subnet->net.ipv6.address = *(ipv6_t *)(packet->data + ether_size + ip6_size + 8 + icmp6_size); - subnet->net.ipv6.prefixlength = 128; - subnet->expires = now + multicastexpire; - subnet_add(myself, subnet); - - /* And tell all other tinc daemons it's ours */ - - for(node = connection_tree->head; node; node = node->next) { - c = node->data; - if(c->status.active) - send_add_subnet(c, subnet); - } - } - - if(subnet->expires) - subnet->expires = now + multicastexpire; -} -#endif - -static void route_ipv6(node_t *source, vpn_packet_t *packet) +static __inline__ void route_ipv6(node_t *source, vpn_packet_t *packet) { cp(); @@ -697,20 +568,6 @@ static void route_ipv6(node_t *source, vpn_packet_t *packet) return; } -#ifdef ENABLE_MULTICAST - if(packet->data[20] == IPPROTO_HOPOPTS && checklength(source, packet, ether_size + ip6_size + 8) - && packet->data[54] == IPPROTO_ICMPV6 && checklength(source, packet, ether_size + ip6_size + 8 + icmp6_size) - && packet->data[62] == ICMP6_MEMBERSHIP_REPORT) { - route_membershipreport(source, packet); - return; - } - - if(packet->data[38] == 0xff && packet->data[39] & 0x0c) { - route_ipv6_multicast(source, packet); - return; - } -#endif - route_ipv6_unicast(source, packet); } From 6b12bea62fe2e4bd8b5b6bd0e5ca7f53318705db Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 20 Dec 2003 19:47:53 +0000 Subject: [PATCH 904/923] Let tinc figure out the exact MTU of the link. --- src/connection.h | 3 +- src/graph.c | 8 ++++- src/net.c | 5 +-- src/net.h | 3 +- src/net_packet.c | 60 ++++++++++++++++++++++++++++++-- src/net_setup.c | 25 +++++++------- src/net_socket.c | 83 ++++++++++++++++++++++++++++----------------- src/node.c | 3 +- src/node.h | 32 ++++++++++------- src/protocol_auth.c | 5 ++- src/protocol_key.c | 4 ++- src/route.c | 40 ++++++++++++++++------ 12 files changed, 193 insertions(+), 78 deletions(-) diff --git a/src/connection.h b/src/connection.h index cc6ff718..175bf7ce 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.38 2003/11/17 15:30:16 guus Exp $ + $Id: connection.h,v 1.1.2.39 2003/12/20 19:47:52 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -30,6 +30,7 @@ #define OPTION_INDIRECT 0x0001 #define OPTION_TCPONLY 0x0002 +#define OPTION_DONTFRAGMENT 0x0004 typedef struct connection_status_t { int pinged:1; /* sent ping */ diff --git a/src/graph.c b/src/graph.c index cd7fbf36..d07dd681 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.30 2003/10/10 16:23:30 guus Exp $ + $Id: graph.c,v 1.1.2.31 2003/12/20 19:47:52 guus Exp $ */ /* We need to generate two trees from the graph: @@ -229,6 +229,12 @@ void sssp_bfs(void) e->to->hostname = sockaddr2hostname(&e->to->address); avl_insert_node(node_udp_tree, node); + + if(e->to->options & OPTION_DONTFRAGMENT) { + e->to->mtuprobes = 0; + if(e->to->status.validkey) + send_mtu_probe(e->to); + } } node = avl_alloc_node(); diff --git a/src/net.c b/src/net.c index 16449768..a6d2bb7a 100644 --- a/src/net.c +++ b/src/net.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.c,v 1.35.4.202 2003/12/12 19:52:24 guus Exp $ + $Id: net.c,v 1.35.4.203 2003/12/20 19:47:52 guus Exp $ */ #include "system.h" @@ -334,7 +334,8 @@ int main_loop(void) while(running) { now = time(NULL); - tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */ + // tv.tv_sec = 1 + (rand() & 7); /* Approx. 5 seconds, randomized to prevent global synchronisation effects */ + tv.tv_sec = 1; tv.tv_usec = 0; maxfd = build_fdset(&fset); diff --git a/src/net.h b/src/net.h index cadb76e8..5b145538 100644 --- a/src/net.h +++ b/src/net.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net.h,v 1.9.4.72 2003/10/08 12:09:37 guus Exp $ + $Id: net.h,v 1.9.4.73 2003/12/20 19:47:52 guus Exp $ */ #ifndef __TINC_NET_H__ @@ -150,6 +150,7 @@ extern int main_loop(void); extern void terminate_connection(struct connection_t *, bool); extern void flush_queue(struct node_t *); extern bool read_rsa_public_key(struct connection_t *); +extern void send_mtu_probe(struct node_t *); #ifndef HAVE_MINGW #define closesocket(s) close(s) diff --git a/src/net_packet.c b/src/net_packet.c index af34d059..ac4ad427 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.44 2003/12/12 19:52:25 guus Exp $ + $Id: net_packet.c,v 1.1.2.45 2003/12/20 19:47:52 guus Exp $ */ #include "system.h" @@ -52,9 +52,58 @@ int keyexpires = 0; EVP_CIPHER_CTX packet_ctx; static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS]; +static void send_udppacket(node_t *, vpn_packet_t *); #define MAX_SEQNO 1073741824 +void send_mtu_probe(node_t *n) +{ + vpn_packet_t packet; + int len, i; + + cp(); + + n->mtuprobes++; + + for(i = 0; i < 3; i++) { + if(n->mtuprobes >= 100 || n->probedmtu >= n->mtu) { + n->mtu = n->probedmtu; + ifdebug(TRAFFIC) logger(LOG_INFO, _("Fixing MTU of %s (%s) to %d after %d probes"), n->name, n->hostname, n->mtu, n->mtuprobes); + return; + } + + len = n->probedmtu + 1 + random() % (n->mtu - n->probedmtu); + if(len < 64) + len = 64; + + memset(packet.data, 0, 14); + RAND_pseudo_bytes(packet.data + 14, len - 14); + packet.len = len; + + ifdebug(TRAFFIC) logger(LOG_INFO, _("Sending MTU probe length %d to %s (%s)"), len, n->name, n->hostname); + + send_udppacket(n, &packet); + } + + n->mtuevent = xmalloc(sizeof(*n->mtuevent)); + n->mtuevent->handler = (event_handler_t)send_mtu_probe; + n->mtuevent->data = n; + n->mtuevent->time = now + 1; + event_add(n->mtuevent); +} + +void mtu_probe_h(node_t *n, vpn_packet_t *packet) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("Got MTU probe length %d from %s (%s)"), packet->len, n->name, n->hostname); + + if(!packet->data[0]) { + packet->data[0] = 1; + send_packet(n, packet); + } else { + if(n->probedmtu < packet->len) + n->probedmtu = packet->len; + } +} + static length_t compress_packet(uint8_t *dest, const uint8_t *source, length_t len, int level) { if(level == 10) { @@ -203,7 +252,10 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) if(n->connection) n->connection->last_ping_time = now; - receive_packet(n, inpkt); + if(!inpkt->data[12] && !inpkt->data[13]) + mtu_probe_h(n, inpkt); + else + receive_packet(n, inpkt); } void receive_tcppacket(connection_t *c, char *buffer, int len) @@ -328,6 +380,10 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); + if(errno == EMSGSIZE) { + if(n->mtu >= origlen) + n->mtu = origlen - 1; + } return; } diff --git a/src/net_setup.c b/src/net_setup.c index 2c07ec63..e71d4466 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.47 2003/12/07 14:28:39 guus Exp $ + $Id: net_setup.c,v 1.1.2.48 2003/12/20 19:47:52 guus Exp $ */ #include "system.h" @@ -272,21 +272,20 @@ bool setup_myself(void) /* Check some options */ - if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice)) - if(choice) - myself->options |= OPTION_INDIRECT; + if(get_config_bool(lookup_config(config_tree, "IndirectData"), &choice) && choice) + myself->options |= OPTION_INDIRECT; - if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice)) - if(choice) - myself->options |= OPTION_TCPONLY; + if(get_config_bool(lookup_config(config_tree, "TCPOnly"), &choice) && choice) + myself->options |= OPTION_TCPONLY; - if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice)) - if(choice) - myself->options |= OPTION_INDIRECT; + if(get_config_bool(lookup_config(myself->connection->config_tree, "IndirectData"), &choice) && choice) + myself->options |= OPTION_INDIRECT; - if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice)) - if(choice) - myself->options |= OPTION_TCPONLY; + if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice) && choice) + myself->options |= OPTION_TCPONLY; + + if(get_config_bool(lookup_config(myself->connection->config_tree, "DontFragment"), &choice) && choice) + myself->options |= OPTION_DONTFRAGMENT; if(myself->options & OPTION_TCPONLY) myself->options |= OPTION_INDIRECT; diff --git a/src/net_socket.c b/src/net_socket.c index 4e4a0080..f7404314 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.35 2003/12/12 19:52:25 guus Exp $ + $Id: net_socket.c,v 1.1.2.36 2003/12/20 19:47:52 guus Exp $ */ #include "system.h" @@ -49,13 +49,10 @@ int listen_sockets; int setup_listen_socket(const sockaddr_t *sa) { - int nfd, flags; + int nfd; char *addrstr; int option; char *iface; -#ifdef SO_BINDTODEVICE - struct ifreq ifr; -#endif cp(); @@ -67,13 +64,15 @@ int setup_listen_socket(const sockaddr_t *sa) } #ifdef O_NONBLOCK - flags = fcntl(nfd, F_GETFL); + { + int flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - closesocket(nfd); - logger(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", - strerror(errno)); - return -1; + if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + closesocket(nfd); + logger(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", + strerror(errno)); + return -1; + } } #endif @@ -94,6 +93,8 @@ int setup_listen_socket(const sockaddr_t *sa) if(get_config_string (lookup_config(config_tree, "BindToInterface"), &iface)) { #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) + struct ifreq ifr; + memset(&ifr, 0, sizeof(ifr)); strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ); @@ -129,13 +130,9 @@ int setup_listen_socket(const sockaddr_t *sa) int setup_vpn_in_socket(const sockaddr_t *sa) { - int nfd, flags; + int nfd; char *addrstr; int option; -#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - char *iface; - struct ifreq ifr; -#endif cp(); @@ -147,29 +144,51 @@ int setup_vpn_in_socket(const sockaddr_t *sa) } #ifdef O_NONBLOCK - flags = fcntl(nfd, F_GETFL); - if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { - closesocket(nfd); - logger(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", - strerror(errno)); - return -1; + { + int flags = fcntl(nfd, F_GETFL); + + if(fcntl(nfd, F_SETFL, flags | O_NONBLOCK) < 0) { + closesocket(nfd); + logger(LOG_ERR, _("System call `%s' failed: %s"), "fcntl", + strerror(errno)); + return -1; + } } #endif option = 1; setsockopt(nfd, SOL_SOCKET, SO_REUSEADDR, &option, sizeof(option)); -#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) - if(get_config_string - (lookup_config(config_tree, "BindToInterface"), &iface)) { - memset(&ifr, 0, sizeof(ifr)); - strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ); +#if defined(SOL_IP) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) + { + bool choice; - if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) { - closesocket(nfd); - logger(LOG_ERR, _("Can't bind to interface %s: %s"), iface, - strerror(errno)); - return -1; + if(get_config_bool(lookup_config(myself->connection->config_tree, "DontFragment"), &choice) && choice) { + option = IP_PMTUDISC_DO; + if(setsockopt(nfd, SOL_IP, IP_MTU_DISCOVER, &option, sizeof(option))) { + closesocket(nfd); + logger(LOG_ERR, _("Can't set MTU discovery mode: %s"), strerror(errno)); + return -1; + } + } + } +#endif + +#if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) + { + char *iface; + struct ifreq ifr; + + if(get_config_string(lookup_config(config_tree, "BindToInterface"), &iface)) { + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_ifrn.ifrn_name, iface, IFNAMSIZ); + + if(setsockopt(nfd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr))) { + closesocket(nfd); + logger(LOG_ERR, _("Can't bind to interface %s: %s"), iface, + strerror(errno)); + return -1; + } } } #endif diff --git a/src/node.c b/src/node.c index 0fdc1dcc..e0639149 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.28 2003/08/28 21:05:10 guus Exp $ + $Id: node.c,v 1.1.2.29 2003/12/20 19:47:52 guus Exp $ */ #include "system.h" @@ -80,6 +80,7 @@ node_t *new_node(void) n->edge_tree = new_edge_tree(); n->queue = list_alloc((list_action_t) free); EVP_CIPHER_CTX_init(&n->packet_ctx); + n->mtu = MTU; return n; } diff --git a/src/node.h b/src/node.h index 4407f993..7ce17ebf 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.29 2003/07/30 21:52:41 guus Exp $ + $Id: node.h,v 1.1.2.30 2003/12/20 19:47:52 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -25,13 +25,14 @@ #include "avl_tree.h" #include "connection.h" +#include "event.h" #include "list.h" #include "subnet.h" typedef struct node_status_t { int active:1; /* 1 if active.. */ int validkey:1; /* 1 if we currently have a valid key for him */ - int waitingforkey:1; /* 1 if we already sent out a request */ + int waitingforkey:1; /* 1 if we already sent out a request */ int visited:1; /* 1 if this node has been visited by one of the graph algorithms */ int reachable:1; /* 1 if this node is reachable in the graph */ int indirect:1; /* 1 if this node is not directly reachable by us */ @@ -39,7 +40,7 @@ typedef struct node_status_t { } node_status_t; typedef struct node_t { - char *name; /* name of this node */ + char *name; /* name of this node */ long int options; /* options turned on for this node */ sockaddr_t address; /* his real (internet) ip to send UDP packets to */ @@ -47,30 +48,35 @@ typedef struct node_t { node_status_t status; - const EVP_CIPHER *cipher; /* Cipher type for UDP packets */ - char *key; /* Cipher key and iv */ + const EVP_CIPHER *cipher; /* Cipher type for UDP packets */ + char *key; /* Cipher key and iv */ int keylength; /* Cipher key and iv length */ - EVP_CIPHER_CTX packet_ctx; /* Cipher context */ + EVP_CIPHER_CTX packet_ctx; /* Cipher context */ - const EVP_MD *digest; /* Digest type for MAC */ + const EVP_MD *digest; /* Digest type for MAC */ int maclength; /* Length of MAC */ int compression; /* Compressionlevel, 0 = no compression */ list_t *queue; /* Queue for packets awaiting to be encrypted */ - struct node_t *nexthop; /* nearest node from us to him */ + struct node_t *nexthop; /* nearest node from us to him */ struct node_t *via; /* next hop for UDP packets */ - avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */ + avl_tree_t *subnet_tree; /* Pointer to a tree of subnets belonging to this node */ - avl_tree_t *edge_tree; /* Edges with this node as one of the endpoints */ + avl_tree_t *edge_tree; /* Edges with this node as one of the endpoints */ struct connection_t *connection; /* Connection associated with this node (if a direct connection exists) */ - uint32_t sent_seqno; /* Sequence number last sent to this node */ - uint32_t received_seqno; /* Sequence number last received from this node */ - unsigned char late[16]; /* Bitfield marking late packets */ + uint32_t sent_seqno; /* Sequence number last sent to this node */ + uint32_t received_seqno; /* Sequence number last received from this node */ + unsigned char late[16]; /* Bitfield marking late packets */ + + length_t mtu; /* Maximum size of packets to send to this node */ + length_t probedmtu; /* Probed MTU */ + int mtuprobes; /* Number of probes */ + event_t *mtuevent; /* Probe event */ } node_t; extern struct node_t *myself; diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 8aad5834..b50e60db 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.30 2003/11/17 15:30:18 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.31 2003/12/20 19:47:52 guus Exp $ */ #include "system.h" @@ -476,6 +476,9 @@ bool send_ack(connection_t *c) if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &choice) && choice) || myself->options & OPTION_TCPONLY) c->options |= OPTION_TCPONLY | OPTION_INDIRECT; + if((get_config_bool(lookup_config(c->config_tree, "DontFragment"), &choice) && choice) || myself->options & OPTION_DONTFRAGMENT) + c->options |= OPTION_DONTFRAGMENT; + return send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options); } diff --git a/src/protocol_key.c b/src/protocol_key.c index 049fc1e8..b8b1f223 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.24 2003/11/17 15:30:18 guus Exp $ + $Id: protocol_key.c,v 1.1.4.25 2003/12/20 19:47:53 guus Exp $ */ #include "system.h" @@ -267,6 +267,8 @@ bool ans_key_h(connection_t *c) return false; } + if(from->options & OPTION_DONTFRAGMENT && !from->mtuprobes) + send_mtu_probe(from); flush_queue(from); diff --git a/src/route.c b/src/route.c index d300e0c7..8924329b 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.71 2003/12/13 21:50:26 guus Exp $ + $Id: route.c,v 1.1.2.72 2003/12/20 19:47:53 guus Exp $ */ #include "system.h" @@ -206,7 +206,7 @@ static __inline__ void route_mac(node_t *source, vpn_packet_t *packet) /* RFC 792 */ -static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t code) +static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t type, uint8_t code) { struct ip ip = {0}; struct icmp icmp = {0}; @@ -231,6 +231,9 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t oldlen = packet->len - ether_size; + if(type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) + icmp.icmp_nextmtu = htons(packet->len - ether_size); + if(oldlen >= IP_MSS - ip_size - icmp_size) oldlen = IP_MSS - ip_size - icmp_size; @@ -256,7 +259,7 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t /* Fill in ICMP header */ - icmp.icmp_type = ICMP_DEST_UNREACH; + icmp.icmp_type = type; icmp.icmp_code = code; icmp.icmp_cksum = 0; @@ -269,7 +272,7 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t memcpy(packet->data + ether_size + ip_size, &icmp, icmp_size); packet->len = ether_size + ip_size + icmp_size + oldlen; - + send_packet(source, packet); } @@ -289,7 +292,7 @@ static __inline__ void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) packet->data[32], packet->data[33]); - route_ipv4_unreachable(source, packet, ICMP_NET_UNKNOWN); + route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_NET_UNKNOWN); return; } @@ -299,7 +302,14 @@ static __inline__ void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) } if(!subnet->owner->status.reachable) - route_ipv4_unreachable(source, packet, ICMP_NET_UNREACH); + route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_NET_UNREACH); + + if(subnet->owner->options & OPTION_DONTFRAGMENT && packet->len > subnet->owner->mtu && subnet->owner != myself) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, subnet->owner->mtu); + packet->len = subnet->owner->mtu; + route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED); + return; + } if(priorityinheritance) packet->priority = packet->data[15]; @@ -319,7 +329,7 @@ static __inline__ void route_ipv4(node_t *source, vpn_packet_t *packet) /* RFC 2463 */ -static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t code) +static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t type, uint8_t code) { struct ip6_hdr ip6; struct icmp6_hdr icmp6 = {0}; @@ -347,6 +357,9 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t pseudo.ip6_dst = ip6.ip6_src; pseudo.length = packet->len - ether_size; + + if(type == ICMP6_PACKET_TOO_BIG) + icmp6.icmp6_mtu = htonl(pseudo.length); if(pseudo.length >= IP_MSS - ip6_size - icmp6_size) pseudo.length = IP_MSS - ip6_size - icmp6_size; @@ -366,7 +379,7 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t /* Fill in ICMP header */ - icmp6.icmp6_type = ICMP6_DST_UNREACH; + icmp6.icmp6_type = type; icmp6.icmp6_code = code; icmp6.icmp6_cksum = 0; @@ -413,7 +426,7 @@ static __inline__ void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) ntohs(*(uint16_t *) &packet->data[50]), ntohs(*(uint16_t *) &packet->data[52])); - route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH_ADDR); + route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_ADDR); return; } @@ -423,8 +436,15 @@ static __inline__ void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) } if(!subnet->owner->status.reachable) - route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH_NOROUTE); + route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOROUTE); + if(subnet->owner->options & OPTION_DONTFRAGMENT && packet->len > subnet->owner->mtu && subnet->owner != myself) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, subnet->owner->mtu); + packet->len = subnet->owner->mtu; + route_ipv6_unreachable(source, packet, ICMP6_PACKET_TOO_BIG, 0); + return; + } + send_packet(subnet->owner, packet); } From 9bab08e972ae0ca4b904a659d9aed46aaa9b5dd5 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 20 Dec 2003 21:09:33 +0000 Subject: [PATCH 905/923] More sensible name, and try to set PMTU discovery on IPv6 sockets as well. --- src/graph.c | 4 +++- src/net_packet.c | 9 +++++++-- src/net_setup.c | 4 ++-- src/net_socket.c | 21 ++++++++++++++++++--- src/protocol_auth.c | 4 ++-- 5 files changed, 32 insertions(+), 10 deletions(-) diff --git a/src/graph.c b/src/graph.c index d07dd681..c1773470 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.31 2003/12/20 19:47:52 guus Exp $ + $Id: graph.c,v 1.1.2.32 2003/12/20 21:09:33 guus Exp $ */ /* We need to generate two trees from the graph: @@ -231,7 +231,9 @@ void sssp_bfs(void) avl_insert_node(node_udp_tree, node); if(e->to->options & OPTION_DONTFRAGMENT) { + e->to->mtu = MTU; e->to->mtuprobes = 0; + e->to->probedmtu = 0; if(e->to->status.validkey) send_mtu_probe(e->to); } diff --git a/src/net_packet.c b/src/net_packet.c index ac4ad427..d2e9aa81 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.45 2003/12/20 19:47:52 guus Exp $ + $Id: net_packet.c,v 1.1.2.46 2003/12/20 21:09:33 guus Exp $ */ #include "system.h" @@ -65,8 +65,13 @@ void send_mtu_probe(node_t *n) n->mtuprobes++; + if(n->mtuprobes >= 10 && !n->probedmtu) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("No response to MTU probes from %s (%s)"), n->name, n->hostname); + return; + } + for(i = 0; i < 3; i++) { - if(n->mtuprobes >= 100 || n->probedmtu >= n->mtu) { + if(n->mtuprobes >= 30 || n->probedmtu >= n->mtu) { n->mtu = n->probedmtu; ifdebug(TRAFFIC) logger(LOG_INFO, _("Fixing MTU of %s (%s) to %d after %d probes"), n->name, n->hostname, n->mtu, n->mtuprobes); return; diff --git a/src/net_setup.c b/src/net_setup.c index e71d4466..b2841356 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.48 2003/12/20 19:47:52 guus Exp $ + $Id: net_setup.c,v 1.1.2.49 2003/12/20 21:09:33 guus Exp $ */ #include "system.h" @@ -284,7 +284,7 @@ bool setup_myself(void) if(get_config_bool(lookup_config(myself->connection->config_tree, "TCPOnly"), &choice) && choice) myself->options |= OPTION_TCPONLY; - if(get_config_bool(lookup_config(myself->connection->config_tree, "DontFragment"), &choice) && choice) + if(get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice) myself->options |= OPTION_DONTFRAGMENT; if(myself->options & OPTION_TCPONLY) diff --git a/src/net_socket.c b/src/net_socket.c index f7404314..b90dcf54 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.36 2003/12/20 19:47:52 guus Exp $ + $Id: net_socket.c,v 1.1.2.37 2003/12/20 21:09:33 guus Exp $ */ #include "system.h" @@ -163,11 +163,26 @@ int setup_vpn_in_socket(const sockaddr_t *sa) { bool choice; - if(get_config_bool(lookup_config(myself->connection->config_tree, "DontFragment"), &choice) && choice) { + if(sa->sa.sa_family == AF_INET && get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice) { option = IP_PMTUDISC_DO; if(setsockopt(nfd, SOL_IP, IP_MTU_DISCOVER, &option, sizeof(option))) { closesocket(nfd); - logger(LOG_ERR, _("Can't set MTU discovery mode: %s"), strerror(errno)); + logger(LOG_ERR, _("Can't set PMTU discovery mode: %s"), strerror(errno)); + return -1; + } + } + } +#endif + +#if defined(SOL_IPV6) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO) + { + bool choice; + + if(sa->sa.sa_family == AF_INET6 && get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice) { + option = IPV6_PMTUDISC_DO; + if(setsockopt(nfd, SOL_IPV6, IPV6_MTU_DISCOVER, &option, sizeof(option))) { + closesocket(nfd); + logger(LOG_ERR, _("Can't set PMTU discovery mode: %s"), strerror(errno)); return -1; } } diff --git a/src/protocol_auth.c b/src/protocol_auth.c index b50e60db..5e960ea5 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.31 2003/12/20 19:47:52 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.32 2003/12/20 21:09:33 guus Exp $ */ #include "system.h" @@ -476,7 +476,7 @@ bool send_ack(connection_t *c) if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &choice) && choice) || myself->options & OPTION_TCPONLY) c->options |= OPTION_TCPONLY | OPTION_INDIRECT; - if((get_config_bool(lookup_config(c->config_tree, "DontFragment"), &choice) && choice) || myself->options & OPTION_DONTFRAGMENT) + if((get_config_bool(lookup_config(c->config_tree, "PMTUDiscovery"), &choice) && choice) || myself->options & OPTION_DONTFRAGMENT) c->options |= OPTION_DONTFRAGMENT; return send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options); From af490a745d4ddc8994ceca546b5f9139f6a6ebe2 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 20 Dec 2003 21:20:10 +0000 Subject: [PATCH 906/923] Describe the TunnelServer and PMTUDiscovery options. --- doc/tinc.conf.5.in | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in index 2646931a..14bc6335 100644 --- a/doc/tinc.conf.5.in +++ b/doc/tinc.conf.5.in @@ -219,6 +219,11 @@ Note that there must be exactly one of or .Va PrivateKeyFile specified in the configuration file. +.It Va TunnelServer Li = yes | no Po no Pc Bq experimental +When this option is enabled tinc will no longer forward information between other tinc daemons, +and will only allow nodes and subnets on the VPN which are present in the +Pa hosts/ +directory. .El .Sh HOST CONFIGURATION FILES The host configuration files contain all information needed @@ -269,6 +274,9 @@ The length of the message authentication code used to authenticate UDP packets. Can be anything from .Qq 0 up to the length of the digest produced by the digest algorithm. +.It Va PMTUDiscovery Li = yes | no Po no Pc Bq experimental +When this option is enabled, tinc will try to discover the PMTU to other nodes. +After the PMTU has been discovered, it will be enforced on the VPN. .It Va Port Li = Ar port Pq 655 The port number on which this tinc daemon is listening for incoming connections. .It Va PublicKey Li = Ar key Bq obsolete From 6d41b429a26dd1acaa7c56b2124f2daf55b5b97c Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 20 Dec 2003 21:25:17 +0000 Subject: [PATCH 907/923] Better name, show probed MTU in dump. --- src/connection.h | 4 ++-- src/graph.c | 4 ++-- src/net_setup.c | 4 ++-- src/node.c | 6 +++--- src/protocol_auth.c | 6 +++--- src/protocol_key.c | 4 ++-- src/route.c | 6 +++--- 7 files changed, 17 insertions(+), 17 deletions(-) diff --git a/src/connection.h b/src/connection.h index 175bf7ce..b1c35af2 100644 --- a/src/connection.h +++ b/src/connection.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: connection.h,v 1.1.2.39 2003/12/20 19:47:52 guus Exp $ + $Id: connection.h,v 1.1.2.40 2003/12/20 21:25:17 guus Exp $ */ #ifndef __TINC_CONNECTION_H__ @@ -30,7 +30,7 @@ #define OPTION_INDIRECT 0x0001 #define OPTION_TCPONLY 0x0002 -#define OPTION_DONTFRAGMENT 0x0004 +#define OPTION_PMTU_DISCOVERY 0x0004 typedef struct connection_status_t { int pinged:1; /* sent ping */ diff --git a/src/graph.c b/src/graph.c index c1773470..757210cc 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.32 2003/12/20 21:09:33 guus Exp $ + $Id: graph.c,v 1.1.2.33 2003/12/20 21:25:17 guus Exp $ */ /* We need to generate two trees from the graph: @@ -230,7 +230,7 @@ void sssp_bfs(void) e->to->hostname = sockaddr2hostname(&e->to->address); avl_insert_node(node_udp_tree, node); - if(e->to->options & OPTION_DONTFRAGMENT) { + if(e->to->options & OPTION_PMTU_DISCOVERY) { e->to->mtu = MTU; e->to->mtuprobes = 0; e->to->probedmtu = 0; diff --git a/src/net_setup.c b/src/net_setup.c index b2841356..4ad44fb5 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_setup.c,v 1.1.2.49 2003/12/20 21:09:33 guus Exp $ + $Id: net_setup.c,v 1.1.2.50 2003/12/20 21:25:17 guus Exp $ */ #include "system.h" @@ -285,7 +285,7 @@ bool setup_myself(void) myself->options |= OPTION_TCPONLY; if(get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice) - myself->options |= OPTION_DONTFRAGMENT; + myself->options |= OPTION_PMTU_DISCOVERY; if(myself->options & OPTION_TCPONLY) myself->options |= OPTION_INDIRECT; diff --git a/src/node.c b/src/node.c index e0639149..4b21d5ba 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.29 2003/12/20 19:47:52 guus Exp $ + $Id: node.c,v 1.1.2.30 2003/12/20 21:25:17 guus Exp $ */ #include "system.h" @@ -180,11 +180,11 @@ void dump_nodes(void) for(node = node_tree->head; node; node = node->next) { n = node->data; - logger(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s"), + logger(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s probedmtu %d"), n->name, n->hostname, n->cipher ? n->cipher->nid : 0, n->digest ? n->digest->type : 0, n->maclength, n->compression, n->options, *(uint32_t *)&n->status, n->nexthop ? n->nexthop->name : "-", - n->via ? n->via->name : "-"); + n->via ? n->via->name : "-", n->probedmtu); } logger(LOG_DEBUG, _("End of nodes.")); diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 5e960ea5..94e602f7 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.32 2003/12/20 21:09:33 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.33 2003/12/20 21:25:17 guus Exp $ */ #include "system.h" @@ -476,8 +476,8 @@ bool send_ack(connection_t *c) if((get_config_bool(lookup_config(c->config_tree, "TCPOnly"), &choice) && choice) || myself->options & OPTION_TCPONLY) c->options |= OPTION_TCPONLY | OPTION_INDIRECT; - if((get_config_bool(lookup_config(c->config_tree, "PMTUDiscovery"), &choice) && choice) || myself->options & OPTION_DONTFRAGMENT) - c->options |= OPTION_DONTFRAGMENT; + if((get_config_bool(lookup_config(c->config_tree, "PMTUDiscovery"), &choice) && choice) || myself->options & OPTION_PMTU_DISCOVERY) + c->options |= OPTION_PMTU_DISCOVERY; return send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options); } diff --git a/src/protocol_key.c b/src/protocol_key.c index b8b1f223..5067a818 100644 --- a/src/protocol_key.c +++ b/src/protocol_key.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_key.c,v 1.1.4.25 2003/12/20 19:47:53 guus Exp $ + $Id: protocol_key.c,v 1.1.4.26 2003/12/20 21:25:17 guus Exp $ */ #include "system.h" @@ -267,7 +267,7 @@ bool ans_key_h(connection_t *c) return false; } - if(from->options & OPTION_DONTFRAGMENT && !from->mtuprobes) + if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuprobes) send_mtu_probe(from); flush_queue(from); diff --git a/src/route.c b/src/route.c index 8924329b..367926ea 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.72 2003/12/20 19:47:53 guus Exp $ + $Id: route.c,v 1.1.2.73 2003/12/20 21:25:17 guus Exp $ */ #include "system.h" @@ -304,7 +304,7 @@ static __inline__ void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) if(!subnet->owner->status.reachable) route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_NET_UNREACH); - if(subnet->owner->options & OPTION_DONTFRAGMENT && packet->len > subnet->owner->mtu && subnet->owner != myself) { + if(subnet->owner->options & OPTION_PMTU_DISCOVERY && packet->len > subnet->owner->mtu && subnet->owner != myself) { ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, subnet->owner->mtu); packet->len = subnet->owner->mtu; route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED); @@ -438,7 +438,7 @@ static __inline__ void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) if(!subnet->owner->status.reachable) route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOROUTE); - if(subnet->owner->options & OPTION_DONTFRAGMENT && packet->len > subnet->owner->mtu && subnet->owner != myself) { + if(subnet->owner->options & OPTION_PMTU_DISCOVERY && packet->len > subnet->owner->mtu && subnet->owner != myself) { ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, subnet->owner->mtu); packet->len = subnet->owner->mtu; route_ipv6_unreachable(source, packet, ICMP6_PACKET_TOO_BIG, 0); From 35399784b695c9ac692beba7be7930ee9f24412f Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 22 Dec 2003 11:04:17 +0000 Subject: [PATCH 908/923] Improvements for PMTU discovery and IPv4 packet fragmentation. --- src/graph.c | 10 +++++-- src/net_packet.c | 21 ++++++++----- src/net_socket.c | 18 ++++------- src/node.c | 10 +++++-- src/node.h | 5 ++-- src/protocol_auth.c | 12 ++++++-- src/route.c | 73 ++++++++++++++++++++++++++++++++++++++++----- 7 files changed, 111 insertions(+), 38 deletions(-) diff --git a/src/graph.c b/src/graph.c index 757210cc..3ed1d721 100644 --- a/src/graph.c +++ b/src/graph.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: graph.c,v 1.1.2.33 2003/12/20 21:25:17 guus Exp $ + $Id: graph.c,v 1.1.2.34 2003/12/22 11:04:16 guus Exp $ */ /* We need to generate two trees from the graph: @@ -231,9 +231,9 @@ void sssp_bfs(void) avl_insert_node(node_udp_tree, node); if(e->to->options & OPTION_PMTU_DISCOVERY) { - e->to->mtu = MTU; e->to->mtuprobes = 0; - e->to->probedmtu = 0; + e->to->minmtu = 0; + e->to->maxmtu = MTU; if(e->to->status.validkey) send_mtu_probe(e->to); } @@ -270,6 +270,10 @@ void sssp_bfs(void) n->status.validkey = false; n->status.waitingforkey = false; + n->maxmtu = MTU; + n->minmtu = 0; + n->mtuprobes = 0; + asprintf(&envp[0], "NETNAME=%s", netname ? : ""); asprintf(&envp[1], "DEVICE=%s", device ? : ""); asprintf(&envp[2], "INTERFACE=%s", iface ? : ""); diff --git a/src/net_packet.c b/src/net_packet.c index d2e9aa81..8b49b25a 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.46 2003/12/20 21:09:33 guus Exp $ + $Id: net_packet.c,v 1.1.2.47 2003/12/22 11:04:16 guus Exp $ */ #include "system.h" @@ -47,6 +47,10 @@ #include "utils.h" #include "xalloc.h" +#ifdef WSAEMSGSIZE +#define EMSGSIZE WSAEMSGSIZE +#endif + int keylifetime = 0; int keyexpires = 0; EVP_CIPHER_CTX packet_ctx; @@ -64,20 +68,21 @@ void send_mtu_probe(node_t *n) cp(); n->mtuprobes++; + n->mtuevent = NULL; - if(n->mtuprobes >= 10 && !n->probedmtu) { + if(n->mtuprobes >= 10 && !n->minmtu) { ifdebug(TRAFFIC) logger(LOG_INFO, _("No response to MTU probes from %s (%s)"), n->name, n->hostname); return; } for(i = 0; i < 3; i++) { - if(n->mtuprobes >= 30 || n->probedmtu >= n->mtu) { - n->mtu = n->probedmtu; + if(n->mtuprobes >= 30 || n->minmtu >= n->maxmtu) { + n->mtu = n->minmtu; ifdebug(TRAFFIC) logger(LOG_INFO, _("Fixing MTU of %s (%s) to %d after %d probes"), n->name, n->hostname, n->mtu, n->mtuprobes); return; } - len = n->probedmtu + 1 + random() % (n->mtu - n->probedmtu); + len = n->minmtu + 1 + random() % (n->maxmtu - n->minmtu); if(len < 64) len = 64; @@ -104,8 +109,8 @@ void mtu_probe_h(node_t *n, vpn_packet_t *packet) { packet->data[0] = 1; send_packet(n, packet); } else { - if(n->probedmtu < packet->len) - n->probedmtu = packet->len; + if(n->minmtu < packet->len) + n->minmtu = packet->len; } } @@ -386,6 +391,8 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); if(errno == EMSGSIZE) { + if(n->maxmtu >= origlen) + n->maxmtu = origlen - 1; if(n->mtu >= origlen) n->mtu = origlen - 1; } diff --git a/src/net_socket.c b/src/net_socket.c index b90dcf54..3d1be21e 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_socket.c,v 1.1.2.37 2003/12/20 21:09:33 guus Exp $ + $Id: net_socket.c,v 1.1.2.38 2003/12/22 11:04:16 guus Exp $ */ #include "system.h" @@ -163,13 +163,9 @@ int setup_vpn_in_socket(const sockaddr_t *sa) { bool choice; - if(sa->sa.sa_family == AF_INET && get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice) { + if(get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice) { option = IP_PMTUDISC_DO; - if(setsockopt(nfd, SOL_IP, IP_MTU_DISCOVER, &option, sizeof(option))) { - closesocket(nfd); - logger(LOG_ERR, _("Can't set PMTU discovery mode: %s"), strerror(errno)); - return -1; - } + setsockopt(nfd, SOL_IP, IP_MTU_DISCOVER, &option, sizeof(option)); } } #endif @@ -178,13 +174,9 @@ int setup_vpn_in_socket(const sockaddr_t *sa) { bool choice; - if(sa->sa.sa_family == AF_INET6 && get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice) { + if(get_config_bool(lookup_config(myself->connection->config_tree, "PMTUDiscovery"), &choice) && choice) { option = IPV6_PMTUDISC_DO; - if(setsockopt(nfd, SOL_IPV6, IPV6_MTU_DISCOVER, &option, sizeof(option))) { - closesocket(nfd); - logger(LOG_ERR, _("Can't set PMTU discovery mode: %s"), strerror(errno)); - return -1; - } + setsockopt(nfd, SOL_IPV6, IPV6_MTU_DISCOVER, &option, sizeof(option)); } } #endif diff --git a/src/node.c b/src/node.c index 4b21d5ba..35199161 100644 --- a/src/node.c +++ b/src/node.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.c,v 1.1.2.30 2003/12/20 21:25:17 guus Exp $ + $Id: node.c,v 1.1.2.31 2003/12/22 11:04:16 guus Exp $ */ #include "system.h" @@ -81,6 +81,7 @@ node_t *new_node(void) n->queue = list_alloc((list_action_t) free); EVP_CIPHER_CTX_init(&n->packet_ctx); n->mtu = MTU; + n->maxmtu = MTU; return n; } @@ -110,6 +111,9 @@ void free_node(node_t *n) sockaddrfree(&n->address); EVP_CIPHER_CTX_cleanup(&n->packet_ctx); + + if(n->mtuevent) + event_del(n->mtuevent); free(n); } @@ -180,11 +184,11 @@ void dump_nodes(void) for(node = node_tree->head; node; node = node->next) { n = node->data; - logger(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s probedmtu %d"), + logger(LOG_DEBUG, _(" %s at %s cipher %d digest %d maclength %d compression %d options %lx status %04x nexthop %s via %s pmtu %d (min %d max %d)"), n->name, n->hostname, n->cipher ? n->cipher->nid : 0, n->digest ? n->digest->type : 0, n->maclength, n->compression, n->options, *(uint32_t *)&n->status, n->nexthop ? n->nexthop->name : "-", - n->via ? n->via->name : "-", n->probedmtu); + n->via ? n->via->name : "-", n->mtu, n->minmtu, n->maxmtu); } logger(LOG_DEBUG, _("End of nodes.")); diff --git a/src/node.h b/src/node.h index 7ce17ebf..dd9c7a12 100644 --- a/src/node.h +++ b/src/node.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: node.h,v 1.1.2.30 2003/12/20 19:47:52 guus Exp $ + $Id: node.h,v 1.1.2.31 2003/12/22 11:04:16 guus Exp $ */ #ifndef __TINC_NODE_H__ @@ -74,7 +74,8 @@ typedef struct node_t { unsigned char late[16]; /* Bitfield marking late packets */ length_t mtu; /* Maximum size of packets to send to this node */ - length_t probedmtu; /* Probed MTU */ + length_t minmtu; /* Probed minimum MTU */ + length_t maxmtu; /* Probed maximum MTU */ int mtuprobes; /* Number of probes */ event_t *mtuevent; /* Probe event */ } node_t; diff --git a/src/protocol_auth.c b/src/protocol_auth.c index 94e602f7..77561b81 100644 --- a/src/protocol_auth.c +++ b/src/protocol_auth.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: protocol_auth.c,v 1.1.4.33 2003/12/20 21:25:17 guus Exp $ + $Id: protocol_auth.c,v 1.1.4.34 2003/12/22 11:04:16 guus Exp $ */ #include "system.h" @@ -479,6 +479,8 @@ bool send_ack(connection_t *c) if((get_config_bool(lookup_config(c->config_tree, "PMTUDiscovery"), &choice) && choice) || myself->options & OPTION_PMTU_DISCOVERY) c->options |= OPTION_PMTU_DISCOVERY; + get_config_int(lookup_config(c->config_tree, "Weight"), &c->estimated_weight); + return send_request(c, "%d %s %d %lx", ACK, myport, c->estimated_weight, c->options); } @@ -519,7 +521,7 @@ bool ack_h(connection_t *c) { char hisport[MAX_STRING_SIZE]; char *hisaddress, *dummy; - int weight; + int weight, mtu; long int options; node_t *n; @@ -554,6 +556,12 @@ bool ack_h(connection_t *c) c->node = n; c->options |= options; + if(get_config_int(lookup_config(c->config_tree, "PMTU"), &mtu) && mtu < n->mtu) + n->mtu = mtu; + + if(get_config_int(lookup_config(myself->connection->config_tree, "PMTU"), &mtu) && mtu < n->mtu) + n->mtu = mtu; + /* Activate this connection */ c->allow_request = ALL; diff --git a/src/route.c b/src/route.c index 367926ea..48ba0e84 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.73 2003/12/20 21:25:17 guus Exp $ + $Id: route.c,v 1.1.2.74 2003/12/22 11:04:17 guus Exp $ */ #include "system.h" @@ -276,6 +276,58 @@ static void route_ipv4_unreachable(node_t *source, vpn_packet_t *packet, uint8_t send_packet(source, packet); } +/* RFC 791 */ + +static __inline__ void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet) { + struct ip ip; + vpn_packet_t fragment; + int len, maxlen, todo; + uint8_t *offset; + uint16_t ip_off, origf; + + cp(); + + memcpy(&ip, packet->data + ether_size, ip_size); + fragment.priority = packet->priority; + + if(ip.ip_hl != ip_size / 4) + return; + + todo = ntohs(ip.ip_len) - ip_size; + + if(ether_size + ip_size + todo != packet->len) { + ifdebug(TRAFFIC) logger(LOG_WARNING, _("Length of packet (%d) doesn't match length in IPv4 header (%d)"), packet->len, ether_size + ip_size + todo); + return; + } + + ifdebug(TRAFFIC) logger(LOG_INFO, _("Fragmenting packet of %d bytes to %s (%s)"), packet->len, dest->name, dest->hostname); + + offset = packet->data + ether_size + ip_size; + maxlen = (dest->mtu - ether_size - ip_size) & ~0x7; + ip_off = ntohs(ip.ip_off); + origf = ip_off & ~IP_OFFMASK; + ip_off &= IP_OFFMASK; + + while(todo) { + len = todo > maxlen ? maxlen : todo; + memcpy(fragment.data + ether_size + ip_size, offset, len); + todo -= len; + offset += len; + + ip.ip_len = htons(ip_size + len); + ip.ip_off = htons(ip_off | origf | (todo ? IP_MF : 0)); + ip.ip_sum = 0; + ip.ip_sum = inet_checksum(&ip, ip_size, ~0); + memcpy(fragment.data, packet->data, ether_size); + memcpy(fragment.data + ether_size, &ip, ip_size); + fragment.len = ether_size + ip_size + len; + + send_packet(dest, &fragment); + + ip_off += len / 8; + } +} + static __inline__ void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) { subnet_t *subnet; @@ -304,16 +356,21 @@ static __inline__ void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) if(!subnet->owner->status.reachable) route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_NET_UNREACH); - if(subnet->owner->options & OPTION_PMTU_DISCOVERY && packet->len > subnet->owner->mtu && subnet->owner != myself) { - ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, subnet->owner->mtu); - packet->len = subnet->owner->mtu; - route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED); - return; - } - if(priorityinheritance) packet->priority = packet->data[15]; + if(subnet->owner->options & OPTION_PMTU_DISCOVERY && packet->len > subnet->owner->mtu && subnet->owner != myself) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, subnet->owner->mtu); + if(packet->data[20] & 0x40) { + packet->len = subnet->owner->mtu; + route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED); + } else { + fragment_ipv4_packet(subnet->owner, packet); + } + + return; + } + send_packet(subnet->owner, packet); } From 2c7ce7de12d16cb407fd40224b6cb802528ee942 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 22 Dec 2003 11:05:23 +0000 Subject: [PATCH 909/923] Missing definitions. --- lib/ipv4.h | 6 +++++- lib/ipv6.h | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/ipv4.h b/lib/ipv4.h index 0ee46fb2..dcac0bf8 100644 --- a/lib/ipv4.h +++ b/lib/ipv4.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ipv4.h,v 1.1.2.4 2003/10/08 11:34:55 guus Exp $ + $Id: ipv4.h,v 1.1.2.5 2003/12/22 11:05:23 guus Exp $ */ #ifndef __TINC_IPV4_H__ @@ -35,6 +35,10 @@ #define ICMP_DEST_UNREACH 3 #endif +#ifndef ICMP_FRAG_NEEDED +#define ICMP_FRAG_NEEDED 4 +#endif + #ifndef ICMP_NET_UNKNOWN #define ICMP_NET_UNKNOWN 6 #endif diff --git a/lib/ipv6.h b/lib/ipv6.h index 1c3a2494..3fdb959c 100644 --- a/lib/ipv6.h +++ b/lib/ipv6.h @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: ipv6.h,v 1.1.2.8 2003/11/08 15:09:03 guus Exp $ + $Id: ipv6.h,v 1.1.2.9 2003/12/22 11:05:23 guus Exp $ */ #ifndef __TINC_IPV6_H__ @@ -96,12 +96,14 @@ struct icmp6_hdr { } __attribute__ ((__packed__)); #define ICMP6_DST_UNREACH_NOROUTE 0 #define ICMP6_DST_UNREACH 1 +#define ICMP6_PACKET_TOO_BIG 2 #define ICMP6_DST_UNREACH_ADDR 3 #define ND_NEIGHBOR_SOLICIT 135 #define ND_NEIGHBOR_ADVERT 136 #define icmp6_data32 icmp6_dataun.icmp6_un_data32 #define icmp6_data16 icmp6_dataun.icmp6_un_data16 #define icmp6_data8 icmp6_dataun.icmp6_un_data8 +#define icmp6_mtu icmp6_data32[0] #endif #ifndef HAVE_STRUCT_ND_NEIGHBOR_SOLICIT From aebc97a77f37ec63fbd36721f9b284c975e54270 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 24 Dec 2003 10:48:15 +0000 Subject: [PATCH 910/923] Small fixes for PMTU discovery. --- src/net_packet.c | 10 +++++----- src/route.c | 22 ++++++++++++++-------- 2 files changed, 19 insertions(+), 13 deletions(-) diff --git a/src/net_packet.c b/src/net_packet.c index 8b49b25a..8753bf65 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.47 2003/12/22 11:04:16 guus Exp $ + $Id: net_packet.c,v 1.1.2.48 2003/12/24 10:48:14 guus Exp $ */ #include "system.h" @@ -352,7 +352,7 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) || !EVP_EncryptFinal_ex(&n->packet_ctx, (char *) &outpkt->seqno + outlen, &outpad)) { ifdebug(TRAFFIC) logger(LOG_ERR, _("Error while encrypting packet to %s (%s): %s"), n->name, n->hostname, ERR_error_string(ERR_get_error(), NULL)); - return; + goto end; } outpkt->len = outlen + outpad; @@ -389,16 +389,16 @@ static void send_udppacket(node_t *n, vpn_packet_t *inpkt) #endif if((sendto(listen_socket[sock].udp, (char *) &inpkt->seqno, inpkt->len, 0, &(n->address.sa), SALEN(n->address.sa))) < 0) { - logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); if(errno == EMSGSIZE) { if(n->maxmtu >= origlen) n->maxmtu = origlen - 1; if(n->mtu >= origlen) n->mtu = origlen - 1; - } - return; + } else + logger(LOG_ERR, _("Error sending packet to %s (%s): %s"), n->name, n->hostname, strerror(errno)); } +end: inpkt->len = origlen; } diff --git a/src/route.c b/src/route.c index 48ba0e84..8f238e2c 100644 --- a/src/route.c +++ b/src/route.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: route.c,v 1.1.2.74 2003/12/22 11:04:17 guus Exp $ + $Id: route.c,v 1.1.2.75 2003/12/24 10:48:15 guus Exp $ */ #include "system.h" @@ -331,6 +331,7 @@ static __inline__ void fragment_ipv4_packet(node_t *dest, vpn_packet_t *packet) static __inline__ void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) { subnet_t *subnet; + node_t *via; cp(); @@ -359,13 +360,15 @@ static __inline__ void route_ipv4_unicast(node_t *source, vpn_packet_t *packet) if(priorityinheritance) packet->priority = packet->data[15]; - if(subnet->owner->options & OPTION_PMTU_DISCOVERY && packet->len > subnet->owner->mtu && subnet->owner != myself) { - ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, subnet->owner->mtu); + via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via; + + if(packet->len > via->mtu && via != myself) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu); if(packet->data[20] & 0x40) { - packet->len = subnet->owner->mtu; + packet->len = via->mtu; route_ipv4_unreachable(source, packet, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED); } else { - fragment_ipv4_packet(subnet->owner, packet); + fragment_ipv4_packet(via, packet); } return; @@ -466,6 +469,7 @@ static void route_ipv6_unreachable(node_t *source, vpn_packet_t *packet, uint8_t static __inline__ void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) { subnet_t *subnet; + node_t *via; cp(); @@ -494,10 +498,12 @@ static __inline__ void route_ipv6_unicast(node_t *source, vpn_packet_t *packet) if(!subnet->owner->status.reachable) route_ipv6_unreachable(source, packet, ICMP6_DST_UNREACH, ICMP6_DST_UNREACH_NOROUTE); + + via = (subnet->owner->via == myself) ? subnet->owner->nexthop : subnet->owner->via; - if(subnet->owner->options & OPTION_PMTU_DISCOVERY && packet->len > subnet->owner->mtu && subnet->owner != myself) { - ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, subnet->owner->mtu); - packet->len = subnet->owner->mtu; + if(packet->len > via->mtu && via != myself) { + ifdebug(TRAFFIC) logger(LOG_INFO, _("Packet for %s (%s) length %d larger than MTU %d"), subnet->owner->name, subnet->owner->hostname, packet->len, via->mtu); + packet->len = via->mtu; route_ipv6_unreachable(source, packet, ICMP6_PACKET_TOO_BIG, 0); return; } From 519d63bedbdcc533dd7839aae02b4d7bc2debfb0 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 27 Dec 2003 16:32:52 +0000 Subject: [PATCH 911/923] Don't forget to update destination MAC address. --- src/net_packet.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/net_packet.c b/src/net_packet.c index 8753bf65..255453e9 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -17,7 +17,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - $Id: net_packet.c,v 1.1.2.48 2003/12/24 10:48:14 guus Exp $ + $Id: net_packet.c,v 1.1.2.49 2003/12/27 16:32:52 guus Exp $ */ #include "system.h" @@ -35,6 +35,7 @@ #include "conf.h" #include "connection.h" #include "device.h" +#include "ethernet.h" #include "event.h" #include "graph.h" #include "list.h" @@ -412,6 +413,8 @@ void send_packet(const node_t *n, vpn_packet_t *packet) cp(); if(n == myself) { + if(overwrite_mac) + memcpy(packet->data, mymac.x, ETH_ALEN); write_packet(packet); return; } From f2aa7466e6db9777090583ef26d923fc0a4fcea8 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 10 Jan 2004 23:19:20 +0000 Subject: [PATCH 912/923] Small updates. --- doc/tinc.conf.5.in | 8 +++++--- doc/tincd.8.in | 2 ++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/doc/tinc.conf.5.in b/doc/tinc.conf.5.in index 14bc6335..87106a0c 100644 --- a/doc/tinc.conf.5.in +++ b/doc/tinc.conf.5.in @@ -222,7 +222,7 @@ specified in the configuration file. .It Va TunnelServer Li = yes | no Po no Pc Bq experimental When this option is enabled tinc will no longer forward information between other tinc daemons, and will only allow nodes and subnets on the VPN which are present in the -Pa hosts/ +.Pa @sysconfdir@/tinc/ Ns Ar NETNAME Ns Pa /hosts/ directory. .El .Sh HOST CONFIGURATION FILES @@ -274,9 +274,11 @@ The length of the message authentication code used to authenticate UDP packets. Can be anything from .Qq 0 up to the length of the digest produced by the digest algorithm. +.It Va PMTU Li = Ar mtu Po 1514 Pc Bq experimental +This option controls the initial path MTU to this node. .It Va PMTUDiscovery Li = yes | no Po no Pc Bq experimental -When this option is enabled, tinc will try to discover the PMTU to other nodes. -After the PMTU has been discovered, it will be enforced on the VPN. +When this option is enabled, tinc will try to discover the path MTU to this node. +After the path MTU has been discovered, it will be enforced on the VPN. .It Va Port Li = Ar port Pq 655 The port number on which this tinc daemon is listening for incoming connections. .It Va PublicKey Li = Ar key Bq obsolete diff --git a/doc/tincd.8.in b/doc/tincd.8.in index d2391458..e7789f01 100644 --- a/doc/tincd.8.in +++ b/doc/tincd.8.in @@ -67,6 +67,8 @@ Generate public/private RSA keypair and exit. If .Ar BITS is omitted, the default length will be 1024 bits. +When saving keys to existing files, tinc will not delete the old keys, +you have to remove them manually. .It Fl L, -mlock Lock tinc into main memory. This will prevent sensitive data like shared private keys to be written to the system swap files/partitions. From fcd836c609568fab323f4af6dd525de957a6f4cc Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 10 Jan 2004 23:21:36 +0000 Subject: [PATCH 913/923] Remove autogen.sh, the autoreconf program does exactly that. Update everything for the latest autoconf and automake versions. --- COPYING | 339 ---------------------------------------------- INSTALL | 182 ------------------------- Makefile.am | 4 +- autogen.sh | 157 --------------------- configure.in | 13 +- m4/Makefile.am | 4 + m4/Makefile.am.in | 16 --- m4/attribute.m4 | 2 +- m4/lzo.m4 | 8 +- m4/malloc.m4 | 14 +- m4/openssl.m4 | 8 +- m4/realloc.m4 | 14 +- m4/tuntap.m4 | 24 ++-- m4/zlib.m4 | 8 +- 14 files changed, 53 insertions(+), 740 deletions(-) delete mode 100644 COPYING delete mode 100644 INSTALL delete mode 100644 autogen.sh create mode 100644 m4/Makefile.am delete mode 100644 m4/Makefile.am.in diff --git a/COPYING b/COPYING deleted file mode 100644 index a43ea212..00000000 --- a/COPYING +++ /dev/null @@ -1,339 +0,0 @@ - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc. - 675 Mass Ave, Cambridge, MA 02139, USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Library General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - Appendix: How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) 19yy - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) 19yy name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Library General -Public License instead of this License. diff --git a/INSTALL b/INSTALL deleted file mode 100644 index b42a17ac..00000000 --- a/INSTALL +++ /dev/null @@ -1,182 +0,0 @@ -Basic Installation -================== - - These are generic installation instructions. - - The `configure' shell script attempts to guess correct values for -various system-dependent variables used during compilation. It uses -those values to create a `Makefile' in each directory of the package. -It may also create one or more `.h' files containing system-dependent -definitions. Finally, it creates a shell script `config.status' that -you can run in the future to recreate the current configuration, a file -`config.cache' that saves the results of its tests to speed up -reconfiguring, and a file `config.log' containing compiler output -(useful mainly for debugging `configure'). - - If you need to do unusual things to compile the package, please try -to figure out how `configure' could check whether to do them, and mail -diffs or instructions to the address given in the `README' so they can -be considered for the next release. If at some point `config.cache' -contains results you don't want to keep, you may remove or edit it. - - The file `configure.in' is used to create `configure' by a program -called `autoconf'. You only need `configure.in' if you want to change -it or regenerate `configure' using a newer version of `autoconf'. - -The simplest way to compile this package is: - - 1. `cd' to the directory containing the package's source code and type - `./configure' to configure the package for your system. If you're - using `csh' on an old version of System V, you might need to type - `sh ./configure' instead to prevent `csh' from trying to execute - `configure' itself. - - Running `configure' takes awhile. While running, it prints some - messages telling which features it is checking for. - - 2. Type `make' to compile the package. - - 3. Optionally, type `make check' to run any self-tests that come with - the package. - - 4. Type `make install' to install the programs and any data files and - documentation. - - 5. You can remove the program binaries and object files from the - source code directory by typing `make clean'. To also remove the - files that `configure' created (so you can compile the package for - a different kind of computer), type `make distclean'. There is - also a `make maintainer-clean' target, but that is intended mainly - for the package's developers. If you use it, you may have to get - all sorts of other programs in order to regenerate files that came - with the distribution. - -Compilers and Options -===================== - - Some systems require unusual options for compilation or linking that -the `configure' script does not know about. You can give `configure' -initial values for variables by setting them in the environment. Using -a Bourne-compatible shell, you can do that on the command line like -this: - CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure - -Or on systems that have the `env' program, you can do it like this: - env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure - -Compiling For Multiple Architectures -==================================== - - You can compile the package for more than one kind of computer at the -same time, by placing the object files for each architecture in their -own directory. To do this, you must use a version of `make' that -supports the `VPATH' variable, such as GNU `make'. `cd' to the -directory where you want the object files and executables to go and run -the `configure' script. `configure' automatically checks for the -source code in the directory that `configure' is in and in `..'. - - If you have to use a `make' that does not supports the `VPATH' -variable, you have to compile the package for one architecture at a time -in the source code directory. After you have installed the package for -one architecture, use `make distclean' before reconfiguring for another -architecture. - -Installation Names -================== - - By default, `make install' will install the package's files in -`/usr/local/bin', `/usr/local/man', etc. You can specify an -installation prefix other than `/usr/local' by giving `configure' the -option `--prefix=PATH'. - - You can specify separate installation prefixes for -architecture-specific files and architecture-independent files. If you -give `configure' the option `--exec-prefix=PATH', the package will use -PATH as the prefix for installing programs and libraries. -Documentation and other data files will still use the regular prefix. - - In addition, if you use an unusual directory layout you can give -options like `--bindir=PATH' to specify different values for particular -kinds of files. Run `configure --help' for a list of the directories -you can set and what kinds of files go in them. - - If the package supports it, you can cause programs to be installed -with an extra prefix or suffix on their names by giving `configure' the -option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. - -Optional Features -================= - - Some packages pay attention to `--enable-FEATURE' options to -`configure', where FEATURE indicates an optional part of the package. -They may also pay attention to `--with-PACKAGE' options, where PACKAGE -is something like `gnu-as' or `x' (for the X Window System). The -`README' should mention any `--enable-' and `--with-' options that the -package recognizes. - - For packages that use the X Window System, `configure' can usually -find the X include and library files automatically, but if it doesn't, -you can use the `configure' options `--x-includes=DIR' and -`--x-libraries=DIR' to specify their locations. - -Specifying the System Type -========================== - - There may be some features `configure' can not figure out -automatically, but needs to determine by the type of host the package -will run on. Usually `configure' can figure that out, but if it prints -a message saying it can not guess the host type, give it the -`--host=TYPE' option. TYPE can either be a short name for the system -type, such as `sun4', or a canonical name with three fields: - CPU-COMPANY-SYSTEM - -See the file `config.sub' for the possible values of each field. If -`config.sub' isn't included in this package, then this package doesn't -need to know the host type. - - If you are building compiler tools for cross-compiling, you can also -use the `--target=TYPE' option to select the type of system they will -produce code for and the `--build=TYPE' option to select the type of -system on which you are compiling the package. - -Sharing Defaults -================ - - If you want to set default values for `configure' scripts to share, -you can create a site shell script called `config.site' that gives -default values for variables like `CC', `cache_file', and `prefix'. -`configure' looks for `PREFIX/share/config.site' if it exists, then -`PREFIX/etc/config.site' if it exists. Or, you can set the -`CONFIG_SITE' environment variable to the location of the site script. -A warning: not all `configure' scripts look for a site script. - -Operation Controls -================== - - `configure' recognizes the following options to control how it -operates. - -`--cache-file=FILE' - Use and save the results of the tests in FILE instead of - `./config.cache'. Set FILE to `/dev/null' to disable caching, for - debugging `configure'. - -`--help' - Print a summary of the options to `configure', and exit. - -`--quiet' -`--silent' -`-q' - Do not print messages saying which checks are being made. To - suppress all normal output, redirect it to `/dev/null' (any error - messages will still be shown). - -`--srcdir=DIR' - Look for the package's source code in directory DIR. Usually - `configure' can determine that directory automatically. - -`--version' - Print the version of Autoconf used to generate the `configure' - script, and exit. - -`configure' also accepts some other, not widely useful, options. diff --git a/Makefile.am b/Makefile.am index 8462e685..419940ed 100644 --- a/Makefile.am +++ b/Makefile.am @@ -8,9 +8,9 @@ ACLOCAL_AMFLAGS = -I m4 EXTRA_DIST = config.rpath mkinstalldirs system.h COPYING.README depcomp -CVS_CREATED = ABOUT-NLS configure aclocal.m4 config.h.in config.guess \ +CVS_CREATED = ABOUT-NLS INSTALL COPYING configure aclocal.m4 config.h.in config.guess \ config.sub install-sh ltconfig ltmain.sh missing mkinstalldirs \ - stamp-h.in m4/Makefile.am ChangeLog po/Makefile.in.in \ + stamp-h.in ChangeLog po/Makefile.in.in \ po/tinc.pot po/*.sed po/*.header po/*.sin po/Rules-quot \ src/.libs intl depcomp diff --git a/autogen.sh b/autogen.sh deleted file mode 100644 index ecdd7010..00000000 --- a/autogen.sh +++ /dev/null @@ -1,157 +0,0 @@ -#!/bin/sh -# Run this to generate all the initial makefiles, -# etc. just after a checkout. - -DIE=0 - -if ${MAKE:-gmake} -q -C . autogen.sh 2> /dev/null -then - alias make=${MAKE:-gmake} -fi - -srcdir="`/bin/pwd`" - -(autoconf --version) < /dev/null > /dev/null 2>&1 || { - echo - echo "**Error**: You must have \`autoconf' installed to compile tinc." - echo "Download the appropriate package for your distribution," - echo "or get the source tarball at ftp://ftp.gnu.org/pub/gnu/" - DIE=1 -} - -(grep "^AM_PROG_LIBTOOL" $srcdir/configure.in >/dev/null) && { - (libtool --version) < /dev/null > /dev/null 2>&1 || { - echo - echo "**Error**: You must have \`libtool' installed to compile tinc." - echo "Get ftp://ftp.gnu.org/pub/gnu/libtool-1.2d.tar.gz" - echo "(or a newer version if it is available)" - DIE=1 - } -} - -grep "^AM_GNU_GETTEXT" $srcdir/configure.in >/dev/null && { - grep "sed.*POTFILES" $srcdir/configure.in >/dev/null || \ - (gettext --version) < /dev/null > /dev/null 2>&1 || { - echo - echo "**Error**: You must have \`gettext' installed to compile tinc." - echo "Get ftp://alpha.gnu.org/gnu/gettext-0.10.35.tar.gz" - echo "(or a newer version if it is available)" - DIE=1 - } -} - -grep "^AM_GNOME_GETTEXT" $srcdir/configure.in >/dev/null && { - grep "sed.*POTFILES" $srcdir/configure.in >/dev/null || \ - (gettext --version) < /dev/null > /dev/null 2>&1 || { - echo - echo "**Error**: You must have \`gettext' installed to compile tinc." - echo "Get ftp://alpha.gnu.org/gnu/gettext-0.10.35.tar.gz" - echo "(or a newer version if it is available)" - DIE=1 - } -} - -(automake --version) < /dev/null > /dev/null 2>&1 || { - echo - echo "**Error**: You must have \`automake' installed to compile tinc." - echo "Get ftp://ftp.gnu.org/pub/gnu/automake-1.3.tar.gz" - echo "(or a newer version if it is available)" - DIE=1 - NO_AUTOMAKE=yes -} - - -# if no automake, don't bother testing for aclocal -test -n "$NO_AUTOMAKE" || (aclocal --version) < /dev/null > /dev/null 2>&1 || { - echo - echo "**Error**: Missing \`aclocal'. The version of \`automake'" - echo "installed doesn't appear recent enough." - echo "Get ftp://ftp.gnu.org/pub/gnu/automake-1.3.tar.gz" - echo "(or a newer version if it is available)" - DIE=1 -} - -if test "$DIE" -eq 1; then - exit 1 -fi - -if test -z "$*"; then - echo "**Warning**: I am going to run \`configure' with no arguments." - echo "If you wish to pass any to it, please specify them on the" - echo \`$0\'" command line." - echo -fi - -case $CC in -xlc ) - am_opt=--include-deps;; -esac - -for coin in `find $srcdir -name configure.in -print` -do - dr=`dirname $coin` - if test -f $dr/NO-AUTO-GEN; then - echo skipping $dr -- flagged as no auto-gen - else - echo processing $dr - macrodirs=`sed -n -e 's,AM_ACLOCAL_INCLUDE(\(.*\)),\1,gp' < $coin` - ( cd $dr - if grep "^AM_GNU_GETTEXT" configure.in >/dev/null; then - if grep "sed.*POTFILES" configure.in >/dev/null; then - : do nothing -- we still have an old unmodified configure.in - else - echo "Creating $dr/aclocal.m4 ..." - test -r $dr/aclocal.m4 || touch $dr/aclocal.m4 - echo "Running autopoint..." - autopoint --force - echo "Making $dr/aclocal.m4 writable ..." - test -r $dr/aclocal.m4 && chmod u+w $dr/aclocal.m4 - fi - fi - if grep "^AM_GNOME_GETTEXT" configure.in >/dev/null; then - echo "Creating $dr/aclocal.m4 ..." - test -r $dr/aclocal.m4 || touch $dr/aclocal.m4 - echo "Running autopoint..." - autopoint --force - echo "Making $dr/aclocal.m4 writable ..." - test -r $dr/aclocal.m4 && chmod u+w $dr/aclocal.m4 - fi - if grep "^AM_PROG_LIBTOOL" configure.in >/dev/null; then - echo "Running libtoolize..." - libtoolize --force --copy - fi - aclocalinclude="$ACLOCAL_FLAGS" - for k in $macrodirs; do - if test -d $k; then - if test -f $k/Makefile.am.in; then - make -C $k -f Makefile.am.in Makefile.am - fi - aclocalinclude="$aclocalinclude -I $k" - ##else - ## echo "**Warning**: No such directory \`$k'. Ignored." - fi - done - touch ChangeLog - echo "Running aclocal $aclocalinclude ..." - aclocal $aclocalinclude - if grep "^AM_CONFIG_HEADER" configure.in >/dev/null; then - echo "Running autoheader..." - autoheader - fi - echo "Running automake --gnu $am_opt ..." - automake --add-missing --gnu $am_opt - echo "Running autoconf ..." - autoconf - ) - fi -done - -conf_flags="--enable-maintainer-mode --enable-compile-warnings" #--enable-iso-c - -if test x$NOCONFIGURE = x; then - echo Running $srcdir/configure $conf_flags "$@" ... - $srcdir/configure $conf_flags "$@" \ - && echo Now type \`make\' to compile $PKG_NAME || exit 1 -else - echo Skipping configure process. -fi diff --git a/configure.in b/configure.in index f72229c6..708f1714 100644 --- a/configure.in +++ b/configure.in @@ -1,11 +1,12 @@ dnl Process this file with autoconf to produce a configure script. -dnl $Id: configure.in,v 1.13.2.85 2003/10/08 11:34:55 guus Exp $ +dnl $Id: configure.in,v 1.13.2.86 2004/01/10 23:21:36 guus Exp $ -AC_PREREQ(2.57) -AC_INIT(src/tincd.c) +AC_PREREQ(2.59) +AC_INIT +AC_CONFIG_SRCDIR([src/tincd.c]) AM_INIT_AUTOMAKE(tinc, 1.0-cvs) -AM_CONFIG_HEADER(config.h) +AC_CONFIG_HEADERS([config.h]) AM_MAINTAINER_MODE dnl Include the macros from the m4/ directory @@ -284,13 +285,13 @@ tinc_LZO dnl Check if support for jumbograms is requested AC_ARG_ENABLE(jumbograms, - AC_HELP_STRING([--enable-jumbograms], [enable support for jumbograms (packets up to 9000 bytes)]), + AS_HELP_STRING([--enable-jumbograms], [enable support for jumbograms (packets up to 9000 bytes)]), [ AC_DEFINE(ENABLE_JUMBOGRAMS, 1, [Support for jumbograms (packets up to 9000 bytes)]) ] ) dnl Check if checkpoint tracing has to be enabled AC_ARG_ENABLE(tracing, - AC_HELP_STRING([--enable-tracing], [enable checkpoint tracing (debugging only)]), + AS_HELP_STRING([--enable-tracing], [enable checkpoint tracing (debugging only)]), [ AC_DEFINE(ENABLE_TRACING, 1, [Checkpoint tracing]) ] ) diff --git a/m4/Makefile.am b/m4/Makefile.am new file mode 100644 index 00000000..0f58aefa --- /dev/null +++ b/m4/Makefile.am @@ -0,0 +1,4 @@ +## Process this file with automake to produce Makefile.in -*-Makefile-*- + +EXTRA_DIST = README *.m4 + diff --git a/m4/Makefile.am.in b/m4/Makefile.am.in deleted file mode 100644 index 9ee9c43b..00000000 --- a/m4/Makefile.am.in +++ /dev/null @@ -1,16 +0,0 @@ -## Process this file with automake to produce Makefile.in -*-Makefile-*- - -##m4-files-begin -##m4-files-end - -Makefile.am: Makefile.am.in - rm -f $@ $@t - sed -n '1,/^##m4-files-begin/p' $< > $@t - ( echo EXTRA_DIST = README Makefile.am.in; \ - find . -type f -name '*.m4' -print |sed 's,^\./,,' |sort ) \ - |fmt | (tr '\012' @; echo) \ - |sed 's/@$$/%/;s/@/ \\@/g' |tr @% '\012\012' \ - >> $@t - sed -n '/^##m4-files-end/,$$p' $< >> $@t - chmod a-w $@t - mv $@t $@ diff --git a/m4/attribute.m4 b/m4/attribute.m4 index 58b83467..6a8f5558 100644 --- a/m4/attribute.m4 +++ b/m4/attribute.m4 @@ -1,7 +1,7 @@ dnl Check to find out whether function attributes are supported. dnl If they are not, #define them to be nothing. -AC_DEFUN(tinc_ATTRIBUTE, +AC_DEFUN([tinc_ATTRIBUTE], [ AC_CACHE_CHECK([for working $1 attribute], tinc_cv_attribute_$1, [ diff --git a/m4/lzo.m4 b/m4/lzo.m4 index 33d47d3a..8214d4c2 100644 --- a/m4/lzo.m4 +++ b/m4/lzo.m4 @@ -1,22 +1,22 @@ dnl Check to find the lzo headers/libraries -AC_DEFUN(tinc_LZO, +AC_DEFUN([tinc_LZO], [ AC_ARG_WITH(lzo, - AC_HELP_STRING([--with-lzo=DIR], [lzo base directory, or:]), + AS_HELP_STRING([--with-lzo=DIR], [lzo base directory, or:]), [lzo="$withval" CPPFLAGS="$CPPFLAGS -I$withval/include" LDFLAGS="$LDFLAGS -L$withval/lib"] ) AC_ARG_WITH(lzo-include, - AC_HELP_STRING([--with-lzo-include=DIR], [lzo headers directory]), + AS_HELP_STRING([--with-lzo-include=DIR], [lzo headers directory]), [lzo_include="$withval" CPPFLAGS="$CPPFLAGS -I$withval"] ) AC_ARG_WITH(lzo-lib, - AC_HELP_STRING([--with-lzo-lib=DIR], [lzo library directory]), + AS_HELP_STRING([--with-lzo-lib=DIR], [lzo library directory]), [lzo_lib="$withval" LDFLAGS="$LDFLAGS -L$withval"] ) diff --git a/m4/malloc.m4 b/m4/malloc.m4 index a6b4c9a5..f8ed1128 100644 --- a/m4/malloc.m4 +++ b/m4/malloc.m4 @@ -10,7 +10,7 @@ dnl /* Define to rpl_malloc if the replacement function should be used. */ dnl #undef malloc dnl -AC_DEFUN(jm_FUNC_MALLOC, +AC_DEFUN([jm_FUNC_MALLOC], [ if test x = y; then dnl This code is deliberately never run via ./configure. @@ -23,21 +23,19 @@ AC_DEFUN(jm_FUNC_MALLOC, AC_DEFINE(HAVE_DONE_WORKING_MALLOC_CHECK, 1, [Needed for xmalloc.c]) AC_CACHE_CHECK([for working malloc], jm_cv_func_working_malloc, - [AC_TRY_RUN([ + [AC_RUN_IFELSE([AC_LANG_SOURCE([ char *malloc (); int main () { exit (malloc (0) ? 0 : 1); } - ], - jm_cv_func_working_malloc=yes, - jm_cv_func_working_malloc=no, - dnl When crosscompiling, assume malloc is broken. - jm_cv_func_working_malloc=no) + ])], + [jm_cv_func_working_malloc=yes], + [jm_cv_func_working_malloc=no], + [When crosscompiling]) ]) if test $jm_cv_func_working_malloc = no; then - dnl This was: LIBOBJS="$LIBOBJS malloc.$ac_objext" AC_LIBOBJ([malloc]) AC_DEFINE(malloc, rpl_malloc, [Replacement malloc()]) fi diff --git a/m4/openssl.m4 b/m4/openssl.m4 index f4415cc2..0bc99766 100644 --- a/m4/openssl.m4 +++ b/m4/openssl.m4 @@ -1,22 +1,22 @@ dnl Check to find the OpenSSL headers/libraries -AC_DEFUN(tinc_OPENSSL, +AC_DEFUN([tinc_OPENSSL], [ AC_ARG_WITH(openssl, - AC_HELP_STRING([--with-openssl=DIR], [OpenSSL base directory, or:]), + AS_HELP_STRING([--with-openssl=DIR], [OpenSSL base directory, or:]), [openssl="$withval" CPPFLAGS="$CPPFLAGS -I$withval/include" LDFLAGS="$LDFLAGS -L$withval/lib"] ) AC_ARG_WITH(openssl-include, - AC_HELP_STRING([--with-openssl-include=DIR], [OpenSSL headers directory (without trailing /openssl)]), + AS_HELP_STRING([--with-openssl-include=DIR], [OpenSSL headers directory (without trailing /openssl)]), [openssl_include="$withval" CPPFLAGS="$CPPFLAGS -I$withval"] ) AC_ARG_WITH(openssl-lib, - AC_HELP_STRING([--with-openssl-lib=DIR], [OpenSSL library directory]), + AS_HELP_STRING([--with-openssl-lib=DIR], [OpenSSL library directory]), [openssl_lib="$withval" LDFLAGS="$LDFLAGS -L$withval"] ) diff --git a/m4/realloc.m4 b/m4/realloc.m4 index cae9c1f9..4ff1d26b 100644 --- a/m4/realloc.m4 +++ b/m4/realloc.m4 @@ -10,7 +10,7 @@ dnl /* Define to rpl_realloc if the replacement function should be used. */ dnl #undef realloc dnl -AC_DEFUN(jm_FUNC_REALLOC, +AC_DEFUN([jm_FUNC_REALLOC], [ if test x = y; then dnl This code is deliberately never run via ./configure. @@ -23,21 +23,19 @@ AC_DEFUN(jm_FUNC_REALLOC, AC_DEFINE(HAVE_DONE_WORKING_REALLOC_CHECK, 1, [Needed for xmalloc.c]) AC_CACHE_CHECK([for working realloc], jm_cv_func_working_realloc, - [AC_TRY_RUN([ + [AC_RUN_IFELSE([AC_LANG_SOURCE([ char *realloc (); int main () { exit (realloc (0, 0) ? 0 : 1); } - ], - jm_cv_func_working_realloc=yes, - jm_cv_func_working_realloc=no, - dnl When crosscompiling, assume realloc is broken. - jm_cv_func_working_realloc=no) + ])], + [jm_cv_func_working_realloc=yes], + [jm_cv_func_working_realloc=no], + [When crosscompiling]) ]) if test $jm_cv_func_working_realloc = no; then - dnl This was: LIBOBJS="$LIBOBJS realloc.$ac_objext" AC_LIBOBJ([realloc]) AC_DEFINE(realloc, rpl_realloc, [Replacement realloc()]) fi diff --git a/m4/tuntap.m4 b/m4/tuntap.m4 index dcf3a152..8c14a9bc 100644 --- a/m4/tuntap.m4 +++ b/m4/tuntap.m4 @@ -1,22 +1,28 @@ dnl Check to find out whether the running kernel has support for TUN/TAP -AC_DEFUN(tinc_TUNTAP, +AC_DEFUN([tinc_TUNTAP], [ AC_ARG_WITH(kernel, - AC_HELP_STRING([--with-kernel=DIR], [give the directory with kernel sources (default: /usr/src/linux)]), + AS_HELP_STRING([--with-kernel=DIR], [give the directory with kernel sources (default: /usr/src/linux)]), kerneldir="$withval", kerneldir="/usr/src/linux" ) AC_CACHE_CHECK([for linux/if_tun.h], tinc_cv_linux_if_tun_h, [ - AC_TRY_COMPILE([#include "$kerneldir/include/linux/if_tun.h"], - [int a = IFF_TAP;], - if_tun_h="\"$kerneldir/include/linux/if_tun.h\"", - [AC_TRY_COMPILE([#include ], - [int a = IFF_TAP;], - if_tun_h="default", - if_tun_h="no" + AC_COMPILE_IFELSE( + AC_LANG_PROGRAM([ + #include "$kerneldir/include/linux/if_tun.h" + int a = IFF_TAP; + ]), + [if_tun_h="\"$kerneldir/include/linux/if_tun.h\""], + [AC_COMPILE_IFELSE( + AC_LANG_PROGRAM([ + #include + int a = IFF_TAP; + ]), + [if_tun_h="default"], + [if_tun_h="no"] )] ) diff --git a/m4/zlib.m4 b/m4/zlib.m4 index dcf2c3af..71f39f71 100644 --- a/m4/zlib.m4 +++ b/m4/zlib.m4 @@ -1,22 +1,22 @@ dnl Check to find the zlib headers/libraries -AC_DEFUN(tinc_ZLIB, +AC_DEFUN([tinc_ZLIB], [ AC_ARG_WITH(zlib, - AC_HELP_STRING([--with-zlib=DIR], [zlib base directory, or:]), + AS_HELP_STRING([--with-zlib=DIR], [zlib base directory, or:]), [zlib="$withval" CPPFLAGS="$CPPFLAGS -I$withval/include" LDFLAGS="$LDFLAGS -L$withval/lib"] ) AC_ARG_WITH(zlib-include, - AC_HELP_STRING([--with-zlib-include=DIR], [zlib headers directory]), + AS_HELP_STRING([--with-zlib-include=DIR], [zlib headers directory]), [zlib_include="$withval" CPPFLAGS="$CPPFLAGS -I$withval"] ) AC_ARG_WITH(zlib-lib, - AC_HELP_STRING([--with-zlib-lib=DIR], [zlib library directory]), + AS_HELP_STRING([--with-zlib-lib=DIR], [zlib library directory]), [zlib_lib="$withval" LDFLAGS="$LDFLAGS -L$withval"] ) From 538595f7350ba6c7d11aba7d9f481ea1641e1857 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 15 Mar 2004 17:53:17 +0000 Subject: [PATCH 914/923] Replace cvs-clean with a much better svn-clean. --- Makefile.am | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/Makefile.am b/Makefile.am index 419940ed..eb800e14 100644 --- a/Makefile.am +++ b/Makefile.am @@ -8,20 +8,11 @@ ACLOCAL_AMFLAGS = -I m4 EXTRA_DIST = config.rpath mkinstalldirs system.h COPYING.README depcomp -CVS_CREATED = ABOUT-NLS INSTALL COPYING configure aclocal.m4 config.h.in config.guess \ - config.sub install-sh ltconfig ltmain.sh missing mkinstalldirs \ - stamp-h.in ChangeLog po/Makefile.in.in \ - po/tinc.pot po/*.sed po/*.header po/*.sin po/Rules-quot \ - src/.libs intl depcomp - ChangeLog: cvs2cl -U cvsusers --fsf -cvs-clean: maintainer-clean - for f in $(CVS_CREATED) `find . -name Makefile.in` tinc-$(VERSION).tar.gz; do\ - rm -Rf "$$f"; \ - done - grep -l gettext `find m4 -type f` | xargs rm -f +svn-clean: maintainer-clean + svn status --no-ignore | grep '^\?' | sed 's/^\? \+//g' | xargs rm -rf deb: dpkg-buildpackage -rfakeroot From 4350704d6578656af98195b26006c6b6d6a798e3 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 15 Mar 2004 17:54:19 +0000 Subject: [PATCH 915/923] Remove CVS related cruft. --- .cvsignore | 4 ---- cvsusers | 3 --- doc/.cvsignore | 1 - lib/.cvsignore | 1 - m4/.cvsignore | 1 - po/.cvsignore | 1 - src/.cvsignore | 1 - 7 files changed, 12 deletions(-) delete mode 100644 .cvsignore delete mode 100644 cvsusers delete mode 100644 doc/.cvsignore delete mode 100644 lib/.cvsignore delete mode 100644 m4/.cvsignore delete mode 100644 po/.cvsignore delete mode 100644 src/.cvsignore diff --git a/.cvsignore b/.cvsignore deleted file mode 100644 index 2a3df8e9..00000000 --- a/.cvsignore +++ /dev/null @@ -1,4 +0,0 @@ -Makefile Makefile.in aclocal.m4 config.cache config.log config.status configure -config.guess config.sub install-sh missing mkinstalldirs ChangeLog -config.h.in stamp-h.in config.h libtool stamp-h build-stamp -intl diff --git a/cvsusers b/cvsusers deleted file mode 100644 index 24b85047..00000000 --- a/cvsusers +++ /dev/null @@ -1,3 +0,0 @@ -zarq:Ivo Timmermans -guus:Guus Sliepen -wsl:Wessel Dankers diff --git a/doc/.cvsignore b/doc/.cvsignore deleted file mode 100644 index d99f5fe9..00000000 --- a/doc/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile.in Makefile tinc.info sample-config.tar.gz diff --git a/lib/.cvsignore b/lib/.cvsignore deleted file mode 100644 index 1b907a49..00000000 --- a/lib/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile Makefile.in .deps diff --git a/m4/.cvsignore b/m4/.cvsignore deleted file mode 100644 index df1fab1d..00000000 --- a/m4/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile.am Makefile.in Makefile diff --git a/po/.cvsignore b/po/.cvsignore deleted file mode 100644 index 493861c8..00000000 --- a/po/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -Makefile.in.in POTFILES Makefile.in Makefile cat-id-tbl.c *.gmo stamp-cat-id *.pot diff --git a/src/.cvsignore b/src/.cvsignore deleted file mode 100644 index a7e420fa..00000000 --- a/src/.cvsignore +++ /dev/null @@ -1 +0,0 @@ -*.o .libs tincd Makefile.in Makefile .deps From a67a21ef3c17d32af95373e921138429a7fc507e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 15 Mar 2004 18:05:41 +0000 Subject: [PATCH 916/923] Eat trailing whitespace in config files. --- src/conf.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/conf.c b/src/conf.c index d0a2d2df..369a5fbc 100644 --- a/src/conf.c +++ b/src/conf.c @@ -321,7 +321,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) int err = -2; /* Parse error */ FILE *fp; char *buffer, *line; - char *variable, *value; + char *variable, *value, *eol; int lineno = 0; int len; bool ignore = false; @@ -372,6 +372,10 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) variable = value = line; + eol = line + strlen(line); + while(strchr("\t ", *--eol)) + *eol = '\0'; + len = strcspn(value, "\t ="); value += len; value += strspn(value, "\t "); @@ -381,6 +385,7 @@ int read_config_file(avl_tree_t *config_tree, const char *fname) } variable[len] = '\0'; + if(!*value) { logger(LOG_ERR, _("No value for variable `%s' on line %d while reading config file %s"), variable, lineno, fname); From a92c471a2bc0773a7473ef0361d1a51fafee50d4 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 15 Mar 2004 18:15:02 +0000 Subject: [PATCH 917/923] Only read our public key if it wasn't already in the private key file. --- src/net_setup.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/net_setup.c b/src/net_setup.c index 4ad44fb5..aa2fbfbe 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -150,17 +150,23 @@ bool read_rsa_public_key(connection_t *c) bool read_rsa_private_key(void) { FILE *fp; - char *fname, *key; + char *fname, *key, *pubkey; struct stat s; cp(); if(get_config_string(lookup_config(config_tree, "PrivateKey"), &key)) { + if(!get_config_string(lookup_config(myself->connection->config_tree, "PublicKey"), &pubkey)) { + logger(LOG_ERR, _("PrivateKey used but no PublicKey found!")); + return false; + } myself->connection->rsa_key = RSA_new(); // RSA_blinding_on(myself->connection->rsa_key, NULL); BN_hex2bn(&myself->connection->rsa_key->d, key); + BN_hex2bn(&myself->connection->rsa_key->n, pubkey); BN_hex2bn(&myself->connection->rsa_key->e, "FFFF"); free(key); + free(pubkey); return true; } @@ -242,19 +248,15 @@ bool setup_myself(void) myself->name = name; myself->connection->name = xstrdup(name); - if(!read_rsa_private_key()) - return false; - if(!read_connection_config(myself->connection)) { logger(LOG_ERR, _("Cannot open host configuration file for myself!")); return false; } - if(!read_rsa_public_key(myself->connection)) + if(!read_rsa_private_key()) return false; - if(!get_config_string - (lookup_config(myself->connection->config_tree, "Port"), &myport)) + if(!get_config_string(lookup_config(myself->connection->config_tree, "Port"), &myport)) asprintf(&myport, "655"); /* Read in all the subnets specified in the host configuration file */ From b05df3fcbfb8dbef4c87691d118c5b68aeb79e4a Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 15 Mar 2004 18:36:14 +0000 Subject: [PATCH 918/923] Updating dutch translation. --- po/nl.po | 498 ++++++++++++++++++++++++++++++++----------------------- 1 file changed, 286 insertions(+), 212 deletions(-) diff --git a/po/nl.po b/po/nl.po index d9779327..d06f7c57 100644 --- a/po/nl.po +++ b/po/nl.po @@ -1,13 +1,13 @@ # Dutch messages for tinc -# Copyright (C) 1999-2001 Ivo Timmermans, Guus Sliepen. +# Copyright (C) 1999-2004 Ivo Timmermans, Guus Sliepen. # Ivo Timmermans , 1999-2003. # Guus Sliepen , 2000-2003. msgid "" msgstr "" -"Project-Id-Version: tinc 1.0-cvs\n" +"Project-Id-Version: tinc 1.0-svn\n" "Report-Msgid-Bugs-To: tinc-devel@nl.linux.org\n" -"POT-Creation-Date: 2003-11-08 13:55+0100\n" -"PO-Revision-Date: 2003-10-11 16:21+0200\n" +"POT-Creation-Date: 2004-03-15 19:28+0100\n" +"PO-Revision-Date: 2004-03-15 19:28+0100\n" "Last-Translator: Guus Sliepen \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" @@ -36,12 +36,12 @@ msgid "" msgstr "" "Hostnaam of IP adres verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:227 +#: src/conf.c:225 #, c-format msgid "Subnet expected for configuration variable %s in %s line %d" msgstr "Subnet verwacht voor configuratievariabele %s in %s regel %d" -#: src/conf.c:238 +#: src/conf.c:236 #, c-format msgid "" "Network address and prefix length do not match for configuration variable %s " @@ -50,34 +50,34 @@ msgstr "" "Netwerk adres en prefix lengte komen niet overeen bij configuratievariabele %" "s in %s regel %d" -#: src/conf.c:339 +#: src/conf.c:336 #, c-format msgid "Cannot open config file %s: %s" msgstr "Kan configuratie bestand %s niet openen: %s" -#: src/conf.c:388 +#: src/conf.c:390 #, c-format msgid "No value for variable `%s' on line %d while reading config file %s" msgstr "" "Geen waarde voor variabele `%s' op regel %d tijdens het lezen van " "configuratie bestand %s" -#: src/conf.c:419 +#: src/conf.c:421 #, c-format msgid "Failed to read `%s': %s" msgstr "Lezen van `%s' mislukte: %s" -#: src/conf.c:441 +#: src/conf.c:443 #, c-format msgid "Please enter a file to save %s to [%s]: " msgstr "Geef een bestand om de %s naar de schrijven [%s]: " -#: src/conf.c:448 +#: src/conf.c:450 #, c-format msgid "Error while reading stdin: %s\n" msgstr "Fout tijdens lezen van standaardinvoer: %s\n" -#: src/conf.c:480 +#: src/conf.c:482 #, c-format msgid "Error opening file `%s': %s\n" msgstr "Fout bij het openen van het bestand `%s': %s\n" @@ -147,110 +147,130 @@ msgstr "Verwijderen onbereikbare nodes" msgid "Purging node %s (%s)" msgstr "Verwijdering node %s (%s)" -#: src/net.c:168 +#: src/net.c:170 #, c-format msgid "Closing connection with %s (%s)" msgstr "Beëindigen verbinding met %s (%s)" -#: src/net.c:232 +#: src/net.c:235 #, c-format msgid "%s (%s) didn't respond to PING" msgstr "%s (%s) antwoordde niet op ping" -#: src/net.c:241 +#: src/net.c:244 #, c-format msgid "Old connection_t for %s (%s) status %04x still lingering, deleting..." msgstr "" "Oude connection_t voor %s (%s) status %04x nog steeds aanwezig, wordt " "verwijderd..." -#: src/net.c:246 +#: src/net.c:249 #, c-format msgid "Timeout from %s (%s) during authentication" msgstr "Timeout van %s (%s) tijdens authenticatie" -#: src/net.c:288 +#: src/net.c:291 #, c-format msgid "Error while connecting to %s (%s): %s" msgstr "Fout tijdens schrijven naar %s (%s): %s" -#: src/net.c:343 +#: src/net.c:347 #, c-format msgid "Error while waiting for input: %s" msgstr "Fout tijdens wachten op invoer: %s" -#: src/net.c:374 +#: src/net.c:378 msgid "Regenerating symmetric key" msgstr "Hergenereren symmetrische sleutel" -#: src/net.c:391 +#: src/net.c:395 msgid "Flushing event queue" msgstr "Legen taakrij" -#: src/net.c:415 +#: src/net.c:419 msgid "Unable to reread configuration file, exitting." msgstr "Kan configuratiebestand niet herlezen, beëindigen." -#: src/net_packet.c:104 +#: src/net_packet.c:75 +#, c-format +msgid "No response to MTU probes from %s (%s)" +msgstr "Geen antwoord van %s (%s) op MTU probes" + +#: src/net_packet.c:82 +#, c-format +msgid "Fixing MTU of %s (%s) to %d after %d probes" +msgstr "MTU van %s (%s) vastgezet op %d na %d probes" + +#: src/net_packet.c:94 +#, c-format +msgid "Sending MTU probe length %d to %s (%s)" +msgstr "Verzending MTU probe lengte %d naar %s (%s)" + +#: src/net_packet.c:107 +#, c-format +msgid "Got MTU probe length %d from %s (%s)" +msgstr "Kreeg MTU probe met verkeerde lengte %d van %s (%s)" + +#: src/net_packet.c:164 #, c-format msgid "Received packet of %d bytes from %s (%s)" msgstr "Ontvangst pakket van %d bytes van %s (%s)" -#: src/net_packet.c:125 +#: src/net_packet.c:185 src/route.c:108 #, c-format msgid "Got too short packet from %s (%s)" msgstr "Kreeg te kort pakket van %s (%s)" -#: src/net_packet.c:138 +#: src/net_packet.c:198 #, c-format msgid "Got unauthenticated packet from %s (%s)" msgstr "Kreeg niet-geauthenticeerd pakket van %s (%s)" -#: src/net_packet.c:153 +#: src/net_packet.c:213 #, c-format msgid "Error decrypting packet from %s (%s): %s" msgstr "Fout tijdens ontsleutelen pakket van %s (%s): %s" -#: src/net_packet.c:169 +#: src/net_packet.c:229 #, c-format msgid "Lost %d packets from %s (%s)" msgstr "%d pakketten van %s (%s) verloren" -#: src/net_packet.c:175 +#: src/net_packet.c:235 #, c-format msgid "Got late or replayed packet from %s (%s), seqno %d, last received %d" msgstr "" "Kreeg laat of gedupliceerd pakket van %s (%s), seqno %d, laatste ontvangen %d" -#: src/net_packet.c:195 +#: src/net_packet.c:255 #, c-format msgid "Error while uncompressing packet from %s (%s)" msgstr "Fout tijdens decomprimeren pakket van %s (%s)" -#: src/net_packet.c:240 +#: src/net_packet.c:303 #, c-format msgid "No valid key known yet for %s (%s), queueing packet" msgstr "" "Nog geen geldige sleutel bekend voor %s (%s), pakket wordt in wachtrij gezet" -#: src/net_packet.c:270 +#: src/net_packet.c:332 #, c-format msgid "Error while compressing packet to %s (%s)" msgstr "Fout tijdens comprimeren pakket naar %s (%s)" -#: src/net_packet.c:292 +#: src/net_packet.c:354 #, c-format msgid "Error while encrypting packet to %s (%s): %s" msgstr "Fout tijdens versleutelen pakket naar %s (%s): %s" -#: src/net_packet.c:324 +#: src/net_packet.c:386 #, c-format msgid "Setting outgoing packet priority to %d" msgstr "Instellen prioriteit uitgaand pakket op %d" -#: src/net_packet.c:326 src/net_setup.c:472 src/net_socket.c:74 -#: src/net_socket.c:122 src/net_socket.c:153 src/tincd.c:434 src/tincd.c:468 -#: src/process.c:198 src/process.c:231 src/process.c:413 +#: src/net_packet.c:388 src/net_setup.c:475 src/net_socket.c:72 +#: src/net_socket.c:123 src/net_socket.c:152 src/tincd.c:434 src/tincd.c:468 +#: src/process.c:198 src/process.c:231 src/process.c:417 #: src/cygwin/device.c:150 src/cygwin/device.c:181 src/mingw/device.c:82 #: src/mingw/device.c:91 src/mingw/device.c:96 src/mingw/device.c:252 #: src/mingw/device.c:259 src/mingw/device.c:264 src/mingw/device.c:271 @@ -259,46 +279,42 @@ msgstr "Instellen prioriteit uitgaand pakket op %d" msgid "System call `%s' failed: %s" msgstr "Systeemaanroep `%s' mislukte: %s" -#: src/net_packet.c:331 +#: src/net_packet.c:399 #, c-format msgid "Error sending packet to %s (%s): %s" msgstr "Fout tijdens verzenden pakket naar %s (%s): %s" -#: src/net_packet.c:347 +#: src/net_packet.c:422 #, c-format msgid "Sending packet of %d bytes to %s (%s)" msgstr "Verzending pakket van %d bytes naar %s (%s)" -#: src/net_packet.c:351 -msgid "Packet is looping back to us!" -msgstr "Pakket komt terug naar ons!" - -#: src/net_packet.c:356 +#: src/net_packet.c:426 #, c-format msgid "Node %s (%s) is not reachable" msgstr "Node %s (%s) is niet bereikbaar" -#: src/net_packet.c:364 +#: src/net_packet.c:434 #, c-format msgid "Sending packet to %s via %s (%s)" msgstr "Verzending pakket naar %s via %s (%s)" -#: src/net_packet.c:383 +#: src/net_packet.c:453 #, c-format msgid "Broadcasting packet of %d bytes from %s (%s)" msgstr "Verspreiding pakket van %d bytes van %s (%s)" -#: src/net_packet.c:400 +#: src/net_packet.c:470 #, c-format msgid "Flushing queue for %s (%s)" msgstr "Legen van wachtrij voor %s (%s)" -#: src/net_packet.c:422 +#: src/net_packet.c:492 #, c-format msgid "Receiving packet failed: %s" msgstr "Ontvangst pakket mislukt: %s" -#: src/net_packet.c:432 +#: src/net_packet.c:502 #, c-format msgid "Received UDP packet from unknown source %s" msgstr "Ontvangst UDP pakket van onbekende oorsprong %s" @@ -318,182 +334,186 @@ msgstr "Lezen RSA publieke sleutel bestand `%s' mislukt: %s" msgid "No public key for %s specified!" msgstr "Geen publieke sleutel bekend voor %s gespecificeerd!" -#: src/net_setup.c:173 +#: src/net_setup.c:160 +msgid "PrivateKey used but no PublicKey found!" +msgstr "PrivateKey gebruikt maar geen PublicKey gevonden!" + +#: src/net_setup.c:179 #, c-format msgid "Error reading RSA private key file `%s': %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:181 +#: src/net_setup.c:187 #, c-format msgid "Could not stat RSA private key file `%s': %s'" msgstr "Kon gegevens RSA privé sleutel bestand `%s' niet opvragen: %s" -#: src/net_setup.c:188 +#: src/net_setup.c:194 #, c-format msgid "Warning: insecure file permissions for RSA private key file `%s'!" msgstr "" "Waarschuwing: onveilige permissies voor RSA privé sleutel bestand `%s'!" -#: src/net_setup.c:195 +#: src/net_setup.c:201 #, c-format msgid "Reading RSA private key file `%s' failed: %s" msgstr "Fout tijdens lezen RSA privé sleutel bestand `%s': %s" -#: src/net_setup.c:225 src/net_setup.c:226 +#: src/net_setup.c:231 src/net_setup.c:232 msgid "MYSELF" msgstr "MIJZELF" -#: src/net_setup.c:232 +#: src/net_setup.c:238 msgid "Name for tinc daemon required!" msgstr "Naam voor tinc daemon verplicht!" -#: src/net_setup.c:237 +#: src/net_setup.c:243 msgid "Invalid name for myself!" msgstr "Ongeldige naam voor mijzelf!" -#: src/net_setup.c:249 +#: src/net_setup.c:252 msgid "Cannot open host configuration file for myself!" msgstr "Kan host configuratie bestand voor mijzelf niet openen!" -#: src/net_setup.c:302 +#: src/net_setup.c:305 msgid "Invalid routing mode!" msgstr "Ongeldige routing modus!" -#: src/net_setup.c:313 +#: src/net_setup.c:316 msgid "PriorityInheritance not supported on this platform" msgstr "PriorityInheritance wordt niet ondersteund op dit platform" -#: src/net_setup.c:321 +#: src/net_setup.c:324 msgid "Bogus maximum timeout!" msgstr "Onzinnige maximum timeout!" -#: src/net_setup.c:335 +#: src/net_setup.c:338 msgid "Invalid address family!" msgstr "Ongeldige adresfamilie!" -#: src/net_setup.c:353 +#: src/net_setup.c:356 msgid "Unrecognized cipher type!" msgstr "Onbekend cipher type!" -#: src/net_setup.c:378 src/protocol_auth.c:198 +#: src/net_setup.c:381 src/protocol_auth.c:189 #, c-format msgid "Error during initialisation of cipher for %s (%s): %s" msgstr "Fout tijdens initialisatie van cipher voor %s (%s): %s" -#: src/net_setup.c:395 +#: src/net_setup.c:398 msgid "Unrecognized digest type!" msgstr "Onbekend digest type!" -#: src/net_setup.c:408 +#: src/net_setup.c:411 msgid "MAC length exceeds size of digest!" msgstr "MAC lengte is groter dan dat van digest!" -#: src/net_setup.c:411 +#: src/net_setup.c:414 msgid "Bogus MAC length!" msgstr "Onzinnige MAC lengte!" -#: src/net_setup.c:425 +#: src/net_setup.c:428 msgid "Bogus compression level!" msgstr "Onzinnig compressieniveau!" -#: src/net_setup.c:494 +#: src/net_setup.c:497 #, c-format msgid "Listening on %s" msgstr "Luisterend op %s" -#: src/net_setup.c:505 +#: src/net_setup.c:508 msgid "Ready" msgstr "Gereed" -#: src/net_setup.c:507 +#: src/net_setup.c:510 msgid "Unable to create any listening socket!" msgstr "Kon geen enkele luistersocket aanmaken!" -#: src/net_socket.c:65 +#: src/net_socket.c:62 #, c-format msgid "Creating metasocket failed: %s" msgstr "Aanmaak van metasocket mislukt: %s" -#: src/net_socket.c:102 src/net_socket.c:170 +#: src/net_socket.c:103 src/net_socket.c:195 #, c-format msgid "Can't bind to interface %s: %s" msgstr "Kan niet aan interface %s binden: %s" -#: src/net_socket.c:107 +#: src/net_socket.c:108 msgid "BindToInterface not supported on this platform" msgstr "BindToInterface wordt niet ondersteund op dit platform" -#: src/net_socket.c:114 +#: src/net_socket.c:115 #, c-format msgid "Can't bind to %s/tcp: %s" msgstr "Kan niet aan %s/tcp binden: %s" -#: src/net_socket.c:145 +#: src/net_socket.c:142 #, c-format msgid "Creating UDP socket failed: %s" msgstr "Aanmaak UDP socket mislukte: %s" -#: src/net_socket.c:180 +#: src/net_socket.c:206 #, c-format msgid "Can't bind to %s/udp: %s" msgstr "Kan niet aan %s/udp binden: %s" -#: src/net_socket.c:207 +#: src/net_socket.c:233 #, c-format msgid "Trying to re-establish outgoing connection in %d seconds" msgstr "Poging tot herstellen van uitgaande verbinding over %d seconden" -#: src/net_socket.c:215 +#: src/net_socket.c:241 #, c-format msgid "Connected to %s (%s)" msgstr "Verbonden met %s (%s)" -#: src/net_socket.c:232 +#: src/net_socket.c:258 #, c-format msgid "Could not set up a meta connection to %s" msgstr "Kon geen metaverbinding aangaan met %s" -#: src/net_socket.c:267 +#: src/net_socket.c:292 #, c-format msgid "Trying to connect to %s (%s)" msgstr "Poging tot verbinden met %s (%s)" -#: src/net_socket.c:273 +#: src/net_socket.c:298 #, c-format msgid "Creating socket for %s failed: %s" msgstr "Aanmaken socket voor %s mislukt: %s" -#: src/net_socket.c:297 +#: src/net_socket.c:322 #, c-format msgid "fcntl for %s: %s" msgstr "fcntl voor %s: %s" -#: src/net_socket.c:313 +#: src/net_socket.c:338 #, c-format msgid "%s: %s" msgstr "%s: %s" -#: src/net_socket.c:334 +#: src/net_socket.c:359 #, c-format msgid "Already connected to %s" msgstr "Reeds verbonden met %s" -#: src/net_socket.c:353 +#: src/net_socket.c:378 #, c-format msgid "No address specified for %s" msgstr "Geen adres gespecificeerd voor %s" -#: src/net_socket.c:383 +#: src/net_socket.c:408 #, c-format msgid "Accepting a new connection failed: %s" msgstr "Aanname van nieuwe verbinding is mislukt: %s" -#: src/net_socket.c:401 +#: src/net_socket.c:426 #, c-format msgid "Connection from %s" msgstr "Verbinding van %s" -#: src/net_socket.c:425 +#: src/net_socket.c:450 #, c-format msgid "Invalid name for outgoing connection in %s line %d" msgstr "Ongeldige naam voor uitgaande verbinding in %s regel %d" @@ -524,208 +544,208 @@ msgid "sockaddrcmp() was called with unknown address family %d, exitting!" msgstr "" "sockaddrcmp() werd aangeroepen met onbekende adresfamilie %d, beëindigen!" -#: src/protocol.c:85 +#: src/protocol.c:87 #, c-format msgid "Output buffer overflow while sending request to %s (%s)" msgstr "Uitvoer buffer overvol tijdens zenden verzoek naar %s (%s)" -#: src/protocol.c:93 +#: src/protocol.c:95 #, c-format msgid "Sending %s to %s (%s): %s" msgstr "Verzending %s naar %s (%s): %s" -#: src/protocol.c:96 +#: src/protocol.c:98 #, c-format msgid "Sending %s to %s (%s)" msgstr "Verzending %s naar %s (%s)" -#: src/protocol.c:118 +#: src/protocol.c:120 #, c-format msgid "Forwarding %s from %s (%s): %s" msgstr "Doorsturen %s van %s (%s): %s" -#: src/protocol.c:122 +#: src/protocol.c:124 #, c-format msgid "Forwarding %s from %s (%s)" msgstr "Doorsturen %s van %s (%s)" -#: src/protocol.c:140 +#: src/protocol.c:142 #, c-format msgid "Unknown request from %s (%s): %s" msgstr "Onbekend verzoek van %s (%s): %s" -#: src/protocol.c:143 +#: src/protocol.c:145 #, c-format msgid "Unknown request from %s (%s)" msgstr "Onbekend verzoek van %s (%s)" -#: src/protocol.c:150 +#: src/protocol.c:152 #, c-format msgid "Got %s from %s (%s): %s" msgstr "Kreeg %s van %s (%s): %s" -#: src/protocol.c:154 +#: src/protocol.c:156 #, c-format msgid "Got %s from %s (%s)" msgstr "Kreeg %s van %s (%s)" -#: src/protocol.c:160 +#: src/protocol.c:162 #, c-format msgid "Unauthorized request from %s (%s)" msgstr "Niet toegestaan verzoek van %s (%s)" -#: src/protocol.c:168 +#: src/protocol.c:170 #, c-format msgid "Error while processing %s from %s (%s)" msgstr "Fout tijdens afhandelen %s van %s (%s)" -#: src/protocol.c:173 +#: src/protocol.c:175 #, c-format msgid "Bogus data received from %s (%s)" msgstr "Onzinnige data ontvangen van %s (%s)" -#: src/protocol.c:219 +#: src/protocol.c:221 msgid "Already seen request" msgstr "Verzoek reeds gezien" -#: src/protocol.c:249 +#: src/protocol.c:251 #, c-format msgid "Aging past requests: deleted %d, left %d" msgstr "Veroudering vorige verzoeken: %d gewist, %d overgebleven" -#: src/protocol_auth.c:59 src/protocol_auth.c:218 src/protocol_auth.c:347 -#: src/protocol_auth.c:414 src/protocol_auth.c:517 src/protocol_edge.c:73 -#: src/protocol_edge.c:184 src/protocol_key.c:62 src/protocol_key.c:104 -#: src/protocol_key.c:168 src/protocol_misc.c:54 src/protocol_misc.c:83 -#: src/protocol_misc.c:171 src/protocol_subnet.c:61 src/protocol_subnet.c:151 +#: src/protocol_auth.c:58 src/protocol_auth.c:209 src/protocol_auth.c:338 +#: src/protocol_auth.c:405 src/protocol_auth.c:531 src/protocol_edge.c:73 +#: src/protocol_edge.c:188 src/protocol_key.c:62 src/protocol_key.c:105 +#: src/protocol_key.c:172 src/protocol_misc.c:54 src/protocol_misc.c:83 +#: src/protocol_misc.c:171 src/protocol_subnet.c:58 src/protocol_subnet.c:167 #, c-format msgid "Got bad %s from %s (%s)" msgstr "Kreeg verkeerde %s van %s (%s)" -#: src/protocol_auth.c:67 src/protocol_edge.c:81 src/protocol_edge.c:87 -#: src/protocol_edge.c:192 src/protocol_edge.c:198 src/protocol_subnet.c:69 -#: src/protocol_subnet.c:79 src/protocol_subnet.c:159 -#: src/protocol_subnet.c:179 +#: src/protocol_auth.c:66 src/protocol_edge.c:81 src/protocol_edge.c:87 +#: src/protocol_edge.c:196 src/protocol_edge.c:202 src/protocol_subnet.c:66 +#: src/protocol_subnet.c:74 src/protocol_subnet.c:175 +#: src/protocol_subnet.c:196 #, c-format msgid "Got bad %s from %s (%s): %s" msgstr "Kreeg verkeerde %s van %s (%s): %s" -#: src/protocol_auth.c:76 +#: src/protocol_auth.c:75 #, c-format msgid "Peer %s is %s instead of %s" msgstr "Ander %s is %s in plaats van %s" -#: src/protocol_auth.c:86 +#: src/protocol_auth.c:85 #, c-format msgid "Peer %s (%s) uses incompatible version %d" msgstr "Ander %s (%s) gebruikt incompatibele versie %d" -#: src/protocol_auth.c:102 +#: src/protocol_auth.c:101 #, c-format msgid "Peer %s had unknown identity (%s)" msgstr "Ander %s heeft onbekende identiteit (%s)" -#: src/protocol_auth.c:162 +#: src/protocol_auth.c:153 #, c-format msgid "Generated random meta key (unencrypted): %s" msgstr "Willekeurige meta sleutel aangemaakt (niet versleuteld): %s" -#: src/protocol_auth.c:174 src/protocol_auth.c:247 +#: src/protocol_auth.c:165 src/protocol_auth.c:238 #, c-format msgid "Error during encryption of meta key for %s (%s)" msgstr "Fout tijdens versleutelen van meta key voor %s (%s)" -#: src/protocol_auth.c:228 src/protocol_auth.c:357 src/protocol_auth.c:422 -#: src/protocol_auth.c:444 +#: src/protocol_auth.c:219 src/protocol_auth.c:348 src/protocol_auth.c:413 +#: src/protocol_auth.c:435 #, c-format msgid "Possible intruder %s (%s): %s" msgstr "Mogelijke indringer %s (%s): %s" -#: src/protocol_auth.c:255 +#: src/protocol_auth.c:246 #, c-format msgid "Received random meta key (unencrypted): %s" msgstr "Ontving willekeurige meta key (niet versleuteld): %s" -#: src/protocol_auth.c:266 +#: src/protocol_auth.c:257 #, c-format msgid "%s (%s) uses unknown cipher!" msgstr "%s (%s) gebruikt onbekende cipher!" -#: src/protocol_auth.c:274 +#: src/protocol_auth.c:265 #, c-format msgid "Error during initialisation of cipher from %s (%s): %s" msgstr "Fout tijdens initalisatie van cipher van %s (%s): %s" -#: src/protocol_auth.c:290 src/protocol_key.c:235 +#: src/protocol_auth.c:281 src/protocol_key.c:242 #, c-format msgid "Node %s (%s) uses unknown digest!" msgstr "Node %s (%s) gebruikt onbekende digest!" -#: src/protocol_auth.c:295 +#: src/protocol_auth.c:286 #, c-format msgid "%s (%s) uses bogus MAC length!" msgstr "%s (%s) gebruikt onzinnige MAC lengte!" -#: src/protocol_auth.c:390 +#: src/protocol_auth.c:381 #, c-format msgid "Error during calculation of response for %s (%s): %s" msgstr "Fout tijdens berekenen van antwoord voor %s (%s): %s" -#: src/protocol_auth.c:423 +#: src/protocol_auth.c:414 msgid "wrong challenge reply length" msgstr "verkeerde lengte antwoord op uitdaging" -#: src/protocol_auth.c:436 +#: src/protocol_auth.c:427 #, c-format msgid "Error during calculation of response from %s (%s): %s" msgstr "Fout tijdens narekenen van antwoord van %s (%s): %s" -#: src/protocol_auth.c:445 +#: src/protocol_auth.c:436 msgid "wrong challenge reply" msgstr "verkeerd antwoord op uitdaging" -#: src/protocol_auth.c:450 +#: src/protocol_auth.c:441 #, c-format msgid "Expected challenge reply: %s" msgstr "Verwachtte antwoord op uitdaging: %s" -#: src/protocol_auth.c:533 +#: src/protocol_auth.c:547 #, c-format msgid "Established a second connection with %s (%s), closing old connection" msgstr "Tweede verbinding met %s (%s) gemaakt, oude verbinding wordt gesloten" -#: src/protocol_auth.c:550 +#: src/protocol_auth.c:570 #, c-format msgid "Connection with %s (%s) activated" msgstr "Verbinding met %s (%s) geactiveerd" -#: src/protocol_edge.c:82 src/protocol_edge.c:88 src/protocol_edge.c:193 -#: src/protocol_edge.c:199 src/protocol_subnet.c:70 src/protocol_subnet.c:160 +#: src/protocol_edge.c:82 src/protocol_edge.c:88 src/protocol_edge.c:197 +#: src/protocol_edge.c:203 src/protocol_subnet.c:67 src/protocol_subnet.c:176 msgid "invalid name" msgstr "ongeldige naam" -#: src/protocol_edge.c:124 +#: src/protocol_edge.c:127 #, c-format msgid "Got %s from %s (%s) for ourself which does not match existing entry" msgstr "" "Kreeg %s van %s (%s) voor onszelf welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:129 +#: src/protocol_edge.c:132 #, c-format msgid "Got %s from %s (%s) which does not match existing entry" msgstr "Kreeg %s van %s (%s) welke niet overeenkomt met reeds bekende" -#: src/protocol_edge.c:137 +#: src/protocol_edge.c:140 #, c-format msgid "Got %s from %s (%s) for ourself which does not exist" msgstr "Kreeg %s van %s (%s) voor onszelf welke niet bestaat" -#: src/protocol_edge.c:211 src/protocol_edge.c:219 src/protocol_edge.c:229 +#: src/protocol_edge.c:215 src/protocol_edge.c:223 src/protocol_edge.c:236 #, c-format msgid "Got %s from %s (%s) which does not appear in the edge tree" msgstr "Kreeg %s van %s (%s) welke niet voorkomt in de edge tree" -#: src/protocol_edge.c:235 src/protocol_subnet.c:107 src/protocol_subnet.c:204 +#: src/protocol_edge.c:242 src/protocol_subnet.c:103 src/protocol_subnet.c:219 #, c-format msgid "Got %s from %s (%s) for ourself" msgstr "Kreeg %s van %s (%s) voor onszelf" @@ -735,14 +755,14 @@ msgstr "Kreeg %s van %s (%s) voor onszelf" msgid "Got %s from %s (%s) origin %s which does not exist" msgstr "Kreeg %s van %s (%s) herkomst %s welke niet bestaat" -#: src/protocol_key.c:112 src/protocol_key.c:176 +#: src/protocol_key.c:113 src/protocol_key.c:180 #, c-format msgid "" "Got %s from %s (%s) origin %s which does not exist in our connection list" msgstr "" "Kreeg %s van %s (%s) herkomst %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:120 src/protocol_key.c:184 +#: src/protocol_key.c:121 src/protocol_key.c:188 #, c-format msgid "" "Got %s from %s (%s) destination %s which does not exist in our connection " @@ -750,27 +770,27 @@ msgid "" msgstr "" "Kreeg %s van %s (%s) doel %s welke niet voorkomt in de verbindingslijst" -#: src/protocol_key.c:215 +#: src/protocol_key.c:222 #, c-format msgid "Node %s (%s) uses unknown cipher!" msgstr "Node %s (%s) gebruikt onbekende cipher!" -#: src/protocol_key.c:221 +#: src/protocol_key.c:228 #, c-format msgid "Node %s (%s) uses wrong keylength!" msgstr "Node %s (%s) gebruikt verkeerde lengte sleutel!" -#: src/protocol_key.c:241 +#: src/protocol_key.c:248 #, c-format msgid "Node %s (%s) uses bogus MAC length!" msgstr "Node %s (%s) gebruikt onzinnige MAC lengte!" -#: src/protocol_key.c:250 +#: src/protocol_key.c:257 #, c-format msgid "Node %s (%s) uses bogus compression level!" msgstr "Node %s (%s) gebruikt onzinnig compressieniveau!" -#: src/protocol_key.c:258 +#: src/protocol_key.c:265 #, c-format msgid "Error during initialisation of key from %s (%s): %s" msgstr "Fout tijdens initialisatie van sleutel van %s (%s): %s" @@ -785,16 +805,16 @@ msgstr "Statusmelding van %s (%s): %d: %s" msgid "Error message from %s (%s): %d: %s" msgstr "Foutmelding van %s (%s): %d: %s" -#: src/protocol_subnet.c:80 src/protocol_subnet.c:180 +#: src/protocol_subnet.c:75 src/protocol_subnet.c:197 msgid "invalid subnet string" msgstr "ongeldige subnet string" -#: src/protocol_subnet.c:169 +#: src/protocol_subnet.c:185 #, c-format msgid "Got %s from %s (%s) for %s which is not in our node tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in de node boom" -#: src/protocol_subnet.c:196 +#: src/protocol_subnet.c:211 #, c-format msgid "Got %s from %s (%s) for %s which does not appear in his subnet tree" msgstr "Kreeg %s van %s (%s) voor %s welke niet voorkomt in zijn subnet boom" @@ -805,21 +825,21 @@ msgid "subnet_compare() was called with unknown subnet type %d, exitting!" msgstr "" "subnet_compare() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:288 +#: src/subnet.c:281 #, c-format msgid "net2str() was called with unknown subnet type %d, exiting!" msgstr "net2str() werd aangeroepen met onbekend subnet type %d, beëindigen!" -#: src/subnet.c:403 +#: src/subnet.c:396 msgid "Subnet list:" msgstr "Subnet lijst:" -#: src/subnet.c:408 +#: src/subnet.c:402 #, c-format msgid " %s owner %s" msgstr " %s eigenaar %s" -#: src/subnet.c:412 +#: src/subnet.c:405 msgid "End of subnet list." msgstr "Einde van subnet lijst." @@ -838,6 +858,7 @@ msgstr "" "\n" #: src/tincd.c:112 +#, c-format msgid "" " -c, --config=DIR Read configuration options from DIR.\n" " -D, --no-detach Don't fork and detach.\n" @@ -867,6 +888,7 @@ msgstr "" "\n" #: src/tincd.c:123 +#, c-format msgid "Report bugs to tinc@nl.linux.org.\n" msgstr "" "Meld fouten in het programma aan tinc@nl.linux.org;\n" @@ -895,10 +917,12 @@ msgid "Generating %d bits keys:\n" msgstr "Bezig met genereren van een %d bits sleutel:\n" #: src/tincd.c:298 +#, c-format msgid "Error during key generation!\n" msgstr "Fout tijdens genereren sleutel!\n" #: src/tincd.c:301 +#, c-format msgid "Done.\n" msgstr "Klaar.\n" @@ -907,6 +931,7 @@ msgid "private RSA key" msgstr "geheime RSA sleutel" #: src/tincd.c:315 src/tincd.c:334 +#, c-format msgid "" "Appending key to existing contents.\n" "Make sure only one key is stored in the file.\n" @@ -929,6 +954,7 @@ msgid "%s version %s (built %s %s, protocol %d)\n" msgstr "%s versie %s (gemaakt %s %s, protocol %d)\n" #: src/tincd.c:410 +#, c-format msgid "" "Copyright (C) 1998-2003 Ivo Timmermans, Guus Sliepen and others.\n" "See the AUTHORS file for a complete list.\n" @@ -953,16 +979,7 @@ msgstr "mlockall() wordt niet ondersteund op dit platform!" msgid "Error initializing LZO compressor!" msgstr "Fout tijdens initialiseren LZO compressor!" -#: src/tincd.c:490 -#, c-format -msgid "Restarting in %d seconds!" -msgstr "Herstart in %d seconden!" - -#: src/tincd.c:493 src/process.c:466 -msgid "Not restarting." -msgstr "Geen herstart." - -#: src/tincd.c:509 +#: src/tincd.c:503 msgid "Terminating" msgstr "Beëindigen" @@ -1041,84 +1058,101 @@ msgstr "Een tincd draait al voor net `%s' met pid %ld.\n" msgid "A tincd is already running with pid %ld.\n" msgstr "Een tincd draait al met pid %ld.\n" -#: src/process.c:281 +#: src/process.c:261 +#, c-format +msgid "Could write pid file %s: %s\n" +msgstr "Kon pid bestand %s niet openen: %s\n" + +#: src/process.c:283 #, c-format msgid "No other tincd is running for net `%s'.\n" msgstr "Geen andere tincd draait voor net `%s'.\n" -#: src/process.c:284 +#: src/process.c:286 +#, c-format msgid "No other tincd is running.\n" msgstr "Geen andere tincd draait.\n" -#: src/process.c:293 +#: src/process.c:295 #, c-format msgid "The tincd for net `%s' is no longer running. " msgstr "De tincd voor net `%s' draait niet meer. " -#: src/process.c:296 +#: src/process.c:298 +#, c-format msgid "The tincd is no longer running. " msgstr "De tincd draait niet meer. " -#: src/process.c:298 +#: src/process.c:300 +#, c-format msgid "Removing stale lock file.\n" msgstr "Verwijdering oud vergrendelingsbestand.\n" -#: src/process.c:331 +#: src/process.c:333 #, c-format msgid "Couldn't detach from terminal: %s" msgstr "Kon niet ontkoppelen van terminal: %s" -#: src/process.c:348 +#: src/process.c:341 +#, c-format +msgid "Could not write pid file %s: %s\n" +msgstr "Kon pid bestand %s niet schrijven: %s\n" + +#: src/process.c:352 #, c-format msgid "tincd %s (%s %s) starting, debug level %d" msgstr "tincd %s (%s %s) start, debug niveau %d" -#: src/process.c:380 +#: src/process.c:384 #, c-format msgid "Executing script %s" msgstr "Uitvoeren script %s" -#: src/process.c:400 +#: src/process.c:404 #, c-format msgid "Script %s exited with non-zero status %d" msgstr "Script %s beëindigde met status %d" -#: src/process.c:405 +#: src/process.c:409 #, c-format msgid "Script %s was killed by signal %d (%s)" msgstr "Script %s was gestopt door signaal %d (%s)" -#: src/process.c:409 +#: src/process.c:413 #, c-format msgid "Script %s terminated abnormally" msgstr "Script %s abnormaal beëindigd" -#: src/process.c:429 src/process.c:435 src/process.c:473 src/process.c:479 -#: src/process.c:497 +#: src/process.c:433 src/process.c:442 src/process.c:483 src/process.c:489 +#: src/process.c:507 #, c-format msgid "Got %s signal" msgstr "Kreeg %s signaal" -#: src/process.c:441 +#: src/process.c:451 #, c-format msgid "Got another fatal signal %d (%s): not restarting." msgstr "Kreeg nog een fataal signaal %d (%s): geen herstart." -#: src/process.c:450 +#: src/process.c:460 #, c-format msgid "Got fatal signal %d (%s)" msgstr "Kreeg fataal signaal %d (%s)" -#: src/process.c:454 +#: src/process.c:464 msgid "Trying to re-execute in 5 seconds..." msgstr "Poging tot herstarten over 5 seconden..." -#: src/process.c:482 +#: src/process.c:476 +msgid "Not restarting." +msgstr "Geen herstart." + +#: src/process.c:492 #, c-format msgid "Reverting to old debug level (%d)" msgstr "Herstellen van oud debug niveau (%d)" -#: src/process.c:488 +#: src/process.c:498 #, c-format msgid "" "Temporarily setting debug level to 5. Kill me with SIGINT again to go back " @@ -1127,58 +1161,89 @@ msgstr "" "Tijdelijk instellen debug niveau op 5. Zend nog een SIGINT signaal om niveau " "%d te herstellen." -#: src/process.c:521 +#: src/process.c:531 #, c-format msgid "Got unexpected signal %d (%s)" msgstr "Kreeg onverwacht signaal %d (%s)" -#: src/process.c:527 +#: src/process.c:537 #, c-format msgid "Ignored signal %d (%s)" msgstr "Signaal %d (%s) genegeerd" -#: src/process.c:582 +#: src/process.c:591 #, c-format msgid "Installing signal handler for signal %d (%s) failed: %s\n" msgstr "Installeren van signaal afhandelaar voor signaal %d (%s) faalde: %s\n" -#: src/route.c:120 +#: src/route.c:127 #, c-format msgid "Learned new MAC address %hx:%hx:%hx:%hx:%hx:%hx" msgstr "Nieuw MAC adres %hx:%hx:%hx:%hx:%hx:%hx geleerd" -#: src/route.c:153 +#: src/route.c:165 #, c-format -msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" -msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" +msgid "Subnet %s expired" +msgstr "Subnet %s is verlopen" -#: src/route.c:271 +#: src/route.c:200 src/route.c:353 src/route.c:495 #, c-format -msgid "Cannot route packet: unknown IPv4 destination address %d.%d.%d.%d" -msgstr "Kan pakket niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" +msgid "Packet looping back to %s (%s)!" +msgstr "Pakket komt terug naar %s (%s)!" -#: src/route.c:371 +#: src/route.c:299 +#, c-format +msgid "Length of packet (%d) doesn't match length in IPv4 header (%d)" +msgstr "" +"Lengte van pakket (%d) komt niet overeen met lengte in IPv4 header (%d)" + +#: src/route.c:303 +#, c-format +msgid "Fragmenting packet of %d bytes to %s (%s)" +msgstr "Fragmentatie pakket van %d bytes naar %s (%s)" + +#: src/route.c:341 #, c-format msgid "" -"Cannot route packet: unknown IPv6 destination address %hx:%hx:%hx:%hx:%hx:%" -"hx:%hx:%hx" +"Cannot route packet from %s (%s): unknown IPv4 destination address %d.%d.%d.%" +"d" msgstr "" -"Kan pakket niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%hx:%hx:%hx:%" -"hx:%hx" +"Kan pakket van %s (%s) niet routeren: onbekend IPv4 doeladres %d.%d.%d.%d" -#: src/route.c:425 +#: src/route.c:366 src/route.c:505 +#, c-format +msgid "Packet for %s (%s) length %d larger than MTU %d" +msgstr "Packet voor %s (%s) lengte %d groter dan MTU %d" + +#: src/route.c:479 +#, c-format +msgid "" +"Cannot route packet from %s (%s): unknown IPv6 destination address %hx:%hx:%" +"hx:%hx:%hx:%hx:%hx:%hx" +msgstr "" +"Kan pakket van %s (%s) niet routeren: onbekend IPv6 doeladres %hx:%hx:%hx:%" +"hx:%hx:%hx:%hx:%hx" + +#: src/route.c:537 +#, c-format +msgid "Got neighbor solicitation request from %s (%s) while in router mode!" +msgstr "" +"Kreeg neighbor solicitation request van %s (%s) terwijl we in router mode " +"werken!" + +#: src/route.c:556 msgid "" "Cannot route packet: received unknown type neighbor solicitation request" msgstr "" "Kan pakket niet routeren: ontvangst van onbekend type neighbor solicitation " "verzoek" -#: src/route.c:443 +#: src/route.c:575 msgid "Cannot route packet: checksum error for neighbor solicitation request" msgstr "" "Kan pakket niet routeren: checksum fout voor neighbor solicitation verzoek" -#: src/route.c:452 +#: src/route.c:584 #, c-format msgid "" "Cannot route packet: neighbor solicitation request for unknown address %hx:%" @@ -1187,39 +1252,39 @@ msgstr "" "Kan pakket niet routeren: neighbor solicitation verzoek voor onbekend adres %" "hx:%hx:%hx:%hx:%hx:%hx:%hx:%hx" -#: src/route.c:532 +#: src/route.c:671 +#, c-format +msgid "Got ARP request from %s (%s) while in router mode!" +msgstr "Kreeg ARP request van %s (%s) terwijl we in router mode werken!" + +#: src/route.c:688 msgid "Cannot route packet: received unknown type ARP request" msgstr "Kan pakket niet routeren: ontvangst van onbekend type ARP verzoek" -#: src/route.c:541 +#: src/route.c:697 #, c-format msgid "Cannot route packet: ARP request for unknown address %d.%d.%d.%d" msgstr "Kan pakket niet routeren: ARP verzoek voor onbekend adres %d.%d.%d.%d" -#: src/route.c:578 src/route.c:590 src/route.c:599 src/route.c:612 -#: src/route.c:644 src/route.c:658 src/route.c:667 -msgid "Read too short packet" -msgstr "Te kort pakket gelezen" - -#: src/route.c:620 +#: src/route.c:753 #, c-format -msgid "Cannot route packet: unknown type %hx" -msgstr "Kan pakket niet routeren: onbekend type %hx" +msgid "Cannot route packet from %s (%s): unknown type %hx" +msgstr "Kan pakket van %s (%s) niet routeren: onbekend type %hx" -#: src/node.c:178 +#: src/node.c:183 msgid "Nodes:" msgstr "Nodes:" -#: src/node.c:182 +#: src/node.c:187 #, c-format msgid "" " %s at %s cipher %d digest %d maclength %d compression %d options %lx status " -"%04x nexthop %s via %s" +"%04x nexthop %s via %s pmtu %d (min %d max %d)" msgstr "" " %s op %s cipher %d digest %d maclengte %d compressie %d opties %lx status %" -"04x nexthop %s via %s" +"04x nexthop %s via %s pmtu %d (min %d max %d)" -#: src/node.c:189 +#: src/node.c:194 msgid "End of nodes." msgstr "Einde van nodes." @@ -1236,12 +1301,12 @@ msgstr " %s naar %s op %s opties %lx gewicht %d" msgid "End of edges." msgstr "Einde van edges." -#: src/graph.c:255 +#: src/graph.c:263 #, c-format msgid "Node %s (%s) became reachable" msgstr "Node %s (%s) werd bereikbaar" -#: src/graph.c:258 +#: src/graph.c:266 #, c-format msgid "Node %s (%s) became unreachable" msgstr "Node %s (%s) is niet meer bereikbaar" @@ -1440,3 +1505,12 @@ msgstr "Kan interface %s niet vinden: %s" #, c-format msgid "Could not bind to %s: %s" msgstr "Kon niet aan interface `%s' binden: %s" + +#~ msgid "Restarting in %d seconds!" +#~ msgstr "Herstart in %d seconden!" + +#~ msgid "MAC address %hx:%hx:%hx:%hx:%hx:%hx expired" +#~ msgstr "MAC adres %hx:%hx:%hx:%hx:%hx:%hx verlopen" + +#~ msgid "Read too short packet" +#~ msgstr "Te kort pakket gelezen" From 8c189c2a9b77fb326ab5f27a05bf2601e16af017 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 15 Mar 2004 19:09:52 +0000 Subject: [PATCH 919/923] Even better svn-clean command. --- Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index eb800e14..072360c8 100644 --- a/Makefile.am +++ b/Makefile.am @@ -12,7 +12,7 @@ ChangeLog: cvs2cl -U cvsusers --fsf svn-clean: maintainer-clean - svn status --no-ignore | grep '^\?' | sed 's/^\? \+//g' | xargs rm -rf + svn status --no-ignore | sed -n 's/^\? \+//p' | tr '\012' '\0' | xargs -r0 rm -rf deb: dpkg-buildpackage -rfakeroot From 56aad1bb486675ff9aba31418708cc179eea0381 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 20 Mar 2004 15:28:55 +0000 Subject: [PATCH 920/923] Applied Martin Kihlgren's IdentityGenerosity patch, simplified and renamed to StrictSource. --- src/graph.c | 21 ++-------------- src/net.h | 1 + src/net_packet.c | 63 ++++++++++++++++++++++++++++++++---------------- src/net_setup.c | 2 ++ src/node.c | 22 +++++++++++++++++ src/node.h | 1 + 6 files changed, 70 insertions(+), 40 deletions(-) diff --git a/src/graph.c b/src/graph.c index 3ed1d721..3870c709 100644 --- a/src/graph.c +++ b/src/graph.c @@ -219,25 +219,8 @@ void sssp_bfs(void) e->to->via = indirect ? n->via : e->to; e->to->options = e->options; - if(sockaddrcmp(&e->to->address, &e->address)) { - node = avl_unlink(node_udp_tree, e->to); - sockaddrfree(&e->to->address); - sockaddrcpy(&e->to->address, &e->address); - - if(e->to->hostname) - free(e->to->hostname); - - e->to->hostname = sockaddr2hostname(&e->to->address); - avl_insert_node(node_udp_tree, node); - - if(e->to->options & OPTION_PMTU_DISCOVERY) { - e->to->mtuprobes = 0; - e->to->minmtu = 0; - e->to->maxmtu = MTU; - if(e->to->status.validkey) - send_mtu_probe(e->to); - } - } + if(sockaddrcmp(&e->to->address, &e->address)) + update_node_address(e->to, &e->address); node = avl_alloc_node(); node->data = e->to; diff --git a/src/net.h b/src/net.h index 5b145538..90463eb2 100644 --- a/src/net.h +++ b/src/net.h @@ -122,6 +122,7 @@ extern listen_socket_t listen_socket[MAXSOCKETS]; extern int listen_sockets; extern int keyexpires; extern int keylifetime; +extern bool strictsource; extern bool do_prune; extern bool do_purge; extern char *myport; diff --git a/src/net_packet.c b/src/net_packet.c index 255453e9..ae5a8402 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -54,6 +54,7 @@ int keylifetime = 0; int keyexpires = 0; +bool strictsource = true; EVP_CIPHER_CTX packet_ctx; static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS]; @@ -167,6 +168,25 @@ static void receive_packet(node_t *n, vpn_packet_t *packet) route(n, packet); } +static bool authenticate_udppacket(node_t *n, vpn_packet_t *inpkt) { + char hmac[EVP_MAX_MD_SIZE]; + + if(inpkt->len < sizeof(inpkt->seqno) + (myself->digest ? myself->maclength : 0)) + return false; + + /* Check the message authentication code */ + + if(myself->digest && myself->maclength) { + HMAC(myself->digest, myself->key, myself->keylength, + (char *) &inpkt->seqno, inpkt->len - myself->maclength, hmac, NULL); + + if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len - myself->maclength, myself->maclength)) + return false; + } + + return true; +} + static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { vpn_packet_t pkt1, pkt2; @@ -174,32 +194,17 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) int nextpkt = 0; vpn_packet_t *outpkt = pkt[0]; int outlen, outpad; - char hmac[EVP_MAX_MD_SIZE]; int i; cp(); - /* Check packet length */ - - if(inpkt->len < sizeof(inpkt->seqno) + myself->maclength) { - ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got too short packet from %s (%s)"), - n->name, n->hostname); + if(!authenticate_udppacket(n, inpkt)) { + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), + n->name, n->hostname); return; } - /* Check the message authentication code */ - - if(myself->digest && myself->maclength) { - inpkt->len -= myself->maclength; - HMAC(myself->digest, myself->key, myself->keylength, - (char *) &inpkt->seqno, inpkt->len, hmac, NULL); - - if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) { - ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), - n->name, n->hostname); - return; - } - } + inpkt->len -= myself->digest ? myself->maclength : 0; /* Decrypt the packet */ @@ -483,6 +488,7 @@ void handle_incoming_vpn_data(int sock) sockaddr_t from; socklen_t fromlen = sizeof(from); node_t *n; + static time_t lasttime = 0; cp(); @@ -497,10 +503,25 @@ void handle_incoming_vpn_data(int sock) n = lookup_node_udp(&from); + if(!n && !strictsource && myself->digest && myself->maclength && lasttime != now) { + avl_node_t *node; + + lasttime = now; + + for(node = node_tree->head; node; node = node->next) { + n = node->data; + + if(authenticate_udppacket(n, &pkt)) { + update_node_address(n, &from); + logger(LOG_DEBUG, _("Updated address of node %s to %s"), n->name, n->hostname); + break; + } + } + } + if(!n) { hostname = sockaddr2hostname(&from); - logger(LOG_WARNING, _("Received UDP packet from unknown source %s"), - hostname); + logger(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname); free(hostname); return; } diff --git a/src/net_setup.c b/src/net_setup.c index aa2fbfbe..502e7b20 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -343,6 +343,8 @@ bool setup_myself(void) get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames); + get_config_bool(lookup_config(config_tree, "StrictSource"), &strictsource); + /* Generate packet encryption key */ if(get_config_string diff --git a/src/node.c b/src/node.c index 35199161..79320e71 100644 --- a/src/node.c +++ b/src/node.c @@ -150,6 +150,28 @@ void node_del(node_t *n) avl_delete(node_udp_tree, n); } +void update_node_address(node_t *n, const sockaddr_t address) { + avl_node_t *node; + + node = avl_unlink(node_udp_tree, n); + sockaddrfree(&n->address); + sockaddrcpy(&n->address, &address); + + if(n->hostname) + free(n->hostname); + + n->hostname = sockaddr2hostname(&n->address); + avl_insert_node(node_udp_tree, node); + + if(n->options & OPTION_PMTU_DISCOVERY) { + n->mtuprobes = 0; + n->minmtu = 0; + n->maxmtu = MTU; + if(n->status.validkey) + send_mtu_probe(n); + } +} + node_t *lookup_node(char *name) { node_t n = {0}; diff --git a/src/node.h b/src/node.h index dd9c7a12..6dc7338b 100644 --- a/src/node.h +++ b/src/node.h @@ -90,6 +90,7 @@ extern node_t *new_node(void) __attribute__ ((__malloc__)); extern void free_node(node_t *); extern void node_add(node_t *); extern void node_del(node_t *); +extern void update_node_udpaddress(node_t *, const sockaddr_t *); extern node_t *lookup_node(char *); extern node_t *lookup_node_udp(const sockaddr_t *); extern void dump_nodes(void); From 8df22248293a8cd5e6056415b6e08740e40aa2bc Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 20 Mar 2004 15:33:07 +0000 Subject: [PATCH 921/923] Fix declaration of update_node_address(). --- src/node.c | 4 ++-- src/node.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/node.c b/src/node.c index 79320e71..a9b8858a 100644 --- a/src/node.c +++ b/src/node.c @@ -150,12 +150,12 @@ void node_del(node_t *n) avl_delete(node_udp_tree, n); } -void update_node_address(node_t *n, const sockaddr_t address) { +void update_node_address(node_t *n, const sockaddr_t *address) { avl_node_t *node; node = avl_unlink(node_udp_tree, n); sockaddrfree(&n->address); - sockaddrcpy(&n->address, &address); + sockaddrcpy(&n->address, address); if(n->hostname) free(n->hostname); diff --git a/src/node.h b/src/node.h index 6dc7338b..935b9a31 100644 --- a/src/node.h +++ b/src/node.h @@ -90,7 +90,7 @@ extern node_t *new_node(void) __attribute__ ((__malloc__)); extern void free_node(node_t *); extern void node_add(node_t *); extern void node_del(node_t *); -extern void update_node_udpaddress(node_t *, const sockaddr_t *); +extern void update_node_address(node_t *, const sockaddr_t *); extern node_t *lookup_node(char *); extern node_t *lookup_node_udp(const sockaddr_t *); extern void dump_nodes(void); From 27c304940a5dbe83fb0f655c5c43150bafed3b63 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 20 Mar 2004 15:40:26 +0000 Subject: [PATCH 922/923] Use Subversion to create ChangeLog, better svn-clean rule. --- Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 072360c8..0667a877 100644 --- a/Makefile.am +++ b/Makefile.am @@ -9,10 +9,10 @@ ACLOCAL_AMFLAGS = -I m4 EXTRA_DIST = config.rpath mkinstalldirs system.h COPYING.README depcomp ChangeLog: - cvs2cl -U cvsusers --fsf + svn log > ChangeLog svn-clean: maintainer-clean - svn status --no-ignore | sed -n 's/^\? \+//p' | tr '\012' '\0' | xargs -r0 rm -rf + svn status --no-ignore | sed -n 's/^[?I] \+//p' | tr '\012' '\0' | xargs -r0 rm -rf deb: dpkg-buildpackage -rfakeroot From af86a3226ea42375644b3f99c182c778d327de1e Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 20 Mar 2004 22:23:42 +0000 Subject: [PATCH 923/923] Revert Martin Kihlgren's patch, it doesn't work the way it should. --- src/graph.c | 21 ++++++++++++++-- src/net.h | 1 - src/net_packet.c | 63 ++++++++++++++++-------------------------------- src/net_setup.c | 2 -- src/node.c | 22 ----------------- src/node.h | 1 - 6 files changed, 40 insertions(+), 70 deletions(-) diff --git a/src/graph.c b/src/graph.c index 3870c709..3ed1d721 100644 --- a/src/graph.c +++ b/src/graph.c @@ -219,8 +219,25 @@ void sssp_bfs(void) e->to->via = indirect ? n->via : e->to; e->to->options = e->options; - if(sockaddrcmp(&e->to->address, &e->address)) - update_node_address(e->to, &e->address); + if(sockaddrcmp(&e->to->address, &e->address)) { + node = avl_unlink(node_udp_tree, e->to); + sockaddrfree(&e->to->address); + sockaddrcpy(&e->to->address, &e->address); + + if(e->to->hostname) + free(e->to->hostname); + + e->to->hostname = sockaddr2hostname(&e->to->address); + avl_insert_node(node_udp_tree, node); + + if(e->to->options & OPTION_PMTU_DISCOVERY) { + e->to->mtuprobes = 0; + e->to->minmtu = 0; + e->to->maxmtu = MTU; + if(e->to->status.validkey) + send_mtu_probe(e->to); + } + } node = avl_alloc_node(); node->data = e->to; diff --git a/src/net.h b/src/net.h index 90463eb2..5b145538 100644 --- a/src/net.h +++ b/src/net.h @@ -122,7 +122,6 @@ extern listen_socket_t listen_socket[MAXSOCKETS]; extern int listen_sockets; extern int keyexpires; extern int keylifetime; -extern bool strictsource; extern bool do_prune; extern bool do_purge; extern char *myport; diff --git a/src/net_packet.c b/src/net_packet.c index ae5a8402..255453e9 100644 --- a/src/net_packet.c +++ b/src/net_packet.c @@ -54,7 +54,6 @@ int keylifetime = 0; int keyexpires = 0; -bool strictsource = true; EVP_CIPHER_CTX packet_ctx; static char lzo_wrkmem[LZO1X_999_MEM_COMPRESS > LZO1X_1_MEM_COMPRESS ? LZO1X_999_MEM_COMPRESS : LZO1X_1_MEM_COMPRESS]; @@ -168,25 +167,6 @@ static void receive_packet(node_t *n, vpn_packet_t *packet) route(n, packet); } -static bool authenticate_udppacket(node_t *n, vpn_packet_t *inpkt) { - char hmac[EVP_MAX_MD_SIZE]; - - if(inpkt->len < sizeof(inpkt->seqno) + (myself->digest ? myself->maclength : 0)) - return false; - - /* Check the message authentication code */ - - if(myself->digest && myself->maclength) { - HMAC(myself->digest, myself->key, myself->keylength, - (char *) &inpkt->seqno, inpkt->len - myself->maclength, hmac, NULL); - - if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len - myself->maclength, myself->maclength)) - return false; - } - - return true; -} - static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) { vpn_packet_t pkt1, pkt2; @@ -194,17 +174,32 @@ static void receive_udppacket(node_t *n, vpn_packet_t *inpkt) int nextpkt = 0; vpn_packet_t *outpkt = pkt[0]; int outlen, outpad; + char hmac[EVP_MAX_MD_SIZE]; int i; cp(); - if(!authenticate_udppacket(n, inpkt)) { - ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), - n->name, n->hostname); + /* Check packet length */ + + if(inpkt->len < sizeof(inpkt->seqno) + myself->maclength) { + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got too short packet from %s (%s)"), + n->name, n->hostname); return; } - inpkt->len -= myself->digest ? myself->maclength : 0; + /* Check the message authentication code */ + + if(myself->digest && myself->maclength) { + inpkt->len -= myself->maclength; + HMAC(myself->digest, myself->key, myself->keylength, + (char *) &inpkt->seqno, inpkt->len, hmac, NULL); + + if(memcmp(hmac, (char *) &inpkt->seqno + inpkt->len, myself->maclength)) { + ifdebug(TRAFFIC) logger(LOG_DEBUG, _("Got unauthenticated packet from %s (%s)"), + n->name, n->hostname); + return; + } + } /* Decrypt the packet */ @@ -488,7 +483,6 @@ void handle_incoming_vpn_data(int sock) sockaddr_t from; socklen_t fromlen = sizeof(from); node_t *n; - static time_t lasttime = 0; cp(); @@ -503,25 +497,10 @@ void handle_incoming_vpn_data(int sock) n = lookup_node_udp(&from); - if(!n && !strictsource && myself->digest && myself->maclength && lasttime != now) { - avl_node_t *node; - - lasttime = now; - - for(node = node_tree->head; node; node = node->next) { - n = node->data; - - if(authenticate_udppacket(n, &pkt)) { - update_node_address(n, &from); - logger(LOG_DEBUG, _("Updated address of node %s to %s"), n->name, n->hostname); - break; - } - } - } - if(!n) { hostname = sockaddr2hostname(&from); - logger(LOG_WARNING, _("Received UDP packet from unknown source %s"), hostname); + logger(LOG_WARNING, _("Received UDP packet from unknown source %s"), + hostname); free(hostname); return; } diff --git a/src/net_setup.c b/src/net_setup.c index 502e7b20..aa2fbfbe 100644 --- a/src/net_setup.c +++ b/src/net_setup.c @@ -343,8 +343,6 @@ bool setup_myself(void) get_config_bool(lookup_config(config_tree, "Hostnames"), &hostnames); - get_config_bool(lookup_config(config_tree, "StrictSource"), &strictsource); - /* Generate packet encryption key */ if(get_config_string diff --git a/src/node.c b/src/node.c index a9b8858a..35199161 100644 --- a/src/node.c +++ b/src/node.c @@ -150,28 +150,6 @@ void node_del(node_t *n) avl_delete(node_udp_tree, n); } -void update_node_address(node_t *n, const sockaddr_t *address) { - avl_node_t *node; - - node = avl_unlink(node_udp_tree, n); - sockaddrfree(&n->address); - sockaddrcpy(&n->address, address); - - if(n->hostname) - free(n->hostname); - - n->hostname = sockaddr2hostname(&n->address); - avl_insert_node(node_udp_tree, node); - - if(n->options & OPTION_PMTU_DISCOVERY) { - n->mtuprobes = 0; - n->minmtu = 0; - n->maxmtu = MTU; - if(n->status.validkey) - send_mtu_probe(n); - } -} - node_t *lookup_node(char *name) { node_t n = {0}; diff --git a/src/node.h b/src/node.h index 935b9a31..dd9c7a12 100644 --- a/src/node.h +++ b/src/node.h @@ -90,7 +90,6 @@ extern node_t *new_node(void) __attribute__ ((__malloc__)); extern void free_node(node_t *); extern void node_add(node_t *); extern void node_del(node_t *); -extern void update_node_address(node_t *, const sockaddr_t *); extern node_t *lookup_node(char *); extern node_t *lookup_node_udp(const sockaddr_t *); extern void dump_nodes(void);